-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add support to configure parameters form insights-client.conf #177
base: main
Are you sure you want to change the base?
Changes from all commits
94a83b6
98455e2
b34b8ac
aa4ab6d
7eb37a5
efcc72e
e2395bc
ff0199b
1600b96
808dd18
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||
---|---|---|---|---|---|---|---|---|
|
@@ -38,6 +38,96 @@ | |||||||
insertafter: "#auto_update" | ||||||||
line: auto_update={{ rhc_insights.autoupdate | d(true) | bool }} | ||||||||
|
||||||||
- name: Configure authmethod | ||||||||
when: | ||||||||
- rhc_insights_auth.authmethod is defined | ||||||||
- not rhc_insights_auth.authmethod is none | ||||||||
- rhc_insights_auth.authmethod != "" | ||||||||
- rhc_insights_auth.authmethod != __rhc_state_absent | ||||||||
- rhc_insights_auth.authmethod != omit | ||||||||
lineinfile: | ||||||||
path: "{{ __rhc_insights_conf }}" | ||||||||
regexp: "^authmethod=" | ||||||||
state: present | ||||||||
line: authmethod={{ rhc_insights_auth.authmethod }} | ||||||||
check_mode: true | ||||||||
no_log: true | ||||||||
|
||||||||
- name: Configure username for authmethod BASIC | ||||||||
when: | ||||||||
- rhc_insights_auth.authmethod = "BASIC" | ||||||||
- rhc_insights_auth.authmethod != __rhc_state_absent | ||||||||
- rhc_insights_auth.username is defined | ||||||||
- not rhc_insights_auth.username is none | ||||||||
- rhc_insights_auth.username != "" | ||||||||
- rhc_insights_auth.username != omit | ||||||||
lineinfile: | ||||||||
path: "{{ __rhc_insights_conf }}" | ||||||||
regexp: "^username=" | ||||||||
state: present | ||||||||
line: username={{ rhc_insights_auth.username }} | ||||||||
check_mode: true | ||||||||
no_log: true | ||||||||
|
||||||||
- name: Configure password for authmethod BASIC | ||||||||
when: | ||||||||
- rhc_insights_auth.authmethod == "BASIC" | ||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||||
- rhc_insights_auth.authmethod != __rhc_state_absent | ||||||||
- rhc_insights_auth.password is defined | ||||||||
- not rhc_insights_auth.password is none | ||||||||
- rhc_insights_auth.password != "" | ||||||||
- rhc_insights_auth.password != omit | ||||||||
lineinfile: | ||||||||
path: "{{ __rhc_insights_conf }}" | ||||||||
regexp: "^password=" | ||||||||
state: present | ||||||||
line: password={{ rhc_insights_auth.password }} | ||||||||
check_mode: true | ||||||||
Tronde marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||
no_log: true | ||||||||
|
||||||||
- name: Configure Base URL for the Insights API | ||||||||
when: | ||||||||
- rhc_insights.baseurl is defined | ||||||||
- not rhc_insights.baseurl is none | ||||||||
- rhc_insights.baseurl != "" | ||||||||
- rhc_insights.baseurl != __rhc_state_absent | ||||||||
- rhc_insights.baseurl != omit | ||||||||
lineinfile: | ||||||||
path: "{{ __rhc_insights_conf }}" | ||||||||
regexp: "^base_url=" | ||||||||
state: present | ||||||||
line: base_url={{ rhc_insights.baseurl }} | ||||||||
check_mode: true | ||||||||
|
||||||||
- name: Configure IP address obfuscation | ||||||||
when: | ||||||||
- rhc_insights.obfuscate is defined | ||||||||
- not rhc_insights.obfuscate is none | ||||||||
- rhc_insights.obfuscate != "" | ||||||||
- rhc_insights.obfuscate != __rhc_state_absent | ||||||||
- rhc_insights.obfuscate != omit | ||||||||
lineinfile: | ||||||||
path: "{{ __rhc_insights_conf }}" | ||||||||
regexp: "^obfuscate=" | ||||||||
state: present | ||||||||
line: obfuscate={{ rhc_insights.obfuscate }} | ||||||||
check_mode: true | ||||||||
|
||||||||
- name: Configure hostname obfuscation | ||||||||
when: | ||||||||
- rhc_insights.obfuscate == "true" | ||||||||
- rhc_insights.hostname_obfuscate is defined | ||||||||
- not rhc_insights.hostname_obfuscate is none | ||||||||
- rhc_insights.hostname_obfuscate != "" | ||||||||
- rhc_insights.hostname_obfuscate != __rhc_state_absent | ||||||||
- rhc_insights.hostname_obfuscate != omit | ||||||||
lineinfile: | ||||||||
path: "{{ __rhc_insights_conf }}" | ||||||||
regexp: "^hostname_obfuscate=" | ||||||||
state: present | ||||||||
line: hostname_obfuscate={{ rhc_insights.hostname_obfuscate }} | ||||||||
check_mode: true | ||||||||
|
||||||||
- name: Check ansible host in insights-client config | ||||||||
when: | ||||||||
- rhc_insights.ansible_host is defined | ||||||||
|
@@ -133,6 +223,46 @@ | |||||||
or "Registered" in __rhc_insights_status.stdout | ||||||||
changed_when: true | ||||||||
|
||||||||
- name: Configure file redaction | ||||||||
when: (rhc_insights.file_redaction.commands is defined) or | ||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Does there need to be a check first for There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. AFAICS I see that most if not all tasks in Following my own argument I would suggest removing all the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
That unfortunately doesn't mean anything.
What if I run the role like this?
Defining a host variable takes precedence over settings in defaults/main.yml. The same applies to setting the variable at the play level or as one of the So - while "top level" variables like If you don't believe me, try running the role with different values and see what happens.
Yes, and if some checks are missing, they should be added in another PR. TBH, I'm really not sure why "sub-parameter" keys and values are defined in
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
…
Thank you for reminding me about variable precedence and giving me a good example when things will break. I didn't find this as my own tests are still flawed and incomplete. I cannot thank you enough for bearing with me and share your thoughts and insights on this as it is a great learning opportunity for myself.
Well, putting all variables, parameters and arguments accepted by the role into I'm going to check the conditionals in the tasks I've added so far. Please allow me some time to go through them. |
||||||||
(rhc_insights.file_redaction.files is defined) or | ||||||||
(rhc_insights.file_redaction.components is defined) | ||||||||
block: | ||||||||
- name: Create file-redaction.yaml from template | ||||||||
template: | ||||||||
src: templates/file-redaction.yaml.j2 | ||||||||
dest: /etc/insights-client/file-redaction.yaml | ||||||||
owner: root | ||||||||
group: root | ||||||||
mode: 0660 | ||||||||
- name: Configure path to file-redaction.yaml in insights-client.conf | ||||||||
lineinfile: | ||||||||
path: "{{ __rhc_insights_conf }}" | ||||||||
regexp: "^redaction_file=" | ||||||||
insertafter: "#redaction_file=" | ||||||||
line: redaction_file=/etc/insights-client/file-redaction.yaml | ||||||||
|
||||||||
- name: Configure file content redaction | ||||||||
when: (rhc_insights.file_content_redaction.keywords is defined) or | ||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Does there need to be a check first for |
||||||||
(rhc_insights.file_content_redaction.patterns is defined) or | ||||||||
(rhc_insights.file_content_redaction.regex_patterns is defined) | ||||||||
block: | ||||||||
- name: Create file-content-redaction.yaml from template | ||||||||
template: | ||||||||
src: templates/file-content-redaction.yaml.j2 | ||||||||
dest: /etc/insights-client/file-content-redaction.yaml | ||||||||
owner: root | ||||||||
group: root | ||||||||
mode: 0660 | ||||||||
- name: Configure path to file-redaction.yaml in insights-client.conf | ||||||||
lineinfile: | ||||||||
path: "{{ __rhc_insights_conf }}" | ||||||||
regexp: "^content_redaction_file=" | ||||||||
insertafter: "#content_redaction_file=" | ||||||||
line: >- | ||||||||
"content_redaction_file=/etc/insights-client/ | ||||||||
file-content-redaction.yaml" | ||||||||
|
||||||||
