aboutsummaryrefslogtreecommitdiff
path: root/roles/icinga2/tasks/icinga.yml
blob: 3efef4b3d62159d2a1f189534eb5f529ce2b099c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
---
- name: Install icinga2.conf
  template:
    src: icinga2.conf.j2
    dest: /etc/icinga2/icinga2.conf
    owner: nagios
    group: nagios
  become: yes
  notify: Restart icinga

- name: IDO Database
  mysql_db:
    name: ido
    state: present
    login_unix_socket: /var/run/mysqld/mysqld.sock
  become: yes
  register: ido_db

- name: IDO Database schema import
  mysql_db:
    name: ido
    target: '/usr/share/icinga2-ido-mysql/schema/mysql.sql'
    state: import
    login_unix_socket: /var/run/mysqld/mysqld.sock
  become: yes
  when: ido_db.changed

- name: IDO Database user
  mysql_user:
    name: icinga
    host: 'localhost'
    state: present
    priv: 'ido.*:ALL'
    password: '{{ icinga_ido_db_pw }}'
    login_unix_socket: /var/run/mysqld/mysqld.sock
  become: yes

- name: Install extra config files
  template:
    src: '{{ item }}.j2'
    dest: '/etc/icinga2/{{ item }}'
    owner: nagios
    group: nagios
  become: yes
  notify: Restart icinga
  loop:
    - ido-mysql.conf
    - api_users.conf
    - constants.conf

- name: Install config from git
  git:
    dest: '/etc/icinga2/conf.git.d'
    repo: '{{ icinga.config.git_url }}'
    version: '{{ icinga.config.git_version }}'
  become: yes
  become_user: nagios
  when: icinga.config.manage | default(false)
  notify: Restart icinga
  tags: config

- name: Create API certs folder
  file:
    state: directory
    path: /var/lib/icinga2/certs
    owner: nagios
    group: nagios
  become: yes

- name: Install API TLS Key/Certificate
  copy:
    remote_src: yes
    src: '{{ icinga.api_cert[item] }}'
    dest: '/var/lib/icinga2/certs/{{ ansible_facts.fqdn }}.{{ item }}'
    owner: nagios
    group: nagios
  become: yes
  loop:
    - key
    - crt

- name: Install API TLS CA
  copy:
    remote_src: yes
    src: '{{ icinga.api_cert.ca }}'
    dest: '/var/lib/icinga2/certs/ca.crt'
    owner: nagios
    group: nagios
  become: yes

- name: Enable features
  file:
    state: link
    path: '/etc/icinga2/features-enabled/api.conf'
    src: '../features-available/api.conf'
    owner: nagios
    group: nagios
  become: yes
  notify: Restart icinga