From 15336acf4a8f5577ba5b49480f1604275f583423 Mon Sep 17 00:00:00 2001 From: Dan Ragnar Date: Thu, 8 Feb 2018 23:09:50 +0100 Subject: [PATCH 1/7] Fix empty list comparison throwing valueerror --- tasks/plugins.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/plugins.yml b/tasks/plugins.yml index ec963d2d..c44fe679 100644 --- a/tasks/plugins.yml +++ b/tasks/plugins.yml @@ -25,7 +25,7 @@ shell: umask 0022; sensu-install -p {{ item }} with_items: "{{ sensu_remote_plugins }}" changed_when: false - when: sensu_remote_plugins > 0 + when: sensu_remote_plugins | length > 0 - name: Register available checks local_action: command ls {{ static_data_store }}/sensu/checks From 48d174ffbfc7f5a28fc662c39b72020fb67fb0b0 Mon Sep 17 00:00:00 2001 From: Dan Ragnar Date: Thu, 8 Feb 2018 23:10:13 +0100 Subject: [PATCH 2/7] Allow using remote_src for rabbit ssl config --- tasks/rabbit.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/rabbit.yml b/tasks/rabbit.yml index fb5ae395..f4deb9c4 100644 --- a/tasks/rabbit.yml +++ b/tasks/rabbit.yml @@ -9,11 +9,11 @@ file: dest={{ rabbitmq_config_path }}/ssl state=directory - name: Ensure RabbitMQ SSL certs/keys are in place - copy: src={{ item }} dest={{ rabbitmq_config_path }}/ssl + copy: src="{{ item.src }}" dest="{{ rabbitmq_config_path }}/ssl/{{ item.dest }}" remote_src="{{ sensu_ssl_deploy_remote_src }}" with_items: - - "{{ sensu_ssl_server_cacert }}" - - "{{ sensu_ssl_server_cert }}" - - "{{ sensu_ssl_server_key }}" + - { src: "{{ sensu_ssl_server_cacert }}", dest: cacert.pem } + - { src: "{{ sensu_ssl_server_cert }}", dest: cert.pem } + - { src: "{{ sensu_ssl_server_key }}", dest: key.pem } notify: - restart rabbitmq service - restart sensu-api service From 2b18bb5f2a6bb567f33f55288772089e151b95f8 Mon Sep 17 00:00:00 2001 From: Dan Ragnar Date: Thu, 8 Feb 2018 23:11:10 +0100 Subject: [PATCH 3/7] Allow configuring no user for sensu-api --- templates/sensu-api.json.j2 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/templates/sensu-api.json.j2 b/templates/sensu-api.json.j2 index 526c2163..f94cd6ce 100644 --- a/templates/sensu-api.json.j2 +++ b/templates/sensu-api.json.j2 @@ -1,8 +1,10 @@ { "api": { - "host": "{{ sensu_api_host }}", - "port": {{ sensu_api_port }}, + {% if sensu_api_user_name | length > 0 %} "user": "{{ sensu_api_user_name }}", - "password": "{{ sensu_api_password }}" + "password": "{{ sensu_api_password }}", + {% endif %} + "host": "{{ sensu_api_host }}", + "port": {{ sensu_api_port }} } } From 6b316bc9a9a52a59ce870c169c57bae85dfe5988 Mon Sep 17 00:00:00 2001 From: Dan Ragnar Date: Thu, 8 Feb 2018 23:11:43 +0100 Subject: [PATCH 4/7] Allow no user for uchiwa --- templates/uchiwa_config.json.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/uchiwa_config.json.j2 b/templates/uchiwa_config.json.j2 index ce3749ca..7c13f29f 100644 --- a/templates/uchiwa_config.json.j2 +++ b/templates/uchiwa_config.json.j2 @@ -5,8 +5,10 @@ "host": "{{ sensu_api_host }}", "ssl": {{ sensu_api_ssl | lower }}, "port": {{ uchiwa_sensu_api_port }}, + {% if sensu_api_user_name | length > 0 %} "user": "{{ sensu_api_user_name }}", "pass": "{{ sensu_api_password }}", + {% endif %} "path": "{{ sensu_api_uchiwa_path }}", "timeout": {{ sensu_api_timeout }} } From 9b16ef2b4ed1e8b1090dab20952db2bf7fe8b18a Mon Sep 17 00:00:00 2001 From: Dan Ragnar Date: Fri, 9 Feb 2018 13:53:56 +0100 Subject: [PATCH 5/7] Change sensu_remote_plugins default to empty list --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index dd3f0491..5dee100e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -76,7 +76,7 @@ sensu_include_dashboard: false sensu_master: false sensu_client: true sensu_user_name: sensu -sensu_remote_plugins: ~ +sensu_remote_plugins: [] sensu_transport: rabbitmq sensu_client_name: "{{ ansible_hostname }}" sensu_client_subscriptions: "{{ group_names }}" From 5913aa2d34c0fb3df85403527032845d1cbaee5b Mon Sep 17 00:00:00 2001 From: Dan Ragnar Date: Fri, 9 Feb 2018 14:02:28 +0100 Subject: [PATCH 6/7] Fix def check and check for uchiwa user --- templates/sensu-api.json.j2 | 2 +- templates/uchiwa_config.json.j2 | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/templates/sensu-api.json.j2 b/templates/sensu-api.json.j2 index f94cd6ce..dfcb373d 100644 --- a/templates/sensu-api.json.j2 +++ b/templates/sensu-api.json.j2 @@ -1,6 +1,6 @@ { "api": { - {% if sensu_api_user_name | length > 0 %} + {% if sensu_api_user_name %} "user": "{{ sensu_api_user_name }}", "password": "{{ sensu_api_password }}", {% endif %} diff --git a/templates/uchiwa_config.json.j2 b/templates/uchiwa_config.json.j2 index 7c13f29f..f2c39203 100644 --- a/templates/uchiwa_config.json.j2 +++ b/templates/uchiwa_config.json.j2 @@ -5,7 +5,7 @@ "host": "{{ sensu_api_host }}", "ssl": {{ sensu_api_ssl | lower }}, "port": {{ uchiwa_sensu_api_port }}, - {% if sensu_api_user_name | length > 0 %} + {% if sensu_api_user_name %} "user": "{{ sensu_api_user_name }}", "pass": "{{ sensu_api_password }}", {% endif %} @@ -14,7 +14,9 @@ } ], "uchiwa": { + {% if uchiwa_users %} "users": {{ uchiwa_users | to_nice_json }}, + {% endif %} "port": {{ uchiwa_port }}, {% if uchiwa_auth_privatekey %} "auth": { From 8532bc0eba96aedd6b232cc41efefcfe91f03116 Mon Sep 17 00:00:00 2001 From: Dan Ragnar Date: Fri, 9 Feb 2018 15:14:46 +0100 Subject: [PATCH 7/7] Update changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 61f71800..0b5887c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ This project adheres to [Semantic Versioning](http://semver.org/) The format is based on [Keep a Changelog](http://keepachangelog.com/). ## [Unreleased] +### Fixed +- `defaults/main.yaml`,`tasks/plugins.yml`: Fix Python 3.X compatability issue when checking the contents of sensu_remote_plugins. (@danragnar) + +### Added +- `templates/sensu-api-json.j2`, `templates/uchiwa_config.json.j2`: Check for explicitly defining uchiwa_users and sensu_api_user_name as empty to disable authentication, useful when having a reverse proxy handling auth in front of the API and/or the uchiwa dashboard (@danragnar) +- `tasks/rabbit.yml`: Consistency of remote_src option for rabbitmq and sensu when copying SSL cert/key files. Useful if certificates are generated by another CA (e.g. FreeIPA) on the sensu host. (@danragnar) ## [2.0.0] - 2018-02-07 ### Breaking Change