icinga2: WIP

author: Jonas Gunz <himself@jonasgunz.de> 2021-10-05 03:47:16 +0200
committer: Jonas Gunz <himself@jonasgunz.de> 2021-10-05 03:47:16 +0200
commit: e5df302e3c17c29f16427c5cf35a0d45ffd7aac6 (patch)
tree: c02a7eae5dc8fc44d327f75a1504af8dffbd3504 /roles/icinga2/templates
parent: 89b4408e0b91ee670bda0c6ea5a1f9d183e2504a (diff)
download: ansible_collection-e5df302e3c17c29f16427c5cf35a0d45ffd7aac6.tar.gz
12 files changed, 157 insertions, 0 deletions
diff --git a/roles/icinga2/templates/api_users.conf.j2 b/roles/icinga2/templates/api_users.conf.j2
new file mode 100644
index 0000000..e72847a
--- /dev/null
+++ b/roles/icinga2/templates/api_users.conf.j2
@@ -0,0 +1,17 @@
+/**
+* vi: ft=icinga2
+* This File is managed by Ansible. Do NOT change.
+*/
+
+object ApiUser "icingaweb2" {
+  password = "{{ icingaweb_api_password.content | b64decode }}"
+  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
+}
+
+{% for user in icinga.api_users %}
+
+object ApiUser "{{ user.name }}" {
+  password = "{{ user.password }}"
+  permissions = {{ user.permissions }}
+}
+{% endfor %}
diff --git a/roles/icinga2/templates/icinga.list.j2 b/roles/icinga2/templates/icinga.list.j2
new file mode 100644
index 0000000..f3654bd
--- /dev/null
+++ b/roles/icinga2/templates/icinga.list.j2
@@ -0,0 +1,5 @@
+# vi: ft=debsources
+# This file is managed by Ansible. Do NOT change.
+
+deb https://packages.icinga.com/debian icinga-{{ ansible_facts.distribution_release }} main
+deb-src https://packages.icinga.com/debian icinga-{{ ansible_facts.distribution_release }} main
diff --git a/roles/icinga2/templates/icinga2.conf.j2 b/roles/icinga2/templates/icinga2.conf.j2
new file mode 100644
index 0000000..fcb9088
--- /dev/null
+++ b/roles/icinga2/templates/icinga2.conf.j2
@@ -0,0 +1,22 @@
+/**
+* vi: ft=icinga2
+* This File is managed by Ansible. Do NOT change.
+*/
+
+include "constants.conf"
+include "zones.conf"
+
+include <itl>
+include <plugins>
+include <plugins-contrib>
+include <manubulon>
+
+include <windows-plugins>
+
+include <nscp>
+
+include "features-enabled/*.conf"
+include "ido-mysql.conf"
+include "api_users.conf"
+
+include_recursive "conf.d"
diff --git a/roles/icinga2/templates/ido-mysql.conf.j2 b/roles/icinga2/templates/ido-mysql.conf.j2
new file mode 100644
index 0000000..ef7a398
--- /dev/null
+++ b/roles/icinga2/templates/ido-mysql.conf.j2
@@ -0,0 +1,13 @@
+/**
+* vi: ft=icinga2
+* This File is managed by Ansible. Do NOT change.
+*/
+
+library "db_ido_mysql"
+
+object IdoMysqlConnection "ido-mysql" {
+  user = "icinga",
+  password = "{{ icinga_ido_db_pw }}",
+  host = "localhost",
+  database = "ido"
+}
diff --git a/roles/icinga2/templates/web/authentication.ini.j2 b/roles/icinga2/templates/web/authentication.ini.j2
new file mode 100644
index 0000000..02b46f1
--- /dev/null
+++ b/roles/icinga2/templates/web/authentication.ini.j2
@@ -0,0 +1,12 @@
+[icingaweb2]
+backend = "db"
+resource = "icingaweb_db"
+
+{% if icingaweb.ldap.use_ldap  %}
+[auth_ldap]
+backend			= ldap
+resource		= ldap_server
+user_class		= {{ icingaweb.ldap.user_class }}
+user_name_attribute	= {{ icingaweb.ldap.user_name_attribute }}
+filter			= "{{ icingaweb.ldap.filter }}"
+{% endif %}
diff --git a/roles/icinga2/templates/web/config.ini.j2 b/roles/icinga2/templates/web/config.ini.j2
new file mode 100644
index 0000000..5b0834c
--- /dev/null
+++ b/roles/icinga2/templates/web/config.ini.j2
@@ -0,0 +1,21 @@
+[global]
+show_stacktraces = "1"
+show_application_state_messages = "1"
+config_backend = "db"
+config_resource = "icingaweb_db"
+module_path = "/usr/share/icingaweb2/modules"
+
+[logging]
+log = "syslog"
+level = "ERROR"
+application = "icingaweb2"
+facility = "user"
+
+[security]
+protected_customvars = "*pw*,*password*,*key*,*snmp_community*"
