Merge pull request #136 from danragnar/fixes/ssl-and-minor-stuff

Fix minor issues with plugins list, ssl cert copy and allow no auth for API and Uchiwa
sensu · Feb 10, 2018 · 16f0c6f · 16f0c6f
2 parents d14aa91 + 8532bc0
commit 16f0c6f
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ This project adheres to [Semantic Versioning](http://semver.org/)
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
 ## [Unreleased]
+### Fixed
+- `defaults/main.yaml`,`tasks/plugins.yml`: Fix Python 3.X compatability issue when checking the contents of sensu_remote_plugins. (@danragnar)
+
+### Added
+- `templates/sensu-api-json.j2`, `templates/uchiwa_config.json.j2`: Check for explicitly defining uchiwa_users and sensu_api_user_name as empty to disable authentication, useful when having a reverse proxy handling auth in front of the API and/or the uchiwa dashboard (@danragnar)
+- `tasks/rabbit.yml`: Consistency of remote_src option for rabbitmq and sensu when copying SSL cert/key files. Useful if certificates are generated by another CA (e.g. FreeIPA) on the sensu host. (@danragnar)
 
 ## [2.0.0] - 2018-02-07
 ### Breaking Change

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -76,7 +76,7 @@ sensu_include_dashboard: false
 sensu_master: false
 sensu_client: true
 sensu_user_name: sensu
-sensu_remote_plugins: ~
+sensu_remote_plugins: []
 sensu_transport: rabbitmq
 sensu_client_name: "{{ ansible_hostname }}"
 sensu_client_subscriptions: "{{ group_names }}"

diff --git a/tasks/plugins.yml b/tasks/plugins.yml
@@ -25,7 +25,7 @@
     shell: umask 0022; sensu-install -p {{ item }}
     with_items: "{{ sensu_remote_plugins }}"
     changed_when: false
-    when: sensu_remote_plugins > 0
+    when: sensu_remote_plugins | length > 0
 
   - name: Register available checks
     local_action: command ls {{ static_data_store }}/sensu/checks

diff --git a/tasks/rabbit.yml b/tasks/rabbit.yml
@@ -9,11 +9,11 @@
     file: dest={{ rabbitmq_config_path }}/ssl state=directory
 
   - name: Ensure RabbitMQ SSL certs/keys are in place
-    copy: src={{ item }} dest={{ rabbitmq_config_path }}/ssl
+    copy: src="{{ item.src }}" dest="{{ rabbitmq_config_path }}/ssl/{{ item.dest }}" remote_src="{{ sensu_ssl_deploy_remote_src }}"
     with_items:
-      - "{{ sensu_ssl_server_cacert }}"
-      - "{{ sensu_ssl_server_cert }}"
-      - "{{ sensu_ssl_server_key }}"
+      - { src: "{{ sensu_ssl_server_cacert }}", dest: cacert.pem }
+      - { src: "{{ sensu_ssl_server_cert }}", dest: cert.pem }
+      - { src: "{{ sensu_ssl_server_key }}", dest: key.pem }
     notify:
       - restart rabbitmq service
       - restart sensu-api service

diff --git a/templates/sensu-api.json.j2 b/templates/sensu-api.json.j2
@@ -1,8 +1,10 @@
 {
   "api": {
-    "host": "{{ sensu_api_host }}",
-    "port": {{ sensu_api_port }},
+    {% if sensu_api_user_name %}
     "user": "{{ sensu_api_user_name }}",
-    "password": "{{ sensu_api_password }}"
+    "password": "{{ sensu_api_password }}",
+    {% endif %}
+    "host": "{{ sensu_api_host }}",
+    "port": {{ sensu_api_port }}
   }
 }
diff --git a/templates/uchiwa_config.json.j2 b/templates/uchiwa_config.json.j2
@@ -5,14 +5,18 @@
        "host": "{{ sensu_api_host }}",
        "ssl": {{ sensu_api_ssl | lower }},
        "port": {{ uchiwa_sensu_api_port }},
+       {% if sensu_api_user_name %}
        "user": "{{ sensu_api_user_name }}",
        "pass": "{{ sensu_api_password }}",
+       {% endif %}
        "path": "{{ sensu_api_uchiwa_path }}",
        "timeout": {{ sensu_api_timeout }}
    }
  ],
  "uchiwa": {
+   {% if uchiwa_users %}
    "users": {{ uchiwa_users | to_nice_json }},
+   {% endif %}
    "port": {{ uchiwa_port }},
    {% if uchiwa_auth_privatekey %}
    "auth": {