Deploy Icinga 2 satellite and add it to master
--- | |
# | |
# Setting up the Icinga2 PKI is derived from https://monitoring-portal.org/index.php?thread/35989-using-ansible-to-generate-the-icinga-client-certificates/ | |
# | |
- hosts: MASTERFQDN | |
tasks: | |
- name: generate ticket on the icinga master and save it as a variable | |
shell: /usr/sbin/icinga2 pki ticket --cn {{ hostitem }} | |
register: ticket | |
- hosts: "{{ hostitem }}" | |
vars: | |
master_hostname: MASTERFQDN | |
master_ip: "{{ hostvars[master_hostname]['ansible_default_ipv4']['address'] }}" | |
master_port: 5665 | |
tasks: | |
- name: "Deploy icinga.key" | |
apt_key: | |
url: "https://packages.icinga.com/icinga.key" | |
state: present | |
- name: "Install Icinga Ubuntu repository" | |
apt_repository: | |
repo: deb http://packages.icinga.com/{{ hostvars[hostitem]['icinga_distri'] }} icinga-{{ hostvars[hostitem]['icinga_release'] }} main | |
state: present | |
filename: 'icinga' | |
- name: Update repositories cache and install "icinga2" package | |
apt: | |
name: icinga2 | |
update_cache: yes | |
- name: create pki folder | |
file: path=/etc/icinga2/pki state=directory mode=0700 owner=nagios group=nagios | |
- name: create cert | |
shell: icinga2 pki new-cert --cn {{ hostitem }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt | |
- name: save the masters cert as trustedcert | |
shell: icinga2 pki save-cert --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host {{ master_hostname }} | |
- name: request the certificate from the icinga server | |
shell: icinga2 pki request --host {{ master_hostname }} --port 5665 --ticket {{ hostvars[master_hostname]['ticket']['stdout'] }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.key | |
- name: node setup | |
shell: icinga2 node setup --ticket {{ hostvars[master_hostname]['ticket']['stdout'] }} --endpoint {{ master_hostname }} --zone {{ hostitem }} --master_host {{ master_hostname }} --trustedcert /etc/icinga2/pki/trusted-master.crt --cn {{ hostitem }} | |
- name: Disable icinga2.conf conf.d | |
replace: | |
destfile: /etc/icinga2/icinga2.conf | |
regexp: '^include_recursive "conf.d"$' | |
replace: '//include_recursive "conf.d"' | |
- name: Setup zones.conf | |
template: | |
src: templates/zones.conf.j2 | |
dest: /etc/icinga2/zones.conf | |
- name: Accept configuration from master | |
replace: | |
destfile: /etc/icinga2/features-enabled/api.conf | |
regexp: '^(\s+)accept_config = false$' | |
replace: '\1accept_config = true' | |
- name: Accept commands from master | |
replace: | |
destfile: /etc/icinga2/features-enabled/api.conf | |
regexp: '^(\s*)accept_commands = false$' | |
replace: '\1accept_commands = true' | |
- name: Reload Icinga configuration | |
shell: /etc/init.d/icinga2 reload | |
- hosts: MASTERFQDN | |
tasks: | |
- name: Append zones.conf | |
blockinfile: | |
destfile: /etc/icinga2/zones.conf | |
marker: "// {mark} ANSIBLE MANAGED BLOCK {{ hostitem }}" | |
block: | | |
object Endpoint "{{ hostitem }}" { | |
host = "{{ hostitem }}" | |
} | |
object Zone "{{ hostitem }}" { | |
endpoints = [ "{{ hostitem }}" ] | |
parent = "MASTERFQDN" | |
} | |
- name: Create zones.d {{ hostitem }} directory | |
file: | |
path: /etc/icinga2/zones.d/{{ hostitem }} | |
state: directory | |
mode: 0755 | |
owner: nagios | |
group: nagios | |
- name: Create host.conf | |
template: | |
src: templates/icinga-host.conf.j2 | |
dest: /etc/icinga2/zones.d/{{ hostitem }}/host.conf | |
force: no | |
- name: Create services.conf | |
template: | |
src: templates/icinga-services.conf.j2 | |
dest: /etc/icinga2/zones.d/{{ hostitem }}/services.conf | |
force: no | |
- name: Reload Icinga master configuration | |
shell: /etc/init.d/icinga2 reload | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Excellent!!!