Commit 29b16ab7 authored by matt's avatar matt
Browse files

seperate out windows and linux installs

parent 4af1c4a4
---
- name: Add Icinga repository key (linux)
apt_key: url=https://packages.icinga.com/icinga.key
when: ansible_connection != 'winrm'
- name: Add Icinga repository (linux)
apt_repository: repo="deb https://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release }} main"
when: ansible_connection != 'winrm'
- name: Installing Icinga packages (linux)
apt:
name: icinga2
state: latest
when: ansible_connection != 'winrm'
- name: Installing Icinga packages (win)
win_chocolatey:
name: icinga2
when: ansible_connection == 'winrm'
- name: Enable Icinga api feature (linux)
icinga2_feature: name=api
when: ansible_connection != 'winrm'
- name: Enable Icinga api feature (win)
win_command: icinga2 feature enable api
args:
chdir: C:\Program Files\icinga2\sbin
when: ansible_connection == 'winrm'
- name: Start/Restart Icinga2 Service (win)
win_service:
name: icinga2
state: restarted
when: ansible_connection == 'winrm'
- name: Ensure 'certs' directory exists (linux)
file: path={{ icinga_client_certs_path }} state=directory owner=nagios group=nagios
when: ansible_connection != 'winrm'
- name: Get Icinga client ticket (director).
uri:
headers:
Accept: application/json
url: "{{ icinga_director_url }}/host/ticket?name={{ icinga_client_fqdn }}"
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
return_content: yes
# TODO(otl): validate_certs yes when icinga_director_url is valid cert
validate_certs: no
register: icinga_client_ticket
when:
- icinga_client_generate_ticket == "director"
- ansible_connection != 'winrm'
- name: Get Icinga client ticket (director).
win_uri:
headers:
Accept: application/json
url: "{{ icinga_director_url }}/host/ticket?name={{ icinga_client_fqdn }}"
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
proxy_url: "{{ proxy_env }}"
return_content: yes
# TODO(otl): validate_certs yes when icinga_director_url is valid cert
validate_certs: no
register: icinga_client_ticket
when:
- icinga_client_generate_ticket == "director"
- ansible_connection == 'winrm'
- name: Get Icinga client ticket (ansible).
command: sudo -u nagios /usr/sbin/icinga2 pki ticket --cn {{ icinga_client_fqdn }} # Added nagios line to /etc/sudoers on above host, after #include line
delegate_to: "{{ icinga_master_fqdn }}"
become: false
register: icinga_client_ticket
when: icinga_client_generate_ticket == "ansible"
- name: Icinga ticket from stdout
set_fact:
icinga_client_ticket: "{{ icinga_client_ticket.stdout }}"
when:
- icinga_client_generate_ticket == "ansible"
- icinga_client_ticket.stdout
- name: Icinga ticket
debug:
msg: "ticket: {{ icinga_client_ticket }}"
- name: Generate Icinga client certs (linux)
command: >
icinga2 pki new-cert \
--cn "{{ icinga_client_fqdn }}" \
--key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
--cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt"
changed_when: false
when: ansible_connection != 'winrm'
- name: Generate Icinga client certs (win)
win_command: >
icinga2 pki new-cert \
--cn "{{ icinga_client_fqdn }}" \
--key "{{ icinga_client_win_certs_path ~ icinga_client_fqdn }}.key" \
--cert "{{ icinga_client_win_certs_path ~ icinga_client_fqdn }}.crt"
args:
chdir: C:\Program Files\icinga2\sbin
changed_when: false
when: ansible_connection == 'winrm'
- name: Get master trusted cert (linux)
command: >
icinga2 pki save-cert \
--trustedcert "{{ icinga_client_certs_path }}trusted-parent.crt" \
--host "{{ icinga_parent_fqdn }}"
# --key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
# --cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt" \
changed_when: false
when: ansible_connection != 'winrm'
- name: Create Icinga Certs Dir
win_file:
path: "{{ icinga_client_win_certs_path }}"
state: directory
when: ansible_connection == 'winrm'
- name: Get master trusted cert (win)
win_command: >
icinga2 pki save-cert \
--trustedcert "{{ icinga_client_win_certs_path }}trusted-parent.crt" \
--host "{{ icinga_parent_fqdn }}"
# --key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
# --cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt" \
args:
chdir: C:\Program Files\icinga2\sbin
changed_when: false
when: ansible_connection == 'winrm'
- name: Setup Icinga client node (linux)
command: >
icinga2 node setup
--ticket "{{ icinga_client_ticket }}" \
--cn "{{ icinga_client_fqdn }}" \
--zone "{{ icinga_client_zone }}" \
--endpoint "{{ icinga_parent_endpoint }}" \
--parent_host "{{ icinga_parent_fqdn }}" \
--parent_zone "{{ icinga_parent_zone }}" \
--trustedcert "{{ icinga_client_certs_path }}trusted-parent.crt" \
--accept-commands \
--accept-config \
--disable-confd
changed_when: false
when: ansible_connection != 'winrm'
- name: Setup Icinga client node (win)
win_command: >
icinga2 node setup
--ticket "{{ icinga_client_ticket }}" \
--cn "{{ icinga_client_fqdn }}" \
--zone "{{ icinga_client_zone }}" \
--endpoint "{{ icinga_parent_endpoint }}" \
--parent_host "{{ icinga_parent_fqdn }}" \
--parent_zone "{{ icinga_parent_zone }}" \
--trustedcert "{{ icinga_client_win_certs_path }}trusted-parent.crt" \
--accept-commands \
--accept-config \
--disable-confd
args:
chdir: C:\Program Files\icinga2\sbin
changed_when: false
when: ansible_connection == 'winrm'
- name: Ensure default 'conf.d' directory is not used (linux)
lineinfile:
path: /etc/icinga2/icinga2.conf
regexp: 'include_recursive.*conf\.d'
line: '//include_recursive "conf.d"'
when: ansible_connection != 'winrm'
#- name: Ensure default 'conf.d' directory is not used (linux)
# winlineinfile:
# path: C:\ProgramData\icinga2\etc\icinga2\icinga2.conf
# regexp: 'include_recursive.*conf\.d'
# line: '//include_recursive "conf.d"'
# when: ansible_connection == 'winrm'
- name: Restart Icinga service (linux)
service: name=icinga2 state=restarted
changed_when: false
when: ansible_connection != 'winrm'
- name: Restart Icinga2 Service again (win)
win_service:
name: icinga2
state: restarted
when: ansible_connection == 'winrm'
- name: Run Windows install
import_tasks: satellite-windows.yml
when: ansible_connection == 'winrm'
- name: Run Linux install
import_tasks: satellite-linux.yml
when: ansible_connection != 'winrm'
---
# Installing Icinga
- name: Add Icinga repository key (linux)
apt_key: url=https://packages.icinga.com/icinga.key
- name: Add Icinga repository (linux)
apt_repository: repo="deb https://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release }} main"
- name: Installing Icinga packages (linux)
apt:
name: icinga2
state: latest
# Getting things ready before ticket generation
- name: Enable Icinga api feature (linux)
icinga2_feature: name=api
- name: Ensure 'certs' directory exists (linux)
file: path={{ icinga_client_certs_path }} state=directory owner=nagios group=nagios
# Icinga ticket generation
- name: Get Icinga client ticket using director (linux)
uri:
headers:
Accept: application/json
url: "{{ icinga_director_url }}/host/ticket?name={{ icinga_client_fqdn }}"
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
return_content: yes
# TODO(otl): validate_certs yes when icinga_director_url is valid cert
validate_certs: no
register: icinga_client_ticket
when:
- icinga_client_generate_ticket == "director"
- name: Get Icinga client ticket using ansible (icinga master)
command: sudo -u nagios /usr/sbin/icinga2 pki ticket --cn {{ icinga_client_fqdn }} # Added nagios line to /etc/sudoers on above host, after #include line
delegate_to: "{{ icinga_master_fqdn }}"
become: false
register: icinga_client_ticket
when: icinga_client_generate_ticket == "ansible"
- name: Icinga ticket from stdout
set_fact:
icinga_client_ticket: "{{ icinga_client_ticket.stdout }}"
when:
- icinga_client_generate_ticket == "ansible"
- icinga_client_ticket.stdout
- name: Icinga ticket
debug:
msg: "ticket: {{ icinga_client_ticket }}"
- name: Generate Icinga client certs (linux)
command: >
icinga2 pki new-cert \
--cn "{{ icinga_client_fqdn }}" \
--key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
--cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt"
changed_when: false
- name: Get master trusted cert (linux)
command: >
icinga2 pki save-cert \
--trustedcert "{{ icinga_client_certs_path }}trusted-parent.crt" \
--host "{{ icinga_parent_fqdn }}"
# --key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
# --cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt" \
changed_when: false
# Satellite config
- name: Setup Icinga client node (linux)
command: >
icinga2 node setup
--ticket "{{ icinga_client_ticket }}" \
--cn "{{ icinga_client_fqdn }}" \
--zone "{{ icinga_client_zone }}" \
--endpoint "{{ icinga_parent_endpoint }}" \
--parent_host "{{ icinga_parent_fqdn }}" \
--parent_zone "{{ icinga_parent_zone }}" \
--trustedcert "{{ icinga_client_certs_path }}trusted-parent.crt" \
--accept-commands \
--accept-config \
--disable-confd
changed_when: false
- name: Ensure default 'conf.d' directory is not used (linux)
lineinfile:
path: /etc/icinga2/icinga2.conf
regexp: 'include_recursive.*conf\.d'
line: '//include_recursive "conf.d"'
# Satellite restart
- name: Restart Icinga service (linux)
service: name=icinga2 state=restarted
changed_when: false
---
# Installing Icinga
- name: Installing Icinga packages (win)
win_chocolatey:
name: icinga2
# Getting things ready before ticket generation
- name: Enable Icinga api feature (win)
win_command: icinga2 feature enable api
args:
chdir: C:\Program Files\icinga2\sbin
- name: Start/Restart Icinga2 Service (win)
win_service:
name: icinga2
state: restarted
# Icinga ticket generation
- name: Get Icinga client ticket from director (win)
win_uri:
headers:
Accept: application/json
url: "{{ icinga_director_url }}/host/ticket?name={{ icinga_client_fqdn }}"
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
proxy_url: "{{ proxy_env }}"
return_content: yes
# TODO(otl): validate_certs yes when icinga_director_url is valid cert
validate_certs: no
register: icinga_client_ticket
when:
- icinga_client_generate_ticket == "director"
- name: Get Icinga client ticket using ansible (icinga master)
command: sudo -u nagios /usr/sbin/icinga2 pki ticket --cn {{ icinga_client_fqdn }} # Added nagios line to /etc/sudoers on above host, after #include line
delegate_to: "{{ icinga_master_fqdn }}"
become: false
register: icinga_client_ticket
when: icinga_client_generate_ticket == "ansible"
- name: Icinga ticket from stdout
set_fact:
icinga_client_ticket: "{{ icinga_client_ticket.stdout }}"
when:
- icinga_client_generate_ticket == "ansible"
- icinga_client_ticket.stdout
- name: Icinga ticket
debug:
msg: "ticket: {{ icinga_client_ticket }}"
- name: Generate Icinga client certs (win)
win_command: >
icinga2 pki new-cert \
--cn "{{ icinga_client_fqdn }}" \
--key "{{ icinga_client_win_certs_path ~ icinga_client_fqdn }}.key" \
--cert "{{ icinga_client_win_certs_path ~ icinga_client_fqdn }}.crt"
args:
chdir: C:\Program Files\icinga2\sbin
changed_when: false
- name: Create Icinga Certs Dir (win)
win_file:
path: "{{ icinga_client_win_certs_path }}"
state: directory
- name: Get master trusted cert (win)
win_command: >
icinga2 pki save-cert \
--trustedcert "{{ icinga_client_win_certs_path }}trusted-parent.crt" \
--host "{{ icinga_parent_fqdn }}"
args:
chdir: C:\Program Files\icinga2\sbin
changed_when: false
# Satellite config
- name: Setup Icinga client node (win)
win_command: >
icinga2 node setup
--ticket "{{ icinga_client_ticket }}" \
--cn "{{ icinga_client_fqdn }}" \
--zone "{{ icinga_client_zone }}" \
--endpoint "{{ icinga_parent_endpoint }}" \
--parent_host "{{ icinga_parent_fqdn }}" \
--parent_zone "{{ icinga_parent_zone }}" \
--trustedcert "{{ icinga_client_win_certs_path }}trusted-parent.crt" \
--accept-commands \
--accept-config \
--disable-confd
args:
chdir: C:\Program Files\icinga2\sbin
changed_when: false
# TODO: IDK why we don't include this, it is important
#- name: Ensure default 'conf.d' directory is not used (win)
# winlineinfile:
# path: C:\ProgramData\icinga2\etc\icinga2\icinga2.conf
# regexp: 'include_recursive.*conf\.d'
# line: '//include_recursive "conf.d"'
# Satellite restart
- name: Restart Icinga2 Service (win)
win_service:
name: icinga2
state: restarted
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment