mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-04-24 11:21:25 -07:00
bc4ef99533
* openstack: standardize tls params * tower: tower_verify_ssl->validate_certs * docker: use standard tls config params - cacert_path -> ca_cert - cert_path -> client_cert - key_path -> client_key - tls_verify -> validate_certs * k8s: standardize tls connection params - verify_ssl -> validate_certs - ssl_ca_cert -> ca_cert - cert_file -> client_cert - key_file -> client_key * ingate: verify_ssl -> validate_certs * manageiq: standardize tls params - verify_ssl -> validate_certs - ca_bundle_path -> ca_cert * mysql: standardize tls params - ssl_ca -> ca_cert - ssl_cert -> client_cert - ssl_key -> client_key * nios: ssl_verify -> validate_certs * postgresql: ssl_rootcert -> ca_cert * rabbitmq: standardize tls params - cacert -> ca_cert - cert -> client_cert - key -> client_key * rackspace: verify_ssl -> validate_certs * vca: verify_certs -> validate_certs * kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs * lxd: standardize tls params - key_file -> client_key - cert_file -> client_cert * get_certificate: ca_certs -> ca_cert * get_certificate.py: clarify one or more certs in a file Co-Authored-By: jamescassell <code@james.cassell.me> * zabbix: tls_issuer -> ca_cert * bigip_device_auth_ldap: standardize tls params - ssl_check_peer -> validate_certs - ssl_client_cert -> client_cert - ssl_client_key -> client_key - ssl_ca_cert -> ca_cert * vdirect: vdirect_validate_certs -> validate_certs * mqtt: standardize tls params - ca_certs -> ca_cert - certfile -> client_cert - keyfile -> client_key * pulp_repo: standardize tls params remove `importer_ssl` prefix * rhn_register: sslcacert -> ca_cert * yum_repository: standardize tls params The fix for yum_repository is not straightforward since this module is only a thin wrapper for the underlying commands and config. In this case, we add the new values as aliases, keeping the old as primary, only due to the internal structure of the module. Aliases added: - sslcacert -> ca_cert - sslclientcert -> client_cert - sslclientkey -> client_key - sslverify -> validate_certs * gitlab_hook: enable_ssl_verification -> hook_validate_certs * Adjust arguments for docker_swarm inventory plugin. * foreman callback: standardize tls params - ssl_cert -> client_cert - ssl_key -> client_key * grafana_annotations: validate_grafana_certs -> validate_certs * nrdp callback: validate_nrdp_certs -> validate_certs * kubectl connection: standardize tls params - kubectl_cert_file -> client_cert - kubectl_key_file -> client_key - kubectl_ssl_ca_cert -> ca_cert - kubectl_verify_ssl -> validate_certs * oc connection: standardize tls params - oc_cert_file -> client_cert - oc_key_file -> client_key - oc_ssl_ca_cert -> ca_cert - oc_verify_ssl -> validate_certs * psrp connection: cert_trust_path -> ca_cert TODO: cert_validation -> validate_certs (multi-valued vs bool) * k8s inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * openshift inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * tower inventory: verify_ssl -> validate_certs * hashi_vault lookup: cacert -> ca_cert * k8s lookup: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * laps_passord lookup: cacert_file -> ca_cert * changelog for TLS parameter standardization
189 lines
6.3 KiB
Python
189 lines
6.3 KiB
Python
# -*- coding: utf-8 -*-
|
|
# (c) 2018 Remi Verchere <remi@verchere.fr>
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
# Make coding more python3-ish
|
|
from __future__ import (absolute_import, division, print_function)
|
|
__metaclass__ = type
|
|
|
|
DOCUMENTATION = '''
|
|
callback: nrdp
|
|
type: notification
|
|
author: "Remi VERCHERE (@rverchere)"
|
|
short_description: post task result to a nagios server through nrdp
|
|
description:
|
|
- this callback send playbook result to nagios
|
|
- nagios shall use NRDP to recive passive events
|
|
- the passive check is sent to a dedicated host/service for ansible
|
|
version_added: 2.8
|
|
options:
|
|
url:
|
|
description: url of the nrdp server
|
|
required: True
|
|
env:
|
|
- name : NRDP_URL
|
|
ini:
|
|
- section: callback_nrdp
|
|
key: url
|
|
validate_certs:
|
|
description: (bool) validate the SSL certificate of the nrdp server. (For HTTPS url)
|
|
env:
|
|
- name: NRDP_VALIDATE_CERTS
|
|
ini:
|
|
- section: callback_nrdp
|
|
key: validate_nrdp_certs
|
|
- section: callback_nrdp
|
|
key: validate_certs
|
|
default: False
|
|
aliases: [ validate_nrdp_certs ]
|
|
token:
|
|
description: token to be allowed to push nrdp events
|
|
required: True
|
|
env:
|
|
- name: NRDP_TOKEN
|
|
ini:
|
|
- section: callback_nrdp
|
|
key: token
|
|
hostname:
|
|
description: hostname where the passive check is linked to
|
|
required: True
|
|
env:
|
|
- name : NRDP_HOSTNAME
|
|
ini:
|
|
- section: callback_nrdp
|
|
key: hostname
|
|
servicename:
|
|
description: service where the passive check is linked to
|
|
required: True
|
|
env:
|
|
- name : NRDP_SERVICENAME
|
|
ini:
|
|
- section: callback_nrdp
|
|
key: servicename
|
|
'''
|
|
|
|
import os
|
|
import json
|
|
|
|
from ansible.module_utils.six.moves.urllib.parse import urlencode
|
|
from ansible.module_utils.urls import open_url
|
|
from ansible.plugins.callback import CallbackBase
|
|
|
|
|
|
class CallbackModule(CallbackBase):
|
|
'''
|
|
send ansible-playbook to Nagios server using nrdp protocol
|
|
'''
|
|
|
|
CALLBACK_VERSION = 2.0
|
|
CALLBACK_TYPE = 'notification'
|
|
CALLBACK_NAME = 'nrdp'
|
|
CALLBACK_NEEDS_WHITELIST = True
|
|
|
|
# Nagios states
|
|
OK = 0
|
|
WARNING = 1
|
|
CRITICAL = 2
|
|
UNKNOWN = 3
|
|
|
|
def __init__(self):
|
|
super(CallbackModule, self).__init__()
|
|
|
|
self.printed_playbook = False
|
|
self.playbook_name = None
|
|
self.play = None
|
|
|
|
def set_options(self, task_keys=None, var_options=None, direct=None):
|
|
super(CallbackModule, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct)
|
|
|
|
self.url = self.get_option('url')
|
|
if not self.url.endswith('/'):
|
|
self.url += '/'
|
|
self.token = self.get_option('token')
|
|
self.hostname = self.get_option('hostname')
|
|
self.servicename = self.get_option('servicename')
|
|
self.validate_nrdp_certs = self.get_option('validate_certs')
|
|
|
|
if (self.url or self.token or self.hostname or
|
|
self.servicename) is None:
|
|
self._display.warning("NRDP callback wants the NRDP_URL,"
|
|
" NRDP_TOKEN, NRDP_HOSTNAME,"
|
|
" NRDP_SERVICENAME"
|
|
" environment variables'."
|
|
" The NRDP callback plugin is disabled.")
|
|
self.disabled = True
|
|
|
|
def _send_nrdp(self, state, msg):
|
|
'''
|
|
nrpd service check send XMLDATA like this:
|
|
<?xml version='1.0'?>
|
|
<checkresults>
|
|
<checkresult type='service'>
|
|
<hostname>somehost</hostname>
|
|
<servicename>someservice</servicename>
|
|
<state>1</state>
|
|
<output>WARNING: Danger Will Robinson!|perfdata</output>
|
|
</checkresult>
|
|
</checkresults>
|
|
'''
|
|
xmldata = "<?xml version='1.0'?>\n"
|
|
xmldata += "<checkresults>\n"
|
|
xmldata += "<checkresult type='service'>\n"
|
|
xmldata += "<hostname>%s</hostname>\n" % self.hostname
|
|
xmldata += "<servicename>%s</servicename>\n" % self.servicename
|
|
xmldata += "<state>%d</state>\n" % state
|
|
xmldata += "<output>%s</output>\n" % msg
|
|
xmldata += "</checkresult>\n"
|
|
xmldata += "</checkresults>\n"
|
|
|
|
body = {
|
|
'cmd': 'submitcheck',
|
|
'token': self.token,
|
|
'XMLDATA': bytes(xmldata)
|
|
}
|
|
|
|
try:
|
|
response = open_url(self.url,
|
|
data=urlencode(body),
|
|
method='POST',
|
|
validate_certs=self.validate_nrdp_certs)
|
|
return response.read()
|
|
except Exception as ex:
|
|
self._display.warning("NRDP callback cannot send result {0}".format(ex))
|
|
|
|
def v2_playbook_on_play_start(self, play):
|
|
'''
|
|
Display Playbook and play start messages
|
|
'''
|
|
self.play = play
|
|
|
|
def v2_playbook_on_stats(self, stats):
|
|
'''
|
|
Display info about playbook statistics
|
|
'''
|
|
name = self.play
|
|
gstats = ""
|
|
hosts = sorted(stats.processed.keys())
|
|
critical = warning = 0
|
|
for host in hosts:
|
|
stat = stats.summarize(host)
|
|
gstats += "'%s_ok'=%d '%s_changed'=%d \
|
|
'%s_unreachable'=%d '%s_failed'=%d " % \
|
|
(host, stat['ok'], host, stat['changed'],
|
|
host, stat['unreachable'], host, stat['failures'])
|
|
# Critical when failed tasks or unreachable host
|
|
critical += stat['failures']
|
|
critical += stat['unreachable']
|
|
# Warning when changed tasks
|
|
warning += stat['changed']
|
|
|
|
msg = "%s | %s" % (name, gstats)
|
|
if critical:
|
|
# Send Critical
|
|
self._send_nrdp(self.CRITICAL, msg)
|
|
elif warning:
|
|
# Send Warning
|
|
self._send_nrdp(self.WARNING, msg)
|
|
else:
|
|
# Send OK
|
|
self._send_nrdp(self.OK, msg)
|