Home » Blog » Ansible for Nagios NRPE Agent Deployment

Information

Ansible for Nagios NRPE Agent Deployment

Benhcmark Administrator

09/11/2025

0 Views 0

SaveSavedRemoved 0

Automate Nagios NRPE Agent Deployment with Ansible: A Complete Guide

Managing a large fleet of servers comes with a significant challenge: ensuring consistent and reliable monitoring. Manually installing and configuring the Nagios NRPE agent on every machine is not only time-consuming but also prone to human error. A single misconfigured file can lead to monitoring gaps, leaving your infrastructure vulnerable. Fortunately, there’s a better way.

By leveraging Ansible, a powerful automation engine, you can deploy the Nagios NRPE agent across hundreds of servers in minutes. This approach brings consistency, speed, and scalability to your monitoring setup, treating your infrastructure as code. This guide provides a comprehensive walkthrough for creating a robust Ansible playbook to automate the entire process.

Why Automate NRPE Deployment?

Manual configuration is the enemy of scale. As your server count grows, the time required to deploy and update monitoring agents increases exponentially. This often leads to configuration drift, where servers that should be identical end up with slightly different settings.

Ansible solves this by defining the desired state of your systems in a simple, human-readable YAML file called a playbook. When you run the playbook, Ansible ensures every target server matches that defined state.

The key benefits of using Ansible for NRPE include:

• Idempotency: You can run the same playbook multiple times without causing unintended changes. Ansible only applies changes if the system is not already in the desired state.
• Version Control: Store your playbooks in a Git repository to track changes, collaborate with your team, and roll back if necessary.
• Reduced Errors: Automation eliminates the typos and missed steps that plague manual setups.
• Scalability: Deploying NRPE to ten servers or a thousand takes the same amount of effort—just a single command.

Prerequisites for Automation

Before you begin, ensure you have the following in place:

1. An Ansible Control Node: A machine where Ansible is installed and from which you will run your playbooks.
2. Managed Hosts: The target servers where you want to install the NRPE agent.
3. SSH Access: The control node must have passwordless SSH access (using SSH keys) to all managed hosts.
4. Sudo/Root Privileges: The user account Ansible connects with must have sudo privileges to install packages and manage services.

Crafting the Ansible Playbook for NRPE Deployment

Our playbook will handle every step of the installation process, from setting up dependencies to starting the service. Let’s break down the essential tasks.

1. Install Required Dependencies

First, the playbook needs to ensure all necessary build tools and libraries are present on the target systems. NRPE is often compiled from source to ensure the latest version and proper configuration, which requires packages like gcc, make, and openssl-devel.

2. Create a Dedicated Nagios User

For security, it’s a best practice to run the NRPE agent under a dedicated, non-privileged user account. Our playbook will create a nagios user and group specifically for this purpose. Never run monitoring agents as the root user.

3. Download and Compile the NRPE Agent

The playbook will automatically download the latest NRPE source code tarball, extract it, and run the ./configure, make, and make install commands. This ensures a clean and standardized installation on every host.

4. Configure the NRPE Agent Securely

This is the most critical part of the setup. The nrpe.cfg file dictates how the agent behaves and, most importantly, who can connect to it. Using Ansible’s template module is the ideal way to manage this file.

A crucial security measure is to only allow your Nagios server to communicate with the NRPE agent. The allowed_hosts directive in nrpe.cfg should be set to the IP address of your Nagios monitoring server. We can pass this IP address as a variable in our playbook to avoid hardcoding sensitive information and make the playbook reusable for different environments.

5. Open Firewall Ports

The NRPE agent listens on TCP port 5666 by default. The playbook must include a task to open this port in the firewall (e.g., firewalld on CentOS/RHEL or ufw on Ubuntu/Debian) to allow the Nagios server to connect. Without this rule, all monitoring checks will fail.

6. Enable and Start the NRPE Service

Finally, the playbook will ensure the NRPE service is configured to start automatically on boot and is running after the installation is complete. This guarantees that monitoring resumes immediately after a server reboot.

The Complete Ansible Playbook

Here is a complete example playbook that combines all the steps mentioned above. You can adapt it to fit your specific environment, particularly the vars section.

---
- name: Deploy Nagios NRPE Agent
  hosts: your_target_servers
  become: yes
  vars:
    nagios_server_ip: "192.168.1.100" # <-- IMPORTANT: Change this to your Nagios server's IP
    nrpe_version: "4.1.0"

  tasks:
    - name: Install dependencies
      ansible.builtin.package:
        name:
          - gcc
          - make
          - openssl-devel
          - wget
        state: present

    - name: Create Nagios user and group
      ansible.builtin.user:
        name: nagios
        comment: "Nagios User"
        shell: /bin/false
        create_home: no
        system: yes

    - name: Download and unarchive NRPE source
      ansible.builtin.unarchive:
        src: "https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-{{ nrpe_version }}/nrpe-{{ nrpe_version }}.tar.gz"
        dest: /tmp/
        remote_src: yes
        creates: "/tmp/nrpe-{{ nrpe_version }}/"

    - name: Compile and install NRPE
      shell: |
        ./configure
        make all
        make install-groups-users
        make install
        make install-config
        make install-init
      args:
        chdir: "/tmp/nrpe-{{ nrpe_version }}/"
        creates: /usr/local/nagios/bin/nrpe

    - name: Create NRPE configuration from template
      ansible.builtin.template:
        src: templates/nrpe.cfg.j2
        dest: /usr/local/nagios/etc/nrpe.cfg
        owner: nagios
        group: nagios
        mode: '0644'
      notify: restart nrpe

    - name: Open firewall port for NRPE
      ansible.posix.firewalld:
        port: 5666/tcp
        permanent: yes
        state: enabled
        immediate: yes

    - name: Enable and start the NRPE service
      ansible.builtin.systemd:
        name: nrpe
        state: started
        enabled: yes

  handlers:
    - name: restart nrpe
      ansible.builtin.systemd:
        name: nrpe
        state: restarted

You will also need a template file named nrpe.cfg.j2 in a templates directory next to your playbook. Its most important line will be:

# /templates/nrpe.cfg.j2
...
allowed_hosts=127.0.0.1,::1,{{ nagios_server_ip }}
...

Running the Playbook and Verifying the Installation

To execute the playbook, save it as deploy_nrpe.yml and run the following command from your control node:

ansible-playbook deploy_nrpe.yml

Once the playbook completes, you can verify the installation:

1. On the client machine: Check that the NRPE service is active by running sudo systemctl status nrpe.
2. From the Nagios server: Test the connection by running check_nrpe.
   /usr/local/nagios/libexec/check_nrpe -H <client_ip_address>

If configured correctly, you should receive the NRPE version number as a response. You are now ready to add service checks for this host in your Nagios configuration. By embracing automation with Ansible, you can build a more resilient, secure, and manageable monitoring infrastructure.

Source: https://kifarunix.com/deploy-nagios-nrpe-agents-using-ansible/