add postfix monitoring wrapper, allow for sudo configuration

dgoodellrhy · dgoodellrhy · commit 35c2faa24b5f · 2021-05-28T14:09:28.000-04:00
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -10,4 +10,8 @@ ncpa_packages:
   
 ncpa_repo_package_url: https://repo.nagios.com/nagios/7/nagios-repo-7-4.el7.noarch.rpm
 
-ncpa_community_string: 
+ncpa_community_string: 
+
+ncpa_sudoers:
+  - allowed_user: postfix
+    allowed_command: /usr/lib64/nagios/plugins/check_postfix_mailqueue2.sh
diff --git a/files/usr.lib64.nagios.plugins.check_postfix_mailqueue2_wrapper.sh b/files/usr.lib64.nagios.plugins.check_postfix_mailqueue2_wrapper.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+sudo -u postfix /usr/lib64/nagios/plugins/check_postfix_mailqueue2.sh "$@"
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -27,6 +27,15 @@
     mode: 0755
   with_fileglob: usr.lib64.nagios.plugins.*
 
+- name: place sudoers file for relevant checks
+  template:
+    src: etc.sudoers.d.99-nagios.j2
+    dest: "/etc/sudoers.d/99-nagios"
+    owner: root
+    group: root
+    mode: '0640'
+  when: ncpa_sudoers|length > 0
+
 - name: ensure ncpa_listener is started and enabled
   service: name=ncpa_listener state=started enabled=yes
 
diff --git a/templates/etc.sudoers.d.99-nagios.j2 b/templates/etc.sudoers.d.99-nagios.j2
@@ -0,0 +1,3 @@
+{% for sudo_lines in ncpa_sudoers %}
+nagios ALL=({{ sudo_lines.allowed_user }}) NOPASSWD:{{ sudo_lines.allowed_command }}
+{% endfor %}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+#!/bin/bash`
	`2`	`+sudo -u postfix /usr/lib64/nagios/plugins/check_postfix_mailqueue2.sh "$@"`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{% for sudo_lines in ncpa_sudoers %}`
	`2`	`+nagios ALL=({{ sudo_lines.allowed_user }}) NOPASSWD:{{ sudo_lines.allowed_command }}`
	`3`	`+{% endfor %}`