Refactor: Repo layout and config

ANSIBLE/README.md

@@ -1,5 +1,50 @@
-README.md
+# README.md
-=========
+
+## Current
+
+This repository has been refactored a bit to enable the auto merging functionality of ansible inventorys and vars plugins.
+As such a brakedown of the following folders should be explained.
+
+`inventory/`:
+
+This folder should contain yaml files with host definitions, one yaml file per project / customer depending on size.
+
+`group_vars/`:
+
+This folder should be used for all groups vars.
+
+`host_vars/`:
+
+Ideally configuring host vars here should be avoided, these should be set at the group level unless specific overides are needed. However these are probbly best placed in host inventory unless the host is patten matched.
+
+Long term ideally we should have a `site.yml` that will run all the config playbooks within this repo. I would imagine we will have some other types of playbooks such as patching which will not be as sensible to include in such a playbook.
+
+### Code Quality Guidelines
+
+Ideally all commited ansible will pass ansible-lint for latest ansible core release. This does mean that full module names should be used.
+
+Role's should be using templates as much as possible to ensure that configs are idpotent as possible, please avoid file module for config files even if we dont need to template use a template with no vars.
+
+
+
+
+### CMD Example
+
+```bash
+ansible-playbook icinga.yml --ask-vault-pass --check
+# vs old 
+ansible-playbook -i hosts icinga.yml --ask-vault-pass --check
+```
+
+
+
+
+
+
+
+## Original
+
+
 
 This is an index of all of the ansible scripts used for building Telos Digital systems, as created by Peter Edmond
 

ANSIBLE/ansible.cfg

@@ -1,3 +1,2 @@
 [defaults]
-inventory = ./hosts.yaml
+inventory = inventory/
-remote_user = ubuntu

ANSIBLE/hosts.yml

@@ -1,27 +0,0 @@
-web:
-  hosts:
-    monitor.telos.digital:
-eoq:
-  hosts:
-    eoq.telos.digital:
-      site_name: eoq.telos.digital
-      site_root: /var/www/html
-      admin_email: peter.edmond@telos.digital
-      php_version: 8.3
-      #These are not used but can be used to customise the php-fpm environment if required.
-      php_upload_max_filesize: 20M
-      php_post_max_size: 25M
-      php_memory_limit: 128M
-      php_max_execution_time: 60
-monitor:
-  hosts:
-    monitor.telos.digital:
-      site_name: monitor.telos.digital
-      site_root: /var/www/html
-      admin_email: peter.edmond@telos.digital
-      php_version: 8.3
-      #These are not used but can be used to customise the php-fpm environment if required.
-      php_upload_max_filesize: 20M
-      php_post_max_size: 25M
-      php_memory_limit: 128M
-      php_max_execution_time: 60

ANSIBLE/inventory/davismethod.yml

@@ -0,0 +1 @@
+---

ANSIBLE/inventory/telos_digital.yml

@@ -0,0 +1,12 @@
+all:
+  vars:
+    ansible_user: 'ubuntu'
+web:
+  hosts:
+    monitor.telos.digital:
+eoq:
+  hosts:
+    eoq.telos.digital:
+monitor:
+  hosts:
+    monitor.telos.digital:

ANSIBLE/roles/icinga2/tasks/icinga2-templates.yml

@@ -1,6 +1,6 @@
 ---
 - name: Template app.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/app.conf.j2
     dest: /etc/icinga2/conf.d/app.conf
     owner: nagios
@@ -8,7 +8,7 @@
     mode: '0644'
   notify: Restart Icinga2
 - name: Template apt.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/apt.conf.j2
     dest: /etc/icinga2/conf.d/apt.conf
     owner: nagios
@@ -16,7 +16,7 @@
     mode: '0644'
   notify: Restart Icinga2
 - name: Template commands.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/commands.conf.j2
     dest: /etc/icinga2/conf.d/commands.conf
     owner: nagios
@@ -24,7 +24,7 @@
     mode: '0644'
   notify: Restart Icinga2
 - name: Template downtimes.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/downtimes.conf.j2
     dest: /etc/icinga2/conf.d/downtimes.conf
     owner: nagios
@@ -32,7 +32,7 @@
     mode: '0644'
   notify: Restart Icinga2
 - name: Template groups.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/groups.conf.j2
     dest: /etc/icinga2/conf.d/groups.conf
     owner: nagios
@@ -40,7 +40,7 @@
     mode: '0644'
   notify: Restart Icinga2
 - name: Template hosts.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/hosts.conf.j2
     dest: /etc/icinga2/conf.d/hosts.conf
     owner: nagios
@@ -48,14 +48,14 @@
     mode: '0644'
   notify: Restart Icinga2
 - name: Template notifications.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/notifications.conf.j2
     dest: /etc/icinga2/conf.d/notifications.conf
     group: nagios
     mode: '0644'
   notify: Restart Icinga2
 - name: Template services.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/services.conf.j2
     dest: /etc/icinga2/conf.d/services.conf
     owner: nagios
@@ -63,7 +63,7 @@
     mode: '0644'
   notify: Restart Icinga2
 - name: Template templates.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/templates.conf.j2
     dest: /etc/icinga2/conf.d/templates.conf
     owner: nagios
@@ -71,7 +71,7 @@
     mode: '0644'
   notify: Restart Icinga2
 - name: Template timeperiods.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/timeperiods.conf.j2
     dest: /etc/icinga2/conf.d/timeperiods.conf
     owner: nagios
@@ -79,10 +79,10 @@
     mode: '0644'
   notify: Restart Icinga2
 - name: Template templates.conf
-  template:
+  ansible.builtin.template:
     src: etc/icinga2/conf.d/users.conf.j2
     dest: /etc/icinga2/conf.d/users.conf
     owner: nagios
     group: nagios
     mode: '0644'
-  notify: Restart Icinga2
+  notify: Restart Icinga2

ANSIBLE/roles/icinga2/tasks/main.yml

@@ -1,46 +1,46 @@
 ---
 - name: Ensure keyrings directory exists
-  file:
+  ansible.builtin.file:
     path: /etc/apt/keyrings
     state: directory
     mode: '0755'
 
 - name: Download Icinga GPG key to keyrings
-  get_url:
+  ansible.builtin.get_url:
     url: https://packages.icinga.com/icinga.key
     dest: /etc/apt/keyrings/icinga.asc
     mode: '0644'
 
 - name: Add Icinga APT repository (Ubuntu 24.04 "noble")
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb [signed-by=/etc/apt/keyrings/icinga.asc] https://packages.icinga.com/ubuntu icinga-noble main"
     state: present
     filename: icinga
 
 - name: Add Icinga 2 GPG key
-  apt_key:
+  ansible.builtin.apt_key:
     url: https://packages.icinga.com/icinga.key
     state: present
 
 - name: Install Icinga 2
-  apt:
+  ansible.builtin.apt:
     name: icinga2
     state: present
-    update_cache: yes
+    update_cache: true
 
 # Include IDO DB setup tasks
 - name: Setup Icinga2 IDO DB
-  include_tasks: icinga2-ido.yml
+  ansible.builtin.include_tasks: icinga2-ido.yml
 
 - name: Start and enable icinga2 service
-  service:
+  ansible.builtin.service:
     name: icinga2
     state: started
-    enabled: yes
+    enabled: true
 
 - name: Install Icinga Web 2 and Apache (optional)
   when: icinga2_install_web
-  apt:
+  ansible.builtin.apt:
     name:
       - icingaweb2
       - icingacli
@@ -56,33 +56,33 @@
 
 - name: Enable Apache for Icinga Web
   when: icinga2_install_web
-  service:
+  ansible.builtin.service:
     name: apache2
     state: started
-    enabled: yes
+    enabled: true
 
 - name: Configure Icinga Web 2 database (optional)
   when: icinga2_install_web
-  debug:
+  ansible.builtin.debug:
     msg: "You can add DB config, MySQL setup, etc. here."
 
 - name: Install Icinga2 IDO MySQL module
-  apt:
+  ansible.builtin.apt:
     name: icinga2-ido-mysql
     state: present
 
 - name: Enable the IDO MySQL feature
-  command: icinga2 feature enable ido-mysql
+  ansible.builtin.command: icinga2 feature enable ido-mysql
   notify: Restart Icinga2
 
 - name: Configure IDO DB connection
-  template:
+  ansible.builtin.template:
     src: ido-mysql.conf.j2
     dest: /etc/icinga2/features-enabled/ido-mysql.conf
     owner: root
     group: root
     mode: '0644'
   notify: Restart Icinga2
- 
+
 - name: Setup Icinga2 Templates
-  include_tasks: icinga2-templates.yml
+  ansible.builtin.include_tasks: icinga2-templates.yml

ANSIBLE/roles/svc_acct/defaults/main.yml

@@ -1,2 +1,2 @@
 svc_acct_name: "root"
-svc_acct_keys: ""
+svc_acct_keys: ""

ANSIBLE/roles/svc_acct/tasks/main.yml

@@ -1,5 +1,5 @@
-- name: Add Local User 
+- name: Add Local User
-  user:
+  ansible.builtin.user:
     name: "{{ svc_acct_name }}"
     comment: General Service Account
     password_lock: true
@@ -7,38 +7,38 @@
     create_home: true
 - name: Wheel Group
   when: ansible_facts['os_family'] == "RedHat"
-  user:
+  ansible.builtin.user:
     name: servicelink
     groups: wheel
     append: true
-- name: sudo Group
+- name: Sudo Group
   when: ansible_facts['distribution'] == "Ubuntu"
-  user:
+  ansible.builtin.user:
     name: "{{ svc_acct_name }}"
     groups: sudo
     append: true
 - name: Make servicelink sudo Passwordless
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/sudoers
     state: present
     line: "{{ svc_acct_name }}  ALL=(ALL)       NOPASSWD: ALL"
     validate: /usr/sbin/visudo -cf %s
 - name: "Make .ssh  dir"
-  file:
+  ansible.builtin.file:
     path: "/home/{{ svc_acct_name }}/.ssh/"
     state: directory
     owner: "{{ svc_acct_name }}"
     group: "{{ svc_acct_name }}"
     mode: "0700"
-- name: Make Authorised Key 
+- name: Make Authorised Key
-  file:
+  ansible.builtin.file:
     path: "/home/{{ svc_acct_name }}/.ssh/authorized_keys"
 #    state: touch
     owner: "{{ svc_acct_name }}"
     group: "{{ svc_acct_name }}"
     mode: "0600"
 - name: Add Publickey
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys"
     line: "{{ item }}"
   loop: "{{ svc_acct_keys }}"

ANSIBLE/test.yml

@@ -4,8 +4,8 @@
   hosts: eoq
   become: true
   gather_facts: true
-  vars_files:
+  #vars_files:
-    - group_vars/all.yaml
+  #  - group_vars/all.yaml
   roles:
     - svc_acct
   tasks: