diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 03ba1fe4..e4428c05 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,8 +32,8 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - python: ['3.9', '3.10'] - ansible: ['2.13.10', '2.14.7'] + python: ['3.10', '3.11'] + ansible: ['2.15', '2.16', '2.17'] scenario: [default] steps: diff --git a/.github/workflows/role-icingadb.yml b/.github/workflows/role-icingadb.yml new file mode 100644 index 00000000..0d7547c4 --- /dev/null +++ b/.github/workflows/role-icingadb.yml @@ -0,0 +1,66 @@ +--- + # These Jobs should be always be run against the latest version of ansible on the systems + # Feel free to update python and ansible versions + # + # In addition to keep them quick and no additional variables are used. + # +name: role-icingadb +on: + push: + branches: + - main + - 'feature/**' + - 'fix/**' + - '!doc/**' + paths: + - roles/icingadb/** + - molecule/role-icingadb/** + pull_request: + branches: + - 'feature/**' + - 'fix/**' + - '!doc/**' + +jobs: + icingadb_latest: + runs-on: ubuntu-latest + + env: + COLLECTION_NAMESPACE: icinga + COLLECTION_NAME: icinga + + strategy: + fail-fast: false + max-parallel: 1 + matrix: + distro: [ubuntu2204] + python: ['3.12'] + ansible: ['2.17'] + scenario: [role-icingadb] + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python }} + + - name: Install dependencies ansible + run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements-test-${{ matrix.ansible }}.txt + + - name: Install collection + run: | + mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE + cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME + + - name: Test with molecule + run: | + ansible --version + molecule --version + molecule test -s ${{ matrix.scenario }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/.github/workflows/role-icingadb_redis.yml b/.github/workflows/role-icingadb_redis.yml index 3a01362c..8379be65 100644 --- a/.github/workflows/role-icingadb_redis.yml +++ b/.github/workflows/role-icingadb_redis.yml @@ -34,8 +34,8 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - python: ['3.10'] - ansible: ['2.16.2'] + python: ['3.12'] + ansible: ['2.17'] scenario: [role-icingadb_redis] steps: @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/role-icingaweb2.yml b/.github/workflows/role-icingaweb2.yml index 6ed31fde..b68f45c1 100644 --- a/.github/workflows/role-icingaweb2.yml +++ b/.github/workflows/role-icingaweb2.yml @@ -34,8 +34,8 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - python: ['3.10'] - ansible: ['2.16.2'] + python: ['3.12'] + ansible: ['2.17'] scenario: [role-icingaweb2] steps: @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/test_icingaweb2_ini_template.yml b/.github/workflows/test_icingaweb2_ini_template.yml index 54f3b887..578e4e47 100644 --- a/.github/workflows/test_icingaweb2_ini_template.yml +++ b/.github/workflows/test_icingaweb2_ini_template.yml @@ -11,6 +11,8 @@ on: paths: - 'roles/icingaweb2/templates/**' - 'molecule/ini-configuration-tests/**' + - '.github/workflows/test_icingaweb2_ini_template.yml' + - 'requirements*' pull_request: branches: - 'feature/**' @@ -18,7 +20,7 @@ on: - '!doc/**' jobs: - test_ini_template: + test_ini_template_2_15: runs-on: ubuntu-latest env: @@ -30,8 +32,94 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - python: ['3.9', '3.10'] - ansible: ['2.13.10', '2.14.7'] + python: ['3.9','3.10','3.11'] + ansible: ['2.15'] + scenario: [ini-configuration-tests] + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python }} + + - name: Install dependencies ansible + run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements-test-${{ matrix.ansible }}.txt + + - name: Install collection + run: | + mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE + cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME + + - name: Test with molecule + run: | + ansible --version + molecule --version + molecule test -s ${{ matrix.scenario }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} + + test_ini_template_2_16: + runs-on: ubuntu-latest + + env: + COLLECTION_NAMESPACE: icinga + COLLECTION_NAME: icinga + + strategy: + fail-fast: false + max-parallel: 1 + matrix: + distro: [ubuntu2204] + python: ['3.10','3.11','3.12'] + ansible: ['2.16'] + scenario: [ini-configuration-tests] + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python }} + + - name: Install dependencies ansible + run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements-test-${{ matrix.ansible }}.txt + + - name: Install collection + run: | + mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE + cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME + + - name: Test with molecule + run: | + ansible --version + molecule --version + molecule test -s ${{ matrix.scenario }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} + + test_ini_template_2_17: + runs-on: ubuntu-latest + + env: + COLLECTION_NAMESPACE: icinga + COLLECTION_NAME: icinga + + strategy: + fail-fast: false + max-parallel: 1 + matrix: + distro: [ubuntu2204] + python: ['3.10','3.11','3.12'] + ansible: ['2.17'] scenario: [ini-configuration-tests] steps: diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cd088bab..ef9d5d39 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -4,6 +4,37 @@ Icinga.Icinga Release Notes .. contents:: Topics +v0.3.4 +====== + +Release Summary +--------------- + +Bugfix release + +Bugfixes +-------- + +- Added missing port paramater to mysql command within icingadb role (#267) +- Fixed collect of icinga2_objects when icinga2_config_host is not defined (#228) +- Fixed issue where reusing the repos role within the monitoring_plugins could cause the deactivation of the repos; using standalone task now (#270) +- Icinga's packages no longer create '/var/log/icingadb-redis/'. Added tasks that create a log directory based on `icingadb_redis_logfile` (#298). + +v0.3.3 +====== + +Release Summary +--------------- + +Bugfix Release + +Bugfixes +-------- + +- ensure backwards compatibility with bool filter (#218) +- icinga2 feature api: fixed missing quotes in delegate ticket command for satellites or second master nodes.(#250) +- icingaweb2: run pqslcmd with LANG=C to ensure the output is in english.(#241) +- remove superfluous curly brace (#246) v0.3.2 ====== diff --git a/PUBLISH.md b/PUBLISH.md new file mode 100644 index 00000000..b5749bc2 --- /dev/null +++ b/PUBLISH.md @@ -0,0 +1,67 @@ +# Creating a new release + +> This is meant as an *internal* note on how to build and publish a new version of this Ansible Collection. + +1. **Get the release branch ready:** + Push your local changes to the remote. + From your local release branch: + ``` + git push --set-upstream origin release/ + ``` + + To avoid having leftover files from your local directory end up in the release, please **cleanly clone the release branch to another directory**. + ``` + git clone --branch release/ git@github.com:Icinga/ansible-collection-icinga.git release_ + cd release_ + ``` + You now only have files that were actually commmited. + +2. **Increase the version number:** + The version of this Collection - as seen by Ansible Galaxy - is determined by **galaxy.yml**. + Increase the version number inside accordingly. + +3. **Create a changelog summary:** + This will be shown in the changelog as a short summary for this release. + + changelogs/fragments/release_summary.yml: + ``` + release_summary: | + Summary text for this release. + "*Bugfix release*" for example. + ``` + +4. **Create a new changelog:** + Lint the changelogs: + ``` + antsibull-changelog lint + ``` + + Generate the changelog: + ``` + antsibull-changelog release --version + ``` + + Commit your changes to the release branch. + +5. **Build and push to Ansible Galaxy:** + Build a release tar ball (verbose shows skipped files): + ``` + ansible-galaxy collection build -vvv + ``` + + Push to Ansible Galaxy: + ``` + ansible-galaxy collection publish --token icinga-icinga-.tar.gz + ``` + > This might show errors which does **not** necessarily mean that it failed. + > Have a look at [Ansible Galaxy](https://galaxy.ansible.com/ui/repo/published/icinga/icinga/) and confirm if the release could be published. + +6. **Create a release on GitHub:** + When [creating a new release](https://github.com/Icinga/ansible-collection-icinga/releases/new) + + - choose \ as tag + - choose the branch "release/\" as target (will be tagged) + - choose \ as title + - copy and paste the release's changelog entry (see [prior releases](https://github.com/Icinga/ansible-collection-icinga/releases)) + - attach the created tar ball (icinga-icinga-\.tar.gz) to the release + - if you feel extra nice, credit contributors by adding their names, e.g. behind the respective issue or feature (`@name`) diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 266657ac..ed186b14 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -124,3 +124,34 @@ releases: - feature_adjust_director_source_installation.yml - release.yml release_date: '2023-12-07' + 0.3.3: + changes: + bugfixes: + - ensure backwards compatibility with bool filter (#218) + - 'icinga2 feature api: fixed missing quotes in delegate ticket command for + satellites or second master nodes.(#250)' + - 'icingaweb2: run pqslcmd with LANG=C to ensure the output is in english.(#241)' + - remove superfluous curly brace (#246) + release_summary: Bugfix Release + fragments: + - fix_missing_quotes_delegate_ticket.yml + release_date: '2024-01-15' + 0.3.4: + changes: + bugfixes: + - Added missing port paramater to mysql command within icingadb role (#267) + - Fixed collect of icinga2_objects when icinga2_config_host is not defined (#228) + - Fixed issue where reusing the repos role within the monitoring_plugins could + cause the deactivation of the repos; using standalone task now (#270) + - Icinga's packages no longer create '/var/log/icingadb-redis/'. Added tasks + that create a log directory based on `icingadb_redis_logfile` (#298). + release_summary: Bugfix release + fragments: + - fix_issue_228.yml + - fix_issue_267.yml + - fix_issue_268.yml + - fix_issue_269.yml + - fix_issue_270.yml + - fix_issue_298.yml + - release_summary.yml + release_date: '2024-07-25' diff --git a/changelogs/fragments/feature_add_pgsql_support_for_modules.yml b/changelogs/fragments/feature_add_pgsql_support_for_modules.yml new file mode 100644 index 00000000..5b558f98 --- /dev/null +++ b/changelogs/fragments/feature_add_pgsql_support_for_modules.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - Added support for PostgresQL databases for Icingaweb2 modules that support it diff --git a/changelogs/fragments/feature_monitoring_plugins_suse.yml b/changelogs/fragments/feature_monitoring_plugins_suse.yml new file mode 100644 index 00000000..1303a84c --- /dev/null +++ b/changelogs/fragments/feature_monitoring_plugins_suse.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - Add support for Suse in the :code:`monitoring_plugins` role. diff --git a/changelogs/fragments/fix_292_icinga2_objects_documentation.yml b/changelogs/fragments/fix_292_icinga2_objects_documentation.yml new file mode 100644 index 00000000..af1e5cb9 --- /dev/null +++ b/changelogs/fragments/fix_292_icinga2_objects_documentation.yml @@ -0,0 +1,4 @@ +--- + +minor_changes: + - Change documentation to better reflect the intended usage of the variable 'icinga2_objects' as a host variable vs. as a play variable. diff --git a/changelogs/fragments/fix_327_unavailable_plugin.yml b/changelogs/fragments/fix_327_unavailable_plugin.yml new file mode 100644 index 00000000..201c66cb --- /dev/null +++ b/changelogs/fragments/fix_327_unavailable_plugin.