evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity

accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode

Browse source
This commit is contained in:
Jérémy Dubois 2023-11-09 17:08:13 +01:00
parent 6822eaa4f0
commit 1f0011ad2a
6 changed files with 34 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG
View file

@ -81,6 +81,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
* etc-git: add versioning for /var/unbound/etc * etc-git: add versioning for /var/unbound/etc
* base: ignore errors on packages installation because it fails for some packages when run in check mode * base: ignore errors on packages installation because it fails for some packages when run in check mode
* evomaintenance: upstream release 23.10.1 * evomaintenance: upstream release 23.10.1
* accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode
### Fixed ### Fixed

13
roles/accounts/tasks/user.yml
View file

@ -23,7 +23,7 @@
- accounts - accounts
- admin - admin
- name: "Gather available local users" - name: "Gather available local users for usage in check_mode"
ansible.builtin.getent: ansible.builtin.getent:
database: passwd database: passwd
tags: tags:
@ -57,6 +57,13 @@
- accounts - accounts
- admin - admin
- name: "Gather available local groups for usage in check_mode"
ansible.builtin.getent:
database: group
tags:
- accounts
- admin
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group" - name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
ansible.builtin.user: ansible.builtin.user:
name: "{{ user.name }}" name: "{{ user.name }}"
@ -68,7 +75,9 @@
- "{{ evobsd_sudo_group }}" - "{{ evobsd_sudo_group }}"
loop_control: loop_control:
loop_var: groups_item loop_var: groups_item
when: user.name in getent_passwd.keys() when:
- user.name in getent_passwd.keys()
- groups_item in getent_group.keys()
tags: tags:
- accounts - accounts
- admin - admin

15
roles/etc-git/tasks/repository.yml
View file

@ -16,6 +16,7 @@
repo: "{{ repository_path }}" repo: "{{ repository_path }}"
scope: local scope: local
value: "root@{{ inventory_hostname }}.{{ general_technical_realm }}" value: "root@{{ inventory_hostname }}.{{ general_technical_realm }}"
when: not ansible_check_mode
tags: tags:
- etc-git - etc-git
@ -28,20 +29,13 @@
tags: tags:
- etc-git - etc-git
- name: "{{ repository_path }}/.gitignore is present"
ansible.builtin.copy:
src: gitignore
dest: "{{ repository_path }}/.gitignore"
owner: root
mode: "0600"
force: false
tags:
- etc-git
- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file" - name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
dest: "{{ repository_path }}/.gitignore" dest: "{{ repository_path }}/.gitignore"
line: "{{ item }}" line: "{{ item }}"
owner: root
mode: "0600"
create: true
loop: "{{ gitignore_items | default([]) }}" loop: "{{ gitignore_items | default([]) }}"
tags: tags:
- etc-git - etc-git
@ -51,6 +45,7 @@
name: core.editor name: core.editor
scope: global scope: global
value: vim value: vim
when: not ansible_check_mode
tags: tags:
- etc-git - etc-git

5
roles/evocheck/tasks/exec.yml
View file

@ -1,6 +1,7 @@
--- ---
- name: "Run evocheck" - name: "Run evocheck"
ansible.builtin.command: "{{ evocheck_bin_dir }}/evocheck.sh" ansible.builtin.command:
cmd: "{{ evocheck_bin_dir }}/evocheck.sh"
register: evocheck_run register: evocheck_run
changed_when: false changed_when: false
failed_when: false failed_when: false
@ -10,6 +11,6 @@
- ansible.builtin.debug: - ansible.builtin.debug:
var: evocheck_run.stdout_lines var: evocheck_run.stdout_lines
when: evocheck_run.stdout | length != 0 when: evocheck_run.stdout | length > 0
tags: tags:
- evocheck-exec - evocheck-exec

1
roles/nagios-nrpe/handlers/main.yml
View file

@ -3,3 +3,4 @@
ansible.builtin.service: ansible.builtin.service:
name: nrpe name: nrpe
state: restarted state: restarted
when: nrpe_exists.stat.exists

13
roles/nagios-nrpe/tasks/main.yml
View file

@ -31,9 +31,15 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
dest: /etc/nrpe.cfg dest: /etc/nrpe.cfg
line: 'include_dir=/etc/nrpe.d' line: 'include_dir=/etc/nrpe.d'
create: true
tags: tags:
- nagios-nrpe - nagios-nrpe
- name: "Check if nrpe service exists, for usage in check_mode"
stat:
path: /etc/rc.d/nrpe
register: nrpe_exists
- name: "Custom configuration is present" - name: "Custom configuration is present"
ansible.builtin.blockinfile: ansible.builtin.blockinfile:
block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}" block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
@ -61,6 +67,8 @@
insertbefore: BOF insertbefore: BOF
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}" regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}' line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}'
create: true
mode: "0644"
when: nrpe_config_content.rc != 0 when: nrpe_config_content.rc != 0
tags: tags:
- nagios-nrpe - nagios-nrpe
@ -72,6 +80,8 @@
insertbefore: BOF insertbefore: BOF
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*" regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*"
line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1' line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1'
create: true
mode: "0644"
when: nrpe_config_content.rc == 0 when: nrpe_config_content.rc == 0
tags: tags:
- nagios-nrpe - nagios-nrpe
@ -81,6 +91,8 @@
dest: /etc/nrpe.d/evolix.cfg dest: /etc/nrpe.d/evolix.cfg
insertbefore: BOF insertbefore: BOF
line: "# Allowed IPs" line: "# Allowed IPs"
create: true
mode: "0644"
tags: tags:
- nagios-nrpe - nagios-nrpe
@ -142,5 +154,6 @@
name: nrpe name: nrpe
enabled: true enabled: true
state: started state: started
when: nrpe_exists.stat.exists
tags: tags:
- nagios-nrpe - nagios-nrpe