Remove multiple spaces

nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP
post-install: execute motd-carp-state.sh every 10 minuts
2023-12-15 16:23:31 +01:00 · 2023-12-15 15:46:15 +01:00 · 2023-12-11 17:44:41 +01:00 · 2023-11-13 17:45:33 +01:00 · 2023-11-13 16:01:47 +01:00 · 2023-11-09 17:08:13 +01:00
43 changed files with 1320 additions and 197 deletions
--- a/13
+++ b/13
@ -29,6 +29,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * nagios-nrpe: allow older cipher suites for older Icinga version
 * evobackup: execute canary script before executing backup script
 * accounts: create only users who have a certain value for the `create` key (default: `always`)
 * nagios-nrpe: add the ipmi_sensor check
 * base: doas configuration for ipmi_sensor NRPE check
 * base: deactivate insults in sudo
 * base: added handlers for entries in fstab
 * forwarding: added tags to distinguish IPv4 from IPv6
 ### Changed
@ -68,13 +73,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * nagios-nrpe: check_ipsecctl.sh is never used standalone for check_vpn, always called by check_ipsecctl_critiques.sh
 * evobackup: zzz_evobackup upstream release 22.12, and call zzz_evobackup with bash
 * base: install bash, now needed for zzz_evobackup script
-* post-install: execute motd-carp-state.sh only once an hour
+* post-install: execute motd-carp-state.sh every 10 minuts
 * collectd: modified collectd scripts directory and scripts files right so that only _collectd group can execute them
 * base: install ncdu and htop often used as diagnostic tools
 * base: dump-server-state.sh upstream release 23.06
 * evocheck: upstream release 23.06
 * base: add evobsd_alias_fwupdate variable and make kshrc file a template so we can set or not a fw_update alias to servers that need it
 * etc-git: add versioning for /var/unbound/etc
 * base: ignore errors on packages installation because it fails for some packages when run in check mode
 * evomaintenance: upstream release 23.10.1
 * accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode
 * base: configure "/var/log" for servers that have a mount on it
 * nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP
 ### Fixed
@ -87,6 +97,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * logsentry: fix variables for configuration files
 * nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet
 * accounts: configure user home, ssh keys and groups only if it already exists, so that there is no error when run in check mode and user doesn't exist yet
 * collectd: fix rights for collectd directory
 ### Removed
--- a/prerequisite.yml
+++ b/prerequisite.yml
@ -12,7 +12,7 @@
    - name: Install ansible's prerequisite
      # yamllint disable-line rule:line-length
-      raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3
+      ansible.builtin.raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3
      changed_when: true
 # vim:ft=ansible
--- a/roles/accounts/handlers/main.yml
+++ b/roles/accounts/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: reload sshd
-  service:
+  ansible.builtin.service:
    name: sshd
    state: reloaded
--- a/roles/accounts/tasks/main.yml
+++ b/roles/accounts/tasks/main.yml
@ -1,7 +1,7 @@
 # yamllint disable rule:line-length
 ---
 - name: "Create {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
-  group:
+  ansible.builtin.group:
    name: "{{ item }}"
    system: true
  with_items:
@ -17,7 +17,7 @@
  vars:
    user: "{{ item.value }}"
  with_dict: "{{ evolix_users }}"
-  when: 
+  when:
    - user.create == evobsd_users_create
    - evolix_users != {}
  tags:
@ -25,7 +25,7 @@
    - admin
 - name: "Verify AllowGroups directive"
-  command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
+  ansible.builtin.command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
  changed_when: false
  failed_when: false
  check_mode: false
@ -35,7 +35,7 @@
    - admin
 - name: "Verify AllowUsers directive"
-  command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
+  ansible.builtin.command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
  changed_when: false
  failed_when: false
  check_mode: false
@ -45,7 +45,7 @@
    - admin
 - name: "Check that AllowUsers and AllowGroup do not override each other"
-  assert:
+  ansible.builtin.assert:
    that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
    msg: "We can't deal with AllowUsers and AllowGroups at the same time"
  tags:
@ -53,7 +53,7 @@
    - admin
 - name: "If AllowGroups is present then use it"
-  set_fact:
+  ansible.builtin.set_fact:
    ssh_allowgroups:
      "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
  tags:
@ -61,7 +61,7 @@
    - admin
 - name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'"
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    line: "\nAllowGroups {{ evobsd_ssh_group }}"
    insertafter: 'Subsystem'
@ -75,7 +75,7 @@
    - admin
 - name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive"
-  replace:
+  ansible.builtin.replace:
    dest: /etc/ssh/sshd_config
    regexp: '^(AllowGroups ((?!\b{{ evobsd_ssh_group }}\b).)*)$'
    replace: '\1 {{ evobsd_ssh_group }}'
@ -89,7 +89,7 @@
    - admin
 - name: "Security directives for EvoBSD"
-  blockinfile:
+  ansible.builtin.blockinfile:
    dest: /etc/ssh/sshd_config
    marker: "# {mark} EVOBSD PASSWORD RESTRICTIONS"
    block: |
@ -107,7 +107,7 @@
    - admin
 - name: "Disable root login"
-  replace:
+  ansible.builtin.replace:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin\s+(yes|without-password|prohibit-password)'
    replace: "PermitRootLogin {{ evobsd_root_login }}"
--- a/roles/accounts/tasks/user.yml
+++ b/roles/accounts/tasks/user.yml
@ -1,7 +1,7 @@
 # yamllint disable rule:line-length
 ---
 - name: "Group '{{ user.name }}' is present"
-  group:
+  ansible.builtin.group:
    state: present
    name: "{{ user.name }}"
    gid: "{{ user.uid }}"
@ -10,7 +10,7 @@
    - admin
 - name: "User '{{ user.name }}' is present"
-  user:
+  ansible.builtin.user:
    state: present
    name: '{{ user.name }}'
    uid: '{{ user.uid }}'
@ -23,12 +23,15 @@
    - accounts
    - admin
- name: "Gather available local users"
+- name: "Gather available local users for usage in check_mode"
-  getent:
+  ansible.builtin.getent:
    database: passwd
  tags:
    - accounts
    - admin
 - name: "Home directory for '{{ user.name }}' is only accesible by owner"
-  file:
+  ansible.builtin.file:
    name: '/home/{{ user.name }}'
    mode: "0700"
    owner: "{{ user.name }}"
@ -40,7 +43,7 @@
    - admin
 - name: "SSH public keys for '{{ user.name }}' are present"
-  authorized_key:
+  ansible.posix.authorized_key:
    user: "{{ user.name }}"
    key: "{{ ssk_key }}"
    state: present
@ -54,8 +57,15 @@
    - accounts
    - admin
 - name: "Gather available local groups for usage in check_mode"
  ansible.builtin.getent:
    database: group
  tags:
    - accounts
    - admin
 - name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
-  user:
+  ansible.builtin.user:
    name: "{{ user.name }}"
    groups: "{{ groups_item }}"
    append: true
@ -65,7 +75,9 @@
    - "{{ evobsd_sudo_group }}"
  loop_control:
    loop_var: groups_item
-  when: user.name in getent_passwd.keys()
+  when:
    - user.name in getent_passwd.keys()
    - groups_item in getent_group.keys()
  tags:
    - accounts
    - admin
--- a/roles/base/handlers/main.yml
+++ b/roles/base/handlers/main.yml
@ -1,38 +1,53 @@
 ---
 - name: newaliases
-  command: smtpctl update table aliases
+  ansible.builtin.command: smtpctl update table aliases
 - name: remount / noatime
-  command: mount -u -o noatime /
+  ansible.builtin.command: mount -u -o noatime /
  args:
    warn: false
 - name: remount /var noatime
-  command: mount -u -o noatime /var
+  ansible.builtin.command: mount -u -o noatime /var
  args:
    warn: false
 - name: remount /var/log noatime
  ansible.builtin.command: mount -u -o noatime /var/log
  args:
    warn: false
 - name: remount /usr noatime
-  command: mount -u -o noatime /usr
+  ansible.builtin.command: mount -u -o noatime /usr
  args:
    warn: false
 - name: remount /usr/X11R6 noatime
  ansible.builtin.command: mount -u -o noatime /usr/X11R6
  args:
    warn: false
 - name: remount /usr/local noatime
  ansible.builtin.command: mount -u -o noatime /usr/local
  args:
    warn: false
 - name: remount /tmp noexec
-  command: mount -u -o noexec /tmp
+  ansible.builtin.command: mount -u -o noexec /tmp
  args:
    warn: false
 - name: remount /tmp noatime
-  command: mount -u -o noatime /tmp
+  ansible.builtin.command: mount -u -o noatime /tmp
  args:
    warn: false
 - name: remount /home noatime
-  command: mount -u -o noatime /home
+  ansible.builtin.command: mount -u -o noatime /home
  args:
    warn: false
 - name: restart ntpd
-  service:
+  ansible.builtin.service:
    name: ntpd
    state: restarted
--- a/roles/base/tasks/cron.yml
+++ b/roles/base/tasks/cron.yml
@ -1,6 +1,6 @@
 ---
 - name: "Customize PATH variable of root crontab"
-  cron:
+  ansible.builtin.cron:
    name: PATH
    env: true
    value: "{{ cron_root_path }}"
--- a/roles/base/tasks/doas.yml
+++ b/roles/base/tasks/doas.yml
@ -1,7 +1,7 @@
 # yamllint disable rule:line-length
 ---
 - name: "Configure doas"
-  blockinfile:
+  ansible.builtin.blockinfile:
    dest: /etc/doas.conf
    owner: root
    group: wheel
@ -24,5 +24,6 @@
      permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
      permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl_critiques.sh
      permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
      permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipmi_sensor
  tags:
    - doas
--- a/roles/base/tasks/dotfiles.yml
+++ b/roles/base/tasks/dotfiles.yml
@ -1,6 +1,6 @@
 ---
 - name: "Customize root's .profile"
-  template:
+  ansible.builtin.template:
    src: profile.j2
    dest: /root/.profile
    mode: "0644"
@ -9,7 +9,7 @@
    - dotfiles
 - name: "Copy vim default configuration"
-  copy:
+  ansible.builtin.copy:
    src: vimrc
    dest: /root/.vimrc
    mode: "0644"
@ -18,7 +18,7 @@
    - dotfiles
 - name: "Customize .kshrc environment file"
-  template:
+  ansible.builtin.template:
    src: kshrc.j2
    dest: /root/.kshrc
    mode: "0644"
@ -27,7 +27,7 @@
    - dotfiles
 - name: "Change default .profile skeleton"
-  template:
+  ansible.builtin.template:
    src: profile.j2
    dest: /etc/skel/.profile
    mode: "0644"
@ -36,7 +36,7 @@
    - dotfiles
 - name: "Add evomaintenance trap .profile skeleton with doas"
-  lineinfile:
+  ansible.builtin.lineinfile:
    state: present
    dest: /etc/skel/.profile
    mode: "0644"
@ -48,7 +48,7 @@
    - dotfiles
 - name: "Add vim configuration to dotfiles for new users"
-  copy:
+  ansible.builtin.copy:
    src: vimrc
    dest: /etc/skel/.vimrc
    mode: "0644"
@ -57,7 +57,7 @@
    - dotfiles
 - name: "Customize .kshrc environment file for new users"
-  template:
+  ansible.builtin.template:
    src: kshrc.j2
    dest: /etc/skel/.kshrc
    mode: "0644"
--- a/roles/base/tasks/fstab_entries.yml
+++ b/roles/base/tasks/fstab_entries.yml
@ -1,6 +1,6 @@
 ---
 - name: "Fetch fstab content"
-  command: "grep -v '^#' /etc/fstab"
+  ansible.builtin.command: "grep -v '^#' /etc/fstab"
  check_mode: false
  register: fstab_content
  failed_when: false
@ -14,6 +14,7 @@
  with_items:
    - "/"
    - "/var"
    - "/var/log"
    - "/usr"
    - "/usr/X11R6"
    - "/usr/local"
--- a/roles/base/tasks/fstab_entry.yml
+++ b/roles/base/tasks/fstab_entry.yml
@ -1,7 +1,7 @@
 # yamllint disable rule:line-length
 ---
 - name: "{{ fstab_path }} partition is customized - softdep"
-  replace:
+  ansible.builtin.replace:
    dest: /etc/fstab
    regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(.*)'
    replace: '\1,softdep\2'
@ -13,7 +13,7 @@
    - fstab
 - name: "{{ fstab_path }} partition is customized - noatime"
-  replace:
+  ansible.builtin.replace:
    dest: /etc/fstab
    regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(\S*)(\s+.*)'
    replace: '\1\2,noatime\3'
@ -26,7 +26,7 @@
    - fstab
 - name: "{{ fstab_path }} partition is customized - noexec"
-  replace:
+  ansible.builtin.replace:
    dest: /etc/fstab
    regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw(,softdep)*)(.*)'
    replace: '\1,noexec\3'
--- a/roles/base/tasks/mail.yml
+++ b/roles/base/tasks/mail.yml
@ -1,6 +1,6 @@
 ---
 - name: "Fetch rc.local content"
-  command: "grep -v '^#' /etc/rc.local"
+  ansible.builtin.command: "grep -v '^#' /etc/rc.local"
  check_mode: false
  register: rclocal_content
  failed_when: false
@ -9,7 +9,7 @@
    - alerting
 - name: "Configure rc.local"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/rc.local
    line:
      'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
@ -23,7 +23,7 @@
    - alerting
 - name: "Delete rc.local entry of boot/reboot not precising hostname"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/rc.local
    regexp:
      "^.* mail -s (?!.*of.*).+$"
@ -32,7 +32,7 @@
    - alerting
 - name: "Set root mail alias"
-  replace:
+  ansible.builtin.replace:
    dest: /etc/mail/aliases
    regexp: "# root:"
    replace: "root: {{ general_alert_email }}"
--- a/roles/base/tasks/newsyslog.yml
+++ b/roles/base/tasks/newsyslog.yml
@ -1,6 +1,6 @@
 ---
 - name: "Customize newsyslog"
-  copy:
+  ansible.builtin.copy:
    src: newsyslog.conf
    dest: /etc/newsyslog.conf
    mode: "0644"
--- a/roles/base/tasks/ntp.yml
+++ b/roles/base/tasks/ntp.yml
@ -1,6 +1,6 @@
 ---
 - name: "Customize ntpd conf"
-  template:
+  ansible.builtin.template:
    src: ntpd.conf.j2
    dest: /etc/ntpd.conf
    owner: root
--- a/roles/base/tasks/packages.yml
+++ b/roles/base/tasks/packages.yml
@ -1,7 +1,7 @@
 ---
 - name: "Configure installurl"
-  copy:
+  ansible.builtin.copy:
    content: "{{ evobsd_install_url }}\n"
    dest: /etc/installurl
    mode: "0644"
@ -9,7 +9,7 @@
    - pkg
 - name: "Install packages (vim rsync mtr etc)"
-  openbsd_pkg:
+  community.general.openbsd_pkg:
    name:
      - wget
      - vim--no_x11
@ -20,11 +20,12 @@
      - bash
      - ncdu
      - htop
  ignore_errors: true
  tags:
    - pkg
 - name: "Disable sndiod"
-  service:
+  ansible.builtin.service:
    name: sndiod
    enabled: false
    state: stopped
--- a/roles/base/tasks/resolvconf.yml
+++ b/roles/base/tasks/resolvconf.yml
@ -1,6 +1,6 @@
 ---
 - name: "Configure resolv.conf"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/resolv.conf
    line: "lookup file bind"
    insertbefore: BOF
--- a/roles/base/tasks/sudo.yml
+++ b/roles/base/tasks/sudo.yml
@ -1,6 +1,6 @@
 ---
 - name: "Configure sudoers umask"
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/sudoers
    insertafter: '# Defaults specification'
    line: 'Defaults umask=0077'
@ -8,8 +8,17 @@
  tags:
    - sudo
 - name: "Deactivate sudo insults"
  ansible.builtin.lineinfile:
    dest: /etc/sudoers
    insertafter: 'Defaults umask=0077'
    line: 'Defaults !insults'
    validate: 'visudo -cf %s'
  tags:
    - sudo
 - name: "Configure sudoers"
-  blockinfile:
+  ansible.builtin.blockinfile:
    state: present
    dest: /etc/sudoers
    insertafter: EOF
--- a/roles/base/tasks/utils.yml
+++ b/roles/base/tasks/utils.yml
@ -1,6 +1,6 @@
 ---
 - name: "dump-server-state script is present"
-  copy:
+  ansible.builtin.copy:
    src: "dump-server-state.sh"
    dest: /usr/local/sbin/dump-server-state
    force: true
@ -13,7 +13,7 @@
    - utils
 - name: "update-evobackup-canary script is present"
-  copy:
+  ansible.builtin.copy:
    src: "update-evobackup-canary"
    dest: /usr/local/bin/update-evobackup-canary
    force: true
--- a/roles/bgp/tasks/main.yml
+++ b/roles/bgp/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 - name: "Deploy bgp check script"
-  template:
+  ansible.builtin.template:
    src: bgpd-check-peers.sh.j2
    dest: /usr/share/scripts/bgpd-check-peers.sh
  when: group_names | select('search','bgp') | list | count > 0
@ -8,7 +8,7 @@
    - bgp
 - name: "Cron job for bgp check script is installed"
-  cron:
+  ansible.builtin.cron:
    name: bgp check
    job: "/bin/sh /usr/share/scripts/bgpd-check-peers.sh"
  when: group_names | select('search','bgp') | list | count > 0
@ -16,7 +16,7 @@
    - bgp
 - name: "Create bgp log directory"
-  file:
+  ansible.builtin.file:
    path: /var/log/bgp
    state: directory
  when: group_names | select('search','bgp') | list | count > 0
@ -24,7 +24,7 @@
    - bgp
 - name: "Daily best routes cron job is installed"
-  cron:
+  ansible.builtin.cron:
    name: bgp best routes
    minute: 0
    hour: 4
@ -36,7 +36,7 @@
    - bgp
 - name: "Weekly best routes clean up cron job is installed"
-  cron:
+  ansible.builtin.cron:
    name: bgp best routes clean up
    minute: 0
    hour: 4
--- a/roles/collectd/handlers/main.yml
+++ b/roles/collectd/handlers/main.yml
@ -1,5 +1,5 @@
 ---
 - name: restart collectd
-  service:
+  ansible.builtin.service:
    name: collectd
    state: restarted
--- a/roles/collectd/tasks/main.yml
+++ b/roles/collectd/tasks/main.yml
@ -1,13 +1,13 @@
 # yamllint disable rule:line-length
 ---
 - name: "Install Collectd package"
-  openbsd_pkg:
+  community.general.openbsd_pkg:
    name: "collectd"
  tags:
    - collectd
 - name: "Deploy Collectd configuration"
-  template:
+  ansible.builtin.template:
    src: "collectd.conf.j2"
    dest: "/etc/collectd.conf"
  notify: restart collectd
@ -15,15 +15,26 @@
    - collectd
 - name: "Enabling Collectd"
-  service:
+  ansible.builtin.service:
    name: collectd
    enabled: true
  when: not ansible_check_mode
  tags:
    - collectd
 - name: "Fix rights for collectd directory"
  ansible.builtin.file:
    path: /usr/local/share/collectd
    state: directory
    owner: "root"
    group: "wheel"
    mode: "0755"
  when: collectd_plugin_exec_ifq_drops or collectd_plugin_exec_dns_stats or collectd_plugin_exec_dhcp_pool
  tags:
    - collectd
 - name: "Create scripts directory for exec plugins"
-  file:
+  ansible.builtin.file:
    path: /usr/local/share/collectd/scripts
    state: directory
    owner: "root"
@ -34,7 +45,7 @@
    - collectd
 - name: "Copy ifq_drops.sh"
-  copy:
+  ansible.builtin.copy:
    src: ifq_drops.sh
    dest: /usr/local/share/collectd/scripts/ifq_drops.sh
    owner: "root"
@ -46,7 +57,7 @@
    - collectd
 - name: "Remove ifq_drops.sh"
-  file:
+  ansible.builtin.file:
    path: /usr/local/share/collectd/scripts/ifq_drops.sh
    state: absent
  when: not collectd_plugin_exec_ifq_drops
@ -54,7 +65,7 @@
    - collectd
 - name: "Copy dns_stats.sh"
-  copy:
+  ansible.builtin.copy:
    src: dns_stats.sh
    dest: /usr/local/share/collectd/scripts/dns_stats.sh
    owner: "root"
@ -66,7 +77,7 @@
    - collectd
 - name: "Remove dns_stats.sh"
-  file:
+  ansible.builtin.file:
    path: /usr/local/share/collectd/scripts/dns_stats.sh
    state: absent
  when: not collectd_plugin_exec_dns_stats
@ -74,7 +85,7 @@
    - collectd
 - name: "Add doas configuration for dns_stats.sh execution"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/doas.conf
    line: 'permit nopass _collectd as root cmd /usr/sbin/unbound-control args stats'
  when: collectd_plugin_exec_dns_stats
@ -82,7 +93,7 @@
    - collectd
 - name: "Copy dhcp_pool.pl"
-  copy:
+  ansible.builtin.copy:
    src: dhcp_pool.pl
    dest: /usr/local/share/collectd/scripts/dhcp_pool.pl
    owner: "root"
@ -94,7 +105,7 @@
    - collectd
 - name: "Remove dhcp_pool.pl"
-  file:
+  ansible.builtin.file:
    path: /usr/local/share/collectd/scripts/dhcp_pool.pl
    state: absent
  when: not collectd_plugin_exec_dhcp_pool
--- a/roles/etc-git/tasks/commit.yml
+++ b/roles/etc-git/tasks/commit.yml
@ -2,10 +2,11 @@
 ---
 - name: "Execute ansible-commit"
-  command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
+  ansible.builtin.command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
  changed_when:
    - _ansible_commit.stdout
    - "'CHANGED:' in _ansible_commit.stdout"
  ignore_errors: true
  register: _ansible_commit
-  tags: always
+  tags:
    - always
--- a/roles/etc-git/tasks/main.yml
+++ b/roles/etc-git/tasks/main.yml
@ -1,7 +1,7 @@
 ---
 - name: "Git is installed"
-  openbsd_pkg:
+  community.general.openbsd_pkg:
    name: git
    state: present
  tags:
--- a/roles/etc-git/tasks/repositories.yml
+++ b/roles/etc-git/tasks/repositories.yml
@ -12,7 +12,7 @@
    - etc-git
 - name: "Verify /usr/share/scripts presence"
-  stat:
+  ansible.builtin.stat:
    path: /usr/share/scripts
  register: _usr_share_scripts
  tags:
@ -27,3 +27,10 @@
    - _usr_share_scripts.stat.isdir
  tags:
    - etc-git
 - include: repository.yml
  vars:
    repository_path: "/var/unbound/etc"
    gitignore_items: []
  tags:
    - etc-git
--- a/roles/etc-git/tasks/repository.yml
+++ b/roles/etc-git/tasks/repository.yml
@ -1,7 +1,7 @@
 ---
 - name: "{{ repository_path }} is versioned with git"
-  command: "git init ."
+  ansible.builtin.command: "git init ."
  args:
    chdir: "{{ repository_path }}"
    creates: "{{ repository_path }}/.git/"
@ -11,16 +11,17 @@
    - etc-git
 - name: "Git user.email is configured"
-  git_config:
+  community.general.git_config:
    name: user.email
    repo: "{{ repository_path }}"
    scope: local
    value: "root@{{ inventory_hostname }}.{{ general_technical_realm }}"
  when: not ansible_check_mode
  tags:
    - etc-git
 - name: "{{ repository_path }}/.git is restricted to root"
-  file:
+  ansible.builtin.file:
    path: "{{ repository_path }}/.git"
    owner: root
    mode: "0700"
@ -28,34 +29,28 @@
  tags:
    - etc-git
 - name: "{{ repository_path }}/.gitignore is present"
  copy:
    src: gitignore
    dest: "{{ repository_path }}/.gitignore"
    owner: root
    mode: "0600"
    force: false
  tags:
    - etc-git
 - name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: "{{ repository_path }}/.gitignore"
    line: "{{ item }}"
    owner: root
    mode: "0600"
    create: true
  loop: "{{ gitignore_items | default([]) }}"
  tags:
    - etc-git
 - name: "Set vim as default editor"
-  git_config:
+  community.general.git_config:
    name: core.editor
    scope: global
    value: vim
  when: not ansible_check_mode
  tags:
    - etc-git
 - name: "Does {{ repository_path }}/ have any commit?"
-  command: "git log"
+  ansible.builtin.command: "git log"
  args:
    chdir: "{{ repository_path }}"
    warn: false
@ -67,7 +62,7 @@
    - etc-git
 - name: "Initial commit is present?"
-  shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
+  ansible.builtin.shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
  args:
    chdir: "{{ repository_path }}"
    warn: false
--- a/roles/etc-git/tasks/utils.yml
+++ b/roles/etc-git/tasks/utils.yml
@ -2,7 +2,7 @@
 ---
 - name: "evocommit script is installed"
-  copy:
+  ansible.builtin.copy:
    src: evocommit
    dest: /usr/local/bin/evocommit
    mode: "0755"
@ -12,7 +12,7 @@
    - etc-git-utils
 - name: "ansible-commit script is installed"
-  copy:
+  ansible.builtin.copy:
    src: ansible-commit
    dest: /usr/local/bin/ansible-commit
    mode: "0755"
@ -22,7 +22,7 @@
    - etc-git-utils
 - name: "etc-git-optimize script is installed"
-  copy:
+  ansible.builtin.copy:
    src: etc-git-optimize
    dest: /usr/share/scripts/etc-git-optimize
    mode: "0755"
@ -32,7 +32,7 @@
    - etc-git-utils
 - name: "etc-git-status script is installed"
-  copy:
+  ansible.builtin.copy:
    src: etc-git-status
    dest: /usr/share/scripts/etc-git-status
    mode: "0755"
@ -42,7 +42,7 @@
    - etc-git-utils
 - name: "Legacy monthly cron job for /etc/.git optimization is absent"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/monthly.local
    line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
    state: absent
@ -50,7 +50,7 @@
    - etc-git
 - name: "Legacy hourly cron job for /etc/.git status is absent"
-  cron:
+  ansible.builtin.cron:
    name: git status
    minute: "42"
    job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
@ -59,7 +59,7 @@
    - etc-git
 - name: "Legacy daily cron jobs for /etc/.git status are absent"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    line: "{{ item }}"
    owner: root
@ -72,7 +72,7 @@
    - etc-git
 - name: "Cron job for monthly git optimization"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/monthly.local
    line: "/usr/share/scripts/etc-git-optimize"
    owner: root
@ -82,7 +82,7 @@
    - etc-git
 - name: "Cron job for monthly git optimization - next_part"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/monthly.local
    line: 'next_part "Monthly optimization:"'
    insertbefore: "/usr/share/scripts/etc-git-optimize"
@ -93,7 +93,7 @@
    - etc-git
 - name: "Cron job for hourly git status"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/hourly.local
    line: "who > /dev/null || /usr/share/scripts/etc-git-status"
    owner: root
@ -104,7 +104,7 @@
    - etc-git
 - name: "Cron job for hourly git status - next_part"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/hourly.local
    line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
    insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
@ -116,7 +116,7 @@
    - etc-git
 - name: "Cron job for daily git status"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    line: "/usr/share/scripts/etc-git-status"
    owner: root
@ -127,7 +127,7 @@
    - etc-git
 - name: "Cron job for daily git status - next_part"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    line: 'next_part "Daily warning for unclean Git repository:"'
    insertbefore: "/usr/share/scripts/etc-git-status"
--- a/roles/evobackup/files/000-update-evobackup-canary
+++ b/roles/evobackup/files/000-update-evobackup-canary
@ -1,3 +1,3 @@
 #!/bin/sh
-                      
+
 update-evobackup-canary --who @daily
--- a/roles/evobackup/tasks/main.yml
+++ b/roles/evobackup/tasks/main.yml
@ -1,8 +1,9 @@
 # yamllint disable rule:line-length
 ---
 # Info : old zzz_evobackup used sh, and since "sh" match "bash", we keep "sh" for regex commands
 - name: "Copy zzz_evobackup script"
-  copy:
+  ansible.builtin.copy:
    src: zzz_evobackup
    dest: /usr/share/scripts/zzz_evobackup
    owner: root
@ -13,7 +14,7 @@
    - evobackup
 - name: "Copy update-evobackup-canary script"
-  copy:
+  ansible.builtin.copy:
    src: 000-update-evobackup-canary
    dest: /usr/share/scripts/000-update-evobackup-canary
    owner: root
@ -24,7 +25,7 @@
    - evobackup
 - name: "Fetch daily.local content"
-  command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local'
+  ansible.builtin.command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local'
  check_mode: false
  register: daily_local_content
  failed_when: false
@ -33,7 +34,7 @@
    - evobackup
 - name: "Add evobackup cron (disabled)"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    line: '#bash /usr/share/scripts/zzz_evobackup'
    owner: root
@ -45,7 +46,7 @@
    - evobackup
 - name: "Add evobackup cron - next_part"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    line: 'next_part "EvoBackup output:"'
    insertbefore: 'sh /usr/share/scripts/zzz_evobackup'
@ -56,7 +57,7 @@
    - evobackup
 - name: "Add canary cron"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    line: 'sh /usr/share/scripts/000-update-evobackup-canary'
    insertafter: 'next_part "EvoBackup output:"'
@ -67,7 +68,7 @@
    - evobackup
 - name: "Delete legacy evobackup root crontab"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /var/cron/tabs/root
    regexp: '/usr/share/scripts/zzz_evobackup'
    validate: /usr/bin/crontab %s
--- a/roles/evocheck/tasks/exec.yml
+++ b/roles/evocheck/tasks/exec.yml
@ -1,11 +1,16 @@
 ---
 - name: "Run evocheck"
-  command: "{{ evocheck_bin_dir }}/evocheck.sh"
+  ansible.builtin.command:
    cmd: "{{ evocheck_bin_dir }}/evocheck.sh"
  register: evocheck_run
  changed_when: false
  failed_when: false
  check_mode: false
  tags:
    - evocheck-exec
- debug:
+- ansible.builtin.debug:
    var: evocheck_run.stdout_lines
-  when: evocheck_run.stdout | length != 0
+  when: evocheck_run.stdout | length > 0
  tags:
    - evocheck-exec
--- a/roles/evocheck/tasks/main.yml
+++ b/roles/evocheck/tasks/main.yml
@ -1,7 +1,7 @@
 # yamllint disable rule:line-length
 ---
 - name: "Scripts dir is present"
-  file:
+  ansible.builtin.file:
    path: "{{ evocheck_bin_dir }}"
    state: directory
    owner: root
@ -11,7 +11,7 @@
    - evocheck
 - name: "Copy evocheck.sh"
-  copy:
+  ansible.builtin.copy:
    src: evocheck.sh
    dest: "{{ evocheck_bin_dir }}/evocheck.sh"
    mode: "0700"
@ -22,7 +22,7 @@
    - evocheck-utils
 - name: "Copy evocheck.cf"
-  copy:
+  ansible.builtin.copy:
    src: evocheck.cf
    dest: /etc/evocheck.cf
    mode: "0644"
@ -31,7 +31,7 @@
    - evocheck
 - name: "Delete legacy evocheck cron"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    regexp: 'sh /usr/share/scripts/evocheck.sh --verbose --cron'
    state: absent
@ -39,7 +39,7 @@
    - evocheck
 - name: "Add evocheck cron"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    insertbefore: BOF
    line: 'sh /usr/share/scripts/evocheck.sh --verbose $cron_arg'
@ -50,7 +50,7 @@
    - evocheck
 - name: "Add evocheck cron - test for date"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    insertbefore: BOF
    line: 'if [ $(date +%d) -eq "01" ]; then cron_arg=""; else cron_arg="--cron"; fi'
@ -61,7 +61,7 @@
    - evocheck
 - name: "Add evocheck cron - next_part"
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    insertbefore: BOF
    line: 'next_part "Evocheck output:"'
--- a/roles/evomaintenance/tasks/main.yml
+++ b/roles/evomaintenance/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 - name: "Create scripts directory"
-  file:
+  ansible.builtin.file:
    path: /usr/share/scripts/
    state: directory
    owner: root
@ -10,7 +10,7 @@
    - evomaintenance
 - name: "Copy evomaintenance script and template"
-  copy:
+  ansible.builtin.copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: 'root'
@ -24,7 +24,7 @@
    - evomaintenance-utils
 - name: "Configure evomaintenance"
-  template:
+  ansible.builtin.template:
    src: evomaintenance.j2
    dest: /etc/evomaintenance.cf
    owner: root
--- a/roles/forwarding/tasks/main.yml
+++ b/roles/forwarding/tasks/main.yml
@ -1,18 +1,20 @@
 ---
 - name: "Enable IPv4 forwarding"
-  sysctl:
+  ansible.posix.sysctl:
    name: net.inet.ip.forwarding
    value: "1"
    state: present
    reload: true
  tags:
    - forwarding
    - forwarding-v4
 - name: "Enable IPv6 forwarding"
-  sysctl:
+  ansible.posix.sysctl:
    name: net.inet6.ip6.forwarding
    value: "1"
    state: present
    reload: true
  tags:
    - forwarding
    - forwarding-v6
--- a/roles/logsentry/tasks/main.yml
+++ b/roles/logsentry/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 - name: "Install logsentry"
-  openbsd_pkg:
+  community.general.openbsd_pkg:
    name:
      - logsentry--
    state: present
@ -8,7 +8,7 @@
    - logsentry
 - name: "Copy logsentry script to /usr/share/scripts"
-  copy:
+  ansible.builtin.copy:
    src: logsentry.sh
    dest: /usr/share/scripts/logsentry.sh
    owner: root
@ -18,7 +18,7 @@
    - logsentry
 - name: "Copy custom logsentry configuration files"
-  copy:
+  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/etc/logsentry/{{ item }}"
    owner: root
@ -32,12 +32,14 @@
    - logsentry-config
 - name: "Delete unused default script"
-  file:
+  ansible.builtin.file:
    state: absent
    path: /etc/logsentry/logsentry.sh
  tags:
    - logsentry
 - name: "Hourly cron job for logsentry.sh is installed"
-  cron:
+  ansible.builtin.cron:
    name: logsentry
    minute: "11"
    job: >
--- a/roles/nagios-nrpe/files/plugins_bsd/check_ipmi_sensor
+++ b/roles/nagios-nrpe/files/plugins_bsd/check_ipmi_sensor
@ -0,0 +1,1074 @@
 #!/usr/bin/perl
 # check_ipmi_sensor: Nagios/Icinga plugin to check IPMI sensors
 #
 # Copyright (C) 2009-2019 Thomas-Krenn.AG,
 # additional contributors see changelog.txt
 #
 # This program is free software; you can redistribute it and/or modify it under
 # the terms of the GNU General Public License as published by the Free Software
 # Foundation; either version 3 of the License, or (at your option) any later
 # version.
 #
 # This program is distributed in the hope that it will be useful, but WITHOUT
 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 # details.
 #
 # You should have received a copy of the GNU General Public License along with
 # this program; if not, see <http://www.gnu.org/licenses/>.
 #
 ################################################################################
 # The following guides provide helpful information if you want to extend this
 # script:
 #   http://tldp.org/LDP/abs/html/ (Advanced Bash-Scripting Guide)
 #   http://www.gnu.org/software/gawk/manual/ (Gawk: Effective AWK Programming)
 #   http://de.wikibooks.org/wiki/Awk (awk Wikibook, in German)
 #   http://nagios.sourceforge.net/docs/3_0/customobjectvars.html (hints on
 #                  custom object variables)
 #   http://nagiosplug.sourceforge.net/developer-guidelines.html (plug-in
 #                  development guidelines)
 #   http://nagios.sourceforge.net/docs/3_0/pluginapi.html (plugin API)
 ################################################################################
 use strict;
 use warnings;
 use Getopt::Long qw(:config no_ignore_case);
 use IPC::Run qw( run ); #interact with processes
 ################################################################################
 # set text variables
 our $check_ipmi_sensor_version = "3.13";
 sub get_version{
 	return <<EOT;
 check_ipmi_sensor version $check_ipmi_sensor_version
 Copyright (C) 2009-2019 Thomas-Krenn.AG
 Current updates at https://github.com/thomas-krenn/check_ipmi_sensor_v3.git
 EOT
 }
 sub get_usage{
 	return <<EOT;
 Usage:
 check_ipmi_sensor -H <hostname>
  [-f <FreeIPMI config file> | -U <username> -P <password> -L <privilege level>]
  [-O <FreeIPMI options>] [-b] [-T <sensor type(s)>] [-ST <SEL sensor type(s)>]
  [-x <sensor id>] [-xT <sensor type(s)>] [-xST <SEL sensor type(s)]
  [-i <sensor id>] [-o zenoss] [-D <protocol LAN version>] [-h] [-V]
  [-fc <num_fans>] [--fru] [--nosel] [--selonly] [--seltail <count>]
  [-sx|--selexclude <sel exclude file>] [-xx|--sexclude <exclude file>]
  [-us|--unify-sensors <unify file>] [--nosudo [--nothresholds]
  [--noentityabsent] [-s <ipmi-sensor output file>] [-h] [-V]
  [-v|-vv|-vvv]
 EOT
 }
 sub get_help{
 	return <<EOT;
  [-H <hostname>]
       hostname or IP of the IPMI interface.
       For \"-H localhost\" or if no host is specified (local computer) the
       Nagios/Icinga user must be allowed to run
       ipmimonitoring/ipmi-sensors/ipmi-sel/[ipmi-fru] with root privileges
       or via sudo (ipmimonitoring/ipmi-sensors/ipmi-sel/[ipmi-fru] must be
       able to access the IPMI devices via the IPMI system interface).
  [-f <FreeIPMI config file>]
       path to the FreeIPMI configuration file.
       Only neccessary for communication via network.
       Not neccessary for access via IPMI system interface (\"-H localhost\").
       It should contain IPMI username, IPMI password, and IPMI privilege-level,
       for example:
         username monitoring
         password yourpassword
         privilege-level user
       As alternative you can use -U/-P/-L instead (see below).
  [-U <username> -P <password> -L <privilege level>]
       IPMI username, IPMI password and IPMI privilege level, provided as
       parameters and not by a FreeIPMI configuration file. Useful for RHEL/
       Centos 5.* with FreeIPMI 0.5.1 (this elder FreeIPMI version does not
       support config files).
       Warning: with this method the password is visible in the process list.
                So whenever possible use a FreeIPMI confiugration file instead.
  [-O <FreeIPMI options>]
       additional options for FreeIPMI. Useful for RHEL/CentOS 5.* with
       FreeIPMI 0.5.1 (this elder FreeIPMI version does not support config
       files).
  [-b]
       backward compatibility mode for FreeIPMI 0.5.* (this omits the FreeIPMI
       caching options --quiet-cache and --sdr-cache-recreate)
  [-T <sensor type(s)>]
       limit sensors to query based on IPMI sensor type.
       Examples for IPMI sensor types are 'Fan', 'Temperature', 'Voltage', ...
       See the output of the FreeIPMI command 'ipmi-sensors -L' and chapter
       '42.2 Sensor Type Codes and Data' of the IPMI 2.0 spec for a full list
       of possible sensor types. You can also find the full list of possible
       sensor types at https://www.thomas-krenn.com/en/wiki/IPMI_Sensor_Types
       The available types depend on your particular server and the available
       sensors there.
       Multiple sensor types can be specified as a comma-separated list.
  [-ST <SEL sensor type(s)>]
       limit SEL entries to specific types, run 'ipmi-sel -L' for a list of
       types. All sensors are populated to the SEL and per default all sensor
       types are monitored. E.g. to limit the sensor SEL types to Memory and
       Processsor use -ST 'Memory,Processor'.
  [-x <sensor id>]
       exclude sensor matching <sensor id>. Useful for cases when unused
       sensors cannot be deleted from SDR and are reported in a non-OK state.
       Option can be specified multiple times. The <sensor id> is a numeric
       value (sensor names are not used as some servers have multiple sensors
       with the same name). Use -vvv option to query the <sensor ids>.
  [-xT <sensor type(s)>]
       exclude sensors based on IPMI sensor type.
       Multiple sensor types can be specified as a comma-separated list.
  [-xST <SEL sensor type(s)]
       exclude SEL entries of specific sensor types.
       Multiple sensor types can be specified as a comma-separated list.
  [-i <sensor id>]
       include only sensor matching <sensor id>. Useful for cases when only
       specific sensors should be monitored. Be aware that only for the
       specified sensor errors/warnings are generated. Use -vvv option to query
       the <sensor ids>.
  [-v|-vv|-vvv]
       be verbose
         (no -v) .. single line output
         -v   ..... single line output with additional details for warnings
         -vv  ..... multi line output, also with additional details for warnings
         -vvv ..... debugging output, followed by normal multi line output
  [-o]
       change output format. Useful for using the plugin with other monitoring
       software than Nagios or Icinga.
         -o zenoss .. create ZENOSS compatible formatted output (output with
                      underscores instead of whitespaces and no single quotes)
  [-D]
       change the protocol LAN version. Normally LAN_2_0 is used as protocol
       version if not overwritten with this option. Use 'default' here if you
       don't want to use LAN_2_0.
  [-fc <num fans>]
       number of installed fans. If the number of current installed
       fans reported by IPMI is not equal than <num fans> then a Warning state
       is returned. Please use this option carefully as number of fans and
       number of fan sensors can differ!
  [--fru]
       print the product serial number if it is available in the IPMI FRU data.
       For this purpose the tool 'ipmi-fru' is used. E.g.:
         IPMI Status: OK (9000096781)
  [--nosel]
       turn off system event log checking via ipmi-sel. If there are
       unintentional entries in SEL, use 'ipmi-sel --clear' or the -sx or -xST
       option.
  [--selonly]
       check only system event log checking via ipmi-sel. If there are
       unintentional entries in SEL, use 'ipmi-sel --clear' or the -sx or -xST
       option.
  [--seltail <count>]
       limit SEL output to specified count of last messages
  [-sx|--selexclude <sel exclude file>]
       use a sel exclude file to exclude entries from the system event log.
       Specify name and type pipe delimitered in this file to exclude an entry,
       for example: System Chassis Chassis Intru|Physical Security
       To get valid names and types use the -vvv option and take a look at:
       debug output for sel (-vvv is set). Don't use name and type from the
       web interface as sensor descriptions are not complete there.
       As with the '-xx' option if the first character of a line is '~' the
       name is treated as a regular expression.
  [-xx|--sexclude <exclude file>]
       use an exclude file to exclude sensors, each line specifies an exclude.
       Specify name and type pipe delimitered in this file to exclude a sensor,
       for example: System Chassis Chassis Intru|Physical Security
       If the first character of a line is '~' the name is treated as a regular
       expression. E.g. to exclude all sensor names from CPU0 to CPU9:
       ~CPU[0-9] Temp|Temperature
       To get valid names and types use the -vvv option.
  [-us|--unify-sensors <unify file>]
       use an unify file to unify sensor names. This is an easy way to rename
       sensors with given patterns in the file. Once might use this option
       to get the same sensor names accross different platforms, e.g. to only
       have 'Mainboard Temperature' as sensor name and not 'MB1 Temperature' or 'System Temp'.
       Rules in the file follow simple regex patterns e.g.:
       ^(MB1 Temperature|System Temp)\$/Mainboard Temperature
       Temp\$/TEMP
  [--nosudo]
       turn off sudo usage on localhost or if ipmi host is ommited.
  [--nothresholds]
       turn off performance data thresholds from output-sensor-thresholds.
  [--noentityabsent]
       skip sensor checks for sensors that have 'noentityabsent' as event state
  [-s <ipmi-sensor output file>]
       simulation mode - test the plugin with an ipmi-sensor output redirected
       to a file.
  [-h]
       show this help
  [-V]
       show version information
 Examples:
  \$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user
    IPMI Status: OK | 'System Temp'=30.00 'Peripheral Temp'=32.00
    'FAN 1'=2775.00 [...]
  \$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user -x 205
    IPMI Status: OK | 'System Temp'=30.00 'Peripheral Temp'=32.00
    'FAN 2'=2775.00 [...]
  \$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user -i 4,71
    IPMI Status: OK | 'System Temp'=30.00 'Peripheral Temp'=32.00
  \$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user -i 4 --fru
    IPMI Status: OK (0000012345) | 'System Temp'=30.00
 Further information about this plugin can be found at
 http://www.thomas-krenn.com/en/wiki/IPMI_Sensor_Monitoring_Plugin
 Use the github repo at https://github.com/thomas-krenn/check_ipmi_sensor_v3.git
 to submit patches, suggest improvements or if you have questions regarding
 use of this plugin.
 Attention: the mailing list is no longer in use but an archive can be found at
 http://lists.thomas-krenn.com/
 EOT
 }
 sub usage{
 	my ($arg) = @_; #the list of inputs
 	my ($exitcode);
 	if ( defined $arg ){
 		if ( $arg =~ m/^\d+$/ ){
 			$exitcode = $arg;
 		}
 		else{
 			print STDOUT $arg, "\n";
 			$exitcode = 1;
 		}
 	}
 	print STDOUT get_usage();
 	exit($exitcode) if defined $exitcode;
 }
 ################################################################################
 # set ipmimonitoring path
 our $MISSING_COMMAND_TEXT = '';
 our $IPMICOMMAND ="";
 if(-x "/usr/sbin/ipmimonitoring"){
 	$IPMICOMMAND = "/usr/sbin/ipmimonitoring";
 }
 elsif (-x "/usr/bin/ipmimonitoring"){
 	$IPMICOMMAND = "/usr/bin/ipmimonitoring";
 }
 elsif (-x "/usr/local/sbin/ipmimonitoring"){
 	$IPMICOMMAND = "/usr/local/sbin/ipmimonitoring";
 }
 elsif (-x "/usr/local/bin/ipmimonitoring"){
 	$IPMICOMMAND = "/usr/local/bin/ipmimonitoring";
 }
 else{
 	$MISSING_COMMAND_TEXT = " ipmimonitoring/ipmi-sensors command not found!\n";
 }
 # Identify the version of the ipmi-tool
 sub get_ipmi_version{
 	my @ipmi_version_output = '';
 	my $ipmi_version = '';
 	@ipmi_version_output = `$IPMICOMMAND -V`;
 	$ipmi_version = shift(@ipmi_version_output);
 	$ipmi_version =~ /(\d+)\.(\d+)\.(\d+)/;
 	@ipmi_version_output = ();
 	push @ipmi_version_output,$1,$2,$3;
 	return @ipmi_version_output;
 }
 sub simulate{
 	my $output = '';
 	my $simul_file = $_[0];
 	if( !defined $simul_file || (-x '\"'.$simul_file.'\"')){
 		print "DEBUG: Using simulation file: $simul_file\n";
 		print "Error: Simulation file with ipmi output not found.\n";
 		exit(3);
 	}
 	return ($output = `cat $simul_file`);
 }
 sub get_fru{
 	my @frucmd = @{(shift)};
 	my $verbosity = shift;
 	my $fru;
 	if(-e '/usr/sbin/ipmi-fru'){
 		$fru = '/usr/sbin/ipmi-fru';
 	}
 	else{
 		chomp($fru = `which ipmi-fru`);
 	}
 	#if sudo is used the command is the second element
 	if($frucmd[0] eq 'sudo'){
 		$frucmd[1] = $fru;
 	}
 	else{
 		$frucmd[0] = $fru;
 	}
 	#skip checksum validation
 	push @frucmd,'-s';
 	my $fruoutput;
 	my $returncode;
 	run \@frucmd, '>&', \$fruoutput;
 	#the upper eight bits contain the error condition (exit code)
 	#see http://perldoc.perl.org/perlvar.html#Error-Variables
 	$returncode = $? >> 8;
 	if ( $returncode != 0 ){
 		print "$fruoutput\n";
 		print "-> Execution of $fru failed with return code $returncode.\n";
 		print "-> $fru was executed with the following parameters:\n";
 		print "   ", join(' ', @frucmd), "\n";
 		exit(3);
 	}
 	if($verbosity == 3){
 		print "------------- debug output for fru (-vvv is set): ------------\n";
 		print "  $fru was executed with the following parameters:\n";
 		print "    ", join(' ', @frucmd), "\n";
 		print "  output of FreeIPMI:\n";
 		print "$fruoutput";
 	}
 	return split('\n', $fruoutput);
 }
 sub get_sel{
 	my @selcmd = @{(shift)};
 	my $verbosity = shift;
 	my @sel_sensor_types = @{(shift)};
 	my @exclude_sel_sensor_types = @{(shift)};
 	my $sel;
 	if(-e '/usr/sbin/ipmi-sel'){
 		$sel = '/usr/sbin/ipmi-sel';
 	}
 	else{
 		chomp($sel = `which ipmi-sel`);
 	}
 	#if sudo is used the command is the second element
 	if($selcmd[0] eq 'sudo'){
 		$selcmd[1] = $sel;
 	}
 	else{
 		$selcmd[0] = $sel;
 	}
 	push @selcmd, '--output-event-state', '--interpret-oem-data', '--entity-sensor-names';
 	push @selcmd, '--sensor-types=' . join(',', @sel_sensor_types);
 	push @selcmd, '--exclude-sensor-types=' . join(',', @exclude_sel_sensor_types);
 	my $seloutput;
 	my $returncode;
 	run \@selcmd, '>&', \$seloutput;
 	$returncode = $? >> 8;
 	if ( $returncode != 0 ){
 		print "$seloutput\n";
 		print "-> Execution of $sel failed with return code $returncode.\n";
 		print "-> $sel was executed with the following parameters:\n";
 		print "   ", join(' ', @selcmd), "\n";
 		exit(3);
 	}
 	if($verbosity == 3){
 		print "------------- debug output for sel (-vvv is set): ------------\n";
 		print "  $sel was executed with the following parameters:\n";
 		print "    ", join(' ', @selcmd), "\n";
 		print "  output of FreeIPMI:\n";
 		print "$seloutput";
 	}
 	return split('\n', $seloutput);
 }
 sub parse_sel{
 	my $selcmd = shift;
 	my $verbosity = shift;
 	my $sel_xfile = shift;
 	my $sel_sensor_types = shift;
 	my $exclude_sel_sensor_types = shift;
 	my @seloutput = get_sel($selcmd, $verbosity, $sel_sensor_types, $exclude_sel_sensor_types);
 	@seloutput = map { [ map { s/^\s*//; s/\s*$//; $_; } split(m/\|/, $_) ] } @seloutput;
 	my $header = shift(@seloutput);
 	my @sel_rows;
 	foreach my $row (@seloutput){
 		my %curr_row;
 		for(my $i = 0; $i < scalar(@{$header}); $i++){
 			my $key = lc $header->[$i];
 			$curr_row{$key} = $row->[$i];
 		}
 		if(!(exclude_with_file($sel_xfile, $curr_row{'name'}, $curr_row{'type'}))){
 			push @sel_rows, \%curr_row;
 		}
 	}
 	return \@sel_rows;
 }
 sub get_dcmi{
 	my @dcmicmd = @{(shift)};
 	my $verbosity = shift;
 	my $dcmi;
 	if(-e '/usr/sbin/ipmi-dcmi'){
 		$dcmi = '/usr/sbin/ipmi-dcmi';
 	}
 	else{
 		chomp($dcmi = `which ipmi-dcmi`);
 	}
 	#if sudo is used the command is the second element
 	if($dcmicmd[0] eq 'sudo'){
 		$dcmicmd[1] = $dcmi;
 	}
 	else{
 		$dcmicmd[0] = $dcmi;
 	}
 	push @dcmicmd, '--get-system-power-statistics';
 	my $dcmioutput;
 	my $returncode;
 	run \@dcmicmd, '>&', \$dcmioutput;
 	$returncode = $? >> 8;
 	if ( $returncode == 0 ){
 		return split('\n', $dcmioutput);
 	}
 }
 sub parse_dcmi{
 	my $dcmicmd = shift;
 	my $verbosity = shift;
 	my @dcmioutput = get_dcmi($dcmicmd, $verbosity);
 	if(@dcmioutput){
 		@dcmioutput = map { [ map { s/^\s*//; s/\s*$//; $_; } split(m/\:/, $_) ] } @dcmioutput;
 		my %current_power;
 		my $power_available = 0;
 		foreach my $power (@dcmioutput){
 			if(defined($power) && defined($power->[0]) && $power->[0] ne ''){
 				if($power->[0] eq 'Current Power'){
 					$power->[1] =~ m/^(\d+)/;
 					my $watts = $1;
 					$current_power{'Current Power'} = $watts;
 				}
 				if($power->[0] eq 'Power Measurement'){
 					if($power->[1] eq 'Active'){
 						$power_available = 1;
 					}
 				}
 			}
 		}
 		if($power_available == 1){
 			return \%current_power;
 		}
 	}
 }
 # Excludes a name and type pair if it is present in the given file, pipe
 # delimitered.
 # @return 1 if name should be skipped, 0 if not
 sub exclude_with_file{
 	my $file_name = shift;
 	my $name = shift;
 	my $type = shift;
 	my @xlist;
 	my $skip = 0;
 	if($file_name){
 		if(!(open (FH, "< $file_name"))){
 			print "-> Reading exclude file $file_name failed with: $!.\n";
 			exit(3);
 		};
 		@xlist = <FH>;
 	}
 	foreach my $exclude (@xlist){
 		my @curr_exclude = map { s/^\s*//; s/\s*$//; $_; } split(/\|/,$exclude);
 		if(@curr_exclude && $curr_exclude[0] ne '' && $curr_exclude[1] ne ''){
 			#if the first char of the name in the exclude file is a '~' treat it as regex
 			if(substr($curr_exclude[0], 0, 1 ) eq '~'){
 				my $regex_curr_exclude = substr $curr_exclude[0], 1;
 				if($name =~ m/$regex_curr_exclude/ && $curr_exclude[1] eq $type){
 					$skip = 1;
 				}
 			}
 			elsif($curr_exclude[0] eq $name && $curr_exclude[1] eq $type){
 				$skip = 1;
 			}
 		}
 	}
 	close FH;
 	return $skip;
 }
 # Reads regular expressions from a file and applies the rules to sensor names.
 # This unifies sensor names across different platforms.
 # @return The sensor name with specified unify rules applied
 sub unify_with_file{
 	my $file_name = shift;
 	my $name = shift;# given sensor name
 	my @ulist;# list of rules to apply
 	if($file_name){
 		if(!(open (FH, "< $file_name"))){
 			print "-> Reading unify file $file_name failed with: $!.\n";
 			exit(3);
 		};
 		@ulist = <FH>;
 	}
 	foreach my $unify_rule (@ulist){
 		#split at the only / that is not masked with a \,
 		#this is the separator in s/x/y/g to get x and y
 		my @curr_rule = map { s/^\s*//; s/\s*$//; $_; } split(/(?<!\\)\//,$unify_rule);
 		if(@curr_rule && $curr_rule[0] ne '' && $curr_rule[1] ne ''){
 			$name =~ s/$curr_rule[0]/$curr_rule[1]/g;
 		}
 	}
 	close FH;
 	return $name;
 }
 #define entire hashes
 our %hdrmap = (
 	'Record_ID'		=> 'id',	# FreeIPMI ...,0.7.x
 	'Record ID'		=> 'id',	# FreeIPMI 0.8.x,... with --legacy-output
 	'ID'			=> 'id',	# FreeIPMI 0.8.x
 	'Sensor Name'		=> 'name',
 	'Name'			=> 'name',	# FreeIPMI 0.8.x
 	'Sensor Group'		=> 'type',
 	'Type'			=> 'type',	# FreeIPMI 0.8.x
 	'Monitoring Status'	=> 'state',
 	'State'			=> 'state',	# FreeIPMI 0.8.x
 	'Sensor Units'		=> 'units',
 	'Units'			=> 'units',	# FreeIPMI 0.8.x
 	'Sensor Reading'	=> 'reading',
 	'Reading'		=> 'reading',	# FreeIPMI 0.8.x
 	'Event'			=> 'event',	# FreeIPMI 0.8.x
 	'Lower C'		=> 'lowerC',
 	'Lower NC'		=> 'lowerNC',
 	'Upper C'		=> 'upperC',
 	'Upper NC'		=> 'upperNC',
 	'Lower NR'		=> 'lowerNR',
 	'Upper NR'		=> 'upperNR',
 );
 our $verbosity = 0;
 MAIN: {
 	$| = 1; #force a flush after every write or print
 	my @ARGV_SAVE = @ARGV;#keep args for verbose output
 	my ($show_help, $show_version);
 	my ($ipmi_host, $ipmi_user, $ipmi_password, $ipmi_privilege_level, $ipmi_config_file, $ipmi_outformat);
 	my (@freeipmi_options, $freeipmi_compat);
 	my (@ipmi_sensor_types, @ipmi_exclude_sensor_types, @ipmi_xlist, @ipmi_ilist);
 	my (@ipmi_version);
 	my $ipmi_sensors = 0;#states to use ipmi-sensors instead of ipmimonitoring
 	my $fan_count;#number of fans that should be installed in unit
 	my $lanVersion;#if desired use a different protocol version
 	my $abort_text = '';
 	my $zenoss = 0;
 	my @sel_sensor_types;
 	my @exclude_sel_sensor_types;
 	my $sel_issues_present = 0;
 	my $simulate = '';
 	my ($use_fru, $no_sel, $sel_only, $sel_tail, $no_sudo, $use_thresholds, $no_thresholds, $sel_xfile, $s_xfile, $s_ufile, $no_entity_absent);
 	#read in command line arguments and init hash variables with the given values from argv
 	if ( !( GetOptions(
 		'H|host=s'			=> \$ipmi_host,
 		'f|config-file=s'	=> \$ipmi_config_file,
 		'U|user=s'			=> \$ipmi_user,
 		'P|password=s'  	=> \$ipmi_password,
 		'L|privilege-level=s'	=> \$ipmi_privilege_level,
 		'O|options=s'		=> \@freeipmi_options,
 		'b|compat'			=> \$freeipmi_compat,
 		'T|sensor-types=s'	=> \@ipmi_sensor_types,
 		'xT|exclude-sensor-types=s'	=> \@ipmi_exclude_sensor_types,
 		'ST|sel-sensor-types=s'	=> \@sel_sensor_types,
 		'xST|exclude-sel-sensor-types=s'	=> \@exclude_sel_sensor_types,
 		'fru'				=> \$use_fru,
 		'nosel'				=> \$no_sel,
 		'selonly'			=> \$sel_only,
 		'seltail=s'			=> \$sel_tail,
 		'nosudo'			=> \$no_sudo,
 		'nothresholds'			=> \$no_thresholds,
 		'noentityabsent'	=> \$no_entity_absent,
 		'v|verbosity'		=> \$verbosity,
 		'vv'				=> sub{$verbosity=2},
 		'vvv'				=> sub{$verbosity=3},
 		'x|exclude=s'		=> \@ipmi_xlist,
 		'sx|selexclude=s'	=> \$sel_xfile,
 		'xx|sexclude=s'		=> \$s_xfile,
 		'us|unify-sensors=s'=> \$s_ufile,
 		'i|include=s'		=> \@ipmi_ilist,
 		'o|outformat=s'		=> \$ipmi_outformat,
 		'fc|fancount=i'		=> \$fan_count,
 		'D=s'				=> \$lanVersion,
 		's=s'				=> \$simulate,
 		'h|help'			=>
 			sub{print STDOUT get_version();
 				print STDOUT "\n";
 				print STDOUT get_usage();
 				print STDOUT "\n";
 				print STDOUT get_help();
 				exit(0)
 			},
 		'V|version'			=>
 			sub{
 				print STDOUT get_version();
 				exit(0);
 			},
 		'usage|?'			=>
 			sub{print STDOUT get_usage();
 				exit(3);
 			}
 	) ) ){
 		usage(1);#call usage if GetOptions failed
 	}
 	usage(1) if @ARGV;#print usage if unknown arg list is left
 ################################################################################
 # check for ipmimonitoring or ipmi-sensors. Since version > 0.8 ipmi-sensors is used
 # if '--legacy-output' is given ipmi-sensors cannot be used
 	if( $MISSING_COMMAND_TEXT ne "" ){
 		print STDOUT "Error:$MISSING_COMMAND_TEXT";
 		exit(3);
 	}
 	else{
 		@ipmi_version = get_ipmi_version();
 		if( $ipmi_version[0] > 0 && (grep(/legacy\-output/,@freeipmi_options)) == 0){
 			$IPMICOMMAND =~ s/ipmimonitoring/ipmi-sensors/;
 			$ipmi_sensors = 1;
 		}
 		if( $ipmi_version[0] > 0 && (grep(/legacy\-output/,@freeipmi_options)) == 1){
 			print "Error: Cannot use ipmi-sensors with option \'--legacy-output\'. Remove it to work correctly.\n";
 			exit(3);
 		}
 		# check if output-sensor-thresholds can be used, this is supported
 		# since 1.2.1. Version 1.2.0 was not released, so skip the third minor
 		# version number
 		if($ipmi_version[0] > 1 || ($ipmi_version[0] == 1 && $ipmi_version[1] >= 2)){
 			$use_thresholds = 1;
 		}
 		else{
 			$use_thresholds = 0;
 		}
 	}
 ###############################################################################
 # verify if all mandatory parameters are set and initialize various variables
 	#\s defines any whitespace characters
 	#first join the list, then split it at whitespace ' '
 	#also cf. http://perldoc.perl.org/Getopt/Long.html#Options-with-multiple-values
 	@freeipmi_options = split(/\s+/, join(' ', @freeipmi_options)); # a bit hack, shell word splitting should be implemented...
 	@ipmi_sensor_types = split(/,/, join(',', @ipmi_sensor_types));
 	@ipmi_exclude_sensor_types = split(/,/, join(',', @ipmi_exclude_sensor_types));
 	@sel_sensor_types = split(/,/, join(',', @sel_sensor_types));
 	@exclude_sel_sensor_types = split(/,/, join(',', @exclude_sel_sensor_types));
 	@ipmi_xlist = split(/,/, join(',', @ipmi_xlist));
 	@ipmi_ilist = split(/,/, join(',', @ipmi_ilist));
 	#check for zenoss output
 	if(defined $ipmi_outformat && $ipmi_outformat eq "zenoss"){
 		$zenoss = 1;
 	}
 	# Per default monitor all sensor types, use -ST to specify your sensor types
 	if(!@sel_sensor_types){
 		@sel_sensor_types = ('all');
 	}
    # If -xST has not been set, set this array to empty.
 	if(!@exclude_sel_sensor_types){
 		@exclude_sel_sensor_types = ('');
 	}
 	# Define basic ipmi command
 	my @basecmd = $IPMICOMMAND;
 	# If host is omitted localhost is assumed, if not turned off sudo is used
 	if(!(defined $ipmi_host) || ($ipmi_host eq 'localhost')){
 		if(!defined($no_sudo)){
 			# Only add sudo if not already root
 			@basecmd = ($> != 0 ? 'sudo' : (), $IPMICOMMAND);
 		}
 	}
 	# If we are not local, we need authentication credentials
 	else{
 		# Add the ipmi desired host
 		push @basecmd, '-h', $ipmi_host;
 		if(defined $ipmi_config_file){
 			push @basecmd, '--config-file', $ipmi_config_file;
 		}
 		elsif(defined $ipmi_user && defined $ipmi_password && defined $ipmi_privilege_level ){
 			push @basecmd, '-u', $ipmi_user, '-p', $ipmi_password, '-l', $ipmi_privilege_level;
 		}
 		else{
 			$abort_text = $abort_text . " -f <FreeIPMI config file> or -U <username> -P <password> -L <privilege level>";
 		}
 		if( $abort_text ne ""){
 			print STDOUT "Error: " . $abort_text . " missing.";
 			print STDOUT get_usage();
 			exit(3);
 		}
 	}
 	# copy command for fru usage
 	my @frucmd;
 	if($use_fru){
 		@frucmd = @basecmd
 	}
 	my @selcmd = @basecmd;
 	my @dcmicmd = @basecmd;
 	if(@ipmi_sensor_types){
 		# , is the seperator in the new string
    	# -g option is older name for ipmi-sensors -t or --sensor-types and
    	# compatible with both older and newer version of FreeIPMI
 		push @basecmd, '-g', join(',', @ipmi_sensor_types);
 	}
 	# add sensor types to exclude
 	if(@ipmi_exclude_sensor_types){
 		push @basecmd, '--exclude-sensor-types', join(',', @ipmi_exclude_sensor_types);
 	}
 	if(@freeipmi_options){
 		push @basecmd, @freeipmi_options;
 	}
 	#keep original basecmd for later usage
 	my @getstatus = @basecmd;
 	#if -b is not defined, caching options are used
 	if( !(defined $freeipmi_compat) ){
 		push @getstatus, '--quiet-cache', '--sdr-cache-recreate';
 	}
 	#since version 0.8 it is possible to interpret OEM data
 	if( ($ipmi_version[0] == 0 && $ipmi_version[1] > 7) ||
 			$ipmi_version[0] > 0){
 				push @getstatus, '--interpret-oem-data';
 	}
 	#since version 0.8 it is necessary to add the legacy option
 	if( ($ipmi_version[0] == 0 && $ipmi_version[1] > 7) && (grep(/legacy\-output/,@freeipmi_options) == 0)){
 		push @getstatus, '--legacy-output';
 	}
 	#if ipmi-sensors is used show the state of sensors and ignore N/A
 	if($ipmi_sensors){
 		push @getstatus, '--output-sensor-state', '--ignore-not-available-sensors';
 	}
 	#if not stated otherwise we use protocol lan version 2 per default
 	if(!defined($lanVersion)){
 		$lanVersion = 'LAN_2_0';
 	}
 	if($lanVersion ne 'default' && defined $ipmi_host && $ipmi_host ne 'localhost'){
 		push @getstatus, "--driver-type=$lanVersion";
 		if(!$no_sel){
 			push @selcmd, "--driver-type=$lanVersion";
 		}
 		if($use_fru){
 			push @frucmd, "--driver-type=$lanVersion";
 		}
 	}
 	if($use_thresholds && !$no_thresholds){
 		push @getstatus, '--output-sensor-thresholds';
 	}
 	if(defined($sel_tail)){
 		push @selcmd, "--tail=$sel_tail";
 	}
 ################################################################################
 	#execute status command and redirect stdout and stderr to ipmioutput
 	my $ipmioutput;
 	my $returncode;
 	if ($sel_only){
 		$returncode = 0;
 	}
 	elsif(!$simulate){
 		run \@getstatus, '>&', \$ipmioutput;
