From da432c0dccb0dd213dc2ec495c3adf8676a03d2b Mon Sep 17 00:00:00 2001 From: Salt Date: Sun, 8 Aug 2021 14:46:58 -0500 Subject: [PATCH] Make our Nagios SNMP user, apply some changes to its container, and spin up some barebones checks --- playbooks/snmp.yml | 12 +++++++++++- playbooks/tasks/web/nagios-hosts.cfg.j2 | 10 +++++++++- playbooks/tasks/web/nagios.yml | 10 ++++------ 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/playbooks/snmp.yml b/playbooks/snmp.yml index 95baa26..1ec223f 100755 --- a/playbooks/snmp.yml +++ b/playbooks/snmp.yml @@ -3,9 +3,19 @@ --- - hosts: tags_snmp roles: - - role: snmp + - role: snmpd vars: snmpd_internal_user: username: "{{ secret_snmp_internal_username }}" password: "{{ secret_snmp_internal_password }}" + auth_protocol: SHA + snmpd_users: + - username: "{{ secret_snmp_rouser_username }}" + password: "{{ secret_snmp_rouser_password }}" + type: rouser + auth_protocol: SHA + privacy_passphrase: "{{ secret_snmp_rouser_privacy_passphrase }}" + privacy_protocol: AES + snmpd_disks_include_all: yes + snmpd_disks_include_all_threshold_minpercent: "10%" tags: [ snmp ] diff --git a/playbooks/tasks/web/nagios-hosts.cfg.j2 b/playbooks/tasks/web/nagios-hosts.cfg.j2 index 9ddcaec..b6d8b0e 100644 --- a/playbooks/tasks/web/nagios-hosts.cfg.j2 +++ b/playbooks/tasks/web/nagios-hosts.cfg.j2 @@ -52,7 +52,7 @@ define service { # Commands # Ain't nobody here but us chickens... -# Services +# Services for all hosts define service { use ansible-generic-service service_description HTTP @@ -66,6 +66,14 @@ define service { hostgroup_name nagios-checkhttp } +# Services for SNMP-capable hosts +define service { + use ansible-generic-service + service_description SNMP Check Hostname + check_command check_snmp!-P 3 -a SHA -x AES -o 1.3.6.1.2.1.1.1.0 -U {{ secret_snmp_rouser_username }} -A {{ secret_snmp_rouser_password }} -X {{ secret_snmp_rouser_privacy_passphrase }} -s $HOSTNAME$ -L authPriv + hostgroup_name snmp +} + # Manually-defined services for hosts # web1.desu.ltd {% for site in ["9iron.club","desu.ltd","nc.desu.ltd","git.desu.ltd"] %} diff --git a/playbooks/tasks/web/nagios.yml b/playbooks/tasks/web/nagios.yml index 133507d..6b5ffda 100644 --- a/playbooks/tasks/web/nagios.yml +++ b/playbooks/tasks/web/nagios.yml @@ -2,9 +2,6 @@ - name: assure data directory for nagios file: path=/data/nagios state=directory mode=0755 tags: [ nagios ] -- name: assure ssmtp.conf file for nagios - file: path=/data/nagios/ssmtp.conf state=file mode=0640 - tags: [ nagios ] - name: template out config for nagios template: src=nagios-hosts.cfg.j2 dest=/data/nagios/etc/objects/ansible.cfg owner=root group=root mode=0644 register: config @@ -15,11 +12,11 @@ - name: docker deploy nagios docker_container: name: nagios - image: manios/nagios + image: jasonrivers/nagios env: NAGIOSADMIN_USER: admin NAGIOSADMIN_PASS: "{{ secret_nagios_admin_pass }}" - TZ: "America/Chicago" + NAGIOS_TIMEZONE: "America/Chicago" networks: - name: web aliases: [ "nagios" ] @@ -27,7 +24,8 @@ - /data/nagios/etc:/opt/nagios/etc - /data/nagios/var:/opt/nagios/var - /data/nagios/plugins:/opt/Custom-Nagios-Plugins - - /data/nagios/ssmtp.conf:/etc/ssmtp/ssmtp.conf + - /data/nagios/nagiosgraph/var:/opt/nagiosgraph/var + - /data/nagios/nagiosgraph/etc:/opt/nagiosgraph/etc tags: [ docker, nagios ] - name: restart nagios docker_container: name=nagios state=started restart=yes