From 1af655b3905a10a26822026b3c5576fae7f57887 Mon Sep 17 00:00:00 2001 From: hbaxter Date: Thu, 3 Jul 2025 16:45:28 +0100 Subject: [PATCH 1/4] Refactor icinga2 config into roles --- .../roles/icinga2/tasks/icinga2-templates.yml | 88 +++++++++++++++++++ ANSIBLE/roles/icinga2/tasks/main.yml | 3 +- .../templates/etc/icinga2/conf.d/app.conf.j2} | 0 .../templates/etc/icinga2/conf.d/apt.conf.j2} | 0 .../etc/icinga2/conf.d/commands.conf.j2} | 0 .../etc/icinga2/conf.d/downtimes.conf.j2} | 0 .../etc/icinga2/conf.d/groups.conf.j2} | 0 .../etc/icinga2/conf.d/hosts.conf.j2} | 0 .../etc/icinga2/conf.d/notifications.conf.j2} | 0 .../etc/icinga2/conf.d/services.conf.j2} | 0 .../etc/icinga2/conf.d/templates.conf.j2} | 0 .../etc/icinga2/conf.d/timeperiods.conf.j2} | 0 .../etc/icinga2/conf.d/users.conf.j2} | 0 13 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 ANSIBLE/roles/icinga2/tasks/icinga2-templates.yml rename ANSIBLE/{files/monitor.telos.digital/conf.d/app.conf => roles/icinga2/templates/etc/icinga2/conf.d/app.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/apt.conf => roles/icinga2/templates/etc/icinga2/conf.d/apt.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/commands.conf => roles/icinga2/templates/etc/icinga2/conf.d/commands.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/downtimes.conf => roles/icinga2/templates/etc/icinga2/conf.d/downtimes.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/groups.conf => roles/icinga2/templates/etc/icinga2/conf.d/groups.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/hosts.conf => roles/icinga2/templates/etc/icinga2/conf.d/hosts.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/notifications.conf => roles/icinga2/templates/etc/icinga2/conf.d/notifications.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/services.conf => roles/icinga2/templates/etc/icinga2/conf.d/services.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/templates.conf => roles/icinga2/templates/etc/icinga2/conf.d/templates.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/timeperiods.conf => roles/icinga2/templates/etc/icinga2/conf.d/timeperiods.conf.j2} (100%) rename ANSIBLE/{files/monitor.telos.digital/conf.d/users.conf => roles/icinga2/templates/etc/icinga2/conf.d/users.conf.j2} (100%) diff --git a/ANSIBLE/roles/icinga2/tasks/icinga2-templates.yml b/ANSIBLE/roles/icinga2/tasks/icinga2-templates.yml new file mode 100644 index 0000000..d392f26 --- /dev/null +++ b/ANSIBLE/roles/icinga2/tasks/icinga2-templates.yml @@ -0,0 +1,88 @@ +--- +- name: Template app.conf + template: + src: etc/icinga2/conf.d/app.conf.j2 + dest: /etc/icinga2/conf.d/app.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template apt.conf + template: + src: etc/icinga2/conf.d/apt.conf.j2 + dest: /etc/icinga2/conf.d/apt.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template commands.conf + template: + src: etc/icinga2/conf.d/commands.conf.j2 + dest: /etc/icinga2/conf.d/commands.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template downtimes.conf + template: + src: etc/icinga2/conf.d/downtimes.conf.j2 + dest: /etc/icinga2/conf.d/downtimes.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template groups.conf + template: + src: etc/icinga2/conf.d/groups.conf.j2 + dest: /etc/icinga2/conf.d/groups.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template hosts.conf + template: + src: etc/icinga2/conf.d/hosts.conf.j2 + dest: /etc/icinga2/conf.d/hosts.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template notifications.conf + template: + src: etc/icinga2/conf.d/notifications.conf.j2 + dest: /etc/icinga2/conf.d/notifications.conf + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template services.conf + template: + src: etc/icinga2/conf.d/services.conf.j2 + dest: /etc/icinga2/conf.d/services.