diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index a7c6ce2..5ff2e13 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -11,6 +11,13 @@ on: schedule: - cron: "0 6 * * 1" +concurrency: + group: >- + ${{ github.workflow }}-${{ + github.event.pull_request.number || github.sha + }} + cancel-in-progress: true + jobs: ansible-sanity-tests: name: Sanity (Ⓐ${{ matrix.ansible }}) @@ -40,6 +47,40 @@ jobs: run: ansible-test sanity --docker -v --color working-directory: ./ansible_collections/t_systems_mms/ansible_collection_icinga + integration: + runs-on: ubuntu-20.04 + name: I (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}) + strategy: + fail-fast: false + matrix: + ansible: + - stable-2.12 + - stable-2.13 + - stable-2.14 + - devel + python: + - "3.8" + - "3.9" + - "3.10" + services: + icinga: + image: ghcr.io/telekom-mms/icinga2:director-1.8.1 + ports: + - 80:80 + steps: + - name: >- + Perform integration testing against + Ansible version ${{ matrix.ansible }} + under Python ${{ matrix.python }} + uses: ansible-community/ansible-test-gh-action@v1.14.1 + with: + ansible-core-version: ${{ matrix.ansible }} + # OPTIONAL command to run before invoking `ansible-test integration` + pre-test-cmd: sed -i "s/127.0.0.1/icinga/g" tests/integration/integration_config.yml + target-python-version: ${{ matrix.python }} + testing-type: integration + test-deps: telekom_mms.icinga_director + linting: name: Ansible Lint runs-on: ubuntu-latest @@ -49,12 +90,7 @@ jobs: uses: actions/checkout@v3 - name: Run Linting - uses: ansible/ansible-lint-action@v6 - with: - targets: roles/ - override-deps: | - rich>=9.5.1,<11.0.0 - args: "" + uses: ansible/ansible-lint-action@v6.17.0 molecule: name: Molecule diff --git a/README.md b/README.md index 4612c86..59c6530 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,8 @@ This Ansible collection contains: 4. An extra [collection](https://github.com/T-Systems-MMS/ansible-collection-icinga-business-process) to use the [Business Process module](https://github.com/Icinga/icingaweb2-module-businessprocess) + 5. Ansible playbooks to create various objects in Icinga 2 using the director API + ## Requirements - Ansible version: 2.9.10 @@ -50,6 +52,49 @@ Check out the 'Documentation' part for the modules [here](https://github.com/T-S **icinga_business_process collection:** Check out the 'Documentation' part for this collection [here](https://github.com/T-Systems-MMS/ansible-collection-icinga-business-process/blob/master/roles/ansible_icinga_business_process/README.md) + +**icinga playbooks:** + +| playbook| description +|------------|----------------------------------------------------------------------- +| mms_standard.yml | create a timeperiod and service template to use for other checks +| azure_oauth_token.yml | get azure oauth token to use in other checks +| check_gitlab_scheduler.yml | check gitlab scheduled pipelines +| check_https.yml | check https reachability and certificates +| check_json_azure_restapi_resourcehealth.yml | check state of azure resourcehealth +| check_json_azure_restapi.yml | do a json check against azure restapi (with oauth_token) +| check_json.yml | do a json check +| template_empty_host.yml | create a host template for an empty host + +You can use these playbooks in your playbook like this: + +``` +- name: Import mms standard playbook to create services that other checks depend on + import-playbook: t_systems_mms.ansible_collection_icinga.mms_standard + +- name: Import playbook to create azure oauth token check + import-playbook: t_systems_mms.ansible_collection_icinga.check_azure_oauth_token + +- name: Import playbook to create gitlab_scheduler check + import-playbook: t_systems_mms.ansible_collection_icinga.check_gitlab_scheduler + +- name: Import playbook to create check_https checks + import-playbook: t_systems_mms.ansible_collection_icinga.check_https + +``` + +Or call them from the command line: +``` +ansible-playbook t_systems_mms.ansible_collection_icinga.mms_standard +ansible-playbook t_systems_mms.ansible_collection_icinga.check_azure_oauth_token +ansible-playbook t_systems_mms.ansible_collection_icinga.check_gitlab_scheduler +ansible-playbook t_systems_mms.ansible_collection_icinga.check_https +ansible-playbook t_systems_mms.ansible_collection_icinga.check_json +ansible-playbook t_systems_mms.ansible_collection_icinga.check_json_azure_restapi +ansible-playbook t_systems_mms.ansible_collection_icinga.check_json_azure_restapi_resourcehealth +ansible-playbook t_systems_mms.ansible_collection_icinga.template_empty_host +``` + ## License GPLv3 diff --git a/playbooks/check_azure_oauth_token.yml b/playbooks/check_azure_oauth_token.yml new file mode 100644 index 0000000..4d1b872 --- /dev/null +++ b/playbooks/check_azure_oauth_token.yml @@ -0,0 +1,42 @@ +--- +- name: Create command and service template for Azure oauth token + hosts: localhost + gather_facts: false + module_defaults: + group/telekom_mms.icinga_director.icinga: + url: "{{ icinga_url }}" + url_username: "{{ icinga_user }}" + url_password: "{{ icinga_pass }}" + tasks: + - name: Create command Azure oauth token + telekom_mms.icinga_director.icinga_command: + state: present + object_name: azure_oauth_token + command: "azure_oauth_token.py" + arguments: + (no key): + order: 1 + required: true + skip_key: true + value: $tenant_id$ + (no key.1): + order: 2 + required: true + skip_key: true + value: $client_id$ + (no key.2): + order: 3 + required: true + skip_key: true + value: $client_secret$ + (no key.3): + order: 4 + required: true + skip_key: true + value: $scope$ + - name: Create service template for Azure oauth token + telekom_mms.icinga_director.icinga_service_template: + state: present + object_name: "azure_oauth_token" + check_command: "azure_oauth_token" + check_interval: 50m diff --git a/playbooks/check_gitlab_scheduler.yml b/playbooks/check_gitlab_scheduler.yml new file mode 100644 index 0000000..deacd07 --- /dev/null +++ b/playbooks/check_gitlab_scheduler.yml @@ -0,0 +1,34 @@ +--- +- name: Create command and service template for check_gitlab_scheduler + hosts: localhost + gather_facts: false + module_defaults: + group/telekom_mms.icinga_director.icinga: + url: "{{ icinga_url }}" + url_username: "{{ icinga_user }}" + url_password: "{{ icinga_pass }}" + tasks: + - name: Create command for check_gitlab_scheduler + telekom_mms.icinga_director.icinga_command: + state: present + object_name: check_gitlab_scheduler + command: check_gitlab_scheduler.py + arguments: + -p: + required: true + value: $projectid$ + -s: + required: true + value: $schedulerid$ + -t: + required: true + value: $token$ + -o: + required: false + value: $pending_timeout$ + - name: Create service template for check_gitlab_scheduler + telekom_mms.icinga_director.icinga_service_template: + state: present + object_name: check_gitlab_scheduler + check_command: "check_gitlab_scheduler" + check_interval: 5m diff --git a/playbooks/check_https.yml b/playbooks/check_https.yml new file mode 100644 index 0000000..005a6c2 --- /dev/null +++ b/playbooks/check_https.yml @@ -0,0 +1,33 @@ +--- +- name: Create service templates for defaults + hosts: localhost + gather_facts: false + module_defaults: + group/telekom_mms.icinga_director.icinga: + url: "{{ icinga_url }}" + url_username: "{{ icinga_user }}" + url_password: "{{ icinga_pass }}" + tasks: + - name: Create service template for mms-https + telekom_mms.icinga_director.icinga_service_template: + state: present + object_name: mms-https + imports: + - mms-standard-service + check_command: http + check_interval: 300 + vars: + http_address: $check_address$ + http_extendedperfdata: false + http_invertregex: false + http_sni: true + http_ssl: true + http_timeout: 30 + + - name: Create service template for mms-https + telekom_mms.icinga_director.icinga_service_template: + state: present + object_name: mms-https-certificate + imports: + - mms-https + check_timeout: 60 diff --git a/playbooks/check_json.yml b/playbooks/check_json.yml new file mode 100644 index 0000000..e55b8f2 --- /dev/null +++ b/playbooks/check_json.yml @@ -0,0 +1,42 @@ +--- +- name: Create service template and command for check_json + hosts: localhost + gather_facts: false + module_defaults: + group/telekom_mms.icinga_director.icinga: + url: "{{ icinga_url }}" + url_username: "{{ icinga_user }}" + url_password: "{{ icinga_pass }}" + tasks: + - name: Create Command check_json + telekom_mms.icinga_director.icinga_command: + state: present + object_name: check_json + command: "check_json.pl" + arguments: + --ignoressl: + set_if: $json_ignoressl$ + -T: $json_contenttype$ + -a: + required: true + value: $json_attributes$ + -b: + value: $json_bearer$ + -c: + required: true + type: Function + body: macro("$json_crit$") + -d: $json_divisor$ + -e: $json_expect$ + -m: $json_metadata$ + -o: $json_outputvars$ + -p: $json_perfvars$ + -t: $json_timeout$ + -u: + required: true + value: $json_url$ + -w: + required: true + type: Function + body: macro("$json_warn$") + -x: $json_xauth$ diff --git a/playbooks/check_json_azure_restapi.yml b/playbooks/check_json_azure_restapi.yml new file mode 100644 index 0000000..8b9cfce --- /dev/null +++ b/playbooks/check_json_azure_restapi.yml @@ -0,0 +1,44 @@ +--- +- name: Create service template for mms-standard-service and azure REST-API + hosts: localhost + gather_facts: false + module_defaults: + group/telekom_mms.icinga_director.icinga: + url: "{{ icinga_url }}" + url_username: "{{ icinga_user }}" + url_password: "{{ icinga_pass }}" + tasks: + - name: Create command Azure REST-API + telekom_mms.icinga_director.icinga_command: + state: present + object_name: check_json_azure_restapi + command: check_json.pl + arguments: + --ignoressl: + set_if: $json_ignoressl$ + -T: $json_contenttype$ + -a: + required: true + value: $json_attributes$ + -b: + required: true + type: Function + body: return get_service(macro("$azure_oauth_token_host$"), macro("$azure_oauth_token_service$")).last_check_result.output + -c: + required: true + type: Function + body: macro("$json_crit$") + -d: $json_divisor$ + -e: $json_expect$ + -m: $json_metadata$ + -o: $json_outputvars$ + -p: $json_perfvars$ + -t: $json_timeout$ + -u: + required: true + value: $json_url$ + -w: + required: true + type: Function + body: macro("$json_warn$") + -x: $json_xauth$ diff --git a/playbooks/check_json_azure_restapi_resourcehealth.yml b/playbooks/check_json_azure_restapi_resourcehealth.yml new file mode 100644 index 0000000..7751272 --- /dev/null +++ b/playbooks/check_json_azure_restapi_resourcehealth.yml @@ -0,0 +1,26 @@ +--- +- name: Create service template for azure REST-API ResourceHealth + hosts: localhost + gather_facts: false + module_defaults: + group/telekom_mms.icinga_director.icinga: + url: "{{ icinga_url }}" + url_username: "{{ icinga_user }}" + url_password: "{{ icinga_pass }}" + tasks: + - name: Create service template for azure REST-API ResourceHealth + telekom_mms.icinga_director.icinga_service_template: + state: present + object_name: mms-json-azure_restapi_resourcehealth + imports: + - mms-standard-service + check_command: check_json_azure_restapi + check_interval: 5m + vars: + json_url: + "https://management.azure.com/subscriptions/$azure_subscription_id$/resourcegroups/$azure_resource_group$$azure_resource_uri$/\ + providers/Microsoft.ResourceHealth/availabilityStatuses/current?api-version=2020-05-01-preview" + json_expect: Available + json_ignoressl: true + json_attributes: "{properties}->{availabilityState}" + json_outputvars: "{properties}->{availabilityState},{properties}->{summary},{properties}->{reasonType},{properties}->{occuredTime}" diff --git a/playbooks/mms_standard.yml b/playbooks/mms_standard.yml new file mode 100644 index 0000000..8906cbc --- /dev/null +++ b/playbooks/mms_standard.yml @@ -0,0 +1,36 @@ +- name: Create mms-standards + hosts: localhost + gather_facts: false + module_defaults: + group/telekom_mms.icinga_director.icinga: + url: "{{ icinga_url }}" + url_username: "{{ icinga_user }}" + url_password: "{{ icinga_pass }}" + tasks: + - name: Create timeperiod for mms-standard-service + telekom_mms.icinga_director.icinga_timeperiod: + state: present + object_name: 24/7 + ranges: + monday: "00:00-24:00" + tuesday: "00:00-24:00" + wednesday: "00:00-24:00" + thursday: "00:00-24:00" + friday: "00:00-24:00" + saturday: "00:00-24:00" + sunday: "00:00-24:00" + + - name: Create service template for mms-standard-service + telekom_mms.icinga_director.icinga_service_template: + state: present + object_name: mms-standard-service + max_check_attempts: "3" + check_period: "24/7" + check_interval: "2m" + retry_interval: "1m" + enable_notifications: true + enable_active_checks: true + enable_passive_checks: false + enable_event_handler: false + enable_perfdata: true + volatile: false diff --git a/playbooks/template_empty_host.yml b/playbooks/template_empty_host.yml new file mode 100644 index 0000000..c78168f --- /dev/null +++ b/playbooks/template_empty_host.yml @@ -0,0 +1,15 @@ +--- +- name: Create empty-host template + hosts: localhost + gather_facts: false + module_defaults: + group/telekom_mms.icinga_director.icinga: + url: "{{ icinga_url }}" + url_username: "{{ icinga_user }}" + url_password: "{{ icinga_pass }}" + tasks: + - name: Create a host in icinga + telekom_mms.icinga_director.icinga_host_template: + state: present + object_name: mms-template-empty-host + check_command: dummy diff --git a/tests/integration/integration_config.yml b/tests/integration/integration_config.yml new file mode 100644 index 0000000..a2d1d84 --- /dev/null +++ b/tests/integration/integration_config.yml @@ -0,0 +1,4 @@ +--- +icinga_url: "http://127.0.0.1/icingaweb2" +icinga_user: "icingaadmin" +icinga_pass: "icinga" diff --git a/tests/integration/requirements.yml b/tests/integration/requirements.yml new file mode 100644 index 0000000..d7693f9 --- /dev/null +++ b/tests/integration/requirements.yml @@ -0,0 +1,2 @@ +collections: + - telekom_mms.icinga_director diff --git a/tests/integration/targets/icinga/runme.sh b/tests/integration/targets/icinga/runme.sh old mode 100644 new mode 100755 index 7d45615..a07051c --- a/tests/integration/targets/icinga/runme.sh +++ b/tests/integration/targets/icinga/runme.sh @@ -2,7 +2,12 @@ set -eux -ansible-playbook icinga_agent.yml -ansible-playbook icinga_agent.yml --check --diff -ansible-playbook icinga_plugins.yml -ansible-playbook icinga_plugins.yml --check --diff +ansible-playbook t_systems_mms.ansible_collection_icinga.mms_standard -e "@../../integration_config.yml" "$@" +ansible-playbook t_systems_mms.ansible_collection_icinga.check_azure_oauth_token -e "@../../integration_config.yml" "$@" +ansible-playbook t_systems_mms.ansible_collection_icinga.check_gitlab_scheduler -e "@../../integration_config.yml" "$@" +ansible-playbook t_systems_mms.ansible_collection_icinga.check_https -e "@../../integration_config.yml" "$@" +ansible-playbook t_systems_mms.ansible_collection_icinga.check_json -e "@../../integration_config.yml" "$@" +ansible-playbook t_systems_mms.ansible_collection_icinga.check_json_azure_restapi -e "@../../integration_config.yml" "$@" +ansible-playbook t_systems_mms.ansible_collection_icinga.check_json_azure_restapi_resourcehealth -e "@../../integration_config.yml" "$@" +ansible-playbook t_systems_mms.ansible_collection_icinga.template_empty_host -e "@../../integration_config.yml" "$@" +