diff --git a/.ansible-lint b/.ansible-lint index 03c0023e..ac3698ad 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,2 +1,9 @@ skip_list: - 'yaml' + - unnamed-task +warn_list: + - command-instead-of-shell + - risky-file-permissions + - literal-compare + - meta-incorrect + - meta-no-info diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index a2fe613f..b82dbc71 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -2,6 +2,22 @@ - name: Converge hosts: all + vars: + icinga2_confd: false + icinga2_features: + - name: checker + - name: mainlog + - name: api + ca_host: none + endpoints: + - name: "{{ ansible_fqdn }}" + zones: + - name: "main" + endpoints: + - "{{ ansible_fqdn }}" + icinga2_config_directories: + - zones.d/main/hosts + - zones.d/main/services collections: icinga.icinga tasks: diff --git a/molecule/default/host_vars/icinga-default.yaml b/molecule/default/host_vars/icinga-default.yaml new file mode 100644 index 00000000..09a4cbb3 --- /dev/null +++ b/molecule/default/host_vars/icinga-default.yaml @@ -0,0 +1,47 @@ +icinga2_objects: + icinga-default: + - name: agent.localdomain + type: Endpoint + file: zones.d/main/hosts/agent.localdomain.conf + - name: agent.localdomain + type: Zone + file: zones.d/main/hosts/agent.localdomain.conf + parent: main + endpoints: + - agent.localdomain + - name: agent.localdomain + type: Host + file: zones.d/main/hosts/agent.localdomain.conf + check_command: hostalive + address: 127.0.0.1 + check_interval: 3m + - name: generic-service + type: Service + file: zones.d/main/services/services.conf + template: true + check_interval: 300s + retry_interval: 30s + order: 1 + - name: ping + type: Service + apply: true + file: zones.d/main/services/services.conf + imports: + - generic-service + check_command: ping4 + assign: + - host.address + ignore: + - match(no*, host.name) + - name: group-ping + type: ServiceGroup + file: zones.d/main/servicegroups.conf + display_name: "Ping Services" + assign: + - match(ping*, service.check_command) + - name: group-linux + type: HostGroup + file: zones.d/main/hostgroups.conf + display_name: Linux Hosts + assign: + - match(linux, host.vars.os) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 5f0621f9..bf18f05f 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -13,9 +13,13 @@ platforms: pre_build_image: true provisioner: name: ansible + inventory: + link: + host_vars: host_vars/ verifier: - name: ansible + name: testinfra + directory: tests/integration/ lint: | set -e - yamllint . - ansible-lint . + yamllint --no-warnings roles/ + ansible-lint roles/ diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 24953e61..cc5bbc56 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -5,7 +5,7 @@ - name: Install requirements for Debian apt: name: - - gpg - - apt-transport-https + - gpg + - apt-transport-https update_cache: yes when: ansible_os_family == "Debian" diff --git a/molecule/default/tests/integration/test_icinga2.py b/molecule/default/tests/integration/test_icinga2.py new file mode 100644 index 00000000..9ef97451 --- /dev/null +++ b/molecule/default/tests/integration/test_icinga2.py @@ -0,0 +1,119 @@ +def test_icinga2_package(host): + icinga2_pkg = host.package("icinga2") + assert icinga2_pkg.is_installed + +def test_icinga2_configdir(host): + icinga2_cdir = host.file("/etc/icinga2/zones.d/main") + assert icinga2_cdir.is_directory + if host.system_info.distribution == 'centos': + assert icinga2_cdir.user == "icinga" + assert icinga2_cdir.group == "icinga" + if host.system_info.distribution == 'debian': + assert icinga2_cdir.user == "nagios" + assert icinga2_cdir.group == "nagios" + +def test_icinga2_zones_dir(host): + i2_zones_dir = host.file("/etc/icinga2/zones.d/main/hosts") + if host.system_info.distribution == 'centos': + assert i2_zones_dir.is_directory + assert i2_zones_dir.user == "icinga" + assert i2_zones_dir.group == "icinga" + if host.system_info.distribution == 'debian': + assert i2_zones_dir.is_directory + assert i2_zones_dir.user == "nagios" + assert i2_zones_dir.group == "nagios" + +def test_icinga2_object_host(host): + i2_file = host.file("/etc/icinga2/zones.d/main/hosts/agent.localdomain.conf") + print(i2_file.content_string) + assert i2_file.is_file + assert i2_file.contains('object Zone "agent.localdomain" {') + assert i2_file.contains('object Endpoint "agent.localdomain" {') + assert i2_file.contains('object Host "agent.localdomain" {') + if host.system_info.distribution == 'centos': + assert i2_file.user == "icinga" + assert i2_file.group == "icinga" + assert i2_file.mode == 0o644 + if host.system_info.distribution == 'debian': + assert i2_file.user == "nagios" + assert i2_file.group == "nagios" + assert i2_file.mode == 0o644 + +def test_icinga2_object_service(host): + i2_file = host.file("/etc/icinga2/zones.d/main/services/services.conf") + print(i2_file.content_string) + assert i2_file.is_file + assert i2_file.contains('apply Service "ping" {') + assert i2_file.contains('template Service "generic-service" {') + if host.system_info.distribution == 'centos': + assert i2_file.user == "icinga" + assert i2_file.group == "icinga" + assert i2_file.mode == 0o644 + if host.system_info.distribution == 'debian': + assert i2_file.user == "nagios" + assert i2_file.group == "nagios" + assert i2_file.mode == 0o644 + +def test_icinga2_certificate(host): + i2_file = host.file("/var/lib/icinga2/certs/icinga-default.crt") + assert i2_file.is_file + if host.system_info.distribution == 'centos': + assert i2_file.user == "icinga" + assert i2_file.group == "icinga" + assert i2_file.mode == 0o644 + if host.system_info.distribution == 'debian': + assert i2_file.user == "nagios" + assert i2_file.group == "nagios" + assert i2_file.mode == 0o644 + +def test_icinga2_crt_key(host): + i2_file = host.file("/var/lib/icinga2/certs/icinga-default.key") + assert i2_file.is_file + if host.system_info.distribution == 'centos': + assert i2_file.user == "icinga" + assert i2_file.group == "icinga" + assert i2_file.mode == 0o600 + if host.system_info.distribution == 'debian': + assert i2_file.user == "nagios" + assert i2_file.group == "nagios" + assert i2_file.mode == 0o600 + +def test_icinga2_dir(host): + icinga2_dir = host.file("/etc/icinga2") + assert icinga2_dir.is_directory + +def test_icinga2_feature_checker(host): + i2_file = host.file("/etc/icinga2/features-available/checker.conf") + i2_link = host.file("/etc/icinga2/features-enabled/checker.conf") + assert i2_file.exists + assert i2_link.linked_to == "/etc/icinga2/features-available/checker.conf" + if host.system_info.distribution == 'centos': + assert i2_file.user == "icinga" + assert i2_file.group == "icinga" + if host.system_info.distribution == 'debian': + assert i2_file.user == "nagios" + assert i2_file.group == "nagios" + +def test_icinga2_feature_mainlog(host): + i2_file = host.file("/etc/icinga2/features-available/mainlog.conf") + i2_link = host.file("/etc/icinga2/features-enabled/mainlog.conf") + assert i2_file.exists + assert i2_link.linked_to == "/etc/icinga2/features-available/mainlog.conf" + if host.system_info.distribution == 'centos': + assert i2_file.user == "icinga" + assert i2_file.group == "icinga" + if host.system_info.distribution == 'debian': + assert i2_file.user == "nagios" + assert i2_file.group == "nagios" + +def test_icinga2_feature_api(host): + i2_file = host.file("/etc/icinga2/features-available/api.conf") + i2_link = host.file("/etc/icinga2/features-enabled/api.conf") + assert i2_file.exists + assert i2_link.linked_to == "/etc/icinga2/features-available/api.conf" + if host.system_info.distribution == 'centos': + assert i2_file.user == "icinga" + assert i2_file.group == "icinga" + if host.system_info.distribution == 'debian': + assert i2_file.user == "nagios" + assert i2_file.group == "nagios" diff --git a/molecule/default/tests/integration/test_repos.py b/molecule/default/tests/integration/test_repos.py new file mode 100644 index 00000000..692954c2 --- /dev/null +++ b/molecule/default/tests/integration/test_repos.py @@ -0,0 +1,9 @@ +def test_repos(host): + if host.system_info.distribution == 'debian': + repofile = host.file("/etc/apt/sources.list.d/icinga.list") + assert repofile.is_file + assert repofile.user == "root" + if host.system_info.distribution == 'centos': + repofile = host.file("/etc/yum.repos.d/ICINGA-release.repo") + assert repofile.is_file + assert repofile.user == "root" diff --git a/molecule/default/tests/integration/test_service.py b/molecule/default/tests/integration/test_service.py new file mode 100644 index 00000000..bfcd0cdc --- /dev/null +++ b/molecule/default/tests/integration/test_service.py @@ -0,0 +1,4 @@ +def test_icinga2_service(host): + service = host.service("icinga2") + assert service.is_running + assert service.is_enabled diff --git a/requirements-test.txt b/requirements-test.txt index 5a5565fc..8d073762 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -2,3 +2,4 @@ ansible ansible-lint molecule molecule-docker +pytest-testinfra diff --git a/roles/icinga2/tasks/configure.yml b/roles/icinga2/tasks/configure.yml index 01ae2fed..e21c99aa 100644 --- a/roles/icinga2/tasks/configure.yml +++ b/roles/icinga2/tasks/configure.yml @@ -84,6 +84,8 @@ src: "{{ item.path }}" dest: "{{ item.path |regex_replace('^'+icinga2_fragments_path, '/etc/icinga2') }}" delimiter: ' ' + owner: "{{ icinga2_user }}" + group: "{{ icinga2_group }}" loop: "{{ result.files }}" notify: reload icinga2 service diff --git a/roles/icinga2/tasks/features/api.yml b/roles/icinga2/tasks/features/api.yml index 9029a1db..c4fb4582 100644 --- a/roles/icinga2/tasks/features/api.yml +++ b/roles/icinga2/tasks/features/api.yml @@ -139,6 +139,8 @@ copy: src: "{{ icinga2_ca_path }}/ca.crt" dest: "{{ icinga2_cert_path }}/ca.crt" + owner: "{{ icinga2_user }}" + group: "{{ icinga2_group }}" remote_src: yes when: icinga2_ca_host == 'none' when: (icinga2_ssl_cert_path.stat.exists == false or icinga2_ssl_key_path.stat.exists == false or icinga2_force_newcert) and icinga2_ssl_cacert is not defined