add become to tasks and handlers

changelogs/fix_running_non_root_with_become.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - Added become to tasks and handlers to be able to connect as non root user.

doc/role-monitoring_plugins/role-monitoring_plugins.md

@@ -73,7 +73,7 @@ Install check commands
 
 - hosts:
     - host1
-  become: yes
+  become: true
   vars:
     icinga_monitoring_plugins_epel: true
     icinga_monitoring_plugins_crb: true
@@ -96,7 +96,7 @@ Remove all check commands known to this role. Also remove unneeded dependencies.
 
 - hosts:
     - host1
-  become: yes
+  become: true
   vars:
     icinga_monitoring_plugins_autoremove: true
     icinga_monitoring_plugins_check_commands: []

molecule/local-default-pgsql/prepare.yml

@@ -1,7 +1,7 @@
 ---
 - name: Prepare
   hosts: all
-  become: yes
+  become: true
   tasks:
     - name: Install requirements for Debian
       apt:

molecule/local-default/prepare.yml

@@ -1,7 +1,7 @@
 ---
 - name: Prepare
   hosts: all
-  become: yes
+  become: true
   tasks:
     - name: Install requirements for Debian
       apt:

roles/icinga2/handlers/main.yml

@@ -1,10 +1,12 @@
 ---
 - name: restart icinga2 service
+  become: true
   service:
     name: icinga2
     state: restarted
 
 - name: reload icinga2 service
+  become: true
   service:
     name: icinga2
     state: reloaded

roles/icinga2/tasks/configure.yml

@@ -5,6 +5,7 @@
   with_items: "{{ icinga2_features }}"
 
 - name: main config file {{ icinga2_config_path + '/icinga2.conf' }}
+  become: true
   template:
     src: icinga2.conf.j2
     dest: "{{ icinga2_config_path + '/icinga2.conf' }}"
@@ -17,6 +18,7 @@
     icinga2_combined_constants: "{{ icinga2_default_constants | combine(icinga2_constants) }}"
 
 - name: set constants in {{ icinga2_config_path + '/constants.conf' }}
+  become: true
   ansible.builtin.template:
     src: constants.conf.j2
     dest: "{{ icinga2_config_path + '/constants.conf' }}"
@@ -31,6 +33,7 @@
   include_tasks: objects.yml
 
 - name: ensure monitoring config directories
+  become: true
   ansible.builtin.file:
     path: "{{ icinga2_config_path }}/{{ item }}"
     state: directory
@@ -49,13 +52,15 @@
     #- item.split('/')[0] in icinga2_local_config or item.split('/')[0] == 'zones.d'
 
 - name: collect config fragments
+  become: true
   find:
     path: "{{ icinga2_fragments_path }}"
     recurse: yes
     file_type: file
   register: result_frag
 
 - name: cleanup config files
+  become: true
   file:
     state: absent
     dest: "{{ item.path }}"
@@ -65,19 +70,22 @@
     - item.path not in _icinga2_custom_conf_paths
 
 - name: collect empty config dirs
+  become: true
   shell: >-
     find {{ icinga2_fragments_path }} -mindepth 1 -type d -empty
   register: _empty_result
   check_mode: false
   changed_when: _empty_result.stdout_lines |length > 0
 
 - name: remove empty config dirs
+  become: true
   file:
     state: absent
     path: "{{ item }}"
   loop: "{{ _empty_result.stdout_lines }}"
 
 - name: collect config files
+  become: true
   find:
     path: "{{ icinga2_fragments_path }}"
     recurse: yes
@@ -86,6 +94,7 @@
   register: result
 
 - name: assemble config files
+  become: true
   ansible.builtin.assemble:
     src: "{{ item.path }}"
     dest: "{{ item.path |regex_replace('^'+icinga2_fragments_path, '/etc/icinga2') }}"
@@ -97,6 +106,7 @@
   notify: reload icinga2 service
 
 - name: enable features
+  become: true
   file:
     state: "{{ 'link' if (item.state is undefined or item.state != 'absent') else 'absent' }}"
     path: "{{ '/etc/icinga2/features-enabled/' + icinga2_feature_realname[item.name]|default(item.name) + '.conf' }}"
@@ -105,6 +115,7 @@
   notify: reload icinga2 service
 
 - name: remove empty config files
+  become: true
   ansible.builtin.file:
     state: absent
     path: "{{ item |regex_replace('^'+icinga2_fragments_path, '/etc/icinga2') }}"

roles/icinga2/tasks/features.yml

@@ -1,6 +1,7 @@
 ---
 
 - name: collect all files in {{ icinga2_config_path + '/features-enabled' }}
+  become: true
   find:
     paths: "{{ icinga2_config_path + '/features-enabled' }}"
     patterns: '*.conf'
@@ -15,6 +16,7 @@
   when: icinga2_purge_features
 
 - name: purge features
+  become: true
   file:
     state: absent
     path: "{{ '/etc/icinga2/features-enabled/' + icinga2_feature_realname[item]|default(item) + '.conf' }}"

roles/icinga2/tasks/features/idomysql.yml

@@ -5,6 +5,7 @@
     icinga2_import_schema: "{{ icinga2_dict_features.idomysql.import_schema| default(False) }}"
 
 - name: feature idomysql IdoMysqlConnection object
+  become: true
   icinga2_object:
     name: ido-mysql
     type: IdoMysqlConnection
@@ -38,6 +39,7 @@
           "{{ icinga2_dict_features.idomysql.database | default('icinga2') }}"
 
     - name: MySQL check for IDO schema
+      become: true
       shell: >
         {{ mysqlcmd }}
         -Ns -e "select version from icinga_dbversion"
@@ -47,6 +49,7 @@
       register: db_schema
 
     - name: MySQL import IDO schema
+      become: true
       shell: >
         {{ mysqlcmd }}
         < /usr/share/icinga2-ido-mysql/schema/mysql.sql

roles/icinga2/tasks/features/idomysql/install_on_Debian.yml

@@ -1,6 +1,7 @@
 ---
 
 - name: directory dbconfig-common
+  become: true
   file:
     state: directory
     path: /etc/dbconfig-common
@@ -9,6 +10,7 @@
     mode: 0755
 
 - name: DBconfig for IDO MySQL
+  become: true
   copy:
     dest: /etc/dbconfig-common/icinga2-ido-mysql.conf
     content: |
@@ -20,6 +22,7 @@
     mode: 0600
 
 - name: Apt - install package icinga2-ido-mysql
+  become: true
   apt:
     name: icinga2-ido-mysql
     state: present

roles/icinga2/tasks/install.yml

@@ -9,6 +9,7 @@
         msg: "The OS {{ ansible_os_family }} is not supported!"
 
 - name: Prepare fragments path
+  become: true
   ansible.builtin.file:
     state: directory
     path: "{{ icinga2_fragments_path }}"

roles/icinga2/tasks/install_on_Debian.yml

@@ -1,5 +1,6 @@
 ---
 - name: Apt - install package icinga2
+  become: true
   ansible.builtin.apt:
     pkg: "{{ icinga2_packages + icinga2_packages_dependencies }}"
     state: present

roles/icinga2/tasks/install_on_RedHat.yml

@@ -1,9 +1,11 @@
 - name: Yum - install package icinga2
+  become: true
   ansible.builtin.yum:
     name: "{{ icinga2_packages + icinga2_packages_dependencies }}"
     state: present
 
 - name: Yum - install package icinga2-selinux
+  become: true
   ansible.builtin.yum:
     name: icinga2-selinux
     state: present

roles/icinga2/tasks/install_on_Suse.yml

@@ -1,10 +1,12 @@
 ---
 - name: Zypper - install package icinga2
+  become: true
   community.general.zypper:
     name: "{{ icinga2_packages + icinga2_packages_dependencies }}"
     state: present
 
 - name: Zypper - install package icinga2-selinux
+  become: true
   community.general.zypper:
     name: icinga2-selinux
     state: present

roles/icinga2/tasks/objects.yml

@@ -15,6 +15,7 @@
     - hostvars[inventory_hostname]['icinga2_objects'] is not mapping
 
 - name: collect all config objects in play vars
+  become: true
   set_fact:
     tmp_objects: "{{ tmp_objects| default([]) + lookup('list', icinga2_objects) }}"
   when:
@@ -26,6 +27,7 @@
 - icinga2_object:
     args: "{{ item }}"
   with_items: "{{ tmp_objects }}"
+  become: true
   when: tmp_objects is defined
   register: result
 
@@ -43,6 +45,7 @@
       loop: "{{ icinga2_custom_config }}"
 
     - name: prepare custom config paths
+      become: true
       file:
         state: directory
         owner: root
@@ -52,6 +55,7 @@
       loop: "{{ icinga2_custom_config }}"
 
     - name: add custom config to assemble
+      become: true
       ansible.builtin.copy:
         owner: root
         group: root

roles/icinga2/tasks/service.yml

@@ -1,5 +1,6 @@
 ---
 - name: "{{ icinga2_state }} service icinga2"
+  become: true
   service:
     name: icinga2
     state: "{{ icinga2_state }}"

roles/icingadb/handlers/main.yml

@@ -1,4 +1,5 @@
 - name: icingadb-restart
+  become: true
   ansible.builtin.service:
     name: "{{ icingadb_service_name }}"
     state: restarted

roles/icingadb/tasks/install_on_debian.yml

@@ -1,4 +1,5 @@
 - name: Debian - Install IcingaDB packages
+  become: true
   ansible.builtin.apt:
     name: "{{ icingadb_packages }}"
     state: present

roles/icingadb/tasks/manage_config.yml

@@ -1,5 +1,6 @@
 ---
 - name: Write configuration to /etc/icingadb/config.yml
+  become: true
   ansible.builtin.template:
     src: icingadb.ini.j2
     dest: "{{ icingadb_config_dir }}/config.yml"

roles/icingadb/tasks/manage_schema_pgsql.yml

@@ -17,6 +17,7 @@
           {% if icingadb_database_ssl_extra_options is defined %} {{ icingadb_database_ssl_extra_options }} {%- endif %}"
 
     - name: PgSQL check for IcingaDB schema
+      become: true
       ansible.builtin.shell: >
         {{ _tmp_pgsqlcmd }}
         -w -c "select version from icingadb_schema"
@@ -26,6 +27,7 @@
       register: _db_schema
 
     - name: PgSQL import IcingaDB schema
+      become: true
       ansible.builtin.shell: >
         {{ _tmp_pgsqlcmd }}
         -w -f {{ icingadb_database_schema }}

roles/icingadb/tasks/manage_service.yml

@@ -1,5 +1,6 @@
 ---
 - name: Ensure IcingaDB Service is running
+  become: true
   ansible.builtin.service:
     state: started
     enabled: yes

roles/icingadb_redis/handlers/main.yml

@@ -1,5 +1,6 @@
 ---
 - name: icingadb-redis-restart
+  become: true
   ansible.builtin.service:
     name: "{{ icingadb_redis_service_name }}"
     state: restarted

roles/icingadb_redis/tasks/install_on_debian.yml

@@ -1,10 +1,12 @@
 ---
 - name: Debian - Install IcingaDB Redis packages
+  become: true
   ansible.builtin.apt:
     name: "{{ icingadb_redis_packages }}"
     state: present
 
 - name: Debian - Ensure log directory exists
+  become: true
   when:
     - icingadb_redis_logfile != ""
   ansible.builtin.file:

roles/icingadb_redis/tasks/install_on_redhat.yml

@@ -1,10 +1,12 @@
 ---
 - name: RedHat - install icingadb packages
+  become: true
   ansible.builtin.yum:
     name: "{{ icingadb_redis_packages }}"
     state: present
 
 - name: RedHat - Ensure log directory exists
+  become: true
   when:
     - icingadb_redis_logfile != ""
   ansible.builtin.file:

roles/icingadb_redis/tasks/manage_config.yml

@@ -1,5 +1,6 @@
 ---
 - name: Write configuration to /etc/icinga-redis/icinga-redis.conf
+  become: true
   ansible.builtin.template:
     src: icingadb-redis.conf.j2
     dest: "{{ icingadb_redis_config_dir }}/icingadb-redis.conf"

roles/icingadb_redis/tasks/manage_service.yml

@@ -1,5 +1,6 @@
 ---
 - name: Ensure IcingaDB Redis Service is running
+  become: true
   ansible.builtin.service:
     state: started
     enabled: yes

roles/icingaweb2/tasks/install_on_debian.yml

@@ -1,5 +1,6 @@
 ---
 - name: Debian - Install Icinga Web 2 packages
+  become: true
   ansible.builtin.apt:
     name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}"
     state: present

roles/icingaweb2/tasks/install_on_redhat.yml

@@ -1,5 +1,6 @@
 ---
 - name: RedHat - Install Icinga Web 2 packages
+  become: true
   ansible.builtin.yum:
     name: "{{ icingaweb2_packages + icingaweb2_packages_dependencies }}"
     state: present

roles/icingaweb2/tasks/main.yml

@@ -67,6 +67,7 @@
 
 # Many daemons fail before e.g. the resource is set up or the schema hasn't been migrated. This is a workaround.
 - name: Manage enabled module daemons
+  become: true
   ansible.builtin.service:
     name: "icinga-{{ item.key }}"
     state: restarted