From 637f7cc8e204145582a80f4b713492632f92a2d5 Mon Sep 17 00:00:00 2001 From: Daniel Bodky Date: Tue, 21 Nov 2023 13:23:15 +0100 Subject: [PATCH 01/58] Updates available roles --- doc/getting-started.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/getting-started.md b/doc/getting-started.md index 6fd1ce35..17ab2c68 100644 --- a/doc/getting-started.md +++ b/doc/getting-started.md @@ -1,11 +1,19 @@ ### Getting Started -The collection includes two roles in the current version. +The collection includes six roles in the current version. * icinga.repos: Role to manage repositories * [Documentation: doc/role-repos](role-repos/role-repos.md) * icinga.icinga2: Role to install and manage Icinga 2 instances. * [Documentation: doc/role-icinga2](role-icinga2/role-icinga2.md) +* icinga.icingadb: Role to install and manage IcingaDB, Icinga2's new data backend. + * [Documentation: doc/role-icingadb](role-icingadb/role-icingadb.md) +* icinga.icingadb_redis: Role to install and manage Redis, IcingaDB's cache backend. + * [Documentation: doc/role-icingadb_redis](role-icingadb_redis/role-icingadb_redis.md) +* icinga.icingaweb2: Role to install and manage Icinga Web 2. + * [Documentation: doc/role-icingaweb2](role-icingaweb2/role-icingaweb2.md) +* icinga.monitoring_plugins: Role to install and manage Icinga2 compatible monitoring plugins. + * [Documentation: doc/role-monitoring_plugins](role-monitoring_plugins/role-monitoring_plugins.md) --- From 6ab1d1f20483a1d45c689c82e33a4e30537e18f4 Mon Sep 17 00:00:00 2001 From: Daniel Bodky Date: Tue, 21 Nov 2023 13:39:54 +0100 Subject: [PATCH 02/58] Adds references to the database examples to relevant parts of the docs --- doc/getting-started.md | 30 ++++++++++++++++++++++++++ doc/role-icingadb/role-icingadb.md | 7 +++++- doc/role-icingaweb2/role-icingaweb2.md | 4 ++++ 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/doc/getting-started.md b/doc/getting-started.md index 17ab2c68..851df2a7 100644 --- a/doc/getting-started.md +++ b/doc/getting-started.md @@ -47,6 +47,36 @@ ansible-galaxy collection build ansible-collection-icinga ansible-galaxy collection install icinga-icinga-0.3.0.tar.gz ``` +## Databases + +Icinga2 relies on relational databases for many parts of its functionality. **None** of those databases gets installed by the roles. You need to install and configure them yourself. For doing so, there are many ways available, e.g. the Ansible role [geerlingguy.mysql](https://galaxy.ansible.com/geerlingguy/mysql) for MySQL flavour (both MySQL and MariaDB) or [geerlingguy.postgresql](https://galaxy.ansible.com/geerlingguy/postgresql) PostGresQL: + +```yaml +- name: Configure databases for Icinga2 + hosts: database + vars: + mysql_databases: + - name: icingadb + - name: icingaweb + - name: vspheredb + encoding: utf8mb4 + collation: utf8mb4_unicode_ci + - name: director + mysql_users: + - name: icingadb-user + host: localhost + password: icingadb-password + priv: "icingadb.*:ALL" + [...] + roles: + - role: geerlingguy.mysql +``` + +> [!NOTE] +> Schema migrations needed for the respective Icinga components to work will be handled either by the respective roles or by the Icinga components themselves. + + + ## Example Playbooks This is an example on how to install an Icinga 2 server/master instance. diff --git a/doc/role-icingadb/role-icingadb.md b/doc/role-icingadb/role-icingadb.md index 5d66a32a..e30742ab 100644 --- a/doc/role-icingadb/role-icingadb.md +++ b/doc/role-icingadb/role-icingadb.md @@ -5,7 +5,12 @@ This role installs and configures the IcingaDB daemon. In addition it can also i It serves as the official, more performant successor to Icinga IDO. More information about its purpose and design can be found [in the official documentation](https://icinga.com/docs/icinga-db/latest/doc/01-About/). -> :information_source: In many scenarios you want to install the [icingadb_redis role](../role-icingadb_redis/) together with this role. It is part of this collection, too. +> [!TIP] +> In many scenarios you want to install the [icingadb_redis role](../role-icingadb_redis/) together with this role. It is part of this collection, too. + +## Database + +IcingaDB relies on a relational database to persist received data. This database **won't** be created by this role - you need to deploy and configure one in advance. For more information, see the [Databases](../getting-started.md#databases) section in the getting started guide. ## Variables diff --git a/doc/role-icingaweb2/role-icingaweb2.md b/doc/role-icingaweb2/role-icingaweb2.md index 4faf1ae7..bff00b7c 100644 --- a/doc/role-icingaweb2/role-icingaweb2.md +++ b/doc/role-icingaweb2/role-icingaweb2.md @@ -7,6 +7,10 @@ The role icingaweb2 installs and configures Icinga Web 2 and its modules. * [IcingaDB](./module-icingadb.md) * [Monitoring](./module-monitoring.md) +## Databases + +Icingaweb2 and some of its modules rely on a relational database to persist data. These databases **won't** be created by this role - you need to deploy and configure them in advance. For more information, see the [Databases](../getting-started.md#databases) section in the getting started guide. + ## Variables ### Icinga Web 2 DB Configuration From b96d50d11f907a40aa52855f248ee8e2a18075cb Mon Sep 17 00:00:00 2001 From: Daniel Bodky Date: Tue, 21 Nov 2023 13:40:51 +0100 Subject: [PATCH 03/58] add installation for x509 module (#214) * add module x509 and mysql imports task * Add documentation for x509 module * Add documentation about database imports * Continues working on x509 module installation --------- Co-authored-by: Thilo W --- .../feature_add_x509_module_installation.yml | 3 + doc/role-icingaweb2/module-x509.md | 95 +++++++++++++++++++ roles/icingaweb2/tasks/main.yml | 8 ++ .../icingaweb2/tasks/manage_mysql_imports.yml | 38 ++++++++ roles/icingaweb2/tasks/modules/x509.yml | 66 +++++++++++++ roles/icingaweb2/vars/main.yml | 3 +- 6 files changed, 212 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/feature_add_x509_module_installation.yml create mode 100644 doc/role-icingaweb2/module-x509.md create mode 100644 roles/icingaweb2/tasks/manage_mysql_imports.yml create mode 100644 roles/icingaweb2/tasks/modules/x509.yml diff --git a/changelogs/fragments/feature_add_x509_module_installation.yml b/changelogs/fragments/feature_add_x509_module_installation.yml new file mode 100644 index 00000000..82c1f981 --- /dev/null +++ b/changelogs/fragments/feature_add_x509_module_installation.yml @@ -0,0 +1,3 @@ +--- +major_changes: + - Added Installation of x509 certificate monitoring model diff --git a/doc/role-icingaweb2/module-x509.md b/doc/role-icingaweb2/module-x509.md new file mode 100644 index 00000000..684000fd --- /dev/null +++ b/doc/role-icingaweb2/module-x509.md @@ -0,0 +1,95 @@ +## Module x509 + +### Variables and Configuration + +The general module parameter like `enabled` and `source` can be applied here. + +| Variable | Value | +|----------|------------| +| enabled | true/false | +| source | package | + +#### Section configuration + +The backend database for the module needs to be available and configured at the `icingaweb2_resources` variable. + +``` +icingaweb2_modules: + x509: + source: package + enabled: true + config: + backend: + resource: x509 +``` + +#### Configure SNI Names. + +To configure SNIs for a IP address, use the dictionary `sni`. + +Example: + +``` +icingaweb2_modules: + x509: + source: package + enabled: true + config: + backend: + resource: x509 + sni: + 192.168.56.213: + hostnames: + - icinga.com + - test2.icinga.com +``` + +#### Import Certificates + +To import certificates use the **list** `certificate_files` all files need to be +available locally beforehand. + +``` +icingaweb2_modules: + x509: + source: package + enabled: true + config: + backend: + resource: x509 + certificate_files: + - /etc/ssl/certs/ca-certificates.crt +``` + +#### Database Schema Setup + +To import the database schema use `database` dictionary with the following variables. + +| Variable | Type | Description | Default | +|----------|------|-------------|---------| +| `import_schema` | `Boolean` | Defines wether the schema will be imported or not. | false | +| `host` | `String` | Defines database address to connect to. | `localhost` | +| `port` | `int` | Defines the database port to connect to. | `3306` or `5432` | +| `user` | `string` | Defines database user | `x509` | +| `name` | `String` | Defines the database to connect to. | `x509` | +| `password` | `String` | Defines the database password to connect with. | OMITTED | +| `ssl_mode` | `String` | Clients attempt to connect using encryption, falling back to an unencrypted connection if an encrypted connection cannot be established |**n/a** | +|`ssl_ca`| `String`| Defines the path to the ca certificate for client authentication. | **n/a** | +|`ssl_cert`|`String`| Defines the path to the certificate for client authentication. | **n/a** | +|`ssl_key`| `String` | Defines the path to the certificate key for client key authentication. | **n/a** | +|`ssl_cipher`|`String`| Ciphers for the client authentication. | **n/a** | +|`ssl_extra_options`|`String`| Extra options for the client authentication. | **n/a** | + + +``` +icingaweb2_modules: + x509: + source: package + enabled: true + database: + import_schema: true + host: localhost + port: 3306 + user: x509 + password: secret +``` diff --git a/roles/icingaweb2/tasks/main.yml b/roles/icingaweb2/tasks/main.yml index e6bd7b6b..a020d4cd 100644 --- a/roles/icingaweb2/tasks/main.yml +++ b/roles/icingaweb2/tasks/main.yml @@ -43,3 +43,11 @@ force: yes when: icingaweb2_modules is defined loop: "{{ icingaweb2_modules | dict2items }}" + +# Many daemons fail before e.g. the resource is set up or the schema hasn't been migrated. This is a workaround. +- name: Manage enabled module daemons + ansible.builtin.service: + name: "icinga-{{ item.key }}" + state: restarted + when: icingaweb2_modules is defined and item.value.enabled|bool == true and item.key in ['vspheredb', 'x509'] + loop: "{{ icingaweb2_modules | dict2items }}" diff --git a/roles/icingaweb2/tasks/manage_mysql_imports.yml b/roles/icingaweb2/tasks/manage_mysql_imports.yml new file mode 100644 index 00000000..676c6df2 --- /dev/null +++ b/roles/icingaweb2/tasks/manage_mysql_imports.yml @@ -0,0 +1,38 @@ +--- +- name: Check Database Credentials + ansible.builtin.assert: + that: + - _db['user'] is defined + - _db['password'] is defined + fail_msg: "No database credentials defined." + +- name: Build mysql command + ansible.builtin.set_fact: + _tmp_mysqlcmd: >- + mysql {% if _db['host'] | default('localhost') != 'localhost' %} -h "{{ _db['host'] }}" {%- endif %} + {% if _db['port'] is defined %} -P "{{ _db['port'] }}" {%- endif %} + {% if _db['ssl_mode'] is defined %} --ssl-mode "{{ _db['ssl_mode'] }}" {%- endif %} + {% if _db['ssl_ca'] is defined %} --ssl-ca "{{ _db['ssl_ca'] }}" {%- endif %} + {% if _db['ssl_cert'] is defined %} --ssl-cert "{{ _db['ssl_cert'] }}" {%- endif %} + {% if _db['ssl_key'] is defined %} --ssl-key "{{ _db['ssl_key'] }}" {%- endif %} + {% if _db['ssl_cipher'] is defined %} --ssl-cipher "{{ _db['ssl_cipher'] }}" {%- endif %} + {% if _db['ssl_extra_options'] is defined %} {{ _db['ssl_extra_options'] }} {%- endif %} + -u "{{ _db['user'] }}" + -p"{{ _db['password'] }}" + "{{ _db['name'] }}" + +- name: MySQL check for db schema + ansible.builtin.shell: > + {{ _tmp_mysqlcmd }} + -Ns -e "{{ _db['select_query'] }}" + failed_when: false + changed_when: false + check_mode: false + register: _db_schema + +- name: MySQL import db schema + ansible.builtin.shell: > + {{ _tmp_mysqlcmd }} + < {{ _db['schema_path'] }} + when: _db_schema.rc != 0 + run_once: yes diff --git a/roles/icingaweb2/tasks/modules/x509.yml b/roles/icingaweb2/tasks/modules/x509.yml new file mode 100644 index 00000000..a0bc7e25 --- /dev/null +++ b/roles/icingaweb2/tasks/modules/x509.yml @@ -0,0 +1,66 @@ +- name: Module x509 | Ensure config directory + ansible.builtin.file: + state: directory + dest: "{{ icingaweb2_modules_config_dir }}/{{ _module }}" + owner: "{{ icingaweb2_httpd_user }}" + group: "{{ icingaweb2_group }}" + mode: "2770" + vars: + _module: "{{ item.key }}" + +- name: Module x509 | Manage config files + ansible.builtin.include_tasks: manage_module_config.yml + loop: "{{ _files }}" + loop_control: + loop_var: _file + when: vars['icingaweb2_modules'][_module][_file] is defined + vars: + _module: "{{ item.key }}" + _files: + - config + - sni + +- name: Module x509 | Manage Schema + block: + - name: Module x509 | Prepare _db informations + ansible.builtin.set_fact: + _db: + host: "{{ vars['icingaweb2_modules'][_module]['database']['host'] | default('localhost') }}" + port: "{{ vars['icingaweb2_modules'][_module]['database']['port'] | default('3306') }}" + user: "{{ vars['icingaweb2_modules'][_module]['database']['user'] | default('x509') }}" + password: "{{ vars['icingaweb2_modules'][_module]['database']['password'] | default(omit) }}" + name: "{{ vars['icingaweb2_modules'][_module]['database']['name'] | default('x509') }}" + ssl_mode: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_mode'] | default(omit) }}" + ssl_ca: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_ca'] | default(omit) }}" + ssl_cert: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_cert'] | default(omit) }}" + ssl_key: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_key'] | default(omit) }}" + ssl_cipher: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_cipher'] | default(omit) }}" + ssl_extra_options: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_extra_options'] | default(omit) }}" + schema_path: /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql + select_query: "select * from x509_certificate" + when: vars['icingaweb2_modules'][_module]['database']['type'] | default('mysql') == 'mysql' + + - ansible.builtin.fail: + fail_msg: "The Database type select is not supported, {{ vars['icingaweb2_modules'][_module]['database']['type'] }} [Supported=mysql]" + when: vars['icingaweb2_modules'][_module]['database']['type'] is defined and vars['icingaweb2_modules'][_module]['database']['type'] != 'mysql' + + - name: Module x509 | Import Schema + ansible.builtin.include_tasks: ../manage_mysql_imports.yml + + - name: Module x509 | empty _db var + ansible.builtin.set_fact: + _db: {} + when: vars['icingaweb2_modules'][_module]['database']['import_schema'] | default(false) + vars: + _module: "{{ item.key }}" + +- name: Module x509 | Import Certificates + ansible.builtin.shell: > + icingacli {{ _module }} import --file {{ _file }} + loop: "{{ vars['icingaweb2_modules'][_module]['certificate_files'] }}" + loop_control: + loop_var: _file + vars: + _module: "{{ item.key }}" + when: vars['icingaweb2_modules'][_module]['certificate_files'] is defined + changed_when: false diff --git a/roles/icingaweb2/vars/main.yml b/roles/icingaweb2/vars/main.yml index 8092fd97..588f0d6d 100644 --- a/roles/icingaweb2/vars/main.yml +++ b/roles/icingaweb2/vars/main.yml @@ -2,4 +2,5 @@ icingaweb2_module_packages: icingadb: icingadb-web director: icinga-director - businessprocess: icinga-businessprocess \ No newline at end of file + x509: icinga-x509 + businessprocess: icinga-businessprocess From 0a37c99bf2d264e0b71ac7d9efb09d9457baeea4 Mon Sep 17 00:00:00 2001 From: Daniel Bodky Date: Tue, 21 Nov 2023 13:52:59 +0100 Subject: [PATCH 04/58] Fixes typos --- doc/getting-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/getting-started.md b/doc/getting-started.md index 851df2a7..8a5b6767 100644 --- a/doc/getting-started.md +++ b/doc/getting-started.md @@ -49,7 +49,7 @@ ansible-galaxy collection install icinga-icinga-0.3.0.tar.gz ## Databases -Icinga2 relies on relational databases for many parts of its functionality. **None** of those databases gets installed by the roles. You need to install and configure them yourself. For doing so, there are many ways available, e.g. the Ansible role [geerlingguy.mysql](https://galaxy.ansible.com/geerlingguy/mysql) for MySQL flavour (both MySQL and MariaDB) or [geerlingguy.postgresql](https://galaxy.ansible.com/geerlingguy/postgresql) PostGresQL: +Icinga2 relies on relational databases for many parts of its functionality. **None** of those databases get installed by the roles. You need to install and configure them yourself. For doing so, there are many ways available, e.g. the Ansible role [geerlingguy.mysql](https://galaxy.ansible.com/geerlingguy/mysql) for MySQL flavours (both MySQL and MariaDB) or [geerlingguy.postgresql](https://galaxy.ansible.com/geerlingguy/postgresql) for PostGresQL: ```yaml - name: Configure databases for Icinga2 From 5245c5016f19ed88f47aa96ccf463cd89b56342b Mon Sep 17 00:00:00 2001 From: Daniel Bodky Date: Thu, 23 Nov 2023 07:57:05 +0100 Subject: [PATCH 05/58] Adds PostgresQL support for Icingaweb2 modules --- .../feature_add_pgsql_support_for_modules.yml | 3 ++ .../tasks/modules/manage_pgsql_imports.yml | 37 +++++++++++++++++++ roles/icingaweb2/tasks/modules/x509.yml | 26 +++++++++---- 3 files changed, 58 insertions(+), 8 deletions(-) create mode 100644 changelogs/fragments/feature_add_pgsql_support_for_modules.yml create mode 100644 roles/icingaweb2/tasks/modules/manage_pgsql_imports.yml diff --git a/changelogs/fragments/feature_add_pgsql_support_for_modules.yml b/changelogs/fragments/feature_add_pgsql_support_for_modules.yml new file mode 100644 index 00000000..5b558f98 --- /dev/null +++ b/changelogs/fragments/feature_add_pgsql_support_for_modules.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - Added support for PostgresQL databases for Icingaweb2 modules that support it diff --git a/roles/icingaweb2/tasks/modules/manage_pgsql_imports.yml b/roles/icingaweb2/tasks/modules/manage_pgsql_imports.yml new file mode 100644 index 00000000..2bc32a4e --- /dev/null +++ b/roles/icingaweb2/tasks/modules/manage_pgsql_imports.yml @@ -0,0 +1,37 @@ +--- +- name: Check Database Credentials + ansible.builtin.assert: + that: + - _db['user'] is defined + - _db['password'] is defined + fail_msg: "No database credentials defined." + +- name: Build pgsql command + ansible.builtin.set_fact: + _tmp_pgsqlcmd: >- + PGPASSWORD="{{ _db['password'] }}" + psql + "{% if _db['host'] | default('localhost') != 'localhost' %} host={{ _db['host'] }}{%- endif %} + {% if _db['port'] is defined %} port={{ _db['port'] }}{%- endif %} + user={{ _db['user'] }} + dbname={{ _db['name'] }} + {% if _db['ssl_mode'] is defined %} sslmode={{ _db['ssl_mode'] | default('require') }}{%- endif %} + {% if _db['ssl_cert'] is defined %} sslcert={{ _db['ssl_cert'] }}{%- endif %} + {% if _db['ssl_key'] is defined %} sslkey={{ _db['ssl_key'] }}{%- endif %} + {% if _db['ssl_extra_options'] is defined %} {{ _db['ssl_extra_options'] }}{%- endif %}" + +- name: PostgresQL check for db schema + ansible.builtin.shell: > + {{ _tmp_pgsqlcmd }} + -tq -c "{{ _db['select_query'] }}" + failed_when: false + changed_when: false + check_mode: false + register: _db_schema + +- name: PostgresQL import db schema + ansible.builtin.shell: > + {{ _tmp_pgsqlcmd }} + < {{ _db['schema_path_pgsql'] }} + when: _db_schema.rc != 0 + run_once: yes diff --git a/roles/icingaweb2/tasks/modules/x509.yml b/roles/icingaweb2/tasks/modules/x509.yml index a0bc7e25..a1a7a743 100644 --- a/roles/icingaweb2/tasks/modules/x509.yml +++ b/roles/icingaweb2/tasks/modules/x509.yml @@ -21,6 +21,9 @@ - sni - name: Module x509 | Manage Schema + when: vars['icingaweb2_modules'][_module]['database']['import_schema'] | default(false) + vars: + _module: "{{ item.key }}" block: - name: Module x509 | Prepare _db informations ansible.builtin.set_fact: @@ -36,23 +39,30 @@ ssl_key: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_key'] | default(omit) }}" ssl_cipher: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_cipher'] | default(omit) }}" ssl_extra_options: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_extra_options'] | default(omit) }}" - schema_path: /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql + schema_path_mysql: /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql + schema_path_pgsql: /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql select_query: "select * from x509_certificate" - when: vars['icingaweb2_modules'][_module]['database']['type'] | default('mysql') == 'mysql' + type: "{{ vars['icingaweb2_modules'][_module]['database']['type'] | default(omit) }}" + + - ansible.builtin.fail: + fail_msg: No database type was provided + when: vars['icingaweb2_modules'][_module]['database']['type'] is not defined - ansible.builtin.fail: - fail_msg: "The Database type select is not supported, {{ vars['icingaweb2_modules'][_module]['database']['type'] }} [Supported=mysql]" - when: vars['icingaweb2_modules'][_module]['database']['type'] is defined and vars['icingaweb2_modules'][_module]['database']['type'] != 'mysql' + fail_msg: "Invalid database type was provided. [Supported: mysql, pgsql]" + when: _db.type not in ['mysql', 'pgsql'] - - name: Module x509 | Import Schema + - name: Module x509 | Import MySQL Schema ansible.builtin.include_tasks: ../manage_mysql_imports.yml + when: _db.type == 'mysql' + + - name: Module x509 | Import PostgresQL Schema + ansible.builtin.include_tasks: ../manage_pgsql_imports.yml + when: _db.type == 'pgsql' - name: Module x509 | empty _db var ansible.builtin.set_fact: _db: {} - when: vars['icingaweb2_modules'][_module]['database']['import_schema'] | default(false) - vars: - _module: "{{ item.key }}" - name: Module x509 | Import Certificates ansible.builtin.shell: > From 11f2a16020d61d9817651b7e74c9f029327dfacc Mon Sep 17 00:00:00 2001 From: Thilo W Date: Wed, 17 Jan 2024 10:31:43 +0100 Subject: [PATCH 06/58] removed localhost condition as default as it could be a localhost connection. (#257) --- molecule/local-default-pgsql/converge.yml | 3 ++- roles/icingadb/tasks/manage_schema_pgsql.