Commit 3181ead7 authored by David Kempe's avatar David Kempe
Browse files

Woody did this! yay - new feature for windows support

parent 51d8b1ac
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
icinga_client_fqdn: "{{ ansible_fqdn }}" icinga_client_fqdn: "{{ ansible_fqdn }}"
icinga_client_ip: "{{ ansible_default_ipv4.address }}" icinga_client_ip: "{{ ansible_default_ipv4.address }}"
icinga_client_certs_path: /var/lib/icinga2/certs/ icinga_client_certs_path: /var/lib/icinga2/certs/
icinga_client_win_certs_path: 'C:\ProgramData\icinga2\etc\icinga2\pki\'
icinga_parent_port: 5665 icinga_parent_port: 5665
icinga_parent_endpoint: "{{ icinga_parent_fqdn ~ ',' ~ icinga_parent_ip ~ ',' ~ icinga_parent_port }}" icinga_parent_endpoint: "{{ icinga_parent_fqdn ~ ',' ~ icinga_parent_ip ~ ',' ~ icinga_parent_port }}"
......
--- ---
- name: Add Icinga repository key. - name: Add Icinga repository key (linux)
apt_key: url=https://packages.icinga.com/icinga.key apt_key: url=https://packages.icinga.com/icinga.key
when: ansible_connection != 'winrm'
- name: Add Icinga repository. - name: Add Icinga repository (linux)
apt_repository: repo="deb https://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release }} main" apt_repository: repo="deb https://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release }} main"
when: ansible_connection != 'winrm'
- name: Installing Icinga packages. - name: Installing Icinga packages (linux)
apt: apt:
name: icinga2 name: icinga2
state: latest state: latest
when: ansible_connection != 'winrm'
- name: Enable Icinga api feature. - name: Installing Icinga packages (win)
win_chocolatey:
name: icinga2
when: ansible_connection == 'winrm'
- name: Enable Icinga api feature (linux)
icinga2_feature: name=api icinga2_feature: name=api
when: ansible_connection != 'winrm'
- name: Enable Icinga api feature (win)
win_command: icinga2 feature enable api
args:
chdir: C:\Program Files\icinga2\sbin
when: ansible_connection == 'winrm'
- name: Start/Restart Icinga2 Service (win)
win_service:
name: icinga2
state: restarted
when: ansible_connection == 'winrm'
- name: Ensure 'certs' directory exists. - name: Ensure 'certs' directory exists (linux)
file: path={{ icinga_client_certs_path }} state=directory owner=nagios group=nagios file: path={{ icinga_client_certs_path }} state=directory owner=nagios group=nagios
when: ansible_connection != 'winrm'
- name: Get Icinga client ticket (director). - name: Get Icinga client ticket (director).
uri: uri:
...@@ -30,8 +52,9 @@ ...@@ -30,8 +52,9 @@
when: icinga_client_generate_ticket == "director" when: icinga_client_generate_ticket == "director"
- name: Get Icinga client ticket (ansible). - name: Get Icinga client ticket (ansible).
