From 75b2f310d4659571678f50617cbc9357f36682d0 Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Wed, 24 Apr 2024 09:45:53 +0100 Subject: [PATCH] UnixPB: Remove Nagios Tunnel Scripts For Improved Security (#3526) * UnixPB: Remove Nagios Tunnel Scripts For Improved Security * UnixPB: Remove Nagios tunnel from dockerhost pb --- .../AdoptOpenJDK_Unix_Playbook/dockerhost.yml | 4 - .../AdoptOpenJDK_Unix_Playbook/main.yml | 4 - .../roles/Nagios_Master_Config/tasks/main.yml | 29 -- .../roles/Nagios_Tunnel/tasks/main.yml | 76 ----- .../Nagios_Ansible_Config_tool.sh | 306 ------------------ .../Nagios_RemoteTunnel.sh | 20 -- .../Nagios_Ansible_Config_tool/README.md | 20 -- .../templates/apt.cfg | 10 - .../templates/check_mem.cfg | 6 - .../templates/check_ntp_timesync.cfg | 7 - .../templates/check_timesync.cfg | 7 - .../templates/dnf.cfg | 10 - .../templates/hostgroup_template.cfg | 5 - .../templates/mac.cfg | 10 - .../templates/pkg.cfg | 10 - .../templates/template.cfg | 45 --- .../templates/template_with_graph.cfg | 48 --- .../templates/yum.cfg | 10 - .../templates/zypper.cfg | 10 - 19 files changed, 637 deletions(-) delete mode 100644 ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Master_Config/tasks/main.yml delete mode 100644 ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Tunnel/tasks/main.yml delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/Nagios_Ansible_Config_tool.sh delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/Nagios_RemoteTunnel.sh delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/README.md delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/apt.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_mem.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_ntp_timesync.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_timesync.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/dnf.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/hostgroup_template.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/mac.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/pkg.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/template.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/template_with_graph.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/yum.cfg delete mode 100644 ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/zypper.cfg diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockerhost.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockerhost.yml index 70c7568bb6..31999b153f 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockerhost.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockerhost.yml @@ -33,10 +33,6 @@ jdk_version: 21 - role: Nagios_Plugins # AdoptOpenJDK Infrastructure tags: [nagios_plugins, adoptopenjdk] - - role: Nagios_Master_Config # AdoptOpenJDK Infrastructure - tags: [nagios_master_config, adoptopenjdk] - - role: Nagios_Tunnel # AdoptOpenJDK Infrastructure - tags: [nagios_tunnel, adoptopenjdk] - Security - Vendor - IPv6 diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml index 059989e1f4..acbe6830fd 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml @@ -131,10 +131,6 @@ tags: build_tools - role: Nagios_Plugins # AdoptOpenJDK Infrastructure tags: [nagios_plugins, adoptopenjdk] - - role: Nagios_Master_Config # AdoptOpenJDK Infrastructure - tags: [nagios_master_config, adoptopenjdk] - - role: Nagios_Tunnel # AdoptOpenJDK Infrastructure - tags: [nagios_tunnel, adoptopenjdk] - riscv_cross_compiler # For building JDK11/J9 on RISC-V architecture - Clean_Up - Security diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Master_Config/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Master_Config/tasks/main.yml deleted file mode 100644 index f0656830fe..0000000000 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Master_Config/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -######################## -# Nagios_Master_Config # -######################## -# -# Note: -# This script will enable monitoring of a Nagios client system for the following standard services: -# Current Load, Current Users, Disk Space Root Partition, PING, RAM, SSH, Total Processes, Zombie Process -# Anything beyond the standard defaults would require