accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode

This commit is contained in:
Jérémy Dubois 2023-11-09 17:08:13 +01:00
parent 6822eaa4f0
commit 1f0011ad2a
6 changed files with 34 additions and 14 deletions

View file

@ -81,6 +81,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
* etc-git: add versioning for /var/unbound/etc
* base: ignore errors on packages installation because it fails for some packages when run in check mode
* evomaintenance: upstream release 23.10.1
* accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode
### Fixed

View file

@ -23,7 +23,7 @@
- accounts
- admin
- name: "Gather available local users"
- name: "Gather available local users for usage in check_mode"
ansible.builtin.getent:
database: passwd
tags:
@ -57,6 +57,13 @@
- accounts
- admin
- name: "Gather available local groups for usage in check_mode"
ansible.builtin.getent:
database: group
tags:
- accounts
- admin
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
ansible.builtin.user:
name: "{{ user.name }}"
@ -68,7 +75,9 @@
- "{{ evobsd_sudo_group }}"
loop_control:
loop_var: groups_item
when: user.name in getent_passwd.keys()
when:
- user.name in getent_passwd.keys()
- groups_item in getent_group.keys()
tags:
- accounts
- admin

View file

@ -16,6 +16,7 @@
repo: "{{ repository_path }}"
scope: local
value: "root@{{ inventory_hostname }}.{{ general_technical_realm }}"
when: not ansible_check_mode
tags:
- etc-git
@ -28,20 +29,13 @@
tags:
- etc-git
- name: "{{ repository_path }}/.gitignore is present"
ansible.builtin.copy:
src: gitignore
dest: "{{ repository_path }}/.gitignore"
owner: root
mode: "0600"
force: false
tags:
- etc-git
- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
ansible.builtin.lineinfile:
dest: "{{ repository_path }}/.gitignore"
line: "{{ item }}"
owner: root
mode: "0600"
create: true
loop: "{{ gitignore_items | default([]) }}"
tags:
- etc-git
@ -51,6 +45,7 @@
name: core.editor
scope: global
value: vim
when: not ansible_check_mode
tags:
- etc-git

View file

@ -1,6 +1,7 @@
---
- name: "Run evocheck"
ansible.builtin.command: "{{ evocheck_bin_dir }}/evocheck.sh"
ansible.builtin.command:
cmd: "{{ evocheck_bin_dir }}/evocheck.sh"
register: evocheck_run
changed_when: false
failed_when: false
@ -10,6 +11,6 @@
- ansible.builtin.debug:
var: evocheck_run.stdout_lines
when: evocheck_run.stdout | length != 0
when: evocheck_run.stdout | length > 0
tags:
- evocheck-exec

View file

@ -3,3 +3,4 @@
ansible.builtin.service:
name: nrpe
state: restarted
when: nrpe_exists.stat.exists

View file

@ -31,9 +31,15 @@
ansible.builtin.lineinfile:
dest: /etc/nrpe.cfg
line: 'include_dir=/etc/nrpe.d'
create: true
tags:
- nagios-nrpe
- name: "Check if nrpe service exists, for usage in check_mode"
stat:
path: /etc/rc.d/nrpe
register: nrpe_exists
- name: "Custom configuration is present"
ansible.builtin.blockinfile:
block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
@ -61,6 +67,8 @@
insertbefore: BOF
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}'
create: true
mode: "0644"
when: nrpe_config_content.rc != 0
tags:
- nagios-nrpe
@ -72,6 +80,8 @@
insertbefore: BOF
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*"
line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1'
create: true
mode: "0644"
when: nrpe_config_content.rc == 0
tags:
- nagios-nrpe
@ -81,6 +91,8 @@
dest: /etc/nrpe.d/evolix.cfg
insertbefore: BOF
line: "# Allowed IPs"
create: true
mode: "0644"
tags:
- nagios-nrpe
@ -142,5 +154,6 @@
name: nrpe
enabled: true
state: started
when: nrpe_exists.stat.exists
tags:
- nagios-nrpe