diff --git a/changelogs/fragments/feature_add_x509_module_installation.yml b/changelogs/fragments/feature_add_x509_module_installation.yml new file mode 100644 index 00000000..82c1f981 --- /dev/null +++ b/changelogs/fragments/feature_add_x509_module_installation.yml @@ -0,0 +1,3 @@ +--- +major_changes: + - Added Installation of x509 certificate monitoring model diff --git a/doc/getting-started.md b/doc/getting-started.md index 6fd1ce35..8a5b6767 100644 --- a/doc/getting-started.md +++ b/doc/getting-started.md @@ -1,11 +1,19 @@ ### Getting Started -The collection includes two roles in the current version. +The collection includes six roles in the current version. * icinga.repos: Role to manage repositories * [Documentation: doc/role-repos](role-repos/role-repos.md) * icinga.icinga2: Role to install and manage Icinga 2 instances. * [Documentation: doc/role-icinga2](role-icinga2/role-icinga2.md) +* icinga.icingadb: Role to install and manage IcingaDB, Icinga2's new data backend. + * [Documentation: doc/role-icingadb](role-icingadb/role-icingadb.md) +* icinga.icingadb_redis: Role to install and manage Redis, IcingaDB's cache backend. + * [Documentation: doc/role-icingadb_redis](role-icingadb_redis/role-icingadb_redis.md) +* icinga.icingaweb2: Role to install and manage Icinga Web 2. + * [Documentation: doc/role-icingaweb2](role-icingaweb2/role-icingaweb2.md) +* icinga.monitoring_plugins: Role to install and manage Icinga2 compatible monitoring plugins. + * [Documentation: doc/role-monitoring_plugins](role-monitoring_plugins/role-monitoring_plugins.md) --- @@ -39,6 +47,36 @@ ansible-galaxy collection build ansible-collection-icinga ansible-galaxy collection install icinga-icinga-0.3.0.tar.gz ``` +## Databases + +Icinga2 relies on relational databases for many parts of its functionality. **None** of those databases get installed by the roles. You need to install and configure them yourself. For doing so, there are many ways available, e.g. the Ansible role [geerlingguy.mysql](https://galaxy.ansible.com/geerlingguy/mysql) for MySQL flavours (both MySQL and MariaDB) or [geerlingguy.postgresql](https://galaxy.ansible.com/geerlingguy/postgresql) for PostGresQL: + +```yaml +- name: Configure databases for Icinga2 + hosts: database + vars: + mysql_databases: + - name: icingadb + - name: icingaweb + - name: vspheredb + encoding: utf8mb4 + collation: utf8mb4_unicode_ci + - name: director + mysql_users: + - name: icingadb-user + host: localhost + password: icingadb-password + priv: "icingadb.*:ALL" + [...] + roles: + - role: geerlingguy.mysql +``` + +> [!NOTE] +> Schema migrations needed for the respective Icinga components to work will be handled either by the respective roles or by the Icinga components themselves. + + + ## Example Playbooks This is an example on how to install an Icinga 2 server/master instance. diff --git a/doc/role-icingadb/role-icingadb.md b/doc/role-icingadb/role-icingadb.md index 5d66a32a..e30742ab 100644 --- a/doc/role-icingadb/role-icingadb.md +++ b/doc/role-icingadb/role-icingadb.md @@ -5,7 +5,12 @@ This role installs and configures the IcingaDB daemon. In addition it can also i It serves as the official, more performant successor to Icinga IDO. More information about its purpose and design can be found [in the official documentation](https://icinga.com/docs/icinga-db/latest/doc/01-About/). -> :information_source: In many scenarios you want to install the [icingadb_redis role](../role-icingadb_redis/) together with this role. It is part of this collection, too. +> [!TIP] +> In many scenarios you want to install the [icingadb_redis role](../role-icingadb_redis/) together with this role. It is part of this collection, too. + +## Database + +IcingaDB relies on a relational database to persist received data. This database **won't** be created by this role - you need to deploy and configure one in advance. For more information, see the [Databases](../getting-started.md#databases) section in the getting started guide. ## Variables diff --git a/doc/role-icingaweb2/module-x509.md b/doc/role-icingaweb2/module-x509.md new file mode 100644 index 00000000..684000fd --- /dev/null +++ b/doc/role-icingaweb2/module-x509.md @@ -0,0 +1,95 @@ +## Module x509 + +### Variables and Configuration + +The general module parameter like `enabled` and `source` can be applied here. + +| Variable | Value | +|----------|------------| +| enabled | true/false | +| source | package | + +#### Section configuration + +The backend database for the module needs to be available and configured at the `icingaweb2_resources` variable. + +``` +icingaweb2_modules: + x509: + source: package + enabled: true + config: + backend: + resource: x509 +``` + +#### Configure SNI Names. + +To configure SNIs for a IP address, use the dictionary `sni`. + +Example: + +``` +icingaweb2_modules: + x509: + source: package + enabled: true + config: + backend: + resource: x509 + sni: + 192.168.56.213: + hostnames: + - icinga.com + - test2.icinga.com +``` + +#### Import Certificates + +To import certificates use the **list** `certificate_files` all files need to be +available locally beforehand. + +``` +icingaweb2_modules: + x509: + source: package + enabled: true + config: + backend: + resource: x509 + certificate_files: + - /etc/ssl/certs/ca-certificates.crt +``` + +#### Database Schema Setup + +To import the database schema use `database` dictionary with the following variables. + +| Variable | Type | Description | Default | +|----------|------|-------------|---------| +| `import_schema` | `Boolean` | Defines wether the schema will be imported or not. | false | +| `host` | `String` | Defines database address to connect to. | `localhost` | +| `port` | `int` | Defines the database port to connect to. | `3306` or `5432` | +| `user` | `string` | Defines database user | `x509` | +| `name` | `String` | Defines the database to connect to. | `x509` | +| `password` | `String` | Defines the database password to connect with. | OMITTED | +| `ssl_mode` | `String` | Clients attempt to connect using encryption, falling back to an unencrypted connection if an encrypted connection cannot be established |**n/a** | +|`ssl_ca`| `String`| Defines the path to the ca certificate for client authentication. | **n/a** | +|`ssl_cert`|`String`| Defines the path to the certificate for client authentication. | **n/a** | +|`ssl_key`| `String` | Defines the path to the certificate key for client key authentication. | **n/a** | +|`ssl_cipher`|`String`| Ciphers for the client authentication. | **n/a** | +|`ssl_extra_options`|`String`| Extra options for the client authentication. | **n/a** | + + +``` +icingaweb2_modules: + x509: + source: package + enabled: true + database: + import_schema: true + host: localhost + port: 3306 + user: x509 + password: secret +``` diff --git a/doc/role-icingaweb2/role-icingaweb2.md b/doc/role-icingaweb2/role-icingaweb2.md index 4faf1ae7..bff00b7c 100644 --- a/doc/role-icingaweb2/role-icingaweb2.md +++ b/doc/role-icingaweb2/role-icingaweb2.md @@ -7,6 +7,10 @@ The role icingaweb2 installs and configures Icinga Web 2 and its modules. * [IcingaDB](./module-icingadb.md) * [Monitoring](./module-monitoring.md) +## Databases + +Icingaweb2 and some of its modules rely on a relational database to persist data. These databases **won't** be created by this role - you need to deploy and configure them in advance. For more information, see the [Databases](../getting-started.md#databases) section in the getting started guide. + ## Variables ### Icinga Web 2 DB Configuration diff --git a/doc/role-repos/role-repos.md b/doc/role-repos/role-repos.md index a5f60ee6..15ffe24c 100644 --- a/doc/role-repos/role-repos.md +++ b/doc/role-repos/role-repos.md @@ -8,21 +8,21 @@ This role configures Icinga 2 related repositories to provide all necessary pack To enable the EPEL repository. ``` -icinga_repo_epel: true -icinga_repo_scl: true +repos_icinga_epel: true +repos_icinga_scl: true ``` To manage which Icinga Repos to use the following variables: ``` -icinga_repo_stable: true -icinga_repo_testing: false -icinga_repo_snapshot: false +repos_icinga_stable: true +repos_icinga_testing: false +repos_icinga_snapshot: false ``` To use the Icinga Repository Subscription: ``` -icinga_repo_subscription_username: "Your username" -icinga_repo_subscription_password: "Your password" +repos_icinga_subscription_username: "Your username" +repos_icinga_subscription_password: "Your password" ``` diff --git a/roles/icinga2/tasks/objects.yml b/roles/icinga2/tasks/objects.yml index 6ac27328..8376426e 100644 --- a/roles/icinga2/tasks/objects.yml +++ b/roles/icinga2/tasks/objects.yml @@ -1,11 +1,11 @@ --- -- name: collect all config objects for myself +- name: Collect all config objects for myself set_fact: tmp_objects: "{{ tmp_objects| default([]) + lookup('list', hostvars[item]['icinga2_objects'][icinga2_config_host]) }}" with_items: "{{ groups['all'] }}" when: hostvars[item]['icinga2_objects'][icinga2_config_host] is defined -- name: collect all config objects in play vars +- name: Collect all config objects in play vars set_fact: tmp_objects: "{{ tmp_objects| default([]) + lookup('list', icinga2_objects[icinga2_config_host]) }}" when: vars['icinga2_objects'][icinga2_config_host] is defined @@ -21,15 +21,15 @@ with_items: "{{ result.results }}" when: result.results is defined -- name: prepare custom config +- name: Prepare custom config when: icinga2_custom_config is defined and icinga2_custom_config|length > 0 block: - - name: construct _icinga2_custom_conf_paths + - name: Construct _icinga2_custom_conf_paths set_fact: _icinga2_custom_conf_paths: "{{ _icinga2_custom_conf_paths + [ icinga2_fragments_path + '/' + item.path + '/' + item.order|default('20')|string + '_' + item.name] }}" loop: "{{ icinga2_custom_config }}" - - name: prepare custom config paths + - name: Prepare custom config paths file: state: directory owner: root @@ -37,10 +37,10 @@ path: "{{ icinga2_fragments_path }}/{{ item.path }}/" loop: "{{ icinga2_custom_config }}" - - name: add custom config to assemble + - name: Add custom config to assemble ansible.builtin.copy: owner: root group: root src: "files/{{ item.name }}" - dest: "{{ icinga2_fragments_path }}/{{ item.path }}/{{ item.order|default('20')|string }}_{{ item.name }}" + dest: "{{ icinga2_fragments_path }}/{{ item.path }}/{{ item.order | default('20') | string }}_{{ item.name }}" loop: "{{ icinga2_custom_config }}" diff --git a/roles/icinga2/tasks/service.yml b/roles/icinga2/tasks/service.yml index 769f6fa6..277f1032 100644 --- a/roles/icinga2/tasks/service.yml +++ b/roles/icinga2/tasks/service.yml @@ -1,6 +1,6 @@ --- -- name: "{{ icinga2_state }} service icinga2" - service: +- name: "Set service icinga2 to {{ icinga2_state }}" + ansible.builtin.service: name: icinga2 state: "{{ icinga2_state }}" enabled: "{{ icinga2_enabled }}" diff --git a/roles/icingadb/handlers/main.yml b/roles/icingadb/handlers/main.yml index 2a8e27ae..9d9137fb 100644 --- a/roles/icingadb/handlers/main.yml +++ b/roles/icingadb/handlers/main.yml @@ -1,4 +1,4 @@ -- name: icingadb-restart +- name: Icingadb-restart ansible.builtin.service: name: "{{ icingadb_service_name }}" state: restarted diff --git a/roles/icingadb/meta/main.yml b/roles/icingadb/meta/main.yml index de56b28a..eebacd4c 100644 --- a/roles/icingadb/meta/main.yml +++ b/roles/icingadb/meta/main.yml @@ -4,10 +4,10 @@ galaxy_info: - Daniel Bodky description: Role to install, configure or manage IcingaDB. license: Apache-2.0 - min_ansible_version: 2.9 + min_ansible_version: "2.9" platforms: - name: EL - versions: ['7'] +# versions: ['7'] - name: Debian versions: ['buster','bullseye'] - name: Ubuntu @@ -23,4 +23,4 @@ galaxy_info: - icingadb - redis - redis -dependencies: [] +# dependencies: [] diff --git a/roles/icingadb/tasks/manage_config.yml b/roles/icingadb/tasks/manage_config.yml index 0850978e..3308b1dd 100644 --- a/roles/icingadb/tasks/manage_config.yml +++ b/roles/icingadb/tasks/manage_config.yml @@ -6,4 +6,4 @@ owner: "{{ icingadb_user }}" group: "{{ icingadb_group }}" mode: 0640 - notify: icingadb-restart + notify: Icingadb-restart diff --git a/roles/icingadb/tasks/manage_schema_mysql.yml b/roles/icingadb/tasks/manage_schema_mysql.yml index 31ee7021..7a53acca 100644 --- a/roles/icingadb/tasks/manage_schema_mysql.yml +++ b/roles/icingadb/tasks/manage_schema_mysql.yml @@ -4,10 +4,10 @@ - name: Build mysql command ansible.builtin.set_fact: mysqlcmd: >- - mysql {% if icingadb_database_host | default('localhost') != 'localhost' %} -h "{{ icingadb_database_host }}" {%- endif %} - {% if icingadb_database_ca is defined %} --ssl-ca "{{ icingadb_database_ca }}" {%- endif %} - {% if icingadb_database_cert is defined %} --ssl-cert "{{ icingadb_database_cert }}" {%- endif %} - {% if icingadb_database_key is defined %} --ssl-key "{{ icingadb_database_key }}" {%- endif %} + mysql {% if icingadb_database_host | default('localhost') != 'localhost' %} -h "{{ icingadb_database_host }}"{%- endif %} + {% if icingadb_database_ca is defined %} --ssl-ca "{{ icingadb_database_ca }}"{%- endif %} + {% if icingadb_database_cert is defined %} --ssl-cert "{{ icingadb_database_cert }}"{%- endif %} + {% if icingadb_database_key is defined %} --ssl-key "{{ icingadb_database_key }}"{%- endif %} -u "{{ icingadb_database_user | default('icingadb') }}" -p"{{ icingadb_database_password }}" "{{ icingadb_database_name | default('icingadb') }}" diff --git a/roles/icingadb/tasks/manage_schema_pgsql.yml b/roles/icingadb/tasks/manage_schema_pgsql.yml index 2b0b17a2..e06e2bcd 100644 --- a/roles/icingadb/tasks/manage_schema_pgsql.yml +++ b/roles/icingadb/tasks/manage_schema_pgsql.yml @@ -6,15 +6,15 @@ _tmp_pgsqlcmd: >- PGPASSWORD="{{ icingadb_database_password }}" psql - "{% if icingadb_database_host | default('localhost') != 'localhost' %} host="{{ icingadb_database_host }}" {%- endif %} - {% if icingadb_database_port is defined %} port={{ icingadb_database_port }} {%- endif %} + "{% if icingadb_database_host | default('localhost') != 'localhost' %} host="{{ icingadb_database_host }}"{%- endif %} + {% if icingadb_database_port is defined %} port={{ icingadb_database_port }}{%- endif %} user={{ icingadb_database_user | default('icingadb') }} dbname={{ icingadb_database_name | default('icingadb') }} - {% if icingadb_database_sslmode is defined %} sslmode={{ icingadb_database_sslmode }} {%- endif %} - {% if icingadb_database_ca is defined %} sslrootcert={{ icingadb_database_ca }} {%- endif %} - {% if icingadb_database_cert is defined %} sslcert={{ icingadb_database_cert }} {%- endif %} - {% if icingadb_database_key is defined %} sslkey={{ icingadb_database_key }} {%- endif %} - {% if icingadb_database_ssl_extra_options is defined %} {{ icingadb_database_ssl_extra_options }} {%- endif %}" + {% if icingadb_database_sslmode is defined %} sslmode={{ icingadb_database_sslmode }}{%- endif %} + {% if icingadb_database_ca is defined %} sslrootcert={{ icingadb_database_ca }}{%- endif %} + {% if icingadb_database_cert is defined %} sslcert={{ icingadb_database_cert }}{%- endif %} + {% if icingadb_database_key is defined %} sslkey={{ icingadb_database_key }}{%- endif %} + {% if icingadb_database_ssl_extra_options is defined %} {{ icingadb_database_ssl_extra_options }}{%- endif %}" - name: PgSQL check for IcingaDB schema ansible.builtin.shell: > diff --git a/roles/icingadb_redis/defaults/main.yml b/roles/icingadb_redis/defaults/main.yml index a150afff..03b82731 100644 --- a/roles/icingadb_redis/defaults/main.yml +++ b/roles/icingadb_redis/defaults/main.yml @@ -49,8 +49,8 @@ icingadb_redis_auto_aof_rewrite_min_size: 64mb icingadb_redis_aof_load_truncated: 'yes' icingadb_redis_aof_use_rdb_preamble: 'yes' icingadb_redis_lua_time_limit: 5000 -icingadb_slowlog_log_slower_than: 10000 -icingadb_slowlog_max_len: 128 +icingadb_redis_slowlog_log_slower_than: 10000 +icingadb_redis_slowlog_max_len: 128 icingadb_redis_latency_monitor_threshold: 0 icingadb_redis_client_output_buffer_limits: - normal 0 0 0 diff --git a/roles/icingadb_redis/handlers/main.yml b/roles/icingadb_redis/handlers/main.yml index 92dfe252..24df1e2b 100644 --- a/roles/icingadb_redis/handlers/main.yml +++ b/roles/icingadb_redis/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: icingadb-redis-restart +- name: Icingadb-redis-restart ansible.builtin.service: name: "{{ icingadb_redis_service_name }}" state: restarted diff --git a/roles/icingadb_redis/meta/main.yml b/roles/icingadb_redis/meta/main.yml index c83ecb2b..e558c778 100644 --- a/roles/icingadb_redis/meta/main.yml +++ b/roles/icingadb_redis/meta/main.yml @@ -4,10 +4,10 @@ galaxy_info: - Daniel Bodky description: Role to install, configure or manage icingadb-redis instance. license: Apache-2.0 - min_ansible_version: 2.9 + min_ansible_version: "2.9" platforms: - name: EL - versions: ['7'] +# versions: ['7'] - name: Debian versions: ['buster','bullseye'] - name: Ubuntu @@ -23,4 +23,4 @@ galaxy_info: - icingadb - redis - redis -dependencies: [] +# dependencies: [] diff --git a/roles/icingadb_redis/tasks/manage_config.yml b/roles/icingadb_redis/tasks/manage_config.yml index 3e5a9006..05404b9f 100644 --- a/roles/icingadb_redis/tasks/manage_config.yml +++ b/roles/icingadb_redis/tasks/manage_config.yml @@ -6,4 +6,4 @@ owner: "{{ icingadb_redis_user }}" group: "{{ icingadb_redis_group }}" mode: 0640 - notify: icingadb-redis-restart + notify: Icingadb-redis-restart diff --git a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 index a531bc9e..b51ebe5c 100644 --- a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 +++ b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 @@ -120,8 +120,8 @@ lua-time-limit {{ icingadb_redis_lua_time_limit }} # cluster-announce-bus-port 6380 ################################## SLOW LOG ################################### -slowlog-log-slower-than {{ icingadb_slowlog_log_slower_than }} -slowlog-max-len {{ icingadb_slowlog_max_len }} +slowlog-log-slower-than {{ icingadb_redis_slowlog_log_slower_than }} +slowlog-max-len {{ icingadb_redis_slowlog_max_len }} ################################ LATENCY MONITOR ############################## latency-monitor-threshold {{ icingadb_redis_latency_monitor_threshold }} diff --git a/roles/icingaweb2/meta/main.yml b/roles/icingaweb2/meta/main.yml index 06c53a53..1ef6eb3b 100644 --- a/roles/icingaweb2/meta/main.yml +++ b/roles/icingaweb2/meta/main.yml @@ -2,12 +2,12 @@ galaxy_info: author: | - Thilo Wening - Daniel Bodky - description: Role to install, configure or manage icingadb-redis instance. + description: Role to install, configure or manage Icingaweb2 license: Apache-2.0 - min_ansible_version: 2.9 + min_ansible_version: "2.9" platforms: - name: EL - versions: ['7','8'] +# versions: ['7','8'] - name: Debian versions: ['buster','bullseye'] - name: Ubuntu @@ -23,4 +23,4 @@ galaxy_info: - icingadb - redis - redis -dependencies: [] +# dependencies: [] diff --git a/roles/icingaweb2/tasks/main.yml b/roles/icingaweb2/tasks/main.yml index e6bd7b6b..241cb763 100644 --- a/roles/icingaweb2/tasks/main.yml +++ b/roles/icingaweb2/tasks/main.yml @@ -14,7 +14,7 @@ - name: Gather module packages ansible.builtin.set_fact: - icingaweb2_packages: "{{ icingaweb2_packages + [ icingaweb2_module_packages[item.key] ] }}" + icingaweb2_packages: "{{ icingaweb2_packages + [icingaweb2_module_packages[item.key]] }}" loop: "{{ icingaweb2_modules | dict2items }}" when: icingaweb2_modules is defined and icingaweb2_module_packages[item.key] is defined and item.value.enabled is true and item.value.source == "package" @@ -35,11 +35,20 @@ - name: Manage enabled/disabled modules ansible.builtin.file: - src: "{{ icingaweb2_config.global.module_path + '/' + item.key if item.value.enabled|bool == true else omit }}" + src: "{{ icingaweb2_config.global.module_path + '/' + item.key if item.value.enabled | bool == true else omit }}" # noqa: jinja[spacing] dest: "{{ icingaweb2_config_dir }}/enabledModules/{{ item.key }}" owner: "{{ icingaweb2_httpd_user }}" group: "{{ icingaweb2_group }}" state: "{{ 'link' if item.value.enabled|bool == true else 'absent' }}" force: yes + mode: "0777" when: icingaweb2_modules is defined loop: "{{ icingaweb2_modules | dict2items }}" + +# Many daemons fail before e.g. the resource is set up or the schema hasn't been migrated. This is a workaround. +- name: Manage enabled module daemons + ansible.builtin.service: + name: "icinga-{{ item.key }}" + state: restarted + when: icingaweb2_modules is defined and item.value.enabled|bool and item.key in ['vspheredb', 'x509'] + loop: "{{ icingaweb2_modules | dict2items }}" diff --git a/roles/icingaweb2/tasks/manage_icingaweb_config.yml b/roles/icingaweb2/tasks/manage_icingaweb_config.yml index 4574e123..5e134fd6 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_config.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_config.yml @@ -22,7 +22,7 @@ group: "{{ icingaweb2_group }}" mode: "2770" -- name: Ensure fragments exists +- name: Ensure fragments exists # noqa: risky-file-permissions ansible.builtin.file: state: directory dest: "{{ icingaweb2_fragments_path }}/{{ item }}" @@ -69,7 +69,7 @@ - name: Assemble resources.ini when: icingaweb2_db is defined or icingaweb2_resources is defined block: - - name: Manage icingaweb_db resource config + - name: Manage icingaweb_db resource config # noqa: risky-file-permissions ansible.builtin.template: src: modules_config.ini.j2 dest: "{{ icingaweb2_fragments_path }}/resources/resources_01" @@ -82,7 +82,7 @@ _i2_config_hash: "{{ icingaweb2_resources }}" when: icingaweb2_resources is defined - - name: Manage Resources + - name: Manage Resources # noqa: risky-file-permissions ansible.builtin.template: src: modules_config.ini.j2 dest: "{{ icingaweb2_fragments_path }}/resources/resources_02" @@ -102,7 +102,7 @@ permissions: - "*" - - name: Manage icingaweb2_admin privileges + - name: Manage icingaweb2_admin privileges # noqa: risky-file-permissions ansible.builtin.template: src: modules_config.ini.j2 dest: "{{ icingaweb2_fragments_path }}/roles/roles_01" @@ -115,7 +115,7 @@ _i2_config_hash: "{{ icingaweb2_roles }}" when: icingaweb2_roles is defined - - name: Manage icingaweb2_admin privileges + - name: Manage icingaweb2_admin privileges # noqa: risky-file-permissions ansible.builtin.template: src: modules_config.ini.j2 dest: "{{ icingaweb2_fragments_path }}/roles/roles_02" diff --git a/roles/icingaweb2/tasks/manage_icingaweb_mysql_db.yml b/roles/icingaweb2/tasks/manage_icingaweb_mysql_db.yml index 89d992c4..e620f59d 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_mysql_db.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_mysql_db.yml @@ -15,18 +15,19 @@ when: icingaweb2_priv_db_password is defined and icingaweb2_priv_db_user is defined - name: Ensure Icinga Web + when: icingaweb2_db_import_schema | default(False) block: - name: Build mysql command ansible.builtin.set_fact: _tmp_mysqlcmd: >- - mysql {% if icingaweb2_db['host'] | default('localhost') != 'localhost' %} -h "{{ icingaweb2_db['host'] }}" {%- endif %} - {% if icingaweb2_db['port'] is defined %} -P "{{ icingaweb2_db['port'] }}" {%- endif %} - {% if icingaweb2_db['ssl_mode'] is defined %} --ssl-mode "{{ icingaweb2_db['ssl_mode'] }}" {%- endif %} - {% if icingaweb2_db['ssl_ca'] is defined %} --ssl-ca "{{ icingaweb2_db['ssl_ca'] }}" {%- endif %} - {% if icingaweb2_db['ssl_cert'] is defined %} --ssl-cert "{{ icingaweb2_db['ssl_cert'] }}" {%- endif %} - {% if icingaweb2_db['ssl_key'] is defined %} --ssl-key "{{ icingaweb2_db['ssl_key'] }}" {%- endif %} - {% if icingaweb2_db['ssl_cipher'] is defined %} --ssl-cipher "{{ icingaweb2_db['ssl_cipher'] }}" {%- endif %} - {% if icingaweb2_db['ssl_extra_options'] is defined %} {{ icingaweb2_db['ssl_extra_options'] }} {%- endif %} + mysql {% if icingaweb2_db['host'] | default('localhost') != 'localhost' %}-h "{{ icingaweb2_db['host'] }}"{%- endif %} + {% if icingaweb2_db['port'] is defined %} -P "{{ icingaweb2_db['port'] }}"{%- endif %} + {% if icingaweb2_db['ssl_mode'] is defined %} --ssl-mode "{{ icingaweb2_db['ssl_mode'] }}"{%- endif %} + {% if icingaweb2_db['ssl_ca'] is defined %} --ssl-ca "{{ icingaweb2_db['ssl_ca'] }}"{%- endif %} + {% if icingaweb2_db['ssl_cert'] is defined %} --ssl-cert "{{ icingaweb2_db['ssl_cert'] }}"{%- endif %} + {% if icingaweb2_db['ssl_key'] is defined %} --ssl-key "{{ icingaweb2_db['ssl_key'] }}"{%- endif %} + {% if icingaweb2_db['ssl_cipher'] is defined %} --ssl-cipher "{{ icingaweb2_db['ssl_cipher'] }}"{%- endif %} + {% if icingaweb2_db['ssl_extra_options'] is defined %} {{ icingaweb2_db['ssl_extra_options'] }}{%- endif %} -u "{{ icingaweb2_priv_db_user | default(icingaweb2_db['user']) }}" -p"{{ icingaweb2_priv_db_password | default(icingaweb2_db['password']) }}" "{{ icingaweb2_db['name'] }}" @@ -46,9 +47,11 @@ < /usr/share/icingaweb2/schema/mysql.schema.sql when: _icingaweb2_db_schema.rc != 0 run_once: yes - when: icingaweb2_db_import_schema | default(False) - name: Ensure Icinga Web User + when: + - icingaweb2_admin_username is defined + - icingaweb2_admin_password is defined block: - name: MySQL check for icingaweb db schema ansible.builtin.shell: > @@ -61,10 +64,7 @@ - name: Ensure admin user exists ansible.builtin.shell: >- - echo "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ icingaweb2_admin_username }}', 1, + set -o pipefail && echo "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ icingaweb2_admin_username }}', 1, '"`php -r 'echo password_hash("{{ icingaweb2_admin_password }}", PASSWORD_DEFAULT);'`"')" | {{ _tmp_mysqlcmd }} -Ns when: _icingaweb2_db_user.stdout_lines | length <= 0 run_once: yes - when: - - icingaweb2_admin_username is defined - - icingaweb2_admin_password is defined diff --git a/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml b/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml index 44c7252f..f1e69072 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml @@ -9,6 +9,7 @@ when: icingaweb2_priv_db_password is undefined and icingaweb2_priv_db_user is undefined - name: PostgreSQL import IDO schema + when: icingaweb2_db_import_schema | default(False) block: - name: Build psql command ansible.builtin.set_fact: @@ -16,13 +17,13 @@ PGPASSWORD="{{ icingaweb2_priv_db_password | default(icingaweb2_db['password']) }}" psql "host={{ icingaweb2_db['host'] }} - {% if icingaweb2_db['port'] is defined %} port={{ icingaweb2_db['port'] }} {%- endif %} + {% if icingaweb2_db['port'] is defined %} port={{ icingaweb2_db['port'] }}{%- endif %} user={{ icingaweb2_priv_db_user | default(icingaweb2_db['user']) }} dbname={{ icingaweb2_db['name'] }} - {% if icingaweb2_db['ssl_mode'] is defined %} sslmode={{ icingaweb2_db['ssl_mode'] | default('require') }} {%- endif %} - {% if icingaweb2_db['ssl_cert'] is defined %} sslcert={{ icingaweb2_db['ssl_cert'] }} {%- endif %} - {% if icingaweb2_db['ssl_key'] is defined %} sslkey={{ icingaweb2_db['ssl_key'] }} {%- endif %} - {% if icingaweb2_db['ssl_extra_options'] is defined %} {{ icingaweb2_db['ssl_extra_options'] }} {%- endif %}" + {% if icingaweb2_db['ssl_mode'] is defined %} sslmode={{ icingaweb2_db['ssl_mode'] | default('require') }}{%- endif %} + {% if icingaweb2_db['ssl_cert'] is defined %} sslcert={{ icingaweb2_db['ssl_cert'] }}{%- endif %} + {% if icingaweb2_db['ssl_key'] is defined %} sslkey={{ icingaweb2_db['ssl_key'] }}{%- endif %} + {% if icingaweb2_db['ssl_extra_options'] is defined %} {{ icingaweb2_db['ssl_extra_options'] }}{%- endif %}" - name: PostgreSQL check for IDO schema ansible.builtin.shell: > @@ -39,9 +40,11 @@ -w -f /usr/share/icingaweb2/schema/pgsql.schema.sql when: _icingaweb2_db_schema.rc != 0 run_once: yes - when: icingaweb2_db_import_schema | default(False) - name: Ensure Icinga Web User + when: + - icingaweb2_admin_username is defined + - icingaweb2_admin_password is defined block: - name: PostgreSQL check for icingaweb admin user ansible.builtin.shell: > @@ -54,10 +57,7 @@ - name: Ensure admin user exists ansible.builtin.shell: >- - echo "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ icingaweb2_admin_username }}', 1, + set -o pipefail && echo "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ icingaweb2_admin_username }}', 1, '"`php -r 'echo password_hash("{{ icingaweb2_admin_password }}", PASSWORD_DEFAULT);'`"')" | {{ _tmp_pgsqlcmd }} -w when: '"(0 rows)" in _icingaweb2_db_user.stdout_lines' run_once: yes - when: - - icingaweb2_admin_username is defined - - icingaweb2_admin_password is defined diff --git a/roles/icingaweb2/tasks/manage_mysql_imports.yml b/roles/icingaweb2/tasks/manage_mysql_imports.yml new file mode 100644 index 00000000..6603b6cb --- /dev/null +++ b/roles/icingaweb2/tasks/manage_mysql_imports.yml @@ -0,0 +1,38 @@ +--- +- name: Check Database Credentials + ansible.builtin.assert: + that: + - _db['user'] is defined + - _db['password'] is defined + fail_msg: "No database credentials defined." + +- name: Build mysql command + ansible.builtin.set_fact: + _tmp_mysqlcmd: >- + mysql {% if _db['host'] | default('localhost') != 'localhost' %} -h "{{ _db['host'] }}"{%- endif %} + {% if _db['port'] is defined %} -P "{{ _db['port'] }}"{%- endif %} + {% if _db['ssl_mode'] is defined %} --ssl-mode "{{ _db['ssl_mode'] }}"{%- endif %} + {% if _db['ssl_ca'] is defined %} --ssl-ca "{{ _db['ssl_ca'] }}"{%- endif %} + {% if _db['ssl_cert'] is defined %} --ssl-cert "{{ _db['ssl_cert'] }}"{%- endif %} + {% if _db['ssl_key'] is defined %} --ssl-key "{{ _db['ssl_key'] }}"{%- endif %} + {% if _db['ssl_cipher'] is defined %} --ssl-cipher "{{ _db['ssl_cipher'] }}"{%- endif %} + {% if _db['ssl_extra_options'] is defined %} {{ _db['ssl_extra_options'] }}{%- endif %} + -u "{{ _db['user'] }}" + -p"{{ _db['password'] }}" + "{{ _db['name'] }}" + +- name: MySQL check for db schema + ansible.builtin.shell: > + {{ _tmp_mysqlcmd }} + -Ns -e "{{ _db['select_query'] }}" + failed_when: false + changed_when: false + check_mode: false + register: _db_schema + +- name: MySQL import db schema + ansible.builtin.shell: > + {{ _tmp_mysqlcmd }} + < {{ _db['schema_path'] }} + when: _db_schema.rc != 0 + run_once: yes diff --git a/roles/icingaweb2/tasks/modules/businessprocess.yml b/roles/icingaweb2/tasks/modules/businessprocess.yml index 1bcee37a..f1f09733 100644 --- a/roles/icingaweb2/tasks/modules/businessprocess.yml +++ b/roles/icingaweb2/tasks/modules/businessprocess.yml @@ -20,6 +20,7 @@ group: "{{ icingaweb2_group }}" src: "files/{{ _file.src_path }}" dest: "{{ icingaweb2_modules_config_dir }}/{{ item.key }}/processes/{{ _file.name }}" + mode: "0644" when: vars['icingaweb2_modules'][_module]['custom_process_files'] is defined loop: "{{ vars['icingaweb2_modules'][_module]['custom_process_files'] }}" loop_control: diff --git a/roles/icingaweb2/tasks/modules/director.yml b/roles/icingaweb2/tasks/modules/director.yml index e68d7698..84c7d17e 100644 --- a/roles/icingaweb2/tasks/modules/director.yml +++ b/roles/icingaweb2/tasks/modules/director.yml @@ -19,7 +19,7 @@ - config - name: Module Director | Check for pending migrations - ansible.builtin.shell: + ansible.builtin.shell: # noqa: command-instead-of-shell cmd: icingacli director migration pending register: _pending changed_when: _pending.rc|int == 0 @@ -27,12 +27,12 @@ when: vars['icingaweb2_modules']['director']['import_schema'] is defined and vars['icingaweb2_modules']['director']['import_schema'] and vars['icingaweb2_modules']['director']['config'] is defined - name: Module Director | Apply pending migrations - ansible.builtin.shell: + ansible.builtin.shell: # noqa: command-instead-of-shell cmd: icingacli director migration run when: vars['icingaweb2_modules']['director']['import_schema'] is defined and vars['icingaweb2_modules']['director']['import_schema'] and vars['icingaweb2_modules']['director']['config'] is defined and _pending.rc|int == 0 - name: Module Director | Check if kickstart is required - ansible.builtin.shell: + ansible.builtin.shell: # noqa: command-instead-of-shell cmd: icingacli director kickstart required register: _required changed_when: _required.rc|int == 0 @@ -40,7 +40,7 @@ when: vars['icingaweb2_modules']['director']['run_kickstart'] is defined and vars['icingaweb2_modules']['director']['run_kickstart'] and vars['icingaweb2_modules']['director']['kickstart'] is defined - name: Module Director | Check if kickstart is required - ansible.builtin.shell: + ansible.builtin.shell: # noqa: command-instead-of-shell cmd: icingacli director kickstart run when: vars['icingaweb2_modules']['director']['run_kickstart'] is defined and vars['icingaweb2_modules']['director']['run_kickstart'] and vars['icingaweb2_modules']['director']['kickstart'] is defined and _required.rc|int == 0 diff --git a/roles/icingaweb2/tasks/modules/manage_module_config.yml b/roles/icingaweb2/tasks/modules/manage_module_config.yml index c2f774d3..0f8c1001 100644 --- a/roles/icingaweb2/tasks/modules/manage_module_config.yml +++ b/roles/icingaweb2/tasks/modules/manage_module_config.yml @@ -1,8 +1,8 @@ -- name: Module {{ _module }} | Set file content as hash +- name: Module {{ _module }} | Set file content as hash # noqa: name[template] ansible.builtin.set_fact: _i2_config_hash: "{{ lookup('list', vars['icingaweb2_modules'][_module][_file]) }}" -- name: Module {{ _module }} | Write config file {{ _file }}.ini +- name: Module {{ _module }} | Write config file {{ _file }}.ini # noqa: name[template] ansible.builtin.template: src: "modules_config.ini.j2" dest: "{{ icingaweb2_modules_config_dir }}/{{ _module }}/{{ _file }}.ini" diff --git a/roles/icingaweb2/tasks/modules/x509.yml b/roles/icingaweb2/tasks/modules/x509.yml new file mode 100644 index 00000000..1220bae7 --- /dev/null +++ b/roles/icingaweb2/tasks/modules/x509.yml @@ -0,0 +1,66 @@ +- name: Module x509 | Ensure config directory + ansible.builtin.file: + state: directory + dest: "{{ icingaweb2_modules_config_dir }}/{{ _module }}" + owner: "{{ icingaweb2_httpd_user }}" + group: "{{ icingaweb2_group }}" + mode: "2770" + vars: + _module: "{{ item.key }}" + +- name: Module x509 | Manage config files + ansible.builtin.include_tasks: manage_module_config.yml + loop: "{{ _files }}" + loop_control: + loop_var: _file + when: vars['icingaweb2_modules'][_module][_file] is defined + vars: + _module: "{{ item.key }}" + _files: + - config + - sni + +- name: Module x509 | Manage Schema + when: vars['icingaweb2_modules'][_module]['database']['import_schema'] | default(false) + vars: + _module: "{{ item.key }}" + block: + - name: Module x509 | Prepare _db informations + ansible.builtin.set_fact: + _db: + host: "{{ vars['icingaweb2_modules'][_module]['database']['host'] | default('localhost') }}" + port: "{{ vars['icingaweb2_modules'][_module]['database']['port'] | default('3306') }}" + user: "{{ vars['icingaweb2_modules'][_module]['database']['user'] | default('x509') }}" + password: "{{ vars['icingaweb2_modules'][_module]['database']['password'] | default(omit) }}" + name: "{{ vars['icingaweb2_modules'][_module]['database']['name'] | default('x509') }}" + ssl_mode: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_mode'] | default(omit) }}" + ssl_ca: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_ca'] | default(omit) }}" + ssl_cert: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_cert'] | default(omit) }}" + ssl_key: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_key'] | default(omit) }}" + ssl_cipher: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_cipher'] | default(omit) }}" + ssl_extra_options: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_extra_options'] | default(omit) }}" + schema_path: /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql + select_query: "select * from x509_certificate" + when: vars['icingaweb2_modules'][_module]['database']['type'] | default('mysql') == 'mysql' + + - ansible.builtin.fail: + fail_msg: "The Database type select is not supported, {{ vars['icingaweb2_modules'][_module]['database']['type'] }} [Supported=mysql]" + when: vars['icingaweb2_modules'][_module]['database']['type'] is defined and vars['icingaweb2_modules'][_module]['database']['type'] != 'mysql' + + - name: Module x509 | Import Schema + ansible.builtin.include_tasks: ../manage_mysql_imports.yml + + - name: Module x509 | empty _db var + ansible.builtin.set_fact: + _db: {} + +- name: Module x509 | Import Certificates + ansible.builtin.shell: > + icingacli {{ _module }} import --file {{ _file }} + loop: "{{ vars['icingaweb2_modules'][_module]['certificate_files'] }}" + loop_control: + loop_var: _file + vars: + _module: "{{ item.key }}" + when: vars['icingaweb2_modules'][_module]['certificate_files'] is defined + changed_when: false diff --git a/roles/icingaweb2/vars/main.yml b/roles/icingaweb2/vars/main.yml index 8092fd97..588f0d6d 100644 --- a/roles/icingaweb2/vars/main.yml +++ b/roles/icingaweb2/vars/main.yml @@ -2,4 +2,5 @@ icingaweb2_module_packages: icingadb: icingadb-web director: icinga-director - businessprocess: icinga-businessprocess \ No newline at end of file + x509: icinga-x509 + businessprocess: icinga-businessprocess diff --git a/roles/monitoring_plugins/defaults/main.yml b/roles/monitoring_plugins/defaults/main.yml index e23ae1e4..22fac2a2 100644 --- a/roles/monitoring_plugins/defaults/main.yml +++ b/roles/monitoring_plugins/defaults/main.yml @@ -1,7 +1,7 @@ --- # defaults file for monitoring_plugins -icinga_monitoring_plugins_epel: false -icinga_monitoring_plugins_crb: false -icinga_monitoring_plugins_remove: true -icinga_monitoring_plugins_autoremove: false +monitoring_plugins_icinga_epel: false +monitoring_plugins_icinga_crb: false +monitoring_plugins_icinga_remove: true +monitoring_plugins_icinga_autoremove: false diff --git a/roles/monitoring_plugins/meta/main.yml b/roles/monitoring_plugins/meta/main.yml index fee853c0..110e6f7a 100644 --- a/roles/monitoring_plugins/meta/main.yml +++ b/roles/monitoring_plugins/meta/main.yml @@ -1,14 +1,14 @@ galaxy_info: - author: + author: | - Matthias Döhler description: Role to install monitoring plugins as listed in the Icinga Template Library license: AGPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" platforms: - name: EL - versions: - - 7 - - 8 +# versions: +# - 7 +# - 8 - name: Debian versions: - buster @@ -16,5 +16,5 @@ galaxy_info: galaxy_tags: - icinga - monitoring - dependencies: - - icinga.icinga.repos +# dependencies: +# - icinga.icinga.repos diff --git a/roles/monitoring_plugins/tasks/install_on_Debian.yml b/roles/monitoring_plugins/tasks/install_on_Debian.yml index c3bf10fb..a8c59e63 100644 --- a/roles/monitoring_plugins/tasks/install_on_Debian.yml +++ b/roles/monitoring_plugins/tasks/install_on_Debian.yml @@ -2,7 +2,7 @@ - name: Apt - install requested packages become: yes - apt: + ansible.builtin.apt: state: present name: "{{ needed_packages }}" update_cache: true @@ -14,10 +14,10 @@ - name: Apt - remove non-requested packages become: yes - apt: + ansible.builtin.apt: state: absent - name: "{{ (unwanted_packages | difference(['monitoring-plugins-common', 'monitoring-plugins-basic'])) if icinga_monitoring_plugins_check_commands else unwanted_packages }}" - autoremove: "{{ icinga_monitoring_plugins_autoremove }}" + name: "{{ (unwanted_packages | difference(['monitoring-plugins-common', 'monitoring-plugins-basic'])) if monitoring_plugins_icinga_check_commands else unwanted_packages }}" + autoremove: "{{ monitoring_plugins_icinga_autoremove }}" when: - - icinga_monitoring_plugins_remove + - monitoring_plugins_icinga_remove - unwanted_packages diff --git a/roles/monitoring_plugins/tasks/install_on_RedHat.yml b/roles/monitoring_plugins/tasks/install_on_RedHat.yml index 1c95d76f..3c0fdde8 100644 --- a/roles/monitoring_plugins/tasks/install_on_RedHat.yml +++ b/roles/monitoring_plugins/tasks/install_on_RedHat.yml @@ -1,18 +1,18 @@ --- - name: Activate epel repository - include_role: + ansible.builtin.include_role: name: icinga.icinga.repos vars: - icinga_repo_epel: true - icinga_repo_stable: false - icinga_repo_testing: false - icinga_repo_snapshot: false - when: icinga_monitoring_plugins_epel + repos_icinga_epel: true + repos_icinga_stable: false + repos_icinga_testing: false + repos_icinga_snapshot: false + when: monitoring_plugins_icinga_epel - name: Yum - install requested packages become: yes - yum: + ansible.builtin.yum: state: present name: "{{ needed_packages }}" update_cache: true @@ -23,11 +23,11 @@ - name: Dnf - install requested packages become: yes - dnf: + ansible.builtin.dnf: state: present name: "{{ needed_packages }}" update_cache: true - enablerepo: "{{ 'powertools' if ansible_distribution_major_version == '8' and icinga_monitoring_plugins_crb else 'crb' if ansible_distribution_major_version == '9' and icinga_monitoring_plugins_crb }}" + enablerepo: "{{ 'powertools' if ansible_distribution_major_version == '8' and monitoring_plugins_icinga_crb else 'crb' if ansible_distribution_major_version == '9' and monitoring_plugins_icinga_crb }}" when: - ansible_distribution_major_version >= "8" - needed_packages is defined @@ -35,10 +35,10 @@ - name: Yum - remove non-requested packages become: yes - yum: + ansible.builtin.yum: state: absent - name: "{{ (unwanted_packages | difference(['nagios-plugins'])) if icinga_monitoring_plugins_check_commands else unwanted_packages }}" - autoremove: "{{ icinga_monitoring_plugins_autoremove }}" + name: "{{ (unwanted_packages | difference(['nagios-plugins'])) if monitoring_plugins_icinga_check_commands else unwanted_packages }}" + autoremove: "{{ monitoring_plugins_icinga_autoremove }}" when: - - icinga_monitoring_plugins_remove + - monitoring_plugins_icinga_remove - unwanted_packages diff --git a/roles/monitoring_plugins/tasks/main.yml b/roles/monitoring_plugins/tasks/main.yml index f6ef13e9..7e31f3c1 100644 --- a/roles/monitoring_plugins/tasks/main.yml +++ b/roles/monitoring_plugins/tasks/main.yml @@ -1,12 +1,12 @@ --- -- gather_facts: +- ansible.builtin.gather_facts: - name: Include OS family specific vars - include_vars: "{{ role_path }}/vars/{{ ansible_os_family }}.yml" + ansible.builtin.include_vars: "{{ role_path }}/vars/{{ ansible_os_family }}.yml" - name: Include OS distribution/version specific vars - include_vars: "{{ lookup('first_found', params) }}" + ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" vars: params: files: @@ -18,32 +18,32 @@ - "{{ role_path }}/vars" - name: Clean up variable discrepancy - remove entries - set_fact: - icinga_monitoring_plugins_available_packages: "{{ icinga_monitoring_plugins_available_packages | difference(icinga_monitoring_plugins_available_packages_exclude) }}" - when: icinga_monitoring_plugins_available_packages_exclude is defined + ansible.builtin.set_fact: + monitoring_plugins_icinga_available_packages: "{{ monitoring_plugins_icinga_available_packages | difference(monitoring_plugins_icinga_available_packages_exclude) }}" + when: monitoring_plugins_icinga_available_packages_exclude is defined - name: Clean up variable discrepancy - add entries - set_fact: - icinga_monitoring_plugins_available_packages: "{{ icinga_monitoring_plugins_available_packages + icinga_monitoring_plugins_available_packages_include }}" - when: icinga_monitoring_plugins_available_packages_include is defined + ansible.builtin.set_fact: + monitoring_plugins_icinga_available_packages: "{{ monitoring_plugins_icinga_available_packages + monitoring_plugins_icinga_available_packages_include }}" + when: monitoring_plugins_icinga_available_packages_include is defined - name: Make sure that check plugins are requested and that they are defined - assert: + ansible.builtin.assert: that: - - icinga_monitoring_plugins_check_commands is defined - - diff | length == 0 - fail_msg: "The following requested check command names (variable 'icinga_monitoring_plugins_check_commands') are not recognized as available check plugins on this host: {{ diff }}" + - monitoring_plugins_icinga_check_commands is defined + - plugin_diff | length == 0 + fail_msg: "The following requested check command names (variable 'monitoring_plugins_icinga_check_commands') are not recognized as available check plugins on this host: {{ plugin_diff }}" vars: - diff: "{{ icinga_monitoring_plugins_check_commands | default([]) | difference(icinga_monitoring_plugins_available_packages | map(attribute='name') | list) | difference(['all']) }}" + plugin_diff: "{{ monitoring_plugins_icinga_check_commands | default([]) | difference(monitoring_plugins_icinga_available_packages | map(attribute='name') | list) | difference(['all']) }}" - name: Create list of packages to be installed - set_fact: - needed_packages: "{{ icinga_monitoring_plugins_available_packages | map(attribute='pkg_name') if 'all' in icinga_monitoring_plugins_check_commands else (needed_packages | default([]) + (icinga_monitoring_plugins_available_packages | selectattr('name','equalto', item) | map(attribute='pkg_name') | list)) | unique }}" - loop: "{{ icinga_monitoring_plugins_check_commands }}" + ansible.builtin.set_fact: + needed_packages: "{{ monitoring_plugins_icinga_available_packages | map(attribute='pkg_name') if 'all' in monitoring_plugins_icinga_check_commands else (needed_packages | default([]) + (monitoring_plugins_icinga_available_packages | selectattr('name', 'equalto', item) | map(attribute='pkg_name') | list)) | unique }}" + loop: "{{ monitoring_plugins_icinga_check_commands }}" - name: Create list of packages to be removed - set_fact: - unwanted_packages: "{{ icinga_monitoring_plugins_available_packages | map(attribute='pkg_name') | difference(needed_packages | default ([])) }}" + ansible.builtin.set_fact: + unwanted_packages: "{{ monitoring_plugins_icinga_available_packages | map(attribute='pkg_name') | difference(needed_packages | default([])) }}" - name: Install - include_tasks: "install_on_{{ ansible_os_family }}.yml" + ansible.builtin.include_tasks: "install_on_{{ ansible_os_family }}.yml" diff --git a/roles/monitoring_plugins/vars/Debian-Debian-10.yml b/roles/monitoring_plugins/vars/Debian-Debian-10.yml index c756cd9d..b931f658 100644 --- a/roles/monitoring_plugins/vars/Debian-Debian-10.yml +++ b/roles/monitoring_plugins/vars/Debian-Debian-10.yml @@ -1,9 +1,9 @@ --- -icinga_monitoring_plugins_available_packages_exclude: +monitoring_plugins_icinga_available_packages_exclude: - name: uptime pkg_name: "monitoring-plugins-contrib" -icinga_monitoring_plugins_available_packages_include: +monitoring_plugins_icinga_available_packages_include: - name: uptime pkg_name: "nagios-plugins-contrib" diff --git a/roles/monitoring_plugins/vars/Debian-Ubuntu-20.yml b/roles/monitoring_plugins/vars/Debian-Ubuntu-20.yml index c756cd9d..b931f658 100644 --- a/roles/monitoring_plugins/vars/Debian-Ubuntu-20.yml +++ b/roles/monitoring_plugins/vars/Debian-Ubuntu-20.yml @@ -1,9 +1,9 @@ --- -icinga_monitoring_plugins_available_packages_exclude: +monitoring_plugins_icinga_available_packages_exclude: - name: uptime pkg_name: "monitoring-plugins-contrib" -icinga_monitoring_plugins_available_packages_include: +monitoring_plugins_icinga_available_packages_include: - name: uptime pkg_name: "nagios-plugins-contrib" diff --git a/roles/monitoring_plugins/vars/Debian.yml b/roles/monitoring_plugins/vars/Debian.yml index 1d5eabba..c38f4f9e 100644 --- a/roles/monitoring_plugins/vars/Debian.yml +++ b/roles/monitoring_plugins/vars/Debian.yml @@ -1,6 +1,6 @@ --- -icinga_monitoring_plugins_available_packages: +monitoring_plugins_icinga_available_packages: - name: apt pkg_name: "monitoring-plugins-basic" - name: breeze diff --git a/roles/monitoring_plugins/vars/RedHat-8.yml b/roles/monitoring_plugins/vars/RedHat-8.yml index 44f5d9a9..4ddaef06 100644 --- a/roles/monitoring_plugins/vars/RedHat-8.yml +++ b/roles/monitoring_plugins/vars/RedHat-8.yml @@ -1,5 +1,5 @@ --- -icinga_monitoring_plugins_available_packages_exclude: +monitoring_plugins_icinga_available_packages_exclude: - name: game pkg_name: "nagios-plugins-game" diff --git a/roles/monitoring_plugins/vars/RedHat-9.yml b/roles/monitoring_plugins/vars/RedHat-9.yml index 8df1102d..0c7eeb91 100644 --- a/roles/monitoring_plugins/vars/RedHat-9.yml +++ b/roles/monitoring_plugins/vars/RedHat-9.yml @@ -1,5 +1,5 @@ --- -icinga_monitoring_plugins_available_packages_exclude: +monitoring_plugins_icinga_available_packages_exclude: - name: radius pkg_name: "nagios-plugins-radius" diff --git a/roles/monitoring_plugins/vars/RedHat.yml b/roles/monitoring_plugins/vars/RedHat.yml index 0ce6820a..7b7ebb93 100644 --- a/roles/monitoring_plugins/vars/RedHat.yml +++ b/roles/monitoring_plugins/vars/RedHat.yml @@ -1,6 +1,6 @@ --- -icinga_monitoring_plugins_available_packages: +monitoring_plugins_icinga_available_packages: - name: apt pkg_name: "nagios-plugins-apt" - name: breeze diff --git a/roles/repos/defaults/main.yml b/roles/repos/defaults/main.yml index 852c137d..3f33b22c 100644 --- a/roles/repos/defaults/main.yml +++ b/roles/repos/defaults/main.yml @@ -1,24 +1,24 @@ --- -# defaults file for icinga_repos -icinga_repo_yum_stable_url: "http://packages.icinga.com/epel/$releasever/release/" -icinga_repo_yum_stable_key: "{{ icinga_repo_gpgkey }}" -icinga_repo_yum_stable_description: "ICINGA (stable release for epel)" -icinga_repo_yum_testing_url: "http://packages.icinga.com/epel/$releasever/testing/" -icinga_repo_yum_testing_key: "{{ icinga_repo_gpgkey }}" -icinga_repo_yum_testing_description: "ICINGA (testing release for epel)" -icinga_repo_yum_snapshot_url: "http://packages.icinga.com/epel/$releasever/snapshot/" -icinga_repo_yum_snapshot_key: "{{ icinga_repo_gpgkey }}" -icinga_repo_yum_snapshot_description: "ICINGA (snapshot release for epel)" +# defaults file for repos_icingas +repos_icinga_yum_stable_url: "http://packages.icinga.com/epel/$releasever/release/" +repos_icinga_yum_stable_key: "{{ repos_icinga_gpgkey }}" +repos_icinga_yum_stable_description: "ICINGA (stable release for epel)" +repos_icinga_yum_testing_url: "http://packages.icinga.com/epel/$releasever/testing/" +repos_icinga_yum_testing_key: "{{ repos_icinga_gpgkey }}" +repos_icinga_yum_testing_description: "ICINGA (testing release for epel)" +repos_icinga_yum_snapshot_url: "http://packages.icinga.com/epel/$releasever/snapshot/" +repos_icinga_yum_snapshot_key: "{{ repos_icinga_gpgkey }}" +repos_icinga_yum_snapshot_description: "ICINGA (snapshot release for epel)" -icinga_repo_apt_key: "{{ icinga_repo_gpgkey }}" -icinga_repo_apt_keyring: /etc/apt/keyrings/icinga-archive-keyring.asc -icinga_repo_apt_stable_deb: "deb [signed-by={{ icinga_repo_apt_keyring }}] http://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release|lower }} main" -icinga_repo_apt_testing_deb: "deb [signed-by={{ icinga_repo_apt_keyring }}] http://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release|lower }}-testing main" -icinga_repo_apt_snapshot_deb: "deb [signed-by={{ icinga_repo_apt_keyring }}] http://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release|lower }}-snapshots main" +repos_icinga_apt_key: "{{ repos_icinga_gpgkey }}" +repos_icinga_apt_keyring: /etc/apt/keyrings/icinga-archive-keyring.asc +repos_icinga_apt_stable_deb: "deb [signed-by={{ repos_icinga_apt_keyring }}] http://packages.icinga.com/{{ ansible_distribution | lower }} icinga-{{ ansible_distribution_release | lower }} main" +repos_icinga_apt_testing_deb: "deb [signed-by={{ repos_icinga_apt_keyring }}] http://packages.icinga.com/{{ ansible_distribution | lower }} icinga-{{ ansible_distribution_release | lower }}-testing main" +repos_icinga_apt_snapshot_deb: "deb [signed-by={{ repos_icinga_apt_keyring }}] http://packages.icinga.com/{{ ansible_distribution | lower }} icinga-{{ ansible_distribution_release | lower }}-snapshots main" -icinga_repo_gpgkey: "https://packages.icinga.com/icinga.key" -icinga_repo_stable: true -icinga_repo_testing: false -icinga_repo_snapshot: false -icinga_repo_epel: false -icinga_repo_scl: false +repos_icinga_gpgkey: "https://packages.icinga.com/icinga.key" +repos_icinga_stable: true +repos_icinga_testing: false +repos_icinga_snapshot: false +repos_icinga_epel: false +repos_icinga_scl: false diff --git a/roles/repos/meta/main.yml b/roles/repos/meta/main.yml index d2567bc7..e7db8570 100644 --- a/roles/repos/meta/main.yml +++ b/roles/repos/meta/main.yml @@ -5,12 +5,12 @@ galaxy_info: - Thomas Widhalm description: Role to configure or manage official Icinga repositories. license: AGPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" platforms: - name: EL - versions: - - 7 - - 8 +# versions: +# - 7 +# - 8 - name: Debian versions: - buster diff --git a/roles/repos/tasks/Debian.yml b/roles/repos/tasks/Debian.yml index e1936f84..3742c6eb 100644 --- a/roles/repos/tasks/Debian.yml +++ b/roles/repos/tasks/Debian.yml @@ -1,6 +1,6 @@ --- - name: Apt - ensure apt keyrings directory - file: + ansible.builtin.file: state: directory path: /etc/apt/keyrings owner: root @@ -9,8 +9,8 @@ - name: Apt - add repository key ansible.builtin.get_url: - url: "{{ icinga_repo_apt_key }}" - dest: "{{ icinga_repo_apt_keyring }}" + url: "{{ repos_icinga_apt_key }}" + dest: "{{ repos_icinga_apt_keyring }}" owner: root group: root mode: '0644' @@ -18,19 +18,19 @@ - name: Apt - add Icinga repository (stable) become: yes - apt_repository: + ansible.builtin.apt_repository: filename: /etc/apt/sources.list.d/icinga - repo: "{{ icinga_repo_apt_stable_deb }}" - state: "{{ 'present' if icinga_repo_stable else 'absent' }}" + repo: "{{ repos_icinga_apt_stable_deb }}" + state: "{{ 'present' if repos_icinga_stable else 'absent' }}" - name: Apt - add Icinga repository (testing) become: yes - apt_repository: + ansible.builtin.apt_repository: filename: /etc/apt/sources.list.d/icinga - repo: "{{ icinga_repo_apt_testing_deb }}" - state: "{{ 'present' if icinga_repo_testing else 'absent' }}" + repo: "{{ repos_icinga_apt_testing_deb }}" + state: "{{ 'present' if repos_icinga_testing else 'absent' }}" - name: Apt - add Icinga repository (snapshot) become: yes - apt_repository: + ansible.builtin.apt_repository: filename: /etc/apt/sources.list.d/icinga - repo: "{{ icinga_repo_apt_snapshot_deb }}" - state: "{{ 'present' if icinga_repo_snapshot else 'absent' }}" + repo: "{{ repos_icinga_apt_snapshot_deb }}" + state: "{{ 'present' if repos_icinga_snapshot else 'absent' }}" diff --git a/roles/repos/tasks/RedHat.yml b/roles/repos/tasks/RedHat.yml index 7413f5f6..5f91839a 100644 --- a/roles/repos/tasks/RedHat.yml +++ b/roles/repos/tasks/RedHat.yml @@ -1,51 +1,51 @@ --- - name: Yum - add Icinga repository (stable) - yum_repository: + ansible.builtin.yum_repository: file: /etc/yum.repos.d/ICINGA-release name: icinga-stable-release - description: "{{ icinga_repo_yum_stable_description }}" - baseurl: "{{ icinga_repo_yum_stable_url }}" - gpgkey: "{{ icinga_repo_yum_stable_key }}" + description: "{{ repos_icinga_yum_stable_description }}" + baseurl: "{{ repos_icinga_yum_stable_url }}" + gpgkey: "{{ repos_icinga_yum_stable_key }}" gpgcheck: yes - enabled: "{{ icinga_repo_stable }}" - username: "{{ icinga_repo_subscription_username | default(omit) }}" - password: "{{ icinga_repo_subscription_password | default(omit) }}" + enabled: "{{ repos_icinga_stable }}" + username: "{{ repos_icinga_subscription_username | default(omit) }}" + password: "{{ repos_icinga_subscription_password | default(omit) }}" - name: Yum - add Icinga repository (testing) - yum_repository: + ansible.builtin.yum_repository: file: /etc/yum.repos.d/ICINGA-testing name: icinga-testing-builds - description: "{{ icinga_repo_yum_testing_description }}" - baseurl: "{{ icinga_repo_yum_testing_url }}" - gpgkey: "{{ icinga_repo_yum_testing_key }}" + description: "{{ repos_icinga_yum_testing_description }}" + baseurl: "{{ repos_icinga_yum_testing_url }}" + gpgkey: "{{ repos_icinga_yum_testing_key }}" gpgcheck: yes - enabled: "{{ icinga_repo_testing }}" - username: "{{ icinga_repo_subscription_username | default(omit) }}" - password: "{{ icinga_repo_subscription_password | default(omit) }}" + enabled: "{{ repos_icinga_testing }}" + username: "{{ repos_icinga_subscription_username | default(omit) }}" + password: "{{ repos_icinga_subscription_password | default(omit) }}" - name: Yum - add Icinga repository (snapshot) - yum_repository: + ansible.builtin.yum_repository: file: /etc/yum.repos.d/ICINGA-snapshot name: icinga-snapshot-builds - description: "{{ icinga_repo_yum_snapshot_description }}" - baseurl: "{{ icinga_repo_yum_snapshot_url }}" - gpgkey: "{{ icinga_repo_yum_snapshot_key }}" + description: "{{ repos_icinga_yum_snapshot_description }}" + baseurl: "{{ repos_icinga_yum_snapshot_url }}" + gpgkey: "{{ repos_icinga_yum_snapshot_key }}" gpgcheck: yes - enabled: "{{ icinga_repo_snapshot }}" - username: "{{ icinga_repo_subscription_username | default(omit) }}" - password: "{{ icinga_repo_subscription_password | default(omit) }}" + enabled: "{{ repos_icinga_snapshot }}" + username: "{{ repos_icinga_subscription_username | default(omit) }}" + password: "{{ repos_icinga_subscription_password | default(omit) }}" - name: Yum - add EPEL repository - yum: + ansible.builtin.yum: name: epel-release state: present - when: icinga_repo_epel + when: repos_icinga_epel - name: Yum - add SCL repositories - yum: + ansible.builtin.yum: name: centos-release-scl state: present when: - - icinga_repo_scl + - repos_icinga_scl - ansible_distribution == "CentOS" - ansible_distribution_major_version < "8" diff --git a/roles/repos/tasks/main.yml b/roles/repos/tasks/main.yml index d0bd32d8..5f64ac19 100644 --- a/roles/repos/tasks/main.yml +++ b/roles/repos/tasks/main.yml @@ -26,8 +26,8 @@ paths: - "{{ role_path }}/vars" when: - - icinga_repo_subscription_username is defined - - icinga_repo_subscription_password is defined + - repos_icinga_subscription_username is defined + - repos_icinga_subscription_password is defined - name: Add repositories ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" diff --git a/roles/repos/vars/Debian-Raspbian.yml b/roles/repos/vars/Debian-Raspbian.yml index 4b0036bf..90aa4b87 100644 --- a/roles/repos/vars/Debian-Raspbian.yml +++ b/roles/repos/vars/Debian-Raspbian.yml @@ -1,7 +1,7 @@ --- -icinga_repo_apt_stable_deb: # noqa var-naming - "deb [signed-by={{ icinga_repo_apt_keyring }}] http://packages.icinga.com/{{ ansible_lsb.id | lower }} icinga-{{ ansible_distribution_release | lower }} main" -icinga_repo_apt_testing_deb: # noqa var-naming - "deb [signed-by={{ icinga_repo_apt_keyring }}] http://packages.icinga.com/{{ ansible_lsb.id | lower }} icinga-{{ ansible_distribution_release | lower }}-testing main" -icinga_repo_apt_snapshot_deb: # noqa var-naming - "deb [signed-by={{ icinga_repo_apt_keyring }}] http://packages.icinga.com/{{ ansible_lsb.id | lower }} icinga-{{ ansible_distribution_release | lower }}-snapshots main" +repos_icinga_apt_stable_deb: # noqa var-naming + "deb [signed-by={{ repos_icinga_apt_keyring }}] http://packages.icinga.com/{{ ansible_lsb.id | lower }} icinga-{{ ansible_distribution_release | lower }} main" +repos_icinga_apt_testing_deb: # noqa var-naming + "deb [signed-by={{ repos_icinga_apt_keyring }}] http://packages.icinga.com/{{ ansible_lsb.id | lower }} icinga-{{ ansible_distribution_release | lower }}-testing main" +repos_icinga_apt_snapshot_deb: # noqa var-naming + "deb [signed-by={{ repos_icinga_apt_keyring }}] http://packages.icinga.com/{{ ansible_lsb.id | lower }} icinga-{{ ansible_distribution_release | lower }}-snapshots main" diff --git a/roles/repos/vars/RedHat-Fedora.yml b/roles/repos/vars/RedHat-Fedora.yml index 7a81a32a..5c609e42 100644 --- a/roles/repos/vars/RedHat-Fedora.yml +++ b/roles/repos/vars/RedHat-Fedora.yml @@ -1,8 +1,8 @@ --- # Icinga does not provide a testing repository for every Fedora release -icinga_repo_yum_stable_url: "http://packages.icinga.com/fedora/$releasever/release/" -icinga_repo_yum_stable_key: "{{ icinga_repo_gpgkey }}" -icinga_repo_yum_testing_url: "http://packages.icinga.com/fedora/$releasever/testing/" -icinga_repo_yum_testing_key: "{{ icinga_repo_gpgkey }}" -icinga_repo_yum_snapshot_url: "http://packages.icinga.com/fedora/$releasever/snapshot/" -icinga_repo_yum_snapshot_key: "{{ icinga_repo_gpgkey }}" +repos_icinga_yum_stable_url: "http://packages.icinga.com/fedora/$releasever/release/" +repos_icinga_yum_stable_key: "{{ repos_icinga_gpgkey }}" +repos_icinga_yum_testing_url: "http://packages.icinga.com/fedora/$releasever/testing/" +repos_icinga_yum_testing_key: "{{ repos_icinga_gpgkey }}" +repos_icinga_yum_snapshot_url: "http://packages.icinga.com/fedora/$releasever/snapshot/" +repos_icinga_yum_snapshot_key: "{{ repos_icinga_gpgkey }}" diff --git a/roles/repos/vars/subscription-RedHat-Amazon.yml b/roles/repos/vars/subscription-RedHat-Amazon.yml index 69abaff8..bb0e080e 100644 --- a/roles/repos/vars/subscription-RedHat-Amazon.yml +++ b/roles/repos/vars/subscription-RedHat-Amazon.yml @@ -1,7 +1,7 @@ --- -icinga_repo_yum_stable_url: "https://packages.icinga.com/subscription/amazon/al2/release/" -icinga_repo_yum_stable_description: "ICINGA (stable release for al2)" -icinga_repo_yum_testing_url: "https://packages.icinga.com/subscription/amazon/al2/testing/" -icinga_repo_yum_testing_description: "ICINGA (testing release for al2)" -icinga_repo_yum_snapshot_url: "https://packages.icinga.com/subscription/amazon/al2/snapshot/" -icinga_repo_yum_snapshot_description: "ICINGA (snapshot release for al2)" +repos_icinga_yum_stable_url: "https://packages.icinga.com/subscription/amazon/al2/release/" +repos_icinga_yum_stable_description: "ICINGA (stable release for al2)" +repos_icinga_yum_testing_url: "https://packages.icinga.com/subscription/amazon/al2/testing/" +repos_icinga_yum_testing_description: "ICINGA (testing release for al2)" +repos_icinga_yum_snapshot_url: "https://packages.icinga.com/subscription/amazon/al2/snapshot/" +repos_icinga_yum_snapshot_description: "ICINGA (snapshot release for al2)" diff --git a/roles/repos/vars/subscription-RedHat.yml b/roles/repos/vars/subscription-RedHat.yml index b1866486..d644873f 100644 --- a/roles/repos/vars/subscription-RedHat.yml +++ b/roles/repos/vars/subscription-RedHat.yml @@ -1,7 +1,7 @@ --- -icinga_repo_yum_stable_url: "https://packages.icinga.com/subscription/rhel/$releasever/release/" -icinga_repo_yum_stable_description: "ICINGA (stable release for rhel)" -icinga_repo_yum_testing_url: "https://packages.icinga.com/subscription/rhel/$releasever/testing/" -icinga_repo_yum_testing_description: "ICINGA (testing release for rhel)" -icinga_repo_yum_snapshot_url: "https://packages.icinga.com/subscription/rhel/$releasever/snapshot/" -icinga_repo_yum_snapshot_description: "ICINGA (snapshot release for rhel)" +repos_icinga_yum_stable_url: "https://packages.icinga.com/subscription/rhel/$releasever/release/" +repos_icinga_yum_stable_description: "ICINGA (stable release for rhel)" +repos_icinga_yum_testing_url: "https://packages.icinga.com/subscription/rhel/$releasever/testing/" +repos_icinga_yum_testing_description: "ICINGA (testing release for rhel)" +repos_icinga_yum_snapshot_url: "https://packages.icinga.com/subscription/rhel/$releasever/snapshot/" +repos_icinga_yum_snapshot_description: "ICINGA (snapshot release for rhel)"