Browse Source

add icinga2

python3
Andrea Cimbalo 8 years ago
parent
commit
a273bcf6c6
13 changed files with 188 additions and 0 deletions
  1. +1
    -0
      all.yaml
  2. +7
    -0
      roles/icinga2/files/icingaweb2/authentication.ini
  3. +9
    -0
      roles/icinga2/files/icingaweb2/config.ini
  4. +9
    -0
      roles/icinga2/files/icingaweb2/groups.ini
  5. +3
    -0
      roles/icinga2/files/icingaweb2/modules/monitoring/backends.ini
  6. +3
    -0
      roles/icinga2/files/icingaweb2/modules/monitoring/commandtransports.ini
  7. +2
    -0
      roles/icinga2/files/icingaweb2/modules/monitoring/config.ini
  8. +3
    -0
      roles/icinga2/files/icingaweb2/roles.ini
  9. +6
    -0
      roles/icinga2/meta/main.yaml
  10. +92
    -0
      roles/icinga2/tasks/main.yaml
  11. +21
    -0
      roles/icinga2/templates/icinga2.conf.nginx.j2
  12. +19
    -0
      roles/icinga2/templates/icingaweb2/resources.ini.j2
  13. +13
    -0
      status.yaml

+ 1
- 0
all.yaml View File

@ -4,6 +4,7 @@
- include: login.yaml - include: login.yaml
- include: mail.yaml - include: mail.yaml
- include: projects.yaml - include: projects.yaml
- include: status.yaml
- include: users.yaml - include: users.yaml
- include: webmail.yaml - include: webmail.yaml
- include: wiki.yaml - include: wiki.yaml

+ 7
- 0
roles/icinga2/files/icingaweb2/authentication.ini View File

@ -0,0 +1,7 @@
[icingaweb2]
user_class = "inetOrgPerson"
filter = ""
user_name_attribute = "uid"
backend = "ldap"
base_dn = "o=People,dc=lilik,dc=it"
resource = "icingaweb_ldap"

+ 9
- 0
roles/icinga2/files/icingaweb2/config.ini View File

@ -0,0 +1,9 @@
[global]
show_stacktraces = "1"
config_backend = "ini"
[logging]
log = "syslog"
level = "ERROR"
application = "icingaweb2"
facility = "user"

+ 9
- 0
roles/icinga2/files/icingaweb2/groups.ini View File

@ -0,0 +1,9 @@
[icingaweb2]
resource = "icingaweb_ldap"
user_backend = "icingaweb2"
group_class = "groupofnames"
group_filter = ""
group_name_attribute = "cn"
group_member_attribute = "member"
base_dn = "o=Group,dc=lilik,dc=it"
backend = "ldap"

+ 3
- 0
roles/icinga2/files/icingaweb2/modules/monitoring/backends.ini View File

@ -0,0 +1,3 @@
[icinga]
type = "ido"
resource = "icinga_ido"

+ 3
- 0
roles/icinga2/files/icingaweb2/modules/monitoring/commandtransports.ini View File

@ -0,0 +1,3 @@
[icinga2]
transport = "local"
path = "/var/run/icinga2/cmd/icinga2.cmd"

+ 2
- 0
roles/icinga2/files/icingaweb2/modules/monitoring/config.ini View File

@ -0,0 +1,2 @@
[security]
protected_customvars = "*pw*,*pass*,community"

+ 3
- 0
roles/icinga2/files/icingaweb2/roles.ini View File

@ -0,0 +1,3 @@
[Administrators]
groups = "admin"
permissions = "*"

+ 6
- 0
roles/icinga2/meta/main.yaml View File

@ -0,0 +1,6 @@
dependencies:
- role: nginx
php: true
parent_role_path: "icinga2"
config_names: "icinga2"
- role: postgresql

+ 92
- 0
roles/icinga2/tasks/main.yaml View File

@ -0,0 +1,92 @@
- name: configure icinga2-ido-pgsql (host)
debconf:
name: 'icinga2-ido-pgsql'
question: 'icinga2-ido-pgsql/remote/host'
vtype: 'string'
value: 'localhost'
- name: configure icinga2-ido-pgsql (enable)
debconf:
name: 'icinga2-ido-pgsql'
question: 'icinga2-ido-pgsql/enable'
vtype: 'boolean'
value: true
- name: configure icinga2-ido-pgsql (dbconfig-install)
debconf:
name: 'icinga2-ido-pgsql'
question: 'icinga2-ido-pgsql/dbconfig-install'
vtype: 'boolean'
value: true
- name: configure icinga2-ido-pgsql (dbconfig-reinstall)
debconf:
name: 'icinga2-ido-pgsql'
question: 'icinga2-ido-pgsql/dbconfig-reinstall'
vtype: 'boolean'
value: true
# - name: nasty dpkg-reconfigure
# command: "dpkg-reconfigure --frontend noninteractive icinga2-ido-pgsql"
#
# - name: configure icinga2-ido-pgsql (dbconfig-reinstall)
# debconf:
# name: 'icinga2-ido-pgsql'
# question: 'icinga2-ido-pgsql/dbconfig-reinstall'
# vtype: 'boolean'
# value: false
- include_role:
name: service
vars:
service_name: icinga2
service_packages:
- icinga2-ido-pgsql
- monitoring-plugins
- nagios-plugins-contrib
- icinga2
- icingacli
- php-ldap
- php-pgsql
- php-intl
- php-imagick
- icingaweb2-module-monitoring
- icingaweb2
# TODO: log, add a centralized log server
- rsyslog
- rsync
- name: enable ido-pgsql and command features
command: "icinga2 feature enable ido-pgsql command"
register: icinga2_features
changed_when: "'Enabling' in icinga2_features.stdout"
notify: restart icinga2
- name: copy icingaweb2 configuration
synchronize:
src: icingaweb2
dest: /etc
rsync_opts:
- "--chmod Du=rwx,Dg=rwx,Do=,Fu=rw,Fg=rw,Fo= "
- "--chown root:icingaweb2"
- name: enable icingaweb2 monitoring plugin
file:
src: '/usr/share/icingaweb2/modules/monitoring'
dest: '/etc/icingaweb2/enabledModules/monitoring'
state: link
- name:
command: grep -Po 'password = "\K.*?(?=")' /etc/icinga2/features-available/ido-pgsql.conf
register: icinga2_password
changed_when: false
- name: configure icingaweb2 resources
template:
src: icingaweb2/resources.ini.j2
dest: /etc/icingaweb2/resources.ini
owner: root
group: icingaweb2
mode: 0640

+ 21
- 0
roles/icinga2/templates/icinga2.conf.nginx.j2 View File

@ -0,0 +1,21 @@
server {
listen 80;
location = / {
return 301 http://$host/icingaweb2;
}
location ~ ^/icingaweb2/index\.php(.*)$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php;
fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
fastcgi_param REMOTE_USER $remote_user;
}
location ~ ^/icingaweb2(.+)? {
alias /usr/share/icingaweb2/public;
try_files $1 $uri $uri/ /icingaweb2/index.php$is_args$args;
}
}

+ 19
- 0
roles/icinga2/templates/icingaweb2/resources.ini.j2 View File

@ -0,0 +1,19 @@
[icingaweb_ldap]
type = "ldap"
hostname = "ldap.lilik.dmz"
port = "389"
encryption = "none"
root_dn = "dc=lilik,dc=it"
bind_dn = ""
bind_pw = ""
[icinga_ido]
type = "db"
db = "pgsql"
host = "localhost"
port = "5432"
dbname = "icinga2"
username = "icinga2"
password = "{{ icinga2_password.stdout}}"
charset = ""
persistent = "0"

+ 13
- 0
status.yaml View File

@ -0,0 +1,13 @@
- hosts: biff
roles:
- role: lxc_guest
vm_name: status
distro: stretch
- role: ssh_server
ansible_connection: lxc_ssh
ansible_docker_extra_args: status
- hosts: status
roles:
- role: dns_record
- role: icinga2
- role: reverse_proxy

Loading…
Cancel
Save