Compare commits
15 commits
b2438dde80
...
a61f2423bc
Author | SHA1 | Date | |
---|---|---|---|
Jérémy Dubois | a61f2423bc | ||
Jérémy Dubois | 7dd930afcb | ||
Jérémy Dubois | 8e18b6972a | ||
Jérémy Dubois | 63212accdd | ||
Jérémy Dubois | aee18bfde9 | ||
Jérémy Dubois | 1f0011ad2a | ||
Jérémy Dubois | 6822eaa4f0 | ||
Jérémy Dubois | aed20187de | ||
Jérémy Dubois | 28021670f0 | ||
Jérémy Dubois | a217bb2e56 | ||
Jérémy Dubois | 832e93da0d | ||
Jérémy Dubois | ced4098192 | ||
Jérémy Dubois | 7aa588528c | ||
Jérémy Dubois | afba3ad7e1 | ||
Jérémy Dubois | 05bdef9ab8 |
13
CHANGELOG
13
CHANGELOG
|
@ -29,6 +29,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
* nagios-nrpe: allow older cipher suites for older Icinga version
|
* nagios-nrpe: allow older cipher suites for older Icinga version
|
||||||
* evobackup: execute canary script before executing backup script
|
* evobackup: execute canary script before executing backup script
|
||||||
* accounts: create only users who have a certain value for the `create` key (default: `always`)
|
* accounts: create only users who have a certain value for the `create` key (default: `always`)
|
||||||
|
* nagios-nrpe: add the ipmi_sensor check
|
||||||
|
* base: doas configuration for ipmi_sensor NRPE check
|
||||||
|
* base: deactivate insults in sudo
|
||||||
|
* base: added handlers for entries in fstab
|
||||||
|
* forwarding: added tags to distinguish IPv4 from IPv6
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
@ -68,13 +73,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
* nagios-nrpe: check_ipsecctl.sh is never used standalone for check_vpn, always called by check_ipsecctl_critiques.sh
|
* nagios-nrpe: check_ipsecctl.sh is never used standalone for check_vpn, always called by check_ipsecctl_critiques.sh
|
||||||
* evobackup: zzz_evobackup upstream release 22.12, and call zzz_evobackup with bash
|
* evobackup: zzz_evobackup upstream release 22.12, and call zzz_evobackup with bash
|
||||||
* base: install bash, now needed for zzz_evobackup script
|
* base: install bash, now needed for zzz_evobackup script
|
||||||
* post-install: execute motd-carp-state.sh only once an hour
|
* post-install: execute motd-carp-state.sh every 10 minuts
|
||||||
* collectd: modified collectd scripts directory and scripts files right so that only _collectd group can execute them
|
* collectd: modified collectd scripts directory and scripts files right so that only _collectd group can execute them
|
||||||
* base: install ncdu and htop often used as diagnostic tools
|
* base: install ncdu and htop often used as diagnostic tools
|
||||||
* base: dump-server-state.sh upstream release 23.06
|
* base: dump-server-state.sh upstream release 23.06
|
||||||
* evocheck: upstream release 23.06
|
* evocheck: upstream release 23.06
|
||||||
* base: add evobsd_alias_fwupdate variable and make kshrc file a template so we can set or not a fw_update alias to servers that need it
|
* base: add evobsd_alias_fwupdate variable and make kshrc file a template so we can set or not a fw_update alias to servers that need it
|
||||||
|
* etc-git: add versioning for /var/unbound/etc
|
||||||
|
* base: ignore errors on packages installation because it fails for some packages when run in check mode
|
||||||
* evomaintenance: upstream release 23.10.1
|
* evomaintenance: upstream release 23.10.1
|
||||||
|
* accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode
|
||||||
|
* base: configure "/var/log" for servers that have a mount on it
|
||||||
|
* nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
@ -87,6 +97,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
* logsentry: fix variables for configuration files
|
* logsentry: fix variables for configuration files
|
||||||
* nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet
|
* nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet
|
||||||
* accounts: configure user home, ssh keys and groups only if it already exists, so that there is no error when run in check mode and user doesn't exist yet
|
* accounts: configure user home, ssh keys and groups only if it already exists, so that there is no error when run in check mode and user doesn't exist yet
|
||||||
|
* collectd: fix rights for collectd directory
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
- name: Install ansible's prerequisite
|
- name: Install ansible's prerequisite
|
||||||
# yamllint disable-line rule:line-length
|
# yamllint disable-line rule:line-length
|
||||||
raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3
|
ansible.builtin.raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3
|
||||||
changed_when: true
|
changed_when: true
|
||||||
|
|
||||||
# vim:ft=ansible
|
# vim:ft=ansible
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: reload sshd
|
- name: reload sshd
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Create {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
- name: "Create {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
||||||
group:
|
ansible.builtin.group:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
system: true
|
system: true
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
vars:
|
vars:
|
||||||
user: "{{ item.value }}"
|
user: "{{ item.value }}"
|
||||||
with_dict: "{{ evolix_users }}"
|
with_dict: "{{ evolix_users }}"
|
||||||
when:
|
when:
|
||||||
- user.create == evobsd_users_create
|
- user.create == evobsd_users_create
|
||||||
- evolix_users != {}
|
- evolix_users != {}
|
||||||
tags:
|
tags:
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Verify AllowGroups directive"
|
- name: "Verify AllowGroups directive"
|
||||||
command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
|
ansible.builtin.command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Verify AllowUsers directive"
|
- name: "Verify AllowUsers directive"
|
||||||
command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
|
ansible.builtin.command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Check that AllowUsers and AllowGroup do not override each other"
|
- name: "Check that AllowUsers and AllowGroup do not override each other"
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
||||||
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
||||||
tags:
|
tags:
|
||||||
|
@ -53,7 +53,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "If AllowGroups is present then use it"
|
- name: "If AllowGroups is present then use it"
|
||||||
set_fact:
|
ansible.builtin.set_fact:
|
||||||
ssh_allowgroups:
|
ssh_allowgroups:
|
||||||
"{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
|
"{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
|
||||||
tags:
|
tags:
|
||||||
|
@ -61,7 +61,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'"
|
- name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
line: "\nAllowGroups {{ evobsd_ssh_group }}"
|
line: "\nAllowGroups {{ evobsd_ssh_group }}"
|
||||||
insertafter: 'Subsystem'
|
insertafter: 'Subsystem'
|
||||||
|
@ -75,7 +75,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive"
|
- name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^(AllowGroups ((?!\b{{ evobsd_ssh_group }}\b).)*)$'
|
regexp: '^(AllowGroups ((?!\b{{ evobsd_ssh_group }}\b).)*)$'
|
||||||
replace: '\1 {{ evobsd_ssh_group }}'
|
replace: '\1 {{ evobsd_ssh_group }}'
|
||||||
|
@ -89,7 +89,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Security directives for EvoBSD"
|
- name: "Security directives for EvoBSD"
|
||||||
blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
marker: "# {mark} EVOBSD PASSWORD RESTRICTIONS"
|
marker: "# {mark} EVOBSD PASSWORD RESTRICTIONS"
|
||||||
block: |
|
block: |
|
||||||
|
@ -107,7 +107,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Disable root login"
|
- name: "Disable root login"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^PermitRootLogin\s+(yes|without-password|prohibit-password)'
|
regexp: '^PermitRootLogin\s+(yes|without-password|prohibit-password)'
|
||||||
replace: "PermitRootLogin {{ evobsd_root_login }}"
|
replace: "PermitRootLogin {{ evobsd_root_login }}"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Group '{{ user.name }}' is present"
|
- name: "Group '{{ user.name }}' is present"
|
||||||
group:
|
ansible.builtin.group:
|
||||||
state: present
|
state: present
|
||||||
name: "{{ user.name }}"
|
name: "{{ user.name }}"
|
||||||
gid: "{{ user.uid }}"
|
gid: "{{ user.uid }}"
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "User '{{ user.name }}' is present"
|
- name: "User '{{ user.name }}' is present"
|
||||||
user:
|
ansible.builtin.user:
|
||||||
state: present
|
state: present
|
||||||
name: '{{ user.name }}'
|
name: '{{ user.name }}'
|
||||||
uid: '{{ user.uid }}'
|
uid: '{{ user.uid }}'
|
||||||
|
@ -23,12 +23,15 @@
|
||||||
- accounts
|
- accounts
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Gather available local users"
|
- name: "Gather available local users for usage in check_mode"
|
||||||
getent:
|
ansible.builtin.getent:
|
||||||
database: passwd
|
database: passwd
|
||||||
|
tags:
|
||||||
|
- accounts
|
||||||
|
- admin
|
||||||
|
|
||||||
- name: "Home directory for '{{ user.name }}' is only accesible by owner"
|
- name: "Home directory for '{{ user.name }}' is only accesible by owner"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
name: '/home/{{ user.name }}'
|
name: '/home/{{ user.name }}'
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
owner: "{{ user.name }}"
|
owner: "{{ user.name }}"
|
||||||
|
@ -40,7 +43,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "SSH public keys for '{{ user.name }}' are present"
|
- name: "SSH public keys for '{{ user.name }}' are present"
|
||||||
authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "{{ user.name }}"
|
user: "{{ user.name }}"
|
||||||
key: "{{ ssk_key }}"
|
key: "{{ ssk_key }}"
|
||||||
state: present
|
state: present
|
||||||
|
@ -54,8 +57,15 @@
|
||||||
- accounts
|
- accounts
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
|
- name: "Gather available local groups for usage in check_mode"
|
||||||
|
ansible.builtin.getent:
|
||||||
|
database: group
|
||||||
|
tags:
|
||||||
|
- accounts
|
||||||
|
- admin
|
||||||
|
|
||||||
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
||||||
user:
|
ansible.builtin.user:
|
||||||
name: "{{ user.name }}"
|
name: "{{ user.name }}"
|
||||||
groups: "{{ groups_item }}"
|
groups: "{{ groups_item }}"
|
||||||
append: true
|
append: true
|
||||||
|
@ -65,7 +75,9 @@
|
||||||
- "{{ evobsd_sudo_group }}"
|
- "{{ evobsd_sudo_group }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: groups_item
|
loop_var: groups_item
|
||||||
when: user.name in getent_passwd.keys()
|
when:
|
||||||
|
- user.name in getent_passwd.keys()
|
||||||
|
- groups_item in getent_group.keys()
|
||||||
tags:
|
tags:
|
||||||
- accounts
|
- accounts
|
||||||
- admin
|
- admin
|
||||||
|
|
|
@ -1,38 +1,53 @@
|
||||||
---
|
---
|
||||||
- name: newaliases
|
- name: newaliases
|
||||||
command: smtpctl update table aliases
|
ansible.builtin.command: smtpctl update table aliases
|
||||||
|
|
||||||
- name: remount / noatime
|
- name: remount / noatime
|
||||||
command: mount -u -o noatime /
|
ansible.builtin.command: mount -u -o noatime /
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /var noatime
|
- name: remount /var noatime
|
||||||
command: mount -u -o noatime /var
|
ansible.builtin.command: mount -u -o noatime /var
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
|
||||||
|
- name: remount /var/log noatime
|
||||||
|
ansible.builtin.command: mount -u -o noatime /var/log
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /usr noatime
|
- name: remount /usr noatime
|
||||||
command: mount -u -o noatime /usr
|
ansible.builtin.command: mount -u -o noatime /usr
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
|
||||||
|
- name: remount /usr/X11R6 noatime
|
||||||
|
ansible.builtin.command: mount -u -o noatime /usr/X11R6
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
|
||||||
|
- name: remount /usr/local noatime
|
||||||
|
ansible.builtin.command: mount -u -o noatime /usr/local
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /tmp noexec
|
- name: remount /tmp noexec
|
||||||
command: mount -u -o noexec /tmp
|
ansible.builtin.command: mount -u -o noexec /tmp
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /tmp noatime
|
- name: remount /tmp noatime
|
||||||
command: mount -u -o noatime /tmp
|
ansible.builtin.command: mount -u -o noatime /tmp
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /home noatime
|
- name: remount /home noatime
|
||||||
command: mount -u -o noatime /home
|
ansible.builtin.command: mount -u -o noatime /home
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: restart ntpd
|
- name: restart ntpd
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: ntpd
|
name: ntpd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Customize PATH variable of root crontab"
|
- name: "Customize PATH variable of root crontab"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: PATH
|
name: PATH
|
||||||
env: true
|
env: true
|
||||||
value: "{{ cron_root_path }}"
|
value: "{{ cron_root_path }}"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Configure doas"
|
- name: "Configure doas"
|
||||||
blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
dest: /etc/doas.conf
|
dest: /etc/doas.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: wheel
|
group: wheel
|
||||||
|
@ -24,5 +24,6 @@
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl_critiques.sh
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl_critiques.sh
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipmi_sensor
|
||||||
tags:
|
tags:
|
||||||
- doas
|
- doas
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Customize root's .profile"
|
- name: "Customize root's .profile"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: profile.j2
|
src: profile.j2
|
||||||
dest: /root/.profile
|
dest: /root/.profile
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Copy vim default configuration"
|
- name: "Copy vim default configuration"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: vimrc
|
src: vimrc
|
||||||
dest: /root/.vimrc
|
dest: /root/.vimrc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Customize .kshrc environment file"
|
- name: "Customize .kshrc environment file"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: kshrc.j2
|
src: kshrc.j2
|
||||||
dest: /root/.kshrc
|
dest: /root/.kshrc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -27,7 +27,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Change default .profile skeleton"
|
- name: "Change default .profile skeleton"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: profile.j2
|
src: profile.j2
|
||||||
dest: /etc/skel/.profile
|
dest: /etc/skel/.profile
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -36,7 +36,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Add evomaintenance trap .profile skeleton with doas"
|
- name: "Add evomaintenance trap .profile skeleton with doas"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
state: present
|
state: present
|
||||||
dest: /etc/skel/.profile
|
dest: /etc/skel/.profile
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -48,7 +48,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Add vim configuration to dotfiles for new users"
|
- name: "Add vim configuration to dotfiles for new users"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: vimrc
|
src: vimrc
|
||||||
dest: /etc/skel/.vimrc
|
dest: /etc/skel/.vimrc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Customize .kshrc environment file for new users"
|
- name: "Customize .kshrc environment file for new users"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: kshrc.j2
|
src: kshrc.j2
|
||||||
dest: /etc/skel/.kshrc
|
dest: /etc/skel/.kshrc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Fetch fstab content"
|
- name: "Fetch fstab content"
|
||||||
command: "grep -v '^#' /etc/fstab"
|
ansible.builtin.command: "grep -v '^#' /etc/fstab"
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: fstab_content
|
register: fstab_content
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
@ -14,6 +14,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "/"
|
- "/"
|
||||||
- "/var"
|
- "/var"
|
||||||
|
- "/var/log"
|
||||||
- "/usr"
|
- "/usr"
|
||||||
- "/usr/X11R6"
|
- "/usr/X11R6"
|
||||||
- "/usr/local"
|
- "/usr/local"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "{{ fstab_path }} partition is customized - softdep"
|
- name: "{{ fstab_path }} partition is customized - softdep"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(.*)'
|
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(.*)'
|
||||||
replace: '\1,softdep\2'
|
replace: '\1,softdep\2'
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
- fstab
|
- fstab
|
||||||
|
|
||||||
- name: "{{ fstab_path }} partition is customized - noatime"
|
- name: "{{ fstab_path }} partition is customized - noatime"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(\S*)(\s+.*)'
|
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(\S*)(\s+.*)'
|
||||||
replace: '\1\2,noatime\3'
|
replace: '\1\2,noatime\3'
|
||||||
|
@ -26,7 +26,7 @@
|
||||||
- fstab
|
- fstab
|
||||||
|
|
||||||
- name: "{{ fstab_path }} partition is customized - noexec"
|
- name: "{{ fstab_path }} partition is customized - noexec"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw(,softdep)*)(.*)'
|
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw(,softdep)*)(.*)'
|
||||||
replace: '\1,noexec\3'
|
replace: '\1,noexec\3'
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Fetch rc.local content"
|
- name: "Fetch rc.local content"
|
||||||
command: "grep -v '^#' /etc/rc.local"
|
ansible.builtin.command: "grep -v '^#' /etc/rc.local"
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: rclocal_content
|
register: rclocal_content
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- alerting
|
- alerting
|
||||||
|
|
||||||
- name: "Configure rc.local"
|
- name: "Configure rc.local"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/rc.local
|
path: /etc/rc.local
|
||||||
line:
|
line:
|
||||||
'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
|
'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
- alerting
|
- alerting
|
||||||
|
|
||||||
- name: "Delete rc.local entry of boot/reboot not precising hostname"
|
- name: "Delete rc.local entry of boot/reboot not precising hostname"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/rc.local
|
path: /etc/rc.local
|
||||||
regexp:
|
regexp:
|
||||||
"^.* mail -s (?!.*of.*).+$"
|
"^.* mail -s (?!.*of.*).+$"
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
- alerting
|
- alerting
|
||||||
|
|
||||||
- name: "Set root mail alias"
|
- name: "Set root mail alias"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/mail/aliases
|
dest: /etc/mail/aliases
|
||||||
regexp: "# root:"
|
regexp: "# root:"
|
||||||
replace: "root: {{ general_alert_email }}"
|
replace: "root: {{ general_alert_email }}"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Customize newsyslog"
|
- name: "Customize newsyslog"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: newsyslog.conf
|
src: newsyslog.conf
|
||||||
dest: /etc/newsyslog.conf
|
dest: /etc/newsyslog.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Customize ntpd conf"
|
- name: "Customize ntpd conf"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: ntpd.conf.j2
|
src: ntpd.conf.j2
|
||||||
dest: /etc/ntpd.conf
|
dest: /etc/ntpd.conf
|
||||||
owner: root
|
owner: root
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "Configure installurl"
|
- name: "Configure installurl"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
content: "{{ evobsd_install_url }}\n"
|
content: "{{ evobsd_install_url }}\n"
|
||||||
dest: /etc/installurl
|
dest: /etc/installurl
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- pkg
|
- pkg
|
||||||
|
|
||||||
- name: "Install packages (vim rsync mtr etc)"
|
- name: "Install packages (vim rsync mtr etc)"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name:
|
name:
|
||||||
- wget
|
- wget
|
||||||
- vim--no_x11
|
- vim--no_x11
|
||||||
|
@ -20,11 +20,12 @@
|
||||||
- bash
|
- bash
|
||||||
- ncdu
|
- ncdu
|
||||||
- htop
|
- htop
|
||||||
|
ignore_errors: true
|
||||||
tags:
|
tags:
|
||||||
- pkg
|
- pkg
|
||||||
|
|
||||||
- name: "Disable sndiod"
|
- name: "Disable sndiod"
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: sndiod
|
name: sndiod
|
||||||
enabled: false
|
enabled: false
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Configure resolv.conf"
|
- name: "Configure resolv.conf"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/resolv.conf
|
path: /etc/resolv.conf
|
||||||
line: "lookup file bind"
|
line: "lookup file bind"
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Configure sudoers umask"
|
- name: "Configure sudoers umask"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/sudoers
|
dest: /etc/sudoers
|
||||||
insertafter: '# Defaults specification'
|
insertafter: '# Defaults specification'
|
||||||
line: 'Defaults umask=0077'
|
line: 'Defaults umask=0077'
|
||||||
|
@ -8,8 +8,17 @@
|
||||||
tags:
|
tags:
|
||||||
- sudo
|
- sudo
|
||||||
|
|
||||||
|
- name: "Deactivate sudo insults"
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/sudoers
|
||||||
|
insertafter: 'Defaults umask=0077'
|
||||||
|
line: 'Defaults !insults'
|
||||||
|
validate: 'visudo -cf %s'
|
||||||
|
tags:
|
||||||
|
- sudo
|
||||||
|
|
||||||
- name: "Configure sudoers"
|
- name: "Configure sudoers"
|
||||||
blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
state: present
|
state: present
|
||||||
dest: /etc/sudoers
|
dest: /etc/sudoers
|
||||||
insertafter: EOF
|
insertafter: EOF
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "dump-server-state script is present"
|
- name: "dump-server-state script is present"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: "dump-server-state.sh"
|
src: "dump-server-state.sh"
|
||||||
dest: /usr/local/sbin/dump-server-state
|
dest: /usr/local/sbin/dump-server-state
|
||||||
force: true
|
force: true
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
- utils
|
- utils
|
||||||
|
|
||||||
- name: "update-evobackup-canary script is present"
|
- name: "update-evobackup-canary script is present"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: "update-evobackup-canary"
|
src: "update-evobackup-canary"
|
||||||
dest: /usr/local/bin/update-evobackup-canary
|
dest: /usr/local/bin/update-evobackup-canary
|
||||||
force: true
|
force: true
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Deploy bgp check script"
|
- name: "Deploy bgp check script"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: bgpd-check-peers.sh.j2
|
src: bgpd-check-peers.sh.j2
|
||||||
dest: /usr/share/scripts/bgpd-check-peers.sh
|
dest: /usr/share/scripts/bgpd-check-peers.sh
|
||||||
when: group_names | select('search','bgp') | list | count > 0
|
when: group_names | select('search','bgp') | list | count > 0
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
- bgp
|
- bgp
|
||||||
|
|
||||||
- name: "Cron job for bgp check script is installed"
|
- name: "Cron job for bgp check script is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: bgp check
|
name: bgp check
|
||||||
job: "/bin/sh /usr/share/scripts/bgpd-check-peers.sh"
|
job: "/bin/sh /usr/share/scripts/bgpd-check-peers.sh"
|
||||||
when: group_names | select('search','bgp') | list | count > 0
|
when: group_names | select('search','bgp') | list | count > 0
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
- bgp
|
- bgp
|
||||||
|
|
||||||
- name: "Create bgp log directory"
|
- name: "Create bgp log directory"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /var/log/bgp
|
path: /var/log/bgp
|
||||||
state: directory
|
state: directory
|
||||||
when: group_names | select('search','bgp') | list | count > 0
|
when: group_names | select('search','bgp') | list | count > 0
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
- bgp
|
- bgp
|
||||||
|
|
||||||
- name: "Daily best routes cron job is installed"
|
- name: "Daily best routes cron job is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: bgp best routes
|
name: bgp best routes
|
||||||
minute: 0
|
minute: 0
|
||||||
hour: 4
|
hour: 4
|
||||||
|
@ -36,7 +36,7 @@
|
||||||
- bgp
|
- bgp
|
||||||
|
|
||||||
- name: "Weekly best routes clean up cron job is installed"
|
- name: "Weekly best routes clean up cron job is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: bgp best routes clean up
|
name: bgp best routes clean up
|
||||||
minute: 0
|
minute: 0
|
||||||
hour: 4
|
hour: 4
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: restart collectd
|
- name: restart collectd
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: collectd
|
name: collectd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Install Collectd package"
|
- name: "Install Collectd package"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name: "collectd"
|
name: "collectd"
|
||||||
tags:
|
tags:
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Deploy Collectd configuration"
|
- name: "Deploy Collectd configuration"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "collectd.conf.j2"
|
src: "collectd.conf.j2"
|
||||||
dest: "/etc/collectd.conf"
|
dest: "/etc/collectd.conf"
|
||||||
notify: restart collectd
|
notify: restart collectd
|
||||||
|
@ -15,15 +15,26 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Enabling Collectd"
|
- name: "Enabling Collectd"
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: collectd
|
name: collectd
|
||||||
enabled: true
|
enabled: true
|
||||||
when: not ansible_check_mode
|
when: not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
|
- name: "Fix rights for collectd directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /usr/local/share/collectd
|
||||||
|
state: directory
|
||||||
|
owner: "root"
|
||||||
|
group: "wheel"
|
||||||
|
mode: "0755"
|
||||||
|
when: collectd_plugin_exec_ifq_drops or collectd_plugin_exec_dns_stats or collectd_plugin_exec_dhcp_pool
|
||||||
|
tags:
|
||||||
|
- collectd
|
||||||
|
|
||||||
- name: "Create scripts directory for exec plugins"
|
- name: "Create scripts directory for exec plugins"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/share/collectd/scripts
|
path: /usr/local/share/collectd/scripts
|
||||||
state: directory
|
state: directory
|
||||||
owner: "root"
|
owner: "root"
|
||||||
|
@ -34,7 +45,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Copy ifq_drops.sh"
|
- name: "Copy ifq_drops.sh"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: ifq_drops.sh
|
src: ifq_drops.sh
|
||||||
dest: /usr/local/share/collectd/scripts/ifq_drops.sh
|
dest: /usr/local/share/collectd/scripts/ifq_drops.sh
|
||||||
owner: "root"
|
owner: "root"
|
||||||
|
@ -46,7 +57,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Remove ifq_drops.sh"
|
- name: "Remove ifq_drops.sh"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/share/collectd/scripts/ifq_drops.sh
|
path: /usr/local/share/collectd/scripts/ifq_drops.sh
|
||||||
state: absent
|
state: absent
|
||||||
when: not collectd_plugin_exec_ifq_drops
|
when: not collectd_plugin_exec_ifq_drops
|
||||||
|
@ -54,7 +65,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Copy dns_stats.sh"
|
- name: "Copy dns_stats.sh"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: dns_stats.sh
|
src: dns_stats.sh
|
||||||
dest: /usr/local/share/collectd/scripts/dns_stats.sh
|
dest: /usr/local/share/collectd/scripts/dns_stats.sh
|
||||||
owner: "root"
|
owner: "root"
|
||||||
|
@ -66,7 +77,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Remove dns_stats.sh"
|
- name: "Remove dns_stats.sh"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/share/collectd/scripts/dns_stats.sh
|
path: /usr/local/share/collectd/scripts/dns_stats.sh
|
||||||
state: absent
|
state: absent
|
||||||
when: not collectd_plugin_exec_dns_stats
|
when: not collectd_plugin_exec_dns_stats
|
||||||
|
@ -74,7 +85,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Add doas configuration for dns_stats.sh execution"
|
- name: "Add doas configuration for dns_stats.sh execution"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/doas.conf
|
path: /etc/doas.conf
|
||||||
line: 'permit nopass _collectd as root cmd /usr/sbin/unbound-control args stats'
|
line: 'permit nopass _collectd as root cmd /usr/sbin/unbound-control args stats'
|
||||||
when: collectd_plugin_exec_dns_stats
|
when: collectd_plugin_exec_dns_stats
|
||||||
|
@ -82,7 +93,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Copy dhcp_pool.pl"
|
- name: "Copy dhcp_pool.pl"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: dhcp_pool.pl
|
src: dhcp_pool.pl
|
||||||
dest: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
dest: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
||||||
owner: "root"
|
owner: "root"
|
||||||
|
@ -94,7 +105,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Remove dhcp_pool.pl"
|
- name: "Remove dhcp_pool.pl"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
path: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
||||||
state: absent
|
state: absent
|
||||||
when: not collectd_plugin_exec_dhcp_pool
|
when: not collectd_plugin_exec_dhcp_pool
|
||||||
|
|
|
@ -2,10 +2,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "Execute ansible-commit"
|
- name: "Execute ansible-commit"
|
||||||
command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
|
ansible.builtin.command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
|
||||||
changed_when:
|
changed_when:
|
||||||
- _ansible_commit.stdout
|
- _ansible_commit.stdout
|
||||||
- "'CHANGED:' in _ansible_commit.stdout"
|
- "'CHANGED:' in _ansible_commit.stdout"
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
register: _ansible_commit
|
register: _ansible_commit
|
||||||
tags: always
|
tags:
|
||||||
|
- always
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "Git is installed"
|
- name: "Git is installed"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name: git
|
name: git
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Verify /usr/share/scripts presence"
|
- name: "Verify /usr/share/scripts presence"
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: /usr/share/scripts
|
path: /usr/share/scripts
|
||||||
register: _usr_share_scripts
|
register: _usr_share_scripts
|
||||||
tags:
|
tags:
|
||||||
|
@ -27,3 +27,10 @@
|
||||||
- _usr_share_scripts.stat.isdir
|
- _usr_share_scripts.stat.isdir
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
|
- include: repository.yml
|
||||||
|
vars:
|
||||||
|
repository_path: "/var/unbound/etc"
|
||||||
|
gitignore_items: []
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "{{ repository_path }} is versioned with git"
|
- name: "{{ repository_path }} is versioned with git"
|
||||||
command: "git init ."
|
ansible.builtin.command: "git init ."
|
||||||
args:
|
args:
|
||||||
chdir: "{{ repository_path }}"
|
chdir: "{{ repository_path }}"
|
||||||
creates: "{{ repository_path }}/.git/"
|
creates: "{{ repository_path }}/.git/"
|
||||||
|
@ -11,16 +11,17 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Git user.email is configured"
|
- name: "Git user.email is configured"
|
||||||
git_config:
|
community.general.git_config:
|
||||||
name: user.email
|
name: user.email
|
||||||
repo: "{{ repository_path }}"
|
repo: "{{ repository_path }}"
|
||||||
scope: local
|
scope: local
|
||||||
value: "root@{{ inventory_hostname }}.{{ general_technical_realm }}"
|
value: "root@{{ inventory_hostname }}.{{ general_technical_realm }}"
|
||||||
|
when: not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "{{ repository_path }}/.git is restricted to root"
|
- name: "{{ repository_path }}/.git is restricted to root"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ repository_path }}/.git"
|
path: "{{ repository_path }}/.git"
|
||||||
owner: root
|
owner: root
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
|
@ -28,34 +29,28 @@
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "{{ repository_path }}/.gitignore is present"
|
|
||||||
copy:
|
|
||||||
src: gitignore
|
|
||||||
dest: "{{ repository_path }}/.gitignore"
|
|
||||||
owner: root
|
|
||||||
mode: "0600"
|
|
||||||
force: false
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
|
|
||||||
- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
|
- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: "{{ repository_path }}/.gitignore"
|
dest: "{{ repository_path }}/.gitignore"
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
|
owner: root
|
||||||
|
mode: "0600"
|
||||||
|
create: true
|
||||||
loop: "{{ gitignore_items | default([]) }}"
|
loop: "{{ gitignore_items | default([]) }}"
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Set vim as default editor"
|
- name: "Set vim as default editor"
|
||||||
git_config:
|
community.general.git_config:
|
||||||
name: core.editor
|
name: core.editor
|
||||||
scope: global
|
scope: global
|
||||||
value: vim
|
value: vim
|
||||||
|
when: not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Does {{ repository_path }}/ have any commit?"
|
- name: "Does {{ repository_path }}/ have any commit?"
|
||||||
command: "git log"
|
ansible.builtin.command: "git log"
|
||||||
args:
|
args:
|
||||||
chdir: "{{ repository_path }}"
|
chdir: "{{ repository_path }}"
|
||||||
warn: false
|
warn: false
|
||||||
|
@ -67,7 +62,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Initial commit is present?"
|
- name: "Initial commit is present?"
|
||||||
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
ansible.builtin.shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
||||||
args:
|
args:
|
||||||
chdir: "{{ repository_path }}"
|
chdir: "{{ repository_path }}"
|
||||||
warn: false
|
warn: false
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "evocommit script is installed"
|
- name: "evocommit script is installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: evocommit
|
src: evocommit
|
||||||
dest: /usr/local/bin/evocommit
|
dest: /usr/local/bin/evocommit
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
- etc-git-utils
|
- etc-git-utils
|
||||||
|
|
||||||
- name: "ansible-commit script is installed"
|
- name: "ansible-commit script is installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: ansible-commit
|
src: ansible-commit
|
||||||
dest: /usr/local/bin/ansible-commit
|
dest: /usr/local/bin/ansible-commit
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
- etc-git-utils
|
- etc-git-utils
|
||||||
|
|
||||||
- name: "etc-git-optimize script is installed"
|
- name: "etc-git-optimize script is installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: etc-git-optimize
|
src: etc-git-optimize
|
||||||
dest: /usr/share/scripts/etc-git-optimize
|
dest: /usr/share/scripts/etc-git-optimize
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
- etc-git-utils
|
- etc-git-utils
|
||||||
|
|
||||||
- name: "etc-git-status script is installed"
|
- name: "etc-git-status script is installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: etc-git-status
|
src: etc-git-status
|
||||||
dest: /usr/share/scripts/etc-git-status
|
dest: /usr/share/scripts/etc-git-status
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
- etc-git-utils
|
- etc-git-utils
|
||||||
|
|
||||||
- name: "Legacy monthly cron job for /etc/.git optimization is absent"
|
- name: "Legacy monthly cron job for /etc/.git optimization is absent"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/monthly.local
|
path: /etc/monthly.local
|
||||||
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
|
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
|
||||||
state: absent
|
state: absent
|
||||||
|
@ -50,7 +50,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Legacy hourly cron job for /etc/.git status is absent"
|
- name: "Legacy hourly cron job for /etc/.git status is absent"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: git status
|
name: git status
|
||||||
minute: "42"
|
minute: "42"
|
||||||
job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
|
job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
|
||||||
|
@ -59,7 +59,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Legacy daily cron jobs for /etc/.git status are absent"
|
- name: "Legacy daily cron jobs for /etc/.git status are absent"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -72,7 +72,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for monthly git optimization"
|
- name: "Cron job for monthly git optimization"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/monthly.local
|
path: /etc/monthly.local
|
||||||
line: "/usr/share/scripts/etc-git-optimize"
|
line: "/usr/share/scripts/etc-git-optimize"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -82,7 +82,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for monthly git optimization - next_part"
|
- name: "Cron job for monthly git optimization - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/monthly.local
|
path: /etc/monthly.local
|
||||||
line: 'next_part "Monthly optimization:"'
|
line: 'next_part "Monthly optimization:"'
|
||||||
insertbefore: "/usr/share/scripts/etc-git-optimize"
|
insertbefore: "/usr/share/scripts/etc-git-optimize"
|
||||||
|
@ -93,7 +93,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for hourly git status"
|
- name: "Cron job for hourly git status"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/hourly.local
|
path: /etc/hourly.local
|
||||||
line: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
line: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -104,7 +104,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for hourly git status - next_part"
|
- name: "Cron job for hourly git status - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/hourly.local
|
path: /etc/hourly.local
|
||||||
line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
|
line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
|
||||||
insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
||||||
|
@ -116,7 +116,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for daily git status"
|
- name: "Cron job for daily git status"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: "/usr/share/scripts/etc-git-status"
|
line: "/usr/share/scripts/etc-git-status"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -127,7 +127,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for daily git status - next_part"
|
- name: "Cron job for daily git status - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: 'next_part "Daily warning for unclean Git repository:"'
|
line: 'next_part "Daily warning for unclean Git repository:"'
|
||||||
insertbefore: "/usr/share/scripts/etc-git-status"
|
insertbefore: "/usr/share/scripts/etc-git-status"
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
update-evobackup-canary --who @daily
|
update-evobackup-canary --who @daily
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
# Info : old zzz_evobackup used sh, and since "sh" match "bash", we keep "sh" for regex commands
|
# Info : old zzz_evobackup used sh, and since "sh" match "bash", we keep "sh" for regex commands
|
||||||
|
|
||||||
- name: "Copy zzz_evobackup script"
|
- name: "Copy zzz_evobackup script"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: zzz_evobackup
|
src: zzz_evobackup
|
||||||
dest: /usr/share/scripts/zzz_evobackup
|
dest: /usr/share/scripts/zzz_evobackup
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -13,7 +14,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Copy update-evobackup-canary script"
|
- name: "Copy update-evobackup-canary script"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: 000-update-evobackup-canary
|
src: 000-update-evobackup-canary
|
||||||
dest: /usr/share/scripts/000-update-evobackup-canary
|
dest: /usr/share/scripts/000-update-evobackup-canary
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -24,7 +25,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Fetch daily.local content"
|
- name: "Fetch daily.local content"
|
||||||
command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local'
|
ansible.builtin.command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local'
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: daily_local_content
|
register: daily_local_content
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
@ -33,7 +34,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Add evobackup cron (disabled)"
|
- name: "Add evobackup cron (disabled)"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: '#bash /usr/share/scripts/zzz_evobackup'
|
line: '#bash /usr/share/scripts/zzz_evobackup'
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -45,7 +46,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Add evobackup cron - next_part"
|
- name: "Add evobackup cron - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: 'next_part "EvoBackup output:"'
|
line: 'next_part "EvoBackup output:"'
|
||||||
insertbefore: 'sh /usr/share/scripts/zzz_evobackup'
|
insertbefore: 'sh /usr/share/scripts/zzz_evobackup'
|
||||||
|
@ -56,7 +57,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Add canary cron"
|
- name: "Add canary cron"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: 'sh /usr/share/scripts/000-update-evobackup-canary'
|
line: 'sh /usr/share/scripts/000-update-evobackup-canary'
|
||||||
insertafter: 'next_part "EvoBackup output:"'
|
insertafter: 'next_part "EvoBackup output:"'
|
||||||
|
@ -67,7 +68,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Delete legacy evobackup root crontab"
|
- name: "Delete legacy evobackup root crontab"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /var/cron/tabs/root
|
path: /var/cron/tabs/root
|
||||||
regexp: '/usr/share/scripts/zzz_evobackup'
|
regexp: '/usr/share/scripts/zzz_evobackup'
|
||||||
validate: /usr/bin/crontab %s
|
validate: /usr/bin/crontab %s
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
---
|
---
|
||||||
- name: "Run evocheck"
|
- name: "Run evocheck"
|
||||||
command: "{{ evocheck_bin_dir }}/evocheck.sh"
|
ansible.builtin.command:
|
||||||
|
cmd: "{{ evocheck_bin_dir }}/evocheck.sh"
|
||||||
register: evocheck_run
|
register: evocheck_run
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
tags:
|
||||||
|
- evocheck-exec
|
||||||
|
|
||||||
- debug:
|
- ansible.builtin.debug:
|
||||||
var: evocheck_run.stdout_lines
|
var: evocheck_run.stdout_lines
|
||||||
when: evocheck_run.stdout | length != 0
|
when: evocheck_run.stdout | length > 0
|
||||||
|
tags:
|
||||||
|
- evocheck-exec
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Scripts dir is present"
|
- name: "Scripts dir is present"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ evocheck_bin_dir }}"
|
path: "{{ evocheck_bin_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Copy evocheck.sh"
|
- name: "Copy evocheck.sh"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: evocheck.sh
|
src: evocheck.sh
|
||||||
dest: "{{ evocheck_bin_dir }}/evocheck.sh"
|
dest: "{{ evocheck_bin_dir }}/evocheck.sh"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
- evocheck-utils
|
- evocheck-utils
|
||||||
|
|
||||||
- name: "Copy evocheck.cf"
|
- name: "Copy evocheck.cf"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: evocheck.cf
|
src: evocheck.cf
|
||||||
dest: /etc/evocheck.cf
|
dest: /etc/evocheck.cf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Delete legacy evocheck cron"
|
- name: "Delete legacy evocheck cron"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
regexp: 'sh /usr/share/scripts/evocheck.sh --verbose --cron'
|
regexp: 'sh /usr/share/scripts/evocheck.sh --verbose --cron'
|
||||||
state: absent
|
state: absent
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Add evocheck cron"
|
- name: "Add evocheck cron"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
line: 'sh /usr/share/scripts/evocheck.sh --verbose $cron_arg'
|
line: 'sh /usr/share/scripts/evocheck.sh --verbose $cron_arg'
|
||||||
|
@ -50,7 +50,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Add evocheck cron - test for date"
|
- name: "Add evocheck cron - test for date"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
line: 'if [ $(date +%d) -eq "01" ]; then cron_arg=""; else cron_arg="--cron"; fi'
|
line: 'if [ $(date +%d) -eq "01" ]; then cron_arg=""; else cron_arg="--cron"; fi'
|
||||||
|
@ -61,7 +61,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Add evocheck cron - next_part"
|
- name: "Add evocheck cron - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
line: 'next_part "Evocheck output:"'
|
line: 'next_part "Evocheck output:"'
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Create scripts directory"
|
- name: "Create scripts directory"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/share/scripts/
