diff --git a/playbook_icinga2_deploy.yml b/playbook_icinga2_deploy.yml
index 5b2a2f1..68257c6 100644
--- a/playbook_icinga2_deploy.yml
+++ b/playbook_icinga2_deploy.yml
@@ -1,5 +1,6 @@
---
- hosts: icinga2_server
roles:
+# - geerlingguy.certbot
- icinga2_server
diff --git a/roles/icinga2_server/defaults/main.yml b/roles/icinga2_server/defaults/main.yml
index 6abdcad..3206100 100644
--- a/roles/icinga2_server/defaults/main.yml
+++ b/roles/icinga2_server/defaults/main.yml
@@ -62,7 +62,7 @@ icinga2_server_mariadb_users:
icingaweb2_user:
name: "icingaweb2_user"
password: "needToBeChanged"
- priv: "icinga.*:ALL"
+ priv: "icingaweb2.*:ALL"
icinga2_server_mariadb_icinga_schema_location: "/usr/share/icinga2-ido-mysql/schema/mysql.sql"
icinga2_server_mariadb_icingaweb2_schema_location: "/usr/share/icingaweb2/etc/schema/mysql.schema.sql"
@@ -72,3 +72,17 @@ icinga2_server_api_users:
password: 'needToBeChanged'
permissions: '*'
+icinga2_server_icingaweb2_main_user: john
+icinga2_server_icingaweb2_main_user_password: needToBeChanged
+icinga2_server_apache2_service: apache2
+icinga2_server_apache2_default_index: "/var/www/html/index.html"
+icinga2_server_apache2_user: "www-data"
+icinga2_server_apache2_group: "www-data"
+
+icinga2_server_apache2_modules_to_disable:
+ - autoindex
+ - access_compat
+ - status
+ - negociation
+
+icinga2_server_icingaweb2_main_user_password_hash_manual: needToBeChanged
diff --git a/roles/icinga2_server/files/index.html b/roles/icinga2_server/files/index.html
new file mode 100644
index 0000000..7b3ef12
--- /dev/null
+++ b/roles/icinga2_server/files/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+ Redirect to Icingaweb2
+
+
+
+
+
diff --git a/roles/icinga2_server/handlers/main.yml b/roles/icinga2_server/handlers/main.yml
index 8861df5..254fc8f 100644
--- a/roles/icinga2_server/handlers/main.yml
+++ b/roles/icinga2_server/handlers/main.yml
@@ -10,3 +10,9 @@
name: "{{ icinga2_server_icinga2_service }}"
enabled: yes
state: restarted
+
+- name: "restart apache2"
+ service:
+ name: "{{ icinga2_server_apache2_service }}"
+ enabled: yes
+ state: restarted
diff --git a/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml b/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml
index e0e244e..c17e19b 100644
--- a/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml
+++ b/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml
@@ -3,6 +3,65 @@
package:
name: "{{ icinga2_server_apache_httpd_package }}"
state: present
+ register: apacheinstall
+
+- name: certificate deployed
+ command: "cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/apache2/ && chown www-data: /etc/apache2/*.pem"
+ when: apacheinstall.changed
+
+- name: default index.html page defined
+ copy:
+ src: index.html
+ dest: "{{ icinga2_server_apache2_default_index }}"
+ owner: "{{ icinga2_server_apache2_user }}"
+ group: "{{ icinga2_server_apache2_group }}"
+ mode: 0644
+
+- name: Apache SSL module enabled
+ apache2_module:
+ state: present
+ name: ssl
+ notify: restart apache2
+
+- name: Useless apache modules disabled
+ apache2_module:
+ state: absent
+ name: "{{ item }}"
+ force: True
+ with_items: "{{ icinga2_server_apache2_modules_to_disable }}"
+ notify: restart apache2
+
+- name: Apache HTTP conf deployed
+ template:
+ src: 000-default.conf.j2
+ dest: /etc/apache2/sites-available/000-default.conf
+ owner: root
+ group: root
+ mode: 0644
+ notify: restart apache2
+
+- name: Apache HTTPS conf deployed
+ template:
+ src: default-ssl.conf.j2
+ dest: /etc/apache2/sites-available/default-ssl.conf
+ owner: root
+ group: root
+ mode: 0644
+ notify: restart apache2
+
+- name: Apache HTTP conf enabled
+ file:
+ src: ../sites-available/000-default.conf
+ dest: /etc/apache2/sites-enabled/000-default.conf
+ state: link
+ notify: restart apache2
+
+- name: Apache HTTPS conf enabled
+ file:
+ src: ../sites-available/default-ssl.conf
+ dest: /etc/apache2/sites-enabled/default-ssl.conf
+ state: link
+ notify: restart apache2
- name: Apache HTTPD started and enabled
service:
@@ -21,6 +80,16 @@
register: apiusers
no_log: True
+- name: ido-mysql.conf file installed
+ template:
+ src: ido-mysql.conf.j2
+ dest: /etc/icinga2/features-available/ido-mysql.conf
+ owner: "{{ icinga2_server_user }}"
+ group: "{{ icinga2_server_group }}"
+ mode: 0600
+ notify: restart icinga2
+# no_log: True
+
- name: execute icinga2 api setup command
command: icinga2 api setup
args:
diff --git a/roles/icinga2_server/tasks/configure_icingaweb2.yml b/roles/icinga2_server/tasks/configure_icingaweb2.yml
index 6d48140..901ff47 100644
--- a/roles/icinga2_server/tasks/configure_icingaweb2.yml
+++ b/roles/icinga2_server/tasks/configure_icingaweb2.yml
@@ -73,3 +73,36 @@
name: icingaweb2
target: "{{ icinga2_server_mariadb_icingaweb2_schema_location }}"
when: icinga2_server_register_icingaweb2_imported.rc == 1
+
+- name: check if Icingaweb2 main user exist
+ shell: mysql -u root icingaweb2 -e "SELECT * FROM icingaweb2.icingaweb_user;" |grep "{{ icinga2_server_icingaweb2_main_user }}"
+ register: icinga2_server_register_icingaweb2_main_user_exist
+ changed_when: icinga2_server_register_icingaweb2_main_user_exist.rc == 1
+ failed_when: "'Access denied for' in icinga2_server_register_icingaweb2_main_user_exist.stderr"
+ no_log: True
+
+- name: insert icingaweb2 main user into database
+ command: mysql -u root icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ icinga2_server_icingaweb2_main_user }}', 1, '{{ icinga2_server_icingaweb2_main_user_password_hash_manual }}')"
+ when: icinga2_server_register_icingaweb2_main_user_exist.rc == 1
+ no_log: True
+
+- name: check if Icingaweb2 Administrators group exist
+ shell: mysql -u root icingaweb2 -e "SELECT * FROM icingaweb2.icingaweb_group;" |grep Administrators
+ register: icinga2_server_register_icingaweb2_administrators_group_exist
+ changed_when: icinga2_server_register_icingaweb2_administrators_group_exist.rc == 1
+ failed_when: "'Access denied for' in icinga2_server_register_icingaweb2_administrators_group_exist.stderr"
+
+- name: insert Icingaweb2 Administrators group into database
+ command: mysql -u root icingaweb2 -e "INSERT INTO icingaweb_group (name) VALUES ('Administrators')"
+ when: icinga2_server_register_icingaweb2_administrators_group_exist.rc == 1
+
+- name: check if main user in Icingaweb2 Administrators group
+ shell: mysql -u root icingaweb2 -e "SELECT * FROM icingaweb2.icingaweb_group_membership;" |grep "{{ icinga2_server_icingaweb2_main_user }}"
+ register: icinga2_server_register_icingaweb2_main_user_in_administrators_group
+ changed_when: icinga2_server_register_icingaweb2_main_user_in_administrators_group.rc == 1
+ failed_when: "'Access denied for' in icinga2_server_register_icingaweb2_main_user_in_administrators_group.stderr"
+
+- name: main user in Icingaweb2 Administrators group
+ command: mysql -u root icingaweb2 -e "INSERT INTO icingaweb_group_membership (group_id, username) VALUES ('1', '{{ icinga2_server_icingaweb2_main_user }}')"
+ when: icinga2_server_register_icingaweb2_main_user_in_administrators_group.rc == 1
+
diff --git a/roles/icinga2_server/tasks/main.yml b/roles/icinga2_server/tasks/main.yml
index 9b8a565..a9def1c 100644
--- a/roles/icinga2_server/tasks/main.yml
+++ b/roles/icinga2_server/tasks/main.yml
@@ -6,6 +6,6 @@
#- import_tasks: install_icinga2.yml
#- import_tasks: install_mariadb.yml
#- import_tasks: install_ido.yml
-#- import_tasks: configure_icinga2_api_feature.yml
+- import_tasks: configure_icinga2_api_feature.yml
#- import_tasks: install_icingaweb2.yml
-- import_tasks: configure_icingaweb2.yml
+#- import_tasks: configure_icingaweb2.yml
diff --git a/roles/icinga2_server/templates/000-default.conf.j2 b/roles/icinga2_server/templates/000-default.conf.j2
new file mode 100644
index 0000000..3db8f30
--- /dev/null
+++ b/roles/icinga2_server/templates/000-default.conf.j2
@@ -0,0 +1,8 @@
+
+ Redirect permanent / https://{{ inventory_hostname }}/
+ ServerAdmin root@localhost
+ DocumentRoot /var/www/html
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+
diff --git a/roles/icinga2_server/templates/default-ssl.conf.j2 b/roles/icinga2_server/templates/default-ssl.conf.j2
new file mode 100644
index 0000000..ad870d5
--- /dev/null
+++ b/roles/icinga2_server/templates/default-ssl.conf.j2
@@ -0,0 +1,19 @@
+
+
+ ServerAdmin root@localhost
+ DocumentRoot /var/www/html
+ ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
+ CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
+ SSLEngine on
+ SSLCertificateFile /etc/apache2/fullchain.pem
+ SSLCertificateKeyFile /etc/apache2/privkey.pem
+ Redirect "^/$" https://{{ inventory_hostname }}/icingaweb2
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+
+
+
diff --git a/roles/icinga2_server/templates/ido-mysql.conf.j2 b/roles/icinga2_server/templates/ido-mysql.conf.j2
new file mode 100644
index 0000000..c760b45
--- /dev/null
+++ b/roles/icinga2_server/templates/ido-mysql.conf.j2
@@ -0,0 +1,14 @@
+/**
+ * The db_ido_mysql library implements IDO functionality
+ * for MySQL.
+ */
+
+library "db_ido_mysql"
+
+object IdoMysqlConnection "ido-mysql" {
+ user = "icinga_user",
+ password = "{{ icinga2_server_mariadb_users.icinga_user.password }}",
+ host = "localhost"
+ database = "icinga"
+}
+
diff --git a/roles/icinga2_server/vars/Debian.yml b/roles/icinga2_server/vars/Debian.yml
index 6223902..ebad3ac 100644
--- a/roles/icinga2_server/vars/Debian.yml
+++ b/roles/icinga2_server/vars/Debian.yml
@@ -15,3 +15,9 @@ icinga2_server_apache_httpd_package: apache2
icinga2_server_apache_httpd_service: apache2
icinga2_server_user: nagios
icinga2_server_group: nagios
+icinga2_server_icingaweb2_main_user: john
+icinga2_server_icingaweb2_main_user_password: needToBeChanged
+icinga2_server_apache2_service: apache2
+icinga2_server_apache2_default_index: "/var/www/html/index.html"
+icinga2_server_apache2_user: "www-data"
+icinga2_server_apache2_group: "www-data"