From 5158d4cfca4ca69a53b823be8f110b5c86b3a905 Mon Sep 17 00:00:00 2001 From: "Patrick H." Date: Mon, 22 Jul 2024 15:42:49 +0200 Subject: [PATCH 01/29] fix: update name of fail2ban role --- tasks/installation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/installation.yml b/tasks/installation.yml index 6bb4052..6cb8c9b 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -7,7 +7,7 @@ - name: Install fail2ban using role ansible.builtin.include_role: - name: robertdebock.roles.fail2ban + name: robertdebock.fail2ban # Allow httpd to connect to the mysql database - name: Set httpd_can_network_connect_db flag on and keep it persistent across reboots From 569af98da4ae4f85b1d9c6d838eb77108dc5c3d2 Mon Sep 17 00:00:00 2001 From: "Patrick H." Date: Mon, 22 Jul 2024 16:03:23 +0200 Subject: [PATCH 02/29] fix: remove selinux configuration for debian --- tasks/installation.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/installation.yml b/tasks/installation.yml index 6cb8c9b..667c0fe 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -15,6 +15,7 @@ name: httpd_can_network_connect_db state: true persistent: true + when: ansible_distribution == 'RedHat' # Allow httpd to connect to the network - name: Set httpd_can_network_connect flag on and keep it persistent across reboots @@ -22,6 +23,7 @@ name: httpd_can_network_connect state: true persistent: true + when: ansible_distribution == 'RedHat' - name: Check if icingaweb2 table and user in mysql exist ansible.builtin.shell: > From aa1a9eb8c45d707f244a40c081a29c4e67e35d83 Mon Sep 17 00:00:00 2001 From: Patrick Heinis Date: Tue, 23 Jul 2024 10:48:12 +0200 Subject: [PATCH 03/29] fix: ensure debian works and remove old way of managing packages --- tasks/configuration.yml | 43 +++-------- tasks/installation.yml | 75 +++++++++---------- .../director/config.ini.j2 | 0 .../director/kickstart.ini.j2 | 0 .../monitoring/backends.ini.j2 | 0 .../monitoring/commandtransports.ini.j2 | 0 .../monitoring/config.ini.j2 | 0 .../reporting/config.ini.j2 | 0 8 files changed, 47 insertions(+), 71 deletions(-) rename templates/etc/icingaweb2/{modules => enabledModules}/director/config.ini.j2 (100%) rename templates/etc/icingaweb2/{modules => enabledModules}/director/kickstart.ini.j2 (100%) rename templates/etc/icingaweb2/{modules => enabledModules}/monitoring/backends.ini.j2 (100%) rename templates/etc/icingaweb2/{modules => enabledModules}/monitoring/commandtransports.ini.j2 (100%) rename templates/etc/icingaweb2/{modules => enabledModules}/monitoring/config.ini.j2 (100%) rename templates/etc/icingaweb2/{modules => enabledModules}/reporting/config.ini.j2 (100%) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index a9f9b23..b0d96f3 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -13,29 +13,10 @@ selevel: s0 loop: '{{ icinga2_web_managed_config_files }}' -- name: Enable the icingaweb2 monitoring module - ansible.builtin.file: - src: /usr/share/icingaweb2/modules/monitoring - dest: /etc/icingaweb2/enabledModules/monitoring - state: link - mode: "0755" - -- name: Ensure icingaweb2 modules directory is present - ansible.builtin.file: - name: /etc/icingaweb2/modules/monitoring - state: directory - owner: root - group: icingaweb2 - mode: "0755" - seuser: system_u - serole: object_r - setype: icingaweb2_config_t - selevel: s0 - - name: Configure icingaweb2 monitoring module ansible.builtin.template: - src: templates/etc/icingaweb2/modules/monitoring/config.ini.j2 - dest: /etc/icingaweb2/modules/monitoring/config.ini + src: templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 + dest: /etc/icingaweb2/enabledModules/monitoring/config.ini owner: root group: icingaweb2 mode: "0660" @@ -46,8 +27,8 @@ - name: Configure icingaweb2 monitoring module commandtransport ansible.builtin.template: - src: templates/etc/icingaweb2/modules/monitoring/commandtransports.ini.j2 - dest: /etc/icingaweb2/modules/monitoring/commandtransports.ini + src: templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 + dest: /etc/icingaweb2/enabledModules/monitoring/commandtransports.ini owner: root group: icingaweb2 mode: "0660" @@ -58,8 +39,8 @@ - name: Configure icingaweb2 monitoring module backends ansible.builtin.template: - src: templates/etc/icingaweb2/modules/monitoring/backends.ini.j2 - dest: /etc/icingaweb2/modules/monitoring/backends.ini + src: templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 + dest: /etc/icingaweb2/enabledModules/monitoring/backends.ini owner: root group: icingaweb2 mode: "0660" @@ -70,8 +51,8 @@ - name: Configure icingaweb2 director module ansible.builtin.template: - src: templates/etc/icingaweb2/modules/director/config.ini.j2 - dest: /etc/icingaweb2/modules/director/config.ini + src: templates/etc/icingaweb2/enabledModules/director/config.ini.j2 + dest: /etc/icingaweb2/enabledModules/director/config.ini owner: root group: icingaweb2 mode: "0660" @@ -83,8 +64,8 @@ - name: Configure icingaweb2 director module api ansible.builtin.template: - src: templates/etc/icingaweb2/modules/director/kickstart.ini.j2 - dest: /etc/icingaweb2/modules/director/kickstart.ini + src: templates/etc/icingaweb2/enabledModules/director/kickstart.ini.j2 + dest: /etc/icingaweb2/enabledModules/director/kickstart.ini owner: root group: icingaweb2 mode: "0660" @@ -100,8 +81,8 @@ - name: Configure icingaweb2 reporting module ansible.builtin.template: - src: templates/etc/icingaweb2/modules/reporting/config.ini.j2 - dest: /etc/icingaweb2/modules/reporting/config.ini + src: templates/etc/icingaweb2/enabledModules/reporting/config.ini.j2 + dest: /etc/icingaweb2/enabledModules/reporting/config.ini owner: root group: icingaweb2 mode: "0660" diff --git a/tasks/installation.yml b/tasks/installation.yml index 667c0fe..5ee689a 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -71,43 +71,10 @@ - not ansible_check_mode - icinga2_web_register_icingaweb2_imported.rc == 1 -- name: Ensure icingaweb2 modules directory is present - ansible.builtin.file: - name: /etc/icingaweb2/enabledModules - state: directory - owner: root - group: icingaweb2 - mode: "0755" - -- name: Ensure icingaweb2 modules directory is present and set selinux - ansible.builtin.file: - name: /etc/icingaweb2/enabledModules - state: directory - owner: root - group: icingaweb2 - mode: "0755" - seuser: system_u - serole: object_r - setype: icingaweb2_config_t - selevel: s0 - notify: Icinga2_web reload icinga2 - -- name: Install modules from github - ansible.builtin.git: - repo: '{{ item.url }}' - dest: '/etc/icingaweb2/modules/{{ item.name }}' - version: '{{ item.version }}' - loop: '{{ icinga2_web_modules }}' - notify: Icinga2_web reload icinga2 - -- name: Enable modules from github - ansible.builtin.file: - src: '/etc/icingaweb2/modules/{{ item.name }}' - dest: '/etc/icingaweb2/enabledModules/{{ item.name }}' - state: link - mode: "0755" - loop: '{{ icinga2_web_modules }}' - notify: Icinga2_web reload icinga2 +- name: install icingaweb2 modules + ansible.builtin.package: + name: '{{ icinga2_web_modules }}' + state: present - name: Create icingaweb2 director user for background daemon ansible.builtin.user: @@ -133,7 +100,7 @@ - name: Install systemd service for icingaweb2 director daemon ansible.builtin.copy: - src: /etc/icingaweb2/modules/director/contrib/systemd/icinga-director.service + src: /usr/share/icingaweb2/modules/director/contrib/systemd/icinga-director.service remote_src: true dest: /etc/systemd/system mode: "0644" @@ -158,13 +125,41 @@ gpgkey: https://packages.grafana.com/gpg.key sslverify: true sslcacert: /etc/pki/tls/certs/ca-bundle.crt - when: icinga2_web_grafana.enabled + when: + - icinga2_web_grafana.enabled + - ansible_distribution == 'RedHat' - name: Install grafana ansible.builtin.yum: name: grafana state: present - when: icinga2_web_grafana.enabled + when: + - icinga2_web_grafana.enabled + - ansible_distribution == 'RedHat' + +- name: Add grafana apt key + ansible.builtin.apt_key: + id: 963FA27710458545 + url: https://apt.grafana.com/gpg.key + state: present + when: + - icinga2_web_grafana.enabled + - ansible_distribution == 'Debian' + +- name: Add grafana repository + ansible.builtin.apt_repository: + repo: deb https://apt.grafana.com stable main + state: present + when: + - icinga2_web_grafana.enabled + - ansible_distribution == 'Debian' + +- name: Install grafana + ansible.builtin.apt: + name: grafana + when: + - icinga2_web_grafana.enabled + - ansible_distribution == 'Debian' - name: Enable and start grafana service ansible.builtin.systemd_service: diff --git a/templates/etc/icingaweb2/modules/director/config.ini.j2 b/templates/etc/icingaweb2/enabledModules/director/config.ini.j2 similarity index 100% rename from templates/etc/icingaweb2/modules/director/config.ini.j2 rename to templates/etc/icingaweb2/enabledModules/director/config.ini.j2 diff --git a/templates/etc/icingaweb2/modules/director/kickstart.ini.j2 b/templates/etc/icingaweb2/enabledModules/director/kickstart.ini.j2 similarity index 100% rename from templates/etc/icingaweb2/modules/director/kickstart.ini.j2 rename to templates/etc/icingaweb2/enabledModules/director/kickstart.ini.j2 diff --git a/templates/etc/icingaweb2/modules/monitoring/backends.ini.j2 b/templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 similarity index 100% rename from templates/etc/icingaweb2/modules/monitoring/backends.ini.j2 rename to templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 diff --git a/templates/etc/icingaweb2/modules/monitoring/commandtransports.ini.j2 b/templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 similarity index 100% rename from templates/etc/icingaweb2/modules/monitoring/commandtransports.ini.j2 rename to templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 diff --git a/templates/etc/icingaweb2/modules/monitoring/config.ini.j2 b/templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 similarity index 100% rename from templates/etc/icingaweb2/modules/monitoring/config.ini.j2 rename to templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 diff --git a/templates/etc/icingaweb2/modules/reporting/config.ini.j2 b/templates/etc/icingaweb2/enabledModules/reporting/config.ini.j2 similarity index 100% rename from templates/etc/icingaweb2/modules/reporting/config.ini.j2 rename to templates/etc/icingaweb2/enabledModules/reporting/config.ini.j2 From 481550c21e224eac129ff3016b6874d00cb8cff9 Mon Sep 17 00:00:00 2001 From: Patrick Heinis Date: Mon, 29 Jul 2024 16:40:47 +0200 Subject: [PATCH 04/29] add debian support --- tasks/configuration.yml | 94 +++++++++++++++++++++++++++++------------ vars/Debian.yml | 2 +- 2 files changed, 68 insertions(+), 28 deletions(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index b0d96f3..32d1c9e 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -13,41 +13,81 @@ selevel: s0 loop: '{{ icinga2_web_managed_config_files }}' -- name: Configure icingaweb2 monitoring module - ansible.builtin.template: - src: templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 - dest: /etc/icingaweb2/enabledModules/monitoring/config.ini +- name: Create a symbolic link for module director + ansible.builtin.file: + src: /usr/share/icingaweb2/modules/director + dest: /etc/icingaweb2/modules/director owner: root group: icingaweb2 - mode: "0660" - seuser: system_u - serole: object_r - setype: icingaweb2_config_t - selevel: s0 + state: link -- name: Configure icingaweb2 monitoring module commandtransport - ansible.builtin.template: - src: templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 - dest: /etc/icingaweb2/enabledModules/monitoring/commandtransports.ini +- name: Create a symbolic link for module graphite + ansible.builtin.file: + src: /usr/share/icingaweb2/modules/graphite + dest: /etc/icingaweb2/modules/graphite owner: root group: icingaweb2 - mode: "0660" - seuser: system_u - serole: object_r - setype: icingaweb2_config_t - selevel: s0 + state: link -- name: Configure icingaweb2 monitoring module backends - ansible.builtin.template: - src: templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 - dest: /etc/icingaweb2/enabledModules/monitoring/backends.ini +- name: Create a symbolic link for module incubator + ansible.builtin.file: + src: /usr/share/icingaweb2/modules/incubator + dest: /etc/icingaweb2/modules/incubator owner: root group: icingaweb2 - mode: "0660" - seuser: system_u - serole: object_r - setype: icingaweb2_config_t - selevel: s0 + state: link + +- name: Create a symbolic link for module pdfexport + ansible.builtin.file: + src: /usr/share/icingaweb2/modules/pdfexport + dest: /etc/icingaweb2/modules/pdfexport + owner: root + group: icingaweb2 + state: link + +- name: Create a symbolic link for module reporting + ansible.builtin.file: + src: /usr/share/icingaweb2/modules/reporting + dest: /etc/icingaweb2/modules/reporting + owner: root + group: icingaweb2 + state: link + +#- name: Configure icingaweb2 monitoring module +# ansible.builtin.template: +# src: templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 +# dest: /etc/icingaweb2/enabledModules/monitoring/config.ini +# owner: root +# group: icingaweb2 +# mode: "0660" +# seuser: system_u +# serole: object_r +# setype: icingaweb2_config_t +# selevel: s0 + +#- name: Configure icingaweb2 monitoring module commandtransport +# ansible.builtin.template: +# src: templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 +# dest: /etc/icingaweb2/enabledModules/monitoring/commandtransports.ini +# owner: root +# group: icingaweb2 +# mode: "0660" +# seuser: system_u +# serole: object_r +# setype: icingaweb2_config_t +# selevel: s0 +# +#- name: Configure icingaweb2 monitoring module backends +# ansible.builtin.template: +# src: templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 +# dest: /etc/icingaweb2/enabledModules/monitoring/backends.ini +# owner: root +# group: icingaweb2 +# mode: "0660" +# seuser: system_u +# serole: object_r +# setype: icingaweb2_config_t +# selevel: s0 - name: Configure icingaweb2 director module ansible.builtin.template: diff --git a/vars/Debian.yml b/vars/Debian.yml index 2fdd308..71ff00e 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,7 +1,7 @@ --- # mysql.schema.sql path for debian -icinga2_web_mysql_schema_sql_path: /usr/share/icingaweb2/etc/schema/mysql.schema.sql +icinga2_web_mysql_schema_sql_path: /usr/share/icingaweb2/schema/mysql.schema.sql # package list needed for icingaweb2 icinga2_web_packages: From 2892275dd418e6822cd7393fc5922a8747c57d8f Mon Sep 17 00:00:00 2001 From: Patrick Heinis Date: Tue, 30 Jul 2024 09:49:05 +0200 Subject: [PATCH 05/29] add icingadb component --- defaults/main.yml | 4 +- tasks/configuration.yml | 116 ++++++++++++++++++++++++++++------------ tasks/installation.yml | 6 +++ vars/Debian.yml | 3 ++ vars/RedHat.yml | 3 ++ 5 files changed, 96 insertions(+), 36 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 45753df..1ce3b7a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -27,6 +27,9 @@ icinga2_web_director_api_user: director # icinga2 director API password icinga2_web_director_api_pass: 'passw0rd' +#icingadb instead of ido +icinga2_web_use_icingadb: false + ## icingaweb2 database settings # The icingaweb2 database name icinga2_web_icingaweb2_database_name: icingaweb2 @@ -52,7 +55,6 @@ icinga2_web_icingaweb2_database_ssl: 0 # icingaweb2 database ssl ca path icinga2_web_icingaweb2_database_ssl_ca: /etc/pki/tls/certs/ca-bundle.crt - # A root user on the db host with permissions to # add the user specified above (icinga2_web_icingaweb2_database_user) icinga2_web_database_root_user: root diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 32d1c9e..c365cda 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -53,41 +53,87 @@ group: icingaweb2 state: link -#- name: Configure icingaweb2 monitoring module -# ansible.builtin.template: -# src: templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 -# dest: /etc/icingaweb2/enabledModules/monitoring/config.ini -# owner: root -# group: icingaweb2 -# mode: "0660" -# seuser: system_u -# serole: object_r -# setype: icingaweb2_config_t -# selevel: s0 - -#- name: Configure icingaweb2 monitoring module commandtransport -# ansible.builtin.template: -# src: templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 -# dest: /etc/icingaweb2/enabledModules/monitoring/commandtransports.ini -# owner: root -# group: icingaweb2 -# mode: "0660" -# seuser: system_u -# serole: object_r -# setype: icingaweb2_config_t -# selevel: s0 -# -#- name: Configure icingaweb2 monitoring module backends -# ansible.builtin.template: -# src: templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 -# dest: /etc/icingaweb2/enabledModules/monitoring/backends.ini -# owner: root -# group: icingaweb2 -# mode: "0660" -# seuser: system_u -# serole: object_r -# setype: icingaweb2_config_t -# selevel: s0 +- name: enable icingadb module + ansible.builtin.command: icingacli module enable icingadb + when: icinga2_web_use_icingadb = true + +- name: Configure icingaweb2 icingadb module - config.ini + ansible.builtin.template: + src: templates/etc/icingaweb2/modules/icingadb/config.ini.j2 + dest: /etc/icingaweb2/modules/icingadb/config.ini + owner: www-data + group: icingaweb2 + mode: "0660" + seuser: system_u + serole: object_r + setype: icingaweb2_config_t + selevel: s0 + when: icinga2_web_use_icingadb = true + +- name: Configure icingaweb2 icingadb module - redis.ini + ansible.builtin.template: + src: templates/etc/icingaweb2/modules/icingadb/redis.ini.j2 + dest: /etc/icingaweb2/modules/icingadb/redis.ini + owner: www-data + group: icingaweb2 + mode: "0660" + seuser: system_u + serole: object_r + setype: icingaweb2_config_t + selevel: s0 + when: icinga2_web_use_icingadb = true + +- name: Configure icingaweb2 icingadb module - commandtransports.ini + ansible.builtin.template: + src: templates/etc/icingaweb2/modules/icingadb/commandtransports.ini.j2 + dest: /etc/icingaweb2/modules/icingadb/config.ini + owner: www-data + group: icingaweb2 + mode: "0660" + seuser: system_u + serole: object_r + setype: icingaweb2_config_t + selevel: s0 + when: icinga2_web_use_icingadb = true + +- name: Configure icingaweb2 monitoring module + ansible.builtin.template: + src: templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 + dest: /etc/icingaweb2/enabledModules/monitoring/config.ini + owner: root + group: icingaweb2 + mode: "0660" + seuser: system_u + serole: object_r + setype: icingaweb2_config_t + selevel: s0 + when: icinga2_web_use_icingadb = false + +- name: Configure icingaweb2 monitoring module commandtransport + ansible.builtin.template: + src: templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 + dest: /etc/icingaweb2/enabledModules/monitoring/commandtransports.ini + owner: root + group: icingaweb2 + mode: "0660" + seuser: system_u + serole: object_r + setype: icingaweb2_config_t + selevel: s0 + when: icinga2_web_use_icingadb = false + +- name: Configure icingaweb2 monitoring module backends + ansible.builtin.template: + src: templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 + dest: /etc/icingaweb2/enabledModules/monitoring/backends.ini + owner: root + group: icingaweb2 + mode: "0660" + seuser: system_u + serole: object_r + setype: icingaweb2_config_t + selevel: s0 + when: icinga2_web_use_icingadb = false - name: Configure icingaweb2 director module ansible.builtin.template: diff --git a/tasks/installation.yml b/tasks/installation.yml index 5ee689a..91bf5f1 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -5,6 +5,12 @@ name: '{{ icinga2_web_packages }}' state: present +- name: Install icingaDB web packages + ansible.builtin.package: + name: '{{ icinga2_web_icingadb_packages }}' + state: present + when icinga2_web_use_icingadb: true + - name: Install fail2ban using role ansible.builtin.include_role: name: robertdebock.fail2ban diff --git a/vars/Debian.yml b/vars/Debian.yml index 71ff00e..c4da1dc 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -13,5 +13,8 @@ icinga2_web_packages: - mariadb-client - git +icinga2_web_icingadb_packages: + - icingadb-web + # path to ca store icinga2_web_ca_path: "/etc/ssl/certs/ca-certificates.crt" diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 210026e..aa79f90 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -12,5 +12,8 @@ icinga2_web_packages: - mysql - git +icinga2_web_icingadb_packages: + - icingadb-web + # path to ca store icinga2_web_ca_path: "/etc/ssl/certs/ca-bundle.crt" From 132ddfd8a49529b173ed9b68880629002ecf5a34 Mon Sep 17 00:00:00 2001 From: Patrick Heinis Date: Tue, 30 Jul 2024 10:32:57 +0200 Subject: [PATCH 06/29] fix wrong indent --- tasks/installation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/installation.yml b/tasks/installation.yml index 91bf5f1..f9f9e3f 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -9,7 +9,7 @@ ansible.builtin.package: name: '{{ icinga2_web_icingadb_packages }}' state: present - when icinga2_web_use_icingadb: true + when icinga2_web_use_icingadb: true - name: Install fail2ban using role ansible.builtin.include_role: From f1c6031d57cbb7a658f9eeed70f20c43c8437186 Mon Sep 17 00:00:00 2001 From: Patrick Heinis Date: Tue, 30 Jul 2024 10:34:19 +0200 Subject: [PATCH 07/29] correct more typos --- tasks/installation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/installation.yml b/tasks/installation.yml index f9f9e3f..568da30 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -9,7 +9,7 @@ ansible.builtin.package: name: '{{ icinga2_web_icingadb_packages }}' state: present - when icinga2_web_use_icingadb: true + when: icinga2_web_use_icingadb = true - name: Install fail2ban using role ansible.builtin.include_role: From 3bafc15411a43388c5ad416f2837b63d050ffe7d Mon Sep 17 00:00:00 2001 From: Patrick Heinis Date: Tue, 30 Jul 2024 10:38:56 +0200 Subject: [PATCH 08/29] more fixing --- tasks/installation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/installation.yml b/tasks/installation.yml index 568da30..4265046 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -9,7 +9,7 @@ ansible.builtin.package: name: '{{ icinga2_web_icingadb_packages }}' state: present - when: icinga2_web_use_icingadb = true + when: icinga2_web_use_icingadb == true - name: Install fail2ban using role ansible.builtin.include_role: From 63c1648f96e2a1370381e2034a4d30c767109a0e Mon Sep 17 00:00:00 2001 From: Patrick Heinis Date: Tue, 30 Jul 2024 10:47:57 +0200 Subject: [PATCH 09/29] remove faulty symlink for pdfexport module --- tasks/configuration.