manual configuration. Such has adding monitoring for web sites. -# If the client system is already being monitored by Nagios it will be skipped. -# -# Requirements: -# The 'Nagios_Plugins' role must have completed successfully -# The AWX (Ansible Tower) host but have the root ssh key to access the Nagios Master -# Nagios_Monitoring: Enabled - must be set in the group_vars -# Nagios_Master_IP: x.x.x.x - must be set in the group_vars -# Script must exist on Nagios Master -# -- name: Set SSH port number to 22 if undefined in inventory.yml - set_fact: ansible_port="22" - when: - - ansible_port is not defined - -- name: SSH into the Nagios Master and excute the Nagios_Ansible_Config_tool.sh script - command: ssh -o StrictHostKeyChecking=no root@{{ Nagios_Master_IP }} "/usr/local/nagios/Nagios_Ansible_Config_tool/Nagios_Ansible_Config_tool.sh {{ ansible_distribution }} {{ ansible_architecture }} {{ inventory_hostname }} {{ ansible_host }} {{ provider }} {{ ansible_port }} " - delegate_to: localhost - when: - - Nagios_Monitoring == "Enabled" - - Nagios_Master_IP is defined diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Tunnel/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Tunnel/tasks/main.yml deleted file mode 100644 index cfe0066d25..0000000000 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Tunnel/tasks/main.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -################# -# Nagios Tunnel # -################# - -- name: Test if Nagios_RemoteTunnel.sh already exists - stat: - path: /home/nagios/Nagios_RemoteTunnel.sh - failed_when: false - register: tunnel_script_result - -- name: Place Adopt_Tunnel_User.key in nagios users ssh folder - copy: - src: /Vendor_Files/keys/Adopt_Tunnel_User.key - dest: /home/nagios/.ssh/Adopt_Tunnel_User.key - owner: nagios - group: nagios - mode: 0600 - when: - - ansible_port != "22" - - Nagios_Monitoring == "Enabled" - - Nagios_Master_IP is defined - - not tunnel_script_result.stat.exists - tags: [nagios_tunnel, adoptopenjdk] - -- name: Download Nagios_RemoteTunnel.sh script - get_url: - url: https://raw.githubusercontent.com/adoptium/infrastructure/master/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/Nagios_RemoteTunnel.sh - dest: /home/nagios/Nagios_RemoteTunnel.sh - mode: 0755 - checksum: sha256:f2bfb91818fe04ba4f4498c27b5d622f3111e5823d14df0b30a7b8ef9d4dc56f - when: - - ansible_port != "22" - - Nagios_Monitoring == "Enabled" - - Nagios_Master_IP is defined - - not tunnel_script_result.stat.exists - tags: [nagios_tunnel, adoptopenjdk] - -- name: Update Nagios_RemoteTunnel.sh - ReplaceNAGIOSMASTERADDRESS with {{ Nagios_Master_IP }} - replace: - path: /home/nagios/Nagios_RemoteTunnel.sh - regexp: 'ReplaceNAGIOSMASTERADDRESS' - replace: " {{ Nagios_Master_IP }} " - when: - - ansible_port != "22" - - Nagios_Monitoring == "Enabled" - - Nagios_Master_IP is defined - - not tunnel_script_result.stat.exists - tags: [nagios_tunnel, adoptopenjdk] - -- name: Update Nagios_RemoteTunnel.sh - ReplacePortNumber with {{ ansible_port }} - replace: - path: /home/nagios/Nagios_RemoteTunnel.sh - regexp: 'ReplacePortNumber' - replace: " {{ ansible_port }} " - when: - - ansible_port != "22" - - Nagios_Monitoring == "Enabled" - - Nagios_Master_IP is defined - - not tunnel_script_result.stat.exists - tags: [nagios_tunnel, adoptopenjdk] - -- name: Add cron job to keep reverse tunnel alive for nagios user - cron: name="Keep Nagios reverse tunnel alive" - weekday="*" - minute="*" - hour="*" - user=nagios - job="~/Nagios_RemoteTunnel.sh" - state=present - when: - - ansible_port != "22" - - Nagios_Monitoring == "Enabled" - - Nagios_Master_IP is defined - - not tunnel_script_result.stat.exists - tags: [nagios_tunnel, adoptopenjdk] diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/Nagios_Ansible_Config_tool.sh b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/Nagios_Ansible_Config_tool.sh deleted file mode 100644 index de624b38ef..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/Nagios_Ansible_Config_tool.sh +++ /dev/null @@ -1,306 +0,0 @@ -#!