improve examples about plugins/local checks on how to use cached mode.

[crpb]

I was kinda annoyed with all local/plugin checks in the main path so i tried a bit around and discovered that the following is also possible (with this role) and wanted to share my notes about it as i suspect others might wanna reduce the occurence of some checks.

./group_vars/all

#
# Check MK will cache checks in subfolders named after the time in seconds the
# check shouldn't be repeated for.
# e.g. $PLUGIN_DIR/plugins/600/wireguard (which will only be run every 10 min.)
# https://docs.checkmk.com/latest/en/localchecks.html?lquery=lokale%20#_configuring_linux
# 
# The directory declaration has to come first. Otherwise ansible will fail
# as the directory doesn't exist and it can't create the file with a 
# non-exsiting directory?! 
# "If src and dest are files, the parent directory of dest is not created and the task fails if it does not already exist."
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html#parameter-dest
# 
# Also note that you need to copy/symlink the files from the role into your
# working directory.
#
#  % ls files/*
#  files/check_mk_agent.freebsd
#
#  files/60:
#  wireguard
#
#  files/600:
#  check_powerunit.sh -> ../../roles/ansible-opnsense-checkmk/files/check_powerunit.sh
#  crash_status.py -> ../../roles/ansible-opnsense-checkmk/files/crash_status.py
#  firmware_status.py -> ../../roles/ansible-opnsense-checkmk/files/firmware_status.py
#  pkg_audit.py -> ../../roles/ansible-opnsense-checkmk/files/pkg_audit.py
#  pkg_check.sh -> ../../roles/ansible-opnsense-checkmk/files/pkg_check.sh
#
#
  opn_check_mk_local_checks:
    - 600/
    - 600/crash_status.py
    - 600/firmware_status.py
    - 600/pkg_audit.py
    - 600/pkg_check.sh
    - 600/check_powerunit.sh
    - gateways_status.py
    - pfctl_status.sh
  opn_check_mk_plugins:
    - 60/
    - 60/wireguard

PS: I also modified the test in the wireguard check to keep it silent if not in use.

./files/60/wireguard

#!/usr/bin/env bash

wg=$(which wg)

if ! [ "$(pluginctl -S wireguard)" = "[]" ]; then
    echo '<<<wireguard:sep(9)>>>'
    for iface in $($wg show interfaces); do
        echo "[[$iface]]"
        $wg show $iface dump | tail -n +2 | cut -f1,3- -d\t
    done
fi

pluginctl -S wireguard will only show data if an instance is activated.

[zerwes]

Hello @crpb Thank you - great hint. We use the cache dir feature of checkmk on linux, but not on opnsense. Great hint that it can be used here too!

To make the hackish notation ...

The directory declaration has to come first. Otherwise ansible will fail

... I just created PR #31

Can you be so kind to test if it fits your needs and makes the list definition less painful?

You are welcome to update the documentation in a PR!

Same for the patched version of the wireguard plugin (see 77557e22b0c8c49981378c1dcb0b0c09e817c9de as a possible way to go, or you can include your version of the plugin as a complete file)

Thank you for your contributions

[zerwes]

@crpb great addition to the documentation. (and thank you for the cooperation in #31) would you mid extending the doc and create a PR for the change? I like documentation written by experienced users, it is much more eloquent as the one a developer will ever be able to write ...

[crpb]

Can do but not immediately. Experienced? Well, not in Ansible that i can say at least :P.

[crpb]

@zerwes Just letting you know what my thoughts are or maybe you have a better idea..

I was thinking of instead of writing example configurations (at least for those i actually know how to because my usage of all your nice roles is very limited for now..) in the playbook and than you could refer to that one in general for all kinds of examples?

I haven't done much but but you could look at the difference i added for now to show what i mean. And maybe a playbook/role should be added in the root-folder which then "loads" these group_vars/foo.yaml in there playbook( on which i'm not so certain if that filehierarchy would be good or maybe something else would be bettter?! /me is a ansible noob but at least 20+years linux on the back :>)

And maybe you could share more of your actual deployed things with me either somewhere in here or you could just drop me an mail. That way i could myself maybe get more of the functionalities going for my setups and then write up whatever i learned from it for anyone who also lacks the ansible-skills to get started from what is currently available and also learn from it of course!