From a2de184afa4d5cbfd10bbfe22fc17a918fdffed6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Wed, 5 Jul 2023 16:05:07 +0200
Subject: [PATCH] [UPD] ansible-lint
---
.ansible-lint | 7 +++
.yamllint | 39 ++++++++++++++++
handlers/main.yml | 8 ++--
meta/main.yml | 38 +++++++--------
tasks/main.yml | 116 +++++++++++++++++++++++-----------------------
vars/Debian.yml | 16 +++----
vars/RedHat.yml | 16 +++----
vars/main.yml | 24 +++++-----
8 files changed, 156 insertions(+), 108 deletions(-)
create mode 100644 .ansible-lint
create mode 100644 .yamllint
diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..8d40d06
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,7 @@
+---
+warn_list: # or 'skip_list' to silence them completely
+ - git-latest # Git checkouts must contain explicit version
+ - ignore-errors # Use failed_when and specify error conditions instead of using ignore_errors
+ - no-changed-when # Commands should not change things if nothing needs doing
+ - no-handler # Tasks that run when changed should likely be handlers
+ - package-latest # Package installs should not use latest
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..fbebdb8
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,39 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ colons:
+ max-spaces-after: -1
+ level: error
+ commas:
+ max-spaces-after: -1
+ level: error
+ # comments enable
+ comments: enable
+ comments-indentation: enable
+ document-start: enable
+ empty-lines:
+ max: 3
+ level: error
+ hyphens:
+ level: error
+ indentation:
+ level: warning
+ indent-sequences: consistent
+ spaces: 4
+ check-multi-line-strings: true
+ key-duplicates: enable
+ line-length: disable
+ new-line-at-end-of-file: enable
+ new-lines:
+ type: unix
+ # trailing-spaces enable
+ trailing-spaces: enable
+ truthy: enable
diff --git a/handlers/main.yml b/handlers/main.yml
index 2da84be..77b15a6 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,6 +1,6 @@
---
-- name: restart nrpe
- service:
- name: nagios-nrpe-server
- state: restarted
+- name: Restart nrpe
+ ansible.builtin.service:
+ name: nagios-nrpe-server
+ state: restarted
diff --git a/meta/main.yml b/meta/main.yml
index 17f874f..f4fee6d 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,21 +1,21 @@
---
galaxy_info:
- author: RĂ©mi
- description: This roles deploys Nagios NRPE on every host for monitoring from Nagios
- company: Le Filament (https://le-filament.com)
- license: AGPL-3.0-or-later
- min_ansible_version: 2.1
- platforms:
- - name: EL
- versions:
- - 7
- - name: Ubuntu
- versions:
- - trusty
- - xenial
- - bionic
- - focal
- galaxy_tags:
- - monitoring
- - nagios
- - nrpe
+ author: lefilament
+ description: This roles deploys Nagios NRPE on every host for monitoring from Nagios
+ company: Le Filament (https://le-filament.com)
+ license: AGPL-3.0-or-later
+ min_ansible_version: "2.1"
+ platforms:
+ - name: EL
+ versions:
+ - "7"
+ - name: Ubuntu
+ versions:
+ - trusty
+ - xenial
+ - bionic
+ - focal
+ galaxy_tags:
+ - monitoring
+ - nagios
+ - nrpe
diff --git a/tasks/main.yml b/tasks/main.yml
index 1621165..a088f7d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,86 +1,88 @@
---
- name: Include OS-specific variables.
- include_vars: "{{ ansible_os_family }}.yml"
+ ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
- name: Install NRPE and basic plugins
- package:
- name:
- - nagios-nrpe-server
- - monitoring-plugins-basic
- state: present
+ ansible.builtin.package:
+ name:
+ - nagios-nrpe-server
+ - monitoring-plugins-basic
+ state: present
- name: Make NRPE start with system
- service:
- name: nagios-nrpe-server
- state: started
- enabled: true
+ ansible.builtin.service:
+ name: nagios-nrpe-server
+ state: started
+ enabled: true
# --------------------------------------------------
# CONFIGURATION NRPE
# --------------------------------------------------
- name: Push NRPE configuration file
- template:
- src: nrpe.cfg.j2
- dest: /etc/nagios/nrpe.cfg
- owner: root
- group: root
- mode: '0644'
- notify: restart nrpe
+ ansible.builtin.template:
+ src: nrpe.cfg.j2
+ dest: /etc/nagios/nrpe.cfg
+ owner: root
+ group: root
+ mode: '0644'
+ notify: Restart nrpe
tags: nrpe_config
# --------------------------------------------------
# AJOUT CUSTOM SCRIPTs
# --------------------------------------------------
-- name: create custom-plugin repo if not created from previous tasks
- file:
- name: /usr/lib/nagios/custom-plugins
- state: directory
- owner: root
- group: root
- mode: '0755'
-
-- name: get custom scripts from gitlab
- git:
- repo: "https://sources.le-filament.com/lefilament/nagios-plugin.git"
- dest: "/usr/lib/nagios/custom-plugins"
- version: "master"
