diff --git a/.github/workflows/ansible-integration-tests.yaml b/.github/workflows/ansible-integration-tests.yaml index e583f21eb..f464a6474 100644 --- a/.github/workflows/ansible-integration-tests.yaml +++ b/.github/workflows/ansible-integration-tests.yaml @@ -43,13 +43,10 @@ jobs: fail-fast: false matrix: ansible: - # - stable-2.9 # Only if your collection supports Ansible 2.9 - # - stable-2.10 - # - stable-2.11 - stable-2.12 - # - devel + - stable-2.13 + - devel python: - # - '2.6' - '2.7' - '3.5' - '3.6' @@ -57,18 +54,13 @@ jobs: - '3.8' - '3.9' - '3.10' + - '3.11' exclude: - # Because ansible-test doesn't support Python 3.9 for Ansible 2.9 - # and Python 3.10 is supported in 2.12 or later. - - ansible: stable-2.9 - python: '3.9' - - ansible: stable-2.9 - python: '3.10' - - ansible: stable-2.10 - python: '3.10' - - ansible: stable-2.11 - python: '3.10' - + # Exclude unsupported sets. + - ansible: stable-2.12 + python: '3.11' + - ansible: stable-2.13 + python: '3.11' steps: - name: Check out code diff --git a/.github/workflows/ansible-sanity-tests.yaml b/.github/workflows/ansible-sanity-tests.yaml index ae7315e40..a44f80ae5 100644 --- a/.github/workflows/ansible-sanity-tests.yaml +++ b/.github/workflows/ansible-sanity-tests.yaml @@ -41,12 +41,9 @@ jobs: strategy: matrix: ansible: - # It's important that Sanity is tested against all stable-X.Y branches - # Testing against `devel` may fail as new tests are added. - # - stable-2.9 # Only if your collection supports Ansible 2.9 - # - stable-2.10 - stable-2.11 - stable-2.12 + - stable-2.13 - devel runs-on: ubuntu-latest steps: diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 231b981b3..a95077e1f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,25 @@ tribe29.checkmk Release Notes .. contents:: Topics +v0.6.0 +====== + +Release Summary +--------------- + +Introducing upgrade management for Checkmk sites! + +Major Changes +------------- + +- Server role - Add support for automatically updating Checkmk. Read the role's README for important information! + +Bugfixes +-------- + +- Agent role - Fix SELinux handling on RedHat. +- Agent role - Fix firewall handling on RedHat. + v0.5.2 ====== diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 128a2f7da..5cbf2680b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -16,21 +16,7 @@ the time available is limited. We will try to be as transparent as possible about what we will include but please do not feel discouraged, if an idea or proposal gets rejected. Instead go on and create something yourself, if you think your approach is viable! There is already a lot of great content -out there and we love seeing you add to that plethora of content! - -## Submitting Issues - -If you encounter any bugs or have ideas for improvements feel free to open an [issue](https://github.com/tribe29/ansible-collection-tribe29.checkmk/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) or even better a [pull request](#Pull-Requests). -Dedicated requirements will be added here as suitable. - -## Pull Requests - -Please open a [pull request](https://github.com/tribe29/ansible-collection-tribe29.checkmk/pulls?q=is%3Apr+is%3Aopen) -if you have something to contribute. -On pull request creation, checks will run and tell you, -if your changes work with the collection. If errors are detected, please try to -fix them and update your pull request accordingly. -If you need help, feel free to ask for it. +out there and we love seeing you add to that plethora of it! ## How to contribute @@ -44,6 +30,20 @@ We do test everything to the best of our abilities, but nothing beats real world scenarios. Also if you can provide a bugfix yourself or you have an addition to the functionality, [pull requests](#Pull-Requests) are appreciated. +### Submitting Issues + +If you encounter any bugs or have ideas for improvements feel free to open an [issue](https://github.com/tribe29/ansible-collection-tribe29.checkmk/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) or even better a [pull request](#Pull-Requests). +Dedicated requirements will be added here as suitable. + +### Pull Requests + +Please open a [pull request](https://github.com/tribe29/ansible-collection-tribe29.checkmk/pulls?q=is%3Apr+is%3Aopen) +if you have something to contribute. +On pull request creation, checks will run and tell you, +if your changes work with the collection. If errors are detected, please try to +fix them and update your pull request accordingly. +If you need help, do ask for it. + ### Changelog When changing this collection, please make sure to write a log of what you did. @@ -59,6 +59,26 @@ Module documentation is compiled during a release and stored as `docs/module.rst but this is not ideal yet. However, please use the inline documentation as seen in the existing modules when creating additional modules. +## Style Guide + +### Commit messages + +* Use the present tense ("Add feature" not "Added feature") +* Use the imperative mood ("Move cursor to..." not "Moves cursor to...") +* The first line is a short title (limit to 72 characters or less) +* Write [good commit messages](https://chris.beams.io/posts/git-commit/) + +### Plugins +Specifics to be done. Stick to general Ansible coding best practices and look out for sanity check gotchas. + +### Roles +The following are guidelines to keep in mind, when changing roles. +- Variables + - Use snake case (`snake_case_variable`) + - Do not prefix the variable with an underscore ( `_` ) +- Tags + - When tagging roles, separate single words with dashes (`my-custom-tag`) + ## Releasing this collection Releasing this collection is automated using GitHub Actions. Before running the action `Release Collection` against the `main` branch, the diff --git a/Vagrantfile b/Vagrantfile index 5081e3618..a1f0c5256 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -20,16 +20,16 @@ Vagrant.configure("2") do |config| $script = <<-SCRIPT apt-get update apt-get install -y python3-pip - pip install -r /vagrant/requirements.txt - ansible-galaxy collection install -f -r /vagrant/requirements.yml - wget "https://download.checkmk.com/checkmk/2.1.0p4/check-mk-raw-2.1.0p4_0.focal_amd64.deb" -O /tmp/checkmk-stable.deb - wget "https://download.checkmk.com/checkmk/2.1.0p4/check-mk-raw-2.1.0p4_0.focal_amd64.deb" -O /tmp/checkmk-beta.deb + wget "https://download.checkmk.com/checkmk/2.1.0p10/check-mk-raw-2.1.0p10_0.focal_amd64.deb" -O /tmp/checkmk-stable.deb + wget "https://download.checkmk.com/checkmk/2.1.0p10/check-mk-raw-2.1.0p10_0.focal_amd64.deb" -O /tmp/checkmk-beta.deb apt-get install -y /tmp/checkmk-stable.deb omd create --admin-password 'cmk' stable apt-get install -y /tmp/checkmk-beta.deb omd create --admin-password 'cmk' beta omd status -b stable || omd start stable omd status -b beta || omd start beta + pip install -r /vagrant/requirements.txt + sudo -u vagrant ansible-galaxy collection install -f -r /vagrant/requirements.yml SCRIPT srv.vm.provision "shell", inline: $script end diff --git a/changelogs/.plugin-cache.yaml b/changelogs/.plugin-cache.yaml index e9d7ae8d3..1bb5250d3 100644 --- a/changelogs/.plugin-cache.yaml +++ b/changelogs/.plugin-cache.yaml @@ -39,4 +39,4 @@ plugins: shell: {} strategy: {} vars: {} -version: 0.5.2 +version: 0.6.0 diff --git a/changelogs/fragments/bugfix_agent_role.yml b/changelogs/archive/0.6.0/bugfix_agent_role.yml similarity index 100% rename from changelogs/fragments/bugfix_agent_role.yml rename to changelogs/archive/0.6.0/bugfix_agent_role.yml diff --git a/changelogs/archive/0.6.0/release_summary.yml b/changelogs/archive/0.6.0/release_summary.yml new file mode 100644 index 000000000..7e880d974 --- /dev/null +++ b/changelogs/archive/0.6.0/release_summary.yml @@ -0,0 +1,4 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to + +# WARNING Found no release_summary section in the changelog for this release. While this is not required, we suggest to add one with basic information on the release. +release_summary: "Introducing upgrade management for Checkmk sites!" diff --git a/changelogs/fragments/server_update_feature.yml b/changelogs/archive/0.6.0/server_update_feature.yml similarity index 100% rename from changelogs/fragments/server_update_feature.yml rename to changelogs/archive/0.6.0/server_update_feature.yml diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 20d1e0dbf..d93726f72 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -166,3 +166,17 @@ releases: - bugfix_agent_role.yml - bugfix_discovery_http_timeout.yml release_date: '2022-08-04' + 0.6.0: + changes: + bugfixes: + - Agent role - Fix SELinux handling on RedHat. + - Agent role - Fix firewall handling on RedHat. + major_changes: + - Server role - Add support for automatically updating Checkmk. Read the role's + README for important information! + release_summary: Introducing upgrade management for Checkmk sites! + fragments: + - bugfix_agent_role.yml + - release_summary.yml + - server_update_feature.yml + release_date: '2022-08-25' diff --git a/changelogs/fragments/agent_role.yml b/changelogs/fragments/agent_role.yml new file mode 100644 index 000000000..30f600af7 --- /dev/null +++ b/changelogs/fragments/agent_role.yml @@ -0,0 +1,54 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to + +minor_changes: + - Agent role - Host attributes can be fully customized now. + - Agent role - Check for agent updater and controller binaries. Skip registration if respective binary is missing. + - Agent role - Label role. This enables skipping or running tasks exclusively. See the README for a detailed list. + +bugfixes: + - Agent role - Support CFE properly. + - Agent role - Support both normal and automation users properly. + +# known_issues: +# - This release is still in development and a heavy work in progress. +# - Discovery module is not feature complete yet. +# - Downtime module is not fully idempotent yet. This affects service downtimes and deletions. + +## Line Format +# When writing a changelog entry, use the following format: + +# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + +# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin). + +# For changes that are not really scoped (for example, which affect a whole collection), use the following format: + +# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + + +## Possible keys: + +# breaking_changes + +# Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides. +# major_changes + +# Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides. +# minor_changes + +# Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters. +# deprecated_features + +# Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides. +# removed_features + +# Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides. +# security_fixes + +# Fixes that address CVEs or resolve security concerns. Include