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index c365cda..0c621a6 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -37,15 +37,7 @@ group: icingaweb2 state: link -- name: Create a symbolic link for module pdfexport - ansible.builtin.file: - src: /usr/share/icingaweb2/modules/pdfexport - dest: /etc/icingaweb2/modules/pdfexport - owner: root - group: icingaweb2 - state: link - -- name: Create a symbolic link for module reporting +- name: Create a symbolic link for module reporting ansible.builtin.file: src: /usr/share/icingaweb2/modules/reporting dest: /etc/icingaweb2/modules/reporting From 807c207ca840fd0efe8b4ea12954a6a1c5620713 Mon Sep 17 00:00:00 2001 From: Patrick Heinis Date: Tue, 6 Aug 2024 14:26:49 +0200 Subject: [PATCH 10/29] fix database import --- defaults/main.yml | 2 +- tasks/configuration.yml | 36 +++++++++------- tasks/installation.yml | 42 ++++++++----------- .../monitoring/backends.ini.j2 | 0 .../monitoring/commandtransports.ini.j2 | 0 .../monitoring/config.ini.j2 | 0 vars/Debian.yml | 3 ++ 7 files changed, 42 insertions(+), 41 deletions(-) rename templates/etc/icingaweb2/{enabledModules => modules}/monitoring/backends.ini.j2 (100%) rename templates/etc/icingaweb2/{enabledModules => modules}/monitoring/commandtransports.ini.j2 (100%) rename templates/etc/icingaweb2/{enabledModules => modules}/monitoring/config.ini.j2 (100%) diff --git a/defaults/main.yml b/defaults/main.yml index 1ce3b7a..46bc951 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -57,7 +57,7 @@ icinga2_web_icingaweb2_database_ssl_ca: /etc/pki/tls/certs/ca-bundle.crt # A root user on the db host with permissions to # add the user specified above (icinga2_web_icingaweb2_database_user) -icinga2_web_database_root_user: root +icinga2_web_database_user: icingaweb2 # corresponding password to the root user icinga2_web_database_root_pass: 'passw0rd' diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 0c621a6..f8b7bfe 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -47,7 +47,7 @@ - name: enable icingadb module ansible.builtin.command: icingacli module enable icingadb - when: icinga2_web_use_icingadb = true + when: icinga2_web_use_icingadb == true - name: Configure icingaweb2 icingadb module - config.ini ansible.builtin.template: @@ -60,7 +60,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb = true + when: icinga2_web_use_icingadb == true - name: Configure icingaweb2 icingadb module - redis.ini ansible.builtin.template: @@ -73,7 +73,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb = true + when: icinga2_web_use_icingadb == true - name: Configure icingaweb2 icingadb module - commandtransports.ini ansible.builtin.template: @@ -86,12 +86,18 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb = true + when: icinga2_web_use_icingadb == true + +- name: Create config directory for icingaweb2 module monitoring + ansible.builtin.file: + path: /etc/icingaweb2/modules/monitoring/ + state: directory + mode: '0755' - name: Configure icingaweb2 monitoring module ansible.builtin.template: - src: templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 - dest: /etc/icingaweb2/enabledModules/monitoring/config.ini + src: templates/etc/icingaweb2/modules/monitoring/config.ini.j2 + dest: /etc/icingaweb2/modules/monitoring/config.ini owner: root group: icingaweb2 mode: "0660" @@ -99,12 +105,12 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb = false + when: icinga2_web_use_icingadb == false - name: Configure icingaweb2 monitoring module commandtransport ansible.builtin.template: - src: templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 - dest: /etc/icingaweb2/enabledModules/monitoring/commandtransports.ini + src: templates/etc/icingaweb2/modules/monitoring/commandtransports.ini.j2 + dest: /etc/icingaweb2/modules/monitoring/commandtransports.ini owner: root group: icingaweb2 mode: "0660" @@ -112,12 +118,12 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb = false + when: icinga2_web_use_icingadb == false - name: Configure icingaweb2 monitoring module backends ansible.builtin.template: - src: templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 - dest: /etc/icingaweb2/enabledModules/monitoring/backends.ini + src: templates/etc/icingaweb2/modules/monitoring/backends.ini.j2 + dest: /etc/icingaweb2/modules/monitoring/backends.ini owner: root group: icingaweb2 mode: "0660" @@ -125,7 +131,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb = false + when: icinga2_web_use_icingadb == false - name: Configure icingaweb2 director module ansible.builtin.template: @@ -177,7 +183,7 @@ - not ansible_check_mode - icinga2_web_register_icingaweb2_imported.rc == 1 -- name: Insert icingaweb2 admin password into database # noqa no-changed-when +- name: Insert icingaweb2 admin password into database # noqa no-changed-when ansible.builtin.command: > mysql -h'{{ icinga2_web_icingaweb2_database_host }}' @@ -189,8 +195,8 @@ ('admin', 1, '{{ icinga2_web_register_admin_hash.stdout }}')" when: - not ansible_check_mode - - icinga2_web_register_icingaweb2_imported.rc == 1 - icinga2_web_register_admin_hash + - icinga2_web_register_icingaweb2_imported.rc == 1 - name: Configure grafana ansible.builtin.template: diff --git a/tasks/installation.yml b/tasks/installation.yml index 4265046..6c5b8c3 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -31,27 +31,36 @@ persistent: true when: ansible_distribution == 'RedHat' -- name: Check if icingaweb2 table and user in mysql exist +- name: Check if icingaweb2 table and user in mysql exist (this might fail but thats expected) ansible.builtin.shell: > set -o pipefail; mysql - --user={{ icinga2_web_database_root_user }} - --password={{ icinga2_web_database_root_pass }} + --user={{ icinga2_web_database_user }} + --password={{ vault_icinga2_web_icingaweb2_database_pass }} --host={{ icinga2_web_icingaweb2_database_host }} --ssl-ca={{ icinga2_web_ca_path }} {{ icinga2_web_icingaweb2_database_name }} - -e "SHOW TABLES;" | grep "icingaweb_user" + -e "SHOW TABLES;" | grep icingaweb_user + args: + executable: /bin/bash register: icinga2_web_register_icingaweb2_imported changed_when: icinga2_web_register_icingaweb2_imported.rc == 1 - failed_when: "'Access denied for' in icinga2_web_register_icingaweb2_imported.stderr" + ignore_errors: true -- name: Import icingaweb2 database schema using the root user +- name: Print return information from the previous task + ansible.builtin.debug: + var: icinga2_web_register_icingaweb2_imported.rc + verbosity: 2 + + + +- name: Import icingaweb2 database schema community.mysql.mysql_db: name: '{{ icinga2_web_icingaweb2_database_name }}' login_host: '{{ icinga2_web_icingaweb2_database_host }}' login_port: '{{ icinga2_web_icingaweb2_database_port }}' - login_user: '{{ icinga2_web_database_root_user }}' - login_password: '{{ icinga2_web_database_root_pass }}' + login_user: '{{ icinga2_web_database_user }}' + login_password: '{{ vault_icinga2_web_icingaweb2_database_pass }}' ssl_ca: '{{ icinga2_web_ca_path }}' state: import target: '{{ icinga2_web_mysql_schema_sql_path }}' @@ -60,23 +69,6 @@ - not ansible_check_mode - icinga2_web_register_icingaweb2_imported.rc == 1 -- name: Create a user with access only to the icingaweb2 database using the root user - community.mysql.mysql_user: - name: '{{ icinga2_web_icingaweb2_database_user.split("@")[0] }}' - password: '{{ icinga2_web_icingaweb2_database_pass }}' - priv: '{{ icinga2_web_icingaweb2_database_name }}.