From a14cae49a287a8da13d51d53c3ea2d24e6cf1b31 Mon Sep 17 00:00:00 2001 From: Zolfa Date: Sun, 3 May 2020 18:06:11 +0200 Subject: [PATCH] roles/icinga2: fix nginx configuration (IcingaWeb2) Configuration issues fixed: - Missing `php-fpm` requirement. - Migrating php7.0 -> php 7.3 in nginx config location config file. - Fixed `rewrite` rule in nginx configuration: When usign `/icingaweb2` as rewrite target nginx automatically expand the redirect 302 response as `$scheme://$remote_host:$remote_port/icingaweb2`, causing connection to fail when behind a *reverse proxy*, because remote_post and remote_host are incorrect. - Remove hardcoded `status.lilik.it` in `meta/main.yaml`, `server_fqdn` is already defined in `defaults/main.yaml` as `{{ ansible_hostname }}.{{ domain }}`. --- roles/icinga2/meta/main.yaml | 1 - roles/icinga2/tasks/main.yaml | 57 +++++++++++++++-------------- roles/icinga2/templates/icinga.conf | 4 +- 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/roles/icinga2/meta/main.yaml b/roles/icinga2/meta/main.yaml index c8cc5df..07362a3 100644 --- a/roles/icinga2/meta/main.yaml +++ b/roles/icinga2/meta/main.yaml @@ -1,5 +1,4 @@ --- dependencies: - role: nginx - server_fqdn: "status.lilik.it" - role: postgresql diff --git a/roles/icinga2/tasks/main.yaml b/roles/icinga2/tasks/main.yaml index 87299fb..6cb3173 100644 --- a/roles/icinga2/tasks/main.yaml +++ b/roles/icinga2/tasks/main.yaml @@ -26,6 +26,16 @@ question: 'icinga2-ido-pgsql/dbconfig-reinstall' vtype: 'boolean' value: true +- name: 'create icinga2 service role' + include_role: name='service' + vars: + service_name: 'icinga2' + service_packages: + - 'icinga2' + - 'icingacli' + - 'icinga2-ido-pgsql' + - 'monitoring-plugins' + - 'nagios-plugins-contrib' # - name: nasty dpkg-reconfigure @@ -37,33 +47,24 @@ # question: 'icinga2-ido-pgsql/dbconfig-reinstall' # vtype: 'boolean' # value: false +- name: 'install IcingaWeb2 packages' + apt: + pkg: + - 'icingaweb2' + - 'icingaweb2-module-monitoring' + - 'php-ldap' + - 'php-pgsql' + - 'php-intl' + - 'php-imagick' + - 'php-fpm' + - 'rsync' + state: 'present' + update_cache: true + cache_valid_time: 3600 + tags: + - 'packages' -- include_role: - name: service - vars: - service_name: icinga2 - service_packages: - - icinga2-ido-pgsql - - monitoring-plugins - - nagios-plugins-contrib - - icinga2 - - icingacli - - php-ldap - - php-pgsql - - php-intl - - php-imagick - - icingaweb2-module-monitoring - - icingaweb2 - # TODO: log, add a centralized log server - - rsyslog - - rsync - -- name: enable ido-pgsql and command features - command: "icinga2 feature enable ido-pgsql command" - register: icinga2_features - changed_when: "'Enabling' in icinga2_features.stdout" - notify: restart icinga2 - name: 'LDAP | upload client root ca' copy: content: '{{ tls_root_ca }}' @@ -137,9 +138,9 @@ - 'authentication.ini' - 'groups.ini' -- name: add nginx configurations +- name: 'NGINX | configure IcingaWeb2 locations' template: - src: icinga.conf + src: 'icinga.conf' dest: "/etc/nginx/locations/{{ server_fqdn }}/service.conf" notify: - - restart nginx + - 'reload nginx' diff --git a/roles/icinga2/templates/icinga.conf b/roles/icinga2/templates/icinga.conf index 0cb74ff..2234f21 100644 --- a/roles/icinga2/templates/icinga.conf +++ b/roles/icinga2/templates/icinga.conf @@ -2,10 +2,10 @@ {% block proxy_conf %} location / { - rewrite ^/$ /icingaweb2 permanent; + rewrite ^/$ icingaweb2 redirect; } location ~ ^/icingaweb2/index\.php(.*)$ { - fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php;