45 lines
1.6 KiB
YAML
Executable File
45 lines
1.6 KiB
YAML
Executable File
#!/usr/bin/env ansible-playbook
|
|
# vim:ft=ansible:
|
|
---
|
|
- hosts: tags_nagios
|
|
gather_facts: no
|
|
roles:
|
|
- role: git
|
|
vars:
|
|
git_repos:
|
|
- repo: https://git.desu.ltd/salt/monitoring-scripts
|
|
dest: /usr/local/bin/monitoring-scripts
|
|
tags: [ nagios, git ]
|
|
tasks:
|
|
- name: assure nagios plugin packages
|
|
ansible.builtin.apt: name=monitoring-plugins,nagios-plugins-contrib
|
|
tags: [ nagios ]
|
|
- name: assure nagios user
|
|
ansible.builtin.user: name=nagios-checker state=present system=yes
|
|
tags: [ nagios ]
|
|
- name: assure nagios user ssh key
|
|
authorized_key:
|
|
user: nagios-checker
|
|
state: present
|
|
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNavw28C0mKIQVRLQDW2aoovliU1XCGaenDhIMwumK/ Nagios monitoring"
|
|
tags: [ nagios ]
|
|
- name: assure nagios user sudo rule file
|
|
ansible.builtin.file: path=/etc/sudoers.d/50-nagios-checker mode=0750 owner=root group=root state=touch modification_time=preserve access_time=preserve
|
|
tags: [ nagios, sudo ]
|
|
- name: assure nagios user sudo rules
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/sudoers.d/50-nagios-checker
|
|
line: "nagios-checker ALL = (root) NOPASSWD: {{ item }}"
|
|
with_items:
|
|
- /usr/lib/nagios/plugins/check_disk
|
|
- /usr/local/bin/monitoring-scripts/check_docker
|
|
- /usr/local/bin/monitoring-scripts/check_temp
|
|
tags: [ nagios, sudo ]
|
|
- hosts: all
|
|
gather_facts: no
|
|
tasks:
|
|
- name: disable nagios user when not tagged
|
|
ansible.builtin.user: name=nagios-checker state=absent remove=yes
|
|
when: "'tags_nagios' not in group_names"
|
|
tags: [ nagios ]
|