Continue icinga2_server role

This commit is contained in:
Nemo 2020-10-03 12:00:19 +02:00
parent 3f60b8a3f8
commit 36eb8aa939
11 changed files with 185 additions and 3 deletions

View file

@ -1,5 +1,6 @@
---
- hosts: icinga2_server
roles:
# - geerlingguy.certbot
- icinga2_server

View file

@ -62,7 +62,7 @@ icinga2_server_mariadb_users:
icingaweb2_user:
name: "icingaweb2_user"
password: "needToBeChanged"
priv: "icinga.*:ALL"
priv: "icingaweb2.*:ALL"
icinga2_server_mariadb_icinga_schema_location: "/usr/share/icinga2-ido-mysql/schema/mysql.sql"
icinga2_server_mariadb_icingaweb2_schema_location: "/usr/share/icingaweb2/etc/schema/mysql.schema.sql"
@ -72,3 +72,17 @@ icinga2_server_api_users:
password: 'needToBeChanged'
permissions: '*'
icinga2_server_icingaweb2_main_user: john
icinga2_server_icingaweb2_main_user_password: needToBeChanged
icinga2_server_apache2_service: apache2
icinga2_server_apache2_default_index: "/var/www/html/index.html"
icinga2_server_apache2_user: "www-data"
icinga2_server_apache2_group: "www-data"
icinga2_server_apache2_modules_to_disable:
- autoindex
- access_compat
- status
- negociation
icinga2_server_icingaweb2_main_user_password_hash_manual: needToBeChanged

View file

@ -0,0 +1,12 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<link rel="icon" href="data:,">
<title>Redirect to Icingaweb2</title>
<meta http-equiv="refresh" content="0;https://sup01.wirebrass.fr/icingaweb2">
<meta name="description" content="Redirect to Icingaweb2 website">
<meta name="author" content="Wirebrass">
</head>
</html>

View file

@ -10,3 +10,9 @@
name: "{{ icinga2_server_icinga2_service }}"
enabled: yes
state: restarted
- name: "restart apache2"
service:
name: "{{ icinga2_server_apache2_service }}"
enabled: yes
state: restarted

View file

@ -3,6 +3,65 @@
package:
name: "{{ icinga2_server_apache_httpd_package }}"
state: present
register: apacheinstall
- name: certificate deployed
command: "cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/apache2/ && chown www-data: /etc/apache2/*.pem"
when: apacheinstall.changed
- name: default index.html page defined
copy:
src: index.html
dest: "{{ icinga2_server_apache2_default_index }}"
owner: "{{ icinga2_server_apache2_user }}"
group: "{{ icinga2_server_apache2_group }}"
mode: 0644
- name: Apache SSL module enabled
apache2_module:
state: present
name: ssl
notify: restart apache2
- name: Useless apache modules disabled
apache2_module:
state: absent
name: "{{ item }}"
force: True
with_items: "{{ icinga2_server_apache2_modules_to_disable }}"
notify: restart apache2
- name: Apache HTTP conf deployed
template:
src: 000-default.conf.j2
dest: /etc/apache2/sites-available/000-default.conf
owner: root
group: root
mode: 0644
notify: restart apache2
- name: Apache HTTPS conf deployed
template:
src: default-ssl.conf.j2
dest: /etc/apache2/sites-available/default-ssl.conf
owner: root
group: root
mode: 0644
notify: restart apache2
- name: Apache HTTP conf enabled
file:
src: ../sites-available/000-default.conf
dest: /etc/apache2/sites-enabled/000-default.conf
state: link
notify: restart apache2
- name: Apache HTTPS conf enabled
file:
src: ../sites-available/default-ssl.conf
dest: /etc/apache2/sites-enabled/default-ssl.conf
state: link
notify: restart apache2
- name: Apache HTTPD started and enabled
service:
@ -21,6 +80,16 @@
register: apiusers
no_log: True
- name: ido-mysql.conf file installed
template:
src: ido-mysql.conf.j2
dest: /etc/icinga2/features-available/ido-mysql.conf
owner: "{{ icinga2_server_user }}"
group: "{{ icinga2_server_group }}"
mode: 0600
notify: restart icinga2
# no_log: True
- name: execute icinga2 api setup command
command: icinga2 api setup
args:

