98 lines
3.2 KiB
YAML
98 lines
3.2 KiB
YAML
---
|
|
|
|
- name: Enable icinga apt-key
|
|
apt_key: url='https://packages.icinga.com/icinga.key'
|
|
|
|
- name: Enable icinga repository
|
|
apt_repository:
|
|
repo: 'deb https://packages.icinga.com/debian icinga-{{ ansible_distribution_release }} main'
|
|
filename: icinga
|
|
|
|
- name: Install icinga
|
|
apt:
|
|
name:
|
|
- php-pgsql
|
|
- icinga2
|
|
- icinga2-ido-pgsql
|
|
- icingaweb2
|
|
|
|
- name: Install PostgreSQL
|
|
apt:
|
|
name:
|
|
- postgresql
|
|
- python3-psycopg2
|
|
|
|
- name: Configure icinga database
|
|
postgresql_db: name={{ icinga_dbname }}
|
|
become: true
|
|
become_user: postgres
|
|
register: icinga_ido_db
|
|
|
|
- name: Configure icinga database user
|
|
postgresql_user: db={{ icinga_dbname }} name={{ icinga_dbuser }} password={{ icinga_dbpass }} priv=ALL state=present
|
|
become: true
|
|
become_user: postgres
|
|
|
|
# FIXME it is not possible to use login_username and login_password here in order to change the role to icinga
|
|
# so as a workaround you have to insert "SET ROLE icinga;" manually at the top of the referred sql file
|
|
- name: Configure database schema
|
|
postgresql_db: name={{ icinga_dbname }} target=/usr/share/icinga2-ido-pgsql/schema/pgsql.sql state=restore
|
|
become: true
|
|
become_user: postgres
|
|
when: icinga_ido_db.changed
|
|
|
|
- name: Configure icingaweb database
|
|
postgresql_db: name={{ icingaweb_dbname }}
|
|
become: true
|
|
become_user: postgres
|
|
|
|
- name: Configure icingaweb database user
|
|
postgresql_user: db={{ icingaweb_dbname }} name={{ icingaweb_dbuser }} password={{ icingaweb_dbpass }} priv=ALL state=present
|
|
become: true
|
|
become_user: postgres
|
|
|
|
- name: Configure icinga ido pgsql
|
|
template: src=icinga2/features-available/ido-pgsql.conf.j2 dest=/etc/icinga2/features-available/ido-pgsql.conf owner={{ icinga_user }} group={{ icinga_group }}
|
|
notify: Restart icinga2
|
|
|
|
- name: Enable icinga ido PostgreSQL
|
|
command: "icinga2 feature enable ido-pgsql"
|
|
register: features_result
|
|
changed_when: "'for these changes to take effect' in features_result.stdout"
|
|
notify: Restart icinga2
|
|
|
|
- name: Configure known hosts for icinga
|
|
template: src=icinga2/conf.d/hosts.conf.j2 dest=/etc/icinga2/conf.d/hosts.conf owner={{ icinga_user }} group={{ icinga_group }}
|
|
notify: Restart icinga2
|
|
|
|
- name: Create group icingaweb2
|
|
group: name=icingaweb2 system=yes
|
|
|
|
- name: Add www-data to icingaweb2
|
|
user: name=www-data append=yes groups=icingaweb2
|
|
|
|
- name: Ensure certificates are available
|
|
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ icinga_domain }}.key -out /etc/nginx/ssl/{{ icinga_domain }}.crt -days 730 -subj "/CN={{ icinga_domain }}" creates=/etc/nginx/ssl/{{ icinga_domain }}.crt
|
|
notify: Restart nginx
|
|
|
|
- name: Request nsupdate key for certificate
|
|
include_role: name=acme-dnskey-generate
|
|
vars:
|
|
acme_dnskey_san_domains:
|
|
- "{{ icinga_domain }}"
|
|
|
|
- name: Configure certificate manager for icinga
|
|
template: src=certs.j2 dest=/etc/acertmgr/{{ icinga_domain }}.conf
|
|
notify: Run acertmgr
|
|
|
|
- name: Configure vhost
|
|
template: src=vhost.j2 dest=/etc/nginx/sites-available/icinga
|
|
notify: Restart nginx
|
|
|
|
- name: Enable vhost
|
|
file: src=/etc/nginx/sites-available/icinga dest=/etc/nginx/sites-enabled/icinga state=link
|
|
notify: Restart nginx
|
|
|
|
- name: Start php7.3-fpm
|
|
service: name=php7.3-fpm state=started enabled=yes
|