|
path: /usr/share/scripts/
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
|
||||||
- name: "Copy evomaintenance script and template"
|
- name: "Copy evomaintenance script and template"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
owner: 'root'
|
owner: 'root'
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
- evomaintenance-utils
|
- evomaintenance-utils
|
||||||
|
|
||||||
- name: "Configure evomaintenance"
|
- name: "Configure evomaintenance"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: evomaintenance.j2
|
src: evomaintenance.j2
|
||||||
dest: /etc/evomaintenance.cf
|
dest: /etc/evomaintenance.cf
|
||||||
owner: root
|
owner: root
|
||||||
|
|
|
@ -1,18 +1,20 @@
|
||||||
---
|
---
|
||||||
- name: "Enable IPv4 forwarding"
|
- name: "Enable IPv4 forwarding"
|
||||||
sysctl:
|
ansible.posix.sysctl:
|
||||||
name: net.inet.ip.forwarding
|
name: net.inet.ip.forwarding
|
||||||
value: "1"
|
value: "1"
|
||||||
state: present
|
state: present
|
||||||
reload: true
|
reload: true
|
||||||
tags:
|
tags:
|
||||||
- forwarding
|
- forwarding
|
||||||
|
- forwarding-v4
|
||||||
|
|
||||||
- name: "Enable IPv6 forwarding"
|
- name: "Enable IPv6 forwarding"
|
||||||
sysctl:
|
ansible.posix.sysctl:
|
||||||
name: net.inet6.ip6.forwarding
|
name: net.inet6.ip6.forwarding
|
||||||
value: "1"
|
value: "1"
|
||||||
state: present
|
state: present
|
||||||
reload: true
|
reload: true
|
||||||
tags:
|
tags:
|
||||||
- forwarding
|
- forwarding
|
||||||
|
- forwarding-v6
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Install logsentry"
|
- name: "Install logsentry"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name:
|
name:
|
||||||
- logsentry--
|
- logsentry--
|
||||||
state: present
|
state: present
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
- logsentry
|
- logsentry
|
||||||
|
|
||||||
- name: "Copy logsentry script to /usr/share/scripts"
|
- name: "Copy logsentry script to /usr/share/scripts"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: logsentry.sh
|
src: logsentry.sh
|
||||||
dest: /usr/share/scripts/logsentry.sh
|
dest: /usr/share/scripts/logsentry.sh
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
- logsentry
|
- logsentry
|
||||||
|
|
||||||
- name: "Copy custom logsentry configuration files"
|
- name: "Copy custom logsentry configuration files"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "/etc/logsentry/{{ item }}"
|
dest: "/etc/logsentry/{{ item }}"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -32,12 +32,14 @@
|
||||||
- logsentry-config
|
- logsentry-config
|
||||||
|
|
||||||
- name: "Delete unused default script"
|
- name: "Delete unused default script"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
state: absent
|
state: absent
|
||||||
path: /etc/logsentry/logsentry.sh
|
path: /etc/logsentry/logsentry.sh
|
||||||
|
tags:
|
||||||
|
- logsentry
|
||||||
|
|
||||||
- name: "Hourly cron job for logsentry.sh is installed"
|
- name: "Hourly cron job for logsentry.sh is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: logsentry
|
name: logsentry
|
||||||
minute: "11"
|
minute: "11"
|
||||||
job: >
|
job: >
|
||||||
|
|
1074
roles/nagios-nrpe/files/plugins_bsd/check_ipmi_sensor
Executable file
1074
roles/nagios-nrpe/files/plugins_bsd/check_ipmi_sensor
Executable file
|
@ -0,0 +1,1074 @@
|
||||||
|
#!/usr/bin/perl
|
||||||
|
# check_ipmi_sensor: Nagios/Icinga plugin to check IPMI sensors
|
||||||
|
#
|
||||||
|
# Copyright (C) 2009-2019 Thomas-Krenn.AG,
|
||||||
|
# additional contributors see changelog.txt
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify it under
|
||||||
|
# the terms of the GNU General Public License as published by the Free Software
|
||||||
|
# Foundation; either version 3 of the License, or (at your option) any later
|
||||||
|
# version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||||
|
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||||
|
# details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along with
|
||||||
|
# this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
################################################################################
|
||||||
|
# The following guides provide helpful information if you want to extend this
|
||||||
|
# script:
|
||||||
|
# http://tldp.org/LDP/abs/html/ (Advanced Bash-Scripting Guide)
|
||||||
|
# http://www.gnu.org/software/gawk/manual/ (Gawk: Effective AWK Programming)
|
||||||
|
# http://de.wikibooks.org/wiki/Awk (awk Wikibook, in German)
|
||||||
|
# http://nagios.sourceforge.net/docs/3_0/customobjectvars.html (hints on
|
||||||
|
# custom object variables)
|
||||||
|
# http://nagiosplug.sourceforge.net/developer-guidelines.html (plug-in
|
||||||
|
# development guidelines)
|
||||||
|
# http://nagios.sourceforge.net/docs/3_0/pluginapi.html (plugin API)
|
||||||
|
################################################################################
|
||||||
|
use strict;
|
||||||
|
use warnings;
|
||||||
|
use Getopt::Long qw(:config no_ignore_case);
|
||||||
|
use IPC::Run qw( run ); #interact with processes
|
||||||
|
################################################################################
|
||||||
|
# set text variables
|
||||||
|
our $check_ipmi_sensor_version = "3.13";
|
||||||
|
|
||||||
|
sub get_version{
|
||||||
|
return <<EOT;
|
||||||
|
check_ipmi_sensor version $check_ipmi_sensor_version
|
||||||
|
Copyright (C) 2009-2019 Thomas-Krenn.AG
|
||||||
|
Current updates at https://github.com/thomas-krenn/check_ipmi_sensor_v3.git
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_usage{
|
||||||
|
return <<EOT;
|
||||||
|
Usage:
|
||||||
|
check_ipmi_sensor -H <hostname>
|
||||||
|
[-f <FreeIPMI config file> | -U <username> -P <password> -L <privilege level>]
|
||||||
|
[-O <FreeIPMI options>] [-b] [-T <sensor type(s)>] [-ST <SEL sensor type(s)>]
|
||||||
|
[-x <sensor id>] [-xT <sensor type(s)>] [-xST <SEL sensor type(s)]
|
||||||
|
[-i <sensor id>] [-o zenoss] [-D <protocol LAN version>] [-h] [-V]
|
||||||
|
[-fc <num_fans>] [--fru] [--nosel] [--selonly] [--seltail <count>]
|
||||||
|
[-sx|--selexclude <sel exclude file>] [-xx|--sexclude <exclude file>]
|
||||||
|
[-us|--unify-sensors <unify file>] [--nosudo [--nothresholds]
|
||||||
|
[--noentityabsent] [-s <ipmi-sensor output file>] [-h] [-V]
|
||||||
|
[-v|-vv|-vvv]
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_help{
|
||||||
|
return <<EOT;
|
||||||
|
[-H <hostname>]
|
||||||
|
hostname or IP of the IPMI interface.
|
||||||
|
For \"-H localhost\" or if no host is specified (local computer) the
|
||||||
|
Nagios/Icinga user must be allowed to run
|
||||||
|
ipmimonitoring/ipmi-sensors/ipmi-sel/[ipmi-fru] with root privileges
|
||||||
|
or via sudo (ipmimonitoring/ipmi-sensors/ipmi-sel/[ipmi-fru] must be
|
||||||
|
able to access the IPMI devices via the IPMI system interface).
|
||||||
|
[-f <FreeIPMI config file>]
|
||||||
|
path to the FreeIPMI configuration file.
|
||||||
|
Only neccessary for communication via network.
|
||||||
|
Not neccessary for access via IPMI system interface (\"-H localhost\").
|
||||||
|
It should contain IPMI username, IPMI password, and IPMI privilege-level,
|
||||||
|
for example:
|
||||||
|
username monitoring
|
||||||
|
password yourpassword
|
||||||
|
privilege-level user
|
||||||
|
As alternative you can use -U/-P/-L instead (see below).
|
||||||
|
[-U <username> -P <password> -L <privilege level>]
|
||||||
|
IPMI username, IPMI password and IPMI privilege level, provided as
|
||||||
|
parameters and not by a FreeIPMI configuration file. Useful for RHEL/
|
||||||
|
Centos 5.* with FreeIPMI 0.5.1 (this elder FreeIPMI version does not
|
||||||
|
support config files).
|
||||||
|
Warning: with this method the password is visible in the process list.
|
||||||
|
So whenever possible use a FreeIPMI confiugration file instead.
|
||||||
|
[-O <FreeIPMI options>]
|
||||||
|
additional options for FreeIPMI. Useful for RHEL/CentOS 5.* with
|
||||||
|
FreeIPMI 0.5.1 (this elder FreeIPMI version does not support config
|
||||||
|
files).
|
||||||
|
[-b]
|
||||||
|
backward compatibility mode for FreeIPMI 0.5.* (this omits the FreeIPMI
|
||||||
|
caching options --quiet-cache and --sdr-cache-recreate)
|
||||||
|
[-T <sensor type(s)>]
|
||||||
|
limit sensors to query based on IPMI sensor type.
|
||||||
|
Examples for IPMI sensor types are 'Fan', 'Temperature', 'Voltage', ...
|
||||||
|
See the output of the FreeIPMI command 'ipmi-sensors -L' and chapter
|
||||||
|
'42.2 Sensor Type Codes and Data' of the IPMI 2.0 spec for a full list
|
||||||
|
of possible sensor types. You can also find the full list of possible
|
||||||
|
sensor types at https://www.thomas-krenn.com/en/wiki/IPMI_Sensor_Types
|
||||||
|
The available types depend on your particular server and the available
|
||||||
|
sensors there.
|
||||||
|
Multiple sensor types can be specified as a comma-separated list.
|
||||||
|
[-ST <SEL sensor type(s)>]
|
||||||
|
limit SEL entries to specific types, run 'ipmi-sel -L' for a list of
|
||||||
|
types. All sensors are populated to the SEL and per default all sensor
|
||||||
|
types are monitored. E.g. to limit the sensor SEL types to Memory and
|
||||||
|
Processsor use -ST 'Memory,Processor'.
|
||||||
|
[-x <sensor id>]
|
||||||
|
exclude sensor matching <sensor id>. Useful for cases when unused
|
||||||
|
sensors cannot be deleted from SDR and are reported in a non-OK state.
|
||||||
|
Option can be specified multiple times. The <sensor id> is a numeric
|
||||||
|
value (sensor names are not used as some servers have multiple sensors
|
||||||
|
with the same name). Use -vvv option to query the <sensor ids>.
|
||||||
|
[-xT <sensor type(s)>]
|
||||||
|
exclude sensors based on IPMI sensor type.
|
||||||
|
Multiple sensor types can be specified as a comma-separated list.
|
||||||
|
[-xST <SEL sensor type(s)]
|
||||||
|
exclude SEL entries of specific sensor types.
|
||||||
|
Multiple sensor types can be specified as a comma-separated list.
|
||||||
|
[-i <sensor id>]
|
||||||
|
include only sensor matching <sensor id>. Useful for cases when only
|
||||||
|
specific sensors should be monitored. Be aware that only for the
|
||||||
|
specified sensor errors/warnings are generated. Use -vvv option to query
|
||||||
|
the <sensor ids>.
|
||||||
|
[-v|-vv|-vvv]
|
||||||
|
be verbose
|
||||||
|
(no -v) .. single line output
|
||||||
|
-v ..... single line output with additional details for warnings
|
||||||
|
-vv ..... multi line output, also with additional details for warnings
|
||||||
|
-vvv ..... debugging output, followed by normal multi line output
|
||||||
|
[-o]
|
||||||
|
change output format. Useful for using the plugin with other monitoring
|
||||||
|
software than Nagios or Icinga.
|
||||||
|
-o zenoss .. create ZENOSS compatible formatted output (output with
|
||||||
|
underscores instead of whitespaces and no single quotes)
|
||||||
|
[-D]
|
||||||
|
change the protocol LAN version. Normally LAN_2_0 is used as protocol
|
||||||
|
version if not overwritten with this option. Use 'default' here if you
|
||||||
|
don't want to use LAN_2_0.
|
||||||
|
[-fc <num fans>]
|
||||||
|
number of installed fans. If the number of current installed
|
||||||
|
fans reported by IPMI is not equal than <num fans> then a Warning state
|
||||||
|
is returned. Please use this option carefully as number of fans and
|
||||||
|
number of fan sensors can differ!
|
||||||
|
[--fru]
|
||||||
|
print the product serial number if it is available in the IPMI FRU data.
|
||||||
|
For this purpose the tool 'ipmi-fru' is used. E.g.:
|
||||||
|
IPMI Status: OK (9000096781)
|
||||||
|
[--nosel]
|
||||||
|
turn off system event log checking via ipmi-sel. If there are
|
||||||
|
unintentional entries in SEL, use 'ipmi-sel --clear' or the -sx or -xST
|
||||||
|
option.
|
||||||
|
[--selonly]
|
||||||
|
check only system event log checking via ipmi-sel. If there are
|
||||||
|
unintentional entries in SEL, use 'ipmi-sel --clear' or the -sx or -xST
|
||||||
|
option.
|
||||||
|
[--seltail <count>]
|
||||||
|
limit SEL output to specified count of last messages
|
||||||
|
[-sx|--selexclude <sel exclude file>]
|
||||||
|
use a sel exclude file to exclude entries from the system event log.
|
||||||
|
Specify name and type pipe delimitered in this file to exclude an entry,
|
||||||
|
for example: System Chassis Chassis Intru|Physical Security
|
||||||
|
To get valid names and types use the -vvv option and take a look at:
|
||||||
|
debug output for sel (-vvv is set). Don't use name and type from the
|
||||||
|
web interface as sensor descriptions are not complete there.
|
||||||
|
As with the '-xx' option if the first character of a line is '~' the
|
||||||
|
name is treated as a regular expression.
|
||||||
|
[-xx|--sexclude <exclude file>]
|
||||||
|
use an exclude file to exclude sensors, each line specifies an exclude.
|
||||||
|
Specify name and type pipe delimitered in this file to exclude a sensor,
|
||||||
|
for example: System Chassis Chassis Intru|Physical Security
|
||||||
|
If the first character of a line is '~' the name is treated as a regular
|
||||||
|
expression. E.g. to exclude all sensor names from CPU0 to CPU9:
|
||||||
|
~CPU[0-9] Temp|Temperature
|
||||||
|
To get valid names and types use the -vvv option.
|
||||||
|
[-us|--unify-sensors <unify file>]
|
||||||
|
use an unify file to unify sensor names. This is an easy way to rename
|
||||||
|
sensors with given patterns in the file. Once might use this option
|
||||||
|
to get the same sensor names accross different platforms, e.g. to only
|
||||||
|
have 'Mainboard Temperature' as sensor name and not 'MB1 Temperature' or 'System Temp'.
|
||||||
|
Rules in the file follow simple regex patterns e.g.:
|
||||||
|
^(MB1 Temperature|System Temp)\$/Mainboard Temperature
|
||||||
|
Temp\$/TEMP
|
||||||
|
[--nosudo]
|
||||||
|
turn off sudo usage on localhost or if ipmi host is ommited.
|
||||||
|
[--nothresholds]
|
||||||
|
turn off performance data thresholds from output-sensor-thresholds.
|
||||||
|
[--noentityabsent]
|
||||||
|
skip sensor checks for sensors that have 'noentityabsent' as event state
|
||||||
|
[-s <ipmi-sensor output file>]
|
||||||
|
simulation mode - test the plugin with an ipmi-sensor output redirected
|
||||||
|
to a file.
|
||||||
|
[-h]
|
||||||
|
show this help
|
||||||
|
[-V]
|
||||||
|
show version information
|
||||||
|
|
||||||
|
Examples:
|
||||||
|
\$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user
|
||||||
|
IPMI Status: OK | 'System Temp'=30.00 'Peripheral Temp'=32.00
|
||||||
|
'FAN 1'=2775.00 [...]
|
||||||
|
\$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user -x 205
|
||||||
|
IPMI Status: OK | 'System Temp'=30.00 'Peripheral Temp'=32.00
|
||||||
|
'FAN 2'=2775.00 [...]
|
||||||
|
\$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user -i 4,71
|
||||||
|
IPMI Status: OK | 'System Temp'=30.00 'Peripheral Temp'=32.00
|
||||||
|
\$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user -i 4 --fru
|
||||||
|
IPMI Status: OK (0000012345) | 'System Temp'=30.00
|
||||||
|
|
||||||
|
Further information about this plugin can be found at
|
||||||
|
http://www.thomas-krenn.com/en/wiki/IPMI_Sensor_Monitoring_Plugin
|
||||||
|
|
||||||
|
Use the github repo at https://github.com/thomas-krenn/check_ipmi_sensor_v3.git
|
||||||
|
to submit patches, suggest improvements or if you have questions regarding
|
||||||
|
use of this plugin.
|
||||||
|
|
||||||
|
Attention: the mailing list is no longer in use but an archive can be found at
|
||||||
|
http://lists.thomas-krenn.com/
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
sub usage{
|
||||||
|
my ($arg) = @_; #the list of inputs
|
||||||
|
my ($exitcode);
|
||||||
|
if ( defined $arg ){
|
||||||
|
if ( $arg =~ m/^\d+$/ ){
|
||||||
|
$exitcode = $arg;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
print STDOUT $arg, "\n";
|
||||||
|
$exitcode = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
print STDOUT get_usage();
|
||||||
|
exit($exitcode) if defined $exitcode;
|
||||||
|
}
|
||||||
|
################################################################################
|
||||||
|
# set ipmimonitoring path
|
||||||
|
our $MISSING_COMMAND_TEXT = '';
|
||||||
|
our $IPMICOMMAND ="";
|
||||||
|
if(-x "/usr/sbin/ipmimonitoring"){
|
||||||
|
$IPMICOMMAND = "/usr/sbin/ipmimonitoring";
|
||||||
|
}
|
||||||
|
elsif (-x "/usr/bin/ipmimonitoring"){
|
||||||
|
$IPMICOMMAND = "/usr/bin/ipmimonitoring";
|
||||||
|
}
|
||||||
|
elsif (-x "/usr/local/sbin/ipmimonitoring"){
|
||||||
|
$IPMICOMMAND = "/usr/local/sbin/ipmimonitoring";
|
||||||
|
}
|
||||||
|
elsif (-x "/usr/local/bin/ipmimonitoring"){
|
||||||
|
$IPMICOMMAND = "/usr/local/bin/ipmimonitoring";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$MISSING_COMMAND_TEXT = " ipmimonitoring/ipmi-sensors command not found!\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Identify the version of the ipmi-tool
|
||||||
|
sub get_ipmi_version{
|
||||||
|
my @ipmi_version_output = '';
|
||||||
|
my $ipmi_version = '';
|
||||||
|
@ipmi_version_output = `$IPMICOMMAND -V`;
|
||||||
|
$ipmi_version = shift(@ipmi_version_output);
|
||||||
|
$ipmi_version =~ /(\d+)\.(\d+)\.(\d+)/;
|
||||||
|
@ipmi_version_output = ();
|
||||||
|
push @ipmi_version_output,$1,$2,$3;
|
||||||
|
return @ipmi_version_output;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub simulate{
|
||||||
|
my $output = '';
|
||||||
|
my $simul_file = $_[0];
|
||||||
|
if( !defined $simul_file || (-x '\"'.$simul_file.'\"')){
|
||||||
|
print "DEBUG: Using simulation file: $simul_file\n";
|
||||||
|
print "Error: Simulation file with ipmi output not found.\n";
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
return ($output = `cat $simul_file`);
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_fru{
|
||||||
|
my @frucmd = @{(shift)};
|
||||||
|
my $verbosity = shift;
|
||||||
|
my $fru;
|
||||||
|
if(-e '/usr/sbin/ipmi-fru'){
|
||||||
|
$fru = '/usr/sbin/ipmi-fru';
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
chomp($fru = `which ipmi-fru`);
|
||||||
|
}
|
||||||
|
#if sudo is used the command is the second element
|
||||||
|
if($frucmd[0] eq 'sudo'){
|
||||||
|
$frucmd[1] = $fru;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$frucmd[0] = $fru;
|
||||||
|
}
|
||||||
|
#skip checksum validation
|
||||||
|
push @frucmd,'-s';
|
||||||
|
my $fruoutput;
|
||||||
|
my $returncode;
|
||||||
|
run \@frucmd, '>&', \$fruoutput;
|
||||||
|
#the upper eight bits contain the error condition (exit code)
|
||||||
|
#see http://perldoc.perl.org/perlvar.html#Error-Variables
|
||||||
|
$returncode = $? >> 8;
|
||||||
|
if ( $returncode != 0 ){
|
||||||
|
print "$fruoutput\n";
|
||||||
|
print "-> Execution of $fru failed with return code $returncode.\n";
|
||||||
|
print "-> $fru was executed with the following parameters:\n";
|
||||||
|
print " ", join(' ', @frucmd), "\n";
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
if($verbosity == 3){
|
||||||
|
print "------------- debug output for fru (-vvv is set): ------------\n";
|
||||||
|
print " $fru was executed with the following parameters:\n";
|
||||||
|
print " ", join(' ', @frucmd), "\n";
|
||||||
|
print " output of FreeIPMI:\n";
|
||||||
|
print "$fruoutput";
|
||||||
|
}
|
||||||
|
return split('\n', $fruoutput);
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_sel{
|
||||||
|
my @selcmd = @{(shift)};
|
||||||
|
my $verbosity = shift;
|
||||||
|
my @sel_sensor_types = @{(shift)};
|
||||||
|
my @exclude_sel_sensor_types = @{(shift)};
|
||||||
|
my $sel;
|
||||||
|
if(-e '/usr/sbin/ipmi-sel'){
|
||||||
|
$sel = '/usr/sbin/ipmi-sel';
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
chomp($sel = `which ipmi-sel`);
|
||||||
|
}
|
||||||
|
#if sudo is used the command is the second element
|
||||||
|
if($selcmd[0] eq 'sudo'){
|
||||||
|
$selcmd[1] = $sel;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$selcmd[0] = $sel;
|
||||||
|
}
|
||||||
|
push @selcmd, '--output-event-state', '--interpret-oem-data', '--entity-sensor-names';
|
||||||
|
push @selcmd, '--sensor-types=' . join(',', @sel_sensor_types);
|
||||||
|
push @selcmd, '--exclude-sensor-types=' . join(',', @exclude_sel_sensor_types);
|
||||||
|
my $seloutput;
|
||||||
|
my $returncode;
|
||||||
|
run \@selcmd, '>&', \$seloutput;
|
||||||
|
$returncode = $? >> 8;
|
||||||
|
if ( $returncode != 0 ){
|
||||||
|
print "$seloutput\n";
|
||||||
|
print "-> Execution of $sel failed with return code $returncode.\n";
|
||||||
|
print "-> $sel was executed with the following parameters:\n";
|
||||||
|
print " ", join(' ', @selcmd), "\n";
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
if($verbosity == 3){
|
||||||
|
print "------------- debug output for sel (-vvv is set): ------------\n";
|
||||||
|
print " $sel was executed with the following parameters:\n";
|
||||||
|
print " ", join(' ', @selcmd), "\n";
|
||||||
|
print " output of FreeIPMI:\n";
|
||||||
|
print "$seloutput";
|
||||||
|
}
|
||||||
|
return split('\n', $seloutput);
|
||||||
|
}
|
||||||
|
|
||||||
|
sub parse_sel{
|
||||||
|
my $selcmd = shift;
|
||||||
|
my $verbosity = shift;
|
||||||
|
my $sel_xfile = shift;
|
||||||
|
my $sel_sensor_types = shift;
|
||||||
|
my $exclude_sel_sensor_types = shift;
|
||||||
|
my @seloutput = get_sel($selcmd, $verbosity, $sel_sensor_types, $exclude_sel_sensor_types);
|
||||||
|
@seloutput = map { [ map { s/^\s*//; s/\s*$//; $_; } split(m/\|/, $_) ] } @seloutput;
|
||||||
|
my $header = shift(@seloutput);
|
||||||
|
|
||||||
|
my @sel_rows;
|
||||||
|
foreach my $row (@seloutput){
|
||||||
|
my %curr_row;
|
||||||
|
for(my $i = 0; $i < scalar(@{$header}); $i++){
|
||||||
|
my $key = lc $header->[$i];
|
||||||
|
$curr_row{$key} = $row->[$i];
|
||||||
|
}
|
||||||
|
if(!(exclude_with_file($sel_xfile, $curr_row{'name'}, $curr_row{'type'}))){
|
||||||
|
push @sel_rows, \%curr_row;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return \@sel_rows;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_dcmi{
|
||||||
|
my @dcmicmd = @{(shift)};
|
||||||
|
my $verbosity = shift;
|
||||||
|
my $dcmi;
|
||||||
|
if(-e '/usr/sbin/ipmi-dcmi'){
|
||||||
|
$dcmi = '/usr/sbin/ipmi-dcmi';
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
chomp($dcmi = `which ipmi-dcmi`);
|
||||||
|
}
|
||||||
|
#if sudo is used the command is the second element
|
||||||
|
if($dcmicmd[0] eq 'sudo'){
|
||||||
|
$dcmicmd[1] = $dcmi;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$dcmicmd[0] = $dcmi;
|
||||||
|
}
|
||||||
|
push @dcmicmd, '--get-system-power-statistics';
|
||||||
|
|
||||||
|
my $dcmioutput;
|
||||||
|
my $returncode;
|
||||||
|
run \@dcmicmd, '>&', \$dcmioutput;
|
||||||
|
$returncode = $? >> 8;
|
||||||
|
if ( $returncode == 0 ){
|
||||||
|
return split('\n', $dcmioutput);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
sub parse_dcmi{
|
||||||
|
my $dcmicmd = shift;
|
||||||
|
my $verbosity = shift;
|
||||||
|
my @dcmioutput = get_dcmi($dcmicmd, $verbosity);
|
||||||
|
if(@dcmioutput){
|
||||||
|
@dcmioutput = map { [ map { s/^\s*//; s/\s*$//; $_; } split(m/\:/, $_) ] } @dcmioutput;
|
||||||
|
my %current_power;
|
||||||
|
my $power_available = 0;
|
||||||
|
foreach my $power (@dcmioutput){
|
||||||
|
if(defined($power) && defined($power->[0]) && $power->[0] ne ''){
|
||||||
|
if($power->[0] eq 'Current Power'){
|
||||||
|
$power->[1] =~ m/^(\d+)/;
|
||||||
|
my $watts = $1;
|
||||||
|
$current_power{'Current Power'} = $watts;
|
||||||
|
}
|
||||||
|
if($power->[0] eq 'Power Measurement'){
|
||||||
|
if($power->[1] eq 'Active'){
|
||||||
|
$power_available = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if($power_available == 1){
|
||||||
|
return \%current_power;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Excludes a name and type pair if it is present in the given file, pipe
|
||||||
|
# delimitered.
|
||||||
|
# @return 1 if name should be skipped, 0 if not
|
||||||
|
sub exclude_with_file{
|
||||||
|
my $file_name = shift;
|
||||||
|
my $name = shift;
|
||||||
|
my $type = shift;
|
||||||
|
my @xlist;
|
||||||
|
my $skip = 0;
|
||||||
|
if($file_name){
|
||||||
|
if(!(open (FH, "< $file_name"))){
|
||||||
|
print "-> Reading exclude file $file_name failed with: $!.\n";
|
||||||
|
exit(3);
|
||||||
|
};
|
||||||
|
@xlist = <FH>;
|
||||||
|
}
|
||||||
|
foreach my $exclude (@xlist){
|
||||||
|
my @curr_exclude = map { s/^\s*//; s/\s*$//; $_; } split(/\|/,$exclude);
|
||||||
|
if(@curr_exclude && $curr_exclude[0] ne '' && $curr_exclude[1] ne ''){
|
||||||
|
#if the first char of the name in the exclude file is a '~' treat it as regex
|
||||||
|
if(substr($curr_exclude[0], 0, 1 ) eq '~'){
|
||||||
|
my $regex_curr_exclude = substr $curr_exclude[0], 1;
|
||||||
|
if($name =~ m/$regex_curr_exclude/ && $curr_exclude[1] eq $type){
|
||||||
|
$skip = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elsif($curr_exclude[0] eq $name && $curr_exclude[1] eq $type){
|
||||||
|
$skip = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
close FH;
|
||||||
|
return $skip;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Reads regular expressions from a file and applies the rules to sensor names.
