--- - name: Enable icinga apt-key apt_key: url="https://packages.icinga.com/icinga.key" keyring="/etc/apt/trusted.gpg.d/icinga.gpg" - name: Enable icinga repository apt_repository: repo: "deb https://packages.icinga.com/debian icinga-{{ ansible_distribution_release }} main" filename: icinga - name: Install icinga apt: name: - php-fpm - php-pgsql - icinga2 - icinga2-ido-pgsql - icingaweb2 - name: Install PostgreSQL apt: name: - postgresql - python3-psycopg2 - name: Configure icinga database postgresql_db: name={{ icinga_dbname }} become: true become_user: postgres register: icinga_ido_db - name: Configure icinga database user postgresql_user: db={{ icinga_dbname }} name={{ icinga_dbuser }} password={{ icinga_dbpass }} priv=ALL state=present become: true become_user: postgres # FIXME it is not possible to use login_username and login_password here in order to change the role to icinga # so as a workaround you have to insert "SET ROLE icinga;" manually at the top of the referred sql file - name: Configure database schema postgresql_db: name={{ icinga_dbname }} target=/usr/share/icinga2-ido-pgsql/schema/pgsql.sql state=restore become: true become_user: postgres when: icinga_ido_db.changed - name: Configure icingaweb database postgresql_db: name={{ icingaweb_dbname }} become: true become_user: postgres - name: Configure icingaweb database user postgresql_user: db={{ icingaweb_dbname }} name={{ icingaweb_dbuser }} password={{ icingaweb_dbpass }} priv=ALL state=present become: true become_user: postgres - name: Configure icinga ido pgsql template: src=icinga2/features-available/ido-pgsql.conf.j2 dest=/etc/icinga2/features-available/ido-pgsql.conf owner={{ icinga_user }} group={{ icinga_group }} notify: Restart icinga2 - name: Enable icinga ido PostgreSQL command: "icinga2 feature enable ido-pgsql" register: features_result changed_when: "'for these changes to take effect' in features_result.stdout" notify: Restart icinga2 # TODO setup as master node # icinga2 node setup --master - name: Ensure directory for zone config exists file: path: /etc/icinga2/zones.d/master state: directory owner: "{{ icinga_user }}" group: "{{ icinga_group }}" - name: Configure services copy: src=icinga2/zones.d/master/services.conf dest=/etc/icinga2/zones.d/master/services.conf owner={{ icinga_user }} group={{ icinga_group }} notify: Restart icinga2 - name: Configure zones template: src=icinga2/zones.conf.j2 dest=/etc/icinga2/zones.conf owner={{ icinga_user }} group={{ icinga_group }} notify: Restart icinga2 - name: Ensure directory for host snippets exists file: path: /etc/icinga2/conf.d/hosts state: directory owner: "{{ icinga_user }}" group: "{{ icinga_group }}" - name: Prepare host snippets template: src=icinga2/conf.d/hosts.header.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.00_header owner={{ icinga_user }} group={{ icinga_group }} loop: "{{ groups['all'] }}" - name: Prepare host snippets template: src=icinga2/conf.d/hosts.footer.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.zz_footer owner={{ icinga_user }} group={{ icinga_group }} loop: "{{ groups['all'] }}" - name: Create group icingaweb2 group: name=icingaweb2 system=yes - name: Add www-data to icingaweb2 user: name=www-data append=yes groups=icingaweb2 - name: Ensure certificates are available command: cmd: > openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ icinga_domain }}.key -out /etc/nginx/ssl/{{ icinga_domain }}.crt -days 730 -subj "/CN={{ icinga_domain }}" creates: /etc/nginx/ssl/{{ icinga_domain }}.crt notify: Restart nginx - name: Request nsupdate key for certificate include_role: name=acme-dnskey-generate vars: acme_dnskey_san_domains: - "{{ icinga_domain }}" - name: Configure certificate manager for icinga template: src=certs.j2 dest=/etc/acertmgr/{{ icinga_domain }}.conf notify: Run acertmgr - name: Configure vhost template: src=vhost.j2 dest=/etc/nginx/sites-available/icinga notify: Restart nginx - name: Enable vhost file: src=/etc/nginx/sites-available/icinga dest=/etc/nginx/sites-enabled/icinga state=link notify: Restart nginx - name: Start php8.2-fpm service: name=php8.2-fpm state=started enabled=yes