Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Deploy Icinga 2 satellite and add it to master
---
#
# Setting up the Icinga2 PKI is derived from https://monitoring-portal.org/index.php?thread/35989-using-ansible-to-generate-the-icinga-client-certificates/
#
- hosts: MASTERFQDN
tasks:
- name: generate ticket on the icinga master and save it as a variable
shell: /usr/sbin/icinga2 pki ticket --cn {{ hostitem }}
register: ticket
- hosts: "{{ hostitem }}"
vars:
master_hostname: MASTERFQDN
master_ip: "{{ hostvars[master_hostname]['ansible_default_ipv4']['address'] }}"
master_port: 5665
tasks:
- name: "Deploy icinga.key"
apt_key:
url: "https://packages.icinga.com/icinga.key"
state: present
- name: "Install Icinga Ubuntu repository"
apt_repository:
repo: deb http://packages.icinga.com/{{ hostvars[hostitem]['icinga_distri'] }} icinga-{{ hostvars[hostitem]['icinga_release'] }} main
state: present
filename: 'icinga'
- name: Update repositories cache and install "icinga2" package
apt:
name: icinga2
update_cache: yes
- name: create pki folder
file: path=/etc/icinga2/pki state=directory mode=0700 owner=nagios group=nagios
- name: create cert
shell: icinga2 pki new-cert --cn {{ hostitem }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt
- name: save the masters cert as trustedcert
shell: icinga2 pki save-cert --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host {{ master_hostname }}
- name: request the certificate from the icinga server
shell: icinga2 pki request --host {{ master_hostname }} --port 5665 --ticket {{ hostvars[master_hostname]['ticket']['stdout'] }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.key
- name: node setup
shell: icinga2 node setup --ticket {{ hostvars[master_hostname]['ticket']['stdout'] }} --endpoint {{ master_hostname }} --zone {{ hostitem }} --master_host {{ master_hostname }} --trustedcert /etc/icinga2/pki/trusted-master.crt --cn {{ hostitem }}
- name: Disable icinga2.conf conf.d
replace:
destfile: /etc/icinga2/icinga2.conf
regexp: '^include_recursive "conf.d"$'
replace: '//include_recursive "conf.d"'
- name: Setup zones.conf
template:
src: templates/zones.conf.j2
dest: /etc/icinga2/zones.conf
- name: Accept configuration from master
replace:
destfile: /etc/icinga2/features-enabled/api.conf
regexp: '^(\s+)accept_config = false$'
replace: '\1accept_config = true'
- name: Accept commands from master
replace:
destfile: /etc/icinga2/features-enabled/api.conf
regexp: '^(\s*)accept_commands = false$'
replace: '\1accept_commands = true'
- name: Reload Icinga configuration
shell: /etc/init.d/icinga2 reload
- hosts: MASTERFQDN
tasks:
- name: Append zones.conf
blockinfile:
destfile: /etc/icinga2/zones.conf
marker: "// {mark} ANSIBLE MANAGED BLOCK {{ hostitem }}"
block: |
object Endpoint "{{ hostitem }}" {
host = "{{ hostitem }}"
}
object Zone "{{ hostitem }}" {
endpoints = [ "{{ hostitem }}" ]
parent = "MASTERFQDN"
}
- name: Create zones.d {{ hostitem }} directory
file:
path: /etc/icinga2/zones.d/{{ hostitem }}
state: directory
mode: 0755
owner: nagios
group: nagios
- name: Create host.conf
template:
src: templates/icinga-host.conf.j2
dest: /etc/icinga2/zones.d/{{ hostitem }}/host.conf
force: no
- name: Create services.conf
template:
src: templates/icinga-services.conf.j2
dest: /etc/icinga2/zones.d/{{ hostitem }}/services.conf
force: no
- name: Reload Icinga master configuration
shell: /etc/init.d/icinga2 reload
@devarti

This comment has been minimized.

Copy link

devarti commented Jan 9, 2020

Excellent!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.