:white_check_mark: Ansible playbook for setting up the Nagios monitoring system and clients.
Home Page: https://hobo.house/2016/06/24/automate-nagios-deployment-with-ansible/
License: Apache License 2.0
I noticed some issues using this with Amazon EC2 when a non-root user is initially controlling systems, but that user can sudo.
We should wrap everything with become: true it has no ill effect and helps these cases.
There is a need for having separate elasticsearch and elkserver templates, if you're using the ELK ansible playbook you'll have an all-in-one ELK with different monitoring requirements.
Also you'll need to append the kibana username/password for check_http
If you're using a modular ELK deployment (multiple ES instances, perhaps separate kibana and several master nodes) you'll only care about monitoring elasticsearch.
After implementing idrac checks across ~200+ servers there seems to be some scalability problems. SNMP queries take on average of 60-100seconds to return at times, even with increasing the service_check_timeout and other parameters some checks still seem time out.
We probably need to split out checks into individual queries per component, possibly removing ones that aren't that useful versus how long they take to return.
We need a way to query all details of server health (cpu, disk, memory, power, temp, pdu, fan speed etc) without using NRPE. There's a way to do this with snmp and the Dell MiB files.
@dangmocrang has a good foundation for this here.
@sadsfae
I am getting error in my all the server even have proper hostname.
connect to address 132.134.52.36 and port 22: No route to host
nagios_host_monitor_swap: false doesn't really work because we still copy a generic services.cfg into /etc/nagios/. This needs to be a jinja2 template.
Your System Details
Describe the bug
I tried to install this playground, using the reader me instruction but when I run the command ansible-playbook -i hosts install/nagios.yml I get the error; fatal: [host-01]: UNREACHABLE!
I have tried using
[nagios]
host-01
[nagios]
demo
[nagios]
159.x.x.247
To Reproduce / What were you doing?
Steps to reproduce the behavior:
git clone https://github.com/sadsfae/ansible-nagios
cd ansible-nagios
sed -i 's/host-01/159.x.x.247/' hosts
time ansible-playbook -i hosts install/nagios.yml
Now that the Ansible firewall landscape has matured a bit it'd be nice to modernize the firewall code.
https://docs.ansible.com/ansible/latest/modules/firewalld_module.html
Probably, we can remove iptables-services support.
Some firewall variables are not fully dynamic, example here:
https://github.com/sadsfae/ansible-nagios/blob/master/install/roles/nagios/tasks/main.yml#L223
we use the [oobserver] inventory group for things like generic out-of-band and PDUs but we need a configurable option to support the check_http Nagios Plugin with authentication. This should be turned off by default and can be configured in install/group_vars/all.yml
On the heels of #44 we might as well also add support for FreeBSD Nagios clients.
fatal: [hostname]: FAILED! => {"changed": true, "cmd": ["systemctl", "restart", "nagios.service"], "delta": "0:00:00.037135", "end": "2017-01-28 17:05:23.980575", "failed": true, "rc": 1, "start": "2017-01-28 17:05:23.943440", "stderr": "Job for nagios.service failed because the control process exited with error code. See "systemctl status nagios.service" and "journalctl -xe" for details.", "stdout": "", "stdout_lines": [], "warnings": []}
-- The result is failed.
Jan 28 17:05:23 li849-175.members.linode.com systemd[1]: Unit nagios.service entered failed state.
Jan 28 17:05:23 li849-175.members.linode.com systemd[1]: nagios.service failed.
I am looking to use this playbook/role on a Debian machine, so it would be nice if it had that compatibility
This is an RFE to support FreeNAS clients for NRPE / client checks.
Your System Details
rpm -qa | grep ansible):cat /etc/redhat-release)Describe the bug
failed: [localhost] (item=servers.cfg) => {"ansible_loop_var": "item", "changed": false, "item": "servers.cfg", "msg": "AnsibleUndefinedVariable: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_os_family'"}
To Reproduce / What were you Doing?
Steps to reproduce the behavior:
Expected Behavior
A clear and concise description of what you expected to happen.
Logs / Screenshots
If applicable, add logs or screenshots to help explain your problem.
Additional Details
Add any other context or details about the problem here.
Currently we require perl-IO-Tty and perl-IPC-Run packages for EL7 for SuperMicro IPMI checks regardless or not if people are using them. This wouldn't normally be an issue except they don't appear in the base RHEL7 repos, but do appear for CentOS7.
Let's make a change to have supermicro_enable_checks: be a configurable option with the default set to false.
There is an urgent need to provide monitoring support for Supermicro servers without using NRPE or agents, similar to the Dell iDRAC monitoring.
I will base this work largely on the great work of @thomas-krenn IPMI check_sensors
Can you add a bunch of hosts to the already installed nagios?
There's a need for ICMP-only monitoring, this should cover adding that functionality.
This would be useful for IoT devices, appliances or things you generally just want ICMP monitoring to see if they are online or not.
Hi. Will you be adding support for installing the Nagios client on Ubuntu and Debian systems?
Hello.
First of all, I want to say thank you for this useful playbook.
But I have a question. Why don't you split this playbook to correct separate roles?
Add a TCP/9200 check for nagios-client.
This is an RFE for adding a contact definition to be a webhook URL e.g. posting alerting information to a chat platform that supports receiving webhooks like G-Chat or Slack.
Restarting the iptables service can be dangerous if you're using conntrack. Reloading is much nicer I think..
--- a/install/roles/nagios-client/tasks/main.yml
+++ b/install/roles/nagios-client/tasks/main.yml
@@ -99,7 +99,7 @@
register: iptables_needs_restart
This is an RFE for adding a webserver SSL certificate validation check via the excellent https://github.com/matteocorti/check_ssl_cert/blob/master/check_ssl_cert
We need a jenkins server role here, probably best to use NRPE to monitor localhost:jenkinsport and make it configurable.
Just like ansible-elk let's break out the Firewall code and make it optionally configurable via ../all.yml
The check_freenas.py script returns a dictionary when it should return a more digestible format. The entire status is present but it could be cleaned up a little bit.
{u'meta': {u'previous': None, u'total_count': 1, u'offset': 0, u'limit': 20, u'next': None}, u'objects': [{u'timestamp': 1573610556, u'message': u'Pool pool0 state is DEGRADED: One or more devices could not be opened. Sufficient replicas exist for the pool to continue functioning in a degraded state.', u'id': u'A:VolumeStatus:["Pool %(volume)s state is %(state)s: %(status)s", {"state": "DEGRADED", "status": "One or more devices could not be opened. Sufficient replicas exist for the pool to continue functioning in a degraded state.", "volume": "pool0"}]', u'dismissed': False, u'level': u'CRITICAL'}]}
If you set nagios_http_port to anything other than 80 this keeps HTTPD from starting (even though we prefer HTTPS).
It's better to use handlers to only restart iptables in the firewall role so that we only bounce iptables service if a new rule is added.
I have noticed that NRPE is not always started, let's employ a service refresh. We're going to remove the nrpe_needs_restart register, though using that is the correct way to do it I've noticed that it doesn't always work.
nagios-4.2.4-2 does not properly create the /var/log/nagios/spool/checkresults directory and the following error occurs:
Feb 24 03:26:33 example.com nagios[401]: Nagios Core 4.2.4
Feb 24 03:26:33 example.com nagios[401]: Copyright (c) 2009-present Nagios Core Development Team and Community Contributors
Feb 24 03:26:33 example.com nagios[401]: Copyright (c) 1999-2009 Ethan Galstad
Feb 24 03:26:33 example.com nagios[401]: Last Modified: 12-07-2016
Feb 24 03:26:33 example.com nagios[401]: License: GPL
Feb 24 03:26:33 example.com nagios[401]: Website: https://www.nagios.org
Feb 24 03:26:33 example.com nagios[401]: Reading configuration data...
Feb 24 03:26:33 example.com nagios[401]: Error in configuration file '/etc/nagios/nagios.cfg' - Line 454 (Check result path '/var/log/nagios/spool/checkresults' is not a valid direc
Feb 24 03:26:33 shithole.hobopiss.com nagios[401]: Error processing main config file!
Great work on this project. I'm trying to get this working with a largish number of servers and running into some issues. From my understanding, for this method to work it needs to gather facts for all servers, which can take quite some time and I've been finding issues if a server can't be connected to.
Are there any good ways to speed things up or work around the fact gathering?
Hi,
I downloaded this module, but I have one query. If i add same server in multiple groups it should be run.
For eg I added one server [10.1.2.86] in [switches][webservers] [servers] Group. I am thinking that it would use the checks that we have mentioned in [switches][webservers] [servers] i.e. in Nagios My server will be like this :- 10.1.2.86 : [switches] :- All Checks
[webservers] All Checks
[servers] All Checks
How can it be done ? Can you please give any suggestion ?
Using IPMI as the only means of monitoring SuperMicro servers via out-of-band management isn't that ideal but it works. We should wrap the raw IPMI return values better to control the following false positives that occur.
Template cgi.cfg and allow an optional way for read-only users to be created.
Hi,
I am facing one issue "AnsibleUndefinedVariable: 'dict object' has no attribute 'ansible_default_ipv4''
Here you go my host file.
[nagios]
103.225.77.2
[servers]
mysql-conversions-1 ansible_host=192.168.139.74
[webservers]
api-docs ansible_host=192.168.152.188
[elkservers]
[elasticsearch]
[switches]
[oobservers]
[idrac]
{{ ansible_mounts[0]['device'] }} doesn't always extrapolate to the root disk, we'll need to set a fact to ensure this is done correctly.
This might be more of an ansible issue but this doesn't work anymore
https://github.com/sadsfae/ansible-nagios/blob/master/install/roles/nagios/tasks/main.yml#L223/
Is your feature request related to a problem? Please describe.
We need to have good mdadm raid checks.
Describe the Possible Solution
Provide ansible hostgroup entries for generic linux server and DNS server for starters to also include an option for those using mdadm raid.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional Info
Add any other info or context about the feature request here.
On many shared systems the default warning/critical user count is too low, you should make this a configurable value and probably set it higher.
Let's add a role for checking Linux/UNIX DNS servers.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.