129 lines
4.1 KiB
YAML
129 lines
4.1 KiB
YAML
---
|
|
|
|
- name: Enable icinga apt-key
|
|
apt_key: url="https://packages.icinga.com/icinga.key" keyring="/etc/apt/trusted.gpg.d/icinga.gpg"
|
|
|
|
- name: Enable icinga repository
|
|
apt_repository:
|
|
repo: "deb https://packages.icinga.com/debian icinga-{{ ansible_distribution_release }} main"
|
|
filename: icinga
|
|
|
|
- name: Install icinga
|
|
apt:
|
|
name:
|
|
- php-fpm
|
|
- php-pgsql
|
|
- icinga2
|
|
- icinga2-ido-pgsql
|
|
- icingaweb2
|
|
|
|
- name: Install PostgreSQL
|
|
apt:
|
|
name:
|
|
- postgresql
|
|
- python3-psycopg2
|
|
|
|
- name: Configure icinga database
|
|
postgresql_db: name={{ icinga_dbname }}
|
|
become: true
|
|
become_user: postgres
|
|
register: icinga_ido_db
|
|
|
|
- name: Configure icinga database user
|
|
postgresql_user: db={{ icinga_dbname }} name={{ icinga_dbuser }} password={{ icinga_dbpass }} priv=ALL state=present
|
|
become: true
|
|
become_user: postgres
|
|
|
|
# FIXME it is not possible to use login_username and login_password here in order to change the role to icinga
|
|
# so as a workaround you have to insert "SET ROLE icinga;" manually at the top of the referred sql file
|
|
- name: Configure database schema
|
|
postgresql_db: name={{ icinga_dbname }} target=/usr/share/icinga2-ido-pgsql/schema/pgsql.sql state=restore
|
|
become: true
|
|
become_user: postgres
|
|
when: icinga_ido_db.changed
|
|
|
|
- name: Configure icingaweb database
|
|
postgresql_db: name={{ icingaweb_dbname }}
|
|
become: true
|
|
become_user: postgres
|
|
|
|
- name: Configure icingaweb database user
|
|
postgresql_user: db={{ icingaweb_dbname }} name={{ icingaweb_dbuser }} password={{ icingaweb_dbpass }} priv=ALL state=present
|
|
become: true
|
|
become_user: postgres
|
|
|
|
- name: Configure icinga ido pgsql
|
|
template: src=icinga2/features-available/ido-pgsql.conf.j2 dest=/etc/icinga2/features-available/ido-pgsql.conf owner={{ icinga_user }} group={{ icinga_group }}
|
|
notify: Restart icinga2
|
|
|
|
- name: Enable icinga ido PostgreSQL
|
|
command: "icinga2 feature enable ido-pgsql"
|
|
register: features_result
|
|
changed_when: "'for these changes to take effect' in features_result.stdout"
|
|
notify: Restart icinga2
|
|
|
|
# TODO setup as master node
|
|
# icinga2 node setup --master
|
|
|
|
- name: Ensure directory for zone config exists
|
|
file:
|
|
path: /etc/icinga2/zones.d/master
|
|
state: directory
|
|
owner: "{{ icinga_user }}"
|
|
group: "{{ icinga_group }}"
|
|
|
|
- name: Configure zones
|
|
template: src=icinga2/zones.conf.j2 dest=/etc/icinga2/zones.conf owner={{ icinga_user }} group={{ icinga_group }}
|
|
notify: Restart icinga2
|
|
|
|
- name: Ensure directory for host snippets exists
|
|
file:
|
|
path: /etc/icinga2/conf.d/hosts
|
|
state: directory
|
|
owner: "{{ icinga_user }}"
|
|
group: "{{ icinga_group }}"
|
|
|
|
- name: Prepare host snippets
|
|
template: src=icinga2/conf.d/hosts.header.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.00_header owner={{ icinga_user }} group={{ icinga_group }}
|
|
loop: "{{ groups['all'] }}"
|
|
|
|
- name: Prepare host snippets
|
|
template: src=icinga2/conf.d/hosts.footer.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.zz_footer owner={{ icinga_user }} group={{ icinga_group }}
|
|
loop: "{{ groups['all'] }}"
|
|
|
|
- name: Create group icingaweb2
|
|
group: name=icingaweb2 system=yes
|
|
|
|
- name: Add www-data to icingaweb2
|
|
user: name=www-data append=yes groups=icingaweb2
|
|
|
|
- name: Ensure certificates are available
|
|
command:
|
|
cmd: >
|
|
openssl req -x509 -nodes -newkey rsa:2048
|
|
-keyout /etc/nginx/ssl/{{ icinga_domain }}.key -out /etc/nginx/ssl/{{ icinga_domain }}.crt
|
|
-days 730 -subj "/CN={{ icinga_domain }}"
|
|
creates: /etc/nginx/ssl/{{ icinga_domain }}.crt
|
|
notify: Restart nginx
|
|
|
|
- name: Request nsupdate key for certificate
|
|
include_role: name=acme-dnskey-generate
|
|
vars:
|
|
acme_dnskey_san_domains:
|
|
- "{{ icinga_domain }}"
|
|
|
|
- name: Configure certificate manager for icinga
|
|
template: src=certs.j2 dest=/etc/acertmgr/{{ icinga_domain }}.conf
|
|
notify: Run acertmgr
|
|
|
|
- name: Configure vhost
|
|
template: src=vhost.j2 dest=/etc/nginx/sites-available/icinga
|
|
notify: Restart nginx
|
|
|
|
- name: Enable vhost
|
|
file: src=/etc/nginx/sites-available/icinga dest=/etc/nginx/sites-enabled/icinga state=link
|
|
notify: Restart nginx
|
|
|
|
- name: Start php8.2-fpm
|
|
service: name=php8.2-fpm state=started enabled=yes
|