blob: 7a934f567324a2b803a0ce6ad12c3ace7b5bc63f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
---
- name: Install GnuPG
apt:
name: gnupg2
become: yes
- name: Icinga APT Key
apt_key:
url: 'https://packages.icinga.com/icinga.key'
state: present
become: yes
- name: Install Icinga APT Repository
template:
src: icinga.list.j2
dest: /etc/apt/sources.list.d/icinga.list
become: yes
register: install_repo
- name: Update cache
apt:
update_cache: yes
become: yes
when: install_repo.changed
- name: Install Packages
apt:
name:
- icinga2
- icinga2-ido-mysql
- icingaweb2
- icingacli
- monitoring-plugins
- mariadb-server
- mariadb-client
- php
- php-intl
- php-imagick
- php-gd
- php-mysql
- php-curl
- php-mbstring
- apache2
- libapache2-mod-php
- python3-pymysql
- git
- mailutils
- libsasl2-modules
- sasl2-bin
become: yes
- name: Securing MariaDB installation
community.mysql.mysql_query:
query:
- "DELETE FROM mysql.user WHERE User=''"
- "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
- "DROP DATABASE IF EXISTS test"
- "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
- "FLUSH PRIVILEGES"
login_unix_socket: /var/run/mysqld/mysqld.sock
become: yes
- name: Generate Icingaweb2 API Password
shell:
cmd: 'dd if=/dev/urandom bs=16 count=1 status=none | base64'
creates: /etc/icinga2/api_pw.ansible
become: yes
register: gen_api_key
- name: Save API Password
copy:
content: '{{ gen_api_key.stdout }}'
dest: /etc/icinga2/api_pw.ansible
owner: root
group: root
mode: '600'
become: yes
when: gen_api_key.changed
- name: Read API Password
slurp:
src: /etc/icinga2/api_pw.ansible
become: yes
register: icingaweb_api_password
- name: generate SSH folder
file:
state: directory
path: /var/lib/nagios/.ssh
become: yes
become_user: nagios
- name: generate SSH-Key
community.crypto.openssh_keypair:
comment: 'monitor'
path: /var/lib/nagios/.ssh/id_rsa
become: yes
become_user: nagios
register: ssh_key
- name: Print SSH-PubKey
debug:
var: ssh_key.public_key
- name: Configure Icinga2
include_tasks:
file: icinga.yml
apply:
tags: config
- name: Configure Icingaweb2
include_tasks: icingaweb.yml
- name: Configure apache2
include_tasks: apache.yml
- name: Configure postfix
include_tasks: postfix.yml
when: icinga.mail.enable | default(false)
|