diff --git a/.ansible-lint b/.ansible-lint index e40297c81..94dc18de7 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -43,6 +43,7 @@ skip_list: - experimental - name[template] # https://ansible-lint.readthedocs.io/rules/name/ - var-naming[no-role-prefix] # We do believe, that our naming which exceeds this rules requirements is sound + - yaml[line-length] # # Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is # # mentioned in the enable_list: diff --git a/.github/workflows/ans-int-test-activation.yaml b/.github/workflows/ans-int-test-activation.yaml index 38b03a160..82901406c 100644 --- a/.github/workflows/ans-int-test-activation.yaml +++ b/.github/workflows/ans-int-test-activation.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/activation.py' + push: + paths: + - 'plugins/modules/activation.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-bakery.yaml b/.github/workflows/ans-int-test-bakery.yaml index 07c2ffbb0..4462f503e 100644 --- a/.github/workflows/ans-int-test-bakery.yaml +++ b/.github/workflows/ans-int-test-bakery.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/bakery.py' + push: + paths: + - 'plugins/modules/bakery.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-contact_group.yaml b/.github/workflows/ans-int-test-contact_group.yaml index 88c7071c2..42ae1bc33 100644 --- a/.github/workflows/ans-int-test-contact_group.yaml +++ b/.github/workflows/ans-int-test-contact_group.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/contact_group.py' + push: + paths: + - 'plugins/modules/contact_group.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-discovery.yaml b/.github/workflows/ans-int-test-discovery.yaml index 8e8492687..a41d68387 100644 --- a/.github/workflows/ans-int-test-discovery.yaml +++ b/.github/workflows/ans-int-test-discovery.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/discovery.py' + push: + paths: + - 'plugins/modules/discovery.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-downtime.yaml b/.github/workflows/ans-int-test-downtime.yaml index 18030c7dd..2f21e600a 100644 --- a/.github/workflows/ans-int-test-downtime.yaml +++ b/.github/workflows/ans-int-test-downtime.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/downtime.py' + push: + paths: + - 'plugins/modules/downtime.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-folder.yaml b/.github/workflows/ans-int-test-folder.yaml index 2f9fad5ee..b1e1fa3b8 100644 --- a/.github/workflows/ans-int-test-folder.yaml +++ b/.github/workflows/ans-int-test-folder.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/folder.py' + push: + paths: + - 'plugins/modules/folder.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-host.yaml b/.github/workflows/ans-int-test-host.yaml index 01fd53bfb..692195e45 100644 --- a/.github/workflows/ans-int-test-host.yaml +++ b/.github/workflows/ans-int-test-host.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/host.py' + push: + paths: + - 'plugins/modules/host.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-host_group.yaml b/.github/workflows/ans-int-test-host_group.yaml index 54b69a7e4..59964b3fe 100644 --- a/.github/workflows/ans-int-test-host_group.yaml +++ b/.github/workflows/ans-int-test-host_group.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/host_group.py' + push: + paths: + - 'plugins/modules/host_group.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-lkp-bakery.yaml b/.github/workflows/ans-int-test-lkp-bakery.yaml index 6550693b0..b11451ef5 100644 --- a/.github/workflows/ans-int-test-lkp-bakery.yaml +++ b/.github/workflows/ans-int-test-lkp-bakery.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/lookup/bakery.py' + push: + paths: + - 'plugins/lookup/bakery.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-lkp-folder.yaml b/.github/workflows/ans-int-test-lkp-folder.yaml index 08b5174f3..853f58ab4 100644 --- a/.github/workflows/ans-int-test-lkp-folder.yaml +++ b/.github/workflows/ans-int-test-lkp-folder.yaml @@ -19,19 +19,22 @@ on: - devel paths: - 'plugins/lookup/folder.py' + push: + paths: + - 'plugins/lookup/folder.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-lkp-folders.yaml b/.github/workflows/ans-int-test-lkp-folders.yaml index 6180f9e60..84d72b14b 100644 --- a/.github/workflows/ans-int-test-lkp-folders.yaml +++ b/.github/workflows/ans-int-test-lkp-folders.yaml @@ -19,19 +19,22 @@ on: - devel paths: - 'plugins/lookup/folders.py' + push: + paths: + - 'plugins/lookup/folders.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-lkp-host.yaml b/.github/workflows/ans-int-test-lkp-host.yaml index 0220a425d..c9be5906e 100644 --- a/.github/workflows/ans-int-test-lkp-host.yaml +++ b/.github/workflows/ans-int-test-lkp-host.yaml @@ -19,19 +19,22 @@ on: - devel paths: - 'plugins/lookup/host.py' + push: + paths: + - 'plugins/lookup/host.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-lkp-hosts.yaml b/.github/workflows/ans-int-test-lkp-hosts.yaml index 45e11a189..f006f4655 100644 --- a/.github/workflows/ans-int-test-lkp-hosts.yaml +++ b/.github/workflows/ans-int-test-lkp-hosts.yaml @@ -19,19 +19,22 @@ on: - devel paths: - 'plugins/lookup/hosts.py' + push: + paths: + - 'plugins/lookup/hosts.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-lkp-rules.yaml b/.github/workflows/ans-int-test-lkp-rules.yaml index 61d8b5ebf..ff6ff9292 100644 --- a/.github/workflows/ans-int-test-lkp-rules.yaml +++ b/.github/workflows/ans-int-test-lkp-rules.yaml @@ -20,19 +20,23 @@ on: paths: - 'plugins/lookup/rule.py' - 'plugins/lookup/rules.py' + push: + paths: + - 'plugins/lookup/rule.py' + - 'plugins/lookup/rules.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-lkp-rulesets.yaml b/.github/workflows/ans-int-test-lkp-rulesets.yaml index 601979fd8..a92a54673 100644 --- a/.github/workflows/ans-int-test-lkp-rulesets.yaml +++ b/.github/workflows/ans-int-test-lkp-rulesets.yaml @@ -20,19 +20,23 @@ on: paths: - 'plugins/lookup/ruleset.py' - 'plugins/lookup/rulesets.py' + push: + paths: + - 'plugins/lookup/ruleset.py' + - 'plugins/lookup/rulesets.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-lkp-version.yaml b/.github/workflows/ans-int-test-lkp-version.yaml index ae15a0b7a..d1ffc2bbf 100644 --- a/.github/workflows/ans-int-test-lkp-version.yaml +++ b/.github/workflows/ans-int-test-lkp-version.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/lookup/version.py' + push: + paths: + - 'plugins/lookup/version.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-password.yaml b/.github/workflows/ans-int-test-password.yaml index dbfcb51d8..e3082c511 100644 --- a/.github/workflows/ans-int-test-password.yaml +++ b/.github/workflows/ans-int-test-password.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/password.py' + push: + paths: + - 'plugins/modules/password.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-rule.yaml b/.github/workflows/ans-int-test-rule.yaml index e4499d18c..429a9b2f4 100644 --- a/.github/workflows/ans-int-test-rule.yaml +++ b/.github/workflows/ans-int-test-rule.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/rule.py' + push: + paths: + - 'plugins/modules/rule.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-service_group.yaml b/.github/workflows/ans-int-test-service_group.yaml index dac6c9dbf..52d4b214e 100644 --- a/.github/workflows/ans-int-test-service_group.yaml +++ b/.github/workflows/ans-int-test-service_group.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/service_group.py' + push: + paths: + - 'plugins/modules/service_group.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-tag_group.yaml b/.github/workflows/ans-int-test-tag_group.yaml index a6fcdb1fa..22f7c0a23 100644 --- a/.github/workflows/ans-int-test-tag_group.yaml +++ b/.github/workflows/ans-int-test-tag_group.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/tag_group.py' + push: + paths: + - 'plugins/modules/tag_group.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-timeperiod.yaml b/.github/workflows/ans-int-test-timeperiod.yaml index 9ab6c918a..7a4b17086 100644 --- a/.github/workflows/ans-int-test-timeperiod.yaml +++ b/.github/workflows/ans-int-test-timeperiod.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/timeperiod.py' + push: + paths: + - 'plugins/modules/timeperiod.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ans-int-test-user.yaml b/.github/workflows/ans-int-test-user.yaml index ec2ee103e..b351a3406 100644 --- a/.github/workflows/ans-int-test-user.yaml +++ b/.github/workflows/ans-int-test-user.yaml @@ -21,19 +21,22 @@ on: - devel paths: - 'plugins/modules/user.py' + push: + paths: + - 'plugins/modules/user.py' jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Ⓐ${{ matrix.ansible }}+py${{ matrix.python }} strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel python: - '3.8' diff --git a/.github/workflows/ansible-lint.yaml b/.github/workflows/ansible-lint.yaml index 8b144a12d..ac671c0c0 100644 --- a/.github/workflows/ansible-lint.yaml +++ b/.github/workflows/ansible-lint.yaml @@ -27,7 +27,7 @@ on: jobs: integration: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: I py${{ matrix.python }}) strategy: fail-fast: false diff --git a/.github/workflows/ansible-sanity-tests.yaml b/.github/workflows/ansible-sanity-tests.yaml index c60f69edd..e8fb1e601 100644 --- a/.github/workflows/ansible-sanity-tests.yaml +++ b/.github/workflows/ansible-sanity-tests.yaml @@ -19,7 +19,6 @@ on: - '**.rst' - 'roles/**' pull_request: - types: [opened] paths-ignore: - '.github/ISSUE_TEMPLATE/*' - 'docs/**' @@ -31,15 +30,15 @@ on: jobs: sanity: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Sanity (Ⓐ${{ matrix.ansible }}) strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel steps: diff --git a/.github/workflows/ansible-unit-tests.yaml b/.github/workflows/ansible-unit-tests.yaml index 6bbee66ae..fab6cbdbc 100644 --- a/.github/workflows/ansible-unit-tests.yaml +++ b/.github/workflows/ansible-unit-tests.yaml @@ -36,15 +36,15 @@ jobs: # https://docs.ansible.com/ansible/latest/dev_guide/testing_units.html units: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Units (Ⓐ${{ matrix.ansible }}) strategy: fail-fast: true matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel steps: diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml index 1b195aeb3..54d78d640 100644 --- a/.github/workflows/cla.yaml +++ b/.github/workflows/cla.yaml @@ -14,11 +14,11 @@ permissions: jobs: CLAAssistant: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: 'CLA Assistant' if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA or my organization already has a signed CLA.') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@v2.3.2 + uses: contributor-assistant/github-action@v2.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # the below token should have repo scope and must be manually added by you in the repository's secret @@ -43,4 +43,3 @@ jobs: #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.' #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true) #use-dco-flag: true - If you are using DCO instead of CLA - \ No newline at end of file diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 96edd45ff..becd0e91a 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -8,7 +8,7 @@ on: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: actions: read contents: read diff --git a/.github/workflows/label-issues.yaml b/.github/workflows/label-issues.yaml index d760b6c3c..0dedd25a3 100644 --- a/.github/workflows/label-issues.yaml +++ b/.github/workflows/label-issues.yaml @@ -9,7 +9,7 @@ permissions: jobs: label: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: "Label Issues." uses: github/issue-labeler@v3.4 diff --git a/.github/workflows/label-pulls.yaml b/.github/workflows/label-pulls.yaml index 9f631d5d1..3310f6121 100644 --- a/.github/workflows/label-pulls.yaml +++ b/.github/workflows/label-pulls.yaml @@ -11,7 +11,7 @@ permissions: jobs: label: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: "Label Pull Requests." uses: actions/labeler@v5 diff --git a/.github/workflows/molecule-role-agent.yaml b/.github/workflows/molecule-role-agent.yaml index 0f7b66c61..b6b28548b 100644 --- a/.github/workflows/molecule-role-agent.yaml +++ b/.github/workflows/molecule-role-agent.yaml @@ -22,15 +22,15 @@ on: jobs: build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 name: Checkmk ${{ matrix.checkmk }} strategy: fail-fast: false matrix: checkmk: - - '2.0.0' - '2.1.0' - '2.2.0' + - '2.3.0' steps: @@ -64,6 +64,10 @@ jobs: run: | python3 -m pip install --upgrade pip python3 -m pip install -r requirements.txt + # The following works around a incompatibility between Python requests and Docker. + # https://github.com/ansible-collections/community.docker/issues/860 + # Remove at a later point, when the updated community.docker is shipped. + ansible-galaxy collection install community.docker --force working-directory: ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}} - name: "Provide secrets file." diff --git a/.github/workflows/molecule-role-server.yaml b/.github/workflows/molecule-role-server.yaml index 15d077efe..d9f33e507 100644 --- a/.github/workflows/molecule-role-server.yaml +++ b/.github/workflows/molecule-role-server.yaml @@ -22,15 +22,15 @@ on: jobs: build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 name: Checkmk ${{ matrix.checkmk }} strategy: fail-fast: false matrix: checkmk: - - '2.0.0' - '2.1.0' - '2.2.0' + - '2.3.0' steps: @@ -64,6 +64,10 @@ jobs: run: | python3 -m pip install --upgrade pip python3 -m pip install -r requirements.txt + # The following works around a incompatibility between Python requests and Docker. + # https://github.com/ansible-collections/community.docker/issues/860 + # Remove at a later point, when the updated community.docker is shipped. + ansible-galaxy collection install community.docker --force working-directory: ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}} - name: "Provide secrets file." diff --git a/.github/workflows/python-qa.yaml b/.github/workflows/python-qa.yaml index 92d4049b3..970f77c7e 100644 --- a/.github/workflows/python-qa.yaml +++ b/.github/workflows/python-qa.yaml @@ -1,6 +1,6 @@ name: Python QA -on: +on: workflow_dispatch: schedule: - cron: '0 3 * * *' @@ -13,7 +13,7 @@ on: jobs: run-qa: name: Run QA - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 32f1d7bfb..141d5340b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -17,15 +17,15 @@ jobs: # sanity: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 name: Sanity (Ⓐ${{ matrix.ansible }}) strategy: fail-fast: false matrix: ansible: - - stable-2.14 - stable-2.15 - stable-2.16 + - stable-2.17 - devel steps: @@ -49,7 +49,7 @@ jobs: release: needs: sanity - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 3e1bf3c98..a5fb93f96 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -12,7 +12,7 @@ on: jobs: stale: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: issues: write pull-requests: write diff --git a/.gitignore b/.gitignore index cbf6858b8..765803282 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ tribe29-checkmk-*.tar.gz checkmk-general-*.tar.gz .vagrant/ +.tox/ build/ tests/output playbooks/vars/config.yml @@ -12,4 +13,5 @@ playbooks/test*.yml playbooks/hosts playbooks/hosts.bak Vagrantfile -Vagrantfile.bak \ No newline at end of file +Vagrantfile.bak +venv \ No newline at end of file diff --git a/.yamllint b/.yamllint index c2aea58fa..da84dcac9 100644 --- a/.yamllint +++ b/.yamllint @@ -3,7 +3,8 @@ extends: default rules: braces: - max-spaces-inside: 1 + min-spaces-inside: 0 # yamllint defaults to 0 + max-spaces-inside: 1 # yamllint defaults to 0 level: error brackets: max-spaces-inside: 1 @@ -14,6 +15,12 @@ rules: commas: max-spaces-after: -1 level: error + comments: + # https://github.com/prettier/prettier/issues/6780 + min-spaces-from-content: 1 + # https://github.com/adrienverge/yamllint/issues/384 + comments-indentation: false + document-start: disable empty-lines: max: 3 level: error @@ -21,9 +28,16 @@ rules: level: error indentation: enable key-duplicates: enable + # 160 chars was the default used by old E204 rule, but + # you can easily change it or disable in your .yamllint file. line-length: disable + # line-length: + # max: 160 new-line-at-end-of-file: enable new-lines: type: unix trailing-spaces: enable truthy: enable + octal-values: + forbid-implicit-octal: true # yamllint defaults to false + forbid-explicit-octal: true # yamllint defaults to false diff --git a/Makefile b/Makefile index 128a0631f..173026ad6 100644 --- a/Makefile +++ b/Makefile @@ -10,46 +10,45 @@ CONTAINER_NAME="ansible-checkmk-test" .PHONY: clean help: - @echo "setup - Run all setup target at once." + @echo "setup - Run all setup target at once." @echo "" - @echo "setup-python - Prepare the system for development with Python." + @echo "setup-python - Prepare the system for development with Python." @echo "" - @echo "setup-kvm - Install and enable KVM and prepare Vagrant." + @echo "setup-kvm - Install and enable KVM and prepare Vagrant." @echo "" - @echo "kvm - Only copy the correct Vagrantfile for use with KVM." + @echo "kvm - Only copy the correct Vagrantfile for use with KVM." @echo "" - @echo "setup-vbox - Copy the correct Vagrantfile for use with VirtualBox." + @echo "setup-vbox - Copy the correct Vagrantfile for use with VirtualBox." @echo "" - @echo "vbox - Copy the correct Vagrantfile for use with VirtualBox." + @echo "vbox - Copy the correct Vagrantfile for use with VirtualBox." @echo "" - @echo "setup-vagrant - Install and enable Vagrant." + @echo "setup-vagrant - Install and enable Vagrant." @echo "" - @echo "venv - Install Python Virtual Environment. You need to activate it yourself though!" + @echo "venv - Install Python Virtual Environment. You need to activate it yourself though!" @echo "" - @echo "vm - Create a virtual development environment." - @echo "molecule - Create a virtual environment for molecule tests." - @echo "vms - Create a virtual environment with all boxes (exept for the development ones and ansidows)." - @echo "vms-debian - Create a virtual environment with all Debian family OSes." - @echo "vms-redhat - Create a virtual environment with all RedHat family OSes." - @echo "vms-suse - Create a virtual environment with all Suse family OSes." + @echo "vm - Create a virtual development environment." + @echo "vms - Create a virtual environment with all boxes (exept for the development ones and ansidows)." + @echo "vms-debian - Create a virtual environment with all Debian family OSes." + @echo "vms-redhat - Create a virtual environment with all RedHat family OSes." + @echo "vms-suse - Create a virtual environment with all Suse family OSes." @echo "" - @echo "container - Create a customized container image for testing." + @echo "container - Create a customized container image for testing." @echo "" - @echo "tests - Run all available tests." - @echo "tests-sanity - Run sanity tests." - @echo "tests-integration - Run all integration tests." - @echo "tests-integration-custom - Run all integration tests using a custom built image." + @echo "tests - Run all available tests." + @echo "tests-sanity - Run sanity tests." + @echo "tests-integration - Run all integration tests." + @echo "tests-integration-custom - Run all integration tests using a custom built image." @echo "" - @echo "clean - Clean up several things" - @echo "clean-vm - Clean up virtual development environment." + @echo "clean - Clean up several things" + @echo "clean-vm - Clean up virtual development environment." @echo "" - @echo "version - Update collection version" + @echo "version - Update collection version" @echo "" @echo "Publishing:" @echo "" - @echo " release - Build, upload, publish, announce and tag a release" - @echo " announce - Announce the release" - @echo " publish - Make files available, update git and announce" + @echo " release - Build, upload, publish, announce and tag a release" + @echo " announce - Announce the release" + @echo " publish - Make files available, update git and announce" @echo "" release: version @@ -128,14 +127,11 @@ venv: @echo @(. venv/bin/activate && python3 -m pip install pip --upgrade && python3 -m pip install -r requirements.txt) -clean: clean-vm - -clean-vm: +clean: + @rm -rf .tox/ + @rm -rf venv/ @vagrant destroy --force -molecule: - @vagrant up molecule - vm: @vagrant up collection @@ -154,12 +150,21 @@ vms-suse: vms-windows: @vagrant up ansidows -container: molecule - vagrant ssh molecule -c "\ +container: + vagrant ssh collection -c "\ docker build -t $(CONTAINER_NAME) $(CONTAINER_BUILD_ROOT) --build-arg DL_PW=$$(cat .secret) && \ docker save $(CONTAINER_NAME):latest > $(COLLECTION_ROOT)/$(CONTAINER_NAME)-latest-image.tar.gz" -tests: tests-sanity tests-integration +tests: tests-linting tests-sanity tests-integration + +tests-linting: vm + @vagrant ssh collection -c "\ + cd $(COLLECTION_ROOT) && \ + ansible-galaxy collection install ./ && \ + yamllint -c .yamllint ./roles/ && \ + yamllint -c .yamllint ./playbooks/ && \ + ansible-lint -c .ansible-lint ./roles/ && \ + ansible-lint -c .ansible-lint ./playbooks/" tests-sanity: vm @vagrant ssh collection -c "\ diff --git a/README.md b/README.md index e2e29867c..a30917f75 100644 --- a/README.md +++ b/README.md @@ -114,20 +114,14 @@ if you list the `checkmk.general` collection in the playbook's [`collections`](h tasks: - name: "Run activation." activation: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" force_foreign_changes: 'true' sites: - - "my_site" + - "mysite" ``` -### More information about Checkmk - -* [Checkmk Website](https://checkmk.com) -* [Checkmk Documentation](https://docs.checkmk.com/) -* [Checkmk Community](https://forum.checkmk.com/) - ## Getting Involved See [CONTRIBUTING](CONTRIBUTING.md). @@ -169,6 +163,12 @@ Please do **not** consider it a concrete planning document! - [Ansible Developer guide](https://docs.ansible.com/ansible/latest/dev_guide/index.html) - [Ansible Community code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) +## More information about Checkmk + +* [Checkmk Website](https://checkmk.com) +* [Checkmk Documentation](https://docs.checkmk.com/) +* [Checkmk Community](https://forum.checkmk.com/) + ## Licensing See [LICENSE](LICENSE). diff --git a/SUPPORT.md b/SUPPORT.md index bd739237c..69c5e1e31 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -53,3 +53,4 @@ Collection Version | Checkmk Versions | Ansible Versions | Remarks 4.3.1 | 2.0.0p39, 2.1.0p39, 2.2.0p22 | 2.14, 2.15, 2.16 | None 4.4.0 | 2.0.0p39, 2.1.0p41, 2.2.0p24 | 2.14, 2.15, 2.16 | None 4.4.1 | 2.0.0p39, 2.1.0p41, 2.2.0p24 | 2.14, 2.15, 2.16 | None +5.0.0 | 2.1.0p44, 2.2.0p27, 2.3.0p5 | 2.15, 2.16, 2.17 | Breaking changes to the following modules: `lookup_folder`, `rule` and role: `agent`. diff --git a/Vagrantfile.kvm b/Vagrantfile.kvm index cbddbc8ef..308e640b4 100644 --- a/Vagrantfile.kvm +++ b/Vagrantfile.kvm @@ -28,10 +28,10 @@ Vagrant.configure("2") do |config| end $script = <<-SCRIPT apt-get -y update --quiet - apt-get -y install python3-pip ca-certificates curl gnupg lsb-release - python3 -m pip install pip --upgrade - python3 -m pip install -r /home/vagrant/ansible_collections/checkmk/general/requirements.txt - python3 -m pip install -r /home/vagrant/ansible_collections/checkmk/general/requirements-qa.txt + apt-get -y install python3-pip ca-certificates curl gnupg lsb-release qemu-guest-agent + sudo -u vagrant python3 -m pip install pip --upgrade + sudo -u vagrant python3 -m pip install -r /home/vagrant/ansible_collections/checkmk/general/requirements.txt + sudo -u vagrant python3 -m pip install -r /home/vagrant/ansible_collections/checkmk/general/requirements-qa.txt sudo -u vagrant ansible-galaxy collection install -f -r /home/vagrant/ansible_collections/checkmk/general/requirements.yml mkdir -p /home/vagrant/ansible_collections/checkmk/general mkdir -p /etc/apt/keyrings @@ -48,48 +48,6 @@ Vagrant.configure("2") do |config| srv.vm.synced_folder "./", "/home/vagrant/ansible_collections/checkmk/general/", type: "virtiofs" end - # Molecule - config.vm.define "molecule", autostart: false , primary: false do |srv| - srv.vm.box = "generic/ubuntu2004" - srv.vm.network :private_network, - :ip => "192.168.124.43", - :libvirt__netmask => "255.255.255.0", - :libvirt__network_name => "ansible_collection", - :libvirt__network_address => "192.168.124.0" - srv.ssh.insert_key = false - srv.vm.provider "libvirt" do |libvirt| - libvirt.default_prefix = "ansible_" - libvirt.description = 'This box is used for molecule testing of the Checkmk Ansible Collection.' - libvirt.memory = 8096 - libvirt.cpus = 4 - libvirt.title = 'molecule' - libvirt.keymap = "de" - libvirt.memorybacking :access, :mode => 'shared' - libvirt.memorybacking :source, :type => 'memfd' - end - $script = <<-SCRIPT - apt-get -y update --quiet - apt-get -y install python3-pip ca-certificates curl gnupg lsb-release - python3 -m pip install pip --upgrade - python3 -m pip install -r /home/vagrant/ansible_collections/checkmk/general/requirements.txt - python3 -m pip install -r /home/vagrant/ansible_collections/checkmk/general/requirements-qa.txt - python3 -m pip install molecule molecule-plugins[docker] - sudo -u vagrant ansible-galaxy collection install -f -r /home/vagrant/ansible_collections/checkmk/general/requirements.yml - mkdir -p /home/vagrant/ansible_collections/checkmk/general - mkdir -p /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - apt-get update - apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin - usermod -aG docker vagrant - grep "alias ic=" /home/vagrant/.bashrc || echo "alias ic='ansible-galaxy collection build --force ~/ansible_collections/checkmk/general && ansible-galaxy collection install -f ./checkmk-general-*.tar.gz && rm ./checkmk-general-*.tar.gz'" >> /home/vagrant/.bashrc - grep "alias ap=" /home/vagrant/.bashrc || echo "alias ap='ansible-playbook -i vagrant, '" >> /home/vagrant/.bashrc - hostnamectl set-hostname molecule - SCRIPT - srv.vm.provision "shell", inline: $script - srv.vm.synced_folder "./", "/home/vagrant/ansible_collections/checkmk/general/", type: "virtiofs" - end - # Ubuntu config.vm.define "ansibuntu", autostart: false , primary: false do |srv| srv.vm.box = "generic/ubuntu2204" diff --git a/Vagrantfile.vbox b/Vagrantfile.vbox index fddecb12d..2adc51dae 100644 --- a/Vagrantfile.vbox +++ b/Vagrantfile.vbox @@ -21,11 +21,11 @@ Vagrant.configure("2") do |config| end $script = <<-SCRIPT apt-get -y update --quiet - apt-get -y install python3-pip ca-certificates curl gnupg lsb-release - python3 -m pip install pip --upgrade - python3 -m pip install -r /vagrant/requirements.txt - python3 -m pip install -r /vagrant/requirements-qa.txt - sudo -u vagrant ansible-galaxy collection install -f -r /vagrant/requirements.yml + apt-get -y install python3-pip ca-certificates curl gnupg lsb-release qemu-guest-agent + sudo -u vagrant python3 -m pip install pip --upgrade + sudo -u vagrant python3 -m pip install -r /home/vagrant/ansible_collections/checkmk/general/requirements.txt + sudo -u vagrant python3 -m pip install -r /home/vagrant/ansible_collections/checkmk/general/requirements-qa.txt + sudo -u vagrant ansible-galaxy collection install -f -r /home/vagrant/ansible_collections/checkmk/general/requirements.yml mkdir -p /home/vagrant/ansible_collections/checkmk/general mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg @@ -41,39 +41,6 @@ Vagrant.configure("2") do |config| srv.vm.synced_folder "./", "/home/vagrant/ansible_collections/checkmk/general/" end - # Main Box Old - config.vm.define "molecule", autostart: false , primary: false do |srv| - srv.vm.box = "ubuntu/focal64" - srv.vm.network "private_network", ip: "192.168.56.42" - srv.ssh.insert_key = false - srv.vm.provider "virtualbox" do |v| - v.name = 'molecule' - v.memory = 8096 - v.cpus = 4 - end - $script = <<-SCRIPT - apt-get -y update --quiet - apt-get -y install python3-pip ca-certificates curl gnupg lsb-release - python3 -m pip install pip --upgrade - python3 -m pip install -r /vagrant/requirements.txt - python3 -m pip install -r /vagrant/requirements-qa.txt - python3 -m pip install molecule molecule-plugins[docker] - sudo -u vagrant ansible-galaxy collection install -f -r /vagrant/requirements.yml - mkdir -p /home/vagrant/ansible_collections/checkmk/general - mkdir -p /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - apt-get update - apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin - usermod -aG docker vagrant - grep "alias ic=" /home/vagrant/.bashrc || echo "alias ic='ansible-galaxy collection build --force ~/ansible_collections/checkmk/general && ansible-galaxy collection install -f ./checkmk-general-*.tar.gz && rm ./checkmk-general-*.tar.gz'" >> /home/vagrant/.bashrc - grep "alias ap=" /home/vagrant/.bashrc || echo "alias ap='ansible-playbook -i vagrant, '" >> /home/vagrant/.bashrc - hostnamectl set-hostname molecule - SCRIPT - srv.vm.provision "shell", inline: $script - srv.vm.synced_folder "./", "/home/vagrant/ansible_collections/checkmk/general/" - end - # Ubuntu config.vm.define "ansibuntu", autostart: false , primary: false do |srv| srv.vm.box = "ubuntu/jammy64" diff --git a/changelogs/archive/4.4.1/meta.yml b/changelogs/archive/4.4.1/meta.yml index e55a4bd72..2ece61d1b 100644 --- a/changelogs/archive/4.4.1/meta.yml +++ b/changelogs/archive/4.4.1/meta.yml @@ -1,3 +1,4 @@ minor_changes: - Add 'ansible.utils' collection as an explicitely dependency. We already had this dependency, but are now declaring it explicitely. + - Agent role - Add hint on depency for Python module 'netaddr' to role README. diff --git a/changelogs/fragments/agent.yml b/changelogs/fragments/agent.yml new file mode 100644 index 000000000..03b97ca76 --- /dev/null +++ b/changelogs/fragments/agent.yml @@ -0,0 +1,6 @@ +minor_changes: + - Agent role - Add support to open firewall for a list of IPs. + +breaking_changes: + - Agent role - Not really a breaking change, but we removed the internal variable `checkmk_agent_server_ip`. + If you set this variable in your inventory, please make sure to update your configuration accordingly! diff --git a/changelogs/fragments/build.yml b/changelogs/fragments/build.yml new file mode 100644 index 000000000..81f05ba54 --- /dev/null +++ b/changelogs/fragments/build.yml @@ -0,0 +1,8 @@ +minor_changes: + - Testing - All tests now cover Checkmk 2.3.0. + - Testing - Remove Checkmk 2.0.0 from all tests, as it is EOL. + - Testing - The Molecule tests now run on Ubuntu 22.04. + - Testing - Add Ubuntu 24.04 to the Molecule tests. + - Testing - Remove Ansible 2.14 from all tests, as it is EOL. + - Testing - Add Ansible 2.17 to all tests. + Be advised, that this Ansible release drops support for Python 2.7 and 3.6. diff --git a/changelogs/fragments/discovery.yml b/changelogs/fragments/discovery.yml new file mode 100644 index 000000000..9640372bc --- /dev/null +++ b/changelogs/fragments/discovery.yml @@ -0,0 +1,4 @@ +major_changes: + - Discovery module - The module now fully supports Checkmk 2.3.0. + Additionally, two new parameters were introduced, `update_service_labels` and `monitor_undecided_services`. + Refer to the module documentation for further details. diff --git a/changelogs/fragments/http.yml b/changelogs/fragments/http.yml new file mode 100644 index 000000000..e9becfcef --- /dev/null +++ b/changelogs/fragments/http.yml @@ -0,0 +1,2 @@ +minor_changes: + - Several modules - Remove unnecessary HTTP codes which get already imported via utils.py. diff --git a/changelogs/fragments/lookup_folder.yml b/changelogs/fragments/lookup_folder.yml new file mode 100644 index 000000000..d4ee200e4 --- /dev/null +++ b/changelogs/fragments/lookup_folder.yml @@ -0,0 +1,4 @@ +breaking_changes: + - Folder lookup module - Return the complete folder information, not only the extensions. + To keep the current behavior in your playbooks, you want to use `{{ my_lookup_result.extensions }}` + instead of `{{ my_lookup_result }}`. diff --git a/changelogs/fragments/release_summary.yml b/changelogs/fragments/release_summary.yml new file mode 100644 index 000000000..3c2b63a9a --- /dev/null +++ b/changelogs/fragments/release_summary.yml @@ -0,0 +1 @@ +release_summary: "(Re)writing history with overhauled modules and updated Checkmk, Ansible, Distribution and Python support." diff --git a/changelogs/fragments/roles.yml b/changelogs/fragments/roles.yml new file mode 100644 index 000000000..f0c03a69d --- /dev/null +++ b/changelogs/fragments/roles.yml @@ -0,0 +1,3 @@ +minor_changes: + - Agent role - Replace `ansible.builtin.yum` with the succeeding `ansible.builtin.dnf`. + - Server role - Replace `ansible.builtin.yum` with the succeeding `ansible.builtin.dnf`. diff --git a/changelogs/fragments/rule.yml b/changelogs/fragments/rule.yml new file mode 100644 index 000000000..a7b647eab --- /dev/null +++ b/changelogs/fragments/rule.yml @@ -0,0 +1,4 @@ +major_changes: + - Rule module - The complete module was rewritten to use the new module API. + Additionally, a parameter "rule_id" was introduced to modify existing rules. + Refer to the module documentation for further details. diff --git a/galaxy.yml b/galaxy.yml index 4341748db..994bb2fb2 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,7 +10,7 @@ name: general # The version of the collection. Must be compatible with semantic versioning -version: 4.4.1 +version: 5.0.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/meta/runtime.yml b/meta/runtime.yml index 0060da8f4..7a4d6fb59 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,4 +1,4 @@ -requires_ansible: '>=2.12.0' +requires_ansible: '>=2.14.0' action_groups: checkmk: diff --git a/playbooks/demo/lookup.yml b/playbooks/demo/lookup.yml index e0061f50e..f84939682 100644 --- a/playbooks/demo/lookup.yml +++ b/playbooks/demo/lookup.yml @@ -40,41 +40,41 @@ delegate_to: localhost run_once: true # noqa run-once[task] - ## TODO: @lgetwan: Please take a look at these tasks and fix them. Bonus: Add the new lookup modules. :) +## TODO: @lgetwan: Please take a look at these tasks and fix them. Bonus: Add the new lookup modules. :) - # - name: "Get all hosts of the folder /test recursively" - # ansible.builtin.debug: - # msg: "Host found in {{ item.0.id }}: {{ item.1.title }}" - # vars: - # checkmk_var_looping: "{{ - # lookup('checkmk.general.folders', - # '~tests', - # show_hosts=True, - # recursive=True, - # server_url=checkmk_var_server_url, - # site=checkmk_var_site, - # automation_user=checkmk_var_automation_user, - # automation_secret=checkmk_var_automation_secret, - # validate_certs=False) - # }}" - # loop: "{{ checkmk_var_looping | subelements('members.hosts.value') }}" - # loop_control: - # label: "{{ item.0.id }}" - # delegate_to: localhost - # run_once: true # noqa run-once[task] +# - name: "Get all hosts of the folder /test recursively" +# ansible.builtin.debug: +# msg: "Host found in {{ item.0.id }}: {{ item.1.title }}" +# vars: +# checkmk_var_looping: "{{ +# lookup('checkmk.general.folders', +# '~tests', +# show_hosts=True, +# recursive=True, +# server_url=checkmk_var_server_url, +# site=checkmk_var_site, +# automation_user=checkmk_var_automation_user, +# automation_secret=checkmk_var_automation_secret, +# validate_certs=False) +# }}" +# loop: "{{ checkmk_var_looping | subelements('members.hosts.value') }}" +# loop_control: +# label: "{{ item.0.id }}" +# delegate_to: localhost +# run_once: true # noqa run-once[task] - # - name: "Get the attributes of folder /tests" - # ansible.builtin.debug: - # msg: "Attributes of folder /network: {{ checkmk_var_attributes }}" - # vars: - # checkmk_var_attributes: "{{ - # lookup('checkmk.general.folder', - # '~tests', - # server_url=checkmk_var_server_url, - # site=checkmk_var_site, - # automation_user=checkmk_var_automation_user, - # automation_secret=checkmk_var_automation_secret, - # validate_certs=False) - # }}" - # delegate_to: localhost - # run_once: true # noqa run-once[task] +# - name: "Get the attributes of folder /tests" +# ansible.builtin.debug: +# msg: "Attributes of folder /network: {{ checkmk_var_attributes }}" +# vars: +# checkmk_var_attributes: "{{ +# lookup('checkmk.general.folder', +# '~tests', +# server_url=checkmk_var_server_url, +# site=checkmk_var_site, +# automation_user=checkmk_var_automation_user, +# automation_secret=checkmk_var_automation_secret, +# validate_certs=False) +# }}" +# delegate_to: localhost +# run_once: true # noqa run-once[task] diff --git a/playbooks/vars/auth.yml b/playbooks/vars/auth.yml index 234c1e907..a05674090 100644 --- a/playbooks/vars/auth.yml +++ b/playbooks/vars/auth.yml @@ -1,9 +1,9 @@ --- # Provice the URL and credentials to your Checkmk site here # -checkmk_var_server_url: "http://localhost/" -checkmk_var_site: "my_site" -checkmk_var_automation_user: "cmkadmin" -checkmk_var_automation_secret: "cmk" +checkmk_var_server_url: "http://myserver/" +checkmk_var_site: "mysite" +checkmk_var_automation_user: "myuser" +checkmk_var_automation_secret: "mysecret" checkmk_agent_user: "{{ checkmk_var_automation_user }}" checkmk_agent_pass: "{{ checkmk_var_automation_secret }}" diff --git a/playbooks/vars/config.yml.example b/playbooks/vars/config.yml.example index ef732e97f..76b3e8cd8 100644 --- a/playbooks/vars/config.yml.example +++ b/playbooks/vars/config.yml.example @@ -1,8 +1,8 @@ --- -checkmk_var_server_url: "http://localhost/" -checkmk_var_site: "my_site" -checkmk_var_automation_user: "automation" -checkmk_var_automation_secret: "$SECRET" +checkmk_var_server_url: "http://myserver/" +checkmk_var_site: "mysite" +checkmk_var_automation_user: "myuser" +checkmk_var_automation_secret: "mysecret" checkmk_var_folders: - path: /test diff --git a/plugins/lookup/README.md b/plugins/lookup/README.md index e711ed070..9cbd28b34 100644 --- a/plugins/lookup/README.md +++ b/plugins/lookup/README.md @@ -6,8 +6,8 @@ This way, they do not need to be provided at task level. ### Method 1: Environment variables ```bash -export ANSIBLE_LOOKUP_CHECKMK_SERVER_URL="https://my_server" -export ANSIBLE_LOOKUP_CHECKMK_SITE=my_site +export ANSIBLE_LOOKUP_CHECKMK_SERVER_URL="https://myserver" +export ANSIBLE_LOOKUP_CHECKMK_SITE=mysite export ANSIBLE_LOOKUP_AUTOMATION_USER=automation export ANSIBLE_LOOKUP_AUTOMATION_SECRET=mysecret export ANSIBLE_LOOKUP_VALIDATE_CERTS=False @@ -16,8 +16,8 @@ export ANSIBLE_LOOKUP_VALIDATE_CERTS=False ### Method 2: In `ansible.cfg` ```ini [checkmk_lookup] -server_url = https://my_server -site = my_site +server_url = https://myserver +site = mysite automation_user = automation automation_secret = mysecret validate_certs = False @@ -30,8 +30,8 @@ validate_certs = False hosts: localhost gather_facts: false vars: - ansible_lookup_checkmk_server_url: "https://my_server" - ansible_lookup_checkmk_site: "my_site" + ansible_lookup_checkmk_server_url: "https://myserver" + ansible_lookup_checkmk_site: "mysite" ansible_lookup_automation_user: "automation" ansible_lookup_automation_secret: "mysecret" ansible_lookup_validate_certs: false diff --git a/plugins/lookup/bakery.py b/plugins/lookup/bakery.py index 79bb05b6b..4b5bd12f3 100644 --- a/plugins/lookup/bakery.py +++ b/plugins/lookup/bakery.py @@ -89,8 +89,8 @@ msg: "Bakery status is {{ bakery }}" vars: bakery: "{{ lookup('checkmk.general.bakery', - server_url=http://my_server, - site=my_site, + server_url=http://myserver, + site=mysite, validate_certs=False, automation_user=automation_user, automation_secret=automation_secret @@ -100,10 +100,10 @@ ansible.builtin.debug: msg: "Bakery status is {{ bakery }}" vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false bakery: "{{ lookup('checkmk.general.bakery') }}" """ diff --git a/plugins/lookup/folder.py b/plugins/lookup/folder.py index 4f6864f49..e4e058bb8 100644 --- a/plugins/lookup/folder.py +++ b/plugins/lookup/folder.py @@ -88,29 +88,28 @@ """ EXAMPLES = """ -- name: Get the attributes of folder /tests +- name: Get the attributes of folders /tests and /snmp ansible.builtin.debug: - msg: "Attributes of folder /network: {{ attributes }}" - vars: - attributes: "{{ - lookup('checkmk.general.folder', - '~tests', - server_url=my_server_url, - site=my_site, - automation_user=my_user, - automation_secret=my_secret, - validate_certs=False - ) - }}" + msg: "Extended attributes of folder /network: {{ attributes.extensions }}" + loop: "{{ + lookup('checkmk.general.folder', + '~tests', '~snmp', + server_url=my_server_url, + site=mysite, + automation_user=myuser, + automation_secret=mysecret, + validate_certs=False + ) + }}" - name: "Use variables outside the module call." ansible.builtin.debug: - msg: "Attributes of folder /network: {{ attributes }}" + msg: "Extended attributes of folder /network: {{ attributes.extensions }}" vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false attributes: "{{ lookup('checkmk.general.folder', '~tests') }}" """ @@ -118,7 +117,8 @@ RETURN = """ _list: description: - - A list of dicts of attributes of the folder(s) + - A dict of attributes of the folder if you query a single folder + - A list of dicts of attributes of the folders if you query multiple folders type: list elements: str """ @@ -165,6 +165,6 @@ def run(self, terms, variables, **kwargs): response.get("msg", ""), ) ) - ret.append(response.get("extensions")) + ret.append(response) return ret diff --git a/plugins/lookup/folders.py b/plugins/lookup/folders.py index cfd6dcfa0..a021d0bba 100644 --- a/plugins/lookup/folders.py +++ b/plugins/lookup/folders.py @@ -110,9 +110,9 @@ show_hosts=False, recursive=True, server_url=my_server_url, - site=my_site, - automation_user=my_user, - automation_secret=my_secret, + site=mysite, + automation_user=myuser, + automation_secret=mysecret, validate_certs=False ) }}" @@ -129,9 +129,9 @@ show_hosts=True, recursive=True, server_url=my_server_url, - site=my_site, - automation_user=my_user, - automation_secret=my_secret, + site=mysite, + automation_user=myuser, + automation_secret=mysecret, validate_certs=False ) }}" @@ -143,10 +143,10 @@ ansible.builtin.debug: msg: "Folder tree: {{ item.id }}" vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false loop: "{{ lookup('checkmk.general.folders', diff --git a/plugins/lookup/host.py b/plugins/lookup/host.py index 8ade9d595..cf50b7cca 100644 --- a/plugins/lookup/host.py +++ b/plugins/lookup/host.py @@ -103,9 +103,9 @@ 'example.com', effective_attributes=True, server_url=my_server_url, - site=my_site, - automation_user=my_user, - automation_secret=my_secret, + site=mysite, + automation_user=myuser, + automation_secret=mysecret, validate_certs=False ) }}" @@ -114,10 +114,10 @@ ansible.builtin.debug: msg: "Attributes of host example: {{ attributes }}" vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false attributes: "{{ lookup('checkmk.general.host', 'example.com', effective_attributes=True) }}" """ diff --git a/plugins/lookup/hosts.py b/plugins/lookup/hosts.py index 50cbf2fff..32a6d36d4 100644 --- a/plugins/lookup/hosts.py +++ b/plugins/lookup/hosts.py @@ -98,9 +98,9 @@ lookup('checkmk.general.hosts', effective_attributes=True, server_url=my_server_url, - site=my_site, - automation_user=my_user, - automation_secret=my_secret, + site=mysite, + automation_user=myuser, + automation_secret=mysecret, validate_certs=False ) }}" @@ -111,10 +111,10 @@ ansible.builtin.debug: msg: "Host: {{ item.id }} in folder {{ item.extensions.folder }}, IP: {{ item.extensions.effective_attributes.ipaddress }}" vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false loop: "{{ lookup('checkmk.general.hosts', effective_attributes=True) }}" diff --git a/plugins/lookup/rule.py b/plugins/lookup/rule.py index 053b80682..5c7c30095 100644 --- a/plugins/lookup/rule.py +++ b/plugins/lookup/rule.py @@ -107,10 +107,10 @@ ansible.builtin.debug: msg: "Rule: {{ extensions }}" vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false attributes: "{{ lookup('checkmk.general.rule', rule_id='a9285bc1-dcaf-45e0-a3ba-ad398ef06a49') }}" """ diff --git a/plugins/lookup/rules.py b/plugins/lookup/rules.py index 498379ffe..4d9e9267f 100644 --- a/plugins/lookup/rules.py +++ b/plugins/lookup/rules.py @@ -84,7 +84,12 @@ default: "" comment_regex: - description: A regex to filter for certain comment stings. + description: A regex to filter for certain comment strings. + required: False + default: "" + + folder_regex: + description: A regex to filter for certain folders. required: False default: "" @@ -114,6 +119,23 @@ loop_control: label: "{{ item.id }}" +- name: Get all rules of the ruleset host_groups in folder /test + ansible.builtin.debug: + msg: "Rule: {{ item.extensions }}" + loop: "{{ + lookup('checkmk.general.rules', + ruleset='host_groups', + regex_folder='^/test$', + server_url=server_url, + site=site, + automation_user=automation_user, + automation_secret=automation_secret, + validate_certs=False + ) + }}" + loop_control: + label: "{{ item.id }}" + - name: actice_checks:http rules that match a certain description AND comment ansible.builtin.debug: msg: "Rule: {{ item.extensions }}" @@ -136,10 +158,10 @@ ansible.builtin.debug: msg: "Rule: {{ item.extensions }}" vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false loop: "{{ lookup('checkmk.general.rules', ruleset='host_groups') }}" @@ -172,6 +194,7 @@ def run(self, terms, variables, **kwargs): ruleset = self.get_option("ruleset") regex_params["description"] = self.get_option("description_regex") regex_params["comment"] = self.get_option("comment_regex") + regex_params["folder"] = self.get_option("folder_regex") server_url = self.get_option("server_url") site = self.get_option("site") user = self.get_option("automation_user") @@ -205,21 +228,41 @@ def run(self, terms, variables, **kwargs): rule_list = response.get("value") + log = [] + + log.append("PARAMS: %s" % str(regex_params)) for what, regex in regex_params.items(): try: if regex: + log.append("ITEMS: %s" % str((what, regex))) + + def _rule_attribute(rule, what, regex): + if what == "folder": + log.append( + "Folder: %s regex: %s" + % (rule.get("extensions", {}).get("folder", ""), regex) + ) + return rule.get("extensions", {}).get("folder", "") + return ( + rule.get("extensions", {}) + .get("properties", {}) + .get(what, "") + ) + rule_list = [ r for r in rule_list if re.search( regex, - r.get("extensions", {}).get("properties", {}).get(what, ""), + _rule_attribute(r, what, regex), ) ] + except re.error as e: raise AnsibleError( "Invalid regex for %s, pattern: %s, position: %s error: %s" % (what, e.pattern, e.pos, e.msg) ) + # return [log] return [rule_list] diff --git a/plugins/lookup/ruleset.py b/plugins/lookup/ruleset.py index fc54ddeff..358c3f53d 100644 --- a/plugins/lookup/ruleset.py +++ b/plugins/lookup/ruleset.py @@ -107,10 +107,10 @@ ansible.builtin.debug: msg: "Ruleset: {{ extensions }}" vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false extensions: "{{ lookup('checkmk.general.ruleset', ruleset='host_groups') }}" """ diff --git a/plugins/lookup/rulesets.py b/plugins/lookup/rulesets.py index c95ef5da8..55090488e 100644 --- a/plugins/lookup/rulesets.py +++ b/plugins/lookup/rulesets.py @@ -146,10 +146,10 @@ ansible.builtin.debug: msg: "Ruleset {{ item.extension.name }} is deprecated." vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false loop: "{{ lookup('checkmk.general.rulesets', regex='', rulesets_deprecated=True, rulesets_used=True) }}" diff --git a/plugins/lookup/version.py b/plugins/lookup/version.py index f869f1889..93356d626 100644 --- a/plugins/lookup/version.py +++ b/plugins/lookup/version.py @@ -90,20 +90,20 @@ vars: version: "{{ lookup('checkmk.general.version', server_url=my_url, - site=my_site, + site=mysite, validate_certs=False, - automation_user=my_user, - automation_secret=my_secret + automation_user=myuser, + automation_secret=mysecret )}}" - name: "Use variables outside the module call." ansible.builtin.debug: msg: "Server version is {{ version }}" vars: - ansible_lookup_checkmk_server_url: "http://my_server/" - ansible_lookup_checkmk_site: "my_site" - ansible_lookup_checkmk_automation_user: "my_user" - ansible_lookup_checkmk_automation_secret: "my_secret" + ansible_lookup_checkmk_server_url: "http://myserver/" + ansible_lookup_checkmk_site: "mysite" + ansible_lookup_checkmk_automation_user: "myuser" + ansible_lookup_checkmk_automation_secret: "mysecret" ansible_lookup_checkmk_validate_certs: false attributes: "{{ lookup('checkmk.general.version') }}" """ diff --git a/plugins/module_utils/api.py b/plugins/module_utils/api.py index a16f3c69d..bdb01927b 100644 --- a/plugins/module_utils/api.py +++ b/plugins/module_utils/api.py @@ -44,7 +44,7 @@ def __init__(self, module): # may be "present", "abesent" or an individual one self.state = "" - def _fetch(self, code_mapping, endpoint="", data=None, method="GET"): + def _fetch(self, code_mapping="", endpoint="", data=None, method="GET"): http_mapping = GENERIC_HTTP_CODES.copy() http_mapping.update(code_mapping) diff --git a/plugins/module_utils/utils.py b/plugins/module_utils/utils.py index bbdf05a88..5412e3df8 100644 --- a/plugins/module_utils/utils.py +++ b/plugins/module_utils/utils.py @@ -20,12 +20,20 @@ def result_as_dict(result): GENERIC_HTTP_CODES = { - 204: (True, False, "Successfully executed"), + 200: (True, False, "OK: The operation was done successfully"), + 204: (True, False, "Operation done successfully. No further output."), 400: (False, True, "Bad request: Parameter or validation failure"), + 401: (False, True, "The user is not authorized to do this request"), 403: (False, True, "Forbidden: Configuration via Setup is disabled"), - 404: (False, True, "Not found"), - 406: (False, True, "Required headers are not satisfied"), - 412: (False, True, "If-Match does not match ETag"), - 415: (False, True, "Wrong content-type in header"), - 428: (False, True, "If-Match header is missing"), + 404: (False, True, "Not Found: The requested object has not been found"), + 405: ( + False, + True, + "This request is only allowed with other HTTP methods", + ), + 406: (False, True, "The requests accept headers can not be satisfied"), + 412: (False, True, "If-Match header doesn't match the object's ETag"), + 415: (False, True, "The submitted content-type is not supported"), + 428: (False, True, "The required If-Match header is missing"), + 500: (False, True, "General Server Error"), } diff --git a/plugins/modules/activation.py b/plugins/modules/activation.py index 57e192885..bce75411a 100644 --- a/plugins/modules/activation.py +++ b/plugins/modules/activation.py @@ -46,35 +46,35 @@ EXAMPLES = r""" - name: "Start activation on all sites." checkmk.general.activation: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" run_once: 'true' - name: "Start activation on a specific site." checkmk.general.activation: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" sites: - - "my_site" + - "mysite" run_once: 'true' - name: "Start activation including foreign changes." checkmk.general.activation: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" force_foreign_changes: 'true' run_once: 'true' - name: "Activate changes including foreign changes and wait for completion." checkmk.general.activation: server_url: "http://localhost/" - site: "my_site" + site: "mysite" automation_user: "automation" automation_secret: "$SECRET" redirect: 'true' diff --git a/plugins/modules/bakery.py b/plugins/modules/bakery.py index 07badc2c6..32eaff7d2 100644 --- a/plugins/modules/bakery.py +++ b/plugins/modules/bakery.py @@ -47,28 +47,28 @@ # Bake all agents without signing, as example in a fresh installation without a signature key. - name: "Bake all agents without signing." checkmk.general.bakery: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" state: "baked" # Sign all agents. - name: "Sign all agents." checkmk.general.bakery: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" signature_key_id: 1 signature_key_passphrase: "my_key" state: "signed" # Bake and sign all agents. - name: "Bake and sign all agents." checkmk.general.bakery: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" signature_key_id: 1 signature_key_passphrase: "my_key" state: "baked_signed" @@ -95,29 +95,6 @@ result_as_dict, ) -HTTP_CODES = { - # http_code: (changed, failed, "Message") - 200: (True, False, "The operation was done successfully."), - 204: ( - True, - False, - "No Content: Operation done successfully. No further output.", - ), - 400: (False, True, "Bad Request: Parameter or validation failure."), - 403: (False, True, "Forbidden: Configuration via WATO is disabled."), - 406: ( - False, - True, - "Not Acceptable: The requests accept headers can not be satisfied.", - ), - 415: ( - False, - True, - "Unsupported Media Type: The submitted content-type is not supported.", - ), - 500: (False, True, "General Server Error."), -} - class BakeryAPI(CheckmkAPI): def post(self): @@ -137,7 +114,6 @@ def post(self): action = "bake_and_sign" return self._fetch( - code_mapping=HTTP_CODES, endpoint="/domain-types/agent/actions/%s/invoke" % action, data=data, method="POST", diff --git a/plugins/modules/contact_group.py b/plugins/modules/contact_group.py index 2887bc4b2..2814c1e68 100644 --- a/plugins/modules/contact_group.py +++ b/plugins/modules/contact_group.py @@ -58,10 +58,10 @@ # Create a single contact group. - name: "Create a single contact group." checkmk.general.contact_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_contact_group" title: "My Contact Group" customer: "provider" @@ -70,10 +70,10 @@ # Create several contact groups. - name: "Create several contact groups." checkmk.general.contact_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" customer: "provider" groups: - name: "my_contact_group_one" @@ -87,10 +87,10 @@ # Create several contact groups. - name: "Create several contact groups." checkmk.general.contact_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" customer: "provider" groups: - name: "my_contact_group_one" @@ -102,20 +102,20 @@ # Delete a single contact group. - name: "Create a single contact group." checkmk.general.contact_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_contact_group" state: "absent" # Delete several contact groups. - name: "Delete several contact groups." checkmk.general.contact_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" groups: - name: "my_contact_group_one" - name: "my_contact_group_two" diff --git a/plugins/modules/discovery.py b/plugins/modules/discovery.py index 3dbbe729c..92603365d 100644 --- a/plugins/modules/discovery.py +++ b/plugins/modules/discovery.py @@ -40,7 +40,7 @@ description: The action to perform during discovery. type: str default: new - choices: [new, remove, fix_all, refresh, tabula_rasa, only_host_labels] + choices: [new, remove, fix_all, refresh, tabula_rasa, only_host_labels, only_service_labels, monitor_undecided_services] do_full_scan: description: The option whether to perform a full scan or not. (Bulk mode only). type: bool @@ -57,40 +57,41 @@ author: - Robin Gierse (@robin-checkmk) - Michael Sekania (@msekania) + - Max Sickora (@max-checkmk) """ EXAMPLES = r""" # Create a single host. - name: "Add newly discovered services on host." checkmk.general.discovery: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" host_name: "my_host" state: "new" - name: "Add newly discovered services, update labels and remove vanished services on host." checkmk.general.discovery: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" host_name: "my_host" state: "fix_all" - name: "Add newly discovered services on hosts. (Bulk)" checkmk.general.discovery: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" hosts: ["my_host_0", "my_host_1"] state: "new" - name: "Add newly discovered services, update labels and remove vanished services on host; 3 at once (Bulk)" checkmk.general.discovery: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" hosts: ["my_host_0", "my_host_1", "my_host_2", "my_host_3", "my_host_4", "my_host_5"] state: "fix_all" bulk_size: 3 @@ -130,13 +131,8 @@ False, "The service discovery background job has been initialized. Redirecting to the 'Wait for service discovery completion' endpoint.", ), - 400: (False, True, "Bad Request."), - 403: (False, True, "Forbidden: Configuration via WATO is disabled."), 404: (False, True, "Not Found: Host could not be found."), - 406: (False, True, "Not Acceptable."), 409: (False, False, "Conflict: A discovery background job is already running"), - 415: (False, True, "Unsupported Media Type."), - 500: (False, True, "General Server Error."), } HTTP_CODES_SC = { @@ -147,30 +143,19 @@ False, "The service discovery is still running. Redirecting to the 'Wait for completion' endpoint.", ), - 403: (False, True, "Forbidden: Configuration via Setup is disabled."), 404: (False, False, "Not Found: There is no running service discovery"), - 406: (False, True, "Not Acceptable."), - 500: (False, True, "General Server Error."), } HTTP_CODES_BULK = { # http_code: (changed, failed, "Message") 200: (True, False, "Discovery successful."), - 400: (False, True, "Bad Request."), - 403: (False, True, "Forbidden: Configuration via WATO is disabled."), - 406: (False, True, "Not Acceptable."), 409: (False, False, "Conflict: A bulk discovery job is already active"), - 415: (False, True, "Unsupported Media Type."), - 500: (False, True, "General Server Error."), } HTTP_CODES_BULK_SC = { # http_code: (changed, failed, "Message") 200: (True, False, "The service discovery has been completed."), - 403: (False, True, "Forbidden: Configuration via WATO is disabled."), 404: (False, False, "Not Found: There is no running bulk_discovery job"), - 406: (False, True, "Not Acceptable."), - 500: (False, True, "General Server Error."), } @@ -241,6 +226,49 @@ def post(self): ) +class newBulkDiscoveryAPI(CheckmkAPI): + def post(self): + options = { + "monitor_undecided_services": False, + "remove_vanished_services": False, + "update_service_labels": False, + "update_host_labels": False, + } + + if self.params.get("state") in ["new", "fix_all", "monitor_undecided_services"]: + options["monitor_undecided_services"] = True + if self.params.get("state") in ["remove", "fix_all"]: + options["remove_vanished_services"] = True + if self.params.get("state") in ["only_service_labels"]: + options["update_service_labels"] = True + if self.params.get("state") in ["new", "fix_all", "only_host_labels"]: + options["update_host_labels"] = True + + if self.params.get("state") == "refresh": + data = { + "hostnames": self.params.get("hosts", []), + "mode": self.params.get("state"), + "do_full_scan": self.params.get("do_full_scan", True), + "bulk_size": self.params.get("bulk_size", 1), + "ignore_errors": self.params.get("ignore_errors", True), + } + else: + data = { + "hostnames": self.params.get("hosts", []), + "options": options, + "do_full_scan": self.params.get("do_full_scan", True), + "bulk_size": self.params.get("bulk_size", 1), + "ignore_errors": self.params.get("ignore_errors", True), + } + + return self._fetch( + code_mapping=HTTP_CODES_BULK, + endpoint="domain-types/discovery_run/actions/bulk-discovery-start/invoke", + data=data, + method="POST", + ) + + class ServiceCompletionBulkAPI(CheckmkAPI): def get(self): data = {} @@ -292,6 +320,8 @@ def run_module(): "refresh", "tabula_rasa", "only_host_labels", + "only_service_labels", + "monitor_undecided_services", ], ), do_full_scan=dict(type="bool", default=True), @@ -351,15 +381,48 @@ def run_module(): module.fail_json(**result_as_dict(result)) if not single_mode and module.params.get("state") == "tabula_rasa": - result = RESULT( - http_code=0, - msg="State 'tabula_rasa' does not exist in bulk_discovery, please use refresh!", - content="", - etag="", - failed=True, - changed=False, - ) - module.fail_json(**result_as_dict(result)) + module.params["state"] = "refresh" + + if module.params.get("state") in [ + "only_service_labels", + "monitor_undecided_services", + ]: + if ver < CheckmkVersion("2.3.0"): + result = RESULT( + http_code=0, + msg="State is not supported before 2.3.0", + content="", + etag="", + failed=True, + changed=False, + ) + module.fail_json(**result_as_dict(result)) + if single_mode: + if module.params.get("state") == "monitor_undecided_services": + result = RESULT( + http_code=0, + msg="State can only be used in bulk mode", + content="", + etag="", + failed=True, + changed=False, + ) + module.fail_json(**result_as_dict(result)) + if module.params.get( + "state" + ) == "only_service_labels" and ver < CheckmkVersion("2.3.0p3"): + result = RESULT( + http_code=0, + msg="State can only be used in bulk mode", + content="", + etag="", + failed=True, + changed=False, + ) + module.fail_json(**result_as_dict(result)) + + if not single_mode and ver >= CheckmkVersion("2.3.0"): + discovery = newBulkDiscoveryAPI(module) result = wait_for_completion(single_mode, servicecompletion) diff --git a/plugins/modules/downtime.py b/plugins/modules/downtime.py index 4e3c3f93b..8ceb21c79 100644 --- a/plugins/modules/downtime.py +++ b/plugins/modules/downtime.py @@ -94,7 +94,7 @@ - name: "Schedule host downtime." checkmk.general.downtime: server_url: "{{ checkmk_var_server_url }}" - site: "{{ my_site }}" + site: "{{ mysite }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" host_name: my_host @@ -107,7 +107,7 @@ - name: "Schedule service downtimes for two given services." checkmk.general.downtime: server_url: "{{ checkmk_var_server_url }}" - site: "{{ my_site }}" + site: "{{ mysite }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" host_name: my_host @@ -122,7 +122,7 @@ - name: "Delete all service downtimes for two given services." checkmk.general.downtime: server_url: "{{ checkmk_var_server_url }}" - site: "{{ my_site }}" + site: "{{ mysite }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" host_name: my_host diff --git a/plugins/modules/folder.py b/plugins/modules/folder.py index 9a9a497e0..efebd552b 100644 --- a/plugins/modules/folder.py +++ b/plugins/modules/folder.py @@ -81,10 +81,10 @@ # Create a single folder. - name: "Create a single folder." checkmk.general.folder: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" path: "/my_folder" name: "My Folder" state: "present" @@ -92,10 +92,10 @@ # Create a folder who's hosts should be hosted on a remote site. - name: "Create a single folder." checkmk.general.folder: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" path: "/my_remote_folder" name: "My Remote Folder" attributes: @@ -105,10 +105,10 @@ # Create a folder with Criticality set to a Test system and Networking Segment WAN (high latency)" - name: "Create a folder with tag_criticality test and tag_networking wan" checkmk.general.folder: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" path: "/my_remote_folder" attributes: tag_criticality: "test" @@ -118,10 +118,10 @@ # Update only specified attributes - name: "Update only specified attributes" checkmk.general.folder: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" path: "/my_folder" update_attributes: tag_networking: "dmz" @@ -130,10 +130,10 @@ # Remove specified attributes - name: "Remove specified attributes" checkmk.general.folder: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" path: "/my_folder" remove_attributes: - tag_networking diff --git a/plugins/modules/host.py b/plugins/modules/host.py index 627880d46..ece0a2c45 100644 --- a/plugins/modules/host.py +++ b/plugins/modules/host.py @@ -111,10 +111,10 @@ # Create a host. - name: "Create a host." checkmk.general.host: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_host" folder: "/" state: "present" @@ -122,10 +122,10 @@ # Create a host with IP. - name: "Create a host with IP address." checkmk.general.host: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_host" attributes: alias: "My Host" @@ -136,10 +136,10 @@ # Create a host which is monitored on a distinct site. - name: "Create a host which is monitored on a distinct site." checkmk.general.host: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_host" attributes: site: "my_remote_site" @@ -149,10 +149,10 @@ # Create a cluster host. - name: "Create a cluster host." checkmk.general.cluster: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_cluster_host" folder: "/" nodes: ["cluster_node_1", "cluster_node_2", "cluster_node_3"] @@ -161,10 +161,10 @@ # Create a cluster host with IP. - name: "Create a cluster host with IP address." checkmk.general.cluster: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_cluster_host" nodes: - "cluster_node_1" @@ -179,10 +179,10 @@ # Create a host with update_attributes. - name: "Create a host which is monitored on a distinct site." checkmk.general.host: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_host" update_attributes: site: "my_remote_site" @@ -191,10 +191,10 @@ # Update only specified attributes - name: "Update only specified attributes" checkmk.general.host: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_host" update_attributes: alias: "foo" @@ -203,10 +203,10 @@ # Remove specified attributes - name: "Remove specified attributes" checkmk.general.host: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_host" remove_attributes: - alias @@ -215,10 +215,10 @@ # Add custom tags to a host (note the leading 'tag_') - name: "Remove specified attributes" checkmk.general.host: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_host" update_attributes: - tag_my_tag_1: "Bar" diff --git a/plugins/modules/host_group.py b/plugins/modules/host_group.py index 4f0d01dbd..a2b44a1dd 100644 --- a/plugins/modules/host_group.py +++ b/plugins/modules/host_group.py @@ -54,10 +54,10 @@ # Create a single host group. - name: "Create a single host group." checkmk.general.host_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_host_group" title: "My Host Group" customer: "provider" @@ -66,10 +66,10 @@ # Create several host groups. - name: "Create several host groups." checkmk.general.host_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" customer: "provider" groups: - name: "my_host_group_one" @@ -83,10 +83,10 @@ # Create several host groups. - name: "Create several host groups." checkmk.general.host_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" customer: "provider" groups: - name: "my_host_group_one" @@ -98,20 +98,20 @@ # Delete a single host group. - name: "Delete a single host group." checkmk.general.host_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_host_group" state: "absent" # Delete several host groups. - name: "Delete several host groups." checkmk.general.host_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" groups: - name: "my_host_group_one" - name: "my_host_group_two" diff --git a/plugins/modules/password.py b/plugins/modules/password.py index 8f7f771da..16774ab96 100644 --- a/plugins/modules/password.py +++ b/plugins/modules/password.py @@ -78,10 +78,10 @@ # If passwords are configured, no_log should be set to true. - name: "Create a new password." checkmk.general.password: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "mypassword" title: "My Password" customer: "provider" @@ -96,10 +96,10 @@ no_log: true - name: "Delete a password." checkmk.general.password: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "mypassword" state: "absent" """ @@ -132,90 +132,12 @@ # We count 404 not as failed, because we want to know if the password exists or not. HTTP_CODES_GET = { # http_code: (changed, failed, "Message") - 200: (True, False, "OK: The operation was done successfully."), - 400: (False, True, "Bad Request: Parameter or validation failure."), - 403: (False, True, "Forbidden: Configuration via Setup is disabled."), 404: (False, False, "Not Found: The requested object has not been found."), - 406: ( - False, - True, - "Not Acceptable: The requests accept headers can not be satisfied.", - ), - 415: ( - False, - True, - "Unsupported Media Type: The submitted content-type is not supported.", - ), - 500: (False, True, "General Server Error."), } HTTP_CODES_DELETE = { # http_code: (changed, failed, "Message") - 200: (True, False, "OK: The operation was done successfully."), - 400: (False, True, "Bad Request: Parameter or validation failure."), - 403: (False, True, "Forbidden: Configuration via Setup is disabled."), 404: (False, False, "Not Found: The requested object has not been found."), - 406: ( - False, - True, - "Not Acceptable: The requests accept headers can not be satisfied.", - ), - 415: ( - False, - True, - "Unsupported Media Type: The submitted content-type is not supported.", - ), - 500: (False, True, "General Server Error."), -} - -HTTP_CODES_CREATE = { - # http_code: (changed, failed, "Message") - 200: (True, False, "OK: The operation was done successfully."), - 400: (False, True, "Bad Request: Parameter or validation failure."), - 403: (False, True, "Forbidden: Configuration via Setup is disabled."), - 406: ( - False, - True, - "Not Acceptable: The requests accept headers can not be satisfied.", - ), - 415: ( - False, - True, - "Unsupported Media Type: The submitted content-type is not supported.", - ), - 500: (False, True, "General Server Error."), -} - -HTTP_CODES_UPDATE = { - # http_code: (changed, failed, "Message") - 200: ( - True, - False, - "No Content: Operation was done successfully. No further output", - ), - 403: (False, True, "Forbidden: Configuration via Setup is disabled."), - 404: (False, True, "Not Found: The requested object has not been found."), - 406: ( - False, - True, - "Not Acceptable: The requests accept headers can not be satisfied.", - ), - 412: ( - False, - True, - "Precondition Failed: The value of the If-Match header doesn't match the object's ETag.", - ), - 415: ( - False, - True, - "Unsupported Media Type: The submitted content-type is not supported.", - ), - 428: ( - False, - True, - "Precondition Required: The required If-Match header is missing.", - ), - 500: (False, True, "General Server Error."), } @@ -236,7 +158,6 @@ def post(self): data = {key: val for key, val in data.items() if val} return self._fetch( - code_mapping=HTTP_CODES_CREATE, endpoint="/domain-types/password/collections/all", data=data, method="POST", @@ -259,7 +180,6 @@ def put(self): data = {key: val for key, val in data.items() if val} return self._fetch( - code_mapping=HTTP_CODES_UPDATE, endpoint="/objects/password/%s" % self.params.get("name"), data=data, method="PUT", diff --git a/plugins/modules/rule.py b/plugins/modules/rule.py index 238dbd8cd..3b37852d1 100644 --- a/plugins/modules/rule.py +++ b/plugins/modules/rule.py @@ -29,36 +29,45 @@ required: true type: dict suboptions: + rule_id: + description: + - If provided, update/delete an existing rule. + - If omitted, we try to find an equal rule based on C(properties), + C(conditions), C(folder) and C(value_raw). + - Please mind the additional notes below. + type: str location: description: - - Location of the rule within a folder. - - By default rules are created at the bottom of the "/" folder. - - Mutually exclusive with I(folder). + - Location of the rule within a folder. + - By default rules are created at the bottom of the "/" folder. type: dict suboptions: position: description: - Position of the rule in the folder. - Has no effect when I(state=absent). + - For new rule C(any) wil be equivalent to C(bottom) type: str choices: - "top" - "bottom" + - "any" - "before" - "after" - default: "bottom" - rule_id: + default: "any" + neighbour: description: - Put the rule C(before) or C(after) this rule_id. - Required when I(position) is C(before) or C(after). - Mutually exclusive with I(folder). type: str + aliases: [rule_id] folder: description: - Folder of the rule. - - Required when I(position) is C(top) or C(bottom). + - Required when I(position) is C(top), C(bottom), or (any). - Required when I(state=absent). - - Mutually exclusive with I(rule_id). + - Mutually exclusive with I(neighbour). default: "/" type: str conditions: @@ -67,13 +76,10 @@ properties: description: Properties of the rule. type: dict - rule_id: - description: - - If given, it will be C(the only condition) to identify the rule to work on. - - When there's no rule found with this id, the task will fail. - type: str value_raw: - description: Rule values as exported from the web interface. + description: + - Rule values as exported from the web interface. + - Required when I(state) is C(present). type: str ruleset: description: Name of the ruleset to manage. @@ -84,14 +90,18 @@ choices: [present, absent] default: present type: str +notes: + - If rule_id is omitted, due to the internal processing of the C(value_raw), finding the + matching rule is not reliable, when C(rule_id) is omitted. This sometimes leads to the + module not being idempotent or to rules being created over and over again. + - If rule_id is provided, for the same reason, it might happen, that tasks changing a rule + again and again, even if it already meets the expectations. author: + - Lars Getwan (@lgetwan) - diademiemi (@diademiemi) - Geoffroy Stévenne (@geof77) - -notes: - - "To achieve idempotency, this module is comparing the specified rule with the already existing - rules based on conditions, folder, value_raw and enabled/disabled." + - Michael Sekania (@msekania) """ EXAMPLES = r""" @@ -99,10 +109,10 @@ # at the top of the main folder. - name: "Create a rule in checkgroup_parameters:memory_percentage_used." checkmk.general.rule: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" ruleset: "checkgroup_parameters:memory_percentage_used" rule: conditions: { @@ -117,10 +127,10 @@ "service_labels": [] } properties: { - "comment": "Warning at 80%\nCritical at 90%\n", + "comment": "Ansible managed", "description": "Allow higher memory usage", "disabled": false, - "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rules.py" + "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rule.py" } value_raw: "{'levels': (80.0, 90.0)}" location: @@ -131,20 +141,47 @@ - name: Show the ID of the new rule ansible.builtin.debug: - msg: "RULE ID : {{ response.id }}" + msg: "RULE ID : {{ response.content.id }}" -# Create another rule in checkgroup_parameters:memory_percentage_used -# and put it after the rule created above. +# Create another rule with the new label conditions (> 2.3.0) +# in checkgroup_parameters:memory_percentage_used and put it after the rule created above. - name: "Create a rule in checkgroup_parameters:memory_percentage_used." checkmk.general.rule: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" ruleset: "checkgroup_parameters:memory_percentage_used" rule: conditions: { - "host_labels": [], + "host_label_groups": [ + { + operator: "and", + label_group: [ + { + operator: "and", + label: "cmk/site:beta" + }, + { + operator: "or", + label: "cmk/os_family:linux" + } + ], + }, + { + operator: "or", + label_group: [ + { + operator: "and", + label: "cmk/site:alpha" + }, + { + operator: "or", + label: "cmk/os_family:windows" + } + ], + }, + ], "host_name": { "match_on": [ "test2.tld" @@ -155,53 +192,36 @@ "service_labels": [] } properties: { - "comment": "Warning at 85%\nCritical at 99%\n", + "comment": "Ansible managed", "description": "Allow even higher memory usage", "disabled": false, - "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rules.py" + "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rule.py" } value_raw: "{'levels': (85.0, 99.0)}" location: position: "after" - rule_id: "{{ response.id }}" + neighbour: "{{ response.content.id }}" state: "present" # Delete the first rule. - name: "Delete a rule." checkmk.general.rule: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" ruleset: "checkgroup_parameters:memory_percentage_used" rule: - conditions: { - "host_labels": [], - "host_name": { - "match_on": [ - "test1.tld" - ], - "operator": "one_of" - }, - "host_tags": [], - "service_labels": [] - } - properties: { - "comment": "Warning at 80%\nCritical at 90%\n", - "description": "Allow higher memory usage", - "disabled": false, - "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rules.py" - } - value_raw: "{'levels': (80.0, 90.0)}" + rule_id: "{{ response.content.id }}" state: "absent" # Create a rule rule matching a host label - name: "Create a rule matching a label." checkmk.general.rule: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" ruleset: "checkgroup_parameters:memory_percentage_used" rule: conditions: { @@ -212,21 +232,43 @@ "value": "yes" } ], - "host_name": {}, - "host_tags": [], - "service_labels": [] } properties: { - "comment": "Warning at 80%\nCritical at 90%\n", + "comment": "Ansible managed", "description": "Allow higher memory usage", "disabled": false, - "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rules.py" + "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rule.py" } value_raw: "{'levels': (80.0, 90.0)}" location: folder: "/" position: "top" state: "present" + +# Delete all rules in a ruleset that match a certain comment. +- name: "Delete all rules in a ruleset that match a certain comment." + checkmk.general.rule: + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" + ruleset: "checkgroup_parameters:memory_percentage_used" + rule: + rule_id: "{{ item.id }}" + state: "absent" + loop: "{{ + lookup('checkmk.general.rules', + ruleset='checkgroup_parameters:memory_percentage_used', + comment_regex='Ansible managed', + server_url=server_url, + site=site, + automation_user=automation_user, + automation_secret=automation_secret, + validate_certs=False + ) + }}" + loop_control: + label: "{{ item.id }}" """ RETURN = r""" @@ -235,276 +277,610 @@ type: str returned: always sample: 'Rule created.' - -id: - description: The ID of the rule. +http_code: + description: The HTTP code the Checkmk API returns. + type: int + returned: always + sample: '200' +etag: + description: The etag of the rule. type: str returned: when the rule is created or when it already exists - sample: '1f97bc43-52dc-4f1a-ab7b-c2e9553958ab' + sample: '"ad55730d5488e55e07c58a3da9759fba8cd0b009"' +content: + description: The complete created/changed rule + returned: when the rule is created or when it already exists + type: dict + contains: + id: + description: The ID of the rule. + type: str + returned: when the rule is created or when it already exists + sample: '1f97bc43-52dc-4f1a-ab7b-c2e9553958ab' + extensions: + description: The attributes of the rule + type: dict + returned: when the rule is created or when it already exists + contains: + conditions: + description: The contitions of the rule. + type: str + returned: when the rule is created or when it already exists + folder: + description: The folder of the rule. + type: str + returned: when the rule is created or when it already exists + folder_index: + description: The index of the rule inside the folder. + type: str + returned: when the rule is created or when it already exists + properties: + description: The properties of the rule. + type: str + returned: when the rule is created or when it already exists + ruleset: + description: The ruleset of the rule. + type: str + returned: when the rule is created or when it already exists + value_raw: + description: The actual value of the rule + type: str + returned: when the rule is created or when it already exists """ import json from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.common.validation import safe_eval -from ansible.module_utils.urls import fetch_url - -try: - from urllib import urlencode -except ImportError: # For Python 3 - from urllib.parse import urlencode - - -def exit_failed(module, msg, id=""): - result = {"msg": msg, "id": id, "changed": False, "failed": True} - module.fail_json(**result) +from ansible_collections.checkmk.general.plugins.module_utils.api import CheckmkAPI +from ansible_collections.checkmk.general.plugins.module_utils.types import RESULT +from ansible_collections.checkmk.general.plugins.module_utils.version import ( + CheckmkVersion, +) + +DESIRED_RULE_KEYS = ( + "location", + "conditions", + "properties", + "value_raw", +) + +DESIRED_DEFAULTS = { + "pre_230": { + "properties": { + "disabled": False, + }, + "conditions": { + "host_tags": [], + "host_labels": [], + "service_labels": [], + }, + }, + "230_or_newer": { + "properties": { + "disabled": False, + }, + "conditions": { + "host_tags": [], + "host_label_groups": [], + "service_label_groups": [], + }, + }, +} + +# IGNORE_PROPERTIES_DEFAULTS = [ +# "description", +# "comment", +# ] + +IGNORE_DEFAULTS = { + "pre_230": { + "properties": { + "description": "", + "comment": "", + }, + # "conditions": {}, + }, + "230_or_newer": { + "properties": { + "description": "", + "comment": "", + }, + "conditions": { + # "host_tags": [], + "host_labels": [], + "service_labels": [], + "host_label_groups": [], + "service_label_groups": [], + }, + }, +} + +CURRENT_RULE_KEYS = ( + "folder", + "ruleset", + "conditions", + "properties", + "value_raw", +) + +POSITION_MAPPING = { + "top": "top_of_folder", + "bottom": "bottom_of_folder", + "any": "bottom_of_folder", + "after": "after_specific_rule", + "before": "before_specific_rule", +} + + +class RuleHTTPCodes: + # http_code: (changed, failed, "Message") + get = { + 200: (False, False, "Rule found, nothing changed"), + 404: (False, False, "Rule not found"), + } + list_rules = { + 200: (False, False, "Ruleset found, nothing changed"), + 404: (False, False, "Ruleset not found"), + } -def exit_changed(module, msg, id=""): - if module.check_mode: - msg = msg + " (check_mode: no changes made)" - result = {"msg": msg, "id": id, "changed": True, "failed": False} - module.exit_json(**result) + create = {200: (True, False, "Rule created")} + move = {200: (True, False, "Rule moved")} + edit = {200: (True, False, "Rule modified")} + delete = {204: (True, False, "Rule deleted")} -def exit_ok(module, msg, id=""): - result = {"msg": msg, "id": id, "changed": False, "failed": False} - module.exit_json(**result) +class RuleEndpoints: + default = "/objects/rule" + create = "/domain-types/rule/collections/all" -def get_rules_in_ruleset(module, base_url, headers, ruleset): - api_endpoint = "/domain-types/rule/collections/all" +# Get complete ruleset of current rule +class RuleLocation(CheckmkAPI): + def __init__(self, module, folder, rule_id): + super().__init__(module) + self.module = module + self.params = module.params - params = { - "ruleset_name": ruleset, - } + self.folder = folder + self.rule_id = rule_id - url = "%s%s?%s" % (base_url, api_endpoint, urlencode(params)) + self.ruleset = self.params.get("ruleset") - response, info = fetch_url( - module, url, module.jsonify(params), headers=headers, method="GET" - ) + self.rule_dict = self._get_ruleset(self.ruleset) + self.folder_rule_list = [ + k for k, v in self.rule_dict.items() if v == self.folder + ] + self.folder_index = self.folder_rule_list.index(self.rule_id) + self.folder_size = len(self.folder_rule_list) - if info["status"] != 200: - exit_failed( - module, - "Error calling API. HTTP code %d. Details: %s, " - % (info["status"], str(info)), + def _build_default_endpoint(self): + return "%s/%s" % ( + RuleEndpoints.default, + self.ruleset, ) - return json.loads(response.read().decode("utf-8")).get("value") - - -def get_rule_by_id(module, base_url, headers, rule_id): - api_endpoint = "/objects/rule/" + rule_id + def _get_ruleset(self, ruleset): + result = self._fetch( + code_mapping=RuleHTTPCodes.list_rules, + endpoint=RuleEndpoints.create + "?ruleset_name=" + self.ruleset, + method="GET", + ) - url = "%s%s" % (base_url, api_endpoint) + if result.http_code == 200: + content = json.loads(result.content) + return { + r.get("id"): r.get("extensions", {}).get("folder") + for r in content.get("value") + } - response, info = fetch_url(module, url, headers=headers, method="GET") + return {} + + def is_equal(self, desired_location): + desired_folder = desired_location.get("folder") + desired_position = desired_location.get("position") + desired_neighbour = desired_location.get("neighbour") + + if desired_position in ["bottom", "top", "any"]: + if desired_folder != self.folder: + return False + elif desired_position == "any": + return True + elif desired_position == "top" and self.folder_index == 0: + return True + elif ( + desired_position == "bottom" + and self.folder_index == self.folder_size - 1 + ): + return True + else: + return False + + if desired_position in ["before", "after"]: + if desired_folder != self.folder: + return False + elif ( + desired_position == "before" + and self.folder_index < self.folder_size - 1 + and self.folder_rule_list[self.folder_index + 1] == desired_neighbour + ): + return True + elif ( + desired_position == "after" + and self.folder_index > 0 + and self.folder_rule_list[self.folder_index - 1] == desired_neighbour + ): + return True + else: + return False - if info["status"] != 200: - exit_failed( - module, - "Error calling API. HTTP code %d. Details: %s, " - % (info["status"], info["body"]), - ) + # This should never happen ;-) + return False - return json.loads(response.read().decode("utf-8")) +class RuleAPI(CheckmkAPI): + def __init__(self, module): + super().__init__(module) -def get_existing_rule(module, base_url, headers, ruleset, rule): - if rule.get("rule_id"): - # We already know whih rule to get - if module.params.get("state") == "absent": - # When deleting and we already know the ID, don't compare - return rule.get("rule_id") - rules = [get_rule_by_id(module, base_url, headers, rule.get("rule_id"))] - else: - # Get rules in ruleset - rules = get_rules_in_ruleset(module, base_url, headers, ruleset) + self.module = module + self.params = self.module.params + self.rule_id = self.params.get("rule").get("rule_id") + self.is_new_rule = self.rule_id is None - (value_mod, exc) = safe_eval(rule["value_raw"], include_exceptions=True) - if exc is not None: - exit_failed(module, "value_raw in rule has invalid format") + if self.getversion() < CheckmkVersion("2.3.0"): + self.version_select_str = "pre_230" + else: + self.version_select_str = "230_or_newer" + + self.desired = self._clean_desired(self.params) + + self._changed_items = [] + self.current = None + self.etag = "" + + self._verify_parameters() + + if not self.rule_id: + # If no rule_id is provided, we still check if rule exists. + self.rule_id = self._get_rule_id(self.desired) + + if self.rule_id: + # Get the current rule from the API and set some parameters + (self.current, self.state) = self._get_current() + if self.state == "present": + self._changed_items = self._detect_changes() + + def _verify_parameters(self): + self._verify_location() + self._verify_conditions() + + def _verify_location(self): + # when neighbour is specified, verify that it exists otherwise give warning + neighbour_id = self.params.get("rule", {}).get("location", {}).get("neighbour") + + if neighbour_id: + (neighbour, state) = self._get_rule_by_id(neighbour_id) + + if state == "absent": + self.module.warn( + "Specified neighbour: '%s' does not exist" % neighbour_id + ) + else: + self.desired["rule"]["location"]["folder"] = neighbour.get( + "rule", {} + ).get("folder") + + def _verify_conditions(self): + # The combined host/service labels are only available in > 2.3.0 + conditions = self.params.get("rule", {}).get("conditions") + if ( + conditions + and ( + "host_label_groups" in conditions + or "service_label_groups" in conditions + ) + and self.getversion() < CheckmkVersion("2.3.0") + ): + self.module.fail_json( + msg="ERROR: label groups are only available from Checkmk 2.3.0 on." + ) - # Get folder from neighbour rule if relative rule_id is given in location - if rule["location"]["rule_id"] is not None: - neighbour_rule = get_rule_by_id( - module, base_url, headers, rule["location"]["rule_id"] - ) - rule["folder"] = neighbour_rule["extensions"]["folder"] + def rule_id_found(self): + return self.current is not None - if rules is not None: - # Loop through all rules - for r in rules: - (value_api, exc) = safe_eval( - r["extensions"]["value_raw"], include_exceptions=True - ) - if exc is not None: - exit_failed(module, "Error deserializing value_raw from API") - if ( - r["extensions"]["folder"] == rule["folder"] - and r["extensions"]["conditions"] == rule["conditions"] - and r["extensions"]["properties"].get("disabled", "") - == rule["properties"].get("disabled", "") - and value_api == value_mod - ): - # If they are the same, return the ID - return r["id"] + def _clean_desired(self, params): + desired = {} + desired["ruleset"] = params.get("ruleset") + desired["rule"] = {} + tmp_params_rule = params.get("rule", {}) - return None + for key in DESIRED_RULE_KEYS: + if tmp_params_rule.get(key): + desired["rule"][key] = tmp_params_rule.get(key) + for what, def_vals in DESIRED_DEFAULTS[self.version_select_str].items(): + for key, value in def_vals.items(): + if not desired["rule"].get(what): + desired["rule"][what] = {} -def create_rule(module, base_url, headers, ruleset, rule): - api_endpoint = "/domain-types/rule/collections/all" + if not desired["rule"].get(what).get(key): + desired["rule"][what][key] = value - changed = True - rule_id = get_existing_rule(module, base_url, headers, ruleset, rule) - if rule_id: - return (rule_id, not changed) + return desired - if module.check_mode: - return (None, changed) + def _raw_value_eval(self, state, data): + value_raw = data.get("value_raw", "''") - params = { - "ruleset": ruleset, - "folder": rule["folder"], - "properties": rule["properties"], - "value_raw": rule["value_raw"], - "conditions": rule["conditions"], - } + # This is an ugly hack that translates tuples into lists to have a better hit rate with + # idempotency. + # Once the internal handling of value_raw has improved, we will no longer need this. + value_raw = value_raw.translate(str.maketrans("()", "[]")) - url = base_url + api_endpoint + (safe_value_raw, exc) = safe_eval(value_raw, include_exceptions=True) + if exc is not None: + self.module.fail_json( + msg="ERROR: The %s value_raw has invalid format" % state + ) - response, info = fetch_url( - module, url, module.jsonify(params), headers=headers, method="POST" - ) + return safe_value_raw - if info["status"] != 200: - exit_failed( - module, - "Error calling API. HTTP code %d. Details: %s, " - % (info["status"], info["body"]), + def _get_rules_in_ruleset(self, ruleset): + result = self._fetch( + code_mapping=RuleHTTPCodes.list_rules, + endpoint=RuleEndpoints.create + "?ruleset_name=" + ruleset, + method="GET", ) - r = json.loads(response.read().decode("utf-8")) + if result.http_code == 200: + content = json.loads(result.content) + return content.get("value") - return (r["id"], changed) + return [] + def _get_rule_id(self, desired): + d = desired.copy() + d["rule"] = self._normalize_rule(desired.get("rule")) -def modify_rule(module, base_url, headers, ruleset, rule): - changed = True - rule_id = rule.get("rule_id") + for c in self._get_rules_in_ruleset(d.get("ruleset")): + c = self._normalize_rule(c) + if ( + c["extensions"]["folder"] == d["rule"]["location"]["folder"] + and c["extensions"]["conditions"] == d["rule"].get("conditions") + and c["extensions"]["properties"] == d["rule"].get("properties") + and self._raw_value_eval("search", c["extensions"]) + == self._raw_value_eval("desired", d["rule"]) + ): + return c["id"] + + return None + + def _normalize_rule(self, r): + loc = r.copy() + for what, def_vals in IGNORE_DEFAULTS[self.version_select_str].items(): + if loc.get(what): + for key, value in def_vals.items(): + if loc.get(what).get(key, value) == value: + loc[what].pop(key, None) + if loc.get("extensions", {}).get(what): + ext = loc.get("extensions", {}) + for key, value in def_vals.items(): + if ext.get(what).get(key, value) == value: + ext[what].pop(key, None) + return loc + + def _detect_changes(self): + c = self._normalize_rule(self.current["rule"]) + d = self._normalize_rule(self.desired.get("rule")) + changes = [] + + if c.get("conditions", {}) != d.get("conditions", {}): + changes.append("conditions") + + if c.get("properties", {}) != d.get("properties", {}): + changes.append("properties") + + if self._raw_value_eval("current", c) != self._raw_value_eval("desired", d): + changes.append("raw_value") + + desired_location = d.get("rule", {}).get("location") + if desired_location: + c = RuleLocation(self.module, c.get("folder", "/"), self.rule_id) + + if not c.is_equal(desired_location): + changes.append("location") + + return changes + + def _build_default_endpoint(self, rule_id=None): + return "%s/%s" % ( + RuleEndpoints.default, + # self.rule_id, + self.rule_id if not rule_id else rule_id, + ) - if not rule_id: - return not changed + def _get_rule_by_id(self, rule_id): + current = {} + state = "absent" - if get_existing_rule(module, base_url, headers, ruleset, rule): - return not changed + result = self._fetch( + code_mapping=RuleHTTPCodes.get, + endpoint=self._build_default_endpoint(rule_id), + method="GET", + ) - if module.check_mode: - return (None, changed) + if result.http_code == 200: + current["rule"] = {} + state = "present" + current["etag"] = result.etag - headers["If-Match"] = get_rule_etag(module, base_url, headers, rule_id) + content = json.loads(result.content) + extensions = content["extensions"] - params = { - "properties": rule["properties"], - "value_raw": rule["value_raw"], - "conditions": rule["conditions"], - } + current["rule"] = { + key: value + for key, value in extensions.items() + if key in CURRENT_RULE_KEYS + } - api_endpoint = "/objects/rule/" + rule_id - url = base_url + api_endpoint + return (current, state) - info = fetch_url( - module, url, module.jsonify(params), headers=headers, method="PUT" - )[1] + def _get_current(self): + return self._get_rule_by_id(self.rule_id) - if info["status"] not in [200, 204]: - exit_failed( - module, - "Error calling API. HTTP code %d. Details: %s, " - % (info["status"], info["body"]), + def _check_output(self, mode): + return RESULT( + http_code=0, + msg="Running in check mode. Would have %s" % mode, + content="", + etag="", + failed=False, + changed=True, ) - return changed + def needs_update(self): + return len(self._changed_items) > 0 + def _moving_needed(self): + if "location" in self._changed_items: + return True -def delete_rule(module, base_url, headers, ruleset, rule): - changed = True - rule_id = get_existing_rule(module, base_url, headers, ruleset, rule) - - if rule_id: - if not module.check_mode: - delete_rule_by_id(module, base_url, headers, rule_id) - return changed - return not changed + if self.is_new_rule: + location = self.desired.get("rule").get("location") + if location and not ( + # folder should be there + location.get("folder", "/") == "/" + # position should be there + and location.get("position", "bottom") == "bottom" + ): + return True + + return False + + def _move_if_needed(self): + if not self._moving_needed(): + return + + location = self.desired.get("rule").get("location") + data = {"position": POSITION_MAPPING[location.get("position")]} + # what if fails!? better error message will be better + + # what if location nowhere? + # position should be there + pos = location.get("position", "bottom") + if pos in ["top", "bottom", "any"]: + # folder should be there + data["folder"] = location.get("folder", "/") + elif pos in ["before", "after"]: + data["rule_id"] = location.get("neighbour") + # else: + # # cannot happen + + if self.module.check_mode: + return self._check_output("move") + + return self._fetch( + code_mapping=RuleHTTPCodes.move, + endpoint=self._build_default_endpoint() + "/actions/move/invoke", + data=data, + method="POST", + ) + def _merge_results(self, results): + return RESULT( + http_code=list(results.values())[-1].http_code, + msg=", ".join( + [ + "%s (%d)" % (results[k].msg, results[k].http_code) + for k in results.keys() + ] + ), + content=list(results.values())[-1].content, + etag=list(results.values())[-1].etag, + failed=any(r.failed for r in list(results.values())), + changed=any(r.changed for r in list(results.values())), + ) -def delete_rule_by_id(module, base_url, headers, rule_id): - api_endpoint = "/objects/rule/" + def create(self): + # rule is there always (required true) + data = self.desired.get("rule").copy() + location = data.pop("location", {}) + data["ruleset"] = self.desired.get("ruleset") + data["folder"] = location.get("folder", "/") - url = "%s%s%s" % (base_url, api_endpoint, rule_id) + if not data.get("value_raw"): + self.module.fail_json( + msg="ERROR: The parameter value_raw is mandatory when 'state is present'." + ) - info = fetch_url(module, url, headers=headers, method="DELETE")[1] + if self.module.check_mode: + return self._check_output("create") - if info["status"] != 204: - exit_failed( - module, - "Error calling API. HTTP code %d. Details: %s, " - % (info["status"], info["body"]), + create_result = self._fetch( + code_mapping=RuleHTTPCodes.create, + endpoint=RuleEndpoints.create, + data=data, + method="POST", ) + if create_result.failed: + return create_result -def get_rule_etag(module, base_url, headers, rule_id): - api_endpoint = "/objects/rule/" + rule_id + content = json.loads(create_result.content) + self.rule_id = content.get("id") - url = base_url + api_endpoint - - info = fetch_url(module, url, headers=headers, method="GET")[1] + move_result = self._move_if_needed() + if move_result: + return self._merge_results({"created": create_result, "moved": move_result}) + else: + return create_result - if info["status"] not in [200, 204]: - exit_failed( - module, - "Error calling API. HTTP code %d. Details: %s, " - % (info["status"], info["body"]), - ) - return info["etag"] + def edit(self): + # rule is there always (required true) + data = self.desired.get("rule").copy() + data.pop("location") + self.headers["if-Match"] = self.etag + if not data.get("value_raw"): + self.module.fail_json( + msg="ERROR: The parameter value_raw is mandatory when 'state is present'." + ) -def move_rule(module, base_url, headers, rule_id, location): - api_endpoint = "/objects/rule/" + rule_id + "/actions/move/invoke" + if self.module.check_mode: + return self._check_output("edit") - api_keywords = { - "top": "top_of_folder", - "bottom": "bottom_of_folder", - "before": "before_specific_rule", - "after": "after_specific_rule", - } + edit_result = self._fetch( + code_mapping=RuleHTTPCodes.edit, + endpoint=self._build_default_endpoint(), + data=data, + method="PUT", + ) - params = { - "position": api_keywords[location["position"]], - } - if location["position"] in ["after", "before"]: - params["rule_id"] = location["rule_id"] - else: - params["folder"] = location["folder"] + edit_result = edit_result._replace( + msg=edit_result.msg + ". Changed: %s" % ", ".join(self._changed_items) + ) - headers["If-Match"] = get_rule_etag(module, base_url, headers, rule_id) + if edit_result.failed: + return edit_result - url = base_url + api_endpoint + move_result = self._move_if_needed() + if move_result: + return self._merge_results({"edited": edit_result, "moved": move_result}) + else: + return edit_result - info = fetch_url( - module, url, module.jsonify(params), headers=headers, method="POST" - )[1] + def delete(self): + if self.module.check_mode: + return self._check_output("delete") - if info["status"] not in [200, 204]: - exit_failed( - module, - "Error calling API. HTTP code %d. Details: %s, " - % (info["status"], info["body"]), + result = self._fetch( + code_mapping=RuleHTTPCodes.delete, + endpoint=self._build_default_endpoint(), + method="DELETE", ) + return result + def run_module(): # define available arguments/parameters a user can pass to the module @@ -519,31 +895,32 @@ def run_module(): type="dict", required=True, options=dict( + rule_id=dict(type="str", default=None), conditions=dict(type="dict"), properties=dict(type="dict"), value_raw=dict(type="str"), - rule_id=dict(type="str"), location=dict( type="dict", options=dict( position=dict( type="str", - choices=["top", "bottom", "before", "after"], - default="bottom", + choices=["top", "bottom", "any", "before", "after"], + default="any", ), folder=dict( type="str", default="/", ), - rule_id=dict(type="str"), + neighbour=dict(type="str", aliases=["rule_id"]), ), required_if=[ ("position", "top", ("folder",)), ("position", "bottom", ("folder",)), - ("position", "before", ("rule_id",)), - ("position", "after", ("rule_id",)), + ("position", "any", ("folder",)), + ("position", "before", ("neighbour",)), + ("position", "after", ("neighbour",)), ], - mutually_exclusive=[("folder", "rule_id")], + mutually_exclusive=[("folder", "neighbour")], apply_defaults=True, ), ), @@ -553,76 +930,51 @@ def run_module(): module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) - # Use the parameters to initialize some common variables - headers = { - "Accept": "application/json", - "Content-Type": "application/json", - "Authorization": "Bearer %s %s" - % ( - module.params.get("automation_user", ""), - module.params.get("automation_secret", ""), - ), - } + # Create an API object that contains the current and desired state + current_rule = RuleAPI(module) - base_url = "%s/%s/check_mk/api/1.0" % ( - module.params.get("server_url", ""), - module.params.get("site", ""), + result = RESULT( + http_code=0, + msg="", + content="{}", + etag="", + failed=False, + changed=False, ) - # Get the variables - ruleset = module.params.get("ruleset", "") - rule = module.params.get("rule", {}) - location = rule.get("location") - - # Check if required params to create a rule are given - if not rule.get("folder"): - rule["folder"] = location["folder"] - if not rule.get("rule_id"): - if not rule.get("properties"): - exit_failed(module, "Rule properties are required") - if not rule.get("value_raw"): - exit_failed(module, "Rule value_raw is required") - # Default to all hosts if conditions arent given - if not rule.get("conditions"): - rule["conditions"] = { - "host_tags": [], - "host_labels": [], - "service_labels": [], - } - if module.params.get("state") == "absent": - if location.get("rule_id") is not None: - exit_failed(module, "rule_id in location is invalid with state=absent") - - # If state is absent, delete the rule - if module.params.get("state") == "absent": - deleted = delete_rule(module, base_url, headers, ruleset, rule) - if deleted: - exit_changed(module, "Rule deleted") - else: - exit_ok(module, "Rule does not exist") - # If state is present, create the rule - elif module.params.get("state") == "present": - action = None - if rule.get("rule_id"): - # Modify an existing rule - rule_id = rule.get("rule_id") - if modify_rule(module, base_url, headers, ruleset, rule): - action = "changed" + desired_state = module.params.get("state") + rule_id = module.params.get("rule_id") + + if desired_state == "present": + if current_rule.rule_id_found(): + # Update if needed + if current_rule.needs_update(): + result = current_rule.edit() + else: + result = result._replace( + msg="Rule already exists with the desired parameters." + ) + elif rule_id: + # There is no rule with the given rule_id + result = result._replace( + msg="The provided rule_id was not found.", + failed=True, + ) else: - # If no rule_id is mentioned, we check if our rule exists. If not, then create it. - (rule_id, changed) = create_rule(module, base_url, headers, ruleset, rule) - if changed: - action = "created" - - if action: - # Move rule to specified location, if it's not default - if location["position"] != "bottom" and not module.check_mode: - move_rule(module, base_url, headers, rule_id, location) - exit_changed(module, "Rule %s" % action, rule_id) - exit_ok(module, "Rule already exists with equal settings", rule_id) - - # Fallback - exit_failed(module, "Unknown error") + # Create new rule + result = current_rule.create() + elif desired_state == "absent": + if current_rule.state == "present": + # Delete existing rule + result = current_rule.delete() + elif current_rule.state == "absent": + # Rule is already absent + result = result._replace(msg="Rule already absent.") + + if result.content: + result = result._replace(content=json.loads(result.content)) + result_as_dict = result._asdict() + module.exit_json(**result_as_dict) def main(): diff --git a/plugins/modules/service_group.py b/plugins/modules/service_group.py index 4901f2764..b779f16c6 100644 --- a/plugins/modules/service_group.py +++ b/plugins/modules/service_group.py @@ -58,10 +58,10 @@ # Create a single service group. - name: "Create a single service group." checkmk.general.service_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_service_group" title: "My Service Group" customer: "provider" @@ -70,10 +70,10 @@ # Create several service groups. - name: "Create several service groups." checkmk.general.service_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" customer: "provider" groups: - name: "my_service_group_one" @@ -87,10 +87,10 @@ # Create several service groups. - name: "Create several service groups." checkmk.general.service_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" customer: "provider" groups: - name: "my_service_group_one" @@ -102,20 +102,20 @@ # Delete a single service group. - name: "Create a single service group." checkmk.general.service_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "my_service_group" state: "absent" # Delete several service groups. - name: "Delete several service groups." checkmk.general.service_group: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" groups: - name: "my_service_group_one" - name: "my_service_group_two" diff --git a/plugins/modules/tag_group.py b/plugins/modules/tag_group.py index 054439fa1..e3e21605d 100644 --- a/plugins/modules/tag_group.py +++ b/plugins/modules/tag_group.py @@ -78,10 +78,10 @@ # Create a tag group - name: "Create tag group" checkmk.general.tag_group: - server_url: "https://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "https://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: datacenter title: Datacenter topic: Tags @@ -100,10 +100,10 @@ # Delete a tag group - name: "Delete tag group." checkmk.general.tag_group: - server_url: "https://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "https://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: datacenter state: "absent" """ @@ -138,37 +138,7 @@ # We count 404 not as failed, because we want to know if the taggroup exists or not. HTTP_CODES_GET = { # http_code: (changed, failed, "Message") - 200: (True, False, "OK: The operation was done successfully."), 404: (False, False, "Not Found: The requested object has not been found."), - 500: (False, True, "General Server Error."), -} - -HTTP_CODES_DELETE = { - # http_code: (changed, failed, "Message") - 405: ( - False, - True, - "Method Not Allowed: This request is only allowed with other HTTP methods", - ), - 500: (False, True, "General Server Error."), -} - -HTTP_CODES_CREATE = { - # http_code: (changed, failed, "Message") - 200: (True, False, "OK: The operation was done successfully."), - 500: (False, True, "General Server Error."), -} - -HTTP_CODES_UPDATE = { - # http_code: (changed, failed, "Message") - 200: (True, False, "OK: The operation was done successfully."), - 401: (False, True, "Unauthorized: The user is not authorized to do this request"), - 405: ( - False, - True, - "Method Not Allowed: This request is only allowed with other HTTP methods", - ), - 500: (False, True, "General Server Error."), } @@ -211,7 +181,6 @@ def post(self): data["ident"] = self.params.get("name") return self._fetch( - code_mapping=HTTP_CODES_CREATE, endpoint="/domain-types/host_tag_group/collections/all", data=data, method="POST", @@ -223,7 +192,6 @@ def put(self): data = normalize_data(self.params) return self._fetch( - code_mapping=HTTP_CODES_UPDATE, endpoint="/objects/host_tag_group/%s" % self.params.get("name"), data=data, method="PUT", @@ -235,7 +203,6 @@ def delete(self): data = {} return self._fetch( - code_mapping=HTTP_CODES_DELETE, endpoint="/objects/host_tag_group/%s?repair=%s" % (self.params.get("name"), self.params.get("repair")), # data=data, diff --git a/plugins/modules/timeperiod.py b/plugins/modules/timeperiod.py index a6f8ca9cf..19d3da4ec 100644 --- a/plugins/modules/timeperiod.py +++ b/plugins/modules/timeperiod.py @@ -62,10 +62,10 @@ # Creating and Updating is the same. - name: "Create a new time period. (Attributes in one line)" checkmk.general.timeperiod: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "worktime" alias: "Worktime" active_time_ranges: '[{"day": "all", "time_ranges": [{"start": "09:00:00", "end": "17:00:00"}]}]' @@ -75,10 +75,10 @@ - name: "Create a new time period. (Attributes in multiple lines)" checkmk.general.timeperiod: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "worktime" alias: "Worktime" active_time_ranges: [ @@ -110,10 +110,10 @@ - name: "Delete a time period." checkmk.general.timeperiod: - server_url: "http://my_server/" - site: "my_site" - automation_user: "my_user" - automation_secret: "my_secret" + server_url: "http://myserver/" + site: "mysite" + automation_user: "myuser" + automation_secret: "mysecret" name: "worktime" state: "absent" """ @@ -148,110 +148,7 @@ # We count 404 not as failed, because we want to know if the time period exists or not. HTTP_CODES_GET = { # http_code: (changed, failed, "Message") - 200: (True, False, "OK: The operation was done successfully."), - 400: (False, True, "Bad Request: Parameter or validation failure."), - 403: (False, True, "Forbidden: Configuration via Setup is disabled."), 404: (False, False, "Not Found: The requested object has not been found."), - 406: ( - False, - True, - "Not Acceptable: The requests accept headers can not be satisfied.", - ), - 415: ( - False, - True, - "Unsupported Media Type: The submitted content-type is not supported.", - ), - 500: (False, True, "General Server Error."), -} - -HTTP_CODES_DELETE = { - # http_code: (changed, failed, "Message") - 204: (True, False, "No Content: Operation done successfully. No further output."), - 400: (False, True, "Bad Request: Parameter or validation failure."), - 403: (False, True, "Forbidden: Configuration via Setup is disabled."), - 404: (False, True, "Not Found: The requested object has not been found."), - 405: ( - False, - True, - "Method Not Allowed: This request is only allowed with other HTTP methods", - ), - 406: ( - False, - True, - "Not Acceptable: The requests accept headers can not be satisfied.", - ), - 412: ( - False, - True, - "Precondition Failed: The value of the If-Match header doesn't match the object's ETag.", - ), - 415: ( - False, - True, - "Unsupported Media Type: The submitted content-type is not supported.", - ), - 428: ( - False, - True, - "Precondition Required: The required If-Match header is missing", - ), - 500: (False, True, "General Server Error."), -} - -HTTP_CODES_CREATE = { - # http_code: (changed, failed, "Message") - 200: (True, False, "OK: The operation was done successfully."), - 400: (False, True, "Bad Request: Parameter or validation failure."), - 403: (False, True, "Forbidden: Configuration via Setup is disabled."), - 406: ( - False, - True, - "Not Acceptable: The requests accept headers can not be satisfied.", - ), - 415: ( - False, - True, - "Unsupported Media Type: The submitted content-type is not supported.", - ), - 500: (False, True, "General Server Error."), -} - -HTTP_CODES_UPDATE = { - # http_code: (changed, failed, "Message") - 200: ( - True, - False, - "No Content: Operation was done successfully. No further output", - ), - 403: (False, True, "Forbidden: Configuration via Setup is disabled."), - 404: (False, True, "Not Found: The requested object has not been found."), - 405: ( - False, - True, - "Method Not Allowed: This request is only allowed with other HTTP methods", - ), - 406: ( - False, - True, - "Not Acceptable: The requests accept headers can not be satisfied.", - ), - 412: ( - False, - True, - "Precondition Failed: The value of the If-Match header doesn't match the object's ETag.", - ), - 415: ( - False, - True, - "Unsupported Media Type: The submitted content-type is not supported.", - ), - 428: ( - False, - True, - "Precondition Required: The required If-Match header is missing", - ), - 500: (False, True, "General Server Error."), } updatevalues = ("alias", "active_time_ranges", "exceptions", "exclude") @@ -272,7 +169,6 @@ def post(self): data["exclude"] = self.params.get("exclude") return self._fetch( - code_mapping=HTTP_CODES_CREATE, endpoint="/domain-types/time_period/collections/all", data=data, method="POST", @@ -299,7 +195,6 @@ def put(self, existingalias): data["exclude"] = self.params.get("exclude") return self._fetch( - code_mapping=HTTP_CODES_UPDATE, endpoint="/objects/time_period/%s" % self.params.get("name"), data=data, method="PUT", @@ -311,7 +206,6 @@ def delete(self): data = {} return self._fetch( - code_mapping=HTTP_CODES_DELETE, endpoint="/objects/time_period/%s" % self.params.get("name"), data=data, method="DELETE", diff --git a/plugins/modules/user.py b/plugins/modules/user.py index c0c0b5055..d9d3fe9c7 100644 --- a/plugins/modules/user.py +++ b/plugins/modules/user.py @@ -136,10 +136,10 @@ # Create a user. - name: "Create a user." checkmk.general.user: - server_url: "http://my_server/" + server_url: "http://myserver/" site: "local" - automation_user: "my_user" - automation_secret: "my_secret" + automation_user: "myuser" + automation_secret: "mysecret" name: "krichards" fullname: "Keith Richards" email: "keith.richards@rollingstones.com" @@ -153,10 +153,10 @@ # Create an automation user. - name: "Create an automation user." checkmk.general.user: - server_url: "http://my_server/" + server_url: "http://myserver/" site: "local" - automation_user: "my_user" - automation_secret: "my_secret" + automation_user: "myuser" + automation_secret: "mysecret" name: "registration" fullname: "Registration User" auth_type: "automation" @@ -168,10 +168,10 @@ # Create a user with the Checkmk Managed Edition (CME), using the `customer` parameter. - name: "Create a user." checkmk.general.user: - server_url: "http://my_server/" + server_url: "http://myserver/" site: "local" - automation_user: "my_user" - automation_secret: "my_secret" + automation_user: "myuser" + automation_secret: "mysecret" name: "krichards" fullname: "Keith Richards" email: "keith.richards@rollingstones.com" @@ -186,10 +186,10 @@ # Create a detailed user. - name: "Create a more complex user." checkmk.general.user: - server_url: "http://my_server/" + server_url: "http://myserver/" site: "local" - automation_user: "my_user" - automation_secret: "my_secret" + automation_user: "myuser" + automation_secret: "mysecret" name: "horst" fullname: "Horst Schlämmer" customer: "provider" @@ -209,7 +209,7 @@ roles: - "user" authorized_sites: - - "{{ my_site }}" + - "{{ mysite }}" interface_theme: "dark" sidebar_position: "right" navigation_bar_icons: "show" diff --git a/requirements.txt b/requirements.txt index 618ae37ff..b838767ab 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,4 +6,5 @@ jinja2 molecule >= 5.0.1 molecule-plugins[docker] yamllint -pywinrm \ No newline at end of file +pywinrm +netaddr \ No newline at end of file diff --git a/roles/agent/README.md b/roles/agent/README.md index 57790fc78..279641e59 100644 --- a/roles/agent/README.md +++ b/roles/agent/README.md @@ -11,9 +11,12 @@ It can be installed as easy as running: ansible-galaxy collection install checkmk.general +Additionally, this role requires the Python module `netaddr` on the controller. +Please make sure it is installed on your system and available for Ansible. + ## Role Variables - checkmk_agent_version: "2.2.0p24" + checkmk_agent_version: "2.3.0p5" The Checkmk version of the site your agents will talk to. @@ -46,7 +49,7 @@ Whether to validate the SSL certificate of the Checkmk server. The port of the web interface of your Checkmk server. Defaults to port 80 for http and port 443 for https. - checkmk_agent_site: my_site + checkmk_agent_site: mysite The name of your Checkmk site. @@ -58,18 +61,18 @@ The server you want to use for registration tasks (Agent updates and TLS encrypt The site you want to use for registration tasks (Agent updates and TLS encryption). Defaults to `{{ checkmk_agent_site }}`. - checkmk_agent_user: my_user + checkmk_agent_user: myuser The user used to authenticate against your Checkmk site. - checkmk_agent_pass: my_secret + checkmk_agent_pass: mysecret -The password for the normal user used to authenticate against your Checkmk site, both for API calls and agent updates. +The password for the normal user used to authenticate against your Checkmk site, both for API calls and agent updates. This is mutually exclusive with `checkmk_agent_secret`. - checkmk_agent_secret: my_secret + checkmk_agent_secret: mysecret -The secret for the automation user used to authenticate against your Checkmk site, both for API calls and agent updates. +The secret for the automation user used to authenticate against your Checkmk site, both for API calls and agent updates. This is mutually exclusive with `checkmk_agent_pass`. checkmk_agent_port: 6556 @@ -134,6 +137,12 @@ Automatically configure the firewall (*currently only on RedHat and Debian deriv When checkmk_agent_configure_firewall is set to `true` then configure the firewall zone on RedHat derivatives. Defaults to 'public'. + checkmk_agent_server_ips: [] + +A list of IP addresses, that will be whitelisted in the firewall for agent access on `checkmk_agent_port`. +The `checkmk_agent_server` will automatically be added, but only if it is an IP address. +This parameter also does **not** take care of any agent-side whitelisting! + checkmk_agent_force_install: 'false' Force the installation of the agent package, no matter the constraints. @@ -145,7 +154,7 @@ Enable this to automatically install `xinetd` on hosts with systemd prior to ver checkmk_agent_delegate_api_calls: localhost -Configure the host to which Checkmk API calls are delegated to. +Configure the host to which Checkmk API calls are delegated to. Typically this would be your Ansible host, hence the default `localhost`. checkmk_agent_delegate_download: "{{ inventory_hostname }}" @@ -155,8 +164,8 @@ Configure the host to which Checkmk API downloads are delegated to. After downlo checkmk_agent_mode: pull The mode the agent operates in. For most deployments, this will be the `pull` mode. -If you are uncertain, what you are using, this is most likely your mode. -If you are using an alternative way to call the agent, e.g. SSH, you can set the variable to `ssh`, so the agent port check is skipped. +If you are uncertain, what you are using, this is most likely your mode. +If you are using an alternative way to call the agent, e.g. SSH, you can set the variable to `ssh`, so the agent port check is skipped. If you are using the Checkmk Cloud Edition (CCE) with an agent in `push` mode, you want to set this to `push` to avoid the agent port check, as well as triggering an initial push of data. checkmk_agent_no_log: 'true' diff --git a/roles/agent/defaults/main.yml b/roles/agent/defaults/main.yml index 78ecb81d2..950b35e94 100644 --- a/roles/agent/defaults/main.yml +++ b/roles/agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -checkmk_agent_version: "2.2.0p24" +checkmk_agent_version: "2.3.0p5" checkmk_agent_edition: cre checkmk_agent_server_protocol: http checkmk_agent_server: localhost -checkmk_agent_site: my_site +checkmk_agent_site: mysite checkmk_agent_registration_server: "{{ checkmk_agent_server }}" checkmk_agent_registration_site: "{{ checkmk_agent_site }}" checkmk_agent_server_validate_certs: 'true' @@ -23,6 +23,7 @@ checkmk_agent_update: 'false' checkmk_agent_tls: 'false' checkmk_agent_configure_firewall: 'true' checkmk_agent_configure_firewall_zone: 'public' +checkmk_agent_server_ips: [] checkmk_agent_force_install: 'false' checkmk_agent_prep_legacy: 'false' checkmk_agent_delegate_api_calls: localhost diff --git a/roles/agent/handlers/main.yml b/roles/agent/handlers/main.yml index 12b3b008e..f3c5c60fb 100644 --- a/roles/agent/handlers/main.yml +++ b/roles/agent/handlers/main.yml @@ -1,6 +1,5 @@ --- -- name: "Activate Changes." - listen: activate changes +- name: "Activate changes" checkmk.general.activation: server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/" site: "{{ checkmk_agent_site }}" diff --git a/roles/agent/molecule/2.0.0/molecule.yml b/roles/agent/molecule/2.0.0/molecule.yml deleted file mode 100644 index 363d0b3ea..000000000 --- a/roles/agent/molecule/2.0.0/molecule.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: ubuntu2004 - image: geerlingguy/docker-ubuntu2004-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: ubuntu2204 - image: geerlingguy/docker-ubuntu2204-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - ## Only kept, as Debian 12 is not supported. - - name: debian10 - image: geerlingguy/docker-debian10-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: debian11 - image: geerlingguy/docker-debian11-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - ## There are no Checkmk 2.0.0 server packages for Debian 12 - ## As these test also set up a server before testing the agent, we remove this image. - # - name: debian12 - # image: geerlingguy/docker-debian12-ansible - # command: ${MOLECULE_DOCKER_COMMAND:-""} - # tmpfs: - # - /run - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:ro - # privileged: true - # pre_build_image: true - ## Python 2 on CentOS 7 produces failures, that are non-trivial to fix - ## so we stop testing against it. - # - name: centos7 - # image: geerlingguy/docker-centos7-ansible - # command: ${MOLECULE_DOCKER_COMMAND:-""} - # tmpfs: - # - /run - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:ro - # privileged: true - # pre_build_image: true - - name: centos8 - image: geerlingguy/docker-centos8-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - ## There are no Checkmk 2.0.0 server packages for Rocky 9 - ## As these test also set up a server before testing the agent, we remove this image. - # - name: rockylinux9 - # image: geerlingguy/docker-rockylinux9-ansible - # command: ${MOLECULE_DOCKER_COMMAND:-""} - # tmpfs: - # - /run - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:ro - # privileged: true - # pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible -scenario: - test_sequence: - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - # - idempotence # disable for now, as we have non-idempotent tasks - # - side_effect - - verify - - cleanup - - destroy diff --git a/roles/agent/molecule/2.1.0/converge.yml b/roles/agent/molecule/2.1.0/converge.yml index 355915cd1..54ff31445 100644 --- a/roles/agent/molecule/2.1.0/converge.yml +++ b/roles/agent/molecule/2.1.0/converge.yml @@ -9,6 +9,7 @@ update_cache: true cache_valid_time: 600 when: ansible_os_family == 'Debian' + - name: Install prerequisites. ansible.builtin.apt: name: "{{ item }}" @@ -16,7 +17,17 @@ loop: - apt-utils - man + - ufw when: ansible_os_family == 'Debian' + + - name: Install prerequisites. + ansible.builtin.dnf: + name: "{{ item }}" + state: present + loop: + - firewalld + when: ansible_os_family == 'RedHat' + - name: Create '/usr/share/man/man8/' on Ubuntu. ansible.builtin.file: path: /usr/share/man/man8/ diff --git a/roles/agent/molecule/2.1.0/group_vars/all.yml b/roles/agent/molecule/2.1.0/group_vars/all.yml index 6c91ff137..b7436414d 100644 --- a/roles/agent/molecule/2.1.0/group_vars/all.yml +++ b/roles/agent/molecule/2.1.0/group_vars/all.yml @@ -1,10 +1,10 @@ --- # General -checkmk_var_version: "2.1.0p41" +checkmk_var_version: "2.1.0p44" checkmk_var_edition: "cre" -checkmk_var_checkmk_site: "my_site" +checkmk_var_checkmk_site: "mysite" checkmk_var_automation_user: "cmkadmin" -checkmk_var_automation_secret: "d7589df1" +checkmk_var_automation_secret: "mysecret" # Agent Role checkmk_agent_version: "{{ checkmk_var_version }}" @@ -28,8 +28,13 @@ checkmk_agent_add_host: 'true' checkmk_agent_discover: 'true' checkmk_agent_discover_max_parallel_tasks: 2 checkmk_agent_update: 'false' -checkmk_agent_tls: 'false' -checkmk_agent_configure_firewall: 'false' +checkmk_agent_tls: 'true' +checkmk_agent_configure_firewall: 'true' +checkmk_agent_configure_firewall_zone: 'public' +checkmk_agent_server_ips: + - 10.10.10.10 + - 172.16.16.16 + - 192.168.1.1 checkmk_agent_force_install: 'false' checkmk_agent_prep_legacy: 'false' checkmk_agent_delegate_api_calls: "{{ inventory_hostname }}" @@ -39,6 +44,8 @@ checkmk_agent_folder: "{{ checkmk_var_folder_path | default('/') }}" checkmk_agent_force_foreign_changes: 'false' checkmk_agent_host_attributes: ipaddress: 127.0.0.1 +checkmk_agent_mode: pull +checkmk_agent_no_log: 'false' # If you trust your local hostnames, you could also use the following # to use the local hostname instead of the inventory hostname: diff --git a/roles/agent/molecule/2.1.0/molecule.yml b/roles/agent/molecule/2.1.0/molecule.yml index 8e4540820..b093f6725 100644 --- a/roles/agent/molecule/2.1.0/molecule.yml +++ b/roles/agent/molecule/2.1.0/molecule.yml @@ -1,61 +1,59 @@ --- +# cgroupv2 support: https://github.com/geerlingguy/docker-ubuntu2204-ansible/issues/6 dependency: name: galaxy driver: name: docker platforms: - - name: ubuntu2004 - image: geerlingguy/docker-ubuntu2004-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true + ## Disable for now, as something between Docker, Ubuntu and the UFW Ansible module does not seem to get along. + # - name: ubuntu2004 + # image: geerlingguy/docker-ubuntu2004-ansible + # command: ${MOLECULE_DOCKER_COMMAND:-""} + # cgroupns_mode: host + # tmpfs: + # - /run + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:rw + # privileged: true + # pre_build_image: true - name: ubuntu2204 image: geerlingguy/docker-ubuntu2204-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: debian11 image: geerlingguy/docker-debian11-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: debian12 image: geerlingguy/docker-debian12-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: centos8 - image: geerlingguy/docker-centos8-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: rockylinux9 image: geerlingguy/docker-rockylinux9-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true provisioner: diff --git a/roles/agent/molecule/2.2.0/converge.yml b/roles/agent/molecule/2.2.0/converge.yml index 6fa62fce9..54ff31445 100644 --- a/roles/agent/molecule/2.2.0/converge.yml +++ b/roles/agent/molecule/2.2.0/converge.yml @@ -17,8 +17,17 @@ loop: - apt-utils - man + - ufw when: ansible_os_family == 'Debian' + - name: Install prerequisites. + ansible.builtin.dnf: + name: "{{ item }}" + state: present + loop: + - firewalld + when: ansible_os_family == 'RedHat' + - name: Create '/usr/share/man/man8/' on Ubuntu. ansible.builtin.file: path: /usr/share/man/man8/ diff --git a/roles/agent/molecule/2.2.0/group_vars/all.yml b/roles/agent/molecule/2.2.0/group_vars/all.yml index b86a54e9c..d6c2cb9b2 100644 --- a/roles/agent/molecule/2.2.0/group_vars/all.yml +++ b/roles/agent/molecule/2.2.0/group_vars/all.yml @@ -1,10 +1,10 @@ --- # General -checkmk_var_version: "2.2.0p24" +checkmk_var_version: "2.2.0p27" checkmk_var_edition: "cre" -checkmk_var_checkmk_site: "my_site" +checkmk_var_checkmk_site: "mysite" checkmk_var_automation_user: "cmkadmin" -checkmk_var_automation_secret: "d7589df1" +checkmk_var_automation_secret: "mysecret" # Agent Role checkmk_agent_version: "{{ checkmk_var_version }}" @@ -28,8 +28,13 @@ checkmk_agent_add_host: 'true' checkmk_agent_discover: 'true' checkmk_agent_discover_max_parallel_tasks: 2 checkmk_agent_update: 'false' -checkmk_agent_tls: 'false' -checkmk_agent_configure_firewall: 'false' +checkmk_agent_tls: 'true' +checkmk_agent_configure_firewall: 'true' +checkmk_agent_configure_firewall_zone: 'public' +checkmk_agent_server_ips: + - 10.10.10.10 + - 172.16.16.16 + - 192.168.1.1 checkmk_agent_force_install: 'false' checkmk_agent_prep_legacy: 'false' checkmk_agent_delegate_api_calls: "{{ inventory_hostname }}" @@ -39,6 +44,8 @@ checkmk_agent_folder: "{{ checkmk_var_folder_path | default('/') }}" checkmk_agent_force_foreign_changes: 'false' checkmk_agent_host_attributes: ipaddress: 127.0.0.1 +checkmk_agent_mode: pull +checkmk_agent_no_log: 'false' # If you trust your local hostnames, you could also use the following # to use the local hostname instead of the inventory hostname: diff --git a/roles/agent/molecule/2.2.0/molecule.yml b/roles/agent/molecule/2.2.0/molecule.yml index 8e4540820..c95ee9721 100644 --- a/roles/agent/molecule/2.2.0/molecule.yml +++ b/roles/agent/molecule/2.2.0/molecule.yml @@ -1,61 +1,69 @@ --- +# cgroupv2 support: https://github.com/geerlingguy/docker-ubuntu2204-ansible/issues/6 dependency: name: galaxy driver: name: docker platforms: - - name: ubuntu2004 - image: geerlingguy/docker-ubuntu2004-ansible + ## Disable for now, as something between Docker, Ubuntu and the UFW Ansible module does not seem to get along. + # - name: ubuntu2004 + # image: geerlingguy/docker-ubuntu2004-ansible + # command: ${MOLECULE_DOCKER_COMMAND:-""} + # cgroupns_mode: host + # tmpfs: + # - /run + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:rw + # privileged: true + # pre_build_image: true + - name: ubuntu2204 + image: geerlingguy/docker-ubuntu2204-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - - name: ubuntu2204 - image: geerlingguy/docker-ubuntu2204-ansible + - name: ubuntu2404 + image: geerlingguy/docker-ubuntu2404-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: debian11 image: geerlingguy/docker-debian11-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: debian12 image: geerlingguy/docker-debian12-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: centos8 - image: geerlingguy/docker-centos8-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: rockylinux9 image: geerlingguy/docker-rockylinux9-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true provisioner: diff --git a/roles/agent/molecule/2.0.0/converge.yml b/roles/agent/molecule/2.3.0/converge.yml similarity index 80% rename from roles/agent/molecule/2.0.0/converge.yml rename to roles/agent/molecule/2.3.0/converge.yml index 355915cd1..54ff31445 100644 --- a/roles/agent/molecule/2.0.0/converge.yml +++ b/roles/agent/molecule/2.3.0/converge.yml @@ -9,6 +9,7 @@ update_cache: true cache_valid_time: 600 when: ansible_os_family == 'Debian' + - name: Install prerequisites. ansible.builtin.apt: name: "{{ item }}" @@ -16,7 +17,17 @@ loop: - apt-utils - man + - ufw when: ansible_os_family == 'Debian' + + - name: Install prerequisites. + ansible.builtin.dnf: + name: "{{ item }}" + state: present + loop: + - firewalld + when: ansible_os_family == 'RedHat' + - name: Create '/usr/share/man/man8/' on Ubuntu. ansible.builtin.file: path: /usr/share/man/man8/ diff --git a/roles/agent/molecule/2.0.0/group_vars/all.yml b/roles/agent/molecule/2.3.0/group_vars/all.yml similarity index 86% rename from roles/agent/molecule/2.0.0/group_vars/all.yml rename to roles/agent/molecule/2.3.0/group_vars/all.yml index 234763e55..11a82eb53 100644 --- a/roles/agent/molecule/2.0.0/group_vars/all.yml +++ b/roles/agent/molecule/2.3.0/group_vars/all.yml @@ -1,10 +1,10 @@ --- # General -checkmk_var_version: "2.0.0p39" +checkmk_var_version: "2.3.0p5" checkmk_var_edition: "cre" -checkmk_var_checkmk_site: "my_site" +checkmk_var_checkmk_site: "mysite" checkmk_var_automation_user: "cmkadmin" -checkmk_var_automation_secret: "d7589df1" +checkmk_var_automation_secret: "mysecret" # Agent Role checkmk_agent_version: "{{ checkmk_var_version }}" @@ -28,8 +28,13 @@ checkmk_agent_add_host: 'true' checkmk_agent_discover: 'true' checkmk_agent_discover_max_parallel_tasks: 2 checkmk_agent_update: 'false' -checkmk_agent_tls: 'false' -checkmk_agent_configure_firewall: 'false' +checkmk_agent_tls: 'true' +checkmk_agent_configure_firewall: 'true' +checkmk_agent_configure_firewall_zone: 'public' +checkmk_agent_server_ips: + - 10.10.10.10 + - 172.16.16.16 + - 192.168.1.1 checkmk_agent_force_install: 'false' checkmk_agent_prep_legacy: 'false' checkmk_agent_delegate_api_calls: "{{ inventory_hostname }}" @@ -39,6 +44,8 @@ checkmk_agent_folder: "{{ checkmk_var_folder_path | default('/') }}" checkmk_agent_force_foreign_changes: 'false' checkmk_agent_host_attributes: ipaddress: 127.0.0.1 +checkmk_agent_mode: pull +checkmk_agent_no_log: 'false' # If you trust your local hostnames, you could also use the following # to use the local hostname instead of the inventory hostname: diff --git a/roles/agent/molecule/2.3.0/molecule.yml b/roles/agent/molecule/2.3.0/molecule.yml new file mode 100644 index 000000000..c95ee9721 --- /dev/null +++ b/roles/agent/molecule/2.3.0/molecule.yml @@ -0,0 +1,86 @@ +--- +# cgroupv2 support: https://github.com/geerlingguy/docker-ubuntu2204-ansible/issues/6 +dependency: + name: galaxy +driver: + name: docker +platforms: + ## Disable for now, as something between Docker, Ubuntu and the UFW Ansible module does not seem to get along. + # - name: ubuntu2004 + # image: geerlingguy/docker-ubuntu2004-ansible + # command: ${MOLECULE_DOCKER_COMMAND:-""} + # cgroupns_mode: host + # tmpfs: + # - /run + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:rw + # privileged: true + # pre_build_image: true + - name: ubuntu2204 + image: geerlingguy/docker-ubuntu2204-ansible + command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host + tmpfs: + - /run + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + pre_build_image: true + - name: ubuntu2404 + image: geerlingguy/docker-ubuntu2404-ansible + command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host + tmpfs: + - /run + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + pre_build_image: true + - name: debian11 + image: geerlingguy/docker-debian11-ansible + command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host + tmpfs: + - /run + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + pre_build_image: true + - name: debian12 + image: geerlingguy/docker-debian12-ansible + command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host + tmpfs: + - /run + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + pre_build_image: true + - name: rockylinux9 + image: geerlingguy/docker-rockylinux9-ansible + command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host + tmpfs: + - /run + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + pre_build_image: true +provisioner: + name: ansible +verifier: + name: ansible +scenario: + test_sequence: + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + # - idempotence # disable for now, as we have non-idempotent tasks + # - side_effect + - verify + - cleanup + - destroy diff --git a/roles/agent/molecule/2.0.0/verify.yml b/roles/agent/molecule/2.3.0/verify.yml similarity index 92% rename from roles/agent/molecule/2.0.0/verify.yml rename to roles/agent/molecule/2.3.0/verify.yml index a4a8a4062..e2f9cc8f4 100644 --- a/roles/agent/molecule/2.0.0/verify.yml +++ b/roles/agent/molecule/2.3.0/verify.yml @@ -18,7 +18,7 @@ - name: "Test Agent Service is running." ansible.builtin.assert: - that: "'check_mk-async.service' in ansible_facts.services" + that: "'check-mk-agent-async.service' in ansible_facts.services" - name: "Test that the Agent is listening on the default Port." ansible.builtin.wait_for: diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index 78df40bb1..b1a80d255 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -47,17 +47,18 @@ - name: "{{ ansible_os_family }} Derivatives: Configure Firewall for Agent." when: checkmk_agent_configure_firewall | bool and "ufw.service" in ansible_facts.services block: - - name: "{{ ansible_os_family }} Derivatives: Check if checkmk_agent_server is an IP address." + - name: "{{ ansible_os_family }} Derivatives: Add Checkmk Server to Firewall Whitelist if it is an IP address." + when: checkmk_agent_server | ansible.utils.ipaddr() ansible.builtin.set_fact: - checkmk_agent_server_ip: "{{ checkmk_agent_server }}" - when: checkmk_agent_server_ip is not defined and checkmk_agent_server | ansible.utils.ipaddr() + checkmk_agent_server_ips: "{{ checkmk_agent_server_ips + [checkmk_agent_server] }}" - name: "{{ ansible_os_family }} Derivatives: Allow Checkmk services access to the agent." + when: checkmk_agent_server_ips is defined community.general.ufw: rule: allow proto: tcp - src: "{{ checkmk_agent_server_ip }}" + src: "{{ item }}" port: '6556' comment: Allow Checkmk - when: checkmk_agent_server_ip is defined + loop: "{{ checkmk_agent_server_ips }}" become: true diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 68baccda0..416e00855 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -69,7 +69,7 @@ ("The host is already part of the specified target folder" not in checkmk_agent_create_result.msg) delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_add_host | bool - notify: "activate changes" + notify: "Activate changes" - name: "Ensure registration readyness." # noqa no-handler when: checkmk_agent_create_result.changed | bool diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index ada672a3b..b3711add3 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -1,7 +1,7 @@ --- - name: "{{ ansible_os_family }} Derivatives: Install host-specific {{ checkmk_agent_edition | upper }} Agent." become: true - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ checkmk_agent_agent.file.host }}" state: present disable_gpg_check: true @@ -13,7 +13,7 @@ - name: "{{ ansible_os_family }} Derivatives: Install GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent." become: true - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ checkmk_agent_agent.file.cee }}" state: present disable_gpg_check: true @@ -36,7 +36,7 @@ - name: "{{ ansible_os_family }} Derivatives: Install Vanilla agent." become: true - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ checkmk_agent_agent.file.cre }}" state: present disable_gpg_check: true @@ -47,17 +47,18 @@ - name: "{{ ansible_os_family }} Derivatives: Configure Firewall for Agent." when: checkmk_agent_configure_firewall | bool and "firewalld.service" in ansible_facts.services block: - - name: "{{ ansible_os_family }} Derivatives: Check if checkmk_agent_server is an IP address." + - name: "{{ ansible_os_family }} Derivatives: Add Checkmk Server to Firewall Whitelist if it is an IP address." + when: checkmk_agent_server | ansible.utils.ipaddr() ansible.builtin.set_fact: - checkmk_agent_server_ip: "{{ checkmk_agent_server }}" - when: checkmk_agent_server_ip is not defined and checkmk_agent_server | ansible.utils.ipaddr() + checkmk_agent_server_ips: "{{ checkmk_agent_server_ips + [checkmk_agent_server] }}" - name: "{{ ansible_os_family }} Derivatives: Allow Checkmk services access to the agent." + when: checkmk_agent_server_ips is defined ansible.posix.firewalld: permanent: 'yes' immediate: 'yes' state: enabled - rich_rule: 'rule family="ipv4" source address={{ checkmk_agent_server_ip }} port port="{{ checkmk_agent_port }}" protocol="tcp" accept' + rich_rule: 'rule family="ipv4" source address={{ item }} port port="{{ checkmk_agent_port }}" protocol="tcp" accept' zone: "{{ checkmk_agent_configure_firewall_zone | default('public') }}" - when: checkmk_agent_server_ip is defined + loop: "{{ checkmk_agent_server_ips }}" become: true diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml index e78f6e898..f98e1ed3c 100644 --- a/roles/agent/tasks/Win32NT.yml +++ b/roles/agent/tasks/Win32NT.yml @@ -22,7 +22,7 @@ ("The host is already part of the specified target folder" not in checkmk_agent_create_result.msg) delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_add_host | bool - notify: "activate changes" + notify: "Activate changes" - name: "Ensure registration readyness." # noqa no-handler when: checkmk_agent_create_result.changed | bool diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 14ee169fc..19a789038 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -55,4 +55,4 @@ retries: 3 delay: 10 until: "checkmk_agent_discovery_state.changed | bool" - notify: "activate changes" + notify: "Activate changes" diff --git a/roles/agent/vars/main.yml b/roles/agent/vars/main.yml index f2858a11d..225a33273 100644 --- a/roles/agent/vars/main.yml +++ b/roles/agent/vars/main.yml @@ -1,7 +1,8 @@ --- checkmk_agent_site_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/{{ checkmk_agent_site }}" -checkmk_agent_auth: "{% if checkmk_agent_secret is defined and checkmk_agent_secret | length %}{{ checkmk_agent_secret }}{% else %}{{ checkmk_agent_pass }}{% endif %}" # noqa yaml[line-length] +checkmk_agent_auth: |- + {% if checkmk_agent_secret is defined and checkmk_agent_secret | length %}{{ checkmk_agent_secret }}{% else %}{{ checkmk_agent_pass }}{% endif %} # Due to inconsistent naming of editions, we normalize them here for convenience checkmk_agent_edition_mapping: diff --git a/roles/server/README.md b/roles/server/README.md index fbd3cedef..eee968357 100644 --- a/roles/server/README.md +++ b/roles/server/README.md @@ -25,7 +25,7 @@ To learn about the distributions used in automated tests, inspect the correspond ## Role Variables - checkmk_server_version: "2.2.0p24" + checkmk_server_version: "2.3.0p5" The global Checkmk version. This is used for installing Checkmk. To manage sites and their version, see `checkmk_server_sites`. @@ -73,7 +73,7 @@ Whether to allow downgrading a site's version. Note: this is not a recommended procedure, and will not be supported for enterprise customers. checkmk_server_sites: - - name: my_site + - name: mysite version: "{{ checkmk_server_version }}" update_conflict_resolution: abort state: started diff --git a/roles/server/defaults/main.yml b/roles/server/defaults/main.yml index da17553c1..d28f50157 100644 --- a/roles/server/defaults/main.yml +++ b/roles/server/defaults/main.yml @@ -23,8 +23,9 @@ checkmk_server_server_stable_os: - Ubuntu-18 - Ubuntu-20 - Ubuntu-22 + - Ubuntu-24 -checkmk_server_version: "2.2.0p24" +checkmk_server_version: "2.3.0p5" checkmk_server_edition: cre checkmk_server_verify_setup: 'true' @@ -32,7 +33,7 @@ checkmk_server_download_user: [] checkmk_server_download_pass: [] checkmk_server_sites: [] -# - name: my_site +# - name: mysite # version: "{{ checkmk_server_version }}" # state: started # admin_pw: "{{ automation_secret | default(omit) }}" diff --git a/roles/server/molecule/2.1.0/group_vars/all.yml b/roles/server/molecule/2.1.0/group_vars/all.yml index 66bcd07b4..270a99ac5 100644 --- a/roles/server/molecule/2.1.0/group_vars/all.yml +++ b/roles/server/molecule/2.1.0/group_vars/all.yml @@ -1,11 +1,11 @@ --- # General -checkmk_var_version: "2.1.0p41" +checkmk_var_version: "2.1.0p44" checkmk_var_edition: "cre" checkmk_server_verify_setup: 'true' checkmk_var_server_url: "http://127.0.0.1/" checkmk_var_automation_user: "cmkadmin" -checkmk_var_automation_secret: "d7589df1" +checkmk_var_automation_secret: "mysecret" # Server Role checkmk_server_edition: "{{ checkmk_var_edition }}" diff --git a/roles/server/molecule/2.1.0/molecule.yml b/roles/server/molecule/2.1.0/molecule.yml index 8e4540820..e5016e217 100644 --- a/roles/server/molecule/2.1.0/molecule.yml +++ b/roles/server/molecule/2.1.0/molecule.yml @@ -1,4 +1,5 @@ --- +# cgroupv2 support: https://github.com/geerlingguy/docker-ubuntu2204-ansible/issues/6 dependency: name: galaxy driver: @@ -7,55 +8,51 @@ platforms: - name: ubuntu2004 image: geerlingguy/docker-ubuntu2004-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: ubuntu2204 image: geerlingguy/docker-ubuntu2204-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: debian11 image: geerlingguy/docker-debian11-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: debian12 image: geerlingguy/docker-debian12-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: centos8 - image: geerlingguy/docker-centos8-ansible - command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: rockylinux9 image: geerlingguy/docker-rockylinux9-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true provisioner: diff --git a/roles/server/molecule/2.2.0/group_vars/all.yml b/roles/server/molecule/2.2.0/group_vars/all.yml index b454a1404..82122833d 100644 --- a/roles/server/molecule/2.2.0/group_vars/all.yml +++ b/roles/server/molecule/2.2.0/group_vars/all.yml @@ -1,11 +1,11 @@ --- # General -checkmk_var_version: "2.2.0p24" +checkmk_var_version: "2.2.0p27" checkmk_var_edition: "cre" checkmk_server_verify_setup: 'true' checkmk_var_server_url: "http://127.0.0.1/" checkmk_var_automation_user: "cmkadmin" -checkmk_var_automation_secret: "d7589df1" +checkmk_var_automation_secret: "mysecret" # Server Role checkmk_server_edition: "{{ checkmk_var_edition }}" diff --git a/roles/server/molecule/2.2.0/molecule.yml b/roles/server/molecule/2.2.0/molecule.yml index 8e4540820..694add3be 100644 --- a/roles/server/molecule/2.2.0/molecule.yml +++ b/roles/server/molecule/2.2.0/molecule.yml @@ -1,4 +1,5 @@ --- +# cgroupv2 support: https://github.com/geerlingguy/docker-ubuntu2204-ansible/issues/6 dependency: name: galaxy driver: @@ -7,55 +8,61 @@ platforms: - name: ubuntu2004 image: geerlingguy/docker-ubuntu2004-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: ubuntu2204 image: geerlingguy/docker-ubuntu2204-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - - name: debian11 - image: geerlingguy/docker-debian11-ansible + - name: ubuntu2404 + image: geerlingguy/docker-ubuntu2404-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - - name: debian12 - image: geerlingguy/docker-debian12-ansible + - name: debian11 + image: geerlingguy/docker-debian11-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - - name: centos8 - image: geerlingguy/docker-centos8-ansible + - name: debian12 + image: geerlingguy/docker-debian12-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: rockylinux9 image: geerlingguy/docker-rockylinux9-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true provisioner: diff --git a/roles/server/molecule/2.0.0/converge.yml b/roles/server/molecule/2.3.0/converge.yml similarity index 99% rename from roles/server/molecule/2.0.0/converge.yml rename to roles/server/molecule/2.3.0/converge.yml index e7f6324bc..2765b83d9 100644 --- a/roles/server/molecule/2.0.0/converge.yml +++ b/roles/server/molecule/2.3.0/converge.yml @@ -9,6 +9,7 @@ update_cache: true cache_valid_time: 600 when: ansible_os_family == 'Debian' + - name: Install prerequisites. ansible.builtin.apt: name: "{{ item }}" @@ -17,6 +18,7 @@ - apt-utils - man when: ansible_os_family == 'Debian' + - name: Create '/usr/share/man/man8/' on Ubuntu. ansible.builtin.file: path: /usr/share/man/man8/ diff --git a/roles/server/molecule/2.0.0/group_vars/all.yml b/roles/server/molecule/2.3.0/group_vars/all.yml similarity index 96% rename from roles/server/molecule/2.0.0/group_vars/all.yml rename to roles/server/molecule/2.3.0/group_vars/all.yml index 5c2ad9d54..e2459864d 100644 --- a/roles/server/molecule/2.0.0/group_vars/all.yml +++ b/roles/server/molecule/2.3.0/group_vars/all.yml @@ -1,11 +1,11 @@ --- # General -checkmk_var_version: "2.0.0p39" +checkmk_var_version: "2.3.0p5" checkmk_var_edition: "cre" checkmk_server_verify_setup: 'true' checkmk_var_server_url: "http://127.0.0.1/" checkmk_var_automation_user: "cmkadmin" -checkmk_var_automation_secret: "d7589df1" +checkmk_var_automation_secret: "mysecret" # Server Role checkmk_server_edition: "{{ checkmk_var_edition }}" diff --git a/roles/server/molecule/2.0.0/molecule.yml b/roles/server/molecule/2.3.0/molecule.yml similarity index 60% rename from roles/server/molecule/2.0.0/molecule.yml rename to roles/server/molecule/2.3.0/molecule.yml index 333a2f95b..694add3be 100644 --- a/roles/server/molecule/2.0.0/molecule.yml +++ b/roles/server/molecule/2.3.0/molecule.yml @@ -1,4 +1,5 @@ --- +# cgroupv2 support: https://github.com/geerlingguy/docker-ubuntu2204-ansible/issues/6 dependency: name: galaxy driver: @@ -7,57 +8,61 @@ platforms: - name: ubuntu2004 image: geerlingguy/docker-ubuntu2004-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: ubuntu2204 image: geerlingguy/docker-ubuntu2204-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - - name: debian10 - image: geerlingguy/docker-debian10-ansible + - name: ubuntu2404 + image: geerlingguy/docker-ubuntu2404-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - name: debian11 image: geerlingguy/docker-debian11-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true - ## Python 2 on CentOS 7 produces failures, that are non-trivial to fix - ## so we stop testing against it. - # - name: centos7 - # image: geerlingguy/docker-centos7-ansible - # command: ${MOLECULE_DOCKER_COMMAND:-""} - # tmpfs: - # - /run - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:ro - # privileged: true - # pre_build_image: true - - name: centos8 - image: geerlingguy/docker-centos8-ansible + - name: debian12 + image: geerlingguy/docker-debian12-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host tmpfs: - /run volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + pre_build_image: true + - name: rockylinux9 + image: geerlingguy/docker-rockylinux9-ansible + command: ${MOLECULE_DOCKER_COMMAND:-""} + cgroupns_mode: host + tmpfs: + - /run + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true pre_build_image: true provisioner: diff --git a/roles/server/molecule/2.0.0/verify.yml b/roles/server/molecule/2.3.0/verify.yml similarity index 100% rename from roles/server/molecule/2.0.0/verify.yml rename to roles/server/molecule/2.3.0/verify.yml diff --git a/roles/server/tasks/RedHat.yml b/roles/server/tasks/RedHat.yml index 94685ff74..ecce0dd66 100644 --- a/roles/server/tasks/RedHat.yml +++ b/roles/server/tasks/RedHat.yml @@ -26,7 +26,7 @@ - name: "Install epel-release from URL on CentOS & RHEL 8." become: true - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ checkmk_server_epel_url }}" state: present disable_gpg_check: "{{ not checkmk_server_epel_gpg_check | bool }}" @@ -79,7 +79,7 @@ - name: "Install Checkmk Server." when: not 'check-mk-' + checkmk_server_edition_mapping[checkmk_server_edition] + '-' +checkmk_server_version in ansible_facts.packages become: true - ansible.builtin.yum: + ansible.builtin.dnf: name: "/tmp/{{ checkmk_server_setup_file }}" state: present disable_gpg_check: '{{ not checkmk_server_verify_setup | bool }}' diff --git a/roles/server/vars/Debian.yml b/roles/server/vars/Debian.yml index 569f1094b..36c07a4cd 100644 --- a/roles/server/vars/Debian.yml +++ b/roles/server/vars/Debian.yml @@ -1,5 +1,6 @@ --- -checkmk_server_setup_file: "check-mk-{{ checkmk_server_edition_mapping[checkmk_server_edition | lower] }}-{{ checkmk_server_version }}_0.{{ ansible_distribution_release }}_amd64.deb" # noqa yaml[line-length] +checkmk_server_setup_file: |- + check-mk-{{ checkmk_server_edition_mapping[checkmk_server_edition | lower] }}-{{ checkmk_server_version }}_0.{{ ansible_distribution_release }}_amd64.deb checkmk_server_prerequisites: - freeipmi diff --git a/roles/server/vars/RedHat.yml b/roles/server/vars/RedHat.yml index 8494d13a6..1177694d2 100644 --- a/roles/server/vars/RedHat.yml +++ b/roles/server/vars/RedHat.yml @@ -1,6 +1,7 @@ --- -checkmk_server_setup_file: "check-mk-{{ checkmk_server_edition_mapping[checkmk_server_edition | lower] }}-{{ checkmk_server_version }}-el{{ ansible_distribution_major_version }}-38.x86_64.rpm" # noqa yaml[line-length] +checkmk_server_setup_file: |- + check-mk-{{ checkmk_server_edition_mapping[checkmk_server_edition | lower] }}-{{ checkmk_server_version }}-el{{ ansible_distribution_major_version }}-38.x86_64.rpm checkmk_server_ports: - 80/tcp diff --git a/scripts/release.sh b/scripts/release.sh index 8c003f1ee..bd5ae53ac 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -15,9 +15,9 @@ script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) collection_dir="${script_dir%/*}" # Update these as necessary: -checkmk_ancient="2.0.0p39" -checkmk_oldstable="2.1.0p41" -checkmk_stable="2.2.0p24" +checkmk_ancient="2.1.0p44" +checkmk_oldstable="2.2.0p27" +checkmk_stable="2.3.0p5" while getopts 's:t:' OPTION; do case "$OPTION" in @@ -41,18 +41,18 @@ echo "# Changes:" sed -i "s/version: ${source_version}/version: ${target_version}/g" "${collection_dir}/galaxy.yml" && echo "Updated Collection version in 'galaxy.yml' from ${source_version} to ${target_version}." # The following is quite hacky, but it works well enough. If you want to tame the sed monster, have at it. Otherwise be careful with changes here. ## Integration tests -find "${collection_dir}/tests/integration/targets/" -type f -name main.yml -exec sed -i "s/2.2.0.*/${checkmk_stable}\"/g" {} \; && echo "Updated Checkmk Stable version for integration tests to ${checkmk_stable}." -find "${collection_dir}/tests/integration/targets/" -type f -name main.yml -exec sed -i "s/2.1.0.*/${checkmk_oldstable}\"/g" {} \; && echo "Updated Checkmk Oldstable version for integration tests to ${checkmk_oldstable}." -find "${collection_dir}/tests/integration/targets/" -type f -name main.yml -exec sed -i "s/2.0.0.*/${checkmk_ancient}\"/g" {} \; && echo "Updated Checkmk Ancient version for integration tests to ${checkmk_ancient}." +find "${collection_dir}/tests/integration/targets/" -type f -name main.yml -exec sed -i "s/2.3.0.*/${checkmk_stable}\"/g" {} \; && echo "Updated Checkmk Stable version for integration tests to ${checkmk_stable}." +find "${collection_dir}/tests/integration/targets/" -type f -name main.yml -exec sed -i "s/2.2.0.*/${checkmk_oldstable}\"/g" {} \; && echo "Updated Checkmk Oldstable version for integration tests to ${checkmk_oldstable}." +find "${collection_dir}/tests/integration/targets/" -type f -name main.yml -exec sed -i "s/2.1.0.*/${checkmk_ancient}\"/g" {} \; && echo "Updated Checkmk Ancient version for integration tests to ${checkmk_ancient}." ## Molecule tests -find "${collection_dir}/roles/" -type f -name all.yml -exec sed -i "s/2.2.0.*/${checkmk_stable}\"/g" {} \; && echo "Updated Checkmk Stable version for molecule tests to ${checkmk_stable}." -find "${collection_dir}/roles/" -type f -name all.yml -exec sed -i "s/2.1.0.*/${checkmk_oldstable}\"/g" {} \; && echo "Updated Checkmk Oldstable version for molecule tests to ${checkmk_oldstable}." -find "${collection_dir}/roles/" -type f -name all.yml -exec sed -i "s/2.0.0.*/${checkmk_ancient}\"/g" {} \; && echo "Updated Checkmk Ancient version for molecule tests to ${checkmk_ancient}." +find "${collection_dir}/roles/" -type f -name all.yml -exec sed -i "s/2.3.0.*/${checkmk_stable}\"/g" {} \; && echo "Updated Checkmk Stable version for molecule tests to ${checkmk_stable}." +find "${collection_dir}/roles/" -type f -name all.yml -exec sed -i "s/2.2.0.*/${checkmk_oldstable}\"/g" {} \; && echo "Updated Checkmk Oldstable version for molecule tests to ${checkmk_oldstable}." +find "${collection_dir}/roles/" -type f -name all.yml -exec sed -i "s/2.1.0.*/${checkmk_ancient}\"/g" {} \; && echo "Updated Checkmk Ancient version for molecule tests to ${checkmk_ancient}." # Roles: -find "${collection_dir}/roles/" -type f -name main.yml -exec sed -i "s/2.2.0.*/${checkmk_stable}\"/g" {} \; && echo "Updated default Checkmk version for roles to ${checkmk_stable}." -find "${collection_dir}/roles/" -type f -name README.md -exec sed -i "s/2.2.0.*/${checkmk_stable}\"/g" {} \; && echo "Updated default Checkmk version in roles README to ${checkmk_stable}." +find "${collection_dir}/roles/" -type f -name main.yml -exec sed -i "s/2.3.0.*/${checkmk_stable}\"/g" {} \; && echo "Updated default Checkmk version for roles to ${checkmk_stable}." +find "${collection_dir}/roles/" -type f -name README.md -exec sed -i "s/2.3.0.*/${checkmk_stable}\"/g" {} \; && echo "Updated default Checkmk version in roles README to ${checkmk_stable}." # Support Matrix -grep "${target_version}" "${collection_dir}/SUPPORT.md" || echo "${target_version} | ${checkmk_ancient}, ${checkmk_oldstable}, ${checkmk_stable} | 2.14, 2.15, 2.16 | None" >> "${collection_dir}/SUPPORT.md" && echo "Added line to compatibility matrix in SUPPORT.md." +grep "${target_version}" "${collection_dir}/SUPPORT.md" > /dev/null || echo "${target_version} | ${checkmk_ancient}, ${checkmk_oldstable}, ${checkmk_stable} | 2.15, 2.16, 2.17 | None" >> "${collection_dir}/SUPPORT.md" && echo "Added line to compatibility matrix in SUPPORT.md." echo "# End changes section." echo @@ -61,4 +61,5 @@ echo "# Test findings:" if [[ $(find "${collection_dir}/changelogs/fragments" | wc -l) -lt 1 ]] ; then echo "Make sure to provide all relevant changelogs!" ; fi grep -R release_summary "${collection_dir}/changelogs/fragments/" > /dev/null || echo "Please provide a 'release_summary' in the changelogs!" grep "${target_version}" "${collection_dir}/SUPPORT.md" > /dev/null || echo "Please provide a line about the version support in 'SUPPORT.md'!" +grep -R breaking_changes "${collection_dir}/changelogs/fragments/" > /dev/null && echo "Breaking changes found! Make sure to reflect this in the release version!" echo "# End tests section." diff --git a/tests/container/Dockerfile b/tests/container/Dockerfile index 451ce7c8f..ad69dd744 100644 --- a/tests/container/Dockerfile +++ b/tests/container/Dockerfile @@ -112,15 +112,15 @@ RUN apt-get update && \ # Pre-create Sites RUN \ - omd -V ${stable}.cre create -A --no-tmpfs --admin-password "d7589df1" "stable_cre" ; \ - omd -V ${stable}.cee create -A --no-tmpfs --admin-password "d7589df1" "stable_cee" ; \ - omd -V ${stable}.cme create -A --no-tmpfs --admin-password "d7589df1" "stable_cme" ; \ - omd -V ${stable}.cce create -A --no-tmpfs --admin-password "d7589df1" "stable_cce" ; \ - omd -V ${old}.cre create -A --no-tmpfs --admin-password "d7589df1" "old_cre" ; \ - omd -V ${old}.cee create -A --no-tmpfs --admin-password "d7589df1" "old_cee" ; \ - omd -V ${old}.cme create -A --no-tmpfs --admin-password "d7589df1" "old_cme" ; \ - omd -V ${ancient}.cre create -A --no-tmpfs --admin-password "d7589df1" "ancient_cre" ; \ - omd -V ${ancient}.cee create -A --no-tmpfs --admin-password "d7589df1" "ancient_cee" ; \ - omd -V ${ancient}.cme create -A --no-tmpfs --admin-password "d7589df1" "ancient_cme" + omd -V ${stable}.cre create -A --no-tmpfs --admin-password "mysecret" "stable_cre" ; \ + omd -V ${stable}.cee create -A --no-tmpfs --admin-password "mysecret" "stable_cee" ; \ + omd -V ${stable}.cme create -A --no-tmpfs --admin-password "mysecret" "stable_cme" ; \ + omd -V ${stable}.cce create -A --no-tmpfs --admin-password "mysecret" "stable_cce" ; \ + omd -V ${old}.cre create -A --no-tmpfs --admin-password "mysecret" "old_cre" ; \ + omd -V ${old}.cee create -A --no-tmpfs --admin-password "mysecret" "old_cee" ; \ + omd -V ${old}.cme create -A --no-tmpfs --admin-password "mysecret" "old_cme" ; \ + omd -V ${ancient}.cre create -A --no-tmpfs --admin-password "mysecret" "ancient_cre" ; \ + omd -V ${ancient}.cee create -A --no-tmpfs --admin-password "mysecret" "ancient_cee" ; \ + omd -V ${ancient}.cme create -A --no-tmpfs --admin-password "mysecret" "ancient_cme" CMD ["/usr/bin/systemctl"] diff --git a/tests/integration/targets/activation/vars/main.yml b/tests/integration/targets/activation/vars/main.yml index 51ed346c9..1fd76dde8 100644 --- a/tests/integration/targets/activation/vars/main.yml +++ b/tests/integration/targets/activation/vars/main.yml @@ -1,15 +1,15 @@ --- test_sites: - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cre" site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/bakery/vars/main.yml b/tests/integration/targets/bakery/vars/main.yml index 8dc3b3562..9b1d69f8c 100644 --- a/tests/integration/targets/bakery/vars/main.yml +++ b/tests/integration/targets/bakery/vars/main.yml @@ -1,11 +1,14 @@ --- test_sites: - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.2.0p27" edition: "cee" site: "old_cee" + - version: "2.1.0p44" + edition: "cee" + site: "ancient_cee" signature_key_id: 1 signature_key_passphrase: "{{ checkmk_var_automation_secret }}" diff --git a/tests/integration/targets/contact_group/tasks/test.yml b/tests/integration/targets/contact_group/tasks/test.yml index d91aec55a..08a673478 100644 --- a/tests/integration/targets/contact_group/tasks/test.yml +++ b/tests/integration/targets/contact_group/tasks/test.yml @@ -1,10 +1,21 @@ --- +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Set customer when needed." + ansible.builtin.set_fact: + customer: "provider" + when: (outer_item.edition == "cme") or (outer_item.edition == "cce") + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Unset customer when needed." + ansible.builtin.set_fact: + customer: null + when: not ((outer_item.edition == "cme") or (outer_item.edition == "cce")) + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Create contact groups." contact_group: server_url: "{{ checkmk_var_server_url }}" site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 name: "{{ item.name }}" title: "{{ item.title | default(item.name) }}" state: "present" @@ -18,6 +29,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 name: "{{ item.name }}" title: "{{ item.title | default(item.name) }}" groups: checkmk_contact_groups_create @@ -46,6 +58,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 name: "{{ item.name | default(item.name) }}" title: "{{ item.title }}" state: "present" @@ -71,6 +84,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 name: "{{ item.name }}" state: "absent" delegate_to: localhost @@ -95,6 +109,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 name: "{{ item.name }}" state: "absent" delegate_to: localhost @@ -119,6 +134,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 groups: "{{ checkmk_contact_groups_create }}" state: "present" delegate_to: localhost @@ -130,6 +146,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 groups: "{{ checkmk_contact_groups_create }}" name: "test" state: "present" @@ -144,6 +161,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 groups: "{{ checkmk_contact_groups_create }}" title: "Test" state: "present" @@ -159,6 +177,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 groups: "{{ checkmk_contact_groups_modify }}" state: "present" delegate_to: localhost @@ -170,6 +189,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 groups: "{{ checkmk_contact_groups_delete }}" state: "absent" delegate_to: localhost @@ -181,6 +201,7 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" + customer: "{{ (customer != None) | ternary(customer, omit) }}" # See PR #427 groups: "{{ checkmk_contact_groups_create }}" state: "absent" delegate_to: localhost diff --git a/tests/integration/targets/contact_group/vars/main.yml b/tests/integration/targets/contact_group/vars/main.yml index 64b3a3293..9af32b735 100644 --- a/tests/integration/targets/contact_group/vars/main.yml +++ b/tests/integration/targets/contact_group/vars/main.yml @@ -1,15 +1,18 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" + edition: "cme" + site: "stable_cme" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/discovery/tasks/test.yml b/tests/integration/targets/discovery/tasks/test.yml index 2f07cb510..bc99f6879 100644 --- a/tests/integration/targets/discovery/tasks/test.yml +++ b/tests/integration/targets/discovery/tasks/test.yml @@ -65,6 +65,64 @@ run_once: true # noqa run-once[task] loop: "{{ checkmk_hosts }}" + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Update service labels. (Should fail < 2.3.0)" + discovery: + server_url: "{{ checkmk_var_server_url }}" + site: "{{ outer_item.site }}" + automation_user: "{{ checkmk_var_automation_user }}" + automation_secret: "{{ checkmk_var_automation_secret }}" + host_name: "{{ item.name }}" + state: "only_service_labels" + delegate_to: localhost + run_once: true # noqa run-once[task] + loop: "{{ checkmk_hosts }}" + register: updateservicelabels_output + failed_when: "'State is not supported before 2.3.0' not in updateservicelabels_output.msg" + when: "not '2.3.0' in outer_item.version" + + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Monitor undecided services. (Should fail < 2.3.0)" + discovery: + server_url: "{{ checkmk_var_server_url }}" + site: "{{ outer_item.site }}" + automation_user: "{{ checkmk_var_automation_user }}" + automation_secret: "{{ checkmk_var_automation_secret }}" + host_name: "{{ item.name }}" + state: "monitor_undecided_services" + delegate_to: localhost + run_once: true # noqa run-once[task] + loop: "{{ checkmk_hosts }}" + register: monitorundecidedservices_output + failed_when: "'State is not supported before 2.3.0' not in monitorundecidedservices_output.msg" + when: "not '2.3.0' in outer_item.version" + + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Update service labels." + discovery: + server_url: "{{ checkmk_var_server_url }}" + site: "{{ outer_item.site }}" + automation_user: "{{ checkmk_var_automation_user }}" + automation_secret: "{{ checkmk_var_automation_secret }}" + host_name: "{{ item.name }}" + state: "only_service_labels" + delegate_to: localhost + run_once: true # noqa run-once[task] + loop: "{{ checkmk_hosts }}" + when: "'2.3.0' in outer_item.version" + + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Monitor undecided services. (Should fail in 2.3.0)" + discovery: + server_url: "{{ checkmk_var_server_url }}" + site: "{{ outer_item.site }}" + automation_user: "{{ checkmk_var_automation_user }}" + automation_secret: "{{ checkmk_var_automation_secret }}" + host_name: "{{ item.name }}" + state: "monitor_undecided_services" + delegate_to: localhost + run_once: true # noqa run-once[task] + loop: "{{ checkmk_hosts }}" + register: stablemonitorundecidedservices_output + failed_when: "'State can only be used in bulk mode' not in stablemonitorundecidedservices_output.msg" + when: "'2.3.0' in outer_item.version" + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Tabula Rasa. (New since 2.2)" discovery: server_url: "{{ checkmk_var_server_url }}" @@ -76,7 +134,7 @@ delegate_to: localhost run_once: true # noqa run-once[task] loop: "{{ checkmk_hosts }}" - when: "'2.2' in outer_item.version" + when: "not '2.1' in outer_item.version" - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Discover hosts (fix_all)." discovery: @@ -178,6 +236,58 @@ bulk_size: 5 delegate_to: localhost + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Bulk: Update service labels. (Should fail < 2.3.0)" + discovery: + server_url: "{{ checkmk_var_server_url }}" + site: "{{ outer_item.site }}" + automation_user: "{{ checkmk_var_automation_user }}" + automation_secret: "{{ checkmk_var_automation_secret }}" + hosts: "{{ checkmk_host_names }}" + state: "only_service_labels" + bulk_size: 5 + delegate_to: localhost + register: bulkupdateservicelabels_output + failed_when: "'State is not supported before 2.3.0' not in bulkupdateservicelabels_output.msg" + when: "not '2.3.0' in outer_item.version" + + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Bulk: Monitor undecided services. (Should fail < 2.3.0)" + discovery: + server_url: "{{ checkmk_var_server_url }}" + site: "{{ outer_item.site }}" + automation_user: "{{ checkmk_var_automation_user }}" + automation_secret: "{{ checkmk_var_automation_secret }}" + hosts: "{{ checkmk_host_names }}" + state: "monitor_undecided_services" + bulk_size: 5 + delegate_to: localhost + register: bulkmonitorundecidedservices_output + failed_when: "'State is not supported before 2.3.0' not in bulkmonitorundecidedservices_output.msg" + when: "not '2.3.0' in outer_item.version" + + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Bulk: Update service labels. (only 2.3)" + discovery: + server_url: "{{ checkmk_var_server_url }}" + site: "{{ outer_item.site }}" + automation_user: "{{ checkmk_var_automation_user }}" + automation_secret: "{{ checkmk_var_automation_secret }}" + hosts: "{{ checkmk_host_names }}" + state: "only_service_labels" + bulk_size: 5 + delegate_to: localhost + when: "'2.3.0' in outer_item.version" + + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Bulk: Monitor undecided services. (only 2.3)" + discovery: + server_url: "{{ checkmk_var_server_url }}" + site: "{{ outer_item.site }}" + automation_user: "{{ checkmk_var_automation_user }}" + automation_secret: "{{ checkmk_var_automation_secret }}" + hosts: "{{ checkmk_host_names }}" + state: "monitor_undecided_services" + bulk_size: 5 + delegate_to: localhost + when: "'2.3.0' in outer_item.version" + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Bulk: Add undecided services to monitoring." discovery: server_url: "{{ checkmk_var_server_url }}" diff --git a/tests/integration/targets/discovery/vars/main.yml b/tests/integration/targets/discovery/vars/main.yml index baacf997c..b3b03d38a 100644 --- a/tests/integration/targets/discovery/vars/main.yml +++ b/tests/integration/targets/discovery/vars/main.yml @@ -1,15 +1,15 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/downtime/vars/main.yml b/tests/integration/targets/downtime/vars/main.yml index 51ed346c9..8c4301d99 100644 --- a/tests/integration/targets/downtime/vars/main.yml +++ b/tests/integration/targets/downtime/vars/main.yml @@ -1,15 +1,15 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/folder/vars/main.yml b/tests/integration/targets/folder/vars/main.yml index 8097a75d4..8b611a37e 100644 --- a/tests/integration/targets/folder/vars/main.yml +++ b/tests/integration/targets/folder/vars/main.yml @@ -1,15 +1,15 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/host/vars/main.yml b/tests/integration/targets/host/vars/main.yml index d81b1bb2f..db80bc402 100644 --- a/tests/integration/targets/host/vars/main.yml +++ b/tests/integration/targets/host/vars/main.yml @@ -1,18 +1,17 @@ --- test_sites: - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cre" site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - # Temporarily disable due to #596 until the permanent change to remove it lands. - # - version: "2.0.0p39" - # edition: "cre" - # site: "ancient_cre" + - version: "2.1.0p44" + edition: "cre" + site: "ancient_cre" checkmk_var_folders: - path: /foo diff --git a/tests/integration/targets/host_group/vars/main.yml b/tests/integration/targets/host_group/vars/main.yml index 0daee776d..780d6adcf 100644 --- a/tests/integration/targets/host_group/vars/main.yml +++ b/tests/integration/targets/host_group/vars/main.yml @@ -1,18 +1,18 @@ --- test_sites: - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cme" site: "stable_cme" - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/lookup_bakery/vars/main.yml b/tests/integration/targets/lookup_bakery/vars/main.yml index 554d567ff..d11082443 100644 --- a/tests/integration/targets/lookup_bakery/vars/main.yml +++ b/tests/integration/targets/lookup_bakery/vars/main.yml @@ -1,8 +1,11 @@ --- test_sites: - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.2.0p27" edition: "cee" site: "old_cee" + - version: "2.1.0p44" + edition: "cee" + site: "ancient_cee" diff --git a/tests/integration/targets/lookup_folder/tasks/test.yml b/tests/integration/targets/lookup_folder/tasks/test.yml index 11522c352..d1cd63470 100644 --- a/tests/integration/targets/lookup_folder/tasks/test.yml +++ b/tests/integration/targets/lookup_folder/tasks/test.yml @@ -30,9 +30,9 @@ - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Get attributes of folder." ansible.builtin.debug: - msg: "Criticality of {{ checkmk_folder.name }} is {{ extensions.attributes.tag_criticality }}" + msg: "Criticality of {{ checkmk_folder.name }} is {{ folder.extensions.attributes.tag_criticality }}" vars: - extensions: "{{ lookup('checkmk.general.folder', + folder: "{{ lookup('checkmk.general.folder', checkmk_folder.path, server_url=checkmk_var_server_url, site=outer_item.site, @@ -45,9 +45,9 @@ - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Verify folder criticality." ansible.builtin.assert: - that: "extensions.attributes.tag_criticality == checkmk_folder.criticality" + that: "folder.extensions.attributes.tag_criticality == checkmk_folder.criticality" vars: - extensions: "{{ lookup('checkmk.general.folder', + folder: "{{ lookup('checkmk.general.folder', checkmk_folder.path, server_url=checkmk_var_server_url, site=outer_item.site, @@ -60,9 +60,9 @@ - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call." ansible.builtin.assert: - that: "extensions.attributes.tag_criticality == checkmk_folder.criticality" + that: "folder.extensions.attributes.tag_criticality == checkmk_folder.criticality" vars: - extensions: "{{ lookup('checkmk.general.folder', checkmk_folder.path) }}" + folder: "{{ lookup('checkmk.general.folder', checkmk_folder.path) }}" delegate_to: localhost run_once: true # noqa run-once[task] when: outer_item.edition == "stable_cee" diff --git a/tests/integration/targets/lookup_folder/vars/main.yml b/tests/integration/targets/lookup_folder/vars/main.yml index 6cb3eb9ef..62c0680a6 100644 --- a/tests/integration/targets/lookup_folder/vars/main.yml +++ b/tests/integration/targets/lookup_folder/vars/main.yml @@ -1,15 +1,15 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/lookup_folders/vars/main.yml b/tests/integration/targets/lookup_folders/vars/main.yml index 08bf5faba..c747dd8de 100644 --- a/tests/integration/targets/lookup_folders/vars/main.yml +++ b/tests/integration/targets/lookup_folders/vars/main.yml @@ -1,15 +1,15 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/lookup_host/vars/main.yml b/tests/integration/targets/lookup_host/vars/main.yml index 3fb8f7a57..b88415831 100644 --- a/tests/integration/targets/lookup_host/vars/main.yml +++ b/tests/integration/targets/lookup_host/vars/main.yml @@ -1,15 +1,15 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/lookup_hosts/vars/main.yml b/tests/integration/targets/lookup_hosts/vars/main.yml index cd76290b6..117af9770 100644 --- a/tests/integration/targets/lookup_hosts/vars/main.yml +++ b/tests/integration/targets/lookup_hosts/vars/main.yml @@ -1,15 +1,15 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/lookup_rules/vars/main.yml b/tests/integration/targets/lookup_rules/vars/main.yml index 66144c474..f7aa3234c 100644 --- a/tests/integration/targets/lookup_rules/vars/main.yml +++ b/tests/integration/targets/lookup_rules/vars/main.yml @@ -1,14 +1,17 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" + - version: "2.1.0p44" + edition: "cre" + site: "ancient_cre" checkmk_rulesets: - "checkgroup_parameters:filesystem" diff --git a/tests/integration/targets/lookup_rulesets/vars/main.yml b/tests/integration/targets/lookup_rulesets/vars/main.yml index c586b1e5f..51efe5775 100644 --- a/tests/integration/targets/lookup_rulesets/vars/main.yml +++ b/tests/integration/targets/lookup_rulesets/vars/main.yml @@ -1,14 +1,17 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" + - version: "2.1.0p44" + edition: "cre" + site: "ancient_cre" checkmk_ruleset_regexes: - "checkgroup_parameters:filesystem" diff --git a/tests/integration/targets/lookup_version/vars/main.yml b/tests/integration/targets/lookup_version/vars/main.yml index 1d2102698..2f18253b6 100644 --- a/tests/integration/targets/lookup_version/vars/main.yml +++ b/tests/integration/targets/lookup_version/vars/main.yml @@ -1,14 +1,14 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/password/vars/main.yml b/tests/integration/targets/password/vars/main.yml index 01c5bbf77..93100f1dc 100644 --- a/tests/integration/targets/password/vars/main.yml +++ b/tests/integration/targets/password/vars/main.yml @@ -1,18 +1,18 @@ --- test_sites: - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cme" site: "stable_cme" - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/rule/tasks/test.yml b/tests/integration/targets/rule/tasks/test.yml index f380dd7b0..7e50b4759 100644 --- a/tests/integration/targets/rule/tasks/test.yml +++ b/tests/integration/targets/rule/tasks/test.yml @@ -1,4 +1,7 @@ --- +- name: "Include Checkmk version specific Variables." + ansible.builtin.include_vars: "{{ outer_item.version | regex_search('^[0-9]+[.][0-9]+[.][0-9]+') }}.yml" + - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Create rules." rule: server_url: "{{ checkmk_var_server_url }}" @@ -11,20 +14,28 @@ delegate_to: localhost run_once: true # noqa run-once[task] loop: "{{ checkmk_var_rules }}" + register: created_rules -- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Activate." - activation: - server_url: "{{ checkmk_var_server_url }}" - site: "{{ outer_item.site }}" - automation_user: "{{ checkmk_var_automation_user }}" - automation_secret: "{{ checkmk_var_automation_secret }}" - force_foreign_changes: true - sites: - - "{{ outer_item.site }}" - delegate_to: localhost - run_once: true # noqa run-once[task] +# - name: Extract all rules from employed rulesets +# ansible.builtin.uri: +# url: '{{ checkmk_var_server_url }}/{{ outer_item.site }}/check_mk/api/1.0/domain-types/rule/collections/all?ruleset_name={{ item.ruleset }}' +# method: get +# status_code: [200] +# headers: +# Authorization: "Bearer {{ checkmk_var_automation_user }} {{ checkmk_var_automation_secret }}" +# Accept: "application/json" +# Content-Type: "application/json" +# changed_when: false +# delegate_to: localhost +# run_once: true # noqa run-once[task] +# register: output +# loop: "{{ checkmk_var_rules }}" -- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Create rules." +# - name: Print extracted info +# ansible.builtin.debug: +# var: output.results + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Create rules. Again" rule: server_url: "{{ checkmk_var_server_url }}" site: "{{ outer_item.site }}" @@ -35,13 +46,13 @@ state: "present" delegate_to: localhost run_once: true # noqa run-once[task] - register: rule_result loop: "{{ checkmk_var_rules }}" + register: created_rules_again_result - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Fail if changed." # noqa no-handler ansible.builtin.fail: msg: "Rule changed!" - when: "rule_result.changed" + when: "created_rules_again_result.changed" delegate_to: localhost run_once: true # noqa run-once[task] @@ -51,43 +62,77 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" - ruleset: "{{ item.ruleset }}" - rule: - rule_id: "{{ existing_rule[0].id }}" - properties: { - "comment": "{{ existing_rule[0].extensions.properties.comment }}", - "description": "Modified this intentionally.", - "disabled": "{{ existing_rule[0].extensions.properties.disabled }}" - } - conditions: "{{ existing_rule[0].extensions.conditions }}" - value_raw: "{{ existing_rule[0].extensions.value_raw | string }}" + ruleset: "{{ item.content.extensions.ruleset }}" + rule: + rule_id: "{{ item.content.id }}" + conditions: "{{ item.content.extensions.conditions }}" + properties: + comment: "{{ item.content.extensions.properties.comment | default('') }}" + description: "New description" + value_raw: "{{ item.content.extensions.value_raw | string }}" state: "present" - when: "existing_rule|length>0" - vars: - existing_rule: "{{ lookup('checkmk.general.rules', - ruleset=item.ruleset, - comment_regex='Ansible managed', - server_url=checkmk_var_server_url, - site=outer_item.site, - validate_certs=False, - automation_user=checkmk_var_automation_user, - automation_secret=checkmk_var_automation_secret) - }}" delegate_to: localhost run_once: true # noqa run-once[task] - loop: "{{ checkmk_var_rules }}" + loop: "{{ created_rules.results }}" + loop_control: + label: "{{ item.content.id }}" -- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Activate." - activation: +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Modify rules. Again." + rule: server_url: "{{ checkmk_var_server_url }}" site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" - force_foreign_changes: true - sites: - - "{{ outer_item.site }}" + ruleset: "{{ item.content.extensions.ruleset }}" + rule: + rule_id: "{{ item.content.id }}" + conditions: "{{ item.content.extensions.conditions }}" + properties: + comment: "{{ item.content.extensions.properties.comment | default('') }}" + description: "New description" + value_raw: "{{ item.content.extensions.value_raw | string }}" + state: "present" delegate_to: localhost run_once: true # noqa run-once[task] + loop: "{{ created_rules.results }}" + loop_control: + label: "{{ item.content.id }}" + register: rule_result + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Fail if changed." # noqa no-handler + ansible.builtin.fail: + msg: "Rule changed!" + when: "rule_result.changed" + delegate_to: localhost + run_once: true # noqa run-once[task] + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Modify rules found by a lookup." + rule: + server_url: "{{ checkmk_var_server_url }}" + site: "{{ outer_item.site }}" + automation_user: "{{ checkmk_var_automation_user }}" + automation_secret: "{{ checkmk_var_automation_secret }}" + ruleset: "{{ item.extensions.ruleset }}" + rule: + rule_id: "{{ item.id }}" + conditions: "{{ item.extensions.conditions }}" + properties: + comment: "{{ item.extensions.properties.comment }}" + description: "Even newer description" + value_raw: "{{ item.extensions.value_raw | string }}" + state: "present" + delegate_to: localhost + run_once: true # noqa run-once[task] + loop: "{{ lookup('checkmk.general.rules', + ruleset='checkgroup_parameters:filesystem', + comment_regex='Ansible managed', + server_url=checkmk_var_server_url, + site=outer_item.site, + automation_user=checkmk_var_automation_user, + automation_secret=checkmk_var_automation_secret, + validate_certs=False) }}" + loop_control: + label: "{{ item.id }}" - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Delete rules." rule: @@ -95,12 +140,15 @@ site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" - ruleset: "{{ item.ruleset }}" - rule: "{{ item.rule }}" + ruleset: "{{ item.content.extensions.ruleset }}" + rule: + rule_id: "{{ item.content.id }}" state: "absent" delegate_to: localhost run_once: true # noqa run-once[task] - loop: "{{ checkmk_var_rules }}" + loop: "{{ created_rules.results }}" + loop_control: + label: "{{ item.content.id }}" - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Activate." activation: @@ -114,19 +162,21 @@ delegate_to: localhost run_once: true # noqa run-once[task] -- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Delete rules." +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Delete rules. Again." rule: server_url: "{{ checkmk_var_server_url }}" site: "{{ outer_item.site }}" automation_user: "{{ checkmk_var_automation_user }}" automation_secret: "{{ checkmk_var_automation_secret }}" - ruleset: "{{ item.ruleset }}" - rule: "{{ item.rule }}" + ruleset: "{{ item.content.extensions.ruleset }}" + rule: + rule_id: "{{ item.content.id }}" state: "absent" delegate_to: localhost run_once: true # noqa run-once[task] - register: rule_result - loop: "{{ checkmk_var_rules }}" + loop: "{{ created_rules.results }}" + loop_control: + label: "{{ item.content.id }}" - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Fail if changed." # noqa no-handler ansible.builtin.fail: diff --git a/tests/integration/targets/rule/vars/2.1.0.yml b/tests/integration/targets/rule/vars/2.1.0.yml new file mode 100644 index 000000000..8a96fd72a --- /dev/null +++ b/tests/integration/targets/rule/vars/2.1.0.yml @@ -0,0 +1,109 @@ +--- +checkmk_var_rules: + - name: "Filesystems (used space and growth) - Magic Factor." + ruleset: "checkgroup_parameters:filesystem" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "description": "", + "disabled": false + } + value_raw: "{'magic': 0.8}" + + - name: "CPU load (not utilization!) - 15 minute load." + ruleset: "checkgroup_parameters:cpu_load" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "description": "", + "disabled": false + } + value_raw: "{'levels': (1.0, 2.0)}" + + - name: "CPU utilization on Linux/UNIX - Multiple thresholds." + ruleset: "checkgroup_parameters:cpu_iowait" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "description": "", + "disabled": false + } + value_raw: "{'core_util_time': (100.0, 300, 900), 'core_util_time_total': (100.0, 300, 900)}" + + - name: "Logwatch Event Console Forwarding - Multiple values." + ruleset: "checkgroup_parameters:logwatch_ec" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "", + "description": "", + "disabled": false + } + value_raw: "{'facility': 17, 'method': '', 'monitor_logfilelist': False}" + + - name: "Simulating SNMP by using a stored SNMP walk - Enable." + ruleset: "usewalk_hosts" + rule: + conditions: { + "host_labels": [], + "host_tags": [ + { + "key": "snmp_ds", + "operator": "is_not", + "value": "no-snmp" + } + ], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "disabled": false, + } + value_raw: 'True' + + - name: "Memory percentage used - Levels." + ruleset: "checkgroup_parameters:memory_percentage_used" + rule: + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "Warning at 80%\nCritical at 90%\n", + "description": "Allow higher memory usage", + "disabled": false, + "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rules.py" + } + value_raw: "{'levels': (80.0, 90.0)}" diff --git a/tests/integration/targets/rule/vars/2.2.0.yml b/tests/integration/targets/rule/vars/2.2.0.yml new file mode 100644 index 000000000..8a96fd72a --- /dev/null +++ b/tests/integration/targets/rule/vars/2.2.0.yml @@ -0,0 +1,109 @@ +--- +checkmk_var_rules: + - name: "Filesystems (used space and growth) - Magic Factor." + ruleset: "checkgroup_parameters:filesystem" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "description": "", + "disabled": false + } + value_raw: "{'magic': 0.8}" + + - name: "CPU load (not utilization!) - 15 minute load." + ruleset: "checkgroup_parameters:cpu_load" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "description": "", + "disabled": false + } + value_raw: "{'levels': (1.0, 2.0)}" + + - name: "CPU utilization on Linux/UNIX - Multiple thresholds." + ruleset: "checkgroup_parameters:cpu_iowait" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "description": "", + "disabled": false + } + value_raw: "{'core_util_time': (100.0, 300, 900), 'core_util_time_total': (100.0, 300, 900)}" + + - name: "Logwatch Event Console Forwarding - Multiple values." + ruleset: "checkgroup_parameters:logwatch_ec" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "", + "description": "", + "disabled": false + } + value_raw: "{'facility': 17, 'method': '', 'monitor_logfilelist': False}" + + - name: "Simulating SNMP by using a stored SNMP walk - Enable." + ruleset: "usewalk_hosts" + rule: + conditions: { + "host_labels": [], + "host_tags": [ + { + "key": "snmp_ds", + "operator": "is_not", + "value": "no-snmp" + } + ], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "disabled": false, + } + value_raw: 'True' + + - name: "Memory percentage used - Levels." + ruleset: "checkgroup_parameters:memory_percentage_used" + rule: + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "Warning at 80%\nCritical at 90%\n", + "description": "Allow higher memory usage", + "disabled": false, + "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rules.py" + } + value_raw: "{'levels': (80.0, 90.0)}" diff --git a/tests/integration/targets/rule/vars/2.3.0.yml b/tests/integration/targets/rule/vars/2.3.0.yml new file mode 100644 index 000000000..07f6ee6ee --- /dev/null +++ b/tests/integration/targets/rule/vars/2.3.0.yml @@ -0,0 +1,152 @@ +--- +checkmk_var_rules: + - name: "Filesystems (used space and growth) - Magic Factor." + ruleset: "checkgroup_parameters:filesystem" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "description": "", + "disabled": false + } + value_raw: "{'magic': 0.8}" + + - name: "CPU load (not utilization!) - 15 minute load." + ruleset: "checkgroup_parameters:cpu_load" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "description": "", + "disabled": false + } + value_raw: "{'levels15': (1.0, 2.0)}" + + - name: "CPU utilization on Linux/UNIX - Multiple thresholds." + ruleset: "checkgroup_parameters:cpu_iowait" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "description": "", + "disabled": false + } + value_raw: "{'core_util_time': (100.0, 300, 900), 'core_util_time_total': (100.0, 300, 900)}" + + - name: "Logwatch Event Console Forwarding - Multiple values." + ruleset: "checkgroup_parameters:logwatch_ec" + rule: + location: + folder: "/" + position: "bottom" + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "", + "description": "", + "disabled": false + } + value_raw: "{'facility': 17, 'method': '', 'monitor_logfilelist': False}" + + - name: "Simulating SNMP by using a stored SNMP walk - Enable." + ruleset: "usewalk_hosts" + rule: + conditions: { + "host_labels": [], + "host_tags": [ + { + "key": "snmp_ds", + "operator": "is_not", + "value": "no-snmp" + } + ], + "service_labels": [] + } + properties: { + "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", + "disabled": false, + } + value_raw: 'True' + + - name: "Memory percentage used - Levels." + ruleset: "checkgroup_parameters:memory_percentage_used" + rule: + conditions: { + "host_labels": [], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "Warning at 80%\nCritical at 90%\n", + "description": "Allow higher memory usage", + "disabled": false, + "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rules.py" + } + value_raw: "{'levels': (80.0, 90.0)}" + + - name: "Memory percentage used - Combined host label conditions." + ruleset: "checkgroup_parameters:memory_percentage_used" + rule: + conditions: { + "host_label_groups": [ + { + operator: "and", + label_group: [ + { + operator: "and", + label: "cmk/site:beta" + }, + { + operator: "or", + label: "cmk/os_family:linux" + } + ], + }, + { + operator: "or", + label_group: [ + { + operator: "and", + label: "cmk/site:alpha" + }, + { + operator: "or", + label: "cmk/os_family:windows" + } + ], + }, + ], + "host_tags": [], + "service_labels": [] + } + properties: { + "comment": "Warning at 70%\nCritical at 80%\n", + "description": "Allow higher memory usage for certain host label conditions", + "disabled": false, + "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rules.py" + } + value_raw: "{'levels': (70.0, 80.0)}" diff --git a/tests/integration/targets/rule/vars/main.yml b/tests/integration/targets/rule/vars/main.yml index 3ad9d6726..2f18253b6 100644 --- a/tests/integration/targets/rule/vars/main.yml +++ b/tests/integration/targets/rule/vars/main.yml @@ -1,150 +1,14 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - -checkmk_var_rules: - - - name: "Filesystem - Magic Factor." - ruleset: "checkgroup_parameters:filesystem" - rule: - location: - folder: "/" - position: "bottom" - conditions: { - "host_labels": [], - "host_tags": [], - "service_labels": [] - } - properties: { - "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", - "description": "", - "disabled": false - } - value_raw: "{'magic': 0.8}" - - - name: "CPU - Load." - ruleset: "checkgroup_parameters:cpu_load" - rule: - location: - folder: "/" - position: "bottom" - conditions: { - "host_labels": [], - "host_tags": [], - "service_labels": [] - } - properties: { - "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", - "description": "", - "disabled": false - } - value_raw: "{'levels': (1.0, 2.0)}" - - - name: "CPU - Utilization." - ruleset: "checkgroup_parameters:cpu_iowait" - rule: - location: - folder: "/" - position: "bottom" - conditions: { - "host_labels": [], - "host_tags": [], - "service_labels": [] - } - properties: { - "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", - "description": "", - "disabled": false - } - value_raw: "{'core_util_time': (100.0, 300, 900), 'core_util_time_total': (100.0, 300, 900)}" - - - name: "Logwatch - Event Console Forwarding." - ruleset: "checkgroup_parameters:logwatch_ec" - rule: - location: - folder: "/" - position: "bottom" - conditions: { - "host_labels": [], - "host_tags": [], - "service_labels": [] - } - properties: { - "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", - "description": "", - "disabled": false - } - value_raw: "{'facility': 17, 'method': '', 'monitor_logfilelist': False}" - - - ruleset: "usewalk_hosts" - rule: - conditions: { - "host_labels": [], - "host_tags": [ - { - "key": "snmp_ds", - "operator": "is_not", - "value": "no-snmp" - } - ], - "service_labels": [] - } - properties: { - "comment": "{{ ansible_date_time.iso8601 }} - Ansible managed", - "disabled": false, - } - value_raw: 'True' - - ruleset: "checkgroup_parameters:memory_percentage_used" - rule: - conditions: { - "host_labels": [], - "host_tags": [], - "service_labels": [] - } - properties: { - "comment": "Warning at 80%\nCritical at 90%\n", - "description": "Allow higher memory usage", - "disabled": false, - "documentation_url": "https://github.com/Checkmk/ansible-collection-checkmk.general/blob/main/plugins/modules/rules.py" - } - value_raw: "{'levels': (80.0, 90.0)}" - - - ruleset: "periodic_discovery" - rule: - location: - position: "top" - folder: "/" - properties: - comment: "{{ ansible_date_time.iso8601 }} - Ansible managed" - description: "Perform Service Discovery every 5 minutes" - disabled: false - conditions: - host_tags: [] - service_labels: [] - host_labels: - - key: "robotmk" - operator: "is" - value: "yes" - value_raw: "{ - 'check_interval': 5.0, - 'inventory_rediscovery': { - 'activation': True, - 'excluded_time': [], - 'group_time': 900, - 'mode': 2, - 'service_filters':( - 'combined', {'service_whitelist': ['^E2E.*']} - ) - }, - 'severity_new_host_label': 0, - 'severity_unmonitored': 0, - 'severity_vanished': 0 - }" + - version: "2.1.0p44" + edition: "cre" + site: "ancient_cre" diff --git a/tests/integration/targets/service_group/vars/main.yml b/tests/integration/targets/service_group/vars/main.yml index fdedc14c7..62ebec255 100644 --- a/tests/integration/targets/service_group/vars/main.yml +++ b/tests/integration/targets/service_group/vars/main.yml @@ -1,18 +1,18 @@ --- test_sites: - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cme" site: "stable_cme" - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/tag_group/vars/main.yml b/tests/integration/targets/tag_group/vars/main.yml index 9f5653ddd..9e46f3e48 100644 --- a/tests/integration/targets/tag_group/vars/main.yml +++ b/tests/integration/targets/tag_group/vars/main.yml @@ -1,18 +1,18 @@ --- test_sites: - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cme" site: "stable_cme" - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" - - version: "2.0.0p39" + - version: "2.1.0p44" edition: "cre" site: "ancient_cre" diff --git a/tests/integration/targets/timeperiod/vars/main.yml b/tests/integration/targets/timeperiod/vars/main.yml index 3e7fc5176..566913f02 100644 --- a/tests/integration/targets/timeperiod/vars/main.yml +++ b/tests/integration/targets/timeperiod/vars/main.yml @@ -1,14 +1,17 @@ --- test_sites: - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" + - version: "2.1.0p44" + edition: "cre" + site: "ancient_cre" checkmk_timeperiods_create: - name: "lunchtime" diff --git a/tests/integration/targets/user/vars/main.yml b/tests/integration/targets/user/vars/main.yml index ef68bfe74..c3db47f91 100644 --- a/tests/integration/targets/user/vars/main.yml +++ b/tests/integration/targets/user/vars/main.yml @@ -1,17 +1,20 @@ --- test_sites: - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cme" site: "stable_cme" - - version: "2.2.0p24" - edition: "cre" - site: "stable_cre" - - version: "2.2.0p24" + - version: "2.3.0p5" edition: "cee" site: "stable_cee" - - version: "2.1.0p41" + - version: "2.3.0p5" + edition: "cre" + site: "stable_cre" + - version: "2.2.0p27" edition: "cre" site: "old_cre" + - version: "2.1.0p44" + edition: "cre" + site: "ancient_cre" checkmk_var_contact_groups: - team1