From 5c11472e9aefe49a604e3aee31353214f00065f8 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Thu, 9 Jul 2020 15:44:25 +0200 Subject: [PATCH 1/8] Force replacement of some NRPE checks We cannot simply put "force: true" because some checks are customizable, some are not. We do not force to replace customizable ones for the customizations not to be lost. --- roles/nagios-nrpe/tasks/main.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/roles/nagios-nrpe/tasks/main.yml b/roles/nagios-nrpe/tasks/main.yml index 2b4abd0..eb19793 100644 --- a/roles/nagios-nrpe/tasks/main.yml +++ b/roles/nagios-nrpe/tasks/main.yml @@ -32,23 +32,33 @@ - name: Nagios plugins are installed copy: - src: plugins_bsd/ - dest: /usr/local/libexec/nagios/plugins/ + src: plugins_bsd/{{ item.name }} + dest: /usr/local/libexec/nagios/plugins/{{ item.name }} owner: root group: wheel mode: "0755" + force: "{{ item.force }}" + with_items: + - { name: 'check_carp_if', force: true } + - { name: 'check_connections_state.sh', force: false } + - { name: 'check_ipsecctl.sh', force: false } + - { name: 'check_openbgpd', force: true } + - { name: 'check_openvpn', force: false } + - { name: 'check_openvpn.pl', force: true } + - { name: 'check_ospfd_simple', force: true } notify: restart nrpe - name: Nagios plugins are installed - template template: - src: plugins_bsd/{{ item }}.j2 - dest: /usr/local/libexec/nagios/plugins/{{ item }} + src: plugins_bsd/{{ item.name }}.j2 + dest: /usr/local/libexec/nagios/plugins/{{ item.name }} owner: root group: wheel mode: "0755" + force: "{{ item.force }}" with_items: - - 'check_pf_states' - - 'check_free_mem.sh' + - { name: 'check_pf_states', force: false } + - { name: 'check_free_mem.sh', force: true } notify: restart nrpe - name: Starting and enabling nrpe From c6e55ea4c05dabe5acea0782db7286099717a820 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Thu, 9 Jul 2020 16:09:19 +0200 Subject: [PATCH 2/8] Correct yamllint : spaces inside braces --- roles/nagios-nrpe/tasks/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/nagios-nrpe/tasks/main.yml b/roles/nagios-nrpe/tasks/main.yml index eb19793..355dc9f 100644 --- a/roles/nagios-nrpe/tasks/main.yml +++ b/roles/nagios-nrpe/tasks/main.yml @@ -39,13 +39,13 @@ mode: "0755" force: "{{ item.force }}" with_items: - - { name: 'check_carp_if', force: true } - - { name: 'check_connections_state.sh', force: false } - - { name: 'check_ipsecctl.sh', force: false } - - { name: 'check_openbgpd', force: true } - - { name: 'check_openvpn', force: false } - - { name: 'check_openvpn.pl', force: true } - - { name: 'check_ospfd_simple', force: true } + - {name: 'check_carp_if', force: true} + - {name: 'check_connections_state.sh', force: false} + - {name: 'check_ipsecctl.sh', force: false} + - {name: 'check_openbgpd', force: true} + - {name: 'check_openvpn', force: false} + - {name: 'check_openvpn.pl', force: true} + - {name: 'check_ospfd_simple', force: true} notify: restart nrpe - name: Nagios plugins are installed - template @@ -57,8 +57,8 @@ mode: "0755" force: "{{ item.force }}" with_items: - - { name: 'check_pf_states', force: false } - - { name: 'check_free_mem.sh', force: true } + - {name: 'check_pf_states', force: false} + - {name: 'check_free_mem.sh', force: true} notify: restart nrpe - name: Starting and enabling nrpe From cdc811b3deef401082b390e7c9cb02990ab5358d Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Tue, 28 Jul 2020 17:43:24 +0200 Subject: [PATCH 3/8] New NRPE check : check_packetfilter --- roles/nagios-nrpe/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nagios-nrpe/tasks/main.yml b/roles/nagios-nrpe/tasks/main.yml index 355dc9f..72215d3 100644 --- a/roles/nagios-nrpe/tasks/main.yml +++ b/roles/nagios-nrpe/tasks/main.yml @@ -46,6 +46,7 @@ - {name: 'check_openvpn', force: false} - {name: 'check_openvpn.pl', force: true} - {name: 'check_ospfd_simple', force: true} + - {name: 'check_packetfilter', force: true} notify: restart nrpe - name: Nagios plugins are installed - template From c1f66a92e2bc7da59d543c64b245339ef2d2e651 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Fri, 9 Oct 2020 16:14:52 +0200 Subject: [PATCH 4/8] Fix add of multiple evobackup cron Do not add evobackup cron again if the same line is already there but uncommented --- roles/base/tasks/evobackup.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/base/tasks/evobackup.yml b/roles/base/tasks/evobackup.yml index 6d4e3d2..cbc68e6 100644 --- a/roles/base/tasks/evobackup.yml +++ b/roles/base/tasks/evobackup.yml @@ -10,6 +10,15 @@ tags: - evobackup +- name: Fetch daily.local content + command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local' + check_mode: false + register: daily_local_content + failed_when: false + changed_when: false + tags: + - evobackup + - name: Add evobackup cron (disabled) lineinfile: path: /etc/daily.local @@ -17,6 +26,8 @@ owner: root mode: "0644" create: true + when: + - not (daily_local_content.stdout | regex_search('sh /usr/share/scripts/zzz_evobackup')) tags: - evobackup From 0615d3b5553635aae9632ae537e72e5f082bd23b Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Mon, 12 Oct 2020 12:00:28 +0200 Subject: [PATCH 5/8] Specify order of cron command in daily.local and fix full deletion of the cron --- roles/etc-git/tasks/main.yml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml index cb01472..94792e5 100644 --- a/roles/etc-git/tasks/main.yml +++ b/roles/etc-git/tasks/main.yml @@ -79,25 +79,33 @@ - name: cron job for /etc/.git status is installed lineinfile: path: /etc/daily.local - line: "{{ item }}" + line: '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' owner: root mode: "0644" create: true when: etc_git_monitor_status tags: - etc-git - with_items: - - 'next_part "Checking /etc git status:"' - - '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' + +- name: cron job for /etc/.git status is installed - next_part + lineinfile: + path: /etc/daily.local + line: 'next_part "Checking /etc git status:"' + insertbefore: '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' + when: etc_git_monitor_status + tags: + - etc-git - name: cron job for /etc/.git status is removed lineinfile: path: /etc/daily.local - line: - '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' + line: "{{ item }}" owner: root mode: "0644" state: absent + with_items: + - 'next_part "Checking /etc git status:"' + - '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' when: not etc_git_monitor_status tags: - etc-git From bd22b0545b9804e6d347da6c14eacb2fdc14c613 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Mon, 12 Oct 2020 14:16:00 +0200 Subject: [PATCH 6/8] sudoers configuration : the tab was broken --- roles/base/tasks/sudo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml index 26913bc..b3fce09 100644 --- a/roles/base/tasks/sudo.yml +++ b/roles/base/tasks/sudo.yml @@ -13,7 +13,7 @@ lineinfile: dest: /etc/sudoers insertafter: '# and set environment variables.' - line: '%wheel ALL=(ALL) SETENV: ALL' + line: '%wheel ALL=(ALL) SETENV: ALL' validate: 'visudo -cf %s' backup: false tags: From 6b7c7b80c451e77985b239d99cfb18716923e6cb Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Mon, 12 Oct 2020 14:20:59 +0200 Subject: [PATCH 7/8] yamllint --- roles/base/tasks/evobackup.yml | 3 ++- roles/etc-git/tasks/main.yml | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/base/tasks/evobackup.yml b/roles/base/tasks/evobackup.yml index cbc68e6..c72a56b 100644 --- a/roles/base/tasks/evobackup.yml +++ b/roles/base/tasks/evobackup.yml @@ -27,7 +27,8 @@ mode: "0644" create: true when: - - not (daily_local_content.stdout | regex_search('sh /usr/share/scripts/zzz_evobackup')) + - not (daily_local_content.stdout + | regex_search('sh /usr/share/scripts/zzz_evobackup')) tags: - evobackup diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml index 94792e5..72b2ff3 100644 --- a/roles/etc-git/tasks/main.yml +++ b/roles/etc-git/tasks/main.yml @@ -79,7 +79,8 @@ - name: cron job for /etc/.git status is installed lineinfile: path: /etc/daily.local - line: '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' + line: + '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' owner: root mode: "0644" create: true @@ -91,7 +92,8 @@ lineinfile: path: /etc/daily.local line: 'next_part "Checking /etc git status:"' - insertbefore: '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' + insertbefore: + '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' when: etc_git_monitor_status tags: - etc-git From 3255566edf8a920cfe58e35056c13fab2b492874 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Mon, 12 Oct 2020 14:29:37 +0200 Subject: [PATCH 8/8] yamllint : disable rule:line-length for complete file evolixisation.yml --- evolixisation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/evolixisation.yml b/evolixisation.yml index 7547867..03af200 100644 --- a/evolixisation.yml +++ b/evolixisation.yml @@ -1,3 +1,4 @@ +# yamllint disable rule:line-length # Playbook command # First use (become_method: su, and var_files uncommented) : # ansible-playbook evolixisation.yml --ask-vault-pass -CDki hosts -l HOSTNAME -u root @@ -40,5 +41,4 @@ tasks_from: exec.yml # environment: -# yamllint disable-line rule:line-length # PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/"