From b5ca5bbe052e6463146dbb0274c0e55050b99f3d Mon Sep 17 00:00:00 2001 From: Yves Heitz Date: Tue, 24 Jan 2017 10:08:57 +0100 Subject: [PATCH] Configure user, group and mode for config files (#2) * Add configs user,group and mode * review fixes --- .gitignore | 1 + .travis.yml | 25 ++++ CHANGELOG.md | 14 +++ Makefile | 108 ++++++++++++++++++ README.md | 28 ++--- defaults/main.yml | 13 ++- meta/main.yml | 3 + tasks/configs.yml | 7 +- tasks/gems.yml | 21 ++-- tasks/install.yml | 3 + .../configs/{default.json.j2 => default.j2} | 0 tests/config.yml | 28 +++++ tests/configs.yml | 48 ++++++++ tests/gems.yml | 25 ++++ tests/install.yml | 31 +++++ tests/pre_tasks/apt.yml | 26 +++++ 16 files changed, 350 insertions(+), 31 deletions(-) create mode 100644 .gitignore create mode 100644 .travis.yml create mode 100644 CHANGELOG.md create mode 100644 Makefile rename templates/configs/{default.json.j2 => default.j2} (100%) create mode 100644 tests/config.yml create mode 100644 tests/configs.yml create mode 100644 tests/gems.yml create mode 100644 tests/install.yml create mode 100644 tests/pre_tasks/apt.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8b2493f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/tests/*.retry diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..afcdfd1 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,25 @@ +language: generic + +sudo: required + +services: + - docker + +before_install: + - docker pull manala/ansible-debian:wheezy + - docker pull manala/ansible-debian:jessie + +script: + - make lint@wheezy + - make test@wheezy + - make lint@jessie + - make test@jessie + +notifications: + webhooks: + urls: + - https://galaxy.ansible.com/api/v1/notifications/ + - https://webhooks.gitter.im/e/430e0a92ad6370b7b805 + on_success: change + on_failure: always + on_start: never diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..4172317 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,14 @@ +# Change Log +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/) +and this project adheres to [Semantic Versioning](http://semver.org/). + +## [Unreleased] + +## [1.0.0] - 2016-01-24 + +### Added +- Install and configure sensu-server, sensu-client and sensu-api +- Install ruby gems +- Configure sensu checks diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..3747c9f --- /dev/null +++ b/Makefile @@ -0,0 +1,108 @@ +.SILENT: +.PHONY: help + +## Colors +COLOR_RESET = \033[0m +COLOR_INFO = \033[32m +COLOR_COMMENT = \033[33m + +## Role +ROLE_NAME = manala.sensu + +## Macros +DOCKER = docker run \ + --rm \ + --volume `pwd`:/etc/ansible/roles/${ROLE_NAME} \ + --volume `pwd`:/srv \ + --workdir /srv \ + --tty \ + --cap-add SYS_PTRACE \ + ${DOCKER_OPTIONS} \ + manala/ansible-debian:${DEBIAN_DISTRIBUTION} \ + ${DOCKER_COMMAND} + +## Help +help: + printf "${COLOR_COMMENT}Usage:${COLOR_RESET}\n" + printf " make [target]\n\n" + printf "${COLOR_COMMENT}Available targets:${COLOR_RESET}\n" + awk '/^[a-zA-Z\-\_0-9\.@]+:/ { \ + helpMessage = match(lastLine, /^## (.*)/); \ + if (helpMessage) { \ + helpCommand = substr($$1, 0, index($$1, ":")); \ + helpMessage = substr(lastLine, RSTART + 3, RLENGTH); \ + printf " ${COLOR_INFO}%-16s${COLOR_RESET} %s\n", helpCommand, helpMessage; \ + } \ + } \ + { lastLine = $$0 }' $(MAKEFILE_LIST) + +####### +# Dev # +####### + +dev@wheezy: DEBIAN_DISTRIBUTION = wheezy +dev@wheezy: DOCKER_OPTIONS = --interactive +dev@wheezy: DOCKER_COMMAND = /bin/bash +dev@wheezy: + printf "${COLOR_INFO}Run docker...${COLOR_RESET}\n" + $(DOCKER) + +dev@jessie: DEBIAN_DISTRIBUTION = jessie +dev@jessie: DOCKER_OPTIONS = --interactive +dev@jessie: DOCKER_COMMAND = /bin/bash +dev@jessie: + printf "${COLOR_INFO}Run docker...${COLOR_RESET}\n" + $(DOCKER) + +######## +# Lint # +######## + +lint@wheezy: DEBIAN_DISTRIBUTION = wheezy +lint@wheezy: DOCKER_COMMAND = make lint +lint@wheezy: + printf "${COLOR_INFO}Run docker...${COLOR_RESET}\n" + $(DOCKER) + +lint@jessie: DEBIAN_DISTRIBUTION = jessie +lint@jessie: DOCKER_COMMAND = make lint +lint@jessie: + printf "${COLOR_INFO}Run docker...${COLOR_RESET}\n" + $(DOCKER) + +lint: + ansible-lint -v . + +######## +# Test # +######## + +test@wheezy: DEBIAN_DISTRIBUTION = wheezy +test@wheezy: DOCKER_COMMAND = sh -c 'make test' +test@wheezy: + printf "${COLOR_INFO}Run docker...${COLOR_RESET}\n" + $(DOCKER) + +test@jessie: DEBIAN_DISTRIBUTION = jessie +test@jessie: DOCKER_COMMAND = sh -c 'make test' +test@jessie: + printf "${COLOR_INFO}Run docker...${COLOR_RESET}\n" + $(DOCKER) + +test: test-install test-config test-configs test-gems + +test-install: + ansible-playbook tests/install.yml --syntax-check + ansible-playbook tests/install.yml + +test-config: + ansible-playbook tests/config.yml --syntax-check + ansible-playbook tests/config.yml + +test-configs: + ansible-playbook tests/configs.yml --syntax-check + ansible-playbook tests/configs.yml + +test-gems: + ansible-playbook tests/gems.yml --syntax-check + ansible-playbook tests/gems.yml diff --git a/README.md b/README.md index 399fc0c..c38efb6 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,4 @@ -# Ansible Role: sensu - +# Ansible Role: sensu [![Build Status](https://travis-ci.org/manala/ansible-role-sensu.svg?branch=master)](https://travis-ci.org/manala/ansible-role-sensu) This role will deal with the setup of __sensu__. @@ -7,7 +6,7 @@ It's part of the Manala Ansible s ## Requirements -None. +This role is made to work with the __sensu__ official debian packages, available on the [__sensu__ debian repository](https://sensuapp.org/docs/0.26/platforms/sensu-on-ubuntu-debian.html#sensu-core). Please use the [**manala.apt**](https://galaxy.ansible.com/manala/apt/) role to handle it properly. ## Dependencies @@ -40,16 +39,19 @@ Using ansible galaxy requirements file: ## Role Variables -| Name | Default | Type | Description | -| ------------------------------- | --------------------- | ------ | ------------------------ | -| `manala_sensu_services` | [] | array | Enable and start sensu services (sensu-server, sensu-client, sensu-server) | -| `manala_sensu_gems` | [] | array | Install sensu gems (http://sensu-plugins.io/) | -| `manala_sensu_config_template` | ~ | string | | -| `manala_sensu_config` | [] | array | Sensu config directives | -| `manala_sensu_configs_template` | ~ | string | | -| `manala_sensu_configs` | [] | array | Sensu additional configs | -| `manala_sensu_configs_exclusive`| false | array | If true, will remove extra files in /etc/sensu/conf.d | -| `manala_sensu_checks` | [] | array | Sensu checks definitions | +| Name | Default | Type | Description | +| ------------------------------- | ---------------------- | ------ | -------------------------------------------------------------------------- | +| `manala_sensu_services` | [] | Array | Enable and start sensu services (sensu-server, sensu-client, sensu-server) | +| `manala_sensu_gems` | [] | Array | Install sensu gems (http://sensu-plugins.io/) | +| `manala_sensu_config_template` | config/empty.j2 | String | Sensu config base template | +| `manala_sensu_config` | [] | Array | Sensu config directives | +| `manala_sensu_configs_template` | configs/default.j2 | String | Sensu configs base template | +| `manala_sensu_configs` | [] | Array | Sensu additional configs | +| `manala_sensu_configs_exclusive`| false | Array | If true, will remove extra files in /etc/sensu/conf.d | +| `manala_sensu_configs_user | root | String | Name of the user that should own config files | +| `manala_sensu_configs_group | sensu | String | Name of the group that should own config files | +| `manala_sensu_configs_mode | 0640 | String | Config files mode | +| `manala_sensu_checks` | [] | Array | Sensu checks definitions | ### Configuration example diff --git a/defaults/main.yml b/defaults/main.yml index 0e60bf4..e6fb237 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,17 +1,22 @@ --- -manala_sensu_services: [] - -manala_sensu_gems: [] - # Config manala_sensu_config_template: ~ manala_sensu_config: [] +# Gems +manala_sensu_gems: [] + # Configs manala_sensu_configs_template: ~ manala_sensu_configs: [] manala_sensu_configs_exclusive: false +manala_sensu_configs_user: ~ +manala_sensu_configs_group: ~ +manala_sensu_configs_mode: ~ # Checks manala_sensu_checks: [] + +# Services +manala_sensu_services: [] diff --git a/meta/main.yml b/meta/main.yml index fa65eb6..0b84d28 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -15,4 +15,7 @@ galaxy_info: - wheezy - jessie galaxy_tags: + - alerting - monitoring + - system + - sensu diff --git a/tasks/configs.yml b/tasks/configs.yml index e396193..64ede50 100644 --- a/tasks/configs.yml +++ b/tasks/configs.yml @@ -2,8 +2,11 @@ - name: configs > Templates template: - src: "{{ item.template|default(manala_sensu_configs_template|ternary(manala_sensu_configs_template, 'configs/default.json.j2')) }}" - dest: "{{ manala_sensu_configs_dir }}/{{ item.file }}" + src: "{{ item.template|default(manala_sensu_configs_template|ternary(manala_sensu_configs_template, 'configs/default.j2')) }}" + dest: "{{ manala_sensu_configs_dir }}/{{ item.file }}" + owner: "{{ item.user|default(manala_sensu_configs_user|ternary(manala_sensu_configs_user, 'root')) }}" + group: "{{ item.group|default(manala_sensu_configs_group|ternary(manala_sensu_configs_group, 'root')) }}" + mode: "{{ item.mode|default(manala_sensu_configs_mode|ternary(manala_sensu_configs_mode, '0644')) }}" with_items: "{{ manala_sensu_configs }}" notify: - sensu restart diff --git a/tasks/gems.yml b/tasks/gems.yml index 2ab1588..36aebf2 100644 --- a/tasks/gems.yml +++ b/tasks/gems.yml @@ -1,17 +1,14 @@ --- -- set_fact: - _manala_sensu_embedded_ruby: "{{ manala_sensu_config.EMBEDDED_RUBY|default(false) }}" - - name: packages > Setup gem packages gem: - name: "{{ item.name }}" - executable: "{{ item.executable|default('/opt/sensu/embedded/bin/gem' if _manala_sensu_embedded_ruby else omit) }}" - gem_source: "{{ item.gem_source|default(omit) }}" - include_dependencies: "{{ item.include_dependencies|default(omit) }}" - pre_release: "{{ item.pre_release|default(omit) }}" - repository: "{{ item.repository|default(omit) }}" - state: "{{ item.state|default(omit) }}" - user_install: "{{ item.user_install|default(false) }}" - version: "{{ item.version|default(omit) }}" + name: "{{ item.name }}" + executable: "{{ item.executable|default((manala_sensu_config.EMBEDDED_RUBY|default(false))|ternary('/opt/sensu/embedded/bin/gem', omit)) }}" + gem_source: "{{ item.gem_source|default(omit) }}" + include_dependencies: "{{ item.include_dependencies|default(omit) }}" + pre_release: "{{ item.pre_release|default(omit) }}" + repository: "{{ item.repository|default(omit) }}" + state: "{{ item.state|default(omit) }}" + user_install: "{{ item.user_install|default(false) }}" + version: "{{ item.version|default(omit) }}" with_items: "{{ manala_sensu_gems }}" diff --git a/tasks/install.yml b/tasks/install.yml index 5196c6e..36ee264 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -4,5 +4,8 @@ apt: name: "{{ item }}" state: present + install_recommends: false + update_cache: true + cache_valid_time: 3600 with_items: - sensu diff --git a/templates/configs/default.json.j2 b/templates/configs/default.j2 similarity index 100% rename from templates/configs/default.json.j2 rename to templates/configs/default.j2 diff --git a/tests/config.yml b/tests/config.yml new file mode 100644 index 0000000..8437eff --- /dev/null +++ b/tests/config.yml @@ -0,0 +1,28 @@ +--- + +- hosts: all + + vars: + manala_sensu_config: + EMBEDDED_RUBY: true + LOG_LEVEL: warn + + pre_tasks: + - include: pre_tasks/apt.yml + + roles: + - manala.sensu + + post_tasks: + + - name: Goss + raw: "{{ 'echo \"' ~ item|to_yaml ~ '\"|goss -g - validate' }}" + with_items: + - file: + /etc/default/sensu: + exists: true + owner: root + group: root + contains: + - EMBEDDED_RUBY=true + - LOG_LEVEL=warn diff --git a/tests/configs.yml b/tests/configs.yml new file mode 100644 index 0000000..331bfd1 --- /dev/null +++ b/tests/configs.yml @@ -0,0 +1,48 @@ +--- + +- hosts: all + + vars: + manala_sensu_configs_user: root + manala_sensu_configs_group: sensu + manala_sensu_configs_mode: '0640' + + manala_sensu_configs: + - file: transport.json + config: + transport: + name: redis + - file: redis.json + user: sensu + group: sensu + mode: '0600' + config: + redis: + host: localhost + + pre_tasks: + - include: pre_tasks/apt.yml + + roles: + - manala.sensu + + post_tasks: + + - name: Goss + raw: "{{ 'echo \"' ~ item|to_yaml ~ '\"|goss -g - validate' }}" + with_items: + - file: + /etc/sensu/conf.d/transport.json: + exists: true + owner: root + group: sensu + mode: '0640' + contains: + - redis + /etc/sensu/conf.d/redis.json: + exists: true + owner: sensu + group: sensu + mode: '0600' + contains: + - localhost diff --git a/tests/gems.yml b/tests/gems.yml new file mode 100644 index 0000000..02003d3 --- /dev/null +++ b/tests/gems.yml @@ -0,0 +1,25 @@ +--- + +- hosts: all + + vars: + manala_sensu_config: + EMBEDDED_RUBY: true + manala_sensu_gems: + - name: sensu-plugins-slack + version: 1.0.0 + + pre_tasks: + - include: pre_tasks/apt.yml + + roles: + - manala.sensu + + post_tasks: + + - name: Goss + raw: "{{ 'echo \"' ~ item|to_yaml ~ '\"|goss -g - validate' }}" + with_items: + - command: + /opt/sensu/embedded/bin/gem list|grep sensu-plugins-slack: + exit-status: 0 diff --git a/tests/install.yml b/tests/install.yml new file mode 100644 index 0000000..093fbe1 --- /dev/null +++ b/tests/install.yml @@ -0,0 +1,31 @@ +--- + +- hosts: all + + vars: + manala_sensu_services: + - sensu-server + - sensu-api + - sensu-client + + pre_tasks: + - include: pre_tasks/apt.yml + + roles: + - manala.sensu + + post_tasks: + + - name: Goss + raw: "{{ 'echo \"' ~ item|to_yaml ~ '\"|goss -g - validate' }}" + with_items: + - package: + sensu: + installed: true + - process: + sensu-server: + running: true + sensu-api: + running: true + sensu-client: + running: true diff --git a/tests/pre_tasks/apt.yml b/tests/pre_tasks/apt.yml new file mode 100644 index 0000000..dc9b5e6 --- /dev/null +++ b/tests/pre_tasks/apt.yml @@ -0,0 +1,26 @@ +--- + +- name: Pre tasks > Clean sensu packages + apt: + package: sensu* + state: absent + purge: true + ignore_errors: true + +- name: Pre tasks > Clean sensu config + file: + path: "{{ item }}" + state: absent + with_items: + - /etc/sensu + - /default/sensu + - /var/log/sensu + +- name: Pre tasks > Sensu apt key + apt_key: + url: http://repositories.sensuapp.org/apt/pubkey.gpg + id: EB9C94BB + +- name: Pre tasks > Sensu apt repository + apt_repository: + repo: deb http://repositories.sensuapp.org/apt sensu main