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template templates.conf + template: + src: etc/icinga2/conf.d/templates.conf.j2 + dest: /etc/icinga2/conf.d/templates.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template timeperiods.conf + template: + src: etc/icinga2/conf.d/timeperiods.conf.j2 + dest: /etc/icinga2/conf.d/timeperiods.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 +- name: Template templates.conf + template: + src: etc/icinga2/conf.d/users.conf.j2 + dest: /etc/icinga2/conf.d/users.conf + owner: nagios + group: nagios + mode: '0644' + notify: Restart Icinga2 \ No newline at end of file diff --git a/ANSIBLE/roles/icinga2/tasks/main.yml b/ANSIBLE/roles/icinga2/tasks/main.yml index bca6060..91506d4 100644 --- a/ANSIBLE/roles/icinga2/tasks/main.yml +++ b/ANSIBLE/roles/icinga2/tasks/main.yml @@ -83,5 +83,6 @@ group: root mode: '0644' notify: Restart Icinga2 - +- name: Setup Icinga2 Templates + include_tasks: icinga2-templates.yml \ No newline at end of file diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/app.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/app.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/app.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/app.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/apt.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/apt.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/apt.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/apt.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/commands.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/commands.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/commands.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/commands.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/downtimes.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/downtimes.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/downtimes.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/downtimes.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/groups.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/groups.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/groups.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/groups.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/hosts.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/hosts.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/hosts.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/hosts.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/notifications.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/notifications.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/notifications.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/notifications.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/services.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/services.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/services.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/services.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/templates.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/templates.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/templates.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/templates.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/timeperiods.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/timeperiods.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/timeperiods.