ansible/roles/collectd/base/tasks/main.yml

# collectd client setup

# install pkg
---
- name: Install collectd
  ansible.builtin.package: name=collectd state=present
  tags:
  - collectd
  when: ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat'

# install pkg
- name: Install collectd
  dnf: name=collectd state=present
  tags:
  - collectd
  when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat'

# install pkg
- name: Install collectd
  dnf: name=collectd state=present
  tags:
  - collectd
  when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'

# install collectd-disk (it was split out)
- name: Install collectd-disk
  dnf: name=collectd-disk state=present
  tags:
  - collectd
  when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat'

# install collectd-disk on F25+ (it was split out)
- name: Install collectd-disk
  dnf: name=collectd-disk state=present
  tags:
  - collectd
  when: ansible_distribution_major_version|int > 24 and ansible_distribution == 'Fedora'

# install collected.conf
- name: /etc/collectd.conf
  ansible.builtin.template: src=collectd.conf.j2 dest=/etc/collectd.conf
  tags:
  - collectd
  notify:
  - Restart collectd

# install collectd-network config
- name: /etc/collectd.d/network.conf
  ansible.builtin.template: src=network-client.conf.j2 dest=/etc/collectd.d/network.conf
  tags:
  - collectd
  notify:
  - Restart collectd
  when: not inventory_hostname.startswith('log')

# install collectd-network config
- name: /etc/collectd.d/network.conf
  ansible.builtin.copy: src=network-server.conf dest=/etc/collectd.d/network.conf
  tags:
  - collectd
  notify:
  - Restart collectd
  when: inventory_hostname.startswith('log')

# apache - localhost only - pretty much any apache server
- name: Install collectd-apache (yum)
  ansible.builtin.package: state=present name=collectd-apache
  tags:
  - collectd
  notify:
  - Restart collectd
  when: collectd_apache and ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat'

- name: Install collectd-apache (dnf)
  dnf: state=present name=collectd-apache
  tags:
  - collectd
  notify:
  - Restart collectd
  when: collectd_apache and ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat'

- name: Install collectd-apache (dnf)
  dnf: state=present name=collectd-apache
  tags:
  - collectd
  notify:
  - Restart collectd
  when: collectd_apache and ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'

- name: /etc/collectd/apache.conf
  ansible.builtin.copy: src=apache.conf dest=/etc/collectd.d/apache.conf
  tags:
  - collectd
  notify:
  - Restart collectd
  when: collectd_apache

- name: Install libsemanage-python so we can set an sebool below
  ansible.builtin.package: name=libsemanage-python state=present
  tags:
  - collectd
  when: collectd_apache is defined and ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat'

- name: Let collectd talk to things over tcp
  seboolean: name=collectd_tcp_network_connect state=yes persistent=yes
  tags:
  - collectd
  ignore_errors: true
  notify:
  - Restart collectd
  when: ( collectd_apache is defined ) and ansible_selinux.status != "disabled"

- name: Enable collectd nfs module
  ansible.builtin.copy: src=nfs.conf dest=/etc/collectd.d/nfs.conf
  tags:
  - collectd
  notify:
  - Restart collectd

# Three tasks for handling our (two) custom selinux modules.
- name: Ensure a directory exists for our custom selinux module
  ansible.builtin.file: dest=/usr/share/collectd state=directory
  tags:
  - collectd
  - selinux

- name: Copy over our general collectd selinux module
  ansible.builtin.copy: src=selinux/fi-collectd.pp dest=/usr/share/collectd/fi-collectd.pp
  register: ficgeneral_module
  tags:
  - collectd
  - selinux

# TODO: consider using selinux_modules from https://galaxy.ansible.com/linux-system-roles/selinux instead
- name: Check to see what version is installed (if any)
  ansible.builtin.shell: "semodule -l -m | grep fi-collectd | cut -d: -f2"
  register: ficgeneral_installed_version
  check_mode: no
  changed_when: false
  tags:
  - collectd
  - selinux

# This cmd comes from the last example of the semodule man page
- name: Check to see what version we have
  ansible.builtin.shell: /usr/libexec/selinux/hll/pp /usr/share/collectd/fi-collectd.pp | sha256sum | cut -d ' ' -f1
  register: ficgeneral_local_version
  check_mode: no
  changed_when: false
  tags:
  - collectd
  - selinux

- name: Install our general collectd selinux module
  ansible.builtin.command: semodule -i /usr/share/collectd/fi-collectd.pp
  when: ficgeneral_module is changed or ficgeneral_installed_version != ficgeneral_local_version
  tags:
  - collectd
  - selinux

- name: Copy over our pstorefs/collectd selinux module (rhel6 has no pstorefs)
  ansible.builtin.copy: src=selinux/fi-pstorefs.pp dest=/usr/share/collectd/fi-pstorefs.pp
  register: ficpstorefs_module
  tags:
  - collectd
  - selinux

- name: Check to see if its even installed yet
  ansible.builtin.shell: semodule -l | grep fi-pstorefs | wc -l
  register: ficpstorefs_grep
  check_mode: no
  changed_when: "'0' in ficpstorefs_grep.stdout"
  tags:
  - collectd
  - selinux

- name: Install our pstorefs/collectd selinux module
  ansible.builtin.command: semodule -i /usr/share/collectd/fi-pstorefs.pp
  when: (ficpstorefs_module is changed or ficpstorefs_grep is changed)
  tags:
  - collectd
  - selinux

# each of the below should move to a separate task list
# since they are odd-balls and one-offs

# memcached - memcached only

# postgres - this is a conn check
## add /usr/share/collectd/pgconn-types.db

# openvpn - for bastion/openvpn gateways only

# mysql
## collectd-mysql

# haproxy
## add /usr/share/collectd/haproxy-types.db
## add socat pkg
##

# webproxy

# enable collectd
- name: Enable collectd svc
  service: state=started enabled=true name=collectd
  tags:
  - collectd