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Fixed a bug in :code:`monitoring_plugins` where a requested plugin that is **unavailable** would cause a failure even though it is a **known** plugin and should be skipped (#327). diff --git a/changelogs/fragments/fix_issue_298.yml b/changelogs/fragments/fix_issue_298.yml new file mode 100644 index 00000000..547e9ab3 --- /dev/null +++ b/changelogs/fragments/fix_issue_298.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Icinga's packages no longer create '/var/log/icingadb-redis/'. Added tasks that create a log directory based on `icingadb_redis_logfile` (#298). diff --git a/changelogs/fragments/fix_issue_301.yml b/changelogs/fragments/fix_issue_301.yml new file mode 100644 index 00000000..19652485 --- /dev/null +++ b/changelogs/fragments/fix_issue_301.yml @@ -0,0 +1,2 @@ +bugfixes: + - "Certain values within Icinga Web :code:`ini` files got quoted incorrectly using single quotes. They are now quoted properly using double quotes (#301)." diff --git a/changelogs/fragments/fix_issue_302.yml b/changelogs/fragments/fix_issue_302.yml new file mode 100644 index 00000000..b00cd4bf --- /dev/null +++ b/changelogs/fragments/fix_issue_302.yml @@ -0,0 +1,2 @@ +bugfixes: + - "The Icinga DB config template used two different variables to configure (in)secure TLS communication with the database. It now uses :code:`icingadb_database_tls_insecure` for both the condition and as the actual value (#302)." diff --git a/changelogs/fragments/fix_issue_303_x509_mysql_import.yml b/changelogs/fragments/fix_issue_303_x509_mysql_import.yml new file mode 100644 index 00000000..58ae8472 --- /dev/null +++ b/changelogs/fragments/fix_issue_303_x509_mysql_import.yml @@ -0,0 +1,3 @@ +bugfixes: + - "Fixed incorrect failure of x509 variable sanity checks. They now fail as intended instead of due to syntax (#303)." + - "Fixed wrong variable being referenced to apply x509 mysql database schema. Use `schema_path_mysql` now (#303)." diff --git a/changelogs/fragments/fix_issue_308.yml b/changelogs/fragments/fix_issue_308.yml new file mode 100644 index 00000000..f4b00a6a --- /dev/null +++ b/changelogs/fragments/fix_issue_308.yml @@ -0,0 +1,2 @@ +bugfixes: + - "The type of :code:`vars['icinga2_objects']` was wrongly tested for. This should be a list. The type is now `properly checked `_ for (#308)." diff --git a/changelogs/fragments/fix_missing_quotes_delegate_ticket.yml b/changelogs/fragments/fix_missing_quotes_delegate_ticket.yml deleted file mode 100644 index 1951fdf9..00000000 --- a/changelogs/fragments/fix_missing_quotes_delegate_ticket.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - "icinga2 feature api: fixed missing quotes in delegate ticket command for satellites or second master nodes." \ No newline at end of file diff --git a/changelogs/fragments/fix_suse12_dep_missing.yml b/changelogs/fragments/fix_suse12_dep_missing.yml new file mode 100644 index 00000000..133e588c --- /dev/null +++ b/changelogs/fragments/fix_suse12_dep_missing.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - "fixed libboost_regex1_54_0 missing for Suse 12. thanks @dh-roland" diff --git a/changelogs/fragments/fix_update_ca_ssl_cert_documentation b/changelogs/fragments/fix_update_ca_ssl_cert_documentation new file mode 100644 index 00000000..038f63cc --- /dev/null +++ b/changelogs/fragments/fix_update_ca_ssl_cert_documentation @@ -0,0 +1,3 @@ +--- +bugfixes: + - Fixes documentation for the variable name to use when deploying external certificates. from ssl_ca to ssl_cacert. diff --git a/changelogs/fragments/fix_variable_expansion_breaks.yml b/changelogs/fragments/fix_variable_expansion_breaks.yml new file mode 100644 index 00000000..9c6de783 --- /dev/null +++ b/changelogs/fragments/fix_variable_expansion_breaks.yml @@ -0,0 +1,2 @@ +bugfixes: + - Changed variable lookups in the form of `vars['variablename']` to `variablename` to avoid explicitly looking up the `vars` key of a play. diff --git a/changelogs/fragments/minor_changes.yml b/changelogs/fragments/minor_changes.yml index e670073e..05236648 100644 --- a/changelogs/fragments/minor_changes.yml +++ b/changelogs/fragments/minor_changes.yml @@ -2,8 +2,11 @@ bugfixes: - "icingaweb2: run pqslcmd with LANG=C to ensure the output is in english." - remove superfluous curly brace (#246) + - Added block rescue statement if unsupported os found. (#232) minor_changes: - added tests for icingaweb2 ini template - added pyinilint as ini validator after templates - ensure backwards compatibility with bool filter (#218) - "Icingaweb2: fix duplicate task name at kickstart tasks (#244)" + - removed localhost condition as default as it could be a localhost connection. (#257) + - changed all references of "vars['icingaweb2_modules']" to "icingaweb2_modules" (#266) diff --git a/doc/getting-started.md b/doc/getting-started.md index b843a60f..1ec13cb5 100644 --- a/doc/getting-started.md +++ b/doc/getting-started.md @@ -30,6 +30,16 @@ collection. All features which are not configured will be disabled. --- +## Requirements + +**Operatingsystems**: +For **OSFamily Suse** please make sure the Collection **community.general** is available. +Otherwise the modules **zypper_repository** and **zypper** are missing. + +**Imports**: +If you want the collection roles to **import schemas and users to databases**, make sure +the client (**"mysql", "psql"**) for your database is available on your system. + ## Installation To start with the collection, easily install it with the **ansible-galaxy** command. diff --git a/doc/role-icinga2/features/feature-api.md b/doc/role-icinga2/features/feature-api.md index 2368247c..cee0aef1 100644 --- a/doc/role-icinga2/features/feature-api.md +++ b/doc/role-icinga2/features/feature-api.md @@ -123,7 +123,7 @@ If you want to use certificates which aren't created by **Icinga 2 CA**, then us the following variables to point the role to your own certificates. ``` -ssl_ca: ca.crt +ssl_cacert: ca.crt ssl_cert: certificate.crt ssl_key: certificate.key ``` diff --git a/doc/role-icinga2/objects.md b/doc/role-icinga2/objects.md index 0be3a5bb..180f053f 100644 --- a/doc/role-icinga2/objects.md +++ b/doc/role-icinga2/objects.md @@ -7,8 +7,9 @@ generate configuration files with objects included. This variable consists of Icinga 2 object attributes and attributes referring to the file created in the process. -> **_NOTE:_** The second level of the dictionary defines on which host the configuration is created. All objects in the example below, will be gathered and deployed on the host.: `host.example.org`. -In addition this variable can be logically defined at the **host_vars/agent** and are still deployed on the master **host.example.org** +> **_NOTE:_** The second level of the dictionary defines on which host the configuration is created. All objects in the example below, will be gathered and deployed on the host.: `host.example.org`. +In addition this variable can be logically defined at the **host_vars/agent** and are still deployed on the master **host.example.org**. +The second level can **only** be used in **hostvars**! The `file` key will be used to control in which directory structure the object will be placed. In addition the `order` key will define the order of the objects in the destination file. @@ -16,39 +17,71 @@ The default for `order` is set to **10**, so everything below that number will b The `type` will be the original Icinga 2 object types, a list of all can be found in the documentation. [Icinga 2 Monitoring Objects](https://icinga.com/docs/icinga-2/latest/doc/09-object-types/#monitoring-objects) +### Icinga2 Objects in Hostvars + +When defining `icinga2_objects` as a host specific variable (hostvars/groupvars) you can define the variable as a dictionary. Each dictionary key represents the host on which the key's value will be deployed as configuration. +Alternatively you can define `icinga2_objects` as a list which results in the configuration being deployed on just the host for which the variable is defined. + +Example defining the variable within hostvars as a dictionary (inventory entry): + +```yaml +webserver.example.org: + ansible_host: 10.0.0.8 + icinga2_objects: + host.example.org: + - name: "{{ inventory_hostname }}" + type: Host + file: "{{ 'conf.d/' + ansible_hostname + '.conf' }}" + address: "{{ ansible_host }}" + check_command: hostalive + check_interval: 3m + - ... ``` -icinga2_objects: - host.example.org: - - name: "{{ ansible_fqdn }}" - type: Endpoint - file: "{{ 'conf.d/' + ansible_hostname + '.conf' }}" - order: 20 - - name: "{{ ansible_fqdn }}" - type: Zone + +This way you can use some host's variables (like `ansible_host`) to deploy configuration on another host (in this case `host.example.org`). + +Example defining the variable within hostvars as a list (inventory entry): + +```yaml +webserver.example.org: + ansible_host: 10.0.0.8 + icinga2_objects: + - name: "web-api-user" + type: ApiUser file: "{{ 'conf.d/' + ansible_hostname + '.conf' }}" - order: 20 - endpoints: - - "{{ ansible_fqdn }}" - parent: main + password: "somepassword" + permissions: + - "objects/query/Host" + - "objects/query/Service" + - ... ``` -The advantage of the default **icinga2_objects** variable is, that you can run your playbook over many different server without deploying the -monitoring configuration on every host in the playbook. Otherwise the variable should be only placed in `host_vars` files to restrict deployment on every host. +In the above case the list `icinga2_objects` will only be deployed as configuration on host `webserver.example.org`. + +Additionally, the list `icinga2_objects` from within a play's `vars` key will be merged with each host's individual objects. + +### Icinga2 Objects in Play Vars -As a secondary option, you can use the variable without the second level like the following example. +If you need to deploy certain Icinga 2 objects on every host in your play, you can define the variable `icinga2_objects` as a list within your play's `vars` key. +This ensures that, **in addition** to the individual host's objects, there is a common set of objects between your hosts. -> **CAUTION!