Playbooks for simplifying create checks

.github/workflows/CI.yml

@@ -11,6 +11,13 @@ on:
   schedule:
     - cron: "0 6 * * 1"
 
+concurrency:
+  group: >-
+    ${{ github.workflow }}-${{
+      github.event.pull_request.number || github.sha
+    }}
+  cancel-in-progress: true
+
 jobs:
   ansible-sanity-tests:
     name: Sanity (Ⓐ${{ matrix.ansible }})
@@ -40,6 +47,40 @@ jobs:
         run: ansible-test sanity --docker -v --color
         working-directory: ./ansible_collections/t_systems_mms/ansible_collection_icinga
 
+  integration:
+    runs-on: ubuntu-20.04
+    name: I (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
+    strategy:
+      fail-fast: false
+      matrix:
+        ansible:
+          - stable-2.12
+          - stable-2.13
+          - stable-2.14
+          - devel
+        python:
+          - "3.8"
+          - "3.9"
+          - "3.10"
+    services:
+      icinga:
+        image: ghcr.io/telekom-mms/icinga2:director-1.8.1
+        ports:
+          - 80:80
+    steps:
+      - name: >-
+          Perform integration testing against
+          Ansible version ${{ matrix.ansible }}
+          under Python ${{ matrix.python }}
+        uses: ansible-community/[email protected]
+        with:
+          ansible-core-version: ${{ matrix.ansible }}
+          # OPTIONAL command to run before invoking `ansible-test integration`
+          pre-test-cmd: sed -i "s/127.0.0.1/icinga/g" tests/integration/integration_config.yml
+          target-python-version: ${{ matrix.python }}
+          testing-type: integration
+          test-deps: telekom_mms.icinga_director
+
   linting:
     name: Ansible Lint
     runs-on: ubuntu-latest
@@ -49,12 +90,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Linting
-        uses: ansible/ansible-lint-action@v6
-        with:
-          targets: roles/
-          override-deps: |
-            rich>=9.5.1,<11.0.0
-          args: ""
+        uses: ansible/[email protected]
 
   molecule:
     name: Molecule

README.md

@@ -12,6 +12,8 @@ This Ansible collection contains:
 
   4. An extra [collection](https://github.com/T-Systems-MMS/ansible-collection-icinga-business-process) to use the [Business Process module](https://github.com/Icinga/icingaweb2-module-businessprocess)
 
+  5. Ansible playbooks to create various objects in Icinga 2 using the director API
+
 ## Requirements
 
 - Ansible version: 2.9.10
@@ -50,6 +52,49 @@ Check out the 'Documentation' part for the modules [here](https://github.com/T-S
 **icinga_business_process collection:**
 
 Check out the 'Documentation' part for this collection [here](https://github.com/T-Systems-MMS/ansible-collection-icinga-business-process/blob/master/roles/ansible_icinga_business_process/README.md)
+
+**icinga playbooks:**
+
+| playbook| description
+|------------|-----------------------------------------------------------------------
+| mms_standard.yml | create a timeperiod and service template to use for other checks
+| azure_oauth_token.yml | get azure oauth token to use in other checks
+| check_gitlab_scheduler.yml | check gitlab scheduled pipelines
+| check_https.yml | check https reachability and certificates
+| check_json_azure_restapi_resourcehealth.yml | check state of azure resourcehealth
+| check_json_azure_restapi.yml | do a json check against azure restapi (with oauth_token)
+| check_json.yml | do a json check
+| template_empty_host.yml | create a host template for an empty host
+
+You can use these playbooks in your playbook like this:
+
+```
+- name: Import mms standard playbook to create services that other checks depend on
+  import-playbook: t_systems_mms.ansible_collection_icinga.mms_standard
+
+- name: Import playbook to create azure oauth token check
+  import-playbook: t_systems_mms.ansible_collection_icinga.check_azure_oauth_token
+
+- name: Import playbook to create gitlab_scheduler check
+  import-playbook: t_systems_mms.ansible_collection_icinga.check_gitlab_scheduler
+
+- name: Import playbook to create check_https checks
+  import-playbook: t_systems_mms.ansible_collection_icinga.check_https
+
+```
+
+Or call them from the command line:
+```
+ansible-playbook t_systems_mms.ansible_collection_icinga.mms_standard
+ansible-playbook t_systems_mms.ansible_collection_icinga.check_azure_oauth_token
+ansible-playbook t_systems_mms.ansible_collection_icinga.check_gitlab_scheduler
+ansible-playbook t_systems_mms.ansible_collection_icinga.check_https
+ansible-playbook t_systems_mms.ansible_collection_icinga.check_json
+ansible-playbook t_systems_mms.ansible_collection_icinga.check_json_azure_restapi
+ansible-playbook t_systems_mms.ansible_collection_icinga.check_json_azure_restapi_resourcehealth
+ansible-playbook t_systems_mms.ansible_collection_icinga.template_empty_host
+```
+
 ## License
 
 GPLv3

playbooks/check_azure_oauth_token.yml

@@ -0,0 +1,42 @@
+---
+- name: Create command and service template for Azure oauth token
+  hosts: localhost
+  gather_facts: false
+  module_defaults:
+    group/telekom_mms.icinga_director.icinga:
+      url: "{{ icinga_url }}"
+      url_username: "{{ icinga_user }}"
+      url_password: "{{ icinga_pass }}"
+  tasks:
+    - name: Create command Azure oauth token
+      telekom_mms.icinga_director.icinga_command:
+        state: present
+        object_name: azure_oauth_token
+        command: "azure_oauth_token.py"
+        arguments:
+          (no key):
+            order: 1
+            required: true
+            skip_key: true
+            value: $tenant_id$
+          (no key.1):
+            order: 2
+            required: true
+            skip_key: true
+            value: $client_id$
+          (no key.2):
+            order: 3
+            required: true
+            skip_key: true
+            value: $client_secret$
+          (no key.3):
+            order: 4
+            required: true
+            skip_key: true
+            value: $scope$
+    - name: Create service template for Azure oauth token
+      telekom_mms.icinga_director.icinga_service_template:
+        state: present
+        object_name: "azure_oauth_token"
+        check_command: "azure_oauth_token"
+        check_interval: 50m

playbooks/check_gitlab_scheduler.yml

@@ -0,0 +1,34 @@
+---
+- name: Create command and service template for check_gitlab_scheduler
+  hosts: localhost
+  gather_facts: false
+  module_defaults:
+    group/telekom_mms.icinga_director.icinga:
+      url: "{{ icinga_url }}"
+      url_username: "{{ icinga_user }}"
+      url_password: "{{ icinga_pass }}"
+  tasks:
+    - name: Create command for check_gitlab_scheduler
+      telekom_mms.icinga_director.icinga_command:
+        state: present
+        object_name: check_gitlab_scheduler
+        command: check_gitlab_scheduler.py
+        arguments:
+          -p:
+            required: true
+            value: $projectid$
+          -s:
+            required: true
+            value: $schedulerid$
+          -t:
+            required: true
+            value: $token$
+          -o:
+            required: false
+            value: $pending_timeout$
+    - name: Create service template for check_gitlab_scheduler
+      telekom_mms.icinga_director.icinga_service_template:
+        state: present
+        object_name: check_gitlab_scheduler
+        check_command: "check_gitlab_scheduler"
+        check_interval: 5m

playbooks/check_https.yml

@@ -0,0 +1,33 @@
+---
+- name: Create service templates for defaults
+  hosts: localhost
+  gather_facts: false
+  module_defaults:
+    group/telekom_mms.icinga_director.icinga:
+      url: "{{ icinga_url }}"
+      url_username: "{{ icinga_user }}"
+      url_password: "{{ icinga_pass }}"
+  tasks:
+    - name: Create service template for mms-https
+      telekom_mms.icinga_director.icinga_service_template:
+        state: present
+        object_name: mms-https
+        imports:
+          - mms-standard-service
+        check_command: http
+        check_interval: 300
+        vars:
+          http_address: $check_address$
+          http_extendedperfdata: false
+          http_invertregex: false
+          http_sni: true
+          http_ssl: true
+          http_timeout: 30
+
+    - name: Create service template for mms-https
+      telekom_mms.icinga_director.icinga_service_template:
+        state: present
+        object_name: mms-https-certificate
+        imports:
+          - mms-https
+        check_timeout: 60

playbooks/check_json.yml

@@ -0,0 +1,42 @@
+---
+- name: Create service template and command for check_json
+  hosts: localhost
+  gather_facts: false
+  module_defaults:
+    group/telekom_mms.icinga_director.icinga:
+      url: "{{ icinga_url }}"
+      url_username: "{{ icinga_user }}"
+      url_password: "{{ icinga_pass }}"
+  tasks:
+    - name: Create Command check_json
+      telekom_mms.icinga_director.icinga_command:
+        state: present
+        object_name: check_json
+        command: "check_json.pl"
+        arguments:
+          --ignoressl:
+            set_if: $json_ignoressl$
+          -T: $json_contenttype$
+          -a:
+            required: true
+            value: $json_attributes$
+          -b:
+            value: $json_bearer$
+          -c:
+            required: true
+            type: Function
+            body: macro("$json_crit$")
+          -d: $json_divisor$
+          -e: $json_expect$
+          -m: $json_metadata$
+          -o: $json_outputvars$
+          -p: $json_perfvars$
+          -t: $json_timeout$
+          -u:
+            required: true
+            value: $json_url$
+          -w:
+            required: true
+            type: Function
+            body: macro("$json_warn$")
+          -x: $json_xauth$