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/timeperiods.conf.j2 diff --git a/ANSIBLE/files/monitor.telos.digital/conf.d/users.conf b/ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/users.conf.j2 similarity index 100% rename from ANSIBLE/files/monitor.telos.digital/conf.d/users.conf rename to ANSIBLE/roles/icinga2/templates/etc/icinga2/conf.d/users.conf.j2 From 17c666ff979774d165385986bd89488947b2dc80 Mon Sep 17 00:00:00 2001 From: hbaxter Date: Fri, 4 Jul 2025 09:52:16 +0100 Subject: [PATCH 2/4] Role: svc_acct Basic service account ssh key management setup --- ANSIBLE/ansible.cfg | 2 +- ANSIBLE/group_vars/all.yaml | 5 +++ ANSIBLE/hosts | 8 ----- ANSIBLE/hosts.yml | 27 +++++++++++++++ ANSIBLE/roles/svc_acct/defaults/main.yml | 2 ++ ANSIBLE/roles/svc_acct/tasks/main.yml | 44 ++++++++++++++++++++++++ ANSIBLE/test.yml | 14 ++++++++ 7 files changed, 93 insertions(+), 9 deletions(-) create mode 100644 ANSIBLE/group_vars/all.yaml delete mode 100644 ANSIBLE/hosts create mode 100644 ANSIBLE/hosts.yml create mode 100644 ANSIBLE/roles/svc_acct/defaults/main.yml create mode 100644 ANSIBLE/roles/svc_acct/tasks/main.yml create mode 100644 ANSIBLE/test.yml diff --git a/ANSIBLE/ansible.cfg b/ANSIBLE/ansible.cfg index 018c8ef..4c4e766 100644 --- a/ANSIBLE/ansible.cfg +++ b/ANSIBLE/ansible.cfg @@ -1,3 +1,3 @@ [defaults] -inventory = ./hosts +inventory = ./hosts.yaml remote_user = ubuntu diff --git a/ANSIBLE/group_vars/all.yaml b/ANSIBLE/group_vars/all.yaml new file mode 100644 index 0000000..b3ffaed --- /dev/null +++ b/ANSIBLE/group_vars/all.yaml @@ -0,0 +1,5 @@ +svc_acct_name: "ubuntu" +svc_acct_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital" + - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= telos@anothermouse.com" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com " \ No newline at end of file diff --git a/ANSIBLE/hosts b/ANSIBLE/hosts deleted file mode 100644 index e0d19a6..0000000 --- a/ANSIBLE/hosts +++ /dev/null @@ -1,8 +0,0 @@ -[web] -monitor.telos.digital - -[eoq] -eoq.telos.digital - -[monitor] -monitor.telos.digital diff --git a/ANSIBLE/hosts.yml b/ANSIBLE/hosts.yml new file mode 100644 index 0000000..460b169 --- /dev/null +++ b/ANSIBLE/hosts.yml @@ -0,0 +1,27 @@ +web: + hosts: + monitor.telos.digital: +eoq: + hosts: + eoq.telos.digital: + site_name: eoq.telos.digital + site_root: /var/www/html + admin_email: peter.edmond@telos.digital + php_version: 8.3 + #These are not used but can be used to customise the php-fpm environment if required. + php_upload_max_filesize: 20M + php_post_max_size: 25M + php_memory_limit: 128M + php_max_execution_time: 60 +monitor: + hosts: + monitor.telos.digital: + site_name: monitor.telos.digital + site_root: /var/www/html + admin_email: peter.edmond@telos.digital + php_version: 8.3 + #These are not used but can be used to customise the php-fpm environment if required. + php_upload_max_filesize: 20M + php_post_max_size: 25M + php_memory_limit: 128M + php_max_execution_time: 60 diff --git a/ANSIBLE/roles/svc_acct/defaults/main.yml b/ANSIBLE/roles/svc_acct/defaults/main.yml new file mode 100644 index 0000000..b94abc7 --- /dev/null +++ b/ANSIBLE/roles/svc_acct/defaults/main.yml @@ -0,0 +1,2 @@ +svc_acct_name: "root" +svc_acct_keys: "" \ No newline at end of file diff --git a/ANSIBLE/roles/svc_acct/tasks/main.yml b/ANSIBLE/roles/svc_acct/tasks/main.yml new file mode 100644 index 0000000..5c1d138 --- /dev/null +++ b/ANSIBLE/roles/svc_acct/tasks/main.yml @@ -0,0 +1,44 @@ +- name: Add Local User + user: + name: "{{ svc_acct_name }}" + comment: General Service Account + password_lock: true + shell: "/bin/bash" + create_home: true +- name: Wheel Group + when: ansible_facts['os_family'] == "RedHat" + user: + name: servicelink + groups: wheel + append: true +- name: sudo Group + when: ansible_facts['distribution'] == "Ubuntu" + user: + name: "{{ svc_acct_name }}" + groups: sudo + append: true +- name: Make servicelink sudo Passwordless + lineinfile: + path: /etc/sudoers + state: present + line: "{{ svc_acct_name }} ALL=(ALL) NOPASSWD: ALL" + validate: /usr/sbin/visudo -cf %s +- name: "Make .ssh dir" + file: + path: "/home/{{ svc_acct_name }}/.ssh/" + state: directory + owner: "{{ svc_acct_name }}" + group: "{{ svc_acct_name }}" + mode: "0700" +- name: Make Authorised Key + file: + path: "/home/{{ svc_acct_name }}/.ssh/authorized_keys" +# state: touch + owner: "{{ svc_acct_name }}" + group: "{{ svc_acct_name }}" + mode: "0600" +- name: Add Publickey + lineinfile: + path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys" + line: "{{ item }}" + loop: "{{ svc_acct_keys }}" diff --git a/ANSIBLE/test.yml b/ANSIBLE/test.yml new file mode 100644 index 0000000..d85f3b3 --- /dev/null +++ b/ANSIBLE/test.yml @@ -0,0 +1,14 @@ +--- + +- name: Test roles + hosts: eoq + become: true + gather_facts: true + vars_files: + - group_vars/all.yaml + roles: + - svc_acct + tasks: + - ansible.builtin.debug: + msg: "Finished" + name: "Finished mgs" From b71c793db8c3982a5fc20fb22eeda6f3b6ed32b1 Mon Sep 17 00:00:00 2001 From: hbaxter Date: Fri, 4 Jul 2025 11:08:43 +0100 Subject: [PATCH 3/4] Refactor: Repo layout and config --- ANSIBLE/README.md | 49 ++++++++++++++++++- ANSIBLE/ansible.cfg | 3 +- ANSIBLE/group_vars/{all.yaml => all/all.yml} | 0 ANSIBLE/hosts.yml | 27 ---------- ANSIBLE/inventory/davismethod.yml | 1 + ANSIBLE/inventory/telos_digital.yml | 12 +++++ .../roles/icinga2/tasks/icinga2-templates.yml | 24 ++++----- ANSIBLE/roles/icinga2/tasks/main.yml | 36 +++++++------- ANSIBLE/roles/svc_acct/defaults/main.yml | 2 +- ANSIBLE/roles/svc_acct/tasks/main.yml | 20 ++++---- ANSIBLE/test.yml | 4 +- 11 files changed, 104 insertions(+), 74 deletions(-) rename ANSIBLE/group_vars/{all.yaml => all/all.yml} (100%) delete mode 100644 ANSIBLE/hosts.yml create mode 100644 ANSIBLE/inventory/davismethod.yml create mode 100644 ANSIBLE/inventory/telos_digital.yml diff --git a/ANSIBLE/README.md b/ANSIBLE/README.md index 4332ca4..1a9bf59 100644 --- a/ANSIBLE/README.md +++ b/ANSIBLE/README.md @@ -1,5 +1,50 @@ -README.md -========= +# README.md + +## Current + +This repository has been refactored a bit to enable the auto merging functionality of ansible inventorys and vars plugins. +As such a brakedown of the following folders should be explained. + +`inventory/`: + +This folder should contain yaml files with host definitions, one yaml file per project / customer depending on size. + +`group_vars/`: + +This folder should be used for all groups vars. + +`host_vars/`: + +Ideally configuring host vars here should be avoided, these should be set at the group level unless specific overides are needed. However these are probbly best placed in host inventory unless the host is patten matched. + +Long term ideally we should have a `site.yml` that will run all the config playbooks within this repo. I would imagine we will have some other types of playbooks such as patching which will not be as sensible to include in such a playbook. + +### Code Quality Guidelines + +Ideally all commited ansible will pass ansible-lint for latest ansible core release. This does mean that full module names should be used. + +Role's should be using templates as much as possible to ensure that configs are idpotent as possible, please avoid file module for config files even if we dont need to template use a template with no vars. + + + + +### CMD Example + +```bash +ansible-playbook icinga.yml --ask-vault-pass --check +# vs old +ansible-playbook -i hosts icinga.yml --ask-vault-pass --check +``` + + + + + + + +## Original + + This is an index of all of the ansible scripts used for building Telos Digital systems, as created by Peter Edmond diff --git