setup snmpd

2022-03-11 14:06:05 +01:00
parent 2ff81b17ea
commit 3bd4f46ceb
6 changed files with 88 additions and 8 deletions
--- a/roles/nameserver/tasks/configure_snmpd.yml
+++ b/roles/nameserver/tasks/configure_snmpd.yml
@@ -40,5 +40,5 @@
    path: "/etc/snmp/snmpd.conf"
    state: present
    line: "extend bind /etc/snmp/bind"
-    insertafter: "^syslocation.*$"
+    insertafter: "# SECTION: Extends"
  notify: restart_snmpd
--- a/roles/server/tasks/utilities/snmpd.yml
+++ b/roles/server/tasks/utilities/snmpd.yml
@@ -1,4 +1,38 @@
+- include_vars: snmp_users.yml
+
 - name: server | snmpd | install package
  package:
    name: "{{ snmpd_package }}"
-    state: present
+    state: present
+
+- name: server | snmpd | insert anchors to snmpd.conf
+  blockinfile:
+    path: "/etc/snmp/snmpd.conf"
+    marker: "# {mark} ANSIBLE MANAGED BLOCK" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs.
+    block: |
+      ################################################################################
+      # SECTION: {{ item }}
+  loop:
+    - ACLs
+    - Extends
+
+- name: server | snmpd | stop service
+  service:
+    name: "snmpd"
+    state: stopped
+
+- name: server | snmpd | setup monitoring user SNMPv3
+  lineinfile:
+    path: "{{ snmpd_user_file }}"
+    line: "createuser {{ snmp_user }} {{ snmp_auth_proto }} {{ snmp_auth_pass }} {{ snmp_priv_proto }} {{ snmp_priv_pass }}"
+
+- name: server | snmpd | setup ACLs
+  lineinfile:
+    path: "/etc/snmp/snmpd.conf" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
+    line: "rouser {{snmp_user }} authpriv -V systemonly"
+    insertafter: "# SECTION: ACLs"
+
+- name: server | snmpd start service
+  service:
+    name: "snmpd"
+    state: started
--- a/roles/server/vars/snmp_users.yml
+++ b/roles/server/vars/snmp_users.yml
@@ -1,5 +1,11 @@
-snmp_user: monitoring
-snmp_auth_proto: SHA
-snmp_priv_proto: AES
-snmp_auth_pass: monitoring
-snmp_priv_pass: monitoring
+$ANSIBLE_VAULT;1.1;AES256
+31303532326531323738633661646339316639306435333333386438613035626134373835626234
+3633393864646561663630663038366239656539656639380a356134363664616334653037303436
+65306661353865633432323763633133353364393138656638626265386339336166366630663066
+3034326233623262320a336131613839343034373632656538636635613665326335633034656231
+39616662623064643233626661303063613432653062613561303337303163343866313932343732
+64386332373430656362646431366332333466396465306362623437623966663032303236613864
+31633338666635633132386264666339643639393838323730336333323933663061373965393237
+36656539326466353634633531333132313237306137636234383339633963326537323463386638
+66393231313331653838613734653134373965653563326562306534316266623766316433633366
+3965336266376365613235656337386463663766326530626265
--- a/roles/webserver/files/nginx_localhost
+++ b/roles/webserver/files/nginx_localhost
@@ -0,0 +1,11 @@
+server {
+        listen 80;
+        server_name localhost;
+        location /nginx-status {
+                stub_status on;
+                access_log  off;
+                allow 127.0.0.1;
+                allow ::1;
+                deny  all;
+        }
+}
--- a/roles/webserver/tasks/configure_nginx_snmpd.yml
+++ b/roles/webserver/tasks/configure_nginx_snmpd.yml
@@ -0,0 +1,15 @@
+- name: webserver | snmpd | get script
+  get_url:
+    url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/nginx"
+    dest: "/etc/snmp/nginx"
+    mode: "0755"
+    owner: "root"
+    group: "root"
+
+- name: webserver | snmpd | configure extend
+  lineinfile:
+    path: "/etc/snmp/snmpd.conf"
+    state: present
+    line: "extend bind /etc/snmp/nginx"
+    insertafter: "# SECTION: Extends"
+  notify: restart_snmpd
--- a/roles/webserver/tasks/install_nginx.yml
+++ b/roles/webserver/tasks/install_nginx.yml
@@ -1,4 +1,18 @@
 - name: webserver | nginx | installing nginx
  package:
    name: "{{ nginx_package }}"
-    state: latest
+    state: latest
+
+- name: webserver | nginx | setup localhost for statistics
+  copy:
+    src: "nginx_localhost"
+    dest: "/etc/nginx/sites-available/localhost"
+
+- name: webserver | nginx | link sites-available to sites-enabled for localhost
+  file:
+    path: "/etc/nginx/sites-enabled/localhost"
+    state: link
+    src: "/etc/nginx/sites-available/localhost"
+  notify: restart_nginx
+
+- include_tasks: configure_nginx_snmpd.yml