Ansible role. FreeBSD. Configure Nagios.
Feel free to share your feedback and report issues.
- community.general
- Role vbotka.certificate
- Role vbotka.apache
Review the defaults and examples in vars.
- Change shell to /bin/sh
shell> ansible host -e 'ansible_shell_type=csh ansible_shell_executable=/bin/csh' -a 'sudo pw usermod admin -s /bin/sh'
- Install the role and collections
shell> ansible-galaxy role install vbotka.freebsd_nagios
shell> ansible-galaxy collection install community.general
- Fit variables, e.g. in vars/main.yml
shell> editor vbotka.freebsd_nagios/vars/main.yml
- Create and run the playbook
shell> cat freebsd-nagios.yml
- hosts: nagios.example.com
roles:
- vbotka.freebsd_nagios
shell> ansible-playbook freebsd-nagios.yml
- Create certificates
certificate_self_signed:
- {CN: 'nagios.example.com',
private: 'nagios.example.com.key',
csr: 'nagios.example.com.csr',
crt: 'nagios.example.com.crt'}
Configure Apache
apache_vhost:
- ServerName: 'nagios.example.com'
DocumentRoot: '/usr/local/www/nagios'
SSLCertificateFile: '/usr/local/etc/ssl/certs/nagios.example.com.crt'
SSLCertificateKeyFile: '/usr/local/etc/ssl/private/nagios.example.com.key'
apache_directory_blocks:
- Directory: '/usr/local/www/nagios/'
Includefile: 'usr-local-www-nagios.conf'
Conf:
- 'AllowOverride AuthConfig'
- 'AuthType Basic'
- 'AuthBasicProvider file'
- 'AuthUserFile /usr/local/etc/nagios/htpasswd.users'
- 'AuthName MySite'
- 'Require valid-user'
- 'Order allow,deny'
- 'Allow from 10.1.0.11'
- 'DirectoryIndex index.php index.html index.htm'
- 'AddType application/x-httpd-php .php'
- 'AddType application/x-httpd-php-source .phps'
- 'Options Indexes FollowSymLinks'
- 'Require all granted'
- 'php_flag engine on'
- 'php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/'
- Directory: '/usr/local/www/nagios/cgi-bin'
Includefile: 'usr-local-www-nagios-cgibin.conf'
Conf:
- 'Options ExecCGI'
apache_alias:
- 'ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/'
- 'Alias /nagios/ /usr/local/www/nagios/'
apache_httpd_conf_modules:
- {module: 'cgi_module', mod: 'mod_cgi.so', present: true}
- {module: 'cgid_module', mod: 'mod_cgid.so', present: true}
Install py39-htpasswd (Replacement for htpasswd)
shell> pkg install py39-htpasswd
Create password for nagiosadmin
shell> htpasswd.py -b -c /usr/local/etc/nagios/htpasswd.users nagiosadmin ngadminpasswd
Configure Lighttpd
TODO: ansible-config-light install and configure lighttpd
shell> pwd
/usr/local/etc/lighttpd
shell> cat nagios.conf
# BEGIN ANSIBLE MANAGED BLOCK alias.url
alias.url =(
"/nagios/cgi-bin" => "/usr/local/www/nagios/cgi-bin",
"/nagios" => "/usr/local/www/nagios"
)
# END ANSIBLE MANAGED BLOCK alias.url
# BEGIN ANSIBLE MANAGED BLOCK cgi.assign
$HTTP["url"] =~ "^/nagios/cgi-bin" {
cgi.assign += ( "" => "" )
}
# END ANSIBLE MANAGED BLOCK cgi.assign
# BEGIN ANSIBLE MANAGED BLOCK auth
$HTTP["url"] =~ "nagios" {
auth.backend = "plain" # The password is stored as plain text as user:password
auth.backend.plain.userfile = "/usr/local/etc/nagios/passwd"
auth.require = ( "" => (
"method" => "basic",
"realm" => "nagios",
"require" => "user=nagiosadmin"
)
)
}
# END ANSIBLE MANAGED BLOCK auth
Create password for nagiosadmin
shell> cat /usr/local/etc/nagios/passwd
nagiosadmin:ngadminpasswd
- Nagios Documentation
- Apache Tutorial: Dynamic Content with CGI
- Apache HowTo: Authentication and Authorization
- Apache HowTo: Access Control
