test: add forgejo workflow

chore: fix syntax for ansible lint
chore: replace apt_key to get_url
2024-05-09 11:45:13 +02:00 · 2024-05-07 22:39:05 +02:00 · 2024-05-07 22:27:45 +02:00 · 2024-05-07 20:17:14 +02:00 · 2024-03-13 21:42:57 +01:00 · 2024-03-13 21:42:57 +01:00
20 changed files with 265 additions and 116 deletions
--- a/.forgejo/workflows/molecule.yml
+++ b/.forgejo/workflows/molecule.yml
@ -0,0 +1,18 @@
+---
+on: [push]
+jobs:
+  lint:
+    runs-on: docker
+    container:
+      image: code.waks.be/nishiki/molecule:docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: ansible-lint .
+      - run: yamllint .
+  molecule:
+    runs-on: docker
+    container:
+      image: code.waks.be/nishiki/molecule:docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: molecule test
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -0,0 +1,10 @@
+---
+image: nishiki/molecule:docker
+
+before_script:
+  - molecule --version
+
+molecule:
+  stage: test
+  script:
+    - molecule test
--- a/.yamllint
+++ b/.yamllint
@ -2,11 +2,11 @@
 extends: default

 ignore: |
-  .kitchen/*
+  .kitchen*
  vendor/
+  .forgejo/

 rules:
  line-length:
    max: 120
    level: warning
-  truthy: false
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,25 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)

 ## [Unreleased]

+### Added
+
+- add dependencies
+- add options in host
+
+### Changed
+
+- test: use personal docker registry
+
+### Fixed
+
+- bug in check command template
+- bug in user template
+- add multiple value type in service vars
+
+### Removed
+
+- test: remove support debian11
+
 ## v1.0.0 - 2021-08-15

 - first version
--- a/README.md
+++ b/README.md
@ -1,16 +1,16 @@
 # Ansible role: Icinga2

-[![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-icinga2/releases)
-[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-icinga2/src/branch/master/LICENSE)
+[![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://code.waks.be/nishiki/ansible-role-icinga2/releases)
+[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-icinga2/src/branch/main/LICENSE)
+[![Build](https://code.waks.be/nishiki/ansible-role-icinga2/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-icinga2/actions?workflow=molecule.yml)

 Install and configure Icinga2

 ## Requirements

-* Ansible >= 2.9
-* Debian
-  * Buster
-  * Bullseye
+- Ansible >= 2.9
+- Debian
+  - Bookworm

 ## Role variables

@ -117,7 +117,7 @@ Install and configure Icinga2
      - admin
 ```

- `icinga2_api_users` - hash with the user configuration for the API access 
+- `icinga2_api_users` - hash with the user configuration for the API access

 ```
  icingaweb2:
@ -148,6 +148,19 @@ Install and configure Icinga2
      monday: 00:05-00:10
 ```

+- `icinga2_dependencies` - hash with dependencies configuration ([view all options](https://icinga.com/docs/icinga-2/latest/doc/09-object-types/#dependency))
+
+```
+  postgresql-port:
+    parent_host_name: host.name
+    parent_service_name: postgresql-service
+    child_service_name: postgresql-port
+    disable_notifications: true
+    states:
+      - DOWN
+    assign: '"postgresql" in host.groups'
+```
+
 - `icinga2_notifications` - hash with notifications configuration

 ```
@ -232,10 +245,10 @@ Install and configure Icinga2

 ### Test with molecule and docker

-* install [docker](https://docs.docker.com/engine/installation/)
-* install `python3` and `python3-pip`
-* install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint testinfra yamllint`
-* run `molecule test`
+- install [docker](https://docs.docker.com/engine/installation/)
+- install `python3` and `python3-pip`
+- install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint testinfra yamllint`
+- run `molecule test`

 ## License

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -107,4 +107,5 @@ icinga2_users: {}
 icinga2_api_users: {}
 icinga2_check_commands: {}
 icinga2_event_commands: {}
+icinga2_dependencies: {}
 icinga2_scripts: {}
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,10 +1,10 @@
 ---
- name: reload icinga2
+- name: Reload icinga2
  ansible.builtin.service:
    name: icinga2
    state: reloaded

- name: restart icinga2
+- name: Restart icinga2
  ansible.builtin.service:
    name: icinga2
    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
@ -1,17 +1,17 @@
 ---
 galaxy_info:
  role_name: icinga2
+  namespace: nishiki
  author: Adrien Waksberg
  company: Adrien Waksberg
  description: Install and configure Icinga2
  license: Apache2
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"

  platforms:
    - name: Debian
      versions:
-        - buster
-        - bullseye
+        - bookworm

  galaxy_tags:
    - monitoring
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -50,3 +50,8 @@
    icinga2_event_commands:
      ping_event:
        command: '"/usr/bin/ping -c 1 -t 1 127.0.0.1"'
+    icinga2_dependencies:
+      test:
+        parent_host_name: host.name
+        disable_notifications: false
+        assign: "true"
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -2,19 +2,12 @@
 driver:
  name: docker
 platforms:
-  - name: debian10
-    image: nishiki/debian10:molecule
+  - name: debian12
+    image: code.waks.be/nishiki/molecule:debian12
    privileged: true
    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    command: /bin/systemd
-    capabilities:
-      - SYS_ADMIN
-  - name: debian11
-    image: nishiki/debian11:molecule
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
    command: /bin/systemd
    capabilities:
      - SYS_ADMIN
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@ -77,6 +77,15 @@ def test_config_notifications(host):
  assert config.mode == 0o640
  assert config.contains('user_groups = host.vars.notification.mail.groups')

+def test_config_dependencies(host):
+  config = host.file('/etc/icinga2/conf.d/dependencies.conf')
+  assert config.exists
+  assert config.is_file
+  assert config.user == 'root'
+  assert config.group == 'nagios'
+  assert config.mode == 0o640
+  assert config.contains('parent_host_name = host.name')
+
 def test_script(host):
  path = host.file('/etc/icinga2/scripts/test-notification.sh')
  assert path.exists
--- a/tasks/base.yml
+++ b/tasks/base.yml
@ -1,47 +1,44 @@
 ---
- name: install dependencies packages
+- name: Install dependencies packages
  ansible.builtin.package:
    name:
      - apt-transport-https
      - gpg
-  retries: 2
-  register: result
-  until: result is succeeded
  tags: icinga2

- name: add key repository
-  ansible.builtin.apt_key:
+- name: Add repository key
+  ansible.builtin.get_url:
    url: https://packages.icinga.com/icinga.key
-  retries: 2
-  register: result
-  until: result is succeeded
+    dest: /etc/apt/keyrings/icinga.asc
+    owner: root
+    group: root
+    mode: "0644"
+    checksum: sha256:be677e07972ed57b99ffc2fd211379ac11b9c6a7c8d9460086b447b96b0a82bb
  tags: icinga2

- name: add repository
+- name: Add repository
  ansible.builtin.apt_repository:
-    repo: 'deb https://packages.icinga.com/debian icinga-{{ ansible_distribution_release }} main'
-  retries: 2
-  register: result
-  until: result is succeeded
+    repo: >-
+      deb [signed-by=/etc/apt/keyrings/icinga.asc]
+      https://packages.icinga.com/debian icinga-{{ ansible_distribution_release }} main
+    filename: icinga
  tags: icinga2

- name: install packages
+- name: Install packages
  ansible.builtin.package:
    name:
      - icinga2
-      - 'icinga2-ido-{{ icinga2_db_type }}'
+      - "icinga2-ido-{{ icinga2_db_type }}"
      - icingacli
      - monitoring-plugins
-  retries: 2
-  register: result
-  until: result is succeeded
+      - nagios-nrpe-plugin
  tags: icinga2

- name: create certs directory
+- name: Create certs directory
  ansible.builtin.file:
    path: /var/lib/icinga2/certs
    owner: root
    group: nagios
-    mode: 0750
+    mode: "0750"
    state: directory
  tags: icinga2
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -1,33 +1,34 @@
 ---
- name: remove old config files
+- name: Remove old config files
  ansible.builtin.file:
    path: /etc/icinga2/conf.d/apt.conf
    state: absent
-  notify: reload icinga2
+  notify: Reload icinga2
  tags: icinga2

- name: copy scripts
+- name: Copy scripts
  ansible.builtin.copy:
-    content: '{{ item.value }}'
-    dest: '/etc/icinga2/scripts/{{ item.key }}'
+    content: "{{ item.value }}"
+    dest: "/etc/icinga2/scripts/{{ item.key }}"
    owner: root
    group: nagios
-    mode: 0750
-  loop: '{{ icinga2_scripts|dict2items }}'
+    mode: "0750"
+  loop: "{{ icinga2_scripts | dict2items }}"
  loop_control:
-    label: '{{ item.key }}'
+    label: "{{ item.key }}"
  tags: icinga2

- name: copy config files
+- name: Copy config files
  ansible.builtin.template:
-    src: '{{ item }}.conf.j2'
-    dest: '/etc/icinga2/conf.d/{{ item }}.conf'
+    src: "{{ item }}.conf.j2"
+    dest: "/etc/icinga2/conf.d/{{ item }}.conf"
    owner: root
    group: nagios
-    mode: 0640
+    mode: "0640"
  loop:
    - check_commands
    - commands
+    - dependencies
    - groups
    - hosts
    - notifications
@ -35,95 +36,95 @@
    - templates
    - timeperiods
    - users
-  notify: reload icinga2
+  notify: Reload icinga2
  tags: icinga2

- name: copy zones config files
+- name: Copy zones config files
  ansible.builtin.template:
    src: zones.conf.j2
    dest: /etc/icinga2/zones.conf
    owner: root
    group: nagios
-    mode: 0640
-  notify: reload icinga2
+    mode: "0640"
+  notify: Reload icinga2
  tags: icinga2

- name: copy ido config file
+- name: Copy ido config file
  ansible.builtin.template:
    src: ido-db.conf.j2
    dest: /etc/icinga2/conf.d/ido-db.conf
    owner: root
    group: nagios
-    mode: 0640
-  notify: restart icinga2
+    mode: "0640"
+  notify: Restart icinga2
  tags: icinga2

- name: copy api SSL key
+- name: Copy api SSL key
  ansible.builtin.copy:
-    content: '{{ icinga2_api_ssl_node_key }}'
-    dest: '/var/lib/icinga2/certs/{{ inventory_hostname }}.key'
+    content: "{{ icinga2_api_ssl_node_key }}"
+    dest: "/var/lib/icinga2/certs/{{ inventory_hostname }}.key"
    owner: root
    group: nagios
-    mode: 0640
-  when: '"api" in icinga2_features'
-  notify: restart icinga2
+    mode: "0640"
+  when: "'api' in icinga2_features"
+  notify: Restart icinga2
  tags: icinga2

- name: copy api SSL certificate
+- name: Copy api SSL certificate
  ansible.builtin.copy:
-    content: '{{ icinga2_api_ssl_node_crt }}'
-    dest: '/var/lib/icinga2/certs/{{ inventory_hostname }}.crt'
+    content: "{{ icinga2_api_ssl_node_crt }}"
+    dest: "/var/lib/icinga2/certs/{{ inventory_hostname }}.crt"
    owner: root
    group: nagios
-    mode: 0640
-  when: '"api" in icinga2_features'
-  notify: restart icinga2
+    mode: "0640"
+  when: "'api' in icinga2_features"
+  notify: Restart icinga2
  tags: icinga2

- name: copy api SSL ca certifiacte
+- name: Copy api SSL ca certifiacte
  ansible.builtin.copy:
-    content: '{{ icinga2_api_ssl_ca_crt }}'
-    dest: '{{ item }}/ca.crt'
+    content: "{{ icinga2_api_ssl_ca_crt }}"
+    dest: "{{ item }}/ca.crt"
    owner: root
    group: nagios
-    mode: 0640
-  when: '"api" in icinga2_features'
+    mode: "0640"
+  when: "'api' in icinga2_features"
  loop:
    - /var/lib/icinga2/certs
    - /etc/icinga2/pki
-  notify: restart icinga2
+  notify: Restart icinga2
  tags: icinga2

- name: copy api SSL ca key
+- name: Copy api SSL ca key
  ansible.builtin.copy:
-    content: '{{ icinga2_api_ssl_ca_key }}'
+    content: "{{ icinga2_api_ssl_ca_key }}"
    dest: /etc/icinga2/pki/ca.key
    owner: root
    group: nagios
-    mode: 0640
-  when: '"api" in icinga2_features and icinga2_master'
-  notify: restart icinga2
+    mode: "0640"
+  when: "'api' in icinga2_features and icinga2_master"
+  notify: Restart icinga2
  tags: icinga2

- name: copy feature config files
+- name: Copy feature config files
  ansible.builtin.template:
    src: feature.conf.j2
-    dest: '/etc/icinga2/features-available/{{ item.key }}.conf'
+    dest: "/etc/icinga2/features-available/{{ item.key }}.conf"
    owner: root
    group: nagios
-    mode: 0640
-  loop: '{{ icinga2_features|dict2items }}'
+    mode: "0640"
+  loop: "{{ icinga2_features | dict2items }}"
  loop_control:
-    label: '{{ item.key }}'
-  notify: restart icinga2
+    label: "{{ item.key }}"
+  notify: Restart icinga2
  tags: icinga2

- name: manage features
+- name: Manage features
  community.general.icinga2_feature:
-    name: '{{ item.key }}'
-    state: '{{ item.state|default("present") }}'
-  loop: '{{ icinga2_features|dict2items }}'
+    name: "{{ item.key }}"
+    state: "{{ item.state | default('present') }}"
+  loop: "{{ icinga2_features | dict2items }}"
  loop_control:
-    label: '{{ item.key }}'
-  notify: restart icinga2
+    label: "{{ item.key }}"
+  notify: Restart icinga2
  tags: icinga2
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,4 +1,7 @@
 ---
- import_tasks: base.yml
- import_tasks: config.yml
- import_tasks: service.yml
+- name: Import base
+  ansible.builtin.import_tasks: base.yml
+- name: Import config
+  ansible.builtin.import_tasks: config.yml
+- name: Import service
+  ansible.builtin.import_tasks: service.yml
--- a/tasks/service.yml
+++ b/tasks/service.yml
@ -1,5 +1,5 @@
 ---
- name: enable and start service
+- name: Enable and start service
  ansible.builtin.service:
    name: icinga2
    enabled: true
--- a/templates/check_commands.conf.j2
+++ b/templates/check_commands.conf.j2
@ -2,8 +2,11 @@
 {% for name, command in icinga2_check_commands.items() %}

 object CheckCommand "{{ name }}" {
+{% if command.command is not string %}
+  command = ["{{ command.command | join('", "') }}"]
+{% else %}
  command = {{ command.command }}
-
+{% endif %}
 {% if command.arguments is defined %}

  arguments = {
@ -26,7 +29,7 @@ object CheckCommand "{{ name }}" {
 {% endif %}
 {% if command.vars is defined %}

-  var = {
+  vars = {
 {% for var, value in command.vars.items() %}
    {{ var }} = {% if value is number %}{{ value }}{% else %}"{{ value }}"{% endif %}

@ -62,7 +65,7 @@ object EventCommand "{{ name }}" {
 {% endif %}
 {% if command.vars is defined %}

-  var = {
+  vars = {
 {% for var, value in command.vars.items() %}
    {{ var }} = {% if value is number %}{{ value }}{% else %}"{{ value }}"{% endif %}

--- a/templates/dependencies.conf.j2
+++ b/templates/dependencies.conf.j2
@ -0,0 +1,33 @@
+# {{ ansible_managed }}
+{% for name, dependency in icinga2_dependencies.items() %}
+
+apply Dependency "{{ name }}" to Service {
+{% if dependency.parent_host_name is defined %}
+{% if dependency.parent_host_name == "host.name" %}
+  parent_host_name = host.name
+{% else %}
+  parent_host_name = {{ dependency.parent_host_name }}
+{% endif %}
+{% endif %}
+{% for option in ['parent_service_name', 'child_host_name', 'child_service_name' 'period'] %}
+{% if dependency[option] is defined %}
+  {{ option }} = "{{ dependency[option] }}"
+{% endif %}
+{% endfor %}
+{% for option in ['disable_checks', 'disable_notifications', 'ignore_soft_states'] %}
+{% if dependency[option] is defined %}
+  {{ option }} = {{ dependency[option] | ternary("true", "false") }}
+{% endif %}
+{% endfor %}
+{% if dependency.states is defined %}
+  states = [ {{ dependency.states | join(', ') }} ]
+{% endif %}
+
+{% if dependency.assign is defined %}
+  assign where {{ dependency.assign }}
+{% endif %}
+{% if dependency.ignore is defined %}
+  ignore where {{ dependency.ignore }}
+{% endif %}
+}
+{% endfor %}
--- a/templates/hosts.conf.j2
+++ b/templates/hosts.conf.j2
@ -2,7 +2,9 @@
 {% for name, host in icinga2_hosts.items() %}

 object Host "{{ name }}" {
+{% if host.template is defined %}
  import "{{ host.template }}"
+{% endif %}
 {% if host.address is defined %}
  address = "{{ host.address }}"
 {% endif %}
@ -12,6 +14,30 @@ object Host "{{ name }}" {
 {% if host.zone is defined %}
  zone = "{{ host.zone }}"
 {% endif %}
+{% if host.options is defined %}
+{% for var, value in host.options.items() %}
+{% if value is sameas True %}
+  {{ var }} = true
+{% elif value is sameas False %}
+  {{ var }} = false
+{% elif value is mapping %}
+{% for name, config in value.items() %}
+    {{ var }}["{{ name }}"] = {
+{% for option, v in config.items() %}
+      {{ option }} = {% if v is number %}{{ v }}{% else %}"{{ v }}"{% endif %}
+
+{% endfor %}
+    }
+{% endfor %}
+{% elif value is iterable and not value is string %}
+  {{ var }} = [ "{{ value|join('", "') }}" ]
+{% elif value is number or value|regex_search('^[0-9]+(s|m|h|d)$') %}
+  {{ var }} = {{ value }}
+{% else %}
+  {{ var }} = "{{ value }}"
+{% endif %}
+{% endfor %}
+{% endif %}
 {% if host.vars is defined %}

 {% for var, value in host.vars.items() %}
@ -29,7 +55,7 @@ object Host "{{ name }}" {
    }
 {% endfor %}
 {% elif value is iterable and not value is string %}
-  vars.{{ var }} = [ "{{ value|join(', "') }}" ]
+  vars.{{ var }} = [ "{{ value|join('", "') }}" ]
 {% elif value is number or value|regex_search('^[0-9]+(s|m|h|d)$') %}
  vars.{{ var }} = {{ value }}
 {% else %}
--- a/templates/services.conf.j2
+++ b/templates/services.conf.j2
@ -20,9 +20,27 @@ apply Service "{{ name }}" {
 {% endif %}
 {% if service.vars is defined %}

-{% for var_name, value in service.vars.items() %}
-  vars.{{ var_name }} = {% if value is number %}{{ value }}{% else %}"{{ value|replace('\n', ' ') }}"{% endif %}
+{% for var, value in service.vars.items() %}
+{% if value is sameas True %}
+  vars.{{ var }} = true
+{% elif value is sameas False %}
+  vars.{{ var }} = false
+{% elif value is mapping %}
+{% for name, config in value.items() %}
+    vars.{{ var }}["{{ name }}"] = {
+{% for option, v in config.items() %}
+      {{ option }} = {% if v is number %}{{ v }}{% else %}"{{ v|replace('\n', ' ')|trim }}"{% endif %}

+{% endfor %}
+    }
+{% endfor %}
+{% elif value is iterable and not value is string %}
+  vars.{{ var }} = [ "{{ value|join('", "') }}" ]
+{% elif value is number or value|regex_search('^[0-9]+(s|m|h|d)$') %}
+  vars.{{ var }} = {{ value }}
+{% else %}
+  vars.{{ var }} = "{{ value|replace('\n', ' ')|trim }}"
+{% endif %}
 {% endfor %}
 {% endif %}
 }
--- a/templates/users.conf.j2
+++ b/templates/users.conf.j2
@ -9,7 +9,7 @@ object UserGroup "{{ name }}" {

 object User "{{ name }}" {
  display_name = "{{ user.display_name|default(name) }}"
-  groups = [ "{{ user.groups|join(', "') }}" ]
+  groups = [ "{{ user.groups|join('", "') }}" ]
  email = "{{ user.email }}"
 }
 {% endfor %}
@ -17,6 +17,6 @@ object User "{{ name }}" {

 object ApiUser "{{ name }}" {
  password = "{{ user.password }}"
-  permissions = [ "{{ user.permissions|join(', "') }}" ]
+  permissions = [ "{{ user.permissions|join('", "') }}" ]
 }
 {% endfor %}
Author	SHA1	Message	Date
Adrien Waksberg	beb469878e	test: add forgejo workflow All checks were successful / lint (push) Successful in 9s Details / molecule (push) Successful in 2m17s Details	2024-05-09 11:45:13 +02:00
Adrien Waksberg	118d86bfe0	chore: fix syntax for ansible lint	2024-05-07 22:39:05 +02:00
Adrien Waksberg	8aa3a9cbaa	chore: replace apt_key to get_url	2024-05-07 22:27:45 +02:00
Adrien Waksberg	a1cd7135a3	test: use personal docker registry	2024-05-07 20:17:14 +02:00
Adrien Waksberg	34e6590bcc	feat: install nagios-nrpe-plugin package	2024-03-13 21:42:57 +01:00
Adrien Waksberg	58b7253198	fix: bug in template with array	2024-03-13 21:42:57 +01:00
Adrien Waksberg	eaf0b7e0c7	feat: add options in hosts	2024-03-13 21:42:56 +01:00
Adrien Waksberg	a0efb0d8db	feat: add debian 12 support	2024-03-13 21:42:56 +01:00
Adrien Waksberg	2118e694cd	fix: bug in check command template	2024-03-13 21:42:55 +01:00
Adrien Waksberg	b3bc69a025	fix: bug in check command template	2024-03-13 21:42:55 +01:00
Adrien Waksberg	4915f4792d	fix: add ignore and fix states options	2024-03-13 21:42:54 +01:00
Adrien Waksberg	e2ed6fb9b5	feat: add dependencies	2024-03-13 21:42:54 +01:00
Adrien Waksberg	32911bac43	test: add gitlab-ci	2024-03-13 21:42:53 +01:00
Adrien Waksberg	e4c6a27409	fix: add multiple value type in service vars	2024-03-13 21:42:53 +01:00
Adrien Waksberg	2dd145bede	fix: add multiple value type in service vars	2024-03-13 21:42:52 +01:00
Adrien Waksberg	e3a7c76773	fix: bug in user template	2024-03-13 21:42:51 +01:00