a/ANSIBLE/ansible.cfg b/ANSIBLE/ansible.cfg index 4c4e766..7838245 100644 --- a/ANSIBLE/ansible.cfg +++ b/ANSIBLE/ansible.cfg @@ -1,3 +1,2 @@ [defaults] -inventory = ./hosts.yaml -remote_user = ubuntu +inventory = inventory/ diff --git a/ANSIBLE/group_vars/all.yaml b/ANSIBLE/group_vars/all/all.yml similarity index 100% rename from ANSIBLE/group_vars/all.yaml rename to ANSIBLE/group_vars/all/all.yml diff --git a/ANSIBLE/hosts.yml b/ANSIBLE/hosts.yml deleted file mode 100644 index 460b169..0000000 --- a/ANSIBLE/hosts.yml +++ /dev/null @@ -1,27 +0,0 @@ -web: - hosts: - monitor.telos.digital: -eoq: - hosts: - eoq.telos.digital: - site_name: eoq.telos.digital - site_root: /var/www/html - admin_email: peter.edmond@telos.digital - php_version: 8.3 - #These are not used but can be used to customise the php-fpm environment if required. - php_upload_max_filesize: 20M - php_post_max_size: 25M - php_memory_limit: 128M - php_max_execution_time: 60 -monitor: - hosts: - monitor.telos.digital: - site_name: monitor.telos.digital - site_root: /var/www/html - admin_email: peter.edmond@telos.digital - php_version: 8.3 - #These are not used but can be used to customise the php-fpm environment if required. - php_upload_max_filesize: 20M - php_post_max_size: 25M - php_memory_limit: 128M - php_max_execution_time: 60 diff --git a/ANSIBLE/inventory/davismethod.yml b/ANSIBLE/inventory/davismethod.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ANSIBLE/inventory/davismethod.yml @@ -0,0 +1 @@ +--- diff --git a/ANSIBLE/inventory/telos_digital.yml b/ANSIBLE/inventory/telos_digital.yml new file mode 100644 index 0000000..350cb2a --- /dev/null +++ b/ANSIBLE/inventory/telos_digital.yml @@ -0,0 +1,12 @@ +all: + vars: + ansible_user: 'ubuntu' +web: + hosts: + monitor.telos.digital: +eoq: + hosts: + eoq.telos.digital: +monitor: + hosts: + monitor.telos.digital: diff --git a/ANSIBLE/roles/icinga2/tasks/icinga2-templates.yml b/ANSIBLE/roles/icinga2/tasks/icinga2-templates.yml index d392f26..b818892 100644 --- a/ANSIBLE/roles/icinga2/tasks/icinga2-templates.yml +++ b/ANSIBLE/roles/icinga2/tasks/icinga2-templates.yml @@ -1,6 +1,6 @@ --- - name: Template app.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/app.conf.j2 dest: /etc/icinga2/conf.d/app.conf owner: nagios @@ -8,7 +8,7 @@ mode: '0644' notify: Restart Icinga2 - name: Template apt.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/apt.conf.j2 dest: /etc/icinga2/conf.d/apt.conf owner: nagios @@ -16,7 +16,7 @@ mode: '0644' notify: Restart Icinga2 - name: Template commands.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/commands.conf.j2 dest: /etc/icinga2/conf.d/commands.conf owner: nagios @@ -24,7 +24,7 @@ mode: '0644' notify: Restart Icinga2 - name: Template downtimes.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/downtimes.conf.j2 dest: /etc/icinga2/conf.d/downtimes.conf owner: nagios @@ -32,7 +32,7 @@ mode: '0644' notify: Restart Icinga2 - name: Template groups.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/groups.conf.j2 dest: /etc/icinga2/conf.d/groups.conf owner: nagios @@ -40,7 +40,7 @@ mode: '0644' notify: Restart Icinga2 - name: Template hosts.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/hosts.conf.j2 dest: /etc/icinga2/conf.d/hosts.conf owner: nagios @@ -48,14 +48,14 @@ mode: '0644' notify: Restart Icinga2 - name: Template notifications.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/notifications.conf.j2 dest: /etc/icinga2/conf.d/notifications.conf group: nagios mode: '0644' notify: Restart Icinga2 - name: Template services.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/services.conf.j2 dest: /etc/icinga2/conf.d/services.conf owner: nagios @@ -63,7 +63,7 @@ mode: '0644' notify: Restart Icinga2 - name: Template templates.