From 3bd4f46ceb3285cda6f327c4f7e42396e90afaf6 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 11 Mar 2022 14:06:05 +0100 Subject: [PATCH] setup snmpd --- roles/nameserver/tasks/configure_snmpd.yml | 2 +- roles/server/tasks/utilities/snmpd.yml | 36 ++++++++++++++++++- roles/server/vars/snmp_users.yml | 16 ++++++--- roles/webserver/files/nginx_localhost | 11 ++++++ .../webserver/tasks/configure_nginx_snmpd.yml | 15 ++++++++ roles/webserver/tasks/install_nginx.yml | 16 ++++++++- 6 files changed, 88 insertions(+), 8 deletions(-) create mode 100644 roles/webserver/files/nginx_localhost create mode 100644 roles/webserver/tasks/configure_nginx_snmpd.yml diff --git a/roles/nameserver/tasks/configure_snmpd.yml b/roles/nameserver/tasks/configure_snmpd.yml index 44a21cc..7c7587c 100644 --- a/roles/nameserver/tasks/configure_snmpd.yml +++ b/roles/nameserver/tasks/configure_snmpd.yml @@ -40,5 +40,5 @@ path: "/etc/snmp/snmpd.conf" state: present line: "extend bind /etc/snmp/bind" - insertafter: "^syslocation.*$" + insertafter: "# SECTION: Extends" notify: restart_snmpd \ No newline at end of file diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index 7c04b14..eb192db 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -1,4 +1,38 @@ +- include_vars: snmp_users.yml + - name: server | snmpd | install package package: name: "{{ snmpd_package }}" - state: present \ No newline at end of file + state: present + +- name: server | snmpd | insert anchors to snmpd.conf + blockinfile: + path: "/etc/snmp/snmpd.conf" + marker: "# {mark} ANSIBLE MANAGED BLOCK" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs. + block: | + ################################################################################ + # SECTION: {{ item }} + loop: + - ACLs + - Extends + +- name: server | snmpd | stop service + service: + name: "snmpd" + state: stopped + +- name: server | snmpd | setup monitoring user SNMPv3 + lineinfile: + path: "{{ snmpd_user_file }}" + line: "createuser {{ snmp_user }} {{ snmp_auth_proto }} {{ snmp_auth_pass }} {{ snmp_priv_proto }} {{ snmp_priv_pass }}" + +- name: server | snmpd | setup ACLs + lineinfile: + path: "/etc/snmp/snmpd.conf" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). + line: "rouser {{snmp_user }} authpriv -V systemonly" + insertafter: "# SECTION: ACLs" + +- name: server | snmpd start service + service: + name: "snmpd" + state: started \ No newline at end of file diff --git a/roles/server/vars/snmp_users.yml b/roles/server/vars/snmp_users.yml index 41e5b78..768171a 100644 --- a/roles/server/vars/snmp_users.yml +++ b/roles/server/vars/snmp_users.yml @@ -1,5 +1,11 @@ -snmp_user: monitoring -snmp_auth_proto: SHA -snmp_priv_proto: AES -snmp_auth_pass: monitoring -snmp_priv_pass: monitoring \ No newline at end of file +$ANSIBLE_VAULT;1.1;AES256 +31303532326531323738633661646339316639306435333333386438613035626134373835626234 +3633393864646561663630663038366239656539656639380a356134363664616334653037303436 +65306661353865633432323763633133353364393138656638626265386339336166366630663066 +3034326233623262320a336131613839343034373632656538636635613665326335633034656231 +39616662623064643233626661303063613432653062613561303337303163343866313932343732 +64386332373430656362646431366332333466396465306362623437623966663032303236613864 +31633338666635633132386264666339643639393838323730336333323933663061373965393237 +36656539326466353634633531333132313237306137636234383339633963326537323463386638 +66393231313331653838613734653134373965653563326562306534316266623766316433633366 +3965336266376365613235656337386463663766326530626265 diff --git a/roles/webserver/files/nginx_localhost b/roles/webserver/files/nginx_localhost new file mode 100644 index 0000000..985ecbb --- /dev/null +++ b/roles/webserver/files/nginx_localhost @@ -0,0 +1,11 @@ +server { + listen 80; + server_name localhost; + location /nginx-status { + stub_status on; + access_log off; + allow 127.0.0.1; + allow ::1; + deny all; + } +} \ No newline at end of file diff --git a/roles/webserver/tasks/configure_nginx_snmpd.yml b/roles/webserver/tasks/configure_nginx_snmpd.yml new file mode 100644 index 0000000..f2130f5 --- /dev/null +++ b/roles/webserver/tasks/configure_nginx_snmpd.yml @@ -0,0 +1,15 @@ +- name: webserver | snmpd | get script + get_url: + url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/nginx" + dest: "/etc/snmp/nginx" + mode: "0755" + owner: "root" + group: "root" + +- name: webserver | snmpd | configure extend + lineinfile: + path: "/etc/snmp/snmpd.conf" + state: present + line: "extend bind /etc/snmp/nginx" + insertafter: "# SECTION: Extends" + notify: restart_snmpd \ No newline at end of file diff --git a/roles/webserver/tasks/install_nginx.yml b/roles/webserver/tasks/install_nginx.yml index 9edbe79..471edcd 100644 --- a/roles/webserver/tasks/install_nginx.yml +++ b/roles/webserver/tasks/install_nginx.yml @@ -1,4 +1,18 @@ - name: webserver | nginx | installing nginx package: name: "{{ nginx_package }}" - state: latest \ No newline at end of file + state: latest + +- name: webserver | nginx | setup localhost for statistics + copy: + src: "nginx_localhost" + dest: "/etc/nginx/sites-available/localhost" + +- name: webserver | nginx | link sites-available to sites-enabled for localhost + file: + path: "/etc/nginx/sites-enabled/localhost" + state: link + src: "/etc/nginx/sites-available/localhost" + notify: restart_nginx + +- include_tasks: configure_nginx_snmpd.yml \ No newline at end of file