ansible/roles/icinga/tasks/main.yml

129 lines
4.1 KiB
YAML

---
- name: Enable icinga apt-key
apt_key: url="https://packages.icinga.com/icinga.key" keyring="/etc/apt/trusted.gpg.d/icinga.gpg"
- name: Enable icinga repository
apt_repository:
repo: "deb https://packages.icinga.com/debian icinga-{{ ansible_distribution_release }} main"
filename: icinga
- name: Install icinga
apt:
name:
- php-fpm
- php-pgsql
- icinga2
- icinga2-ido-pgsql
- icingaweb2
- name: Install PostgreSQL
apt:
name:
- postgresql
- python3-psycopg2
- name: Configure icinga database
postgresql_db: name={{ icinga_dbname }}
become: true
become_user: postgres
register: icinga_ido_db
- name: Configure icinga database user
postgresql_user: db={{ icinga_dbname }} name={{ icinga_dbuser }} password={{ icinga_dbpass }} priv=ALL state=present
become: true
become_user: postgres
# FIXME it is not possible to use login_username and login_password here in order to change the role to icinga
# so as a workaround you have to insert "SET ROLE icinga;" manually at the top of the referred sql file
- name: Configure database schema
postgresql_db: name={{ icinga_dbname }} target=/usr/share/icinga2-ido-pgsql/schema/pgsql.sql state=restore
become: true
become_user: postgres
when: icinga_ido_db.changed
- name: Configure icingaweb database
postgresql_db: name={{ icingaweb_dbname }}
become: true
become_user: postgres
- name: Configure icingaweb database user
postgresql_user: db={{ icingaweb_dbname }} name={{ icingaweb_dbuser }} password={{ icingaweb_dbpass }} priv=ALL state=present
become: true
become_user: postgres
- name: Configure icinga ido pgsql
template: src=icinga2/features-available/ido-pgsql.conf.j2 dest=/etc/icinga2/features-available/ido-pgsql.conf owner={{ icinga_user }} group={{ icinga_group }}
notify: Restart icinga2
- name: Enable icinga ido PostgreSQL
command: "icinga2 feature enable ido-pgsql"
register: features_result
changed_when: "'for these changes to take effect' in features_result.stdout"
notify: Restart icinga2
# TODO setup as master node
# icinga2 node setup --master
- name: Ensure directory for zone config exists
file:
path: /etc/icinga2/zones.d/master
state: directory
owner: "{{ icinga_user }}"
group: "{{ icinga_group }}"
- name: Configure zones
template: src=icinga2/zones.conf.j2 dest=/etc/icinga2/zones.conf owner={{ icinga_user }} group={{ icinga_group }}
notify: Restart icinga2
- name: Ensure directory for host snippets exists
file:
path: /etc/icinga2/conf.d/hosts
state: directory
owner: "{{ icinga_user }}"
group: "{{ icinga_group }}"
- name: Prepare host snippets
template: src=icinga2/conf.d/hosts.header.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.00_header owner={{ icinga_user }} group={{ icinga_group }}
loop: "{{ groups['all'] }}"
- name: Prepare host snippets
template: src=icinga2/conf.d/hosts.footer.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.zz_footer owner={{ icinga_user }} group={{ icinga_group }}
loop: "{{ groups['all'] }}"
- name: Create group icingaweb2
group: name=icingaweb2 system=yes
- name: Add www-data to icingaweb2
user: name=www-data append=yes groups=icingaweb2
- name: Ensure certificates are available
command:
cmd: >
openssl req -x509 -nodes -newkey rsa:2048
-keyout /etc/nginx/ssl/{{ icinga_domain }}.key -out /etc/nginx/ssl/{{ icinga_domain }}.crt
-days 730 -subj "/CN={{ icinga_domain }}"
creates: /etc/nginx/ssl/{{ icinga_domain }}.crt
notify: Restart nginx
- name: Request nsupdate key for certificate
include_role: name=acme-dnskey-generate
vars:
acme_dnskey_san_domains:
- "{{ icinga_domain }}"
- name: Configure certificate manager for icinga
template: src=certs.j2 dest=/etc/acertmgr/{{ icinga_domain }}.conf
notify: Run acertmgr
- name: Configure vhost
template: src=vhost.j2 dest=/etc/nginx/sites-available/icinga
notify: Restart nginx
- name: Enable vhost
file: src=/etc/nginx/sites-available/icinga dest=/etc/nginx/sites-enabled/icinga state=link
notify: Restart nginx
- name: Start php8.2-fpm
service: name=php8.2-fpm state=started enabled=yes