0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@Crosachi(crosachi)

Ansibleを使ってnagiosをインストールする(Centos7)

Posted at

概要

  • Ansibleの練習のためにこの記事を書きました
  • yumでApacheとNagiosのインストールをし、コンフィグの修正を行います
  • デフォルトのコンフィグとの差分を管理するためにRCSを利用しています
  • Ansibleサーバの構築から行い、ローカルホストに対して実行します

試した環境

  • Centos7 (minimalインストール)
  • Ansible 2.7 (EPEL)
  • Nagios 4.4 (EPEL)
# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)

# uname -r
3.10.0-957.10.1.el7.x86_64

Ansibleのインストール

# yum -y install epel-release
# yum -y install ansible
# ansible --version
ansible 2.7.10
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Apr  9 2019, 14:30:50) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

Ansibleの設定

Ansibleのhostsを準備する

/etc/ansible/hosts
[nagios-server]
127.0.0.1

Playbookの準備

/etc/ansible/nagios.yml
- hosts: nagios-server
  remote_user: root
  tasks:
   - name: yum install nagios
     yum:
       name: "{{item.name}}"
       enablerepo: "{{item.repo}}"
       state: present
     with_items:
       - {name: httpd, repo: }
       - {name: nagios, repo: epel}
       - {name: nagios-plugins, repo: epel}
     notify:
       - Start & Enable Apache
       - Start & Enable Nagios

   - name: Install RCS
     yum:
       name: "{{item.name}}"
       enablerepo: "{{item.repo}}"
       state: present
     with_items:
       - {name: rcs, repo: }
   - shell: |

       ci -l /etc/php.ini << EOS
       .
       EOS
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^;date.timezone =$"
       replace: "date.timezone =Asia/Tokyo"
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^expose_php = On$"
       replace: "expose_php = Off"
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^session.hash_function = 0$"
       replace: "session.hash_function = sha512"
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^;session.entropy_file = /dev/urandom$"
       replace: "session.entropy_file = /dev/urandom"
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^;session.entropy_length = 32$"
       replace: "session.entropy_length = 128"
     notify:
       - Start & Enable Apache
       - Start & Enable Nagios

   - shell: |
       ci -l /etc/httpd/conf/httpd.conf << EOS
       .
       EOS
   - name: 特定の場所に追加
     blockinfile:
       dest: /etc/httpd/conf/httpd.conf
       insertafter: '^IncludeOptional conf.d/*.conf$'
       content: |
         ServerTokens Prod
         ServerSignature Off
         TraceEnable Off
     notify:
       - Start & Enable Apache

   - shell: |
       ci -l /etc/httpd/conf.d/welcome.conf << EOS
       .
       EOS
   - name: Setting Apache welcom.conf
     replace:
       path: /etc/httpd/conf.d/welcome.conf
       regexp: "^    ErrorDocument 403 /.noindex.html$"
       replace: "#   ErrorDocument 403 /.noindex.html"
     notify:
       - Start & Enable Apache

  handlers:
    -  name: Start & Enable Apache
       systemd:
         name: httpd.service
         state: restarted
         enabled: yes
    - name: Start & Enable Nagios
      systemd:
        name: nagios.service
        state: restarted
        enabled: yes

Ansibleの実行

シンタックスチェックを実施します。

# ansible-playbook /etc/ansible/nagios.yml --ask-pass --syntax-check

playbook: /etc/ansible/nagios.yml

特に問題はないようですので、変更を伴わないチェックモードで実施します。
パスワードは対話的に手入力します。

# ansible-playbook /etc/ansible/nagios.yml --ask-pass --check
SSH password:

PLAY [nagios-server] ***********************************************************************************************

TASK [Gathering Facts] *********************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."}
        to retry, use: --limit @/etc/ansible/nagios.retry

PLAY RECAP *********************************************************************************************************
127.0.0.1                  : ok=0    changed=0    unreachable=0    failed=1

フィンガープリントのエラーが出たので一度手動でログインします。

ssh 127.0.0.1

Are you sure you want to continue connecting (yes/no)?

と聞かれたらyesと入力します。
再度チェックします

# ansible-playbook /etc/ansible/nagios.yml --ask-pass --check
SSH password:

PLAY [nagios-server] ***********************************************************************************************

TASK [Gathering Facts] *********************************************************************************************
ok: [127.0.0.1]

TASK [yum install nagios] ******************************************************************************************
changed: [127.0.0.1] => (item={u'repo': None, u'name': u'httpd'})
changed: [127.0.0.1] => (item={u'repo': u'epel', u'name': u'nagios'})
changed: [127.0.0.1] => (item={u'repo': u'epel', u'name': u'nagios-plugins'})

TASK [Install RCS] *************************************************************************************************
ok: [127.0.0.1] => (item={u'repo': None, u'name': u'rcs'})

TASK [shell] *******************************************************************************************************
skipping: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Path /etc/php.ini does not exist !", "rc": 257}

RUNNING HANDLER [Start & Enable Apache] ****************************************************************************

RUNNING HANDLER [Start & Enable Nagios] ****************************************************************************
        to retry, use: --limit @/etc/ansible/nagios.retry

PLAY RECAP *********************************************************************************************************
127.0.0.1                  : ok=3    changed=1    unreachable=0    failed=1

TASK [Setting php.ini]
*********************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Path /etc/php.ini does not exist !", "rc": 257}

php.iniが無いのでエラーが出ていますがインストール前なので無視しましょう。
インストールを実施します

# ansible-playbook /etc/ansible/nagios.yml --ask-pass
SSH password:

PLAY [nagios-server] ***********************************************************************************************

TASK [Gathering Facts] *********************************************************************************************
ok: [127.0.0.1]

TASK [yum install nagios] ******************************************************************************************
changed: [127.0.0.1] => (item={u'repo': None, u'name': u'httpd'})
changed: [127.0.0.1] => (item={u'repo': u'epel', u'name': u'nagios'})
changed: [127.0.0.1] => (item={u'repo': u'epel', u'name': u'nagios-plugins'})

TASK [Install RCS] *************************************************************************************************
ok: [127.0.0.1] => (item={u'repo': None, u'name': u'rcs'})

TASK [shell] *******************************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [shell] *******************************************************************************************************
changed: [127.0.0.1]

TASK [特定の場所に追加] ****************************************************************************************************
changed: [127.0.0.1]

TASK [shell] *******************************************************************************************************
changed: [127.0.0.1]

TASK [Setting Apache welcom.conf] **********************************************************************************
changed: [127.0.0.1]

RUNNING HANDLER [Start & Enable Apache] ****************************************************************************
changed: [127.0.0.1]

RUNNING HANDLER [Start & Enable Nagios] ****************************************************************************
changed: [127.0.0.1]

PLAY RECAP *********************************************************************************************************
127.0.0.1                  : ok=15   changed=13   unreachable=0    failed=0

実行後の確認

サービスの起動状況を確認します

  • apachectl status
  • nagiostats
  • systemctl list-unit-files | grep -E 'httpd|nagios'
  • ブラウザでの表示確認(アカウントは nagiosadmin/nagiosadmin です)

雑感

このあと、Ansibleのバージョンアップによりエラーが出るようになりました。
冪等性がこの手のツールの特徴ですが、Ansibleのバージョンによって動作が変わるリスクを考えると、シェルスクリプで管理するメリットも強く感じました。
通常のシェルスクリプトでは、複数台のマシンを管理するというより、マシンごとに実行するする必要がありますので、そのあたりの優位性は当然あるわけですが。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?