Continue icinga2_server role
This commit is contained in:
parent
3f60b8a3f8
commit
36eb8aa939
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
- hosts: icinga2_server
|
||||
roles:
|
||||
# - geerlingguy.certbot
|
||||
- icinga2_server
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@ icinga2_server_mariadb_users:
|
|||
icingaweb2_user:
|
||||
name: "icingaweb2_user"
|
||||
password: "needToBeChanged"
|
||||
priv: "icinga.*:ALL"
|
||||
priv: "icingaweb2.*:ALL"
|
||||
|
||||
icinga2_server_mariadb_icinga_schema_location: "/usr/share/icinga2-ido-mysql/schema/mysql.sql"
|
||||
icinga2_server_mariadb_icingaweb2_schema_location: "/usr/share/icingaweb2/etc/schema/mysql.schema.sql"
|
||||
|
@ -72,3 +72,17 @@ icinga2_server_api_users:
|
|||
password: 'needToBeChanged'
|
||||
permissions: '*'
|
||||
|
||||
icinga2_server_icingaweb2_main_user: john
|
||||
icinga2_server_icingaweb2_main_user_password: needToBeChanged
|
||||
icinga2_server_apache2_service: apache2
|
||||
icinga2_server_apache2_default_index: "/var/www/html/index.html"
|
||||
icinga2_server_apache2_user: "www-data"
|
||||
icinga2_server_apache2_group: "www-data"
|
||||
|
||||
icinga2_server_apache2_modules_to_disable:
|
||||
- autoindex
|
||||
- access_compat
|
||||
- status
|
||||
- negociation
|
||||
|
||||
icinga2_server_icingaweb2_main_user_password_hash_manual: needToBeChanged
|
||||
|
|
12
roles/icinga2_server/files/index.html
Normal file
12
roles/icinga2_server/files/index.html
Normal file
|
@ -0,0 +1,12 @@
|
|||
<!doctype html>
|
||||
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<link rel="icon" href="data:,">
|
||||
<title>Redirect to Icingaweb2</title>
|
||||
<meta http-equiv="refresh" content="0;https://sup01.wirebrass.fr/icingaweb2">
|
||||
<meta name="description" content="Redirect to Icingaweb2 website">
|
||||
<meta name="author" content="Wirebrass">
|
||||
</head>
|
||||
</html>
|
|
@ -10,3 +10,9 @@
|
|||
name: "{{ icinga2_server_icinga2_service }}"
|
||||
enabled: yes
|
||||
state: restarted
|
||||
|
||||
- name: "restart apache2"
|
||||
service:
|
||||
name: "{{ icinga2_server_apache2_service }}"
|
||||
enabled: yes
|
||||
state: restarted
|
||||
|
|
|
@ -3,6 +3,65 @@
|
|||
package:
|
||||
name: "{{ icinga2_server_apache_httpd_package }}"
|
||||
state: present
|
||||
register: apacheinstall
|
||||
|
||||
- name: certificate deployed
|
||||
command: "cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/apache2/ && chown www-data: /etc/apache2/*.pem"
|
||||
when: apacheinstall.changed
|
||||
|
||||
- name: default index.html page defined
|
||||
copy:
|
||||
src: index.html
|
||||
dest: "{{ icinga2_server_apache2_default_index }}"
|
||||
owner: "{{ icinga2_server_apache2_user }}"
|
||||
group: "{{ icinga2_server_apache2_group }}"
|
||||
mode: 0644
|
||||
|
||||
- name: Apache SSL module enabled
|
||||
apache2_module:
|
||||
state: present
|
||||
name: ssl
|
||||
notify: restart apache2
|
||||
|
||||
- name: Useless apache modules disabled
|
||||
apache2_module:
|
||||
state: absent
|
||||
name: "{{ item }}"
|
||||
force: True
|
||||
with_items: "{{ icinga2_server_apache2_modules_to_disable }}"
|
||||
notify: restart apache2
|
||||
|
||||
- name: Apache HTTP conf deployed
|
||||
template:
|
||||