 		#the upper eight bits contain the error condition (exit code)
 		#see http://perldoc.perl.org/perlvar.html#Error-Variables
 		$returncode = $? >> 8;
 	}
 	else{
 		$ipmioutput = simulate($simulate);
 		print "DEBUG: Using simulation mode\n";
 		$returncode = 0;
 	}
 	my @fruoutput;
 	if($use_fru){
 		@fruoutput = get_fru(\@frucmd, $verbosity);
 	}
 	my $seloutput;
 	if(!$no_sel){
 		$seloutput = parse_sel(\@selcmd, $verbosity, $sel_xfile, \@sel_sensor_types, \@exclude_sel_sensor_types);
 	}
 	my $dcmioutput;
 	$dcmioutput = parse_dcmi(\@dcmicmd, $verbosity);
 ################################################################################
 # print debug output when verbosity is set to 3 (-vvv)
 	if ( $verbosity == 3 && !$sel_only ){
 		my $ipmicommandversion;
 		run [$IPMICOMMAND, '-V'], '2>&1', '|', ['head', '-n', 1], '&>', \$ipmicommandversion;
 		#remove trailing newline with chomp
 		chomp $ipmicommandversion;
 		print "------------- debug output for sensors (-vvv is set): ------------\n";
 		print "  script was executed with the following parameters:\n";
 		print "    $0 ", join(' ', @ARGV_SAVE), "\n";
 		print "  check_ipmi_sensor version:\n";
 		print "    $check_ipmi_sensor_version\n";
 		print "  FreeIPMI version:\n";
 		print "    $ipmicommandversion\n";
 		print "  FreeIPMI was executed with the following parameters:\n";
 		print "    ", join(' ', @getstatus), "\n";
 		print "  FreeIPMI return code: $returncode\n";
 		print "  output of FreeIPMI:\n";
 		print "$ipmioutput\n";
 		print "--------------------- end of debug output ---------------------\n";
 	}
 ################################################################################
 # generate main output
 	if ( $returncode != 0 ){
 		print "$ipmioutput\n";
 		print "-> Execution of $IPMICOMMAND failed with return code $returncode.\n";
 		print "-> $IPMICOMMAND was executed with the following parameters:\n";
 		print "   ", join(' ', @getstatus), "\n";
 		exit(3);
 	}
 	else{
 		my @outputRows;
 		if(defined($ipmioutput)){
 			@outputRows = split('\n', $ipmioutput);
 		}
 		if(!$sel_only && (!defined($ipmioutput) || scalar(@outputRows) == 1)){
 			print "-> Your server seems to be powered off.";
 			print " (Execution of FreeIPMI returned an empty output or only 1 header row!)\n";
 			print "-> $IPMICOMMAND was executed with the following parameters:\n";
 			print "   ", join(' ', @getstatus), "\n";
 			exit(3);
 		}
 		#print desired filter types
 		if ( @ipmi_sensor_types ){
 			print "Sensor Type(s) ", join(', ', @ipmi_sensor_types), " Status: ";
 		}
 		elsif ($sel_only){
 			print "SEL Status: ";
 		}
 		else{
 			print "IPMI Status: ";
 		}
 		#start with main output
 		my $exit = 0;
 		my $w_sensors = '';#sensors with warnings
 		my $sel_w_sensors = '';#verbose output for sel entries with warnings
 		my $perf = '';#performance sensor
 		my $curr_fans = 0;
 		my @ipmioutput2;#filtered original ipmi output
 		#skip ipmi output, if only SEL queried
 		if (!$sel_only){
 			#split at newlines, fetch array with lines of output
 			my @ipmioutput = split('\n', $ipmioutput);
 			#remove sudo errors and warnings like they appear on dns resolving issues
 			@ipmioutput = map { /^sudo:/ ? () : $_ } @ipmioutput;
 			#remove leading and trailing whitespace characters, split at the pipe delimiter
 			@ipmioutput = map { [ map { s/^\s*//; s/\s*$//; $_; } split(m/\|/, $_) ] } @ipmioutput;
 			#shift out the header as it is the first line
 			my $header = shift @ipmioutput;
 			if(!defined($header)){
 				print "$ipmioutput\n";
 				print " FreeIPMI returned an empty header map (first line)";
 				if(@ipmi_sensor_types){
 					print " FreeIPMI could not find any sensors for the given sensor type (option '-T').\n";
 				}
 				exit(3);
 			}
 			my %header;
 			for(my $i = 0; $i < @$header; $i++)
 			{
 				#assigning %header with (key from hdrmap) => $i
 				#checking at which position in the header is which key
 				$header{$hdrmap{$header->[$i]}} = $i;
 			}
 			foreach my $row ( @ipmioutput ){
 				my %row;
 				#fetch keys from header and assign existent values to row
 				#this maps the values from row(ipmioutput) to the header values
 				while ( my ($key, $index) = each %header ){
 					#check if the option to unify sensor names is active
 					if($key eq 'name' && $s_ufile && $s_ufile ne ''){
 						$row{$key} = unify_with_file($s_ufile, $row->[$index]);
 					}
 					else{
 						$row{$key} = $row->[$index];
 					}
 				}
 				if(!(exclude_with_file($s_xfile, $row{'name'}, $row{'type'}))){
 					push @ipmioutput2, \%row;
 				}
 			}
 			#create hash with sensor name an 1
 			my %ipmi_xlist = map { ($_, 1) } @ipmi_xlist;
 			#filter out the desired sensor values
 			@ipmioutput2 = grep(!exists $ipmi_xlist{$_->{'id'}}, @ipmioutput2);
 			#check for an include list
 			if(@ipmi_ilist){
 				my %ipmi_ilist = map { ($_, 1) } @ipmi_ilist;
 				#only include sensors from include list
 				@ipmioutput2 = grep(exists $ipmi_ilist{$_->{'id'}}, @ipmioutput2);
 			}
 			foreach my $row ( @ipmioutput2 ){
 				if( $zenoss ){
 					$row->{'name'} =~ s/ /_/g;
 				}
 				my $check_sensor_state = 1;
 				if($no_entity_absent){
 					if(exists $row->{'event'} && ($row->{'event'} =~ /\'.*((Device|Entity) (Absent|Removed)).*\'/)){
 						$check_sensor_state = 0;
 					}
 					if(exists $row->{'reading'} && ($row->{'reading'} =~ /\'.*((Device|Entity) (Absent|Removed)).*\'/)){
 						$check_sensor_state = 0;
 					}
 				}
 				#check for warning sensors
 				if($check_sensor_state && ($row->{'state'} ne 'Nominal' && $row->{'state'} ne 'N/A')){
 					$exit = 1 if $exit < 1;
 					$exit = 2 if $exit < 2 && $row->{'state'} ne 'Warning';
 					#don't insert a , the first time
 					$w_sensors .= ", " unless $w_sensors eq '';
 					$w_sensors .= "$row->{'name'} = $row->{'state'}";
 					if( $verbosity ){
 						if( $row->{'reading'} ne 'N/A'){
 							$w_sensors .= " ($row->{'reading'})" ;
 						}
 						else{
 							$w_sensors .= " ($row->{'event'})";
 						}
 					}
 				}
 				if($check_sensor_state && ($row->{'units'} ne 'N/A')){
 					my $val = $row->{'reading'};
 					my $perf_data;
 					my $perf_thresholds;
 					if($zenoss){
 						$perf_data = $row->{'name'}."=".$val;
 					}
 					else{
 						$perf_data = "'".$row->{'name'}."'=".$val;
 					}
 					if($use_thresholds && !$no_thresholds){
 						if(($row->{'lowerNC'} ne 'N/A') && ($row->{'upperNC'} ne 'N/A')){
 							$perf_thresholds = $row->{'lowerNC'}.":".$row->{'upperNC'}.";";
 						}
 						elsif(($row->{'lowerNC'} ne 'N/A') && ($row->{'upperNC'} eq 'N/A')){
 							$perf_thresholds = $row->{'lowerNC'}.":;";
 						}
 						elsif(($row->{'lowerNC'} eq 'N/A') && ($row->{'upperNC'} ne 'N/A')){
 							$perf_thresholds = "~:".$row->{'upperNC'}.";";
 						}
 						elsif(($row->{'lowerNC'} eq 'N/A') && ($row->{'upperNC'} eq 'N/A')){
 							$perf_thresholds = ";";
 						}
 						if(($row->{'lowerC'} ne 'N/A') && ($row->{'upperC'} ne 'N/A')){
 							$perf_thresholds .= $row->{'lowerC'}.":".$row->{'upperC'};
 						}
 						elsif(($row->{'lowerC'} ne 'N/A') && ($row->{'upperC'} eq 'N/A')){
 							$perf_thresholds .= $row->{'lowerC'}.":";
 						}
 						elsif(($row->{'lowerC'} eq 'N/A') && ($row->{'upperC'} ne 'N/A')){
 							$perf_thresholds .= "~:".$row->{'upperC'};
 						}
 						# Add thresholds to performance data
 						if(($row->{'lowerNC'} ne 'N/A') || ($row->{'upperNC'} ne 'N/A') ||
 						($row->{'lowerC'} ne 'N/A') || ($row->{'upperC'} ne 'N/A')){
 							$perf_data .= ";".$perf_thresholds;
 						}
 					}
 					$perf .= $perf_data." ";
 				}
 				if( $row->{'type'} eq 'Fan' && $row->{'reading'} ne 'N/A' ){
 					$curr_fans++;
 				}
 			}
 		}
 		foreach my $row (@{$seloutput}){
 			if( $zenoss ){
 				$row->{'name'} =~ s/ /_/g;
 			}
 			if ($row->{'state'} ne 'Nominal'){
 				$sel_issues_present += 1;
 				$exit = 1 if $exit < 1;
 				$exit = 2 if $exit < 2 && $row->{'state'} ne 'Warning';
 				if( $verbosity ){
 					$sel_w_sensors .= ", " unless $sel_w_sensors eq '';
 					$sel_w_sensors .= "($row->{'name'} = $row->{'state'},";
 					$sel_w_sensors .= " $row->{'type'}," ;
 					$sel_w_sensors .= " $row->{'event'})" ;
 				}
 			}
 		}
 		if ( $sel_issues_present ){
 			$w_sensors .= ", " unless $w_sensors eq '';
 			if ( $sel_issues_present == 1 ){
 				$w_sensors .= "1 system event log (SEL) entry present";
 			}else{
 				$w_sensors .= $sel_issues_present." system event log (SEL) entries present";
 			}
 			if( $verbosity ){
 				$w_sensors .= " - details: ";
 				$w_sensors .= $sel_w_sensors;
 				$w_sensors .= " - fix the reported issues and clear your SEL";
 				$w_sensors .= " or exclude specific SEL entries using the -sx or -xST option";
 			}
 		}
 		#now check if num fans equals desired unit fans
 		if( $fan_count ){
 			if( $curr_fans < $fan_count ){
 				$exit = 1 if $exit < 1;
 				$w_sensors .= ", " unless $w_sensors eq '';
 				$w_sensors .= "Fan = Warning";
 				if( $verbosity ){
 					$w_sensors .= " ($curr_fans)" ;
 				}
 			}
 		}
 		#check for the FRU serial number
 		my @server_serial;
 		my $serial_number;
 		if( $use_fru ){
 			@server_serial = grep(/Product Serial Number/,@fruoutput);
 			if(@server_serial){
 				$server_serial[0] =~ m/(\d+)/;
 				$serial_number = $1;
 			}
 		}
 		if(defined($dcmioutput) && $dcmioutput ne ''){
 			my $power_perf = '';
 			if(exists $dcmioutput->{'Current Power'}){
 				my $power_key = 'Current Power';
 				if($s_ufile && $s_ufile ne ''){
 					$power_key = unify_with_file($s_ufile, $power_key);
 				}
 				if( $zenoss ){
 					$power_key =~ s/ /_/g;
 				}
 				$power_perf = "\'$power_key\'=" . $dcmioutput->{'Current Power'};
 			}
 			$perf = $power_perf . ' ' . $perf;
 		}
 		$perf = substr($perf, 0, -1);#cut off the last chars
 		if ( $exit == 0 ){
 			print "OK";
 		}
