diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 000000000..f76898413 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,95 @@ +--- +# .ansible-lint +# exclude_paths included in this file are parsed relative to this file's location +# and not relative to the CWD of execution. CLI arguments passed to the --exclude +# option will be parsed relative to the CWD of execution. +exclude_paths: + - .cache/ # implicit unless exclude_paths is defined in config + - .github/ + - .vagrant/ + - changelogs/ + - docs/ +# parseable: true +# quiet: true +# verbosity: 1 + +# # Mock modules or roles in order to pass ansible-playbook --syntax-check +# mock_modules: +# - zuul_return +# # note the foo.bar is invalid as being neither a module or a collection +# - fake_namespace.fake_collection.fake_module +# - fake_namespace.fake_collection.fake_module.fake_submodule +# mock_roles: +# - mocked_role +# - author.role_name # old standalone galaxy role +# - fake_namespace.fake_collection.fake_role # role within a collection + +# # Enable checking of loop variable prefixes in roles +# loop_var_prefix: "{role}_" + +# Enforce variable names to follow pattern below, in addition to Ansible own +# requirements, like avoiding python identifiers. To disable add `var-naming` +# to skip_list. +# var_naming_pattern: "^[a-z_][a-z0-9_]*$" + +use_default_rules: true +# Load custom rules from this specific folder +# rulesdir: +# - ./rule/directory/ + +# This makes linter to fully ignore rules/tags listed below +skip_list: + - experimental + +# # Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is +# # mentioned in the enable_list: +# enable_list: +# - empty-string-compare # opt-in +# - no-log-password # opt-in +# - no-same-owner # opt-in +# # add yaml here if you want to avoid ignoring yaml checks when yamllint +# # library is missing. Normally its absence just skips using that rule. +# - yaml +# # Report only a subset of tags and fully ignore any others +# # tags: +# # - var-spacing + +# # This makes the linter display but not fail for rules/tags listed below: +# warn_list: +# - skip_this_tag +# - git-latest +# - experimental # experimental is included in the implicit list +# # - role-name + +# Some rules can transform files to fix (or make it easier to fix) identified +# errors. `ansible-lint --write` will reformat YAML files and run these transforms. +# By default it will run all transforms (effectively `write_list: ["all"]`). +# You can disable running transforms by setting `write_list: ["none"]`. +# Or only enable a subset of rule transforms by listing rules/tags here. +# write_list: +# - all + +# Offline mode disables installation of requirements.yml +offline: true + +# # Define required Ansible's variables to satisfy syntax check +# extra_vars: +# foo: bar +# multiline_string_variable: | +# line1 +# line2 +# complex_variable: ":{;\t$()" + +# Uncomment to enforce action validation with tasks, usually is not +# needed as Ansible syntax check also covers it. +# skip_action_validation: false + +# # List of additional kind:pattern to be added at the top of the default +# # match list, first match determines the file kind. +# kinds: +# # - playbook: "**/examples/*.{yml,yaml}" +# # - galaxy: "**/folder/galaxy.yml" +# # - tasks: "**/tasks/*.yml" +# # - vars: "**/vars/*.yml" +# # - meta: "**/meta/main.yml" +# - yaml: "**/*.yaml-too" diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..b7b4ca2dd --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: weekly + time: "06:00" + open-pull-requests-limit: 10 diff --git a/.github/workflows/ansible-lint.yaml b/.github/workflows/ansible-lint.yaml new file mode 100644 index 000000000..64d3b364b --- /dev/null +++ b/.github/workflows/ansible-lint.yaml @@ -0,0 +1,83 @@ +# https://github.com/ansible-collections/collection_template/blob/main/.github/workflows/ansible-test.yml +# README FIRST +# 1. replace "NAMESPACE" and "COLLECTION_NAME" with the correct name in the env section (e.g. with 'community' and 'mycollection') +# 2. If you don't have unit tests remove that section +# 3. If your collection depends on other collections ensure they are installed, see "Install collection dependencies" +# If you need help please ask in #ansible-community on the Libera.chat IRC network + +name: Ansible Linting +on: + workflow_dispatch: + push: + paths: + - 'roles/' + pull_request: + paths: + - 'roles/' + +env: + NAMESPACE: tribe29 + COLLECTION_NAME: checkmk + +jobs: + +### +# Integration tests (RECOMMENDED) +# +# https://docs.ansible.com/ansible/latest/dev_guide/testing_integration.html + + +# If the application you are testing is available as a docker container and you want to test +# multiple versions see the following for an example: +# https://github.com/ansible-collections/community.zabbix/tree/master/.github/workflows + + integration: + runs-on: ubuntu-latest + name: I (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}) + strategy: + fail-fast: false + matrix: + python: + - '3.7' + - '3.8' + - '3.9' + - '3.10' + + steps: + - name: Check out code + uses: actions/checkout@v2 + with: + path: ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}} + + - name: Set up Python + uses: actions/setup-python@v2 + with: + # it is just required to run that once as "ansible-test integration" in the docker image + # will run on all python versions it supports. + python-version: 3.8 + + - name: Install ansible-lint + run: pip install ansible-lint yamllint + + # Run the linting + - name: Run yamllint on roles + run: yamllint -c .yamllint roles/ + working-directory: ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}} + + - name: Run yamllint on playbooks + run: yamllint -c .yamllint playbooks/ + working-directory: ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}} + + - name: Run ansible-lint on roles + run: ansible-lint -c ${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}/.ansible-lint ${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}/roles/ + working-directory: ./ansible_collections/ + env: + ANSIBLE_LIBRARY: "./tribe29/checkmk/plugins/modules" + ANSIBLE_ROLES_PATH: "./tribe29/checkmk/roles" + + - name: Run ansible-lint on playbooks + run: ansible-lint -c ${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}/.ansible-lint ${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}/playbooks/ + working-directory: ./ansible_collections/ + env: + ANSIBLE_LIBRARY: "./tribe29/checkmk/plugins/modules" + ANSIBLE_ROLES_PATH: "./tribe29/checkmk/roles" diff --git a/roles/agent/.yamllint b/.yamllint similarity index 64% rename from roles/agent/.yamllint rename to .yamllint index 882767605..c2aea58fa 100644 --- a/roles/agent/.yamllint +++ b/.yamllint @@ -1,5 +1,4 @@ --- -# Based on ansible-lint config extends: default rules: @@ -15,19 +14,16 @@ rules: commas: max-spaces-after: -1 level: error - comments: disable - comments-indentation: disable - document-start: disable empty-lines: max: 3 level: error hyphens: level: error - indentation: disable + indentation: enable key-duplicates: enable line-length: disable - new-line-at-end-of-file: disable + new-line-at-end-of-file: enable new-lines: type: unix - trailing-spaces: disable - truthy: disable + trailing-spaces: enable + truthy: enable diff --git a/Vagrantfile b/Vagrantfile index 0e349a07f..5081e3618 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -22,35 +22,8 @@ Vagrant.configure("2") do |config| apt-get install -y python3-pip pip install -r /vagrant/requirements.txt ansible-galaxy collection install -f -r /vagrant/requirements.yml - wget "https://download.checkmk.com/checkmk/2.0.0p25/check-mk-raw-2.0.0p25_0.focal_amd64.deb" -O /tmp/checkmk-stable.deb - wget "https://download.checkmk.com/checkmk/2.1.0b8/check-mk-raw-2.1.0b8_0.focal_amd64.deb" -O /tmp/checkmk-beta.deb - apt-get install -y /tmp/checkmk-stable.deb - omd create --admin-password 'cmk' stable - apt-get install -y /tmp/checkmk-beta.deb - omd create --admin-password 'cmk' beta - omd status -b stable || omd start stable - omd status -b beta || omd start beta - SCRIPT - srv.vm.provision "shell", inline: $script - end - - # Ubuntu - config.vm.define "ansible-collection", primary: true do |srv| - srv.vm.box = "ubuntu/focal64" - srv.vm.network "private_network", ip: "192.168.56.42" - srv.ssh.insert_key = false - srv.vm.provider "virtualbox" do |v| - v.name = 'ansible-collection' - v.memory = 4096 - v.cpus = 