Update template inventory
This commit is contained in:
parent
a80ec0506f
commit
2cae1b8e79
|
@ -17,3 +17,15 @@ vault_public_key_backup_user_host: SSH_PUBKEY_OF_backup_user_USER_ON_BACKUP_HOST
|
||||||
|
|
||||||
vault_ldap_admin_user_password: LDAP_ADMIN_PASSWORD
|
vault_ldap_admin_user_password: LDAP_ADMIN_PASSWORD
|
||||||
vault_ldap_config_admin_user_password: LDAP_CONFIG_ADMIN_PASSWORD
|
vault_ldap_config_admin_user_password: LDAP_CONFIG_ADMIN_PASSWORD
|
||||||
|
|
||||||
|
vault_icinga2_server_mariadb_root_password: RANDOM_PASSWORD
|
||||||
|
vault_icinga2_server_mariadb_users_icinga_password: RANDOM_PASSWORD
|
||||||
|
vault_icinga2_server_mariadb_users_icingaweb2_password: RANDOM_PASSWORD
|
||||||
|
vault_icinga2_server_api_users_root_password: RANDOM_PASSWORD
|
||||||
|
vault_icinga2_server_icingaweb2_main_user_password: RANDOM_PASSWORD
|
||||||
|
# openssl passwd -1 thePassword
|
||||||
|
vault_icinga2_server_icingaweb2_main_user_password_hash_manual: HASHED_RANDOM_PASSWORD
|
||||||
|
vault_icinga2_server_ticket_salt: RANDOM_SALT
|
||||||
|
vault_icinga2_server_icingaweb2_main_user_email: EMAIL_TO_SEND_ICINGA_ALERTS
|
||||||
|
vault_icinga2_server_icinga_ssh_pubkey: SSH_PUB_KEY_OF_nagios_user_USER_ON_HOSTS
|
||||||
|
vault_icinga2_server_icinga_ssh_privkey: SSH_PRIV_KEY_OF_nagios_user_USER_ON_HOSTS
|
||||||
|
|
41
inventory_template/group_vars/icinga2_server.yml
Normal file
41
inventory_template/group_vars/icinga2_server.yml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
icinga2_server_mariadb_root_password: "{{ vault_icinga2_server_mariadb_root_password }}"
|
||||||
|
icinga2_server_icingaweb2_main_user_password: "{{ vault_icinga2_server_icingaweb2_main_user_password }}"
|
||||||
|
icinga2_server_icingaweb2_main_user_password_hash_manual: "{{ vault_icinga2_server_icingaweb2_main_user_password_hash_manual }}"
|
||||||
|
|
||||||
|
icinga2_server_mariadb_users:
|
||||||
|
icinga_user:
|
||||||
|
name: "icinga_user"
|
||||||
|
password: "{{ vault_icinga2_server_mariadb_users_icinga_password }}"
|
||||||
|
priv: "icinga.*:ALL"
|
||||||
|
icingaweb2_user:
|
||||||
|
name: "icingaweb2_user"
|
||||||
|
password: "{{ vault_icinga2_server_mariadb_users_icingaweb2_password }}"
|
||||||
|
priv: "icingaweb2.*:ALL"
|
||||||
|
|
||||||
|
icinga2_server_api_users:
|
||||||
|
- username: root
|
||||||
|
password: "{{ vault_icinga2_server_api_users_root_password }}"
|
||||||
|
permissions: '*'
|
||||||
|
|
||||||
|
# Role ansible-role-certbot : defina auto renew, schedule, ...
|
||||||
|
certbot_auto_renew: true
|
||||||
|
certbot_auto_renew_user: "root"
|
||||||
|
certbot_auto_renew_hour: "3"
|
||||||
|
certbot_auto_renew_minute: "36"
|
||||||
|
certbot_auto_renew_options: "--quiet --no-self-upgrade --pre-hook \"systemctl stop apache2\" --post-hook \"systemctl start apache2\" --deploy-hook \"cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/apache2/ && chown www-data: /etc/apache2/*.pem\""
|
||||||
|
certbot_create_if_missing: true
|
||||||
|
certbot_create_method: standalone
|
||||||
|
certbot_create_standalone_stop_services:
|
||||||
|
- apache2
|
||||||
|
certbot_certs:
|
||||||
|
- domains:
|
||||||
|
- "{{ inventory_hostname }}"
|
||||||
|
|
||||||
|
icinga2_server_ticket_salt: "{{ vault_icinga2_server_ticket_salt }}"
|
||||||
|
icinga2_server_custom_hostgroup: wirebrass
|
||||||
|
icinga2_server_icingaweb2_main_user_email: "{{ vault_icinga2_server_icingaweb2_main_user_email }}"
|
||||||
|
|
||||||
|
icinga2_server_icinga_ssh_pubkey: "{{ vault_icinga2_server_icinga_ssh_pubkey }}"
|
||||||
|
icinga2_server_icinga_ssh_privkey: "{{ vault_icinga2_server_icinga_ssh_privkey }}"
|
14
inventory_template/group_vars/web_server.yml
Normal file
14
inventory_template/group_vars/web_server.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# Role ansible-role-certbot : defina auto renew, schedule, ...
|
||||||
|
certbot_auto_renew: true
|
||||||
|
certbot_auto_renew_user: "root"
|
||||||
|
certbot_auto_renew_hour: "3"
|
||||||
|
certbot_auto_renew_minute: "35"
|
||||||
|
certbot_auto_renew_options: "--quiet --no-self-upgrade --pre-hook \"/etc/init.d/nginx stop\" --post-hook \"/etc/init.d/nginx start\""
|
||||||
|
certbot_create_if_missing: true
|
||||||
|
certbot_create_method: standalone
|
||||||
|
certbot_create_standalone_stop_services:
|
||||||
|
- nginx
|
||||||
|
certbot_certs:
|
||||||
|
- domains:
|
||||||
|
- "{{ inventory_hostname }}"
|
||||||
|
|
Loading…
Reference in a new issue