** If not restricted it will be deployed on every host. This should be only defined in `host_vars` unless -you know what you are doing! +Example defining the variable within your play's vars: ``` icinga2_objects: - - name: "{{ ansible_fqdn }}" - type: Endpoint - file: "{{ 'conf.d/' + ansible_hostname + '.conf' }}" + - name: "GlobalApiUser" + type: ApiUser + file: "conf.d/global_api_users.conf" order: 20 + password: supersecrectpassword123 + permissions: + - "objects/query/Host" + - "objects/query/Service" ``` -More Examples at the end -> [Examples](#examples) +--- + +More examples at the end -> [Examples](#examples) ## Managing Config directories @@ -470,11 +503,11 @@ icinga2_objects: description: The notification address -6: $notification_address6$ -b: $notification_author$ - vars: - +: true - notification_address: $address$ - notification_address6: $address6$ - notification_author: $notification.author$ + vars: + +: true + notification_address: $address$ + notification_address6: $address6$ + notification_author: $notification.author$ ```` #### UserGroup diff --git a/doc/role-icingaweb2/module-icingadb.md b/doc/role-icingaweb2/module-icingadb.md index b095ee35..bfa0f2e5 100644 --- a/doc/role-icingaweb2/module-icingadb.md +++ b/doc/role-icingaweb2/module-icingadb.md @@ -30,3 +30,15 @@ icingaweb2_modules: redis2: host: "192.168.56.201" ``` + +### Redis TLS + +Please use the following parameters to configure TLS connections. The collection won't manage those certificates, ensure those are deployed beforehand. At the redis section add the following: + +``` +redis: + tls: '1' + ca: /path/to/ca.crt + cert: /path/to/cert.crt + key: /path/to/key.key +``` diff --git a/doc/role-icingaweb2/module-x509.md b/doc/role-icingaweb2/module-x509.md index 684000fd..92387ec5 100644 --- a/doc/role-icingaweb2/module-x509.md +++ b/doc/role-icingaweb2/module-x509.md @@ -68,6 +68,7 @@ To import the database schema use `database` dictionary with the following varia | Variable | Type | Description | Default | |----------|------|-------------|---------| | `import_schema` | `Boolean` | Defines wether the schema will be imported or not. | false | +| `type` | `String` | Defines the type of database (`mysql \| pgsql`) | **n/a** | | `host` | `String` | Defines database address to connect to. | `localhost` | | `port` | `int` | Defines the database port to connect to. | `3306` or `5432` | | `user` | `string` | Defines database user | `x509` | @@ -88,6 +89,7 @@ icingaweb2_modules: enabled: true database: import_schema: true + type: mysql host: localhost port: 3306 user: x509 diff --git a/doc/role-icingaweb2/role-icingaweb2.md b/doc/role-icingaweb2/role-icingaweb2.md index bff00b7c..93bcbd03 100644 --- a/doc/role-icingaweb2/role-icingaweb2.md +++ b/doc/role-icingaweb2/role-icingaweb2.md @@ -32,7 +32,7 @@ icingaweb2_db: * `icingaweb2_admin_: string` * Set the username and password for the first admin user for Icinga Web 2. -#### Resources +### Resources Besides the standard Icinga Web 2 database you may configure additional resources for IcingaDB or automated imports. @@ -51,3 +51,81 @@ icingaweb2_resources: type: ldap [...] ``` + +### General Configuration + +The general configuration of Icinga Web 2 is located at `{{ icingaweb2_config_dir }}/config.ini`. +To create the file the following variable is used (default): + +``` +icingaweb2_config: + global: + show_stacktraces: 1 + show_application_state_messages: 1 + config_resource: icingaweb2_db + module_path: /usr/share/icingaweb2/modules + logging: + log: syslog + level: ERROR + application: icingaweb2 + facility: user + themes: + default: Icinga +``` + +Within a task the YAML structure is effectively translated to INI and written to `{{ icingaweb2_config_dir }}/config.ini`. + +Explained: + +* `icingaweb2_config` defines the file to be written (`config.ini`) +* `global`, `logging` and `themes` are the names of the respective sections within the INI file +* Everything underneath each key / section is a key value pair for the given section within the INI file + +So the above YAML results in: + +``` +[global] +show_stacktraces = "1" +show_application_state_messages = "1" +config_resource = icingaweb2_db +module_path = /usr/share/icingaweb2/modules + +[logging] +log = syslog +level = ERROR +application = icingaweb2 +facility = user + +[themes] +default = Icinga +``` + +For more information about the general configuration have a look at the [official documentation](https://icinga.com/docs/icinga-web/latest/doc/03-Configuration/#general-configuration). + +### Authentication + +At least one method of user authentication needs to be configured in order to use Icinga Web 2. This is achieved by defining `icingaweb2_authentication`. +By default the following is set: + +``` +icingaweb2_authentication: + icingaweb2: + backend: db + resource: icingaweb2_db +``` + +This is also converted to INI and written to `{{ icingaweb2_config_dir }}/authentication.ini` + +--- + +Similar to the above snippet group backends can also be defined using `icingaweb2_groups`. +Default: + +``` +icingaweb2_groups: + icingaweb2: + backend: db + resource: icingaweb2_db +``` + +For more information about key value pairs for different authentication methods see the [official documentation](https://icinga.com/docs/icinga-web/latest/doc/05-Authentication/). diff --git a/doc/role-monitoring_plugins/check_command_list.md b/doc/role-monitoring_plugins/check_command_list.md index 05633f90..131b6ef8 100644 --- a/doc/role-monitoring_plugins/check_command_list.md +++ b/doc/role-monitoring_plugins/check_command_list.md @@ -1,68 +1,68 @@ # Available Check Commands -Here is a list of the available check commands and the packages they correspond to for Debian and RedHat based systems. +Here is a list of the available check commands and the packages they correspond to for Debian, RedHat and Suse based systems. Depending on the major version some packages might not be available. For example `nagios-plugins-game` is available using Enterprise Linux **7** and **9** but not using Enterprise Linux **8**. -A run will **not** fail because of that. Those requested checks are silently skipped. +A run will **not** fail because of that. Those requested checks are silently skipped. -Version specific differences in package names are also accounted for. +Version specific differences in package names are also accounted for. -| Check Command Name | Debian Package | RedHat Package | -| --- | --- | --- | -| apt | monitoring-plugins-basic | nagios-plugins-apt | -| breeze | monitoring-plugins-standard | nagios-plugins-breeze | -| by_ssh | monitoring-plugins-basic | nagios-plugins-by_ssh | -| clamd | monitoring-plugins-basic | nagios-plugins-tcp | -| dhcp | monitoring-plugins-basic | nagios-plugins-dhcp | -| dig | monitoring-plugins-standard | nagios-plugins-dig | -| disk | monitoring-plugins-basic | nagios-plugins-disk | -| disk_smb | monitoring-plugins-standard | nagios-plugins-disk_smb | -| dns | monitoring-plugins-standard | nagios-plugins-dns | -| file_age | monitoring-plugins-basic | nagios-plugins-file_age | -| flexlm | monitoring-plugins-standard | nagios-plugins-flexlm | -| fping | monitoring-plugins-standard | nagios-plugins-fping | -| fping4 | monitoring-plugins-standard | nagios-plugins-fping | -| fping6 | monitoring-plugins-standard | nagios-plugins-fping | -| ftp | monitoring-plugins-basic | nagios-plugins-tcp | -| game | monitoring-plugins-standard | nagios-plugins-game | -| hostalive | monitoring-plugins-basic | nagios-plugins-ping | -| hostalive4 | monitoring-plugins-basic | nagios-plugins-ping | -| hostalive6 | monitoring-plugins-basic | nagios-plugins-ping | -| hpjd | monitoring-plugins-standard | nagios-plugins-hpjd | -| http | monitoring-plugins-basic | nagios-plugins-http | -| icmp | monitoring-plugins-basic | nagios-plugins-icmp | -| imap | monitoring-plugins-basic | nagios-plugins-tcp | -| ldap | monitoring-plugins-standard | nagios-plugins-ldap | -| load | monitoring-plugins-basic | nagios-plugins-load | -| mailq | monitoring-plugins-standard | nagios-plugins-mailq | -| mysql | monitoring-plugins-standard | nagios-plugins-mysql | -| mysql_query | monitoring-plugins-standard | nagios-plugins-mysql | -| negate | monitoring-plugins-common | nagios-plugins | -| nrpe | nagios-nrpe-plugin | nagios-plugins-nrpe | -| nscp | monitoring-plugins-basic | nagios-plugins-nt | -| ntp_peer | monitoring-plugins-basic | nagios-plugins-ntp | -| ntp_time | monitoring-plugins-basic | nagios-plugins-ntp | -| pgsql | monitoring-plugins-standard | nagios-plugins-pgsql | -| ping | monitoring-plugins-basic | nagios-plugins-ping | -| ping4 | monitoring-plugins-basic | nagios-plugins-ping | -| ping6 | monitoring-plugins-basic | nagios-plugins-ping | -| pop | monitoring-plugins-basic | nagios-plugins-tcp | -| procs | monitoring-plugins-basic | nagios-plugins-procs | -| radius | monitoring-plugins-standard | nagios-plugins-radius | -| rpc | monitoring-plugins-standard | nagios-plugins-rpc | -| simap | monitoring-plugins-basic | nagios-plugins-tcp | -| smart | monitoring-plugins-basic | nagios-plugins-ide_smart | -| smtp | monitoring-plugins-basic | nagios-plugins-smtp | -| snmp | monitoring-plugins-standard | nagios-plugins-snmp | -| snmpv3 | monitoring-plugins-standard | nagios-plugins-snmp | -| snmp-uptime | monitoring-plugins-standard | nagios-plugins-snmp | -| spop | monitoring-plugins-basic | nagios-plugins-tcp | -| ssh | monitoring-plugins-basic | nagios-plugins-ssh | -| ssl | monitoring-plugins-basic | nagios-plugins-tcp | -| ssmtp | monitoring-plugins-basic | nagios-plugins-tcp | -| swap | monitoring-plugins-basic | nagios-plugins-swap | -| tcp | monitoring-plugins-basic | nagios-plugins-tcp | -| udp | monitoring-plugins-basic | nagios-plugins-tcp | -| ups | monitoring-plugins-basic | nagios-plugins-ups | -| uptime | nagios-plugins-contrib | nagios-plugins-uptime | -| users | monitoring-plugins-basic | nagios-plugins-users | +| Check Command Name | Debian Package | RedHat Package | Suse Package | +| --- | --- | --- | --- | +| apt | monitoring-plugins-basic | nagios-plugins-apt | - | +| breeze | monitoring-plugins-standard | nagios-plugins-breeze | monitoring-plugins-breeze | +| by_ssh | monitoring-plugins-basic | nagios-plugins-by_ssh | monitoring-plugins-by_ssh | +| clamd | monitoring-plugins-basic | nagios-plugins-tcp | nagios-plugins-tcp | +| dhcp | monitoring-plugins-basic | nagios-plugins-dhcp | monitoring-plugins-dhcp | +| dig | monitoring-plugins-standard | nagios-plugins-dig | monitoring-plugins-dig | +| disk | monitoring-plugins-basic | nagios-plugins-disk | monitoring-plugins-disk | +| disk_smb | monitoring-plugins-standard | nagios-plugins-disk_smb | monitoring-plugins-disk_smb | +| dns | monitoring-plugins-standard | nagios-plugins-dns | monitoring-plugins-dns | +| file_age | monitoring-plugins-basic | nagios-plugins-file_age | monitoring-plugins-file_age | +| flexlm | monitoring-plugins-standard | nagios-plugins-flexlm | monitoring-plugins-flexlm | +| fping | monitoring-plugins-standard | nagios-plugins-fping | monitoring-plugins-fping | +| fping4 | monitoring-plugins-standard | nagios-plugins-fping | monitoring-plugins-fping | +| fping6 | monitoring-plugins-standard | nagios-plugins-fping | monitoring-plugins-fping | +| ftp | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| game | monitoring-plugins-standard | nagios-plugins-game | - | +| hostalive | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| hostalive4 | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| hostalive6 | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| hpjd | monitoring-plugins-standard | nagios-plugins-hpjd | monitoring-plugins-hpjd | +| http | monitoring-plugins-basic | nagios-plugins-http | monitoring-plugins-http | +| icmp | monitoring-plugins-basic | nagios-plugins-icmp | monitoring-plugins-icmp | +| imap | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| ldap | monitoring-plugins-standard | nagios-plugins-ldap | monitoring-plugins-ldap | +| load | monitoring-plugins-basic | nagios-plugins-load | monitoring-plugins-load | +| mailq | monitoring-plugins-standard | nagios-plugins-mailq | monitoring-plugins-mailq | +| mysql | monitoring-plugins-standard | nagios-plugins-mysql | monitoring-plugins-mysql | +| mysql_query | monitoring-plugins-standard | nagios-plugins-mysql | monitoring-plugins-mysql | +| negate | monitoring-plugins-common | nagios-plugins | monitoring-plugins-common | +| nrpe | nagios-nrpe-plugin | nagios-plugins-nrpe | monitoring-plugins-nrpe | +| nscp | monitoring-plugins-basic | nagios-plugins-nt | monitoring-plugins-nt | +| ntp_peer | monitoring-plugins-basic | nagios-plugins-ntp | monitoring-plugins-ntp_peer | +| ntp_time | monitoring-plugins-basic | nagios-plugins-ntp | monitoring-plugins-ntp_time | +| pgsql | monitoring-plugins-standard | nagios-plugins-pgsql | monitoring-plugins-pgsql | +| ping | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| ping4 | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| ping6 | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| pop | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| procs | monitoring-plugins-basic | nagios-plugins-procs | monitoring-plugins-procs | +| radius | monitoring-plugins-standard | nagios-plugins-radius | monitoring-plugins-radius | +| rpc | monitoring-plugins-standard | nagios-plugins-rpc | monitoring-plugins-rpc | +| simap | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| smart | monitoring-plugins-basic | nagios-plugins-ide_smart | monitoring-plugins-ide_smart | +| smtp | monitoring-plugins-basic | nagios-plugins-smtp | monitoring-plugins-smtp | +| snmp | monitoring-plugins-standard | nagios-plugins-snmp | monitoring-plugins-snmp | +| snmpv3 | monitoring-plugins-standard | nagios-plugins-snmp | monitoring-plugins-snmp | +| snmp-uptime | monitoring-plugins-standard | nagios-plugins-snmp | monitoring-plugins-snmp | +| spop | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| ssh | monitoring-plugins-basic | nagios-plugins-ssh | monitoring-plugins-ssh | +| ssl | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| ssmtp | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| swap | monitoring-plugins-basic | nagios-plugins-swap | monitoring-plugins-swap | +| tcp | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| udp | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| ups | monitoring-plugins-basic | nagios-plugins-ups | monitoring-plugins-ups | +| uptime | nagios-plugins-contrib | nagios-plugins-uptime | monitoring-plugins-uptime | +| users | monitoring-plugins-basic | nagios-plugins-users | monitoring-plugins-users | diff --git a/doc/role-monitoring_plugins/role-monitoring_plugins.md b/doc/role-monitoring_plugins/role-monitoring_plugins.md index 6ce4cd5b..60c47c1b 100644 --- a/doc/role-monitoring_plugins/role-monitoring_plugins.md +++ b/doc/role-monitoring_plugins/role-monitoring_plugins.md @@ -5,6 +5,8 @@ The list is based on the section *"Plugin Check Commands for Monitoring Plugins" * [List of available check commands](check_command_list.md) +> For Suse based systems you need the Ansible module `zypper`. Refer to the [getting started](https://github.com/Icinga/ansible-collection-icinga/blob/main/doc/getting-started.md#requirements) section. + ## Variables - `icinga_monitoring_plugins_epel: boolean` diff --git a/galaxy.yml b/galaxy.yml index d1d8d8fb..a43d8ab0 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: icinga name: icinga -version: 0.3.2 +version: 0.3.4 readme: README.md authors: - Lennart Betz @@ -43,3 +43,4 @@ build_ignore: - changelogs - .idea - '*.tar.gz' + - PUBLISH.md diff --git a/molecule/ini-configuration-tests/converge.yml b/molecule/ini-configuration-tests/converge.yml index 66498112..3f60d8df 100644 --- a/molecule/ini-configuration-tests/converge.yml +++ b/molecule/ini-configuration-tests/converge.yml @@ -11,6 +11,10 @@ _i2_config_hash: section: test: 10 + - name: number1 + _i2_config_hash: + section: + test: 1 - name: advanced_filter _i2_config_hash: section: diff --git a/molecule/ini-configuration-tests/tests/integration/test_ini_config.py b/molecule/ini-configuration-tests/tests/integration/test_ini_config.py index f138ce08..962d3949 100644 --- a/molecule/ini-configuration-tests/tests/integration/test_ini_config.py +++ b/molecule/ini-configuration-tests/tests/integration/test_ini_config.py @@ -20,10 +20,10 @@ def test_advanced_filter(host): i2_file = host.file("/tmp/advanced_filter") print(i2_file.content_string) assert i2_file.is_file - assert i2_file.content_string == "\n[section]\ntest = '!(objectClass=user)'\ntest2 = '!(objectClass=user)'\ntest3 = '!attribute'\n" + assert i2_file.content_string == '\n[section]\ntest = "!(objectClass=user)"\ntest2 = "!(objectClass=user)"\ntest3 = "!attribute"\n' def test_equal_sign(host): i2_file = host.file("/tmp/equal_sign") print(i2_file.content_string) assert i2_file.is_file - assert i2_file.content_string == "\n[section]\ntest = 'equal=sign'\n" + assert i2_file.content_string == '\n[section]\ntest = "equal=sign"\n' diff --git a/molecule/local-default-pgsql/converge.yml b/molecule/local-default-pgsql/converge.yml index 352641bd..d73a369d 100644 --- a/molecule/local-default-pgsql/converge.yml +++ b/molecule/local-default-pgsql/converge.yml @@ -3,7 +3,8 @@ become: true vars: icingadb_database_type: pgsql - icingadb_database_host: 127.0.0.1 + icingadb_database_host: localhost + icingadb_database_port: 5432 icingadb_database_name: icingadb icingadb_database_user: icingadb icingadb_database_password: icingadb diff --git a/molecule/role-icingadb/collections.yml b/molecule/role-icingadb/collections.yml new file mode 100644 index 00000000..66cb0953 --- /dev/null +++ b/molecule/role-icingadb/collections.yml @@ -0,0 +1,5 @@ +collections: + - name: community.mysql + - name: community.docker + - name: community.general + version: ">=2,<3" diff --git a/molecule/role-icingadb/converge.yml b/molecule/role-icingadb/converge.yml new file mode 100644 index 00000000..ac6756e4 --- /dev/null +++ b/molecule/role-icingadb/converge.yml @@ -0,0 +1,12 @@ +--- + +- name: Converge + hosts: all + collections: + - icinga.icinga + pre_tasks: + - ansible.builtin.include_role: + name: repos + post_tasks: + - ansible.builtin.include_role: + name: icingadb diff --git a/molecule/role-icingadb/dependency.yml b/molecule/role-icingadb/dependency.yml new file mode 100644 index 00000000..9810d54a --- /dev/null +++ b/molecule/role-icingadb/dependency.yml @@ -0,0 +1,4 @@ +dependency: + name: galaxy + options: + role-file: requirements.yml diff --git a/molecule/role-icingadb/host_vars/icinga-default.yaml b/molecule/role-icingadb/host_vars/icinga-default.yaml new file mode 100644 index 00000000..e69de29b diff --git a/molecule/role-icingadb/molecule.yml b/molecule/role-icingadb/molecule.yml new file mode 100644 index 00000000..3f13ab2d --- /dev/null +++ b/molecule/role-icingadb/molecule.yml @@ -0,0 +1,26 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: icinga-default + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true +provisioner: + name: ansible + inventory: + link: + host_vars: host_vars/ +verifier: + name: testinfra + directory: tests/integration/ +lint: | + set -e + yamllint --no-warnings roles/ + ansible-lint roles/ diff --git a/molecule/role-icingadb/prepare.yml b/molecule/role-icingadb/prepare.yml new file mode 100644 index 00000000..cc5bbc56 --- /dev/null +++ b/molecule/role-icingadb/prepare.yml @@ -0,0 +1,11 @@ +--- +- name: Prepare + hosts: all + tasks: + - name: Install requirements for Debian + apt: + name: + - gpg + - apt-transport-https + update_cache: yes + when: ansible_os_family == "Debian" diff --git a/molecule/role-icingadb/requirements.yml b/molecule/role-icingadb/requirements.yml new file mode 100644 index 00000000..cf94e2e2 --- /dev/null +++ b/molecule/role-icingadb/requirements.yml @@ -0,0 +1,2 @@ +roles: + - geerlingguy.mysql diff --git a/requirements-test-2.13.10.txt b/requirements-test-2.15.txt similarity index 68% rename from requirements-test-2.13.10.txt rename to requirements-test-2.15.txt index 5bf382de..e38e9026 100644 --- a/requirements-test-2.13.10.txt +++ b/requirements-test-2.15.txt @@ -1,5 +1,5 @@ -ansible-core==2.13.10 -ansible-lint +ansible-core>=2.15,<2.16 molecule +ansible-lint molecule-docker pytest-testinfra diff --git a/requirements-test-2.14.7.txt b/requirements-test-2.16.txt similarity index 68% rename from requirements-test-2.14.7.txt rename to requirements-test-2.16.txt index 92b9cd43..92ce786c 100644 --- a/requirements-test-2.14.7.txt +++ b/requirements-test-2.16.txt @@ -1,4 +1,4 @@ -ansible-core==2.14.7 +ansible-core>=2.16,<2.17 ansible-lint molecule molecule-docker diff --git a/requirements-test-2.16.2.txt b/requirements-test-2.17.txt similarity index 68% rename from requirements-test-2.16.2.txt rename to requirements-test-2.17.txt index 9332828e..5c4c24ff 100644 --- a/requirements-test-2.16.2.txt +++ b/requirements-test-2.17.txt @@ -1,5 +1,5 @@ -ansible-core==2.16.2 -ansible-lint +ansible-core>=2.17,<2.18 molecule +ansible-lint molecule-docker pytest-testinfra diff --git a/roles/icinga2/defaults/main.yml b/roles/icinga2/defaults/main.yml index af57d1cb..20d499b2 100644 --- a/roles/icinga2/defaults/main.yml +++ b/roles/icinga2/defaults/main.yml @@ -1,4 +1,5 @@ --- +icinga2_packages: ["icinga2"] icinga2_state: started icinga2_enabled: true icinga2_confd: true diff --git a/roles/icinga2/meta/main.yml b/roles/icinga2/meta/main.yml index 48b76926..6eb45fa0 100644 --- a/roles/icinga2/meta/main.yml +++ b/roles/icinga2/meta/main.yml @@ -7,6 +7,12 @@ galaxy_info: license: Apache-2.0 min_ansible_version: 2.9 platforms: + - name: opensuse + versions: + - 15.5 + - name: SLES + versions: + - 15 - name: EL versions: - 7 diff --git a/roles/icinga2/tasks/configure.yml b/roles/icinga2/tasks/configure.yml index 95a404c7..5efb46ab 100644 --- a/roles/icinga2/tasks/configure.yml +++ b/roles/icinga2/tasks/configure.yml @@ -17,9 +17,11 @@ icinga2_combined_constants: "{{ icinga2_default_constants | combine(icinga2_constants) }}" - name: set constants in {{ icinga2_config_path + '/constants.conf' }} - template: + ansible.builtin.template: src: constants.conf.j2 dest: "{{ icinga2_config_path + '/constants.conf' }}" + owner: "{{ icinga2_user }}" + group: "{{ icinga2_group }}" notify: reload icinga2 service - name: features @@ -90,6 +92,7 @@ delimiter: ' ' owner: "{{ icinga2_user }}" group: "{{ icinga2_group }}" + mode: 0644 loop: "{{ result.files }}" notify: reload icinga2 service diff --git a/roles/icinga2/tasks/features/idomysql/install_on_Suse.yml b/roles/icinga2/tasks/features/idomysql/install_on_Suse.yml new file mode 100644 index 00000000..356ec5b1 --- /dev/null +++ b/roles/icinga2/tasks/features/idomysql/install_on_Suse.yml @@ -0,0 +1,4 @@ +- name: Zypper - install package icinga2-ido-mysql + community.general.zypper: + name: icinga2-ido-mysql + state: present diff --git a/roles/icinga2/tasks/features/idopgsql/install_on_Suse.yml b/roles/icinga2/tasks/features/idopgsql/install_on_Suse.yml new file mode 100644 index 00000000..79b3582a --- /dev/null +++ b/roles/icinga2/tasks/features/idopgsql/install_on_Suse.yml @@ -0,0 +1,4 @@ +- name: Zypper - install package icinga2-ido-pgsql + community.general.zypper: + name: icinga2-ido-pgsql + state: present diff --git a/roles/icinga2/tasks/install.yml b/roles/icinga2/tasks/install.yml index ea16b872..7dc090ad 100644 --- a/roles/icinga2/tasks/install.yml +++ b/roles/icinga2/tasks/install.yml @@ -1,10 +1,15 @@ --- +- name: Check supported operatingsystems + block: + - name: Install on {{ ansible_os_family }} + ansible.builtin.include_tasks: "install_on_{{ ansible_os_family }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" -- name: install on {{ ansible_os_family }} - include_tasks: "install_on_{{ ansible_os_family }}.yml" - -- name: fragments dir - file: +- name: Prepare fragments path + ansible.builtin.file: state: directory path: "{{ icinga2_fragments_path }}" owner: root diff --git a/roles/icinga2/tasks/install_on_Debian.yml b/roles/icinga2/tasks/install_on_Debian.yml index 7594b554..f787d3e9 100644 --- a/roles/icinga2/tasks/install_on_Debian.yml +++ b/roles/icinga2/tasks/install_on_Debian.yml @@ -1,5 +1,5 @@ --- - name: Apt - install package icinga2 ansible.builtin.apt: - pkg: "{{ icinga2_packages }}" + pkg: "{{ icinga2_packages + icinga2_packages_dependencies }}" state: present diff --git a/roles/icinga2/tasks/install_on_RedHat.yml b/roles/icinga2/tasks/install_on_RedHat.yml index 56313f0c..42447ecf 100644 --- a/roles/icinga2/tasks/install_on_RedHat.yml +++ b/roles/icinga2/tasks/install_on_RedHat.yml @@ -1,8 +1,8 @@ - name: Yum - install package icinga2 ansible.builtin.yum: - name: "{{ icinga2_packages }}" + name: "{{ icinga2_packages + icinga2_packages_dependencies }}" state: present - + - name: Yum - install package icinga2-selinux ansible.builtin.yum: name: icinga2-selinux diff --git a/roles/icinga2/tasks/install_on_Suse.yml b/roles/icinga2/tasks/install_on_Suse.yml index a99d5bb6..650a9735 100644 --- a/roles/icinga2/tasks/install_on_Suse.yml +++ b/roles/icinga2/tasks/install_on_Suse.yml @@ -1,7 +1,7 @@ --- - name: Zypper - install package icinga2 community.general.zypper: - name: "{{ icinga2_packages }}" + name: "{{ icinga2_packages + icinga2_packages_dependencies }}" state: present - name: Zypper - install package icinga2-selinux @@ -9,8 +9,3 @@ name: icinga2-selinux state: present when: ansible_selinux is defined and ansible_selinux.status == "enabled" - -- name: Zypper - install dep - community.general.zypper: - name: libboost_regex1_66_0 - state: present diff --git a/roles/icinga2/tasks/objects.yml b/roles/icinga2/tasks/objects.yml index 93d10302..2eebb6e3 100644 --- a/roles/icinga2/tasks/objects.yml +++ b/roles/icinga2/tasks/objects.yml @@ -1,14 +1,27 @@ --- -- name: collect all config objects for myself +- name: collect all config objects for myself (from all inventory hosts) set_fact: tmp_objects: "{{ tmp_objects| default([]) + lookup('list', hostvars[item]['icinga2_objects'][icinga2_config_host]) }}" with_items: "{{ groups['all'] }}" when: hostvars[item]['icinga2_objects'][icinga2_config_host] is defined +- name: collect all config objects for myself (from myself if list) + set_fact: + tmp_objects: "{{ tmp_objects | default([]) + lookup('list', hostvars[inventory_hostname]['icinga2_objects']) }}" + when: + - hostvars[inventory_hostname]['icinga2_objects'] is defined + - hostvars[inventory_hostname]['icinga2_objects'] is iterable + - hostvars[inventory_hostname]['icinga2_objects'] is not string + - hostvars[inventory_hostname]['icinga2_objects'] is not mapping + - name: collect all config objects in play vars set_fact: tmp_objects: "{{ tmp_objects| default([]) + lookup('list', icinga2_objects) }}" - when: icinga2_objects is defined and vars['icinga2_objects'][icinga2_config_host] is not defined + when: + - icinga2_objects is defined + - icinga2_objects is iterable + - icinga2_objects is not string + - icinga2_objects is not mapping - icinga2_object: args: "{{ item }}" @@ -34,6 +47,7 @@ state: directory owner: root group: root + mode: 0755 path: "{{ icinga2_fragments_path }}/{{ item.path }}/" loop: "{{ icinga2_custom_config }}" @@ -41,6 +55,7 @@ ansible.builtin.copy: owner: root group: root + mode: 0644 src: "files/{{ item.name }}" dest: "{{ icinga2_fragments_path }}/{{ item.path }}/{{ item.order|default('20')|string }}_{{ item.name }}" loop: "{{ icinga2_custom_config }}" diff --git a/roles/icinga2/vars/Debian.yml b/roles/icinga2/vars/Debian.yml index f4e03517..2ef068e8 100644 --- a/roles/icinga2/vars/Debian.yml +++ b/roles/icinga2/vars/Debian.yml @@ -1,5 +1,5 @@ --- -icinga2_packages: ["icinga2"] +icinga2_packages_dependencies: [] icinga2_user: nagios icinga2_group: nagios icinga2_config_path: /etc/icinga2 diff --git a/roles/icinga2/vars/RedHat.yml b/roles/icinga2/vars/RedHat.yml index d3844917..12e66d49 100644 --- a/roles/icinga2/vars/RedHat.yml +++ b/roles/icinga2/vars/RedHat.yml @@ -1,5 +1,5 @@ --- -icinga2_packages: ["icinga2"] +icinga2_packages_dependencies: [] icinga2_user: icinga icinga2_group: icinga icinga2_config_path: /etc/icinga2 diff --git a/roles/icinga2/vars/Suse-12.yml b/roles/icinga2/vars/Suse-12.yml new file mode 100644 index 00000000..7d4206ed --- /dev/null +++ b/roles/icinga2/vars/Suse-12.yml @@ -0,0 +1,16 @@ +--- +icinga2_packages_dependencies: ["libboost_regex1_54_0"] +icinga2_user: icinga +icinga2_group: icinga +icinga2_config_path: /etc/icinga2 +icinga2_log_path: /var/log/icinga2 +icinga2_ca_path: /var/lib/icinga2/ca +icinga2_cert_path: /var/lib/icinga2/certs +icinga2_fragments_path: /var/tmp/icinga +icinga2_default_constants: + PluginDir: /usr/lib/nagios/plugins/ + ManubulonPluginDir: /usr/lib/nagios/plugins/ + PluginContribDir: /usr/lib/nagios/plugins/ + NodeName: "{{ ansible_fqdn }}" + ZoneName: NodeName + TicketSalt: '' diff --git a/roles/icinga2/vars/Suse.yml b/roles/icinga2/vars/Suse.yml index 95d69672..798c6b96 100644 --- a/roles/icinga2/vars/Suse.yml +++ b/roles/icinga2/vars/Suse.yml @@ -1,5 +1,5 @@ --- -icinga2_packages: ["icinga2"] +icinga2_packages_dependencies: ["libboost_regex1_66_0"] icinga2_user: icinga icinga2_group: icinga icinga2_config_path: /etc/icinga2 diff --git a/roles/icingadb/meta/main.yml b/roles/icingadb/meta/main.yml index de56b28a..361984cc 100644 --- a/roles/icingadb/meta/main.yml +++ b/roles/icingadb/meta/main.yml @@ -6,6 +6,10 @@ galaxy_info: license: Apache-2.0 min_ansible_version: 2.9 platforms: + - name: opensuse + versions: ['15.5'] + - name: SLES + versions: ['15'] - name: EL versions: ['7'] - name: Debian diff --git a/roles/icingadb/tasks/install_on_suse.yml b/roles/icingadb/tasks/install_on_suse.yml new file mode 100644 index 00000000..20dda437 --- /dev/null +++ b/roles/icingadb/tasks/install_on_suse.yml @@ -0,0 +1,4 @@ +- name: Suse - Install IcingaDB packages + community.general.zypper: + name: "{{ icingadb_packages }}" + state: present diff --git a/roles/icingadb/tasks/main.yml b/roles/icingadb/tasks/main.yml index 35b518e5..ae8ee5c3 100644 --- a/roles/icingadb/tasks/main.yml +++ b/roles/icingadb/tasks/main.yml @@ -12,8 +12,14 @@ paths: - "{{ role_path }}/vars" -- name: Include OS specific installation - ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" +- name: Check supported operatingsystems + block: + - name: Include OS specific installation + ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" - name: Include Tasks to configure IcingaDB ansible.builtin.include_tasks: manage_config.yml diff --git a/roles/icingadb/tasks/manage_schema_mysql.yml b/roles/icingadb/tasks/manage_schema_mysql.yml index 31ee7021..f7c56e46 100644 --- a/roles/icingadb/tasks/manage_schema_mysql.yml +++ b/roles/icingadb/tasks/manage_schema_mysql.yml @@ -5,6 +5,7 @@ ansible.builtin.set_fact: mysqlcmd: >- mysql {% if icingadb_database_host | default('localhost') != 'localhost' %} -h "{{ icingadb_database_host }}" {%- endif %} + {% if icingadb_database_port is defined %} -P {{ icingadb_database_port }} {%- endif %} {% if icingadb_database_ca is defined %} --ssl-ca "{{ icingadb_database_ca }}" {%- endif %} {% if icingadb_database_cert is defined %} --ssl-cert "{{ icingadb_database_cert }}" {%- endif %} {% if icingadb_database_key is defined %} --ssl-key "{{ icingadb_database_key }}" {%- endif %} diff --git a/roles/icingadb/tasks/manage_schema_pgsql.yml b/roles/icingadb/tasks/manage_schema_pgsql.yml index 2b0b17a2..4cf908d0 100644 --- a/roles/icingadb/tasks/manage_schema_pgsql.yml +++ b/roles/icingadb/tasks/manage_schema_pgsql.yml @@ -6,7 +6,7 @@ _tmp_pgsqlcmd: >- PGPASSWORD="{{ icingadb_database_password }}" psql - "{% if icingadb_database_host | default('localhost') != 'localhost' %} host="{{ icingadb_database_host }}" {%- endif %} + "{% if icingadb_database_host %} host="{{ icingadb_database_host }}" {%- endif %} {% if icingadb_database_port is defined %} port={{ icingadb_database_port }} {%- endif %} user={{ icingadb_database_user | default('icingadb') }} dbname={{ icingadb_database_name | default('icingadb') }} diff --git a/roles/icingadb/templates/icingadb.ini.j2 b/roles/icingadb/templates/icingadb.ini.j2 index cf012ac1..5cedae94 100644 --- a/roles/icingadb/templates/icingadb.ini.j2 +++ b/roles/icingadb/templates/icingadb.ini.j2 @@ -24,7 +24,7 @@ database: ca: {{ icingadb_database_ca }} {% endif %} {% if icingadb_database_tls_insecure is defined %} - insecure: {{ icingadb_database_insecure }} + insecure: {{ icingadb_database_tls_insecure }} {% endif %} diff --git a/roles/icingadb_redis/defaults/main.yml b/roles/icingadb_redis/defaults/main.yml index a150afff..0aa4cb1b 100644 --- a/roles/icingadb_redis/defaults/main.yml +++ b/roles/icingadb_redis/defaults/main.yml @@ -60,3 +60,8 @@ icingadb_redis_hz: 10 icingadb_redis_dynamic_hz: 'yes' icingadb_redis_aof_rewrite_incremental_fsync: 'yes' icingadb_redis_rdb_save_incremental_fsync: 'yes' + +#icingadb_redis_tls_port: +#icingadb_redis_tls_cert: /etc/ssl/certs/host.crt +#icingadb_redis_tls_key: /etc/ssl/private/host.key +#icingadb_redis_tls_ca: /etc/ssl/certs/root-ca.crt diff --git a/roles/icingadb_redis/meta/main.yml b/roles/icingadb_redis/meta/main.yml index c83ecb2b..72393b09 100644 --- a/roles/icingadb_redis/meta/main.yml +++ b/roles/icingadb_redis/meta/main.yml @@ -6,6 +6,10 @@ galaxy_info: license: Apache-2.0 min_ansible_version: 2.9 platforms: + - name: opensuse + versions: ['15.5'] + - name: SLES + versions: ['15'] - name: EL versions: ['7'] - name: Debian diff --git a/roles/icingadb_redis/tasks/install_on_debian.yml b/roles/icingadb_redis/tasks/install_on_debian.yml index c9ee7657..6257666d 100644 --- a/roles/icingadb_redis/tasks/install_on_debian.yml +++ b/roles/icingadb_redis/tasks/install_on_debian.yml @@ -1,6 +1,15 @@ --- - name: Debian - Install IcingaDB Redis packages ansible.builtin.apt: - name: "{{ item }}" + name: "{{ icingadb_redis_packages }}" state: present - loop: "{{ icingadb_redis_packages }}" + +- name: Debian - Ensure log directory exists + when: + - icingadb_redis_logfile != "" + ansible.builtin.file: + path: "{{ icingadb_redis_logfile | dirname }}" + state: directory + owner: "{{ icingadb_redis_user }}" + group: "adm" + mode: "2750" diff --git a/roles/icingadb_redis/tasks/install_on_redhat.yml b/roles/icingadb_redis/tasks/install_on_redhat.yml index 9e25288d..9e15b824 100644 --- a/roles/icingadb_redis/tasks/install_on_redhat.yml +++ b/roles/icingadb_redis/tasks/install_on_redhat.yml @@ -1,6 +1,15 @@ --- - name: RedHat - install icingadb packages ansible.builtin.yum: - name: "{{ item }}" + name: "{{ icingadb_redis_packages }}" state: present - loop: "{{ icingadb_redis_packages }}" + +- name: RedHat - Ensure log directory exists + when: + - icingadb_redis_logfile != "" + ansible.builtin.file: + path: "{{ icingadb_redis_logfile | dirname }}" + state: directory + owner: "{{ icingadb_redis_user }}" + group: "{{ icingadb_redis_user }}" + mode: "0750" diff --git a/roles/icingadb_redis/tasks/install_on_suse.yml b/roles/icingadb_redis/tasks/install_on_suse.yml new file mode 100644 index 00000000..4c15382d --- /dev/null +++ b/roles/icingadb_redis/tasks/install_on_suse.yml @@ -0,0 +1,15 @@ +--- +- name: Suse - install icingadb packages + community.general.zypper: + name: "{{ icingadb_redis_packages }}" + state: present + +- name: Suse - Ensure log directory exists + when: + - icingadb_redis_logfile != "" + ansible.builtin.file: + path: "{{ icingadb_redis_logfile | dirname }}" + state: directory + owner: "{{ icingadb_redis_user }}" + group: "{{ icingadb_redis_user }}" + mode: "0750" diff --git a/roles/icingadb_redis/tasks/main.yml b/roles/icingadb_redis/tasks/main.yml index f36d3624..cc73a31b 100644 --- a/roles/icingadb_redis/tasks/main.yml +++ b/roles/icingadb_redis/tasks/main.yml @@ -12,8 +12,14 @@ paths: - "{{ role_path }}/vars" -- name: Include OS specific installation - ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" +- name: Check supported operatingsystems + block: + - name: Include OS specific installation + ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" - name: Manage IcingaDB Redis configuration ansible.builtin.include_tasks: "manage_config.yml" diff --git a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 index a531bc9e..52073f06 100644 --- a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 +++ b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 @@ -7,13 +7,16 @@ bind {% for host in icingadb_redis_binds %} protected-mode {{ icingadb_redis_protected_mode | string }} port {{ icingadb_redis_port }} +{% if icingadb_redis_tls_port is defined %} +tls-port {{ icingadb_redis_tls_port }} +{% endif %} tcp-backlog {{ icingadb_redis_tcp_backlog }} timeout {{ icingadb_redis_timeout }} tcp-keepalive {{ icingadb_redis_tcp_keepalive }} supervised {{ icingadb_redis_supervised }} pidfile {{ icingadb_redis_pidfile }} loglevel {{ icingadb_redis_loglevel }} -logfile {{ icingadb_redis_logfile }} +logfile "{{ icingadb_redis_logfile }}" # syslog-enabled no # syslog-ident redis # syslog-facility local0 @@ -218,3 +221,10 @@ rdb-save-incremental-fsync {{ icingadb_redis_rdb_save_incremental_fsync }} # Maximum number of set/hash/zset/list fields that will be processed from # the main dictionary scan # active-defrag-max-scan-fields 1000 + +# TLS +{% if icingadb_redis_tls_cert is defined and icingadb_redis_tls_ca is defined and icingadb_redis_tls_key is defined %} +tls-cert-file {{ icingadb_redis_tls_cert }} +tls-key-file {{ icingadb_redis_tls_key }} +tls-ca-cert-file {{ icingadb_redis_tls_ca }} +{% endif %} diff --git a/roles/icingaweb2/README.md b/roles/icingaweb2/README.md new file mode 100644 index 00000000..7fc3379d --- /dev/null +++ b/roles/icingaweb2/README.md @@ -0,0 +1,3 @@ +### Workaround Missing README + +Issue: https://github.com/ansible/galaxy/issues/2438 diff --git a/roles/icingaweb2/defaults/main.yml b/roles/icingaweb2/defaults/main.yml index 089e7256..3e9d913e 100644 --- a/roles/icingaweb2/defaults/main.yml +++ b/roles/icingaweb2/defaults/main.yml @@ -1,8 +1,11 @@ +icingaweb2_packages: ["icingaweb2", "icingacli"] icingaweb2_config_dir: /etc/icingaweb2 icingaweb2_group: icingaweb2 icingaweb2_modules_config_dir: "{{ icingaweb2_config_dir }}/modules" icingaweb2_director_service: icinga-director.service +icingaweb2_ignore_unknown_modules: false + icingaweb2_groups: icingaweb2: backend: db diff --git a/roles/icingaweb2/handlers/main.yml b/roles/icingaweb2/handlers/main.yml new file mode 100644 index 00000000..3dc19f69 --- /dev/null +++ b/roles/icingaweb2/handlers/main.yml @@ -0,0 +1,11 @@ +--- + +- name: Module Director | Apply pending migrations + ansible.builtin.command: + cmd: icingacli director migration run + listen: "run_director_migrations" + +- name: Module Director | Run kickstart if required + ansible.builtin.command: + cmd: icingacli director kickstart run + listen: "run_director_kickstart" diff --git a/roles/icingaweb2/meta/main.yml b/roles/icingaweb2/meta/main.yml index 06c53a53..61e49d68 100644 --- a/roles/icingaweb2/meta/main.yml +++ b/roles/icingaweb2/meta/main.yml @@ -6,6 +6,10 @@ galaxy_info: license: Apache-2.0 min_ansible_version: 2.9 platforms: + - name: opensuse + versions: ['15.5'] + - name: SLES + versions: ['15'] - name: EL versions: ['7','8'] - name: Debian diff --git a/roles/icingaweb2/tasks/install_on_debian.yml b/roles/icingaweb2/tasks/install_on_debian.yml index 621078ca..7b500e9a 100644 --- a/roles/icingaweb2/tasks/install_on_debian.yml +++ b/roles/icingaweb2/tasks/install_on_debian.yml @@ -1,6 +1,6 @@ --- - name: Debian - Install Icinga Web 2 packages ansible.builtin.apt: - name: "{{ icingaweb2_packages }}" + name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}" state: present update_cache: True diff --git a/roles/icingaweb2/tasks/install_on_redhat.yml b/roles/icingaweb2/tasks/install_on_redhat.yml index cd706311..e0ca4eda 100644 --- a/roles/icingaweb2/tasks/install_on_redhat.yml +++ b/roles/icingaweb2/tasks/install_on_redhat.yml @@ -1,5 +1,5 @@ --- - name: RedHat - Install Icinga Web 2 packages ansible.builtin.yum: - name: "{{ icingaweb2_packages }}" + name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}" state: present diff --git a/roles/icingaweb2/tasks/install_on_suse.yml b/roles/icingaweb2/tasks/install_on_suse.yml new file mode 100644 index 00000000..4d110226 --- /dev/null +++ b/roles/icingaweb2/tasks/install_on_suse.yml @@ -0,0 +1,5 @@ +--- +- name: Suse - Install Icinga Web 2 packages + community.general.zypper: + name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}" + state: present diff --git a/roles/icingaweb2/tasks/main.yml b/roles/icingaweb2/tasks/main.yml index d38ec237..9dd1ab00 100644 --- a/roles/icingaweb2/tasks/main.yml +++ b/roles/icingaweb2/tasks/main.yml @@ -12,14 +12,29 @@ paths: - "{{ role_path }}/vars" +- name: Check each icingaweb2_modules key against known modules + when: not icingaweb2_ignore_unknown_modules + loop: "{{ icingaweb2_modules | default({}) | dict2items }}" + ansible.builtin.assert: + that: + - item.key in icingaweb2_module_packages.keys() + fail_msg: "'{{ item.key }}' is an unknown module. Set 'icingaweb2_ignore_unknown_modules' to 'true' if you want to simply skip unknown modules" + - name: Gather module packages ansible.builtin.set_fact: icingaweb2_packages: "{{ icingaweb2_packages + [ icingaweb2_module_packages[item.key] ] }}" loop: "{{ icingaweb2_modules | dict2items }}" when: icingaweb2_modules is defined and icingaweb2_module_packages[item.key] is defined and item.value.enabled | bool == true and item.value.source == "package" + no_log: true -- name: Include OS specific installation - ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" +- name: Check supported operatingsystems + block: + - name: Include OS specific installation + ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" - name: Manage Icinga Web 2 config ansible.builtin.include_tasks: "manage_icingaweb_config.yml" @@ -36,14 +51,18 @@ group: "{{ icingaweb2_group }}" state: "{{ 'link' if item.value.enabled|bool == true else 'absent' }}" force: yes - when: icingaweb2_modules is defined + when: + - icingaweb2_modules is defined + - item.key in icingaweb2_module_packages.keys() loop: "{{ icingaweb2_modules | dict2items }}" loop_control: - label: "Ensure {{ item.key }} is {{ 'enabled' if item.value.enabled|bool == true else 'disabled' }}" + label: "Ensure {{ item.key }} is {{ 'enabled' if item.value.enabled|default(false)|bool == true else 'disabled' }}" - name: Configure modules ansible.builtin.include_tasks: "modules/{{ item.key }}.yml" - when: icingaweb2_modules is defined + when: + - icingaweb2_modules is defined + - item.key in icingaweb2_module_packages.keys() loop: "{{ icingaweb2_modules | dict2items }}" # Many daemons fail before e.g. the resource is set up or the schema hasn't been migrated. This is a workaround. @@ -51,5 +70,5 @@ ansible.builtin.service: name: "icinga-{{ item.key }}" state: restarted - when: icingaweb2_modules is defined and item.value.enabled|bool == true and item.key in ['vspheredb', 'x509'] + when: icingaweb2_modules is defined and item.value.enabled|default(false)|bool == true and item.key in ['vspheredb', 'x509'] loop: "{{ icingaweb2_modules | dict2items }}" diff --git a/roles/icingaweb2/tasks/manage_icingaweb_config.yml b/roles/icingaweb2/tasks/manage_icingaweb_config.yml index 4574e123..6a924df4 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_config.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_config.yml @@ -45,7 +45,7 @@ - authentication - groups vars: - _i2_config_hash: "{{ vars['icingaweb2_' + item] }}" + _i2_config_hash: "{{ lookup('ansible.builtin.vars', 'icingaweb2_' + item) }}" - name: Prepare config hash ansible.builtin.set_fact: @@ -91,7 +91,7 @@ when: icingaweb2_resources is defined - name: Assemble roles.ini - when: icingaweb2_admin_password is defined or icingaweb2_roles is defined + when: icingaweb2_admin_username is defined and icingaweb2_admin_password is defined block: - name: Build variable ansible.builtin.set_fact: @@ -108,7 +108,7 @@ dest: "{{ icingaweb2_fragments_path }}/roles/roles_01" owner: root group: "{{ icingaweb2_group }}" - when: icingaweb2_admin_password is defined + when: icingaweb2_admin_username is defined and icingaweb2_admin_password is defined - name: Build variable ansible.builtin.set_fact: diff --git a/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml b/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml index 6a6f1461..9a76a318 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml @@ -8,7 +8,7 @@ fail_msg: "No database credentials defined. Please set icingaweb2_db. or a privileged user with icingaweb2_priv_db_" when: icingaweb2_priv_db_password is undefined and icingaweb2_priv_db_user is undefined -- name: PostgreSQL import IDO schema +- name: PostgreSQL import icingaweb db schema block: - name: Build psql command ansible.builtin.set_fact: @@ -24,7 +24,7 @@ {% if icingaweb2_db['ssl_key'] is defined %} sslkey={{ icingaweb2_db['ssl_key'] }} {%- endif %} {% if icingaweb2_db['ssl_extra_options'] is defined %} {{ icingaweb2_db['ssl_extra_options'] }} {%- endif %}" - - name: PostgreSQL check for IDO schema + - name: PostgreSQL check for icingaweb db schema ansible.builtin.shell: > {{ _tmp_pgsqlcmd }} -w -c "select * from icingaweb_user" @@ -33,7 +33,7 @@ check_mode: false register: _icingaweb2_db_schema - - name: PostgreSQL import IDO schema + - name: PostgreSQL import icingaweb db schema ansible.builtin.shell: > {{ _tmp_pgsqlcmd }} -w -f /usr/share/icingaweb2/schema/pgsql.schema.sql diff --git a/roles/icingaweb2/tasks/manage_mysql_imports.yml b/roles/icingaweb2/tasks/manage_mysql_imports.yml index 676c6df2..14a9f9e2 100644 --- a/roles/icingaweb2/tasks/manage_mysql_imports.yml +++ b/roles/icingaweb2/tasks/manage_mysql_imports.yml @@ -33,6 +33,6 @@ - name: MySQL import db schema ansible.builtin.shell: > {{ _tmp_mysqlcmd }} - < {{ _db['schema_path'] }} + < {{ _db['schema_path_mysql'] }} when: _db_schema.rc != 0 run_once: yes diff --git a/roles/icingaweb2/tasks/modules/businessprocess.yml b/roles/icingaweb2/tasks/modules/businessprocess.yml index 72c1f5b1..908a380c 100644 --- a/roles/icingaweb2/tasks/modules/businessprocess.yml +++ b/roles/icingaweb2/tasks/modules/businessprocess.yml @@ -20,9 +20,9 @@ group: "{{ icingaweb2_group }}" src: "files/{{ _file.src_path }}" dest: "{{ icingaweb2_modules_config_dir }}/{{ item.key }}/processes/{{ _file.name }}" - when: vars['icingaweb2_modules'][_module]['custom_process_files'] is defined + when: icingaweb2_modules[_module]['custom_process_files'] is defined loop: "{{ icingaweb2_modules[_module].custom_process_files }}" loop_control: loop_var: _file vars: - _module: "{{ item.key }}" \ No newline at end of file + _module: "{{ item.key }}" diff --git a/roles/icingaweb2/tasks/modules/director.yml b/roles/icingaweb2/tasks/modules/director.yml index 378ef904..7d02dcac 100644 --- a/roles/icingaweb2/tasks/modules/director.yml +++ b/roles/icingaweb2/tasks/modules/director.yml @@ -12,7 +12,7 @@ loop: "{{ _files }}" loop_control: loop_var: _file - when: vars['icingaweb2_modules'][_module][_file] is defined + when: icingaweb2_modules[_module][_file] is defined vars: _module: "{{ item.key }}" _files: @@ -25,25 +25,16 @@ register: _pending changed_when: _pending.rc|int == 0 failed_when: _pending.stdout|length > 0 - when: vars['icingaweb2_modules']['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and vars['icingaweb2_modules']['director']['config'] is defined - -- name: Module Director | Apply pending migrations # noqa: command-instead-of-shell - ansible.builtin.shell: - cmd: icingacli director migration run - when: vars['icingaweb2_modules']['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and vars['icingaweb2_modules']['director']['config'] is defined and _pending.rc|int == 0 + notify: "run_director_migrations" - name: Module Director | Check if kickstart is required # noqa: command-instead-of-shell ansible.builtin.shell: cmd: icingacli director kickstart required register: _required - changed_when: _required.rc|int == 0 + changed_when: (_required.rc|int == 0) or (".icinga_host' doesn't exist" in _required.stderr) failed_when: _required.rc|int >= 2 - when: vars['icingaweb2_modules']['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and vars['icingaweb2_modules']['director']['kickstart'] is defined - -- name: Module Director | Run kickstart if required # noqa: command-instead-of-shell - ansible.builtin.shell: - cmd: icingacli director kickstart run - when: vars['icingaweb2_modules']['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and vars['icingaweb2_modules']['director']['kickstart'] is defined and _required.rc|int == 0 + when: icingaweb2_modules['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and icingaweb2_modules['director']['kickstart'] is defined + notify: "run_director_kickstart" - name: Module Director | Ensure installation from source is complete when: icingaweb2_modules['director']['source'] == 'git' diff --git a/roles/icingaweb2/tasks/modules/manage_pgsql_imports.yml b/roles/icingaweb2/tasks/modules/manage_pgsql_imports.yml new file mode 100644 index 00000000..2bc32a4e --- /dev/null +++ b/roles/icingaweb2/tasks/modules/manage_pgsql_imports.yml @@ -0,0 +1,37 @@ +--- +- name: Check Database Credentials + ansible.builtin.assert: + that: + - _db['user'] is defined + - _db['password'] is defined + fail_msg: "No database credentials defined." + +- name: Build pgsql command + ansible.builtin.set_fact: + _tmp_pgsqlcmd: >- + PGPASSWORD="{{ _db['password'] }}" + psql + "{% if _db['host'] | default('localhost') != 'localhost' %} host={{ _db['host'] }}{%- endif %} + {% if _db['port'] is defined %} port={{ _db['port'] }}{%- endif %} + user={{ _db['user'] }} + dbname={{ _db['name'] }} + {% if _db['ssl_mode'] is defined %} sslmode={{ _db['ssl_mode'] | default('require') }}{%- endif %} + {% if _db['ssl_cert'] is defined %} sslcert={{ _db['ssl_cert'] }}{%- endif %} + {% if _db['ssl_key'] is defined %} sslkey={{ _db['ssl_key'] }}{%- endif %} + {% if _db['ssl_extra_options'] is defined %} {{ _db['ssl_extra_options'] }}{%- endif %}" + +- name: PostgresQL check for db schema + ansible.builtin.shell: > + {{ _tmp_pgsqlcmd }} + -tq -c "{{ _db['select_query'] }}" + failed_when: false + changed_when: false + check_mode: false + register: _db_schema + +- name: PostgresQL import db schema + ansible.builtin.shell: > + {{ _tmp_pgsqlcmd }} + < {{ _db['schema_path_pgsql'] }} + when: _db_schema.rc != 0 + run_once: yes diff --git a/roles/icingaweb2/tasks/modules/monitoring.yml b/roles/icingaweb2/tasks/modules/monitoring.yml index 3ef79c1a..afc3df69 100644 --- a/roles/icingaweb2/tasks/modules/monitoring.yml +++ b/roles/icingaweb2/tasks/modules/monitoring.yml @@ -11,7 +11,7 @@ loop: "{{ _files }}" loop_control: loop_var: _file - when: vars['icingaweb2_modules'][_module][_file] is defined + when: icingaweb2_modules[_module][_file] is defined vars: _module: "{{ item.key }}" _files: diff --git a/roles/icingaweb2/tasks/modules/x509.yml b/roles/icingaweb2/tasks/modules/x509.yml index fa49a8c3..544f0fc3 100644 --- a/roles/icingaweb2/tasks/modules/x509.yml +++ b/roles/icingaweb2/tasks/modules/x509.yml @@ -13,7 +13,7 @@ loop: "{{ _files }}" loop_control: loop_var: _file - when: vars['icingaweb2_modules'][_module][_file] is defined + when: icingaweb2_modules[_module][_file] is defined vars: _module: "{{ item.key }}" _files: @@ -21,46 +21,58 @@ - sni - name: Module x509 | Manage Schema + when: icingaweb2_modules[_module]['database']['import_schema'] | default(false) + vars: + _module: "{{ item.key }}" block: - name: Module x509 | Prepare _db informations ansible.builtin.set_fact: _db: - host: "{{ icingaweb2_modules[_module].database.host | default('localhost') }}" - port: "{{ icingaweb2_modules[_module].database.port | default('3306') }}" - user: "{{ icingaweb2_modules[_module].database.user | default('x509') }}" - password: "{{ icingaweb2_modules[_module].database.password | default(omit) }}" - name: "{{ icingaweb2_modules[_module].database.name | default('x509') }}" - ssl_mode: "{{ icingaweb2_modules[_module].database.ssl_mode | default(omit) }}" - ssl_ca: "{{ icingaweb2_modules[_module].database.ssl_ca | default(omit) }}" - ssl_cert: "{{ icingaweb2_modules[_module].database.ssl_cert | default(omit) }}" - ssl_key: "{{ icingaweb2_modules[_module].database.ssl_key | default(omit) }}" - ssl_cipher: "{{ icingaweb2_modules[_module].database.ssl_cipher | default(omit) }}" - ssl_extra_options: "{{ icingaweb2_modules[_module].database.ssl_extra_options | default(omit) }}" - schema_path: /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql + host: "{{ icingaweb2_modules[_module]['database']['host'] | default('localhost') }}" + port: "{{ icingaweb2_modules[_module]['database']['port'] | default('3306') }}" + user: "{{ icingaweb2_modules[_module]['database']['user'] | default('x509') }}" + password: "{{ icingaweb2_modules[_module]['database']['password'] | default(omit) }}" + name: "{{ icingaweb2_modules[_module]['database']['name'] | default('x509') }}" + ssl_mode: "{{ icingaweb2_modules[_module]['database']['ssl_mode'] | default(omit) }}" + ssl_ca: "{{ icingaweb2_modules[_module]['database']['ssl_ca'] | default(omit) }}" + ssl_cert: "{{ icingaweb2_modules[_module]['database']['ssl_cert'] | default(omit) }}" + ssl_key: "{{ icingaweb2_modules[_module]['database']['ssl_key'] | default(omit) }}" + ssl_cipher: "{{ icingaweb2_modules[_module]['database']['ssl_cipher'] | default(omit) }}" + ssl_extra_options: "{{ icingaweb2_modules[_module]['database']['ssl_extra_options'] | default(omit) }}" + schema_path_mysql: /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql + schema_path_pgsql: /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql select_query: "select * from x509_certificate" - when: icingaweb2_modules[_module].database.type | default('mysql') == 'mysql' + type: "{{ icingaweb2_modules[_module]['database']['type'] | default(omit) }}" + + - name: Module x509 | Check if database type is provided + ansible.builtin.fail: + msg: No database type was provided + when: icingaweb2_modules[_module]['database']['type'] is not defined - - ansible.builtin.fail: - fail_msg: "The Database type select is not supported, {{ icingaweb2_modules[_module].database.type }} [Supported=mysql]" - when: vars['icingaweb2_modules'][_module]['database']['type'] is defined and icingaweb2_modules[_module].database.type != 'mysql' + - name: Module x509 | Check provided database type + ansible.builtin.fail: + msg: "Invalid database type was provided. [Supported: mysql, pgsql]" + when: _db.type not in ['mysql', 'pgsql'] - - name: Module x509 | Import Schema + - name: Module x509 | Import MySQL Schema ansible.builtin.include_tasks: ../manage_mysql_imports.yml + when: _db.type == 'mysql' + + - name: Module x509 | Import PostgresQL Schema + ansible.builtin.include_tasks: ../manage_pgsql_imports.yml + when: _db.type == 'pgsql' - name: Module x509 | empty _db var ansible.builtin.set_fact: _db: {} - when: icingaweb2_modules[_module].database.import_schema | default(false) - vars: - _module: "{{ item.key }}" - name: Module x509 | Import Certificates ansible.builtin.shell: > icingacli {{ _module }} import --file {{ _file }} - loop: "{{ icingaweb2_modules[_module].certificate_files }}" + loop: "{{ icingaweb2_modules[_module]['certificate_files'] }}" loop_control: loop_var: _file vars: _module: "{{ item.key }}" - when: icingaweb2_modules[_module].certificate_files is defined + when: icingaweb2_modules[_module]['certificate_files'] is defined changed_when: false diff --git a/roles/icingaweb2/templates/ini_template.j2 b/roles/icingaweb2/templates/ini_template.j2 index 21b44bc2..f5ec9ac5 100644 --- a/roles/icingaweb2/templates/ini_template.j2 +++ b/roles/icingaweb2/templates/ini_template.j2 @@ -7,8 +7,8 @@ {{ option }} = "{{ value }}" {% elif value is iterable and (value is not string and value is not mapping) %} {{ option }} = "{{ value | join(', ') }}" -{% elif ( value is string and ( "=" in value or "!" in value ) )%} -{{ option }} = '{{ value }}' +{% elif ( value is string and ( "=" in value or "!" in value or " " in value ) )%} +{{ option }} = "{{ value }}" {% else %} {{ option }} = {{ value }} {% endif %} diff --git a/roles/icingaweb2/vars/debian-ubuntu.yml b/roles/icingaweb2/vars/debian-ubuntu.yml index 10b89b9c..61e286d9 100644 --- a/roles/icingaweb2/vars/debian-ubuntu.yml +++ b/roles/icingaweb2/vars/debian-ubuntu.yml @@ -1,3 +1,3 @@ icingaweb2_httpd_user: www-data icingaweb2_fragments_path: /var/tmp/icingaweb -icingaweb2_packages: ["icingaweb2","icingacli","libapache2-mod-php"] +icingaweb2_packages_dependencies: ["libapache2-mod-php"] diff --git a/roles/icingaweb2/vars/debian.yml b/roles/icingaweb2/vars/debian.yml index 081fe9e9..6c08db22 100644 --- a/roles/icingaweb2/vars/debian.yml +++ b/roles/icingaweb2/vars/debian.yml @@ -1,3 +1,3 @@ icingaweb2_httpd_user: www-data icingaweb2_fragments_path: /var/tmp/icingaweb -icingaweb2_packages: ["icingaweb2", "icingacli"] +icingaweb2_packages_dependencies: [] diff --git a/roles/icingaweb2/vars/redhat.yml b/roles/icingaweb2/vars/redhat.yml index 38ea1bbd..e13f0c5f 100644 --- a/roles/icingaweb2/vars/redhat.yml +++ b/roles/icingaweb2/vars/redhat.yml @@ -1,4 +1,4 @@ --- icingaweb2_httpd_user: apache icingaweb2_fragments_path: /var/tmp/icingaweb -icingaweb2_packages: ["icingaweb2", "icingacli", "icingaweb2-selinux"] +icingaweb2_packages_dependencies: ["icingaweb2-selinux"] diff --git a/roles/icingaweb2/vars/suse.yml b/roles/icingaweb2/vars/suse.yml new file mode 100644 index 00000000..d4ee5f47 --- /dev/null +++ b/roles/icingaweb2/vars/suse.yml @@ -0,0 +1,4 @@ +--- +icingaweb2_httpd_user: wwwrun +icingaweb2_fragments_path: /var/tmp/icingaweb +icingaweb2_packages_dependencies: [] diff --git a/roles/monitoring_plugins/tasks/install_on_RedHat.yml b/roles/monitoring_plugins/tasks/install_on_RedHat.yml index 964bf8a9..95a6b9d9 100644 --- a/roles/monitoring_plugins/tasks/install_on_RedHat.yml +++ b/roles/monitoring_plugins/tasks/install_on_RedHat.yml @@ -1,14 +1,9 @@ --- - - name: Activate epel repository - include_role: - name: icinga.icinga.repos - vars: - icinga_repo_epel: true - icinga_repo_stable: false - icinga_repo_testing: false - icinga_repo_snapshot: false - when: icinga_monitoring_plugins_epel + ansible.builtin.yum: + name: epel-release + state: present + when: icinga_monitoring_plugins_epel|bool - name: Yum - install requested packages become: yes diff --git a/roles/monitoring_plugins/tasks/install_on_Suse.yml b/roles/monitoring_plugins/tasks/install_on_Suse.yml new file mode 100644 index 00000000..56d9d3aa --- /dev/null +++ b/roles/monitoring_plugins/tasks/install_on_Suse.yml @@ -0,0 +1,23 @@ +--- + +- name: Zypper - install requested packages + become: yes + community.general.zypper: + state: present + name: "{{ needed_packages }}" + update_cache: true + register: "zypper_result" + changed_when: zypper_result.stdout is defined + when: + - needed_packages is defined + - needed_packages + +- name: Zypper - remove non-requested packages + become: yes + community.general.zypper: + state: absent + name: "{{ (unwanted_packages | difference(['monitoring-plugins-common'])) if icinga_monitoring_plugins_check_commands else unwanted_packages }}" + clean_deps: "{{ icinga_monitoring_plugins_autoremove }}" + when: + - icinga_monitoring_plugins_remove + - unwanted_packages diff --git a/roles/monitoring_plugins/tasks/main.yml b/roles/monitoring_plugins/tasks/main.yml index f6ef13e9..4d40153a 100644 --- a/roles/monitoring_plugins/tasks/main.yml +++ b/roles/monitoring_plugins/tasks/main.yml @@ -2,8 +2,14 @@ - gather_facts: -- name: Include OS family specific vars - include_vars: "{{ role_path }}/vars/{{ ansible_os_family }}.yml" +- name: Check supported operatingsystems + block: + - name: Include OS family specific vars + ansible.builtin.include_vars: "{{ role_path }}/vars/{{ ansible_os_family }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" - name: Include OS distribution/version specific vars include_vars: "{{ lookup('first_found', params) }}" @@ -17,6 +23,15 @@ paths: - "{{ role_path }}/vars" +- name: Make sure that check plugins are requested and that they are defined + assert: + that: + - icinga_monitoring_plugins_check_commands is defined + - diff | length == 0 + fail_msg: "The following requested check command names (variable 'icinga_monitoring_plugins_check_commands') are not recognized as available check plugins on this host: {{ diff }}" + vars: + diff: "{{ icinga_monitoring_plugins_check_commands | default([]) | difference(icinga_monitoring_plugins_available_packages | map(attribute='name') | list) | difference(['all']) }}" + - name: Clean up variable discrepancy - remove entries set_fact: icinga_monitoring_plugins_available_packages: "{{ icinga_monitoring_plugins_available_packages | difference(icinga_monitoring_plugins_available_packages_exclude) }}" @@ -27,15 +42,6 @@ icinga_monitoring_plugins_available_packages: "{{ icinga_monitoring_plugins_available_packages + icinga_monitoring_plugins_available_packages_include }}" when: icinga_monitoring_plugins_available_packages_include is defined -- name: Make sure that check plugins are requested and that they are defined - assert: - that: - - icinga_monitoring_plugins_check_commands is defined - - diff | length == 0 - fail_msg: "The following requested check command names (variable 'icinga_monitoring_plugins_check_commands') are not recognized as available check plugins on this host: {{ diff }}" - vars: - diff: "{{ icinga_monitoring_plugins_check_commands | default([]) | difference(icinga_monitoring_plugins_available_packages | map(attribute='name') | list) | difference(['all']) }}" - - name: Create list of packages to be installed set_fact: needed_packages: "{{ icinga_monitoring_plugins_available_packages | map(attribute='pkg_name') if 'all' in icinga_monitoring_plugins_check_commands else (needed_packages | default([]) + (icinga_monitoring_plugins_available_packages | selectattr('name','equalto', item) | map(attribute='pkg_name') | list)) | unique }}" diff --git a/roles/monitoring_plugins/vars/Suse.yml b/roles/monitoring_plugins/vars/Suse.yml new file mode 100644 index 00000000..b02856a9 --- /dev/null +++ b/roles/monitoring_plugins/vars/Suse.yml @@ -0,0 +1,123 @@ +--- + +icinga_monitoring_plugins_available_packages: + - name: apt + pkg_name: "UNAVAILABLE" + - name: breeze + pkg_name: "monitoring-plugins-breeze" + - name: by_ssh + pkg_name: "monitoring-plugins-by_ssh" + - name: clamd + pkg_name: "nagios-plugins-tcp" + - name: dhcp + pkg_name: "monitoring-plugins-dhcp" + - name: dig + pkg_name: "monitoring-plugins-dig" + - name: disk + pkg_name: "monitoring-plugins-disk" + - name: disk_smb + pkg_name: "monitoring-plugins-disk_smb" + - name: dns + pkg_name: "monitoring-plugins-dns" + - name: file_age + pkg_name: "monitoring-plugins-file_age" + - name: flexlm + pkg_name: "monitoring-plugins-flexlm" + - name: fping + pkg_name: "monitoring-plugins-fping" + - name: fping4 + pkg_name: "monitoring-plugins-fping" + - name: fping6 + pkg_name: "monitoring-plugins-fping" + - name: ftp + pkg_name: "monitoring-plugins-tcp" + - name: game + pkg_name: "UNAVAILABLE" + - name: hostalive + pkg_name: "monitoring-plugins-ping" + - name: hostalive4 + pkg_name: "monitoring-plugins-ping" + - name: hostalive6 + pkg_name: "monitoring-plugins-ping" + - name: hpjd + pkg_name: "monitoring-plugins-hpjd" + - name: http + pkg_name: "monitoring-plugins-http" + - name: icmp + pkg_name: "monitoring-plugins-icmp" + - name: imap + pkg_name: "monitoring-plugins-tcp" + - name: ldap + pkg_name: "monitoring-plugins-ldap" + - name: load + pkg_name: "monitoring-plugins-load" + - name: mailq + pkg_name: "monitoring-plugins-mailq" + - name: mysql + pkg_name: "monitoring-plugins-mysql" + - name: mysql_query + pkg_name: "monitoring-plugins-mysql" + - name: negate + pkg_name: "monitoring-plugins-common" + - name: nrpe + pkg_name: "monitoring-plugins-nrpe" + - name: nscp + pkg_name: "monitoring-plugins-nt" + - name: ntp_peer + pkg_name: "monitoring-plugins-ntp_peer" + - name: ntp_time + pkg_name: "monitoring-plugins-ntp_time" + - name: pgsql + pkg_name: "monitoring-plugins-pgsql" + - name: ping + pkg_name: "monitoring-plugins-ping" + - name: ping4 + pkg_name: "monitoring-plugins-ping" + - name: ping6 + pkg_name: "monitoring-plugins-ping" + - name: pop + pkg_name: "monitoring-plugins-tcp" + - name: procs + pkg_name: "monitoring-plugins-procs" + - name: radius + pkg_name: "monitoring-plugins-radius" + - name: rpc + pkg_name: "monitoring-plugins-rpc" + - name: simap + pkg_name: "monitoring-plugins-tcp" + - name: smart + pkg_name: "monitoring-plugins-ide_smart" + - name: smtp + pkg_name: "monitoring-plugins-smtp" + - name: snmp + pkg_name: "monitoring-plugins-snmp" + - name: snmpv3 + pkg_name: "monitoring-plugins-snmp" + - name: snmp-uptime + pkg_name: "monitoring-plugins-snmp" + - name: spop + pkg_name: "monitoring-plugins-tcp" + - name: ssh + pkg_name: "monitoring-plugins-ssh" + - name: ssl + pkg_name: "monitoring-plugins-tcp" + - name: ssmtp + pkg_name: "monitoring-plugins-tcp" + - name: swap + pkg_name: "monitoring-plugins-swap" + - name: tcp + pkg_name: "monitoring-plugins-tcp" + - name: udp + pkg_name: "monitoring-plugins-tcp" + - name: ups + pkg_name: "monitoring-plugins-ups" + - name: uptime + pkg_name: "monitoring-plugins-uptime" + - name: users + pkg_name: "monitoring-plugins-users" + +icinga_monitoring_plugins_available_packages_exclude: + - name: apt + pkg_name: "UNAVAILABLE" + - name: game + pkg_name: "UNAVAILABLE" diff --git a/roles/repos/defaults/main.yml b/roles/repos/defaults/main.yml index 852c137d..24fc28ab 100644 --- a/roles/repos/defaults/main.yml +++ b/roles/repos/defaults/main.yml @@ -10,6 +10,11 @@ icinga_repo_yum_snapshot_url: "http://packages.icinga.com/epel/$releasever/snaps icinga_repo_yum_snapshot_key: "{{ icinga_repo_gpgkey }}" icinga_repo_yum_snapshot_description: "ICINGA (snapshot release for epel)" +icinga_repo_zypper_key: "{{ icinga_repo_gpgkey }}" +icinga_repo_zypper_stable_url: "https://packages.icinga.com/openSUSE/$releasever/release/" +#icinga_repo_zypper_testing_url: "" +icinga_repo_zypper_snapshot_url: "https://packages.icinga.com/openSUSE/$releasever/snapshot/" + icinga_repo_apt_key: "{{ icinga_repo_gpgkey }}" icinga_repo_apt_keyring: /etc/apt/keyrings/icinga-archive-keyring.asc icinga_repo_apt_stable_deb: "deb [signed-by={{ icinga_repo_apt_keyring }}] http://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release|lower }} main" diff --git a/roles/repos/meta/main.yml b/roles/repos/meta/main.yml index d2567bc7..09681703 100644 --- a/roles/repos/meta/main.yml +++ b/roles/repos/meta/main.yml @@ -7,6 +7,12 @@ galaxy_info: license: AGPL-3.0-only min_ansible_version: 2.9 platforms: + - name: opensuse + versions: + - 15.5 + - name: SLES + versions: + - 15 - name: EL versions: - 7 diff --git a/roles/repos/tasks/Debian.yml b/roles/repos/tasks/Debian.yml index e1936f84..b8ddb526 100644 --- a/roles/repos/tasks/Debian.yml +++ b/roles/repos/tasks/Debian.yml @@ -1,6 +1,6 @@ --- - name: Apt - ensure apt keyrings directory - file: + ansible.builtin.file: state: directory path: /etc/apt/keyrings owner: root diff --git a/roles/repos/tasks/RedHat.yml b/roles/repos/tasks/RedHat.yml index 7413f5f6..83495341 100644 --- a/roles/repos/tasks/RedHat.yml +++ b/roles/repos/tasks/RedHat.yml @@ -39,13 +39,13 @@ yum: name: epel-release state: present - when: icinga_repo_epel + when: icinga_repo_epel|bool == true - name: Yum - add SCL repositories yum: name: centos-release-scl state: present when: - - icinga_repo_scl + - icinga_repo_scl|bool == true - ansible_distribution == "CentOS" - ansible_distribution_major_version < "8" diff --git a/roles/repos/tasks/Suse.yml b/roles/repos/tasks/Suse.yml new file mode 100644 index 00000000..4b713bb8 --- /dev/null +++ b/roles/repos/tasks/Suse.yml @@ -0,0 +1,25 @@ +--- + +- name: Suse - add RPM key + ansible.builtin.rpm_key: + state: present + key: "{{ icinga_repo_zypper_key }}" + +- name: Suse - add Icinga repository (stable) + community.general.zypper_repository: + name: icinga-stable-release + description: ICINGA (stable release for openSUSE) + state: "{{ 'present' if icinga_repo_stable|bool else 'absent' }}" + repo: "{{ icinga_repo_zypper_stable_url }}" + +- name: Suse - add Icinga repository (testing) + ansible.builtin.fail: + msg: "Suse Testing repo is not available." + when: icinga_repo_testing|bool == true + +- name: Suse - add Icinga repository (snapshot) + community.general.zypper_repository: + name: icinga-snapshot-builds + description: ICINGA (snapshot builds for openSUSE) + repo: "{{ icinga_repo_zypper_snapshot_url }}" + state: "{{ 'present' if icinga_repo_snapshot|bool else 'absent' }}" diff --git a/roles/repos/tasks/main.yml b/roles/repos/tasks/main.yml index 2cee1fe1..0fe3ff78 100644 --- a/roles/repos/tasks/main.yml +++ b/roles/repos/tasks/main.yml @@ -29,5 +29,11 @@ - icinga_repo_subscription_username is defined - icinga_repo_subscription_password is defined -- name: Add repositories - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" +- name: Check OS family + block: + - name: Add repositories {{ ansible_os_family }} + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS '{{ ansible_os_family }}' isn't currently supported!"