*:ALL' - host: '{{ icinga2_web_icingaweb2_database_hostpattern }}' - login_host: '{{ icinga2_web_icingaweb2_database_host }}' - login_port: '{{ icinga2_web_icingaweb2_database_port }}' - login_user: '{{ icinga2_web_database_root_user }}' - login_password: '{{ icinga2_web_database_root_pass }}' - ssl_ca: '{{ icinga2_web_ca_path }}' - state: present - run_once: true - when: - - not ansible_check_mode - - icinga2_web_register_icingaweb2_imported.rc == 1 - - name: install icingaweb2 modules ansible.builtin.package: name: '{{ icinga2_web_modules }}' diff --git a/templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 b/templates/etc/icingaweb2/modules/monitoring/backends.ini.j2 similarity index 100% rename from templates/etc/icingaweb2/enabledModules/monitoring/backends.ini.j2 rename to templates/etc/icingaweb2/modules/monitoring/backends.ini.j2 diff --git a/templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 b/templates/etc/icingaweb2/modules/monitoring/commandtransports.ini.j2 similarity index 100% rename from templates/etc/icingaweb2/enabledModules/monitoring/commandtransports.ini.j2 rename to templates/etc/icingaweb2/modules/monitoring/commandtransports.ini.j2 diff --git a/templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 b/templates/etc/icingaweb2/modules/monitoring/config.ini.j2 similarity index 100% rename from templates/etc/icingaweb2/enabledModules/monitoring/config.ini.j2 rename to templates/etc/icingaweb2/modules/monitoring/config.ini.j2 diff --git a/vars/Debian.yml b/vars/Debian.yml index c4da1dc..03688a2 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -16,5 +16,8 @@ icinga2_web_packages: icinga2_web_icingadb_packages: - icingadb-web +icinga2_web_monitoring_packages: + - icingaweb2-module-monitoring + # path to ca store icinga2_web_ca_path: "/etc/ssl/certs/ca-certificates.crt" From d1f129078bfa18fe9f40aab00bde76c972fbd48e Mon Sep 17 00:00:00 2001 From: Patrick Heinis Date: Fri, 9 Aug 2024 10:28:36 +0200 Subject: [PATCH 11/29] fix problems with icingadb and director --- defaults/main.yml | 16 ++++++++++ tasks/configuration.yml | 31 ++++++++++++++++++- tasks/installation.yml | 2 -- .../modules/icingadb/commandtransports.ini.j2 | 9 ++++++ .../icingaweb2/modules/icingadb/config.ini.j2 | 7 +++++ .../icingaweb2/modules/icingadb/redis.ini.j2 | 7 +++++ templates/etc/icingaweb2/resources.ini.j2 | 14 +++++++++ 7 files changed, 83 insertions(+), 3 deletions(-) create mode 100644 templates/etc/icingaweb2/modules/icingadb/commandtransports.ini.j2 create mode 100644 templates/etc/icingaweb2/modules/icingadb/config.ini.j2 create mode 100644 templates/etc/icingaweb2/modules/icingadb/redis.ini.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 46bc951..bc9a29e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -234,6 +234,22 @@ icinga2_web_director: [] icinga2_web_reporting: [] +# IcingaDB resources configuration + +# icinga2_web_icingadb: +# - name: 'icingadb_db' +# db: 'mysql' +# host: 'db.example.com' +# port: '3306' +# dbname: 'icingadb' +# username: 'icingadb@example.com' +# password: '3xample' +# charset: 'utf8mb4' +# use_ssl: '1' +# ssl_ca: '/etc/pki/tls/certs/ca-bundle.crt' + +icinga2_web_icingadb: [] + # Grafana configuration # icinga2_web_grafana: # enabled: false diff --git a/tasks/configuration.yml b/tasks/configuration.yml index f8b7bfe..55ab84b 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -49,6 +49,14 @@ ansible.builtin.command: icingacli module enable icingadb when: icinga2_web_use_icingadb == true +- name: Create a symbolic link for module icingadb + ansible.builtin.file: + src: /usr/share/icingaweb2/modules/icingadb + dest: /etc/icingaweb2/modules/icingadb + owner: root + group: icingaweb2 + state: link + - name: Configure icingaweb2 icingadb module - config.ini ansible.builtin.template: src: templates/etc/icingaweb2/modules/icingadb/config.ini.j2 @@ -78,7 +86,7 @@ - name: Configure icingaweb2 icingadb module - commandtransports.ini ansible.builtin.template: src: templates/etc/icingaweb2/modules/icingadb/commandtransports.ini.j2 - dest: /etc/icingaweb2/modules/icingadb/config.ini + dest: /etc/icingaweb2/modules/icingadb/commandtransports.ini owner: www-data group: icingaweb2 mode: "0660" @@ -163,6 +171,27 @@ ansible.builtin.command: icingacli director migration run when: icinga2_web_director | length != 0 +- name: Check if director kickstart needs to be performed # noqa no-changed-when + ansible.builtin.command: icingacli director kickstart required + when: icinga2_web_director | length != 0 + run_once: true + register: icinga2_web_register_kickstart + #ignore_errors: true + failed_when: icinga2_web_register_kickstart.stdout != "Kickstart configured, execution is not required" + +- name: print kickstart return-code + ansible.builtin.debug: + var: icinga2_web_register_kickstart + verbosity: 2 + +- name: run icingaweb2 director kickstart # noqa no-changed-when + ansible.builtin.command: icingacli director kickstart run + when: + - icinga2_web_director | length != 0 + - icinga2_web_register_kickstart.rc == 0 + run_once: true + check_mode: false + - name: Configure icingaweb2 reporting module ansible.builtin.template: src: templates/etc/icingaweb2/enabledModules/reporting/config.ini.j2 diff --git a/tasks/installation.yml b/tasks/installation.yml index 6c5b8c3..55c843e 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -52,8 +52,6 @@ var: icinga2_web_register_icingaweb2_imported.rc verbosity: 2 - - - name: Import icingaweb2 database schema community.mysql.mysql_db: name: '{{ icinga2_web_icingaweb2_database_name }}' diff --git a/templates/etc/icingaweb2/modules/icingadb/commandtransports.ini.j2 b/templates/etc/icingaweb2/modules/icingadb/commandtransports.ini.j2 new file mode 100644 index 0000000..2cd4bd0 --- /dev/null +++ b/templates/etc/icingaweb2/modules/icingadb/commandtransports.ini.j2 @@ -0,0 +1,9 @@ +;{{ ansible_managed }} +; Configuration from Icingaweb2 version 2.6.2-1 + +[icinga2] +transport = "api" +host = "{{ icinga2_web_api_host }}" +port = "{{ icinga2_web_api_port }}" +username = "{{ icinga2_web_api_user }}" +password = "{{ icinga2_web_api_pass }}" diff --git a/templates/etc/icingaweb2/modules/icingadb/config.ini.j2 b/templates/etc/icingaweb2/modules/icingadb/config.ini.j2 new file mode 100644 index 0000000..a91aa3e --- /dev/null +++ b/templates/etc/icingaweb2/modules/icingadb/config.ini.j2 @@ -0,0 +1,7 @@ +[icingadb] +{% for resourceconf in icinga2_web_icingadb %} +resource = "{{ resourceconf.name }}" +{% endfor %} + +[redis] +tls = "0" diff --git a/templates/etc/icingaweb2/modules/icingadb/redis.ini.j2 