Big refresh of role (includes making it work)

This role is now usable to install and configure shinken and have a working web
ui. There are some known problems listed on github but it will DTRT for now.

README.md

@@ -4,29 +4,87 @@ Shinken
 This role is to install Shinken and configure your hosts and services.
 Currently at an early stage and not quite ready for other peoples networks.
 
+virtualenv support was coded but since shinken doesn't play nicely in a
+virtualenv those code paths have been disabled.
+
 Requirements
 ------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
 
 Role Variables
 --------------
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+The following are set via defaults/main.yml *and currently usable* (some things
+have not been implemented yet)
+
+
+    # How should things be installed, 'packages' or 'pip'
+    shinken_install_from: 'pip'
+
+    # Path of broker configuration
+    shinken_config_broker: /etc/shinken/brokers/
+
+    # Do we want the web UI?
+    shinken_enable_web_ui2: true
+
+    # List of modules to enable in the broker. 'webui2' enables web interface.
+    shinken_broker_modules: 'webui2'
+
+    # Shinken web UI configuration, only changed items are here so far.
+    shinken_broker_webui_host: 0.0.0.0
+    shinken_broker_webui_port: 7767
+    shinken_broker_webui_auth_secret: SiteSpecificAuthSecret # MUST BE CHANGED
+
+    # Where are contacts placed
+    shinken_config_contacts: /etc/shinken/contacts/
+
+    # Details of the available contacts (include password for internal authentication)
+    # This example shows both expanded and single line list format for admin and guest.
+    shinken_contacts:
+     - contact_name: 'admin'
+       email: 'shinken@localhost'
+       password: 'password'
+       is_admin: 1
+       expert: 1
+       can_submit_commands: 1
+     - { contact_name: 'guest', email: 'guest@localhost', password: 'password'}
+
+    # where does service configuration go?
+    shinken_config_services: /etc/shinken/services/
+
+    # What services are we monitoring? which hostgroups do they apply to?
+    shinken_services:
+     - { service_description: 'ping test', command: 'check_ping', hostgroup_name: [] }
+
+    # Where should the host configuration go
+    shinken_config_hosts: /etc/shinken/hosts/
+    shinken_config_hostgroups: /etc/shinken/hostgroups/
+
+    # Which hosts are we monitoring? NOTE: hostgroups list is a required field, even if empty.
+    shinken_hosts:
+     - { host_name: 'router.local' , hostgroups: [ 'infrastructure' ]}
+     - { host_name: 'modem.local', parent: 'router.local', hostgroups: [ 'appliances' ] }
+     - { host_name: 'shinken.io', parent: 'modem.local', hostgroups: [ 'remote-server', 'web-server' ] }
+
 
 Dependencies
 ------------
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+This module requires epel on centos for virtualenvs and shinken packages. Roles
+to perform these tasks are below, but any roles / tasks to organise the
+dependenies will work.
+
+    ansible-galaxy install wtanaka.virtualenv
+    ansible-galaxy install geerlingguy.repo-epel
 
 Example Playbook
 ----------------
 
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
 
-    - hosts: servers
+    - hosts: shinken
       roles:
-         - { role: username.rolename, x: 42 }
+         - { role: goetz.shinken, shinken_broker_modules: webui }
 
 License
 -------

defaults/main.yml

@@ -1,30 +1,52 @@
 ---
+
+# How should things be installed, 'packages' or 'pip'
+shinken_install_from: 'pip'
+
+# Where pip will install packages
+shinken_virtualenv: /srv/shinken/environment
+
+# Path of broker configuration
+shinken_config_broker: /etc/shinken/brokers/
+
+# Do we want the web UI?
+shinken_enable_web_ui2: true
+
+# List of modules to enable in the broker. 'webui2' enables web interface.
+shinken_broker_modules: 'webui2'
+
 # Shinken web UI configuration, only changed items are here so far.
 shinken_broker_webui_host: 0.0.0.0
 shinken_broker_webui_port: 7767
-shinken_broker_webui_auth_secret: SiteSpecificAuthSecret
+shinken_broker_webui_auth_secret: SiteSpecificAuthSecret # MUST BE CHANGED
 
-# Details of the administrator contact.
-shinken_config_contacts_name: admin
-shinken_config_contacts_email: shinken@localhost
-shinken_config_contacts_password: password
+# Where are contacts placed
+shinken_config_contacts: /etc/shinken/contacts/
 
-# Where should the host configuration go
-shinken_config_hosts: /etc/shinken/hosts/
-# where do service configuration go?
+# Details of the available contacts (include password for internal authentication)
+shinken_contacts:
+ - contact_name: 'admin'
+   email: 'shinken@localhost'
+   password: 'password'
+   is_admin: 1
+   expert: 1
+   can_submit_commands: 1
+#  - { contact_name: 'guest', email: 'guest@localhost', password: 'password'}
+
+# where does service configuration go?
 shinken_config_services: /etc/shinken/services/
-# Which hosts are we monitoring?
-shinken_targets:
-***REMOVED***
-***REMOVED***
-***REMOVED***
-***REMOVED***
-***REMOVED***
-***REMOVED***
-***REMOVED***
-***REMOVED***
-***REMOVED***
+
 # What services are we monitoring?
 shinken_services:
- - { }
+ - { service_description: 'ping test', command: 'check_ping', hostgroup_name: [] }
+
+# Where should the host configuration go
+shinken_config_hosts: /etc/shinken/hosts/
+shinken_config_hostgroups: /etc/shinken/hostgroups/
+
+# Which hosts are we monitoring?
+shinken_hosts:
+ - { host_name: 'router.local' , hostgroups: [ 'infrastructure' ]}
+ - { host_name: 'modem.local', parent: 'router.local', hostgroups: [ 'appliances' ] }
+ - { host_name: 'shinken.io', parent: 'modem.local', hostgroups: [ 'remote-server', 'web-server' ] }
 

tasks/configure-shinken-webui.yml

@@ -1,6 +1,46 @@
-- name: Set up Shinken web ui
-  template: src=broker-webui.cfg.tmpl dest=/etc/shinken/shinken-specific/broker-webui.cfg
-    owner=root group=root mode=444
+---
+# https://github.com/shinken-monitoring/mod-webui/wiki/Installation
+
+# - name: Install Web UI configuration
+#   template: src=webui-module.cfg.tmpl dest=/etc/shinken/modules/broker-webui.cfg
+#     owner=root group=root mode=444
+#   notify:
+#   - restart shinken broker
+#   - restart shinken arbiter
+
+# A 'with items' doesn't work here for some reason
+- name: Install webui2 python dependencies
+  pip:
+    state: present
+    name: "pymongo>=3.0.3 passlib requests arrow bottle==0.12.8"
+#     virtualenv: {{ shinken_virtualenv }}
+
+- name: Install mongodb for storing WebUI user preferences
+  package:
+    name: mongodb
+    state: present
+
+- name: Set up Shinken CLI
+  become: true
+  become_user: shinken
+  command: shinken --init
+  args:
+    creates: /home/shinken/.shinken.ini
+
+- name: Install Shinken WebUI 2
+  become: true
+  become_user: shinken
+  command: shinken install webui2
+  args:
+    creates: /etc/shinken/modules/webui2.cfg
+
+- name: Change broker-master configuration
+  lineinfile:
+    dest={{ shinken_config_broker }}/broker-master.cfg
+    state=present
+    regexp='.*[^#] modules.*'
+    line="    modules {{ shinken_broker_modules }}"
   notify:
   - restart shinken broker
-
+  - restart shinken arbiter
+

tasks/configure-shinken.yml

@@ -0,0 +1,47 @@
+---
+
+- name: Configure shinken users for contact and authentication
+  with_items: "{{ shinken_contacts }}"
+  template:
+    src=contacts.cfg.tmpl
+    dest={{ shinken_config_contacts }}/{{ item.contact_name |mandatory }}.cfg
+    mode=640
+  notify:
+  - restart shinken arbiter
+
+- name: Create configuration for services to monitor
+  with_items: "{{ shinken_services }}"
+  template:
+    dest={{ shinken_config_services }}/{{ item.service_description|replace(' ', '_') }}.cfg
+    src=services.cfg.tmpl
+  notify:
+  - restart shinken arbiter
+
+- name: Create configuration for hosts to monitor (without services)
+  with_items: "{{ shinken_hosts }}"
+  template:
+    dest={{ shinken_config_hosts }}/{{ item.host_name }}.cfg
+    src=hosts.cfg.tmpl
+  notify:
+  - restart shinken arbiter
+
+# Following Jinja magic thanks to mikecee
+- name: Build list of hostgroups
+  set_fact:
+    hglist="{{ shinken_hosts | sum(attribute='hostgroups', start=[]) | unique }}"
+
+- name: Create configuration for hostgroups
+  with_items: "{{ hglist }}"
+  template:
+    dest={{ shinken_config_hostgroups }}/{{ item }}.cfg
+    src=hostgroups.cfg.tmpl
+  notify:
+  - restart shinken arbiter
+
+- name: Install 'all' hostgroup
+  template:
+    dest={{ shinken_config_hostgroups }}/all.cfg
+    src=hostgroups-all.cfg.tmpl
+  notify:
+  - restart shinken arbiter
+

tasks/install-shinken-packages.yml

@@ -1,10 +1,15 @@
-- name: Install shinken including web UI
-  command: apt-get -o Dir::Etc::SourceParts=/var/lib/ansible/jessie.sources.list install {{ item }}
-    creates=/etc/init.d/shinken
-  with_items:
-  - shinken
-  - shinken-module-arbiter-hotdependencies
+---
+- name: Install Shinken from OS packages
+  when: shinken_install_from == "packages"
+  package: 
+    name: shinken
+    state: present
 
-- name: Allow bi directional HTTP access to shinken frontend on 7767
-  ufw: rule=allow port=7767 proto=tcp
+- name: Install Shinken using pip
+  when: shinken_install_from == "pip"
+  pip: 
+    name: Shinken
+    state: present
+#    virtualenv: "{{ shinken_virtualenv }}"
+#    virtualenv_site_packages: yes
 

tasks/main.yml

@@ -1,9 +1,10 @@
 ---
-# Couldn't get pinning working so i've had to do this the long and work aroundy way
-- include: configure-jessie-repo.yml
+- include: prepare-for-install.yml
+
 - include: install-shinken-packages.yml
 
+- include: configure-shinken.yml
+
 - include: configure-shinken-webui.yml
-- include: configure-shinken-contacts.yml
-- include: configure-shinken-hosts.yml
+  when: "{{ shinken_enable_web_ui2 }}"
 

tasks/prepare-for-install.yml

@@ -0,0 +1,31 @@
+---
+- name: Create shinken group
+  user:
+    name: shinken
+    system: yes
+
+- name: Create shinken user
+  user:
+    name: shinken
+    comment: Created by ansible-shinken
+    group: shinken
+    system: yes
+
+# - name: Create directory for shinken to be installed to
+#   when: shinken_install_from == "pip"
+#   file:
+#     path: "{{ shinken_virtualenv }}"
+#     state: directory
+
+# Required by shinken http_client but not pulled in as a dependency
+- name: Install python-pycurl
+  package:
+    name: python-pycurl
+    state: present
+
+# needed to install shinken and its web ui
+- name: Install python-pip
+  package:
+    name: python-pip
+    state: present
+