From f39f8a6d552ee06fd232a5dade7ea84e38042dc0 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:35:24 +0100 Subject: [PATCH 01/36] (feat): add audit module to defaults, add patching of audit module --- defaults/main.yml | 2 + ...aweb2-module-audit-remote-ip-logging.patch | 67 +++++++++++++++++++ tasks/installation.yml | 8 +++ 3 files changed, 77 insertions(+) create mode 100644 files/0001-icingaweb2-module-audit-remote-ip-logging.patch diff --git a/defaults/main.yml b/defaults/main.yml index 5c47b93..c7d1fe9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -102,6 +102,8 @@ icinga2_web_modules: [] # version: v0.7.0 #- name: director # version: v1.7.2 + #- name: audit + # version: v1.0.2 # Icingaweb2 LDAP authentication # For further information, consult the official icingaweb2 documentation at diff --git a/files/0001-icingaweb2-module-audit-remote-ip-logging.patch b/files/0001-icingaweb2-module-audit-remote-ip-logging.patch new file mode 100644 index 0000000..88385b5 --- /dev/null +++ b/files/0001-icingaweb2-module-audit-remote-ip-logging.patch @@ -0,0 +1,67 @@ +From 3bf6f47910834e4ddd9c7fb4bf085daed5ab515a Mon Sep 17 00:00:00 2001 +From: airbone95 +Date: Mon, 25 May 2020 08:37:14 +0200 +Subject: [PATCH] added ip-logging + +--- + application/controllers/LogController.php | 1 + + application/views/scripts/log/index.phtml | 3 +++ + library/Audit/ProvidedHook/AuditLog.php | 3 ++- + library/Audit/ProvidedHook/AuditStream.php | 3 ++- + 4 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/application/controllers/LogController.php b/application/controllers/LogController.php +index cc0d110..d0d2c4d 100644 +--- a/application/controllers/LogController.php ++++ b/application/controllers/LogController.php +@@ -36,6 +36,7 @@ public function indexAction() + 'fields' => '/(?[0-9]{4}(?:-[0-9]{2}){2}' // date + . 'T[0-9]{2}(?::[0-9]{2}){2}(?:[\+\-][0-9]{2}:[0-9]{2})?)' // time ++ . ' - (?.+)' // remoteip + . ' - (?.+)' // identity + . ' - (?.+)' // type + . ' - (?.+)' // message +diff --git a/application/views/scripts/log/index.phtml b/application/views/scripts/log/index.phtml +index 79b9239..80140a7 100644 +--- a/application/views/scripts/log/index.phtml ++++ b/application/views/scripts/log/index.phtml +@@ -19,6 +19,9 @@ +
+ escape($value->type) ?> + ++ ++ escape($value->remoteip) ?> ++ + + escape($value->identity) ?> + +diff --git a/library/Audit/ProvidedHook/AuditLog.php b/library/Audit/ProvidedHook/AuditLog.php +index 39ae592..909c350 100644 +--- a/library/Audit/ProvidedHook/AuditLog.php ++++ b/library/Audit/ProvidedHook/AuditLog.php +@@ -14,8 +14,9 @@ public function logMessage($time, $identity, $type, $message, array $data = null + { + $logConfig = Config::module('audit')->getSection('log'); + if ($logConfig->type === 'file') { ++ $remoteip = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + $file = new File($logConfig->get('path', '/var/log/icingaweb2/audit.log'), 'a'); +- $file->fwrite(date('c', $time) . ' - ' . $identity . ' - ' . $type . ' - ' . $message . PHP_EOL); ++ $file->fwrite(date('c', $time) . ' - ' . $remoteip . ' - ' . $identity . ' - ' . $type . ' - ' . $message . PHP_EOL); + $file->fflush(); + } elseif ($logConfig->type === 'syslog') { + openlog( +diff --git a/library/Audit/ProvidedHook/AuditStream.php b/library/Audit/ProvidedHook/AuditStream.php +index 869464f..863e93e 100644 +--- a/library/Audit/ProvidedHook/AuditStream.php ++++ b/library/Audit/ProvidedHook/AuditStream.php +@@ -16,7 +16,8 @@ public function logMessage($time, $identity, $type, $message, array $data = null + 'activity_time' => $time, + 'activity' => $type, + 'message' => $message, +- 'identity' => $identity ++ 'identity' => $identity, ++ 'remoteip' => $remoteip + ]; + if (! empty($data)) { + $activityData['data'] = $data; diff --git a/tasks/installation.yml b/tasks/installation.yml index 2bcbd94..2b56b1d 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -103,6 +103,14 @@ loop: '{{ icinga2_web_modules }}' notify: icinga2_web reload icinga2 + ## + # @TODO: This can be removed once https://github.com/Icinga/icingaweb2-module-audit/pull/9 has been merged!! + ## +- name: Patch icingaweb2 audit module to include remote ip logging + ansible.posix.patch: + src: 0001-icingaweb2-module-audit-remote-ip-logging.patch + basedir: /usr/share/icingaweb2/modules/audit + - name: create icingaweb2 director user for background daemon user: name: icingadirector From ff665ce7a76f0f799c43ec4ce473951dc4f1e95d Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:37:25 +0100 Subject: [PATCH 02/36] (fix): change company name, add namespace --- meta/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index 6e869b5..6ef1513 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -5,9 +5,10 @@ dependencies: galaxy_info: role_name: 'icinga2_web' - author: 'Adfinis SyGroup AG' + namespace: adfinis + author: 'Adfinis AG' description: 'This role installs and configures icingaweb2' - company: 'Adfinis SyGroup AG' + company: 'Adfinis AG' license: 'GNU General Public License v3' min_ansible_version: '2.6.0' platforms: From 33538a37098216b07f97198f566bf5893d6ea878 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:38:00 +0100 Subject: [PATCH 03/36] (feat): add collection dependencies --- meta/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/main.yml b/meta/main.yml index 6ef1513..3ca6c2f 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -19,3 +19,7 @@ galaxy_info: - 'icinga2' - 'monitoring' - 'icingaweb2' + +collections: + - ansible.posix + - community.general From 1d7b4af07034be0b0b422d1bc05b8e1915a5930b Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:38:12 +0100 Subject: [PATCH 04/36] (feat): specify github branch for galaxy --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index 3ca6c2f..72f338d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -19,6 +19,7 @@ galaxy_info: - 'icinga2' - 'monitoring' - 'icingaweb2' + github_branch: master collections: - ansible.posix From 2d9d98b463090b29d01773dd51b6d9834c44927d Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:45:07 +0100 Subject: [PATCH 05/36] (feat): add necessary strip of 1 --- tasks/installation.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/installation.yml b/tasks/installation.yml index 2b56b1d..fce4df2 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -110,6 +110,7 @@ ansible.posix.patch: src: 0001-icingaweb2-module-audit-remote-ip-logging.patch basedir: /usr/share/icingaweb2/modules/audit + strip: 1 - name: create icingaweb2 director user for background daemon user: From 233f2e2dd22108e8351737cdb37c460a324b769c Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 1 Feb 2024 14:11:51 +0100 Subject: [PATCH 06/36] (feat): add fail2ban filter for icingaweb2 audit log --- templates/etc/fail2ban/filter.d/icingaweb2-auth.conf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 templates/etc/fail2ban/filter.d/icingaweb2-auth.conf diff --git a/templates/etc/fail2ban/filter.d/icingaweb2-auth.conf b/templates/etc/fail2ban/filter.d/icingaweb2-auth.conf new file mode 100644 index 0000000..3b8a946 --- /dev/null +++ b/templates/etc/fail2ban/filter.d/icingaweb2-auth.conf @@ -0,0 +1,7 @@ +[Definition] + +failregex = ^.*- - \S+ - login-failed - User failed to authenticate$ + +ignoreregex = + +datepattern = {^LN-BEG} From 1742abb151eef8ab8f829bd2554290be621242a4 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 1 Feb 2024 14:12:03 +0100 Subject: [PATCH 07/36] (feat): add installation of fail2ban to role --- meta/main.yml | 1 + tasks/installation.yml | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/meta/main.yml b/meta/main.yml index 72f338d..c5dfdb7 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -24,3 +24,4 @@ galaxy_info: collections: - ansible.posix - community.general + - robertdebock.roles diff --git a/tasks/installation.yml b/tasks/installation.yml index fce4df2..e2ba191 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -5,6 +5,10 @@ name: '{{ icinga2_web_packages }}' state: present +- name: install fail2ban using role + ansible.builtin.include_role: + name: robertdebock.roles.fail2ban + # Allow httpd to connect to the mysql database - name: set httpd_can_network_connect_db flag on and keep it persistent across reboots seboolean: From 68d03d10a1a016df84a99a2e3f843119ac99dbf3 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:20:41 +0100 Subject: [PATCH 08/36] (feat): instead of patching it live, use our own fork of the audit module --- defaults/main.yml | 8 +++++++- tasks/installation.yml | 11 +---------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index c7d1fe9..b40523c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -93,17 +93,23 @@ icinga2_web_managed_config_files: icinga2_web_modules: [] #- name: graphite + # url: 'https://github.com/icinga/icingaweb2-module-graphite.git' # version: master #- name: ipl + # url: 'https://github.com/icinga/icingaweb2-module-ipl.git' # version: v0.5.0 #- name: incubator + # url: 'https://github.com/icinga/icingaweb2-module-incubator.git' # version: v0.5.0 #- name: reactbundle + # url: 'https://github.com/icinga/icingaweb2-module-reactbundle.git' # version: v0.7.0 #- name: director + # url: 'https://github.com/icinga/icingaweb2-module-director.git' # version: v1.7.2 #- name: audit - # version: v1.0.2 + # url: 'https://github.com/adfinis/icingaweb2-module-audit.git' + # version: master # Icingaweb2 LDAP authentication # For further information, consult the official icingaweb2 documentation at diff --git a/tasks/installation.yml b/tasks/installation.yml index e2ba191..0fac80a 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -92,7 +92,7 @@ - name: install modules from github git: # noqa 401 - repo: 'https://github.com/icinga/icingaweb2-module-{{ item.name }}.git' + repo: '{{ item.url }}' dest: '/etc/icingaweb2/modules/{{ item.name }}' version: '{{ item.version }}' loop: '{{ icinga2_web_modules }}' @@ -107,15 +107,6 @@ loop: '{{ icinga2_web_modules }}' notify: icinga2_web reload icinga2 - ## - # @TODO: This can be removed once https://github.com/Icinga/icingaweb2-module-audit/pull/9 has been merged!! - ## -- name: Patch icingaweb2 audit module to include remote ip logging - ansible.posix.patch: - src: 0001-icingaweb2-module-audit-remote-ip-logging.patch - basedir: /usr/share/icingaweb2/modules/audit - strip: 1 - - name: create icingaweb2 director user for background daemon user: name: icingadirector From d4dede1dd0686453e4316edd55ce861bdbda251d Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 11:21:30 +0100 Subject: [PATCH 09/36] Remove 401 tag Co-authored-by: Sebastian P. <5564491+s3lph@users.noreply.github.com> --- tasks/installation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/installation.yml b/tasks/installation.yml index 0fac80a..9e7a156 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -91,7 +91,7 @@ notify: icinga2_web reload icinga2 - name: install modules from github - git: # noqa 401 + ansible.builtin.git: repo: '{{ item.url }}' dest: '/etc/icingaweb2/modules/{{ item.name }}' version: '{{ item.version }}' From 4902d398c6270c5b96b741730640e43ab7021184 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 11:34:42 +0100 Subject: [PATCH 10/36] (chore): fix linting errors and use correct ansible-lint action --- .github/workflows/ansible-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ansible-ci.yml b/.github/workflows/ansible-ci.yml index 6402742..2ea5620 100644 --- a/.github/workflows/ansible-ci.yml +++ b/.github/workflows/ansible-ci.yml @@ -3,9 +3,9 @@ name: CI - Linting on: push: - branches: [ master ] + branches: [master] pull_request: - branches: [ master ] + branches: [master] jobs: # This workflow contains a single job called "build" @@ -24,7 +24,7 @@ jobs: path: lint-rules - name: ansible-lint - uses: ansible/ansible-lint-action@master + uses: ansible/ansible-lint@main with: targets: icinga2_web args: "-R -r lint-rules" From 87e6ec7cb9b587225596c855cad53edd6c61b31d Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 12:38:23 +0100 Subject: [PATCH 11/36] (fix): remove patch as we use our own fork --- ...aweb2-module-audit-remote-ip-logging.patch | 67 ------------------- 1 file changed, 67 deletions(-) delete mode 100644 files/0001-icingaweb2-module-audit-remote-ip-logging.patch diff --git a/files/0001-icingaweb2-module-audit-remote-ip-logging.patch b/files/0001-icingaweb2-module-audit-remote-ip-logging.patch deleted file mode 100644 index 88385b5..0000000 --- a/files/0001-icingaweb2-module-audit-remote-ip-logging.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 3bf6f47910834e4ddd9c7fb4bf085daed5ab515a Mon Sep 17 00:00:00 2001 -From: airbone95 -Date: Mon, 25 May 2020 08:37:14 +0200 -Subject: [PATCH] added ip-logging - ---- - application/controllers/LogController.php | 1 + - application/views/scripts/log/index.phtml | 3 +++ - library/Audit/ProvidedHook/AuditLog.php | 3 ++- - library/Audit/ProvidedHook/AuditStream.php | 3 ++- - 4 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/application/controllers/LogController.php b/application/controllers/LogController.php -index cc0d110..d0d2c4d 100644 ---- a/application/controllers/LogController.php -+++ b/application/controllers/LogController.php -@@ -36,6 +36,7 @@ public function indexAction() - 'fields' => '/(?[0-9]{4}(?:-[0-9]{2}){2}' // date - . 'T[0-9]{2}(?::[0-9]{2}){2}(?:[\+\-][0-9]{2}:[0-9]{2})?)' // time -+ . ' - (?.+)' // remoteip - . ' - (?.+)' // identity - . ' - (?.+)' // type - . ' - (?.+)' // message -diff --git a/application/views/scripts/log/index.phtml b/application/views/scripts/log/index.phtml -index 79b9239..80140a7 100644 ---- a/application/views/scripts/log/index.phtml -+++ b/application/views/scripts/log/index.phtml -@@ -19,6 +19,9 @@ -
- escape($value->type) ?> - -+ -+ escape($value->remoteip) ?> -+ - - escape($value->identity) ?> - -diff --git a/library/Audit/ProvidedHook/AuditLog.php b/library/Audit/ProvidedHook/AuditLog.php -index 39ae592..909c350 100644 ---- a/library/Audit/ProvidedHook/AuditLog.php -+++ b/library/Audit/ProvidedHook/AuditLog.php -@@ -14,8 +14,9 @@ public function logMessage($time, $identity, $type, $message, array $data = null - { - $logConfig = Config::module('audit')->getSection('log'); - if ($logConfig->type === 'file') { -+ $remoteip = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; - $file = new File($logConfig->get('path', '/var/log/icingaweb2/audit.log'), 'a'); -- $file->fwrite(date('c', $time) . ' - ' . $identity . ' - ' . $type . ' - ' . $message . PHP_EOL); -+ $file->fwrite(date('c', $time) . ' - ' . $remoteip . ' - ' . $identity . ' - ' . $type . ' - ' . $message . PHP_EOL); - $file->fflush(); - } elseif ($logConfig->type === 'syslog') { - openlog( -diff --git a/library/Audit/ProvidedHook/AuditStream.php b/library/Audit/ProvidedHook/AuditStream.php -index 869464f..863e93e 100644 ---- a/library/Audit/ProvidedHook/AuditStream.php -+++ b/library/Audit/ProvidedHook/AuditStream.php -@@ -16,7 +16,8 @@ public function logMessage($time, $identity, $type, $message, array $data = null - 'activity_time' => $time, - 'activity' => $type, - 'message' => $message, -- 'identity' => $identity -+ 'identity' => $identity, -+ 'remoteip' => $remoteip - ]; - if (! empty($data)) { - $activityData['data'] = $data; From ba9fdde46d34769aa02ce67784135ec4749860d0 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 12:51:48 +0100 Subject: [PATCH 12/36] (fix): add dependencies for roles and collections --- requirements.