b/templates/etc/icingaweb2/modules/icingadb/redis.ini.j2 new file mode 100644 index 0000000..0f2cb60 --- /dev/null +++ b/templates/etc/icingaweb2/modules/icingadb/redis.ini.j2 @@ -0,0 +1,7 @@ +[redis1] +host = "{{ icinga2_web_redis_ip_master_1 }}" +password = "{{ vault_icinga2_web_icingadb_redis_pass }}" + +[redis2] +host = "{{ icinga2_web_redis_ip_master_2 }}" +password = "{{ vault_icinga2_web_icingadb_redis_pass }}" diff --git a/templates/etc/icingaweb2/resources.ini.j2 b/templates/etc/icingaweb2/resources.ini.j2 index c21c26f..2937022 100644 --- a/templates/etc/icingaweb2/resources.ini.j2 +++ b/templates/etc/icingaweb2/resources.ini.j2 @@ -64,3 +64,17 @@ charset = "{{ resourceconf.charset }}" use_ssl = "{{ resourceconf.use_ssl }}" ssl_ca = "{{ resourceconf.ssl_ca }}" {% endfor %} + +{% for resourceconf in icinga2_web_icingadb %} +[{{ resourceconf.name }}] +type = "db" +db = "{{ resourceconf.db }}" +host = "{{ resourceconf.host }}" +port = "{{ resourceconf.port }}" +dbname = "{{ resourceconf.dbname }}" +username = "{{ resourceconf.username }}" +password = "{{ resourceconf.password }}" +charset = "{{ resourceconf.charset }}" +use_ssl = "{{ resourceconf.use_ssl }}" +ssl_ca = "{{ resourceconf.ssl_ca }}" +{% endfor %} From 86bb28a18d0789b9fbfa4e6c8e388e5778977e16 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Tue, 10 Sep 2024 14:53:47 +0200 Subject: [PATCH 12/29] fix: allow fail for kickstart check --- tasks/configuration.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 55ab84b..87e0038 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -171,20 +171,20 @@ ansible.builtin.command: icingacli director migration run when: icinga2_web_director | length != 0 -- name: Check if director kickstart needs to be performed # noqa no-changed-when +- name: Check if director kickstart is done yet (allowed to fail) # noqa no-changed-when ansible.builtin.command: icingacli director kickstart required when: icinga2_web_director | length != 0 run_once: true register: icinga2_web_register_kickstart - #ignore_errors: true - failed_when: icinga2_web_register_kickstart.stdout != "Kickstart configured, execution is not required" + ignore_errors: true + failed_when: icinga2_web_register_kickstart.rc == 0 -- name: print kickstart return-code +- name: Print kickstart return-code ansible.builtin.debug: var: icinga2_web_register_kickstart verbosity: 2 -- name: run icingaweb2 director kickstart # noqa no-changed-when +- name: Run icingaweb2 director kickstart # noqa no-changed-when ansible.builtin.command: icingacli director kickstart run when: - icinga2_web_director | length != 0 From 8e7faa9583e17cafddc72fb05686fff04dc12af5 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Wed, 11 Sep 2024 13:52:44 +0200 Subject: [PATCH 13/29] fix: Add proper icingacli checks for idempotency --- tasks/configuration.yml | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 87e0038..c98400b 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -45,9 +45,17 @@ group: icingaweb2 state: link -- name: enable icingadb module +- name: Check if icingadb module is enabled + ansible.builtin.command: icingacli module list + register: icingadb_module_enabled + failed_when: false + changed_when: false + +- name: Enable icingadb module # noqa changed-when ansible.builtin.command: icingacli module enable icingadb - when: icinga2_web_use_icingadb == true + when: + - icinga2_web_use_icingadb + - "'enabled' not in icingadb_module_enabled.stdout" - name: Create a symbolic link for module icingadb ansible.builtin.file: @@ -167,17 +175,25 @@ selevel: s0 when: icinga2_web_director | length != 0 +- name: Check for pending director migrations + ansible.builtin.command: icingactl director migrations pending + changed_when: false + failed_when: false + register: director_pending_migrations + - name: Configure icingaweb2 director database # noqa no-changed-when ansible.builtin.command: icingacli director migration run - when: icinga2_web_director | length != 0 + when: + - icinga2_web_director | length != 0 + - director_pending_migrations.rc == 0 -- name: Check if director kickstart is done yet (allowed to fail) # noqa no-changed-when +- name: Check if director kickstart is done yet # noqa no-changed-when ansible.builtin.command: icingacli director kickstart required when: icinga2_web_director | length != 0 run_once: true register: icinga2_web_register_kickstart - ignore_errors: true - failed_when: icinga2_web_register_kickstart.rc == 0 + failed_when: false + changed_when: false - name: Print kickstart return-code ansible.builtin.debug: From 701fde5565679325d6fcf0573a783b605461ec2c Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Wed, 11 Sep 2024 14:24:08 +0200 Subject: [PATCH 14/29] fix: fix icingadb enabled check --- tasks/configuration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index c98400b..8f1b27d 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -55,7 +55,7 @@ ansible.builtin.command: icingacli module enable icingadb when: - icinga2_web_use_icingadb - - "'enabled' not in icingadb_module_enabled.stdout" + - "'icingadb' not in icingadb_module_enabled.stdout" - name: Create a symbolic link for module icingadb ansible.builtin.file: From fa47586fc8e1221a19ba6551833d1bbcc55a31e4 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Wed, 11 Sep 2024 14:31:48 +0200 Subject: [PATCH 15/29] lint: make ansible-lint happy --- .ansible-lint | 4 ++-- .yamllint | 8 ++++++++ defaults/main.yml | 25 +++++++++---------------- handlers/main.yml | 1 - meta/main.yml | 20 ++++++++++---------- tasks/configuration.yml | 31 +++++++++++++++---------------- tasks/installation.yml | 31 +++++++++++++++---------------- tasks/main.yml | 21 ++++++++++----------- vars/Debian.yml | 2 +- vars/RedHat.yml | 2 +- 10 files changed, 71 insertions(+), 74 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 7313c5b..668951b 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,5 +1,5 @@ --- skip_list: - - '405' - - '106' # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern' + - "405" + - "106" # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern' diff --git a/.yamllint b/.yamllint index c704097..6367b7a 100644 --- a/.yamllint +++ b/.yamllint @@ -7,5 +7,13 @@ rules: line-length: disable brackets: disable truthy: disable + comments: + min-spaces-from-content: 1 + comments-indentation: false + braces: + max-spaces-inside: 1 + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true # vim: set ts=2 sw=2 tw=2 : diff --git a/defaults/main.yml b/defaults/main.yml index bc9a29e..772c26b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,7 +1,7 @@ --- # The icingaweb2 web ui password -icinga2_web_admin_pass: 'passw0rd' +icinga2_web_admin_pass: passw0rd # icinga2 API host icinga2_web_api_host: 127.0.0.1 @@ -13,7 +13,7 @@ icinga2_web_api_port: 5665 icinga2_web_api_user: icingaweb2 # icinga2 API password -icinga2_web_api_pass: 'passw0rd' +icinga2_web_api_pass: passw0rd # icinga2 director API host icinga2_web_director_api_host: 127.0.0.1 @@ -25,9 +25,9 @@ icinga2_web_director_api_port: 5665 icinga2_web_director_api_user: director # icinga2 director API password -icinga2_web_director_api_pass: 'passw0rd' +icinga2_web_director_api_pass: passw0rd -#icingadb instead of ido +# icingadb instead of ido icinga2_web_use_icingadb: false ## icingaweb2 database