diff options
Diffstat (limited to 'roles/icinga2/tasks')
| -rw-r--r-- | roles/icinga2/tasks/apache.yml | 44 | ||||
| -rw-r--r-- | roles/icinga2/tasks/icinga.yml | 41 | ||||
| -rw-r--r-- | roles/icinga2/tasks/icingaweb.yml | 9 | ||||
| -rw-r--r-- | roles/icinga2/tasks/main.yml | 30 | ||||
| -rw-r--r-- | roles/icinga2/tasks/postfix.yml | 48 |
5 files changed, 170 insertions, 2 deletions
diff --git a/roles/icinga2/tasks/apache.yml b/roles/icinga2/tasks/apache.yml new file mode 100644 index 0000000..bfc6a52 --- /dev/null +++ b/roles/icinga2/tasks/apache.yml @@ -0,0 +1,44 @@ +--- +- name: Install index.html + copy: + src: index.html + dest: /var/www/html/index.html + become: yes + notify: Restart apache + +- name: Install site-config + copy: + src: 000-default.conf + dest: /etc/apache2/sites-available/000-default.conf + become: yes + notify: Restart apache + +- name: Install SSL site-config + template: + src: default-ssl.conf.j2 + dest: /etc/apache2/sites-available/default-ssl.conf + become: yes + notify: Restart apache + +- name: Enable sites + file: + state: link + path: '/etc/apache2/sites-enabled/{{ item }}' + src: '../sites-available/{{ item }}' + loop: + - 000-default.conf + - default-ssl.conf + become: yes + notify: Restart apache + +- name: Enable apache mods + file: + state: link + path: '/etc/apache2/mods-enabled/{{ item }}' + src: '../mods-available/{{ item }}' + loop: + - ssl.conf + - ssl.load + - socache_shmcb.load + become: yes + notify: Restart apache diff --git a/roles/icinga2/tasks/icinga.yml b/roles/icinga2/tasks/icinga.yml index ec6fe1e..7acbb47 100644 --- a/roles/icinga2/tasks/icinga.yml +++ b/roles/icinga2/tasks/icinga.yml @@ -47,10 +47,49 @@ - ido-mysql.conf - api_users.conf +- name: Install config from git + git: + dest: '/etc/icinga2/conf.git.d' + repo: '{{ icinga.config.git_url }}' + version: '{{ icinga.config.git_version }}' + become: yes + become_user: nagios + when: icinga.config.manage | default(false) + notify: Restart icinga + +- name: Create API certs folder + file: + state: directory + path: /var/lib/icinga2/certs + owner: nagios + group: nagios + become: yes + +- name: Install API TLS Key/Certificate + copy: + remote_src: yes + src: '{{ icinga.api_cert[item] }}' + dest: '/var/lib/icinga2/certs/{{ ansible_facts.fqdn }}.{{ item }}' + owner: nagios + group: nagios + become: yes + loop: + - key + - crt + +- name: Install API TLS CA + copy: + remote_src: yes + src: '{{ icinga.api_cert.ca }}' + dest: '/var/lib/icinga2/certs/ca.crt' + owner: nagios + group: nagios + become: yes + - name: Enable features file: state: link - path: '/etc/icinga2/features-available/api.con' + path: '/etc/icinga2/features-enabled/api.conf' src: '../features-available/api.conf' owner: nagios group: nagios diff --git a/roles/icinga2/tasks/icingaweb.yml b/roles/icinga2/tasks/icingaweb.yml index 1d527fc..ee4cd6a 100644 --- a/roles/icinga2/tasks/icingaweb.yml +++ b/roles/icinga2/tasks/icingaweb.yml @@ -67,6 +67,14 @@ - modules/monitoring/commandtransports.ini - modules/monitoring/backends.ini +- name: Install modules + git: + dest: '/usr/share/icingaweb2/modules/{{ item.key }}' + repo: '{{ item.value.url }}' + version: '{{ item.value.version }}' + become: yes + with_dict: '{{ icingaweb.install_modules }}' + - name: Enable modules file: path: '/etc/icingaweb2/enabledModules/{{ item }}' @@ -84,4 +92,3 @@ groups: www-data append: yes become: yes - diff --git a/roles/icinga2/tasks/main.yml b/roles/icinga2/tasks/main.yml index 35e9bd6..07f02d8 100644 --- a/roles/icinga2/tasks/main.yml +++ b/roles/icinga2/tasks/main.yml @@ -43,6 +43,10 @@ - apache2 - libapache2-mod-php - python3-pymysql + - git + - mailutils + - libsasl2-modules + - sasl2-bin become: yes - name: Securing MariaDB installation @@ -79,8 +83,34 @@ become: yes register: icingaweb_api_password +- name: generate SSH folder + file: + state: directory + path: /var/lib/nagios/.ssh + become: yes + become_user: nagios + +- name: generate SSH-Key + community.crypto.openssh_keypair: + comment: 'monitor' + path: /var/lib/nagios/.ssh/id_rsa + become: yes + become_user: nagios + register: ssh_key + +- name: Print SSH-PubKey + debug: + var: ssh_key.public_key + - name: Configure Icinga2 include_tasks: icinga.yml - name: Configure Icingaweb2 include_tasks: icingaweb.yml + +- name: Configure apache2 + include_tasks: apache.yml + +- name: Configure postfix + include_tasks: postfix.yml + when: icinga.mail.enable | default(false) diff --git a/roles/icinga2/tasks/postfix.yml b/roles/icinga2/tasks/postfix.yml new file mode 100644 index 0000000..044a938 --- /dev/null +++ b/roles/icinga2/tasks/postfix.yml @@ -0,0 +1,48 @@ +--- +- name: Install postfix relay creds + copy: + content: '{{ icinga.mail.smtp_host }} {{ icinga.mail.smtp_user }}:{{ icinga.mail.smtp_psw }}' + dest: /etc/postfix/relay-credentials + mode: '0600' + become: yes + register: relay_creds + notify: Restart postfix + +- name: Create hash db + shell: postmap /etc/postfix/relay-credentials + become: yes + when: relay_creds.changed + +- name: Install postfix relay creds + copy: + content: '{{ icinga.mail.from }} [{{ icinga.mail.smtp_host }}]:{{ icinga.mail.smtp_port }}' + dest: /etc/postfix/bysender + become: yes + register: bysender + notify: Restart postfix + +- name: Create hash db + shell: postmap /etc/postfix/bysender + become: yes + when: bysender.changed + +- name: postfix config + lineinfile: + path: /etc/postfix/main.cf + regexp: '{{ item.reg }}' + line: '{{ item.line }}' + loop: + - reg: '^sender_dependent_relayhost_maps\w*=.*$' + line: 'sender_dependent_relayhost_maps = hash:/etc/postfix/bysender' + - reg: '^smtp_sasl_auth_enable\w*=.*$' + line: 'smtp_sasl_auth_enable = yes' + - reg: '^smtp_tls_security_level\w*=.*$' + line: 'smtp_tls_security_level = encrypt' + - reg: '^smtp_sasl_password_maps\w*=.*$' + line: 'smtp_sasl_password_maps = hash:/etc/postfix/relay-credentials' + - reg: '^smtp_use_tls\w*=.*$' + line: 'smtp_use_tls = yes' + - reg: '^smtp_sasl_security_options\w*=.*$' + line: 'smtp_sasl_security_options = noanonymous' + become: yes + notify: Restart postfix |