links to CVE information. +# bugfixes + +# Fixes that resolve issues. +# known_issues + +# Known issues that are currently not fixed or will not be fixed. diff --git a/changelogs/fragments/bugfix_activation_module.yml b/changelogs/fragments/bugfix_activation_module.yml new file mode 100644 index 000000000..a4cbd939d --- /dev/null +++ b/changelogs/fragments/bugfix_activation_module.yml @@ -0,0 +1,49 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to + +bugfixes: + - Activation module - Fix waiting for activation completion (#103). + - Activation module - Fix possible race condition. (#123). + +# known_issues: +# - This release is still in development and a heavy work in progress. +# - Discovery module is not feature complete yet. +# - Downtime module is not fully idempotent yet. This affects service downtimes and deletions. + +## Line Format +# When writing a changelog entry, use the following format: + +# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + +# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin). + +# For changes that are not really scoped (for example, which affect a whole collection), use the following format: + +# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + + +## Possible keys: + +# breaking_changes + +# Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides. +# major_changes + +# Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides. +# minor_changes + +# Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters. +# deprecated_features + +# Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides. +# removed_features + +# Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides. +# security_fixes + +# Fixes that address CVEs or resolve security concerns. Include links to CVE information. +# bugfixes + +# Fixes that resolve issues. +# known_issues + +# Known issues that are currently not fixed or will not be fixed. diff --git a/changelogs/fragments/release_summary.yml b/changelogs/fragments/release_summary.yml index 7e880d974..3b624d851 100644 --- a/changelogs/fragments/release_summary.yml +++ b/changelogs/fragments/release_summary.yml @@ -1,4 +1,3 @@ # https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to -# WARNING Found no release_summary section in the changelog for this release. While this is not required, we suggest to add one with basic information on the release. -release_summary: "Introducing upgrade management for Checkmk sites!" +release_summary: "Lots of love for the agent role!" diff --git a/changelogs/fragments/server_role.yml b/changelogs/fragments/server_role.yml new file mode 100644 index 000000000..085d28db7 --- /dev/null +++ b/changelogs/fragments/server_role.yml @@ -0,0 +1,48 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to + +minor_changes: + - Server role - Label role. This enables skipping or running tasks exclusively. See the README for a detailed list. + +# known_issues: +# - This release is still in development and a heavy work in progress. +# - Discovery module is not feature complete yet. +# - Downtime module is not fully idempotent yet. This affects service downtimes and deletions. + +## Line Format +# When writing a changelog entry, use the following format: + +# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + +# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin). + +# For changes that are not really scoped (for example, which affect a whole collection), use the following format: + +# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + + +## Possible keys: + +# breaking_changes + +# Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides. +# major_changes + +# Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides. +# minor_changes + +# Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters. +# deprecated_features + +# Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides. +# removed_features + +# Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides. +# security_fixes + +# Fixes that address CVEs or resolve security concerns. Include links to CVE information. +# bugfixes + +# Fixes that resolve issues. +# known_issues + +# Known issues that are currently not fixed or will not be fixed. diff --git a/docs/activation_module.rst b/docs/activation_module.rst index 7df118935..817effec0 100644 --- a/docs/activation_module.rst +++ b/docs/activation_module.rst @@ -1,3 +1,4 @@ + .. Document meta :orphan: @@ -42,11 +43,7 @@ tribe29.checkmk.activation module -- Activate changes in Checkmk. .. Collection note .. note:: - This module is part of the `tribe29.checkmk collection `_ (version 0.5.1). - - You might already have this collection installed if you are using the ``ansible`` package. - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. + This module is part of the `tribe29.checkmk collection `_ (version 0.6.0). To install it, use: :code:`ansible-galaxy collection install tribe29.checkmk`. @@ -200,8 +197,8 @@ Parameters :ansible-option-choices:`Choices:` - - :ansible-option-default-bold:`no` :ansible-option-default:`← (default)` - - :ansible-option-choices-entry:`yes` + - :ansible-option-default-bold:`false` :ansible-option-default:`← (default)` + - :ansible-option-choices-entry:`true` .. raw:: html @@ -417,7 +414,7 @@ Common return values are documented :ref:`here `, the foll .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample - :ansible-option-sample-bold:`Sample:` "200" + :ansible-option-sample-bold:`Sample:` 200 .. raw:: html diff --git a/docs/discovery_module.rst b/docs/discovery_module.rst index c220e1cb4..cb9027384 100644 --- a/docs/discovery_module.rst +++ b/docs/discovery_module.rst @@ -1,3 +1,4 @@ + .. Document meta :orphan: @@ -42,11 +43,7 @@ tribe29.checkmk.discovery module -- Discover services in Checkmk. .. Collection note .. note:: - This module is part of the `tribe29.checkmk collection `_ (version 0.5.1). - - You might already have this collection installed if you are using the ``ansible`` package. - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. + This module is part of the `tribe29.checkmk collection `_ (version 0.6.0). To install it, use: :code:`ansible-galaxy collection install tribe29.checkmk`. @@ -406,7 +403,7 @@ Common return values are documented :ref:`here `, the foll .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample - :ansible-option-sample-bold:`Sample:` "200" + :ansible-option-sample-bold:`Sample:` 200 .. raw:: html diff --git a/docs/downtime_module.rst b/docs/downtime_module.rst index a6e2bde7d..262a0300e 100644 --- a/docs/downtime_module.rst +++ b/docs/downtime_module.rst @@ -1,3 +1,4 @@ + .. Document meta :orphan: @@ -42,11 +43,7 @@ tribe29.checkmk.downtime module -- Manage downtimes in Checkmk. .. Collection note .. note:: - This module is part of the `tribe29.checkmk collection `_ (version 0.5.1). - - You might already have this collection installed if you are using the ``ansible`` package. - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. + This module is part of the `tribe29.checkmk collection `_ (version 0.6.0). To install it, use: :code:`ansible-galaxy collection install tribe29.checkmk`. @@ -226,7 +223,7 @@ Parameters
- Duration in seconds. When set, the downtime does not begin automatically at a nominated time, but when a non-OK status actually appears for the host. Consequently, the start_time and end_time is only the time window in which the scheduled downtime can occur. + Duration in seconds. When set, the downtime does not begin automatically at a nominated time, but when a non-OK status actually appears for the host. Consequently, the start\_time and end\_time is only the time window in which the scheduled downtime can occur. .. rst-class:: ansible-option-line @@ -347,8 +344,8 @@ Parameters :ansible-option-choices:`Choices:` - - :ansible-option-default-bold:`no` :ansible-option-default:`← (default)` - - :ansible-option-choices-entry:`yes` + - :ansible-option-default-bold:`false` :ansible-option-default:`← (default)` + - :ansible-option-choices-entry:`true` .. raw:: html diff --git a/docs/folder_module.rst b/docs/folder_module.rst index aaf8e1742..89b0431c6 100644 --- a/docs/folder_module.rst +++ b/docs/folder_module.rst @@ -1,3 +1,4 @@ + .. Document meta :orphan: @@ -42,11 +43,7 @@ tribe29.checkmk.folder module -- Manage folders in Checkmk. .. Collection note .. note:: - This module is part of the `tribe29.checkmk collection `_ (version 0.5.1). - - You might already have this collection installed if you are using the ``ansible`` package. - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. + This module is part of the `tribe29.checkmk collection `_ (version 0.6.0). To install it, use: :code:`ansible-galaxy collection install tribe29.checkmk`. diff --git a/docs/host_module.rst b/docs/host_module.rst index 1741b5d64..5032cd232 100644 --- a/docs/host_module.rst +++ b/docs/host_module.rst @@ -1,3 +1,4 @@ + .. Document meta :orphan: @@ -42,11 +43,7 @@ tribe29.checkmk.host module -- Manage hosts in Checkmk. .. Collection note .. note:: - This module is part of the `tribe29.checkmk collection `_ (version 0.5.1). - - You might already have this collection installed if you are using the ``ansible`` package. - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. + This module is part of the `tribe29.checkmk collection `_ (version 0.6.0). To install it, use: :code:`ansible-galaxy collection install tribe29.checkmk`. diff --git a/docs/index.rst b/docs/index.rst index 6b5cbc4df..232627c46 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,11 +1,12 @@ + .. _plugins_in_tribe29.checkmk: Tribe29.Checkmk =============== -Collection version 0.5.1 +Collection version 0.6.0 .. contents:: :local: diff --git a/galaxy.yml b/galaxy.yml index b37464af4..a0c28b9c9 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: tribe29 name: checkmk # The version of the collection. Must be compatible with semantic versioning -version: 0.6.0 +version: 0.7.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/plugins/modules/activation.py b/plugins/modules/activation.py index 5861dc563..df6ac6f05 100644 --- a/plugins/modules/activation.py +++ b/plugins/modules/activation.py @@ -79,6 +79,8 @@ sample: 'Changes activated.' """ +import time + from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.urls import fetch_url @@ -137,7 +139,7 @@ def run_module(): params = { "force_foreign_changes": module.params.get("force_foreign_changes", ""), - "redirect": True, # ToDo: Do we need this? Does it need to be configurable? + "redirect": False, "sites": sites, } @@ -167,6 +169,10 @@ def run_module(): if result["failed"]: module.fail_json(**result) + # Work around a possible race condition in the activation process. + # The sleep can be removed, once this is stable on Checkmk's and. + time.sleep(3) + module.exit_json(**result) diff --git a/requirements.txt b/requirements.txt index 795de5222..9e115a3da 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ ansible >= 4.10.0 antsibull-changelog >= 0.12.0 -antsibull-docs >= 1.1.0 \ No newline at end of file +antsibull-docs >= 1.1.0 +jinja2 >= 3.0.0 \ No newline at end of file diff --git a/requirements.yml b/requirements.yml index a03791128..c5ee1c7a9 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,4 @@ --- collections: - name: tribe29.checkmk - version: 0.6.0 + version: 0.7.0 diff --git a/roles/agent/README.md b/roles/agent/README.md index d5c533b0d..b321836bb 100644 --- a/roles/agent/README.md +++ b/roles/agent/README.md @@ -37,9 +37,15 @@ The name of your Checkmk site. The user used to authenticate against your Checkmk site. - checkmk_agent_pass: SECRET + checkmk_agent_pass: "{{ automation_secret }}" -The password for the user used to authenticate against your Checkmk site. +The password for the normal user used to authenticate against your Checkmk site. +This is mutually exclusive with `checkmk_agent_secret`! + + checkmk_agent_secret: "{{ automation_secret }}" + +The secret for the automation user used to authenticate against your Checkmk site. +This is mutually exclusive with `checkmk_agent_pass`! checkmk_agent_add_host: 'false' @@ -79,6 +85,26 @@ Define the hostname which will be used to add the host to Checkmk. Define an IP address which will be added to the host in Checkmk. This is optional, as long as the hostname is DNS-resolvable. + checkmk_agent_host_attributes: + ipaddress: "{{ checkmk_agent_host_ip | default(omit) }}" + tag_agent: 'cmk-agent' + +Define attributes with which the host will be added to Checkmk. + +## Tags +Tasks are tagged with the following tags: +| Tag | Purpose | +| ---- | ------- | +| `download-package` | Download agent package. | +| `install-package` | Install agent package with package manager. | +| `install-prerequisites` | Install packages that are required for the role or agent to work. | +| `include-os-family-vars` | Include OS family specific variables. | +| `include-os-family-tasks` | Include OS family specific tasks. | +| `get-package-facts` | Get package facts, used in the role. | +| `enable-xinetd` | Enable xinetd on hosts with systemd prior to version 220. | + +You can use Ansible to skip tasks, or only run certain tasks by using these tags. By default, all tasks are run when no tags are specified. + ## Dependencies diff --git a/roles/agent/defaults/main.yml b/roles/agent/defaults/main.yml index 148eb3f4d..d78d1ebf8 100644 --- a/roles/agent/defaults/main.yml +++ b/roles/agent/defaults/main.yml @@ -5,7 +5,11 @@ checkmk_agent_protocol: http checkmk_agent_server: localhost checkmk_agent_site: my_site checkmk_agent_user: "{{ automation_user | default('automation') }}" -checkmk_agent_pass: "{{ automation_secret | default('SECRET') }}" + +# Depending on which user you will be using, set the password or secret: +# checkmk_agent_pass: "{{ automation_secret }}" +# checkmk_agent_secret: "{{ automation_secret }}" + checkmk_agent_add_host: 'false' checkmk_agent_discover: 'false' checkmk_agent_update: 'false' @@ -14,6 +18,9 @@ checkmk_agent_configure_firewall: 'true' checkmk_agent_prep_legacy: 'false' checkmk_agent_delegate_api_calls: localhost checkmk_agent_host_name: "{{ inventory_hostname }}" +checkmk_agent_host_attributes: + ipaddress: "{{ checkmk_agent_host_ip | default(omit) }}" + tag_agent: 'cmk-agent' # If you trust your local hostnames, you could also use the following # to use the local hostname instead of the inventory hostname: diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index 09b3c9586..22064af2a 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -1,5 +1,5 @@ --- -- name: "Debian Derivates: Download host-specific Checkmk CEE Agent." +- name: "Debian Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_deb&agent_type=host_name" dest: "{{ checkmk_agent_agent.file.host }}" @@ -7,20 +7,26 @@ headers: Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" Accept: "application/octet-stream" - when: checkmk_agent_edition == "cee" + when: checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" register: checkmk_agent_download_state # This task may fail, as we fall back to the generic agent in that case failed_when: 'false' changed_when: 'false' + tags: + - download-package -- name: "Debian Derivates: Install host-specific Checkmk CEE Agent." +- name: "Debian Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.host }}" state: present - when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status == 200 + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_download_state.status == 200 + tags: + - install-package -- name: "Debian Derivates: Download GENERIC Checkmk CEE Agent." +- name: "Debian Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -28,14 +34,22 @@ headers: Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" Accept: "application/octet-stream" - when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_download_state.status != 200 + tags: + - download-package -- name: "Debian Derivates: Install GENERIC Checkmk CEE Agent." +- name: "Debian Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cee }}" state: present - when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_download_state.status != 200 + tags: + - install-package - name: "Debian Derivates: Install Checkmk CRE Agent." become: true @@ -43,3 +57,5 @@ deb: "{{ checkmk_agent_agent.file.cre }}" state: present when: checkmk_agent_edition == "cre" + tags: + - install-package diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index 77439059c..58b70407d 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -1,5 +1,5 @@ --- -- name: "RedHat Derivates: Download host-specific Checkmk CEE Agent." +- name: "RedHat Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_rpm&agent_type=host_name" dest: "{{ checkmk_agent_agent.file.host }}" @@ -7,21 +7,27 @@ headers: Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" Accept: "application/octet-stream" - when: checkmk_agent_edition == "cee" + when: checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" register: checkmk_agent_download_state # This task may fail, as we fall back to the generic agent in that case failed_when: 'false' changed_when: 'false' + tags: + - download-package -- name: "RedHat Derivates: Install host-specific Checkmk CEE Agent." +- name: "RedHat Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.host }}" state: present disable_gpg_check: true - when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status == 200 + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_download_state.status == 200 + tags: + - install-package -- name: "RedHat Derivates: Download GENERIC Checkmk CEE Agent." +- name: "RedHat Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -29,7 +35,11 @@ headers: Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" Accept: "application/octet-stream" - when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_download_state.status != 200 + tags: + - download-package - name: "RedHat Derivates: Install Checkmk CRE Agent." become: true @@ -38,14 +48,20 @@ state: present disable_gpg_check: true when: checkmk_agent_edition == "cre" + tags: + - install-package -- name: "RedHat Derivates: Install GENERIC Checkmk CEE Agent." +- name: "RedHat Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cee }}" state: present disable_gpg_check: true - when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_download_state.status != 200 + tags: + - install-package - name: "RedHat Derivates: Install Checkmk CRE Agent." become: true @@ -54,6 +70,8 @@ state: present disable_gpg_check: true when: checkmk_agent_edition == "cre" + tags: + - install-package - name: "Configure Firewall for Agent." block: diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index 858d82be3..ed41a9990 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -1,5 +1,5 @@ --- -- name: "Suse Derivates: Download host-specific Checkmk CEE Agent." +- name: "Suse Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_rpm&agent_type=host_name" dest: "{{ checkmk_agent_agent.file.host }}" @@ -7,21 +7,27 @@ headers: Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" Accept: "application/octet-stream" - when: checkmk_agent_edition == "cee" + when: checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" register: checkmk_agent_download_state # This task may fail, as we fall back to the generic agent in that case failed_when: 'false' changed_when: 'false' + tags: + - download-package -- name: "Suse Derivates: Install host-specific Checkmk CEE Agent." +- name: "Suse Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.host }}" state: present disable_gpg_check: true - when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status == 200 + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_download_state.status == 200 + tags: + - install-package -- name: "Suse Derivates: Download GENERIC Checkmk CEE Agent." +- name: "Suse Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -29,7 +35,11 @@ headers: Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" Accept: "application/octet-stream" - when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_download_state.status != 200 + tags: + - download-package - name: "Suse Derivates: Install Checkmk CRE Agent." become: true @@ -38,14 +48,20 @@ state: present disable_gpg_check: true when: checkmk_agent_edition == "cre" + tags: + - install-package -- name: "Suse Derivates: Install GENERIC Checkmk CEE Agent." +- name: "Suse Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.cee }}" state: present disable_gpg_check: true - when: (checkmk_agent_edition == "cee") and checkmk_agent_download_state.status != 200 + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_download_state.status != 200 + tags: + - install-package - name: "Suse Derivates: Install Checkmk CRE Agent." become: true @@ -54,3 +70,5 @@ state: present disable_gpg_check: true when: checkmk_agent_edition == "cre" + tags: + - install-package diff --git a/roles/agent/tasks/legacy.yml b/roles/agent/tasks/legacy.yml index fd7521c05..85ad77dea 100644 --- a/roles/agent/tasks/legacy.yml +++ b/roles/agent/tasks/legacy.yml @@ -1,11 +1,18 @@ --- - name: "Install xinetd" + become: true ansible.builtin.package: name: xinetd state: present + tags: + - install-package + - install-prerequisites - name: "Enable xinetd" + become: true ansible.builtin.service: name: xinetd state: started enabled: true + tags: + - enable-xinetd diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 91c27f72d..f4763433d 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -1,14 +1,20 @@ --- - name: "Include Derivate specific Variables." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-vars - name: "Get RPM or APT package facts." ansible.builtin.package_facts: manager: "auto" + tags: + - get-package-facts - name: "Import Legacy agent tasks." ansible.builtin.include_tasks: "legacy.yml" - when: ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 and checkmk_agent_prep_legacy | bool + when: | + checkmk_agent_prep_legacy | bool + and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 - name: "Download Checkmk CRE Agent." ansible.builtin.get_url: @@ -16,9 +22,13 @@ dest: "{{ checkmk_agent_agent.file.cre }}" mode: 0640 when: checkmk_agent_edition == "cre" + tags: + - download-package - name: "Run OS Family specific Tasks." ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-tasks - name: "Create host on server." tribe29.checkmk.host: @@ -28,31 +38,75 @@ automation_secret: "{{ checkmk_agent_pass }}" folder: "{{ checkmk_agent_folder | default(omit) }}" host_name: "{{ checkmk_agent_host_name }}" - attributes: - ipaddress: "{{ checkmk_agent_host_ip | default(omit) }}" - tag_agent: 'cmk-agent' # ToDo: Do we want to hardcode this? + attributes: "{{ checkmk_agent_host_attributes }}" register: checkmk_agent_create_result - failed_when: checkmk_agent_create_result.failed is true and "The host is already part of the specified target folder" not in checkmk_agent_create_result.msg + failed_when: | + checkmk_agent_create_result.failed is true + and "The host is already part of the specified target folder" not in checkmk_agent_create_result.msg delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_add_host | bool -- name: "Register Agent for automatic Upates." +- name: "Check for Agent Updater Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-update-agent + register: checkmk_agent_updater_binary + +- name: "Check for Agent Controller Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-agent-ctl + register: checkmk_agent_controller_binary + +- name: "Register Agent for automatic Upates using User Password." + become: true + ansible.builtin.shell: | + cmk-update-agent register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ + -U {{ checkmk_agent_user }} -P {{ checkmk_agent_pass }} + register: checkmk_agent_update_state + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_updater_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_pass is defined and checkmk_agent_pass | length) + +- name: "Register Agent for automatic Upates using Automation Secret." become: true ansible.builtin.shell: | cmk-update-agent register -H {{ checkmk_agent_host_name }} \ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ -U {{ checkmk_agent_user }} -S {{ checkmk_agent_pass }} register: checkmk_agent_update_state - when: (checkmk_agent_edition == "cee") and checkmk_agent_update | bool + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_updater_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_secret is defined and checkmk_agent_secret | length) -- name: "Register Agent for TLS." +- name: "Register Agent for TLS using User Password." become: true ansible.builtin.shell: | cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ -U {{ checkmk_agent_user }} -P {{ checkmk_agent_pass }} --trust-cert register: checkmk_agent_tls_state - when: (checkmk_agent_edition == "cee") and checkmk_agent_tls | bool + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + and (checkmk_agent_pass is defined and checkmk_agent_pass | length) + +- name: "Register Agent for TLS using Automation Secret." + become: true + ansible.builtin.shell: | + cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ + -U {{ checkmk_agent_user }} -S {{ checkmk_agent_pass }} --trust-cert + register: checkmk_agent_tls_state + when: | + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + and checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + and (checkmk_agent_secret is defined and checkmk_agent_secret | length) - name: "Discover services and labels on host." tribe29.checkmk.discovery: diff --git a/roles/server/README.md b/roles/server/README.md index a60298c77..2d68b66e4 100644 --- a/roles/server/README.md +++ b/roles/server/README.md @@ -68,6 +68,30 @@ Directory to backup sites to when updating between versions. Whether to back up sites when updating between versions. Only disable this if you plan on taking manual backups checkmk_server_backup_on_update: 'true' + +## Tags +Tasks are tagged with the following tags: +| Tag | Purpose | +| ---- | ------- | +| `download-package` | Download server package. | +| `install-package` | Install server package with package manager. | +| `install-prerequisites` | Install packages that are required for the role or server to work. | +| `download-gpg-key` | Download Checkmk GPG key for verifying the package. | +| `import-gpg-key` | Import the downloaded Checkmk GPG key for verifying the package. | +| `include-os-family-vars` | Include OS family specific variables. | +| `include-rhel-version-vars` | Include RHEL version specific variables. | +| `set-selinux-boolean` | Set necessary SELinux booleans for Checkmk to work on SELinux enabled systems. | +| `enable-powertools` | Enable the powertools repository on RHEL based systems. Required for some dependencies of Checkmk. | +| `create-sites` | Create sites on the Checkmk server. | +| `update-sites` | Update sites on the Checkmk server. | +| `start-sites` | Start sites on the Checkmk server. | +| `stop-sites` | Stop sites on the Checkmk server. | +| `destroy-sites` | Destroy sites on the Checkmk server. | +| `set-site-admin-pw` | Set the cmkadmin password of a site. | +| `update-pause` | Pause with a warning when updating a site. | + +You can use Ansible to skip tasks, or only run certain tasks by using these tags. By default, all tasks are run when no tags are specified. + ## Dependencies diff --git a/roles/server/tasks/Debian.yml b/roles/server/tasks/Debian.yml index baf71a52c..ff57a48ce 100644 --- a/roles/server/tasks/Debian.yml +++ b/roles/server/tasks/Debian.yml @@ -5,3 +5,5 @@ deb: "/tmp/{{ checkmk_server_setup_file }}" update_cache: 'yes' state: present + tags: + - install-package diff --git a/roles/server/tasks/RedHat.yml b/roles/server/tasks/RedHat.yml index 1d1115226..90e09159c 100644 --- a/roles/server/tasks/RedHat.yml +++ b/roles/server/tasks/RedHat.yml @@ -3,6 +3,8 @@ become: true ansible.builtin.shell: dnf config-manager --set-enabled powertools # noqa command-instead-of-shell when: ansible_distribution_major_version == "8" + tags: + - enable-powertools - name: "Install Checkmk Server." become: true @@ -10,6 +12,8 @@ name: "/tmp/{{ checkmk_server_setup_file }}" state: present disable_gpg_check: '{{ not checkmk_server_verify_setup | bool }}' + tags: + - install-package - name: "Enable httpd can network connect selinux boolean." become: true @@ -18,6 +22,8 @@ state: true persistent: true when: ansible_facts.selinux.status == 'enabled' + tags: + - set-selinux-boolean - name: "Open firewall ports." become: true diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index c103bd17b..305b5a6c6 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -8,10 +8,14 @@ - name: "Include OS Family specific Variables." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-vars - name: "Include RHEL Version specific Variables." ansible.builtin.include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" when: ansible_os_family == "RedHat" + tags: + - include-rhel-version-vars - name: "Install Checkmk Prerequisites." become: true @@ -20,6 +24,9 @@ state: present loop: - "{{ checkmk_server_prerequisites }}" + tags: + - install-package + - install-prerequisites - name: "Download Checkmk Server Setup." ansible.builtin.get_url: @@ -28,6 +35,8 @@ mode: 0640 url_username: "{{ checkmk_server_download_user | default(omit) }}" url_password: "{{ checkmk_server_download_pass | default(omit) }}" + tags: + - download-package - name: "Download Checkmk GPG Key." ansible.builtin.get_url: @@ -35,12 +44,18 @@ dest: "/tmp/Check_MK-pubkey.gpg" mode: 0640 when: checkmk_server_verify_setup | bool + tags: + - download-gpg-key - name: "GPG Verification on Debian Derivates." block: - name: "Import Checkmk GPG Key." ansible.builtin.command: "gpg --import /tmp/Check_MK-pubkey.gpg" + register: checkmk_gpg_import when: checkmk_server_verify_setup | bool + changed_when: "'imported: 1' in checkmk_gpg_import" + tags: + - import-gpg-key - name: "Verify Checkmk Setup." ansible.builtin.command: dpkg-sig --verify "/tmp/{{ checkmk_server_setup_file }}" @@ -59,6 +74,8 @@ key: "/tmp/Check_MK-pubkey.gpg" state: present when: checkmk_server_verify_setup | bool and ansible_os_family == "RedHat" + tags: + - import-gpg-key - name: Include OS Family specific Playbook. ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" diff --git a/roles/server/tasks/sites.yml b/roles/server/tasks/sites.yml index c1f41a0b6..687beb9e4 100644 --- a/roles/server/tasks/sites.yml +++ b/roles/server/tasks/sites.yml @@ -11,6 +11,8 @@ loop: "{{ checkmk_server_sites }}" when: item.state != "absent" register: checkmk_server_sites_created + tags: + - create-sites - name: "Get site version." become: true @@ -23,11 +25,15 @@ changed_when: "checkmk_server_sites_versions.stdout != item.version + '.' + checkmk_server_edition" when: item.state != "absent" register: checkmk_server_sites_versions + tags: + - update-sites - name: "Include update site tasks." ansible.builtin.include_tasks: update-site.yml loop: "{{ checkmk_server_sites_versions.results }}" when: "item.changed" + tags: + - update-sites - name: "Start Sites." become: true @@ -41,6 +47,8 @@ loop: "{{ checkmk_server_sites }}" when: item.state == "started" register: checkmk_server_sites_started + tags: + - start-sites - name: "Stop Sites." become: true @@ -54,6 +62,8 @@ loop: "{{ checkmk_server_sites }}" when: (item.state == "absent") or (item.state == "stopped") register: checkmk_server_sites_stopped + tags: + - stop-sites - name: "Destroy Sites." become: true @@ -67,6 +77,8 @@ loop: "{{ checkmk_server_sites }}" when: item.state == "absent" register: checkmk_server_sites_removed + tags: + - destroy-sites - name: "Update Site Admin Password." become: true @@ -78,3 +90,5 @@ no_log: true loop: "{{ checkmk_server_sites }}" when: item.state != "absent" + tags: + - set-site-admin-pw diff --git a/roles/server/tasks/update-site.yml b/roles/server/tasks/update-site.yml index 2266c49b0..e7f53fc29 100644 --- a/roles/server/tasks/update-site.yml +++ b/roles/server/tasks/update-site.yml @@ -31,6 +31,8 @@ This can take a while! The site will be down during the update when: | item.item.version | regex_replace('p.*', '') == item.stdout | regex_replace('p.*', '') + tags: + - update-pause - name: "Long pause for major update." ansible.builtin.pause: @@ -42,6 +44,8 @@ This can take a while! The site will be down during the update when: | item.item.version | regex_replace('p.*', '') != item.stdout | regex_replace('p.*', '') + tags: + - update-pause - name: "Create backup of site." become: true