Merge branch 'master' into feature-deploy-client-definitions

.travis.yml

@@ -0,0 +1,20 @@
+---
+group: travis_lts
+services: docker
+env:
+  - distro: centos7
+  - distro: ubuntu1404
+  - distro: ubuntu1604
+  - distro: debian8
+  - distro: debian9
+before_install:
+  - 'docker pull geerlingguy/docker-${distro}-ansible:latest'
+script:
+  - export container_id=$(date +%s)
+  - export cleanup=false
+  - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
+  - chmod +x ${PWD}/tests/test.sh
+  - ${PWD}/tests/test.sh
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

README.md

@@ -1,6 +1,6 @@
-# Sensu [![Ansible Galaxy](https://img.shields.io/badge/galaxy-cmacrae.sensu-660198.svg?style=flat)](https://galaxy.ansible.com/cmacrae/sensu/)
+# Sensu [![Ansible Galaxy](https://img.shields.io/badge/galaxy-cmacrae.sensu-660198.svg?style=flat)](https://galaxy.ansible.com/cmacrae/sensu/) [![Build Status](https://travis-ci.org/sensu/sensu-ansible.svg?branch=master)](https://travis-ci.org/sensu/sensu-ansible)
 
-[![Join the chat at https://gitter.im/cmacrae/ansible-sensu](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/cmacrae/ansible-sensu?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Join the chat at https://slack.sensu.io/](https://slack.sensu.io/badge.svg)](https://slack.sensu.io/)
 
 This role deploys a full [Sensu](https://sensuapp.org) stack, a modern, open source monitoring framework.
 
@@ -14,7 +14,7 @@ This role deploys a full [Sensu](https://sensuapp.org) stack, a modern, open sou
 - Highly configurable
 
 ## Batteries included, but not imposed
-Along with deploying the Sensu Server, API and clients, this role can deploy a full stack: [RabbitMQ](http://www.rabbitmq.com/), [redis](http://redis.io), and the [Uchiwa dashboard](https://uchiwa.io/#/).  
+Along with deploying the Sensu Server, API and clients, this role can deploy a full stack: [RabbitMQ](http://www.rabbitmq.com/), [redis](http://redis.io), and the [Uchiwa dashboard](https://uchiwa.io/#/).
 However, if you want to rely on other roles/management methods to deploy/manage these services, [it's nice and easy to integrate this role](http://ansible-sensu.readthedocs.io/en/latest/integration/).
 
 ## Documentation [![Documentation](https://readthedocs.org/projects/ansible-sensu/badge/?version=latest)](http://ansible-sensu.readthedocs.io/en/latest/)
@@ -57,7 +57,7 @@ Or, passing parameter values:
 ``` yaml
   - hosts: sensu_masters
     roles:
-	  - { role: cmacrae.sensu, sensu_master: true, sensu_include_dashboard: true  }
+      - { role: cmacrae.sensu, sensu_master: true, sensu_include_dashboard: true  }
 ```
 
 License
@@ -71,7 +71,7 @@ Created by [Calum MacRae](http://cmacr.ae)
 ### Contributors
 Stephen Muth - ([@smuth4](https://github.com/smuth4))
 
-Feel free to:  
-Contact me - [@calumacrae](https://twitter.com/calumacrae), [mailto:calum0macrae@gmail.com](calum0macrae@gmail.com)  
-[Raise an issue](https://github.com/cmacrae/ansible-sensu/issues)  
-[Contribute](https://github.com/cmacrae/ansible-sensu/pulls)  
+Feel free to:
+Contact me - [@calumacrae](https://twitter.com/calumacrae), [mailto:calum0macrae@gmail.com](calum0macrae@gmail.com)
+[Raise an issue](https://github.com/cmacrae/ansible-sensu/issues)
+[Contribute](https://github.com/cmacrae/ansible-sensu/pulls)

defaults/main.yml

@@ -12,9 +12,10 @@ sensu_enterprise_package: sensu-enterprise
 sensu_enterprise_dashboard_package: sensu-enterprise-dashboard
 
 # Sensu repo urls
-sensu_yum_repo_url: "http://repositories.sensuapp.org/yum/$releasever/$basearch/"
-sensu_apt_repo_url: "deb     http://repositories.sensuapp.org/apt {{ ansible_distribution_release }} main"
-sensu_apt_key_url: "http://repositories.sensuapp.org/apt/pubkey.gpg"
+sensu_yum_repo_url: "https://sensu.global.ssl.fastly.net/yum/$releasever/$basearch/"
+sensu_yum_key_url: "https://sensu.global.ssl.fastly.net/yum/pubkey.gpg"
+sensu_apt_repo_url: "deb     https://repositories.sensuapp.org/apt {{ ansible_distribution_release }} main"
+sensu_apt_key_url: "https://sensu.global.ssl.fastly.net/apt/pubkey.gpg"
 sensu_freebsd_url: "https://sensu.global.ssl.fastly.net/freebsd/FreeBSD:{{ ansible_distribution_major_version }}:{{ ansible_architecture }}/"
 
 # Sensu service names
@@ -26,8 +27,8 @@ sensu_enterprise_dashboard_service_name: sensu-enterprise-dashboard
 uchiwa_service_name: uchiwa
 
 # Service deployment options
-sensu_deploy_rabbitmq: true
-sensu_deploy_redis: true
+sensu_deploy_rabbitmq_server: true
+sensu_deploy_redis_server: true
 
 # RabbitMQ server properties
 rabbitmq_config_path: /etc/rabbitmq
@@ -73,11 +74,15 @@ sensu_group_name: sensu
 sensu_include_plugins: true
 sensu_include_dashboard: false
 sensu_master: false
+sensu_client: true
 sensu_user_name: sensu
 sensu_remote_plugins: ~
 sensu_transport: rabbitmq
 sensu_client_name: "{{ ansible_hostname }}"
 sensu_client_subscriptions: "{{ group_names }}"
+sensu_deploy_rabbitmq_config: true
+sensu_deploy_redis_config: true
+sensu_deploy_transport_config: true
 
 # Sensu/RabbitMQ SSL certificate properties
 sensu_ssl_gen_certs: true
@@ -90,7 +95,7 @@ sensu_ssl_client_key: "{{ sensu_ssl_tool_base_path }}/client/key.pem"
 sensu_ssl_server_cacert: "{{ sensu_ssl_tool_base_path }}/sensu_ca/cacert.pem"
 sensu_ssl_server_cert: "{{ sensu_ssl_tool_base_path }}/server/cert.pem"
 sensu_ssl_server_key: "{{ sensu_ssl_tool_base_path }}/server/key.pem"
-sensu_ssl_tool_version: "0.23"
+sensu_ssl_tool_version: "1.2"
 dynamic_data_store: "{{ playbook_dir }}/data/store"
 static_data_store: "{{ playbook_dir}}/data/static"
 

