-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Complete rework of the role to simplify distributed site setup #53
Open
ganto
wants to merge
34
commits into
debops-contrib:master
Choose a base branch
from
ganto:distributed-rework
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+928
−633
Open
Changes from 20 commits
Commits
Show all changes
34 commits
Select commit
Hold shift + click to select a range
5075df2
Remove unneeded variables
ganto 66259aa
Add current status of site creation
ganto ee665af
Fix 'multisite_password', set required 'multisite_alias'
ganto 7b8dbc2
Set credential paths related to the inventory name instead of fqdn
ganto 821688e
Convert user setup to run for distributed sites in 'checkmk_servers__…
ganto 21a2bfa
Iterate user setup tasks over all distributed sites
ganto 2954cc2
Make distributed site login and config work with new site definition
ganto 231d06e
Remove unused variables
ganto 9128633
Create new env sub-role for site setup, write site facts
ganto 3ea7723
Adjust home that it matches the user created by 'omd'
ganto 333b001
Use user__dependent_accounts and etc_services__dependent_list from facts
ganto 6b8fd58
Make sure the checkmk_server/env tasks are run by all play hosts
ganto 1737762
Leverage ssh key setup from debops.users role, set public key local fact
ganto 81f078a
Read correct facts after changes, add SSH authorized_keys setup
ganto a726abf
Add users to 'sshusers' group which allows SSH login
ganto 81810fd
Run config synchronization to slave site via rsync
ganto e51f79f
Update playbook to use the 'checkmk_server/env' and 'debops.users' roles
ganto 0d0a2fb
Rename 'checkmk_server__hostname' to 'checkmk_server__fqdn' for consi…
ganto 5b01f6c
Fix applying custom patches, remove env role debugging
ganto bae1222
Leverage 'debops.apache' role for local reverse proxy configuration
ganto 53c1e53
Explicitly define Apache configuration includes provided by Check_MK
ganto 97aceb8
Remove HTTP-related ferm rules now handled by 'apache__ferm__dependen…
ganto 1924a7a
Generate ferm rules for livestatus according to the configured sites
ganto 5635218
Fix 'apache__dependent_snippets' configuration
ganto b2c4951
Remove some debugging code
ganto af9d305
Define dependent vars in defaults, don't fail with no facts
ganto cdfb4e3
Run tests on Ubuntu trusty as precise is EOL
ganto c5717d4
Create master site if 'checkmk_server__site' is defined
ganto 35bc317
Don't fail if 'mod_headers' is not (yet) enabled
ganto e641ae7
Properly set and update local facts from the correct context
ganto 5bc3e41
Adjust the fact that local facts are stored as dict not lists
ganto 5c0a5da
Adjust SSH public key lookup to new facts layout
ganto 6a5c4f5
Update dependency to Ansible >=2.3.0
ganto 4d0e8ca
Clarify comments in the local facts template
ganto File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../defaults |
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- | ||
# IMPORTANT: | ||
# These tasks are run for each Check_MK site defined | ||
# in `checkmk_server__sites`. This means they can run multiple | ||
# times per server. If the monitoring site is a remote slave, | ||
# they might even run on a different server. The site configuration | ||
# is available through `site_item`. | ||
|
||
- name: Create Check_MK site | ||
command: omd create '{{ site_item.name }}' | ||
args: | ||
creates: '{{ site_item.home }}/etc/omd/site.conf' | ||
delegate_to: '{{ site_item.delegate_to | ||
if (not site_item.delegate_to == inventory_hostname) else omit }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../tasks/facts.yml |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NIce work! I guess the Apache omd snippet could be disabled and instead be included in
checkmk_server__apache__dependent_vhosts
to ensure that omd is only available for this vhost.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ya, I thought about that, but I wasn't sure how to properly do this. To add the snipped to the vhost I guess I have to define
include: '/omd/apache/*.conf'
but how do I get rid of theconf-enabled/zzz_omd.conf
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something like:
should do.
For the vhost,
item.include: [ '/omd/apache/*.conf' ]
can be tried.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the snippet configuration as you suggested. However, it fails with:
I didn't find a successful way to tell the role that this configuration is provided externally. Any suggestion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My mistake, excuse me. Try:
type: 'dont-create'
is there specifically for your usecase, as documented 😉Have you seen the nice documenteion of the role btw? Ref: https://docs.debops.org/en/latest/ansible/roles/ansible-apache/docs/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack, my bad. I read the documentation, but not far enough 😉 I had in mind there is only
raw
anddivert
. I guess I was a bit confused by the following sentence: