Commit 51d8b1ac authored by Matthew Smith's avatar Matthew Smith
Browse files

allows for ticket generation using ansible instead of web

parent e4a76c12
......@@ -16,7 +16,7 @@
- name: Ensure 'certs' directory exists.
file: path={{ icinga_client_certs_path }} state=directory owner=nagios group=nagios
- name: Get Icinga client ticket.
- name: Get Icinga client ticket (director).
uri:
headers:
Accept: application/json
......@@ -24,9 +24,27 @@
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
return_content: yes
# TODO(otl): validate_certs yes when icinga.reivernet.io is valid cert
# TODO(otl): validate_certs yes when icinga_director_url is valid cert
validate_certs: no
register: icinga_client_ticket
when: icinga_client_generate_ticket == "director"
- name: Get Icinga client ticket (ansible).
command: icinga2 pki ticket --cn {{ icinga_client_fqdn }}
delegate_to: "{{ icinga_master_fqdn }}"
register: icinga_client_ticket
when: icinga_client_generate_ticket == "ansible"
- name: Icinga ticket from stdout
set_fact:
icinga_client_ticket: "{{ icinga_client_ticket.stdout }}"
when:
- icinga_client_generate_ticket == "ansible"
- icinga_client_ticket.stdout
- name: Icinga ticket
debug:
msg: "ticket: {{ icinga_client_ticket }}"
- name: Generate Icinga client certs.
command: >
......@@ -39,23 +57,25 @@
- name: Get master trusted cert.
command: >
icinga2 pki save-cert \
--key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
--cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt" \
--trustedcert "{{ icinga_client_certs_path }}trusted-master.crt" \
--host "{{ icinga_master_fqdn }}"
--trustedcert "{{ icinga_client_certs_path }}trusted-parent.crt" \
--host "{{ icinga_parent_fqdn }}"
# --key "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.key" \
# --cert "{{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt" \
changed_when: false
- name: Setup Icinga client node.
command: >
icinga2 node setup
--ticket "{{ icinga_client_ticket.json }}" \
--ticket "{{ icinga_client_ticket }}" \
--cn "{{ icinga_client_fqdn }}" \
--zone "{{ icinga_client_zone }}" \
--endpoint "{{ icinga_parent_endpoint }}" \
--parent_host "{{ icinga_parent_fqdn }}" \
--parent_zone "{{ icinga_parent_zone }}" \
--trustedcert "{{ icinga_client_certs_path }}trusted-master.crt" \
--accept-commands --accept-config
--trustedcert "{{ icinga_client_certs_path }}trusted-parent.crt" \
--accept-commands \
--accept-config \
--disable-confd
changed_when: false
- name: Ensure default 'conf.d' directory is not used.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment