Merge branch 'master' of gitlab.erc.monash.edu.au:hpc-team/ansible_cluster_in_a_box

roles/nagios_monitored/files/scripts/check_ntp

+#!/usr/bin/python
+import sys, os, pwd
+import getopt
+import commands
+import subprocess
+
+STATE_OK=0
+STATE_WARNING=1
+
+check_munge=subprocess.Popen("service ntpd status", shell=True, stdout=subprocess.PIPE)
+munge_status=check_munge.communicate()[0]
+
+if "run" in munge_status:
+   print "NTPD service is Running"
+   sys.exit(STATE_OK)
+else:
+   print "NTPD service  is NOT Running !!"   
+   sys.exit(STATE_WARNING)
+
+sys.exit(STATE_OK)
+

roles/nagios_monitored/tasks/main.yml

 ---
 - name: create nagios user
-  user: name=nagios system=yes createhome=yes home=/var/lib/nagios shell=/bin/bash
+  user: name=nagios system=yes createhome=yes home={{ nagios_home }} shell=/bin/bash
   sudo: true
 
 - name: authorize_key
-  authorized_key: user=nagios key="{{ monitor_pubkey }}"
+  authorized_key: user=nagios key="{{ lookup('file', 'files/nagios_public_key') }}" path="{{ nagios_home }}"/.ssh/authorized_keys
   sudo: true
 
 - name: make scripts directory
@@ -12,8 +12,7 @@
   sudo: true
 
 - name: install monitor scripts
-  copy: dest=/var/lib/nagios/scripts/{{ item }} src=scripts/{{ item }} mode=755
-  with_items:
-   - check_load
-   - check_munge
+  copy: dest={{ nagios_home }}/scripts/{{ item }} src=scripts/{{ item }} mode=755
+  with_items: "{% set script_list = [] %}{% for s in nagios_services %}{%for g in hostvars[ansible_hostname].group_names %}{% if g in s.groups and s.script %}{% if script_list.append(s.script) %}{% endif %}{% endif %}{% endfor %}{% endfor %}{{ script_list }}"
   sudo: true
+  

roles/nagios_server/handlers/main.yml

+---
+- name: restart apache2 
+  service: name=apache2 state=restarted
+  sudo: true
+
+- name: restart postfix 
+  service: name=postfix state=restarted
+  sudo: true

roles/nagios_server/tasks/main.yml

 ---
+- name: create directory
+  file: dest=/var/lib/nagios/.ssh state=directory
+  sudo: true
+
+- name: create nagios user
+  user: name=nagios system=yes createhome=yes home={{ nagios_home }} shell=/bin/bash
+  sudo: true
+
 - name: copy priv key
-  template: src={{ monitor_privkey_file }} dest=/var/lib/nagios/.ssh/id_rsa mode=600 owner=nagios
+  template: src={{ monitor_privkey_file }} dest={{ nagios_home }}/.ssh/id_rsa mode=600 owner={{ nagios_username }}
   sudo: true
 
 - name: install packages
-  apt: name={{ item }} state=installed
+  apt: name={{ item }} state=present
   with_items:
   - nagios3
   - python-passlib
-  - python3-passlib
   sudo: true
+  when: ansible_os_family == "Debian"
 
 - name: configure nagios authentication
   htpasswd: path=/etc/nagios3/htpasswd.users name={{ nagios_username }} password={{ nagios_password }}
   sudo: true
 
-- name: configure monitoring
-  template: src={{ item }}_nagios2.cfg.j2 dest=/etc/nagios3/conf.d/{{ item }}_nagios2.cfg 
-  with_items:
-  - 'hostgroups'
-  - 'hosts'
-  - 'commands'
-  - 'services'
-  - 'extinfo'
-  sudo: true
-
 - name: force restart
-  service: name=nagios3 state=restarted
+  service: name=nagios3 state=started
   sudo: true
 

roles/nagios_server/templates/cgi.cfg.j2

+#################################################################
+#
+# CGI.CFG - Sample CGI Configuration File for Nagios 
+#
+#################################################################
+
+
+# MAIN CONFIGURATION FILE
+# This tells the CGIs where to find your main configuration file.
+# The CGIs will read the main and host config files for any other
+# data they might need.
+
+main_config_file=/etc/nagios3/nagios.cfg
+
+
+
+# PHYSICAL HTML PATH
+# This is the path where the HTML files for Nagios reside.  This
+# value is used to locate the logo images needed by the statusmap
+# and statuswrl CGIs.
+
+physical_html_path=/usr/share/nagios3/htdocs
+
+
+
+# URL HTML PATH
+# This is the path portion of the URL that corresponds to the
+# physical location of the Nagios HTML files (as defined above).
+# This value is used by the CGIs to locate the online documentation
+# and graphics.  If you access the Nagios pages with an URL like
+# http://www.myhost.com/nagios, this value should be '/nagios'
+# (without the quotes).
+
+url_html_path=/nagios3
+
+
+
+# CONTEXT-SENSITIVE HELP
+# This option determines whether or not a context-sensitive
+# help icon will be displayed for most of the CGIs.
+# Values: 0 = disables context-sensitive help
+#         1 = enables context-sensitive help
+
+show_context_help=1
+
+
+
+# PENDING STATES OPTION
+# This option determines what states should be displayed in the web
+# interface for hosts/services that have not yet been checked.
+# Values: 0 = leave hosts/services that have not been check yet in their original state
+#         1 = mark hosts/services that have not been checked yet as PENDING
+
+use_pending_states=1
+
+# NAGIOS PROCESS CHECK COMMAND
+# This is the full path and filename of the program used to check
+# the status of the Nagios process.  It is used only by the CGIs
+# and is completely optional.  However, if you don't use it, you'll
+# see warning messages in the CGIs about the Nagios process
+# not running and you won't be able to execute any commands from
+# the web interface.  The program should follow the same rules
+# as plugins; the return codes are the same as for the plugins,
+# it should have timeout protection, it should output something
+# to STDIO, etc.
+#
+# Note: The command line for the check_nagios plugin below may
+# have to be tweaked a bit, as different versions of the plugin
+# use different command line arguments/syntaxes.
+
+nagios_check_command=/usr/lib/nagios/plugins/check_nagios /var/cache/nagios3/status.dat 5 '/usr/sbin/nagios3'
+
+
+# AUTHENTICATION USAGE
+# This option controls whether or not the CGIs will use any 
+# authentication when displaying host and service information, as
+# well as committing commands to Nagios for processing.  
+#
+# Read the HTML documentation to learn how the authorization works!
+#
+# NOTE: It is a really *bad* idea to disable authorization, unless
+# you plan on removing the command CGI (cmd.cgi)!  Failure to do
+# so will leave you wide open to kiddies messing with Nagios and
+# possibly hitting you with a denial of service attack by filling up
+# your drive by continuously writing to your command file!
+#
+# Setting this value to 0 will cause the CGIs to *not* use
+# authentication (bad idea), while any other value will make them
+# use the authentication functions (the default).
+
+use_authentication=1
+
+
+
+
+# x509 CERT AUTHENTICATION
+# When enabled, this option allows you to use x509 cert (SSL)
+# authentication in the CGIs.  This is an advanced option and should
+# not be enabled unless you know what you're doing.
+
+use_ssl_authentication=0
+
+
+
+
+# DEFAULT USER
+# Setting this variable will define a default user name that can
+# access pages without authentication.  This allows people within a
+# secure domain (i.e., behind a firewall) to see the current status
+# without authenticating.  You may want to use this to avoid basic
+# authentication if you are not using a secure server since basic
+# authentication transmits passwords in the clear.
+#
+# Important:  Do not define a default username unless you are
+# running a secure web server and are sure that everyone who has
+# access to the CGIs has been authenticated in some manner!  If you
+# define this variable, anyone who has not authenticated to the web
+# server will inherit all rights you assign to this user!
+ 
+#default_user_name=guest
+
+
+
+# SYSTEM/PROCESS INFORMATION ACCESS
+# This option is a comma-delimited list of all usernames that
+# have access to viewing the Nagios process information as
+# provided by the Extended Information CGI (extinfo.cgi).  By
+# default, *no one* has access to this unless you choose to
+# not use authorization.  You may use an asterisk (*) to
+# authorize any user who has authenticated to the web server.
+
+authorized_for_system_information=nagiosadmin,nagios
+
+
+
+# CONFIGURATION INFORMATION ACCESS
+# This option is a comma-delimited list of all usernames that
+# can view ALL configuration information (hosts, commands, etc).
+# By default, users can only view configuration information
+# for the hosts and services they are contacts for. You may use
+# an asterisk (*) to authorize any user who has authenticated
+# to the web server.
+
+authorized_for_configuration_information=nagiosadmin,nagios
+
+
+
+# SYSTEM/PROCESS COMMAND ACCESS
+# This option is a comma-delimited list of all usernames that
+# can issue shutdown and restart commands to Nagios via the
+# command CGI (cmd.cgi).  Users in this list can also change
+# the program mode to active or standby. By default, *no one*
+# has access to this unless you choose to not use authorization.
+# You may use an asterisk (*) to authorize any user who has
+# authenticated to the web server.
+
+authorized_for_system_commands=nagiosadmin,nagios
+
+
+
+# GLOBAL HOST/SERVICE VIEW ACCESS
+# These two options are comma-delimited lists of all usernames that
+# can view information for all hosts and services that are being
+# monitored.  By default, users can only view information
+# for hosts or services that they are contacts for (unless you
+# you choose to not use authorization). You may use an asterisk (*)
+# to authorize any user who has authenticated to the web server.
+
+
+authorized_for_all_services=nagiosadmin,nagios
+authorized_for_all_hosts=nagiosadmin,nagios
+
+
+
+# GLOBAL HOST/SERVICE COMMAND ACCESS
+# These two options are comma-delimited lists of all usernames that
+# can issue host or service related commands via the command
+# CGI (cmd.cgi) for all hosts and services that are being monitored. 
+# By default, users can only issue commands for hosts or services 
+# that they are contacts for (unless you you choose to not use 
+# authorization).  You may use an asterisk (*) to authorize any
+# user who has authenticated to the web server.
+
+authorized_for_all_service_commands=nagiosadmin,nagios
+authorized_for_all_host_commands=nagiosadmin,nagios
+
+
+
+# READ-ONLY USERS
+# A comma-delimited list of usernames that have read-only rights in
+# the CGIs.  This will block any service or host commands normally shown
+# on the extinfo CGI pages.  It will also block comments from being shown
+# to read-only users.
+
+#authorized_for_read_only=user1,user2
+
+
+
+
+# STATUSMAP BACKGROUND IMAGE
+# This option allows you to specify an image to be used as a 
+# background in the statusmap CGI.  It is assumed that the image
+# resides in the HTML images path (i.e. /usr/local/nagios/share/images).
+# This path is automatically determined by appending "/images"
+# to the path specified by the 'physical_html_path' directive.
+# Note:  The image file may be in GIF, PNG, JPEG, or GD2 format.
+# However, I recommend that you convert your image to GD2 format
+# (uncompressed), as this will cause less CPU load when the CGI
+# generates the image.
+
+#statusmap_background_image=smbackground.gd2
+
+
+
+
+# STATUSMAP TRANSPARENCY INDEX COLOR
+# These options set the r,g,b values of the background color used the statusmap CGI,
+# so normal browsers that can't show real png transparency set the desired color as
+# a background color instead (to make it look pretty).  
+# Defaults to white: (R,G,B) = (255,255,255).
+
+#color_transparency_index_r=255
+#color_transparency_index_g=255
+#color_transparency_index_b=255
+
+
+
+
+# DEFAULT STATUSMAP LAYOUT METHOD
+# This option allows you to specify the default layout method
+# the statusmap CGI should use for drawing hosts.  If you do
+# not use this option, the default is to use user-defined
+# coordinates.  Valid options are as follows:
+#	0 = User-defined coordinates
+#	1 = Depth layers
+#       2 = Collapsed tree
+#       3 = Balanced tree
+#       4 = Circular
+#       5 = Circular (Marked Up)
+
+default_statusmap_layout=5
+
+
+
+# DEFAULT STATUSWRL LAYOUT METHOD
+# This option allows you to specify the default layout method
+# the statuswrl (VRML) CGI should use for drawing hosts.  If you
+# do not use this option, the default is to use user-defined
+# coordinates.  Valid options are as follows:
+#	0 = User-defined coordinates
+#       2 = Collapsed tree
+#       3 = Balanced tree
+#       4 = Circular
+
+default_statuswrl_layout=4
+
+
+
+# STATUSWRL INCLUDE
+# This option allows you to include your own objects in the 
+# generated VRML world.  It is assumed that the file
+# resides in the HTML path (i.e. /usr/local/nagios/share).
+
+#statuswrl_include=myworld.wrl
+
+
+
+# PING SYNTAX
+# This option determines what syntax should be used when
+# attempting to ping a host from the WAP interface (using
+# the statuswml CGI.  You must include the full path to
+# the ping binary, along with all required options.  The
+# $HOSTADDRESS$ macro is substituted with the address of
+# the host before the command is executed.
+# Please note that the syntax for the ping binary is
+# notorious for being different on virtually ever *NIX
+# OS and distribution, so you may have to tweak this to
+# work on your system.
+
+ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
+
+
+
+# REFRESH RATE
+# This option allows you to specify the refresh rate in seconds
+# of various CGIs (status, statusmap, extinfo, and outages).  
+
+refresh_rate=90
+
+# DEFAULT PAGE LIMIT
+# This option allows you to specify the default number of results 
+# displayed on the status.cgi.  This number can be adjusted from
+# within the UI after the initial page load. Setting this to 0
+# will show all results.  
+
+result_limit=100
+
+
+# ESCAPE HTML TAGS
+# This option determines whether HTML tags in host and service
+# status output is escaped in the web interface.  If enabled,
+# your plugin output will not be able to contain clickable links.
+
+escape_html_tags=1
+
+
+
+
+# SOUND OPTIONS
+# These options allow you to specify an optional audio file
+# that should be played in your browser window when there are
+# problems on the network.  The audio files are used only in
+# the status CGI.  Only the sound for the most critical problem
+# will be played.  Order of importance (higher to lower) is as
+# follows: unreachable hosts, down hosts, critical services,
+# warning services, and unknown services. If there are no
+# visible problems, the sound file optionally specified by
+# 'normal_sound' variable will be played.
+#
+#
+# <varname>=<sound_file>
+#
+# Note: All audio files must be placed in the /media subdirectory
+# under the HTML path (i.e. /usr/local/nagios/share/media/).
+
+#host_unreachable_sound=hostdown.wav
+#host_down_sound=hostdown.wav
+#service_critical_sound=critical.wav
+#service_warning_sound=warning.wav
+#service_unknown_sound=warning.wav
+#normal_sound=noproblem.wav
+
+
+
+# URL TARGET FRAMES
+# These options determine the target frames in which notes and 
+# action URLs will open.
+
+action_url_target=_blank
+notes_url_target=_blank
+
+
+
+
+# LOCK AUTHOR NAMES OPTION
+# This option determines whether users can change the author name 
+# when submitting comments, scheduling downtime.  If disabled, the 
+# author names will be locked into their contact name, as defined in Nagios.
+# Values: 0 = allow editing author names
+#         1 = lock author names (disallow editing)
+
+lock_author_names=1
+
+
+
+
+# SPLUNK INTEGRATION OPTIONS
+# These options allow you to enable integration with Splunk
+# in the web interface.  If enabled, you'll be presented with
+# "Splunk It" links in various places in the CGIs (log file,
+# alert history, host/service detail, etc).  Useful if you're
+# trying to research why a particular problem occurred.
+# For more information on Splunk, visit http://www.splunk.com/
+
+# This option determines whether the Splunk integration is enabled
+# Values: 0 = disable Splunk integration
+#         1 = enable Splunk integration
+
+#enable_splunk_integration=1
+
+
+# This option should be the URL used to access your instance of Splunk
+
+#splunk_url=http://127.0.0.1:8000/
+
+
+

roles/nagios_server/templates/commands_nagios2.cfg.j2

-define command {
-        command_name    check_mount
-        command_line    /usr/lib/nagios/plugins/check_by_ssh -H $HOSTADDRESS$ -C "/var/lib/nagios/scripts/check_mount.pl -m $ARG1$"
-}
-define command {
-        command_name    check_munge
-        command_line    /usr/lib/nagios/plugins/check_by_ssh -H $HOSTADDRESS$ -C "/var/lib/nagios/scripts/check_munge"
-}
-

roles/nagios_server/templates/hostgroups_nagios2.cfg.j2

-# Some generic hostgroup definitions
-
-## A simple wildcard hostgroup
-#define hostgroup {
-#        hostgroup_name  all
-#		alias           All Servers
-#		members         *
-#        }
-
-## A list of your Debian GNU/Linux servers
-#define hostgroup {
-#        hostgroup_name  debian-servers
-#		alias           Debian GNU/Linux Servers
-#		members         localhost
-#        }
-
-## A list of your web servers
-#define hostgroup {
-#        hostgroup_name  http-servers
-#		alias           HTTP servers
-#		members         localhost
-#        }
-
-## A list of your ssh-accessible servers
-#define hostgroup {
-#        hostgroup_name  ssh-servers
-#		alias           SSH servers
-#		members         *
-#        }
-
-
-{% for group in groups %}
-#{  % if group != "all" %  }
-{% set nodelist = [] %}
-{% for node in groups[group] %}
-{% if nodelist.append(node) %}
-{% endif %}
-{% endfor %}
-define hostgroup {
-    hostgroup_name {{ group }}
-    members {{ nodelist|unique|join(',') }}
-}
-#{  % endif %  }
-{% endfor %}

roles/nagios_server/templates/main_cf.j2

+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = {{ ansible_fqdn }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin =  {{ ansible_fqdn }}
+mydestination = {{ ansible_fqdn }}, localhost.{{ ansible_domain }}, localhost
+relayhost =  {{ smtp_smarthost }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = loopback-only

roles/setupKnownHosts/templates/known_hosts.j2

@@ -7,8 +7,7 @@
 {% if nodelist.append(host) %}
 {% endif %}
 {% endif %}
-{% if hostvars[node]['ansible_ssh_host_key_ecdsa_public'] %}
-#{% set host = {'name': node, 'ip': hostvars[node]['ansible_'+interface]['ipv4']['address'], 'keytype':'ssh-ecdsa', 'key': hostvars[node]['ansible_ssh_host_key_ecdsa_public']} %}
+{% if 'ansible_ssh_host_key_ecdsa_public' in hostvars[node] and hostvars[node]['ansible_ssh_host_key_ecdsa_public'] %}
 {% set host = {'name': node, 'ip': hostvars[node]['ansible_'+interface]['ipv4']['address'], 'keytype':'ecdsa-sha2-nistp256', 'key': hostvars[node]['ansible_ssh_host_key_ecdsa_public']} %}
 {% if nodelist.append(host) %}
 {% endif %}

roles/slurm-common/tasks/main.yml

@@ -42,12 +42,12 @@
   file: path={{slurmsharedstatedir }} state=directory owner=slurm group=slurm mode=750
   sudo: true
   run_once: true
-  when: usesharedstatedir
+  when: usesharedstatedir is defined and usesharedstatedir
 
 - name: symlink shared state dir
   file: path={{ slurmstatedir }} src={{ slurmsharedstatedir }} state=link
   sudo: true
-  when: usesharedstatedir
+  when: usesharedstatedir is defined and usesharedstatedir
 
 - name: create state directory
   file: path={{ slurmstatedir }} state=directory owner=slurm group=slurm mode=750