+- name: Create custom-plugin repo if not created from previous tasks
+ ansible.builtin.file:
+ name: /usr/lib/nagios/custom-plugins
+ state: directory
+ owner: root
+ group: root
+ mode: '0755'
+
+- name: Get custom scripts from gitlab
+ ansible.builtin.git:
+ repo: "https://sources.le-filament.com/lefilament/nagios-plugin.git"
+ dest: "/usr/lib/nagios/custom-plugins"
+ version: "master"
when: inventory_hostname in groups.backup_server
-- name: set file rights on custom plugins
- file: name={{ item }} mode=0555
+- name: Set file rights on custom plugins
+ ansible.builtin.file:
+ name: "{{ item }}"
+ mode: 0555
with_items:
- - /usr/lib/nagios/custom-plugins/check_cloud_storage.sh
- - /usr/lib/nagios/custom-plugins/check_odoo_storage.sh
- - /usr/lib/nagios/custom-plugins/check_odoo2_storage.sh
+ - /usr/lib/nagios/custom-plugins/check_cloud_storage.sh
+ - /usr/lib/nagios/custom-plugins/check_odoo_storage.sh
+ - /usr/lib/nagios/custom-plugins/check_odoo2_storage.sh
when: inventory_hostname in groups.backup_server
-- name: add check_mdstat script
- get_url:
- url: https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=5423&cf_id=24
- dest: /usr/lib/nagios/custom-plugins/check_mdstat.sh
- mode: '0555'
+- name: Add check_mdstat script
+ ansible.builtin.get_url:
+ url: https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=5423&cf_id=24
+ dest: /usr/lib/nagios/custom-plugins/check_mdstat.sh
+ mode: '0555'
when: raid_config is defined
-- name: add extra scripts
- get_url:
- url: "{{ item.url }}"
- dest: /usr/lib/nagios/custom-plugins/{{ item.name }}
- mode: '0555'
+- name: Add extra scripts
+ ansible.builtin.get_url:
+ url: "{{ item.url }}"
+ dest: /usr/lib/nagios/custom-plugins/{{ item.name }}
+ mode: '0555'
with_items: "{{ plugins_to_download }}"
loop_control:
- label: "{{ item.name }}"
+ label: "{{ item.name }}"
-- name: add nagios to www-data group
- user:
- name: nagios
- groups: www-data
- append: true
+- name: Add nagios to www-data group
+ ansible.builtin.user:
+ name: nagios
+ groups: www-data
+ append: true
when: inventory_hostname in groups.owncloud_server | union(groups.docker_owncloud) | union(groups.docker_nextcloud)
-- name: add cron job to update available packages every day
- cron:
- name: apt update
- minute: "42"
- hour: "7"
- job: /usr/bin/apt update
+- name: Add cron job to update available packages every day
+ ansible.builtin.cron:
+ name: apt update
+ minute: "42"
+ hour: "7"
+ job: /usr/bin/apt update
when: inventory_hostname in groups.full_maintenance
diff --git a/vars/Debian.yml b/vars/Debian.yml
index 05f7fd4..ee4ef55 100644
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@@ -1,10 +1,10 @@
---
packages_to_install:
- - git
- - autoconf
- - gcc
- - libc6
- - libmcrypt-dev
- - make
- - libssl-dev
- - wget
+ - git
+ - autoconf
+ - gcc
+ - libc6
+ - libmcrypt-dev
+ - make
+ - libssl-dev
+ - wget
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index 9f939b0..ccee166 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -1,10 +1,10 @@
---
packages_to_install:
- - git
- - gcc
- - glibc
- - glibc-common
- - openssl
- - openssl-devel
- - perl
- - wget
+ - git
+ - gcc
+ - glibc
+ - glibc-common
+ - openssl
+ - openssl-devel
+ - perl
+ - wget
diff --git a/vars/main.yml b/vars/main.yml
index df295db..72e20b5 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -2,16 +2,16 @@
nrpe_version: "4.0.3"
nagios_plugins_version: "2.3.3"
plugins_to_download:
- - name: check_docker.sh
- url: https://sources.le-filament.com/lefilament/nagios-plugin/-/raw/master/check_docker.sh
- - name: check_fail2ban.sh
- url: https://sources.le-filament.com/lefilament/nagios-plugin/-/raw/master/check_fail2ban.sh
- - name: check_gitlab.rb
- url: https://sources.le-filament.com/lefilament/nagios-plugin/-/raw/master/check_gitlab.rb
- - name: check_mem.pl
- url: https://raw.githubusercontent.com/justintime/nagios-plugins/master/check_mem/check_mem.pl
- - name: check_version.sh
- url: https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=1785&cf_id=24
+ - name: check_docker.sh
+ url: https://sources.le-filament.com/lefilament/nagios-plugin/-/raw/master/check_docker.sh
+ - name: check_fail2ban.sh
+ url: https://sources.le-filament.com/lefilament/nagios-plugin/-/raw/master/check_fail2ban.sh
+ - name: check_gitlab.rb
+ url: https://sources.le-filament.com/lefilament/nagios-plugin/-/raw/master/check_gitlab.rb
+ - name: check_mem.pl
+ url: https://raw.githubusercontent.com/justintime/nagios-plugins/master/check_mem/check_mem.pl
+ - name: check_version.sh
+ url: https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=1785&cf_id=24
fail2ban_jails:
- - sshd
- - recidive
+ - sshd
+ - recidive
--
GitLab