1
0
forked from infra/ansible
infra/roles/icinga/tasks/main.yml

99 lines
3.2 KiB
YAML

---
- name: Enable icinga apt-key
apt_key: url='https://packages.icinga.com/icinga.key'
- name: Enable icinga repository
apt_repository:
repo: 'deb https://packages.icinga.com/debian icinga-{{ ansible_distribution_release }} main'
filename: icinga
- name: Install icinga
apt:
name:
- php-fpm
- php-pgsql
- icinga2
- icinga2-ido-pgsql
- icingaweb2
- name: Install PostgreSQL
apt:
name:
- postgresql
- python3-psycopg2
- name: Configure icinga database
postgresql_db: name={{ icinga_dbname }}
become: true
become_user: postgres
register: icinga_ido_db
- name: Configure icinga database user
postgresql_user: db={{ icinga_dbname }} name={{ icinga_dbuser }} password={{ icinga_dbpass }} priv=ALL state=present
become: true
become_user: postgres
# FIXME it is not possible to use login_username and login_password here in order to change the role to icinga
# so as a workaround you have to insert "SET ROLE icinga;" manually at the top of the referred sql file
- name: Configure database schema
postgresql_db: name={{ icinga_dbname }} target=/usr/share/icinga2-ido-pgsql/schema/pgsql.sql state=restore
become: true
become_user: postgres
when: icinga_ido_db.changed
- name: Configure icingaweb database
postgresql_db: name={{ icingaweb_dbname }}
become: true
become_user: postgres
- name: Configure icingaweb database user
postgresql_user: db={{ icingaweb_dbname }} name={{ icingaweb_dbuser }} password={{ icingaweb_dbpass }} priv=ALL state=present
become: true
become_user: postgres
- name: Configure icinga ido pgsql
template: src=icinga2/features-available/ido-pgsql.conf.j2 dest=/etc/icinga2/features-available/ido-pgsql.conf owner={{ icinga_user }} group={{ icinga_group }}
notify: Restart icinga2
- name: Enable icinga ido PostgreSQL
command: "icinga2 feature enable ido-pgsql"
register: features_result
changed_when: "'for these changes to take effect' in features_result.stdout"
notify: Restart icinga2
- name: Configure known hosts for icinga
template: src=icinga2/conf.d/hosts.conf.j2 dest=/etc/icinga2/conf.d/hosts.conf owner={{ icinga_user }} group={{ icinga_group }}
notify: Restart icinga2
- name: Create group icingaweb2
group: name=icingaweb2 system=yes
- name: Add www-data to icingaweb2
user: name=www-data append=yes groups=icingaweb2
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ icinga_domain }}.key -out /etc/nginx/ssl/{{ icinga_domain }}.crt -days 730 -subj "/CN={{ icinga_domain }}" creates=/etc/nginx/ssl/{{ icinga_domain }}.crt
notify: Restart nginx
- name: Request nsupdate key for certificate
include_role: name=acme-dnskey-generate
vars:
acme_dnskey_san_domains:
- "{{ icinga_domain }}"
- name: Configure certificate manager for icinga
template: src=certs.j2 dest=/etc/acertmgr/{{ icinga_domain }}.conf
notify: Run acertmgr
- name: Configure vhost
template: src=vhost.j2 dest=/etc/nginx/sites-available/icinga
notify: Restart nginx
- name: Enable vhost
file: src=/etc/nginx/sites-available/icinga dest=/etc/nginx/sites-enabled/icinga state=link
notify: Restart nginx
- name: Start php7.4-fpm
service: name=php7.4-fpm state=started enabled=yes