|
||||||
|
# This unifies sensor names across different platforms.
|
||||||
|
# @return The sensor name with specified unify rules applied
|
||||||
|
sub unify_with_file{
|
||||||
|
my $file_name = shift;
|
||||||
|
my $name = shift;# given sensor name
|
||||||
|
my @ulist;# list of rules to apply
|
||||||
|
if($file_name){
|
||||||
|
if(!(open (FH, "< $file_name"))){
|
||||||
|
print "-> Reading unify file $file_name failed with: $!.\n";
|
||||||
|
exit(3);
|
||||||
|
};
|
||||||
|
@ulist = <FH>;
|
||||||
|
}
|
||||||
|
foreach my $unify_rule (@ulist){
|
||||||
|
#split at the only / that is not masked with a \,
|
||||||
|
#this is the separator in s/x/y/g to get x and y
|
||||||
|
my @curr_rule = map { s/^\s*//; s/\s*$//; $_; } split(/(?<!\\)\//,$unify_rule);
|
||||||
|
if(@curr_rule && $curr_rule[0] ne '' && $curr_rule[1] ne ''){
|
||||||
|
$name =~ s/$curr_rule[0]/$curr_rule[1]/g;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
close FH;
|
||||||
|
return $name;
|
||||||
|
}
|
||||||
|
|
||||||
|
#define entire hashes
|
||||||
|
our %hdrmap = (
|
||||||
|
'Record_ID' => 'id', # FreeIPMI ...,0.7.x
|
||||||
|
'Record ID' => 'id', # FreeIPMI 0.8.x,... with --legacy-output
|
||||||
|
'ID' => 'id', # FreeIPMI 0.8.x
|
||||||
|
'Sensor Name' => 'name',
|
||||||
|
'Name' => 'name', # FreeIPMI 0.8.x
|
||||||
|
'Sensor Group' => 'type',
|
||||||
|
'Type' => 'type', # FreeIPMI 0.8.x
|
||||||
|
'Monitoring Status' => 'state',
|
||||||
|
'State' => 'state', # FreeIPMI 0.8.x
|
||||||
|
'Sensor Units' => 'units',
|
||||||
|
'Units' => 'units', # FreeIPMI 0.8.x
|
||||||
|
'Sensor Reading' => 'reading',
|
||||||
|
'Reading' => 'reading', # FreeIPMI 0.8.x
|
||||||
|
'Event' => 'event', # FreeIPMI 0.8.x
|
||||||
|
'Lower C' => 'lowerC',
|
||||||
|
'Lower NC' => 'lowerNC',
|
||||||
|
'Upper C' => 'upperC',
|
||||||
|
'Upper NC' => 'upperNC',
|
||||||
|
'Lower NR' => 'lowerNR',
|
||||||
|
'Upper NR' => 'upperNR',
|
||||||
|
);
|
||||||
|
|
||||||
|
our $verbosity = 0;
|
||||||
|
|
||||||
|
MAIN: {
|
||||||
|
$| = 1; #force a flush after every write or print
|
||||||
|
my @ARGV_SAVE = @ARGV;#keep args for verbose output
|
||||||
|
my ($show_help, $show_version);
|
||||||
|
my ($ipmi_host, $ipmi_user, $ipmi_password, $ipmi_privilege_level, $ipmi_config_file, $ipmi_outformat);
|
||||||
|
my (@freeipmi_options, $freeipmi_compat);
|
||||||
|
my (@ipmi_sensor_types, @ipmi_exclude_sensor_types, @ipmi_xlist, @ipmi_ilist);
|
||||||
|
my (@ipmi_version);
|
||||||
|
my $ipmi_sensors = 0;#states to use ipmi-sensors instead of ipmimonitoring
|
||||||
|
my $fan_count;#number of fans that should be installed in unit
|
||||||
|
my $lanVersion;#if desired use a different protocol version
|
||||||
|
my $abort_text = '';
|
||||||
|
my $zenoss = 0;
|
||||||
|
my @sel_sensor_types;
|
||||||
|
my @exclude_sel_sensor_types;
|
||||||
|
my $sel_issues_present = 0;
|
||||||
|
my $simulate = '';
|
||||||
|
my ($use_fru, $no_sel, $sel_only, $sel_tail, $no_sudo, $use_thresholds, $no_thresholds, $sel_xfile, $s_xfile, $s_ufile, $no_entity_absent);
|
||||||
|
|
||||||
|
#read in command line arguments and init hash variables with the given values from argv
|
||||||
|
if ( !( GetOptions(
|
||||||
|
'H|host=s' => \$ipmi_host,
|
||||||
|
'f|config-file=s' => \$ipmi_config_file,
|
||||||
|
'U|user=s' => \$ipmi_user,
|
||||||
|
'P|password=s' => \$ipmi_password,
|
||||||
|
'L|privilege-level=s' => \$ipmi_privilege_level,
|
||||||
|
'O|options=s' => \@freeipmi_options,
|
||||||
|
'b|compat' => \$freeipmi_compat,
|
||||||
|
'T|sensor-types=s' => \@ipmi_sensor_types,
|
||||||
|
'xT|exclude-sensor-types=s' => \@ipmi_exclude_sensor_types,
|
||||||
|
'ST|sel-sensor-types=s' => \@sel_sensor_types,
|
||||||
|
'xST|exclude-sel-sensor-types=s' => \@exclude_sel_sensor_types,
|
||||||
|
'fru' => \$use_fru,
|
||||||
|
'nosel' => \$no_sel,
|
||||||
|
'selonly' => \$sel_only,
|
||||||
|
'seltail=s' => \$sel_tail,
|
||||||
|
'nosudo' => \$no_sudo,
|
||||||
|
'nothresholds' => \$no_thresholds,
|
||||||
|
'noentityabsent' => \$no_entity_absent,
|
||||||
|
'v|verbosity' => \$verbosity,
|
||||||
|
'vv' => sub{$verbosity=2},
|
||||||
|
'vvv' => sub{$verbosity=3},
|
||||||
|
'x|exclude=s' => \@ipmi_xlist,
|
||||||
|
'sx|selexclude=s' => \$sel_xfile,
|
||||||
|
'xx|sexclude=s' => \$s_xfile,
|
||||||
|
'us|unify-sensors=s'=> \$s_ufile,
|
||||||
|
'i|include=s' => \@ipmi_ilist,
|
||||||
|
'o|outformat=s' => \$ipmi_outformat,
|
||||||
|
'fc|fancount=i' => \$fan_count,
|
||||||
|
'D=s' => \$lanVersion,
|
||||||
|
's=s' => \$simulate,
|
||||||
|
'h|help' =>
|
||||||
|
sub{print STDOUT get_version();
|
||||||
|
print STDOUT "\n";
|
||||||
|
print STDOUT get_usage();
|
||||||
|
print STDOUT "\n";
|
||||||
|
print STDOUT get_help();
|
||||||
|
exit(0)
|
||||||
|
},
|
||||||
|
'V|version' =>
|
||||||
|
sub{
|
||||||
|
print STDOUT get_version();
|
||||||
|
exit(0);
|
||||||
|
},
|
||||||
|
'usage|?' =>
|
||||||
|
sub{print STDOUT get_usage();
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
) ) ){
|
||||||
|
usage(1);#call usage if GetOptions failed
|
||||||
|
}
|
||||||
|
usage(1) if @ARGV;#print usage if unknown arg list is left
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# check for ipmimonitoring or ipmi-sensors. Since version > 0.8 ipmi-sensors is used
|
||||||
|
# if '--legacy-output' is given ipmi-sensors cannot be used
|
||||||
|
if( $MISSING_COMMAND_TEXT ne "" ){
|
||||||
|
print STDOUT "Error:$MISSING_COMMAND_TEXT";
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
@ipmi_version = get_ipmi_version();
|
||||||
|
if( $ipmi_version[0] > 0 && (grep(/legacy\-output/,@freeipmi_options)) == 0){
|
||||||
|
$IPMICOMMAND =~ s/ipmimonitoring/ipmi-sensors/;
|
||||||
|
$ipmi_sensors = 1;
|
||||||
|
}
|
||||||
|
if( $ipmi_version[0] > 0 && (grep(/legacy\-output/,@freeipmi_options)) == 1){
|
||||||
|
print "Error: Cannot use ipmi-sensors with option \'--legacy-output\'. Remove it to work correctly.\n";
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
# check if output-sensor-thresholds can be used, this is supported
|
||||||
|
# since 1.2.1. Version 1.2.0 was not released, so skip the third minor
|
||||||
|
# version number
|
||||||
|
if($ipmi_version[0] > 1 || ($ipmi_version[0] == 1 && $ipmi_version[1] >= 2)){
|
||||||
|
$use_thresholds = 1;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$use_thresholds = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
###############################################################################
|
||||||
|
# verify if all mandatory parameters are set and initialize various variables
|
||||||
|
#\s defines any whitespace characters
|
||||||
|
#first join the list, then split it at whitespace ' '
|
||||||
|
#also cf. http://perldoc.perl.org/Getopt/Long.html#Options-with-multiple-values
|
||||||
|
@freeipmi_options = split(/\s+/, join(' ', @freeipmi_options)); # a bit hack, shell word splitting should be implemented...
|
||||||
|
@ipmi_sensor_types = split(/,/, join(',', @ipmi_sensor_types));
|
||||||
|
@ipmi_exclude_sensor_types = split(/,/, join(',', @ipmi_exclude_sensor_types));
|
||||||
|
@sel_sensor_types = split(/,/, join(',', @sel_sensor_types));
|
||||||
|
@exclude_sel_sensor_types = split(/,/, join(',', @exclude_sel_sensor_types));
|
||||||
|
@ipmi_xlist = split(/,/, join(',', @ipmi_xlist));
|
||||||
|
@ipmi_ilist = split(/,/, join(',', @ipmi_ilist));
|
||||||
|
|
||||||
|
#check for zenoss output
|
||||||
|
if(defined $ipmi_outformat && $ipmi_outformat eq "zenoss"){
|
||||||
|
$zenoss = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Per default monitor all sensor types, use -ST to specify your sensor types
|
||||||
|
if(!@sel_sensor_types){
|
||||||
|
@sel_sensor_types = ('all');
