Validate config before restarting icinga (#349)

lucagubler · web-flow · commit 5958936a9b72 · 2024-11-18T12:57:40.000+01:00
* Only reload icinga2 if config validation is ok * Remove unused handler * Fix ansible lint issues (FQCN and uppercase name) * Fixes #347
diff --git a/roles/icinga2/handlers/main.yml b/roles/icinga2/handlers/main.yml
@@ -1,10 +1,15 @@
 ---
-- name: restart icinga2 service
-  service:
-    name: icinga2
-    state: restarted
+- name: Check icinga2 configuration
+  ansible.builtin.command:
+    cmd: icinga2 daemon --validate
+  register: icinga2_check
+  changed_when: true
+  failed_when: icinga2_check.rc != 0
+  listen: check-and-reload-icinga2-service
+  notify: reload-icinga2
 
-- name: reload icinga2 service
-  service:
+- name: Reload icinga2 service
+  ansible.builtin.service:
     name: icinga2
     state: reloaded
+  listen: reload-icinga2
diff --git a/roles/icinga2/tasks/configure.yml b/roles/icinga2/tasks/configure.yml
@@ -10,7 +10,7 @@
     dest: "{{ icinga2_config_path + '/icinga2.conf' }}"
     owner: "{{ icinga2_user }}"
     group: "{{ icinga2_group }}"
-  notify: reload icinga2 service
+  notify: check-and-reload-icinga2-service
 
 - name: merge defaults and user specified constants (set_fact icinga2_combined_constants)
   set_fact:
@@ -22,7 +22,7 @@
     dest: "{{ icinga2_config_path + '/constants.conf' }}"
     owner: "{{ icinga2_user }}"
     group: "{{ icinga2_group }}"
-  notify: reload icinga2 service
+  notify: check-and-reload-icinga2-service
 
 - name: features
   include_tasks: features.yml
@@ -94,20 +94,20 @@
     group: "{{ icinga2_group }}"
     mode: 0644
   loop: "{{ result.files }}"
-  notify: reload icinga2 service
+  notify: check-and-reload-icinga2-service
 
 - name: enable features
   file:
     state: "{{ 'link' if (item.state is undefined or item.state != 'absent') else 'absent' }}"
     path: "{{ '/etc/icinga2/features-enabled/' + icinga2_feature_realname[item.name]|default(item.name) + '.conf' }}"
     src: "{{ '../features-available/' + icinga2_feature_realname[item.name]|default(item.name) + '.conf' if (item.state is undefined or item.state != 'absent') else omit }}"
   loop: "{{ icinga2_features }}"
-  notify: reload icinga2 service
+  notify: check-and-reload-icinga2-service
 
 - name: remove empty config files
   ansible.builtin.file:
     state: absent
     path: "{{ item |regex_replace('^'+icinga2_fragments_path, '/etc/icinga2') }}"
   when: item.split('/')[icinga2_fragments_path.split('/')|length] == 'conf.d' or item.split('/')[icinga2_fragments_path.split('/')|length] == 'zones.d'
   loop: "{{ _empty_result.stdout_lines }}"
-  notify: reload icinga2 service
+  notify: check-and-reload-icinga2-service
diff --git a/roles/icinga2/tasks/features.yml b/roles/icinga2/tasks/features.yml
@@ -19,7 +19,7 @@
     state: absent
     path: "{{ '/etc/icinga2/features-enabled/' + icinga2_feature_realname[item]|default(item) + '.conf' }}"
   loop: "{{ features_enabled | default([]) | difference(icinga2_features| map(attribute='name')|list) }}"
-  notify: reload icinga2 service
+  notify: check-and-reload-icinga2-service
   when: icinga2_purge_features
 
 - name: configure features
diff --git a/roles/icinga2/tasks/features/api.yml b/roles/icinga2/tasks/features/api.yml
@@ -152,7 +152,7 @@
         --trustedcert "{{ icinga2_cert_path }}/trusted-master.crt"
         {% else %} sign-csr --csr "{{ icinga2_cert_path }}/{{ icinga2_cert_name }}.csr" {%- endif %}
         --cert "{{ icinga2_cert_path }}/{{ icinga2_cert_name }}.crt"
-      notify: reload icinga2 service
+      notify: check-and-reload-icinga2-service
 
     - name: copy CA root certificate
       copy:
@@ -189,7 +189,7 @@
         dest: "{{ _crt.dest }}"
         owner: "{{ icinga2_user }}"
         group: "{{ icinga2_group }}"
-      notify: reload icinga2 service
+      notify: check-and-reload-icinga2-service
       loop: "{{ _tmp_crt }}"
       loop_control:
         loop_var: _crt