 		elsif ( $exit == 1 ){
 			print "Warning [$w_sensors]";
 		}
 		else{
 			print "Critical [$w_sensors]";
 		}
 		if( $use_fru && defined($serial_number)){
 			print " ($serial_number)";
 		}
 		print " | ", $perf if $perf ne '';
 		print "\n";
 		if ( $verbosity > 1 ){
 			foreach my $row (@ipmioutput2){
 				if( $row->{'state'} eq 'N/A'){
 					next;
 				}
 				elsif( $row->{'reading'} ne 'N/A'){
 					print "$row->{'name'} = $row->{'reading'} ";
 				}
 				elsif( $row->{'event'} ne 'N/A'){
 					print "$row->{'name'} = $row->{'event'} ";
 				}
 				else{
 					next;
 				}
 				print "(Status: $row->{'state'})\n";
 			}
 		}
 		exit $exit;
 	}
 };
--- a/roles/nagios-nrpe/handlers/main.yml
+++ b/roles/nagios-nrpe/handlers/main.yml
@ -1,5 +1,6 @@
 ---
 - name: restart nrpe
-  service:
+  ansible.builtin.service:
    name: nrpe
    state: restarted
  when: nrpe_exists.stat.exists
--- a/roles/nagios-nrpe/tasks/main.yml
+++ b/roles/nagios-nrpe/tasks/main.yml
@ -1,7 +1,7 @@
 # yamllint disable rule:line-length
 ---
 - name: "Install nrpe"
-  openbsd_pkg:
+  community.general.openbsd_pkg:
    name:
      - nrpe--
    state: present
@ -9,7 +9,7 @@
    - nagios-nrpe
 - name: "Install monitoring packages"
-  openbsd_pkg:
+  community.general.openbsd_pkg:
    name:
      - monitoring-plugins
      - check_bioctl
@ -18,7 +18,7 @@
    - nagios-nrpe
 - name: "Create nrpe.d dir"
-  file:
+  ansible.builtin.file:
    path: /etc/nrpe.d
    state: directory
    owner: root
@ -28,14 +28,20 @@
    - nagios-nrpe
 - name: "Include nrpe.d dir in nrpe.cfg"
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/nrpe.cfg
    line: 'include_dir=/etc/nrpe.d'
    create: true
  tags:
    - nagios-nrpe
 - name: "Check if nrpe service exists, for usage in check_mode"
  stat: 
    path: /etc/rc.d/nrpe
  register: nrpe_exists
 - name: "Custom configuration is present"
-  blockinfile:
+  ansible.builtin.blockinfile:
    block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
    path: /etc/nrpe.d/evolix.cfg
    marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD"
@ -46,46 +52,8 @@
  tags:
    - nagios-nrpe
 - name: "Fetch nrpe config content"
  command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg'
  check_mode: false
  register: nrpe_config_content
  failed_when: false
  changed_when: false
  tags:
    - nagios-nrpe
 - name: "Allow NRPE hosts - if no allowed_hosts configured"
  lineinfile:
    dest: /etc/nrpe.d/evolix.cfg
    insertbefore: BOF
    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}'
  when: nrpe_config_content.rc != 0
  tags:
    - nagios-nrpe
 - name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP"
  lineinfile:
    dest: /etc/nrpe.d/evolix.cfg
    backrefs: true
    insertbefore: BOF
    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*"
    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1'
  when: nrpe_config_content.rc == 0
  tags:
    - nagios-nrpe
 - name: "Allow NRPE hosts - add comment"
  lineinfile:
    dest: /etc/nrpe.d/evolix.cfg
    insertbefore: BOF
    line: "# Allowed IPs"
  tags:
    - nagios-nrpe
 - name: "Create nrpe plugins dir"
-  file:
+  ansible.builtin.file:
    path: /usr/local/libexec/nagios/plugins/
    state: directory
    owner: root
@ -95,7 +63,7 @@
    - nagios-nrpe
 - name: "Nagios plugins are installed"
-  copy:
+  ansible.builtin.copy:
    src: plugins_bsd/{{ item.name }}
    dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
    owner: root
@ -116,13 +84,14 @@
    - {name: 'check_mailq.pl', force: true}
    - {name: 'check_dhcp_pool', force: false}
    - {name: 'check_dhcpd.sh', force: false}
    - {name: 'check_ipmi_sensor', force: true}
  notify: restart nrpe
  tags:
    - nagios-nrpe
    - nagios-nrpe-utils
 - name: "Nagios plugins are installed - template"
-  template:
+  ansible.builtin.template:
    src: plugins_bsd/{{ item.name }}.j2
    dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
    owner: root
@ -137,9 +106,10 @@
    - nagios-nrpe-utils
 - name: "Starting and enabling nrpe"
-  service:
+  ansible.builtin.service:
    name: nrpe
    enabled: true
    state: started
  when: nrpe_exists.stat.exists
  tags:
    - nagios-nrpe
--- a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
+++ b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
@ -1,3 +1,6 @@
 # Allowed IPs
 allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
 {% if ansible_distribution_version is version_compare("7.2",'>=') %}
 # Allow older cipher suites for older Icinga version
 ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
@ -45,3 +48,4 @@ command[check_connections_state]=doas /usr/local/libexec/nagios/plugins/check_co
 command[check_packetfilter]=doas /usr/local/libexec/nagios/plugins/check_packetfilter.sh
 command[check_dhcpd]=/usr/local/libexec/nagios/plugins/check_dhcpd.sh
 command[check_dhcp_pool]=/usr/local/libexec/nagios/plugins/check_dhcp_pool
 command[check_ipmi_sensors]=doas /usr/local/libexec/nagios/plugins/check_ipmi_sensor
--- a/roles/ospf/tasks/main.yml
+++ b/roles/ospf/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 - name: "Deploy ospf check scripts"
-  template:
+  ansible.builtin.template:
    src: "{{ item }}.j2"
    dest: /usr/share/scripts/{{ item }}
  with_items:
@ -11,7 +11,7 @@
    - ospf
 - name: "Cron job for ospf check scripts is installed"
-  cron:
+  ansible.builtin.cron:
    name: "{{ item }} check"
    job: "/bin/sh /usr/share/scripts/{{ item }}-check-peers.sh"
  with_items:
--- a/roles/pf/tasks/main.yml
+++ b/roles/pf/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 - name: "Setup pf.conf"
-  template:
+  ansible.builtin.template:
    src: pf.conf.j2
    dest: /etc/pf.conf
    mode: "0600"
--- a/roles/post-install/tasks/ldif.yml
+++ b/roles/post-install/tasks/ldif.yml
@ -1,6 +1,6 @@
 ---
 - name: "Copy generateldif.sh"
-  template:
+  ansible.builtin.template:
    src: generateldif.sh.j2
    dest: '{{ general_scripts_dir }}/generateldif.sh'
    owner: root
@ -11,7 +11,7 @@
    - generateldif
 - name: "Run generateldif"
-  command: '{{ general_scripts_dir }}/generateldif.sh'
+  ansible.builtin.command: '{{ general_scripts_dir }}/generateldif.sh'
  register: generateldif_run
  changed_when: false
  failed_when: false
@ -21,7 +21,7 @@
    - generateldif
    - generateldif-exec
- debug:
+- ansible.builtin.debug:
    var: generateldif_run.stdout_lines
    verbosity: 1
  tags:
--- a/roles/post-install/tasks/motd.yml
+++ b/roles/post-install/tasks/motd.yml
@ -1,6 +1,6 @@
 ---
 - name: "Deploy dynamic motd script for CARP master or backup"
-  copy:
+  ansible.builtin.copy:
    src: motd-carp-state.sh
    dest: /usr/share/scripts/motd-carp-state.sh
    force: true
@ -13,7 +13,7 @@
    - motd-utils
 - name: "Fetch root crontab content"
-  command: >
+  ansible.builtin.command: >
    grep "/bin/sh /usr/share/scripts/motd-carp-state.sh" /var/cron/tabs/root
  check_mode: false
  register: root_crontab_content
@ -24,10 +24,10 @@
    - motd
 - name: "Cron job for dynamic motd script is installed"
-  cron:
+  ansible.builtin.cron:
    name: dynamic motd for CARP
    job: "/bin/sh /usr/share/scripts/motd-carp-state.sh"
-    minute: "0"
+    minute: "*/10"
    disabled: true
  when:
    - not (root_crontab_content.stdout
--- a/roles/post-install/tasks/update.yml
+++ b/roles/post-install/tasks/update.yml
@ -1,6 +1,6 @@
 ---
 - name: "Check and install updates (erratas) if available"
-  command: /usr/sbin/syspatch
+  ansible.builtin.command: /usr/sbin/syspatch
  ignore_errors: true
  when: ansible_distribution_version is version_compare("6.1",'>=')
  tags:
--- a/update-utils.yml
+++ b/update-utils.yml
@ -14,7 +14,7 @@
    - vars/evolix-main.yml
  pre_tasks:
-    - include_role:
+    - ansible.builtin.include_role:
        name: etc-git
        tasks_from: commit.yml
      vars:
@ -31,7 +31,7 @@
    - post-install
  post_tasks:
-    - include_role:
+    - ansible.builtin.include_role:
        name: etc-git
        tasks_from: commit.yml
      vars:
@ -39,6 +39,6 @@
      when: not ansible_check_mode
      tags: always
-    - include_role:
+    - ansible.builtin.include_role:
        name: evocheck
        tasks_from: exec.yml
Author	SHA1	Message	Date
Jérémy Dubois	a61f2423bc	Remove multiple spaces	2023-12-15 16:23:31 +01:00
Jérémy Dubois	7dd930afcb	nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP	2023-12-15 15:46:15 +01:00
Jérémy Dubois	8e18b6972a	post-install: execute motd-carp-state.sh every 10 minuts	2023-12-11 17:44:41 +01:00
Jérémy Dubois	63212accdd	forwarding: added tags to distinguish IPv4 from IPv6	2023-11-13 17:45:33 +01:00
Jérémy Dubois	aee18bfde9	base: configure "/var/log" for servers that have a mount on it	2023-11-13 16:01:47 +01:00
Jérémy Dubois	1f0011ad2a	accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode	2023-11-09 17:08:13 +01:00
Jérémy Dubois	6822eaa4f0	base: added handlers for entries in fstab	2023-11-09 17:06:00 +01:00
Jérémy Dubois	aed20187de	use Fully Qualified Collection Name everywhere	2023-10-23 09:33:54 +02:00
Jérémy Dubois	28021670f0	yamllint, ansible-lint, and tags everywhere	2023-10-23 09:33:33 +02:00
Jérémy Dubois	a217bb2e56	base: deactivate insults in sudo	2023-10-13 11:52:41 +02:00
Jérémy Dubois	832e93da0d	base: ignore errors on packages installation because it fails for some packages when run in check mode	2023-10-13 11:52:40 +02:00
Jérémy Dubois	ced4098192	collectd: fix rights for collectd directory	2023-10-13 11:52:22 +02:00
Jérémy Dubois	7aa588528c	base: doas configuration for ipmi_sensor NRPE check	2023-10-13 11:52:22 +02:00
Jérémy Dubois	afba3ad7e1	nagios-nrpe: add the ipmi_sensor check	2023-10-13 11:52:21 +02:00
Jérémy Dubois	05bdef9ab8	etc-git: add versioning for /var/unbound/etc	2023-10-13 11:52:19 +02:00
`@ -1,3 +1,3 @@`
	`#!/bin/sh`	`#!/bin/sh`

	`update-evobackup-canary --who @daily`	`update-evobackup-canary --who @daily`