Created
March 25, 2017 13:05
-
-
Save frootmig/69bbb7ed2c974f6d1a570c2c37356e98 to your computer and use it in GitHub Desktop.
Deploy Icinga 2 satellite and add it to master
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # | |
| # Setting up the Icinga2 PKI is derived from https://monitoring-portal.org/index.php?thread/35989-using-ansible-to-generate-the-icinga-client-certificates/ | |
| # | |
| - hosts: MASTERFQDN | |
| tasks: | |
| - name: generate ticket on the icinga master and save it as a variable | |
| shell: /usr/sbin/icinga2 pki ticket --cn {{ hostitem }} | |
| register: ticket | |
| - hosts: "{{ hostitem }}" | |
| vars: | |
| master_hostname: MASTERFQDN | |
| master_ip: "{{ hostvars[master_hostname]['ansible_default_ipv4']['address'] }}" | |
| master_port: 5665 | |
| tasks: | |
| - name: "Deploy icinga.key" | |
| apt_key: | |
| url: "https://packages.icinga.com/icinga.key" | |
| state: present | |
| - name: "Install Icinga Ubuntu repository" | |
| apt_repository: | |
| repo: deb http://packages.icinga.com/{{ hostvars[hostitem]['icinga_distri'] }} icinga-{{ hostvars[hostitem]['icinga_release'] }} main | |
| state: present | |
| filename: 'icinga' | |
| - name: Update repositories cache and install "icinga2" package | |
| apt: | |
| name: icinga2 | |
| update_cache: yes | |
| - name: create pki folder | |
| file: path=/etc/icinga2/pki state=directory mode=0700 owner=nagios group=nagios | |
| - name: create cert | |
| shell: icinga2 pki new-cert --cn {{ hostitem }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt | |
| - name: save the masters cert as trustedcert | |
| shell: icinga2 pki save-cert --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host {{ master_hostname }} | |
| - name: request the certificate from the icinga server | |
| shell: icinga2 pki request --host {{ master_hostname }} --port 5665 --ticket {{ hostvars[master_hostname]['ticket']['stdout'] }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.key | |
| - name: node setup | |
| shell: icinga2 node setup --ticket {{ hostvars[master_hostname]['ticket']['stdout'] }} --endpoint {{ master_hostname }} --zone {{ hostitem }} --master_host {{ master_hostname }} --trustedcert /etc/icinga2/pki/trusted-master.crt --cn {{ hostitem }} | |
| - name: Disable icinga2.conf conf.d | |
| replace: | |
| destfile: /etc/icinga2/icinga2.conf | |
| regexp: '^include_recursive "conf.d"$' | |
| replace: '//include_recursive "conf.d"' | |
| - name: Setup zones.conf | |
| template: | |
| src: templates/zones.conf.j2 | |
| dest: /etc/icinga2/zones.conf | |
| - name: Accept configuration from master | |
| replace: | |
| destfile: /etc/icinga2/features-enabled/api.conf | |
| regexp: '^(\s+)accept_config = false$' | |
| replace: '\1accept_config = true' | |
| - name: Accept commands from master | |
| replace: | |
| destfile: /etc/icinga2/features-enabled/api.conf | |
| regexp: '^(\s*)accept_commands = false$' | |
| replace: '\1accept_commands = true' | |
| - name: Reload Icinga configuration | |
| shell: /etc/init.d/icinga2 reload | |
| - hosts: MASTERFQDN | |
| tasks: | |
| - name: Append zones.conf | |
| blockinfile: | |
| destfile: /etc/icinga2/zones.conf | |
| marker: "// {mark} ANSIBLE MANAGED BLOCK {{ hostitem }}" | |
| block: | | |
| object Endpoint "{{ hostitem }}" { | |
| host = "{{ hostitem }}" | |
| } | |
| object Zone "{{ hostitem }}" { | |
| endpoints = [ "{{ hostitem }}" ] | |
| parent = "MASTERFQDN" | |
| } | |
| - name: Create zones.d {{ hostitem }} directory | |
| file: | |
| path: /etc/icinga2/zones.d/{{ hostitem }} | |
| state: directory | |
| mode: 0755 | |
| owner: nagios | |
| group: nagios | |
| - name: Create host.conf | |
| template: | |
| src: templates/icinga-host.conf.j2 | |
| dest: /etc/icinga2/zones.d/{{ hostitem }}/host.conf | |
| force: no | |
| - name: Create services.conf | |
| template: | |
| src: templates/icinga-services.conf.j2 | |
| dest: /etc/icinga2/zones.d/{{ hostitem }}/services.conf | |
| force: no | |
| - name: Reload Icinga master configuration | |
| shell: /etc/init.d/icinga2 reload | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Excellent!!!