docs/integration.md

@@ -6,7 +6,7 @@ RabbitMQ
 --------
 If you'd like to use a different role/management method for RabbitMQ, the following variables are of interest:
 ``` yaml
-sensu_deploy_rabbitmq: false
+sensu_deploy_rabbitmq_server: false
 rabbitmq_host: < IP/DNS record of your RabbitMQ server >
 rabbitmq_port: < optionally set a differing port, defaults to 5671 >
 rabbitmq_sensu_user_name: < the username for interacting with RabbitMQ >
@@ -20,9 +20,9 @@ You'll want to ensure you have a directory named `ssl` under your `rabbitmq_conf
 
 redis
 -----
-If you'd like to use a different role/management method for redis, the following vairables are of interest:
+If you'd like to use a different role/management method for redis, the following variables are of interest:
 ``` yaml
-sensu_deploy_redis: false
+sensu_deploy_redis_server: false
 redis_host: < IP/DNS record of your redis server >
 redis_port: < optionally set a differing port, defaults to 6379 >
 ```

docs/role_variables.md

@@ -4,8 +4,8 @@
 ### Service Deployment Options
 | Name               | Default Value | Description                  |
 |--------------------|---------------|------------------------------|
-|`sensu_deploy_rabbitmq` | `true`    | Determines whether or not to use this role to deploy/configure RabbitMQ |
-|`sensu_deploy_redis`    | `true`    | Determines whether or not to use this role to deploy/configure redis |
+|`sensu_deploy_rabbitmq_server` | `true`    | Determines whether or not to use this role to deploy/configure RabbitMQ server |
+|`sensu_deploy_redis_server`    | `true`    | Determines whether or not to use this role to deploy/configure redis server |
 
 _Note: The above options are intended to provide users with flexibility. This allows the use of other roles for deployment of these services._
 
@@ -53,15 +53,19 @@ _Note: The above options are intended to provide users with flexibility. This al
 | `sensu_include_plugins` | `true` | Determines whether to include the `sensu-plugins` gem |
 | `sensu_include_dashboard` | `false` | Determines whether to deploy the Uchiwa dashboard |
 | `sensu_master` | `false` | Determines if a node is to act as the Sensu "master" node |
+| `sensu_client` | `true` | Determines if a node should be given the sensu client config |
 | `sensu_user_name`| sensu | The name of the Sensu service user |
 | `sensu_group_name` | sensu | The name of the Sensu service user's primary group |
 | `sensu_remote_plugins` | _undefined_ | A list of plugins to install via `sensu-install` (Ruby Gems) |
 | `sensu_client_name` | `"{{ ansible_hostname }}"` | Sensu client identification (for display purposes) |
 | `sensu_client_subscriptions` | `"{{ group_names }}"` | Sensu client subscriptions |
+| `sensu_deploy_rabbitmq_config` | `true`    | Determines whether or not to deploy RabbitMQ config for sensu |
+| `sensu_deploy_redis_config`    | `true`    | Determines whether or not to deploy redis config for sensu |
+| `sensu_deploy_transport_config`    | `true`    | Determines whether or not to deploy transport config for sensu |
 
 ### Sensu/RabbitMQ SSL certificate properties
 | `sensu_ssl_gen_certs` | `true` | Determines when this role generates its own SSL certs |
-| `sensu_ssl_manage_cert` | `true` | Determines when this role manages deployment of the certs |
+| `sensu_ssl_manage_certs` | `true` | Determines when this role manages deployment of the certs |
 | `sensu_master_config_path` | `"{{ hostvars[groups['sensu_masters'][0]]['sensu_config_path'] }}"` | The configuration path of sensu on the first master host |
 | `sensu_ssl_tool_base_path` | `"{{ dynamic_data_store }}/{{ groups['sensu_masters'][0] }}{{ sensu_master_config_path }}/ssl_generation/sensu_ssl_tool"` ||
 | `sensu_ssl_deploy_remote_src` | `false` | Copy certificates from paths in the destination host, not in the controller host. Useful if certificates are managed externally and already acquired before running this role. |
@@ -96,6 +100,7 @@ _Note: The above options are intended to provide users with flexibility. This al
 |--------------------|---------------|------------------------------|
 | `sensu_user_name`    | root        | The name of the Sensu service user |
 | `sensu_group_name`   | root        | The name of the Sensu service user's primary group |
+| `sensu_package`      | sensu       | The name of the Sensu package. Can optionally include a version (sensu=0.20.3-1) |
 
 ## Debian
 ### [redis Server Properties](https://sensuapp.org/docs/latest/reference/redis)
@@ -109,6 +114,7 @@ _Note: The above options are intended to provide users with flexibility. This al
 |--------------------|---------------|------------------------------|
 | `sensu_user_name`    | root        | The name of the Sensu service user |
 | `sensu_group_name`   | root        | The name of the Sensu service user's primary group |
+| `sensu_package`      | sensu       | The name of the Sensu package. Can optionally include a version (sensu=0.20.3-1) |
 
 ## CentOS
 ### [Sensu Properties](https://sensuapp.org/docs/latest/installation/overview)

tasks/Amazon/main.yml

@@ -4,12 +4,18 @@
 
   - include_vars: "{{ ansible_distribution }}.yml"
 
+  - name: Set epel_version override when AmazonLinux AMIv2
+    set_fact:
+      epel_version: 7
+    when: ansible_distribution_version == 'Candidate'
+
   - name: Ensure the Sensu Core Yum repo is present
     yum_repository:
       name: sensu
       description: The Sensu Core yum repository
       baseurl: "{{ sensu_yum_repo_url }}"
-      gpgcheck: no
+      gpgkey: "{{ sensu_yum_key_url }}"
+      gpgcheck: yes
       enabled: yes
 
   - name: Ensure Sensu is installed

tasks/Amazon/redis.yml

@@ -4,6 +4,12 @@
 
   - include_vars: "{{ ansible_distribution }}.yml"
 
+  - name: Install EPEL repo
+    yum:
+      name: epel-release
+      state: present
+    when: enable_epel_repo
+
   - name: Ensure redis is installed
     yum:
       name: "{{ redis_pkg_name }}"

tasks/CentOS/main.yml

@@ -14,7 +14,8 @@
       name: sensu
       description: The Sensu Core yum repository
       baseurl: "{{ sensu_yum_repo_url }}"
-      gpgcheck: no
+      gpgkey: "{{ sensu_yum_key_url }}"
+      gpgcheck: yes
       enabled: yes
 
   - name: Ensure that credential is supplied if installing Sensu Enterprise

tasks/CentOS/redis.yml

@@ -4,6 +4,12 @@
 
   - include_vars: "{{ ansible_distribution }}.yml"
 
+  - name: Install EPEL repo
+    yum:
+      name: epel-release
+      state: present
+    when: enable_epel_repo
+
   - name: Ensure redis is installed
     yum:
       name: "{{ redis_pkg_name }}"

tasks/Debian/main.yml

@@ -4,6 +4,18 @@
 
   - include_vars: "{{ ansible_distribution }}.yml"
 
+  - name: Ensure apt-transport-https is installed
+    apt:
+      name: apt-transport-https
+      state: present
+      cache_valid_time: 3600
+      update_cache: true
+
+  - name: Ensure that gnupg is installed for apt_key
+    apt:
+      name: gnupg
+      state: present
+
   - name: Ensure the Sensu APT repo GPG key is present
     apt_key:
       url: "{{ sensu_apt_key_url }}"
@@ -16,4 +28,6 @@
       update_cache: true
 
   - name: Ensure Sensu is installed
-    apt: name={{ sensu_package }} state={{ sensu_pkg_state }}
+    apt:
+      name: "{{ sensu_package }}"
+      state: "{{ sensu_pkg_state }}"

tasks/Ubuntu/main.yml

@@ -5,8 +5,12 @@
   - include_vars: "{{ ansible_distribution }}.yml"
 
   - name: Ensure that https transport is ready
-    apt: name=apt-transport-https state=present
-    
+    apt:
+      name: apt-transport-https
+      state: present
+      cache_valid_time: 3600
+      update_cache: true
+
   - name: Ensure the Sensu APT repo GPG key is present
     apt_key:
       url: "{{ sensu_apt_key_url }}"
@@ -19,4 +23,6 @@
       update_cache: true
 
   - name: Ensure Sensu is installed
-    apt: name={{ sensu_package }} state={{ sensu_pkg_state }}
+    apt:
+      name: "{{ sensu_package }}"
+      state: "{{ sensu_pkg_state }}"

tasks/Ubuntu/redis.yml

@@ -9,3 +9,12 @@
       name: "{{ redis_pkg_name }}"
       state: "{{ redis_pkg_state }}"
       update_cache: true
+
+  - name: Ensure redis binds to accessible IP
+    lineinfile:
+      dest: /etc/redis/redis.conf
+      regexp: '^bind'
+      line: 'bind 0.0.0.0'
+    notify: restart redis service
+
+  - meta: flush_handlers

tasks/common.yml

@@ -16,7 +16,7 @@
       owner: "{{ sensu_user_name }}"
       group: "{{ sensu_group_name }}"
       src: "{{ sensu_redis_config }}"
-    when: sensu_deploy_redis
+    when: sensu_deploy_redis_config
     notify:
       - restart sensu-server service
       - restart sensu-api service
@@ -30,6 +30,7 @@
       group: "{{ sensu_group_name }}"
       src: "{{ sensu_rabbitmq_config }}"
     when: sensu_transport == "rabbitmq"
+          and sensu_deploy_rabbitmq_config
     notify:
       - restart sensu-server service
       - restart sensu-api service
@@ -42,6 +43,7 @@
       owner: "{{ sensu_user_name }}"
       group: "{{ sensu_group_name }}"
       src: transport.json.j2
+    when: sensu_deploy_transport_config
     notify:
       - restart sensu-server service
       - restart sensu-api service

tasks/main.yml

@@ -5,11 +5,13 @@
 
   - include: "{{ role_path }}/tasks/{{ ansible_distribution }}/main.yml"
     tags: setup
+    when: sensu_master
+          or sensu_client
 
   - include: "{{ role_path }}/tasks/redis.yml"
     tags: redis
     when: redis_server
-          and sensu_deploy_redis
+          and sensu_deploy_redis_server
     static: false
 
   - include: "{{ role_path }}/tasks/ssl.yml"
@@ -18,11 +20,13 @@
   - include: "{{ role_path }}/tasks/rabbit.yml"
     tags: rabbitmq
     when: rabbitmq_server
-          and sensu_deploy_rabbitmq
+          and sensu_deploy_rabbitmq_server
     static: false
 
   - include: "{{ role_path }}/tasks/common.yml"
     tags: common
+    when: sensu_master
+          or sensu_client
 
   - include: "{{ role_path }}/tasks/server.yml"
     tags: server
@@ -36,6 +40,7 @@
 
   - include: "{{ role_path }}/tasks/client.yml"
     tags: client
+    when: sensu_client
 
   - include: "{{ role_path }}/tasks/plugins.yml"
     tags: plugins

tasks/ssl_generate.yml

@@ -23,11 +23,10 @@
         copy: no
 
     - name: Generate SSL certs
-      command: "_ {{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/ssl_certs.sh generate"
+      command: "{{ __bash_path }} {{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/ssl_certs.sh generate"
       args:
         chdir: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool"
         creates: "{{ sensu_config_path }}/ssl_generation/sensu_ssl_tool/server"
-        executable: "{{ __bash_path }}"
 
     when: sensu_master|bool
     become: true

templates/uchiwa_config.json.j2

@@ -3,7 +3,7 @@
    {
        "name": "{{ uchiwa_dc_name }}",
        "host": "{{ sensu_api_host }}",
-       "ssl": {{ sensu_api_ssl }},
+       "ssl": {{ sensu_api_ssl | lower }},
        "port": {{ uchiwa_sensu_api_port }},
        "user": "{{ sensu_api_user_name }}",
        "pass": "{{ sensu_api_password }}",

tests/test.yml

@@ -0,0 +1,21 @@
+---
+- hosts: all
+  pre_tasks:
+    - name: Add localhost to sensu_masters group
+      add_host:
+        name: localhost
+        groups: sensu_masters
+      changed_when: false
+
+  roles:
+    - role: role_under_test
+      sensu_master: true
+      sensu_include_dashboard: true
+      rabbitmq_server: true
+      redis_server: true
+      rabbitmq_host: localhost
+      redis_host: localhost
+      sensu_api_host: localhost
+      # Workaround for https://github.com/geerlingguy/docker-ubuntu1604-ansible/issues/5
+      ansible_default_ipv4:
+        address: 127.0.0.1

vars/Amazon.yml

@@ -5,3 +5,11 @@
 # Sensu/Uchiwa user/group/service properties
 sensu_user_name: root
 sensu_group_name: root
+
+# Define repo url without $releasever
+#Define epel version to 6 by default, change to 7 when using a version 2 AMI
+epel_version: 6
+sensu_yum_repo_url: "https://sensu.global.ssl.fastly.net/yum/{{epel_version}}/$basearch/"
+
+#Set this to false to disable the EPEL repo installation
+enable_epel_repo: true

vars/CentOS.yml

@@ -6,3 +6,6 @@
 sensu_user_name: root
 sensu_group_name: root
 _sensu_pkg_version: '0.29.0'
+
+#Set this to false to disable the EPEL repo installation
+enable_epel_repo: true