command: icinga2 pki ticket --cn {{ icinga_client_fqdn }} command: sudo -u nagios /usr/sbin/icinga2 pki ticket --cn {{ icinga_client_fqdn }} # Added nagios line to /etc/sudoers on above host, after #include line
delegate_to: "{{ icinga_master_fqdn }}" delegate_to: "{{ icinga_master_fqdn }}"
become: false
register: icinga_client_ticket register: icinga_client_ticket
when: icinga_client_generate_ticket == "ansible" when: icinga_client_generate_ticket == "ansible"
...@@ -46,15 +69,27 @@ ...@@ -46,15 +69,27 @@
debug: debug:
msg: "ticket: {{ icinga_client_ticket }}" msg: "ticket: {{ icinga_client_ticket }}"
- name: Generate Icinga client certs. - name: Generate Icinga client certs (linux)
command: > command: >
icinga2 pki new-cert \ icinga2 pki new-cert \
--cn "{{ icinga_client_fqdn }}" \ --cn "{{ icinga_client_fqdn }}" \
--key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \ --key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
--cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt" --cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt"
changed_when: false changed_when: false
when: ansible_connection != 'winrm'
- name: Generate Icinga client certs (win)
win_command: >
icinga2 pki new-cert \
--cn "{{ icinga_client_fqdn }}" \
--key "{{ icinga_client_win_certs_path ~ icinga_client_fqdn }}.key" \
--cert "{{ icinga_client_win_certs_path ~ icinga_client_fqdn }}.crt"
args:
chdir: C:\Program Files\icinga2\sbin
changed_when: false
when: ansible_connection == 'winrm'
- name: Get master trusted cert. - name: Get master trusted cert (linux)
command: > command: >
icinga2 pki save-cert \ icinga2 pki save-cert \
--trustedcert "{{ icinga_client_certs_path }}trusted-parent.crt" \ --trustedcert "{{ icinga_client_certs_path }}trusted-parent.crt" \
...@@ -62,8 +97,27 @@ ...@@ -62,8 +97,27 @@
# --key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \ # --key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
# --cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt" \ # --cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt" \
changed_when: false changed_when: false
when: ansible_connection != 'winrm'
- name: Create Icinga Certs Dir
win_file:
path: "{{ icinga_client_win_certs_path }}"
state: directory
when: ansible_connection == 'winrm'
- name: Get master trusted cert (win)
win_command: >
icinga2 pki save-cert \
--trustedcert "{{ icinga_client_win_certs_path }}trusted-parent.crt" \
--host "{{ icinga_parent_fqdn }}"
# --key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
# --cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt" \
args:
chdir: C:\Program Files\icinga2\sbin
changed_when: false
when: ansible_connection == 'winrm'
- name: Setup Icinga client node. - name: Setup Icinga client node (linux)
command: > command: >
icinga2 node setup icinga2 node setup
--ticket "{{ icinga_client_ticket }}" \ --ticket "{{ icinga_client_ticket }}" \
...@@ -77,13 +131,48 @@ ...@@ -77,13 +131,48 @@
--accept-config \ --accept-config \
--disable-confd --disable-confd
changed_when: false changed_when: false
when: ansible_connection != 'winrm'
- name: Ensure default 'conf.d' directory is not used. - name: Setup Icinga client node (win)
win_command: >
icinga2 node setup
--ticket "{{ icinga_client_ticket }}" \
--cn "{{ icinga_client_fqdn }}" \
--zone "{{ icinga_client_zone }}" \
--endpoint "{{ icinga_parent_endpoint }}" \
--parent_host "{{ icinga_parent_fqdn }}" \
--parent_zone "{{ icinga_parent_zone }}" \
--trustedcert "{{ icinga_client_win_certs_path }}trusted-parent.crt" \
--accept-commands \
--accept-config \
--disable-confd
args:
chdir: C:\Program Files\icinga2\sbin
changed_when: false
when: ansible_connection == 'winrm'
- name: Ensure default 'conf.d' directory is not used (linux)
lineinfile: lineinfile:
path: /etc/icinga2/icinga2.conf path: /etc/icinga2/icinga2.conf
regexp: 'include_recursive.*conf\.d' regexp: 'include_recursive.*conf\.d'
line: '//include_recursive "conf.d"' line: '//include_recursive "conf.d"'
when: ansible_connection != 'winrm'
- name: Restart Icinga service. #- name: Ensure default 'conf.d' directory is not used (linux)
# winlineinfile:
# path: C:\ProgramData\icinga2\etc\icinga2\icinga2.conf
# regexp: 'include_recursive.*conf\.d'
# line: '//include_recursive "conf.d"'
# when: ansible_connection == 'winrm'
- name: Restart Icinga service (linux)
service: name=icinga2 state=restarted service: name=icinga2 state=restarted
changed_when: false changed_when: false
when: ansible_connection != 'winrm'
- name: Restart Icinga2 Service again (win)
win_service:
name: icinga2
state: restarted
when: ansible_connection == 'winrm'
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment