Commit 71867798 authored by Matthew Smith's avatar Matthew Smith
Browse files

Initial commit

parents
The MIT License (MIT)
Copyright (c) 2018 Mykhaylo Kolesnik
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# Ansible Role: Icinga Director Client
This role applies Icinga2 client installation and it's registration with Icinga Director, so that host will be immediately added to your Icinga2 monitoring system. Currently works only for Ubuntu and Debian distros.
## Requirements
This role requires Ansible 2.4 or higher. Requirements are listed in the metadata file.
## Role Variables
| Variable | Required | Default | Comments |
|----------|----------|---------|----------|
| `icinga_client_fqdn` | No | `{{ ansible_fqdn }}` | Icinga client FQDN. |
| `icinga_client_ip` | No | `{{ ansible_default_ipv4.address }}` | Icinga client IP used to communicate with master. |
| `icinga_client_display_name` | No | `{{ inventory_hostname }}` | Icinga client display name. |
| `icinga_client_certs_path` | No | `/var/lib/icinga2/certs/` | Path to Icinga client certs directory. |
| `icinga_client_import_template` | Yes | Not set | Host template name registered in Icinga Director. |
| `icinga_master_fqdn` | Yes | Not set | Icinga master FQDN. |
| `icinga_master_ip` | Yes | Not set | Icinga master IP. |
| `icinga_master_port` | No | `5665` | Icinga master port. |
| `icinga_director_user` | Yes | `admin` | Icinga Web user for API authentication. |
| `icinga_director_pass` | Yes | Not set | Icinga Web user password for API authentication. |
| `icinga_director_host_protocol` | No | `http` | Protocol used to communicate with Icinga Director - http or https. |
Example Playbook
----------------
```
- hosts: localhost
become: yes
roles:
- tenequm.icinga-director-client
vars:
icinga_director_pass: admin
icinga_client_import_template: 'Linux Server'
icinga_master_fqdn: icinga.example.com
icinga_master_ip: 127.0.0.1
```
License
-------
MIT
Author Information
------------------
This role was created in 2018 by [Mykhaylo Kolesnik](http://github.com/tenequm).
---
icinga_client_fqdn: "{{ ansible_fqdn }}"
icinga_client_ip: "{{ ansible_default_ipv4.address }}"
icinga_client_certs_path: /var/lib/icinga2/certs/
icinga_master_port: 5665
icinga_master_endpoint: "{{ icinga_master_fqdn ~ ',' ~ icinga_master_ip ~ ',' ~ icinga_master_port }}"
icinga_director_user: admin
icinga_director_host_protocol: http
icinga_director_url: "{{ icinga_director_host_protocol ~ '://' ~ icinga_master_fqdn ~ '/icingaweb2/director' }}"
---
- name: enable icinga
service: name=icinga2 state=started enabled=yes
galaxy_info:
author: Mykhaylo Kolesnik
description: Role for Icinga client setup through Icinga Director API.
license: MIT
min_ansible_version: 2.4
platforms:
- name: Debian
versions:
- jessie
- stretch
- name: Ubuntu
versions:
- xenial
galaxy_tags:
- icinga
- name: Zone object
debug:
var: icinga_client_endpoint_object
tags:
- director-config
- director-endpoint
- name: Register Icinga client endpoint.
uri:
body_format: json
headers:
Accept: application/json
body: "{{ icinga_client_endpoint_object }}"
method: POST
url: "{{ icinga_director_url }}/endpoint"
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
status_code: 201,500,422
return_content: yes
register: add_endpoint_result
tags:
- director-config
- director-endpoint
- name: Register Icinga client endpoint result
debug:
var: add_endpoint_result
tags:
- director-config
- director-endpoint
# TODO:needs a where clause to know to like the delete below
#- name: Remove Icinga client endpoint.
# uri:
# body_format: json
# headers:
# Accept: application/json
# method: DELETE
# url: "{{ icinga_director_url }}/endpoint?={{ ansible_hostname }}"
# user: "{{ icinga_director_user }}"
# password: "{{ icinga_director_pass }}"
# status_code: 201,500,422
# tags:
# - director-config
# - director-endpoint
# when: icinga_director_endpoint is not "true"
---
- name: Get netbox site info
uri:
url: "{{ icinga_client_netbox_url }}/api/dcim/sites/?q={{ netbox_site.name }}"
method: GET
headers:
Authorization: "Token {{ icinga_client_netbox_token }}"
validate_certs: "{{ icinga_client_netbox_validate_certs }}"
return_content: yes
body_format: json
status_code: 200,201,204,400
register: netbox_site_result
# until: netbox_site_result.json.status == "UP"
#retries: 10
#delay: 30
tags:
- director-config
- director-host-template
- director-host-host
- name: debug netbox_site_result
debug:
var: netbox_site_result
tags:
- director-config
- director-host-template
- director-host-host
- name: set fact for lat/long
set_fact:
icinga_client_host_template_object:
object_name: "{{ netbox_site.name }}"
object_type: "template"
vars:
geolocation: "{{ netbox_site_result.json.results[0].latitude }}, {{ netbox_site_result.json.results[0].longitude }}"
tags:
- director-config
- director-host-template
- director-host-host
- name: debug host_template
debug:
var: icinga_client_host_template_object
tags:
- director-config
- director-host-template
- director-host-host
- name: Register Icinga client host.
uri:
body_format: json
headers:
Accept: application/json
body: "{{ icinga_client_host_template_object }}"
method: POST
url: "{{ icinga_director_url }}/host"
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
status_code: 201,500,422
tags:
- director-config
- director-host-template
- director-host-host
- name: Register Icinga client host.
uri:
body_format: json
headers:
Accept: application/json
body: "{{ icinga_client_host_object }}"
method: POST
url: "{{ icinga_director_url }}/host"
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
status_code: 201,500,422
tags:
- director-config
- director-host
- name: Zone object
debug:
var: icinga_client_zone_object
tags:
- director-config
- director-zone
- name: Register Icinga client zone.
uri:
body_format: json
headers:
Accept: application/json
body: "{{ icinga_client_zone_object }}"
method: POST
url: "{{ icinga_director_url }}/zone"
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
status_code: 201,500,422
return_content: yes
register: add_zone_result
tags:
- director-config
- director-zone
- name: Register Icinga client zone result
debug:
var: add_zone_result
tags:
- director-config
- director-zone
# TODO:needs a where clause to know to like the delete below
#- name: Remove Icinga client zone.
# uri:
# body_format: json
# headers:
# Accept: application/json
# method: DELETE
# url: "{{ icinga_director_url }}/zone?={{ ansible_hostname }}"
# user: "{{ icinga_director_user }}"
# password: "{{ icinga_director_pass }}"
# status_code: 201,500,422
# tags:
# - director-config
# - director-zone
# when: icinga_director_zone is not "true"
---
- name: Add Icinga repository key.
apt_key: url=https://packages.icinga.com/icinga.key
- name: Add Icinga repository.
apt_repository: repo="deb https://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release }} main"
- name: Installing Icinga packages.
apt:
name: icinga2
state: latest
- name: Enable Icinga api feature.
icinga2_feature: name=api
- name: Ensure 'certs' directory exists.
file: path={{ icinga_client_certs_path }} state=directory owner=nagios group=nagios
- name: Get Icinga client ticket.
uri:
headers:
Accept: application/json
url: "{{ icinga_director_url }}/host/ticket?name={{ icinga_client_fqdn }}"
user: "{{ icinga_director_user }}"
password: "{{ icinga_director_pass }}"
return_content: yes
# TODO(otl): validate_certs yes when icinga.reivernet.io is valid cert
validate_certs: no
register: icinga_client_ticket
- name: Generate Icinga client certs.
command: >
icinga2 pki new-cert --cn {{ icinga_client_fqdn }} \
--key {{ icinga_client_certs_path ~ icinga_client_fqdn }}.key \
--cert {{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt
changed_when: false
- name: Get master trusted cert.
command: >
icinga2 pki save-cert --key {{ icinga_client_certs_path ~ icinga_client_fqdn }}.key \
--cert {{ icinga_client_certs_path ~ icinga_client_fqdn }}.crt \
--trustedcert {{ icinga_client_certs_path }}trusted-master.crt \
--host {{ icinga_master_fqdn }}
changed_when: false
- name: Setup Icinga client node.
command: >
icinga2 node setup --ticket {{ icinga_client_ticket.json }} \
--cn {{ icinga_client_fqdn }} --endpoint {{ icinga_master_endpoint }} \
--zone {{ icinga_client_zone }} --master_host {{ icinga_master_fqdn }} \
--trustedcert {{ icinga_client_certs_path }}trusted-master.crt \
--accept-commands --accept-config
changed_when: false
- name: Ensure default 'conf.d' directory is not used.
lineinfile:
path: /etc/icinga2/icinga2.conf
regexp: 'include_recursive.*conf\.d'
line: '//include_recursive "conf.d"'
- name: Restart Icinga service.
service: name=icinga2 state=restarted
changed_when: false
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment