diff --git a/changelogs/fix_running_non_root_with_become.yml b/changelogs/fix_running_non_root_with_become.yml new file mode 100644 index 00000000..f3974a6d --- /dev/null +++ b/changelogs/fix_running_non_root_with_become.yml @@ -0,0 +1,2 @@ +bugfixes: + - Added become to tasks and handlers to be able to connect as non root user. diff --git a/doc/role-monitoring_plugins/role-monitoring_plugins.md b/doc/role-monitoring_plugins/role-monitoring_plugins.md index 60c47c1b..bc8071c0 100644 --- a/doc/role-monitoring_plugins/role-monitoring_plugins.md +++ b/doc/role-monitoring_plugins/role-monitoring_plugins.md @@ -73,7 +73,7 @@ Install check commands - hosts: - host1 - become: yes + become: true vars: icinga_monitoring_plugins_epel: true icinga_monitoring_plugins_crb: true @@ -96,7 +96,7 @@ Remove all check commands known to this role. Also remove unneeded dependencies. - hosts: - host1 - become: yes + become: true vars: icinga_monitoring_plugins_autoremove: true icinga_monitoring_plugins_check_commands: [] diff --git a/molecule/local-default-pgsql/prepare.yml b/molecule/local-default-pgsql/prepare.yml index e31a4e28..c3870d30 100644 --- a/molecule/local-default-pgsql/prepare.yml +++ b/molecule/local-default-pgsql/prepare.yml @@ -1,7 +1,7 @@ --- - name: Prepare hosts: all - become: yes + become: true tasks: - name: Install requirements for Debian apt: diff --git a/molecule/local-default/prepare.yml b/molecule/local-default/prepare.yml index e31a4e28..c3870d30 100644 --- a/molecule/local-default/prepare.yml +++ b/molecule/local-default/prepare.yml @@ -1,7 +1,7 @@ --- - name: Prepare hosts: all - become: yes + become: true tasks: - name: Install requirements for Debian apt: diff --git a/roles/icinga2/handlers/main.yml b/roles/icinga2/handlers/main.yml index c9bbfbdd..8df0be40 100644 --- a/roles/icinga2/handlers/main.yml +++ b/roles/icinga2/handlers/main.yml @@ -1,10 +1,12 @@ --- - name: restart icinga2 service + become: true service: name: icinga2 state: restarted - name: reload icinga2 service + become: true service: name: icinga2 state: reloaded diff --git a/roles/icinga2/tasks/configure.yml b/roles/icinga2/tasks/configure.yml index 5efb46ab..3d9d6e26 100644 --- a/roles/icinga2/tasks/configure.yml +++ b/roles/icinga2/tasks/configure.yml @@ -5,6 +5,7 @@ with_items: "{{ icinga2_features }}" - name: main config file {{ icinga2_config_path + '/icinga2.conf' }} + become: true template: src: icinga2.conf.j2 dest: "{{ icinga2_config_path + '/icinga2.conf' }}" @@ -17,6 +18,7 @@ icinga2_combined_constants: "{{ icinga2_default_constants | combine(icinga2_constants) }}" - name: set constants in {{ icinga2_config_path + '/constants.conf' }} + become: true ansible.builtin.template: src: constants.conf.j2 dest: "{{ icinga2_config_path + '/constants.conf' }}" @@ -31,6 +33,7 @@ include_tasks: objects.yml - name: ensure monitoring config directories + become: true ansible.builtin.file: path: "{{ icinga2_config_path }}/{{ item }}" state: directory @@ -49,6 +52,7 @@ #- item.split('/')[0] in icinga2_local_config or item.split('/')[0] == 'zones.d' - name: collect config fragments + become: true find: path: "{{ icinga2_fragments_path }}" recurse: yes @@ -56,6 +60,7 @@ register: result_frag - name: cleanup config files + become: true file: state: absent dest: "{{ item.path }}" @@ -65,6 +70,7 @@ - item.path not in _icinga2_custom_conf_paths - name: collect empty config dirs + become: true shell: >- find {{ icinga2_fragments_path }} -mindepth 1 -type d -empty register: _empty_result @@ -72,12 +78,14 @@ changed_when: _empty_result.stdout_lines |length > 0 - name: remove empty config dirs + become: true file: state: absent path: "{{ item }}" loop: "{{ _empty_result.stdout_lines }}" - name: collect config files + become: true find: path: "{{ icinga2_fragments_path }}" recurse: yes @@ -86,6 +94,7 @@ register: result - name: assemble config files + become: true ansible.builtin.assemble: src: "{{ item.path }}" dest: "{{ item.path |regex_replace('^'+icinga2_fragments_path, '/etc/icinga2') }}" @@ -97,6 +106,7 @@ notify: reload icinga2 service - name: enable features + become: true file: state: "{{ 'link' if (item.state is undefined or item.state != 'absent') else 'absent' }}" path: "{{ '/etc/icinga2/features-enabled/' + icinga2_feature_realname[item.name]|default(item.name) + '.conf' }}" @@ -105,6 +115,7 @@ notify: reload icinga2 service - name: remove empty config files + become: true ansible.builtin.file: state: absent path: "{{ item |regex_replace('^'+icinga2_fragments_path, '/etc/icinga2') }}" diff --git a/roles/icinga2/tasks/features.yml b/roles/icinga2/tasks/features.yml index 76aa72c3..88065581 100644 --- a/roles/icinga2/tasks/features.yml +++ b/roles/icinga2/tasks/features.yml @@ -1,6 +1,7 @@ --- - name: collect all files in {{ icinga2_config_path + '/features-enabled' }} + become: true find: paths: "{{ icinga2_config_path + '/features-enabled' }}" patterns: '*.conf' @@ -15,6 +16,7 @@ when: icinga2_purge_features - name: purge features + become: true file: state: absent path: "{{ '/etc/icinga2/features-enabled/' + icinga2_feature_realname[item]|default(item) + '.conf' }}" diff --git a/roles/icinga2/tasks/features/idomysql.yml b/roles/icinga2/tasks/features/idomysql.yml index f6614c62..658005ad 100644 --- a/roles/icinga2/tasks/features/idomysql.yml +++ b/roles/icinga2/tasks/features/idomysql.yml @@ -5,6 +5,7 @@ icinga2_import_schema: "{{ icinga2_dict_features.idomysql.import_schema| default(False) }}" - name: feature idomysql IdoMysqlConnection object + become: true icinga2_object: name: ido-mysql type: IdoMysqlConnection @@ -38,6 +39,7 @@ "{{ icinga2_dict_features.idomysql.database | default('icinga2') }}" - name: MySQL check for IDO schema + become: true shell: > {{ mysqlcmd }} -Ns -e "select version from icinga_dbversion" @@ -47,6 +49,7 @@ register: db_schema - name: MySQL import IDO schema + become: true shell: > {{ mysqlcmd }} < /usr/share/icinga2-ido-mysql/schema/mysql.sql diff --git a/roles/icinga2/tasks/features/idomysql/install_on_Debian.yml b/roles/icinga2/tasks/features/idomysql/install_on_Debian.yml index 4b871d6f..a737c491 100644 --- a/roles/icinga2/tasks/features/idomysql/install_on_Debian.yml +++ b/roles/icinga2/tasks/features/idomysql/install_on_Debian.yml @@ -1,6 +1,7 @@ --- - name: directory dbconfig-common + become: true file: state: directory path: /etc/dbconfig-common @@ -9,6 +10,7 @@ mode: 0755 - name: DBconfig for IDO MySQL + become: true copy: dest: /etc/dbconfig-common/icinga2-ido-mysql.conf content: | @@ -20,6 +22,7 @@ mode: 0600 - name: Apt - install package icinga2-ido-mysql + become: true apt: name: icinga2-ido-mysql state: present diff --git a/roles/icinga2/tasks/install.yml b/roles/icinga2/tasks/install.yml index 7dc090ad..8f18aab9 100644 --- a/roles/icinga2/tasks/install.yml +++ b/roles/icinga2/tasks/install.yml @@ -9,6 +9,7 @@ msg: "The OS {{ ansible_os_family }} is not supported!" - name: Prepare fragments path + become: true ansible.builtin.file: state: directory path: "{{ icinga2_fragments_path }}" diff --git a/roles/icinga2/tasks/install_on_Debian.yml b/roles/icinga2/tasks/install_on_Debian.yml index f787d3e9..7dcf86de 100644 --- a/roles/icinga2/tasks/install_on_Debian.yml +++ b/roles/icinga2/tasks/install_on_Debian.yml @@ -1,5 +1,6 @@ --- - name: Apt - install package icinga2 + become: true ansible.builtin.apt: pkg: "{{ icinga2_packages + icinga2_packages_dependencies }}" state: present diff --git a/roles/icinga2/tasks/install_on_RedHat.yml b/roles/icinga2/tasks/install_on_RedHat.yml index 42447ecf..63aaaf01 100644 --- a/roles/icinga2/tasks/install_on_RedHat.yml +++ b/roles/icinga2/tasks/install_on_RedHat.yml @@ -1,9 +1,11 @@ - name: Yum - install package icinga2 + become: true ansible.builtin.yum: name: "{{ icinga2_packages + icinga2_packages_dependencies }}" state: present - name: Yum - install package icinga2-selinux + become: true ansible.builtin.yum: name: icinga2-selinux state: present diff --git a/roles/icinga2/tasks/install_on_Suse.yml b/roles/icinga2/tasks/install_on_Suse.yml index 650a9735..3b9953a7 100644 --- a/roles/icinga2/tasks/install_on_Suse.yml +++ b/roles/icinga2/tasks/install_on_Suse.yml @@ -1,10 +1,12 @@ --- - name: Zypper - install package icinga2 + become: true community.general.zypper: name: "{{ icinga2_packages + icinga2_packages_dependencies }}" state: present - name: Zypper - install package icinga2-selinux + become: true community.general.zypper: name: icinga2-selinux state: present diff --git a/roles/icinga2/tasks/objects.yml b/roles/icinga2/tasks/objects.yml index 2eebb6e3..139b986d 100644 --- a/roles/icinga2/tasks/objects.yml +++ b/roles/icinga2/tasks/objects.yml @@ -15,6 +15,7 @@ - hostvars[inventory_hostname]['icinga2_objects'] is not mapping - name: collect all config objects in play vars + become: true set_fact: tmp_objects: "{{ tmp_objects| default([]) + lookup('list', icinga2_objects) }}" when: @@ -26,6 +27,7 @@ - icinga2_object: args: "{{ item }}" with_items: "{{ tmp_objects }}" + become: true when: tmp_objects is defined register: result @@ -43,6 +45,7 @@ loop: "{{ icinga2_custom_config }}" - name: prepare custom config paths + become: true file: state: directory owner: root @@ -52,6 +55,7 @@ loop: "{{ icinga2_custom_config }}" - name: add custom config to assemble + become: true ansible.builtin.copy: owner: root group: root diff --git a/roles/icinga2/tasks/service.yml b/roles/icinga2/tasks/service.yml index 769f6fa6..10d938d8 100644 --- a/roles/icinga2/tasks/service.yml +++ b/roles/icinga2/tasks/service.yml @@ -1,5 +1,6 @@ --- - name: "{{ icinga2_state }} service icinga2" + become: true service: name: icinga2 state: "{{ icinga2_state }}" diff --git a/roles/icingadb/handlers/main.yml b/roles/icingadb/handlers/main.yml index 2a8e27ae..d2b8ee3a 100644 --- a/roles/icingadb/handlers/main.yml +++ b/roles/icingadb/handlers/main.yml @@ -1,4 +1,5 @@ - name: icingadb-restart + become: true ansible.builtin.service: name: "{{ icingadb_service_name }}" state: restarted diff --git a/roles/icingadb/tasks/install_on_debian.yml b/roles/icingadb/tasks/install_on_debian.yml index 6bd9ac7c..3c57ee91 100644 --- a/roles/icingadb/tasks/install_on_debian.yml +++ b/roles/icingadb/tasks/install_on_debian.yml @@ -1,4 +1,5 @@ - name: Debian - Install IcingaDB packages + become: true ansible.builtin.apt: name: "{{ icingadb_packages }}" state: present diff --git a/roles/icingadb/tasks/manage_config.yml b/roles/icingadb/tasks/manage_config.yml index 0850978e..4c8a9f57 100644 --- a/roles/icingadb/tasks/manage_config.yml +++ b/roles/icingadb/tasks/manage_config.yml @@ -1,5 +1,6 @@ --- - name: Write configuration to /etc/icingadb/config.yml + become: true ansible.builtin.template: src: icingadb.ini.j2 dest: "{{ icingadb_config_dir }}/config.yml" diff --git a/roles/icingadb/tasks/manage_schema_pgsql.yml b/roles/icingadb/tasks/manage_schema_pgsql.yml index 4cf908d0..ed915a31 100644 --- a/roles/icingadb/tasks/manage_schema_pgsql.yml +++ b/roles/icingadb/tasks/manage_schema_pgsql.yml @@ -17,6 +17,7 @@ {% if icingadb_database_ssl_extra_options is defined %} {{ icingadb_database_ssl_extra_options }} {%- endif %}" - name: PgSQL check for IcingaDB schema + become: true ansible.builtin.shell: > {{ _tmp_pgsqlcmd }} -w -c "select version from icingadb_schema" @@ -26,6 +27,7 @@ register: _db_schema - name: PgSQL import IcingaDB schema + become: true ansible.builtin.shell: > {{ _tmp_pgsqlcmd }} -w -f {{ icingadb_database_schema }} diff --git a/roles/icingadb/tasks/manage_service.yml b/roles/icingadb/tasks/manage_service.yml index a6ece8f9..e77ddab2 100644 --- a/roles/icingadb/tasks/manage_service.yml +++ b/roles/icingadb/tasks/manage_service.yml @@ -1,5 +1,6 @@ --- - name: Ensure IcingaDB Service is running + become: true ansible.builtin.service: state: started enabled: yes diff --git a/roles/icingadb_redis/handlers/main.yml b/roles/icingadb_redis/handlers/main.yml index 92dfe252..30cb6aba 100644 --- a/roles/icingadb_redis/handlers/main.yml +++ b/roles/icingadb_redis/handlers/main.yml @@ -1,5 +1,6 @@ --- - name: icingadb-redis-restart + become: true ansible.builtin.service: name: "{{ icingadb_redis_service_name }}" state: restarted diff --git a/roles/icingadb_redis/tasks/install_on_debian.yml b/roles/icingadb_redis/tasks/install_on_debian.yml index 6257666d..4df6c871 100644 --- a/roles/icingadb_redis/tasks/install_on_debian.yml +++ b/roles/icingadb_redis/tasks/install_on_debian.yml @@ -1,10 +1,12 @@ --- - name: Debian - Install IcingaDB Redis packages + become: true ansible.builtin.apt: name: "{{ icingadb_redis_packages }}" state: present - name: Debian - Ensure log directory exists + become: true when: - icingadb_redis_logfile != "" ansible.builtin.file: diff --git a/roles/icingadb_redis/tasks/install_on_redhat.yml b/roles/icingadb_redis/tasks/install_on_redhat.yml index 9e15b824..e33374b1 100644 --- a/roles/icingadb_redis/tasks/install_on_redhat.yml +++ b/roles/icingadb_redis/tasks/install_on_redhat.yml @@ -1,10 +1,12 @@ --- - name: RedHat - install icingadb packages + become: true ansible.builtin.yum: name: "{{ icingadb_redis_packages }}" state: present - name: RedHat - Ensure log directory exists + become: true when: - icingadb_redis_logfile != "" ansible.builtin.file: diff --git a/roles/icingadb_redis/tasks/manage_config.yml b/roles/icingadb_redis/tasks/manage_config.yml index 3e5a9006..9117f82f 100644 --- a/roles/icingadb_redis/tasks/manage_config.yml +++ b/roles/icingadb_redis/tasks/manage_config.yml @@ -1,5 +1,6 @@ --- - name: Write configuration to /etc/icinga-redis/icinga-redis.conf + become: true ansible.builtin.template: src: icingadb-redis.conf.j2 dest: "{{ icingadb_redis_config_dir }}/icingadb-redis.conf" diff --git a/roles/icingadb_redis/tasks/manage_service.yml b/roles/icingadb_redis/tasks/manage_service.yml index 44fe9719..c4ddf855 100644 --- a/roles/icingadb_redis/tasks/manage_service.yml +++ b/roles/icingadb_redis/tasks/manage_service.yml @@ -1,5 +1,6 @@ --- - name: Ensure IcingaDB Redis Service is running + become: true ansible.builtin.service: state: started enabled: yes diff --git a/roles/icingaweb2/tasks/install_on_debian.yml b/roles/icingaweb2/tasks/install_on_debian.yml index 7b500e9a..e0283b17 100644 --- a/roles/icingaweb2/tasks/install_on_debian.yml +++ b/roles/icingaweb2/tasks/install_on_debian.yml @@ -1,5 +1,6 @@ --- - name: Debian - Install Icinga Web 2 packages + become: true ansible.builtin.apt: name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}" state: present diff --git a/roles/icingaweb2/tasks/install_on_redhat.yml b/roles/icingaweb2/tasks/install_on_redhat.yml index e0ca4eda..9012412f 100644 --- a/roles/icingaweb2/tasks/install_on_redhat.yml +++ b/roles/icingaweb2/tasks/install_on_redhat.yml @@ -1,5 +1,6 @@ --- - name: RedHat - Install Icinga Web 2 packages + become: true ansible.builtin.yum: name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}" state: present diff --git a/roles/icingaweb2/tasks/main.yml b/roles/icingaweb2/tasks/main.yml index 9dd1ab00..89e6a6f5 100644 --- a/roles/icingaweb2/tasks/main.yml +++ b/roles/icingaweb2/tasks/main.yml @@ -67,6 +67,7 @@ # Many daemons fail before e.g. the resource is set up or the schema hasn't been migrated. This is a workaround. - name: Manage enabled module daemons + become: true ansible.builtin.service: name: "icinga-{{ item.key }}" state: restarted diff --git a/roles/icingaweb2/tasks/manage_icingaweb_config.yml b/roles/icingaweb2/tasks/manage_icingaweb_config.yml index 6a924df4..adab2ea9 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_config.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_config.yml @@ -1,4 +1,5 @@ - name: Set permissions on icingaweb config + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_config_dir }}" @@ -7,6 +8,7 @@ mode: "2770" - name: Set permissions on enabledModules + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_config_dir }}/enabledModules" @@ -15,6 +17,7 @@ mode: "2770" - name: Set permissions on modules + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_config_dir }}/modules" @@ -23,6 +26,7 @@ mode: "2770" - name: Ensure fragments exists + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_fragments_path }}/{{ item }}" @@ -34,6 +38,7 @@ - roles - name: Create icingaweb2 config files + become: true ansible.builtin.template: src: "modules_config.ini.j2" dest: "{{ icingaweb2_config_dir }}/{{ item }}.ini" @@ -70,6 +75,7 @@ when: icingaweb2_db is defined or icingaweb2_resources is defined block: - name: Manage icingaweb_db resource config + become: true ansible.builtin.template: src: modules_config.ini.j2 dest: "{{ icingaweb2_fragments_path }}/resources/resources_01" @@ -83,6 +89,7 @@ when: icingaweb2_resources is defined - name: Manage Resources + become: true ansible.builtin.template: src: modules_config.ini.j2 dest: "{{ icingaweb2_fragments_path }}/resources/resources_02" @@ -103,6 +110,7 @@ - "*" - name: Manage icingaweb2_admin privileges + become: true ansible.builtin.template: src: modules_config.ini.j2 dest: "{{ icingaweb2_fragments_path }}/roles/roles_01" @@ -116,6 +124,7 @@ when: icingaweb2_roles is defined - name: Manage icingaweb2_admin privileges + become: true ansible.builtin.template: src: modules_config.ini.j2 dest: "{{ icingaweb2_fragments_path }}/roles/roles_02" @@ -125,6 +134,7 @@ - name: Assemble configuration files + become: true ansible.builtin.assemble: dest: "{{ icingaweb2_config_dir }}/{{ item }}.ini" src: "{{ icingaweb2_fragments_path }}/{{ item }}" diff --git a/roles/icingaweb2/tasks/manage_icingaweb_mysql_db.yml b/roles/icingaweb2/tasks/manage_icingaweb_mysql_db.yml index 89d992c4..0950032d 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_mysql_db.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_mysql_db.yml @@ -32,6 +32,7 @@ "{{ icingaweb2_db['name'] }}" - name: MySQL check for icingaweb db schema + become: true ansible.builtin.shell: > {{ _tmp_mysqlcmd }} -Ns -e "select * from icingaweb_user" @@ -41,6 +42,7 @@ register: _icingaweb2_db_schema - name: MySQL import icingaweb db schema + become: true ansible.builtin.shell: > {{ _tmp_mysqlcmd }} < /usr/share/icingaweb2/schema/mysql.schema.sql @@ -51,6 +53,7 @@ - name: Ensure Icinga Web User block: - name: MySQL check for icingaweb db schema + become: true ansible.builtin.shell: > {{ _tmp_mysqlcmd }} -Ns -e "select name from icingaweb_user where name like '{{ icingaweb2_admin_username }}'" @@ -60,6 +63,7 @@ register: _icingaweb2_db_user - name: Ensure admin user exists + become: true ansible.builtin.shell: >- echo "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ icingaweb2_admin_username }}', 1, '"`php -r 'echo password_hash("{{ icingaweb2_admin_password }}", PASSWORD_DEFAULT);'`"')" | {{ _tmp_mysqlcmd }} -Ns diff --git a/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml b/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml index 9a76a318..4a18d2e8 100644 --- a/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml +++ b/roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml @@ -25,6 +25,7 @@ {% if icingaweb2_db['ssl_extra_options'] is defined %} {{ icingaweb2_db['ssl_extra_options'] }} {%- endif %}" - name: PostgreSQL check for icingaweb db schema + become: true ansible.builtin.shell: > {{ _tmp_pgsqlcmd }} -w -c "select * from icingaweb_user" @@ -34,6 +35,7 @@ register: _icingaweb2_db_schema - name: PostgreSQL import icingaweb db schema + become: true ansible.builtin.shell: > {{ _tmp_pgsqlcmd }} -w -f /usr/share/icingaweb2/schema/pgsql.schema.sql @@ -44,6 +46,7 @@ - name: Ensure Icinga Web User block: - name: PostgreSQL check for icingaweb admin user + become: true ansible.builtin.shell: > LANG=C {{ _tmp_pgsqlcmd }} @@ -54,6 +57,7 @@ register: _icingaweb2_db_user - name: Ensure admin user exists + become: true ansible.builtin.shell: >- echo "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ icingaweb2_admin_username }}', 1, '"`php -r 'echo password_hash("{{ icingaweb2_admin_password }}", PASSWORD_DEFAULT);'`"')" | {{ _tmp_pgsqlcmd }} -w diff --git a/roles/icingaweb2/tasks/manage_mysql_imports.yml b/roles/icingaweb2/tasks/manage_mysql_imports.yml index 14a9f9e2..0db3abd1 100644 --- a/roles/icingaweb2/tasks/manage_mysql_imports.yml +++ b/roles/icingaweb2/tasks/manage_mysql_imports.yml @@ -22,6 +22,7 @@ "{{ _db['name'] }}" - name: MySQL check for db schema + become: true ansible.builtin.shell: > {{ _tmp_mysqlcmd }} -Ns -e "{{ _db['select_query'] }}" @@ -31,6 +32,7 @@ register: _db_schema - name: MySQL import db schema + become: true ansible.builtin.shell: > {{ _tmp_mysqlcmd }} < {{ _db['schema_path_mysql'] }} diff --git a/roles/icingaweb2/tasks/modules/businessprocess.yml b/roles/icingaweb2/tasks/modules/businessprocess.yml index 908a380c..9c7395ee 100644 --- a/roles/icingaweb2/tasks/modules/businessprocess.yml +++ b/roles/icingaweb2/tasks/modules/businessprocess.yml @@ -1,4 +1,5 @@ - name: Module Icinga Business Process Modeling | Ensure config directory + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_modules_config_dir }}/{{ item.key }}" @@ -7,14 +8,16 @@ mode: "2770" - name: Module Icinga Business Process Modeling | Ensure processes directory + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_modules_config_dir }}/{{ item.key }}/processes" owner: "{{ icingaweb2_httpd_user }}" group: "{{ icingaweb2_group }}" mode: "2770" - + - name: Module Icinga Business Process Modeling | Copy Process + become: true ansible.builtin.copy: owner: "{{ icingaweb2_httpd_user }}" group: "{{ icingaweb2_group }}" diff --git a/roles/icingaweb2/tasks/modules/director.yml b/roles/icingaweb2/tasks/modules/director.yml index 640a38c1..22d5afdc 100644 --- a/roles/icingaweb2/tasks/modules/director.yml +++ b/roles/icingaweb2/tasks/modules/director.yml @@ -1,5 +1,6 @@ --- - name: Module Director | Ensure config directory + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_modules_config_dir }}/director" @@ -20,6 +21,7 @@ - config - name: Module Director | Check for pending migrations # noqa: command-instead-of-shell + become: true ansible.builtin.shell: cmd: icingacli director migration pending register: _pending @@ -28,11 +30,13 @@ when: icingaweb2_modules['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and icingaweb2_modules['director']['config'] is defined - name: Module Director | Apply pending migrations # noqa: command-instead-of-shell + become: true ansible.builtin.shell: cmd: icingacli director migration run when: icingaweb2_modules['director']['import_schema'] is defined and icingaweb2_modules.director.import_schema and icingaweb2_modules['director']['config'] is defined and _pending.rc|int == 0 - name: Module Director | Check if kickstart is required # noqa: command-instead-of-shell + become: true ansible.builtin.shell: cmd: icingacli director kickstart required register: _required @@ -41,6 +45,7 @@ when: icingaweb2_modules['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and icingaweb2_modules['director']['kickstart'] is defined - name: Module Director | Run kickstart if required # noqa: command-instead-of-shell + become: true ansible.builtin.shell: cmd: icingacli director kickstart run when: icingaweb2_modules['director']['run_kickstart'] is defined and icingaweb2_modules.director.run_kickstart and icingaweb2_modules['director']['kickstart'] is defined and _required.rc|int == 0 @@ -49,6 +54,7 @@ when: icingaweb2_modules['director']['source'] == 'git' block: - name: Module Director | Ensure daemon user exists + become: true ansible.builtin.user: name: icingadirector state: present @@ -58,6 +64,7 @@ group: "{{ icingaweb2_group }}" - name: Module Director | Ensure home directory exists + become: true ansible.builtin.file: state: directory dest: /var/lib/icingadirector @@ -66,6 +73,7 @@ mode: "0750" - name: Module Director | Ensure systemd unit file exists + become: true ansible.builtin.copy: src: "{{ icingaweb2_config.global.module_path }}/director/contrib/systemd/icinga-director.service" dest: /etc/systemd/system/icingadirector.service diff --git a/roles/icingaweb2/tasks/modules/icingadb.yml b/roles/icingaweb2/tasks/modules/icingadb.yml index 61b03d3c..04501e92 100644 --- a/roles/icingaweb2/tasks/modules/icingadb.yml +++ b/roles/icingaweb2/tasks/modules/icingadb.yml @@ -1,4 +1,5 @@ - name: Module IcingaDB | Ensure config directory + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_modules_config_dir }}/icingadb" @@ -7,6 +8,7 @@ mode: "2770" - name: Module IcingaDB | Manage config files + become: true ansible.builtin.include_tasks: manage_module_config.yml loop: "{{ _files }}" loop_control: diff --git a/roles/icingaweb2/tasks/modules/manage_module_config.yml b/roles/icingaweb2/tasks/modules/manage_module_config.yml index 1570d52e..3b0914d2 100644 --- a/roles/icingaweb2/tasks/modules/manage_module_config.yml +++ b/roles/icingaweb2/tasks/modules/manage_module_config.yml @@ -3,6 +3,7 @@ _i2_config_hash: "{{ lookup('list', icingaweb2_modules[_module][_file]) }}" - name: Module {{ _module }} | Write config file {{ _file }}.ini + become: true ansible.builtin.template: src: "modules_config.ini.j2" dest: "{{ icingaweb2_modules_config_dir }}/{{ _module }}/{{ _file }}.ini" diff --git a/roles/icingaweb2/tasks/modules/monitoring.yml b/roles/icingaweb2/tasks/modules/monitoring.yml index afc3df69..fc55e4b4 100644 --- a/roles/icingaweb2/tasks/modules/monitoring.yml +++ b/roles/icingaweb2/tasks/modules/monitoring.yml @@ -1,4 +1,5 @@ - name: Module Monitoring | Ensure config directory + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_modules_config_dir }}/monitoring" diff --git a/roles/icingaweb2/tasks/modules/x509.yml b/roles/icingaweb2/tasks/modules/x509.yml index 544f0fc3..8c9eaa0f 100644 --- a/roles/icingaweb2/tasks/modules/x509.yml +++ b/roles/icingaweb2/tasks/modules/x509.yml @@ -1,4 +1,5 @@ - name: Module x509 | Ensure config directory + become: true ansible.builtin.file: state: directory dest: "{{ icingaweb2_modules_config_dir }}/{{ _module }}" @@ -67,6 +68,7 @@ _db: {} - name: Module x509 | Import Certificates + become: true ansible.builtin.shell: > icingacli {{ _module }} import --file {{ _file }} loop: "{{ icingaweb2_modules[_module]['certificate_files'] }}" diff --git a/roles/monitoring_plugins/tasks/install_on_Debian.yml b/roles/monitoring_plugins/tasks/install_on_Debian.yml index c3bf10fb..4ed26608 100644 --- a/roles/monitoring_plugins/tasks/install_on_Debian.yml +++ b/roles/monitoring_plugins/tasks/install_on_Debian.yml @@ -1,7 +1,7 @@ --- - name: Apt - install requested packages - become: yes + become: true apt: state: present name: "{{ needed_packages }}" @@ -13,7 +13,7 @@ - needed_packages - name: Apt - remove non-requested packages - become: yes + become: true apt: state: absent name: "{{ (unwanted_packages | difference(['monitoring-plugins-common', 'monitoring-plugins-basic'])) if icinga_monitoring_plugins_check_commands else unwanted_packages }}" diff --git a/roles/monitoring_plugins/tasks/install_on_RedHat.yml b/roles/monitoring_plugins/tasks/install_on_RedHat.yml index 95a6b9d9..f8019267 100644 --- a/roles/monitoring_plugins/tasks/install_on_RedHat.yml +++ b/roles/monitoring_plugins/tasks/install_on_RedHat.yml @@ -1,12 +1,13 @@ --- - name: Activate epel repository + become: true ansible.builtin.yum: name: epel-release state: present when: icinga_monitoring_plugins_epel|bool - name: Yum - install requested packages - become: yes + become: true yum: state: present name: "{{ needed_packages }}" @@ -17,7 +18,7 @@ - needed_packages - name: Dnf - install requested packages - become: yes + become: true dnf: state: present name: "{{ needed_packages }}" @@ -29,7 +30,7 @@ - needed_packages - name: Yum - remove non-requested packages - become: yes + become: true yum: state: absent name: "{{ (unwanted_packages | difference(['nagios-plugins'])) if icinga_monitoring_plugins_check_commands else unwanted_packages }}" diff --git a/roles/monitoring_plugins/tasks/install_on_Suse.yml b/roles/monitoring_plugins/tasks/install_on_Suse.yml index 56d9d3aa..faed3abe 100644 --- a/roles/monitoring_plugins/tasks/install_on_Suse.yml +++ b/roles/monitoring_plugins/tasks/install_on_Suse.yml @@ -1,7 +1,7 @@ --- - name: Zypper - install requested packages - become: yes + become: true community.general.zypper: state: present name: "{{ needed_packages }}" @@ -13,7 +13,7 @@ - needed_packages - name: Zypper - remove non-requested packages - become: yes + become: true community.general.zypper: state: absent name: "{{ (unwanted_packages | difference(['monitoring-plugins-common'])) if icinga_monitoring_plugins_check_commands else unwanted_packages }}" diff --git a/roles/repos/defaults/main.yml b/roles/repos/defaults/main.yml index 24fc28ab..852c137d 100644 --- a/roles/repos/defaults/main.yml +++ b/roles/repos/defaults/main.yml @@ -10,11 +10,6 @@ icinga_repo_yum_snapshot_url: "http://packages.icinga.com/epel/$releasever/snaps icinga_repo_yum_snapshot_key: "{{ icinga_repo_gpgkey }}" icinga_repo_yum_snapshot_description: "ICINGA (snapshot release for epel)" -icinga_repo_zypper_key: "{{ icinga_repo_gpgkey }}" -icinga_repo_zypper_stable_url: "https://packages.icinga.com/openSUSE/$releasever/release/" -#icinga_repo_zypper_testing_url: "" -icinga_repo_zypper_snapshot_url: "https://packages.icinga.com/openSUSE/$releasever/snapshot/" - icinga_repo_apt_key: "{{ icinga_repo_gpgkey }}" icinga_repo_apt_keyring: /etc/apt/keyrings/icinga-archive-keyring.asc icinga_repo_apt_stable_deb: "deb [signed-by={{ icinga_repo_apt_keyring }}] http://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release|lower }} main" diff --git a/roles/repos/tasks/Debian.yml b/roles/repos/tasks/Debian.yml index b8ddb526..d292427c 100644 --- a/roles/repos/tasks/Debian.yml +++ b/roles/repos/tasks/Debian.yml @@ -1,5 +1,6 @@ --- - name: Apt - ensure apt keyrings directory + become: true ansible.builtin.file: state: directory path: /etc/apt/keyrings @@ -8,6 +9,7 @@ mode: '0755' - name: Apt - add repository key + become: true ansible.builtin.get_url: url: "{{ icinga_repo_apt_key }}" dest: "{{ icinga_repo_apt_keyring }}" @@ -17,19 +19,19 @@ force: true - name: Apt - add Icinga repository (stable) - become: yes + become: true apt_repository: filename: /etc/apt/sources.list.d/icinga repo: "{{ icinga_repo_apt_stable_deb }}" state: "{{ 'present' if icinga_repo_stable else 'absent' }}" - name: Apt - add Icinga repository (testing) - become: yes + become: true apt_repository: filename: /etc/apt/sources.list.d/icinga repo: "{{ icinga_repo_apt_testing_deb }}" state: "{{ 'present' if icinga_repo_testing else 'absent' }}" - name: Apt - add Icinga repository (snapshot) - become: yes + become: true apt_repository: filename: /etc/apt/sources.list.d/icinga repo: "{{ icinga_repo_apt_snapshot_deb }}"