Role Adjustments
Added Sensu Moved default role downloads to ./roles Added unattended-upgrades
This commit is contained in:
parent
b27e8dda28
commit
b7facd7394
@ -65,7 +65,7 @@ local_tmp = ~/.ansible/tmp
|
||||
# inject_facts_as_vars = True
|
||||
|
||||
# additional paths to search for roles in, colon separated
|
||||
roles_path = /etc/ansible/roles:./roles/
|
||||
roles_path = ./roles/:/etc/ansible/roles
|
||||
|
||||
# uncomment this to disable SSH key host checking
|
||||
#host_key_checking = False
|
||||
|
16
playbook/linux/auto-securityupdates.yml
Normal file
16
playbook/linux/auto-securityupdates.yml
Normal file
@ -0,0 +1,16 @@
|
||||
|
||||
---
|
||||
|
||||
- name: enable
|
||||
hosts: linux
|
||||
|
||||
tasks:
|
||||
- name: unattended-upgrades
|
||||
become: true
|
||||
include_role:
|
||||
name: jnv.unattended-upgrades
|
||||
vars:
|
||||
#unattended_package_blacklist: []
|
||||
unattended_automatic_reboot: true
|
||||
|
||||
|
@ -0,0 +1,18 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC3TCCAcWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdTZW5z
|
||||
dUNBMB4XDTE5MDQyODE3NTMwMloXDTI0MDQyNjE3NTMwMlowITEOMAwGA1UEAwwF
|
||||
c2Vuc3UxDzANBgNVBAoMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAMBFLZ/mgAOdKJ2YUkqzjZHKsRyvNxixX9I3LWXJCMfFnWuUOLau5UaE
|
||||
rS6ZbtO1N4djsi6xSyBhPSu2hjPt9KgniTesaKZDwlLO2HLrOpUpmKPPpLxnBym9
|
||||
m/nXWaeuTLAnnNtP/wU4Jwvp1u9qMu5tIYdy+hTd5LJSQcfjgrt5ydHzLbwn9UyE
|
||||
2pcMawEgOaoywY9i6Ofhfsr5hwLkR3/3VS5PfJ2sVsO0Ks2vBW091BaQSwQAarpR
|
||||
ExMHmTrcHoHtWFI0RiFxZ+MoakL5380VSmzhAs8QPxYWYc3PLndhYt4pH6TLcCOF
|
||||
LpY8qk6S/acHuWHgdl+GIgyk5jKqnkECAwEAAaMvMC0wCQYDVR0TBAIwADALBgNV
|
||||
HQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEB
|
||||
AG/MiB8QHvJlGrF1Xa5UHs/ykFJj1n+JzeniC5p3nApnRmpgi9KNlDZqRXjotuww
|
||||
uvaDlsRpFp+X4NukUUR8aUUZpwYbIm/wgXJ376Su0nUmpFmCU2TrGkk/cMeqbAen
|
||||
OYe5WZxsmJnmmkwhHLybrvha/vsCTNV6GY2JcHNhI8R7Uvwna48ueg7/WBQ5oXqZ
|
||||
zdYXMaFD2ioBFaYZqVifWv+5d1av2VBveX1V5p7ZZ3LHsvNS8/eVWufu5I4mwJI9
|
||||
GRPakzY0emL9ZBbtsZtsNA7IA6w4l4WeQtu1DHPc2iYO+JwfpeUNVX65ANSicqjC
|
||||
ibyhYEZs3qI/rb3WPXy6l0I=
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAwEUtn+aAA50onZhSSrONkcqxHK83GLFf0jctZckIx8Wda5Q4
|
||||
tq7lRoStLplu07U3h2OyLrFLIGE9K7aGM+30qCeJN6xopkPCUs7Ycus6lSmYo8+k
|
||||
vGcHKb2b+ddZp65MsCec20//BTgnC+nW72oy7m0hh3L6FN3kslJBx+OCu3nJ0fMt
|
||||
vCf1TITalwxrASA5qjLBj2Lo5+F+yvmHAuRHf/dVLk98naxWw7Qqza8FbT3UFpBL
|
||||
BABqulETEweZOtwege1YUjRGIXFn4yhqQvnfzRVKbOECzxA/FhZhzc8ud2Fi3ikf
|
||||
pMtwI4UuljyqTpL9pwe5YeB2X4YiDKTmMqqeQQIDAQABAoIBAFxnovLLa9DQ0jlT
|
||||
gJFIVAyydoaLqxYiASRdwmK9yIuCbRLL7KnXyncmwri3ouz6lhJqlrMcIDgSo7yD
|
||||
f2Irxb6fKbJpGO53eEgmAx7P8JrJoANygwDNH0MvTmw31G3jNhYfI6K/gpf2kcWG
|
||||
//aWep3eMxQO7SPkNMqC//xaWnVQ0FLigNQjyFlgQrIZ3L4x7qFxcrkvTUIODGio
|
||||
R6hs7fECwXZkvLB28//tiwLEuOHnWGkG64fDebXUBDHsFhY/ObtA9vJITGY2GlUi
|
||||
1KFt9ZJd1JdMoV7EH5IwnA5YUN1NOtb5bwRaCddCMFH2lWsjzV1hNTZ9MzNyFqIF
|
||||
eolkKKUCgYEA6xR0LR3/stMPOWvgdaiXACHsH2hLx7Yh1vOf97eBbdUgiqjeL7DW
|
||||
mUmXIBLOQwrKMWNX0+DAqeuY80ESBmQ5KhRR/Sws2FMXGcqgyNPdJYAruif8y4z9
|
||||
0fGdvES1Fe12lOzyfPJclJi6doglyTjoJS5KGXUz8womJH4eiWZd+98CgYEA0WFx
|
||||
SPttK8Oi9zKxh/6YzpvOaABm6pCUslg79smhPGdhj4M0sO1sS4KzOBBolcplT9e6
|
||||
T1awh7ML44dowIFuQ0FgySnz5ogZt6xnqGv6bbfSVbMNpU4B9O4tJ2z16uFOXDeM
|
||||
f0tS55fcbspJ1Dylc+ndyAurd5E/8z/2BnU6qd8CgYADs6bAryA/qKMsvE4kjCsU
|
||||
jXQyamoHEw8lW2DBfdpD6H9Cr7YP+jDm6QnAL4uf8qOMc4wGghuGkXcvHW8zOpDL
|
||||
4NYJrpBmN6i9dztg7jUlSgdmPwr0CZxVmgBp3osbdUnQvopy/T4H+P+2rh4qNQMy
|
||||
0q/IBthyk05WdMX2U+5W8QKBgFSBwqpVKBvYyyaAZFziKiSBiA47003q6skMia8y
|
||||
dAwgIaU9rH+YY/QaHWGMZdnHJZrTFBQ/heJPJoY/ucywsKMeeQTYFOO/nLmgMPou
|
||||
EpZD8fW63dARKwMDOmBGPv78zpazqNYbvatRhJuGs8OgcprVEjlSVHNewXPZJeA3
|
||||
YmT7AoGAJuMaSA6oZqn0uKJD0FDwIl4j0RfVhPJHe9Um1G1K2FpZ3DV705kcwx1t
|
||||
IUu9pHLFJubwpkQFiERX/6BRbjbp4oZhpPLcLRec5nXTT8LHoiCBMaQW2RtnDMeW
|
||||
XKt2xyhGFp0Drw4vWV0Nr8fJbuBbAqviZTQnBtj7ZJ41KRV1mU4=
|
||||
-----END RSA PRIVATE KEY-----
|
@ -0,0 +1,17 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICxDCCAaygAwIBAgIJAPX7448uFrdyMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
|
||||
BAMMB1NlbnN1Q0EwHhcNMTkwNDI4MTc1MjU3WhcNMjQwNDI2MTc1MjU3WjASMRAw
|
||||
DgYDVQQDDAdTZW5zdUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||
sI4ptnAIEJISxDYMVZIi6vF6GcnzXDyXl4Et9m86QF9+Zyfe4zomGDnfp7wfhddS
|
||||
6asPHMxcgXi9itY6qr33lzdDL4SaMysS/VwWLBwhmdl2hEELPvUKHBF96iyfuq4A
|
||||
lsQ3lAXr/3uqXdODNo38hGaxrK2n1ocKFEKZrGlmrFDvfYKJz1cYlDh5u0ghjJGQ
|
||||
E/MCDeQzGNOjcbSbNUo5nMR8P6nzPcMDHjtA0OS4DXSijvjibHPhZ/NU9KgoTz9W
|
||||
oL8FoePlL6Zq6cwiEKCOUsqivIPbM3nGGNkPBHmSE0dnYXn0le+LK3rkNX60ZdwE
|
||||
fqisAIaHSVQWVlTw4J8xlQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
|
||||
AwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAp1MPCS8tKdUGrT07yHosw7+Gxc++/ylM
|
||||
cmS9GLiwAfU4VU4QEy97ipL4K8VLWbrGVvJSpgxAApLA0jX7R2UcYTYeTk9ikuto
|
||||
BeQRxcj6QdR8BKD4N7Qtje6jBVMJ6Ssky3Kj1XXcEQu4iZx9uZCX2yeCeozXaLtS
|
||||
+Tw3r9NjgIXGvhLCp64JTC+rL74S7cMwAIW5YBRy/K4uBdLKBcjYIi7VQnivsfGu
|
||||
J2+28+kfNw7nNWBdVWtBf6MoJQNEDvpx+HGRBCJoSlgw+GTRgbgCqEPJrXBdbamU
|
||||
SDJtCEdYonQqUCqqCI083ckx8c31YBg1COTZBQnWQiYVpcIfXG7j/A==
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,18 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC3TCCAcWgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdTZW5z
|
||||
dUNBMB4XDTE5MDQyODE3NTI1OVoXDTI0MDQyNjE3NTI1OVowITEOMAwGA1UEAwwF
|
||||
c2Vuc3UxDzANBgNVBAoMBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBALEltlZMg7u1rqFbnljmD+IeiVeRt0zzRiCEpjvQ4t+bBjT5onPAOxYI
|
||||
Q1d3MdPJqA+lyCRP/sXcEKa1l14UDj50WEruK0VqXKL+e2ETeJi4kJb8k8ansCAI
|
||||
Ask5Ok2d8bTSQLzJBCkjwvR5kfG49R5wfJFDSA3WLfTHq1myRibJIMgbFGB2UP3Q
|
||||
yyljZWn04IO72yWhK413CxwnwXKsIFT5/z0hVGZMr5wDWpfhBhtBi6uxqeKG3Zyy
|
||||
CV/f3yUcOL+A9yoxPu155TNYfvmz1rqarTeuOJJJU7TtAiHmue8OhkfRFanBBYj9
|
||||
hSOGPdLB9eKzoWsS8vLKLUTwaQwZ9IsCAwEAAaMvMC0wCQYDVR0TBAIwADALBgNV
|
||||
HQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEB
|
||||
ABPZUxDIGJ6C8hu1aOj5sY/r8yphotSnPVkghBTGVJbjmGHSci+IGbHX6yemVYvH
|
||||
mQWKI8qBdroiIpCOpMVvmG6oUR4s+h/vdKuDoy/x3lRZjJDQiReAGKwwyeiG++wJ
|
||||
x6eSCDGqcIWvk72Zgd+OGym3JGrDpU7ofat+ncqtIunAOh7rhQlyRJ42wYZpWDIi
|
||||
Aass4yn16aYhF/PppUIsBYrWk1UUlKbXOF/Z7WOG4Hg6h5HwwtJZq/PGsSzJqd/O
|
||||
s6XI8Am1pU9PwLwWm9Vad44OhTNWGxsidboUCxNa7Yc7p5CkAqT+Z2Lf7RfvgmcX
|
||||
SUCwSN9REpYGV3k9l47eljY=
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAsSW2VkyDu7WuoVueWOYP4h6JV5G3TPNGIISmO9Di35sGNPmi
|
||||
c8A7FghDV3cx08moD6XIJE/+xdwQprWXXhQOPnRYSu4rRWpcov57YRN4mLiQlvyT
|
||||
xqewIAgCyTk6TZ3xtNJAvMkEKSPC9HmR8bj1HnB8kUNIDdYt9MerWbJGJskgyBsU
|
||||
YHZQ/dDLKWNlafTgg7vbJaErjXcLHCfBcqwgVPn/PSFUZkyvnANal+EGG0GLq7Gp
|
||||
4obdnLIJX9/fJRw4v4D3KjE+7XnlM1h++bPWupqtN644kklTtO0CIea57w6GR9EV
|
||||
qcEFiP2FI4Y90sH14rOhaxLy8sotRPBpDBn0iwIDAQABAoIBAFtnsiXlZTO+E1V/
|
||||
CL2mOBvc1dExhvtVq6Gr0Hqc1fO68gDzrjc7wUElElpXToaRTv6D9DmIbVV6r7zV
|
||||
hj0s7Aydy9EeA4XV0+bmmJMGkPt8gF7oBPhEHkTo3UcnGEZkcQt0UaMXteXkZfvv
|
||||
nrazUQdb02rA5LT/Bsd/H5MwwbHQyipMXKQXpYyzALhoBUrXItc+aHfINHOELs0h
|
||||
UPSoFnNSsQo1VGSd/TCZJYYw2cpmeTqWO4sM6z8vYXJnNQTCb2saW+vywfQoYTJ7
|
||||
V6mSmX7EgYh512jNpNdzhQx8qN1hmWF/r5G9DC4QSnzVoN23fi4H+szB9CEfVlPy
|
||||
pGj6qUECgYEA1zwPaLjz9XgeZiHrLYDCFeNRYE4Noa9mFuuplYxmiIJGsBiUNHNJ
|
||||
bbMn8VpuBBptEUnSTCGJhAF39AGKfUHx+49hTKTUISmnTDOSHLeE1mKvZJWB3x4r
|
||||
3ezfsUVwV4BvidYQEv0FWuE+lniDmx2BVQk7vIiF5VjUxMmyqnB8cEUCgYEA0rLw
|
||||
LtSYod0VzFLs8NlMH9nhfQk7oSfyxqLVwpiAQVAtrI3xfQUaYP04BrV/XOI+YBcF
|
||||
Svg4Ou4tqcuGFFYtqNPAaGYfih7UzEY8Z6wH2rkyznCq7VQZexKKtTbPQCNSkJ5h
|
||||
fpNxfh4sXZSpYg/aIEr6OC8REuhcjRjhJBWJJo8CgYAsPN316j3KMBwfZc1Olu5N
|
||||
TWGGZ8SJfOGAyIMch7TzTcN1ojej6CYpc+87vhhqo3vTV9bvat020o5zCnYKdKll
|
||||
yPx4olAvWL5X/SmE2XtmDPZ7t/bvguYFQRBhASKr+Wvzapn3LSYSncUdbDuwgAn7
|
||||
DmDGyVCr6OwiXkpomaIZ+QKBgCZIpSOdNW6TwVYy6yKIGTDgYfxaJR+PJqm5BKYr
|
||||
F4LGksX7tJlGyBg/amKtr8qswTCsfiW1HGJ4zItBk8c2MW2vrBJMHAb4uymyyV78
|
||||
/yBa7kRcbHJbCZY3NEThBJ9ey63DWWuqVsDXsq/+RxiuUK/1b6mtw6hv2AE7OA1a
|
||||
bGU5AoGBANL+ssYI1JH1TFRwI8iTc/no2Loy2jZ2NGyZbU/gc3NhhVERNgtK8nmM
|
||||
dcYrgmewKKS20+AqqbM7zITYdJea6RTKU6ELJul2iKMDSwA65cEwueqAT6WY7x57
|
||||
z0fBzoaLRQp11SSuuPz9p0a096XGygQP1o2SabZCwY4b3+vtkbJM
|
||||
-----END RSA PRIVATE KEY-----
|
@ -21,5 +21,6 @@
|
||||
server_host: ansible_default_ipv4.address
|
||||
server_name: ansible_hostname
|
||||
elasticsearch_hosts:
|
||||
- http://192.168.0.173:9200
|
||||
#- http://192.168.0.173:9200
|
||||
- http://192.168.0.60:9200
|
||||
|
||||
|
19
playbook/linux/sensu-test.yml
Normal file
19
playbook/linux/sensu-test.yml
Normal file
@ -0,0 +1,19 @@
|
||||
|
||||
- name: testing sensu
|
||||
hosts: linux
|
||||
|
||||
tasks:
|
||||
- name: install sensu server
|
||||
become: true
|
||||
import_role:
|
||||
name: sensu.sensu
|
||||
vars:
|
||||
# Sever vars
|
||||
sensu_deploy_redis_server: true
|
||||
sensu_deploy_rabbitmq_server: true
|
||||
sensu_master: true
|
||||
#sensu_include_plugins: true
|
||||
sensu_include_dashboard: true
|
||||
# Client Vars
|
||||
#sensu_client: true
|
||||
|
9
roles/jnv.unattended-upgrades/.editorconfig
Normal file
9
roles/jnv.unattended-upgrades/.editorconfig
Normal file
@ -0,0 +1,9 @@
|
||||
root = true
|
||||
|
||||
[*]
|
||||
indent_style = space
|
||||
indent_size = 2
|
||||
end_of_line = lf
|
||||
charset = utf-8
|
||||
trim_trailing_whitespace = true
|
||||
insert_final_newline = true
|
3
roles/jnv.unattended-upgrades/.gitignore
vendored
Normal file
3
roles/jnv.unattended-upgrades/.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
.vagrant/
|
||||
*~
|
||||
*.log
|
16
roles/jnv.unattended-upgrades/.travis.yml
Normal file
16
roles/jnv.unattended-upgrades/.travis.yml
Normal file
@ -0,0 +1,16 @@
|
||||
sudo: required
|
||||
language: python
|
||||
services: docker
|
||||
|
||||
cache: pip
|
||||
|
||||
install:
|
||||
- pip install ansible docker
|
||||
- ansible-galaxy install -r tests/requirements.yml -p tests/roles/
|
||||
|
||||
script:
|
||||
- ansible --version
|
||||
- tests/test.sh
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
339
roles/jnv.unattended-upgrades/LICENSE
Normal file
339
roles/jnv.unattended-upgrades/LICENSE
Normal file
@ -0,0 +1,339 @@
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Lesser General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License.
|
180
roles/jnv.unattended-upgrades/README.md
Normal file
180
roles/jnv.unattended-upgrades/README.md
Normal file
@ -0,0 +1,180 @@
|
||||
# Unattended-Upgrades Role for Ansible
|
||||
|
||||
[![Build Status of branch master](https://img.shields.io/travis/jnv/ansible-role-unattended-upgrades/master.svg?style=flat-square)](https://travis-ci.org/jnv/ansible-role-unattended-upgrades)
|
||||
[![Ansible Role: jnv.unattended-upgrades](https://img.shields.io/ansible/role/8068.svg?style=flat-square)](https://galaxy.ansible.com/jnv/unattended-upgrades/)
|
||||
|
||||
Install and setup [unattended-upgrades](https://launchpad.net/unattended-upgrades) for Ubuntu and Debian (since Wheezy), to periodically install security upgrades.
|
||||
|
||||
**NOTE:** If you have used version 0.0.1 of the role, you can delete the file `/etc/apt/apt.conf.d/10periodic` as it is not needed anymore. You can use the following one-shot command:
|
||||
|
||||
ansible -m file -a "state=absent path=/etc/apt/apt.conf.d/10periodic" <host-pattern>
|
||||
|
||||
## Requirements
|
||||
|
||||
The role uses [apt module](http://docs.ansible.com/apt_repository_module.html) which has additional dependencies.
|
||||
|
||||
If you set `unattended_mail` to an e-mail address, make sure `mailx` command is available and your system is able to send e-mails.
|
||||
|
||||
The role requires unattended-upgrades version 0.70 and newer, which is available since Debian Wheezy and Ubuntu 12.04 respectively. This is due to [Origins Patterns](#origins-patterns) usage; if this is not available on your system, you may use [the first version of the role](https://github.com/jnv/ansible-role-unattended-upgrades/tree/v0.1).
|
||||
|
||||
### Automatic Reboot
|
||||
|
||||
If you enable automatic reboot feature (`unattended_automatic_reboot`), the role will attempt to install `update-notifier-common` package, which is required on some systems for detecting and executing reboot after the upgrade. You may optionally define a specific time for rebooting (`unattended_automatic_reboot_time`).
|
||||
|
||||
This feature was broken in Debian Jessie, but eventually was rolled into the unattended-upgrades package; see [the discussion in #6](https://github.com/jnv/ansible-role-unattended-upgrades/issues/6) for more details.
|
||||
|
||||
## Disabled Cron Jobs
|
||||
|
||||
On some hosts you may find that the unattended-upgrade's cronfile `/etc/cron.daily/apt` file has been renamed to `apt.disabled`. This is possibly provider's decision, to save some CPU cycles. Use [enable-standard-cronjobs](https://github.com/Yannik/ansible-role-enable-standard-cronjobs) role to reenable unattended-upgrades. See also discussion in [#9](https://github.com/jnv/ansible-role-unattended-upgrades/issues/9).
|
||||
|
||||
## Role Variables
|
||||
|
||||
* `unattended_cache_valid_time`: Update the apt cache if its older than the given time in seconds; passed to the [apt module](https://docs.ansible.com/ansible/latest/apt_module.html) during package installation.
|
||||
* Default: `3600`
|
||||
* `unattended_origins_patterns`: array of origins patterns to determine whether the package can be automatically installed, for more details see [Origins Patterns](#origins-patterns) below.
|
||||
* Default for Debian: `['origin=Debian,codename=${distro_codename},label=Debian-Security']`
|
||||
* Default for Ubuntu: `['origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu']`
|
||||
* `unattended_package_blacklist`: packages which won't be automatically upgraded
|
||||
* Default: `[]`
|
||||
* `unattended_autofix_interrupted_dpkg`: whether on unclean dpkg exit to run `dpkg --force-confold --configure -a`
|
||||
* Default: `true`
|
||||
* `unattended_minimal_steps`: split the upgrade into the smallest possible chunks so that they can be interrupted with SIGUSR1.
|
||||
* Default: `false`
|
||||
* `unattended_install_on_shutdown`: install all unattended-upgrades when the machine is shuting down.
|
||||
* Default: `false`
|
||||
* `unattended_mail`: e-mail address to send information about upgrades or problems with unattended upgrades
|
||||
* Default: `false` (don't send any e-mail)
|
||||
* `unattended_mail_only_on_error`: send e-mail only on errors, otherwise e-mail will be sent every time there's a package upgrade.
|
||||
* Default: `false`
|
||||
* `unattended_remove_unused_dependencies`: do automatic removal of new unused dependencies after the upgrade.
|
||||
* Default: `false`
|
||||
* `unattended_automatic_reboot`: Automatically reboot system if any upgraded package requires it, immediately after the upgrade.
|
||||
* Default: `false`
|
||||
* `unattended_automatic_reboot_time`: Automatically reboot system if any upgraded package requires it, at the specific time (_HH:MM_) instead of immediately after the upgrade.
|
||||
* Default: `false`
|
||||
* `unattended_update_days`: Set the days of the week that updates should be applied. The days can be specified as localized abbreviated or full names. Or as integers where "0" is Sunday, "1" is Monday etc. Example: `{"Mon";"Fri"};`
|
||||
* Default: disabled
|
||||
* `unattended_ignore_apps_require_restart`: unattended-upgrades won't automatically upgrade some critical packages requiring restart after an upgrade (i.e. there is `XB-Upgrade-Requires: app-restart` directive in their debian/control file). With this option set to `true`, unattended-upgrades will upgrade these packages regardless of the directive.
|
||||
* Default: `false`
|
||||
* `unattended_verbose`: Define verbosity level of APT for periodic runs. The output will be sent to root.
|
||||
* Possible options:
|
||||
* `0`: no report
|
||||
* `1`: progress report
|
||||
* `2`: + command outputs
|
||||
* `3`: + trace on
|
||||
* Default: `0` (no report)
|
||||
* `unattended_update_package_list`: Do "apt-get update" automatically every n-days (0=disable)
|
||||
* Default: `1`
|
||||
* `unattended_download_upgradeable`: Do "apt-get upgrade --download-only" every n-days (0=disable)
|
||||
* Default: `0`
|
||||
* `unattended_autoclean_interval`: Do "apt-get autoclean" every n-days (0=disable)
|
||||
* Default: `7`
|
||||
* `unattended_clean_interval`: Do "apt-get clean" every n-days (0=disable)
|
||||
* Default: `0`
|
||||
* `unattended_random_sleep`: Define maximum for a random interval in seconds after which the apt job starts (only for systems without systemd)
|
||||
* Default: `1800` (30 minutes)
|
||||
* `unattended_dpkg_options`: Array of dpkg command-line options used during unattended-upgrades runs, e.g. `["--force-confdef"]`, `["--force-confold"]`
|
||||
* Default: `[]`
|
||||
* `unattended_dl_limit`: Limit the download speed in kb/sec using apt bandwidth limit feature.
|
||||
* Default: disabled
|
||||
|
||||
## Origins Patterns
|
||||
|
||||
Origins Pattern is a more powerful alternative to the Allowed Origins option used in previous versions of unattended-upgrade.
|
||||
|
||||
Pattern is composed from specific keywords:
|
||||
|
||||
* `a`,`archive`,`suite` – e.g. `stable`, `trusty-security` (`archive=stable`)
|
||||
* `c`,`component` – e.g. `main`, `crontrib`, `non-free` (`component=main`)
|
||||
* `l`,`label` – e.g. `Debian`, `Debian-Security`, `Ubuntu`
|
||||
* `o`,`origin` – e.g. `Debian`, `Unofficial Multimedia Packages`, `Ubuntu`
|
||||
* `n`,`codename` – e.g. `jessie`, `jessie-updates`, `trusty` (this is only supported with `unattended-upgrades` >= 0.80)
|
||||
* `site` – e.g. `http.debian.net`
|
||||
|
||||
You can review the available repositories using `apt-cache policy` and debug your choice using `unattended-upgrades -d` command on a target system.
|
||||
|
||||
Additionally unattended-upgrades support two macros (variables), derived from `/etc/debian_version`:
|
||||
|
||||
* `${distro_id}` – Installed distribution name, e.g. `Debian` or `Ubuntu`.
|
||||
* `${distro_codename}` – Installed codename, e.g. `jessie` or `trusty`.
|
||||
|
||||
Using `${distro_codename}` should be preferred over using `stable` or `oldstable` as a selected, as once `stable` moves to `oldstable`, no security updates will be installed at all, or worse, package from a newer distro release will be installed by accident. The same goes for upgrading your installation from `oldstable` to `stable`, if you forget to change this in your origin patterns, you may not receive the security updates for your newer distro release. With `${distro_codename}`, both cases can never happen.
|
||||
|
||||
## Role Usage Example
|
||||
|
||||
Example for Ubuntu, with custom [origins patterns](#patterns-examples), blacklisted packages and e-mail notification:
|
||||
|
||||
```yaml
|
||||
- hosts: all
|
||||
roles:
|
||||
- role: jnv.unattended-upgrades
|
||||
unattended_origins_patterns:
|
||||
- 'origin=Ubuntu,archive=${distro_codename}-security'
|
||||
- 'o=Ubuntu,a=${distro_codename}-updates'
|
||||
unattended_package_blacklist: [cowsay, vim]
|
||||
unattended_mail: 'root@example.com'
|
||||
```
|
||||
|
||||
_Note:_ You don't need to specify `unattended_origins_patterns`, the role will use distribution's default if the variable is not set.
|
||||
|
||||
### Patterns Examples
|
||||
|
||||
By default, only security updates are allowed for both Ubuntu and Debian. You can add more patterns to allow unattended-updates install more packages automatically, however be aware that automated major updates may potentially break your system.
|
||||
|
||||
#### For Debian
|
||||
|
||||
```yaml
|
||||
unattended_origins_patterns:
|
||||
- 'origin=Debian,codename=${distro_codename},label=Debian-Security' # security updates
|
||||
- 'o=Debian,codename=${distro_codename},label=Debian' # updates including non-security updates
|
||||
- 'o=Debian,codename=${distro_codename},a=proposed-updates'
|
||||
```
|
||||
|
||||
On debian wheezy, due to `unattended-upgrades` being `0.79.5`, you cannot use the `codename` directive.
|
||||
|
||||
You will have to do archive based matching instead:
|
||||
|
||||
```yaml
|
||||
unattended_origins_patterns:
|
||||
- 'origin=Debian,a=stable,label=Debian-Security' # security updates
|
||||
- 'o=Debian,a=stable,l=Debian' # updates including non-security updates
|
||||
- 'o=Debian,a=proposed-updates'
|
||||
```
|
||||
|
||||
Please be sure to read about the issues regarding this in the origin pattern documentation above.
|
||||
|
||||
#### For Ubuntu
|
||||
|
||||
In Ubuntu, archive always contains the distribution codename
|
||||
|
||||
```yaml
|
||||
unattended_origins_patterns:
|
||||
- 'origin=Ubuntu,archive=${distro_codename}-security'
|
||||
- 'o=Ubuntu,a=${distro_codename}'
|
||||
- 'o=Ubuntu,a=${distro_codename}-updates'
|
||||
- 'o=Ubuntu,a=${distro_codename}-proposed-updates'
|
||||
```
|
||||
|
||||
|
||||
#### For Raspbian
|
||||
|
||||
In Raspbian, it is only possible to update all packages from the default repository, including non-security updates, or updating none.
|
||||
|
||||
Updating all, including non-security:
|
||||
|
||||
```yaml
|
||||
unattended_origins_patterns:
|
||||
- 'origin=Raspbian,codename=${distro_codename},label=Raspbian'
|
||||
```
|
||||
|
||||
You can not use the `codename` directive on raspbian wheezy, the same as with debian wheezy above.
|
||||
|
||||
To not install any updates on a raspbian host, just set `unattended_origins_patterns` to an empty list:
|
||||
```
|
||||
unattended_origins_patterns: []
|
||||
```
|
||||
|
||||
|
||||
## License
|
||||
|
||||
GPLv2
|
122
roles/jnv.unattended-upgrades/defaults/main.yml
Normal file
122
roles/jnv.unattended-upgrades/defaults/main.yml
Normal file
@ -0,0 +1,122 @@
|
||||
---
|
||||
# Cache update time for apt module
|
||||
unattended_cache_valid_time: 3600
|
||||
|
||||
#Unattended-Upgrade::Origins-Pattern
|
||||
# Automatically upgrade packages from these origin patterns
|
||||
# e.g.: 'o=Debian,a=stable', 'o=Debian,a=stable-updates'
|
||||
#
|
||||
# Left unset, distribution-specific defaults will be used through
|
||||
# __unattended_origins_patterns variable only if this variable
|
||||
# is not provided externally
|
||||
# REFS https://github.com/ansible/ansible/issues/8121
|
||||
#unattended_origins_patterns: []
|
||||
|
||||
#Unattended-Upgrade::Package-Blacklist
|
||||
# List of packages to not update
|
||||
unattended_package_blacklist: []
|
||||
|
||||
#Unattended-Upgrade::AutoFixInterruptedDpkg
|
||||
# On a unclean dpkg exit unattended-upgrades will run
|
||||
# dpkg --force-confold --configure -a
|
||||
# The default is true, to ensure updates keep getting installed
|
||||
unattended_autofix_interrupted_dpkg: true
|
||||
|
||||
#Unattended-Upgrade::MinimalSteps
|
||||
# Split the upgrade into the smallest possible chunks so that
|
||||
# they can be interrupted with SIGUSR1. This makes the upgrade
|
||||
# a bit slower but it has the benefit that shutdown while a upgrade
|
||||
# is running is possible (with a small delay)
|
||||
unattended_minimal_steps: false
|
||||
|
||||
#Unattended-Upgrade::InstallOnShutdown
|
||||
# Install all unattended-upgrades when the machine is shuting down
|
||||
# instead of doing it in the background while the machine is running
|
||||
# This will (obviously) make shutdown slower
|
||||
unattended_install_on_shutdown: false
|
||||
|
||||
#Unattended-Upgrade::Mail
|
||||
# Send email to this address for problems or packages upgrades
|
||||
# If empty or unset then no email is sent, make sure that you
|
||||
# have a working mail setup on your system. A package that provides
|
||||
# 'mailx' must be installed.
|
||||
unattended_mail: false
|
||||
|
||||
#Unattended-Upgrade::MailOnlyOnError
|
||||
# Set this value to "true" to get emails only on errors. Default
|
||||
# is to always send a mail if Unattended-Upgrade::Mail is set
|
||||
unattended_mail_only_on_error: false
|
||||
|
||||
#Unattended-Upgrade::Remove-Unused-Dependencies
|
||||
# Do automatic removal of new unused dependencies after the upgrade
|
||||
# (equivalent to apt-get autoremove)
|
||||
unattended_remove_unused_dependencies: false
|
||||
|
||||
#Unattended-Upgrade::Automatic-Reboot
|
||||
# Automatically reboot *WITHOUT CONFIRMATION* if a
|
||||
# the file /var/run/reboot-required is found after the upgrade
|
||||
unattended_automatic_reboot: false
|
||||
|
||||
#Unattended-Upgrade::Automatic-Reboot-Time
|
||||
# If automatic reboot is enabled and needed, reboot at the specific
|
||||
# time instead of immediately
|
||||
unattended_automatic_reboot_time: false
|
||||
|
||||
#Unattended-Upgrade::IgnoreAppsRequireRestart
|
||||
# Do upgrade application even if it requires restart after upgrade
|
||||
# I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file
|
||||
unattended_ignore_apps_require_restart: false
|
||||
|
||||
### APT::Periodic configuration
|
||||
# Snatched from /usr/lib/apt/apt.systemd.daily
|
||||
|
||||
#APT::Periodic::Update-Package-Lists "0";
|
||||
# - Do "apt-get update" automatically every n-days (0=disable)
|
||||
unattended_update_package_list: 1
|
||||
|
||||
#APT::Periodic::Download-Upgradeable-Packages "0";
|
||||
# - Do "apt-get upgrade --download-only" every n-days (0=disable)
|
||||
#unattended_download_upgradeable: 0
|
||||
|
||||
#APT::Periodic::AutocleanInterval "0";
|
||||
# - Do "apt-get autoclean" every n-days (0=disable)
|
||||
unattended_autoclean_interval: 7
|
||||
|
||||
#APT::Periodic::CleanInterval "0";
|
||||
# - Do "apt-get clean" every n-days (0=disable)
|
||||
#unattended_clean_interval: 0
|
||||
|
||||
#APT::Periodic::Verbose "0";
|
||||
# - Send report mail to root
|
||||
# 0: no report (or null string)
|
||||
# 1: progress report (actually any string)
|
||||
# 2: + command outputs (remove -qq, remove 2>/dev/null, add -d)
|
||||
# 3: + trace on
|
||||
#unattended_verbose: 0
|
||||
|
||||
## Cron systems only
|
||||
|
||||
#APT::Periodic::RandomSleep
|
||||
# When the apt job starts, it will sleep for a random period between 0
|
||||
# and APT::Periodic::RandomSleep seconds
|
||||
# The default value is "1800" so that the script will stall for up to 30
|
||||
# minutes (1800 seconds) so that the mirror servers are not crushed by
|
||||
# everyone running their updates all at the same time
|
||||
# Kept undefined to allow default (1800)
|
||||
#unattended_random_sleep: 0
|
||||
|
||||
#Dpkg::Options
|
||||
# Provide dpkg options that take effect during unattended upgrades.
|
||||
# By default no flags are appended. Configuration file changes can
|
||||
# block installation of certain packages. Passing the flags
|
||||
# "--force-confdef" and "--force-confold" will ensure updates are applied
|
||||
# and old configuration files are preserved.
|
||||
unattended_dpkg_options: []
|
||||
|
||||
# unattended_dpkg_options:
|
||||
# - "--force-confdef"
|
||||
# - "--force-confold"
|
||||
|
||||
|
||||
# Use apt bandwidth limit feature, this example limits the download speed to 70kb/sec
|
||||
#unattended_dl_limit: 70
|
2
roles/jnv.unattended-upgrades/handlers/main.yml
Normal file
2
roles/jnv.unattended-upgrades/handlers/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
# handlers file for unattended-upgrades
|
2
roles/jnv.unattended-upgrades/meta/.galaxy_install_info
Normal file
2
roles/jnv.unattended-upgrades/meta/.galaxy_install_info
Normal file
@ -0,0 +1,2 @@
|
||||
install_date: Sun Apr 28 18:26:47 2019
|
||||
version: v1.7.0
|
38
roles/jnv.unattended-upgrades/meta/main.yml
Normal file
38
roles/jnv.unattended-upgrades/meta/main.yml
Normal file
@ -0,0 +1,38 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: Jan Vlnas
|
||||
description: Setup unattended-upgrades on Debian-based systems
|
||||
license: GPLv2
|
||||
min_ansible_version: 1.4
|
||||
platforms:
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- precise
|
||||
- raring
|
||||
- saucy
|
||||
- trusty
|
||||
- utopic
|
||||
- name: Debian
|
||||
versions:
|
||||
- wheezy
|
||||
- jessie
|
||||
#
|
||||
# Below are all categories currently available. Just as with
|
||||
# the platforms above, uncomment those that apply to your role.
|
||||
#
|
||||
categories:
|
||||
#- cloud
|
||||
#- cloud:ec2
|
||||
#- cloud:gce
|
||||
#- cloud:rax
|
||||
#- database
|
||||
#- database:nosql
|
||||
#- database:sql
|
||||
#- development
|
||||
#- monitoring
|
||||
#- networking
|
||||
#- packaging
|
||||
- system
|
||||
#- web
|
||||
dependencies: []
|
||||
|
2
roles/jnv.unattended-upgrades/tasks/main.yml
Normal file
2
roles/jnv.unattended-upgrades/tasks/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
- include: unattended-upgrades.yml
|
||||
tags: unattended
|
9
roles/jnv.unattended-upgrades/tasks/reboot.yml
Normal file
9
roles/jnv.unattended-upgrades/tasks/reboot.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
# Ignored, since newer distros don't need this package
|
||||
# https://github.com/jnv/ansible-role-unattended-upgrades/issues/6
|
||||
- name: install update-notifier-common
|
||||
apt:
|
||||
pkg: update-notifier-common
|
||||
state: present
|
||||
failed_when: false
|
||||
|
34
roles/jnv.unattended-upgrades/tasks/unattended-upgrades.yml
Normal file
34
roles/jnv.unattended-upgrades/tasks/unattended-upgrades.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
- name: add distribution-specific variables
|
||||
include_vars: "{{ ansible_distribution }}.yml"
|
||||
|
||||
- name: add Debian Wheezy workaround
|
||||
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml"
|
||||
when: (ansible_distribution == "Debian") and (ansible_distribution_release == "wheezy")
|
||||
|
||||
- name: install unattended-upgrades
|
||||
apt:
|
||||
pkg: unattended-upgrades
|
||||
state: present
|
||||
cache_valid_time: "{{unattended_cache_valid_time}}"
|
||||
update_cache: yes
|
||||
|
||||
- name: install reboot dependencies
|
||||
include: reboot.yml
|
||||
when: unattended_automatic_reboot
|
||||
|
||||
- name: create APT auto-upgrades configuration
|
||||
template:
|
||||
src: auto-upgrades.j2
|
||||
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: create unattended-upgrades configuration
|
||||
template:
|
||||
src: unattended-upgrades.j2
|
||||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
25
roles/jnv.unattended-upgrades/templates/auto-upgrades.j2
Normal file
25
roles/jnv.unattended-upgrades/templates/auto-upgrades.j2
Normal file
@ -0,0 +1,25 @@
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
|
||||
{% if unattended_update_package_list is defined %}
|
||||
APT::Periodic::Update-Package-Lists "{{unattended_update_package_list}}";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_download_upgradeable is defined %}
|
||||
APT::Periodic::Download-Upgradeable-Packages "{{unattended_download_upgradeable}}";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_autoclean_interval is defined %}
|
||||
APT::Periodic::AutocleanInterval "{{unattended_autoclean_interval}}";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_clean_interval is defined %}
|
||||
APT::Periodic::CleanInterval "{{unattended_clean_interval}}";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_verbose is defined %}
|
||||
APT::Periodic::Verbose "{{unattended_verbose}}";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_random_sleep is defined %}
|
||||
APT::Periodic::RandomSleep "{{unattended_random_sleep}}";
|
||||
{% endif %}
|
106
roles/jnv.unattended-upgrades/templates/unattended-upgrades.j2
Normal file
106
roles/jnv.unattended-upgrades/templates/unattended-upgrades.j2
Normal file
@ -0,0 +1,106 @@
|
||||
// Unattended-Upgrade::Origins-Pattern controls which packages are
|
||||
// upgraded.
|
||||
Unattended-Upgrade::Origins-Pattern {
|
||||
{% if unattended_origins_patterns is defined %}
|
||||
{% for origin in unattended_origins_patterns %}
|
||||
"{{ origin }}";
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% for origin in __unattended_origins_patterns %}
|
||||
"{{ origin }}";
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
};
|
||||
|
||||
// List of packages to not update (regexp are supported)
|
||||
Unattended-Upgrade::Package-Blacklist {
|
||||
{% for package in unattended_package_blacklist %}
|
||||
"{{package}}";
|
||||
{% endfor %}
|
||||
};
|
||||
|
||||
{% if not unattended_autofix_interrupted_dpkg %}
|
||||
// This option allows you to control if on a unclean dpkg exit
|
||||
// unattended-upgrades will automatically run
|
||||
// dpkg --force-confold --configure -a
|
||||
// The default is true, to ensure updates keep getting installed
|
||||
Unattended-Upgrade::AutoFixInterruptedDpkg "false";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_minimal_steps %}
|
||||
// Split the upgrade into the smallest possible chunks so that
|
||||
// they can be interrupted with SIGUSR1. This makes the upgrade
|
||||
// a bit slower but it has the benefit that shutdown while a upgrade
|
||||
// is running is possible (with a small delay)
|
||||
Unattended-Upgrade::MinimalSteps "true";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_install_on_shutdown %}
|
||||
// Install all unattended-upgrades when the machine is shuting down
|
||||
// instead of doing it in the background while the machine is running
|
||||
// This will (obviously) make shutdown slower
|
||||
Unattended-Upgrade::InstallOnShutdown "true";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_mail %}
|
||||
// Send email to this address for problems or packages upgrades
|
||||
// If empty or unset then no email is sent, make sure that you
|
||||
// have a working mail setup on your system. A package that provides
|
||||
// 'mailx' must be installed.
|
||||
Unattended-Upgrade::Mail "{{unattended_mail}}";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_mail_only_on_error %}
|
||||
// Set this value to "true" to get emails only on errors. Default
|
||||
// is to always send a mail if Unattended-Upgrade::Mail is set
|
||||
Unattended-Upgrade::MailOnlyOnError "true";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_remove_unused_dependencies %}
|
||||
// Do automatic removal of new unused dependencies after the upgrade
|
||||
// (equivalent to apt-get autoremove)
|
||||
Unattended-Upgrade::Remove-Unused-Dependencies "true";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_automatic_reboot %}
|
||||
// Automatically reboot *WITHOUT CONFIRMATION* if a
|
||||
// the file /var/run/reboot-required is found after the upgrade
|
||||
Unattended-Upgrade::Automatic-Reboot "true";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_automatic_reboot_time %}
|
||||
// If automatic reboot is enabled and needed, reboot at the specific
|
||||
// time instead of immediately
|
||||
// Default: "now"
|
||||
Unattended-Upgrade::Automatic-Reboot-Time "{{ unattended_automatic_reboot_time }}";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_update_days is defined %}
|
||||
// Set the days of the week that updates should be applied. The days can be specified
|
||||
// as localized abbreviated or full names. Or as integers where "0" is Sunday, "1" is
|
||||
// Monday etc.
|
||||
// Example - apply updates only on Monday and Friday:
|
||||
// {"Mon";"Fri"};
|
||||
Unattended-Upgrade::Update-Days {{ unattended_update_days }};
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_ignore_apps_require_restart %}
|
||||
// Do upgrade application even if it requires restart after upgrade
|
||||
// I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file
|
||||
Unattended-Upgrade::IgnoreAppsRequireRestart "true";
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_dpkg_options %}
|
||||
// Append options for governing dpkg behavior, e.g. --force-confdef.
|
||||
Dpkg::Options {
|
||||
{% for dpkg_option in unattended_dpkg_options %}
|
||||
"{{ dpkg_option }}";
|
||||
{% endfor %}
|
||||
};
|
||||
{% endif %}
|
||||
|
||||
{% if unattended_dl_limit is defined %}
|
||||
// Use apt bandwidth limit feature, this example limits the download
|
||||
// speed to 70kb/sec
|
||||
Acquire::http::Dl-Limit "{{ unattended_dl_limit }}";
|
||||
{% endif %}
|
3
roles/jnv.unattended-upgrades/tests/ansible.cfg
Normal file
3
roles/jnv.unattended-upgrades/tests/ansible.cfg
Normal file
@ -0,0 +1,3 @@
|
||||
[defaults]
|
||||
roles_path = ../../
|
||||
retry_files_enabled = False
|
1
roles/jnv.unattended-upgrades/tests/inventory
Normal file
1
roles/jnv.unattended-upgrades/tests/inventory
Normal file
@ -0,0 +1 @@
|
||||
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"
|
3
roles/jnv.unattended-upgrades/tests/requirements.yml
Normal file
3
roles/jnv.unattended-upgrades/tests/requirements.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
- src: chrismeyersfsu.provision_docker
|
||||
name: provision_docker
|
29
roles/jnv.unattended-upgrades/tests/test.sh
Executable file
29
roles/jnv.unattended-upgrades/tests/test.sh
Executable file
@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Exit on any individual command failure
|
||||
set -e
|
||||
|
||||
# Pretty colors.
|
||||
red='\033[0;31m'
|
||||
green='\033[0;32m'
|
||||
neutral='\033[0m'
|
||||
|
||||
section() {
|
||||
echo -e "\033[33;1m$1\033[0m"
|
||||
}
|
||||
|
||||
fold_start() {
|
||||
echo -e "travis_fold:start:$1\033[33;1m$2\033[0m"
|
||||
}
|
||||
|
||||
fold_end() {
|
||||
echo -e "\ntravis_fold:end:$1\r"
|
||||
}
|
||||
|
||||
# Ensure we are in the tests dir
|
||||
cd "$( dirname "${BASH_SOURCE[0]}" )"
|
||||
|
||||
section "Syntax check"
|
||||
ansible-playbook -i inventory --syntax-check test.yml
|
||||
section "Running role"
|
||||
ansible-playbook -i inventory test.yml
|
70
roles/jnv.unattended-upgrades/tests/test.yml
Normal file
70
roles/jnv.unattended-upgrades/tests/test.yml
Normal file
@ -0,0 +1,70 @@
|
||||
---
|
||||
- name: Bring up Docker containers
|
||||
hosts: localhost
|
||||
gather_facts: false
|
||||
vars:
|
||||
inventory:
|
||||
- name: ubuntu_latest
|
||||
image: "ubuntu:latest"
|
||||
- name: ubuntu_xenial
|
||||
image: "ubuntu:xenial"
|
||||
- name: ubuntu_trusty
|
||||
image: "ubuntu:trusty"
|
||||
- name: debian_testing
|
||||
image: "debian:testing"
|
||||
- name: debian_stable
|
||||
image: "debian:stable"
|
||||
- name: debian_oldstable
|
||||
image: "debian:oldstable"
|
||||
roles:
|
||||
- role: provision_docker
|
||||
provision_docker_inventory: "{{ inventory }}"
|
||||
provision_docker_privileged: true
|
||||
provision_docker_use_docker_connection: true
|
||||
|
||||
- name: Test role
|
||||
hosts: docker_containers
|
||||
gather_facts: false
|
||||
pre_tasks:
|
||||
- name: Provision Python
|
||||
raw: bash -c "test -e /usr/bin/python || (apt-get -y update && apt-get install -y python-simplejson)"
|
||||
register: output
|
||||
changed_when: output.stdout
|
||||
- setup: # Gather facts
|
||||
vars:
|
||||
unattended_autofix_interrupted_dpkg: false
|
||||
unattended_minimal_steps: true
|
||||
unattended_install_on_shutdown: true
|
||||
unattended_automatic_reboot: true
|
||||
unattended_update_days: '{"Sat"}'
|
||||
roles:
|
||||
# Searched for in ../.. (see ansible.cfg)
|
||||
- ansible-role-unattended-upgrades
|
||||
tasks:
|
||||
- name: Idempotency check
|
||||
include_role:
|
||||
name: ansible-role-unattended-upgrades
|
||||
register: idempotency
|
||||
- fail:
|
||||
msg: Role failed idempotency check
|
||||
when: idempotency.changed
|
||||
|
||||
- name: Get apt-config variables
|
||||
shell: apt-config dump
|
||||
register: aptconfig
|
||||
- name: Check for registered variables
|
||||
assert:
|
||||
that: item in aptconfig.stdout
|
||||
with_items:
|
||||
- 'APT::Periodic::Unattended-Upgrade "1"'
|
||||
- 'Unattended-Upgrade::AutoFixInterruptedDpkg "false"'
|
||||
- 'Unattended-Upgrade::MinimalSteps "true"'
|
||||
- 'Unattended-Upgrade::InstallOnShutdown "true"'
|
||||
- 'Unattended-Upgrade::Automatic-Reboot "true"'
|
||||
# NOTE: this uses the array syntax, which requires one
|
||||
# top-level record, then one item per line
|
||||
- 'Unattended-Upgrade::Update-Days "";'
|
||||
- 'Unattended-Upgrade::Update-Days:: "Sat";'
|
||||
|
||||
- name: Dry run unattended-upgrades
|
||||
command: /usr/bin/unattended-upgrades --dry-run
|
11
roles/jnv.unattended-upgrades/vars/Debian-wheezy.yml
Normal file
11
roles/jnv.unattended-upgrades/vars/Debian-wheezy.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
|
||||
# This workaround for Debian Wheezy which doesn't support ${distro_codename} macro
|
||||
# See
|
||||
# https://github.com/jnv/ansible-role-unattended-upgrades/issues/19
|
||||
# https://github.com/jnv/ansible-role-unattended-upgrades/pull/20
|
||||
# for details
|
||||
|
||||
__unattended_origins_patterns:
|
||||
- 'origin=Debian,archive=stable,label=Debian-Security'
|
||||
- 'origin=Debian,archive=oldstable,label=Debian-Security'
|
3
roles/jnv.unattended-upgrades/vars/Debian.yml
Normal file
3
roles/jnv.unattended-upgrades/vars/Debian.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
__unattended_origins_patterns:
|
||||
- 'origin=Debian,codename=${distro_codename},label=Debian-Security'
|
3
roles/jnv.unattended-upgrades/vars/Ubuntu.yml
Normal file
3
roles/jnv.unattended-upgrades/vars/Ubuntu.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
__unattended_origins_patterns:
|
||||
- 'origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu'
|
@ -31,9 +31,8 @@ server_port: 5601
|
||||
server_host: localhost
|
||||
|
||||
# The Kibana server's name. This is used for display purposes.
|
||||
server_name: {{ ansible_hostname }}
|
||||
server_name: ansible_hostname
|
||||
|
||||
# The URLs of the Elasticsearch instances to use for all your queries.
|
||||
elasticsearch_hosts:
|
||||
- localhost
|
||||
- server02
|
||||
|
6
roles/sensu.sensu/.gitattributes
vendored
Normal file
6
roles/sensu.sensu/.gitattributes
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
Pipfile export-ignore
|
||||
Pipfile.lock export-ignore
|
||||
.travis.yml export-ignore
|
||||
docs/ export-ignore
|
||||
mkdocs.yml export-ignore
|
||||
molecule/ export-ignore
|
4
roles/sensu.sensu/.gitignore
vendored
Normal file
4
roles/sensu.sensu/.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
site
|
||||
molecule/shared/data/*
|
||||
!molecule/shared/data/static/
|
||||
molecule/*/cache/
|
11
roles/sensu.sensu/.yamllint
Normal file
11
roles/sensu.sensu/.yamllint
Normal file
@ -0,0 +1,11 @@
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
braces:
|
||||
max-spaces-inside: 1
|
||||
level: error
|
||||
brackets:
|
||||
max-spaces-inside: 1
|
||||
level: error
|
||||
line-length: disable
|
||||
truthy: disable
|
194
roles/sensu.sensu/CHANGELOG.md
Normal file
194
roles/sensu.sensu/CHANGELOG.md
Normal file
@ -0,0 +1,194 @@
|
||||
# Change Log
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
This project adheres to [Semantic Versioning](http://semver.org/)
|
||||
The format is based on [Keep a Changelog](http://keepachangelog.com/).
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
## [5.2.0] - 2019-03-12
|
||||
## Added
|
||||
- Add official support for OracleLinux 7 (@michaelpporter)
|
||||
|
||||
## [5.1.0] - 2019-02-27
|
||||
## Changed
|
||||
- Add `client_templates` option for group based tempaltes (@michaelpporter)
|
||||
- Add `run_once: true` to `delegate_to: localhost` (@michaelpporter)
|
||||
|
||||
## [5.0.2] - 2019-02-19
|
||||
## Fixed
|
||||
- Fixup new loop logic to deploy checks/handlers/plugins to hosts (@michaelpporter)
|
||||
|
||||
## [5.0.1] - 2019-02-19
|
||||
## Fixed
|
||||
- Fixup sensu_rabbitmq_host to use new default variable for sensu_rabbitmq_servers (@michaelpporter)
|
||||
|
||||
## [5.0.0] - 2019-02-19
|
||||
### Breaking Changes
|
||||
- Prefix all variables with `sensu_` to reduce collisions with other roles (@michaelpporter)
|
||||
|
||||
## [4.0.0] - 2019-02-17
|
||||
### Breaking Changes
|
||||
- Upgrade all playbooks to `loop` syntax, requiring Ansible 2.5 or higher (@michaelpporter)
|
||||
- Update role metadata to require Ansible 2.5 or higher (@jaredledvina)
|
||||
|
||||
### Changed
|
||||
- Upgrade Inspec to 3.6.6 (@jaredledvina)
|
||||
- Re-enabled Ubuntu 18.04 integration tests (@michaelpporter)
|
||||
- Switch from `local_action` to `delegate_to: localhost` (@michaelpporter)
|
||||
|
||||
## [3.0.0] - 2019-02-16
|
||||
### Breaking Changes
|
||||
- Officially drop support for Ansible 2.3 (@jaredledvina)
|
||||
- Switch to `include_tasks` and `import_tasks` (@michaelpporter)
|
||||
|
||||
### Fixed
|
||||
- Update the use of tags to support Ansible 2.5 or higher (@michaelpporter)
|
||||
|
||||
## [2.7.0] - 2019-01-31
|
||||
### Fixed
|
||||
- RabbitMQ - Configure ciphers when SSL is enabled (@mkobel)
|
||||
- Check if sensu_available_checks was skipped to support running in check mode (@jaredledvina)
|
||||
|
||||
### Changed
|
||||
- Tests - Update Dockerfile and bump Inspec to 3.1.1 (@jaredledvina)
|
||||
- Docs - Change theme to readthedocs from flatly to fix builds (@jaredledvina)
|
||||
|
||||
## [2.6.0] - 2018-07-03
|
||||
### Changed
|
||||
- Add support for configuring [Tessen](https://docs.sensu.io/sensu-core/1.4/reference/tessen/) via `sensu_enable_tessen` (@jaredledvina)
|
||||
- Stop publishing development/testing files to Ansible Galaxy (@jaredledvina)
|
||||
- Update molecule's testing configuration for speed and task profiling (@jaredledvina)
|
||||
- Update Inspec to latest stable & refactor shared testing files (@jaredledvina)
|
||||
- RabbitMQ - Expose a varient distro repo configs via variables for more flexibility (@jaredledvina)
|
||||
- RabbitMQ - Configure apt-preferences and pin erlang to version 20.3.X (@jaredledvina)
|
||||
- Fedora - RabbitMQ - Reconfigure GPG key pinning to match CentOS/AmazonLinux (@jaredledvina)
|
||||
- Fedora/CentOS/AmazonLinux - Upgrade to zero-dep erlang v20 repo's (@jaredledvina)
|
||||
|
||||
## [2.5.0] - 2018-06-16
|
||||
### Changed
|
||||
- Ansible role is officially mirrored to the `sensu.sensu` namespace (@jaredledvina)
|
||||
- Deprecated `sensu_pkg_version` for Redhat, Fedora, CentOS, and FreeBSD. To pin going forward across all operating systems, simply append the Sensu version to `sensu_package`. For example, `sensu_package: sensu-1.3.3` will ensure that only Sensu 1.3.3 is ever installed. (@jaredledvina)
|
||||
- Ensure that on first install we install the latest stable Sensu release (@jaredledvina)
|
||||
- Document `sensu_pkg_state`. If you'd like to ensure the latest stable release is always installed, simply leave `sensu_package` to the default `sensu` and change `sensu_pkg_state` to `latest`. (@jaredledvina)
|
||||
- Switched entirely to [molecule](https://github.com/metacloud/molecule) for integration testing (@jaredledvina)
|
||||
- Configure [Inspec](https://www.inspec.io/) for full automated verification after integration testing (@jaredledvina)
|
||||
- Amazon Linux now installs proper version of EPEL (@jaredledvina)
|
||||
- Amazon Linux now installs a supported version of Erlang and RabbitMQ from Bintray (@jaredledvina)
|
||||
- Fixup the CentOS RabbitMQ install w/ full GPG signing verification (@jaredledvina)
|
||||
- Various syntax cleanups and testing documentation updates (@jaredledvina)
|
||||
- Enable `yamllint` checking and fixup all files to pass checks (@jaredledvina)
|
||||
- Enable `ansible-lint` checking and fixup all errors to pass checks (@jaredledvina)
|
||||
- Various doc cleanup and fixes (@jaredledvina)
|
||||
- Switch openssl to `present` as `installed` is deprecated (@rlizana)
|
||||
|
||||
|
||||
## [2.4.0] - 2018-05-06
|
||||
### Fixed:
|
||||
- Automated SSL key & cert generation fails on systems with Python 2.6 or older (@jaredledvina)
|
||||
|
||||
### Changed
|
||||
- Port over the latest ssl_tools code to more native Ansible `command` instructions for greater flexibility (@jaredledvina)
|
||||
|
||||
## [2.3.0] - 2018-05-04
|
||||
### Fixed
|
||||
- Issue that prevented older OS such as CentOS 5 from installing the Sensu RPM package as they are unsigned (@smbambling)
|
||||
- Security issue with redis.json being world readable, as it can contain sensitive information (@smbambling)
|
||||
- Issue with conf.d that limited access and prevent automated tests from passing (@smbambling)
|
||||
|
||||
### Added
|
||||
- Support for keepalive attributes: handlers and thresholds (warning/critical) in client.json (@smbambling)
|
||||
- Support for managing safe_mode in client.json (@smbambling)
|
||||
|
||||
## [2.2.0] - 2018-02-22
|
||||
### Added
|
||||
- Fedora support. Tested in the wild on Fedora 25 as a client and Fedora 27 on the test suite as both master and client. (@danragnar)
|
||||
- `tasks/Fedora/redis.yml`, `tasks/Fedora/rabbit.yml`: Based on CentOS equivalents but with dnf module instead of yum
|
||||
- `tasks/Fedora/main.yml`, `tasks/Fedora/dashboard.yml`: links to Centos files
|
||||
- `vars/Fedora.yml`: vars for Fedora
|
||||
|
||||
### Changed
|
||||
- `tasks/CentOS/dashboard.yml`, `tasks/CentOS/main.yml`: Use generic package module to support Fedora (@danragnar)
|
||||
|
||||
## [2.1.0]
|
||||
### Fixed
|
||||
- `defaults/main.yaml`,`tasks/plugins.yml`: Fix Python 3.X compatability issue when checking the contents of sensu_remote_plugins. (@danragnar)
|
||||
|
||||
### Added
|
||||
- `templates/sensu-api-json.j2`, `templates/uchiwa_config.json.j2`: Check for explicitly defining sensu_uchiwa_users and sensu_api_user_name as empty to disable authentication, useful when having a reverse proxy handling auth in front of the API and/or the uchiwa dashboard (@danragnar)
|
||||
- `tasks/rabbit.yml`: Consistency of remote_src option for rabbitmq and sensu when copying SSL cert/key files. Useful if certificates are generated by another CA (e.g. FreeIPA) on the sensu host. (@danragnar)
|
||||
|
||||
## [2.0.0] - 2018-02-07
|
||||
### Breaking Change
|
||||
- Split up the variables used to determine if a host gets rabbitmq/redis for more flexibility in deployments. (@tculp) `sensu_deploy_rabbitmq` and `sensu_deploy_redis` are now `sensu_deploy_rabbitmq_server` and `sensu_deploy_redis_server` respectively. See the [role variable documentation](https://github.com/sensu/sensu-ansible/blob/master/docs/role_variables.md) for details on the parameters.
|
||||
- Redis on Ubuntu will now be configured to bind to `0.0.0.0` to ensure accessiblity and to match the other supported OS configurations. (@tculp)
|
||||
- Updated the supported Ansible version to the last two stable releases (currently that's Ansible 2.3 and 2.4). (@jaredledvina) Please note that we have not explicitly broken support for running this role on versions of Ansible <2.3. However, we will only be actively supporting the last two stable Ansible releases to reduce the maintenance burden.
|
||||
|
||||
### Added
|
||||
- Initial support for OpenBSD! (@smbambling)
|
||||
- Ubuntu now get's `apt-transport-https` installed to support HTTPS repos. (@kevit)
|
||||
- Default to HTTPS APT repos. @jaredledvina
|
||||
- Allow for configuring when a node gets the `sensu-client` config file. (@tculp)
|
||||
- Allow for deploying client definitions based on groups. (@tculp)
|
||||
- Default to HTTPS Yum repo's and install the Yum key for package signing validation via HTTPS. (@jaredledvina)
|
||||
- Used HTTPS for APT key. (@jaredledvina)
|
||||
- Amazon Linux has proper yum repo configured and supports Amazon Linux 2. (@romainrbr)
|
||||
- Yum based distros now get EPEL to support installing a newer and supported version of RabbitMQ. (@romainrbr)
|
||||
- CentOS now supports using Bintray mirrors for installing RabbitMQ to work around Erlang issues with older versions. (@romainrbr)
|
||||
- All PRs are now required to pass TravisCI integrations tests. (@jaredledvina)
|
||||
- Ensure that we configure the `mode` and `umask` for files to work in a more restrictive environment. (@roumano)
|
||||
- Debian and Ubuntu switch to Bintray for RabbitMQ to match yum distros. (@jaredledvina)
|
||||
|
||||
### Changed
|
||||
- Switched from Gitter to `#ansible` in the Sensu Community Slack. (@grepory)
|
||||
- Bumped SSL tools version to 1.2 by default. (@marji)
|
||||
- Update 'Generate SSL Certs' to support Ansible 2.4. (@tculp)
|
||||
|
||||
## [1.2.0] - 2017-05-13
|
||||
### Added
|
||||
- RedHat support
|
||||
- Sensu enterprise support
|
||||
- Adds a few other minor features as well, such as the ability to toggle rabbitmq's SSL
|
||||
- Uchiwa HA support
|
||||
|
||||
### Changed
|
||||
- Rely on the existing sensu repositories to install Uchiwa
|
||||
- Use the FreeBSD repository
|
||||
- Update documentation to note Ubuntu 15's EOL
|
||||
- Allow overriding the use of EPEL on CentOS/RedHat
|
||||
|
||||
### Fixed
|
||||
- Make sure any local directories that are assumed to exist actually do
|
||||
|
||||
## [1.1.0] - 2017-04-03
|
||||
### Added
|
||||
- Toggle for SSL cert management
|
||||
|
||||
### Changed
|
||||
- Updated repository URLs and versions for all platforms
|
||||
|
||||
### Fixed
|
||||
- Fixed behaivor changed by recent versions of Ansible
|
||||
|
||||
## 1.0.0 - 2017-02-14
|
||||
|
||||
First tagged release, starting at 1.0.0 since the project can be considered stable at this point.
|
||||
|
||||
[Unreleased]: https://github.com/sensu/sensu-ansible/compare/5.2.0...HEAD
|
||||
[5.2.0]: https://github.com/sensu/sensu-ansible/compare/5.1.0...5.2.0
|
||||
[5.1.0]: https://github.com/sensu/sensu-ansible/compare/5.0.2...5.1.0
|
||||
[5.0.2]: https://github.com/sensu/sensu-ansible/compare/5.0.1...5.0.2
|
||||
[5.0.1]: https://github.com/sensu/sensu-ansible/compare/5.0.0...5.0.1
|
||||
[5.0.0]: https://github.com/sensu/sensu-ansible/compare/4.0.0...5.0.0
|
||||
[4.0.0]: https://github.com/sensu/sensu-ansible/compare/3.0.0...4.0.0
|
||||
[3.0.0]: https://github.com/sensu/sensu-ansible/compare/2.7.0...3.0.0
|
||||
[2.7.0]: https://github.com/sensu/sensu-ansible/compare/2.6.0...2.7.0
|
||||
[2.6.0]: https://github.com/sensu/sensu-ansible/compare/2.5.0...2.6.0
|
||||
[2.5.0]: https://github.com/sensu/sensu-ansible/compare/2.4.0...2.5.0
|
||||
[2.4.0]: https://github.com/sensu/sensu-ansible/compare/2.3.0...2.4.0
|
||||
[2.3.0]: https://github.com/sensu/sensu-ansible/compare/2.2.0...2.3.0
|
||||
[2.2.0]: https://github.com/sensu/sensu-ansible/compare/2.1.0...2.2.0
|
||||
[2.1.0]: https://github.com/sensu/sensu-ansible/compare/2.0.0...2.1.0
|
||||
[2.0.0]: https://github.com/sensu/sensu-ansible/compare/1.2.0...2.0.0
|
||||
[1.2.0]: https://github.com/sensu/sensu-ansible/compare/1.1.0...1.2.0
|
||||
[1.1.0]: https://github.com/sensu/sensu-ansible/compare/1.0.0...1.1.0
|
18
roles/sensu.sensu/LICENSE
Normal file
18
roles/sensu.sensu/LICENSE
Normal file
@ -0,0 +1,18 @@
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
85
roles/sensu.sensu/README.md
Normal file
85
roles/sensu.sensu/README.md
Normal file
@ -0,0 +1,85 @@
|
||||
# Sensu [![Ansible Galaxy](https://img.shields.io/badge/galaxy-sensu.sensu-660198.svg?style=flat)](https://galaxy.ansible.com/sensu/sensu/) [![Build Status](https://travis-ci.org/sensu/sensu-ansible.svg?branch=master)](https://travis-ci.org/sensu/sensu-ansible)
|
||||
|
||||
[![Join the chat at https://slack.sensu.io/](https://slack.sensu.io/badge.svg)](https://slack.sensu.io/)
|
||||
|
||||
This role deploys a full [Sensu](https://sensu.io) stack, a modern, open source monitoring framework.
|
||||
|
||||
## Features
|
||||
- Deploy a full [Sensu](https://sensu.io) stack, including RabbitMQ, redis, and the [Uchiwa dashboard](https://uchiwa.io/#/)
|
||||
- Full support for [Sensu Enterprise](https://sensu.io/products/enterprise)
|
||||
- Tight integration with the Ansible inventory - deployment of monitoring checks based on inventory grouping
|
||||
- Fine grained control over dynamic client configurations
|
||||
- Remote plugin deployment
|
||||
- Automatic generation and dynamic deployment of SSL certs for secure communication between your clients and servers
|
||||
- Highly configurable
|
||||
|
||||
## Batteries included, but not imposed
|
||||
Along with deploying the Sensu Server, API and clients, this role can deploy a full stack: [RabbitMQ](http://www.rabbitmq.com/), [redis](http://redis.io), and the [Uchiwa dashboard](https://uchiwa.io/#/).
|
||||
However, if you want to rely on other roles/management methods to deploy/manage these services, [it's nice and easy to integrate this role](http://ansible-sensu.readthedocs.io/en/latest/integration/).
|
||||
|
||||
## Documentation [![Documentation](https://readthedocs.org/projects/ansible-sensu/badge/?version=latest)](http://ansible-sensu.readthedocs.io/en/latest/)
|
||||
[Read the full documentation](http://ansible-sensu.readthedocs.io/en/latest/) for a comprehensive overview of this role and its powerful features.
|
||||
|
||||
## Requirements
|
||||
This role requires:
|
||||
- A supported version of Ansible, see [Ansible version support](#ansible-version-support) for details.
|
||||
- The `dynamic_data_store` variable to be set: see [Dynamic Data Store](http://ansible-sensu.readthedocs.io/en/latest/dynamic_data/)
|
||||
- If `sensu_include_plugins` is true (the default), the `static_data_store` variable needs to be set: see [Check Deployment](http://ansible-sensu.readthedocs.io/en/latest/dynamic_checks/)
|
||||
|
||||
## Supported Platforms
|
||||
### Automatically tested via TravisCI
|
||||
|
||||
- [CentOS - 6](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.9)
|
||||
- [CentOS - 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7)
|
||||
- [Debian - 8 (Jessie)](https://wiki.debian.org/DebianJessie)
|
||||
- [Debian - 9 (Stretch)](https://wiki.debian.org/DebianStretch)
|
||||
- [Ubuntu - 14.04 (Trusty Tahr)](http://releases.ubuntu.com/14.04/)
|
||||
- [Ubuntu - 16.04 (Xenial Xerus)](http://releases.ubuntu.com/16.04/)
|
||||
- [Fedora - 26](https://docs.fedoraproject.org/f26/release-notes/)
|
||||
- [Fedora - 27](https://docs.fedoraproject.org/f27/release-notes/)
|
||||
- [Fedora - 28](https://docs.fedoraproject.org/f28/release-notes/)
|
||||
- [Amazon Linux](https://aws.amazon.com/amazon-linux-ami/)
|
||||
- [Amazon Linux 2](https://aws.amazon.com/amazon-linux-2/)
|
||||
|
||||
### Supported manually (compatibility not always guaranteed)
|
||||
- [SmartOS - base-64 15.x.x](https://docs.joyent.com/images/smartos/base#version-15xx)
|
||||
- [FreeBSD - 10.3, 11.0 (64-bit only)](https://www.freebsd.org/releases/10.2R/relnotes.html)
|
||||
- [OpenBSD - 6.2](https://www.openbsd.org/62.html)
|
||||
|
||||
## Role Variables
|
||||
|
||||
See [Role Variables](http://ansible-sensu.readthedocs.io/en/latest/role_variables/) for a detailed list of the variables this role uses
|
||||
|
||||
## Example Playbook
|
||||
|
||||
``` yaml
|
||||
- hosts: all
|
||||
roles:
|
||||
- role: sensu.sensu
|
||||
```
|
||||
Or, passing parameter values:
|
||||
|
||||
``` yaml
|
||||
- hosts: sensu_masters
|
||||
roles:
|
||||
- { role: sensu.sensu, sensu_master: true, sensu_include_dashboard: true }
|
||||
```
|
||||
|
||||
## Ansible version support
|
||||
All changes to this role are actively tested against Ansible 2.6 and 2.7 at this time. Ansible 2.5 is required at a minimum.
|
||||
|
||||
|
||||
License
|
||||
-------
|
||||
MIT
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
Originally created by [Calum MacRae](http://cmacr.ae) and supported by the [Sensu Community Ansible Maintainers](https://github.com/sensu-plugins/community/#maintained-areas)
|
||||
|
||||
### Contributors
|
||||
See the projects [Contributors page](https://github.com/sensu/sensu-ansible/graphs/contributors)
|
||||
|
||||
Feel free to:
|
||||
[Raise an issue](https://github.com/sensu/sensu-ansible/issues)
|
||||
[Contribute](https://github.com/sensu/sensu-ansible/pulls)
|
126
roles/sensu.sensu/defaults/main.yml
Normal file
126
roles/sensu.sensu/defaults/main.yml
Normal file
@ -0,0 +1,126 @@
|
||||
---
|
||||
# Sensu enterprise credential
|
||||
# Variables for Sensu Enterprise License
|
||||
se_enterprise: false
|
||||
se_user: ''
|
||||
se_pass: ''
|
||||
|
||||
# Sensu package
|
||||
sensu_package: sensu
|
||||
sensu_enterprise_package: sensu-enterprise
|
||||
sensu_enterprise_dashboard_package: sensu-enterprise-dashboard
|
||||
|
||||
# Sensu repo urls
|
||||
sensu_yum_repo_url: "https://sensu.global.ssl.fastly.net/yum/$releasever/$basearch/"
|
||||
sensu_yum_key_url: "https://sensu.global.ssl.fastly.net/yum/pubkey.gpg"
|
||||
sensu_apt_repo_url: "deb https://repositories.sensuapp.org/apt {{ ansible_distribution_release }} main"
|
||||
sensu_apt_key_url: "https://sensu.global.ssl.fastly.net/apt/pubkey.gpg"
|
||||
sensu_freebsd_url: "https://sensu.global.ssl.fastly.net/freebsd/FreeBSD:{{ ansible_distribution_major_version }}:{{ ansible_architecture }}/"
|
||||
sensu_ol_yum_repo_url: "https://dl.fedoraproject.org/pub/epel/$releasever/$basearch/"
|
||||
sensu_ol_yum_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever"
|
||||
|
||||
# Sensu service names
|
||||
sensu_server_service_name: sensu-server
|
||||
sensu_api_service_name: sensu-api
|
||||
sensu_client_service_name: sensu-client
|
||||
sensu_enterprise_service_name: sensu-enterprise
|
||||
sensu_enterprise_dashboard_service_name: sensu-enterprise-dashboard
|
||||
uchiwa_service_name: uchiwa
|
||||
|
||||
# Service deployment options
|
||||
sensu_deploy_rabbitmq_server: true
|
||||
sensu_deploy_redis_server: true
|
||||
|
||||
# RabbitMQ server properties
|
||||
sensu_rabbitmq_config_path: /etc/rabbitmq
|
||||
sensu_rabbitmq_config_template: rabbitmq.config.j2
|
||||
sensu_rabbitmq_enable_ssl: true
|
||||
sensu_rabbitmq_host: "{{ groups['sensu_rabbitmq_servers'][0] }}"
|
||||
sensu_rabbitmq_port: 5671
|
||||
sensu_rabbitmq_pkg_state: present
|
||||
sensu_rabbitmq_server: false
|
||||
sensu_rabbitmq_service_name: rabbitmq-server
|
||||
sensu_rabbitmq_user_name: sensu
|
||||
sensu_rabbitmq_password: sensu
|
||||
sensu_rabbitmq_vhost: /sensu
|
||||
|
||||
# redis server properties
|
||||
sensu_redis_host: "{{ groups['sensu_redis_servers'][0] }}"
|
||||
sensu_redis_server: false
|
||||
sensu_redis_service_name: redis
|
||||
sensu_redis_pkg_repo: ~
|
||||
sensu_redis_pkg_name: redis
|
||||
sensu_redis_pkg_state: present
|
||||
sensu_redis_port: 6379
|
||||
sensu_redis_password:
|
||||
sensu_redis_sentinels: []
|
||||
sensu_redis_master_name:
|
||||
sensu_redis_config: sensu-redis.json.j2
|
||||
|
||||
# Sensu/Uchiwa user/group/service properties
|
||||
sensu_api_host: "{{ groups['sensu_masters'][0] }}"
|
||||
sensu_api_port: 4567
|
||||
sensu_api_ssl: "false"
|
||||
sensu_api_user_name: admin
|
||||
sensu_api_password: secret
|
||||
sensu_api_uchiwa_path: ''
|
||||
sensu_api_timeout: 5000
|
||||
sensu_client_config: client.json.j2
|
||||
sensu_rabbitmq_config: sensu-rabbitmq.json.j2
|
||||
sensu_config_path: /etc/sensu
|
||||
sensu_pkg_state: present
|
||||
sensu_gem_state: present
|
||||
sensu_plugin_gem_state: present
|
||||
sensu_group_name: sensu
|
||||
sensu_include_plugins: true
|
||||
sensu_include_dashboard: false
|
||||
sensu_master: false
|
||||
sensu_client: true
|
||||
sensu_user_name: sensu
|
||||
sensu_remote_plugins: []
|
||||
sensu_transport: rabbitmq
|
||||
sensu_client_name: "{{ ansible_hostname }}"
|
||||
sensu_client_subscriptions: "{{ group_names }}"
|
||||
sensu_client_keepalive_handlers:
|
||||
- default
|
||||
sensu_client_keepalive_threshold_warning: 120
|
||||
sensu_client_keepalive_threshold_critical: 180
|
||||
sensu_client_safe_mode: false
|
||||
sensu_deploy_rabbitmq_config: true
|
||||
sensu_deploy_redis_config: true
|
||||
sensu_deploy_transport_config: true
|
||||
sensu_enable_tessen: false
|
||||
|
||||
# Sensu/RabbitMQ SSL certificate properties
|
||||
sensu_ssl_gen_certs: true
|
||||
sensu_ssl_deploy_remote_src: false
|
||||
sensu_ssl_manage_certs: true
|
||||
sensu_master_config_path: "{{ hostvars[groups['sensu_masters'][0]]['sensu_config_path'] | default('/etc/sensu') }}"
|
||||
sensu_ssl_tool_base_path: "{{ dynamic_data_store }}/{{ groups['sensu_masters'][0] }}{{ sensu_master_config_path }}/ssl_generation/sensu_ssl_tool"
|
||||
sensu_ssl_client_cert: "{{ sensu_ssl_tool_base_path }}/client/cert.pem"
|
||||
sensu_ssl_client_key: "{{ sensu_ssl_tool_base_path }}/client/key.pem"
|
||||
sensu_ssl_server_cacert: "{{ sensu_ssl_tool_base_path }}/sensu_ca/cacert.pem"
|
||||
sensu_ssl_server_cert: "{{ sensu_ssl_tool_base_path }}/server/cert.pem"
|
||||
sensu_ssl_server_key: "{{ sensu_ssl_tool_base_path }}/server/key.pem"
|
||||
dynamic_data_store: "{{ playbook_dir }}/data/store"
|
||||
static_data_store: "{{ playbook_dir }}/data/static"
|
||||
|
||||
# Uchiwa properties
|
||||
sensu_uchiwa_dc_name: ~
|
||||
sensu_uchiwa_path: /opt/uchiwa
|
||||
sensu_uchiwa_redis_use_ssl: false
|
||||
sensu_uchiwa_users:
|
||||
- username: admin
|
||||
password: admin
|
||||
sensu_uchiwa_port: 3000
|
||||
sensu_uchiwa_refresh: 5
|
||||
sensu_uchiwa_api_port: "{{ sensu_api_port }}"
|
||||
sensu_uchiwa_auth_privatekey: ~
|
||||
sensu_uchiwa_auth_publickey: ~
|
||||
|
||||
# CentOS repository for redis and rabbitmq
|
||||
sensu_centos_repository: epel
|
||||
|
||||
# Internal settings
|
||||
__bash_path: /bin/bash
|
||||
__root_group: root
|
69
roles/sensu.sensu/handlers/main.yml
Normal file
69
roles/sensu.sensu/handlers/main.yml
Normal file
@ -0,0 +1,69 @@
|
||||
---
|
||||
|
||||
- name: restart rabbitmq service
|
||||
service:
|
||||
name: "{{ sensu_rabbitmq_service_name }}"
|
||||
state: restarted
|
||||
|
||||
- name: restart redis service
|
||||
service:
|
||||
name: "{{ sensu_redis_service_name }}"
|
||||
pattern: /usr/bin/redis-server
|
||||
state: restarted
|
||||
|
||||
- name: restart uchiwa service
|
||||
service:
|
||||
name: "{{ uchiwa_service_name }}"
|
||||
state: restarted
|
||||
|
||||
- name: restart sensu-server service
|
||||
service:
|
||||
name: "{{ sensu_server_service_name }}"
|
||||
state: restarted
|
||||
when: sensu_master and not se_enterprise
|
||||
|
||||
- name: restart sensu-api service
|
||||
service:
|
||||
name: "{{ sensu_api_service_name }}"
|
||||
state: restarted
|
||||
when: sensu_master and not se_enterprise
|
||||
|
||||
- name: restart sensu-client service
|
||||
service:
|
||||
name: "{{ sensu_client_service_name }}"
|
||||
state: restarted
|
||||
|
||||
- name: restart sensu-enterprise service
|
||||
service:
|
||||
name: "{{ sensu_enterprise_service_name }}"
|
||||
state: restarted
|
||||
when: se_enterprise and sensu_master
|
||||
|
||||
- name: restart sensu-enterprise-dashboard service
|
||||
service:
|
||||
name: "{{ sensu_enterprise_dashboard_service_name }}"
|
||||
state: restarted
|
||||
when: se_enterprise and sensu_master
|
||||
|
||||
# Joyent SmartOS specific handlers
|
||||
- name: import sensu-server service
|
||||
command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/sensu-server.xml
|
||||
|
||||
- name: import sensu-api service
|
||||
command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/sensu-api.xml
|
||||
|
||||
- name: import sensu-client service
|
||||
command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/sensu-client.xml
|
||||
|
||||
- name: import uchiwa service
|
||||
command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/uchiwa.xml
|
||||
|
||||
- name: Build and deploy Uchiwa
|
||||
command: npm install --production
|
||||
args:
|
||||
chdir: "{{ sensu_uchiwa_path }}/go/src/github.com/sensu/uchiwa"
|
||||
become: true
|
||||
become_user: "{{ sensu_user_name }}"
|
||||
|
||||
- name: Update pkgng database
|
||||
command: /usr/sbin/pkg update
|
2
roles/sensu.sensu/meta/.galaxy_install_info
Normal file
2
roles/sensu.sensu/meta/.galaxy_install_info
Normal file
@ -0,0 +1,2 @@
|
||||
install_date: Sun Apr 28 17:44:58 2019
|
||||
version: 5.2.0
|
39
roles/sensu.sensu/meta/main.yml
Normal file
39
roles/sensu.sensu/meta/main.yml
Normal file
@ -0,0 +1,39 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: Calum MacRae
|
||||
description: Deploy a full Sensu monitoring stack; including redis, RabbitMQ & the Uchiwa dashboard
|
||||
license: MIT
|
||||
min_ansible_version: 2.5
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- trusty
|
||||
- vivid
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- name: Fedora
|
||||
versions:
|
||||
- 26
|
||||
- 27
|
||||
- 28
|
||||
|
||||
galaxy_tags:
|
||||
- cloud
|
||||
- monitoring
|
||||
- system
|
||||
- web
|
||||
- sensu
|
||||
- rabbitmq
|
||||
- redis
|
||||
- metrics
|
||||
- amqp
|
||||
- alerting
|
||||
- stack
|
||||
- dashboard
|
||||
dependencies: []
|
21
roles/sensu.sensu/tasks/Amazon/dashboard.yml
Normal file
21
roles/sensu.sensu/tasks/Amazon/dashboard.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
# tasks/Amazon/dashboard.yml: Deployment of the Uchiwa dashboard
|
||||
# Specific to CentOS
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: dashboard
|
||||
|
||||
- name: Ensure Uchiwa is installed
|
||||
tags: dashboard
|
||||
yum:
|
||||
name: uchiwa
|
||||
state: present
|
||||
|
||||
- name: Deploy Uchiwa config
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa_config.json.j2
|
||||
dest: "{{ sensu_config_path }}/uchiwa.json"
|
||||
notify: restart uchiwa service
|
30
roles/sensu.sensu/tasks/Amazon/main.yml
Normal file
30
roles/sensu.sensu/tasks/Amazon/main.yml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
# tasks/Amazon/main.yml: CentOS specific set-up
|
||||
# This takes care of base prerequisites for Amazon Linux AMI
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
tags: setup
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
|
||||
- name: Set epel_version override when AmazonLinux AMIv2
|
||||
tags: setup
|
||||
set_fact:
|
||||
epel_version: 7
|
||||
when: ansible_distribution_version == 'Candidate'
|
||||
|
||||
- name: Ensure the Sensu Core Yum repo is present
|
||||
tags: setup
|
||||
yum_repository:
|
||||
name: sensu
|
||||
description: The Sensu Core yum repository
|
||||
baseurl: "{{ sensu_yum_repo_url }}"
|
||||
gpgkey: "{{ sensu_yum_key_url }}"
|
||||
gpgcheck: yes
|
||||
enabled: yes
|
||||
|
||||
- name: Ensure Sensu is installed
|
||||
tags: setup
|
||||
yum:
|
||||
name: "{{ sensu_package }}"
|
||||
state: "{{ sensu_pkg_state }}"
|
66
roles/sensu.sensu/tasks/Amazon/rabbit.yml
Normal file
66
roles/sensu.sensu/tasks/Amazon/rabbit.yml
Normal file
@ -0,0 +1,66 @@
|
||||
---
|
||||
# tasks/Amazon/rabbit.yml: Deploy RabbitMQ
|
||||
# Specific to Amazon Linux
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: rabbitmq
|
||||
|
||||
- name: Configure RabbitMQ/RabbitMQ-erlang GPG keys in the RPM keyring
|
||||
tags: rabbitmq
|
||||
rpm_key:
|
||||
key: "{{ sensu_rabbitmq_signing_key }}"
|
||||
state: present
|
||||
register: sensu_rabbitmq_import_key
|
||||
|
||||
- name: Add RabbitMQ's repo
|
||||
tags: rabbitmq
|
||||
yum_repository:
|
||||
name: rabbitmq
|
||||
description: rabbitmq
|
||||
baseurl: "{{ sensu_rabbitmq_baseurl }}"
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{ sensu_rabbitmq_signing_key }}"
|
||||
repo_gpgcheck: no
|
||||
|
||||
- name: Add RabbitMQ's Erlang repo
|
||||
tags: rabbitmq
|
||||
yum_repository:
|
||||
name: rabbitmq-erlang
|
||||
description: rabbitmq-erlang
|
||||
baseurl: "{{ sensu_rabbitmq_erlang_baseurl }}"
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{ sensu_rabbitmq_erlang_signing_key }}"
|
||||
repo_gpgcheck: no
|
||||
|
||||
# HACK: https://github.com/ansible/ansible/issues/20711#issuecomment-306260869
|
||||
# Can be removed once we're running w/ a version of Ansible that has https://github.com/ansible/ansible/pull/35989
|
||||
- name: Make yum cache to import GPG keys
|
||||
tags: rabbitmq
|
||||
command: "yum -q makecache -y --disablerepo='*' --enablerepo='{{ item }}'"
|
||||
args:
|
||||
warn: false
|
||||
when: sensu_rabbitmq_import_key.changed
|
||||
loop:
|
||||
- rabbitmq
|
||||
- rabbitmq-erlang
|
||||
|
||||
# Hard dependency for rabbitmq-server, however, typically comes from EPEL, so
|
||||
# we simply install it here, as we purposely disable epel when installing rabbitmq
|
||||
# causing dependency issues during installs
|
||||
- name: Ensure socat is installed
|
||||
tags: rabbitmq
|
||||
yum:
|
||||
name: socat
|
||||
state: present
|
||||
|
||||
- name: Ensure Erlang & RabbitMQ are installed
|
||||
tags: rabbitmq
|
||||
yum:
|
||||
name:
|
||||
- erlang
|
||||
- rabbitmq-server
|
||||
state: present
|
||||
enablerepo: rabbitmq,rabbitmq-erlang
|
||||
disablerepo: '*'
|
29
roles/sensu.sensu/tasks/Amazon/redis.yml
Normal file
29
roles/sensu.sensu/tasks/Amazon/redis.yml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
# tasks/Amazon/redis.yml: Deploy redis
|
||||
# Specific to Amazon Linux AMI
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: redis
|
||||
|
||||
- name: Install EPEL repo
|
||||
tags: redis
|
||||
yum:
|
||||
name: "{{ epel_repo_rpm }}"
|
||||
state: present
|
||||
when: enable_epel_repo
|
||||
|
||||
- name: Ensure redis is installed
|
||||
tags: redis
|
||||
yum:
|
||||
name: "{{ sensu_redis_pkg_name }}"
|
||||
state: "{{ sensu_redis_pkg_state }}"
|
||||
enablerepo: epel
|
||||
|
||||
- name: Ensure redis binds to accessible IP
|
||||
tags: redis
|
||||
lineinfile:
|
||||
dest: /etc/redis.conf
|
||||
regexp: '^bind'
|
||||
line: 'bind 0.0.0.0'
|
41
roles/sensu.sensu/tasks/CentOS/dashboard.yml
Normal file
41
roles/sensu.sensu/tasks/CentOS/dashboard.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
# tasks/CentOS/dashboard.yml: Deployment of the Uchiwa dashboard
|
||||
# Specific to CentOS
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: dashboard
|
||||
|
||||
- name: Ensure Uchiwa is installed
|
||||
tags: dashboard
|
||||
package:
|
||||
name: uchiwa
|
||||
state: present
|
||||
when: not se_enterprise
|
||||
|
||||
- name: Ensure Sensu Enterprise Dashboard is installed
|
||||
tags: dashboard
|
||||
package:
|
||||
name: "{{ sensu_enterprise_dashboard_package }}"
|
||||
state: present
|
||||
when: se_enterprise
|
||||
|
||||
- name: Deploy Uchiwa config
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa_config.json.j2
|
||||
dest: "{{ sensu_config_path }}/uchiwa.json"
|
||||
when: not se_enterprise
|
||||
notify:
|
||||
- restart uchiwa service
|
||||
|
||||
|
||||
- name: Deploy Sensu Enterprise Dashboard
|
||||
tags: dashboard
|
||||
template:
|
||||
src: sensu_enterprise_dashboard_config.json.j2
|
||||
dest: "{{ sensu_config_path }}/dashboard.json"
|
||||
when: se_enterprise
|
||||
notify:
|
||||
- restart sensu-enterprise-dashboard service
|
83
roles/sensu.sensu/tasks/CentOS/main.yml
Normal file
83
roles/sensu.sensu/tasks/CentOS/main.yml
Normal file
@ -0,0 +1,83 @@
|
||||
---
|
||||
# tasks/CentOS/main.yml: CentOS specific set-up
|
||||
# This takes care of base prerequisites for CentOS
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: setup
|
||||
|
||||
- name: Ensure the Sensu Core Yum repo is present
|
||||
tags: setup
|
||||
yum_repository:
|
||||
name: sensu
|
||||
description: The Sensu Core yum repository
|
||||
baseurl: "{{ sensu_yum_repo_url }}"
|
||||
gpgkey: "{{ sensu_yum_key_url }}"
|
||||
gpgcheck: "{{ (
|
||||
(ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and
|
||||
ansible_distribution_major_version == '5'
|
||||
) | ternary('no', 'yes') }}"
|
||||
enabled: yes
|
||||
|
||||
- name: Ensure the epel present for OracleLinux
|
||||
tags: setup
|
||||
yum_repository:
|
||||
name: epel
|
||||
description: EPEL YUM repo
|
||||
baseurl: "{{ sensu_ol_yum_repo_url }}"
|
||||
gpgkey: "{{ sensu_ol_yum_key_url }}"
|
||||
enabled: yes
|
||||
when: ansible_distribution == 'OracleLinux'
|
||||
|
||||
- name: Ensure that credential is supplied if installing Sensu Enterprise
|
||||
tags: setup
|
||||
assert:
|
||||
that:
|
||||
- "se_user != ''"
|
||||
- "se_pass != ''"
|
||||
msg: Sensu enterprise credential must not be empty. Did you forget to set se_user and se_pass?
|
||||
when: se_enterprise
|
||||
|
||||
- name: Ensure the Sensu Enterprise repo is present
|
||||
tags: setup
|
||||
copy:
|
||||
dest: /etc/yum.repos.d/sensu-enterprise.repo
|
||||
content: |
|
||||
[sensu-enterprise]
|
||||
name=sensu-enterprise
|
||||
baseurl=http://{{ se_user }}:{{ se_pass }}@enterprise.sensuapp.com/yum/noarch/
|
||||
gpgcheck=0
|
||||
enabled=1
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: se_enterprise
|
||||
|
||||
- name: Ensure the Sensu Enterprise Dashboard repo is present
|
||||
tags: setup
|
||||
copy:
|
||||
dest: /etc/yum.repos.d/sensu-enterprise-dashboard.repo
|
||||
content: |
|
||||
[sensu-enterprise-dashboard]
|
||||
name=sensu-enterprise-dashboard
|
||||
baseurl=http://{{ se_user }}:{{ se_pass }}@enterprise.sensuapp.com/yum/\$basearch/
|
||||
gpgcheck=0
|
||||
enabled=1
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: se_enterprise
|
||||
|
||||
- name: Ensure Sensu is installed
|
||||
tags: setup
|
||||
package:
|
||||
name: "{{ sensu_package }}"
|
||||
state: "{{ sensu_pkg_state }}"
|
||||
|
||||
- name: Ensure Sensu Enterprise is installed
|
||||
tags: setup
|
||||
package:
|
||||
name: "{{ sensu_enterprise_package }}"
|
||||
state: "{{ sensu_pkg_state }}"
|
||||
when: se_enterprise
|
66
roles/sensu.sensu/tasks/CentOS/rabbit.yml
Normal file
66
roles/sensu.sensu/tasks/CentOS/rabbit.yml
Normal file
@ -0,0 +1,66 @@
|
||||
---
|
||||
# tasks/CentOS/rabbit.yml: Deploy RabbitMQ
|
||||
# Specific to CentOS
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: rabbitmq
|
||||
|
||||
- name: Configure RabbitMQ GPG keys in the RPM keyring
|
||||
tags: rabbitmq
|
||||
rpm_key:
|
||||
key: "{{ sensu_rabbitmq_signing_key }}"
|
||||
state: present
|
||||
register: sensu_rabbitmq_import_key
|
||||
|
||||
- name: Add RabbitMQ's repo
|
||||
tags: rabbitmq
|
||||
yum_repository:
|
||||
name: rabbitmq
|
||||
description: rabbitmq
|
||||
baseurl: "{{ sensu_rabbitmq_baseurl }}"
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{ sensu_rabbitmq_signing_key }}"
|
||||
repo_gpgcheck: no
|
||||
|
||||
- name: Add RabbitMQ's Erlang repo
|
||||
tags: rabbitmq
|
||||
yum_repository:
|
||||
name: rabbitmq-erlang
|
||||
description: rabbitmq-erlang
|
||||
baseurl: "{{ sensu_rabbitmq_erlang_baseurl }}"
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{ sensu_rabbitmq_erlang_signing_key }}"
|
||||
repo_gpgcheck: no
|
||||
|
||||
# HACK: https://github.com/ansible/ansible/issues/20711#issuecomment-306260869
|
||||
# Can be removed once we're running w/ a version of Ansible that has https://github.com/ansible/ansible/pull/35989
|
||||
- name: Make yum cache to import GPG keys
|
||||
tags: rabbitmq
|
||||
command: "yum -q makecache -y --disablerepo='*' --enablerepo='{{ item }}'"
|
||||
args:
|
||||
warn: false
|
||||
when: sensu_rabbitmq_import_key.changed
|
||||
loop:
|
||||
- rabbitmq
|
||||
- rabbitmq-erlang
|
||||
|
||||
# Hard dependency for rabbitmq-server, however, typically comes from EPEL, so
|
||||
# we simply install it here, as we purposely disable epel when installing rabbitmq
|
||||
# causing dependency issues during installs
|
||||
- name: Ensure socat is installed
|
||||
tags: rabbitmq
|
||||
yum:
|
||||
name: socat
|
||||
state: present
|
||||
|
||||
- name: Ensure Erlang & RabbitMQ are installed
|
||||
tags: rabbitmq
|
||||
yum:
|
||||
name:
|
||||
- erlang
|
||||
- rabbitmq-server
|
||||
state: present
|
||||
enablerepo: rabbitmq,rabbitmq-erlang
|
||||
disablerepo: epel
|
29
roles/sensu.sensu/tasks/CentOS/redis.yml
Normal file
29
roles/sensu.sensu/tasks/CentOS/redis.yml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
# tasks/CentOS/redis.yml: Deploy redis
|
||||
# Specific to CentOS
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: redis
|
||||
|
||||
- name: Install EPEL repo
|
||||
tags: redis
|
||||
yum:
|
||||
name: epel-release
|
||||
state: present
|
||||
when: enable_epel_repo
|
||||
|
||||
- name: Ensure redis is installed
|
||||
tags: redis
|
||||
yum:
|
||||
name: "{{ sensu_redis_pkg_name }}"
|
||||
state: "{{ sensu_redis_pkg_state }}"
|
||||
enablerepo: "{{ sensu_centos_repository }}"
|
||||
|
||||
- name: Ensure redis binds to accessible IP
|
||||
tags: redis
|
||||
lineinfile:
|
||||
dest: /etc/redis.conf
|
||||
regexp: '^bind'
|
||||
line: 'bind 0.0.0.0'
|
21
roles/sensu.sensu/tasks/Debian/dashboard.yml
Normal file
21
roles/sensu.sensu/tasks/Debian/dashboard.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
# tasks/Debian/dashboard.yml: Deployment of the Uchiwa dashboard
|
||||
# Specific to Debian
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: dashboard
|
||||
|
||||
- name: Install uchiwa
|
||||
tags: dashboard
|
||||
apt:
|
||||
name: uchiwa
|
||||
state: present
|
||||
|
||||
- name: Deploy Uchiwa config
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa_config.json.j2
|
||||
dest: "{{ sensu_config_path }}/uchiwa.json"
|
||||
notify: restart uchiwa service
|
41
roles/sensu.sensu/tasks/Debian/main.yml
Normal file
41
roles/sensu.sensu/tasks/Debian/main.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
# tasks/Debian/main.yml: Debian specific set-up
|
||||
# This takes care of base prerequisites for Debian
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: setup
|
||||
|
||||
- name: Ensure apt-transport-https is installed
|
||||
tags: setup
|
||||
apt:
|
||||
name: apt-transport-https
|
||||
state: present
|
||||
cache_valid_time: 3600
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure that gnupg is installed for apt_key
|
||||
tags: setup
|
||||
apt:
|
||||
name: gnupg
|
||||
state: present
|
||||
|
||||
- name: Ensure the Sensu APT repo GPG key is present
|
||||
tags: setup
|
||||
apt_key:
|
||||
url: "{{ sensu_apt_key_url }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure the Sensu Core APT repo is present
|
||||
tags: setup
|
||||
apt_repository:
|
||||
repo: "{{ sensu_apt_repo_url }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure Sensu is installed
|
||||
tags: setup
|
||||
apt:
|
||||
name: "{{ sensu_package }}"
|
||||
state: "{{ sensu_pkg_state }}"
|
53
roles/sensu.sensu/tasks/Debian/rabbit.yml
Normal file
53
roles/sensu.sensu/tasks/Debian/rabbit.yml
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
# tasks/Debian/rabbit.yml: Deploy RabbitMQ
|
||||
# Specific to Debian
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: rabbitmq
|
||||
|
||||
- name: Ensure the RabbitMQ APT repo GPG key is present
|
||||
tags: rabbitmq
|
||||
apt_key:
|
||||
url: "{{ sensu_rabbitmq_signing_key }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure the RabbitMQ APT repo is present
|
||||
tags: rabbitmq
|
||||
apt_repository:
|
||||
repo: "{{ sensu_rabbitmq_repo }}"
|
||||
filename: rabbitmq
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure Erlang APT preferences is configured
|
||||
tags: rabbitmq
|
||||
template:
|
||||
src: erlang-apt-preferences.j2
|
||||
dest: /etc/apt/preferences.d/erlang
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure the Erlang APT repo GPG key is present
|
||||
tags: rabbitmq
|
||||
apt_key:
|
||||
url: "{{ sensu_rabbitmq_erlang_signing_key }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure the Erlang APT repo is present
|
||||
tags: rabbitmq
|
||||
apt_repository:
|
||||
repo: "{{ sensu_rabbitmq_erlang_repo }}"
|
||||
filename: erlang
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure RabbitMQ is installed
|
||||
tags: rabbitmq
|
||||
apt:
|
||||
name: rabbitmq-server
|
||||
state: "{{ sensu_rabbitmq_pkg_state }}"
|
||||
cache_valid_time: 600
|
||||
update_cache: true
|
26
roles/sensu.sensu/tasks/Debian/redis.yml
Normal file
26
roles/sensu.sensu/tasks/Debian/redis.yml
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
# tasks/Debian/redis.yml: Deploy redis
|
||||
# Specific to Debian
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: redis
|
||||
|
||||
- name: Ensure redis is installed
|
||||
tags: redis
|
||||
apt:
|
||||
name: "{{ sensu_redis_pkg_name }}"
|
||||
state: "{{ sensu_redis_pkg_state }}"
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure redis binds to accessible IP
|
||||
tags: redis
|
||||
lineinfile:
|
||||
dest: /etc/redis/redis.conf
|
||||
regexp: '^bind'
|
||||
line: 'bind 0.0.0.0'
|
||||
notify: restart redis service
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: redis
|
1
roles/sensu.sensu/tasks/Fedora/dashboard.yml
Symbolic link
1
roles/sensu.sensu/tasks/Fedora/dashboard.yml
Symbolic link
@ -0,0 +1 @@
|
||||
../CentOS/dashboard.yml
|
1
roles/sensu.sensu/tasks/Fedora/main.yml
Symbolic link
1
roles/sensu.sensu/tasks/Fedora/main.yml
Symbolic link
@ -0,0 +1 @@
|
||||
../CentOS/main.yml
|
66
roles/sensu.sensu/tasks/Fedora/rabbit.yml
Normal file
66
roles/sensu.sensu/tasks/Fedora/rabbit.yml
Normal file
@ -0,0 +1,66 @@
|
||||
---
|
||||
# tasks/Fedora/rabbit.yml: Deploy RabbitMQ
|
||||
# Specific to Fedora
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: rabbitmq
|
||||
|
||||
- name: Configure RabbitMQ GPG keys in the RPM keyring
|
||||
tags: rabbitmq
|
||||
rpm_key:
|
||||
key: "{{ sensu_rabbitmq_signing_key }}"
|
||||
state: present
|
||||
register: sensu_rabbitmq_import_key
|
||||
|
||||
- name: Add RabbitMQ's repo
|
||||
tags: rabbitmq
|
||||
yum_repository:
|
||||
name: rabbitmq
|
||||
description: rabbitmq
|
||||
baseurl: "{{ sensu_rabbitmq_baseurl }}"
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{ sensu_rabbitmq_signing_key }}"
|
||||
repo_gpgcheck: no
|
||||
|
||||
- name: Add RabbitMQ's Erlang repo
|
||||
tags: rabbitmq
|
||||
yum_repository:
|
||||
name: rabbitmq-erlang
|
||||
description: rabbitmq-erlang
|
||||
baseurl: "{{ sensu_rabbitmq_erlang_baseurl }}"
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{ sensu_rabbitmq_erlang_signing_key }}"
|
||||
repo_gpgcheck: no
|
||||
|
||||
# HACK: https://github.com/ansible/ansible/issues/20711#issuecomment-306260869
|
||||
# Can be removed once we're running w/ a version of Ansible that has https://github.com/ansible/ansible/pull/35989
|
||||
- name: Make yum cache to import GPG keys
|
||||
tags: rabbitmq
|
||||
command: "yum -q makecache -y --disablerepo='*' --enablerepo='{{ item }}'"
|
||||
args:
|
||||
warn: false
|
||||
when: sensu_rabbitmq_import_key.changed
|
||||
loop:
|
||||
- rabbitmq
|
||||
- rabbitmq-erlang
|
||||
|
||||
# Hard dependency for rabbitmq-server, however, typically comes from EPEL, so
|
||||
# we simply install it here, as we purposely disable epel when installing rabbitmq
|
||||
# causing dependency issues during installs
|
||||
- name: Ensure socat is installed
|
||||
tags: rabbitmq
|
||||
dnf:
|
||||
name: socat
|
||||
state: present
|
||||
|
||||
- name: Ensure Erlang & RabbitMQ are installed
|
||||
tags: rabbitmq
|
||||
dnf:
|
||||
name:
|
||||
- erlang
|
||||
- rabbitmq-server
|
||||
state: present
|
||||
enablerepo: rabbitmq,rabbitmq-erlang
|
||||
disablerepo: epel
|
27
roles/sensu.sensu/tasks/Fedora/redis.yml
Normal file
27
roles/sensu.sensu/tasks/Fedora/redis.yml
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
# tasks/Fedora/redis.yml: Deploy redis
|
||||
# Specific to Fedora
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: redis
|
||||
|
||||
- name: Ensure jemalloc is installed as a dependency of Redis
|
||||
tags: redis
|
||||
dnf:
|
||||
name: jemalloc
|
||||
state: present
|
||||
|
||||
- name: Ensure redis is installed
|
||||
tags: redis
|
||||
dnf:
|
||||
name: "{{ sensu_redis_pkg_name }}"
|
||||
state: "{{ sensu_redis_pkg_state }}"
|
||||
|
||||
- name: Ensure redis binds to accessible IP
|
||||
tags: redis
|
||||
lineinfile:
|
||||
dest: /etc/redis.conf
|
||||
regexp: '^bind'
|
||||
line: 'bind 0.0.0.0'
|
86
roles/sensu.sensu/tasks/FreeBSD/dashboard.yml
Normal file
86
roles/sensu.sensu/tasks/FreeBSD/dashboard.yml
Normal file
@ -0,0 +1,86 @@
|
||||
---
|
||||
# tasks/FreeBSD/dashboard.yml: Deployment of the Uchiwa dashboard
|
||||
# Specific to FreeBSD
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: dashboard
|
||||
|
||||
- name: Ensure Uchiwa (dashboard) dependencies are installed
|
||||
tags: dashboard
|
||||
pkgng:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- go
|
||||
- git
|
||||
- npm
|
||||
|
||||
- name: Ensure Uchiwa directory exists
|
||||
tags: dashboard
|
||||
file:
|
||||
dest: "{{ sensu_uchiwa_path }}"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
recurse: true
|
||||
|
||||
- name: Ensure Uchiwa Go/config directory exists
|
||||
tags: dashboard
|
||||
file:
|
||||
dest: "{{ sensu_uchiwa_path }}/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
recurse: true
|
||||
loop:
|
||||
- etc
|
||||
- go
|
||||
|
||||
- name: Ensure Uchiwa GOPATH exists
|
||||
tags: dashboard
|
||||
file:
|
||||
dest: "{{ sensu_uchiwa_path }}/go/{{ item }}"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
state: directory
|
||||
recurse: true
|
||||
loop:
|
||||
- bin
|
||||
- pkg
|
||||
- src
|
||||
|
||||
- name: Fetch Uchiwa from GitHub
|
||||
tags: dashboard
|
||||
command: go get github.com/sensu/uchiwa
|
||||
environment:
|
||||
GOPATH: "{{ sensu_uchiwa_path }}/go"
|
||||
args:
|
||||
creates: "{{ sensu_uchiwa_path }}/go/src/github.com/sensu/uchiwa"
|
||||
notify: Build and deploy Uchiwa
|
||||
become: true
|
||||
become_user: "{{ sensu_user_name }}"
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: dashboard
|
||||
|
||||
- name: Deploy Uchiwa config
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa_config.json.j2
|
||||
dest: "{{ sensu_uchiwa_path }}/etc/config.json"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
notify: restart uchiwa service
|
||||
|
||||
- name: Deploy Uchiwa service file
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa_freebsd.j2
|
||||
dest: "/usr/local/etc/rc.d/uchiwa"
|
||||
mode: "0755"
|
||||
|
||||
- name: Ensure Uchiwa server service is running
|
||||
tags: dashboard
|
||||
service: name=uchiwa state=started enabled=yes
|
53
roles/sensu.sensu/tasks/FreeBSD/main.yml
Normal file
53
roles/sensu.sensu/tasks/FreeBSD/main.yml
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
# tasks/FreeBSD/main.yml: FreeBSD specific set-up
|
||||
# This takes care of base prerequisites for FreeBSD
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: setup
|
||||
|
||||
- name: Ensure the Sensu group is present
|
||||
tags: setup
|
||||
group:
|
||||
name: "{{ sensu_group_name }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure the Sensu user is present
|
||||
tags: setup
|
||||
user:
|
||||
name: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
shell: /bin/false
|
||||
home: "{{ sensu_config_path }}"
|
||||
createhome: true
|
||||
state: present
|
||||
|
||||
- name: Ensure pkgng custom repo config directory exists
|
||||
tags: setup
|
||||
file:
|
||||
path: /usr/local/etc/pkg/repos/
|
||||
state: directory
|
||||
|
||||
- name: Ensure Sensu repo is configured
|
||||
tags: setup
|
||||
template:
|
||||
src: sensu-freebsd-repo.conf.j2
|
||||
dest: /usr/local/etc/pkg/repos/sensu.conf
|
||||
notify:
|
||||
- Update pkgng database
|
||||
|
||||
- name: Ensure prerequisite packages are installed
|
||||
tags: setup
|
||||
pkgng:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- bash
|
||||
- ca_root_nss
|
||||
|
||||
- name: Ensure Sensu is installed
|
||||
tags: setup
|
||||
pkgng:
|
||||
name: "{{ sensu_package }}"
|
||||
state: "{{ sensu_pkg_state }}"
|
14
roles/sensu.sensu/tasks/FreeBSD/rabbit.yml
Normal file
14
roles/sensu.sensu/tasks/FreeBSD/rabbit.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
# tasks/FreeBSD/rabbit.yml: Deploy RabbitMQ
|
||||
# Specific to FreeBSD
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: rabbitmq
|
||||
|
||||
- name: Ensure RabbitMQ is installed
|
||||
tags: rabbitmq
|
||||
pkgng:
|
||||
name: rabbitmq
|
||||
state: "{{ sensu_rabbitmq_pkg_state }}"
|
25
roles/sensu.sensu/tasks/FreeBSD/redis.yml
Normal file
25
roles/sensu.sensu/tasks/FreeBSD/redis.yml
Normal file
@ -0,0 +1,25 @@
|
||||
---
|
||||
# tasks/FreeBSD/redis.yml: Deploy redis
|
||||
# Specific to FreeBSD
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: redis
|
||||
|
||||
- name: Ensure redis is installed
|
||||
tags: redis
|
||||
pkgng:
|
||||
name: "{{ sensu_redis_pkg_name }}"
|
||||
state: "{{ sensu_redis_pkg_state }}"
|
||||
|
||||
- name: Ensure redis binds to accessible IP
|
||||
tags: redis
|
||||
lineinfile:
|
||||
dest: /usr/local/etc/redis.conf
|
||||
regexp: '^bind'
|
||||
line: 'bind 0.0.0.0'
|
||||
notify: restart redis service
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: redis
|
86
roles/sensu.sensu/tasks/OpenBSD/dashboard.yml
Normal file
86
roles/sensu.sensu/tasks/OpenBSD/dashboard.yml
Normal file
@ -0,0 +1,86 @@
|
||||
---
|
||||
# tasks/OpenBSD/dashboard.yml: Deployment of the Uchiwa dashboard
|
||||
# Specific to OpenBSD
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: dashboard
|
||||
|
||||
- name: Ensure Uchiwa (dashboard) dependencies are installed
|
||||
tags: dashboard
|
||||
openbsd_pkg:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- go
|
||||
- git
|
||||
- npm
|
||||
|
||||
- name: Ensure Uchiwa directory exists
|
||||
tags: dashboard
|
||||
file:
|
||||
dest: "{{ sensu_uchiwa_path }}"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
recurse: true
|
||||
|
||||
- name: Ensure Uchiwa Go/config directory exists
|
||||
tags: dashboard
|
||||
file:
|
||||
dest: "{{ sensu_uchiwa_path }}/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
recurse: true
|
||||
loop:
|
||||
- etc
|
||||
- go
|
||||
|
||||
- name: Ensure Uchiwa GOPATH exists
|
||||
tags: dashboard
|
||||
file:
|
||||
dest: "{{ sensu_uchiwa_path }}/go/{{ item }}"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
state: directory
|
||||
recurse: true
|
||||
loop:
|
||||
- bin
|
||||
- pkg
|
||||
- src
|
||||
|
||||
- name: Fetch Uchiwa from GitHub
|
||||
tags: dashboard
|
||||
command: go get github.com/sensu/uchiwa
|
||||
environment:
|
||||
GOPATH: "{{ sensu_uchiwa_path }}/go"
|
||||
args:
|
||||
creates: "{{ sensu_uchiwa_path }}/go/src/github.com/sensu/uchiwa"
|
||||
notify: Build and deploy Uchiwa
|
||||
become: true
|
||||
become_user: "{{ sensu_user_name }}"
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: dashboard
|
||||
|
||||
- name: Deploy Uchiwa config
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa_config.json.j2
|
||||
dest: "{{ sensu_uchiwa_path }}/etc/config.json"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
notify: restart uchiwa service
|
||||
|
||||
- name: Deploy Uchiwa service file
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa_openbsd.j2
|
||||
dest: "/usr/local/etc/rc.d/uchiwa"
|
||||
mode: "0755"
|
||||
|
||||
- name: Ensure Uchiwa server service is running
|
||||
tags: dashboard
|
||||
service: name=uchiwa state=started enabled=yes
|
69
roles/sensu.sensu/tasks/OpenBSD/main.yml
Normal file
69
roles/sensu.sensu/tasks/OpenBSD/main.yml
Normal file
@ -0,0 +1,69 @@
|
||||
---
|
||||
# tasks/OpenBSD/main.yml: OpenBSD specific set-up
|
||||
# This takes care of base prerequisites for OpenBSD
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: setup
|
||||
|
||||
- name: Ensure the Sensu group is present
|
||||
tags: setup
|
||||
group: name={{ sensu_group_name }} state=present
|
||||
|
||||
- name: Ensure the Sensu user is present
|
||||
tags: setup
|
||||
user:
|
||||
name: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
shell: /bin/false
|
||||
home: "{{ sensu_config_path }}"
|
||||
createhome: true
|
||||
state: present
|
||||
|
||||
- name: Install prerequisite packages
|
||||
tags: setup
|
||||
openbsd_pkg:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- bash
|
||||
- ruby%2.3
|
||||
|
||||
- name: Get the current version of rubygems
|
||||
tags: setup
|
||||
shell: /usr/local/bin/gem23 --version
|
||||
check_mode: no
|
||||
register: gem23_version
|
||||
changed_when: False
|
||||
|
||||
- name: Update rubygems to work around rubygems/rubygems/issues/1448
|
||||
tags: setup
|
||||
shell: /usr/local/bin/gem23 update --system
|
||||
when: "{{ gem23_version.stdout | version_compare('2.5.3', '<') }}"
|
||||
|
||||
- name: Install sensu gem and all of its dependencies
|
||||
tags: setup
|
||||
gem:
|
||||
name: sensu
|
||||
repository: "{{ sensu_gem_repository | default('https://api.rubygems.org/') }}"
|
||||
user_install: no
|
||||
version: "{{ sensu_gem_version }}"
|
||||
executable: /usr/local/bin/gem23
|
||||
|
||||
- name: Create the sensu log folder
|
||||
tags: setup
|
||||
file:
|
||||
path: /var/log/sensu
|
||||
owner: root
|
||||
group: wheel
|
||||
state: directory
|
||||
|
||||
- name: Deploy OpenBSD rc script
|
||||
tags: setup
|
||||
template:
|
||||
src: sensuclient_openbsd.j2
|
||||
dest: /etc/rc.d/sensuclient
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: 0755
|
14
roles/sensu.sensu/tasks/OpenBSD/rabbit.yml
Normal file
14
roles/sensu.sensu/tasks/OpenBSD/rabbit.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
# tasks/OpenBSD/rabbit.yml: Deploy RabbitMQ
|
||||
# Specific to OpenBSD
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: rabbitmq
|
||||
|
||||
- name: Ensure RabbitMQ is installed
|
||||
tags: rabbitmq
|
||||
pkgng:
|
||||
name: rabbitmq
|
||||
state: "{{ sensu_rabbitmq_pkg_state }}"
|
25
roles/sensu.sensu/tasks/OpenBSD/redis.yml
Normal file
25
roles/sensu.sensu/tasks/OpenBSD/redis.yml
Normal file
@ -0,0 +1,25 @@
|
||||
---
|
||||
# tasks/OpenBSD/redis.yml: Deploy redis
|
||||
# Specific to OpenBSD
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: redis
|
||||
|
||||
- name: Ensure redis is installed
|
||||
tags: redis
|
||||
pkgng:
|
||||
name: "{{ sensu_redis_pkg_name }}"
|
||||
state: "{{ sensu_redis_pkg_state }}"
|
||||
|
||||
- name: Ensure redis binds to accessible IP
|
||||
tags: redis
|
||||
lineinfile:
|
||||
dest: /usr/local/etc/redis.conf
|
||||
regexp: '^bind'
|
||||
line: 'bind 0.0.0.0'
|
||||
notify: restart redis service
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: redis
|
1
roles/sensu.sensu/tasks/OracleLinux
Symbolic link
1
roles/sensu.sensu/tasks/OracleLinux
Symbolic link
@ -0,0 +1 @@
|
||||
CentOS
|
1
roles/sensu.sensu/tasks/RedHat
Symbolic link
1
roles/sensu.sensu/tasks/RedHat
Symbolic link
@ -0,0 +1 @@
|
||||
CentOS
|
23
roles/sensu.sensu/tasks/SmartOS/client.yml
Normal file
23
roles/sensu.sensu/tasks/SmartOS/client.yml
Normal file
@ -0,0 +1,23 @@
|
||||
---
|
||||
# tasks/SmartOS/client.yml: Deploy various client-side configurations for Sensu
|
||||
# Specific to Joyent SmartOS
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: client
|
||||
|
||||
- name: Deploy Sensu client service manifest
|
||||
tags: client
|
||||
template:
|
||||
dest: /opt/local/lib/svc/manifest/sensu-client.xml
|
||||
src: sensu-client.smartos_smf_manifest.xml.j2
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify:
|
||||
- import sensu-client service
|
||||
- restart sensu-client service
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: client
|
96
roles/sensu.sensu/tasks/SmartOS/dashboard.yml
Normal file
96
roles/sensu.sensu/tasks/SmartOS/dashboard.yml
Normal file
@ -0,0 +1,96 @@
|
||||
---
|
||||
# tasks/SmartOS/dashboard.yml: Deployment of the Uchiwa dashboard
|
||||
# Specific to Joyent SmartOS
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: dashboard
|
||||
|
||||
- name: Ensure Uchiwa (dashboard) dependencies are installed
|
||||
tags: dashboard
|
||||
pkgin: name=go state=present
|
||||
|
||||
- name: Ensure Uchiwa directory exists
|
||||
tags: dashboard
|
||||
file:
|
||||
dest: "{{ sensu_uchiwa_path }}"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
recurse: true
|
||||
|
||||
- name: Ensure Uchiwa Go/config directory exists
|
||||
tags: dashboard
|
||||
file:
|
||||
dest: "{{ sensu_uchiwa_path }}/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
recurse: true
|
||||
loop:
|
||||
- etc
|
||||
- go
|
||||
|
||||
- name: Ensure Uchiwa GOPATH exists
|
||||
tags: dashboard
|
||||
file:
|
||||
dest: "{{ sensu_uchiwa_path }}/go/{{ item }}"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
state: directory
|
||||
recurse: true
|
||||
loop:
|
||||
- bin
|
||||
- pkg
|
||||
- src
|
||||
|
||||
- name: Fetch Uchiwa from GitHub
|
||||
tags: dashboard
|
||||
command: go get github.com/sensu/uchiwa
|
||||
environment:
|
||||
GOPATH: "{{ sensu_uchiwa_path }}/go"
|
||||
args:
|
||||
creates: "{{ sensu_uchiwa_path }}/go/src/github.com/sensu/uchiwa"
|
||||
notify: Build and deploy Uchiwa
|
||||
become: true
|
||||
become_user: "{{ sensu_user_name }}"
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: dashboard
|
||||
|
||||
- name: Deploy Uchiwa config
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa_config.json.j2
|
||||
dest: "{{ sensu_uchiwa_path }}/etc/config.json"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
notify: restart uchiwa service
|
||||
|
||||
- name: Deploy Uchiwa service script
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa.sh.j2
|
||||
dest: /opt/local/lib/svc/method/uchiwa
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
notify: restart uchiwa service
|
||||
|
||||
- name: Deploy Uchiwa service manifest
|
||||
tags: dashboard
|
||||
template:
|
||||
dest: /opt/local/lib/svc/manifest/uchiwa.xml
|
||||
src: uchiwa.smartos_smf_manifest.xml.j2
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: import uchiwa service
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: dashboard
|
||||
|
||||
- name: Ensure Uchiwa server service is running
|
||||
service: name=uchiwa state=started enabled=yes
|
||||
tags: dashboard
|
36
roles/sensu.sensu/tasks/SmartOS/main.yml
Normal file
36
roles/sensu.sensu/tasks/SmartOS/main.yml
Normal file
@ -0,0 +1,36 @@
|
||||
---
|
||||
# tasks/SmartOS/main.yml: "Set-up" playbook for sensu.sensu role
|
||||
# This takes care of base prerequisites for Joyent SmartOS
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: setup
|
||||
|
||||
- name: Ensure the Sensu group is present
|
||||
tags: setup
|
||||
group: name={{ sensu_group_name }} state=present
|
||||
|
||||
- name: Ensure the Sensu user is present
|
||||
tags: setup
|
||||
user:
|
||||
name: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
shell: /bin/false
|
||||
home: "{{ sensu_config_path }}"
|
||||
createhome: true
|
||||
state: present
|
||||
|
||||
- name: Ensure Sensu dependencies are installed
|
||||
tags: setup
|
||||
pkgin: name=build-essential,ruby21-base state=present
|
||||
|
||||
- name: Ensure Sensu is installed
|
||||
tags: setup
|
||||
gem: name=sensu state={{ sensu_gem_state }} user_install=no
|
||||
notify:
|
||||
- restart sensu-client service
|
||||
|
||||
- name: Ensure Sensu 'plugins' gem is installed
|
||||
tags: setup
|
||||
gem: name=sensu-plugin state={{ sensu_plugin_gem_state }} user_install=no
|
14
roles/sensu.sensu/tasks/SmartOS/rabbit.yml
Normal file
14
roles/sensu.sensu/tasks/SmartOS/rabbit.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
# tasks/SmartOS/rabbit.yml: Deploy RabbitMQ
|
||||
# Specific to Joyent SmartOS
|
||||
|
||||
- name: Ensure RabbitMQ is installed
|
||||
tags: rabbitmq
|
||||
pkgin: name=rabbitmq state=present
|
||||
|
||||
- name: Ensure EPMD is running
|
||||
tags: rabbitmq
|
||||
service:
|
||||
name: epmd
|
||||
state: started
|
||||
enabled: true
|
12
roles/sensu.sensu/tasks/SmartOS/redis.yml
Normal file
12
roles/sensu.sensu/tasks/SmartOS/redis.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
# tasks/SmartOS/redis.yml: Deploy redis
|
||||
# Specific to Ubuntu
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: redis
|
||||
|
||||
- name: Ensure redis is installed
|
||||
tags: redis
|
||||
pkgin: name=redis state={{ sensu_redis_pkg_state }}
|
32
roles/sensu.sensu/tasks/SmartOS/server.yml
Normal file
32
roles/sensu.sensu/tasks/SmartOS/server.yml
Normal file
@ -0,0 +1,32 @@
|
||||
---
|
||||
# tasks/SmartOS/server.yml: Deploy the necessary configuration for
|
||||
# a Sensu 'master' node.
|
||||
# Specific to SmartOS
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: server
|
||||
|
||||
- name: Deploy Sensu server service manifest
|
||||
tags: server
|
||||
template:
|
||||
dest: /opt/local/lib/svc/manifest/sensu-server.xml
|
||||
src: sensu-server.smartos_smf_manifest.xml.j2
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: import sensu-server service
|
||||
|
||||
- name: Deploy Sensu API service manifest
|
||||
tags: server
|
||||
template:
|
||||
dest: /opt/local/lib/svc/manifest/sensu-api.xml
|
||||
src: sensu-api.smartos_smf_manifest.xml.j2
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: import sensu-api service
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: server
|
21
roles/sensu.sensu/tasks/Ubuntu/dashboard.yml
Normal file
21
roles/sensu.sensu/tasks/Ubuntu/dashboard.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
# tasks/Ubuntu/dashboard.yml: Deployment of the Uchiwa dashboard
|
||||
# Specific to Ubuntu
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: dashboard
|
||||
|
||||
- name: Install Uchiwa
|
||||
tags: dashboard
|
||||
apt:
|
||||
name: uchiwa
|
||||
state: present
|
||||
|
||||
- name: Deploy Uchiwa config
|
||||
tags: dashboard
|
||||
template:
|
||||
src: uchiwa_config.json.j2
|
||||
dest: "{{ sensu_config_path }}/uchiwa.json"
|
||||
notify: restart uchiwa service
|
35
roles/sensu.sensu/tasks/Ubuntu/main.yml
Normal file
35
roles/sensu.sensu/tasks/Ubuntu/main.yml
Normal file
@ -0,0 +1,35 @@
|
||||
---
|
||||
# tasks/Ubuntu/main.yml: Ubuntu specific set-up
|
||||
# This takes care of base prerequisites for Ubuntu
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: setup
|
||||
|
||||
- name: Ensure that https transport is ready
|
||||
tags: setup
|
||||
apt:
|
||||
name: apt-transport-https
|
||||
state: present
|
||||
cache_valid_time: 3600
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure the Sensu APT repo GPG key is present
|
||||
tags: setup
|
||||
apt_key:
|
||||
url: "{{ sensu_apt_key_url }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure the Sensu Core APT repo is present
|
||||
tags: setup
|
||||
apt_repository:
|
||||
repo: "{{ sensu_apt_repo_url }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure Sensu is installed
|
||||
tags: setup
|
||||
apt:
|
||||
name: "{{ sensu_package }}"
|
||||
state: "{{ sensu_pkg_state }}"
|
53
roles/sensu.sensu/tasks/Ubuntu/rabbit.yml
Normal file
53
roles/sensu.sensu/tasks/Ubuntu/rabbit.yml
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
# tasks/Ubuntu/rabbit.yml: Deploy RabbitMQ
|
||||
# Specific to Ubuntu
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: rabbitmq
|
||||
|
||||
- name: Ensure the RabbitMQ APT repo GPG key is present
|
||||
tags: rabbitmq
|
||||
apt_key:
|
||||
url: "{{ sensu_rabbitmq_signing_key }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure the RabbitMQ APT repo is present
|
||||
tags: rabbitmq
|
||||
apt_repository:
|
||||
repo: "{{ sensu_rabbitmq_repo }}"
|
||||
filename: rabbitmq
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure Erlang APT preferences is configured
|
||||
tags: rabbitmq
|
||||
template:
|
||||
src: erlang-apt-preferences.j2
|
||||
dest: /etc/apt/preferences.d/erlang
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure the Erlang APT repo GPG key is present
|
||||
tags: rabbitmq
|
||||
apt_key:
|
||||
url: "{{ sensu_rabbitmq_erlang_signing_key }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure the Erlang APT repo is present
|
||||
tags: rabbitmq
|
||||
apt_repository:
|
||||
repo: "{{ sensu_rabbitmq_erlang_repo }}"
|
||||
filename: erlang
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure RabbitMQ is installed
|
||||
tags: rabbitmq
|
||||
apt:
|
||||
name: rabbitmq-server
|
||||
state: "{{ sensu_rabbitmq_pkg_state }}"
|
||||
cache_valid_time: 600
|
||||
update_cache: true
|
33
roles/sensu.sensu/tasks/Ubuntu/redis.yml
Normal file
33
roles/sensu.sensu/tasks/Ubuntu/redis.yml
Normal file
@ -0,0 +1,33 @@
|
||||
---
|
||||
# tasks/Ubuntu/redis.yml: Deploy redis
|
||||
# Specific to Ubuntu
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
|
||||
- name: Ensure redis is installed
|
||||
apt:
|
||||
name: "{{ sensu_redis_pkg_name }}"
|
||||
state: "{{ sensu_redis_pkg_state }}"
|
||||
update_cache: true
|
||||
register: sensu_ubuntu_redis_install
|
||||
|
||||
# BUG: On Ubuntu 14.04, when first installed, redis, will be started
|
||||
# however, the /var/run/redis/redis-server.pid file gets lost during the restart
|
||||
# causing the process to be orphaned from the init system.
|
||||
# We manually stop it right after install to account for this.
|
||||
- name: Stop redis manually
|
||||
shell: kill $(pgrep redis-server)
|
||||
when:
|
||||
- sensu_ubuntu_redis_install is changed
|
||||
- ansible_distribution_version == '14.04'
|
||||
|
||||
- name: Ensure redis binds to accessible IP
|
||||
lineinfile:
|
||||
dest: /etc/redis/redis.conf
|
||||
regexp: '^bind'
|
||||
line: 'bind 0.0.0.0'
|
||||
notify: restart redis service
|
||||
|
||||
- meta: flush_handlers
|
28
roles/sensu.sensu/tasks/client.yml
Normal file
28
roles/sensu.sensu/tasks/client.yml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
# tasks/client.yml: Deploy various client-side configurations for Sensu
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: client
|
||||
|
||||
- name: Deploy Sensu client service configuration
|
||||
tags: client
|
||||
template:
|
||||
dest: "{{ sensu_config_path }}/conf.d/client.json"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
src: "{{ sensu_client_config }}"
|
||||
mode: "0640"
|
||||
notify: restart sensu-client service
|
||||
|
||||
- include_tasks: "{{ role_path }}/tasks/SmartOS/client.yml"
|
||||
tags: client
|
||||
when: ansible_distribution == "SmartOS"
|
||||
|
||||
- name: Ensure Sensu client service is running
|
||||
tags: client
|
||||
service:
|
||||
name: "{{ sensu_client_service_name }}"
|
||||
state: started
|
||||
enabled: yes
|
57
roles/sensu.sensu/tasks/common.yml
Normal file
57
roles/sensu.sensu/tasks/common.yml
Normal file
@ -0,0 +1,57 @@
|
||||
---
|
||||
# tasks/common.yml: Deploy configurations common to client and server for Sensu
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
|
||||
- name: Ensure the Sensu config directory is present
|
||||
file:
|
||||
dest: "{{ sensu_config_path }}/conf.d"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
mode: "0555"
|
||||
|
||||
- name: Deploy Sensu Redis configuration
|
||||
template:
|
||||
dest: "{{ sensu_config_path }}/conf.d/redis.json"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
src: "{{ sensu_redis_config }}"
|
||||
mode: "0640"
|
||||
when: sensu_deploy_redis_config
|
||||
notify:
|
||||
- restart sensu-server service
|
||||
- restart sensu-api service
|
||||
- restart sensu-enterprise service
|
||||
- restart sensu-client service
|
||||
|
||||
- name: Deploy Sensu RabbitMQ configuration
|
||||
template:
|
||||
dest: "{{ sensu_config_path }}/conf.d/rabbitmq.json"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
src: "{{ sensu_rabbitmq_config }}"
|
||||
mode: "0640"
|
||||
when: sensu_transport == "rabbitmq"
|
||||
and sensu_deploy_rabbitmq_config
|
||||
notify:
|
||||
- restart sensu-server service
|
||||
- restart sensu-api service
|
||||
- restart sensu-enterprise service
|
||||
- restart sensu-client service
|
||||
|
||||
- name: Deploy Sensu transport configuration
|
||||
template:
|
||||
dest: "{{ sensu_config_path }}/conf.d/transport.json"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
src: transport.json.j2
|
||||
mode: "0640"
|
||||
when: sensu_deploy_transport_config
|
||||
notify:
|
||||
- restart sensu-server service
|
||||
- restart sensu-api service
|
||||
- restart sensu-enterprise service
|
||||
- restart sensu-client service
|
12
roles/sensu.sensu/tasks/dashboard.yml
Normal file
12
roles/sensu.sensu/tasks/dashboard.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
# tasks/dashboard.yml: Deployment of the Uchiwa dashboard
|
||||
- name: Include ansible_distribution vars
|
||||
include_tasks: "{{ role_path }}/tasks/{{ ansible_distribution }}/dashboard.yml"
|
||||
tags: dashboard
|
||||
|
||||
- name: Ensure Uchiwa/Sensu Enterprise Dashboard server service is running
|
||||
tags: dashboard
|
||||
service:
|
||||
name: "{{ uchiwa_service_name if not se_enterprise else sensu_enterprise_dashboard_service_name }}"
|
||||
state: started
|
||||
enabled: yes
|
45
roles/sensu.sensu/tasks/main.yml
Normal file
45
roles/sensu.sensu/tasks/main.yml
Normal file
@ -0,0 +1,45 @@
|
||||
---
|
||||
# tasks/main.yml: "Master" playbook for the sensu.sensu role
|
||||
|
||||
- name: Include distribution specific variables
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
|
||||
- include_tasks: "{{ role_path }}/tasks/{{ ansible_distribution }}/main.yml"
|
||||
tags: setup
|
||||
when: sensu_master
|
||||
or sensu_client
|
||||
|
||||
- import_tasks: "redis.yml"
|
||||
tags: redis
|
||||
when: sensu_redis_server
|
||||
and sensu_deploy_redis_server
|
||||
|
||||
- import_tasks: "ssl.yml"
|
||||
tags: ssl
|
||||
|
||||
- import_tasks: "rabbit.yml"
|
||||
tags: rabbitmq
|
||||
when: sensu_rabbitmq_server
|
||||
and sensu_deploy_rabbitmq_server
|
||||
|
||||
- import_tasks: "common.yml"
|
||||
tags: common
|
||||
when: sensu_master
|
||||
or sensu_client
|
||||
|
||||
- import_tasks: "server.yml"
|
||||
tags: server
|
||||
when: sensu_master
|
||||
|
||||
- import_tasks: "dashboard.yml"
|
||||
tags: dashboard
|
||||
when: sensu_include_dashboard
|
||||
|
||||
- import_tasks: "client.yml"
|
||||
tags: client
|
||||
when: sensu_client
|
||||
|
||||
- import_tasks: "plugins.yml"
|
||||
tags: plugins
|
||||
when: sensu_include_plugins
|
152
roles/sensu.sensu/tasks/plugins.yml
Normal file
152
roles/sensu.sensu/tasks/plugins.yml
Normal file
@ -0,0 +1,152 @@
|
||||
---
|
||||
# tasks/plugins.yml: Deploy available checks/plugins/handlers/filters/mutators
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
|
||||
- name: Ensure Sensu plugin directory exists
|
||||
file:
|
||||
dest: "{{ sensu_config_path }}/plugins"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
|
||||
- name: Ensure local directories exist
|
||||
file:
|
||||
state: directory
|
||||
dest: "{{ static_data_store }}/sensu/{{ item }}"
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
run_once: true
|
||||
loop:
|
||||
- checks
|
||||
- filters
|
||||
- handlers
|
||||
- mutators
|
||||
- definitions
|
||||
- client_definitions
|
||||
- client_templates
|
||||
|
||||
- name: Ensure any remote plugins defined are present
|
||||
shell: umask 0022; sensu-install -p {{ item }}
|
||||
loop: "{{ sensu_remote_plugins }}"
|
||||
changed_when: false
|
||||
when: sensu_remote_plugins | length > 0
|
||||
|
||||
- name: Register available checks
|
||||
command: "ls {{ static_data_store }}/sensu/checks"
|
||||
delegate_to: localhost
|
||||
register: sensu_available_checks
|
||||
changed_when: false
|
||||
become: false
|
||||
run_once: true
|
||||
|
||||
- name: Deploy check plugins
|
||||
copy:
|
||||
src: "{{ static_data_store }}/sensu/checks/{{ item }}/"
|
||||
dest: "{{ sensu_config_path }}/plugins/"
|
||||
mode: 0755
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
when:
|
||||
- sensu_available_checks is defined
|
||||
- sensu_available_checks is not skipped
|
||||
- item in sensu_available_checks.stdout_lines
|
||||
loop: "{{ group_names|flatten }}"
|
||||
notify: restart sensu-client service
|
||||
|
||||
- name: Deploy handler plugins
|
||||
copy:
|
||||
src: "{{ static_data_store }}/sensu/handlers/"
|
||||
dest: "{{ sensu_config_path }}/plugins/"
|
||||
mode: 0755
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
notify: restart sensu-client service
|
||||
|
||||
- name: Deploy filter plugins
|
||||
copy:
|
||||
src: "{{ static_data_store }}/sensu/filters/"
|
||||
dest: "{{ sensu_config_path }}/plugins/"
|
||||
mode: 0755
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
notify: restart sensu-client service
|
||||
|
||||
- name: Deploy mutator plugins
|
||||
copy:
|
||||
src: "{{ static_data_store }}/sensu/mutators/"
|
||||
dest: "{{ sensu_config_path }}/plugins/"
|
||||
mode: 0755
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
notify: restart sensu-client service
|
||||
|
||||
- name: Deploy check/handler/filter/mutator definitions to the master
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ sensu_config_path }}/conf.d/{{ item | basename | regex_replace('.j2', '') }}"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
when: sensu_master
|
||||
with_fileglob:
|
||||
- "{{ static_data_store }}/sensu/definitions/*"
|
||||
notify:
|
||||
- restart sensu-server service
|
||||
- restart sensu-api service
|
||||
- restart sensu-enterprise service
|
||||
|
||||
- name: Register available client definitions
|
||||
command: "ls {{ static_data_store }}/sensu/client_definitions"
|
||||
delegate_to: localhost
|
||||
register: sensu_available_client_definitions
|
||||
changed_when: false
|
||||
become: false
|
||||
run_once: true
|
||||
|
||||
- name: Deploy client definitions
|
||||
copy:
|
||||
src: "{{ static_data_store }}/sensu/client_definitions/{{ item }}/"
|
||||
dest: "{{ sensu_config_path }}/conf.d/{{ item | basename | regex_replace('.j2', '') }}"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
when:
|
||||
- sensu_available_client_definitions is defined
|
||||
- sensu_available_client_definitions is not skipped
|
||||
- item in sensu_available_client_definitions.stdout_lines
|
||||
loop: "{{ group_names|flatten }}"
|
||||
notify: restart sensu-client service
|
||||
|
||||
- name: Register available client templates
|
||||
command: "ls {{ static_data_store }}/sensu/client_templates"
|
||||
delegate_to: localhost
|
||||
register: sensu_available_client_templates
|
||||
changed_when: false
|
||||
become: false
|
||||
run_once: true
|
||||
|
||||
- name: Deploy client template folders
|
||||
file:
|
||||
path: '{{ sensu_config_path }}/conf.d/{{ item | basename }}'
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
when:
|
||||
- sensu_available_client_templates is defined
|
||||
- sensu_available_client_templates is not skipped
|
||||
- item in sensu_available_client_templates.stdout_lines
|
||||
loop: "{{ group_names|flatten }}"
|
||||
notify: restart sensu-client service
|
||||
|
||||
- name: Deploy client templates
|
||||
template:
|
||||
src: "{{ static_data_store }}/sensu/client_templates/{{ item.path | dirname }}/{{ item.path | basename }}"
|
||||
dest: "{{ sensu_config_path }}/conf.d/{{ item.path | dirname }}/{{ item.path | basename | regex_replace('.j2', '') }}"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
with_filetree: "{{ static_data_store }}/sensu/client_templates"
|
||||
when:
|
||||
- item.state == 'file'
|
||||
- item.path | dirname in group_names
|
||||
notify: restart sensu-client service
|
76
roles/sensu.sensu/tasks/rabbit.yml
Normal file
76
roles/sensu.sensu/tasks/rabbit.yml
Normal file
@ -0,0 +1,76 @@
|
||||
---
|
||||
# tasks/rabbit.yml: Deploy RabbitMQ and set-up vhost for Sensu messaging
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: rabbitmq
|
||||
|
||||
- include_tasks: "{{ ansible_distribution }}/rabbit.yml"
|
||||
tags: rabbitmq
|
||||
|
||||
- name: Ensure RabbitMQ SSL directory exists
|
||||
tags: rabbitmq
|
||||
file:
|
||||
dest: "{{ sensu_rabbitmq_config_path }}/ssl"
|
||||
state: directory
|
||||
|
||||
- name: Ensure RabbitMQ SSL certs/keys are in place
|
||||
tags: rabbitmq
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ sensu_rabbitmq_config_path }}/ssl/{{ item.dest }}"
|
||||
remote_src: "{{ sensu_ssl_deploy_remote_src }}"
|
||||
loop:
|
||||
- { src: "{{ sensu_ssl_server_cacert }}", dest: cacert.pem }
|
||||
- { src: "{{ sensu_ssl_server_cert }}", dest: cert.pem }
|
||||
- { src: "{{ sensu_ssl_server_key }}", dest: key.pem }
|
||||
notify:
|
||||
- restart rabbitmq service
|
||||
- restart sensu-api service
|
||||
- restart sensu-server service
|
||||
- restart sensu-enterprise service
|
||||
when: sensu_ssl_manage_certs
|
||||
|
||||
- name: Deploy RabbitMQ config
|
||||
tags: rabbitmq
|
||||
template:
|
||||
dest: "{{ sensu_rabbitmq_config_path }}/rabbitmq.config"
|
||||
src: "{{ sensu_rabbitmq_config_template }}"
|
||||
owner: root
|
||||
group: "{{ __root_group }}"
|
||||
mode: 0644
|
||||
notify: restart rabbitmq service
|
||||
|
||||
- name: Ensure RabbitMQ is running
|
||||
tags: rabbitmq
|
||||
service:
|
||||
name: "{{ sensu_rabbitmq_service_name }}"
|
||||
state: started
|
||||
enabled: true
|
||||
register: sensu_rabbitmq_state
|
||||
|
||||
- name: Wait for RabbitMQ to be up and running before asking to create a vhost
|
||||
tags: rabbitmq
|
||||
pause:
|
||||
seconds: 3
|
||||
when: sensu_rabbitmq_state is changed
|
||||
|
||||
- block:
|
||||
- name: Ensure Sensu RabbitMQ vhost exists
|
||||
rabbitmq_vhost:
|
||||
name: "{{ sensu_rabbitmq_vhost }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure Sensu RabbitMQ user has access to the Sensu vhost
|
||||
rabbitmq_user:
|
||||
user: "{{ sensu_rabbitmq_user_name }}"
|
||||
password: "{{ sensu_rabbitmq_password }}"
|
||||
vhost: "{{ sensu_rabbitmq_vhost }}"
|
||||
configure_priv: .*
|
||||
read_priv: .*
|
||||
write_priv: .*
|
||||
state: present
|
||||
become: true
|
||||
become_user: rabbitmq
|
||||
tags: rabbitmq
|
14
roles/sensu.sensu/tasks/redis.yml
Normal file
14
roles/sensu.sensu/tasks/redis.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
# tasks/redis.yml: Deploy redis
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_tasks: "{{ role_path }}/tasks/{{ ansible_distribution }}/redis.yml"
|
||||
tags: redis
|
||||
|
||||
- name: Ensure redis is running
|
||||
tags: redis
|
||||
service:
|
||||
name: "{{ sensu_redis_service_name }}"
|
||||
pattern: /usr/bin/redis-server
|
||||
state: started
|
||||
enabled: true
|
44
roles/sensu.sensu/tasks/server.yml
Normal file
44
roles/sensu.sensu/tasks/server.yml
Normal file
@ -0,0 +1,44 @@
|
||||
---
|
||||
# tasks/server.yml: Deploy Sensu Server/API
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
tags: server
|
||||
|
||||
- name: Deploy Sensu server API configuration
|
||||
tags: server
|
||||
template:
|
||||
dest: "{{ sensu_config_path }}/conf.d/api.json"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
src: sensu-api.json.j2
|
||||
notify: restart sensu-api service
|
||||
|
||||
- name: Deploy Tessen server configuratiuon
|
||||
tags: server
|
||||
template:
|
||||
dest: "{{ sensu_config_path }}/conf.d/tessen.json"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
src: sensu-tessen.json.j2
|
||||
notify: restart sensu-server service
|
||||
|
||||
- include_tasks: "{{ role_path }}/tasks/SmartOS/server.yml"
|
||||
tags: server
|
||||
when: ansible_distribution == "SmartOS"
|
||||
|
||||
- name: Ensure Sensu server service is running
|
||||
tags: server
|
||||
service:
|
||||
name: "{{ sensu_server_service_name if not se_enterprise else sensu_enterprise_service_name }}"
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: Ensure Sensu API service is running
|
||||
tags: server
|
||||
service:
|
||||
name: sensu-api
|
||||
state: started
|
||||
enabled: yes
|
||||
when: not se_enterprise
|
31
roles/sensu.sensu/tasks/ssl.yml
Normal file
31
roles/sensu.sensu/tasks/ssl.yml
Normal file
@ -0,0 +1,31 @@
|
||||
---
|
||||
# tasks/ssl.yml: Deploy the client SSL cert/key to client systems
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
|
||||
- name: Ensure Sensu SSL directory exists
|
||||
file:
|
||||
dest: "{{ sensu_config_path }}/ssl"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
when: sensu_ssl_manage_certs
|
||||
|
||||
- include_tasks: "{{ role_path }}/tasks/ssl_generate.yml"
|
||||
when: sensu_ssl_gen_certs
|
||||
|
||||
- name: Deploy the Sensu client SSL cert/key
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
remote_src: "{{ sensu_ssl_deploy_remote_src }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
dest: "{{ sensu_config_path }}/ssl/{{ item.dest }}"
|
||||
mode: " {{ item.perm }}"
|
||||
loop:
|
||||
- {src: "{{ sensu_ssl_client_cert }}", dest: cert.pem, perm: "0640" }
|
||||
- {src: "{{ sensu_ssl_client_key }}", dest: key.pem, perm: "0640" }
|
||||
notify: restart sensu-client service
|
||||
when: sensu_ssl_manage_certs
|
129
roles/sensu.sensu/tasks/ssl_generate.yml
Normal file
129
roles/sensu.sensu/tasks/ssl_generate.yml
Normal file
@ -0,0 +1,129 @@
|
||||
---
|
||||
# tasks/ssl_generate.yml: Generate SSL data and stash to dynamic
|
||||
# data store for deployment to clients
|
||||
|
||||
- name: Include ansible_distribution vars
|
||||
include_vars:
|
||||
file: "{{ ansible_distribution }}.yml"
|
||||
|
||||
- name: Ensure OpenSSL is installed
|
||||
package:
|
||||
name: openssl
|
||||
state: present
|
||||
|
||||
- name: Ensure SSL generation directory exists
|
||||
file:
|
||||
dest: "{{ sensu_config_path }}/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
when: sensu_master
|
||||
loop:
|
||||
- ssl_generation
|
||||
- ssl_generation/sensu_ssl_tool
|
||||
- ssl_generation/sensu_ssl_tool/client
|
||||
- ssl_generation/sensu_ssl_tool/server
|
||||
- ssl_generation/sensu_ssl_tool/sensu_ca
|
||||
- ssl_generation/sensu_ssl_tool/sensu_ca/private
|
||||
- ssl_generation/sensu_ssl_tool/sensu_ca/certs
|
||||
|
||||
- name: Ensure OpenSSL configuration is in place
|
||||
template:
|
||||
src: openssl.cnf.j2
|
||||
dest: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/sensu_ca/openssl.cnf"
|
||||
owner: "{{ sensu_user_name }}"
|
||||
group: "{{ sensu_group_name }}"
|
||||
when: sensu_master
|
||||
|
||||
- block:
|
||||
- name: Ensure the Sensu CA serial configuration
|
||||
shell: 'echo 01 > sensu_ca/serial'
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/sensu_ca/serial"
|
||||
register: sensu_ca_new_serial
|
||||
|
||||
- name: Ensure sensu_ca/index.txt exists
|
||||
file:
|
||||
dest: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/sensu_ca/index.txt"