src: 000-default.conf.j2
|
||||
dest: /etc/apache2/sites-available/000-default.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: restart apache2
|
||||
|
||||
- name: Apache HTTPS conf deployed
|
||||
template:
|
||||
src: default-ssl.conf.j2
|
||||
dest: /etc/apache2/sites-available/default-ssl.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: restart apache2
|
||||
|
||||
- name: Apache HTTP conf enabled
|
||||
file:
|
||||
src: ../sites-available/000-default.conf
|
||||
dest: /etc/apache2/sites-enabled/000-default.conf
|
||||
state: link
|
||||
notify: restart apache2
|
||||
|
||||
- name: Apache HTTPS conf enabled
|
||||
file:
|
||||
src: ../sites-available/default-ssl.conf
|
||||
dest: /etc/apache2/sites-enabled/default-ssl.conf
|
||||
state: link
|
||||
notify: restart apache2
|
||||
|
||||
- name: Apache HTTPD started and enabled
|
||||
service:
|
||||
|
@ -21,6 +80,16 @@
|
|||
register: apiusers
|
||||
no_log: True
|
||||
|
||||
- name: ido-mysql.conf file installed
|
||||
template:
|
||||
src: ido-mysql.conf.j2
|
||||
dest: /etc/icinga2/features-available/ido-mysql.conf
|
||||
owner: "{{ icinga2_server_user }}"
|
||||
group: "{{ icinga2_server_group }}"
|
||||
mode: 0600
|
||||
notify: restart icinga2
|
||||
# no_log: True
|
||||
|
||||
- name: execute icinga2 api setup command
|
||||
command: icinga2 api setup
|
||||
args:
|
||||
|
|
|
@ -73,3 +73,36 @@
|
|||
name: icingaweb2
|
||||
target: "{{ icinga2_server_mariadb_icingaweb2_schema_location }}"
|
||||
when: icinga2_server_register_icingaweb2_imported.rc == 1
|
||||
|
||||
- name: check if Icingaweb2 main user exist
|
||||
shell: mysql -u root icingaweb2 -e "SELECT * FROM icingaweb2.icingaweb_user;" |grep "{{ icinga2_server_icingaweb2_main_user }}"
|
||||
register: icinga2_server_register_icingaweb2_main_user_exist
|
||||
changed_when: icinga2_server_register_icingaweb2_main_user_exist.rc == 1
|
||||
failed_when: "'Access denied for' in icinga2_server_register_icingaweb2_main_user_exist.stderr"
|
||||
no_log: True
|
||||
|
||||
- name: insert icingaweb2 main user into database
|
||||
command: mysql -u root icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ icinga2_server_icingaweb2_main_user }}', 1, '{{ icinga2_server_icingaweb2_main_user_password_hash_manual }}')"
|
||||
when: icinga2_server_register_icingaweb2_main_user_exist.rc == 1
|
||||
no_log: True
|
||||
|
||||
- name: check if Icingaweb2 Administrators group exist
|
||||
shell: mysql -u root icingaweb2 -e "SELECT * FROM icingaweb2.icingaweb_group;" |grep Administrators
|
||||
register: icinga2_server_register_icingaweb2_administrators_group_exist
|
||||
changed_when: icinga2_server_register_icingaweb2_administrators_group_exist.rc == 1
|
||||
failed_when: "'Access denied for' in icinga2_server_register_icingaweb2_administrators_group_exist.stderr"
|
||||
|
||||
- name: insert Icingaweb2 Administrators group into database
|
||||
command: mysql -u root icingaweb2 -e "INSERT INTO icingaweb_group (name) VALUES ('Administrators')"
|
||||
when: icinga2_server_register_icingaweb2_administrators_group_exist.rc == 1
|
||||
|
||||
- name: check if main user in Icingaweb2 Administrators group
|
||||
shell: mysql -u root icingaweb2 -e "SELECT * FROM icingaweb2.icingaweb_group_membership;" |grep "{{ icinga2_server_icingaweb2_main_user }}"
|
||||
register: icinga2_server_register_icingaweb2_main_user_in_administrators_group
|
||||
changed_when: icinga2_server_register_icingaweb2_main_user_in_administrators_group.rc == 1
|
||||
failed_when: "'Access denied for' in icinga2_server_register_icingaweb2_main_user_in_administrators_group.stderr"
|
||||
|
||||
- name: main user in Icingaweb2 Administrators group
|
||||
command: mysql -u root icingaweb2 -e "INSERT INTO icingaweb_group_membership (group_id, username) VALUES ('1', '{{ icinga2_server_icingaweb2_main_user }}')"
|
||||
when: icinga2_server_register_icingaweb2_main_user_in_administrators_group.rc == 1
|
||||
|
||||
|
|
|
@ -6,6 +6,6 @@
|
|||
#- import_tasks: install_icinga2.yml
|
||||
#- import_tasks: install_mariadb.yml
|
||||
#- import_tasks: install_ido.yml
|
||||
#- import_tasks: configure_icinga2_api_feature.yml
|
||||
- import_tasks: configure_icinga2_api_feature.yml
|
||||
#- import_tasks: install_icingaweb2.yml
|
||||
- import_tasks: configure_icingaweb2.yml
|
||||
#- import_tasks: configure_icingaweb2.yml
|
||||
|
|
8
roles/icinga2_server/templates/000-default.conf.j2
Normal file
8
roles/icinga2_server/templates/000-default.conf.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
<VirtualHost *:80>
|
||||
Redirect permanent / https://{{ inventory_hostname }}/
|
||||
ServerAdmin root@localhost
|
||||
DocumentRoot /var/www/html
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
</VirtualHost>
|
||||
|
19
roles/icinga2_server/templates/default-ssl.conf.j2
Normal file
19
roles/icinga2_server/templates/default-ssl.conf.j2
Normal file
|
@ -0,0 +1,19 @@
|
|||
<IfModule mod_ssl.c>
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin root@localhost
|
||||
DocumentRoot /var/www/html
|
||||
ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/apache2/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/apache2/privkey.pem
|
||||
Redirect "^/$" https://{{ inventory_hostname }}/icingaweb2
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
<Directory /usr/lib/cgi-bin>
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
</IfModule>
|
||||
|
14
roles/icinga2_server/templates/ido-mysql.conf.j2
Normal file
14
roles/icinga2_server/templates/ido-mysql.conf.j2
Normal file
|
@ -0,0 +1,14 @@
|
|||
/**
|
||||
* The db_ido_mysql library implements IDO functionality
|
||||
* for MySQL.
|
||||
*/
|
||||
|
||||
library "db_ido_mysql"
|
||||
|
||||
object IdoMysqlConnection "ido-mysql" {
|
||||
user = "icinga_user",
|
||||
password = "{{ icinga2_server_mariadb_users.icinga_user.password }}",
|
||||
host = "localhost"
|
||||
database = "icinga"
|
||||
}
|
||||
|
|
@ -15,3 +15,9 @@ icinga2_server_apache_httpd_package: apache2
|
|||
icinga2_server_apache_httpd_service: apache2
|
||||
icinga2_server_user: nagios
|
||||
icinga2_server_group: nagios
|
||||
icinga2_server_icingaweb2_main_user: john
|
||||
icinga2_server_icingaweb2_main_user_password: needToBeChanged
|
||||
icinga2_server_apache2_service: apache2
|
||||
icinga2_server_apache2_default_index: "/var/www/html/index.html"
|
||||
icinga2_server_apache2_user: "www-data"
|
||||
icinga2_server_apache2_group: "www-data"
|
||||
|
|
Loading…
Reference in a new issue