This guide provides a complete Ansible playbook to install Naemon from official repositories with proper configuration for host and service monitoring, web interface, and alerting.
Current Naemon version: 1.2.2
Create a file named naemon.yml:
---
- name: Install and Configure Naemon
hosts: naemon
become: true
vars:
naemon_user: "naemon"
naemon_group: "naemon"
naemon_config_dir: "/etc/naemon"
naemon_object_dir: "/etc/naemon/objects"
naemon_var_dir: "/var/naemon"
naemonadmin_password: "naemon_admin_123" # Change this!
naemon_port: 80
tasks:
- name: Add Naemon repository (Debian/Ubuntu)
apt_repository:
repo: "deb http://download.naemon.org/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main"
state: present
filename: naemon
when: ansible_os_family == "Debian"
- name: Add Naemon GPG key (Debian/Ubuntu)
apt_key:
url: http://download.naemon.org/naemon.gpg
state: present
when: ansible_os_family == "Debian"
- name: Install Naemon (Debian/Ubuntu)
apt:
name:
- naemon
- naemon-livestatus
- naemon-tools
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Install prerequisites (RHEL/CentOS)
yum:
name:
- wget
- gcc
- glibc
- glibc-common
- perl
- apache
- php
- gd
state: present
when: ansible_os_family == "RedHat"
- name: Download and install Naemon (RHEL/CentOS)
shell: |
wget -O /tmp/naemon.rpm http://download.naemon.org/naemon-rhel/{{ ansible_distribution_major_version }}/x86_64/naemon-latest.x86_64.rpm &&
yum install -y /tmp/naemon.rpm
args:
creates: /usr/bin/naemon
when: ansible_os_family == "RedHat"
- name: Create Naemon configuration directories
file:
path: "{{ item }}"
state: directory
owner: "{{ naemon_user }}"
group: "{{ naemon_group }}"
mode: '0755'
loop:
- "{{ naemon_object_dir }}/hosts"
- "{{ naemon_object_dir }}/services"
- "{{ naemon_object_dir }}/contacts"
- "{{ naemon_object_dir }}/commands"
- "{{ naemon_var_dir }}/archives"
- "{{ naemon_var_dir }}/rw"
- name: Configure Naemon main configuration
lineinfile:
path: "{{ naemon_config_dir }}/naemon.cfg"
regexp: "^{{ item.key }}="
line: "{{ item.key }}={{ item.value }}"
loop:
- { key: 'log_file', value: '{{ naemon_var_dir }}/naemon.log' }
- { key: 'cfg_dir', value: '{{ naemon_object_dir }}' }
- { key: 'object_cache_file', value: '{{ naemon_var_dir }}/objects.cache' }
- { key: 'precached_object_file', value: '{{ naemon_var_dir }}/objects.precache' }
- { key: 'resource_file', value: '{{ naemon_config_dir }}/resource.cfg' }
- { key: 'status_file', value: '{{ naemon_var_dir }}/status.dat' }
- { key: 'status_update_interval', value: '10' }
- { key: 'nagios_user', value: '{{ naemon_user }}' }
- { key: 'nagios_group', value: '{{ naemon_group }}' }
- { key: 'check_external_commands', value: '1' }
- { key: 'command_file', value: '{{ naemon_var_dir }}/rw/naemon.cmd' }
- name: Create htpasswd file for Naemon admin
htpasswd:
path: "{{ naemon_config_dir }}/htpasswd"
name: naemonadmin
password: "{{ naemonadmin_password }}"
owner: root
group: "{{ naemon_group }}"
mode: '0640'
- name: Configure Apache for Naemon (Debian/Ubuntu)
copy:
dest: /etc/apache2/sites-available/naemon.conf
owner: root
group: root
mode: '0644'
content: |
<VirtualHost *:{{ naemon_port }}>
ServerName {{ ansible_fqdn | default(ansible_hostname) }}
DocumentRoot /usr/share/naemon/htdocs
<Directory /usr/share/naemon/htdocs>
Options None
AllowOverride None
Require all granted
Order allow,deny
Allow from all
AuthType Basic
AuthUserFile {{ naemon_config_dir }}/htpasswd
AuthName "Naemon Access"
Require valid-user
</Directory>
ScriptAlias /naemon/cgi-bin/ /usr/lib/naemon/cgi-bin/
<Directory /usr/lib/naemon/cgi-bin>
AllowOverride None
Options +ExecCGI -Indexes
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
when: ansible_os_family == "Debian"
- name: Enable Naemon site (Debian/Ubuntu)
command: a2ensite naemon
args:
creates: /etc/apache2/sites-enabled/naemon.conf
when: ansible_os_family == "Debian"
- name: Enable Apache CGI module (Debian/Ubuntu)
apache2_module:
name: cgi
state: present
when: ansible_os_family == "Debian"
- name: Restart Apache (Debian/Ubuntu)
systemd:
name: apache2
enabled: true
state: restarted
when: ansible_os_family == "Debian"
- name: Restart httpd (RHEL/CentOS)
systemd:
name: httpd
enabled: true
state: restarted
when: ansible_os_family == "RedHat"
- name: Configure firewall (UFW)
ufw:
rule: allow
port: "{{ naemon_port }}"
proto: tcp
comment: "Naemon web interface"
when: ansible_os_family == "Debian"
failed_when: false
- name: Configure firewall (firewalld)
firewalld:
service: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop:
- http
- https
when: ansible_os_family == "RedHat"
failed_when: false
- name: Verify Naemon configuration
command: naemon -v {{ naemon_config_dir }}/naemon.cfg
register: naemon_verify
changed_when: false
failed_when: naemon_verify.rc != 0
- name: Enable and start Naemon service
systemd:
name: naemon
enabled: true
state: started
- name: Wait for Naemon to start
wait_for:
path: "{{ naemon_var_dir }}/rw/naemon.cmd"
delay: 3
timeout: 60
- name: Display Naemon status
debug:
msg: |
Naemon installed successfully!
Web Interface: http://{{ ansible_default_ipv4.address | default(ansible_host) }}/naemon/
Username: naemonadmin
Password: {{ naemonadmin_password }}
IMPORTANT: Change the default password after first login!
Configuration directory: {{ naemon_config_dir }}
Object directory: {{ naemon_object_dir }}
---
naemon:
hosts:
naemon-server:
ansible_host: 192.168.1.118
ansible_user: ansible
ansible_become: true
# Test connectivity
ansible all -i inventory.yml -m ping
# Run the Naemon playbook
ansible-playbook -i inventory.yml naemon.yml
# Run with custom admin password
ansible-playbook -i inventory.yml naemon.yml \
-e "naemonadmin_password=MySecureP@ss123"
# Check Naemon service status
ssh naemon-server "sudo systemctl status naemon"
# Verify configuration
ssh naemon-server "sudo naemon -v /etc/naemon/naemon.cfg"
# Test web interface
curl -I http://naemon-server/naemon/
# Access web UI
# http://naemon-server/naemon/
- name: Add monitored hosts to Naemon
hosts: naemon
become: true
vars:
naemon_object_dir: "/etc/naemon/objects"
hosts_to_monitor:
- name: web-server-1
address: 192.168.1.50
alias: "Web Server 1"
- name: db-server-1
address: 192.168.1.51
alias: "Database Server 1"
tasks:
- name: Create host configurations
copy:
dest: "{{ naemon_object_dir }}/hosts/{{ item.name }}.cfg"
owner: "{{ naemon_user }}"
group: "{{ naemon_group }}"
mode: '0644'
content: |
define host {
use linux-server
host_name {{ item.name }}
alias {{ item.alias }}
address {{ item.address }}
}
define service {
use generic-service
host_name {{ item.name }}
service_description Current Load
check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0
}
define service {
use generic-service
host_name {{ item.name }}
service_description Root Partition
check_command check_local_disk!20%!10%!/
}
define service {
use generic-service
host_name {{ item.name }}
service_description Ping
check_command check_ping!100.0,20%!500.0,60%
}
loop: "{{ hosts_to_monitor }}"
- name: Verify Naemon configuration
command: naemon -v {{ naemon_config_dir }}/naemon.cfg
register: naemon_verify
changed_when: false
- name: Restart Naemon service
systemd:
name: naemon
state: restarted
when: naemon_verify.rc == 0
- name: Configure Naemon email notifications
hosts: naemon
become: true
vars:
naemon_object_dir: "/etc/naemon/objects"
admin_email: "admin@example.com"
tasks:
- name: Update contact definition
copy:
dest: "{{ naemon_object_dir }}/contacts.cfg"
owner: "{{ naemon_user }}"
group: "{{ naemon_group }}"
mode: '0644'
content: |
define contact {
contact_name naemonadmin
alias Naemon Administrator
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-service-by-email
host_notification_commands notify-host-by-email
email {{ admin_email }}
}
define contactgroup {
contactgroup_name admins
alias Naemon Administrators
members naemonadmin
}
- name: Configure email commands
lineinfile:
path: "{{ naemon_config_dir }}/commands.cfg"
regexp: "^define command"
line: |
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Naemon *****\nNotification Type: $NOTIFICATIONTYPE$\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\nDate/Time: $LONGDATETIME$\nAdditional Info: $SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Alert - $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
insertafter: EOF
- name: Restart Naemon
systemd:
name: naemon
state: restarted
# Check logs
sudo tail -f /var/naemon/naemon.log
# Verify configuration
sudo naemon -v /etc/naemon/naemon.cfg
# Check permissions
sudo ls -la /var/naemon/rw/
# Check Apache logs
sudo tail -f /var/log/apache2/error.log # Debian/Ubuntu
sudo tail -f /var/log/httpd/error_log # RHEL/CentOS
# Verify htpasswd file
sudo cat /etc/naemon/htpasswd
# Test Apache configuration
sudo apache2ctl configtest # Debian/Ubuntu
sudo httpd -t # RHEL/CentOS
# Test mail command
echo "Test" | mail -s "Test" admin@example.com
# Check mail logs
sudo tail -f /var/log/mail.log
# Verify contact configuration
sudo cat /etc/naemon/objects/contacts.cfg
We develop tailored automation solutions for:
Let’s discuss your requirements: office@linux-server-admin.com | Contact