- (Icinga2) Preseed correctly all the debconf variables to have IDO db created
and populated by `icinga2-ido-pgsql` deb installation script.
- (IcingaWeb2) Use a different user, `www-data`, with lower
privileges, to access the IDO db in read-only mode.
- Use everywhere socket (local ident) authentication to PostgreSQL to
avoid local service password.
(IcingaWeb2) Configuration issues fixed:
- Missing `php-fpm` requirement.
- Migrating php7.0 -> php 7.3 in nginx config location config file.
- Fixed `rewrite` rule in nginx configuration:
When usign `/icingaweb2` as rewrite target nginx automatically
expand the redirect 302 response as
`$scheme://$remote_host:$remote_port/icingaweb2`, causing
connection to fail when behind a *reverse proxy*, because
remote_post and remote_host are incorrect.
- Remove hardcoded `status.lilik.it` in `meta/main.yaml`,
`server_fqdn` is already defined in `defaults/main.yaml` as
`{{ ansible_hostname }}.{{ domain }}`.
(IcingaWeb2) LDAP:
- procedure to automatically issue service credetinals to authenticate
with the ldap server.
- starttls secured ldap connection with service account.
- use of the variable `base_dn` instead of hard-coded values in config
files.
(IcingaWeb2) CONFIGURATION:
- fixed rsync parameters.
- resource renaming.
When using multiples server names in `server_name`, the NGINX variable
`$server_name` will always point only to the first entry. `$host`
variable, instead, point to the selected host from the user (HTTP
request or Host: header).
Do not apply tag `packages` to role `service`. Tags are already
applied inside the role. If we apply the tag `package` at the role
level handlers defined inside the role (restart, reload) are not
available in the play!