diff --git a/CHANGES.rst b/CHANGES.rst index 981ad58..6e69fab 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,3 +1,5 @@ +.. _checkmk_agent__ref_changelog: + Changelog ========= @@ -14,6 +16,8 @@ The current role maintainer_ is ganto_. `debops-contrib.checkmk_agent master`_ - unreleased --------------------------------------------------- +.. Changes require a v0.2.0 release for SemVer compliance. + .. _debops-contrib.checkmk_agent master: https://github.com/debops-contrib/ansible-checkmk_agent/compare/v0.1.1...master Added @@ -23,6 +27,13 @@ Added can be used to define custom Ansible host group name for Check_MK server lookup. [ganto_] +- Support :envvar:`checkmk_agent__deploy_state`. [ypid_] + +- Automatically enable the ``smart`` Check_MK agent plugin on physical hosts to + query Self-Monitoring, Analysis and Reporting data from disks. [ypid_] + +- Add :ref:`checkmk_agent__ref_ansible_facts` documentation. [ypid_] + Changed ~~~~~~~ @@ -33,14 +44,40 @@ Changed attribute updates on the Check_MK server to avoid possible firewall issues. [ganto_] +- Rename ``checkmk_agent__hostname`` to :envvar:`checkmk_agent__fqdn`. You might need + to update your inventory. [ypid_] + +- Rename ``checkmk_agent__group_plugin_map`` to :envvar:`checkmk_agent__facts_plugin_map`. You might need + to update your inventory. [ypid_] + +- Increase Ansible min version to ``2.1.5``. Everything below is deprecated + anyway and has vulnerabilities so you don’t want to use that anymore. [ypid_] + +Removed +~~~~~~~ + +- Remove the ``debops_checkmk_agent`` Ansible inventory group. Make sure your + hosts are in ``debops_service_checkmk_agent``. [ypid_] + Fixed ~~~~~ - Correctly use Ansible `changed` and `skipped` task filters. [ganto_] +- Let xinetd bind on ``AF_INET6`` to ensure IPv6 reachability of the agent. [ypid_] + +- Fix TCP Wrappers support for xinetd. [ypid_] -`debops-contrib.checkmk_agent v0.1.1` - 2017-01-23 --------------------------------------------------- +Security +~~~~~~~~ + +- Enforce known good git commit hashes. As upstream does not cryptographically sign their work, + the known good hashes have to be pinned manually in + :envvar:`checkmk_agent__git_version_map` of the role. [ypid_] + + +`debops-contrib.checkmk_agent v0.1.1`_ - 2017-01-23 +--------------------------------------------------- .. _debops-contrib.checkmk_agent v0.1.1: https://github.com/debops-contrib/ansible-checkmk_agent/compare/v0.1.0...v0.1.1 diff --git a/COPYRIGHT b/COPYRIGHT index b02ab1a..02dd4b0 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -1,8 +1,8 @@ debops-contrib.checkmk_agent - Setup Check_MK monitoring agent -Copyright (C) 2015-2016 Reto Gantenbein -Copyright (C) 2015-2016 Robin Schneider -Copyright (C) 2016 DebOps https://debops.org/ +Copyright (C) 2015-2017 Reto Gantenbein +Copyright (C) 2015-2017 Robin Schneider +Copyright (C) 2016-2017 DebOps https://debops.org/ This Ansible role is part of DebOps. diff --git a/README.md b/README.md index 9a9e3ae..bc20e61 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ client component of the Nagios-like Check_MK monitoring suite. ### Installation -This role requires at least Ansible `v1.9`. To install it, run: +This role requires at least Ansible `v2.1.5`. To install it, run: ```Shell ansible-galaxy install debops-contrib.checkmk_agent diff --git a/defaults/main.yml b/defaults/main.yml index 681f5fe..6ce9dcd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -32,6 +32,19 @@ checkmk_agent__type: [ 'ssh' ] # List of IP addresses or network CIDR ranges allowed to connect to the # Check_MK agent through the firewall. If list are empty, anyone can connect. checkmk_agent__allow: [] + + # ]]] +# .. envvar:: checkmk_agent__deploy_state [[[ +# +# What is the desired state which this role should achieve? Possible options: +# +# ``present`` +# Default. Ensure that the Check_MK agent is installed and configured as requested. +# +# ``absent`` +# Ensure that the Check_MK agent is uninstalled and it's configuration is removed. +# +checkmk_agent__deploy_state: 'present' # ]]] # ]]] # Monitoring site integration [[[ @@ -47,7 +60,7 @@ checkmk_agent__server_inventory_group: 'debops_service_checkmk_server' # # Ansible inventory name of Check_MK server. By default it will be autodetected # via :envvar:`checkmk_agent__server_inventory_group` host group configuration. -# If the Check_MK server is not managed by Ansible, set this to `False`. +# If the Check_MK server is not managed by Ansible, set this to ``False``. checkmk_agent__server: '{{ groups[checkmk_agent__server_inventory_group][0] if (checkmk_agent__server_inventory_group in groups) and (groups[checkmk_agent__server_inventory_group] | length > 0) @@ -57,9 +70,9 @@ checkmk_agent__server: '{{ groups[checkmk_agent__server_inventory_group][0] # .. envvar:: checkmk_agent__site [[[ # # Define Check_MK monitoring site name where the agent is registered. By default -# it will be autodetected from the local facts stored under the `checkmk_server` -# dictionary key. Fallback to site name `debops` if `checkmk_agent__server` is -# undefined or the Ansible local facts for `checkmk_agent__server` can't be +# it will be autodetected from the local facts stored under the ``checkmk_server`` +# dictionary key. Fallback to site name ``debops`` if :envvar:`checkmk_agent__server` is +# undefined or the Ansible local facts for :envvar:`checkmk_agent__server` can't be # found. If the Check_MK server is managed manually this variable must be # defined accordingly in the Ansible inventory. checkmk_agent__site: '{{ hostvars[checkmk_agent__server].ansible_local.checkmk_server.keys()[0]|d("debops") @@ -82,7 +95,7 @@ checkmk_agent__autojoin: '{{ True if checkmk_agent__autojoin_url else False }}' # .. envvar:: checkmk_agent__autojoin_url [[[ # # Check_MK server WebAPI URL for agent registration. By default it will be -# autodetected from the local facts stored under the `checkmk_server` +# autodetected from the local facts stored under the ``checkmk_server`` # dictionary key. If the Check_MK server is managed manually this variable # must be defined accordingly in the Ansible inventory. checkmk_agent__autojoin_url: '{{ hostvars[checkmk_agent__server].ansible_local.checkmk_server[checkmk_agent__site].webapi_url|d("") @@ -109,10 +122,13 @@ checkmk_agent__autojoin_secret: '{{ lookup("password", secret + "/credentials/" if checkmk_agent__server|d() and checkmk_agent__site|d() else "" }}' # ]]] -# .. envvar:: checkmk_agent__hostname [[[ +# .. envvar:: checkmk_agent__fqdn [[[ # -# Hostname of the agent host used for registration. -checkmk_agent__hostname: '{{ ansible_fqdn }}' +# FQDN of the agent host used for registration. +checkmk_agent__fqdn: '{{ ansible_local.core.fqdn + if (ansible_local|d() and ansible_local.core|d() and + ansible_local.core.fqdn|d()) + else ansible_fqdn }}' # ]]] # .. envvar:: checkmk_agent__host_attributes [[[ @@ -146,17 +162,6 @@ checkmk_agent__exec: '/usr/bin/check_mk_agent' # # Listen port for Check_MK agent. checkmk_agent__port: '6556' - - # ]]] -# .. envvar:: checkmk_agent__etc_services__dependent_list [[[ -# -# Configuration for the debops.etc_services_ role which registers port -# numbers for Check_MK agent. -checkmk_agent__etc_services__dependent_list: - - - name: 'check-mk-agent' - port: '{{ checkmk_agent__port }}' - comment: 'Check_MK agent (via xinetd)' # ]]] # ]]] # Agent SSH user options [[[ @@ -188,7 +193,7 @@ checkmk_agent__ssh_allow_group: '{{ "sshusers" # ]]] # .. envvar:: checkmk_agent__user_home [[[ # -# Home directory of SSH user querying Check_MK agent. +# Home directory of the SSH user querying the Check_MK agent. checkmk_agent__user_home: '/var/lib/check_mk_agent' # ]]] @@ -196,7 +201,7 @@ checkmk_agent__user_home: '/var/lib/check_mk_agent' # # Public key for user authentication when accessing the agent via SSH. By # default it will be autodetected from the local facts stored under the -# `checkmk_server` dictionary key. If the Check_MK server is managed manually +# ``checkmk_server`` dictionary key. If the Check_MK server is managed manually # this variable must be defined accordingly in the Ansible inventory. checkmk_agent__user_key: '{{ hostvars[checkmk_agent__server].ansible_local.checkmk_server[checkmk_agent__site].ssh_public_key|d("") if (checkmk_agent__server|d() and @@ -205,22 +210,10 @@ checkmk_agent__user_key: '{{ hostvars[checkmk_agent__server].ansible_local.check ("checkmk_server" in hostvars[checkmk_agent__server].ansible_local) and (checkmk_agent__site in hostvars[checkmk_agent__server].ansible_local.checkmk_server)) else "" }}' - - # ]]] -# .. envvar:: checkmk_agent__authorized_keys__dependent_list [[[ -# -# Authorized key configuration for the debops.authorized_keys_ role. -checkmk_agent__authorized_keys__dependent_list: - - name: '{{ checkmk_agent__ssh_user }}' - group: '{{ checkmk_agent__ssh_group }}' - sshkeys: - - '{{ checkmk_agent__user_key }}' - options: '{{ authorized_keys__options_map.strict }}' - key_options: 'command="{{ "/usr/bin/sudo " if not checkmk_agent__ssh_user == "root" else "" }}{{ checkmk_agent__exec }}"' # ]]] # ]]] -# Agent plugins options [[[ -# ------------------------- +# Agent plugins [[[ +# ----------------- # .. envvar:: checkmk_agent__plugins [[[ # @@ -242,41 +235,46 @@ checkmk_agent__host_plugins: [] # ]]] # .. envvar:: checkmk_agent__plugin_autodetect [[[ # -# Try to install Check_MK agent plugins for applications auto detected -# via DebOps host group memberships. +# Try to install Check_MK agent plugins for hardware and applications auto +# detected via Ansible facts. checkmk_agent__plugin_autodetect: True # ]]] -# .. envvar:: checkmk_agent__plugin_path [[[ +# .. envvar:: checkmk_agent__autodetected_plugins [[[ # -# Destination path to install the Check_MK agent plugins. -checkmk_agent__plugin_path: '/usr/lib/check_mk_agent/plugins' +# Autodetected list of upstream Check_MK agent plugins to enable. +checkmk_agent__autodetected_plugins: + - '{{ ["smart"] if (ansible_virtualization_role in ["host"]) else [] }}' # ]]] -# .. envvar:: checkmk_agent__group_plugin_map [[[ +# .. envvar:: checkmk_agent__facts_plugin_map [[[ # -# DebOps hostgroup to plugin mapping. -checkmk_agent__group_plugin_map: - debops_mariadb_server: 'mk_mysql' - debops_service_mariadb_server: 'mk_mysql' - debops_mysql: 'mk_mysql' - debops_service_mysql: 'mk_mysql' - debops_nginx: 'nginx_status' - debops_service_nginx: 'nginx_status' - debops_postgresql: 'mk_postgres' - debops_service_postgresql: 'mk_postgres' +# Ansible local facts to Check_MK plugin mapping. +# If the Ansible local fact is present and optional conditions defined in the +# :file:`templates/etc/ansible/facts.d/checkmk_agent.fact.j2` file are met, the +# Check_MK plugin will be enabled. +checkmk_agent__facts_plugin_map: + mariadb: 'mk_mysql' + mysql: 'mk_mysql' + nginx: 'nginx_status' + apache: 'apache_status' # ]]] -# .. envvar:: checkmk_agent__plugin_list [[[ +# .. envvar:: checkmk_agent__combined_plugins [[[ # # Combined list of all plugins which are going to be installed. -# Plugins which can be detected by looking at the host group will be added -# according to :envvar:`checkmk_agent__group_plugin_map` when -# :envvar:`checkmk_agent__plugin_autodetect` is ``True``. -checkmk_agent__plugin_list: '{{ ( - (checkmk_agent__plugins|d([])) + - (checkmk_agent__group_plugins|d([])) + - (checkmk_agent__host_plugins|d([])) ) | unique }}' +# Specified as Ansible local fact so that this variable is also valid in ``when`` +# conditions evaluated in the context of other roles called from the same playbook as this role. +checkmk_agent__combined_plugins: '{{ ansible_local.checkmk_agent.plugins + if (ansible_local|d() and ansible_local.checkmk_agent|d() and + ansible_local.checkmk_agent.plugins|d()) + else [] }}' + + # ]]] +# .. envvar:: checkmk_agent__plugin_path [[[ +# +# Destination path to install the Check_MK agent plugins. +checkmk_agent__plugin_path: '/usr/lib/check_mk_agent/plugins' # ]]] # ]]] # MySQL/MariaDB monitoring plugins options [[[ @@ -284,9 +282,9 @@ checkmk_agent__plugin_list: '{{ ( # .. envvar:: checkmk_agent__plugin_mysql [[[ # -# Indicate how to configure the ``mk_mysql`` monitoring plugin. If this is +# Determines how to configure the ``mk_mysql`` monitoring plugin. If this is # set to ``automatic`` a database user which has read access to the database -# server is created automatically. Set to ``manual`` to configure it manually. +# server will be created. Set to ``manual`` to configure it manually. # See https://mathias-kettner.de/checkmk_mysql.html checkmk_agent__plugin_mysql: 'automatic' @@ -310,21 +308,6 @@ checkmk_agent__plugin_mysql_password: '{{ # # Privileges of the database user used for monitoring. checkmk_agent__plugin_mysql_priv: '*.*:SELECT,SHOW DATABASES' - - # ]]] -# .. envvar:: checkmk_agent__mariadb__users [[[ -# -# Database user definition for the debops.mariadb_ role. -checkmk_agent__mariadb__users: - - - user: '{{ checkmk_agent__plugin_mysql_user }}' - password: '{{ checkmk_agent__plugin_mysql_password }}' - priv: '{{ checkmk_agent__plugin_mysql_priv }}' - priv_default: False - priv_aux: False - append_privs: False - owner: 'root' - creds_path: '/etc/check_mk/mysql.cfg' # ]]] # ]]] # nginx monitoring plugins options [[[ @@ -332,7 +315,7 @@ checkmk_agent__mariadb__users: # .. envvar:: checkmk_agent__plugin_nginx_servers [[[ # -# This option allows you to configure the servers which nginx_status_ +# This option allows you to configure the servers which the nginx_status_ # plugin should monitoring. This might be required when the auto detection of # the plugin fails for example because the default server does not allow # :file:`/nginx_status`. This can happen because the plugin tires to connect with @@ -342,17 +325,21 @@ checkmk_agent__mariadb__users: # # .. _nginx_status: https://mathias-kettner.de/checkmk_check_nginx_status.html # -# Example:: +# Examples: # -# checkmk_agent__plugin_nginx_servers: -# - proto: 'http' -# ipaddress: 'some-appliance.corp.com' -# port: 80 -# - proto: 'http' -# ipaddress: '[::1]' -# port: 80 +# .. code-block:: yaml +# :linenos: # -# checkmk_agent__plugin_nginx_servers: 'automatic' +# checkmk_agent__plugin_nginx_servers: +# - proto: 'http' +# ipaddress: 'some-appliance.corp.com' +# port: 80 +# - proto: 'http' +# ipaddress: '[::1]' +# port: 80 +# +# # Or: +# checkmk_agent__plugin_nginx_servers: 'automatic' # checkmk_agent__plugin_nginx_servers: - proto: 'http' @@ -374,6 +361,27 @@ checkmk_agent__git_repo: 'https://git.mathias-kettner.de/check_mk.git' # Check_MK agent source directory on the host. checkmk_agent__git_dest: '{{ "/usr/local/src/check-mk/" + checkmk_agent__git_repo.split("://")[1] }}' + # ]]] +# .. envvar:: checkmk_agent__git_version_map [[[ +# +# Map from Check_MK release to git commit hash. +# This is done because Check_MK does not cryptographically +# signed their work and this role wants to comply with the +# `DebOps Software Source Policy `__. +checkmk_agent__git_version_map: + 'v1.2.6p12': 'cf2aaf2f7d60ca0445a239915bfc41aa6f3ee739' + 'v1.2.6p20': '988e5d4e8fbcf9ac73365ffcfb2d12080c4ee052' + 'v1.2.8p16': 'e5e216abca9a946a29eab94334be30cc146e7fec' + + # ]]] +# .. envvar:: checkmk_agent__git_version_unsigned_fallback [[[ +# +# Defines the behavior when a requested version is not specified in +# :envvar:`checkmk_agent__git_version_map`. +# When this is set to ``True`` and no mapping for the used release is found, +# the role will fallback to using the unsigned git tag directly! +checkmk_agent__git_version_unsigned_fallback: False + # ]]] # .. envvar:: checkmk_agent__git_version [[[ # @@ -394,6 +402,24 @@ checkmk_agent__apt_preferences__dependent_list: backports: [ 'jessie' ] reason: 'Package not available in stable Debian Jessie' by_role: 'debops-contrib.checkmk_agent' + state: '{{ "present" + if (checkmk_agent__deploy_state in ["present"]) + else "absent" }}' + + # ]]] +# .. envvar:: checkmk_agent__etc_services__dependent_list [[[ +# +# Configuration for the debops.etc_services_ role which registers port +# numbers for Check_MK agent. +checkmk_agent__etc_services__dependent_list: + + - name: 'check-mk-agent' + port: '{{ checkmk_agent__port }}' + comment: 'Check_MK agent (via xinetd)' + state: '{{ "present" + if (("xinetd" in checkmk_agent__type) and + (checkmk_agent__deploy_state in ["present"])) + else "absent" }}' # ]]] # .. envvar:: checkmk_agent__ferm__dependent_rules [[[ @@ -407,7 +433,10 @@ checkmk_agent__ferm__dependent_rules: accept_any: True weight: '20' by_role: 'debops-contrib.checkmk_agent' - rule_state: '{{ "xinetd" in checkmk_agent__type | ternary("present", "absent") }}' + rule_state: '{{ "present" + if (("xinetd" in checkmk_agent__type) and + (checkmk_agent__deploy_state in ["present"])) + else "absent" }}' # ]]] # .. envvar:: checkmk_agent__tcpwrappers__dependent_allow [[[ @@ -416,12 +445,58 @@ checkmk_agent__ferm__dependent_rules: checkmk_agent__tcpwrappers__dependent_allow: - daemon: 'inetd' + comment: 'Ensure legacy tcpwrappers ACL is absent' + by_role: 'debops-contrib.checkmk_agent' + state: 'absent' + + - daemon: + - 'check_mk_agent' + - 'check_mk_caching_agent' + ## Not required: + # - 'inetd' + # - 'xinetd' client: '{{ checkmk_agent__allow }}' accept_any: False weight: '50' comment: 