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 requirements.yml diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..1954b25 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,9 @@ +--- + +roles: + - name: adfinis-sygroup.icinga2_agent + +collections: + - ansible.posix + - community.general + - robertdebock.roles From 23486386aad90997f0595c11af7b1d56efe8b3d9 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 12:53:31 +0100 Subject: [PATCH 13/36] Revert "(fix): add dependencies for roles and collections" This reverts commit ba9fdde46d34769aa02ce67784135ec4749860d0. --- requirements.yml | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 requirements.yml diff --git a/requirements.yml b/requirements.yml deleted file mode 100644 index 1954b25..0000000 --- a/requirements.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -roles: - - name: adfinis-sygroup.icinga2_agent - -collections: - - ansible.posix - - community.general - - robertdebock.roles From 677f7809c378e6337eb258fb322a2e287b927e57 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 13:06:01 +0100 Subject: [PATCH 14/36] (chore): fix linting errors in installation.yml --- tasks/installation.yml | 110 ++++++++++++++++++++--------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/tasks/installation.yml b/tasks/installation.yml index 9e7a156..71c94ef 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -1,30 +1,30 @@ --- -- name: install icinga2 web packages - package: +- name: Install icinga2 web packages + ansible.builtin.package: name: '{{ icinga2_web_packages }}' state: present -- name: install fail2ban using role +- name: Install fail2ban using role ansible.builtin.include_role: name: robertdebock.roles.fail2ban # Allow httpd to connect to the mysql database -- name: set httpd_can_network_connect_db flag on and keep it persistent across reboots - seboolean: +- name: Set httpd_can_network_connect_db flag on and keep it persistent across reboots + ansible.posix.seboolean: name: httpd_can_network_connect_db - state: yes - persistent: yes + state: true + persistent: true # Allow httpd to connect to the network -- name: set httpd_can_network_connect flag on and keep it persistent across reboots - seboolean: +- name: Set httpd_can_network_connect flag on and keep it persistent across reboots + ansible.posix.seboolean: name: httpd_can_network_connect - state: yes - persistent: yes + state: true + persistent: true -- name: check if icingaweb2 table and user in mysql exist - shell: > +- name: Check if icingaweb2 table and user in mysql exist + ansible.builtin.shell: > set -o pipefail; mysql --user={{ icinga2_web_database_root_user }} @@ -37,8 +37,8 @@ changed_when: icinga2_web_register_icingaweb2_imported.rc == 1 failed_when: "'Access denied for' in icinga2_web_register_icingaweb2_imported.stderr" -- name: import icingaweb2 database schema using the root user - mysql_db: +- name: Import icingaweb2 database schema using the root user + community.mysql.mysql_db: name: '{{ icinga2_web_icingaweb2_database_name }}' login_host: '{{ icinga2_web_icingaweb2_database_host }}' login_port: '{{ icinga2_web_icingaweb2_database_port }}' @@ -47,13 +47,13 @@ ssl_ca: '{{ icinga2_web_ca_path }}' state: import target: '{{ icinga2_web_mysql_schema_sql_path }}' - run_once: True + run_once: true when: - not ansible_check_mode - icinga2_web_register_icingaweb2_imported.rc == 1 -- name: create a user with access only to the icingaweb2 database using the root user - mysql_user: +- name: Create a user with access only to the icingaweb2 database using the root user + community.mysql.mysql_user: name: '{{ icinga2_web_icingaweb2_database_user.split("@")[0] }}' password: '{{ icinga2_web_icingaweb2_database_pass }}' priv: '{{ icinga2_web_icingaweb2_database_name }}.*:ALL' @@ -64,33 +64,33 @@ login_password: '{{ icinga2_web_database_root_pass }}' ssl_ca: '{{ icinga2_web_ca_path }}' state: present - run_once: True + run_once: true when: - not ansible_check_mode - icinga2_web_register_icingaweb2_imported.rc == 1 -- name: ensure icingaweb2 modules directory is present - file: +- name: Ensure icingaweb2 modules directory is present + ansible.builtin.file: name: /etc/icingaweb2/enabledModules state: directory owner: root group: icingaweb2 - mode: 0755 + mode: "0755" -- name: ensure icingaweb2 modules directory is present and set selinux - file: +- name: Ensure icingaweb2 modules directory is present and set selinux + ansible.builtin.file: name: /etc/icingaweb2/enabledModules state: directory owner: root group: icingaweb2 - mode: 0755 + mode: "0755" seuser: system_u serole: object_r setype: icingaweb2_config_t selevel: s0 notify: icinga2_web reload icinga2 -- name: install modules from github +- name: Install modules from github ansible.builtin.git: repo: '{{ item.url }}' dest: '/etc/icingaweb2/modules/{{ item.name }}' @@ -98,76 +98,76 @@ loop: '{{ icinga2_web_modules }}' notify: icinga2_web reload icinga2 -- name: enable modules from github - file: +- name: Enable modules from github + ansible.builtin.file: src: '/etc/icingaweb2/modules/{{ item.name }}' dest: '/etc/icingaweb2/enabledModules/{{ item.name }}' state: link - mode: 0755 + mode: "0755" loop: '{{ icinga2_web_modules }}' notify: icinga2_web reload icinga2 -- name: create icingaweb2 director user for background daemon - user: +- name: Create icingaweb2 director user for background daemon + ansible.builtin.user: name: icingadirector group: icingaweb2 shell: '/bin/false' home: '/var/lib/icingadirector' - system: yes + system: true when: icinga2_web_director | length != 0 -- name: create home directory for icingaweb2 director daemon user - file: +- name: Create home directory for icingaweb2 director daemon user + ansible.builtin.file: name: /var/lib/icingadirector state: directory owner: icingadirector group: icingaweb2 - mode: 0750 + mode: "0750" seuser: system_u serole: object_r setype: var_lib_t selevel: s0 when: icinga2_web_director | length != 0 -- name: install systemd service for icingaweb2 director daemon - copy: +- name: Install systemd service for icingaweb2 director daemon + ansible.builtin.copy: src: /etc/icingaweb2/modules/director/contrib/systemd/icinga-director.service - remote_src: yes + remote_src: true dest: /etc/systemd/system - mode: 0644 + mode: "0644" when: icinga2_web_director | length != 0 -- name: enable and start systemd service for icingaweb2 director daemon - systemd: +- name: Enable and start systemd service for icingaweb2 director daemon + ansible.builtin.systemd_service: name: icinga-director.service state: started - daemon_reload: yes - enabled: yes + daemon_reload: true + enabled: true when: icinga2_web_director | length != 0 -- name: add grafana repository - yum_repository: +- name: Add grafana repository + ansible.builtin.yum_repository: name: grafana description: grafana baseurl: https://packages.grafana.com/oss/rpm - repo_gpgcheck: yes - enabled: yes - gpgcheck: yes + repo_gpgcheck: true + enabled: true + gpgcheck: true gpgkey: https://packages.grafana.com/gpg.key - sslverify: yes + sslverify: true sslcacert: /etc/pki/tls/certs/ca-bundle.crt when: icinga2_web_grafana.enabled -- name: install grafana - yum: +- name: Install grafana + ansible.builtin.yum: name: grafana state: present when: icinga2_web_grafana.enabled -- name: enable and start grafana service - systemd: +- name: Enable and start grafana service + ansible.builtin.systemd_service: name: grafana-server state: started - daemon_reload: yes - enabled: yes + daemon_reload: true + enabled: true when: icinga2_web_grafana.enabled From 20d584688a178f0b30c59f99809675c4be455197 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 13:07:21 +0100 Subject: [PATCH 15/36] (fix): add missing collection --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index c5dfdb7..1dbddb9 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -24,4 +24,5 @@ galaxy_info: collections: - ansible.posix - community.general + - community.mysql - robertdebock.roles From dce8618bbb2e5244cead46013fa61e220f43260c Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 13:11:13 +0100 Subject: [PATCH 16/36] (chore): fix linting errors in configuration.yml --- tasks/configuration.yml | 72 ++++++++++++++++++++--------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 4186b4c..51b99e4 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -1,125 +1,125 @@ --- -- name: configure icingaweb2 - template: +- name: Configure icingaweb2 + ansible.builtin.template: src: 'templates/etc/icingaweb2/{{ item }}.j2' dest: '/etc/icingaweb2/{{ item }}' owner: root group: icingaweb2 - mode: 0660 + mode: "0660" seuser: system_u serole: object_r setype: icingaweb2_config_t selevel: s0 loop: '{{ icinga2_web_managed_config_files }}' -- name: enable the icingaweb2 monitoring module - file: +- name: Enable the icingaweb2 monitoring module + ansible.builtin.file: src: /usr/share/icingaweb2/modules/monitoring dest: /etc/icingaweb2/enabledModules/monitoring state: link - mode: 0755 + mode: "0755" -- name: ensure icingaweb2 modules directory is present - file: +- name: Ensure icingaweb2 modules directory is present + ansible.builtin.file: name: /etc/icingaweb2/modules/monitoring state: directory owner: root group: icingaweb2 - mode: 0755 + mode: "0755" seuser: system_u serole: object_r setype: icingaweb2_config_t selevel: s0 -- name: configure icingaweb2 monitoring module - template: +- name: Configure icingaweb2 monitoring module + ansible.builtin.template: src: templates/etc/icingaweb2/modules/monitoring/config.ini.j2 dest: /etc/icingaweb2/modules/monitoring/config.ini owner: root group: icingaweb2 - mode: 0660 + mode: "0660" seuser: system_u serole: object_r setype: icingaweb2_config_t selevel: s0 -- name: configure icingaweb2 monitoring module commandtransport - template: +- name: Configure icingaweb2 monitoring module commandtransport + ansible.builtin.template: src: templates/etc/icingaweb2/modules/monitoring/commandtransports.ini.j2 dest: /etc/icingaweb2/modules/monitoring/commandtransports.ini owner: root group: icingaweb2 - mode: 0660 + mode: "0660" seuser: system_u serole: object_r setype: icingaweb2_config_t selevel: s0 -- name: configure icingaweb2 monitoring module backends - template: +- name: Configure icingaweb2 monitoring module backends + ansible.builtin.template: src: templates/etc/icingaweb2/modules/monitoring/backends.ini.j2 dest: /etc/icingaweb2/modules/monitoring/backends.ini owner: root group: icingaweb2 - mode: 0660 + mode: "0660" seuser: system_u serole: object_r setype: icingaweb2_config_t selevel: s0 -- name: configure icingaweb2 director module - template: +- name: Configure icingaweb2 director module + ansible.builtin.template: src: templates/etc/icingaweb2/modules/director/config.ini.j2 dest: /etc/icingaweb2/modules/director/config.ini owner: root group: icingaweb2 - mode: 0660 + mode: "0660" seuser: system_u serole: object_r setype: icingaweb2_config_t selevel: s0 when: icinga2_web_director | length != 0 -- name: configure icingaweb2 director module api - template: +- name: Configure icingaweb2 director module api + ansible.builtin.template: src: templates/etc/icingaweb2/modules/director/kickstart.ini.j2 dest: /etc/icingaweb2/modules/director/kickstart.ini owner: root group: icingaweb2 - mode: 0660 + mode: "0660" seuser: system_u serole: object_r setype: icingaweb2_config_t selevel: s0 when: icinga2_web_director | length != 0 -- name: configure icingaweb2 director database - command: icingacli director migration run +- name: Configure icingaweb2 director database + ansible.builtin.command: icingacli director migration run when: icinga2_web_director | length != 0 -- name: configure icingaweb2 reporting module - template: +- name: Configure icingaweb2 reporting module + ansible.builtin.template: src: templates/etc/icingaweb2/modules/reporting/config.ini.j2 dest: /etc/icingaweb2/modules/reporting/config.ini owner: root group: icingaweb2 - mode: 0660 + mode: "0660" seuser: system_u serole: object_r setype: icingaweb2_config_t selevel: s0 when: icinga2_web_reporting | length != 0 -- name: create icingaweb2 admin password hash - command: openssl passwd -1 '{{ icinga2_web_admin_pass }}' +- name: Create icingaweb2 admin password hash + ansible.builtin.command: openssl passwd -1 '{{ icinga2_web_admin_pass }}' register: icinga2_web_register_admin_hash when: - not ansible_check_mode - icinga2_web_register_icingaweb2_imported.rc == 1 -- name: insert icingaweb2 admin password into database - command: > +- name: Insert icingaweb2 admin password into database + ansible.builtin.command: > mysql -h'{{ icinga2_web_icingaweb2_database_host }}' -u'{{ icinga2_web_icingaweb2_database_user }}' @@ -133,13 +133,13 @@ - icinga2_web_register_icingaweb2_imported.rc == 1 - icinga2_web_register_admin_hash -- name: configure grafana - template: +- name: Configure grafana + ansible.builtin.template: src: templates/etc/grafana/grafana.ini.j2 dest: /etc/grafana/grafana.ini owner: root group: grafana - mode: 0660 + mode: "0660" seuser: system_u serole: object_r selevel: s0 From bd38bfb0c188a952c2f85cfec6e0a3f91d1cc710 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 13:12:06 +0100 Subject: [PATCH 17/36] (chore): fix linting errors in main.yml --- tasks/main.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 905857f..c866558 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,7 @@ --- -- name: include os specific vars - include_vars: '{{ item }}' +- name: Include os specific vars + ansible.builtin.include_vars: '{{ item }}' with_first_found: - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml' - '{{ ansible_os_family }}.yml' @@ -10,12 +10,14 @@ - 'role::icinga2_web:install' - 'role::icinga2_web:config' -- import_tasks: installation.yml +- name: Include installation tasks + ansible.builtin.import_tasks: installation.yml tags: - 'role::icinga2_web' - 'role::icinga2_web:install' -- import_tasks: configuration.yml +- name: Include configuration tasks + ansible.builtin.import_tasks: configuration.yml tags: - 'role::icinga2_web' - 'role::icinga2_web:config' From f774d88c5102914c1c7b5e2ec48d522d9c18e71f Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Thu, 8 Feb 2024 13:22:41 +0100 Subject: [PATCH 18/36] (fix): Migrate terrific RST README to glorious Markdown --- README.md | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++ README.rst | 195 ----------------------------------------------------- 2 files changed, 185 insertions(+), 195 deletions(-) create mode 100644 README.md delete mode 100644 README.rst diff --git a/README.md b/README.md new file mode 100644 index 0000000..757172e --- /dev/null +++ b/README.md @@ -0,0 +1,185 @@ +ROLE ICINGA2_WEB +================ + +[![image](https://img.shields.io/github/license/adfinis-sygroup/ansible-role-icinga2_web.svg?style=flat-square)](https://github.com/adfinis-sygroup/ansible-role-icinga2_web/blob/master/LICENSE) + +[![image](https://img.shields.io/travis/adfinis-sygroup/ansible-role-icinga2_web.svg?style=flat-square)](https://travis-ci.org/adfinis-sygroup/ansible-role-icinga2_web) + +[![image](https://img.shields.io/badge/galaxy-adfinis--sygroup.icinga2_web-660198.svg?style=flat-square)](https://galaxy.ansible.com/adfinis-sygroup/icinga2_web) + +This role installs and configures icingaweb2. + +# Requirements + +What you will need to benefit from this role is a webserver installed on +the system. At Adfinis, we use the following role: + +- [adfinis-sygroup.nginx](https://galaxy.ansible.com/adfinis-sygroup/nginx) + +# Role Variables + +``` yaml +# The icingaweb2 web ui password +icinga2_web_admin_pass: 'passw0rd' + +# icinga2 API host +icinga2_web_api_host: 127.0.0.1 + +# icinga2 API port +icinga2_web_api_port: 5665 + +# icinga2 API user +icinga2_web_api_user: icingaweb2 + +# icinga2 API password +icinga2_web_api_pass: 'passw0rd' + + +## icingaweb2 database settings +# The icingaweb2 database name +icinga2_web_icingaweb2_database_name: icingaweb2 + +# The icingaweb2 database user +icinga2_web_icingaweb2_database_user: icingaweb2 + +# The icingaweb2 database password +icinga2_web_icingaweb2_database_pass: 'passw0rd' + +# The icingaweb2 database host +icinga2_web_icingaweb2_database_host: 127.0.0.1 + +# The icingaweb2 database port +icinga2_web_icingaweb2_database_port: 3306 + + +## Icinga2 database settings +# icinga2 database name +icinga2_web_icinga2_database_name: icinga2 +# +# icinga2 database host +icinga2_web_icinga2_database_host: 127.0.0.1 + +# icinga2 database port +icinga2_web_icinga2_database_port: 3306 + +# icinga2 database user +icinga2_web_icinga2_database_user: icinga2 + +# icinga2 database password +icinga2_web_icinga2_database_pass: 'passw0rd' +``` + +## LDAP Authentication + +To configure LDAP authentication, the following variables MUST be +configured. It is possible to enable multiple configuration backends. + +``` yaml +# Icingaweb2 LDAP authentication +# For further information, consult the official icingaweb2 documentation at +# https://icinga.com/docs/icingaweb2/latest/doc/04-Resources/#ldap +#icinga2_web_ldap: +# - name: res_ldap_example_com +# host: ldap.example.com +# port: 636 +# encryption: ldaps +# root_dn: 'cn=accounts,dc=ldap,dc=example,dc=com' +# bind_dn: 'uid=icingaweb2.auth,cn=systems,dc=ldap,dc=example,dc=com' +# bind_pw: 'ldap password' +# timeout: 5 +``` + +``` yaml +# Icingaweb2 LDAP User configuration +# For further information, consult the official icingaweb2 documentation at +# https://icinga.com/docs/icingaweb2/latest/doc/05-Authentication/#ldap +# +#icinga2_web_ldap_userconf: +# - name: user_ldap_example_com # required +# resource: 'res_ldap_example_com' # required +# user_class: 'inetOrgPerson' # required +# user_name_attribute: 'uid' # required +# base_dn: 'cn=accounts,dc=ldap,dc=example,dc=com' # optional +# filter: "(somefilter)" # optional + +icinga2_web_ldap_userconf: [] +``` + +``` yaml +# Icingaweb2 LDAP Group configuration +# For further information, consult the official icingaweb2 documentation at +# https://icinga.com/docs/icingaweb2/latest/doc/05-Authentication/#ldap-groups +# +#icinga2_web_ldap_groupconf: +# - name: group_ldap_example_com # required +# resource: 'res_ldap_example_com' # required +# user_backend = "user_ldap_examle_com" # required +# user_class: 'user' # optional +# user_name_attribute: 'uid' # optional +# group_class: 'group' # optional +# group_name_attribute: 'gid' # optional +# group_member_attribute: 'memberUid' # optional +# group_filter: '(somefilter)' # optional +``` + +## Icingaweb2 permissions + +``` yaml +# Icinga2 Permissions configuration +# For further information, consult the official icingaweb2 documentation at +# https://icinga.com/docs/icingaweb2/latest/doc/06-Security/#configuration +# +#icinga2_web_permissions: +# - name: Administrators +# users: +# - admin +# groups: +# - Administrators +# permissions: +# '*' +# object_filter: "" +# - name: customer +# users: +# - customer1 +# permissions: +# 'monitoring/command/*,module/*' +# object_filter: 'host_name=*.customer.example.com"' +``` + +# Dependencies + +This role has the following dependencies: + +``` yaml +roles: +- name: 'adfinis-sygroup.icinga2_agent' + +collections: + - ansible.posix + - community.general + - community.mysql + - robertdebock.roles +``` + +For all dependencies to be correcty installed, you need to create a +`requirements.yml` in your project with the content above. + +# Example Playbook + +``` yaml +- hosts: servers + roles: + - { role: adfinis-sygroup.icinga2_web } +``` + +# License + +[GPL-3.0](https://github.com/adfinis-sygroup/ansible-role-icinga2_web/blob/master/LICENSE) + +# Author Information + +icinga2_web role was written by: + +- Adfinis SyGroup AG \| [Website](https://www.adfinis-sygroup.ch/) \| + [Twitter](https://twitter.com/adfinissygroup) \| + [GitHub](https://github.com/adfinis-sygroup) diff --git a/README.rst b/README.rst deleted file mode 100644 index ef588bf..0000000 --- a/README.rst +++ /dev/null @@ -1,195 +0,0 @@ -================ -ROLE ICINGA2_WEB -================ - -.. image:: https://img.shields.io/github/license/adfinis-sygroup/ansible-role-icinga2_web.svg?style=flat-square - :target: https://github.com/adfinis-sygroup/ansible-role-icinga2_web/blob/master/LICENSE - -.. image:: https://img.shields.io/travis/adfinis-sygroup/ansible-role-icinga2_web.svg?style=flat-square - :target: https://travis-ci.org/adfinis-sygroup/ansible-role-icinga2_web - -.. image:: https://img.shields.io/badge/galaxy-adfinis--sygroup.icinga2_web-660198.svg?style=flat-square - :target: https://galaxy.ansible.com/adfinis-sygroup/icinga2_web - -This role installs and configures icingaweb2. - - -Requirements -============= - -What you will need to benefit from this role a webserver installed on the system. -At Adfinis, we use the following role: - -* `adfinis-sygroup.nginx `_ - - - -Role Variables -=============== - -.. code-block:: yaml - - # The icingaweb2 web ui password - icinga2_web_admin_pass: 'passw0rd' - - # icinga2 API host - icinga2_web_api_host: 127.0.0.1 - - # icinga2 API port - icinga2_web_api_port: 5665 - - # icinga2 API user - icinga2_web_api_user: icingaweb2 - - # icinga2 API password - icinga2_web_api_pass: 'passw0rd' - - - ## icingaweb2 database settings - # The icingaweb2 database name - icinga2_web_icingaweb2_database_name: icingaweb2 - - # The icingaweb2 database user - icinga2_web_icingaweb2_database_user: icingaweb2 - - # The icingaweb2 database password - icinga2_web_icingaweb2_database_pass: 'passw0rd' - - # The icingaweb2 database host - icinga2_web_icingaweb2_database_host: 127.0.0.1 - - # The icingaweb2 database port - icinga2_web_icingaweb2_database_port: 3306 - - - ## Icinga2 database settings - # icinga2 database name - icinga2_web_icinga2_database_name: icinga2 - # - # icinga2 database host - icinga2_web_icinga2_database_host: 127.0.0.1 - - # icinga2 database port - icinga2_web_icinga2_database_port: 3306 - - # icinga2 database user - icinga2_web_icinga2_database_user: icinga2 - - # icinga2 database password - icinga2_web_icinga2_database_pass: 'passw0rd' - - -LDAP Authentication -------------------- - -To configure LDAP authentication, the following variables MUST be configured. -It is possible to enable multiple configuration backends. - -.. code-block:: yaml - - # Icingaweb2 LDAP authentication - # For further information, consult the official icingaweb2 documentation at - # https://icinga.com/docs/icingaweb2/latest/doc/04-Resources/#ldap - #icinga2_web_ldap: - # - name: res_ldap_example_com - # host: ldap.example.com - # port: 636 - # encryption: ldaps - # root_dn: 'cn=accounts,dc=ldap,dc=example,dc=com' - # bind_dn: 'uid=icingaweb2.auth,cn=systems,dc=ldap,dc=example,dc=com' - # bind_pw: 'ldap password' - # timeout: 5 - - -.. code-block:: yaml - - # Icingaweb2 LDAP User configuration - # For further information, consult the official icingaweb2 documentation at - # https://icinga.com/docs/icingaweb2/latest/doc/05-Authentication/#ldap - # - #icinga2_web_ldap_userconf: - # - name: user_ldap_example_com # required - # resource: 'res_ldap_example_com' # required - # user_class: 'inetOrgPerson' # required - # user_name_attribute: 'uid' # required - # base_dn: 'cn=accounts,dc=ldap,dc=example,dc=com' # optional - # filter: "(somefilter)" # optional - - icinga2_web_ldap_userconf: [] - - -.. code-block:: yaml - - # Icingaweb2 LDAP Group configuration - # For further information, consult the official icingaweb2 documentation