- name: Register insights-client | ||||||||
shell: insights-client --register & wait | ||||||||
when: | ||||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# file-conrent-redaction.yaml | ||
# Docs: https://access.redhat.com/articles/4511681 | ||
--- | ||
# Omit lines from files and command output using parameters listed here. | ||
# Lines matching the parameters specified will be omitted | ||
# in the order that the parameters are given, e.g., | ||
# | ||
# patterns: | ||
# - "example_string_1" | ||
# - "example_string_2" | ||
# | ||
# Lines containing "example_string_1" or "example_string_2" will be | ||
# omitted from output. | ||
# | ||
# To use regular expressions, wrap the array with "regex" like the following example: | ||
# | ||
# patterns: | ||
# regex: | ||
# - abc.* | ||
# - localhost[[:digit:]] | ||
# | ||
# Lines matching these regular expressions will be omitted | ||
# from output. | ||
# NOTE: You cannot mix plain string matching and regular expression matching. | ||
{% if rhc_insights.file_content_redaction.keywords %} | ||
keywords: | ||
{% for keyword in rhc_insights.file_content_redaction.keywords %} | ||
- {{ keyword }} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is it possible that this or any of the below values will need to be quoted? will it be possible that the values will contain yaml metacharacters? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. For patterns (with regex) that would be possible as the examples in YAML-style denylist configuration for Red Hat Insights Client show characters that need to be escaped. For keywords, I tend to escape them just to be sure. Do you agree? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is tricky - afaik there is no "regex quote" or "regex escape" filter in Jinja or Ansible (like there is for shell metacharacters and the - >-
{{ pattern }} |
||
{% endfor %} | ||
{% endif %} | ||
{% if rhc_insights.file_content_redaction.patterns %} | ||
patterns: | ||
{% for pattern in rhc_insights.file_content_redaction.patterns %} | ||
- {{ pattern }} | ||
{% endfor %} | ||
{% endif %} | ||
{% if rhc_insights.file_content_redaction.regex_patterns %} | ||
patterns: | ||
regex: | ||
{% for regex in rhc_insights.file_content_redaction.regex_patterns %} | ||
- {{ regex }} | ||
{% endfor %} | ||
{% endif %} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# file-redaction.yaml | ||
# Docs: https://access.redhat.com/articles/4511681 | ||
--- | ||
# Omit entire output of commands | ||
# Commands can be specified either by full command or | ||
# by the "symbolic_name" listed in /etc/insights-client/.cache.json | ||
{% if rhc_insights.file_redaction.commands %} | ||
commands: | ||
{% for command in rhc_insights.file_redaction.commands %} | ||
- {{ command }} | ||
{% endfor %} | ||
{% endif %} | ||
|
||
# Omit entire output of files | ||
# Files can be specified either by full filename or | ||
# by the "symbolic_name" listed in .cache.json | ||
{% if rhc_insights.file_redaction.files %} | ||
files: | ||
{% for file in rhc_insights.file_redaction.files %} | ||
- {{ file }} | ||
{% endfor %} | ||
{% endif %} | ||
|
||
# Omit insights-core components | ||
# Refer to the Datasource Catalog here for a full list of available insights-core components, | ||
# and the commands/files they correspond to. | ||
# See items listed under "General Datasources": | ||
# https://insights-core.readthedocs.io/en/latest/specs_catalog.html | ||
# | ||
# Components specified here must be listed with the fully qualified name, i.e. | ||
# must be prefixed with "insights.specs.default.DefaultSpecs." | ||
{% if rhc_insights.file_redaction.components %} | ||
components: | ||
{% for component in rhc_insights.file_redaction.components %} | ||
- {{ component }} | ||
{% endfor %} | ||
{% endif %} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.