|
||||||
|
}
|
||||||
|
# If -xST has not been set, set this array to empty.
|
||||||
|
if(!@exclude_sel_sensor_types){
|
||||||
|
@exclude_sel_sensor_types = ('');
|
||||||
|
}
|
||||||
|
|
||||||
|
# Define basic ipmi command
|
||||||
|
my @basecmd = $IPMICOMMAND;
|
||||||
|
# If host is omitted localhost is assumed, if not turned off sudo is used
|
||||||
|
if(!(defined $ipmi_host) || ($ipmi_host eq 'localhost')){
|
||||||
|
if(!defined($no_sudo)){
|
||||||
|
# Only add sudo if not already root
|
||||||
|
@basecmd = ($> != 0 ? 'sudo' : (), $IPMICOMMAND);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# If we are not local, we need authentication credentials
|
||||||
|
else{
|
||||||
|
# Add the ipmi desired host
|
||||||
|
push @basecmd, '-h', $ipmi_host;
|
||||||
|
if(defined $ipmi_config_file){
|
||||||
|
push @basecmd, '--config-file', $ipmi_config_file;
|
||||||
|
}
|
||||||
|
elsif(defined $ipmi_user && defined $ipmi_password && defined $ipmi_privilege_level ){
|
||||||
|
push @basecmd, '-u', $ipmi_user, '-p', $ipmi_password, '-l', $ipmi_privilege_level;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$abort_text = $abort_text . " -f <FreeIPMI config file> or -U <username> -P <password> -L <privilege level>";
|
||||||
|
}
|
||||||
|
if( $abort_text ne ""){
|
||||||
|
print STDOUT "Error: " . $abort_text . " missing.";
|
||||||
|
print STDOUT get_usage();
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# copy command for fru usage
|
||||||
|
my @frucmd;
|
||||||
|
if($use_fru){
|
||||||
|
@frucmd = @basecmd
|
||||||
|
}
|
||||||
|
my @selcmd = @basecmd;
|
||||||
|
my @dcmicmd = @basecmd;
|
||||||
|
|
||||||
|
if(@ipmi_sensor_types){
|
||||||
|
# , is the seperator in the new string
|
||||||
|
# -g option is older name for ipmi-sensors -t or --sensor-types and
|
||||||
|
# compatible with both older and newer version of FreeIPMI
|
||||||
|
push @basecmd, '-g', join(',', @ipmi_sensor_types);
|
||||||
|
}
|
||||||
|
|
||||||
|
# add sensor types to exclude
|
||||||
|
if(@ipmi_exclude_sensor_types){
|
||||||
|
push @basecmd, '--exclude-sensor-types', join(',', @ipmi_exclude_sensor_types);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if(@freeipmi_options){
|
||||||
|
push @basecmd, @freeipmi_options;
|
||||||
|
}
|
||||||
|
|
||||||
|
#keep original basecmd for later usage
|
||||||
|
my @getstatus = @basecmd;
|
||||||
|
|
||||||
|
#if -b is not defined, caching options are used
|
||||||
|
if( !(defined $freeipmi_compat) ){
|
||||||
|
push @getstatus, '--quiet-cache', '--sdr-cache-recreate';
|
||||||
|
}
|
||||||
|
#since version 0.8 it is possible to interpret OEM data
|
||||||
|
if( ($ipmi_version[0] == 0 && $ipmi_version[1] > 7) ||
|
||||||
|
$ipmi_version[0] > 0){
|
||||||
|
push @getstatus, '--interpret-oem-data';
|
||||||
|
}
|
||||||
|
#since version 0.8 it is necessary to add the legacy option
|
||||||
|
if( ($ipmi_version[0] == 0 && $ipmi_version[1] > 7) && (grep(/legacy\-output/,@freeipmi_options) == 0)){
|
||||||
|
push @getstatus, '--legacy-output';
|
||||||
|
}
|
||||||
|
#if ipmi-sensors is used show the state of sensors and ignore N/A
|
||||||
|
if($ipmi_sensors){
|
||||||
|
push @getstatus, '--output-sensor-state', '--ignore-not-available-sensors';
|
||||||
|
}
|
||||||
|
#if not stated otherwise we use protocol lan version 2 per default
|
||||||
|
if(!defined($lanVersion)){
|
||||||
|
$lanVersion = 'LAN_2_0';
|
||||||
|
}
|
||||||
|
if($lanVersion ne 'default' && defined $ipmi_host && $ipmi_host ne 'localhost'){
|
||||||
|
push @getstatus, "--driver-type=$lanVersion";
|
||||||
|
if(!$no_sel){
|
||||||
|
push @selcmd, "--driver-type=$lanVersion";
|
||||||
|
}
|
||||||
|
if($use_fru){
|
||||||
|
push @frucmd, "--driver-type=$lanVersion";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if($use_thresholds && !$no_thresholds){
|
||||||
|
push @getstatus, '--output-sensor-thresholds';
|
||||||
|
}
|
||||||
|
if(defined($sel_tail)){
|
||||||
|
push @selcmd, "--tail=$sel_tail";
|
||||||
|
}
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
#execute status command and redirect stdout and stderr to ipmioutput
|
||||||
|
my $ipmioutput;
|
||||||
|
my $returncode;
|
||||||
|
if ($sel_only){
|
||||||
|
$returncode = 0;
|
||||||
|
}
|
||||||
|
elsif(!$simulate){
|
||||||
|
run \@getstatus, '>&', \$ipmioutput;
|
||||||
|
#the upper eight bits contain the error condition (exit code)
|
||||||
|
#see http://perldoc.perl.org/perlvar.html#Error-Variables
|
||||||
|
$returncode = $? >> 8;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$ipmioutput = simulate($simulate);
|
||||||
|
print "DEBUG: Using simulation mode\n";
|
||||||
|
$returncode = 0;
|
||||||
|
}
|
||||||
|
my @fruoutput;
|
||||||
|
if($use_fru){
|
||||||
|
@fruoutput = get_fru(\@frucmd, $verbosity);
|
||||||
|
}
|
||||||
|
my $seloutput;
|
||||||
|
if(!$no_sel){
|
||||||
|
$seloutput = parse_sel(\@selcmd, $verbosity, $sel_xfile, \@sel_sensor_types, \@exclude_sel_sensor_types);
|
||||||
|
}
|
||||||
|
my $dcmioutput;
|
||||||
|
$dcmioutput = parse_dcmi(\@dcmicmd, $verbosity);
|
||||||
|
################################################################################
|
||||||
|
# print debug output when verbosity is set to 3 (-vvv)
|
||||||
|
if ( $verbosity == 3 && !$sel_only ){
|
||||||
|
my $ipmicommandversion;
|
||||||
|
run [$IPMICOMMAND, '-V'], '2>&1', '|', ['head', '-n', 1], '&>', \$ipmicommandversion;
|
||||||
|
#remove trailing newline with chomp
|
||||||
|
chomp $ipmicommandversion;
|
||||||
|
print "------------- debug output for sensors (-vvv is set): ------------\n";
|
||||||
|
print " script was executed with the following parameters:\n";
|
||||||
|
print " $0 ", join(' ', @ARGV_SAVE), "\n";
|
||||||
|
print " check_ipmi_sensor version:\n";
|
||||||
|
print " $check_ipmi_sensor_version\n";
|
||||||
|
print " FreeIPMI version:\n";
|
||||||
|
print " $ipmicommandversion\n";
|
||||||
|
print " FreeIPMI was executed with the following parameters:\n";
|
||||||
|
print " ", join(' ', @getstatus), "\n";
|
||||||
|
print " FreeIPMI return code: $returncode\n";
|
||||||
|
print " output of FreeIPMI:\n";
|
||||||
|
print "$ipmioutput\n";
|
||||||
|
print "--------------------- end of debug output ---------------------\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# generate main output
|
||||||
|
if ( $returncode != 0 ){
|
||||||
|
print "$ipmioutput\n";
|
||||||
|
print "-> Execution of $IPMICOMMAND failed with return code $returncode.\n";
|
||||||
|
print "-> $IPMICOMMAND was executed with the following parameters:\n";
|
||||||
|
print " ", join(' ', @getstatus), "\n";
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
my @outputRows;
|
||||||
|
if(defined($ipmioutput)){
|
||||||
|
@outputRows = split('\n', $ipmioutput);
|
||||||
|
}
|
||||||
|
if(!$sel_only && (!defined($ipmioutput) || scalar(@outputRows) == 1)){
|
||||||
|
print "-> Your server seems to be powered off.";
|
||||||
|
print " (Execution of FreeIPMI returned an empty output or only 1 header row!)\n";
|
||||||
|
print "-> $IPMICOMMAND was executed with the following parameters:\n";
|
||||||
|
print " ", join(' ', @getstatus), "\n";
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
#print desired filter types
|
||||||
|
if ( @ipmi_sensor_types ){
|
||||||
|
print "Sensor Type(s) ", join(', ', @ipmi_sensor_types), " Status: ";
|
||||||
|
}
|
||||||
|
elsif ($sel_only){
|
||||||
|
print "SEL Status: ";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
print "IPMI Status: ";
|
||||||
|
}
|
||||||
|
#start with main output
|
||||||
|
my $exit = 0;
|
||||||
|
my $w_sensors = '';#sensors with warnings
|
||||||
|
my $sel_w_sensors = '';#verbose output for sel entries with warnings
|
||||||
|
my $perf = '';#performance sensor
|
||||||
|
my $curr_fans = 0;
|
||||||
|
my @ipmioutput2;#filtered original ipmi output
|
||||||
|
|
||||||
|
#skip ipmi output, if only SEL queried
|
||||||
|
if (!$sel_only){
|
||||||
|
#split at newlines, fetch array with lines of output
|
||||||
|
my @ipmioutput = split('\n', $ipmioutput);
|
||||||
|
|
||||||
|
#remove sudo errors and warnings like they appear on dns resolving issues
|
||||||
|
@ipmioutput = map { /^sudo:/ ? () : $_ } @ipmioutput;
|
||||||
|
|
||||||
|
#remove leading and trailing whitespace characters, split at the pipe delimiter
|
||||||
|
@ipmioutput = map { [ map { s/^\s*//; s/\s*$//; $_; } split(m/\|/, $_) ] } @ipmioutput;
|
||||||
|
|
||||||
|
#shift out the header as it is the first line
|
||||||
|
my $header = shift @ipmioutput;
|
||||||
|
if(!defined($header)){
|
||||||
|
print "$ipmioutput\n";
|
||||||
|
print " FreeIPMI returned an empty header map (first line)";
|
||||||
|
if(@ipmi_sensor_types){
|
||||||
|
print " FreeIPMI could not find any sensors for the given sensor type (option '-T').\n";
|
||||||
|
}
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
my %header;
|
||||||
|
for(my $i = 0; $i < @$header; $i++)
|
||||||
|
{
|
||||||
|
#assigning %header with (key from hdrmap) => $i
|
||||||
|
#checking at which position in the header is which key
|
||||||
|
$header{$hdrmap{$header->[$i]}} = $i;
|
||||||
|
}
|
||||||
|
foreach my $row ( @ipmioutput ){
|
||||||
|
my %row;
|
||||||
|
#fetch keys from header and assign existent values to row
|
||||||
|
#this maps the values from row(ipmioutput) to the header values
|
||||||
|
while ( my ($key, $index) = each %header ){
|
||||||
|
#check if the option to unify sensor names is active
|
||||||
|
if($key eq 'name' && $s_ufile && $s_ufile ne ''){
|
||||||
|
$row{$key} = unify_with_file($s_ufile, $row->[$index]);
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$row{$key} = $row->[$index];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(!(exclude_with_file($s_xfile, $row{'name'}, $row{'type'}))){
|
||||||
|
push @ipmioutput2, \%row;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#create hash with sensor name an 1
|
||||||
|
my %ipmi_xlist = map { ($_, 1) } @ipmi_xlist;
|
||||||
|
#filter out the desired sensor values
|
||||||
|
@ipmioutput2 = grep(!exists $ipmi_xlist{$_->{'id'}}, @ipmioutput2);
|
||||||
|
#check for an include list
|
||||||
|
if(@ipmi_ilist){
|
||||||
|
my %ipmi_ilist = map { ($_, 1) } @ipmi_ilist;
|
||||||
|
#only include sensors from include list
|
||||||
|
@ipmioutput2 = grep(exists $ipmi_ilist{$_->{'id'}}, @ipmioutput2);
|
||||||
|
}
|
||||||
|
foreach my $row ( @ipmioutput2 ){
|
||||||
|
if( $zenoss ){
|
||||||
|
$row->{'name'} =~ s/ /_/g;
|
||||||
|
}
|
||||||
|
my $check_sensor_state = 1;
|
||||||
|
if($no_entity_absent){
|
||||||
|
if(exists $row->{'event'} && ($row->{'event'} =~ /\'.*((Device|Entity) (Absent|Removed)).*\'/)){
|
||||||
|
$check_sensor_state = 0;
|
||||||
|
}
|
||||||
|
if(exists $row->{'reading'} && ($row->{'reading'} =~ /\'.*((Device|Entity) (Absent|Removed)).*\'/)){
|
||||||
|
$check_sensor_state = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#check for warning sensors
|
||||||
|
if($check_sensor_state && ($row->{'state'} ne 'Nominal' && $row->{'state'} ne 'N/A')){
|
||||||
|
$exit = 1 if $exit < 1;
|
||||||
|
$exit = 2 if $exit < 2 && $row->{'state'} ne 'Warning';
|
||||||
|
#don't insert a , the first time
|
||||||
|
$w_sensors .= ", " unless $w_sensors eq '';
|
||||||
|
$w_sensors .= "$row->{'name'} = $row->{'state'}";
|
||||||
|
if( $verbosity ){
|
||||||
|
if( $row->{'reading'} ne 'N/A'){
|
||||||
|
$w_sensors .= " ($row->{'reading'})" ;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$w_sensors .= " ($row->{'event'})";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if($check_sensor_state && ($row->{'units'} ne 'N/A')){
|
||||||
|
my $val = $row->{'reading'};
|
||||||
|
my $perf_data;
|
||||||
|
my $perf_thresholds;
|
||||||
|
if($zenoss){
|
||||||
|
$perf_data = $row->{'name'}."=".$val;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$perf_data = "'".$row->{'name'}."'=".$val;
|
||||||
|
}
|
||||||
|
if($use_thresholds && !$no_thresholds){
|
||||||
|
if(($row->{'lowerNC'} ne 'N/A') && ($row->{'upperNC'} ne 'N/A')){
|
||||||
|
$perf_thresholds = $row->{'lowerNC'}.":".$row->{'upperNC'}.";";
|
||||||
|
}
|
||||||
|
elsif(($row->{'lowerNC'} ne 'N/A') && ($row->{'upperNC'} eq 'N/A')){
|
||||||
|
$perf_thresholds = $row->{'lowerNC'}.":;";
|
||||||
|
}
|
||||||
|
elsif(($row->{'lowerNC'} eq 'N/A') && ($row->{'upperNC'} ne 'N/A')){
|
||||||
|
$perf_thresholds = "~:".$row->{'upperNC'}.";";
|
||||||
|
}
|
||||||
|
elsif(($row->{'lowerNC'} eq 'N/A') && ($row->{'upperNC'} eq 'N/A')){
|
||||||
|
$perf_thresholds = ";";
|
||||||
|
}
|
||||||
|
if(($row->{'lowerC'} ne 'N/A') && ($row->{'upperC'} ne 'N/A')){
|
||||||
|
$perf_thresholds .= $row->{'lowerC'}.":".$row->{'upperC'};
|
||||||
|
}
|
||||||
|
elsif(($row->{'lowerC'} ne 'N/A') && ($row->{'upperC'} eq 'N/A')){
|
||||||
|
$perf_thresholds .= $row->{'lowerC'}.":";
|
||||||
|
}
|
||||||
|
elsif(($row->{'lowerC'} eq 'N/A') && ($row->{'upperC'} ne 'N/A')){
|
||||||
|
$perf_thresholds .= "~:".$row->{'upperC'};
|
||||||
|
}
|
||||||
|
# Add thresholds to performance data
|
||||||
|
if(($row->{'lowerNC'} ne 'N/A') || ($row->{'upperNC'} ne 'N/A') ||
|
||||||
|
($row->{'lowerC'} ne 'N/A') || ($row->{'upperC'} ne 'N/A')){
|
||||||
|
$perf_data .= ";".$perf_thresholds;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$perf .= $perf_data." ";
|
||||||
|
}
|
||||||
|
if( $row->{'type'} eq 'Fan' && $row->{'reading'} ne 'N/A' ){
|
||||||
|
$curr_fans++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
foreach my $row (@{$seloutput}){
|
||||||
|
if( $zenoss ){
|
||||||
|
$row->{'name'} =~ s/ /_/g;
|
||||||
|
}
|
||||||
|
if ($row->{'state'} ne 'Nominal'){
|
||||||
|
$sel_issues_present += 1;
|
||||||
|
$exit = 1 if $exit < 1;
|
||||||
|
$exit = 2 if $exit < 2 && $row->{'state'} ne 'Warning';
|
||||||
|
if( $verbosity ){
|
||||||
|
$sel_w_sensors .= ", " unless $sel_w_sensors eq '';
|
||||||
|
$sel_w_sensors .= "($row->{'name'} = $row->{'state'},";
|
||||||
|
$sel_w_sensors .= " $row->{'type'}," ;
|
||||||
|
$sel_w_sensors .= " $row->{'event'})" ;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ( $sel_issues_present ){
|
||||||
|
$w_sensors .= ", " unless $w_sensors eq '';
|
||||||
|
if ( $sel_issues_present == 1 ){
|
||||||
|
$w_sensors .= "1 system event log (SEL) entry present";
|
||||||
|
}else{
|
||||||
|
$w_sensors .= $sel_issues_present." system event log (SEL) entries present";
|
||||||
|
}
|
||||||
|
if( $verbosity ){
|
||||||
|
$w_sensors .= " - details: ";
|
||||||
|
$w_sensors .= $sel_w_sensors;
|
||||||
|
$w_sensors .= " - fix the reported issues and clear your SEL";
|
||||||
|
$w_sensors .= " or exclude specific SEL entries using the -sx or -xST option";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#now check if num fans equals desired unit fans
|
||||||
|
if( $fan_count ){
|
||||||
|
if( $curr_fans < $fan_count ){
|
||||||
|
$exit = 1 if $exit < 1;
|
||||||
|
$w_sensors .= ", " unless $w_sensors eq '';
|
||||||
|
$w_sensors .= "Fan = Warning";
|
||||||
|
if( $verbosity ){
|
||||||
|
$w_sensors .= " ($curr_fans)" ;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#check for the FRU serial number
|
||||||
|
my @server_serial;
|
||||||
|
my $serial_number;
|
||||||
|
if( $use_fru ){
|
||||||
|
@server_serial = grep(/Product Serial Number/,@fruoutput);
|
||||||
|
if(@server_serial){
|
||||||
|
$server_serial[0] =~ m/(\d+)/;
|
||||||
|
$serial_number = $1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(defined($dcmioutput) && $dcmioutput ne ''){
|
||||||
|
my $power_perf = '';
|
||||||
|
if(exists $dcmioutput->{'Current Power'}){
|
||||||
|
my $power_key = 'Current Power';
|
||||||
|
if($s_ufile && $s_ufile ne ''){
|
||||||
|
$power_key = unify_with_file($s_ufile, $power_key);
|
||||||
|
}
|
||||||
|
if( $zenoss ){
|
||||||
|
$power_key =~ s/ /_/g;
|
||||||
|
}
|
||||||
|
$power_perf = "\'$power_key\'=" . $dcmioutput->{'Current Power'};
|
||||||
|
}
|
||||||
|
$perf = $power_perf . ' ' . $perf;
|
||||||
|
}
|
||||||
|
$perf = substr($perf, 0, -1);#cut off the last chars
|
||||||
|
if ( $exit == 0 ){
|
||||||
|
print "OK";
|
||||||
|
}
|
||||||
|
elsif ( $exit == 1 ){
|
||||||
|
print "Warning [$w_sensors]";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
print "Critical [$w_sensors]";
|
||||||
|
}
|
||||||
|
if( $use_fru && defined($serial_number)){
|
||||||
|
print " ($serial_number)";
|
||||||
|
}
|
||||||
|
print " | ", $perf if $perf ne '';
|
||||||
|
print "\n";
|
||||||
|
|
||||||
|
if ( $verbosity > 1 ){
|
||||||
|
foreach my $row (@ipmioutput2){
|
||||||
|
if( $row->{'state'} eq 'N/A'){
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
elsif( $row->{'reading'} ne 'N/A'){
|
||||||
|
print "$row->{'name'} = $row->{'reading'} ";
|
||||||
|
}
|
||||||
|
elsif( $row->{'event'} ne 'N/A'){
|
||||||
|
print "$row->{'name'} = $row->{'event'} ";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
print "(Status: $row->{'state'})\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
exit $exit;
|
||||||
|
}
|
||||||
|
};
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: restart nrpe
|
- name: restart nrpe
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: nrpe
|
name: nrpe
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: nrpe_exists.stat.exists
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Install nrpe"
|
- name: "Install nrpe"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name:
|
name:
|
||||||
- nrpe--
|
- nrpe--
|
||||||
state: present
|
state: present
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Install monitoring packages"
|
- name: "Install monitoring packages"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name:
|
name:
|
||||||
- monitoring-plugins
|
- monitoring-plugins
|
||||||
- check_bioctl
|
- check_bioctl
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Create nrpe.d dir"
|
- name: "Create nrpe.d dir"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /etc/nrpe.d
|
path: /etc/nrpe.d
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -28,14 +28,20 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Include nrpe.d dir in nrpe.cfg"
|
- name: "Include nrpe.d dir in nrpe.cfg"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/nrpe.cfg
|
dest: /etc/nrpe.cfg
|
||||||
line: 'include_dir=/etc/nrpe.d'
|
line: 'include_dir=/etc/nrpe.d'
|
||||||
|
create: true
|
||||||
tags:
|
tags:
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
|
- name: "Check if nrpe service exists, for usage in check_mode"
|
||||||
|
stat:
|
||||||
|
path: /etc/rc.d/nrpe
|
||||||
|
register: nrpe_exists
|
||||||
|
|
||||||
- name: "Custom configuration is present"
|
- name: "Custom configuration is present"
|
||||||
blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
|
block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
|
||||||
path: /etc/nrpe.d/evolix.cfg
|
path: /etc/nrpe.d/evolix.cfg
|
||||||
marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD"
|
marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD"
|
||||||
|
@ -46,46 +52,8 @@
|
||||||
tags:
|
tags:
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Fetch nrpe config content"
|
|
||||||
command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg'
|
|
||||||
check_mode: false
|
|
||||||
register: nrpe_config_content
|
|
||||||
failed_when: false
|
|
||||||
changed_when: false
|
|
||||||
tags:
|
|
||||||
- nagios-nrpe
|
|
||||||
|
|
||||||
- name: "Allow NRPE hosts - if no allowed_hosts configured"
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/nrpe.d/evolix.cfg
|
|
||||||
insertbefore: BOF
|
|
||||||
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
|
|
||||||
line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}'
|
|
||||||
when: nrpe_config_content.rc != 0
|
|
||||||
tags:
|
|
||||||
- nagios-nrpe
|
|
||||||
|
|
||||||
- name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP"
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/nrpe.d/evolix.cfg
|
|
||||||
backrefs: true
|
|
||||||
insertbefore: BOF
|
|
||||||
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*"
|
|
||||||
line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1'
|
|
||||||
when: nrpe_config_content.rc == 0
|
|
||||||
tags:
|
|
||||||
- nagios-nrpe
|
|
||||||
|
|
||||||
- name: "Allow NRPE hosts - add comment"
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/nrpe.d/evolix.cfg
|
|
||||||
insertbefore: BOF
|
|
||||||
line: "# Allowed IPs"
|
|
||||||
tags:
|
|
||||||
- nagios-nrpe
|
|
||||||
|
|
||||||
- name: "Create nrpe plugins dir"
|
- name: "Create nrpe plugins dir"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/libexec/nagios/plugins/
|
path: /usr/local/libexec/nagios/plugins/
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -95,7 +63,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Nagios plugins are installed"
|
- name: "Nagios plugins are installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: plugins_bsd/{{ item.name }}
|
src: plugins_bsd/{{ item.name }}
|
||||||
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -116,13 +84,14 @@
|
||||||
- {name: 'check_mailq.pl', force: true}
|
- {name: 'check_mailq.pl', force: true}
|
||||||
- {name: 'check_dhcp_pool', force: false}
|
- {name: 'check_dhcp_pool', force: false}
|
||||||
- {name: 'check_dhcpd.sh', force: false}
|
- {name: 'check_dhcpd.sh', force: false}
|
||||||
|
- {name: 'check_ipmi_sensor', force: true}
|
||||||
notify: restart nrpe
|
notify: restart nrpe
|
||||||
tags:
|
tags:
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
- nagios-nrpe-utils
|
- nagios-nrpe-utils
|
||||||
|
|
||||||
- name: "Nagios plugins are installed - template"
|
- name: "Nagios plugins are installed - template"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: plugins_bsd/{{ item.name }}.j2
|
src: plugins_bsd/{{ item.name }}.j2
|
||||||
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -137,9 +106,10 @@
|
||||||
- nagios-nrpe-utils
|
- nagios-nrpe-utils
|
||||||
|
|
||||||
- name: "Starting and enabling nrpe"
|
- name: "Starting and enabling nrpe"
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: nrpe
|
name: nrpe
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
when: nrpe_exists.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# Allowed IPs
|
||||||
|
allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
|
||||||
|
|
||||||
{% if ansible_distribution_version is version_compare("7.2",'>=') %}
|
{% if ansible_distribution_version is version_compare("7.2",'>=') %}
|
||||||
# Allow older cipher suites for older Icinga version
|
# Allow older cipher suites for older Icinga version
|
||||||
ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
|
ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
|
||||||
|
@ -45,3 +48,4 @@ command[check_connections_state]=doas /usr/local/libexec/nagios/plugins/check_co
|
||||||
command[check_packetfilter]=doas /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
command[check_packetfilter]=doas /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
||||||
command[check_dhcpd]=/usr/local/libexec/nagios/plugins/check_dhcpd.sh
|
command[check_dhcpd]=/usr/local/libexec/nagios/plugins/check_dhcpd.sh
|
||||||
command[check_dhcp_pool]=/usr/local/libexec/nagios/plugins/check_dhcp_pool
|
command[check_dhcp_pool]=/usr/local/libexec/nagios/plugins/check_dhcp_pool
|
||||||
|
command[check_ipmi_sensors]=doas /usr/local/libexec/nagios/plugins/check_ipmi_sensor
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Deploy ospf check scripts"
|
- name: "Deploy ospf check scripts"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "{{ item }}.j2"
|
src: "{{ item }}.j2"
|
||||||
dest: /usr/share/scripts/{{ item }}
|
dest: /usr/share/scripts/{{ item }}
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
- ospf
|
- ospf
|
||||||
|
|
||||||
- name: "Cron job for ospf check scripts is installed"
|
- name: "Cron job for ospf check scripts is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: "{{ item }} check"
|
name: "{{ item }} check"
|
||||||
job: "/bin/sh /usr/share/scripts/{{ item }}-check-peers.sh"
|
job: "/bin/sh /usr/share/scripts/{{ item }}-check-peers.sh"
|
||||||
with_items:
|
with_items:
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Setup pf.conf"
|
- name: "Setup pf.conf"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: pf.conf.j2
|
src: pf.conf.j2
|
||||||
dest: /etc/pf.conf
|
dest: /etc/pf.conf
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Copy generateldif.sh"
|
- name: "Copy generateldif.sh"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: generateldif.sh.j2
|
src: generateldif.sh.j2
|
||||||
dest: '{{ general_scripts_dir }}/generateldif.sh'
|
dest: '{{ general_scripts_dir }}/generateldif.sh'
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
- generateldif
|
- generateldif
|
||||||
|
|
||||||
- name: "Run generateldif"
|
- name: "Run generateldif"
|
||||||
command: '{{ general_scripts_dir }}/generateldif.sh'
|
ansible.builtin.command: '{{ general_scripts_dir }}/generateldif.sh'
|
||||||
register: generateldif_run
|
register: generateldif_run
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
- generateldif
|
- generateldif
|
||||||
- generateldif-exec
|
- generateldif-exec
|
||||||
|
|
||||||
- debug:
|
- ansible.builtin.debug:
|
||||||
var: generateldif_run.stdout_lines
|
var: generateldif_run.stdout_lines
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Deploy dynamic motd script for CARP master or backup"
|
- name: "Deploy dynamic motd script for CARP master or backup"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: motd-carp-state.sh
|
src: motd-carp-state.sh
|
||||||
dest: /usr/share/scripts/motd-carp-state.sh
|
dest: /usr/share/scripts/motd-carp-state.sh
|
||||||
force: true
|
force: true
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
- motd-utils
|
- motd-utils
|
||||||
|
|
||||||
- name: "Fetch root crontab content"
|
- name: "Fetch root crontab content"
|
||||||
command: >
|
ansible.builtin.command: >
|
||||||
grep "/bin/sh /usr/share/scripts/motd-carp-state.sh" /var/cron/tabs/root
|
grep "/bin/sh /usr/share/scripts/motd-carp-state.sh" /var/cron/tabs/root
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: root_crontab_content
|
register: root_crontab_content
|
||||||
|
@ -24,10 +24,10 @@
|
||||||
- motd
|
- motd
|
||||||
|
|
||||||
- name: "Cron job for dynamic motd script is installed"
|
- name: "Cron job for dynamic motd script is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: dynamic motd for CARP
|
name: dynamic motd for CARP
|
||||||
job: "/bin/sh /usr/share/scripts/motd-carp-state.sh"
|
job: "/bin/sh /usr/share/scripts/motd-carp-state.sh"
|
||||||
minute: "0"
|
minute: "*/10"
|
||||||
disabled: true
|
disabled: true
|
||||||
when:
|
when:
|
||||||
- not (root_crontab_content.stdout
|
- not (root_crontab_content.stdout
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Check and install updates (erratas) if available"
|
- name: "Check and install updates (erratas) if available"
|
||||||
command: /usr/sbin/syspatch
|
ansible.builtin.command: /usr/sbin/syspatch
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
when: ansible_distribution_version is version_compare("6.1",'>=')
|
when: ansible_distribution_version is version_compare("6.1",'>=')
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
- vars/evolix-main.yml
|
- vars/evolix-main.yml
|
||||||
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- include_role:
|
- ansible.builtin.include_role:
|
||||||
name: etc-git
|
name: etc-git
|
||||||
tasks_from: commit.yml
|
tasks_from: commit.yml
|
||||||
vars:
|
vars:
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
- post-install
|
- post-install
|
||||||
|
|
||||||
post_tasks:
|
post_tasks:
|
||||||
- include_role:
|
- ansible.builtin.include_role:
|
||||||
name: etc-git
|
name: etc-git
|
||||||
tasks_from: commit.yml
|
tasks_from: commit.yml
|
||||||
vars:
|
vars:
|
||||||
|
@ -39,6 +39,6 @@
|
||||||
when: not ansible_check_mode
|
when: not ansible_check_mode
|
||||||
tags: always
|
tags: always
|
||||||
|
|
||||||
- include_role:
|
- ansible.builtin.include_role:
|
||||||
name: evocheck
|
name: evocheck
|
||||||
tasks_from: exec.yml
|
tasks_from: exec.yml
|
||||||
|
|
Loading…
Reference in a new issue