Instantly share code, notes, and snippets.

Embed
What would you like to do?
Deploy Icinga 2 satellite and add it to master
---
#
# Setting up the Icinga2 PKI is derived from https://monitoring-portal.org/index.php?thread/35989-using-ansible-to-generate-the-icinga-client-certificates/
#
- hosts: MASTERFQDN
tasks:
- name: generate ticket on the icinga master and save it as a variable
shell: /usr/sbin/icinga2 pki ticket --cn {{ hostitem }}
register: ticket
- hosts: "{{ hostitem }}"
vars:
master_hostname: MASTERFQDN
master_ip: "{{ hostvars[master_hostname]['ansible_default_ipv4']['address'] }}"
master_port: 5665
tasks:
- name: "Deploy icinga.key"
apt_key:
url: "https://packages.icinga.com/icinga.key"
state: present
- name: "Install Icinga Ubuntu repository"
apt_repository:
repo: deb http://packages.icinga.com/{{ hostvars[hostitem]['icinga_distri'] }} icinga-{{ hostvars[hostitem]['icinga_release'] }} main
state: present
filename: 'icinga'
- name: Update repositories cache and install "icinga2" package
apt:
name: icinga2
update_cache: yes
- name: create pki folder
file: path=/etc/icinga2/pki state=directory mode=0700 owner=nagios group=nagios
- name: create cert
shell: icinga2 pki new-cert --cn {{ hostitem }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt
- name: save the masters cert as trustedcert
shell: icinga2 pki save-cert --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host {{ master_hostname }}
- name: request the certificate from the icinga server
shell: icinga2 pki request --host {{ master_hostname }} --port 5665 --ticket {{ hostvars[master_hostname]['ticket']['stdout'] }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.key
- name: node setup
shell: icinga2 node setup --ticket {{ hostvars[master_hostname]['ticket']['stdout'] }} --endpoint {{ master_hostname }} --zone {{ hostitem }} --master_host {{ master_hostname }} --trustedcert /etc/icinga2/pki/trusted-master.crt --cn {{ hostitem }}
- name: Disable icinga2.conf conf.d
replace:
destfile: /etc/icinga2/icinga2.conf
regexp: '^include_recursive "conf.d"$'
replace: '//include_recursive "conf.d"'
- name: Setup zones.conf
template:
src: templates/zones.conf.j2
dest: /etc/icinga2/zones.conf
- name: Accept configuration from master
replace:
destfile: /etc/icinga2/features-enabled/api.conf
regexp: '^(\s+)accept_config = false$'
replace: '\1accept_config = true'
- name: Accept commands from master
replace:
destfile: /etc/icinga2/features-enabled/api.conf
regexp: '^(\s*)accept_commands = false$'
replace: '\1accept_commands = true'
- name: Reload Icinga configuration
shell: /etc/init.d/icinga2 reload
- hosts: MASTERFQDN
tasks:
- name: Append zones.conf
blockinfile:
destfile: /etc/icinga2/zones.conf
marker: "// {mark} ANSIBLE MANAGED BLOCK {{ hostitem }}"
block: |
object Endpoint "{{ hostitem }}" {
host = "{{ hostitem }}"
}
object Zone "{{ hostitem }}" {
endpoints = [ "{{ hostitem }}" ]
parent = "MASTERFQDN"
}
- name: Create zones.d {{ hostitem }} directory
file:
path: /etc/icinga2/zones.d/{{ hostitem }}
state: directory
mode: 0755
owner: nagios
group: nagios
- name: Create host.conf
template:
src: templates/icinga-host.conf.j2
dest: /etc/icinga2/zones.d/{{ hostitem }}/host.conf
force: no
- name: Create services.conf
template:
src: templates/icinga-services.conf.j2
dest: /etc/icinga2/zones.d/{{ hostitem }}/services.conf
force: no
- name: Reload Icinga master configuration
shell: /etc/init.d/icinga2 reload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment