First commit of new Shinken role

This is part way through morphing from my 'install files to etc' to templates
and grace - as such its broken in this commit but will improve with some
testing.

README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

defaults/main.yml

@@ -0,0 +1,29 @@
+---
+# Shinken web UI configuration, only changed items are here so far.
+shinken_broker_webui_host: 0.0.0.0
+shinken_broker_webui_port: 7767
+shinken_broker_webui_auth_secret: SiteSpecificAuthSecret
+
+shinken_config_contacts_name: admin
+shinken_config_contacts_email: shinken@localhost
+shinken_config_contacts_password: password
+
+# Where should the host configuration go
+shinken_config_hosts: /etc/shinken/hosts/
+# where do service configuration go?
+shinken_config_services: /etc/shinken/services/
+# Which hosts are we monitoring?
+shinken_targets:
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+***REMOVED***
+# What services are we monitoring?
+shinken_services:
+ - { }
+

handlers/main.yml

@@ -0,0 +1,4 @@
+# Broker didn't do what i wanted, lets try restarting arbiter
+- name: restart shinken arbiter
+  service: name=shinken-arbiter state=restarted
+

meta/main.yml

@@ -0,0 +1,124 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+

tasks/configure-hosts.yml

@@ -0,0 +1,11 @@
+---
+- name: Create configuration for hosts to monitor
+  template:
+    dest=/etc/shinken/hosts/{{ hostvars[item]['ansible_hostname'] }}.cfg
+    src=shinken-hosts.tmpl
+  when: hostvars[item]['ansible_hostname'] is defined
+  with_items: shinken_targets
+
+# TODO: figure out how to set the parent node per host in a useful way.
+#   with_items: groups['all']
+

tasks/configure-jessie-repo.yml

@@ -0,0 +1,4 @@
+# This should only be used while installing shinken
+- name: Enable jessie (testing) for package installs
+  copy: content='deb http://ftp.iinet.net.au/debian/debian/ jessie main' dest=/var/lib/ansible/jessie.sources.list group=root owner=root
+

tasks/configure-piwik-script.yml

@@ -0,0 +1,7 @@
+---
+# From http://debian.piwik.org/
+# http://piwik.org/blog/2014/04/piwik-debian-package/
+
+- name: Make log import script executable
+  file: path=/usr/share/piwik/misc/log-analytics/import_logs.py mode=755
+

tasks/configure-shinken-contacts.yml

@@ -0,0 +1,9 @@
+# This doubles as the login details
+- name: Configure shinken admin user and login
+  template:
+    src=shinken-contacts.cfg.tmpl
+    dest=/etc/shinken/contacts.cfg
+    mode=640
+  notify:
+  - restart shinken broker
+

tasks/configure-shinken-hosts.yml

@@ -0,0 +1,11 @@
+- name: Install hosts.cfg
+#   copy: src=shinken-hosts/ dest=/etc/shinken/hosts/
+  template: user=root owner=root
+    src=shinken-hosts.tmpl
+# how do we get loop to pass in items?
+  with_items:
+    - loop over hosts here
+  notify:
+  - restart shinken broker
+
+

tasks/configure-shinken-webui.yml

@@ -0,0 +1,6 @@
+- name: Set up Shinken web ui
+  template: src=broker-webui.cfg.tmpl dest=/etc/shinken/shinken-specific/broker-webui.cfg
+    owner=root group=root mode=444
+  notify:
+  - restart shinken broker
+

tasks/install-shinken-packages.yml

@@ -0,0 +1,10 @@
+- name: Install shinken including web UI
+  command: apt-get -o Dir::Etc::SourceParts=/var/lib/ansible/jessie.sources.list install {{ item }}
+    creates=/etc/init.d/shinken
+  with_items:
+  - shinken
+  - shinken-module-arbiter-hotdependencies
+
+- name: Allow bi directional HTTP access to shinken frontend on 7767
+  ufw: rule=allow port=7767 proto=tcp
+

tasks/main.yml

@@ -0,0 +1,9 @@
+---
+# Couldn't get pinning working so i've had to do this the long and work aroundy way
+- include: configure-jessie-repo.yml
+- include: install-shinken-packages.yml
+
+- include: configure-shinken-webui.yml
+- include: configure-shinken-contacts.yml
+- include: configure-shinken-hosts.yml
+

templates/broker-webui.cfg.tmpl

@@ -0,0 +1,49 @@
+# {{ ansible_managed }}
+## Module:      WebUI
+## Loaded by:   Broker
+# The Shinken web interface and integrated web server.
+define module {
+    module_name     WebUI
+    module_type     webui
+    host            {{ shinken_broker_webui_host }}     ; All interfaces = 0.0.0.0
+    port            {{ shinken_broker_webui_port }}
+    # auth_secret     CHANGE_ME   ; CHANGE THIS or someone could forge
+	auth_secret		{{ shinken_broker_webui_auth_secret }}
+                                ; cookies!!
+    allow_html_output   0       ; Allow or not HTML chars in plugins output.
+                                ; WARNING: Allowing can be a security issue.
+    max_output_length   100     ; Maximum output length for plugin output in webui
+    manage_acl          1       ; Use contacts ACL. 0 allow actions for all.
+    play_sound          0       ; Play sound on new non-acknowledged problems.
+    #login_text      Welcome on Shinken WebUI    ; Text in the login form.
+
+    ## Modules for WebUI
+    # - Apache_passwd   = Use an htpasswd file for auth backend.
+    # - ActiveDir_UI    = Use AD for auth backend (and retrieve photos).
+    # - Cfg_password    = Use the password setted in Shinken contact for auth.
+    # - PNP_UI          = Use PNP graphs in the UI.
+    # - GRAPHITE_UI     = Use graphs from Graphite time series database.
+    # - Mongodb         = Save user preferences to a Mongodb database
+    # - SQLitedb        = Save user preferences to a SQLite database
+    #modules     Apache_passwd, ActiveDir_UI, Cfg_password, PNP_UI, Mongodb, Glances_UI
+    modules     SQLitedb,Cfg_password
+
+    ## Advanced Options
+    # Don't use them as long as you don't know what you are doing!
+    #http_backend            auto    ; Choice is: auto, wsgiref, cherrypy, flup,
+                                     ; flupscgi, paste, tornado, twisted or gevent.
+                                     ; Leave auto to find the best available.
+    #remote_user_enable      1       ; If WebUI is behind a web server which
+                                     ; has already authentified user, enable.
+    #remote_user_enable      2       ; Look for remote user in the WSGI environment
+                                     ; instead of the HTTP header. This allows
+                                     ; for fastcgi (flup) and scgi (flupscgi)
+                                     ; integration, eg. with the apache modules.
+    #remote_user_variable    X_Remote_User  ; Set to the HTTP header containing
+                                     ; the authentificated user s name, which
+                                     ; must be a Shinken contact.
+    # If you got external plugins (pages) to load on webui
+    #additional_plugins_dir   
+
+}
+

templates/contacts.cfg.tmpl

@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+define contact{
+    use             generic-contact
+    contact_name    {{ shinken_config_contacts_name }}
+    email           {{ shinken_config_contacts_email }}
+    pager           0600000000   ; contact phone number
+    password        {{ shinken_config_contacts_password }}
+    is_admin        1
+}
+

templates/ping.cfg.tmpl

@@ -0,0 +1,9 @@
+# {{ ansible_managed }}
+
+# Define a service to "ping" the local machine
+define service{
+        use                             generic-service         ; Name of service template to use
+        host_name                       medeopolis.com
+        service_description             PING
+        check_command                   {{ shinken_cfg_ping_check_command |default('check_ping!100.0,20%!500.0,60%') }}
+        }

templates/shinken-hosts.tmpl

@@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+###############################################################################
+#
+# HOST DEFINITION
+#
+###############################################################################
+
+# Define a host for the local machine
+define host{
+    use                     linux
+    host_name               {{ item.hostname }}
+    address                 {{ item.hostname }}
+{% if item.parent != '' %}
+    parents                 {{ item.parent }}
+{% endif %}
+}
+

vars/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for tproles/goetzk.shinken