Adding tst inventory, ansible.cfg

ansible/playbooks/auto-updates-result.yml

@@ -0,0 +1,55 @@
+---
+
+# This is to get the auto-updates script status from log file
+# It returns in stat_log:
+# - OUT if file older than 40 days
+# - ERR if recent but ERROR in file
+# - OK if recent and OK in file
+# nothing else (main playbook manage it as an UNK status)
+
+- name: check if there is an auto-updates log file
+  stat: path="{{ log_dir }}/scripts/auto-updates.log"
+  register: stat_log
+
+- name: set error status
+  set_fact: auto_updates_status=ERR
+  when: not stat_log.stat.exists
+
+- name: check if log file is less than 1 month old
+  shell: "find {{ log_dir }}/scripts/ -name 'auto-updates.log' -mtime -40 | wc -l"
+  register: date_log
+  when: stat_log.stat.exists
+
+- name: set outdated status
+  set_fact: auto_updates_status=OUT
+  when: date_log.stdout is defined and date_log.stdout != "1"
+
+- name: check ok status if recent log file
+  command: "grep OK {{ log_dir }}/scripts/auto-updates.log"
+  register: ok_log
+  failed_when: False
+  when: date_log.stdout is defined and date_log.stdout == "1"
+
+- name: set ok status
+  set_fact: auto_updates_status=OK
+  when: ok_log.rc is defined and ok_log.rc != 1
+
+- name: check error if old log file
+  command: "grep ERROR {{ log_dir }}/scripts/auto-updates.log"
+  register: error_log
+  failed_when: false
+  when: date_log.stdout is defined and date_log.stdout == "1"
+
+- name: set error status
+  set_fact: auto_updates_status=ERR
+  when: error_log.rc is defined and error_log.rc != 1
+
+- name: check running status if recent log file
+  command: "grep RUNNING {{ log_dir }}/scripts/auto-updates.log"
+  register: running_log
+  failed_when: false
+  when: stat_log.stat.exists
+
+- name: set error status
+  set_fact: auto_updates_status=ERR
+  when: running_log.rc is defined and running_log.rc != 1

ansible/playbooks/main.yml

@@ -0,0 +1,47 @@
+---
+
+###
+# This playbook aims to retrieve a 'state' of our servers, ie for each server:
+# - what is the OS, in which version (we focus on debian / ubuntu and centos)
+# - for centos and debian-based distribs, how many available updates are there?
+#
+# Call it with the callback made for it: callback_plugin=update_dashboard in ansible.cfg
+# or after running export ANSIBLE_STDOUT_CALLBACK="update_dashboard"
+# also: callback_plugins = ./hooks/callback:/usr/share/ansible_plugins/callback_plugins
+###
+
+- hosts: "all"
+
+  strategy: free
+
+  tasks:
+
+  #
+  ## All hosts ##
+  #
+
+  - name: get uptime
+    shell: uptime=$(uptime | grep -o "[0-9][0-9]* days" | awk '{ print $1 }'); if [ "$uptime" ]; then echo $uptime; else echo 0; fi
+    register: uptime
+    changed_when: False
+    tags:
+      - skip_ansible_lint
+
+  # get number of updates and debug
+  - name: (debian) update apt cache if older than 1 day
+    apt: update_cache=yes cache_valid_time=86400
+    register: update_cache_result
+    ignore_errors: yes
+
+  - name: (debian) check available updates on debian systems
+    shell: apt-get --dry-run dist-upgrade | grep '^Inst' | wc -l warn=no
+    register: available_updates
+    when: update_cache_result is succeeded
+
+  - name: (Debian) output
+    debug: msg="{{ inventory_hostname }};{{ ansible_distribution }};{{ ansible_distribution_major_version }};{{ available_updates.stdout | default('') }};{{ uptime.stdout }}"
+    when: ansible_distribution == "Debian"
+
+  - name: (Ubuntu) output
+    debug: msg="{{ inventory_hostname }};{{ ansible_distribution }};{{ ansible_distribution_version }};{{ available_updates.stdout | default('') }};{{ uptime.stdout }}"
+    when: ansible_distribution == "Ubuntu"

ansible/playbooks/packages.yml

@@ -0,0 +1,68 @@
+---
+
+- hosts: all
+
+  strategy: free
+
+  vars:
+    - packages :
+        - apt
+        - apache2
+        - bash
+        - check-mk-agent
+        - elasticsearch
+        - libc-bin
+        - make
+        - mysql-server
+        - nginx
+        - openssh-server
+        - php5
+        - php7.0
+        - php7.1
+        - php7.2
+        - php7.4
+        - postfix
+        - proxysql
+        - redis
+        - redis-server
+        - sphinxsearch
+        - sudo
+        - systemd
+
+  tasks:
+
+    # Loop on package list to get versions
+
+    - name: Check packages lists
+      include: packages_include.yml package="{{ item }}"
+      with_items:
+        - "{{ packages }}"
+
+
+    # Get the RUNNING kernel
+
+    ## Debian
+
+    - when: ansible_distribution == "Debian" and ansible_distribution_major_version|int >= 7
+      block:
+
+        - name: (Debian) get kernel version
+          shell: uname -v | awk '{ print $4 }'
+          register: kernel_version_debian
+          changed_when: false
+
+        - name: (Debian) Kernel output
+          debug: msg="{{ inventory_hostname }};kernel;{{ kernel_version_debian.stdout }}"
+
+    ## Ubuntu
+
+    - when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int >= 16
+      block:
+
+        - name: (Ubuntu) get kernel version
+          shell: uname -r
+          register: kernel_version_ubuntu
+          changed_when: false
+
+        - name: (ubuntu) Kernel output
+          debug: msg="{{ inventory_hostname }};kernel;{{ kernel_version_ubuntu.stdout }}"

ansible/playbooks/packages_include.yml

@@ -0,0 +1,10 @@
+---
+
+- name: check package version
+  shell: dpkg -l | awk '$2=="{{ package }}" { print $3 }'
+  register: package_version_debian
+  changed_when: false
+
+- name: output
+  debug: msg="{{ inventory_hostname }};{{ package }};{{ package_version_debian.stdout }}"
+  when: package_version_debian.stdout != ""