|
||||
state: touch
|
||||
when: sensu_ca_new_serial is changed
|
||||
|
||||
# TODO: The following mirrors the commands used in sensu_ssl_tool/ssl_certs.sh
|
||||
# from the 1.3 version of the script. Ideally, this moves into the native openssl_* modules.
|
||||
# See https://docs.sensu.io/sensu-core/1.3/reference/ssl/#reference-documentation for limitations and further instructions
|
||||
- name: Generate Sensu CA certificate
|
||||
command: openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 1825 -out cacert.pem -outform PEM -subj /CN=SensuCA/ -nodes
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/sensu_ca"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/sensu_ca/cacert.pem"
|
||||
|
||||
- name: Generate CA cert
|
||||
command: openssl x509 -in cacert.pem -out cacert.cer -outform DER
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/sensu_ca"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/sensu_ca/cacert.cer"
|
||||
|
||||
- name: Generate server keys
|
||||
command: openssl genrsa -out key.pem 2048
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/server"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/server/key.pem"
|
||||
|
||||
- name: Generate server certificate signing request
|
||||
command: openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=sensu/O=server/ -nodes
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/server"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/server/req.pem"
|
||||
|
||||
- name: Sign the server certificate
|
||||
command: openssl ca -config openssl.cnf -in ../server/req.pem -out ../server/cert.pem -notext -batch -extensions server_ca_extensions
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/sensu_ca"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/server/cert.pem"
|
||||
|
||||
- name: Convert server certificate and key to PKCS12 formart
|
||||
command: openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:secret
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/server"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/server/keycert.p12"
|
||||
|
||||
- name: Generate client key
|
||||
command: openssl genrsa -out key.pem 2048
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/client"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/client/key.pem"
|
||||
|
||||
- name: Generate client certificate signing request
|
||||
command: openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=sensu/O=client/ -nodes
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/client"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/client/req.pem"
|
||||
|
||||
- name: Sign the client certificate
|
||||
command: openssl ca -config openssl.cnf -in ../client/req.pem -out ../client/cert.pem -notext -batch -extensions client_ca_extensions
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/sensu_ca"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/client/cert.pem"
|
||||
|
||||
- name: Convert client key/certificate to PKCS12 format
|
||||
command: openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:secret
|
||||
args:
|
||||
chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/client"
|
||||
creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/client/keycert.p12"
|
||||
|
||||
when: sensu_master|bool
|
||||
become: true
|
||||
become_user: "{{ sensu_user_name }}"
|
||||
|
||||
- name: Stash the Sensu SSL certs/keys
|
||||
fetch:
|
||||
src: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/{{ item }}"
|
||||
dest: "{{ dynamic_data_store }}"
|
||||
when: sensu_master
|
||||
loop:
|
||||
- sensu_ca/cacert.pem
|
||||
- server/cert.pem
|
||||
- server/key.pem
|
||||
- client/cert.pem
|
||||
- client/key.pem
|
15
roles/sensu.sensu/templates/client.json.j2
Normal file
15
roles/sensu.sensu/templates/client.json.j2
Normal file
@ -0,0 +1,15 @@
|
||||
{
|
||||
"client": {
|
||||
"name": "{{ sensu_client_name }}",
|
||||
"address": "{{ ansible_default_ipv4['address'] }}",
|
||||
"subscriptions": {{ sensu_client_subscriptions | to_nice_json(indent=6) }},
|
||||
"keepalive": {
|
||||
"handlers": {{ sensu_client_keepalive_handlers | to_nice_json(indent=8) }},
|
||||
"thresholds": {
|
||||
"warning": {{ sensu_client_keepalive_threshold_warning }},
|
||||
"critical": {{ sensu_client_keepalive_threshold_critical }}
|
||||
}
|
||||
},
|
||||
"safe_mode": {{ sensu_client_safe_mode | bool | lower }}
|
||||
}
|
||||
}
|
4
roles/sensu.sensu/templates/erlang-apt-preferences.j2
Normal file
4
roles/sensu.sensu/templates/erlang-apt-preferences.j2
Normal file
@ -0,0 +1,4 @@
|
||||
{{ ansible_managed | comment }}
|
||||
Package: {{ sensu_erlang_pin_package }}
|
||||
Pin: version {{ sensu_erlang_pin_version }}
|
||||
Pin-Priority: 1000
|
56
roles/sensu.sensu/templates/openssl.cnf.j2
Normal file
56
roles/sensu.sensu/templates/openssl.cnf.j2
Normal file
@ -0,0 +1,56 @@
|
||||
{{ ansible_managed | comment }}
|
||||
# Source: http://docs.sensu.io/sensu-core/1.3/files/sensu_ssl_tool.tar
|
||||
|
||||
[ ca ]
|
||||
default_ca = sensu_ca
|
||||
|
||||
[ sensu_ca ]
|
||||
dir = .
|
||||
certificate = $dir/cacert.pem
|
||||
database = $dir/index.txt
|
||||
new_certs_dir = $dir/certs
|
||||
private_key = $dir/private/cakey.pem
|
||||
serial = $dir/serial
|
||||
|
||||
default_crl_days = 7
|
||||
default_days = 1825
|
||||
default_md = sha1
|
||||
|
||||
policy = sensu_ca_policy
|
||||
x509_extensions = certificate_extensions
|
||||
|
||||
[ sensu_ca_policy ]
|
||||
commonName = supplied
|
||||
stateOrProvinceName = optional
|
||||
countryName = optional
|
||||
emailAddress = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
|
||||
[ certificate_extensions ]
|
||||
basicConstraints = CA:false
|
||||
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = ./private/cakey.pem
|
||||
default_md = sha1
|
||||
prompt = yes
|
||||
distinguished_name = root_ca_distinguished_name
|
||||
x509_extensions = root_ca_extensions
|
||||
|
||||
[ root_ca_distinguished_name ]
|
||||
commonName = sensu
|
||||
|
||||
[ root_ca_extensions ]
|
||||
basicConstraints = CA:true
|
||||
keyUsage = keyCertSign, cRLSign
|
||||
|
||||
[ client_ca_extensions ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = digitalSignature
|
||||
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
|
||||
|
||||
[ server_ca_extensions ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = keyEncipherment
|
||||
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
|
16
roles/sensu.sensu/templates/rabbitmq.config.j2
Normal file
16
roles/sensu.sensu/templates/rabbitmq.config.j2
Normal file
@ -0,0 +1,16 @@
|
||||
[
|
||||
{rabbit, [
|
||||
{% if sensu_rabbitmq_enable_ssl %}
|
||||
{ssl_listeners, [{{ sensu_rabbitmq_port }}]},
|
||||
{ssl_options, [{cacertfile,"{{ sensu_rabbitmq_config_path }}/ssl/cacert.pem"},
|
||||
{certfile,"{{ sensu_rabbitmq_config_path }}/ssl/cert.pem"},
|
||||
{keyfile,"{{ sensu_rabbitmq_config_path }}/ssl/key.pem"},
|
||||
{verify,verify_peer},
|
||||
{versions, ['tlsv1.2']},
|
||||
{ciphers, [{rsa,aes_256_cbc,sha256}]},
|
||||
{fail_if_no_peer_cert,true}]}
|
||||
{% else %}
|
||||
{tcp_listeners, [{{ sensu_rabbitmq_port }}]}
|
||||
{% endif %}
|
||||
]}
|
||||
].
|
10
roles/sensu.sensu/templates/sensu-api.json.j2
Normal file
10
roles/sensu.sensu/templates/sensu-api.json.j2
Normal file
@ -0,0 +1,10 @@
|
||||
{
|
||||
"api": {
|
||||
{% if sensu_api_user_name %}
|
||||
"user": "{{ sensu_api_user_name }}",
|
||||
"password": "{{ sensu_api_password }}",
|
||||
{% endif %}
|
||||
"host": "{{ sensu_api_host }}",
|
||||
"port": {{ sensu_api_port }}
|
||||
}
|
||||
}
|
@ -0,0 +1,32 @@
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
|
||||
<service_bundle type="manifest" name="sensu-api">
|
||||
<service name="application/sensu-api" type="service" version="1">
|
||||
<create_default_instance enabled="false" />
|
||||
<single_instance />
|
||||
<dependency name="network" grouping="require_all" restart_on="error" type="service">
|
||||
<service_fmri value="svc:/milestone/network:default" />
|
||||
</dependency>
|
||||
<dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
|
||||
<service_fmri value="svc:/system/filesystem/local" />
|
||||
</dependency>
|
||||
<method_context>
|
||||
<method_credential user="{{ sensu_user_name }}" group="{{ sensu_group_name }}" />
|
||||
<method_environment>
|
||||
<envvar name="HOME" value="{{ sensu_config_path }}" />
|
||||
<envvar name="PATH" value="/opt/local/sbin:/opt/local/bin:/sbin:/usr/sbin:/usr/bin" />
|
||||
</method_environment>
|
||||
</method_context>
|
||||
<exec_method type="method" name="start" exec="/opt/local/bin/sensu-api --background --config_dir ${HOME}" timeout_seconds="60" />
|
||||
<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
|
||||
<property_group name="startd" type="framework">
|
||||
<propval name="duration" type="astring" value="contract" />
|
||||
</property_group>
|
||||
<stability value="Evolving" />
|
||||
<template>
|
||||
<common_name>
|
||||
<loctext xml:lang="C">Sensu API</loctext>
|
||||
</common_name>
|
||||
</template>
|
||||
</service>
|
||||
</service_bundle>
|
@ -0,0 +1,32 @@
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
|
||||
<service_bundle type="manifest" name="sensu-client">
|
||||
<service name="application/sensu-client" type="service" version="1">
|
||||
<create_default_instance enabled="false" />
|
||||
<single_instance />
|
||||
<dependency name="network" grouping="require_all" restart_on="error" type="service">
|
||||
<service_fmri value="svc:/milestone/network:default" />
|
||||
</dependency>
|
||||
<dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
|
||||
<service_fmri value="svc:/system/filesystem/local" />
|
||||
</dependency>
|
||||
<method_context>
|
||||
<method_credential user="{{ sensu_user_name }}" group="{{ sensu_group_name }}" />
|
||||
<method_environment>
|
||||
<envvar name="HOME" value="{{ sensu_config_path }}" />
|
||||
<envvar name="PATH" value="/opt/local/sbin:/opt/local/bin:/sbin:/usr/sbin:/usr/bin" />
|
||||
</method_environment>
|
||||
</method_context>
|
||||
<exec_method type="method" name="start" exec="/opt/local/bin/sensu-client --background --config_dir ${HOME}" timeout_seconds="60" />
|
||||
<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
|
||||
<property_group name="startd" type="framework">
|
||||
<propval name="duration" type="astring" value="contract" />
|
||||
</property_group>
|
||||
<stability value="Evolving" />
|
||||
<template>
|
||||
<common_name>
|
||||
<loctext xml:lang="C">Sensu Client</loctext>
|
||||
</common_name>
|
||||
</template>
|
||||
</service>
|
||||
</service_bundle>
|
5
roles/sensu.sensu/templates/sensu-freebsd-repo.conf.j2
Normal file
5
roles/sensu.sensu/templates/sensu-freebsd-repo.conf.j2
Normal file
@ -0,0 +1,5 @@
|
||||
sensu: {
|
||||
url: "{{ sensu_freebsd_url }}",
|
||||
enabled: true,
|
||||
mirror_type: "http"
|
||||
}
|
15
roles/sensu.sensu/templates/sensu-rabbitmq.json.j2
Normal file
15
roles/sensu.sensu/templates/sensu-rabbitmq.json.j2
Normal file
@ -0,0 +1,15 @@
|
||||
{
|
||||
"rabbitmq": {
|
||||
{% if sensu_rabbitmq_enable_ssl %}
|
||||
"ssl": {
|
||||
"cert_chain_file": "{{ sensu_config_path }}/ssl/cert.pem",
|
||||
"private_key_file": "{{ sensu_config_path }}/ssl/key.pem"
|
||||
},
|
||||
{% endif %}
|
||||
"host": "{{ sensu_rabbitmq_host }}",
|
||||
"port": {{ sensu_rabbitmq_port }},
|
||||
"vhost": "{{ sensu_rabbitmq_vhost }}",
|
||||
"user": "{{ sensu_rabbitmq_user_name }}",
|
||||
"password": "{{ sensu_rabbitmq_password }}"
|
||||
}
|
||||
}
|
14
roles/sensu.sensu/templates/sensu-redis.json.j2
Normal file
14
roles/sensu.sensu/templates/sensu-redis.json.j2
Normal file
@ -0,0 +1,14 @@
|
||||
{
|
||||
"redis": {
|
||||
{% if sensu_redis_password %}
|
||||
"password": "{{ sensu_redis_password }}",
|
||||
{% endif %}
|
||||
{% if sensu_redis_sentinels %}
|
||||
"sentinels": {{ sensu_redis_sentinels | to_nice_json }},
|
||||
"master": "{{ sensu_redis_master_name }}"
|
||||
{% else %}
|
||||
"host": "{{ sensu_redis_host }}",
|
||||
"port": {{ sensu_redis_port }}
|
||||
{% endif %}
|
||||
}
|
||||
}
|
@ -0,0 +1,32 @@
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
|
||||
<service_bundle type="manifest" name="sensu-server">
|
||||
<service name="application/sensu-server" type="service" version="1">
|
||||
<create_default_instance enabled="false" />
|
||||
<single_instance />
|
||||
<dependency name="network" grouping="require_all" restart_on="error" type="service">
|
||||
<service_fmri value="svc:/milestone/network:default" />
|
||||
</dependency>
|
||||
<dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
|
||||
<service_fmri value="svc:/system/filesystem/local" />
|
||||
</dependency>
|
||||
<method_context>
|
||||
<method_credential user="{{ sensu_user_name }}" group="{{ sensu_group_name }}" />
|
||||
<method_environment>
|
||||
<envvar name="HOME" value="{{ sensu_config_path }}" />
|
||||
<envvar name="PATH" value="/opt/local/sbin:/opt/local/bin:/sbin:/usr/sbin:/usr/bin" />
|
||||
</method_environment>
|
||||
</method_context>
|
||||
<exec_method type="method" name="start" exec="/opt/local/bin/sensu-server --background --config_dir ${HOME}" timeout_seconds="60" />
|
||||
<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
|
||||
<property_group name="startd" type="framework">
|
||||
<propval name="duration" type="astring" value="contract" />
|
||||
</property_group>
|
||||
<stability value="Evolving" />
|
||||
<template>
|
||||
<common_name>
|
||||
<loctext xml:lang="C">Sensu Server</loctext>
|
||||
</common_name>
|
||||
</template>
|
||||
</service>
|
||||
</service_bundle>
|
5
roles/sensu.sensu/templates/sensu-tessen.json.j2
Normal file
5
roles/sensu.sensu/templates/sensu-tessen.json.j2
Normal file
@ -0,0 +1,5 @@
|
||||
{
|
||||
"tessen": {
|
||||
"enabled": {{ sensu_enable_tessen | bool | lower }}
|
||||
}
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user