+
+[themes]
+
+[authentication]
+
+
diff --git a/roles/icinga2/templates/web/groups.ini.j2 b/roles/icinga2/templates/web/groups.ini.j2
new file mode 100644
index 0000000..848b254
--- /dev/null
+++ b/roles/icinga2/templates/web/groups.ini.j2
@@ -0,0 +1,17 @@
+[icingaweb2]
+backend = "db"
+resource = "icingaweb_db"
+
+{% if icingaweb.ldap.use_ldap  %}
+[groups_ldap]
+backend			= ldap
+resource		= ldap_server
+base_dn			= {{ icingaweb.ldap.groups.base_dn }}
+group_member_attribute	= {{ icingaweb.ldap.groups.group_member_attribute }}
+group_name_attribute	= {{ icingaweb.ldap.groups.group_name_attribute }}
+group_class		= {{ icingaweb.ldap.groups.group_class }}
+group_filter		= {{ icingaweb.ldap.groups.group_filter }}
+user_base_dn		= {{ icingaweb.ldap.groups.user_base_dn }}
+user_class		= {{ icingaweb.ldap.groups.user_class }}
+user_name_attribute	= {{ icingaweb.ldap.groups.uid }}
+{% endif %}
diff --git a/roles/icinga2/templates/web/modules/monitoring/backends.ini.j2 b/roles/icinga2/templates/web/modules/monitoring/backends.ini.j2
new file mode 100644
index 0000000..12806e3
--- /dev/null
+++ b/roles/icinga2/templates/web/modules/monitoring/backends.ini.j2
@@ -0,0 +1,3 @@
+[icinga]
+type                = "ido"
+resource            = "icinga_ido"
diff --git a/roles/icinga2/templates/web/modules/monitoring/commandtransports.ini.j2 b/roles/icinga2/templates/web/modules/monitoring/commandtransports.ini.j2
new file mode 100644
index 0000000..0341b01
--- /dev/null
+++ b/roles/icinga2/templates/web/modules/monitoring/commandtransports.ini.j2
@@ -0,0 +1,6 @@
+[icinga2]
+transport = "api"
+host = "localhost"
+port = "5665"
+username = "icingaweb2"
+password = "{{ icingaweb_api_password.content | b64decode }}"
diff --git a/roles/icinga2/templates/web/modules/monitoring/config.ini.j2 b/roles/icinga2/templates/web/modules/monitoring/config.ini.j2
new file mode 100644
index 0000000..9b69fe8
--- /dev/null
+++ b/roles/icinga2/templates/web/modules/monitoring/config.ini.j2
@@ -0,0 +1,2 @@
+[security]
+protected_customvars = "*pw*,*pass*,community"
diff --git a/roles/icinga2/templates/web/resources.ini.j2 b/roles/icinga2/templates/web/resources.ini.j2
new file mode 100644
index 0000000..1b1aa2a
--- /dev/null
+++ b/roles/icinga2/templates/web/resources.ini.j2
@@ -0,0 +1,32 @@
+[icingaweb_db]
+type = "db"
+db = "mysql"
+host = "localhost"
+port = ""
+dbname = "icingaweb"
+username = "icingaweb"
+password = "{{ icinga_web_db_pw }}"
+charset = ""
+use_ssl = "0"
+
+[icinga_ido]
+type = "db"
+db = "mysql"
+host = "localhost"
+port = ""
+dbname = "ido"
+username = "icinga"
+password = "{{ icinga_ido_db_pw }}"
+charset = ""
+use_ssl = "0"
+
+{% if icingaweb.ldap.use_ldap  %}
+[ldap_server]
+type	= ldap
+hostname= {{ icingaweb.ldap.host }}
+port	= {{ icingaweb.ldap.port }}
+encryption = {{ icingaweb.ldap.encryption }}
+root_dn	= "{{ icingaweb.ldap.root_dn }}"
+bind_dn	= "{{ icingaweb.ldap.bind_dn }}"
+bind_pw = "{{ icingaweb.ldap.bind_pw }}"
+{% endif  %}
diff --git a/roles/icinga2/templates/web/roles.ini.j2 b/roles/icinga2/templates/web/roles.ini.j2
new file mode 100644
index 0000000..190accf
--- /dev/null
+++ b/roles/icinga2/templates/web/roles.ini.j2
@@ -0,0 +1,7 @@
+{% for role in icingaweb.roles %}
+[{{ role.name }}]
+users = "{{ role.users }}"
+permissions = "{{ role.permissions }}"
+groups = "{{ role.groups }}"
+
+{% endfor %}
author	Jonas Gunz <himself@jonasgunz.de>	2021-10-05 03:47:16 +0200
committer	Jonas Gunz <himself@jonasgunz.de>	2021-10-05 03:47:16 +0200
commit	e5df302e3c17c29f16427c5cf35a0d45ffd7aac6 (patch)
tree	c02a7eae5dc8fc44d327f75a1504af8dffbd3504 /roles/icinga2/templates
parent	89b4408e0b91ee670bda0c6ea5a1f9d183e2504a (diff)
download	ansible_collection-e5df302e3c17c29f16427c5cf35a0d45ffd7aac6.tar.gz