1
0
forked from infra/ansible
infra/roles/icinga_agent/tasks/main.yml

59 lines
1.4 KiB
YAML

---
- name: Install icinga
apt: name=icinga2
- name: Check if client is already enrolled
stat:
path: /var/lib/icinga2/certs/{{ ansible_fqdn }}.crt
register: cert_file
- name: Enroll agent on master server
block:
- name: Ensure certificate directory exists
file:
path: /var/lib/icinga2/certs
state: directory
owner: "{{ icinga_user }}"
group: "{{ icinga_group }}"
- name: Copy certificate from master
fetch:
src: /var/lib/icinga2/certs/{{ icinga_server }}.crt
dest: /tmp/{{ icinga_server }}.crt
flat: true
delegate_to: "{{ icinga_server }}"
- name: Copy certificate to host
copy:
src: /tmp/{{ icinga_server }}.crt
dest: /var/lib/icinga2/certs/{{ icinga_server }}.crt
owner: "{{ icinga_user }}"
group: "{{ icinga_group }}"
- name: Get ticket from master
shell: "icinga2 pki ticket --cn {{ ansible_fqdn }}"
register: "icinga_ticket"
changed_when: "False"
delegate_to: "{{ icinga_server }}"
- name: Setup node
command:
argv:
- icinga2
- node
- setup
- --ticket
- "{{ icinga_ticket.stdout | trim }}"
- --endpoint
- "{{ icinga_server }}"
- --zone
- "{{ ansible_fqdn }}"
- --parent_host
- "{{ icinga_server }}"
- --trustedcert
- "/var/lib/icinga2/certs/{{ icinga_server }}.crt"
- --accept-commands
- --accept-config
when: not cert_file.stat.exists