Skip to content

Commit

Permalink
Validate config before restarting icinga (#349)
Browse files Browse the repository at this point in the history 
* Only reload icinga2 if config validation is ok

* Remove unused handler

* Fix ansible lint issues (FQCN and uppercase name)

* Fixes #347
  • Loading branch information
@lucagubler
lucagubler authored Nov 18, 2024
1 parent 074e37d commit 5958936
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 14 deletions.
17 changes: 11 additions & 6 deletions roles/icinga2/handlers/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
---
- name: restart icinga2 service
service:
name: icinga2
state: restarted
- name: Check icinga2 configuration
ansible.builtin.command:
cmd: icinga2 daemon --validate
register: icinga2_check
changed_when: true
failed_when: icinga2_check.rc != 0
listen: check-and-reload-icinga2-service
notify: reload-icinga2

- name: reload icinga2 service
service:
- name: Reload icinga2 service
ansible.builtin.service:
name: icinga2
state: reloaded
listen: reload-icinga2
10 changes: 5 additions & 5 deletions roles/icinga2/tasks/configure.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
dest: "{{ icinga2_config_path + '/icinga2.conf' }}"
owner: "{{ icinga2_user }}"
group: "{{ icinga2_group }}"
notify: reload icinga2 service
notify: check-and-reload-icinga2-service

- name: merge defaults and user specified constants (set_fact icinga2_combined_constants)
set_fact:
Expand All @@ -22,7 +22,7 @@
dest: "{{ icinga2_config_path + '/constants.conf' }}"
owner: "{{ icinga2_user }}"
group: "{{ icinga2_group }}"
notify: reload icinga2 service
notify: check-and-reload-icinga2-service

- name: features
include_tasks: features.yml
Expand Down Expand Up @@ -94,20 +94,20 @@
group: "{{ icinga2_group }}"
mode: 0644
loop: "{{ result.files }}"
notify: reload icinga2 service
notify: check-and-reload-icinga2-service

- name: enable features
file:
state: "{{ 'link' if (item.state is undefined or item.state != 'absent') else 'absent' }}"
path: "{{ '/etc/icinga2/features-enabled/' + icinga2_feature_realname[item.name]|default(item.name) + '.conf' }}"
src: "{{ '../features-available/' + icinga2_feature_realname[item.name]|default(item.name) + '.conf' if (item.state is undefined or item.state != 'absent') else omit }}"
loop: "{{ icinga2_features }}"
notify: reload icinga2 service
notify: check-and-reload-icinga2-service

- name: remove empty config files
ansible.builtin.file:
state: absent
path: "{{ item |regex_replace('^'+icinga2_fragments_path, '/etc/icinga2') }}"
when: item.split('/')[icinga2_fragments_path.split('/')|length] == 'conf.d' or item.split('/')[icinga2_fragments_path.split('/')|length] == 'zones.d'
loop: "{{ _empty_result.stdout_lines }}"
notify: reload icinga2 service
notify: check-and-reload-icinga2-service
2 changes: 1 addition & 1 deletion roles/icinga2/tasks/features.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
state: absent
path: "{{ '/etc/icinga2/features-enabled/' + icinga2_feature_realname[item]|default(item) + '.conf' }}"
loop: "{{ features_enabled | default([]) | difference(icinga2_features| map(attribute='name')|list) }}"
notify: reload icinga2 service
notify: check-and-reload-icinga2-service
when: icinga2_purge_features

- name: configure features
Expand Down
4 changes: 2 additions & 2 deletions roles/icinga2/tasks/features/api.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@
--trustedcert "{{ icinga2_cert_path }}/trusted-master.crt"
{% else %} sign-csr --csr "{{ icinga2_cert_path }}/{{ icinga2_cert_name }}.csr" {%- endif %}
--cert "{{ icinga2_cert_path }}/{{ icinga2_cert_name }}.crt"
notify: reload icinga2 service
notify: check-and-reload-icinga2-service

- name: copy CA root certificate
copy:
Expand Down Expand Up @@ -189,7 +189,7 @@
dest: "{{ _crt.dest }}"
owner: "{{ icinga2_user }}"
group: "{{ icinga2_group }}"
notify: reload icinga2 service
notify: check-and-reload-icinga2-service
loop: "{{ _tmp_crt }}"
loop_control:
loop_var: _crt
Expand Down

0 comments on commit 5958936

Please sign in to comment.