at - # https://icinga.com/docs/icingaweb2/latest/doc/05-Authentication/#ldap-groups - # - #icinga2_web_ldap_groupconf: - # - name: group_ldap_example_com # required - # resource: 'res_ldap_example_com' # required - # user_backend = "user_ldap_examle_com" # required - # user_class: 'user' # optional - # user_name_attribute: 'uid' # optional - # group_class: 'group' # optional - # group_name_attribute: 'gid' # optional - # group_member_attribute: 'memberUid' # optional - # group_filter: '(somefilter)' # optional - - -Icingaweb2 permissions ----------------------- - -.. code-block:: yaml - - # Icinga2 Permissions configuration - # For further information, consult the official icingaweb2 documentation at - # https://icinga.com/docs/icingaweb2/latest/doc/06-Security/#configuration - # - #icinga2_web_permissions: - # - name: Administrators - # users: - # - admin - # groups: - # - Administrators - # permissions: - # '*' - # object_filter: "" - # - name: customer - # users: - # - customer1 - # permissions: - # 'monitoring/command/*,module/*' - # object_filter: 'host_name=*.customer.example.com"' - - -Dependencies -============= - -This role depends on the following roles: - -* `adfinis-sygroup.php_fpm `_ -* `adfinis-sygroup.icinga2_master `_ - - -Example Playbook -================= - -.. code-block:: yaml - - - hosts: servers - roles: - - { role: adfinis-sygroup.icinga2_web } - - -License -======== - -`GPL-3.0 `_ - - -Author Information -=================== - -icinga2_web role was written by: - -* Adfinis SyGroup AG | `Website `_ | `Twitter `_ | `GitHub `_ From f09da771ebe128656b98595cfbc84ac2fbacf58e Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 12:58:26 +0100 Subject: [PATCH 19/36] Company was renamed Co-authored-by: Sebastian P. <5564491+s3lph@users.noreply.github.com> --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 757172e..db1c719 100644 --- a/README.md +++ b/README.md @@ -180,6 +180,6 @@ For all dependencies to be correcty installed, you need to create a icinga2_web role was written by: -- Adfinis SyGroup AG \| [Website](https://www.adfinis-sygroup.ch/) \| - [Twitter](https://twitter.com/adfinissygroup) \| - [GitHub](https://github.com/adfinis-sygroup) +- Adfinis AG \| [Website](https://www.adfinis.com/) \| + [Twitter](https://twitter.com/adfinis) \| + [GitHub](https://github.com/adfinis) From 4a599c4223daca8e8650c58e0ee1afbfd28f9f3e Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 12:59:35 +0100 Subject: [PATCH 20/36] Role was moved to a new namespace Co-authored-by: Sebastian P. <5564491+s3lph@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index db1c719..fa7cd48 100644 --- a/README.md +++ b/README.md @@ -152,7 +152,7 @@ This role has the following dependencies: ``` yaml roles: -- name: 'adfinis-sygroup.icinga2_agent' +- name: 'adfinis.icinga2_agent' collections: - ansible.posix From 5893949ee2d7f0ac00bb5b895fe9c87ded2ccb4d Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 13:01:03 +0100 Subject: [PATCH 21/36] (docs): move dependencies up into requirements section --- README.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index fa7cd48..e444e9c 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,24 @@ the system. At Adfinis, we use the following role: - [adfinis-sygroup.nginx](https://galaxy.ansible.com/adfinis-sygroup/nginx) +## Role dependencies +This role has the following dependencies: + +``` yaml +roles: +- name: 'adfinis.icinga2_agent' + +collections: + - ansible.posix + - community.general + - community.mysql + - robertdebock.roles +``` + +For all dependencies to be correcty installed, you need to create a +`requirements.yml` in your project with the content above. + + # Role Variables ``` yaml @@ -146,24 +164,6 @@ icinga2_web_ldap_userconf: [] # object_filter: 'host_name=*.customer.example.com"' ``` -# Dependencies - -This role has the following dependencies: - -``` yaml -roles: -- name: 'adfinis.icinga2_agent' - -collections: - - ansible.posix - - community.general - - community.mysql - - robertdebock.roles -``` - -For all dependencies to be correcty installed, you need to create a -`requirements.yml` in your project with the content above. - # Example Playbook ``` yaml From beed16e90f8e3ad1d2a3bce550ecf28ac480e041 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 13:02:27 +0100 Subject: [PATCH 22/36] Fix image urls Co-authored-by: Sebastian P. <5564491+s3lph@users.noreply.github.com> --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e444e9c..a2858e1 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ ROLE ICINGA2_WEB ================ -[![image](https://img.shields.io/github/license/adfinis-sygroup/ansible-role-icinga2_web.svg?style=flat-square)](https://github.com/adfinis-sygroup/ansible-role-icinga2_web/blob/master/LICENSE) +[![image](https://img.shields.io/github/license/adfinis/ansible-role-icinga2_web.svg?style=flat-square)](https://github.com/adfinis/ansible-role-icinga2_web/blob/master/LICENSE) -[![image](https://img.shields.io/travis/adfinis-sygroup/ansible-role-icinga2_web.svg?style=flat-square)](https://travis-ci.org/adfinis-sygroup/ansible-role-icinga2_web) +[![image](https://img.shields.io/github/actions/workflow/status/adfinis/ansible-role-icinga2_web/ansible-ci.yml?branch=master&style=flat-square)](https://github.com/adfinis/ansible-role-icinga2_web/actions/workflows/ansible-ci.yml) -[![image](https://img.shields.io/badge/galaxy-adfinis--sygroup.icinga2_web-660198.svg?style=flat-square)](https://galaxy.ansible.com/adfinis-sygroup/icinga2_web) +[![image](https://img.shields.io/badge/galaxy-adfinis.icinga2_web-660198.svg?style=flat-square)](https://galaxy.ansible.com/ui/standalone/roles/adfinis/icinga2_client/) This role installs and configures icingaweb2. From bd54f0b605e75f742bd9a811c9a5d4e6adc9ddbf Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 13:02:45 +0100 Subject: [PATCH 23/36] Company was renamed Co-authored-by: Sebastian P. <5564491+s3lph@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a2858e1..577c831 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ icinga2_web_ldap_userconf: [] # License -[GPL-3.0](https://github.com/adfinis-sygroup/ansible-role-icinga2_web/blob/master/LICENSE) +[GPL-3.0](https://github.com/adfinis/ansible-role-icinga2_web/blob/master/LICENSE) # Author Information From 38c9b8b8e468f297b1d4e9fe1b9b6a581525d6a9 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 13:55:14 +0100 Subject: [PATCH 24/36] Change link for images Co-authored-by: Sebastian P. <5564491+s3lph@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 577c831..2a9c523 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ROLE ICINGA2_WEB [![image](https://img.shields.io/github/actions/workflow/status/adfinis/ansible-role-icinga2_web/ansible-ci.yml?branch=master&style=flat-square)](https://github.com/adfinis/ansible-role-icinga2_web/actions/workflows/ansible-ci.yml) -[![image](https://img.shields.io/badge/galaxy-adfinis.icinga2_web-660198.svg?style=flat-square)](https://galaxy.ansible.com/ui/standalone/roles/adfinis/icinga2_client/) +[![image](https://img.shields.io/badge/galaxy-adfinis.icinga2_web-660198.svg?style=flat-square)](https://galaxy.ansible.com/ui/standalone/roles/adfinis/icinga2_web/) This role installs and configures icingaweb2. From 68cdc4f72472517a81b3e07e83bdafc4cfff486d Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 13:55:45 +0100 Subject: [PATCH 25/36] (docs): change name of role --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a9c523..2cc6078 100644 --- a/README.md +++ b/README.md @@ -169,7 +169,7 @@ icinga2_web_ldap_userconf: [] ``` yaml - hosts: servers roles: - - { role: adfinis-sygroup.icinga2_web } + - { role: adfinis.icinga2_web } ``` # License From 02857d362378d40dcb322607656089c1130c4fa5 