/bin/bash -# -######################## -# Author: Brad Blondin # -######################## -# -######################## -# General Information: # -######################## -# This script will enable monitoring of a Nagios client system for the following standard services: -# Current Load, Current Users, Disk Space Root Partition, PING, RAM, SSH, Total Processes, Zombie Process -# Anything beyond the standard defaults would require manual configuration. Such has adding monitoring for web sites. -# If the client system is already being monitored by Nagios it will be skipped. -# -################ -# Assumptions: # -################ -# This tool will be executed from the Nagios Master -# The Nagios plugins are installed on the Nagios client system -# The Nagios user and its ssh key is configured -# The Nagios client system is using an IPv4 address, for IPv6 configuration will have to be done manually -# * If the Nagios client requires a jumpbox or tunnel manual setup is required -# Nagios Server Configuration Tool expects 6 command line arguments passed to it from Ansible in the followin order: -# {{ ansible_distribution }} {{ ansible_architecture }} {{ inventory_hostname }} {{ ansible_host }} {{ provider }} {{ ansible_port }} -# -#################### -# Global Variables # -#################### -# -Time_Stamp=`date +%Y%m%d-%H%M%S` -Work_Dir=/usr/local/nagios/Nagios_Ansible_Config_tool/ -Nagios_Server_Folder=/usr/local/nagios/etc/servers/ -Template_Dir=$Work_Dir/templates -Nagios_Logo_Folder=/usr/local/nagios/share/images/logos -Nagios_Objects_folder=/usr/local/nagios/etc/objects -Hostgroups_File=$Nagios_Objects_folder/hostgroups.cfg -# -################### -# Slack Variables # -################### -SLACK_CHANNEL=`cat /usr/local/nagios/bin/slack_nagios.pl | grep "SLACK_CHANNEL=" | sed -e 's/.*="//' -e 's/"//'` -SLACK_BOTNAME="nagios" -ICON_EMOJI=":computer:" -WEBHOOK_URL=`cat /usr/local/nagios/bin/slack_nagios.pl | grep "WEBHOOK_URL=" | sed -e 's/.*="//' -e 's/".*//'` -# -######################## -# Data/Enabled Options # -######################## -# -############################### -# Test command line arguments # -############################### -# -if [[ $1 = "" ]] || [[ $2 = "" ]] || [[ $3 = "" ]] || [[ $4 = "" ]] || [[ $5 = "" ]] || [[ $6 = "" ]] ; then # Test: Ensure that 6 command line arguments have been passed - echo "Error: one or more command line arguments are missing" - echo "Expected arguments: {{ ansible_distribution }} {{ ansible_architecture }} {{ inventory_hostname }} {{ ansible_host }} {{ provider }} {{ ansible_port }} " - exit -fi -if [[ ! $4 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then # Test: Ensure the 4th command line argument is an IP Address - echo "Error: IP address was entered with an invalid format: "$Sys_IPAddress - exit -fi -# -if [ ! -f $Template_Dir/template_with_graph.cfg ] || [ ! -f $Template_Dir/template.cfg ] ; then # Test: Ensure templates exist - echo "Error: Unable to locate templates: "$Template_Dir/template_with_graph.cfg $Template_Dir/template.cfg - exit -fi -# -if ! [[ "$6" =~ ^[0-9]+$ ]] ; then # Test: Ensure {{ ansible_port }} is an integer - echo "Error: {{ ansible_port }} must be an integers" $6 - exit -fi -# -########################################################## -# Convert command line arguments to the script variables # -########################################################## -# -Distro=$1 # {{ ansible_distribution }} -Arch=$2 # {{ ansible_architecture }} -Sys_Hostname=$3 # {{ inventory_hostname }} -Sys_IPAddress=$4 # {{ ansible_host }} -Provider_Name=`echo $5 | tr '[:upper:]' '[:lower:]' | python -c "print raw_input().capitalize()"` # Convert {{ provider }} to lower case and set first char to uppercase -Client_Shortname=`echo $Sys_Hostname | sed 's/\..*//'` # Convert $Sys_Hostname to $Client_Shortname -SSH_Port_Num=$6 # {{ ansible_port }} -# -################################# -# Test if client already exists # -################################# -# -Client_Check=`ls $Nagios_Server_Folder | grep $Client_Shortname` -if [[ ! $Client_Check = "" ]] ; then # Test: If the client is already being monitored by Nagios skip - echo "The Nagios client" $Sys_Hostname "is already being monitored by Nagios... Skipping." - exit -fi -# -############################ -# Enabled Standard Options # -############################ -# This code is here to provide manually override options if you environment differs -Sys_Checkmem="yes" -Sys_Graphs="yes" -Sys_Notifications="yes" -Sys_Alias="yes" -Sys_Alias_Info="Add by Ansible" -Sys_Icon="yes" -# -################ -# Nagios Icons # -################ -# Test: If client $Arch {{ ansible_architecture }} is aarch64 or armv7l then set the Nagios icon to "arm", else use $Distro {{ ansible_distribution }} -if [[ $Arch = "aarch64" ]] || [[ $Arch = "armv7l" ]] ; then - Sys_Icon_Picked=arm -elif [[ $Distro = "MacOSX" ]] ; then - Sys_Icon_Picked="apple" -else - Sys_Icon_Picked=$Distro -fi - -if [ ! -f $Nagios_Logo_Folder/$Sys_Icon_Picked.gd2 ] ; then # If there is no matching icon in Nagios's logo folder default to nagios.gd2 - echo "Logo icon was not found" $Sys_Icon_Picked "Defaulting to nagios icon" - Sys_Icon_Picked=nagios.gd2 -fi -############################# -# Distro Specific Templates # -############################# -# Detect the right package manager to monitor and which script to check the network timesync -Sys_OS="yes" -case "$Distro" in - Ubuntu|Debian) - Sys_OS_pkg_Template=$Template_Dir/apt.cfg - Sys_OS_timesync_Template=$Template_Dir/check_timesync.cfg ;; - RedHat|CentOS) - Sys_OS_pkg_Template=$Template_Dir/yum.cfg - Sys_OS_timesync_Template=$Template_Dir/check_ntp_timesync.cfg ;; - SLES) - Sys_OS_pkg_Template=$Template_Dir/zypper.cfg - Sys_OS_timesync_Template=$Template_Dir/check_timesync.cfg;; - FreeBSD|freebsd) - Sys_OS_pkg_Template=$Template_Dir/pkg.cfg ;; - *) - echo "Error: Unable to select package manager. Thus it will not be monitored" ;; -esac -# -##################### -# Debug Information # -##################### -# -echo -e "\n\n##################################################" -echo "Hostname: "$Client_Shortname -echo "IP Address: "$Sys_IPAddress -echo "SSH Port Number: "$SSH_Port_Num -echo "Enable check_mem: "$Sys_Checkmem -echo "Enable Nagios Graphs: "$Sys_Graphs -echo "Enable Icons: "$Sys_Icon $Sys_Icon_Picked -echo "Enable Notifications: "$Sys_Notifications -echo "Add Description Info: "$Sys_Alias $Sys_Alias_Info -echo "Operating System patches "$Sys_OS $Sys_OS_pkg_Template -echo "OS Timesync Check: "$Sys_OS_timesync_Template -echo -e "##################################################\n" -# -######## -# Main # -######## -# -################### -# SSH Nagios test # -################### -# -# Test: Ensure an ssh connecttion can be made to Nagios client system by the Nagios user and automatically add fingerprint key -Nagios_Login=`su nagios -c "ssh -o StrictHostKeyChecking=no $Sys_IPAddress uptime"` -# -if [[ $Nagios_Login = "" ]] || [[ $Nagios_Login = "Permission denied, please try again." ]]; then - echo "ERROR: Unable to connect to client $Sys_IPAddress as the nagios user" - echo "Please ensure that the nagios user is able to ssh into the client machine using keys" - exit -fi -# -# -################### -# Create CFG file # -################### -# -cd $Work_Dir # Ensure we are in the right folder -# Template Section -if [[ $Sys_Graphs = "yes" ]]; then # Select template to use, with or without mouse over graphs - config_template=$Template_Dir/template_with_graph.cfg -else - config_template=$Template_Dir/template.cfg -fi -cp $config_template $Client_Shortname.cfg # Create working file for new host config -# -######### -# Icons # -######### -# -if [[ $Sys_Icon = "yes" ]] ; then - # Insert icon information starting one line below notification_period - sed -i "/notification_period/a bbb icon_image ICON_NAME.png" $Client_Shortname.cfg - sed -i "/icon_image/a bbb icon_image_alt ICON_NAME" $Client_Shortname.cfg - sed -i "/icon_image_alt/a bbb statusmap_image ICON_NAME.gd2" $Client_Shortname.cfg - sed -i 's/bbb//' $Client_Shortname.cfg # Remove fake tab place holder bbb - sed -i "s/ICON_NAME/$Sys_Icon_Picked/" $Client_Shortname.cfg # Change ICON_NAME with the name of the icon picked -fi -# -if [[ $Sys_Checkmem = "yes" ]] ; then # Include check_mem service - if [[ $Sys_Graphs = "yes" ]] ; then # with graphs? - Check_Mem_TMP_File=$Template_Dir/check_mem_tmp.file.$RANDOM # Name tmp file with random number - cp $Template_Dir/check_mem.cfg $Check_Mem_TMP_File - sed -i "/check_command/a bbb action_url /nagiosgraph/cgi-bin/show.cgi?host=$HOSTNAME$&service=$SERVICEDESC$' onMouseOver='showGraphPopup(this)' onMouseOut='hideGraphPopup()' rel='/nagiosgraph/cgi-bin/showgraph.cgi?host=$HOSTNAME$&service=$SERVICEDESC$&period=hour&rrdopts=-w+450" $Check_Mem_TMP_File - sed -i 's/bbb//' $Check_Mem_TMP_File # Remove fake tab place holder bbb - cat $Check_Mem_TMP_File >> $Client_Shortname.cfg - rm $Check_Mem_TMP_File # Remove tmp file - else - cat $Template_Dir/check_mem.cfg >> $Client_Shortname.cfg - fi -fi -# -if [[ $Sys_Notifications = "yes" ]] ; then # Enable notifications - sed -i '/notifications_enabled/d' $Client_Shortname.cfg -fi -# -if [[ $Sys_OS = "yes" ]] ; then # Enable checking for Operating System patches - if [[ ! $Sys_OS_pkg_Template = "" ]] ; then # Ensure a package manager was selected $Sys_OS_pkg_Template - cat $Sys_OS_pkg_Template >> $Client_Shortname.cfg - fi - if [[ ! $Sys_OS_timesync_Template = "" ]]; then - cat $Sys_OS_timesync_Template >> $Client_Shortname.cfg - fi -fi -##################################### -# Swap vars with system information # -##################################### -# -sed -i "s/ReplaceHostName/$Client_Shortname/" $Client_Shortname.cfg # Swap out ReplaceHostName with $Client_Shortname -# -# Additional configuration for system using a tunnel connection -if [[ $SSH_Port_Num = 22 ]] ; then # Test: what port number is in use for SSH - sed -i "s/ReplaceIPAddress/$Sys_IPAddress/" $Client_Shortname.cfg # Swap out ReplaceIPAddress with $Sys_IPAddress -else - sed -i "s/ReplaceIPAddress/$Sys_IPAddress -p $SSH_Port_Num/" $Client_Shortname.cfg # Swap out ReplaceIPAddress with $Sys_IPAddress and add -p SSH_Port_Num - sed -i '/check_dummy/d' $Client_Shortname.cfg # Remove host check ping command - sed -i "/notification_period/a SYS_NOTES notes *** This host is using a Reverse SSH Tunnel on port $SSH_Port_Num ***" # Insert 'notes' after 'notification_period' and fack tab place holder SYS_NOTES - sed -i 's/SYS_NOTES//' $Client_Shortname.cfg # Remove fake tab place holder SYSTEM_NOTES -fi -# -if [[ $Sys_Alias = "yes" ]] ; then # Swap and ReplaceAliasDescription - sed -i "s/ReplaceAliasDescription/$Sys_Alias_Info/" $Client_Shortname.cfg # Insert Description provided by $Sys_Alias_info -else - sed -i 's/ReplaceAliasDescription/No information/' $Client_Shortname.cfg # Description = No Information -fi -# -# Nagios client configuration file has been created. -# -############## -# Hostgroups # -############## -# -Provider_Exists=`cat $Hostgroups_File | grep "hostgroup_name" | grep $Provider_Name` # Test if Hostgroup already exists for the Provider_Name -if [[ $Provider_Exists = "" ]] ; then - # The Provider_Name doesn't exists, Create new hostgroup from template for Provider - Hostgroup_Template_TMP_File=$Template_Dir/hostgroup_template.cfg.file.$RANDOM # Name tmp file with random number - cp $Template_Dir/hostgroup_template.cfg $Hostgroup_Template_TMP_File # Create a temp file to work with - sed -i "s/PROVIDER/$Provider_Name/" $Hostgroup_Template_TMP_File # Swap out PROVIDER in temp file - sed -i "s/ALIAS_INFO/$Provider_Name/" $Hostgroup_Template_TMP_File # Swap out ALIAS_INFO in temp file - cat $Hostgroup_Template_TMP_File >> $Hostgroups_File # Add new hostgroup provider to the hostgroups file - rm $Hostgroup_Template_TMP_File # Remove temp file - # Send slack notifications to Admins - curl -X POST --data "payload={\"channel\": \"${SLACK_CHANNEL}\", \"username\": \"${SLACK_BOTNAME}\", \"icon_emoji\": \":nagios:\", \"text\": \"${ICON_EMOJI} New Nagios hostgroup was created while running an Ansible playbook on ${Client_Shortname} Please see $Template_Dir/hostgroup_template.cfg \"}" ${WEBHOOK_URL} -fi -# -Hostgroups_Line_NUM=`cat -n $Hostgroups_File | grep "hostgroup_name" | grep $Provider_Name | awk '{print $1}'` # Get line number of hostgroup_name that matches $Provider_Name -# Test if $Client_Shortname already exists as a member of the hostgroup -# Start reading hostgroups.cfg file at $Hostgroups_Line_NUM. Stop at "members". greping for $Client_Shortname -Hostgroups_Member=`cat $Hostgroups_File | sed -n $Hostgroups_Line_NUM',$p' | sed '/members/q' | grep $Client_Shortname` -# -if [[ $Hostgroups_Member = "" ]] ; then - Hostgroups_Crop_NUM=`cat $Hostgroups_File | sed -n $Hostgroups_Line_NUM',$p' | sed '/members/q' | wc -l` # Get number of line between hostgroup_name/$Provider_Name and members - Hostgroups_Count=`expr $Hostgroups_Line_NUM + $Hostgroups_Crop_NUM - "1"` # Add $Hostgroups_Line_NUM to $Hostgroups_Crop_NUM and subtract 1 - sed -i "${Hostgroups_Count}s/$/,$Client_Shortname/" $Hostgroups_File # On line $Hostgroups_Count add $Client_Shortname to the end of the line -else - echo $Client_Shortname "Already exists in the hostgroup, skipping" -fi -# -##################### -# Pre-flight checks # -##################### -# -echo "Conducting Pre-flight checks..." # System configure file has been created, start Pre-flight checks -mv $Client_Shortname.cfg $Nagios_Server_Folder # Move new cfg file into Nagios -/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg > flight_check_$Time_Stamp.log # Pre-flight check -flight_error=`cat flight_check_$Time_Stamp.log | grep Errors | awk '{print $3}'` -flight_warn=`cat flight_check_$Time_Stamp.log | grep Warnings | awk '{print $3}'` -if [[ ! $flight_error = "0" ]] || [[ ! $flight_warn = "0" ]] ; then - echo "ERROR: Something when wrong..." - /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg > $Work_Dir/$Client_Shortname.cfg.error_$Time_Stamp.log # Create error log - mv $Nagios_Server_Folder/$Client_Shortname.cfg $Work_Dir/ # Remove $Client_Shortname.cfg - echo "Please see error log: $Work_Dir/$Client_Shortname.cfg.error_$Time_Stamp.log" - echo "Host configure: $Work_Dir/$Client_Shortname.cfg" - # Send slack notifications to Admins - curl -X POST --data "payload={\"channel\": \"${SLACK_CHANNEL}\", \"username\": \"${SLACK_BOTNAME}\", \"icon_emoji\": \":nagios:\", \"text\": \"${ICON_EMOJI} Nagios pre-flight check failed on host ${Client_Shortname} while running an Ansible playbook please see $Work_Dir/$Client_Shortname.cfg.error_$Time_Stamp.log for more information \"}" ${WEBHOOK_URL} - exit -fi -rm flight_check_$Time_Stamp.log # All is good, remove log file -echo "Pre-flight checks have all passed" -sudo /usr/sbin/service nagios restart # Restart the Nagios service to reload new configuration -echo "Nagios has been restart, have a nice day!" diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/Nagios_RemoteTunnel.sh b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/Nagios_RemoteTunnel.sh deleted file mode 100644 index 2c918e9565..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/Nagios_RemoteTunnel.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Script to establish Reverse SSH Tunnel to the Nagios server -# Workaround for clients where the Nagios server don't have a direct connection (NAT, Firewalled, etc) -# -############# -# Variables # -############# -REMOTE_HOST="ReplaceNAGIOSMASTERADDRESS" -USER_NAME="nagios" -REMOTE_PORT="ReplacePortNumber" -LOCAL_PORT="22" -LOGIN_PORT="22" -IDENTITY_KEY="/home/nagios/.ssh/Adopt_Tunnel_User.key" -# -########### -# Command # -########### -Reverse_Tunnel="ssh -o StrictHostKeyChecking=no -f -n -N -R $REMOTE_PORT:127.0.0.1:$LOCAL_PORT $USER_NAME@$REMOTE_HOST -p $LOGIN_PORT -i $IDENTITY_KEY" -# Running? if not start it -pgrep -f -x "$Reverse_Tunnel" > /dev/null 2>&1 || $Reverse_Tunnel diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/README.md b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/README.md deleted file mode 100644 index deb70ccf3c..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# Nagios Ansible Config Tool - -This is an automation tool to automatically add client systems to Nagios monitoring via Ansible. - -Currently the tool only supports Unix. - -## How to use the tool - -This script is executed on the Nagios Master, and assumes the following: - - The Nagios Plugins are already installed on the client system - - The Nagios user and it's ssh key is configured - - The Nagios client is using an IPv4 address. - -The script expects 6 command line arguments to be passed to it from Ansible, in the following order: - -```bash -{{ ansible_distribution }} {{ ansible_architecture }} {{ inventory_hostname }} {{ ansible_host }} {{ provider }} {{ ansible_port }} -``` - -https://github.com/adoptium/infrastructure/issues/1670 is being used to track replacing the tool with a purely Ansible approach to setting up Nagios monitoring diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/apt.