aboutsummaryrefslogtreecommitdiff
path: root/roles/icinga2/tasks/main.yml
blob: 35e9bd6f7ad1b9e8098a67f4efce61e87f8269e4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
---
- name: Install GnuPG
  apt:
    name: gnupg2
  become: yes

- name: Icinga APT Key
  apt_key:
    url: 'https://packages.icinga.com/icinga.key'
    state: present
  become: yes

- name: Install Icinga APT Repository
  template:
    src: icinga.list.j2
    dest: /etc/apt/sources.list.d/icinga.list
  become: yes
  register: install_repo

- name: Update cache
  apt:
    update_cache: yes
  become: yes
  when: install_repo.changed

- name: Install Packages
  apt:
    name:
      - icinga2
      - icinga2-ido-mysql
      - icingaweb2
      - icingacli
      - monitoring-plugins
      - mariadb-server
      - mariadb-client
      - php
      - php-intl
      - php-imagick
      - php-gd
      - php-mysql
      - php-curl
      - php-mbstring
      - apache2
      - libapache2-mod-php
      - python3-pymysql
  become: yes

- name: Securing MariaDB installation
  community.mysql.mysql_query:
    query:
      - "DELETE FROM mysql.user WHERE User=''"
      - "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
      - "DROP DATABASE IF EXISTS test"
      - "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
      - "FLUSH PRIVILEGES"
    login_unix_socket: /var/run/mysqld/mysqld.sock
  become: yes

- name: Generate Icingaweb2 API Password
  shell:
    cmd: 'dd if=/dev/urandom bs=16 count=1 status=none | base64'
    creates: /etc/icinga2/api_pw.ansible
  become: yes
  register: gen_api_key

- name: Save API Password
  copy:
    content: '{{ gen_api_key.stdout }}'
    dest: /etc/icinga2/api_pw.ansible
    owner: root
    group: root
    mode: '600'
  become: yes
  when: gen_api_key.changed

- name: Read API Password
  slurp:
    src: /etc/icinga2/api_pw.ansible
  become: yes
  register: icingaweb_api_password

- name: Configure Icinga2
  include_tasks: icinga.yml

- name: Configure Icingaweb2
  include_tasks: icingaweb.yml