diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index b7d1041..0000000 --- a/.ansible-lint +++ /dev/null @@ -1,6 +0,0 @@ -skip_list: - - '204' - - '301' - - '306' - - '602' # https://github.com/ansible-community/ansible-lint/issues/457 - - '701' diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml new file mode 100644 index 0000000..a17b56f --- /dev/null +++ b/.config/ansible-lint.yml @@ -0,0 +1,13 @@ +--- +# .ansible-lint +# exclude_paths included in this file are parsed relative to this file's location +# and not relative to the CWD of execution. CLI arguments passed to the --exclude +# option will be parsed relative to the CWD of execution. +exclude_paths: + - .cache/ # implicit unless exclude_paths is defined in config + - .yamllint + - ../molecule/ + - ../.github/ + +warn_list: + - fqcn-builtins diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 8857ae0..37e0cef 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -43,24 +43,14 @@ jobs: steps: - name: Check out code uses: actions/checkout@v3 - with: - path: ansible_collections/t_systems_mms/ansible_collection_icinga - - - name: Run Linting - icinga_agent - uses: ansible/ansible-lint-action@master - with: - targets: ansible_collections/t_systems_mms/ansible_collection_icinga/roles/icinga_agent - args: "-c ansible_collections/t_systems_mms/ansible_collection_icinga/.ansible-lint" - override-deps: | - ansible-lint==5.3.2 - - name: Run Linting - icinga_plugins - uses: ansible/ansible-lint-action@master + - name: Run Linting + uses: ansible/ansible-lint-action@v6 with: - targets: ansible_collections/t_systems_mms/ansible_collection_icinga/roles/icinga_plugins - args: "-c ansible_collections/t_systems_mms/ansible_collection_icinga/.ansible-lint" + targets: "roles/" override-deps: | - ansible-lint==5.3.2 + rich>=9.5.1,<11.0.0 + args: "" molecule: name: Molecule diff --git a/roles/icinga_agent/molecule/default/converge.yml b/roles/icinga_agent/molecule/default/converge.yml index 4244316..ef34222 100644 --- a/roles/icinga_agent/molecule/default/converge.yml +++ b/roles/icinga_agent/molecule/default/converge.yml @@ -12,13 +12,17 @@ - molecule-idempotence-notest - name: import icinga2 key - command: "rpm --import https://packages.icinga.com/icinga.key" + ansible.builtin.rpm_key: + state: present + key: "https://packages.icinga.com/icinga.key" when: ansible_os_family == 'RedHat' tags: - molecule-idempotence-notest - name: install icinga2 repo - command: "yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm -y" + ansible.builtin.yum: + name: https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm + state: present when: ansible_os_family == 'RedHat' tags: - molecule-idempotence-notest diff --git a/roles/icinga_agent/tasks/main.yml b/roles/icinga_agent/tasks/main.yml index b15767c..39f423f 100644 --- a/roles/icinga_agent/tasks/main.yml +++ b/roles/icinga_agent/tasks/main.yml @@ -9,6 +9,7 @@ - name: create /etc/icinga2/repository.d ansible.builtin.file: dest: "/etc/icinga2/repository.d" + mode: 0750 owner: "{{ icinga2_user[ansible_os_family] }}" group: "{{ icinga2_group[ansible_os_family] }}" state: directory @@ -76,7 +77,8 @@ - icinga_agent_enable_features is defined - icinga_agent_enable_features | length > 0 -- block: +- name: start icinga agent registration + block: - name: create certs folder in case it is missing ansible.builtin.file: path: /var/lib/icinga2/certs/ @@ -86,29 +88,38 @@ group: "{{ icinga2_group[ansible_os_family] }}" - name: generate ticket and save it as a variable - ansible.builtin.shell: /usr/sbin/icinga2 pki ticket --cn {{ ansible_hostname }} --salt {{ icinga_agent_salt }} + ansible.builtin.command: > + /usr/sbin/icinga2 pki ticket --cn {{ ansible_hostname }} --salt {{ icinga_agent_salt }} environment: LD_LIBRARY_PATH: "/usr/lib64" register: ticket + changed_when: false + failed_when: ticket.rc != 0 - name: create certificate - ansible.builtin.command: "/usr/sbin/icinga2 pki new-cert --cn {{ ansible_hostname }} --key /var/lib/icinga2/certs/{{ ansible_hostname }}.key --cert /var/lib/icinga2/certs/{{ ansible_hostname }}.crt" + ansible.builtin.command: > + /usr/sbin/icinga2 pki new-cert --cn {{ ansible_hostname }} + --key /var/lib/icinga2/certs/{{ ansible_hostname }}.key + --cert /var/lib/icinga2/certs/{{ ansible_hostname }}.crt args: creates: "/var/lib/icinga2/certs/{{ ansible_hostname }}.crt" - name: save the icinga master's certificate to the host - ansible.builtin.command: "/usr/sbin/icinga2 pki save-cert --key /var/lib/icinga2/certs/{{ ansible_hostname }}.key --cert /var/lib/icinga2/certs/{{ ansible_hostname }}.crt --trustedcert /var/lib/icinga2/certs/trusted-master.crt --host {{ icinga_agent_ca_host }}" + ansible.builtin.command: > + /usr/sbin/icinga2 pki save-cert --key /var/lib/icinga2/certs/{{ ansible_hostname }}.key + --cert /var/lib/icinga2/certs/{{ ansible_hostname }}.crt + --trustedcert /var/lib/icinga2/certs/trusted-master.crt + --host {{ icinga_agent_ca_host }} args: creates: "/var/lib/icinga2/certs/trusted-master.crt" - - name: generate ticket and save it as a variable - ansible.builtin.command: "/usr/sbin/icinga2 pki ticket --cn {{ ansible_hostname }} --salt {{ icinga_agent_salt }}" - register: ticket - args: - creates: "/var/lib/icinga2/certs/ca.crt" - - name: send a pki request to the icinga master - ansible.builtin.command: "/usr/sbin/icinga2 pki request --host {{ icinga_agent_ca_host }} --port {{ icinga_agent_ca_host_icinga_port }} --ticket {{ ticket.stdout }} --key /var/lib/icinga2/certs/{{ ansible_hostname }}.key --cert /var/lib/icinga2/certs/{{ ansible_hostname }}.crt --trustedcert /var/lib/icinga2/certs/trusted-master.crt --ca /var/lib/icinga2/certs/ca.crt" + ansible.builtin.command: > + /usr/sbin/icinga2 pki request --host {{ icinga_agent_ca_host }} + --port {{ icinga_agent_ca_host_icinga_port }} + --ticket {{ ticket.stdout }} --key /var/lib/icinga2/certs/{{ ansible_hostname }}.key + --cert /var/lib/icinga2/certs/{{ ansible_hostname }}.crt + --trustedcert /var/lib/icinga2/certs/trusted-master.crt --ca /var/lib/icinga2/certs/ca.crt args: creates: "/var/lib/icinga2/certs/ca.crt" notify: diff --git a/roles/icinga_plugins/molecule/default/prepare.yml b/roles/icinga_plugins/molecule/default/prepare.yml index e1fe13a..5d6858a 100644 --- a/roles/icinga_plugins/molecule/default/prepare.yml +++ b/roles/icinga_plugins/molecule/default/prepare.yml @@ -9,17 +9,23 @@ when: ansible_os_family == 'RedHat' - name: import icinga2 key - command: "rpm --import https://packages.icinga.com/icinga.key" + ansible.builtin.rpm_key: + state: present + key: "https://packages.icinga.com/icinga.key" when: ansible_os_family == 'RedHat' - name: install icinga2 repo - command: "yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm -y" + ansible.builtin.yum: + name: https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm + state: present when: - ansible_os_family == 'RedHat' - ansible_facts.distribution_major_version | int is version('7', '=') - name: install icinga2 repo - command: "yum install https://packages.icinga.com/epel/icinga-rpm-release-8-latest.noarch.rpm -y" + ansible.builtin.yum: + name: https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm + state: present when: - ansible_os_family == 'RedHat' - ansible_facts.distribution_major_version | int is version('8', '=') diff --git a/roles/icinga_plugins/molecule/default/verify.yml b/roles/icinga_plugins/molecule/default/verify.yml index 81c9c26..121bd75 100644 --- a/roles/icinga_plugins/molecule/default/verify.yml +++ b/roles/icinga_plugins/molecule/default/verify.yml @@ -23,6 +23,7 @@ - name: verify that plugin dir exists file: path: "{{ icinga2_plugins_pluginsdir }}" + mode: 0755 state: directory register: result_plugin_dir @@ -37,10 +38,10 @@ - name: search for all files in plugins directory ansible.builtin.find: paths: "{{ icinga2_plugins_pluginsdir }}" - recurse: yes + recurse: true file_type: file register: files_in_plugins_dir - check_mode: no + check_mode: false - name: validate plugins belongs to the right user for Redhat based systems assert: diff --git a/roles/icinga_plugins/tasks/main.yml b/roles/icinga_plugins/tasks/main.yml index 4760cfb..9c2476f 100644 --- a/roles/icinga_plugins/tasks/main.yml +++ b/roles/icinga_plugins/tasks/main.yml @@ -6,8 +6,8 @@ state: present loop: "{{ dependency_packages }}" when: - - dependency_packages is defined - - dependency_packages | length > 0 + - dependency_packages is defined + - dependency_packages | length > 0 tags: - install_dependencies @@ -37,7 +37,7 @@ - icinga_install_plugins | length > 0 - (ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version | int is version('7', "=")) or ansible_facts.os_family == "Debian" -- name: copy icinga plugins to target node +- name: copy icinga plugins to target node # noqa risky-file-permissions ansible.builtin.copy: src: "{{ item }}" dest: "{{ icinga2_plugins_pluginsdir }}/" @@ -50,10 +50,10 @@ - name: "search for all files in plugins directory" ansible.builtin.find: paths: "{{ icinga2_plugins_pluginsdir }}" - recurse: yes + recurse: true file_type: any register: files_in_plugins_dir - check_mode: no + check_mode: false - name: set plugins ownership ansible.builtin.file: diff --git a/tests/integration/targets/icinga/icinga_plugins.yml b/tests/integration/targets/icinga/icinga_plugins.yml index d3ea514..4837d9d 100644 --- a/tests/integration/targets/icinga/icinga_plugins.yml +++ b/tests/integration/targets/icinga/icinga_plugins.yml @@ -20,7 +20,7 @@ - name: verfiy that plugin files belong to icinga ansible.builtin.find: paths: "/usr/lib64/nagios/plugins" - recurse: yes + recurse: true file_type: any register: files_in_plugins_dir