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/apt.cfg deleted file mode 100644 index 06fdc6a907..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/apt.cfg +++ /dev/null @@ -1,10 +0,0 @@ - -define service{ - use generic-service - host_name ReplaceHostName - check_period once-a-day-at-8 - service_description Updates Required - apt - check_command check_by_ssh!/usr/lib/nagios/plugins/check_apt - notifications_enabled 0 - } - diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_mem.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_mem.cfg deleted file mode 100644 index 7133e71f38..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_mem.cfg +++ /dev/null @@ -1,6 +0,0 @@ -define service{ - use generic-service - host_name ReplaceHostName - service_description RAM - check_command check_by_ssh!/usr/local/nagios/libexec/check_mem -f -C -w 15 -c 5 - } diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_ntp_timesync.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_ntp_timesync.cfg deleted file mode 100644 index a7d9b3e7bc..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_ntp_timesync.cfg +++ /dev/null @@ -1,7 +0,0 @@ -define service{ - use generic-service - host_name ReplaceHostName - service_description Check Network Time System - check_command check_by_ssh!/usr/local/nagios/libexec/check_ntp_timesync - check_interval 15 -} diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_timesync.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_timesync.cfg deleted file mode 100644 index 30a4e9132d..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/check_timesync.cfg +++ /dev/null @@ -1,7 +0,0 @@ -define service{ - use generic-service - host_name ReplaceHostName - service_description Check Network Time System - check_command check_by_ssh!/usr/local/nagios/libexec/check_timesync - check_interval 15 -} diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/dnf.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/dnf.cfg deleted file mode 100644 index b1bb6d1b10..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/dnf.cfg +++ /dev/null @@ -1,10 +0,0 @@ - -define service{ - use generic-service - host_name ReplaceHostName - service_description Updates Required - DNF - check_period once-a-day-at-8 - check_command check_by_ssh!/usr/local/nagios/libexec/check_dnf - notifications_enabled 0 - } - diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/hostgroup_template.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/hostgroup_template.cfg deleted file mode 100644 index 1415618d97..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/hostgroup_template.cfg +++ /dev/null @@ -1,5 +0,0 @@ -define hostgroup{ - hostgroup_name PROVIDER - alias ALIAS_INFO - members - } diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/mac.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/mac.cfg deleted file mode 100644 index 2c94bb6f6f..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/mac.cfg +++ /dev/null @@ -1,10 +0,0 @@ - -define service{ - use local-service - host_name ReplaceHostName - check_period once-a-day-at-8 - service_description Updates Required - softwareupdate - check_command remote_check_sw_up_mac - notifications_enabled 0 - } - diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/pkg.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/pkg.cfg deleted file mode 100644 index 183e09ee90..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/pkg.cfg +++ /dev/null @@ -1,10 +0,0 @@ - -define service{ - use generic-service - host_name ReplaceHostName - check_period once-a-day-at-8 - service_description Updates Required - PKG - check_command check_by_ssh!/usr/local/nagios/libexec/check_pkg 2>1 /dev/null - notifications_enabled 0 - } - diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/template.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/template.cfg deleted file mode 100644 index 04fe964c77..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/template.cfg +++ /dev/null @@ -1,45 +0,0 @@ -define host { - use linux-server - host_name ReplaceHostName - alias ReplaceAliasDescription - address ReplaceIPAddress - check_command check_ssh!-4 -t 60 - max_check_attempts 5 - check_period 24x7 - notification_interval 30 - notification_period 24x7 - notifications_enabled 0 -} - -define service{ - use generic-service - host_name ReplaceHostName - service_description Current Load - check_command check_by_ssh!/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,24,20 - check_interval 30 - notifications_enabled 0 -} - -define service{ - use generic-service - host_name ReplaceHostName - service_description Disk Space Root Partition - check_command check_by_ssh!/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p / - check_interval 60 -} - -define service{ - use generic-service - host_name ReplaceHostName - service_description Check Jenkins Connection - check_command check_agent!ReplaceHostName - check_interval 30 -} - -define service{ - use local-service - host_name ReplaceHostName - service_description PING - check_interval 15 - check_command check_ping!200.0,20%!500.0,60% -} diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/template_with_graph.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/template_with_graph.cfg deleted file mode 100644 index be28966851..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/template_with_graph.cfg +++ /dev/null @@ -1,48 +0,0 @@ -define host { - use linux-server - host_name ReplaceHostName - alias ReplaceAliasDescription - address ReplaceIPAddress - check_command check_ssh!-4 -t 60 - max_check_attempts 5 - check_period 24x7 - notification_interval 30 - notification_period 24x7 - notifications_enabled 0 -} - -define service{ - use generic-service - host_name ReplaceHostName - service_description Current Load - check_command check_by_ssh!/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,24,20 - check_interval 30 - action_url /nagiosgraph/cgi-bin/show.cgi?host=$HOSTNAME$&service=$SERVICEDESC$' onMouseOver='showGraphPopup(this)' onMouseOut='hideGraphPopup()' rel='/nagiosgraph/cgi-bin/showgraph.cgi?host=$HOSTNAME$&service=$SERVICEDESC$&period=hour&rrdopts=-w+450 - notifications_enabled 0 -} - -define service{ - use generic-service - host_name ReplaceHostName - service_description Disk Space Root Partition - check_command check_by_ssh!/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p / - check_interval 60 - action_url /nagiosgraph/cgi-bin/show.cgi?host=$HOSTNAME$&service=$SERVICEDESC$' onMouseOver='showGraphPopup(this)' onMouseOut='hideGraphPopup()' rel='/nagiosgraph/cgi-bin/showgraph.cgi?host=$HOSTNAME$&service=$SERVICEDESC$&period=hour&rrdopts=-w+450 -} - -define service{ - use generic-service - host_name ReplaceHostName - service_description Check if Jenkins Agent Connected - check_command check_agent!ReplaceHostName - check_interval 30 - action_url /nagiosgraph/cgi-bin/show.cgi?host=$HOSTNAME$&service=$SERVICEDESC$' onMouseOver='showGraphPopup(this)' onMouseOut='hideGraphPopup()' rel='/nagiosgraph/cgi-bin/showgraph.cgi?host=$HOSTNAME$&service=$SERVICEDESC$&period=hour&rrdopts=-w+450 -} - -define service{ - use local-service - host_name ReplaceHostName - service_description PING - check_interval 15 - check_command check_ping!200.0,20%!500.0,60% -} diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/yum.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/yum.cfg deleted file mode 100644 index 724d2ab472..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/yum.cfg +++ /dev/null @@ -1,10 +0,0 @@ - -define service{ - use generic-service - host_name ReplaceHostName - check_period once-a-day-at-8 - service_description Updates Required - YUM - check_command check_by_ssh!/usr/local/nagios/libexec/check_yum 2>1 /dev/null - notifications_enabled 0 - } - diff --git a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/zypper.cfg b/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/zypper.cfg deleted file mode 100644 index 2bd09fe7ac..0000000000 --- a/ansible/playbooks/Supporting_Scripts/Nagios_Ansible_Config_tool/templates/zypper.cfg +++ /dev/null @@ -1,10 +0,0 @@ - -define service{ - use generic-service - host_name ReplaceHostName - check_period once-a-day-at-8 - service_description Updates Required - Zypper - check_command check_by_ssh!/usr/local/nagios/libexec/check_zypper - notifications_enabled 0 - } -