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/templates.conf.j2 dest: /etc/icinga2/conf.d/templates.conf owner: nagios @@ -71,7 +71,7 @@ mode: '0644' notify: Restart Icinga2 - name: Template timeperiods.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/timeperiods.conf.j2 dest: /etc/icinga2/conf.d/timeperiods.conf owner: nagios @@ -79,10 +79,10 @@ mode: '0644' notify: Restart Icinga2 - name: Template templates.conf - template: + ansible.builtin.template: src: etc/icinga2/conf.d/users.conf.j2 dest: /etc/icinga2/conf.d/users.conf owner: nagios group: nagios mode: '0644' - notify: Restart Icinga2 \ No newline at end of file + notify: Restart Icinga2 diff --git a/ANSIBLE/roles/icinga2/tasks/main.yml b/ANSIBLE/roles/icinga2/tasks/main.yml index 91506d4..6b8ee51 100644 --- a/ANSIBLE/roles/icinga2/tasks/main.yml +++ b/ANSIBLE/roles/icinga2/tasks/main.yml @@ -1,46 +1,46 @@ --- - name: Ensure keyrings directory exists - file: + ansible.builtin.file: path: /etc/apt/keyrings state: directory mode: '0755' - name: Download Icinga GPG key to keyrings - get_url: + ansible.builtin.get_url: url: https://packages.icinga.com/icinga.key dest: /etc/apt/keyrings/icinga.asc mode: '0644' - name: Add Icinga APT repository (Ubuntu 24.04 "noble") - apt_repository: + ansible.builtin.apt_repository: repo: "deb [signed-by=/etc/apt/keyrings/icinga.asc] https://packages.icinga.com/ubuntu icinga-noble main" state: present filename: icinga - name: Add Icinga 2 GPG key - apt_key: + ansible.builtin.apt_key: url: https://packages.icinga.com/icinga.key state: present - name: Install Icinga 2 - apt: + ansible.builtin.apt: name: icinga2 state: present - update_cache: yes + update_cache: true # Include IDO DB setup tasks - name: Setup Icinga2 IDO DB - include_tasks: icinga2-ido.yml + ansible.builtin.include_tasks: icinga2-ido.yml - name: Start and enable icinga2 service - service: + ansible.builtin.service: name: icinga2 state: started - enabled: yes + enabled: true - name: Install Icinga Web 2 and Apache (optional) when: icinga2_install_web - apt: + ansible.builtin.apt: name: - icingaweb2 - icingacli @@ -56,33 +56,33 @@ - name: Enable Apache for Icinga Web when: icinga2_install_web - service: + ansible.builtin.service: name: apache2 state: started - enabled: yes + enabled: true - name: Configure Icinga Web 2 database (optional) when: icinga2_install_web - debug: + ansible.builtin.debug: msg: "You can add DB config, MySQL setup, etc. here." - name: Install Icinga2 IDO MySQL module - apt: + ansible.builtin.apt: name: icinga2-ido-mysql state: present - name: Enable the IDO MySQL feature - command: icinga2 feature enable ido-mysql + ansible.builtin.command: icinga2 feature enable ido-mysql notify: Restart Icinga2 - name: Configure IDO DB connection - template: + ansible.builtin.template: src: ido-mysql.conf.j2 dest: /etc/icinga2/features-enabled/ido-mysql.conf owner: root group: root mode: '0644' notify: Restart Icinga2 - + - name: Setup Icinga2 Templates - include_tasks: icinga2-templates.yml \ No newline at end of file + ansible.builtin.include_tasks: icinga2-templates.yml diff --git a/ANSIBLE/roles/svc_acct/defaults/main.yml b/ANSIBLE/roles/svc_acct/defaults/main.yml index b94abc7..77f98fd 100644 --- a/ANSIBLE/roles/svc_acct/defaults/main.yml +++ b/ANSIBLE/roles/svc_acct/defaults/main.yml @@ -1,2 +1,2 @@ svc_acct_name: "root" -svc_acct_keys: "" \ No newline at end of file +svc_acct_keys: "" diff --git a/ANSIBLE/roles/svc_acct/tasks/main.yml b/ANSIBLE/roles/svc_acct/tasks/main.yml index 5c1d138..ad4b45d 100644 --- a/ANSIBLE/roles/svc_acct/tasks/main.yml +++ b/ANSIBLE/roles/svc_acct/tasks/main.yml @@ -1,5 +1,5 @@ -- name: Add Local User - user: +- name: Add Local User + ansible.builtin.user: name: "{{ svc_acct_name }}" comment: General Service Account password_lock: true @@ -7,38 +7,38 @@ create_home: true - name: Wheel Group when: ansible_facts['os_family'] == "RedHat" - user: + ansible.builtin.user: name: servicelink groups: wheel append: true -- name: sudo Group +- name: Sudo Group when: ansible_facts['distribution'] == "Ubuntu" - user: + ansible.builtin.user: name: "{{ svc_acct_name }}" groups: sudo append: true - name: Make servicelink sudo Passwordless - lineinfile: + ansible.builtin.lineinfile: path: /etc/sudoers state: present line: "{{ svc_acct_name }} ALL=(ALL) NOPASSWD: ALL" validate: /usr/sbin/visudo -cf %s - name: "Make .ssh dir" - file: + ansible.builtin.file: path: "/home/{{ svc_acct_name }}/.ssh/" state: directory owner: "{{ svc_acct_name }}" group: "{{ svc_acct_name }}" mode: "0700" -- name: Make Authorised Key - file: +- name: Make Authorised Key + ansible.builtin.file: path: "/home/{{ svc_acct_name }}/.ssh/authorized_keys" # state: touch owner: "{{ svc_acct_name }}" group: "{{ svc_acct_name }}" mode: "0600" - name: Add Publickey - lineinfile: + ansible.builtin.lineinfile: path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys" line: "{{ item }}" loop: "{{ svc_acct_keys }}" diff --git a/ANSIBLE/test.yml b/ANSIBLE/test.yml index d85f3b3..abc9af2 100644 --- a/ANSIBLE/test.yml +++ b/ANSIBLE/test.yml @@ -4,8 +4,8 @@ hosts: eoq become: true gather_facts: true - vars_files: - - group_vars/all.yaml + #vars_files: + # - group_vars/all.yaml roles: - svc_acct tasks: From 12df029a7bb4fbbdf64ac29eb056ef15eaeb2750 Mon Sep 17 00:00:00 2001 From: hbaxter Date: Fri, 4 Jul 2025 11:25:09 +0100 Subject: [PATCH 4/4] Refactor: Tidy Ansible folder --- ANSIBLE/icinga.yml | 1 - ANSIBLE/roles/icinga2/tasks/icinga2-ido.yml | 7 +++---- {ANSIBLE => Cleanup}/httpd.yml | 0 {ANSIBLE => Cleanup}/templates/index.html.j2 | 0 {ANSIBLE => Cleanup}/templates/vhost.conf.j2 | 0 5 files changed, 3 insertions(+), 5 deletions(-) rename {ANSIBLE => Cleanup}/httpd.yml (100%) rename {ANSIBLE => Cleanup}/templates/index.html.j2 (100%) rename {ANSIBLE => Cleanup}/templates/vhost.conf.j2 (100%) diff --git a/ANSIBLE/icinga.yml b/ANSIBLE/icinga.yml index f98e71e..6102ec9 100644 --- a/ANSIBLE/icinga.yml +++ b/ANSIBLE/icinga.yml @@ -1,5 +1,4 @@ --- -#- import_playbook: httpd.yml - name: Install php and icinga2 web hosts: monitor diff --git a/ANSIBLE/roles/icinga2/tasks/icinga2-ido.yml b/ANSIBLE/roles/icinga2/tasks/icinga2-ido.yml index a65e052..312c779 100644 --- a/ANSIBLE/roles/icinga2/tasks/icinga2-ido.yml +++ b/ANSIBLE/roles/icinga2/tasks/icinga2-ido.yml @@ -18,18 +18,17 @@ column_case_sensitive: true - name: Check if IDO schema has already been imported - stat: + ansible.builtin.stat: path: /var/lib/icinga2/ido_schema_imported.flag register: ido_schema_marker - name: Import IDO schema - shell: | + ansible.builtin.shell: | mysql -u root -p'{{ mariadb_root_password }}' {{ icinga_db_name }} < /usr/share/icinga2-ido-mysql/schema/mysql.sql when: not ido_schema_marker.stat.exists - name: Mark IDO schema as imported - file: + ansible.builtin.file: path: /var/lib/icinga2/ido_schema_imported.flag state: touch when: not ido_schema_marker.stat.exists - diff --git a/ANSIBLE/httpd.yml b/Cleanup/httpd.yml similarity index 100% rename from ANSIBLE/httpd.yml rename to Cleanup/httpd.yml diff --git a/ANSIBLE/templates/index.html.j2 b/Cleanup/templates/index.html.j2 similarity index 100% rename from ANSIBLE/templates/index.html.j2 rename to Cleanup/templates/index.html.j2 diff --git a/ANSIBLE/templates/vhost.conf.j2 b/Cleanup/templates/vhost.conf.j2 similarity index 100% rename from ANSIBLE/templates/vhost.conf.j2 rename to Cleanup/templates/vhost.conf.j2