setup snmpd
This commit is contained in:
rene
@@ -40,5 +40,5 @@
|
|||||||
path: "/etc/snmp/snmpd.conf"
|
path: "/etc/snmp/snmpd.conf"
|
||||||
state: present
|
state: present
|
||||||
line: "extend bind /etc/snmp/bind"
|
line: "extend bind /etc/snmp/bind"
|
||||||
insertafter: "^syslocation.*$"
|
insertafter: "# SECTION: Extends"
|
||||||
notify: restart_snmpd
|
notify: restart_snmpd
|
||||||
@@ -1,4 +1,38 @@
|
|||||||
|
- include_vars: snmp_users.yml
|
||||||
|
|
||||||
- name: server | snmpd | install package
|
- name: server | snmpd | install package
|
||||||
package:
|
package:
|
||||||
name: "{{ snmpd_package }}"
|
name: "{{ snmpd_package }}"
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: server | snmpd | insert anchors to snmpd.conf
|
||||||
|
blockinfile:
|
||||||
|
path: "/etc/snmp/snmpd.conf"
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs.
|
||||||
|
block: |
|
||||||
|
################################################################################
|
||||||
|
# SECTION: {{ item }}
|
||||||
|
loop:
|
||||||
|
- ACLs
|
||||||
|
- Extends
|
||||||
|
|
||||||
|
- name: server | snmpd | stop service
|
||||||
|
service:
|
||||||
|
name: "snmpd"
|
||||||
|
state: stopped
|
||||||
|
|
||||||
|
- name: server | snmpd | setup monitoring user SNMPv3
|
||||||
|
lineinfile:
|
||||||
|
path: "{{ snmpd_user_file }}"
|
||||||
|
line: "createuser {{ snmp_user }} {{ snmp_auth_proto }} {{ snmp_auth_pass }} {{ snmp_priv_proto }} {{ snmp_priv_pass }}"
|
||||||
|
|
||||||
|
- name: server | snmpd | setup ACLs
|
||||||
|
lineinfile:
|
||||||
|
path: "/etc/snmp/snmpd.conf" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
|
||||||
|
line: "rouser {{snmp_user }} authpriv -V systemonly"
|
||||||
|
insertafter: "# SECTION: ACLs"
|
||||||
|
|
||||||
|
- name: server | snmpd start service
|
||||||
|
service:
|
||||||
|
name: "snmpd"
|
||||||
|
state: started
|
||||||
@@ -1,5 +1,11 @@
|
|||||||
snmp_user: monitoring
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
snmp_auth_proto: SHA
|
31303532326531323738633661646339316639306435333333386438613035626134373835626234
|
||||||
snmp_priv_proto: AES
|
3633393864646561663630663038366239656539656639380a356134363664616334653037303436
|
||||||
snmp_auth_pass: monitoring
|
65306661353865633432323763633133353364393138656638626265386339336166366630663066
|
||||||
snmp_priv_pass: monitoring
|
3034326233623262320a336131613839343034373632656538636635613665326335633034656231
|
||||||
|
39616662623064643233626661303063613432653062613561303337303163343866313932343732
|
||||||
|
64386332373430656362646431366332333466396465306362623437623966663032303236613864
|
||||||
|
31633338666635633132386264666339643639393838323730336333323933663061373965393237
|
||||||
|
36656539326466353634633531333132313237306137636234383339633963326537323463386638
|
||||||
|
66393231313331653838613734653134373965653563326562306534316266623766316433633366
|
||||||
|
3965336266376365613235656337386463663766326530626265
|
||||||
|
|||||||
11
roles/webserver/files/nginx_localhost
Normal file
11
roles/webserver/files/nginx_localhost
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name localhost;
|
||||||
|
location /nginx-status {
|
||||||
|
stub_status on;
|
||||||
|
access_log off;
|
||||||
|
allow 127.0.0.1;
|
||||||
|
allow ::1;
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
||||||
15
roles/webserver/tasks/configure_nginx_snmpd.yml
Normal file
15
roles/webserver/tasks/configure_nginx_snmpd.yml
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
- name: webserver | snmpd | get script
|
||||||
|
get_url:
|
||||||
|
url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/nginx"
|
||||||
|
dest: "/etc/snmp/nginx"
|
||||||
|
mode: "0755"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
|
||||||
|
- name: webserver | snmpd | configure extend
|
||||||
|
lineinfile:
|
||||||
|
path: "/etc/snmp/snmpd.conf"
|
||||||
|
state: present
|
||||||
|
line: "extend bind /etc/snmp/nginx"
|
||||||
|
insertafter: "# SECTION: Extends"
|
||||||
|
notify: restart_snmpd
|
||||||
@@ -1,4 +1,18 @@
|
|||||||
- name: webserver | nginx | installing nginx
|
- name: webserver | nginx | installing nginx
|
||||||
package:
|
package:
|
||||||
name: "{{ nginx_package }}"
|
name: "{{ nginx_package }}"
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
|
- name: webserver | nginx | setup localhost for statistics
|
||||||
|
copy:
|
||||||
|
src: "nginx_localhost"
|
||||||
|
dest: "/etc/nginx/sites-available/localhost"
|
||||||
|
|
||||||
|
- name: webserver | nginx | link sites-available to sites-enabled for localhost
|
||||||
|
file:
|
||||||
|
path: "/etc/nginx/sites-enabled/localhost"
|
||||||
|
state: link
|
||||||
|
src: "/etc/nginx/sites-available/localhost"
|
||||||
|
notify: restart_nginx
|
||||||
|
|
||||||
|
- include_tasks: configure_nginx_snmpd.yml
|
||||||
Reference in New Issue
Block a user