View file

@ -73,3 +73,36 @@
name: icingaweb2
target: "{{ icinga2_server_mariadb_icingaweb2_schema_location }}"
when: icinga2_server_register_icingaweb2_imported.rc == 1
- name: check if Icingaweb2 main user exist
shell: mysql -u root icingaweb2 -e "SELECT * FROM icingaweb2.icingaweb_user;" |grep "{{ icinga2_server_icingaweb2_main_user }}"
register: icinga2_server_register_icingaweb2_main_user_exist
changed_when: icinga2_server_register_icingaweb2_main_user_exist.rc == 1
failed_when: "'Access denied for' in icinga2_server_register_icingaweb2_main_user_exist.stderr"
no_log: True
- name: insert icingaweb2 main user into database
command: mysql -u root icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ icinga2_server_icingaweb2_main_user }}', 1, '{{ icinga2_server_icingaweb2_main_user_password_hash_manual }}')"
when: icinga2_server_register_icingaweb2_main_user_exist.rc == 1
no_log: True
- name: check if Icingaweb2 Administrators group exist
shell: mysql -u root icingaweb2 -e "SELECT * FROM icingaweb2.icingaweb_group;" |grep Administrators
register: icinga2_server_register_icingaweb2_administrators_group_exist
changed_when: icinga2_server_register_icingaweb2_administrators_group_exist.rc == 1
failed_when: "'Access denied for' in icinga2_server_register_icingaweb2_administrators_group_exist.stderr"
- name: insert Icingaweb2 Administrators group into database
command: mysql -u root icingaweb2 -e "INSERT INTO icingaweb_group (name) VALUES ('Administrators')"
when: icinga2_server_register_icingaweb2_administrators_group_exist.rc == 1
- name: check if main user in Icingaweb2 Administrators group
shell: mysql -u root icingaweb2 -e "SELECT * FROM icingaweb2.icingaweb_group_membership;" |grep "{{ icinga2_server_icingaweb2_main_user }}"
register: icinga2_server_register_icingaweb2_main_user_in_administrators_group
changed_when: icinga2_server_register_icingaweb2_main_user_in_administrators_group.rc == 1
failed_when: "'Access denied for' in icinga2_server_register_icingaweb2_main_user_in_administrators_group.stderr"
- name: main user in Icingaweb2 Administrators group
command: mysql -u root icingaweb2 -e "INSERT INTO icingaweb_group_membership (group_id, username) VALUES ('1', '{{ icinga2_server_icingaweb2_main_user }}')"
when: icinga2_server_register_icingaweb2_main_user_in_administrators_group.rc == 1

View file

@ -6,6 +6,6 @@
#- import_tasks: install_icinga2.yml
#- import_tasks: install_mariadb.yml
#- import_tasks: install_ido.yml
#- import_tasks: configure_icinga2_api_feature.yml
- import_tasks: configure_icinga2_api_feature.yml
#- import_tasks: install_icingaweb2.yml
- import_tasks: configure_icingaweb2.yml
#- import_tasks: configure_icingaweb2.yml

View file

@ -0,0 +1,8 @@
<VirtualHost *:80>
Redirect permanent / https://{{ inventory_hostname }}/
ServerAdmin root@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

View file

@ -0,0 +1,19 @@
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin root@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/fullchain.pem
SSLCertificateKeyFile /etc/apache2/privkey.pem
Redirect "^/$" https://{{ inventory_hostname }}/icingaweb2
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>

View file

@ -0,0 +1,14 @@
/**
* The db_ido_mysql library implements IDO functionality
* for MySQL.
*/
library "db_ido_mysql"
object IdoMysqlConnection "ido-mysql" {
user = "icinga_user",
password = "{{ icinga2_server_mariadb_users.icinga_user.password }}",
host = "localhost"
database = "icinga"
}

View file

@ -15,3 +15,9 @@ icinga2_server_apache_httpd_package: apache2
icinga2_server_apache_httpd_service: apache2
icinga2_server_user: nagios
icinga2_server_group: nagios
icinga2_server_icingaweb2_main_user: john
icinga2_server_icingaweb2_main_user_password: needToBeChanged
icinga2_server_apache2_service: apache2
icinga2_server_apache2_default_index: "/var/www/html/index.html"
icinga2_server_apache2_user: "www-data"
icinga2_server_apache2_group: "www-data"