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/molecule/local-default-pgsql/converge.yml b/molecule/local-default-pgsql/converge.yml index 352641bd..d73a369d 100644 --- a/molecule/local-default-pgsql/converge.yml +++ b/molecule/local-default-pgsql/converge.yml @@ -3,7 +3,8 @@ become: true vars: icingadb_database_type: pgsql - icingadb_database_host: 127.0.0.1 + icingadb_database_host: localhost + icingadb_database_port: 5432 icingadb_database_name: icingadb icingadb_database_user: icingadb icingadb_database_password: icingadb diff --git a/roles/icingadb/tasks/manage_schema_pgsql.yml b/roles/icingadb/tasks/manage_schema_pgsql.yml index 2b0b17a2..4cf908d0 100644 --- a/roles/icingadb/tasks/manage_schema_pgsql.yml +++ b/roles/icingadb/tasks/manage_schema_pgsql.yml @@ -6,7 +6,7 @@ _tmp_pgsqlcmd: >- PGPASSWORD="{{ icingadb_database_password }}" psql - "{% if icingadb_database_host | default('localhost') != 'localhost' %} host="{{ icingadb_database_host }}" {%- endif %} + "{% if icingadb_database_host %} host="{{ icingadb_database_host }}" {%- endif %} {% if icingadb_database_port is defined %} port={{ icingadb_database_port }} {%- endif %} user={{ icingadb_database_user | default('icingadb') }} dbname={{ icingadb_database_name | default('icingadb') }} From 16beee341e68c2573aa2d70d1f9b7858d32905fc Mon Sep 17 00:00:00 2001 From: Thilo W Date: Wed, 17 Jan 2024 10:36:54 +0100 Subject: [PATCH 07/58] added changelog for PR #257 --- changelogs/fragments/minor_changes.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/changelogs/fragments/minor_changes.yml b/changelogs/fragments/minor_changes.yml index e670073e..5dcf9950 100644 --- a/changelogs/fragments/minor_changes.yml +++ b/changelogs/fragments/minor_changes.yml @@ -7,3 +7,4 @@ minor_changes: - added pyinilint as ini validator after templates - ensure backwards compatibility with bool filter (#218) - "Icingaweb2: fix duplicate task name at kickstart tasks (#244)" + - removed localhost condition as default as it could be a localhost connection. (#257) From 0426b95a1013fd81add5f4007615231768d2816f Mon Sep 17 00:00:00 2001 From: Thilo W Date: Thu, 18 Jan 2024 09:43:36 +0100 Subject: [PATCH 08/58] add tests for empty role-icingadb --- .github/workflows/role-icingadb.yml | 66 +++++++++++++++++++ molecule/role-icingadb/collections.yml | 5 ++ molecule/role-icingadb/converge.yml | 12 ++++ molecule/role-icingadb/dependency.yml | 4 ++ .../host_vars/icinga-default.yaml | 0 molecule/role-icingadb/molecule.yml | 26 ++++++++ molecule/role-icingadb/prepare.yml | 11 ++++ molecule/role-icingadb/requirements.yml | 2 + 8 files changed, 126 insertions(+) create mode 100644 .github/workflows/role-icingadb.yml create mode 100644 molecule/role-icingadb/collections.yml create mode 100644 molecule/role-icingadb/converge.yml create mode 100644 molecule/role-icingadb/dependency.yml create mode 100644 molecule/role-icingadb/host_vars/icinga-default.yaml create mode 100644 molecule/role-icingadb/molecule.yml create mode 100644 molecule/role-icingadb/prepare.yml create mode 100644 molecule/role-icingadb/requirements.yml diff --git a/.github/workflows/role-icingadb.yml b/.github/workflows/role-icingadb.yml new file mode 100644 index 00000000..5aa2e664 --- /dev/null +++ b/.github/workflows/role-icingadb.yml @@ -0,0 +1,66 @@ +--- + # These Jobs should be always be run against the latest version of ansible on the systems + # Feel free to update python and ansible versions + # + # In addition to keep them quick and no additional variables are used. + # +name: role-icingadb +on: + push: + branches: + - main + - 'feature/**' + - 'fix/**' + - '!doc/**' + paths: + - roles/icingadb/** + - molecule/role-icingadb/** + pull_request: + branches: + - 'feature/**' + - 'fix/**' + - '!doc/**' + +jobs: + icingadb_latest: + runs-on: ubuntu-latest + + env: + COLLECTION_NAMESPACE: icinga + COLLECTION_NAME: icinga + + strategy: + fail-fast: false + max-parallel: 1 + matrix: + distro: [ubuntu2204] + python: ['3.10'] + ansible: ['2.16.2'] + scenario: [role-icingadb] + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python }} + + - name: Install dependencies ansible + run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements-test-${{ matrix.ansible }}.txt + + - name: Install collection + run: | + mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE + cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME + + - name: Test with molecule + run: | + ansible --version + molecule --version + molecule test -s ${{ matrix.scenario }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/molecule/role-icingadb/collections.yml b/molecule/role-icingadb/collections.yml new file mode 100644 index 00000000..66cb0953 --- /dev/null +++ b/molecule/role-icingadb/collections.yml @@ -0,0 +1,5 @@ +collections: + - name: community.mysql + - name: community.docker + - name: community.general + version: ">=2,<3" diff --git a/molecule/role-icingadb/converge.yml b/molecule/role-icingadb/converge.yml new file mode 100644 index 00000000..ac6756e4 --- /dev/null +++ b/molecule/role-icingadb/converge.yml @@ -0,0 +1,12 @@ +--- + +- name: Converge + hosts: all + collections: + - icinga.icinga + pre_tasks: + - ansible.builtin.include_role: + name: repos + post_tasks: + - ansible.builtin.include_role: + name: icingadb diff --git a/molecule/role-icingadb/dependency.yml b/molecule/role-icingadb/dependency.yml new file mode 100644 index 00000000..9810d54a --- /dev/null +++ b/molecule/role-icingadb/dependency.yml @@ -0,0 +1,4 @@ +dependency: + name: galaxy + options: + role-file: requirements.yml diff --git a/molecule/role-icingadb/host_vars/icinga-default.yaml b/molecule/role-icingadb/host_vars/icinga-default.yaml new file mode 100644 index 00000000..e69de29b diff --git a/molecule/role-icingadb/molecule.yml b/molecule/role-icingadb/molecule.yml new file mode 100644 index 00000000..3f13ab2d --- /dev/null +++ b/molecule/role-icingadb/molecule.yml @@ -0,0 +1,26 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: icinga-default + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true +provisioner: + name: ansible + inventory: + link: + host_vars: host_vars/ +verifier: + name: testinfra + directory: tests/integration/ +lint: | + set -e + yamllint --no-warnings roles/ + ansible-lint roles/ diff --git a/molecule/role-icingadb/prepare.yml b/molecule/role-icingadb/prepare.yml new file mode 100644 index 00000000..cc5bbc56 --- /dev/null +++ b/molecule/role-icingadb/prepare.yml @@ -0,0 +1,11 @@ +--- +- name: Prepare + hosts: all + tasks: + - name: Install requirements for Debian + apt: + name: + - gpg + - apt-transport-https + update_cache: yes + when: ansible_os_family == "Debian" diff --git a/molecule/role-icingadb/requirements.yml b/molecule/role-icingadb/requirements.yml new file mode 100644 index 00000000..cf94e2e2 --- /dev/null +++ b/molecule/role-icingadb/requirements.yml @@ -0,0 +1,2 @@ +roles: + - geerlingguy.mysql From 1f7ba224a078fc9106997f22d9421cf2389d6d35 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Wed, 31 Jan 2024 16:23:44 +0100 Subject: [PATCH 09/58] Fix/proper fail on unsupported os (#258) * Added block rescue statement if unsupported os found. * added changelog fragment --- changelogs/fragments/minor_changes.yml | 1 + roles/icinga2/tasks/install.yml | 15 ++++++++++----- roles/icingadb/tasks/main.yml | 10 ++++++++-- roles/icingadb_redis/tasks/main.yml | 10 ++++++++-- roles/icingaweb2/tasks/main.yml | 10 ++++++++-- roles/monitoring_plugins/tasks/main.yml | 10 ++++++++-- roles/repos/tasks/main.yml | 10 ++++++++-- 7 files changed, 51 insertions(+), 15 deletions(-) diff --git a/changelogs/fragments/minor_changes.yml b/changelogs/fragments/minor_changes.yml index 5dcf9950..1eb46177 100644 --- a/changelogs/fragments/minor_changes.yml +++ b/changelogs/fragments/minor_changes.yml @@ -2,6 +2,7 @@ bugfixes: - "icingaweb2: run pqslcmd with LANG=C to ensure the output is in english." - remove superfluous curly brace (#246) + - Added block rescue statement if unsupported os found. (#232) minor_changes: - added tests for icingaweb2 ini template - added pyinilint as ini validator after templates diff --git a/roles/icinga2/tasks/install.yml b/roles/icinga2/tasks/install.yml index ea16b872..7dc090ad 100644 --- a/roles/icinga2/tasks/install.yml +++ b/roles/icinga2/tasks/install.yml @@ -1,10 +1,15 @@ --- +- name: Check supported operatingsystems + block: + - name: Install on {{ ansible_os_family }} + ansible.builtin.include_tasks: "install_on_{{ ansible_os_family }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" -- name: install on {{ ansible_os_family }} - include_tasks: "install_on_{{ ansible_os_family }}.yml" - -- name: fragments dir - file: +- name: Prepare fragments path + ansible.builtin.file: state: directory path: "{{ icinga2_fragments_path }}" owner: root diff --git a/roles/icingadb/tasks/main.yml b/roles/icingadb/tasks/main.yml index 35b518e5..ae8ee5c3 100644 --- a/roles/icingadb/tasks/main.yml +++ b/roles/icingadb/tasks/main.yml @@ -12,8 +12,14 @@ paths: - "{{ role_path }}/vars" -- name: Include OS specific installation - ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" +- name: Check supported operatingsystems + block: + - name: Include OS specific installation + ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" - name: Include Tasks to configure IcingaDB ansible.builtin.include_tasks: manage_config.yml diff --git a/roles/icingadb_redis/tasks/main.yml b/roles/icingadb_redis/tasks/main.yml index f36d3624..cc73a31b 100644 --- a/roles/icingadb_redis/tasks/main.yml +++ b/roles/icingadb_redis/tasks/main.yml @@ -12,8 +12,14 @@ paths: - "{{ role_path }}/vars" -- name: Include OS specific installation - ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" +- name: Check supported operatingsystems + block: + - name: Include OS specific installation + ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" - name: Manage IcingaDB Redis configuration ansible.builtin.include_tasks: "manage_config.yml" diff --git a/roles/icingaweb2/tasks/main.yml b/roles/icingaweb2/tasks/main.yml index d38ec237..cf9f764f 100644 --- a/roles/icingaweb2/tasks/main.yml +++ b/roles/icingaweb2/tasks/main.yml @@ -18,8 +18,14 @@ loop: "{{ icingaweb2_modules | dict2items }}" when: icingaweb2_modules is defined and icingaweb2_module_packages[item.key] is defined and item.value.enabled | bool == true and item.value.source == "package" -- name: Include OS specific installation - ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" +- name: Check supported operatingsystems + block: + - name: Include OS specific installation + ansible.builtin.include_tasks: "install_on_{{ ansible_os_family | lower }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" - name: Manage Icinga Web 2 config ansible.builtin.include_tasks: "manage_icingaweb_config.yml" diff --git a/roles/monitoring_plugins/tasks/main.yml b/roles/monitoring_plugins/tasks/main.yml index f6ef13e9..e48ecaf2 100644 --- a/roles/monitoring_plugins/tasks/main.yml +++ b/roles/monitoring_plugins/tasks/main.yml @@ -2,8 +2,14 @@ - gather_facts: -- name: Include OS family specific vars - include_vars: "{{ role_path }}/vars/{{ ansible_os_family }}.yml" +- name: Check supported operatingsystems + block: + - name: Include OS family specific vars + ansible.builtin.include_vars: "{{ role_path }}/vars/{{ ansible_os_family }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS {{ ansible_os_family }} is not supported!" - name: Include OS distribution/version specific vars include_vars: "{{ lookup('first_found', params) }}" diff --git a/roles/repos/tasks/main.yml b/roles/repos/tasks/main.yml index 2cee1fe1..0fe3ff78 100644 --- a/roles/repos/tasks/main.yml +++ b/roles/repos/tasks/main.yml @@ -29,5 +29,11 @@ - icinga_repo_subscription_username is defined - icinga_repo_subscription_password is defined -- name: Add repositories - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" +- name: Check OS family + block: + - name: Add repositories {{ ansible_os_family }} + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + rescue: + - name: "OS family not supported!" + ansible.builtin.fail: + msg: "The OS '{{ ansible_os_family }}' isn't currently supported!" From bab3ec56b1d97bc22f5bfaa0add9a6121bf8ed65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 00:29:14 +0000 Subject: [PATCH 10/58] Bump actions/setup-python from 4 to 5 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/role-icingadb.yml | 2 +- .github/workflows/role-icingadb_redis.yml | 2 +- .github/workflows/role-icingaweb2.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/role-icingadb.yml b/.github/workflows/role-icingadb.yml index 5aa2e664..87f1edfb 100644 --- a/.github/workflows/role-icingadb.yml +++ b/.github/workflows/role-icingadb.yml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/role-icingadb_redis.yml b/.github/workflows/role-icingadb_redis.yml index 3a01362c..4a91e826 100644 --- a/.github/workflows/role-icingadb_redis.yml +++ b/.github/workflows/role-icingadb_redis.yml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/role-icingaweb2.yml b/.github/workflows/role-icingaweb2.yml index 6ed31fde..8ec4f442 100644 --- a/.github/workflows/role-icingaweb2.yml +++ b/.github/workflows/role-icingaweb2.yml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} From 079f24d37d5003024bbc7cf8a1129f207d439bda Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 1 Mar 2024 14:42:52 +0100 Subject: [PATCH 11/58] [icingadb] added port param to mysql import fixes #267 --- roles/icingadb/tasks/manage_schema_mysql.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/icingadb/tasks/manage_schema_mysql.yml b/roles/icingadb/tasks/manage_schema_mysql.yml index 31ee7021..f7c56e46 100644 --- a/roles/icingadb/tasks/manage_schema_mysql.yml +++ b/roles/icingadb/tasks/manage_schema_mysql.yml @@ -5,6 +5,7 @@ ansible.builtin.set_fact: mysqlcmd: >- mysql {% if icingadb_database_host | default('localhost') != 'localhost' %} -h "{{ icingadb_database_host }}" {%- endif %} + {% if icingadb_database_port is defined %} -P {{ icingadb_database_port }} {%- endif %} {% if icingadb_database_ca is defined %} --ssl-ca "{{ icingadb_database_ca }}" {%- endif %} {% if icingadb_database_cert is defined %} --ssl-cert "{{ icingadb_database_cert }}" {%- endif %} {% if icingadb_database_key is defined %} --ssl-key "{{ icingadb_database_key }}" {%- endif %} From 0630fc0e88f8b59930f860a1467e275fdd1a1251 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 1 Mar 2024 15:18:21 +0100 Subject: [PATCH 12/58] [icingaweb2] added no_log true to obscure secret information fixes #268 --- roles/icingaweb2/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/icingaweb2/tasks/main.yml b/roles/icingaweb2/tasks/main.yml index cf9f764f..c0c8cb19 100644 --- a/roles/icingaweb2/tasks/main.yml +++ b/roles/icingaweb2/tasks/main.yml @@ -17,6 +17,7 @@ icingaweb2_packages: "{{ icingaweb2_packages + [ icingaweb2_module_packages[item.key] ] }}" loop: "{{ icingaweb2_modules | dict2items }}" when: icingaweb2_modules is defined and icingaweb2_module_packages[item.key] is defined and item.value.enabled | bool == true and item.value.source == "package" + no_log: true - name: Check supported operatingsystems block: From fc49bd56e89865562eb4820443f88c688add1287 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 8 Mar 2024 11:58:22 +0100 Subject: [PATCH 13/58] Fixed suse12 dependecy ref #262 (#262) Adds suse12 dependency libboost Co-authored-by: dh-roland@users.noreply.github.com --- changelogs/fragments/fix_suse12_dep_missing.yml | 3 +++ roles/icinga2/tasks/install_on_Suse.yml | 5 ----- roles/icinga2/vars/Suse-12.yml | 16 ++++++++++++++++ roles/icinga2/vars/Suse.yml | 2 +- 4 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 changelogs/fragments/fix_suse12_dep_missing.yml create mode 100644 roles/icinga2/vars/Suse-12.yml diff --git a/changelogs/fragments/fix_suse12_dep_missing.yml b/changelogs/fragments/fix_suse12_dep_missing.yml new file mode 100644 index 00000000..133e588c --- /dev/null +++ b/changelogs/fragments/fix_suse12_dep_missing.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - "fixed libboost_regex1_54_0 missing for Suse 12. thanks @dh-roland" diff --git a/roles/icinga2/tasks/install_on_Suse.yml b/roles/icinga2/tasks/install_on_Suse.yml index a99d5bb6..9b7fb34b 100644 --- a/roles/icinga2/tasks/install_on_Suse.yml +++ b/roles/icinga2/tasks/install_on_Suse.yml @@ -9,8 +9,3 @@ name: icinga2-selinux state: present when: ansible_selinux is defined and ansible_selinux.status == "enabled" - -- name: Zypper - install dep - community.general.zypper: - name: libboost_regex1_66_0 - state: present diff --git a/roles/icinga2/vars/Suse-12.yml b/roles/icinga2/vars/Suse-12.yml new file mode 100644 index 00000000..65a5aed1 --- /dev/null +++ b/roles/icinga2/vars/Suse-12.yml @@ -0,0 +1,16 @@ +--- +icinga2_packages: ["icinga2","libboost_regex1_54_0"] +icinga2_user: icinga +icinga2_group: icinga +icinga2_config_path: /etc/icinga2 +icinga2_log_path: /var/log/icinga2 +icinga2_ca_path: /var/lib/icinga2/ca +icinga2_cert_path: /var/lib/icinga2/certs +icinga2_fragments_path: /var/tmp/icinga +icinga2_default_constants: + PluginDir: /usr/lib/nagios/plugins/ + ManubulonPluginDir: /usr/lib/nagios/plugins/ + PluginContribDir: /usr/lib/nagios/plugins/ + NodeName: "{{ ansible_fqdn }}" + ZoneName: NodeName + TicketSalt: '' diff --git a/roles/icinga2/vars/Suse.yml b/roles/icinga2/vars/Suse.yml index 95d69672..cfdff9ee 100644 --- a/roles/icinga2/vars/Suse.yml +++ b/roles/icinga2/vars/Suse.yml @@ -1,5 +1,5 @@ --- -icinga2_packages: ["icinga2"] +icinga2_packages: ["icinga2","libboost_regex1_66_0"] icinga2_user: icinga icinga2_group: icinga icinga2_config_path: /etc/icinga2 From 4eb3e27edc811600f562f181070131c4701c422b Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 8 Mar 2024 13:01:59 +0100 Subject: [PATCH 14/58] Update converge.yml Add number1 as testcase --- molecule/ini-configuration-tests/converge.