'Allow remote connections to the Check_MK agent' by_role: 'debops-contrib.checkmk_agent' - state: '{{ "xinetd" in checkmk_agent__type | ternary("present", "absent") }}' + state: '{{ "present" + if (("xinetd" in checkmk_agent__type) and + (checkmk_agent__deploy_state in ["present"])) + else "absent" }}' + + # ]]] +# .. envvar:: checkmk_agent__authorized_keys__dependent_list [[[ +# +# Authorized key configuration for the debops.authorized_keys_ role. +checkmk_agent__authorized_keys__dependent_list: + - name: '{{ checkmk_agent__ssh_user }}' + group: '{{ checkmk_agent__ssh_group }}' + sshkeys: + - '{{ checkmk_agent__user_key }}' + options: '{{ authorized_keys__options_map.strict }}' + key_options: 'command="{{ "/usr/bin/sudo " if not checkmk_agent__ssh_user == "root" else "" }}{{ checkmk_agent__exec }}"' + state: '{{ "present" + if (("ssh" in checkmk_agent__type) and + (checkmk_agent__deploy_state in ["present"])) + else "absent" }}' + + # ]]] +# .. envvar:: checkmk_agent__mariadb__dependent_users [[[ +# +# Database user definition for the debops.mariadb_ role. +checkmk_agent__mariadb__dependent_users: + + - user: '{{ checkmk_agent__plugin_mysql_user }}' + password: '{{ checkmk_agent__plugin_mysql_password }}' + priv: '{{ checkmk_agent__plugin_mysql_priv }}' + priv_default: False + priv_aux: False + append_privs: False + owner: 'root' + # group: '{{ checkmk_agent__ssh_group }}' + creds_path: '/etc/check_mk/mysql.cfg' + state: '{{ "present" if (checkmk_agent__deploy_state in ["present"]) else "absent" }}' # ]]] # ]]] # ]]] diff --git a/docs/facts.rst b/docs/facts.rst new file mode 100644 index 0000000..3dc62f6 --- /dev/null +++ b/docs/facts.rst @@ -0,0 +1,31 @@ +.. _checkmk_agent__ref_ansible_facts: + +Ansible facts +============= + +.. include:: includes/all.rst + +The role exposes part of it’s state by means of Ansible local facts for other +roles and playbooks to use. +The interface is considered public and changes to it happen in compliance with +`Semantic Versioning`_ of the role and will be mentioned in the :ref:`checkmk_agent__ref_changelog`. +Here you can find documentation and examples for them. + +Specification +------------- + +``ansible_local.checkmk_agent.plugins`` + List of all Check_MK Agent plugin names which are enabled (and configured if + necessary) by the role. Refer to :envvar:`checkmk_agent__plugins` and related + variables for details. + + Availability: Always, after ``debops-contrib.checkmk_agent/env`` has been run. + +Example +------- + +.. code-block:: json + + { + "plugins": ["nginx_status"] + } diff --git a/docs/getting-started.rst b/docs/getting-started.rst index 647b79d..cb3c564 100644 --- a/docs/getting-started.rst +++ b/docs/getting-started.rst @@ -20,10 +20,21 @@ Here's an example playbook that uses the ``debops-contrib.checkmk_agent`` role: .. literalinclude:: playbooks/checkmk_agent.yml :language: yaml -The playbooks is shipped with this role under +The playbook is shipped with this role under :file:`docs/playbooks/checkmk_agent.yml` from which you can symlink it to your playbook directory. +As you can see in this example playbook, the role makes use of a number of other roles to setup it’s environment. +Some of these dependency roles are only needed when services are detected. +This is true for the debops.mariadb_ role which is used to manage a database +user used to monitor the DBMS and databases by an automatically setup +and configured agent plugin. To ensure that +:envvar:`checkmk_agent__combined_plugins` is valid in the context of other +roles (in the same playbook) this variable is based on Ansible facts which are +setup by the ``debops-contrib.checkmk_agent/env`` role prior to other +dependency roles being called. +For more details, refer to :envvar:`checkmk_agent__plugin_autodetect`. + Ansible tags ------------ @@ -34,25 +45,18 @@ configuration is already in the desired state. Available role tags: +``role::checkmk_agent:env`` + Environment role tag, should be used in the playbook to execute a special + environment role contained in the main role. The environment role prepares + the environment for other dependency roles to work correctly. + ``role::checkmk_agent`` Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies. -``type::dependency`` - This tag specifies which tasks are defined in role dependencies. You can use - this to omit them using ``--skip-tags`` parameter. - -``depend-of::checkmk_agent`` - Execute all ``debops-contrib.checkmk_agent`` role dependencies in its context. - -``depend::apt_preferences:checkmk_agent`` - Run debops.apt_preferences_ dependent role in ``debops-contrib.checkmk_agent`` context. - -``depend::etc_services:checkmk_agent`` - Run debops.etc_services_ dependent role in ``debops-contrib.checkmk_agent`` context. - -``depend::ferm:checkmk_agent`` - Run debops.ferm_ dependent role in ``debops-contrib.checkmk_agent`` context. +``role::checkmk_agent:pkgs`` + Tasks related to system package management like installing or + removing packages. ``role::checkmk_agent:plugins`` Run tasks related to Check_MK agent plugin configuration. diff --git a/docs/index.rst b/docs/index.rst index 50093a3..5570671 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -10,6 +10,7 @@ Ansible role: debops-contrib.checkmk_agent getting-started defaults defaults-detailed + facts copyright changelog diff --git a/docs/introduction.rst b/docs/introduction.rst index ccbe69d..a3903bf 100644 --- a/docs/introduction.rst +++ b/docs/introduction.rst @@ -3,14 +3,13 @@ Introduction .. include:: includes/all.rst -This Ansible_ role allows you to install and manage the `Check_MK -`_ agent. It is the client -component of the Nagios-based Check_MK monitoring suite. +This Ansible_ role allows you to install and manage the Check_MK_ agent. It is +the client component of the Nagios-based Check_MK monitoring suite. Installation ~~~~~~~~~~~~ -This role requires at least Ansible ``v1.9``. To install it, run:: +This role requires at least Ansible ``v2.1.5``. To install it, run:: ansible-galaxy install debops-contrib.checkmk_agent diff --git a/docs/playbooks/checkmk_agent.yml b/docs/playbooks/checkmk_agent.yml index 87e41c0..4b2093a 100644 --- a/docs/playbooks/checkmk_agent.yml +++ b/docs/playbooks/checkmk_agent.yml @@ -1,7 +1,7 @@ --- - name: Manage Check_MK agent - hosts: [ 'debops_service_checkmk_agent', 'debops_checkmk_agent' ] + hosts: [ 'debops_service_checkmk_agent' ] become: True environment: '{{ inventory__environment | d({}) @@ -9,22 +9,23 @@ | combine(inventory__host_environment | d({})) }}' roles: + + - role: debops-contrib.checkmk_agent/env + tags: [ 'role::checkmk_agent', 'role::checkmk_agent:env', 'role::mariadb' ] + - role: debops.apt_preferences - tags: [ 'depend::apt_preferences', 'depend::apt_preferences:checkmk_agent', - 'depend-of::checkmk_agent', 'type::dependency' ] + tags: [ 'role::apt_preferences' ] apt_preferences__dependent_list: - '{{ checkmk_agent__apt_preferences__dependent_list }}' - role: debops.etc_services - tags: [ 'depend::etc_services', 'depend::etc_services:checkmk_agent', - 'depend-of::checkmk_agent', 'type::dependency' ] + tags: [ 'role::etc_services' ] etc_services__dependent_list: - '{{ checkmk_agent__etc_services__dependent_list }}' - when: ('xinetd' in checkmk_agent__type|d(['ssh'])) + when: ('xinetd' in checkmk_agent__type) - role: debops.ferm - tags: [ 'depend::ferm', 'depend::ferm:checkmk_agent', - 'depend-of::checkmk_agent', 'type::dependency' ] + tags: [ 'role::ferm' ] ferm__dependent_rules: - '{{ checkmk_agent__ferm__dependent_rules }}' @@ -34,22 +35,15 @@ - '{{ checkmk_agent__tcpwrappers__dependent_allow }}' - role: debops.authorized_keys - tags: [ 'depend::authorized_keys', 'depend::authorized_keys:checkmk_agent', - 'depend-of::checkmk_agent', 'type::dependency' ] + tags: [ 'role::authorized_keys' ] authorized_keys__dependent_list: - '{{ checkmk_agent__authorized_keys__dependent_list }}' - when: ('ssh' in checkmk_agent__type|d(['ssh'])) - role: debops.mariadb - tags: [ 'depend::mariadb', 'depend::mariadb:checkmk_agent', - 'depend-of::checkmk_agent', 'type::dependency' ] - mariadb__users: - - '{{ checkmk_agent__mariadb__users }}' - when: (("mk_mysql" in checkmk_agent__plugin_list and - checkmk_agent__plugin_mysql|d("automatic") == "automatic") or - ((checkmk_agent__plugin_autodetect|d(True) | bool) and - "debops_mariadb_server" in hostvars[inventory_hostname]["group_names"]) - ) + tags: [ 'role::mariadb' ] + mariadb__dependent_users: + - '{{ checkmk_agent__mariadb__dependent_users }}' + when: ("mk_mysql" in checkmk_agent__combined_plugins) - role: debops-contrib.checkmk_agent tags: [ 'role::checkmk_agent' ] diff --git a/env/defaults b/env/defaults new file mode 120000 index 0000000..37aebd7 --- /dev/null +++ b/env/defaults @@ -0,0 +1 @@ +../defaults \ No newline at end of file diff --git a/env/tasks/main.yml b/env/tasks/main.yml new file mode 100644 index 0000000..1e5b15a --- /dev/null +++ b/env/tasks/main.yml @@ -0,0 +1,23 @@ +--- +# vim: foldmarker=[[[,]]]:foldmethod=marker + +- name: Make sure Ansible local facts directory exists + file: + dest: '/etc/ansible/facts.d' + state: 'directory' + owner: 'root' + group: 'root' + mode: '0755' + +- name: Configure Check_MK agent local facts + template: + src: 'etc/ansible/facts.d/checkmk_agent.fact.j2' + dest: '/etc/ansible/facts.d/checkmk_agent.fact' + owner: 'root' + group: 'root' + mode: '0644' + register: checkmk_agent__register_local_facts + +- name: Re-read local facts if they have been modified + action: setup + when: checkmk_agent__register_local_facts|changed diff --git a/env/templates b/env/templates new file mode 120000 index 0000000..97963e7 --- /dev/null +++ b/env/templates @@ -0,0 +1 @@ +../templates/ \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml index 6620b2c..fce5321 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -10,8 +10,8 @@ galaxy_info: company: 'DebOps' author: 'Reto Gantenbein, Robin Schneider' description: 'Setup Check_MK monitoring agent' - license: 'GPLv3' - min_ansible_version: '1.9' + license: 'GPL-3.0' + min_ansible_version: '2.1.5' platforms: diff --git a/tasks/autojoin.yml b/tasks/autojoin.yml index 3d47e8f..b1ee469 100644 --- a/tasks/autojoin.yml +++ b/tasks/autojoin.yml @@ -11,7 +11,7 @@ uri: url: '{{ checkmk_agent__autojoin_url }}?action=get_host&_username={{ checkmk_agent__autojoin_user }}&_secret={{ checkmk_agent__autojoin_secret }}&output_format=json' method: 'POST' - body: 'request={ "hostname": "{{ checkmk_agent__hostname }}" }' + body: 'request={ "hostname": "{{ checkmk_agent__fqdn }}" }' return_content: yes delegate_to: '{{ checkmk_agent__server if checkmk_agent__server else omit }}' register: checkmk_agent__register_get_host @@ -23,7 +23,7 @@ uri: url: '{{ checkmk_agent__autojoin_url }}?action=add_host&_do_confirm=yes&_username={{ checkmk_agent__autojoin_user }}&_secret={{ checkmk_agent__autojoin_secret }}&output_format=json' method: 'POST' - body: 'request={ "hostname": "{{ checkmk_agent__hostname }}", "folder": "/", "attributes": {{ checkmk_agent__fact_host_attributes|to_json }} }' + body: 'request={ "hostname": "{{ checkmk_agent__fqdn }}", "folder": "/", "attributes": {{ checkmk_agent__fact_host_attributes|to_json }} }' return_content: yes delegate_to: '{{ checkmk_agent__server if checkmk_agent__server else omit }}' when: '{{ checkmk_agent__register_get_host.json.result == "No such host" }}' @@ -37,7 +37,7 @@ uri: url: '{{ checkmk_agent__autojoin_url }}?action=edit_host&_username={{ checkmk_agent__autojoin_user }}&_secret={{ checkmk_agent__autojoin_secret }}&output_format=json' method: 'POST' - body: 'request={ "hostname": "{{ checkmk_agent__hostname }}", "attributes": {{ checkmk_agent__fact_host_attributes|to_json }} }' + body: 'request={ "hostname": "{{ checkmk_agent__fqdn }}", "attributes": {{ checkmk_agent__fact_host_attributes|to_json }} }' return_content: yes delegate_to: '{{ checkmk_agent__server if checkmk_agent__server else omit }}' when: '{{ (checkmk_agent__register_add_host | skipped) and @@ -52,7 +52,7 @@ uri: url: '{{ checkmk_agent__autojoin_url }}?action=discover_services&mode={{ checkmk_agent__discovery_mode }}&_username={{ checkmk_agent__autojoin_user }}&_secret={{ checkmk_agent__autojoin_secret }}&output_format=json' method: 'POST' - body: 'request={ "hostname": "{{ checkmk_agent__hostname }}" }' + body: 'request={ "hostname": "{{ checkmk_agent__fqdn }}" }' return_content: yes timeout: 120 delegate_to: '{{ checkmk_agent__server if checkmk_agent__server else omit }}' diff --git a/tasks/main.yml b/tasks/main.yml index ed9cf5d..5026218 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,33 +3,15 @@ - name: DebOps pre_tasks hook include: "{{ lookup('task_src', 'checkmk_agent/pre_main.yml') }}" -- name: Make sure Ansible local facts directory exists - file: - dest: '/etc/ansible/facts.d' - state: 'directory' - owner: 'root' - group: 'root' - mode: '0755' - -- name: Configure Check_MK agent local facts - template: - src: 'etc/ansible/facts.d/checkmk_agent.fact.j2' - dest: '/etc/ansible/facts.d/checkmk_agent.fact' - owner: 'root' - group: 'root' - mode: '0644' - register: checkmk_agent__register_local_facts - -- name: Re-read local facts if they have been modified - action: setup - when: checkmk_agent__register_local_facts.changed - -- name: Install Check_MK Agent - apt: +# System packages [[[ +- name: Ensure specified packages are in there desired state + package: name: '{{ item }}' - state: 'present' - install_recommends: False - with_items: '{{ checkmk_agent__base_packages }}' + state: '{{ "present" if (checkmk_agent__deploy_state in ["present"]) else "absent" }}' + with_flattened: + - '{{ checkmk_agent__base_packages }}' + tags: [ 'role::checkmk_agent:pkgs' ] +# ]]] - name: Ensure the /etc/check_mk directory does exist file: @@ -40,16 +22,15 @@ mode: '0755' - include: ssh_user.yml - when: ('ssh' in checkmk_agent__type|d(['ssh'])) and + when: ('ssh' in checkmk_agent__type) and (not checkmk_agent__ssh_user == "root") - include: xinetd.yml - when: ('xinetd' in checkmk_agent__type|d(['ssh'])) + when: ('xinetd' in checkmk_agent__type) - include: setup_plugins.yml tags: [ 'role::checkmk_agent:plugins' ] - when: (ansible_local|d() and ansible_local.checkmk_agent|d() and - ansible_local.checkmk_agent.checkmk_agent__plugin_list|d()) + when: checkmk_agent__combined_plugins|length > 0 - include: autojoin.yml tags: [ 'role::checkmk_agent:autojoin' ] diff --git a/tasks/setup_plugins.yml b/tasks/setup_plugins.yml index df384d1..9a80476 100644 --- a/tasks/setup_plugins.yml +++ b/tasks/setup_plugins.yml @@ -11,7 +11,13 @@ git: repo: '{{ checkmk_agent__git_repo }}' dest: '{{ checkmk_agent__git_dest }}' - version: '{{ "v" + checkmk_agent__register_package_dpkg_version.stdout.split("-")[0] if checkmk_agent__git_version == "auto" else checkmk_agent__git_version }}' + version: '{{ (checkmk_agent__git_version_map["v" + checkmk_agent__register_package_dpkg_version.stdout.split("-")[0]]|d("v" + checkmk_agent__register_package_dpkg_version.stdout.split("-")[0]) + if (checkmk_agent__git_version == "auto") + else (checkmk_agent__git_version_map[checkmk_agent__git_version]|d(checkmk_agent__git_version))) + if (checkmk_agent__git_version_unsigned_fallback|bool) + else ((checkmk_agent__git_version_map["v" + checkmk_agent__register_package_dpkg_version.stdout.split("-")[0]] + if (checkmk_agent__git_version == "auto") + else (checkmk_agent__git_version_map[checkmk_agent__git_version]))) }}' update: True tags: [ 'role::checkmk_agent:plugins:get' ] @@ -21,7 +27,7 @@ dest: '{{ checkmk_agent__plugin_path }}' checksum: True mode: 'push' - with_items: '{{ ansible_local.checkmk_agent.checkmk_agent__plugin_list }}' + with_items: '{{ checkmk_agent__combined_plugins }}' delegate_to: '{{ inventory_hostname }}' - name: Configure nginx_status plugin @@ -31,10 +37,11 @@ owner: 'root' group: 'root' mode: '0644' - when: (checkmk_agent__plugin_nginx_servers is defined and checkmk_agent__plugin_nginx_servers is not string) + register: checkmk_agent__register_nginx_status_config + when: ((checkmk_agent__plugin_nginx_servers != "automatic") and ("nginx_status" in checkmk_agent__combined_plugins)) - name: Ensure that nginx_status.cfg is absent for automatic detection file: path: '/etc/check_mk/nginx_status.cfg' state: 'absent' - when: (checkmk_agent__plugin_nginx_servers|d("automatic") == "automatic") + when: checkmk_agent__register_nginx_status_config|skipped diff --git a/tasks/xinetd.yml b/tasks/xinetd.yml index cb663a7..5365c5c 100644 --- a/tasks/xinetd.yml +++ b/tasks/xinetd.yml @@ -1,10 +1,10 @@ --- -- name: Install xinetd package - apt: +- name: Ensure the xinetd package is in the desired state + package: name: 'xinetd' - state: 'present' - install_recommends: False + ## Might also be used for other things. + # state: '{{ "present" if (checkmk_agent__deploy_state in ["present"]) else "absent" }}' - name: Divert original /etc/xinetd.d/check_mk command: dpkg-divert --quiet --local --divert /etc/xinetd.d/check_mk.dpkg-divert --rename /etc/xinetd.d/check_mk diff --git a/templates/etc/ansible/facts.d/checkmk_agent.fact.j2 b/templates/etc/ansible/facts.d/checkmk_agent.fact.j2 index 988acd1..a134ae4 100644 --- a/templates/etc/ansible/facts.d/checkmk_agent.fact.j2 +++ b/templates/etc/ansible/facts.d/checkmk_agent.fact.j2 @@ -1,9 +1,17 @@ -{% set checkmk_agent__tpl_plugin_list = checkmk_agent__plugin_list %} -{% if checkmk_agent__plugin_autodetect|d() %} -{% for hostgroup in hostvars[inventory_hostname]['group_names'] | intersect(checkmk_agent__group_plugin_map.keys()) %} -{% set _ = checkmk_agent__tpl_plugin_list.append(checkmk_agent__group_plugin_map[hostgroup]) %} +{% import 'templates/import/debops__tpl_macros.j2' as debops__tpl_macros with context %} +{% set checkmk_agent__tpl_plugins = checkmk_agent__plugins + checkmk_agent__group_plugins + checkmk_agent__host_plugins %} +{% if checkmk_agent__plugin_autodetect|d() | bool %} +{% set _ = checkmk_agent__tpl_plugins.append(checkmk_agent__autodetected_plugins) %} +{% for fact_name in ansible_local.keys() | intersect(checkmk_agent__facts_plugin_map.keys()) %} +{% if fact_name in ["mariadb", "mysql", "postgresql"] %} +{% if ansible_local[fact_name].server|d() in [ checkmk_agent__fqdn, "localhost" ] %} +{% set _ = checkmk_agent__tpl_plugins.append(checkmk_agent__facts_plugin_map[fact_name]) %} +{% endif %} +{% else %} +{% set _ = checkmk_agent__tpl_plugins.append(checkmk_agent__facts_plugin_map[fact_name]) %} +{% endif %} {% endfor %} {% endif %} -{ -"checkmk_agent__plugin_list" : {{ checkmk_agent__tpl_plugin_list | to_nice_json }} -} +{{ ({ + "plugins": (debops__tpl_macros.flattened(checkmk_agent__tpl_plugins) | from_json | unique), +}) | to_nice_json }} diff --git a/templates/etc/xinetd.d/check_mk.j2 b/templates/etc/xinetd.d/check_mk.j2 index 5f55440..5a6e8c8 100644 --- a/templates/etc/xinetd.d/check_mk.j2 +++ b/templates/etc/xinetd.d/check_mk.j2 @@ -10,16 +10,14 @@ service check_mk user = root server = {{ checkmk_agent__exec }} -{# # If you use fully redundant monitoring and poll the client - # from more then one monitoring servers in parallel you might - # want to use the agent cache wrapper: - #server = /usr/bin/check_mk_caching_agent -#} + # https://lists.debian.org/debian-ipv6/2007/03/msg00040.html + flags = IPv6 + # configure the IP address(es) of your Nagios server here: {% if checkmk_agent__allow | length > 0 %} only_from = {{ checkmk_agent__allow | join(' ') }} {% else %} - #only_from = 127.0.0.1 10.0.20.1 10.0.20.2 + #only_from = 127.0.0.1 2001:DB8::23 198.51.100.23 {% endif %} # Don't be too verbose. Don't log every check. This might be diff --git a/templates/import/debops__tpl_macros.j2 b/templates/import/debops__tpl_macros.j2 new file mode 100644 index 0000000..7a4cdf6 --- /dev/null +++ b/templates/import/debops__tpl_macros.j2 @@ -0,0 +1,192 @@ +{# vim: foldmarker=[[[,]]]:foldmethod=marker +# Commonly used set of macros in DebOps. +# It can be imported in repositories as needed. +# Changes to this file should go upstream: https://github.com/debops/debops-playbooks/blob/master/templates/debops__tpl_macros.j2 +# +# Copyright [[[ +# ============= +# +# Copyright (C) 2014-2017 Maciej Delmanowski +# Copyright (C) 2015-2017 Robin Schneider +# Copyright (C) 2014-2017 DebOps https://debops.org/ +# +# This file is part of DebOps. +# +# DebOps is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 3, as +# published by the Free Software Foundation. +# +# DebOps is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with DebOps. If not, see https://www.gnu.org/licenses/. +# +# ]]] +# +# Usage [[[ +# ========= +# +# Copy the template file to `./templates/import/debops__tpl_macros.j2` of your +# role and import it from there into various other templates or even use it +# in templates which are called by {{ lookup("template", ...) }}. +# +# Make sure to retain the filename of this file so that automatic updates of +# this file can be implemented. +# +# To use the macros in your own template, this file needs to be imported like so: +# +# {% import 'templates/import/debops__tpl_macros.j2' as debops__tpl_macros with context %} +# +# Then you can start using the macros like this: +# +# {{ debops__tpl_macros.indent(some_content, 4) }} +# +# ]]] #} + +{% macro get_yaml_list_for_elem(list_or_elem) %}{# [[[ #} +{{ ([ list_or_elem ] + if (list_or_elem is string or list_or_elem in [True, False]) + else (list_or_elem|list)) | to_nice_yaml }} +{% endmacro %}{# ]]] #} + +{% macro get_realm_yaml_list(domains, fallback_realm) %}{# [[[ #} +{% set custom_realm_list = [] %} +{% if domains and (ansible_local|d() and ansible_local.pki|d() and ansible_local.pki.known_realms|d()) %} +{% for domain in (get_yaml_list_for_elem(domains) | from_yaml) %} +{% if domain in ansible_local.pki.known_realms %} +{% set _ = custom_realm_list.append(domain) %} +{% elif (domain.split('.')[1:] | join('.')) in ansible_local.pki.known_realms %} +{% set _ = custom_realm_list.append(domain.split('.')[1:] | join('.')) %} +{% endif %} +{% endfor %} +{% endif %} +{% if custom_realm_list|length == 0 %} +{% set _ = custom_realm_list.append(fallback_realm) %} +{% endif %} +{{ custom_realm_list | to_nice_yaml }} +{% endmacro %}{# ]]] #} + +{% macro get_apache_version() %}{# [[[ #} +{{ ansible_local.apache.version + if (ansible_local|d() and ansible_local.apache|d() and + ansible_local.apache.version|d()) + else "2.4.0" -}} +{% endmacro %}{# ]]] #} + +{% macro get_apache_min_version() %}{# [[[ #} +{{ ansible_local.apache.min_version + if (ansible_local|d() and ansible_local.apache|d() and + ansible_local.apache.min_version|d()) + else "2.4.0" -}} +{% endmacro %}{# ]]] #} + +{% macro get_openssl_version() %}{# [[[ #} +{{ ansible_local.pki.openssl_version + if (ansible_local|d() and ansible_local.pki|d() and + ansible_local.pki.openssl_version|d()) + else "0.0.0" }} +{% endmacro %}{# ]]] #} + +{% macro get_gnutls_version() %}{# [[[ #} +{{ ansible_local.pki.gnutls_version + if (ansible_local|d() and ansible_local.pki|d() and + ansible_local.pki.gnutls_version|d()) + else "0.0.0" }} +{% endmacro %}{# ]]] #} + +{% macro indent(content, width=4, indentfirst=False) %}{# [[[ #} +{# Fixed version of the `indent` filter which does not insert trailing spaces on empty lines. +## Note that you can not use this macro like a filter but have to use it like a regular macro. +## Example: {{ debops__tpl_macros.indent(some_content, 4) }} +## +## Python re.sub seems to default to re.MULTILINE in Ansible. +#} +{{ content | indent(width, indentfirst) | regex_replace("[ \\t\\r\\f\\v]+(\\n|$)", "\\1") -}} +{% endmacro %}{# ]]] #} + +{% macro merge_dict(current_dict, to_merge_dict, dict_key='name') %}{# [[[ #} +{% set merged_dict = current_dict %} +{% if to_merge_dict %} +{% if to_merge_dict is mapping %} +{% for dict_name in to_merge_dict.keys() | sort %} +{% if to_merge_dict[dict_name][dict_key]|d() %} +{% set _ = merged_dict.update({to_merge_dict[dict_name][dict_key]:(current_dict[to_merge_dict[dict_name][dict_key]]|d({}) | combine(to_merge_dict[dict_name], recursive=True))}) %} +{% elif to_merge_dict[dict_name][dict_key] is undefined %} +{% set _ = merged_dict.update({dict_name:(current_dict[dict_name]|d({}) | combine(to_merge_dict[dict_name], recursive=True))}) %} +{% endif %} +{% endfor %} +{% elif to_merge_dict is not string and to_merge_dict is not mapping %} +{% set flattened_dict = lookup("flattened", to_merge_dict) %} +{% for element in ([ flattened_dict ] if flattened_dict is mapping else flattened_dict) %} +{% if element[dict_key]|d() %} +{% set _ = merged_dict.update({element[dict_key]:(current_dict[element[dict_key]]|d({}) | combine(element, recursive=True))}) %} +{% endif %} +{% endfor %} +{% endif %} +{% endif %} +{{ merged_dict | to_json }} +{% endmacro %}{# ]]] #} + +{% macro flattened() %}{# [[[ #} +{# This macro does what the flattened lookup from Ansible fails to do in Jinja templates as of Ansible 2.2. +## All macro arguments are flattened into one "flat" list. +## Uses a less known feature of Jinja for using the *args and *kwargs syntax as known from +## Python. Even if the macro does not declare any arguments, it will happily +## flatten any non-key-value arguments you provide. +## Additional key-value arguments can be used to influence the behavior of the macro. +## The macro uses recursion to flatten nested lists. +## Ref: https://stackoverflow.com/questions/13944751/args-kwargs-in-jinja2-macros +## Usage: +## +## {{ debops__tpl_macros.flattened(['list1', 55, ["deeplist1", "deeplist elem", True, False, undefined], {'mapping': True}], 'raw1', 22, True, False) }} +## → ["list1", 55, "deeplist1", "deeplist elem", true, false, "raw1", 22, true, false] +## +## {{ debops__tpl_macros.flattened(['list1', 55, ["deeplist1", "deeplist elem", True, False, undefined], {'mapping': True}], 'raw1', 22, True, False, filter_undef=False) }} +## → ["list1", 55, "deeplist1", "deeplist elem", true, false, null, "raw1", 22, true, false] +## +## {{ debops__tpl_macros.flattened(['list1', 55, ["deeplist1", "deeplist elem", True, False, undefined], {'mapping': True}], 'raw1', 22, True, False, filter_mapping=False) }} +## → ["list1", 55, "deeplist1", "deeplist elem", true, false, {"mapping": true}, "raw1", 22, true, false] +## +## Ansible versions tested with: 2.1, 2.2 +## Jinja versions tested with: 2.8.1 +#} +{% set filter_undef = kwargs.filter_undef|d(True) | bool %} +{% set filter_mapping = kwargs.filter_mapping|d(True) | bool %} +{# The following options are planned but currently don’t work: #} +{% set append_mapping_keys = kwargs.append_mapping_keys|d(False) | bool %} +{% set append_mapping_values = kwargs.append_mapping_values|d(False) | bool %} +{# +{{ "filter_undef:" + (filter_undef | string) }} +{{ "filter_mapping:" + (filter_mapping | string) }} +{{ "varargs:" + (varargs | string) }} +#} +{% set elem_flattened = [] %} +{% for arg in varargs %} +{# +{{ "arg: " + (arg | string) }} +#} +{% if filter_undef and (arg is undefined) %} +{# Filter out. #} +{% elif append_mapping_keys and (arg is mapping) %} +{# Does not work as of Jinja 2.8? #} +{% set _ = elem_flattened.extend(flattened(arg.keys(), filter_undef=filter_undef, filter_mapping=filter_mapping) | from_json) %} +{% elif append_mapping_values and (arg is mapping) %} +{# Does not work as of Jinja 2.8? #} +{% set _ = elem_flattened.extend(flattened(arg.values(), filter_undef=filter_undef, filter_mapping=filter_mapping) | from_json) %} +{% elif filter_mapping and (arg is mapping) %} +{# Filter out. #} +{% elif (arg is undefined) %} +{% set _ = elem_flattened.append(None) %} +{% elif (arg is string) or (arg is number) or (arg is sameas True) or (arg is sameas False) or (arg is mapping) %} +{% set _ = elem_flattened.append(arg) %} +{% elif (arg is iterable) %} +{% for element in arg %} +{% set _ = elem_flattened.extend(flattened(element, filter_undef=filter_undef, filter_mapping=filter_mapping) | from_json) %} +{% endfor %} +{% endif %} +{% endfor %} +{{ elem_flattened | to_json }} +{% endmacro %}{# ]]] #} diff --git a/vars/main.yml b/vars/main.yml index 94c85ec..02e9a59 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,11 +1,16 @@ --- +# vim: foldmarker=[[[,]]]:foldmethod=marker +# .. envvar:: checkmk_agent__default_host_attributes [[[ +# # Default WATO host attributes. This variable, when being merged with -# `checkmk_agent__host_attributes`, allows to successfully compare the WebAPI -# get_host() response in case the `contactgroups` key is set. +# :envvar:`checkmk_agent__host_attributes`, allows to successfully compare the WebAPI +# get_host() response in case the ``contactgroups`` key is set. checkmk_agent__default_host_attributes: contactgroups: recurse_perms: False recurse_use: False use: True use_for_services: False + + # ]]]