2 - end - $script = <<-SCRIPT - apt-get update - apt-get install -y python3-pip - pip install -r /vagrant/requirements.txt - ansible-galaxy collection install -f -r /vagrant/requirements.yml - wget "https://download.checkmk.com/checkmk/2.0.0p23/check-mk-raw-2.0.0p23_0.focal_amd64.deb" -O /tmp/checkmk-stable.deb - wget "https://download.checkmk.com/checkmk/2.1.0b8/check-mk-raw-2.1.0b5_0.focal_amd64.deb" -O /tmp/checkmk-beta.deb + wget "https://download.checkmk.com/checkmk/2.1.0p4/check-mk-raw-2.1.0p4_0.focal_amd64.deb" -O /tmp/checkmk-stable.deb + wget "https://download.checkmk.com/checkmk/2.1.0p4/check-mk-raw-2.1.0p4_0.focal_amd64.deb" -O /tmp/checkmk-beta.deb apt-get install -y /tmp/checkmk-stable.deb omd create --admin-password 'cmk' stable apt-get install -y /tmp/checkmk-beta.deb diff --git a/changelogs/fragments/agent.yml b/changelogs/fragments/agent.yml new file mode 100644 index 000000000..255145970 --- /dev/null +++ b/changelogs/fragments/agent.yml @@ -0,0 +1,51 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to +minor_changes: + - Enable agent role to automatically add hosts to Checkmk during agent installation. + - Enable firewall management of the host to allow instant access to the agent. + +bugfixes: + - Handle hosts, where systemd version is below 220. It is now possible to automatically install xinetd in those cases. This has to be enabled explicitely. + +# known_issues: +# - This release is still in development and a heavy work in progress. +# - Discovery module is not feature complete yet. +# - Downtime module is not fully idempotent yet. This affects service downtimes and deletions. + +## Line Format +# When writing a changelog entry, use the following format: + +# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + +# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin). + +# For changes that are not really scoped (for example, which affect a whole collection), use the following format: + +# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + + +## Possible keys: + +# breaking_changes + +# Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides. +# major_changes + +# Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides. +# minor_changes + +# Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters. +# deprecated_features + +# Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides. +# removed_features + +# Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides. +# security_fixes + +# Fixes that address CVEs or resolve security concerns. Include links to CVE information. +# bugfixes + +# Fixes that resolve issues. +# known_issues + +# Known issues that are currently not fixed or will not be fixed. diff --git a/changelogs/fragments/linting.yml b/changelogs/fragments/linting.yml new file mode 100644 index 000000000..62c7739dc --- /dev/null +++ b/changelogs/fragments/linting.yml @@ -0,0 +1,47 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to +minor_changes: + - Introduce ansible linting for roles and fix findings. + +# known_issues: +# - This release is still in development and a heavy work in progress. +# - Discovery module is not feature complete yet. +# - Downtime module is not fully idempotent yet. This affects service downtimes and deletions. + +## Line Format +# When writing a changelog entry, use the following format: + +# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + +# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin). + +# For changes that are not really scoped (for example, which affect a whole collection), use the following format: + +# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + + +## Possible keys: + +# breaking_changes + +# Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides. +# major_changes + +# Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides. +# minor_changes + +# Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters. +# deprecated_features + +# Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides. +# removed_features + +# Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides. +# security_fixes + +# Fixes that address CVEs or resolve security concerns. Include links to CVE information. +# bugfixes + +# Fixes that resolve issues. +# known_issues + +# Known issues that are currently not fixed or will not be fixed. diff --git a/changelogs/fragments/server.yml b/changelogs/fragments/server.yml new file mode 100644 index 000000000..0a8cfd025 --- /dev/null +++ b/changelogs/fragments/server.yml @@ -0,0 +1,48 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to +minor_changes: + - Add support for RedHat/CentOS 7 and 8 and compatible distributions to server role. + - Enable firewall management of the host to allow instant access to the web interface of the server. + +# known_issues: +# - This release is still in development and a heavy work in progress. +# - Discovery module is not feature complete yet. +# - Downtime module is not fully idempotent yet. This affects service downtimes and deletions. + +## Line Format +# When writing a changelog entry, use the following format: + +# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + +# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin). + +# For changes that are not really scoped (for example, which affect a whole collection), use the following format: + +# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + + +## Possible keys: + +# breaking_changes + +# Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides. +# major_changes + +# Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides. +# minor_changes + +# Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters. +# deprecated_features + +# Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides. +# removed_features + +# Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides. +# security_fixes + +# Fixes that address CVEs or resolve security concerns. Include links to CVE information. +# bugfixes + +# Fixes that resolve issues. +# known_issues + +# Known issues that are currently not fixed or will not be fixed. diff --git a/galaxy.yml b/galaxy.yml index f1a3aa03f..a9d13803a 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: tribe29 name: checkmk # The version of the collection. Must be compatible with semantic versioning -version: 0.4.0 +version: 0.5.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/playbooks/demo.yml b/playbooks/demo.yml index 7819b0dc5..9da649b7b 100644 --- a/playbooks/demo.yml +++ b/playbooks/demo.yml @@ -4,150 +4,150 @@ vars_files: - ./vars/config.yml tasks: - - name: "Activate changes on site - Showcase no changes." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: - - "{{ site }}" - delegate_to: localhost - run_once: 'true' + - name: "Activate changes on site - Showcase no changes." + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: + - "{{ site }}" + delegate_to: localhost + run_once: 'true' - - name: "Create folders." - folder: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - path: "{{ item.path }}" - title: "{{ item.title }}" - state: "present" - delegate_to: localhost - run_once: 'yes' - loop: "{{ checkmk_folders }}" + - name: "Create folders." + folder: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + path: "{{ item.path }}" + title: "{{ item.title }}" + state: "present" + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_folders }}" - - name: "Create host." - host: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - folder: "{{ checkmk_folder_path }}" - attributes: - site: "{{ site }}" - ipaddress: 127.0.0.1 - state: "present" - delegate_to: localhost + - name: "Create host." + host: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + folder: "{{ checkmk_folder_path }}" + attributes: + site: "{{ site }}" + ipaddress: 127.0.0.1 + state: "present" + delegate_to: localhost - - name: "Discover services on host." - discovery: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - state: "fix_all" - delegate_to: localhost + - name: "Discover services on host." + discovery: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + state: "fix_all" + delegate_to: localhost - - name: "Pause to review first set of changes." - ansible.builtin.pause: - prompt: | - "Feel free to review the changes in your Checkmk site: {{ site }}." - "Press to continue." + - name: "Pause to review first set of changes." + ansible.builtin.pause: + prompt: | + "Feel free to review the changes in your Checkmk site: {{ site }}." + "Press to continue." - - name: "Activate changes on site - Showcase creation of hosts and folders." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: - - "{{ site }}" - delegate_to: localhost - run_once: 'true' + - name: "Activate changes on site - Showcase creation of hosts and folders." + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: + - "{{ site }}" + delegate_to: localhost + run_once: 'true' - - name: "Change host attributes." - host: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - folder: "{{ checkmk_folder_path }}" - attributes: - site: "{{ site }}" - alias: "Important Server" - ipaddress: 127.0.0.2 - state: "present" - delegate_to: localhost + - name: "Change host attributes." + host: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + folder: "{{ checkmk_folder_path }}" + attributes: + site: "{{ site }}" + alias: "Important Server" + ipaddress: 127.0.0.2 + state: "present" + delegate_to: localhost - - name: "Move host to another folder." - host: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - folder: "/bar" - state: "present" - delegate_to: localhost + - name: "Move host to another folder." + host: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + folder: "/bar" + state: "present" + delegate_to: localhost - - name: "Pause to review second set of changes." - ansible.builtin.pause: - prompt: | - "Feel free to review the changes in your Checkmk site: {{ site }}." - "Press to continue." + - name: "Pause to review second set of changes." + ansible.builtin.pause: + prompt: | + "Feel free to review the changes in your Checkmk site: {{ site }}." + "Press to continue." - - name: "Activate changes on site - Showcase changes to existing objects." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: - - "{{ site }}" - delegate_to: localhost - run_once: 'true' + - name: "Activate changes on site - Showcase changes to existing objects." + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: + - "{{ site }}" + delegate_to: localhost + run_once: 'true' - - name: "Delete Host." - host: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - folder: "{{ checkmk_folder_path }}" - state: "absent" - delegate_to: localhost + - name: "Delete Host." + host: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + folder: "{{ checkmk_folder_path }}" + state: "absent" + delegate_to: localhost - - name: "Delete folders." - folder: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - path: "{{ item.path }}" - title: "{{ item.title }}" - state: "absent" - register: testout - delegate_to: localhost - run_once: 'yes' - loop: "{{ checkmk_folders }}" + - name: "Delete folders." + folder: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + path: "{{ item.path }}" + title: "{{ item.title }}" + state: "absent" + register: testout + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_folders }}" - - name: "Activate changes on site - Showcase host and folders were deleted" - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: - - "{{ site }}" - delegate_to: localhost - run_once: 'true' + - name: "Activate changes on site - Showcase host and folders were deleted" + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: + - "{{ site }}" + delegate_to: localhost + run_once: 'true' diff --git a/playbooks/downtime_demo.yml b/playbooks/downtime_demo.yml index 18cc6da9d..6af971b9b 100644 --- a/playbooks/downtime_demo.yml +++ b/playbooks/downtime_demo.yml @@ -4,121 +4,121 @@ # ansible-playbook playbooks/downtime_demo.yml --tags delete - name: "create downtime" hosts: localhost - gather_facts: no + gather_facts: false vars_files: - ./vars/config.yml tasks: # services - - name: "downtime 1 - on services with relative times" - downtime: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - comment: downtime 1 - on services with relative timestamps - start_after: - hours: 2 - minutes: 30 - end_after: - hours: 1 - minutes: 30 - service_descriptions: - - "CPU utilization" - - Memory + - name: "downtime 1 - on services with relative times" + downtime: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + comment: downtime 1 - on services with relative timestamps + start_after: + hours: 2 + minutes: 30 + end_after: + hours: 1 + minutes: 30 + service_descriptions: + - "CPU utilization" + - Memory - - name: "downtime 2 - on services with absolute timestamps" - downtime: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - comment: downtime 2 - on services with absolute timestamps - start_time: 2024-03-25T20:39:28Z - end_time: 2024-03-26T20:39:28Z - service_descriptions: - - "CPU utilization" - - Memory + - name: "downtime 2 - on services with absolute timestamps" + downtime: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + comment: downtime 2 - on services with absolute timestamps + start_time: 2024-03-25T20:39:28Z + end_time: 2024-03-26T20:39:28Z + service_descriptions: + - "CPU utilization" + - Memory - - name: "downtime 3 - on services without timestamps" - downtime: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - comment: downtime 3 - on services without timestamps - service_descriptions: - - "CPU utilization" - - Memory - end_after: - minutes: 1 + - name: "downtime 3 - on services without timestamps" + downtime: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + comment: downtime 3 - on services without timestamps + service_descriptions: + - "CPU utilization" + - Memory + end_after: + minutes: 1 - # hosts + # hosts - - name: "downtime 4 - on host with relative times" - downtime: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - comment: downtime 4 - on host with relative timestamps - #start_time: 2022-03-25T20:39:28Z - start_after: - hours: 2 - minutes: 30 - end_after: - hours: 1 - minutes: 30 - #force: yes + - name: "downtime 4 - on host with relative times" + downtime: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + comment: downtime 4 - on host with relative timestamps + # start_time: 2022-03-25T20:39:28Z + start_after: + hours: 2 + minutes: 30 + end_after: + hours: 1 + minutes: 30 + # force: yes - - name: "downtime 5 - on host with absolute timestamps" - downtime: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - comment: downtime 5 - on host with absolute timestamps - start_time: 2024-03-25T20:39:28Z - end_time: 2024-03-26T20:39:28Z + - name: "downtime 5 - on host with absolute timestamps" + downtime: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + comment: downtime 5 - on host with absolute timestamps + start_time: 2024-03-25T20:39:28Z + end_time: 2024-03-26T20:39:28Z - - name: "downtime 6 - on host without timestamps" - downtime: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - comment: downtime 6 - on host without timestamps + - name: "downtime 6 - on host without timestamps" + downtime: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + comment: downtime 6 - on host without timestamps - # delete services downtimes + # delete services downtimes - - name: "downtime delete 1 - service downtimes" - downtime: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - service_descriptions: - - "CPU utilization" - - Memory - state: absent - tags: - - delete - - - name: "downtime delete 2 - host downtimes" - downtime: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - state: absent - tags: - - delete + - name: "downtime delete 1 - service downtimes" + downtime: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + service_descriptions: + - "CPU utilization" + - Memory + state: absent + tags: + - delete + + - name: "downtime delete 2 - host downtimes" + downtime: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + state: absent + tags: + - delete diff --git a/playbooks/roles.yml b/playbooks/roles.yml index 0d18288ea..6d9cc6f28 100644 --- a/playbooks/roles.yml +++ b/playbooks/roles.yml @@ -1,42 +1,17 @@ -- name: "Run all roles." +- name: "Run roles." hosts: vagrant + vars_files: - ./vars/config.yml - roles: - - agent + tasks: + + - name: "Run server role." + tags: [server] + ansible.builtin.import_role: + name: server - # tasks: - # - name: "Create host." - # host: - # server_url: "{{ server_url }}" - # site: "{{ site }}" - # automation_user: "{{ automation_user }}" - # automation_secret: "{{ automation_secret }}" - # host_name: "{{ inventory_hostname }}" - # folder: "{{ checkmk_folder_path }}" - # attributes: - # site: "{{ site }}" - # ipaddress: "{{ ansible_host }}" - # state: "present" - # delegate_to: localhost - # - name: "Discover services on host." - # discovery: - # server_url: "{{ server_url }}" - # site: "{{ site }}" - # automation_user: "{{ automation_user }}" - # automation_secret: "{{ automation_secret }}" - # host_name: "{{ inventory_hostname }}" - # state: "fix_all" - # delegate_to: localhost - # - name: "Activate changes." - # activation: - # server_url: "{{ server_url }}" - # site: "{{ site }}" - # automation_user: "{{ automation_user }}" - # automation_secret: "{{ automation_secret }}" - # force_foreign_changes: 'true' - # sites: - # - "{{ site }}" - # delegate_to: localhost - # run_once: 'true' + - name: "Run agent role." + tags: [agent] + ansible.builtin.import_role: + name: agent diff --git a/playbooks/test-full.yml b/playbooks/test-full.yml index ebd5efee2..06180562b 100644 --- a/playbooks/test-full.yml +++ b/playbooks/test-full.yml @@ -6,154 +6,221 @@ - name: "Test all modules." hosts: all gather_facts: 'no' + vars_files: - ./vars/config.yml + - ./vars/users.yml + tasks: - - name: "Activate changes on site - 1." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: - - "{{ site }}" - delegate_to: localhost - run_once: 'true' - - - name: "Create folders." - folder: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - path: "{{ item.path }}" - title: "{{ item.title }}" - state: "present" - delegate_to: localhost - run_once: 'yes' - loop: "{{ checkmk_folders }}" - - - name: "Create host." - host: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - folder: "{{ checkmk_folder_path }}" - attributes: - site: "{{ site }}" - ipaddress: 127.0.0.1 - state: "present" - delegate_to: localhost - - - name: "Discover services on host." - discovery: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - # "refresh" is the only method working correctly, currently :-( - # See https://jira.lan.tribe29.com/browse/CMK-7200 - state: "refresh" - delegate_to: localhost - - - name: "Activate changes on site - 2." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: - - "{{ site }}" - delegate_to: localhost - run_once: 'true' - - - name: "Change host attributes." - host: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - folder: "{{ checkmk_folder_path }}" - attributes: - site: "{{ site }}" - alias: "Important Server" - ipaddress: 127.0.0.2 - state: "present" - delegate_to: localhost - - - name: "Activate changes on site - 3." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: - - "{{ site }}" - delegate_to: localhost - run_once: 'true' - - - name: "Move host to another folder." - host: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - folder: "/bar" - state: "present" - delegate_to: localhost - - - name: "Activate changes on site - 4." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: - - "{{ site }}" - delegate_to: localhost - run_once: 'true' - - - name: "Delete Host." - host: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - host_name: "{{ inventory_hostname }}" - folder: "{{ checkmk_folder_path }}" - state: "absent" - delegate_to: localhost - - - name: "Delete folders." - folder: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - path: "{{ item.path }}" - title: "{{ item.title }}" - state: "absent" - delegate_to: localhost - run_once: 'yes' - loop: "{{ checkmk_folders }}" - - - name: "Activate changes on site - 5." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: - - "{{ site }}" - delegate_to: localhost - run_once: 'true' + - name: "Activate Changes - 1." + tags: [activation, host, folder, discovery, user] + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: + - "{{ site }}" + delegate_to: localhost + run_once: 'true' + + - name: "Create users." + tags: [user] + user: # noqa fqcn-builtins + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + username: "{{ item.username }}" + fullname: "{{ item.fullname }}" + auth_option: "{{ item.auth_option }}" + roles: + - "admin" + authorized_sites: + - "{{ site }}" + state: "present" + register: testout + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_users }}" + + - name: "Create folders." + tags: [folder, host] + folder: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + path: "{{ item.path }}" + title: "{{ item.title }}" + state: "present" + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_folders }}" + + - name: "Create host." + tags: [host] + host: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + folder: "{{ checkmk_folder_path }}" + attributes: + site: "{{ site }}" + ipaddress: 127.0.0.1 + state: "present" + delegate_to: localhost + + - name: "Discover services on host." + tags: [discovery] + discovery: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + # "refresh" is the only method working correctly, currently :-( + # See https://jira.lan.tribe29.com/browse/CMK-7200 + state: "refresh" + delegate_to: localhost + + - name: "Activate Changes - 2." + tags: [activation, host, folder, discovery, user] + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: + - "{{ site }}" + delegate_to: localhost + run_once: 'true' + + - name: "Edit users." + tags: [user] + user: # noqa fqcn-builtins + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + username: "{{ item.username }}" + contact_options: "{{ item.contact_options }}" + contactgroups: "{{ item.contactgroups }}" + # authorized_sites: + # - "{{ site }}" + state: "present" + register: testout + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_users }}" + + - name: "Change host attributes." + tags: [host] + host: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + folder: "{{ checkmk_folder_path }}" + attributes: + site: "{{ site }}" + alias: "Important Server" + ipaddress: 127.0.0.2 + state: "present" + delegate_to: localhost + + - name: "Activate Changes - 3." + tags: [activation, host, folder, discovery, user] + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: + - "{{ site }}" + delegate_to: localhost + run_once: 'true' + + - name: "Move host to another folder." + tags: [host] + host: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + folder: "/bar" + state: "present" + delegate_to: localhost + + - name: "Activate Changes - 4." + tags: [activation, host, folder, discovery, user] + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: + - "{{ site }}" + delegate_to: localhost + run_once: 'true' + + - name: "Delete users." + tags: [user] + user: # noqa fqcn-builtins + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + username: "{{ item.username }}" + state: "absent" + register: testout + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_users }}" + + - name: "Delete Host." + tags: [host] + host: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ inventory_hostname }}" + folder: "{{ checkmk_folder_path }}" + state: "absent" + delegate_to: localhost + + - name: "Delete folders." + tags: [folder, host] + folder: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + path: "{{ item.path }}" + title: "{{ item.title }}" + state: "absent" + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_folders }}" + + - name: "Activate Changes - 5." + tags: [activation, host, folder, discovery, user] + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: + - "{{ site }}" + delegate_to: localhost + run_once: 'true' diff --git a/playbooks/test-user.yml b/playbooks/test-user.yml index 096f4554e..09cbd786c 100644 --- a/playbooks/test-user.yml +++ b/playbooks/test-user.yml @@ -5,99 +5,99 @@ - ./vars/config.yml - ./vars/users.yml tasks: - - name: "Activate changes on site - 1." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: + - name: "Activate changes on site - 1." + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: - "{{ site }}" - delegate_to: localhost - run_once: 'true' + delegate_to: localhost + run_once: 'true' - - name: "Create users." - user: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - username: "{{ item.username }}" - fullname: "{{ item.fullname }}" - auth_option: "{{ item.auth_option }}" - roles: + - name: "Create users." + user: # noqa fqcn-builtins + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + username: "{{ item.username }}" + fullname: "{{ item.fullname }}" + auth_option: "{{ item.auth_option }}" + roles: - "admin" - authorized_sites: + authorized_sites: - "{{ site }}" - state: "present" - register: testout - delegate_to: localhost - run_once: 'yes' - loop: "{{ checkmk_users }}" + state: "present" + register: testout + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_users }}" - - name: "Activate changes on site - 2." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: + - name: "Activate changes on site - 2." + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: - "{{ site }}" - delegate_to: localhost - run_once: 'true' + delegate_to: localhost + run_once: 'true' - - name: "Edit users." - user: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - username: "{{ item.username }}" - contact_options: "{{ item.contact_options }}" - contactgroups: "{{ item.contactgroups }}" - #authorized_sites: - # - "{{ site }}" - state: "present" - register: testout - delegate_to: localhost - run_once: 'yes' - loop: "{{ checkmk_users }}" + - name: "Edit users." + user: # noqa fqcn-builtins + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + username: "{{ item.username }}" + contact_options: "{{ item.contact_options }}" + contactgroups: "{{ item.contactgroups }}" + # authorized_sites: + # - "{{ site }}" + state: "present" + register: testout + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_users }}" - - name: "Activate changes on site - 3." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: + - name: "Activate changes on site - 3." + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: - "{{ site }}" - delegate_to: localhost - run_once: 'true' + delegate_to: localhost + run_once: 'true' - - name: "Delete users." - user: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - username: "{{ item.username }}" - state: "absent" - register: testout - delegate_to: localhost - run_once: 'yes' - loop: "{{ checkmk_users }}" + - name: "Delete users." + user: # noqa fqcn-builtins + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + username: "{{ item.username }}" + state: "absent" + register: testout + delegate_to: localhost + run_once: 'yes' + loop: "{{ checkmk_users }}" - - name: "Activate changes on site - 4." - activation: - server_url: "{{ server_url }}" - site: "{{ site }}" - automation_user: "{{ automation_user }}" - automation_secret: "{{ automation_secret }}" - force_foreign_changes: 'true' - sites: + - name: "Activate changes on site - 4." + activation: + server_url: "{{ server_url }}" + site: "{{ site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + force_foreign_changes: 'true' + sites: - "{{ site }}" - delegate_to: localhost - run_once: 'true' + delegate_to: localhost + run_once: 'true' diff --git a/playbooks/vars/.gitignore b/playbooks/vars/.gitignore deleted file mode 100644 index 1d3ed4c17..000000000 --- a/playbooks/vars/.gitignore +++ /dev/null @@ -1 +0,0 @@ -config.yml diff --git a/playbooks/vars/users.yml b/playbooks/vars/users.yml index 268797635..f1cc51e52 100644 --- a/playbooks/vars/users.yml +++ b/playbooks/vars/users.yml @@ -3,27 +3,27 @@ checkmk_users: - username: user1 fullname: User Eins auth_option: - password: "123" - auth_type: password + password: "123" + auth_type: password contact_options: - email: 123@company.com + email: 123@company.com contactgroups: - - team1 + - team1 - username: user2 fullname: User Zwei auth_option: - password: "234" - auth_type: password + password: "234" + auth_type: password contact_options: - email: 234@company.com + email: 234@company.com contactgroups: - - team2 + - team2 - username: user3 fullname: User Drei auth_option: - password: "345" - auth_type: password + password: "345" + auth_type: password contact_options: - email: 345@company.com + email: 345@company.com contactgroups: - - team3 + - team3 diff --git a/roles/agent/README.md b/roles/agent/README.md index e9eb91b40..b53ff1ec0 100644 --- a/roles/agent/README.md +++ b/roles/agent/README.md @@ -33,6 +33,14 @@ The FQDN or IP address of your Checkmk server. The name of your Checkmk site. + checkmk_agent_user: automation + +The user used to authenticate against your Checkmk site. + + checkmk_agent_pass: SECRET + +The password for the user used to authenticate against your Checkmk site. + checkmk_agent_update: 'false' Register host for automatic updates. Make sure to have the server side prepared @@ -43,6 +51,34 @@ for automatic updates. Otherwise this will fail. Register for TLS encryption. Make sure to have the server side prepared for automatic updates. Otherwise this will fail. + checkmk_agent_configure_firewall: 'true' + +Automatically configure the firewall to allow access to the Checkmk agent. + + checkmk_agent_prep_legacy: 'false' + +Enable this to automatically install `xinetd` on hosts with systemd prior to version 220. + + checkmk_agent_add_host: 'false' + +Automatically add the host where the agent was installed to Checkmk. + + checkmk_agent_discover: 'false' + +Automatically discover services on the host where the agent was installed. + + checkmk_agent_delegate_api_calls: localhost + +Configure the host to which Checkmk API calls are delegated to. + + checkmk_agent_host_name: "{{ inventory_hostname }}" + +Define the hostname which will be used to add the host to Checkmk. + + checkmk_agent_host_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + +Define an IP address which will be added to the host in Checkmk. This is optional, as long as the hostname is DNS-resolvable. + ## Dependencies diff --git a/roles/agent/defaults/main.yml b/roles/agent/defaults/main.yml index 378af9530..9b6098f7a 100644 --- a/roles/agent/defaults/main.yml +++ b/roles/agent/defaults/main.yml @@ -4,5 +4,21 @@ checkmk_agent_edition: cre checkmk_agent_protocol: http checkmk_agent_server: localhost checkmk_agent_site: my_site +checkmk_agent_user: automation +checkmk_agent_pass: SECRET checkmk_agent_update: 'false' checkmk_agent_tls: 'false' +checkmk_agent_configure_firewall: 'true' +checkmk_agent_prep_legacy: 'false' +checkmk_agent_add_host: 'false' +checkmk_agent_discover: 'false' +checkmk_agent_delegate_api_calls: localhost +checkmk_agent_host_name: "{{ inventory_hostname }}" + +# If you trust your local hostnames, you could also use the following +# to use the local hostname instead of the inventory hostname: +# checkmk_agent_host_name: "{{ hostvars[inventory_hostname]['ansible_fqdn'] }}" +# Checkmk does not need an IP address, as long as the hostname is DNS-resolvable + +# If that does not apply to your environment, you can configure the IP address below: +# checkmk_agent_host_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" diff --git a/roles/agent/meta/main.yml b/roles/agent/meta/main.yml index b5db92da6..1906ddc38 100644 --- a/roles/agent/meta/main.yml +++ b/roles/agent/meta/main.yml @@ -1,5 +1,6 @@ +--- galaxy_info: - role_name: tribe29.checkmk.agent + role_name: agent author: Robin Gierse company: tribe29 GmbH @@ -18,7 +19,7 @@ galaxy_info: # - CC-BY-4.0 license: GPL-2.0-or-later - min_ansible_version: 2.4 + min_ansible_version: "2.4" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -30,31 +31,30 @@ galaxy_info: # https://galaxy.ansible.com/api/v1/platforms/ # platforms: - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - all - - name: EL - versions: - - all - - name: opensuse - versions: - - all - - name: SLES - versions: - - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + - name: EL + versions: + - all + - name: opensuse + versions: + - all + - name: SLES + versions: + - all galaxy_tags: [tribe29, checkmk, monitoring, agent] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. - \ No newline at end of file +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index c8328c169..205340a9a 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -8,17 +8,17 @@ Authorization: "Bearer {{ automation_user }} {{ automation_secret }}" Accept: "application/octet-stream" when: checkmk_agent_edition == "cee" - register: checkmk_host_agent_download_state + register: checkmk_agent_download_state # This task may fail, as we fall back to the generic agent in that case failed_when: 'false' changed_when: 'false' - name: "Debian Derivates: Install host-specific Checkmk CEE Agent." - become: 'yes' + become: true ansible.builtin.apt: - deb: "{{ checkmk_agent_agent.file.host }}" - state: present - when: (checkmk_agent_edition == "cee") and checkmk_host_agent_download_state.status == 200 + deb: "{{ checkmk_agent_agent.file.host }}" + state: present + when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status == 200 - name: "Debian Derivates: Download GENERIC Checkmk CEE Agent." ansible.builtin.uri: @@ -28,18 +28,18 @@ headers: Authorization: "Bearer {{ automation_user }} {{ automation_secret }}" Accept: "application/octet-stream" - when: (checkmk_agent_edition == "cee") and checkmk_host_agent_download_state.status != 200 + when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 - name: "Debian Derivates: Install GENERIC Checkmk CEE Agent." - become: 'yes' + become: true ansible.builtin.apt: - deb: "{{ checkmk_agent_agent.file.cee }}" - state: present - when: (checkmk_agent_edition == "cee") and checkmk_host_agent_download_state.status != 200 + deb: "{{ checkmk_agent_agent.file.cee }}" + state: present + when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 - name: "Debian Derivates: Install Checkmk CRE Agent." - become: 'yes' + become: true ansible.builtin.apt: - deb: "{{ checkmk_agent_agent.file.cre }}" - state: present + deb: "{{ checkmk_agent_agent.file.cre }}" + state: present when: checkmk_agent_edition == "cre" diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index 748c66136..c02f949f9 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -8,18 +8,18 @@ Authorization: "Bearer {{ automation_user }} {{ automation_secret }}" Accept: "application/octet-stream" when: checkmk_agent_edition == "cee" - register: checkmk_host_agent_download_state + register: checkmk_agent_download_state # This task may fail, as we fall back to the generic agent in that case failed_when: 'false' changed_when: 'false' - name: "RedHat Derivates: Install host-specific Checkmk CEE Agent." - become: 'yes' + become: true ansible.builtin.yum: - name: "{{ checkmk_agent_agent.file.host }}" - state: present - disable_gpg_check: yes - when: (checkmk_agent_edition == "cee") and checkmk_host_agent_download_state.status == 200 + name: "{{ checkmk_agent_agent.file.host }}" + state: present + disable_gpg_check: true + when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status == 200 - name: "RedHat Derivates: Download GENERIC Checkmk CEE Agent." ansible.builtin.uri: @@ -29,28 +29,45 @@ headers: Authorization: "Bearer {{ automation_user }} {{ automation_secret }}" Accept: "application/octet-stream" - when: (checkmk_agent_edition == "cee") and checkmk_host_agent_download_state.status != 200 + when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 - name: "RedHat Derivates: Install Checkmk CRE Agent." - become: 'yes' + become: true ansible.builtin.yum: - name: "{{ checkmk_agent_agent.file.cre }}" - state: present - disable_gpg_check: yes + name: "{{ checkmk_agent_agent.file.cre }}" + state: present + disable_gpg_check: true when: checkmk_agent_edition == "cre" -- name: "RedHat Derivates: Install GENERIC Checkmk CEE Agent on." - become: 'yes' +- name: "RedHat Derivates: Install GENERIC Checkmk CEE Agent." + become: true ansible.builtin.yum: - name: "{{ checkmk_agent_agent.file.cee }}" - state: present - disable_gpg_check: yes - when: (checkmk_agent_edition == "cee") and checkmk_host_agent_download_state.status != 200 + name: "{{ checkmk_agent_agent.file.cee }}" + state: present + disable_gpg_check: true + when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 - name: "RedHat Derivates: Install Checkmk CRE Agent." - become: 'yes' + become: true ansible.builtin.yum: - name: "{{ checkmk_agent_agent.file.cre }}" - state: present - disable_gpg_check: yes + name: "{{ checkmk_agent_agent.file.cre }}" + state: present + disable_gpg_check: true when: checkmk_agent_edition == "cre" + +- block: + - name: "Check if checkmk_agent_server is an IP address." + set_fact: + checkmk_agent_server_ip: "{{ checkmk_agent_server }}" + when: checkmk_agent_server_ip is not defined and checkmk_agent_server | ipaddr() + + - name: "Allow Checkmk services access to the agent." + firewalld: + permanent: 'yes' + immediate: 'yes' + state: enabled + rich_rule: 'rule family="ipv4" source address={{ checkmk_agent_server_ip }} port port="6556" protocol="tcp" accept' + when: checkmk_agent_server_ip is defined + ignore_errors: true + become: true + when: checkmk_agent_configure_firewall | bool diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index 550210a90..484f900a9 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -8,18 +8,18 @@ Authorization: "Bearer {{ automation_user }} {{ automation_secret }}" Accept: "application/octet-stream" when: checkmk_agent_edition == "cee" - register: checkmk_host_agent_download_state + register: checkmk_agent_download_state # This task may fail, as we fall back to the generic agent in that case failed_when: 'false' changed_when: 'false' - name: "Suse Derivates: Install host-specific Checkmk CEE Agent." - become: 'yes' + become: true ansible.builtin.zypper: - name: "{{ checkmk_agent_agent.file.host }}" - state: present - disable_gpg_check: yes - when: (checkmk_agent_edition == "cee") and checkmk_host_agent_download_state.status == 200 + name: "{{ checkmk_agent_agent.file.host }}" + state: present + disable_gpg_check: true + when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status == 200 - name: "Suse Derivates: Download GENERIC Checkmk CEE Agent." ansible.builtin.uri: @@ -29,28 +29,28 @@ headers: Authorization: "Bearer {{ automation_user }} {{ automation_secret }}" Accept: "application/octet-stream" - when: (checkmk_agent_edition == "cee") and checkmk_host_agent_download_state.status != 200 + when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 - name: "Suse Derivates: Install Checkmk CRE Agent." - become: 'yes' + become: true ansible.builtin.zypper: - name: "{{ checkmk_agent_agent.file.cre }}" - state: present - disable_gpg_check: yes + name: "{{ checkmk_agent_agent.file.cre }}" + state: present + disable_gpg_check: true when: checkmk_agent_edition == "cre" - name: "Suse Derivates: Install GENERIC Checkmk CEE Agent." - become: 'yes' + become: true ansible.builtin.zypper: - name: "{{ checkmk_agent_agent.file.cee }}" - state: present - disable_gpg_check: yes - when: (checkmk_agent_edition == "cee") and checkmk_host_agent_download_state.status != 200 + name: "{{ checkmk_agent_agent.file.cee }}" + state: present + disable_gpg_check: true + when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 - name: "Suse Derivates: Install Checkmk CRE Agent." - become: 'yes' + become: true ansible.builtin.zypper: - name: "{{ checkmk_agent_agent.file.cre }}" - state: present - disable_gpg_check: yes + name: "{{ checkmk_agent_agent.file.cre }}" + state: present + disable_gpg_check: true when: checkmk_agent_edition == "cre" diff --git a/roles/agent/tasks/legacy.yml b/roles/agent/tasks/legacy.yml new file mode 100644 index 000000000..fd7521c05 --- /dev/null +++ b/roles/agent/tasks/legacy.yml @@ -0,0 +1,11 @@ +--- +- name: "Install xinetd" + ansible.builtin.package: + name: xinetd + state: present + +- name: "Enable xinetd" + ansible.builtin.service: + name: xinetd + state: started + enabled: true diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 643fac90c..408b44d25 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -2,28 +2,65 @@ - name: "Include Derivate specific Variables." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" +- name: "Get RPM or APT package facts." + ansible.builtin.package_facts: + manager: "auto" + +- name: "Import Legacy agent tasks." + ansible.builtin.include_tasks: "legacy.yml" + when: ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 and checkmk_agent_prep_legacy | bool + - name: "Download Checkmk CRE Agent." ansible.builtin.get_url: url: "{{ checkmk_agent_agent.url.cre }}" dest: "{{ checkmk_agent_agent.file.cre }}" + mode: 0640 when: checkmk_agent_edition == "cre" - name: "Run OS Family specific Tasks." ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" +- name: "Create host on server." + tribe29.checkmk.host: + server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}/" + site: "{{ checkmk_agent_site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + folder: "{{ checkmk_agent_folder | default(omit) }}" + host_name: "{{ checkmk_agent_host_name }}" + attributes: + ipaddress: "{{ checkmk_agent_host_ip | default(omit) }}" + tag_agent: 'cmk-agent' # ToDo: Do we want to hardcode this? + register: checkmk_agent_create_result + failed_when: checkmk_agent_create_result.failed is true and "The host is already part of the specified target folder" not in checkmk_agent_create_result.msg + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + when: checkmk_agent_add_host | bool + - name: "Register Agent for automatic Upates." - become: 'yes' + become: true ansible.builtin.shell: | cmk-update-agent register -H {{ inventory_hostname }} \ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ -U {{ automation_user }} -S {{ automation_secret }} - register: checkmk_host_agent_update_state + register: checkmk_agent_update_state when: (checkmk_agent_edition == "cee") and checkmk_agent_update | bool - name: "Register Agent for TLS." - become: 'yes' - ansible.builtin.shell: cmk-agent-ctl register -H {{ inventory_hostname }} \ + become: true + ansible.builtin.shell: | + cmk-agent-ctl register -H {{ inventory_hostname }} \ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ -U {{ automation_user }} -P {{ automation_secret }} --trust-cert - register: checkmk_host_agent_tls_state + register: checkmk_agent_tls_state when: (checkmk_agent_edition == "cee") and checkmk_agent_tls | bool + +- name: "Discover services and labels on host." + tribe29.checkmk.discovery: + server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}/" + site: "{{ checkmk_agent_site }}" + automation_user: "{{ automation_user }}" + automation_secret: "{{ automation_secret }}" + host_name: "{{ checkmk_agent_host_name }}" + state: "fix_all" + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + when: checkmk_agent_discover | bool diff --git a/roles/agent/vars/RedHat.yml b/roles/agent/vars/RedHat.yml index 666e849d7..abfb465da 100644 --- a/roles/agent/vars/RedHat.yml +++ b/roles/agent/vars/RedHat.yml @@ -5,7 +5,7 @@ checkmk_agent_agent: url: cre: "{{ checkmk_agent_site_url }}/check_mk/agents/check-mk-agent-{{ checkmk_agent_version }}-1.noarch.rpm" cee: "{{ checkmk_agent_site_url }}/check_mk/api/1.0/domain-types/agent/actions/download_by_host/invoke" - file: + file: cre: "{{ checkmk_agent_host_tmp_dir }}/check-mk-agent-{{ checkmk_agent_version }}-1.noarch-vanilla.rpm" cee: "{{ checkmk_agent_host_tmp_dir }}/check-mk-agent-{{ checkmk_agent_version }}-1.noarch-generic.rpm" host: "{{ checkmk_agent_host_tmp_dir }}/check-mk-agent-{{ checkmk_agent_version }}-1.noarch-{{ inventory_hostname }}.rpm" diff --git a/roles/server/.yamllint b/roles/server/.yamllint deleted file mode 100644 index 882767605..000000000 --- a/roles/server/.yamllint +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Based on ansible-lint config -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - colons: - max-spaces-after: -1 - level: error - commas: - max-spaces-after: -1 - level: error - comments: disable - comments-indentation: disable - document-start: disable - empty-lines: - max: 3 - level: error - hyphens: - level: error - indentation: disable - key-duplicates: enable - line-length: disable - new-line-at-end-of-file: disable - new-lines: - type: unix - trailing-spaces: disable - truthy: disable diff --git a/roles/server/README.md b/roles/server/README.md index 05a1b1c1f..c231d1534 100644 --- a/roles/server/README.md +++ b/roles/server/README.md @@ -37,6 +37,11 @@ Your credentials to the Checkmk customer portal. Cryptographically verify the downloaded setup file. + checkmk_server_configure_firewall: 'true' + +Automatically open the necessary ports on the Checkmk server for the +web interface to be accessible. + checkmk_server_sites: - name: test version: "{{ checkmk_server_version }}" diff --git a/roles/server/defaults/main.yml b/roles/server/defaults/main.yml index bff2f135c..53c2bd161 100644 --- a/roles/server/defaults/main.yml +++ b/roles/server/defaults/main.yml @@ -2,6 +2,10 @@ checkmk_server_server_stable_os: - Debian 11 - Ubuntu 20 + - CentOS 7 + - CentOS 8 + - RHEL 7 + - RHEL 8 checkmk_server_edition: cre checkmk_server_version: 2.1.0p1 @@ -11,7 +15,8 @@ checkmk_server_download_user: [] checkmk_server_download_pass: [] checkmk_server_sites: [] - # - name: test - # version: "{{ checkmk_server_version }}" - # state: started - # admin_pw: test +# - name: test +# version: "{{ checkmk_server_version }}" +# state: started +# admin_pw: test +checkmk_server_configure_firewall: 'true' diff --git a/roles/server/meta/main.yml b/roles/server/meta/main.yml index cb6616979..05688f3dc 100644 --- a/roles/server/meta/main.yml +++ b/roles/server/meta/main.yml @@ -1,5 +1,6 @@ +--- galaxy_info: - role_name: tribe29.checkmk.server + role_name: server author: Robin Gierse company: tribe29 GmbH @@ -18,7 +19,7 @@ galaxy_info: # - CC-BY-4.0 license: GPL-2.0-or-later - min_ansible_version: 2.4 + min_ansible_version: "2.4" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -30,21 +31,21 @@ galaxy_info: # https://galaxy.ansible.com/api/v1/platforms/ # platforms: - - name: Debian - versions: - - Bullseye - - name: Ubuntu - versions: - - Focal + - name: Debian + versions: + - Bullseye + - name: Ubuntu + versions: + - Focal galaxy_tags: [tribe29, checkmk, monitoring, server] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/roles/server/tasks/Debian.yml b/roles/server/tasks/Debian.yml index 16f6bef85..baf71a52c 100644 --- a/roles/server/tasks/Debian.yml +++ b/roles/server/tasks/Debian.yml @@ -1,6 +1,6 @@ --- - name: "Install Checkmk Server." - become: 'yes' + become: true ansible.builtin.apt: deb: "/tmp/{{ checkmk_server_setup_file }}" update_cache: 'yes' diff --git a/roles/server/tasks/RedHat.yml b/roles/server/tasks/RedHat.yml new file mode 100644 index 000000000..08d2cdb97 --- /dev/null +++ b/roles/server/tasks/RedHat.yml @@ -0,0 +1,30 @@ +--- +- name: "Enable powertools repository." + become: true + ansible.builtin.shell: dnf config-manager --set-enabled powertools # noqa command-instead-of-shell + when: ansible_distribution_major_version == "8" + +- name: "Install Checkmk Server." + become: true + ansible.builtin.yum: + name: "/tmp/{{ checkmk_server_setup_file }}" + state: present + disable_gpg_check: '{{ not checkmk_server_verify_setup | bool }}' + +- name: "Enable httpd can network connect selinux boolean." + become: true + ansible.posix.seboolean: + name: httpd_can_network_connect + state: true + persistent: true + +- name: "Open port 80 for httpd." + become: true + ansible.posix.firewalld: + service: http + permanent: true + immediate: true + state: enabled + with_items: + - "{{ checkmk_server_ports }}" + when: checkmk_server_configure_firewall | bool diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index e55851591..c103bd17b 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -9,18 +9,23 @@ - name: "Include OS Family specific Variables." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" +- name: "Include RHEL Version specific Variables." + ansible.builtin.include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" + when: ansible_os_family == "RedHat" + - name: "Install Checkmk Prerequisites." - become: 'yes' + become: true ansible.builtin.package: name: "{{ item }}" state: present loop: - - "{{ checkmk_server_prerequisites}}" + - "{{ checkmk_server_prerequisites }}" - name: "Download Checkmk Server Setup." ansible.builtin.get_url: url: "{{ checkmk_server_download_url }}" dest: "/tmp/{{ checkmk_server_setup_file }}" + mode: 0640 url_username: "{{ checkmk_server_download_user | default(omit) }}" url_password: "{{ checkmk_server_download_pass | default(omit) }}" @@ -28,22 +33,32 @@ ansible.builtin.get_url: url: "https://download.checkmk.com/checkmk/Check_MK-pubkey.gpg" dest: "/tmp/Check_MK-pubkey.gpg" + mode: 0640 when: checkmk_server_verify_setup | bool -- name: "Import Checkmk GPG Key." - ansible.builtin.command: "gpg --import /tmp/Check_MK-pubkey.gpg" - when: checkmk_server_verify_setup | bool +- name: "GPG Verification on Debian Derivates." + block: + - name: "Import Checkmk GPG Key." + ansible.builtin.command: "gpg --import /tmp/Check_MK-pubkey.gpg" + when: checkmk_server_verify_setup | bool -- name: "Verify Checkmk Setup." - ansible.builtin.command: dpkg-sig --verify "/tmp/{{ checkmk_server_setup_file }}" - register: checkmk_server_verify_state - changed_when: not checkmk_server_verify_state - failed_when: not checkmk_server_verify_state - when: checkmk_server_verify_setup | bool + - name: "Verify Checkmk Setup." + ansible.builtin.command: dpkg-sig --verify "/tmp/{{ checkmk_server_setup_file }}" + register: checkmk_server_verify_state + changed_when: not checkmk_server_verify_state + failed_when: not checkmk_server_verify_state -- name: "Print Verification Output." - debug: - msg: "{{ checkmk_server_verify_state.stdout_lines }} " + - name: "Print Verification Output." + ansible.builtin.debug: + msg: "{{ checkmk_server_verify_state.stdout_lines }} " + when: checkmk_server_verify_setup | bool and ansible_os_family == "Debian" + +- name: "Import Checkmk GPG Key." + become: true + ansible.builtin.rpm_key: + key: "/tmp/Check_MK-pubkey.gpg" + state: present + when: checkmk_server_verify_setup | bool and ansible_os_family == "RedHat" - name: Include OS Family specific Playbook. ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" diff --git a/roles/server/tasks/sites.yml b/roles/server/tasks/sites.yml index 7fd32aec7..8e13e476d 100644 --- a/roles/server/tasks/sites.yml +++ b/roles/server/tasks/sites.yml @@ -1,46 +1,63 @@ +--- - name: "Create Sites." - become: 'yes' - ansible.builtin.shell: "omd -V {{ item.version }}.{{ checkmk_server_edition }} create {{ item.name }}" + become: true + ansible.builtin.shell: | + set -o pipefail + omd -V {{ item.version }}.{{ checkmk_server_edition }} create {{ item.name }} args: + executable: /bin/bash creates: "/omd/sites/{{ item.name }}" - no_log: 'true' + no_log: true loop: "{{ checkmk_server_sites }}" when: item.state != "absent" register: checkmk_server_sites_created - name: "Start Sites." - become: 'yes' - ansible.builtin.shell: "omd start {{ item.name }}" + become: true + ansible.builtin.shell: | + set -o pipefail + omd start {{ item.name }} args: + executable: /bin/bash creates: "/opt/omd/sites/{{ item.name }}/tmp/run/live" - no_log: 'true' + no_log: true loop: "{{ checkmk_server_sites }}" when: item.state == "started" register: checkmk_server_sites_started - name: "Stop Sites." - become: 'yes' - ansible.builtin.shell: "omd stop {{ item.name }}" + become: true + ansible.builtin.shell: | + set -o pipefail + omd stop {{ item.name }} args: + executable: /bin/bash removes: "/opt/omd/sites/{{ item.name }}/tmp/run/live" - no_log: 'true' + no_log: true loop: "{{ checkmk_server_sites }}" when: (item.state == "absent") or (item.state == "stopped") register: checkmk_server_sites_stopped - name: "Destroy Sites." - become: 'yes' - ansible.builtin.shell: "yes yes | omd rm {{ item.name }}" + become: true + ansible.builtin.shell: | + set -o pipefail + (yes yes || true) | omd rm {{ item.name }} args: + executable: /bin/bash removes: "/omd/sites/{{ item.name }}" - no_log: 'true' + # no_log: true loop: "{{ checkmk_server_sites }}" when: item.state == "absent" register: checkmk_server_sites_removed - name: "Update Site Admin Password." - become: 'yes' - ansible.builtin.shell: "echo '{{ item.admin_pw }}' | htpasswd -i /omd/sites/{{ item.name }}/etc/htpasswd cmkadmin" - no_log: 'true' + become: true + ansible.builtin.shell: | + set -o pipefail + echo '{{ item.admin_pw }}' | htpasswd -i /omd/sites/{{ item.name }}/etc/htpasswd cmkadmin + args: + executable: /bin/bash + no_log: true loop: "{{ checkmk_server_sites }}" when: item.state != "absent" diff --git a/roles/server/vars/Debian.yml b/roles/server/vars/Debian.yml index 7ffdb5b0f..107573e05 100644 --- a/roles/server/vars/Debian.yml +++ b/roles/server/vars/Debian.yml @@ -1,5 +1,5 @@ --- -checkmk_server_setup_file: "check-mk-{{ checkmk_server_edition_mapping[checkmk_server_edition] }}-{{ checkmk_server_version }}_0.{{ ansible_distribution_release }}_amd64.deb" +checkmk_server_setup_file: "check-mk-{{ checkmk_server_edition_mapping[checkmk_server_edition] }}-{{ checkmk_server_version }}_0.{{ ansible_distribution_release }}_amd64.deb" # noqa yaml[line-length] checkmk_server_prerequisites: - freeipmi diff --git a/roles/server/vars/RedHat-7.yml b/roles/server/vars/RedHat-7.yml new file mode 100644 index 000000000..b35543240 --- /dev/null +++ b/roles/server/vars/RedHat-7.yml @@ -0,0 +1,2 @@ +--- +python_semanage_package: libsemanage-python diff --git a/roles/server/vars/RedHat-8.yml b/roles/server/vars/RedHat-8.yml new file mode 100644 index 000000000..884a70779 --- /dev/null +++ b/roles/server/vars/RedHat-8.yml @@ -0,0 +1,2 @@ +--- +python_semanage_package: python3-libsemanage diff --git a/roles/server/vars/RedHat.yml b/roles/server/vars/RedHat.yml new file mode 100644 index 000000000..af445533e --- /dev/null +++ b/roles/server/vars/RedHat.yml @@ -0,0 +1,10 @@ +--- +checkmk_server_setup_file: "check-mk-{{ checkmk_server_edition_mapping[checkmk_server_edition] }}-{{ checkmk_server_version }}-el{{ ansible_distribution_major_version }}-38.x86_64.rpm" # noqa yaml[line-length] + +checkmk_server_prerequisites: + - epel-release + - "{{ python_semanage_package }}" + +checkmk_server_ports: + - 80/tcp + - 8000/tcp diff --git a/tests/integration/targets/activation/vars/main.yml b/tests/integration/targets/activation/vars/main.yml index 00bb30caf..2c5e9c001 100644 --- a/tests/integration/targets/activation/vars/main.yml +++ b/tests/integration/targets/activation/vars/main.yml @@ -1,6 +1,6 @@ --- -checkmk_version: "2.0.0p23" -download_url: "https://download.checkmk.com/checkmk/{{ checkmk_version }}/check-mk-raw-{{ checkmk_version }}_0.bionic_amd64.deb" +checkmk_version: "2.0.0p26" +download_url: "https://download.checkmk.com/checkmk/{{ checkmk_version }}/check-mk-raw-{{ checkmk_version }}_0.{{ ansible_distribution_release }}_amd64.deb" site: "test" server_url: "http://127.0.0.1/" automation_user: "cmkadmin" @@ -10,10 +10,10 @@ checkmk_hosts: - name: test1.tld folder: "/" - name: test2.tld - folder: "/" + folder: "/" - name: test3.tld folder: "/" - name: test4.tld - folder: "/" + folder: "/" - name: test5.tld - folder: "/" + folder: "/" diff --git a/tests/integration/targets/downtime/vars/main.yml b/tests/integration/targets/downtime/vars/main.yml index 97bcc1fe4..89800e9e8 100644 --- a/tests/integration/targets/downtime/vars/main.yml +++ b/tests/integration/targets/downtime/vars/main.yml @@ -1,6 +1,6 @@ --- -checkmk_version: "2.0.0p23" -download_url: "https://download.checkmk.com/checkmk/{{ checkmk_version }}/check-mk-raw-{{ checkmk_version }}_0.bionic_amd64.deb" +checkmk_version: "2.0.0p26" +download_url: "https://download.checkmk.com/checkmk/{{ checkmk_version }}/check-mk-raw-{{ checkmk_version }}_0.{{ ansible_distribution_release }}_amd64.deb" site: "test" server_url: "http://127.0.0.1/" automation_user: "cmkadmin" @@ -10,20 +10,20 @@ checkmk_hosts: - name: test1.tld folder: "/" - name: test2.tld - folder: "/" + folder: "/" - name: test3.tld folder: "/" - name: test4.tld - folder: "/" + folder: "/" - name: test5.tld - folder: "/" + folder: "/" - name: test6.tld - folder: "/" + folder: "/" - name: test7.tld - folder: "/" + folder: "/" - name: test8.tld - folder: "/" + folder: "/" - name: test9.tld - folder: "/" + folder: "/" - name: test10.tld folder: "/" diff --git a/tests/integration/targets/folder/vars/main.yml b/tests/integration/targets/folder/vars/main.yml index 0e4536629..4bff995ef 100644 --- a/tests/integration/targets/folder/vars/main.yml +++ b/tests/integration/targets/folder/vars/main.yml @@ -1,6 +1,6 @@ --- -checkmk_version: "2.0.0p23" -download_url: "https://download.checkmk.com/checkmk/{{ checkmk_version }}/check-mk-raw-{{ checkmk_version }}_0.bionic_amd64.deb" +checkmk_version: "2.0.0p26" +download_url: "https://download.checkmk.com/checkmk/{{ checkmk_version }}/check-mk-raw-{{ checkmk_version }}_0.{{ ansible_distribution_release }}_amd64.deb" site: "test" server_url: "http://127.0.0.1/" automation_user: "cmkadmin" diff --git a/tests/integration/targets/host/vars/main.yml b/tests/integration/targets/host/vars/main.yml index 97bcc1fe4..89800e9e8 100644 --- a/tests/integration/targets/host/vars/main.yml +++ b/tests/integration/targets/host/vars/main.yml @@ -1,6 +1,6 @@ --- -checkmk_version: "2.0.0p23" -download_url: "https://download.checkmk.com/checkmk/{{ checkmk_version }}/check-mk-raw-{{ checkmk_version }}_0.bionic_amd64.deb" +checkmk_version: "2.0.0p26" +download_url: "https://download.checkmk.com/checkmk/{{ checkmk_version }}/check-mk-raw-{{ checkmk_version }}_0.{{ ansible_distribution_release }}_amd64.deb" site: "test" server_url: "http://127.0.0.1/" automation_user: "cmkadmin" @@ -10,20 +10,20 @@ checkmk_hosts: - name: test1.tld folder: "/" - name: test2.tld - folder: "/" + folder: "/" - name: test3.tld folder: "/" - name: test4.tld - folder: "/" + folder: "/" - name: test5.tld - folder: "/" + folder: "/" - name: test6.tld - folder: "/" + folder: "/" - name: test7.tld - folder: "/" + folder: "/" - name: test8.tld - folder: "/" + folder: "/" - name: test9.tld - folder: "/" + folder: "/" - name: test10.tld folder: "/"