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/molecule/ini-configuration-tests/converge.yml b/molecule/ini-configuration-tests/converge.yml index 66498112..3f60d8df 100644 --- a/molecule/ini-configuration-tests/converge.yml +++ b/molecule/ini-configuration-tests/converge.yml @@ -11,6 +11,10 @@ _i2_config_hash: section: test: 10 + - name: number1 + _i2_config_hash: + section: + test: 1 - name: advanced_filter _i2_config_hash: section: From bfdc292f2db039bcf2db8fe2ec4a61e166bf4cfa Mon Sep 17 00:00:00 2001 From: Thilo W Date: Mon, 11 Mar 2024 23:08:03 +0100 Subject: [PATCH 15/58] add documentation about redis tls closes #272 --- doc/role-icingaweb2/module-icingadb.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/role-icingaweb2/module-icingadb.md b/doc/role-icingaweb2/module-icingadb.md index b095ee35..5f8e97eb 100644 --- a/doc/role-icingaweb2/module-icingadb.md +++ b/doc/role-icingaweb2/module-icingadb.md @@ -30,3 +30,13 @@ icingaweb2_modules: redis2: host: "192.168.56.201" ``` + +As the parameter for the redis TLS connection aren't documented at the official docs. Please use the following parameters to configure TLS connections. At the redis section add the following: + +``` +redis: + tls: '1' + ca: /path/to/ca.crt + cert: /path/to/cert.crt + key: /path/to/key.key +``` From 6c5b4c6f0c069363c8ac648933e81c8945605fd9 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Mon, 11 Mar 2024 23:10:24 +0100 Subject: [PATCH 16/58] updated redis docs --- doc/role-icingaweb2/module-icingadb.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/role-icingaweb2/module-icingadb.md b/doc/role-icingaweb2/module-icingadb.md index 5f8e97eb..bfa0f2e5 100644 --- a/doc/role-icingaweb2/module-icingadb.md +++ b/doc/role-icingaweb2/module-icingadb.md @@ -31,7 +31,9 @@ icingaweb2_modules: host: "192.168.56.201" ``` -As the parameter for the redis TLS connection aren't documented at the official docs. Please use the following parameters to configure TLS connections. At the redis section add the following: +### Redis TLS + +Please use the following parameters to configure TLS connections. The collection won't manage those certificates, ensure those are deployed beforehand. At the redis section add the following: ``` redis: From 9dc0e5d0daa1f58cd6dfb6924810980c3de027e6 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Tue, 12 Mar 2024 07:16:19 +0100 Subject: [PATCH 17/58] update boolean when conditions --- roles/monitoring_plugins/tasks/install_on_RedHat.yml | 1 + roles/repos/tasks/RedHat.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/monitoring_plugins/tasks/install_on_RedHat.yml b/roles/monitoring_plugins/tasks/install_on_RedHat.yml index 964bf8a9..25b5c90a 100644 --- a/roles/monitoring_plugins/tasks/install_on_RedHat.yml +++ b/roles/monitoring_plugins/tasks/install_on_RedHat.yml @@ -9,6 +9,7 @@ icinga_repo_testing: false icinga_repo_snapshot: false when: icinga_monitoring_plugins_epel + when: icinga_monitoring_plugins_epel|bool == true - name: Yum - install requested packages become: yes diff --git a/roles/repos/tasks/RedHat.yml b/roles/repos/tasks/RedHat.yml index 7413f5f6..83495341 100644 --- a/roles/repos/tasks/RedHat.yml +++ b/roles/repos/tasks/RedHat.yml @@ -39,13 +39,13 @@ yum: name: epel-release state: present - when: icinga_repo_epel + when: icinga_repo_epel|bool == true - name: Yum - add SCL repositories yum: name: centos-release-scl state: present when: - - icinga_repo_scl + - icinga_repo_scl|bool == true - ansible_distribution == "CentOS" - ansible_distribution_major_version < "8" From 8c3bf84d5788d5494bd71bcb0f40e4d8868b94c8 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 22 Mar 2024 10:39:21 +0100 Subject: [PATCH 18/58] Feature/suse support (#273) * Added suse support for following roles: - icinga2 - repos - icingaweb2 - icingadb - icingadb_redis * add general information about zypper requirements * add suse/sles to os matrix --- doc/getting-started.md | 10 ++++++++ roles/icinga2/meta/main.yml | 6 +++++ .../features/idomysql/install_on_Suse.yml | 4 +++ .../features/idopgsql/install_on_Suse.yml | 4 +++ roles/icingadb/meta/main.yml | 4 +++ roles/icingadb/tasks/install_on_suse.yml | 4 +++ roles/icingadb_redis/meta/main.yml | 4 +++ .../icingadb_redis/tasks/install_on_suse.yml | 5 ++++ roles/icingaweb2/meta/main.yml | 4 +++ roles/icingaweb2/tasks/install_on_suse.yml | 5 ++++ .../tasks/manage_icingaweb_config.yml | 4 +-- roles/icingaweb2/vars/suse.yml | 4 +++ roles/repos/defaults/main.yml | 5 ++++ roles/repos/meta/main.yml | 6 +++++ roles/repos/tasks/Debian.yml | 2 +- roles/repos/tasks/Suse.yml | 25 +++++++++++++++++++ 16 files changed, 93 insertions(+), 3 deletions(-) create mode 100644 roles/icinga2/tasks/features/idomysql/install_on_Suse.yml create mode 100644 roles/icinga2/tasks/features/idopgsql/install_on_Suse.yml create mode 100644 roles/icingadb/tasks/install_on_suse.yml create mode 100644 roles/icingadb_redis/tasks/install_on_suse.yml create mode 100644 roles/icingaweb2/tasks/install_on_suse.yml create mode 100644 roles/icingaweb2/vars/suse.yml create mode 100644 roles/repos/tasks/Suse.yml diff --git a/doc/getting-started.md b/doc/getting-started.md index b843a60f..1ec13cb5 100644 --- a/doc/getting-started.md +++ b/doc/getting-started.md @@ -30,6 +30,16 @@ collection. All features which are not configured will be disabled. --- +## Requirements + +**Operatingsystems**: +For **OSFamily Suse** please make sure the Collection **community.general** is available. +Otherwise the modules **zypper_repository** and **zypper** are missing. + +**Imports**: +If you want the collection roles to **import schemas and users to databases**, make sure +the client (**"mysql", "psql"**) for your database is available on your system. + ## Installation To start with the collection, easily install it with the **ansible-galaxy** command. diff --git a/roles/icinga2/meta/main.yml b/roles/icinga2/meta/main.yml index 48b76926..6eb45fa0 100644 --- a/roles/icinga2/meta/main.yml +++ b/roles/icinga2/meta/main.yml @@ -7,6 +7,12 @@ galaxy_info: license: Apache-2.0 min_ansible_version: 2.9 platforms: + - name: opensuse + versions: + - 15.5 + - name: SLES + versions: + - 15 - name: EL versions: - 7 diff --git a/roles/icinga2/tasks/features/idomysql/install_on_Suse.yml b/roles/icinga2/tasks/features/idomysql/install_on_Suse.yml new file mode 100644 index 00000000..356ec5b1 --- /dev/null +++ b/roles/icinga2/tasks/features/idomysql/install_on_Suse.yml @@ -0,0 +1,4 @@ +- name: Zypper - install package icinga2-ido-mysql + community.general.zypper: + name: icinga2-ido-mysql + state: present diff --git a/roles/icinga2/tasks/features/idopgsql/install_on_Suse.yml b/roles/icinga2/tasks/features/idopgsql/install_on_Suse.yml new file mode 100644 index 00000000..79b3582a --- /dev/null +++ b/roles/icinga2/tasks/features/idopgsql/install_on_Suse.yml @@ -0,0 +1,4 @@ +- name: Zypper - install package icinga2-ido-pgsql + community.general.zypper: + name: icinga2-ido-pgsql + state: present diff --git a/roles/icingadb/meta/main.yml b/roles/icingadb/meta/main.yml index de56b28a..361984cc 100644 --- a/roles/icingadb/meta/main.yml +++ b/roles/icingadb/meta/main.yml @@ -6,6 +6,10 @@ galaxy_info: license: Apache-2.0 min_ansible_version: 2.9 platforms: + - name: opensuse + versions: ['15.5'] + - name: SLES + versions: ['15'] - name: EL versions: ['7'] - name: Debian diff --git a/roles/icingadb/tasks/install_on_suse.yml b/roles/icingadb/tasks/install_on_suse.yml new file mode 100644 index 00000000..20dda437 --- /dev/null +++ b/roles/icingadb/tasks/install_on_suse.yml @@ -0,0 +1,4 @@ +- name: Suse - Install IcingaDB packages + community.general.zypper: + name: "{{ icingadb_packages }}" + state: present diff --git a/roles/icingadb_redis/meta/main.yml b/roles/icingadb_redis/meta/main.yml index c83ecb2b..72393b09 100644 --- a/roles/icingadb_redis/meta/main.yml +++ b/roles/icingadb_redis/meta/main.yml @@ -6,6 +6,10 @@ galaxy_info: license: Apache-2.0 min_ansible_version: 2.9 platforms: + - name: opensuse + versions: ['15.5'] + - name: SLES + versions: ['15'] - name: EL versions: ['7'] - name: Debian diff --git a/roles/icingadb_redis/tasks/install_on_suse.yml b/roles/icingadb_redis/tasks/install_on_suse.yml new file mode 100644 index 00000000..d40ff048 --- /dev/null +++ b/roles/icingadb_redis/tasks/install_on_suse.yml @@ -0,0 +1,5 @@ +--- +- name: Suse - install icingadb packages + community.general.zypper: + name: "{{ icingadb_redis_packages }}" + state: present diff --git a/roles/icingaweb2/meta/main.yml b/roles/icingaweb2/meta/main.yml index 06c53a53..61e49d68 100644 --- a/roles/icingaweb2/meta/main.yml +++ b/roles/icingaweb2/meta/main.yml @@ -6,6 +6,10 @@ galaxy_info: license: Apache-2.0 min_ansible_version: 2.9 platforms: + - name: opensuse + versions: ['15.5'] + - name: SLES + versions: ['15'] - name: EL versions: ['7','8'] - name: Debian diff --git a/roles/icingaweb2/tasks/install_on_suse.yml b/roles/icingaweb2/tasks/install_on_suse.yml new file mode 100644 index 00000000..b8588c5b --- /dev/null +++ b/roles/icingaweb2/tasks/install_on_suse.yml @@ -0,0 +1,5 @@ +--- +- name: Suse - Install Icinga Web 2 packages + community.general.zypper: + name: "{{ icingaweb2_packages }}" + state: present diff --git a/roles/icingaweb2/tasks/manage_icingaweb_config.yml b/roles/icingaweb2/tasks/manage_icingaweb_config.yml index 4574e123..517afbf1 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_config.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_config.yml @@ -91,7 +91,7 @@ when: icingaweb2_resources is defined - name: Assemble roles.ini - when: icingaweb2_admin_password is defined or icingaweb2_roles is defined + when: icingaweb2_admin_username is defined and icingaweb2_admin_password is defined block: - name: Build variable ansible.builtin.set_fact: @@ -108,7 +108,7 @@ dest: "{{ icingaweb2_fragments_path }}/roles/roles_01" owner: root group: "{{ icingaweb2_group }}" - when: icingaweb2_admin_password is defined + when: icingaweb2_admin_username is defined and icingaweb2_admin_password is defined - name: Build variable ansible.builtin.set_fact: diff --git a/roles/icingaweb2/vars/suse.yml b/roles/icingaweb2/vars/suse.yml new file mode 100644 index 00000000..ed99ea69 --- /dev/null +++ b/roles/icingaweb2/vars/suse.yml @@ -0,0 +1,4 @@ +--- +icingaweb2_httpd_user: wwwrun +icingaweb2_fragments_path: /var/tmp/icingaweb +icingaweb2_packages: ["icingaweb2", "icingacli"] diff --git a/roles/repos/defaults/main.yml b/roles/repos/defaults/main.yml index 852c137d..24fc28ab 100644 --- a/roles/repos/defaults/main.yml +++ b/roles/repos/defaults/main.yml @@ -10,6 +10,11 @@ icinga_repo_yum_snapshot_url: "http://packages.icinga.com/epel/$releasever/snaps icinga_repo_yum_snapshot_key: "{{ icinga_repo_gpgkey }}" icinga_repo_yum_snapshot_description: "ICINGA (snapshot release for epel)" +icinga_repo_zypper_key: "{{ icinga_repo_gpgkey }}" +icinga_repo_zypper_stable_url: "https://packages.icinga.com/openSUSE/$releasever/release/" +#icinga_repo_zypper_testing_url: "" +icinga_repo_zypper_snapshot_url: "https://packages.icinga.com/openSUSE/$releasever/snapshot/" + icinga_repo_apt_key: "{{ icinga_repo_gpgkey }}" icinga_repo_apt_keyring: /etc/apt/keyrings/icinga-archive-keyring.asc icinga_repo_apt_stable_deb: "deb [signed-by={{ icinga_repo_apt_keyring }}] http://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release|lower }} main" diff --git a/roles/repos/meta/main.yml b/roles/repos/meta/main.yml index d2567bc7..09681703 100644 --- a/roles/repos/meta/main.yml +++ b/roles/repos/meta/main.yml @@ -7,6 +7,12 @@ galaxy_info: license: AGPL-3.0-only min_ansible_version: 2.9 platforms: + - name: opensuse + versions: + - 15.5 + - name: SLES + versions: + - 15 - name: EL versions: - 7 diff --git a/roles/repos/tasks/Debian.yml b/roles/repos/tasks/Debian.yml index e1936f84..b8ddb526 100644 --- a/roles/repos/tasks/Debian.yml +++ b/roles/repos/tasks/Debian.yml @@ -1,6 +1,6 @@ --- - name: Apt - ensure apt keyrings directory - file: + ansible.builtin.file: state: directory path: /etc/apt/keyrings owner: root diff --git a/roles/repos/tasks/Suse.yml b/roles/repos/tasks/Suse.yml new file mode 100644 index 00000000..4b713bb8 --- /dev/null +++ b/roles/repos/tasks/Suse.yml @@ -0,0 +1,25 @@ +--- + +- name: Suse - add RPM key + ansible.builtin.rpm_key: + state: present + key: "{{ icinga_repo_zypper_key }}" + +- name: Suse - add Icinga repository (stable) + community.general.zypper_repository: + name: icinga-stable-release + description: ICINGA (stable release for openSUSE) + state: "{{ 'present' if icinga_repo_stable|bool else 'absent' }}" + repo: "{{ icinga_repo_zypper_stable_url }}" + +- name: Suse - add Icinga repository (testing) + ansible.builtin.fail: + msg: "Suse Testing repo is not available." + when: icinga_repo_testing|bool == true + +- name: Suse - add Icinga repository (snapshot) + community.general.zypper_repository: + name: icinga-snapshot-builds + description: ICINGA (snapshot builds for openSUSE) + repo: "{{ icinga_repo_zypper_snapshot_url }}" + state: "{{ 'present' if icinga_repo_snapshot|bool else 'absent' }}" From 1e97539134ec2ea379b9d1e1a3dff4bafefa535a Mon Sep 17 00:00:00 2001 From: Thilo W Date: Tue, 26 Mar 2024 11:23:46 +0100 Subject: [PATCH 19/58] [icinga2] manage permissions on constants.conf --- roles/icinga2/tasks/configure.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/icinga2/tasks/configure.yml b/roles/icinga2/tasks/configure.yml index 95a404c7..f284482d 100644 --- a/roles/icinga2/tasks/configure.yml +++ b/roles/icinga2/tasks/configure.yml @@ -17,9 +17,11 @@ icinga2_combined_constants: "{{ icinga2_default_constants | combine(icinga2_constants) }}" - name: set constants in {{ icinga2_config_path + '/constants.conf' }} - template: + ansible.builtin.template: src: constants.conf.j2 dest: "{{ icinga2_config_path + '/constants.conf' }}" + owner: "{{ icinga2_user }}" + group: "{{ icinga2_group }}" notify: reload icinga2 service - name: features From 9f1e91f78296eaf5650e1ab177b570f195483dae Mon Sep 17 00:00:00 2001 From: Matthew Weldy Date: Tue, 26 Mar 2024 03:50:14 -0700 Subject: [PATCH 20/58] changed all references of "vars['icingaweb2_modules']" to "icingaweb2_modules" (#266) --- roles/icingaweb2/tasks/modules/x509.yml | 34 ++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/roles/icingaweb2/tasks/modules/x509.yml b/roles/icingaweb2/tasks/modules/x509.yml index a1a7a743..50dfd8dc 100644 --- a/roles/icingaweb2/tasks/modules/x509.yml +++ b/roles/icingaweb2/tasks/modules/x509.yml @@ -13,7 +13,7 @@ loop: "{{ _files }}" loop_control: loop_var: _file - when: vars['icingaweb2_modules'][_module][_file] is defined + when: icingaweb2_modules[_module][_file] is defined vars: _module: "{{ item.key }}" _files: @@ -21,32 +21,32 @@ - sni - name: Module x509 | Manage Schema - when: vars['icingaweb2_modules'][_module]['database']['import_schema'] | default(false) + when: icingaweb2_modules[_module]['database']['import_schema'] | default(false) vars: _module: "{{ item.key }}" block: - name: Module x509 | Prepare _db informations ansible.builtin.set_fact: _db: - host: "{{ vars['icingaweb2_modules'][_module]['database']['host'] | default('localhost') }}" - port: "{{ vars['icingaweb2_modules'][_module]['database']['port'] | default('3306') }}" - user: "{{ vars['icingaweb2_modules'][_module]['database']['user'] | default('x509') }}" - password: "{{ vars['icingaweb2_modules'][_module]['database']['password'] | default(omit) }}" - name: "{{ vars['icingaweb2_modules'][_module]['database']['name'] | default('x509') }}" - ssl_mode: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_mode'] | default(omit) }}" - ssl_ca: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_ca'] | default(omit) }}" - ssl_cert: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_cert'] | default(omit) }}" - ssl_key: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_key'] | default(omit) }}" - ssl_cipher: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_cipher'] | default(omit) }}" - ssl_extra_options: "{{ vars['icingaweb2_modules'][_module]['database']['ssl_extra_options'] | default(omit) }}" + host: "{{ icingaweb2_modules[_module]['database']['host'] | default('localhost') }}" + port: "{{ icingaweb2_modules[_module]['database']['port'] | default('3306') }}" + user: "{{ icingaweb2_modules[_module]['database']['user'] | default('x509') }}" + password: "{{ icingaweb2_modules[_module]['database']['password'] | default(omit) }}" + name: "{{ icingaweb2_modules[_module]['database']['name'] | default('x509') }}" + ssl_mode: "{{ icingaweb2_modules[_module]['database']['ssl_mode'] | default(omit) }}" + ssl_ca: "{{ icingaweb2_modules[_module]['database']['ssl_ca'] | default(omit) }}" + ssl_cert: "{{ icingaweb2_modules[_module]['database']['ssl_cert'] | default(omit) }}" + ssl_key: "{{ icingaweb2_modules[_module]['database']['ssl_key'] | default(omit) }}" + ssl_cipher: "{{ icingaweb2_modules[_module]['database']['ssl_cipher'] | default(omit) }}" + ssl_extra_options: "{{ icingaweb2_modules[_module]['database']['ssl_extra_options'] | default(omit) }}" schema_path_mysql: /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql schema_path_pgsql: /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql select_query: "select * from x509_certificate" - type: "{{ vars['icingaweb2_modules'][_module]['database']['type'] | default(omit) }}" + type: "{{ icingaweb2_modules[_module]['database']['type'] | default(omit) }}" - ansible.builtin.fail: fail_msg: No database type was provided - when: vars['icingaweb2_modules'][_module]['database']['type'] is not defined + when: icingaweb2_modules[_module]['database']['type'] is not defined - ansible.builtin.fail: fail_msg: "Invalid database type was provided. [Supported: mysql, pgsql]" @@ -67,10 +67,10 @@ - name: Module x509 | Import Certificates ansible.builtin.shell: > icingacli {{ _module }} import --file {{ _file }} - loop: "{{ vars['icingaweb2_modules'][_module]['certificate_files'] }}" + loop: "{{ icingaweb2_modules[_module]['certificate_files'] }}" loop_control: loop_var: _file vars: _module: "{{ item.key }}" - when: vars['icingaweb2_modules'][_module]['certificate_files'] is defined + when: icingaweb2_modules[_module]['certificate_files'] is defined changed_when: false From 15e9f80c9ff17ed04112888ca00f5353dad36745 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Tue, 26 Mar 2024 12:03:01 +0100 Subject: [PATCH 21/58] add fragment for issue fix #266 --- changelogs/fragments/minor_changes.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/changelogs/fragments/minor_changes.yml b/changelogs/fragments/minor_changes.yml index 1eb46177..05236648 100644 --- a/changelogs/fragments/minor_changes.yml +++ b/changelogs/fragments/minor_changes.yml @@ -9,3 +9,4 @@ minor_changes: - ensure backwards compatibility with bool filter (#218) - "Icingaweb2: fix duplicate task name at kickstart tasks (#244)" - removed localhost condition as default as it could be a localhost connection. (#257) + - changed all references of "vars['icingaweb2_modules']" to "icingaweb2_modules" (#266) From 52cd32246eb1d55d7583848e3030d3193455de98 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Tue, 26 Mar 2024 12:03:23 +0100 Subject: [PATCH 22/58] add fragment for issue fix #263 --- changelogs/fragments/minor_changes.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/changelogs/fragments/minor_changes.yml b/changelogs/fragments/minor_changes.yml index 1eb46177..05236648 100644 --- a/changelogs/fragments/minor_changes.yml +++ b/changelogs/fragments/minor_changes.yml @@ -9,3 +9,4 @@ minor_changes: - ensure backwards compatibility with bool filter (#218) - "Icingaweb2: fix duplicate task name at kickstart tasks (#244)" - removed localhost condition as default as it could be a localhost connection. (#257) + - changed all references of "vars['icingaweb2_modules']" to "icingaweb2_modules" (#266) From 869cf11428401c453069a57a0302b06466597c72 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Wed, 27 Mar 2024 09:19:32 +0100 Subject: [PATCH 23/58] [monitoring_plugins] fix overwrite issue of variable. (#278) --- .../monitoring_plugins/tasks/install_on_RedHat.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/roles/monitoring_plugins/tasks/install_on_RedHat.yml b/roles/monitoring_plugins/tasks/install_on_RedHat.yml index 25b5c90a..95a6b9d9 100644 --- a/roles/monitoring_plugins/tasks/install_on_RedHat.yml +++ b/roles/monitoring_plugins/tasks/install_on_RedHat.yml @@ -1,15 +1,9 @@ --- - - name: Activate epel repository - include_role: - name: icinga.icinga.repos - vars: - icinga_repo_epel: true - icinga_repo_stable: false - icinga_repo_testing: false - icinga_repo_snapshot: false - when: icinga_monitoring_plugins_epel - when: icinga_monitoring_plugins_epel|bool == true + ansible.builtin.yum: + name: epel-release + state: present + when: icinga_monitoring_plugins_epel|bool - name: Yum - install requested packages become: yes From 59252796d09653aee81b65984f5d03aeb5b66f7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20G=C3=B6tz?= Date: Wed, 10 Apr 2024 15:36:04 +0200 Subject: [PATCH 24/58] [icinga2] fix file permissions for objects (#282) --- roles/icinga2/tasks/configure.yml | 1 + roles/icinga2/tasks/objects.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/icinga2/tasks/configure.yml b/roles/icinga2/tasks/configure.yml index f284482d..5efb46ab 100644 --- a/roles/icinga2/tasks/configure.yml +++ b/roles/icinga2/tasks/configure.yml @@ -92,6 +92,7 @@ delimiter: ' ' owner: "{{ icinga2_user }}" group: "{{ icinga2_group }}" + mode: 0644 loop: "{{ result.files }}" notify: reload icinga2 service diff --git a/roles/icinga2/tasks/objects.yml b/roles/icinga2/tasks/objects.yml index 93d10302..58ac18b7 100644 --- a/roles/icinga2/tasks/objects.yml +++ b/roles/icinga2/tasks/objects.yml @@ -34,6 +34,7 @@ state: directory owner: root group: root + mode: 0755 path: "{{ icinga2_fragments_path }}/{{ item.path }}/" loop: "{{ icinga2_custom_config }}" @@ -41,6 +42,7 @@ ansible.builtin.copy: owner: root group: root + mode: 0644 src: "files/{{ item.name }}" dest: "{{ icinga2_fragments_path }}/{{ item.path }}/{{ item.order|default('20')|string }}_{{ item.name }}" loop: "{{ icinga2_custom_config }}" From a89669bd38250445e676bc0684bbc6e34cf09499 Mon Sep 17 00:00:00 2001 From: Matt wade Date: Wed, 10 Apr 2024 14:42:59 +0100 Subject: [PATCH 25/58] Not tabbed correctly, caused build to fail (#279) --- doc/role-icinga2/objects.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/role-icinga2/objects.md b/doc/role-icinga2/objects.md index 0be3a5bb..871f0f4a 100644 --- a/doc/role-icinga2/objects.md +++ b/doc/role-icinga2/objects.md @@ -470,11 +470,11 @@ icinga2_objects: description: The notification address -6: $notification_address6$ -b: $notification_author$ - vars: - +: true - notification_address: $address$ - notification_address6: $address6$ - notification_author: $notification.author$ + vars: + +: true + notification_address: $address$ + notification_address6: $address6$ + notification_author: $notification.author$ ```` #### UserGroup From 50e526fb60669c3c4328026e155ba00b376bc36c Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Sat, 18 May 2024 13:42:24 +0200 Subject: [PATCH 26/58] Add toggle to ignore unknown Icinga Web 2 modules Add a boolean `icingaweb2_ignore_unknown_errors` to ignore modules provided in `icingaweb2_modules` which are unknown to this collection. This way users can define modules within `icingaweb2_modules` and use other Ansible code referencing the same variable without this collection's icingaweb2 role failing. Fixes #288 --- roles/icingaweb2/defaults/main.yml | 2 ++ roles/icingaweb2/tasks/main.yml | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/roles/icingaweb2/defaults/main.yml b/roles/icingaweb2/defaults/main.yml index 089e7256..b0034f14 100644 --- a/roles/icingaweb2/defaults/main.yml +++ b/roles/icingaweb2/defaults/main.yml @@ -3,6 +3,8 @@ icingaweb2_group: icingaweb2 icingaweb2_modules_config_dir: "{{ icingaweb2_config_dir }}/modules" icingaweb2_director_service: icinga-director.service +icingaweb2_ignore_unknown_modules: false + icingaweb2_groups: icingaweb2: backend: db diff --git a/roles/icingaweb2/tasks/main.yml b/roles/icingaweb2/tasks/main.yml index c0c8cb19..cfd61fb1 100644 --- a/roles/icingaweb2/tasks/main.yml +++ b/roles/icingaweb2/tasks/main.yml @@ -12,6 +12,14 @@ paths: - "{{ role_path }}/vars" +- name: Check each icingaweb2_modules key against known modules + when: not icingaweb2_ignore_unknown_modules + loop: "{{ icingaweb2_modules | default({}) | dict2items }}" + ansible.builtin.assert: + that: + - item.key in icingaweb2_module_packages.keys() + fail_msg: "'{{ item.key }}' is an unknown module. Set 'icingaweb2_ignore_unknown_modules' to 'true' if you want to simply skip unknown modules" + - name: Gather module packages ansible.builtin.set_fact: icingaweb2_packages: "{{ icingaweb2_packages + [ icingaweb2_module_packages[item.key] ] }}" @@ -43,14 +51,18 @@ group: "{{ icingaweb2_group }}" state: "{{ 'link' if item.value.enabled|bool == true else 'absent' }}" force: yes - when: icingaweb2_modules is defined + when: + - icingaweb2_modules is defined + - item.key in icingaweb2_module_packages.keys() loop: "{{ icingaweb2_modules | dict2items }}" loop_control: label: "Ensure {{ item.key }} is {{ 'enabled' if item.value.enabled|bool == true else 'disabled' }}" - name: Configure modules ansible.builtin.include_tasks: "modules/{{ item.key }}.yml" - when: icingaweb2_modules is defined + when: + - icingaweb2_modules is defined + - item.key in icingaweb2_module_packages.keys() loop: "{{ icingaweb2_modules | dict2items }}" # Many daemons fail before e.g. the resource is set up or the schema hasn't been migrated. This is a workaround. From fb6099d7d10e4026821211fbee24911eb255ba51 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Sat, 18 May 2024 14:50:15 +0200 Subject: [PATCH 27/58] Add two 'default(false)' statements so 'enabled' does not need to be set here --- roles/icingaweb2/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/icingaweb2/tasks/main.yml b/roles/icingaweb2/tasks/main.yml index cfd61fb1..9dd1ab00 100644 --- a/roles/icingaweb2/tasks/main.yml +++ b/roles/icingaweb2/tasks/main.yml @@ -56,7 +56,7 @@ - item.key in icingaweb2_module_packages.keys() loop: "{{ icingaweb2_modules | dict2items }}" loop_control: - label: "Ensure {{ item.key }} is {{ 'enabled' if item.value.enabled|bool == true else 'disabled' }}" + label: "Ensure {{ item.key }} is {{ 'enabled' if item.value.enabled|default(false)|bool == true else 'disabled' }}" - name: Configure modules ansible.builtin.include_tasks: "modules/{{ item.key }}.yml" @@ -70,5 +70,5 @@ ansible.builtin.service: name: "icinga-{{ item.key }}" state: restarted - when: icingaweb2_modules is defined and item.value.enabled|bool == true and item.key in ['vspheredb', 'x509'] + when: icingaweb2_modules is defined and item.value.enabled|default(false)|bool == true and item.key in ['vspheredb', 'x509'] loop: "{{ icingaweb2_modules | dict2items }}" From f88efe398a33ea5ccb4fcad16c9b8301fc3fba30 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 24 May 2024 09:47:05 +0200 Subject: [PATCH 28/58] update ini template test to 2.16.4 --- .github/workflows/test_icingaweb2_ini_template.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test_icingaweb2_ini_template.yml b/.github/workflows/test_icingaweb2_ini_template.yml index 54f3b887..0af97c1c 100644 --- a/.github/workflows/test_icingaweb2_ini_template.yml +++ b/.github/workflows/test_icingaweb2_ini_template.yml @@ -31,7 +31,7 @@ jobs: matrix: distro: [ubuntu2204] python: ['3.9', '3.10'] - ansible: ['2.13.10', '2.14.7'] + ansible: ['2.13.10', '2.14.7', '2.16.4'] scenario: [ini-configuration-tests] steps: From ece5711e66ece8c0b5a6fc85ed89fbadff755c27 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 24 May 2024 09:49:05 +0200 Subject: [PATCH 29/58] run test if workflow is changed --- .github/workflows/test_icingaweb2_ini_template.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test_icingaweb2_ini_template.yml b/.github/workflows/test_icingaweb2_ini_template.yml index 0af97c1c..337af8d3 100644 --- a/.github/workflows/test_icingaweb2_ini_template.yml +++ b/.github/workflows/test_icingaweb2_ini_template.yml @@ -11,6 +11,7 @@ on: paths: - 'roles/icingaweb2/templates/**' - 'molecule/ini-configuration-tests/**' + - '.github/workflows/test_icingaweb2_ini_template.yml' pull_request: branches: - 'feature/**' From c0b663e404a6e10ed11237f19b8dc68970cad4d4 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 24 May 2024 10:24:06 +0200 Subject: [PATCH 30/58] add requirements for 2.16.4 --- requirements-test-2.16.4.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 requirements-test-2.16.4.txt diff --git a/requirements-test-2.16.4.txt b/requirements-test-2.16.4.txt new file mode 100644 index 00000000..bf37a99b --- /dev/null +++ b/requirements-test-2.16.4.txt @@ -0,0 +1,5 @@ +ansible-core==2.16.4 +ansible-lint +molecule +molecule-docker +pytest-testinfra From ba97cbc5fd4a83a5a1862869691a2332763cfb30 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 24 May 2024 10:45:06 +0200 Subject: [PATCH 31/58] update job if requirements are changed --- .github/workflows/test_icingaweb2_ini_template.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test_icingaweb2_ini_template.yml b/.github/workflows/test_icingaweb2_ini_template.yml index 337af8d3..91c4c226 100644 --- a/.github/workflows/test_icingaweb2_ini_template.yml +++ b/.github/workflows/test_icingaweb2_ini_template.yml @@ -12,6 +12,7 @@ on: - 'roles/icingaweb2/templates/**' - 'molecule/ini-configuration-tests/**' - '.github/workflows/test_icingaweb2_ini_template.yml' + - 'requirements*' pull_request: branches: - 'feature/**' From abc3e4056854044a76ae99b2e7762cf2ecf04c59 Mon Sep 17 00:00:00 2001 From: Thilo W Date: Fri, 24 May 2024 10:45:20 +0200 Subject: [PATCH 32/58] change requirements --- requirements-test-2.16.4.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test-2.16.4.txt b/requirements-test-2.16.4.txt index bf37a99b..74ef23ff 100644 --- a/requirements-test-2.16.4.txt +++ b/requirements-test-2.16.4.txt @@ -1,5 +1,5 @@ ansible-core==2.16.4 -ansible-lint molecule +ansible-lint molecule-docker pytest-testinfra From dfddae116f1a7e69c6a3de165363ac5891173265 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Fri, 24 May 2024 15:10:13 +0200 Subject: [PATCH 33/58] Better reflect the usage of `icinga2_objects` Change the documentation to better explain the intended behaviour of the variable `icinga2_objects`. Shows the difference between this variable as a host variable and as a play variable. Since the (allowed) usage differes here, this is now also reflected in the documentation. Fixes #292 --- .../fix_292_icinga2_objects_documentation.yml | 4 ++ doc/role-icinga2/objects.md | 39 +++++++++++++------ 2 files changed, 32 insertions(+), 11 deletions(-) create mode 100644 changelogs/fragments/fix_292_icinga2_objects_documentation.yml diff --git a/changelogs/fragments/fix_292_icinga2_objects_documentation.yml b/changelogs/fragments/fix_292_icinga2_objects_documentation.yml new file mode 100644 index 00000000..af1e5cb9 --- /dev/null +++ b/changelogs/fragments/fix_292_icinga2_objects_documentation.yml @@ -0,0 +1,4 @@ +--- + +minor_changes: + - Change documentation to better reflect the intended usage of the variable 'icinga2_objects' as a host variable vs. as a play variable. diff --git a/doc/role-icinga2/objects.md b/doc/role-icinga2/objects.md index 871f0f4a..ef1123fd 100644 --- a/doc/role-icinga2/objects.md +++ b/doc/role-icinga2/objects.md @@ -7,8 +7,9 @@ generate configuration files with objects included. This variable consists of Icinga 2 object attributes and attributes referring to the file created in the process. -> **_NOTE:_** The second level of the dictionary defines on which host the configuration is created. All objects in the example below, will be gathered and deployed on the host.: `host.example.org`. -In addition this variable can be logically defined at the **host_vars/agent** and are still deployed on the master **host.example.org** +> **_NOTE:_** The second level of the dictionary defines on which host the configuration is created. All objects in the example below, will be gathered and deployed on the host.: `host.example.org`. +In addition this variable can be logically defined at the **host_vars/agent** and are still deployed on the master **host.example.org** +The second level can **only** be used in **hostvars**! The `file` key will be used to control in which directory structure the object will be placed. In addition the `order` key will define the order of the objects in the destination file. @@ -16,6 +17,13 @@ The default for `order` is set to **10**, so everything below that number will b The `type` will be the original Icinga 2 object types, a list of all can be found in the documentation. [Icinga 2 Monitoring Objects](https://icinga.com/docs/icinga-2/latest/doc/09-object-types/#monitoring-objects) +### Icinga2 Objects in Hostvars + +When defining `icinga2_objects` as a host specific variable (hostvars/groupvars) you can define the variable as a dictionary. Each dictionary key represents the host on which the key's value will be deployed as configuration. +Alternatively you can define `icinga2_objects` as a list which results in the configuration being deployed on just the host for which the variable is defined. + +Example defining the variable within hostvars: + ``` icinga2_objects: host.example.org: @@ -32,23 +40,32 @@ icinga2_objects: parent: main ``` -The advantage of the default **icinga2_objects** variable is, that you can run your playbook over many different server without deploying the -monitoring configuration on every host in the playbook. Otherwise the variable should be only placed in `host_vars` files to restrict deployment on every host. +This way you can use some host's variables (like `ansible_fqdn`) to deploy configuration on another host (in this case `host.example.org`). -As a secondary option, you can use the variable without the second level like the following example. +Additonally, the list `icinga2_objects` from within a play's `vars` key will be merged with each host's individual objects. -> **CAUTION!** If not restricted it will be deployed on every host. This should be only defined in `host_vars` unless -you know what you are doing! +### Icinga2 Objects in Play Vars + +If you need to deploy certain Icinga 2 objects on every host in your play, you can define the variable `icinga2_objects` as a list within your play's `vars` key. +This makes sure that, **in addition** to the individual host's objects, there is a common set of objects between your hosts. + +Example defining the variable within your play's vars: ``` icinga2_objects: - - name: "{{ ansible_fqdn }}" - type: Endpoint - file: "{{ 'conf.d/' + ansible_hostname + '.conf' }}" + - name: "GlobalApiUser" + type: ApiUser + file: "conf.d/global_api_users.conf" order: 20 + password: supersecrectpassword123 + permissions: + - "objects/query/Host" + - "objects/query/Service" ``` -More Examples at the end -> [Examples](#examples) +--- + +More examples at the end -> [Examples](#examples) ## Managing Config directories From 9ddfaa1d3487ecf640b4b9e71ee59f0a47561e85 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 4 Jul 2024 10:07:29 +0200 Subject: [PATCH 34/58] Add tasks to create icingadb-redis log directory Icinga's packages no longer create /var/log/icingadb-redis/ since logging moved to the journal by default. If logging to a file is needed, the according directory has to be created beforehand. Fixes #298 --- changelogs/fragments/fix_issue_298.yml | 3 +++ roles/icingadb_redis/tasks/install_on_debian.yml | 10 ++++++++++ roles/icingadb_redis/tasks/install_on_redhat.yml | 10 ++++++++++ roles/icingadb_redis/tasks/install_on_suse.yml | 10 ++++++++++ roles/icingadb_redis/templates/icingadb-redis.conf.j2 | 2 +- 5 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/fix_issue_298.yml diff --git a/changelogs/fragments/fix_issue_298.yml b/changelogs/fragments/fix_issue_298.yml new file mode 100644 index 00000000..547e9ab3 --- /dev/null +++ b/changelogs/fragments/fix_issue_298.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Icinga's packages no longer create '/var/log/icingadb-redis/'. Added tasks that create a log directory based on `icingadb_redis_logfile` (#298). diff --git a/roles/icingadb_redis/tasks/install_on_debian.yml b/roles/icingadb_redis/tasks/install_on_debian.yml index c9ee7657..208beb53 100644 --- a/roles/icingadb_redis/tasks/install_on_debian.yml +++ b/roles/icingadb_redis/tasks/install_on_debian.yml @@ -4,3 +4,13 @@ name: "{{ item }}" state: present loop: "{{ icingadb_redis_packages }}" + +- name: Debian - Ensure log directory exists + when: + - icingadb_redis_logfile != "" + ansible.builtin.file: + path: "{{ icingadb_redis_logfile | dirname }}" + state: directory + owner: "{{ icingadb_redis_user }}" + group: "adm" + mode: "2750" diff --git a/roles/icingadb_redis/tasks/install_on_redhat.yml b/roles/icingadb_redis/tasks/install_on_redhat.yml index 9e25288d..a4205152 100644 --- a/roles/icingadb_redis/tasks/install_on_redhat.yml +++ b/roles/icingadb_redis/tasks/install_on_redhat.yml @@ -4,3 +4,13 @@ name: "{{ item }}" state: present loop: "{{ icingadb_redis_packages }}" + +- name: RedHat - Ensure log directory exists + when: + - icingadb_redis_logfile != "" + ansible.builtin.file: + path: "{{ icingadb_redis_logfile | dirname }}" + state: directory + owner: "{{ icingadb_redis_user }}" + group: "{{ icingadb_redis_user }}" + mode: "0750" diff --git a/roles/icingadb_redis/tasks/install_on_suse.yml b/roles/icingadb_redis/tasks/install_on_suse.yml index d40ff048..4c15382d 100644 --- a/roles/icingadb_redis/tasks/install_on_suse.yml +++ b/roles/icingadb_redis/tasks/install_on_suse.yml @@ -3,3 +3,13 @@ community.general.zypper: name: "{{ icingadb_redis_packages }}" state: present + +- name: Suse - Ensure log directory exists + when: + - icingadb_redis_logfile != "" + ansible.builtin.file: + path: "{{ icingadb_redis_logfile | dirname }}" + state: directory + owner: "{{ icingadb_redis_user }}" + group: "{{ icingadb_redis_user }}" + mode: "0750" diff --git a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 index a531bc9e..8e018215 100644 --- a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 +++ b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 @@ -13,7 +13,7 @@ tcp-keepalive {{ icingadb_redis_tcp_keepalive }} supervised {{ icingadb_redis_supervised }} pidfile {{ icingadb_redis_pidfile }} loglevel {{ icingadb_redis_loglevel }} -logfile {{ icingadb_redis_logfile }} +logfile "{{ icingadb_redis_logfile }}" # syslog-enabled no # syslog-ident redis # syslog-facility local0 From 7e1fe9684988825c8dd4688fa9fb610ed8a015e5 Mon Sep 17 00:00:00 2001 From: PedroMSantosD Date: Thu, 4 Jul 2024 11:47:50 +0200 Subject: [PATCH 35/58] Fix ssl_cacert variable on configuration of icinga2 api feature with custom certificates (#295) * Docs: Fixed variable name used to deploy custom CA certificates --- changelogs/fragments/fix_update_ca_ssl_cert_documentation | 3 +++ doc/role-icinga2/features/feature-api.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/fix_update_ca_ssl_cert_documentation diff --git a/changelogs/fragments/fix_update_ca_ssl_cert_documentation b/changelogs/fragments/fix_update_ca_ssl_cert_documentation new file mode 100644 index 00000000..038f63cc --- /dev/null +++ b/changelogs/fragments/fix_update_ca_ssl_cert_documentation @@ -0,0 +1,3 @@ +--- +bugfixes: + - Fixes documentation for the variable name to use when deploying external certificates. from ssl_ca to ssl_cacert. diff --git a/doc/role-icinga2/features/feature-api.md b/doc/role-icinga2/features/feature-api.md index 2368247c..cee0aef1 100644 --- a/doc/role-icinga2/features/feature-api.md +++ b/doc/role-icinga2/features/feature-api.md @@ -123,7 +123,7 @@ If you want to use certificates which aren't created by **Icinga 2 CA**, then us the following variables to point the role to your own certificates. ``` -ssl_ca: ca.crt +ssl_cacert: ca.crt ssl_cert: certificate.crt ssl_key: certificate.key ``` From b88f055409f406052e8b481219ad867505ef4436 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Fri, 12 Jul 2024 14:18:13 +0200 Subject: [PATCH 36/58] Apply missing changelog entry of release 0.3.3 --- CHANGELOG.rst | 16 ++++++++++++++++ changelogs/changelog.yaml | 12 ++++++++++++ .../fix_missing_quotes_delegate_ticket.yml | 3 --- 3 files changed, 28 insertions(+), 3 deletions(-) delete mode 100644 changelogs/fragments/fix_missing_quotes_delegate_ticket.yml diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cd088bab..f3c6e90f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,22 @@ Icinga.Icinga Release Notes .. contents:: Topics +v0.3.3 +====== + +Release Summary +--------------- + +Bugfix Release + +Bugfixes +-------- + +- ensure backwards compatibility with bool filter (#218) +- icinga2 feature api: fixed missing quotes in delegate ticket command for satellites or second master nodes. +- icingaweb2: run pqslcmd with LANG=C to ensure the output is in english. +- remove superfluous curly brace (#246) + v0.3.2 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 266657ac..fddba26d 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -124,3 +124,15 @@ releases: - feature_adjust_director_source_installation.yml - release.yml release_date: '2023-12-07' + 0.3.3: + changes: + bugfixes: + - ensure backwards compatibility with bool filter (#218) + - 'icinga2 feature api: fixed missing quotes in delegate ticket command for + satellites or second master nodes.(#250)' + - 'icingaweb2: run pqslcmd with LANG=C to ensure the output is in english.(#241)' + - remove superfluous curly brace (#246) + release_summary: Bugfix Release + fragments: + - fix_missing_quotes_delegate_ticket.yml + release_date: '2024-01-15' diff --git a/changelogs/fragments/fix_missing_quotes_delegate_ticket.yml b/changelogs/fragments/fix_missing_quotes_delegate_ticket.yml deleted file mode 100644 index 1951fdf9..00000000 --- a/changelogs/fragments/fix_missing_quotes_delegate_ticket.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - "icinga2 feature api: fixed missing quotes in delegate ticket command for satellites or second master nodes." \ No newline at end of file From 4d5779374ea4ec65e5eb2cfcbe9d691283dd307e Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Fri, 12 Jul 2024 17:37:19 +0200 Subject: [PATCH 37/58] Bump collection version to 0.3.3 Changes that have been released with version 0.3.3 are present within the main branch. To avoid losing track the version gets bumped before the next actual release (which also bumps the version number). --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index d1d8d8fb..04cd5e49 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: icinga name: icinga -version: 0.3.2 +version: 0.3.3 readme: README.md authors: - Lennart Betz From 0abb6f70e08d79f5d5a9dd1c330d908bdff31f72 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 18 Jul 2024 21:01:18 +0200 Subject: [PATCH 38/58] Fix mysql database import for module x509 Fixes the automatic import of the x509 database schema using mysql by changing the variable reference `schema_path` to `schema_path_mysql`. Fixes #303 --- .../fragments/fix_issue_303_x509_mysql_import.yml | 3 +++ doc/role-icingaweb2/module-x509.md | 2 ++ roles/icingaweb2/tasks/manage_mysql_imports.yml | 2 +- roles/icingaweb2/tasks/modules/x509.yml | 10 ++++++---- 4 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 changelogs/fragments/fix_issue_303_x509_mysql_import.yml diff --git a/changelogs/fragments/fix_issue_303_x509_mysql_import.yml b/changelogs/fragments/fix_issue_303_x509_mysql_import.yml new file mode 100644 index 00000000..58ae8472 --- /dev/null +++ b/changelogs/fragments/fix_issue_303_x509_mysql_import.yml @@ -0,0 +1,3 @@ +bugfixes: + - "Fixed incorrect failure of x509 variable sanity checks. They now fail as intended instead of due to syntax (#303)." + - "Fixed wrong variable being referenced to apply x509 mysql database schema. Use `schema_path_mysql` now (#303)." diff --git a/doc/role-icingaweb2/module-x509.md b/doc/role-icingaweb2/module-x509.md index 684000fd..92387ec5 100644 --- a/doc/role-icingaweb2/module-x509.md +++ b/doc/role-icingaweb2/module-x509.md @@ -68,6 +68,7 @@ To import the database schema use `database` dictionary with the following varia | Variable | Type | Description | Default | |----------|------|-------------|---------| | `import_schema` | `Boolean` | Defines wether the schema will be imported or not. | false | +| `type` | `String` | Defines the type of database (`mysql \| pgsql`) | **n/a** | | `host` | `String` | Defines database address to connect to. | `localhost` | | `port` | `int` | Defines the database port to connect to. | `3306` or `5432` | | `user` | `string` | Defines database user | `x509` | @@ -88,6 +89,7 @@ icingaweb2_modules: enabled: true database: import_schema: true + type: mysql host: localhost port: 3306 user: x509 diff --git a/roles/icingaweb2/tasks/manage_mysql_imports.yml b/roles/icingaweb2/tasks/manage_mysql_imports.yml index 676c6df2..14a9f9e2 100644 --- a/roles/icingaweb2/tasks/manage_mysql_imports.yml +++ b/roles/icingaweb2/tasks/manage_mysql_imports.yml @@ -33,6 +33,6 @@ - name: MySQL import db schema ansible.builtin.shell: > {{ _tmp_mysqlcmd }} - < {{ _db['schema_path'] }} + < {{ _db['schema_path_mysql'] }} when: _db_schema.rc != 0 run_once: yes diff --git a/roles/icingaweb2/tasks/modules/x509.yml b/roles/icingaweb2/tasks/modules/x509.yml index 50dfd8dc..544f0fc3 100644 --- a/roles/icingaweb2/tasks/modules/x509.yml +++ b/roles/icingaweb2/tasks/modules/x509.yml @@ -44,12 +44,14 @@ select_query: "select * from x509_certificate" type: "{{ icingaweb2_modules[_module]['database']['type'] | default(omit) }}" - - ansible.builtin.fail: - fail_msg: No database type was provided + - name: Module x509 | Check if database type is provided + ansible.builtin.fail: + msg: No database type was provided when: icingaweb2_modules[_module]['database']['type'] is not defined - - ansible.builtin.fail: - fail_msg: "Invalid database type was provided. [Supported: mysql, pgsql]" + - name: Module x509 | Check provided database type + ansible.builtin.fail: + msg: "Invalid database type was provided. [Supported: mysql, pgsql]" when: _db.type not in ['mysql', 'pgsql'] - name: Module x509 | Import MySQL Schema From 18b345d7c61154b60b2cd9dbc1bb029ab4f0f09b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Berg?= <32747776+MisterMountain@users.noreply.github.com> Date: Mon, 22 Jul 2024 10:38:45 +0200 Subject: [PATCH 39/58] Change task names of icingaweb imports (#290) --- roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml b/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml index 6a6f1461..9a76a318 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml @@ -8,7 +8,7 @@ fail_msg: "No database credentials defined. Please set icingaweb2_db. or a privileged user with icingaweb2_priv_db_" when: icingaweb2_priv_db_password is undefined and icingaweb2_priv_db_user is undefined -- name: PostgreSQL import IDO schema +- name: PostgreSQL import icingaweb db schema block: - name: Build psql command ansible.builtin.set_fact: @@ -24,7 +24,7 @@ {% if icingaweb2_db['ssl_key'] is defined %} sslkey={{ icingaweb2_db['ssl_key'] }} {%- endif %} {% if icingaweb2_db['ssl_extra_options'] is defined %} {{ icingaweb2_db['ssl_extra_options'] }} {%- endif %}" - - name: PostgreSQL check for IDO schema + - name: PostgreSQL check for icingaweb db schema ansible.builtin.shell: > {{ _tmp_pgsqlcmd }} -w -c "select * from icingaweb_user" @@ -33,7 +33,7 @@ check_mode: false register: _icingaweb2_db_schema - - name: PostgreSQL import IDO schema + - name: PostgreSQL import icingaweb db schema ansible.builtin.shell: > {{ _tmp_pgsqlcmd }} -w -f /usr/share/icingaweb2/schema/pgsql.schema.sql From b39a5e0c42662f81b95710d489e618cfd4a0bf77 Mon Sep 17 00:00:00 2001 From: Christoph Niemann Date: Mon, 22 Jul 2024 10:43:47 +0200 Subject: [PATCH 40/58] add tls options to redis (#281) --- roles/icingadb_redis/defaults/main.yml | 5 +++++ roles/icingadb_redis/templates/icingadb-redis.conf.j2 | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/roles/icingadb_redis/defaults/main.yml b/roles/icingadb_redis/defaults/main.yml index a150afff..0aa4cb1b 100644 --- a/roles/icingadb_redis/defaults/main.yml +++ b/roles/icingadb_redis/defaults/main.yml @@ -60,3 +60,8 @@ icingadb_redis_hz: 10 icingadb_redis_dynamic_hz: 'yes' icingadb_redis_aof_rewrite_incremental_fsync: 'yes' icingadb_redis_rdb_save_incremental_fsync: 'yes' + +#icingadb_redis_tls_port: +#icingadb_redis_tls_cert: /etc/ssl/certs/host.crt +#icingadb_redis_tls_key: /etc/ssl/private/host.key +#icingadb_redis_tls_ca: /etc/ssl/certs/root-ca.crt diff --git a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 index 8e018215..52073f06 100644 --- a/roles/icingadb_redis/templates/icingadb-redis.conf.j2 +++ b/roles/icingadb_redis/templates/icingadb-redis.conf.j2 @@ -7,6 +7,9 @@ bind {% for host in icingadb_redis_binds %} protected-mode {{ icingadb_redis_protected_mode | string }} port {{ icingadb_redis_port }} +{% if icingadb_redis_tls_port is defined %} +tls-port {{ icingadb_redis_tls_port }} +{% endif %} tcp-backlog {{ icingadb_redis_tcp_backlog }} timeout {{ icingadb_redis_timeout }} tcp-keepalive {{ icingadb_redis_tcp_keepalive }} @@ -218,3 +221,10 @@ rdb-save-incremental-fsync {{ icingadb_redis_rdb_save_incremental_fsync }} # Maximum number of set/hash/zset/list fields that will be processed from # the main dictionary scan # active-defrag-max-scan-fields 1000 + +# TLS +{% if icingadb_redis_tls_cert is defined and icingadb_redis_tls_ca is defined and icingadb_redis_tls_key is defined %} +tls-cert-file {{ icingadb_redis_tls_cert }} +tls-key-file {{ icingadb_redis_tls_key }} +tls-ca-cert-file {{ icingadb_redis_tls_ca }} +{% endif %} From e908e8d87ef9d22fb2bd4911bf2afeb33f9ca50a Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 25 Jul 2024 16:31:17 +0200 Subject: [PATCH 41/58] Add changelog fragments from release 0.3.4 --- changelogs/fragments/fix_issue_267.yml | 3 +++ changelogs/fragments/fix_issue_268.yml | 3 +++ changelogs/fragments/fix_issue_269.yml | 3 +++ changelogs/fragments/fix_issue_270.yml | 3 +++ changelogs/fragments/release_summary.yml | 1 + 5 files changed, 13 insertions(+) create mode 100644 changelogs/fragments/fix_issue_267.yml create mode 100644 changelogs/fragments/fix_issue_268.yml create mode 100644 changelogs/fragments/fix_issue_269.yml create mode 100644 changelogs/fragments/fix_issue_270.yml create mode 100644 changelogs/fragments/release_summary.yml diff --git a/changelogs/fragments/fix_issue_267.yml b/changelogs/fragments/fix_issue_267.yml new file mode 100644 index 00000000..ff188fe4 --- /dev/null +++ b/changelogs/fragments/fix_issue_267.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Added missing port paramater to mysql command within icingadb role (#267) diff --git a/changelogs/fragments/fix_issue_268.yml b/changelogs/fragments/fix_issue_268.yml new file mode 100644 index 00000000..30f36e69 --- /dev/null +++ b/changelogs/fragments/fix_issue_268.yml @@ -0,0 +1,3 @@ +--- +trivial: + - Added no_log true to obscure secret information (#268) diff --git a/changelogs/fragments/fix_issue_269.yml b/changelogs/fragments/fix_issue_269.yml new file mode 100644 index 00000000..4aadcf8c --- /dev/null +++ b/changelogs/fragments/fix_issue_269.yml @@ -0,0 +1,3 @@ +--- +trivial: + - Changed conditions / boolean comparisons to be more verbose (#269) diff --git a/changelogs/fragments/fix_issue_270.yml b/changelogs/fragments/fix_issue_270.yml new file mode 100644 index 00000000..9e16f7e5 --- /dev/null +++ b/changelogs/fragments/fix_issue_270.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Fixed issue where reusing the repos role within the monitoring_plugins could cause the deactivation of the repos; using standalone task now (#270) diff --git a/changelogs/fragments/release_summary.yml b/changelogs/fragments/release_summary.yml new file mode 100644 index 00000000..04de7148 --- /dev/null +++ b/changelogs/fragments/release_summary.yml @@ -0,0 +1 @@ +release_summary: Bugfix release From 7e5c30b7455cc979fd4a34ccb3d9899c2af5f5af Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 25 Jul 2024 16:44:48 +0200 Subject: [PATCH 42/58] Consume fragments and build changelog --- CHANGELOG.rst | 19 +++++++++++++++++-- changelogs/changelog.yaml | 19 +++++++++++++++++++ changelogs/fragments/fix_issue_267.yml | 3 --- changelogs/fragments/fix_issue_268.yml | 3 --- changelogs/fragments/fix_issue_269.yml | 3 --- changelogs/fragments/fix_issue_270.yml | 3 --- changelogs/fragments/release_summary.yml | 1 - galaxy.yml | 2 +- 8 files changed, 37 insertions(+), 16 deletions(-) delete mode 100644 changelogs/fragments/fix_issue_267.yml delete mode 100644 changelogs/fragments/fix_issue_268.yml delete mode 100644 changelogs/fragments/fix_issue_269.yml delete mode 100644 changelogs/fragments/fix_issue_270.yml delete mode 100644 changelogs/fragments/release_summary.yml diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f3c6e90f..ef9d5d39 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -4,6 +4,21 @@ Icinga.Icinga Release Notes .. contents:: Topics +v0.3.4 +====== + +Release Summary +--------------- + +Bugfix release + +Bugfixes +-------- + +- Added missing port paramater to mysql command within icingadb role (#267) +- Fixed collect of icinga2_objects when icinga2_config_host is not defined (#228) +- Fixed issue where reusing the repos role within the monitoring_plugins could cause the deactivation of the repos; using standalone task now (#270) +- Icinga's packages no longer create '/var/log/icingadb-redis/'. Added tasks that create a log directory based on `icingadb_redis_logfile` (#298). v0.3.3 ====== @@ -17,8 +32,8 @@ Bugfixes -------- - ensure backwards compatibility with bool filter (#218) -- icinga2 feature api: fixed missing quotes in delegate ticket command for satellites or second master nodes. -- icingaweb2: run pqslcmd with LANG=C to ensure the output is in english. +- icinga2 feature api: fixed missing quotes in delegate ticket command for satellites or second master nodes.(#250) +- icingaweb2: run pqslcmd with LANG=C to ensure the output is in english.(#241) - remove superfluous curly brace (#246) v0.3.2 diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index fddba26d..ed186b14 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -136,3 +136,22 @@ releases: fragments: - fix_missing_quotes_delegate_ticket.yml release_date: '2024-01-15' + 0.3.4: + changes: + bugfixes: + - Added missing port paramater to mysql command within icingadb role (#267) + - Fixed collect of icinga2_objects when icinga2_config_host is not defined (#228) + - Fixed issue where reusing the repos role within the monitoring_plugins could + cause the deactivation of the repos; using standalone task now (#270) + - Icinga's packages no longer create '/var/log/icingadb-redis/'. Added tasks + that create a log directory based on `icingadb_redis_logfile` (#298). + release_summary: Bugfix release + fragments: + - fix_issue_228.yml + - fix_issue_267.yml + - fix_issue_268.yml + - fix_issue_269.yml + - fix_issue_270.yml + - fix_issue_298.yml + - release_summary.yml + release_date: '2024-07-25' diff --git a/changelogs/fragments/fix_issue_267.yml b/changelogs/fragments/fix_issue_267.yml deleted file mode 100644 index ff188fe4..00000000 --- a/changelogs/fragments/fix_issue_267.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - Added missing port paramater to mysql command within icingadb role (#267) diff --git a/changelogs/fragments/fix_issue_268.yml b/changelogs/fragments/fix_issue_268.yml deleted file mode 100644 index 30f36e69..00000000 --- a/changelogs/fragments/fix_issue_268.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Added no_log true to obscure secret information (#268) diff --git a/changelogs/fragments/fix_issue_269.yml b/changelogs/fragments/fix_issue_269.yml deleted file mode 100644 index 4aadcf8c..00000000 --- a/changelogs/fragments/fix_issue_269.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Changed conditions / boolean comparisons to be more verbose (#269) diff --git a/changelogs/fragments/fix_issue_270.yml b/changelogs/fragments/fix_issue_270.yml deleted file mode 100644 index 9e16f7e5..00000000 --- a/changelogs/fragments/fix_issue_270.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - Fixed issue where reusing the repos role within the monitoring_plugins could cause the deactivation of the repos; using standalone task now (#270) diff --git a/changelogs/fragments/release_summary.yml b/changelogs/fragments/release_summary.yml deleted file mode 100644 index 04de7148..00000000 --- a/changelogs/fragments/release_summary.yml +++ /dev/null @@ -1 +0,0 @@ -release_summary: Bugfix release diff --git a/galaxy.yml b/galaxy.yml index 04cd5e49..3ad2d906 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: icinga name: icinga -version: 0.3.3 +version: 0.3.4 readme: README.md authors: - Lennart Betz From 3ef83382bc9054f43c8720b7c6449682a49663f9 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Fri, 26 Jul 2024 15:49:16 +0200 Subject: [PATCH 43/58] Add small doc file describing release workflow --- PUBLISH.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ galaxy.yml | 1 + 2 files changed, 68 insertions(+) create mode 100644 PUBLISH.md diff --git a/PUBLISH.md b/PUBLISH.md new file mode 100644 index 00000000..b5749bc2 --- /dev/null +++ b/PUBLISH.md @@ -0,0 +1,67 @@ +# Creating a new release + +> This is meant as an *internal* note on how to build and publish a new version of this Ansible Collection. + +1. **Get the release branch ready:** + Push your local changes to the remote. + From your local release branch: + ``` + git push --set-upstream origin release/ + ``` + + To avoid having leftover files from your local directory end up in the release, please **cleanly clone the release branch to another directory**. + ``` + git clone --branch release/ git@github.com:Icinga/ansible-collection-icinga.git release_ + cd release_ + ``` + You now only have files that were actually commmited. + +2. **Increase the version number:** + The version of this Collection - as seen by Ansible Galaxy - is determined by **galaxy.yml**. + Increase the version number inside accordingly. + +3. **Create a changelog summary:** + This will be shown in the changelog as a short summary for this release. + + changelogs/fragments/release_summary.yml: + ``` + release_summary: | + Summary text for this release. + "*Bugfix release*" for example. + ``` + +4. **Create a new changelog:** + Lint the changelogs: + ``` + antsibull-changelog lint + ``` + + Generate the changelog: + ``` + antsibull-changelog release --version + ``` + + Commit your changes to the release branch. + +5. **Build and push to Ansible Galaxy:** + Build a release tar ball (verbose shows skipped files): + ``` + ansible-galaxy collection build -vvv + ``` + + Push to Ansible Galaxy: + ``` + ansible-galaxy collection publish --token icinga-icinga-.tar.gz + ``` + > This might show errors which does **not** necessarily mean that it failed. + > Have a look at [Ansible Galaxy](https://galaxy.ansible.com/ui/repo/published/icinga/icinga/) and confirm if the release could be published. + +6. **Create a release on GitHub:** + When [creating a new release](https://github.com/Icinga/ansible-collection-icinga/releases/new) + + - choose \ as tag + - choose the branch "release/\" as target (will be tagged) + - choose \ as title + - copy and paste the release's changelog entry (see [prior releases](https://github.com/Icinga/ansible-collection-icinga/releases)) + - attach the created tar ball (icinga-icinga-\.tar.gz) to the release + - if you feel extra nice, credit contributors by adding their names, e.g. behind the respective issue or feature (`@name`) diff --git a/galaxy.yml b/galaxy.yml index 3ad2d906..a43d8ab0 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -43,3 +43,4 @@ build_ignore: - changelogs - .idea - '*.tar.gz' + - PUBLISH.md From 48805b98dcdd402005044b3f83d0d1eeae87d626 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:29:08 +0200 Subject: [PATCH 44/58] Add example code for `icinga2_objects` as list --- doc/role-icinga2/objects.md | 46 +++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/doc/role-icinga2/objects.md b/doc/role-icinga2/objects.md index ef1123fd..3a191581 100644 --- a/doc/role-icinga2/objects.md +++ b/doc/role-icinga2/objects.md @@ -8,7 +8,7 @@ generate configuration files with objects included. This variable consists of Icinga 2 object attributes and attributes referring to the file created in the process. > **_NOTE:_** The second level of the dictionary defines on which host the configuration is created. All objects in the example below, will be gathered and deployed on the host.: `host.example.org`. -In addition this variable can be logically defined at the **host_vars/agent** and are still deployed on the master **host.example.org** +In addition this variable can be logically defined at the **host_vars/agent** and are still deployed on the master **host.example.org**. The second level can **only** be used in **hostvars**! The `file` key will be used to control in which directory structure the object will be placed. @@ -22,25 +22,41 @@ The `type` will be the original Icinga 2 object types, a list of all can be foun When defining `icinga2_objects` as a host specific variable (hostvars/groupvars) you can define the variable as a dictionary. Each dictionary key represents the host on which the key's value will be deployed as configuration. Alternatively you can define `icinga2_objects` as a list which results in the configuration being deployed on just the host for which the variable is defined. -Example defining the variable within hostvars: +Example defining the variable within hostvars as a dictionary (inventory entry): +```yaml +webserver.example.org: + ansible_host: 10.0.0.8 + icinga2_objects: + host.example.org: + - name: "{{ inventory_hostname }}" + type: Host + file: "{{ 'conf.d/' + ansible_hostname + '.conf' }}" + address: "{{ ansible_host }}" + check_command: hostalive + check_interval: 3m + - ... ``` -icinga2_objects: - host.example.org: - - name: "{{ ansible_fqdn }}" - type: Endpoint - file: "{{ 'conf.d/' + ansible_hostname + '.conf' }}" - order: 20 - - name: "{{ ansible_fqdn }}" - type: Zone + +This way you can use some host's variables (like `ansible_host`) to deploy configuration on another host (in this case `host.example.org`). + +Example defining the variable within hostvars as a list (inventory entry): + +```yaml +webserver.example.org: + ansible_host: 10.0.0.8 + icinga2_objects: + - name: "web-api-user" + type: ApiUser file: "{{ 'conf.d/' + ansible_hostname + '.conf' }}" - order: 20 - endpoints: - - "{{ ansible_fqdn }}" - parent: main + password: "somepassword" + permissions: + - "objects/query/Host" + - "objects/query/Service" + - ... ``` -This way you can use some host's variables (like `ansible_fqdn`) to deploy configuration on another host (in this case `host.example.org`). +In the above case the list `icinga2_objects` will only be deployed as configuration on host `webserver.example.org`. Additonally, the list `icinga2_objects` from within a play's `vars` key will be merged with each host's individual objects. From 55f0e45a3082a0129f9b0ad5d1014c8c39b0f15b Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Mon, 29 Jul 2024 15:30:07 +0200 Subject: [PATCH 45/58] Properly check if vars['icinga2_objects'] is list The previous conditions did not suffice in determining whether vars['icinga2_objects'] was a list or not. Thus the variable was sometimes treated as a list even though it was a dictionary for example. This resulted in task failures. This commit applies proper checks. Fixes #308. --- changelogs/fragments/fix_issue_308.yml | 2 ++ roles/icinga2/tasks/objects.yml | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/fix_issue_308.yml diff --git a/changelogs/fragments/fix_issue_308.yml b/changelogs/fragments/fix_issue_308.yml new file mode 100644 index 00000000..f4b00a6a --- /dev/null +++ b/changelogs/fragments/fix_issue_308.yml @@ -0,0 +1,2 @@ +bugfixes: + - "The type of :code:`vars['icinga2_objects']` was wrongly tested for. This should be a list. The type is now `properly checked `_ for (#308)." diff --git a/roles/icinga2/tasks/objects.yml b/roles/icinga2/tasks/objects.yml index 58ac18b7..2eebb6e3 100644 --- a/roles/icinga2/tasks/objects.yml +++ b/roles/icinga2/tasks/objects.yml @@ -1,14 +1,27 @@ --- -- name: collect all config objects for myself +- name: collect all config objects for myself (from all inventory hosts) set_fact: tmp_objects: "{{ tmp_objects| default([]) + lookup('list', hostvars[item]['icinga2_objects'][icinga2_config_host]) }}" with_items: "{{ groups['all'] }}" when: hostvars[item]['icinga2_objects'][icinga2_config_host] is defined +- name: collect all config objects for myself (from myself if list) + set_fact: + tmp_objects: "{{ tmp_objects | default([]) + lookup('list', hostvars[inventory_hostname]['icinga2_objects']) }}" + when: + - hostvars[inventory_hostname]['icinga2_objects'] is defined + - hostvars[inventory_hostname]['icinga2_objects'] is iterable + - hostvars[inventory_hostname]['icinga2_objects'] is not string + - hostvars[inventory_hostname]['icinga2_objects'] is not mapping + - name: collect all config objects in play vars set_fact: tmp_objects: "{{ tmp_objects| default([]) + lookup('list', icinga2_objects) }}" - when: icinga2_objects is defined and vars['icinga2_objects'][icinga2_config_host] is not defined + when: + - icinga2_objects is defined + - icinga2_objects is iterable + - icinga2_objects is not string + - icinga2_objects is not mapping - icinga2_object: args: "{{ item }}" From fd8667edb18602d620c631e891d5b87a0ab50a95 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Wed, 31 Jul 2024 10:23:12 +0200 Subject: [PATCH 46/58] Use double quotes instead of single quotes in ini Within Icinga Web's ini files double quotes are needed to encapsulate certain values. Changed single quotes to double quotes in template. Fixes #301 --- changelogs/fragments/fix_issue_301.yml | 2 ++ .../tests/integration/test_ini_config.py | 4 ++-- roles/icingaweb2/templates/ini_template.j2 | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 changelogs/fragments/fix_issue_301.yml diff --git a/changelogs/fragments/fix_issue_301.yml b/changelogs/fragments/fix_issue_301.yml new file mode 100644 index 00000000..19652485 --- /dev/null +++ b/changelogs/fragments/fix_issue_301.yml @@ -0,0 +1,2 @@ +bugfixes: + - "Certain values within Icinga Web :code:`ini` files got quoted incorrectly using single quotes. They are now quoted properly using double quotes (#301)." diff --git a/molecule/ini-configuration-tests/tests/integration/test_ini_config.py b/molecule/ini-configuration-tests/tests/integration/test_ini_config.py index f138ce08..962d3949 100644 --- a/molecule/ini-configuration-tests/tests/integration/test_ini_config.py +++ b/molecule/ini-configuration-tests/tests/integration/test_ini_config.py @@ -20,10 +20,10 @@ def test_advanced_filter(host): i2_file = host.file("/tmp/advanced_filter") print(i2_file.content_string) assert i2_file.is_file - assert i2_file.content_string == "\n[section]\ntest = '!(objectClass=user)'\ntest2 = '!(objectClass=user)'\ntest3 = '!attribute'\n" + assert i2_file.content_string == '\n[section]\ntest = "!(objectClass=user)"\ntest2 = "!(objectClass=user)"\ntest3 = "!attribute"\n' def test_equal_sign(host): i2_file = host.file("/tmp/equal_sign") print(i2_file.content_string) assert i2_file.is_file - assert i2_file.content_string == "\n[section]\ntest = 'equal=sign'\n" + assert i2_file.content_string == '\n[section]\ntest = "equal=sign"\n' diff --git a/roles/icingaweb2/templates/ini_template.j2 b/roles/icingaweb2/templates/ini_template.j2 index 21b44bc2..f5ec9ac5 100644 --- a/roles/icingaweb2/templates/ini_template.j2 +++ b/roles/icingaweb2/templates/ini_template.j2 @@ -7,8 +7,8 @@ {{ option }} = "{{ value }}" {% elif value is iterable and (value is not string and value is not mapping) %} {{ option }} = "{{ value | join(', ') }}" -{% elif ( value is string and ( "=" in value or "!" in value ) )%} -{{ option }} = '{{ value }}' +{% elif ( value is string and ( "=" in value or "!" in value or " " in value ) )%} +{{ option }} = "{{ value }}" {% else %} {{ option }} = {{ value }} {% endif %} From ae7093ac2632862f284627e140eb7e015b2d17ad Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Wed, 31 Jul 2024 15:05:59 +0200 Subject: [PATCH 47/58] Use correct variable for insecure tls connection The value of `icingadb_database_tls_insecure` is meant to be used in the IcingaDB config template if the variable is defined. Prior to this change the condition checked against `icingadb_database_tls_insecure` while the used value was `icingadb_database_insecure`. Both cases now refer to `icingadb_database_tls_insecure`. Fixes #302 --- changelogs/fragments/fix_issue_302.yml | 2 ++ roles/icingadb/templates/icingadb.ini.j2 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/fix_issue_302.yml diff --git a/changelogs/fragments/fix_issue_302.yml b/changelogs/fragments/fix_issue_302.yml new file mode 100644 index 00000000..b00cd4bf --- /dev/null +++ b/changelogs/fragments/fix_issue_302.yml @@ -0,0 +1,2 @@ +bugfixes: + - "The Icinga DB config template used two different variables to configure (in)secure TLS communication with the database. It now uses :code:`icingadb_database_tls_insecure` for both the condition and as the actual value (#302)." diff --git a/roles/icingadb/templates/icingadb.ini.j2 b/roles/icingadb/templates/icingadb.ini.j2 index cf012ac1..5cedae94 100644 --- a/roles/icingadb/templates/icingadb.ini.j2 +++ b/roles/icingadb/templates/icingadb.ini.j2 @@ -24,7 +24,7 @@ database: ca: {{ icingadb_database_ca }} {% endif %} {% if icingadb_database_tls_insecure is defined %} - insecure: {{ icingadb_database_insecure }} + insecure: {{ icingadb_database_tls_insecure }} {% endif %} From 0e683cd76b6c6dbe8daa32841d60839424249243 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 1 Aug 2024 10:47:24 +0200 Subject: [PATCH 48/58] Fix typo and adjust wording in documentation --- doc/role-icinga2/objects.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/role-icinga2/objects.md b/doc/role-icinga2/objects.md index 3a191581..180f053f 100644 --- a/doc/role-icinga2/objects.md +++ b/doc/role-icinga2/objects.md @@ -58,12 +58,12 @@ webserver.example.org: In the above case the list `icinga2_objects` will only be deployed as configuration on host `webserver.example.org`. -Additonally, the list `icinga2_objects` from within a play's `vars` key will be merged with each host's individual objects. +Additionally, the list `icinga2_objects` from within a play's `vars` key will be merged with each host's individual objects. ### Icinga2 Objects in Play Vars If you need to deploy certain Icinga 2 objects on every host in your play, you can define the variable `icinga2_objects` as a list within your play's `vars` key. -This makes sure that, **in addition** to the individual host's objects, there is a common set of objects between your hosts. +This ensures that, **in addition** to the individual host's objects, there is a common set of objects between your hosts. Example defining the variable within your play's vars: From 9a0e874800e093fcdc57e46b29c8e70326e9999e Mon Sep 17 00:00:00 2001 From: "Thilo W." Date: Thu, 1 Aug 2024 13:13:56 +0200 Subject: [PATCH 49/58] split up ini_template tests for each version. (#316) Cleanup old versions --- .../test_icingaweb2_ini_template.yml | 92 ++++++++++++++++++- ...-2.13.10.txt => requirements-test-2.15.txt | 4 +- requirements-test-2.16.4.txt | 5 - ...t-2.14.7.txt => requirements-test-2.16.txt | 2 +- ...t-2.16.2.txt => requirements-test-2.17.txt | 4 +- 5 files changed, 94 insertions(+), 13 deletions(-) rename requirements-test-2.13.10.txt => requirements-test-2.15.txt (68%) delete mode 100644 requirements-test-2.16.4.txt rename requirements-test-2.14.7.txt => requirements-test-2.16.txt (68%) rename requirements-test-2.16.2.txt => requirements-test-2.17.txt (68%) diff --git a/.github/workflows/test_icingaweb2_ini_template.yml b/.github/workflows/test_icingaweb2_ini_template.yml index 91c4c226..578e4e47 100644 --- a/.github/workflows/test_icingaweb2_ini_template.yml +++ b/.github/workflows/test_icingaweb2_ini_template.yml @@ -20,7 +20,7 @@ on: - '!doc/**' jobs: - test_ini_template: + test_ini_template_2_15: runs-on: ubuntu-latest env: @@ -32,8 +32,94 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - python: ['3.9', '3.10'] - ansible: ['2.13.10', '2.14.7', '2.16.4'] + python: ['3.9','3.10','3.11'] + ansible: ['2.15'] + scenario: [ini-configuration-tests] + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python }} + + - name: Install dependencies ansible + run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements-test-${{ matrix.ansible }}.txt + + - name: Install collection + run: | + mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE + cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME + + - name: Test with molecule + run: | + ansible --version + molecule --version + molecule test -s ${{ matrix.scenario }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} + + test_ini_template_2_16: + runs-on: ubuntu-latest + + env: + COLLECTION_NAMESPACE: icinga + COLLECTION_NAME: icinga + + strategy: + fail-fast: false + max-parallel: 1 + matrix: + distro: [ubuntu2204] + python: ['3.10','3.11','3.12'] + ansible: ['2.16'] + scenario: [ini-configuration-tests] + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python }} + + - name: Install dependencies ansible + run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r requirements-test-${{ matrix.ansible }}.txt + + - name: Install collection + run: | + mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE + cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME + + - name: Test with molecule + run: | + ansible --version + molecule --version + molecule test -s ${{ matrix.scenario }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} + + test_ini_template_2_17: + runs-on: ubuntu-latest + + env: + COLLECTION_NAMESPACE: icinga + COLLECTION_NAME: icinga + + strategy: + fail-fast: false + max-parallel: 1 + matrix: + distro: [ubuntu2204] + python: ['3.10','3.11','3.12'] + ansible: ['2.17'] scenario: [ini-configuration-tests] steps: diff --git a/requirements-test-2.13.10.txt b/requirements-test-2.15.txt similarity index 68% rename from requirements-test-2.13.10.txt rename to requirements-test-2.15.txt index 5bf382de..e38e9026 100644 --- a/requirements-test-2.13.10.txt +++ b/requirements-test-2.15.txt @@ -1,5 +1,5 @@ -ansible-core==2.13.10 -ansible-lint +ansible-core>=2.15,<2.16 molecule +ansible-lint molecule-docker pytest-testinfra diff --git a/requirements-test-2.16.4.txt b/requirements-test-2.16.4.txt deleted file mode 100644 index 74ef23ff..00000000 --- a/requirements-test-2.16.4.txt +++ /dev/null @@ -1,5 +0,0 @@ -ansible-core==2.16.4 -molecule -ansible-lint -molecule-docker -pytest-testinfra diff --git a/requirements-test-2.14.7.txt b/requirements-test-2.16.txt similarity index 68% rename from requirements-test-2.14.7.txt rename to requirements-test-2.16.txt index 92b9cd43..92ce786c 100644 --- a/requirements-test-2.14.7.txt +++ b/requirements-test-2.16.txt @@ -1,4 +1,4 @@ -ansible-core==2.14.7 +ansible-core>=2.16,<2.17 ansible-lint molecule molecule-docker diff --git a/requirements-test-2.16.2.txt b/requirements-test-2.17.txt similarity index 68% rename from requirements-test-2.16.2.txt rename to requirements-test-2.17.txt index 9332828e..5c4c24ff 100644 --- a/requirements-test-2.16.2.txt +++ b/requirements-test-2.17.txt @@ -1,5 +1,5 @@ -ansible-core==2.16.2 -ansible-lint +ansible-core>=2.17,<2.18 molecule +ansible-lint molecule-docker pytest-testinfra From 9b98847cdebe5e1543e60fb0d02e203d9756feef Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Wed, 9 Oct 2024 13:44:47 +0200 Subject: [PATCH 50/58] Increase versions in GitHub workflows --- .github/workflows/build.yml | 4 ++-- .github/workflows/role-icingadb.yml | 4 ++-- .github/workflows/role-icingadb_redis.yml | 4 ++-- .github/workflows/role-icingaweb2.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 03ba1fe4..e4428c05 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,8 +32,8 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - python: ['3.9', '3.10'] - ansible: ['2.13.10', '2.14.7'] + python: ['3.10', '3.11'] + ansible: ['2.15', '2.16', '2.17'] scenario: [default] steps: diff --git a/.github/workflows/role-icingadb.yml b/.github/workflows/role-icingadb.yml index 87f1edfb..0d7547c4 100644 --- a/.github/workflows/role-icingadb.yml +++ b/.github/workflows/role-icingadb.yml @@ -34,8 +34,8 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - python: ['3.10'] - ansible: ['2.16.2'] + python: ['3.12'] + ansible: ['2.17'] scenario: [role-icingadb] steps: diff --git a/.github/workflows/role-icingadb_redis.yml b/.github/workflows/role-icingadb_redis.yml index 4a91e826..8379be65 100644 --- a/.github/workflows/role-icingadb_redis.yml +++ b/.github/workflows/role-icingadb_redis.yml @@ -34,8 +34,8 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - python: ['3.10'] - ansible: ['2.16.2'] + python: ['3.12'] + ansible: ['2.17'] scenario: [role-icingadb_redis] steps: diff --git a/.github/workflows/role-icingaweb2.yml b/.github/workflows/role-icingaweb2.yml index 8ec4f442..b68f45c1 100644 --- a/.github/workflows/role-icingaweb2.yml +++ b/.github/workflows/role-icingaweb2.yml @@ -34,8 +34,8 @@ jobs: max-parallel: 1 matrix: distro: [ubuntu2204] - python: ['3.10'] - ansible: ['2.16.2'] + python: ['3.12'] + ansible: ['2.17'] scenario: [role-icingaweb2] steps: From 9639fb7682b2fba72fa02d49c21a415c72261ba5 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Wed, 9 Oct 2024 14:01:28 +0200 Subject: [PATCH 51/58] Fix bad variable expansion concerning vars['var'] (#293) Fix bad variable expansion concerning vars['var'] --- changelogs/fragments/fix_variable_expansion_breaks.yml | 2 ++ roles/icingaweb2/tasks/manage_icingaweb_config.yml | 2 +- roles/icingaweb2/tasks/modules/businessprocess.yml | 4 ++-- roles/icingaweb2/tasks/modules/director.yml | 10 +++++----- roles/icingaweb2/tasks/modules/monitoring.yml | 2 +- 5 files changed, 11 insertions(+), 9 deletions(-) create mode 100644 changelogs/fragments/fix_variable_expansion_breaks.yml diff --git a/changelogs/fragments/fix_variable_expansion_breaks.yml b/changelogs/fragments/fix_variable_expansion_breaks.yml new file mode 100644 index 00000000..9c6de783 --- /dev/null +++ b/changelogs/fragments/fix_variable_expansion_breaks.yml @@ -0,0 +1,2 @@ +bugfixes: + - Changed variable lookups in the form of `vars['variablename']` to `variablename` to avoid explicitly looking up the `vars` key of a play. diff --git a/roles/icingaweb2/tasks/manage_icingaweb_config.yml b/roles/icingaweb2/tasks/manage_icingaweb_config.yml index 517afbf1..6a924df4 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_config.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_config.yml @@ -45,7 +45,7 @@ - authentication - groups vars: - _i2_config_hash: "{{ vars['icingaweb2_' + item] }}" + _i2_config_hash: "{{ lookup('ansible.builtin.vars', 'icingaweb2_' + item) }}" - name: Prepare config hash ansible.builtin.set_fact: diff --git a/roles/icingaweb2/tasks/modules/businessprocess.yml b/roles/icingaweb2/tasks/modules/businessprocess.yml index 72c1f5b1..908a380c 100644 --- a/roles/icingaweb2/tasks/modules/businessprocess.yml +++ b/roles/icingaweb2/tasks/modules/businessprocess.yml @@ -20,9 +20,9 @@ group: "{{ icingaweb2_group }}" src: "files/{{ _file.src_path }}" dest: "{{ icingaweb2_modules_config_dir }}/{{ item.key }}/processes/{{ _file.name }}" - when: vars['icingaweb2_modules'][_module]['custom_process_files'] is defined + when: icingaweb2_modules[_module]['custom_process_files'] is defined loop: "{{ icingaweb2_modules[_module].custom_process_files }}" loop_control: loop_var: _file vars: - _module: "{{ item.key }}" \ No newline at end of file + _module: "{{ item.key }}" diff --git a/roles/icingaweb2/tasks/modules/director.yml b/roles/icingaweb2/tasks/modules/director.yml index 378ef904..640a38c1 100644 --- a/roles/icingaweb2/tasks/modules/director.yml +++ b/roles/icingaweb2/tasks/modules/director.yml @@ -12,7 +12,7 @@ loop: "{{ _files }}" loop_control: loop_var: _file - when: vars['icingaweb2_modules'][_module][_file] is defined + when: icingaweb2_modules[_module][_file] is defined vars: _module: "{{ item.key }}" _files: @@ -25,12 +25,12 @@ register: _pending changed_when: _pending.rc|int == 0 failed_when: _pending.stdout|length > 0 - when: vars['icingaweb2_modules']['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and vars['icingaweb2_modules']['director']['config'] is defined + when: icingaweb2_modules['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and icingaweb2_modules['director']['config'] is defined - name: Module Director | Apply pending migrations # noqa: command-instead-of-shell ansible.builtin.shell: cmd: icingacli director migration run - when: vars['icingaweb2_modules']['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and vars['icingaweb2_modules']['director']['config'] is defined and _pending.rc|int == 0 + when: icingaweb2_modules['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and icingaweb2_modules['director']['config'] is defined and _pending.rc|int == 0 - name: Module Director | Check if kickstart is required # noqa: command-instead-of-shell ansible.builtin.shell: @@ -38,12 +38,12 @@ register: _required changed_when: _required.rc|int == 0 failed_when: _required.rc|int >= 2 - when: vars['icingaweb2_modules']['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and vars['icingaweb2_modules']['director']['kickstart'] is defined + when: icingaweb2_modules['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and icingaweb2_modules['director']['kickstart'] is defined - name: Module Director | Run kickstart if required # noqa: command-instead-of-shell ansible.builtin.shell: cmd: icingacli director kickstart run - when: vars['icingaweb2_modules']['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and vars['icingaweb2_modules']['director']['kickstart'] is defined and _required.rc|int == 0 + when: icingaweb2_modules['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and icingaweb2_modules['director']['kickstart'] is defined and _required.rc|int == 0 - name: Module Director | Ensure installation from source is complete when: icingaweb2_modules['director']['source'] == 'git' diff --git a/roles/icingaweb2/tasks/modules/monitoring.yml b/roles/icingaweb2/tasks/modules/monitoring.yml index 3ef79c1a..afc3df69 100644 --- a/roles/icingaweb2/tasks/modules/monitoring.yml +++ b/roles/icingaweb2/tasks/modules/monitoring.yml @@ -11,7 +11,7 @@ loop: "{{ _files }}" loop_control: loop_var: _file - when: vars['icingaweb2_modules'][_module][_file] is defined + when: icingaweb2_modules[_module][_file] is defined vars: _module: "{{ item.key }}" _files: From 79f470245feacd9ff9310ebce07b44904c58f3f7 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Wed, 9 Oct 2024 15:37:58 +0200 Subject: [PATCH 52/58] Add documentation for Icinga Web 2 authentication This adds some documentation regarding user and group authentication backends and how to use their respective variables. Fixes #318 --- doc/role-icingaweb2/role-icingaweb2.md | 80 +++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/doc/role-icingaweb2/role-icingaweb2.md b/doc/role-icingaweb2/role-icingaweb2.md index bff00b7c..93bcbd03 100644 --- a/doc/role-icingaweb2/role-icingaweb2.md +++ b/doc/role-icingaweb2/role-icingaweb2.md @@ -32,7 +32,7 @@ icingaweb2_db: * `icingaweb2_admin_: string` * Set the username and password for the first admin user for Icinga Web 2. -#### Resources +### Resources Besides the standard Icinga Web 2 database you may configure additional resources for IcingaDB or automated imports. @@ -51,3 +51,81 @@ icingaweb2_resources: type: ldap [...] ``` + +### General Configuration + +The general configuration of Icinga Web 2 is located at `{{ icingaweb2_config_dir }}/config.ini`. +To create the file the following variable is used (default): + +``` +icingaweb2_config: + global: + show_stacktraces: 1 + show_application_state_messages: 1 + config_resource: icingaweb2_db + module_path: /usr/share/icingaweb2/modules + logging: + log: syslog + level: ERROR + application: icingaweb2 + facility: user + themes: + default: Icinga +``` + +Within a task the YAML structure is effectively translated to INI and written to `{{ icingaweb2_config_dir }}/config.ini`. + +Explained: + +* `icingaweb2_config` defines the file to be written (`config.ini`) +* `global`, `logging` and `themes` are the names of the respective sections within the INI file +* Everything underneath each key / section is a key value pair for the given section within the INI file + +So the above YAML results in: + +``` +[global] +show_stacktraces = "1" +show_application_state_messages = "1" +config_resource = icingaweb2_db +module_path = /usr/share/icingaweb2/modules + +[logging] +log = syslog +level = ERROR +application = icingaweb2 +facility = user + +[themes] +default = Icinga +``` + +For more information about the general configuration have a look at the [official documentation](https://icinga.com/docs/icinga-web/latest/doc/03-Configuration/#general-configuration). + +### Authentication + +At least one method of user authentication needs to be configured in order to use Icinga Web 2. This is achieved by defining `icingaweb2_authentication`. +By default the following is set: + +``` +icingaweb2_authentication: + icingaweb2: + backend: db + resource: icingaweb2_db +``` + +This is also converted to INI and written to `{{ icingaweb2_config_dir }}/authentication.ini` + +--- + +Similar to the above snippet group backends can also be defined using `icingaweb2_groups`. +Default: + +``` +icingaweb2_groups: + icingaweb2: + backend: db + resource: icingaweb2_db +``` + +For more information about key value pairs for different authentication methods see the [official documentation](https://icinga.com/docs/icinga-web/latest/doc/05-Authentication/). From 525e734832f171f6087e99fc0207286a57c45894 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 10 Oct 2024 10:09:04 +0200 Subject: [PATCH 53/58] Move package variables to defaults [Icinga 2] --- roles/icinga2/defaults/main.yml | 1 + roles/icinga2/tasks/install_on_Debian.yml | 2 +- roles/icinga2/tasks/install_on_RedHat.yml | 4 ++-- roles/icinga2/tasks/install_on_Suse.yml | 2 +- roles/icinga2/vars/Debian.yml | 2 +- roles/icinga2/vars/RedHat.yml | 2 +- roles/icinga2/vars/Suse-12.yml | 2 +- roles/icinga2/vars/Suse.yml | 2 +- 8 files changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/icinga2/defaults/main.yml b/roles/icinga2/defaults/main.yml index af57d1cb..20d499b2 100644 --- a/roles/icinga2/defaults/main.yml +++ b/roles/icinga2/defaults/main.yml @@ -1,4 +1,5 @@ --- +icinga2_packages: ["icinga2"] icinga2_state: started icinga2_enabled: true icinga2_confd: true diff --git a/roles/icinga2/tasks/install_on_Debian.yml b/roles/icinga2/tasks/install_on_Debian.yml index 7594b554..f787d3e9 100644 --- a/roles/icinga2/tasks/install_on_Debian.yml +++ b/roles/icinga2/tasks/install_on_Debian.yml @@ -1,5 +1,5 @@ --- - name: Apt - install package icinga2 ansible.builtin.apt: - pkg: "{{ icinga2_packages }}" + pkg: "{{ icinga2_packages + icinga2_packages_dependencies }}" state: present diff --git a/roles/icinga2/tasks/install_on_RedHat.yml b/roles/icinga2/tasks/install_on_RedHat.yml index 56313f0c..42447ecf 100644 --- a/roles/icinga2/tasks/install_on_RedHat.yml +++ b/roles/icinga2/tasks/install_on_RedHat.yml @@ -1,8 +1,8 @@ - name: Yum - install package icinga2 ansible.builtin.yum: - name: "{{ icinga2_packages }}" + name: "{{ icinga2_packages + icinga2_packages_dependencies }}" state: present - + - name: Yum - install package icinga2-selinux ansible.builtin.yum: name: icinga2-selinux diff --git a/roles/icinga2/tasks/install_on_Suse.yml b/roles/icinga2/tasks/install_on_Suse.yml index 9b7fb34b..650a9735 100644 --- a/roles/icinga2/tasks/install_on_Suse.yml +++ b/roles/icinga2/tasks/install_on_Suse.yml @@ -1,7 +1,7 @@ --- - name: Zypper - install package icinga2 community.general.zypper: - name: "{{ icinga2_packages }}" + name: "{{ icinga2_packages + icinga2_packages_dependencies }}" state: present - name: Zypper - install package icinga2-selinux diff --git a/roles/icinga2/vars/Debian.yml b/roles/icinga2/vars/Debian.yml index f4e03517..2ef068e8 100644 --- a/roles/icinga2/vars/Debian.yml +++ b/roles/icinga2/vars/Debian.yml @@ -1,5 +1,5 @@ --- -icinga2_packages: ["icinga2"] +icinga2_packages_dependencies: [] icinga2_user: nagios icinga2_group: nagios icinga2_config_path: /etc/icinga2 diff --git a/roles/icinga2/vars/RedHat.yml b/roles/icinga2/vars/RedHat.yml index d3844917..12e66d49 100644 --- a/roles/icinga2/vars/RedHat.yml +++ b/roles/icinga2/vars/RedHat.yml @@ -1,5 +1,5 @@ --- -icinga2_packages: ["icinga2"] +icinga2_packages_dependencies: [] icinga2_user: icinga icinga2_group: icinga icinga2_config_path: /etc/icinga2 diff --git a/roles/icinga2/vars/Suse-12.yml b/roles/icinga2/vars/Suse-12.yml index 65a5aed1..7d4206ed 100644 --- a/roles/icinga2/vars/Suse-12.yml +++ b/roles/icinga2/vars/Suse-12.yml @@ -1,5 +1,5 @@ --- -icinga2_packages: ["icinga2","libboost_regex1_54_0"] +icinga2_packages_dependencies: ["libboost_regex1_54_0"] icinga2_user: icinga icinga2_group: icinga icinga2_config_path: /etc/icinga2 diff --git a/roles/icinga2/vars/Suse.yml b/roles/icinga2/vars/Suse.yml index cfdff9ee..798c6b96 100644 --- a/roles/icinga2/vars/Suse.yml +++ b/roles/icinga2/vars/Suse.yml @@ -1,5 +1,5 @@ --- -icinga2_packages: ["icinga2","libboost_regex1_66_0"] +icinga2_packages_dependencies: ["libboost_regex1_66_0"] icinga2_user: icinga icinga2_group: icinga icinga2_config_path: /etc/icinga2 From 5cab00590722f2f96374faf3eb826829d3698997 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 10 Oct 2024 10:23:41 +0200 Subject: [PATCH 54/58] Move packages variables to defaults [Icinga Web 2] --- roles/icingaweb2/README.md | 3 +++ roles/icingaweb2/defaults/main.yml | 1 + roles/icingaweb2/tasks/install_on_debian.yml | 2 +- roles/icingaweb2/tasks/install_on_redhat.yml | 2 +- roles/icingaweb2/tasks/install_on_suse.yml | 2 +- roles/icingaweb2/vars/debian-ubuntu.yml | 2 +- roles/icingaweb2/vars/debian.yml | 2 +- roles/icingaweb2/vars/redhat.yml | 2 +- roles/icingaweb2/vars/suse.yml | 2 +- 9 files changed, 11 insertions(+), 7 deletions(-) create mode 100644 roles/icingaweb2/README.md diff --git a/roles/icingaweb2/README.md b/roles/icingaweb2/README.md new file mode 100644 index 00000000..7fc3379d --- /dev/null +++ b/roles/icingaweb2/README.md @@ -0,0 +1,3 @@ +### Workaround Missing README + +Issue: https://github.com/ansible/galaxy/issues/2438 diff --git a/roles/icingaweb2/defaults/main.yml b/roles/icingaweb2/defaults/main.yml index b0034f14..3e9d913e 100644 --- a/roles/icingaweb2/defaults/main.yml +++ b/roles/icingaweb2/defaults/main.yml @@ -1,3 +1,4 @@ +icingaweb2_packages: ["icingaweb2", "icingacli"] icingaweb2_config_dir: /etc/icingaweb2 icingaweb2_group: icingaweb2 icingaweb2_modules_config_dir: "{{ icingaweb2_config_dir }}/modules" diff --git a/roles/icingaweb2/tasks/install_on_debian.yml b/roles/icingaweb2/tasks/install_on_debian.yml index 621078ca..7b500e9a 100644 --- a/roles/icingaweb2/tasks/install_on_debian.yml +++ b/roles/icingaweb2/tasks/install_on_debian.yml @@ -1,6 +1,6 @@ --- - name: Debian - Install Icinga Web 2 packages ansible.builtin.apt: - name: "{{ icingaweb2_packages }}" + name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}" state: present update_cache: True diff --git a/roles/icingaweb2/tasks/install_on_redhat.yml b/roles/icingaweb2/tasks/install_on_redhat.yml index cd706311..e0ca4eda 100644 --- a/roles/icingaweb2/tasks/install_on_redhat.yml +++ b/roles/icingaweb2/tasks/install_on_redhat.yml @@ -1,5 +1,5 @@ --- - name: RedHat - Install Icinga Web 2 packages ansible.builtin.yum: - name: "{{ icingaweb2_packages }}" + name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}" state: present diff --git a/roles/icingaweb2/tasks/install_on_suse.yml b/roles/icingaweb2/tasks/install_on_suse.yml index b8588c5b..4d110226 100644 --- a/roles/icingaweb2/tasks/install_on_suse.yml +++ b/roles/icingaweb2/tasks/install_on_suse.yml @@ -1,5 +1,5 @@ --- - name: Suse - Install Icinga Web 2 packages community.general.zypper: - name: "{{ icingaweb2_packages }}" + name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}" state: present diff --git a/roles/icingaweb2/vars/debian-ubuntu.yml b/roles/icingaweb2/vars/debian-ubuntu.yml index 10b89b9c..61e286d9 100644 --- a/roles/icingaweb2/vars/debian-ubuntu.yml +++ b/roles/icingaweb2/vars/debian-ubuntu.yml @@ -1,3 +1,3 @@ icingaweb2_httpd_user: www-data icingaweb2_fragments_path: /var/tmp/icingaweb -icingaweb2_packages: ["icingaweb2","icingacli","libapache2-mod-php"] +icingaweb2_packages_dependencies: ["libapache2-mod-php"] diff --git a/roles/icingaweb2/vars/debian.yml b/roles/icingaweb2/vars/debian.yml index 081fe9e9..6c08db22 100644 --- a/roles/icingaweb2/vars/debian.yml +++ b/roles/icingaweb2/vars/debian.yml @@ -1,3 +1,3 @@ icingaweb2_httpd_user: www-data icingaweb2_fragments_path: /var/tmp/icingaweb -icingaweb2_packages: ["icingaweb2", "icingacli"] +icingaweb2_packages_dependencies: [] diff --git a/roles/icingaweb2/vars/redhat.yml b/roles/icingaweb2/vars/redhat.yml index 38ea1bbd..e13f0c5f 100644 --- a/roles/icingaweb2/vars/redhat.yml +++ b/roles/icingaweb2/vars/redhat.yml @@ -1,4 +1,4 @@ --- icingaweb2_httpd_user: apache icingaweb2_fragments_path: /var/tmp/icingaweb -icingaweb2_packages: ["icingaweb2", "icingacli", "icingaweb2-selinux"] +icingaweb2_packages_dependencies: ["icingaweb2-selinux"] diff --git a/roles/icingaweb2/vars/suse.yml b/roles/icingaweb2/vars/suse.yml index ed99ea69..d4ee5f47 100644 --- a/roles/icingaweb2/vars/suse.yml +++ b/roles/icingaweb2/vars/suse.yml @@ -1,4 +1,4 @@ --- icingaweb2_httpd_user: wwwrun icingaweb2_fragments_path: /var/tmp/icingaweb -icingaweb2_packages: ["icingaweb2", "icingacli"] +icingaweb2_packages_dependencies: [] From 220913e755c3e901ea252d52f4895cdc5d642875 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 10 Oct 2024 11:46:04 +0200 Subject: [PATCH 55/58] Remove unnecessary loops in package installation --- roles/icingadb_redis/tasks/install_on_debian.yml | 3 +-- roles/icingadb_redis/tasks/install_on_redhat.yml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/icingadb_redis/tasks/install_on_debian.yml b/roles/icingadb_redis/tasks/install_on_debian.yml index 208beb53..6257666d 100644 --- a/roles/icingadb_redis/tasks/install_on_debian.yml +++ b/roles/icingadb_redis/tasks/install_on_debian.yml @@ -1,9 +1,8 @@ --- - name: Debian - Install IcingaDB Redis packages ansible.builtin.apt: - name: "{{ item }}" + name: "{{ icingadb_redis_packages }}" state: present - loop: "{{ icingadb_redis_packages }}" - name: Debian - Ensure log directory exists when: diff --git a/roles/icingadb_redis/tasks/install_on_redhat.yml b/roles/icingadb_redis/tasks/install_on_redhat.yml index a4205152..9e15b824 100644 --- a/roles/icingadb_redis/tasks/install_on_redhat.yml +++ b/roles/icingadb_redis/tasks/install_on_redhat.yml @@ -1,9 +1,8 @@ --- - name: RedHat - install icingadb packages ansible.builtin.yum: - name: "{{ item }}" + name: "{{ icingadb_redis_packages }}" state: present - loop: "{{ icingadb_redis_packages }}" - name: RedHat - Ensure log directory exists when: From 4a58ebbbb66cc0082a2735718b54e80a446b9d95 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 10 Oct 2024 14:08:31 +0200 Subject: [PATCH 56/58] Fix bug where known but unavailable plugins would not be skipped Fixes #327 --- .../fragments/fix_327_unavailable_plugin.yml | 3 +++ roles/monitoring_plugins/tasks/main.yml | 18 +++++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) create mode 100644 changelogs/fragments/fix_327_unavailable_plugin.yml diff --git a/changelogs/fragments/fix_327_unavailable_plugin.yml b/changelogs/fragments/fix_327_unavailable_plugin.yml new file mode 100644 index 00000000..201c66cb --- /dev/null +++ b/changelogs/fragments/fix_327_unavailable_plugin.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Fixed a bug in :code:`monitoring_plugins` where a requested plugin that is **unavailable** would cause a failure even though it is a **known** plugin and should be skipped (#327). diff --git a/roles/monitoring_plugins/tasks/main.yml b/roles/monitoring_plugins/tasks/main.yml index e48ecaf2..4d40153a 100644 --- a/roles/monitoring_plugins/tasks/main.yml +++ b/roles/monitoring_plugins/tasks/main.yml @@ -23,6 +23,15 @@ paths: - "{{ role_path }}/vars" +- name: Make sure that check plugins are requested and that they are defined + assert: + that: + - icinga_monitoring_plugins_check_commands is defined + - diff | length == 0 + fail_msg: "The following requested check command names (variable 'icinga_monitoring_plugins_check_commands') are not recognized as available check plugins on this host: {{ diff }}" + vars: + diff: "{{ icinga_monitoring_plugins_check_commands | default([]) | difference(icinga_monitoring_plugins_available_packages | map(attribute='name') | list) | difference(['all']) }}" + - name: Clean up variable discrepancy - remove entries set_fact: icinga_monitoring_plugins_available_packages: "{{ icinga_monitoring_plugins_available_packages | difference(icinga_monitoring_plugins_available_packages_exclude) }}" @@ -33,15 +42,6 @@ icinga_monitoring_plugins_available_packages: "{{ icinga_monitoring_plugins_available_packages + icinga_monitoring_plugins_available_packages_include }}" when: icinga_monitoring_plugins_available_packages_include is defined -- name: Make sure that check plugins are requested and that they are defined - assert: - that: - - icinga_monitoring_plugins_check_commands is defined - - diff | length == 0 - fail_msg: "The following requested check command names (variable 'icinga_monitoring_plugins_check_commands') are not recognized as available check plugins on this host: {{ diff }}" - vars: - diff: "{{ icinga_monitoring_plugins_check_commands | default([]) | difference(icinga_monitoring_plugins_available_packages | map(attribute='name') | list) | difference(['all']) }}" - - name: Create list of packages to be installed set_fact: needed_packages: "{{ icinga_monitoring_plugins_available_packages | map(attribute='pkg_name') if 'all' in icinga_monitoring_plugins_check_commands else (needed_packages | default([]) + (icinga_monitoring_plugins_available_packages | selectattr('name','equalto', item) | map(attribute='pkg_name') | list)) | unique }}" From 3ed368755b01dd3866d3cc47030b9e0a1721c531 Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 10 Oct 2024 17:08:27 +0200 Subject: [PATCH 57/58] Add support for Suse in role 'monitoring_plugins' (#328) Add support for Suse in role 'monitoring_plugins' --- .../feature_monitoring_plugins_suse.yml | 3 + .../check_command_list.md | 124 +++++++++--------- .../role-monitoring_plugins.md | 2 + .../tasks/install_on_Suse.yml | 23 ++++ roles/monitoring_plugins/vars/Suse.yml | 123 +++++++++++++++++ 5 files changed, 213 insertions(+), 62 deletions(-) create mode 100644 changelogs/fragments/feature_monitoring_plugins_suse.yml create mode 100644 roles/monitoring_plugins/tasks/install_on_Suse.yml create mode 100644 roles/monitoring_plugins/vars/Suse.yml diff --git a/changelogs/fragments/feature_monitoring_plugins_suse.yml b/changelogs/fragments/feature_monitoring_plugins_suse.yml new file mode 100644 index 00000000..1303a84c --- /dev/null +++ b/changelogs/fragments/feature_monitoring_plugins_suse.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - Add support for Suse in the :code:`monitoring_plugins` role. diff --git a/doc/role-monitoring_plugins/check_command_list.md b/doc/role-monitoring_plugins/check_command_list.md index 05633f90..131b6ef8 100644 --- a/doc/role-monitoring_plugins/check_command_list.md +++ b/doc/role-monitoring_plugins/check_command_list.md @@ -1,68 +1,68 @@ # Available Check Commands -Here is a list of the available check commands and the packages they correspond to for Debian and RedHat based systems. +Here is a list of the available check commands and the packages they correspond to for Debian, RedHat and Suse based systems. Depending on the major version some packages might not be available. For example `nagios-plugins-game` is available using Enterprise Linux **7** and **9** but not using Enterprise Linux **8**. -A run will **not** fail because of that. Those requested checks are silently skipped. +A run will **not** fail because of that. Those requested checks are silently skipped. -Version specific differences in package names are also accounted for. +Version specific differences in package names are also accounted for. -| Check Command Name | Debian Package | RedHat Package | -| --- | --- | --- | -| apt | monitoring-plugins-basic | nagios-plugins-apt | -| breeze | monitoring-plugins-standard | nagios-plugins-breeze | -| by_ssh | monitoring-plugins-basic | nagios-plugins-by_ssh | -| clamd | monitoring-plugins-basic | nagios-plugins-tcp | -| dhcp | monitoring-plugins-basic | nagios-plugins-dhcp | -| dig | monitoring-plugins-standard | nagios-plugins-dig | -| disk | monitoring-plugins-basic | nagios-plugins-disk | -| disk_smb | monitoring-plugins-standard | nagios-plugins-disk_smb | -| dns | monitoring-plugins-standard | nagios-plugins-dns | -| file_age | monitoring-plugins-basic | nagios-plugins-file_age | -| flexlm | monitoring-plugins-standard | nagios-plugins-flexlm | -| fping | monitoring-plugins-standard | nagios-plugins-fping | -| fping4 | monitoring-plugins-standard | nagios-plugins-fping | -| fping6 | monitoring-plugins-standard | nagios-plugins-fping | -| ftp | monitoring-plugins-basic | nagios-plugins-tcp | -| game | monitoring-plugins-standard | nagios-plugins-game | -| hostalive | monitoring-plugins-basic | nagios-plugins-ping | -| hostalive4 | monitoring-plugins-basic | nagios-plugins-ping | -| hostalive6 | monitoring-plugins-basic | nagios-plugins-ping | -| hpjd | monitoring-plugins-standard | nagios-plugins-hpjd | -| http | monitoring-plugins-basic | nagios-plugins-http | -| icmp | monitoring-plugins-basic | nagios-plugins-icmp | -| imap | monitoring-plugins-basic | nagios-plugins-tcp | -| ldap | monitoring-plugins-standard | nagios-plugins-ldap | -| load | monitoring-plugins-basic | nagios-plugins-load | -| mailq | monitoring-plugins-standard | nagios-plugins-mailq | -| mysql | monitoring-plugins-standard | nagios-plugins-mysql | -| mysql_query | monitoring-plugins-standard | nagios-plugins-mysql | -| negate | monitoring-plugins-common | nagios-plugins | -| nrpe | nagios-nrpe-plugin | nagios-plugins-nrpe | -| nscp | monitoring-plugins-basic | nagios-plugins-nt | -| ntp_peer | monitoring-plugins-basic | nagios-plugins-ntp | -| ntp_time | monitoring-plugins-basic | nagios-plugins-ntp | -| pgsql | monitoring-plugins-standard | nagios-plugins-pgsql | -| ping | monitoring-plugins-basic | nagios-plugins-ping | -| ping4 | monitoring-plugins-basic | nagios-plugins-ping | -| ping6 | monitoring-plugins-basic | nagios-plugins-ping | -| pop | monitoring-plugins-basic | nagios-plugins-tcp | -| procs | monitoring-plugins-basic | nagios-plugins-procs | -| radius | monitoring-plugins-standard | nagios-plugins-radius | -| rpc | monitoring-plugins-standard | nagios-plugins-rpc | -| simap | monitoring-plugins-basic | nagios-plugins-tcp | -| smart | monitoring-plugins-basic | nagios-plugins-ide_smart | -| smtp | monitoring-plugins-basic | nagios-plugins-smtp | -| snmp | monitoring-plugins-standard | nagios-plugins-snmp | -| snmpv3 | monitoring-plugins-standard | nagios-plugins-snmp | -| snmp-uptime | monitoring-plugins-standard | nagios-plugins-snmp | -| spop | monitoring-plugins-basic | nagios-plugins-tcp | -| ssh | monitoring-plugins-basic | nagios-plugins-ssh | -| ssl | monitoring-plugins-basic | nagios-plugins-tcp | -| ssmtp | monitoring-plugins-basic | nagios-plugins-tcp | -| swap | monitoring-plugins-basic | nagios-plugins-swap | -| tcp | monitoring-plugins-basic | nagios-plugins-tcp | -| udp | monitoring-plugins-basic | nagios-plugins-tcp | -| ups | monitoring-plugins-basic | nagios-plugins-ups | -| uptime | nagios-plugins-contrib | nagios-plugins-uptime | -| users | monitoring-plugins-basic | nagios-plugins-users | +| Check Command Name | Debian Package | RedHat Package | Suse Package | +| --- | --- | --- | --- | +| apt | monitoring-plugins-basic | nagios-plugins-apt | - | +| breeze | monitoring-plugins-standard | nagios-plugins-breeze | monitoring-plugins-breeze | +| by_ssh | monitoring-plugins-basic | nagios-plugins-by_ssh | monitoring-plugins-by_ssh | +| clamd | monitoring-plugins-basic | nagios-plugins-tcp | nagios-plugins-tcp | +| dhcp | monitoring-plugins-basic | nagios-plugins-dhcp | monitoring-plugins-dhcp | +| dig | monitoring-plugins-standard | nagios-plugins-dig | monitoring-plugins-dig | +| disk | monitoring-plugins-basic | nagios-plugins-disk | monitoring-plugins-disk | +| disk_smb | monitoring-plugins-standard | nagios-plugins-disk_smb | monitoring-plugins-disk_smb | +| dns | monitoring-plugins-standard | nagios-plugins-dns | monitoring-plugins-dns | +| file_age | monitoring-plugins-basic | nagios-plugins-file_age | monitoring-plugins-file_age | +| flexlm | monitoring-plugins-standard | nagios-plugins-flexlm | monitoring-plugins-flexlm | +| fping | monitoring-plugins-standard | nagios-plugins-fping | monitoring-plugins-fping | +| fping4 | monitoring-plugins-standard | nagios-plugins-fping | monitoring-plugins-fping | +| fping6 | monitoring-plugins-standard | nagios-plugins-fping | monitoring-plugins-fping | +| ftp | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| game | monitoring-plugins-standard | nagios-plugins-game | - | +| hostalive | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| hostalive4 | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| hostalive6 | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| hpjd | monitoring-plugins-standard | nagios-plugins-hpjd | monitoring-plugins-hpjd | +| http | monitoring-plugins-basic | nagios-plugins-http | monitoring-plugins-http | +| icmp | monitoring-plugins-basic | nagios-plugins-icmp | monitoring-plugins-icmp | +| imap | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| ldap | monitoring-plugins-standard | nagios-plugins-ldap | monitoring-plugins-ldap | +| load | monitoring-plugins-basic | nagios-plugins-load | monitoring-plugins-load | +| mailq | monitoring-plugins-standard | nagios-plugins-mailq | monitoring-plugins-mailq | +| mysql | monitoring-plugins-standard | nagios-plugins-mysql | monitoring-plugins-mysql | +| mysql_query | monitoring-plugins-standard | nagios-plugins-mysql | monitoring-plugins-mysql | +| negate | monitoring-plugins-common | nagios-plugins | monitoring-plugins-common | +| nrpe | nagios-nrpe-plugin | nagios-plugins-nrpe | monitoring-plugins-nrpe | +| nscp | monitoring-plugins-basic | nagios-plugins-nt | monitoring-plugins-nt | +| ntp_peer | monitoring-plugins-basic | nagios-plugins-ntp | monitoring-plugins-ntp_peer | +| ntp_time | monitoring-plugins-basic | nagios-plugins-ntp | monitoring-plugins-ntp_time | +| pgsql | monitoring-plugins-standard | nagios-plugins-pgsql | monitoring-plugins-pgsql | +| ping | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| ping4 | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| ping6 | monitoring-plugins-basic | nagios-plugins-ping | monitoring-plugins-ping | +| pop | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| procs | monitoring-plugins-basic | nagios-plugins-procs | monitoring-plugins-procs | +| radius | monitoring-plugins-standard | nagios-plugins-radius | monitoring-plugins-radius | +| rpc | monitoring-plugins-standard | nagios-plugins-rpc | monitoring-plugins-rpc | +| simap | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| smart | monitoring-plugins-basic | nagios-plugins-ide_smart | monitoring-plugins-ide_smart | +| smtp | monitoring-plugins-basic | nagios-plugins-smtp | monitoring-plugins-smtp | +| snmp | monitoring-plugins-standard | nagios-plugins-snmp | monitoring-plugins-snmp | +| snmpv3 | monitoring-plugins-standard | nagios-plugins-snmp | monitoring-plugins-snmp | +| snmp-uptime | monitoring-plugins-standard | nagios-plugins-snmp | monitoring-plugins-snmp | +| spop | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| ssh | monitoring-plugins-basic | nagios-plugins-ssh | monitoring-plugins-ssh | +| ssl | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| ssmtp | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| swap | monitoring-plugins-basic | nagios-plugins-swap | monitoring-plugins-swap | +| tcp | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| udp | monitoring-plugins-basic | nagios-plugins-tcp | monitoring-plugins-tcp | +| ups | monitoring-plugins-basic | nagios-plugins-ups | monitoring-plugins-ups | +| uptime | nagios-plugins-contrib | nagios-plugins-uptime | monitoring-plugins-uptime | +| users | monitoring-plugins-basic | nagios-plugins-users | monitoring-plugins-users | diff --git a/doc/role-monitoring_plugins/role-monitoring_plugins.md b/doc/role-monitoring_plugins/role-monitoring_plugins.md index 6ce4cd5b..60c47c1b 100644 --- a/doc/role-monitoring_plugins/role-monitoring_plugins.md +++ b/doc/role-monitoring_plugins/role-monitoring_plugins.md @@ -5,6 +5,8 @@ The list is based on the section *"Plugin Check Commands for Monitoring Plugins" * [List of available check commands](check_command_list.md) +> For Suse based systems you need the Ansible module `zypper`. Refer to the [getting started](https://github.com/Icinga/ansible-collection-icinga/blob/main/doc/getting-started.md#requirements) section. + ## Variables - `icinga_monitoring_plugins_epel: boolean` diff --git a/roles/monitoring_plugins/tasks/install_on_Suse.yml b/roles/monitoring_plugins/tasks/install_on_Suse.yml new file mode 100644 index 00000000..56d9d3aa --- /dev/null +++ b/roles/monitoring_plugins/tasks/install_on_Suse.yml @@ -0,0 +1,23 @@ +--- + +- name: Zypper - install requested packages + become: yes + community.general.zypper: + state: present + name: "{{ needed_packages }}" + update_cache: true + register: "zypper_result" + changed_when: zypper_result.stdout is defined + when: + - needed_packages is defined + - needed_packages + +- name: Zypper - remove non-requested packages + become: yes + community.general.zypper: + state: absent + name: "{{ (unwanted_packages | difference(['monitoring-plugins-common'])) if icinga_monitoring_plugins_check_commands else unwanted_packages }}" + clean_deps: "{{ icinga_monitoring_plugins_autoremove }}" + when: + - icinga_monitoring_plugins_remove + - unwanted_packages diff --git a/roles/monitoring_plugins/vars/Suse.yml b/roles/monitoring_plugins/vars/Suse.yml new file mode 100644 index 00000000..b02856a9 --- /dev/null +++ b/roles/monitoring_plugins/vars/Suse.yml @@ -0,0 +1,123 @@ +--- + +icinga_monitoring_plugins_available_packages: + - name: apt + pkg_name: "UNAVAILABLE" + - name: breeze + pkg_name: "monitoring-plugins-breeze" + - name: by_ssh + pkg_name: "monitoring-plugins-by_ssh" + - name: clamd + pkg_name: "nagios-plugins-tcp" + - name: dhcp + pkg_name: "monitoring-plugins-dhcp" + - name: dig + pkg_name: "monitoring-plugins-dig" + - name: disk + pkg_name: "monitoring-plugins-disk" + - name: disk_smb + pkg_name: "monitoring-plugins-disk_smb" + - name: dns + pkg_name: "monitoring-plugins-dns" + - name: file_age + pkg_name: "monitoring-plugins-file_age" + - name: flexlm + pkg_name: "monitoring-plugins-flexlm" + - name: fping + pkg_name: "monitoring-plugins-fping" + - name: fping4 + pkg_name: "monitoring-plugins-fping" + - name: fping6 + pkg_name: "monitoring-plugins-fping" + - name: ftp + pkg_name: "monitoring-plugins-tcp" + - name: game + pkg_name: "UNAVAILABLE" + - name: hostalive + pkg_name: "monitoring-plugins-ping" + - name: hostalive4 + pkg_name: "monitoring-plugins-ping" + - name: hostalive6 + pkg_name: "monitoring-plugins-ping" + - name: hpjd + pkg_name: "monitoring-plugins-hpjd" + - name: http + pkg_name: "monitoring-plugins-http" + - name: icmp + pkg_name: "monitoring-plugins-icmp" + - name: imap + pkg_name: "monitoring-plugins-tcp" + - name: ldap + pkg_name: "monitoring-plugins-ldap" + - name: load + pkg_name: "monitoring-plugins-load" + - name: mailq + pkg_name: "monitoring-plugins-mailq" + - name: mysql + pkg_name: "monitoring-plugins-mysql" + - name: mysql_query + pkg_name: "monitoring-plugins-mysql" + - name: negate + pkg_name: "monitoring-plugins-common" + - name: nrpe + pkg_name: "monitoring-plugins-nrpe" + - name: nscp + pkg_name: "monitoring-plugins-nt" + - name: ntp_peer + pkg_name: "monitoring-plugins-ntp_peer" + - name: ntp_time + pkg_name: "monitoring-plugins-ntp_time" + - name: pgsql + pkg_name: "monitoring-plugins-pgsql" + - name: ping + pkg_name: "monitoring-plugins-ping" + - name: ping4 + pkg_name: "monitoring-plugins-ping" + - name: ping6 + pkg_name: "monitoring-plugins-ping" + - name: pop + pkg_name: "monitoring-plugins-tcp" + - name: procs + pkg_name: "monitoring-plugins-procs" + - name: radius + pkg_name: "monitoring-plugins-radius" + - name: rpc + pkg_name: "monitoring-plugins-rpc" + - name: simap + pkg_name: "monitoring-plugins-tcp" + - name: smart + pkg_name: "monitoring-plugins-ide_smart" + - name: smtp + pkg_name: "monitoring-plugins-smtp" + - name: snmp + pkg_name: "monitoring-plugins-snmp" + - name: snmpv3 + pkg_name: "monitoring-plugins-snmp" + - name: snmp-uptime + pkg_name: "monitoring-plugins-snmp" + - name: spop + pkg_name: "monitoring-plugins-tcp" + - name: ssh + pkg_name: "monitoring-plugins-ssh" + - name: ssl + pkg_name: "monitoring-plugins-tcp" + - name: ssmtp + pkg_name: "monitoring-plugins-tcp" + - name: swap + pkg_name: "monitoring-plugins-swap" + - name: tcp + pkg_name: "monitoring-plugins-tcp" + - name: udp + pkg_name: "monitoring-plugins-tcp" + - name: ups + pkg_name: "monitoring-plugins-ups" + - name: uptime + pkg_name: "monitoring-plugins-uptime" + - name: users + pkg_name: "monitoring-plugins-users" + +icinga_monitoring_plugins_available_packages_exclude: + - name: apt + pkg_name: "UNAVAILABLE" + - name: game + pkg_name: "UNAVAILABLE" From ba4315158fcaaefe317a1ff6a8081b577417204f Mon Sep 17 00:00:00 2001 From: Donien <88634789+Donien@users.noreply.github.com> Date: Thu, 31 Oct 2024 21:58:49 +0100 Subject: [PATCH 58/58] Add Director migration and kickstart handlers This adds handlers to the 'icingaweb2' role to take care of Icinga Director schema migrations and its kickstart. Running multiple roles in order should also run their handlers in order. This way the Icinga 2 API should be up and operational for the Director to use for kickstart. Fixes #319 --- roles/icingaweb2/handlers/main.yml | 11 +++++++++++ roles/icingaweb2/tasks/modules/director.yml | 15 +++------------ 2 files changed, 14 insertions(+), 12 deletions(-) create mode 100644 roles/icingaweb2/handlers/main.yml diff --git a/roles/icingaweb2/handlers/main.yml b/roles/icingaweb2/handlers/main.yml new file mode 100644 index 00000000..3dc19f69 --- /dev/null +++ b/roles/icingaweb2/handlers/main.yml @@ -0,0 +1,11 @@ +--- + +- name: Module Director | Apply pending migrations + ansible.builtin.command: + cmd: icingacli director migration run + listen: "run_director_migrations" + +- name: Module Director | Run kickstart if required + ansible.builtin.command: + cmd: icingacli director kickstart run + listen: "run_director_kickstart" diff --git a/roles/icingaweb2/tasks/modules/director.yml b/roles/icingaweb2/tasks/modules/director.yml index 640a38c1..7d02dcac 100644 --- a/roles/icingaweb2/tasks/modules/director.yml +++ b/roles/icingaweb2/tasks/modules/director.yml @@ -25,25 +25,16 @@ register: _pending changed_when: _pending.rc|int == 0 failed_when: _pending.stdout|length > 0 - when: icingaweb2_modules['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and icingaweb2_modules['director']['config'] is defined - -- name: Module Director | Apply pending migrations # noqa: command-instead-of-shell - ansible.builtin.shell: - cmd: icingacli director migration run - when: icingaweb2_modules['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and icingaweb2_modules['director']['config'] is defined and _pending.rc|int == 0 + notify: "run_director_migrations" - name: Module Director | Check if kickstart is required # noqa: command-instead-of-shell ansible.builtin.shell: cmd: icingacli director kickstart required register: _required - changed_when: _required.rc|int == 0 + changed_when: (_required.rc|int == 0) or (".icinga_host' doesn't exist" in _required.stderr) failed_when: _required.rc|int >= 2 when: icingaweb2_modules['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and icingaweb2_modules['director']['kickstart'] is defined - -- name: Module Director | Run kickstart if required # noqa: command-instead-of-shell - ansible.builtin.shell: - cmd: icingacli director kickstart run - when: icingaweb2_modules['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and icingaweb2_modules['director']['kickstart'] is defined and _required.rc|int == 0 + notify: "run_director_kickstart" - name: Module Director | Ensure installation from source is complete when: icingaweb2_modules['director']['source'] == 'git'