Rework some parts, changes for new Ansible versions

defaults/main.yml

@@ -7,6 +7,9 @@ monitored_group: nagios
 monitored_homedir: /var/lib/nagios
 monitored_shell: /bin/bash
 
+monitored_sudo_file: /etc/sudoers.d/monitored
+monitored_sudo_commands: []
+
 monitored_packages_install: True
 monitored_packages_predepends: []
 monitored_packages_additional: []
@@ -27,17 +30,17 @@ monitored_nrpe_command_prefix: null
 monitored_nrpe_command_timeout: 60
 monitored_nrpe_connection_timeout: 300
 
-monitored_nrpe_include_files: null
+monitored_nrpe_include_files: []
 monitored_nrpe_include_dirs:
   - nrpe.d/
   - nrpe.local.d/
+monitored_nrpe_include_owner: root
 
 monitored_nrpe_servicename: nrpe
 
-monitored_ssh_key_files:
-  - monitored.pub
+monitored_ssh_key_files: []
 monitored_ssh_key_wrapper: null
 monitored_ssh_key_wrapper_src: null
-monitored_ssh_key_wrapper_owner: "root"
+monitored_ssh_key_wrapper_owner: root
 monitored_ssh_key_wrapper_mode: "0750"
 

monitored.yml

@@ -1,5 +1,10 @@
 ---
 - hosts: all
   roles:
-          - monitored
+
+          - role: epel
+            when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
+
+          - role: monitored
+            when: monitored_dont|default(False) != True
 

tasks/main.yml

@@ -1,9 +1,9 @@
 ---
-- fail: msg="This system should not be monitored"
-  when: monitored_dont is defined
-
-- fail: msg="Neither monitored_by_(ssh|nrpe) is set"
-  when: monitored_by_nrpe == False and monitored_by_ssh == False
+- name: Sanity checks
+  assert:
+    that:
+      - monitored_dont|default(False) != True
+      - monitored_by_nrpe == True or monitored_by_nrpe_ng == True or monitored_by_ssh == True
 
 - name: Gather OS Specific Variables
   include_vars: "{{ item }}"
@@ -17,7 +17,7 @@
   package:
     name: "{{ monitored_packages_predepends }}"
     state: latest
-  when: monitored_packages_predepends
+  when: monitored_packages_predepends|default(False)
 
 - name: "INCLUDE: Create monitoring user"
   import_tasks: user.yml

tasks/nrpe.yml

@@ -1,29 +1,29 @@
 ---
 - name: Install NRPE daemon
   package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_nrpe }}"
     state: latest
-  with_items: "{{ monitored_packages_nrpe }}"
 
 - name: Install daemon config
   template:
     src: nrpe.cfg.j2
     dest: "{{ monitored_nrpe_basedir }}/nrpe.cfg"
-    owner: "{{ monitored_user }}"
+    owner: "root"
     group: "{{ monitored_group }}"
     mode: 0640
-    backup: True
+    backup: yes
 
 - name: Create snippet config dirs
   file:
     path: "{{ monitored_nrpe_basedir }}/{{ item }}"
     state: directory
-    owner: "{{ monitored_user }}"
+    owner: "{{ monitored_nrpe_include_owner }}"
     group: "{{ monitored_group }}"
     mode: 0750
-  with_items: "{{ monitored_nrpe_include_dirs }}"
+  loop: "{{ monitored_nrpe_include_dirs }}"
 
-#- include: nrpe_migrate.yml
+- name: "INCLUDE: Migrate custom NRPE files"
+  include: nrpe_migrate.yml
 
 - name: Enable NRPE
   service:
@@ -35,12 +35,9 @@
     name: "{{ monitored_nrpe_servicename }}"
     state: restarted
 
-
 - name: Instal additional packages for NRPE monitoring
   package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_additional_nrpe }}"
     state: latest
-  with_items: "{{ monitored_packages_additional_nrpe }}"
-  when: monitored_packages_additional_nrpe
-
+  when: monitored_packages_additional_nrpe|bool
 

tasks/nrpe_migrate.yml

@@ -0,0 +1,2 @@
+---
+

tasks/packages.yml

@@ -1,26 +1,20 @@
 ---
 - name: Install Monitoring-Plugins
   package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_mp }}"
     state: latest
   register: monitoringplugins
   ignore_errors: True
-  with_items: "{{ monitored_packages_mp }}"
-
 
 - name: Install Nagios-Plugins
   package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_np }}"
     state: latest
-  with_items: "{{ monitored_packages_np }}"
   when: monitoringplugins is failed
 
-
-- name: Instal additional packages
+- name: Install additional packages
   package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_additional }}"
     state: latest
-  with_items: "{{ monitored_packages_additional }}"
-  when: monitored_packages_additional
-
+  when: monitored_packages_additional|bool
 

tasks/plugins_custom.yml

@@ -1,4 +1,12 @@
 ---
+- name: Create custom plugin directory
+  file:
+    path: "{{ monitored_plugins_custom_path }}"
+    state: directory
+    owner: root
+    group: "{{ monitored_group }}"
+    mode: 0750
+
 - name: Copy custom plugins
   copy:
     src: "plugins_custom/{{ item }}"
@@ -6,6 +14,5 @@
     owner: root
     group: "{{ monitored_group }}"
     mode: 0750
-  with_items: "{{ monitored_plugins_custom }}"
-
+  loop: "{{ monitored_plugins_custom }}"
 

tasks/ssh.yml

@@ -1,35 +1,25 @@
 ---
-- name: Create dot-SSH directory for monitoring user
-  file:
-    path: "{{ monitored_homedir }}/.ssh/"
-    state: directory
-    owner: "{{ monitored_user }}"
-    group: "{{ monitored_group }}"
-    mode: 0700
-
 - name: Copy SSH authorized_keys for monitoring user
   authorized_key:
     user: "{{ monitored_user }}"
     key: "{{ lookup('file', item) }}"
-    key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}'
-  with_items: "{{ monitored_ssh_key_files }}"
+    key_options: '{{ lookup("template", "ssh-key-options.j2") }}'
+    manage_dir: yes
+  loop: "{{ monitored_ssh_key_files }}"
 
 - name: Copy SSH wrapper
   copy:
     src: "{{ monitored_ssh_key_wrapper_src }}"
     dest: "{{ monitored_ssh_key_wrapper }}"
-    owner: "{{ monitored_ssh_key_wrapper_owner }}"
+    owner: "{{ monitored_ssh_key_wrapper_owner|default('root') }}"
     group: "{{ monitored_group }}"
     mode: "{{ monitored_ssh_key_wrapper_mode }}"
     backup: yes
-  when: monitored_ssh_key_wrapper_src|default(null)
-
+  when: monitored_ssh_key_wrapper_src|default(False) and monitored_ssh_key_wrapper|default(False)
 
 - name: Instal additional packages for SSH monitoring
   package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_additional_ss }}"
     state: latest
-  with_items: "{{ monitored_packages_additional_ssh }}"
-  when: monitored_packages_additional_ssh
-
+  when: monitored_packages_additional_ssh|bool
 

tasks/user.yml

@@ -29,4 +29,3 @@
     backup: yes
   with_items: "{{ monitored_sudo_commands|default([]) }}"
 
-

templates/ssh-key-options.j2

@@ -0,0 +1 @@
+    key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}'

vars/debian.yml

@@ -1,8 +1,8 @@
 ---
 monitored_packages_mp:
-  - monitoring-plugins
+  - monitoring-plugins-basic
 monitored_packages_np:
-  - nagios-plugins
+  - nagios-plugins-basic
 
 monitored_packages_nrpe:
   - nagios-nrpe-server