playbooks/check_json_azure_restapi.yml

@@ -0,0 +1,44 @@
+---
+- name: Create service template for mms-standard-service and azure REST-API
+  hosts: localhost
+  gather_facts: false
+  module_defaults:
+    group/telekom_mms.icinga_director.icinga:
+      url: "{{ icinga_url }}"
+      url_username: "{{ icinga_user }}"
+      url_password: "{{ icinga_pass }}"
+  tasks:
+    - name: Create command Azure REST-API
+      telekom_mms.icinga_director.icinga_command:
+        state: present
+        object_name: check_json_azure_restapi
+        command: check_json.pl
+        arguments:
+          --ignoressl:
+            set_if: $json_ignoressl$
+          -T: $json_contenttype$
+          -a:
+            required: true
+            value: $json_attributes$
+          -b:
+            required: true
+            type: Function
+            body: return get_service(macro("$azure_oauth_token_host$"), macro("$azure_oauth_token_service$")).last_check_result.output
+          -c:
+            required: true
+            type: Function
+            body: macro("$json_crit$")
+          -d: $json_divisor$
+          -e: $json_expect$
+          -m: $json_metadata$
+          -o: $json_outputvars$
+          -p: $json_perfvars$
+          -t: $json_timeout$
+          -u:
+            required: true
+            value: $json_url$
+          -w:
+            required: true
+            type: Function
+            body: macro("$json_warn$")
+          -x: $json_xauth$

playbooks/check_json_azure_restapi_resourcehealth.yml

@@ -0,0 +1,26 @@
+---
+- name: Create service template for azure REST-API ResourceHealth
+  hosts: localhost
+  gather_facts: false
+  module_defaults:
+    group/telekom_mms.icinga_director.icinga:
+      url: "{{ icinga_url }}"
+      url_username: "{{ icinga_user }}"
+      url_password: "{{ icinga_pass }}"
+  tasks:
+    - name: Create service template for azure REST-API ResourceHealth
+      telekom_mms.icinga_director.icinga_service_template:
+        state: present
+        object_name: mms-json-azure_restapi_resourcehealth
+        imports:
+          - mms-standard-service
+        check_command: check_json_azure_restapi
+        check_interval: 5m
+        vars:
+          json_url:
+            "https://management.azure.com/subscriptions/$azure_subscription_id$/resourcegroups/$azure_resource_group$$azure_resource_uri$/\
+            providers/Microsoft.ResourceHealth/availabilityStatuses/current?api-version=2020-05-01-preview"
+          json_expect: Available
+          json_ignoressl: true
+          json_attributes: "{properties}->{availabilityState}"
+          json_outputvars: "{properties}->{availabilityState},{properties}->{summary},{properties}->{reasonType},{properties}->{occuredTime}"

playbooks/mms_standard.yml

@@ -0,0 +1,36 @@
+- name: Create mms-standards
+  hosts: localhost
+  gather_facts: false
+  module_defaults:
+    group/telekom_mms.icinga_director.icinga:
+      url: "{{ icinga_url }}"
+      url_username: "{{ icinga_user }}"
+      url_password: "{{ icinga_pass }}"
+  tasks:
+    - name: Create timeperiod for mms-standard-service
+      telekom_mms.icinga_director.icinga_timeperiod:
+        state: present
+        object_name: 24/7
+        ranges:
+          monday: "00:00-24:00"
+          tuesday: "00:00-24:00"
+          wednesday: "00:00-24:00"
+          thursday: "00:00-24:00"
+          friday: "00:00-24:00"
+          saturday: "00:00-24:00"
+          sunday: "00:00-24:00"
+
+    - name: Create service template for mms-standard-service
+      telekom_mms.icinga_director.icinga_service_template:
+        state: present
+        object_name: mms-standard-service
+        max_check_attempts: "3"
+        check_period: "24/7"
+        check_interval: "2m"
+        retry_interval: "1m"
+        enable_notifications: true
+        enable_active_checks: true
+        enable_passive_checks: false
+        enable_event_handler: false
+        enable_perfdata: true
+        volatile: false