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 13:57:05 +0100 Subject: [PATCH 26/36] (ci): dont checkout into subfolder --- .github/workflows/ansible-ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ansible-ci.yml b/.github/workflows/ansible-ci.yml index 2ea5620..2ab3571 100644 --- a/.github/workflows/ansible-ci.yml +++ b/.github/workflows/ansible-ci.yml @@ -14,8 +14,6 @@ jobs: steps: - uses: actions/checkout@v2 - with: - path: icinga2_web # Checkout Adfinis lint-rules - uses: actions/checkout@v2 From c9499202a0730328179acca9116f1b937db12320 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:16:34 +0100 Subject: [PATCH 27/36] (meta): fix name of dependency in meta file --- meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index 1dbddb9..3e6fa13 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ --- dependencies: - - name: 'adfinis-sygroup.icinga2_agent' + - name: 'adfinis.icinga2_agent' galaxy_info: role_name: 'icinga2_web' From 55f72c2e6c3cc0ecfe4fe124c2897643c6fe58a6 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:16:51 +0100 Subject: [PATCH 28/36] (chore): remove tests inside role itself --- tests/inventory.yml | 5 ----- tests/test.yml | 6 ------ 2 files changed, 11 deletions(-) delete mode 100644 tests/inventory.yml delete mode 100644 tests/test.yml diff --git a/tests/inventory.yml b/tests/inventory.yml deleted file mode 100644 index a323cdf..0000000 --- a/tests/inventory.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -all: - hosts: - localhost diff --git a/tests/test.yml b/tests/test.yml deleted file mode 100644 index 3be2abf..0000000 --- a/tests/test.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- hosts: localhost - remote_user: root - roles: - - icinga2_web From 0424295effb224472c32453d5339836d50c4106e Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:26:04 +0100 Subject: [PATCH 29/36] (lint): Fix MISSING STARTING SPACE IN COMMENT --- defaults/main.yml | 170 +++++++++++++++++++++++----------------------- 1 file changed, 85 insertions(+), 85 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index b40523c..0d8e838 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -115,15 +115,15 @@ icinga2_web_modules: [] # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/icingaweb2/latest/doc/04-Resources/#ldap # -#icinga2_web_ldap: -# - name: res_ldap_example_com -# host: ldap.example.com -# port: 636 -# encryption: ldaps -# root_dn: 'cn=accounts,dc=ldap,dc=example,dc=com' -# bind_dn: 'uid=icingaweb2.auth,cn=systems,dc=ldap,dc=example,dc=com' -# bind_pw: 'ldap password' -# timeout: 5 +# icinga2_web_ldap: +# - name: res_ldap_example_com +# host: ldap.example.com +# port: 636 +# encryption: ldaps +# root_dn: 'cn=accounts,dc=ldap,dc=example,dc=com' +# bind_dn: 'uid=icingaweb2.auth,cn=systems,dc=ldap,dc=example,dc=com' +# bind_pw: 'ldap password' +# timeout: 5 icinga2_web_ldap: [] @@ -131,13 +131,13 @@ icinga2_web_ldap: [] # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/icingaweb2/latest/doc/05-Authentication/#ldap # -#icinga2_web_ldap_userconf: -# - name: user_ldap_example_com # required -# resource: 'res_ldap_example_com' # required -# user_class: 'inetOrgPerson' # required -# user_name_attribute: 'uid' # required -# base_dn: 'cn=accounts,dc=ldap,dc=example,dc=com' # optional -# filter: "(somefilter)" # optional +# icinga2_web_ldap_userconf: +# - name: user_ldap_example_com # required +# resource: 'res_ldap_example_com' # required +# user_class: 'inetOrgPerson' # required +# user_name_attribute: 'uid' # required +# base_dn: 'cn=accounts,dc=ldap,dc=example,dc=com' # optional +# filter: "(somefilter)" # optional icinga2_web_ldap_userconf: [] @@ -145,16 +145,16 @@ icinga2_web_ldap_userconf: [] # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/icingaweb2/latest/doc/05-Authentication/#ldap-groups # -#icinga2_web_ldap_groupconf: -# - name: group_ldap_example_com # required -# resource: 'res_ldap_example_com' # required -# user_backend: 'user_ldap_examle_com' # required -# user_class: 'user' # optional -# user_name_attribute: 'uid' # optional -# group_class: 'group' # optional -# group_name_attribute: 'gid' # optional -# group_member_attribute: 'memberUid' # optional -# group_filter: '(somefilter)' # optional +# icinga2_web_ldap_groupconf: +# - name: group_ldap_example_com # required +# resource: 'res_ldap_example_com' # required +# user_backend: 'user_ldap_examle_com' # required +# user_class: 'user' # optional +# user_name_attribute: 'uid' # optional +# group_class: 'group' # optional +# group_name_attribute: 'gid' # optional +# group_member_attribute: 'memberUid' # optional +# group_filter: '(somefilter)' # optional icinga2_web_ldap_groupconf: [] @@ -162,32 +162,32 @@ icinga2_web_ldap_groupconf: [] # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/icinga-web-2/latest/doc/05-Authentication/#database-groups # -#icinga2_web_database_groupconf: -# - name: icingaweb2 -# backend: db -# resource: icingaweb_db -# +# icinga2_web_database_groupconf: +# - name: icingaweb2 +# backend: db +# resource: icingaweb_db + icinga2_web_database_groupconf: [] # Icinga2 Permissions configuration # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/icingaweb2/latest/doc/06-Security/#configuration # -#icinga2_web_permissions: -# - name: Administrators -# users: -# - admin -# groups: -# - Administrators -# permissions: -# '*' -# object_filter: "" -# - name: customer -# users: -# - customer1 -# permissions: -# 'monitoring/command/*,module/*' -# object_filter: 'host_name=*.customer.example.com"' +# icinga2_web_permissions: +# - name: Administrators +# users: +# - admin +# groups: +# - Administrators +# permissions: +# '*' +# object_filter: "" +# - name: customer +# users: +# - customer1 +# permissions: +# 'monitoring/command/*,module/*' +# object_filter: 'host_name=*.customer.example.com"' icinga2_web_permissions: - name: Administrators @@ -202,51 +202,51 @@ icinga2_web_permissions: # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/director/latest/doc/03-Automation/ -#icinga2_web_director: -# - name: 'director_db' -# db: 'mysql' -# host: 'db.example.com' -# port: '3306' -# dbname: 'director' -# username: 'director@example.com' -# password: '3xample' -# charset: 'utf-8' -# use_ssl: '1' -# ssl_ca: '/etc/pki/tls/certs/ca-bundle.crt' +# icinga2_web_director: +# - name: 'director_db' +# db: 'mysql' +# host: 'db.example.com' +# port: '3306' +# dbname: 'director' +# username: 'director@example.com' +# password: '3xample' +# charset: 'utf-8' +# use_ssl: '1' +# ssl_ca: '/etc/pki/tls/certs/ca-bundle.crt' icinga2_web_director: [] # Reporting resources configuration -#icinga2_web_reporting: -# - name: 'reporting_db' -# db: 'mysql' -# host: 'db.example.com' -# port: '3306' -# dbname: 'reporting' -# username: 'reporting@example.com' -# password: '3xample' -# charset: 'utf8mb4' -# use_ssl: '1' -# ssl_ca: '/etc/pki/tls/certs/ca-bundle.crt' +# icinga2_web_reporting: +# - name: 'reporting_db' +# db: 'mysql' +# host: 'db.example.com' +# port: '3306' +# dbname: 'reporting' +# username: 'reporting@example.com' +# password: '3xample' +# charset: 'utf8mb4' +# use_ssl: '1' +# ssl_ca: '/etc/pki/tls/certs/ca-bundle.crt' icinga2_web_reporting: [] # Grafana configuration -icinga2_web_grafana: - enabled: false - #domain: example.com - #oidc: - #enabled: true - #config: - #name: Example SSO - #allow_sign_up: true - #client_id: example-client - #client_secret: example-secret - #scopes: openid,email,profile - #email_attribute_name: email - #email_attribute_path: email - #auth_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/auth - #token_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/token - #api_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/userinfo - #role_attribute_path: contains(groups[*], '/admin') && 'Admin' +# icinga2_web_grafana: +# enabled: false +# domain: example.com +# oidc: +# enabled: true +# config: +# name: Example SSO +# allow_sign_up: true +# client_id: example-client +# client_secret: example-secret +# scopes: openid,email,profile +# email_attribute_name: email +# email_attribute_path: email +# auth_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/auth +# token_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/token +# api_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/userinfo +# role_attribute_path: contains(groups[*], '/admin') && 'Admin' From 3a5bebcb116d8a212ad5facbc80a4ed68391dbf9 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:27:40 +0100 Subject: [PATCH 30/36] (fix): ALL NAMES SHOULD START WITH UPPERCASE LETTER --- handlers/main.yml | 4 ++-- tasks/configuration.yml | 2 +- tasks/installation.yml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index d1ae437..74ef859 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,11 +1,11 @@ --- -- name: icinga2_web reload icinga2 +- name: Icinga2_web reload icinga2 service: name: icinga2 state: reloaded -- name: icinga2_web restart grafana-server +- name: Icinga2_web restart grafana-server service: name: grafana-server state: restarted diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 51b99e4..9020876 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -143,5 +143,5 @@ seuser: system_u serole: object_r selevel: s0 - notify: icinga2_web restart grafana-server + notify: Icinga2_web restart grafana-server when: icinga2_web_grafana.enabled diff --git a/tasks/installation.yml b/tasks/installation.yml index 71c94ef..6bb4052 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -88,7 +88,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - notify: icinga2_web reload icinga2 + notify: Icinga2_web reload icinga2 - name: Install modules from github ansible.builtin.git: @@ -96,7 +96,7 @@ dest: '/etc/icingaweb2/modules/{{ item.name }}' version: '{{ item.version }}' loop: '{{ icinga2_web_modules }}' - notify: icinga2_web reload icinga2 + notify: Icinga2_web reload icinga2 - name: Enable modules from github ansible.builtin.file: @@ -105,7 +105,7 @@ state: link mode: "0755" loop: '{{ icinga2_web_modules }}' - notify: icinga2_web reload icinga2 + notify: Icinga2_web reload icinga2 - name: Create icingaweb2 director user for background daemon ansible.builtin.user: From f14a4cd064d1dd2da8250bd8e02c51fc74de7718 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:28:25 +0100 Subject: [PATCH 31/36] (fix): USE FQCN FOR BUILTIN MODULE ACTIONS --- handlers/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 74ef859..ac32774 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,11 +1,11 @@ --- - name: Icinga2_web reload icinga2 - service: + ansible.builtin.service: name: icinga2 state: reloaded - name: Icinga2_web restart grafana-server - service: + ansible.builtin.service: name: grafana-server state: restarted From 7929aa84dc1cba80edad724aa79b3508d690f923 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:29:22 +0100 Subject: [PATCH 32/36] (fix): use string for version --- meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index 3e6fa13..c93e7ed 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -14,7 +14,7 @@ galaxy_info: platforms: - name: EL versions: - - 7 + - "7" galaxy_tags: - 'icinga2' - 'monitoring' From d2ebaa8e09ce381bed471283c475f514c1c38aa1 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:38:01 +0100 Subject: [PATCH 33/36] (fix): change spacing of commented modules --- defaults/main.yml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 0d8e838..45753df 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -92,24 +92,24 @@ icinga2_web_managed_config_files: - groups.ini icinga2_web_modules: [] - #- name: graphite - # url: 'https://github.com/icinga/icingaweb2-module-graphite.git' - # version: master - #- name: ipl - # url: 'https://github.com/icinga/icingaweb2-module-ipl.git' - # version: v0.5.0 - #- name: incubator - # url: 'https://github.com/icinga/icingaweb2-module-incubator.git' - # version: v0.5.0 - #- name: reactbundle - # url: 'https://github.com/icinga/icingaweb2-module-reactbundle.git' - # version: v0.7.0 - #- name: director - # url: 'https://github.com/icinga/icingaweb2-module-director.git' - # version: v1.7.2 - #- name: audit - # url: 'https://github.com/adfinis/icingaweb2-module-audit.git' - # version: master +# - name: graphite +# url: 'https://github.com/icinga/icingaweb2-module-graphite.git' +# version: master +# - name: ipl +# url: 'https://github.com/icinga/icingaweb2-module-ipl.git' +# version: v0.5.0 +# - name: incubator +# url: 'https://github.com/icinga/icingaweb2-module-incubator.git' +# version: v0.5.0 +# - name: reactbundle +# url: 'https://github.com/icinga/icingaweb2-module-reactbundle.git' +# version: v0.7.0 +# - name: director +# url: 'https://github.com/icinga/icingaweb2-module-director.git' +# version: v1.7.2 +# - name: audit +# url: 'https://github.com/adfinis/icingaweb2-module-audit.git' +# version: master # Icingaweb2 LDAP authentication # For further information, consult the official icingaweb2 documentation at From 0aaa7a0cdef821a45ebe02c700a620bf12ba6616 Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:38:38 +0100 Subject: [PATCH 34/36] (fix): add a no-changed-when noqa to let us provision icingaweb2 on first run --- tasks/configuration.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 9020876..a9f9b23 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -94,7 +94,7 @@ selevel: s0 when: icinga2_web_director | length != 0 -- name: Configure icingaweb2 director database +- name: Configure icingaweb2 director database # noqa no-changed-when ansible.builtin.command: icingacli director migration run when: icinga2_web_director | length != 0 @@ -111,14 +111,14 @@ selevel: s0 when: icinga2_web_reporting | length != 0 -- name: Create icingaweb2 admin password hash +- name: Create icingaweb2 admin password hash # noqa no-changed-when ansible.builtin.command: openssl passwd -1 '{{ icinga2_web_admin_pass }}' register: icinga2_web_register_admin_hash when: - not ansible_check_mode - icinga2_web_register_icingaweb2_imported.rc == 1 -- name: Insert icingaweb2 admin password into database +- name: Insert icingaweb2 admin password into database # noqa no-changed-when ansible.builtin.command: > mysql -h'{{ icinga2_web_icingaweb2_database_host }}' From b9eb8d1ab250132f4671c4bd6a307a617ba6e59b Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:44:27 +0100 Subject: [PATCH 35/36] (fix): let yamllint just use the '.yamllint' configfile --- .github/workflows/ansible-ci.yml | 3 --- .testenv/yamllint.yml => .yamllint | 0 2 files changed, 3 deletions(-) rename .testenv/yamllint.yml => .yamllint (100%) diff --git a/.github/workflows/ansible-ci.yml b/.github/workflows/ansible-ci.yml index 2ab3571..18a4ff6 100644 --- a/.github/workflows/ansible-ci.yml +++ b/.github/workflows/ansible-ci.yml @@ -31,6 +31,3 @@ jobs: ansible-lint~=5.0 - name: yamllint uses: karancode/yamllint-github-action@v2.0.0 - with: - yamllint_config_filepath: icinga2_web/.testenv/yamllint.yml - yamllint_file_or_dir: icinga2_web diff --git a/.testenv/yamllint.yml b/.yamllint similarity index 100% rename from .testenv/yamllint.yml rename to .yamllint From bf2f27f2a140789c4315272b7e5ac6f94913bb4c Mon Sep 17 00:00:00 2001 From: Stev <44085060+aconitumnapellus@users.noreply.github.com> Date: Tue, 13 Feb 2024 14:46:40 +0100 Subject: [PATCH 36/36] (fix): .ansible-lint config is yaml --- .ansible-lint | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.ansible-lint b/.ansible-lint index 7d8facb..7313c5b 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,3 +1,5 @@ +--- + skip_list: - '405' - '106' # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern'