Make our Nagios SNMP user, apply some changes to its container, and spin up some barebones checks

2021-08-08 14:46:58 -05:00 · 2021-08-08 14:46:58 -05:00 · da432c0dcc
commit da432c0dcc
parent a254910cdc
3 changed files with 24 additions and 8 deletions
--- a/playbooks/snmp.yml
+++ b/playbooks/snmp.yml
@ -3,9 +3,19 @@
 ---
 - hosts: tags_snmp
  roles:
-    - role: snmp
+    - role: snmpd
      vars:
        snmpd_internal_user:
          username: "{{ secret_snmp_internal_username }}"
          password: "{{ secret_snmp_internal_password }}"
+          auth_protocol: SHA
+        snmpd_users:
+          - username: "{{ secret_snmp_rouser_username }}"
+            password: "{{ secret_snmp_rouser_password }}"
+            type: rouser
+            auth_protocol: SHA
+            privacy_passphrase: "{{ secret_snmp_rouser_privacy_passphrase }}"
+            privacy_protocol: AES
+        snmpd_disks_include_all: yes
+        snmpd_disks_include_all_threshold_minpercent: "10%"
      tags: [ snmp ]
--- a/playbooks/tasks/web/nagios-hosts.cfg.j2
+++ b/playbooks/tasks/web/nagios-hosts.cfg.j2
@ -52,7 +52,7 @@ define service {
 # Commands
 # Ain't nobody here but us chickens...

-# Services
+# Services for all hosts
 define service {
 	use			ansible-generic-service
 	service_description	HTTP
@ -66,6 +66,14 @@ define service {
 	hostgroup_name		nagios-checkhttp
 }

+# Services for SNMP-capable hosts
+define service {
+	use			ansible-generic-service
+	service_description	SNMP Check Hostname
+	check_command		check_snmp!-P 3 -a SHA -x AES -o 1.3.6.1.2.1.1.1.0 -U {{ secret_snmp_rouser_username }} -A {{ secret_snmp_rouser_password }} -X {{ secret_snmp_rouser_privacy_passphrase }} -s $HOSTNAME$ -L authPriv
+	hostgroup_name		snmp
+}
+
 # Manually-defined services for hosts
 # web1.desu.ltd
 {% for site in ["9iron.club","desu.ltd","nc.desu.ltd","git.desu.ltd"] %}
--- a/playbooks/tasks/web/nagios.yml
+++ b/playbooks/tasks/web/nagios.yml
@ -2,9 +2,6 @@
 - name: assure data directory for nagios
  file: path=/data/nagios state=directory mode=0755
  tags: [ nagios ]
- name: assure ssmtp.conf file for nagios
-  file: path=/data/nagios/ssmtp.conf state=file mode=0640
-  tags: [ nagios ]
 - name: template out config for nagios
  template: src=nagios-hosts.cfg.j2 dest=/data/nagios/etc/objects/ansible.cfg owner=root group=root mode=0644
  register: config
@ -15,11 +12,11 @@
 - name: docker deploy nagios
  docker_container:
    name: nagios
-    image: manios/nagios
+    image: jasonrivers/nagios
    env:
      NAGIOSADMIN_USER: admin
      NAGIOSADMIN_PASS: "{{ secret_nagios_admin_pass }}"
-      TZ: "America/Chicago"
+      NAGIOS_TIMEZONE: "America/Chicago"
    networks:
      - name: web
        aliases: [ "nagios" ]
@ -27,7 +24,8 @@
      - /data/nagios/etc:/opt/nagios/etc
      - /data/nagios/var:/opt/nagios/var
      - /data/nagios/plugins:/opt/Custom-Nagios-Plugins
-      - /data/nagios/ssmtp.conf:/etc/ssmtp/ssmtp.conf
+      - /data/nagios/nagiosgraph/var:/opt/nagiosgraph/var
+      - /data/nagios/nagiosgraph/etc:/opt/nagiosgraph/etc
  tags: [ docker, nagios ]
 - name: restart nagios
  docker_container: name=nagios state=started restart=yes