settings @@ -38,7 +38,7 @@ icinga2_web_icingaweb2_database_name: icingaweb2 icinga2_web_icingaweb2_database_user: icingaweb2 # The icingaweb2 database password -icinga2_web_icingaweb2_database_pass: 'passw0rd' +icinga2_web_icingaweb2_database_pass: passw0rd # The icingaweb2 database host icinga2_web_icingaweb2_database_host: 127.0.0.1 @@ -47,7 +47,7 @@ icinga2_web_icingaweb2_database_host: 127.0.0.1 icinga2_web_icingaweb2_database_port: 3306 # the hostpattern which can access and login with the icingaweb2 user -icinga2_web_icingaweb2_database_hostpattern: 'localhost' +icinga2_web_icingaweb2_database_hostpattern: localhost # icingaweb2 database ssl connection (1 or 0) icinga2_web_icingaweb2_database_ssl: 0 @@ -60,8 +60,7 @@ icinga2_web_icingaweb2_database_ssl_ca: /etc/pki/tls/certs/ca-bundle.crt icinga2_web_database_user: icingaweb2 # corresponding password to the root user -icinga2_web_database_root_pass: 'passw0rd' - +icinga2_web_database_root_pass: passw0rd ## Icinga2 database settings # icinga2 database name @@ -77,7 +76,7 @@ icinga2_web_icinga2_database_port: 3306 icinga2_web_icinga2_database_user: icinga2 # icinga2 database password -icinga2_web_icinga2_database_pass: 'passw0rd' +icinga2_web_icinga2_database_pass: passw0rd # icinga2 database ssl connection (1 or 0) icinga2_web_icinga2_database_ssl: 0 @@ -128,7 +127,6 @@ icinga2_web_modules: [] # timeout: 5 icinga2_web_ldap: [] - # Icingaweb2 LDAP User configuration # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/icingaweb2/latest/doc/05-Authentication/#ldap @@ -142,7 +140,6 @@ icinga2_web_ldap: [] # filter: "(somefilter)" # optional icinga2_web_ldap_userconf: [] - # Icingaweb2 LDAP Group configuration # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/icingaweb2/latest/doc/05-Authentication/#ldap-groups @@ -159,7 +156,6 @@ icinga2_web_ldap_userconf: [] # group_filter: '(somefilter)' # optional icinga2_web_ldap_groupconf: [] - # Icingaweb2 database group configuration # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/icinga-web-2/latest/doc/05-Authentication/#database-groups @@ -170,7 +166,6 @@ icinga2_web_ldap_groupconf: [] # resource: icingaweb_db icinga2_web_database_groupconf: [] - # Icinga2 Permissions configuration # For further information, consult the official icingaweb2 documentation at # https://icinga.com/docs/icingaweb2/latest/doc/06-Security/#configuration @@ -198,7 +193,7 @@ icinga2_web_permissions: groups: - Administrators permissions: - - '*' + - "*" # Director Resources configuration # For further information, consult the official icingaweb2 documentation at @@ -217,7 +212,6 @@ icinga2_web_permissions: # ssl_ca: '/etc/pki/tls/certs/ca-bundle.crt' icinga2_web_director: [] - # Reporting resources configuration # icinga2_web_reporting: @@ -233,7 +227,6 @@ icinga2_web_director: [] # ssl_ca: '/etc/pki/tls/certs/ca-bundle.crt' icinga2_web_reporting: [] - # IcingaDB resources configuration # icinga2_web_icingadb: diff --git a/handlers/main.yml b/handlers/main.yml index ac32774..a574684 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,4 @@ --- - - name: Icinga2_web reload icinga2 ansible.builtin.service: name: icinga2 diff --git a/meta/main.yml b/meta/main.yml index c93e7ed..b0f6ee6 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,24 +1,24 @@ --- dependencies: - - name: 'adfinis.icinga2_agent' + - name: adfinis.icinga2_agent galaxy_info: - role_name: 'icinga2_web' + role_name: icinga2_web namespace: adfinis - author: 'Adfinis AG' - description: 'This role installs and configures icingaweb2' - company: 'Adfinis AG' - license: 'GNU General Public License v3' - min_ansible_version: '2.6.0' + author: Adfinis AG + description: This role installs and configures icingaweb2 + company: Adfinis AG + license: GNU General Public License v3 + min_ansible_version: 2.6.0 platforms: - name: EL versions: - "7" galaxy_tags: - - 'icinga2' - - 'monitoring' - - 'icingaweb2' + - icinga2 + - monitoring + - icingaweb2 github_branch: master collections: diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 8f1b27d..7b3cd33 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -1,9 +1,8 @@ --- - - name: Configure icingaweb2 ansible.builtin.template: - src: 'templates/etc/icingaweb2/{{ item }}.j2' - dest: '/etc/icingaweb2/{{ item }}' + src: templates/etc/icingaweb2/{{ item }}.j2 + dest: /etc/icingaweb2/{{ item }} owner: root group: icingaweb2 mode: "0660" @@ -11,7 +10,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - loop: '{{ icinga2_web_managed_config_files }}' + loop: "{{ icinga2_web_managed_config_files }}" - name: Create a symbolic link for module director ansible.builtin.file: @@ -51,7 +50,7 @@ failed_when: false changed_when: false -- name: Enable icingadb module # noqa changed-when +- name: Enable icingadb module # noqa no-changed-when ansible.builtin.command: icingacli module enable icingadb when: - icinga2_web_use_icingadb @@ -76,7 +75,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb == true + when: icinga2_web_use_icingadb - name: Configure icingaweb2 icingadb module - redis.ini ansible.builtin.template: @@ -89,7 +88,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb == true + when: icinga2_web_use_icingadb - name: Configure icingaweb2 icingadb module - commandtransports.ini ansible.builtin.template: @@ -102,13 +101,13 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb == true + when: icinga2_web_use_icingadb - name: Create config directory for icingaweb2 module monitoring ansible.builtin.file: path: /etc/icingaweb2/modules/monitoring/ state: directory - mode: '0755' + mode: "0755" - name: Configure icingaweb2 monitoring module ansible.builtin.template: @@ -121,7 +120,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb == false + when: not icinga2_web_use_icingadb - name: Configure icingaweb2 monitoring module commandtransport ansible.builtin.template: @@ -134,7 +133,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb == false + when: not icinga2_web_use_icingadb - name: Configure icingaweb2 monitoring module backends ansible.builtin.template: @@ -147,7 +146,7 @@ serole: object_r setype: icingaweb2_config_t selevel: s0 - when: icinga2_web_use_icingadb == false + when: not icinga2_web_use_icingadb - name: Configure icingaweb2 director module ansible.builtin.template: @@ -181,13 +180,13 @@ failed_when: false register: director_pending_migrations -- name: Configure icingaweb2 director database # noqa no-changed-when +- name: Configure icingaweb2 director database # noqa no-changed-when ansible.builtin.command: icingacli director migration run when: - icinga2_web_director | length != 0 - director_pending_migrations.rc == 0 -- name: Check if director kickstart is done yet # noqa no-changed-when +- name: Check if director kickstart is done yet # noqa no-changed-when ansible.builtin.command: icingacli director kickstart required when: icinga2_web_director | length != 0 run_once: true @@ -200,7 +199,7 @@ var: icinga2_web_register_kickstart verbosity: 2 -- name: Run icingaweb2 director kickstart # noqa no-changed-when +- name: Run icingaweb2 director kickstart # noqa no-changed-when ansible.builtin.command: icingacli director kickstart run when: - icinga2_web_director | length != 0 @@ -221,7 +220,7 @@ selevel: s0 when: icinga2_web_reporting | length != 0 -- name: Create icingaweb2 admin password hash # noqa no-changed-when +- name: Create icingaweb2 admin password hash # noqa no-changed-when ansible.builtin.command: openssl passwd -1 '{{ icinga2_web_admin_pass }}' register: icinga2_web_register_admin_hash when: diff --git a/tasks/installation.yml b/tasks/installation.yml index 55c843e..bfe61a4 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -1,15 +1,14 @@ --- - - name: Install icinga2 web packages ansible.builtin.package: - name: '{{ icinga2_web_packages }}' + name: "{{ icinga2_web_packages }}" state: present - name: Install icingaDB web packages ansible.builtin.package: - name: '{{ icinga2_web_icingadb_packages }}' + name: "{{ icinga2_web_icingadb_packages }}" state: present - when: icinga2_web_use_icingadb == true + when: icinga2_web_use_icingadb - name: Install fail2ban using role ansible.builtin.include_role: @@ -54,30 +53,30 @@ - name: Import icingaweb2 database schema community.mysql.mysql_db: - name: '{{ icinga2_web_icingaweb2_database_name }}' - login_host: '{{ icinga2_web_icingaweb2_database_host }}' - login_port: '{{ icinga2_web_icingaweb2_database_port }}' - login_user: '{{ icinga2_web_database_user }}' - login_password: '{{ vault_icinga2_web_icingaweb2_database_pass }}' - ssl_ca: '{{ icinga2_web_ca_path }}' + name: "{{ icinga2_web_icingaweb2_database_name }}" + login_host: "{{ icinga2_web_icingaweb2_database_host }}" + login_port: "{{ icinga2_web_icingaweb2_database_port }}" + login_user: "{{ icinga2_web_database_user }}" + login_password: "{{ vault_icinga2_web_icingaweb2_database_pass }}" + ssl_ca: "{{ icinga2_web_ca_path }}" state: import - target: '{{ icinga2_web_mysql_schema_sql_path }}' + target: "{{ icinga2_web_mysql_schema_sql_path }}" run_once: true when: - not ansible_check_mode - icinga2_web_register_icingaweb2_imported.rc == 1 -- name: install icingaweb2 modules +- name: Install icingaweb2 modules ansible.builtin.package: - name: '{{ icinga2_web_modules }}' + name: "{{ icinga2_web_modules }}" state: present - name: Create icingaweb2 director user for background daemon ansible.builtin.user: name: icingadirector group: icingaweb2 - shell: '/bin/false' - home: '/var/lib/icingadirector' + shell: /bin/false + home: /var/lib/icingadirector system: true when: icinga2_web_director | length != 0 @@ -126,7 +125,7 @@ - ansible_distribution == 'RedHat' - name: Install grafana - ansible.builtin.yum: + ansible.builtin.dnf: name: grafana state: present when: diff --git a/tasks/main.yml b/tasks/main.yml index c866558..d813bfc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,23 +1,22 @@ --- - - name: Include os specific vars - ansible.builtin.include_vars: '{{ item }}' + ansible.builtin.include_vars: "{{ item }}" with_first_found: - - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_os_family }}.yml' + - "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_os_family }}.yml" tags: - - 'role::icinga2_web' - - 'role::icinga2_web:install' - - 'role::icinga2_web:config' + - role::icinga2_web + - role::icinga2_web:install + - role::icinga2_web:config - name: Include installation tasks ansible.builtin.import_tasks: installation.yml tags: - - 'role::icinga2_web' - - 'role::icinga2_web:install' + - role::icinga2_web + - role::icinga2_web:install - name: Include configuration tasks ansible.builtin.import_tasks: configuration.yml tags: - - 'role::icinga2_web' - - 'role::icinga2_web:config' + - role::icinga2_web + - role::icinga2_web:config diff --git a/vars/Debian.yml b/vars/Debian.yml index 03688a2..77aedd2 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -20,4 +20,4 @@ icinga2_web_monitoring_packages: - icingaweb2-module-monitoring # path to ca store -icinga2_web_ca_path: "/etc/ssl/certs/ca-certificates.crt" +icinga2_web_ca_path: /etc/ssl/certs/ca-certificates.crt diff --git a/vars/RedHat.yml b/vars/RedHat.yml index aa79f90..bee3d1b 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -16,4 +16,4 @@ icinga2_web_icingadb_packages: - icingadb-web # path to ca store -icinga2_web_ca_path: "/etc/ssl/certs/ca-bundle.crt" +icinga2_web_ca_path: /etc/ssl/certs/ca-bundle.crt From ce7be8dc695d0a6507cbb2f5c923c661d36c0415 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Tue, 17 Sep 2024 13:50:04 +0200 Subject: [PATCH 16/29] fix: fix director migration check --- tasks/configuration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 7b3cd33..ff99eae 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -175,7 +175,7 @@ when: icinga2_web_director | length != 0 - name: Check for pending director migrations - ansible.builtin.command: icingactl director migrations pending + ansible.builtin.command: icingacli director migration pending changed_when: false failed_when: false register: director_pending_migrations From 85b1a23d319b4726446a0ea136ec58f05f7ebca8 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Wed, 18 Sep 2024 15:18:32 +0200 Subject: [PATCH 17/29] fix: fix graphite dir permissions --- tasks/configuration.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index ff99eae..dd2067c 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -20,6 +20,12 @@ group: icingaweb2 state: link +- name: Ensure Icingaweb can write graphite config + ansible.bultin.file: + path: /usr/share/icingaweb2/modules/graphite + state: directory + mode: '0775' + - name: Create a symbolic link for module graphite ansible.builtin.file: src: /usr/share/icingaweb2/modules/graphite From 09e7163e7fe9d7bea9c122d101dc03459cdce342 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Fri, 20 Sep 2024 10:22:49 +0200 Subject: [PATCH 18/29] fix: fix typo in task --- tasks/configuration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index dd2067c..56ca36a 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -21,7 +21,7 @@ state: link - name: Ensure Icingaweb can write graphite config - ansible.bultin.file: + ansible.builtin.file: path: /usr/share/icingaweb2/modules/graphite state: directory mode: '0775' From eec95f52d9aeee41f02f7c23d1908c0ec9fdf506 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Fri, 20 Sep 2024 14:18:52 +0200 Subject: [PATCH 19/29] feat: add graphite config --- defaults/main.yml | 2 ++ tasks/configuration.yml | 9 +++++++++ .../etc/icingaweb2/enabledModules/graphite/config.ini.j2 | 4 ++++ 3 files changed, 15 insertions(+) create mode 100644 templates/etc/icingaweb2/enabledModules/graphite/config.ini.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 772c26b..81bf563 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -261,3 +261,5 @@ icinga2_web_icingadb: [] # token_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/token # api_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/userinfo # role_attribute_path: contains(groups[*], '/admin') && 'Admin' +icinga2_web_graphite_url: '' +icinga2_web_graphite_insecure: 0 diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 56ca36a..56c403f 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -34,6 +34,15 @@ group: icingaweb2 state: link +- name: Configure icingaweb2 graphite module + ansible.builtin.template: + src: templates/etc/icingaweb2/enabledModules/graphite/config.ini.j2 + dest: /etc/icingaweb2/enabledModules/graphite/config.ini + owner: root + group: icingaweb2 + mode: "0660" + when: icinga2_web_graphite_url | length != 0 + - name: Create a symbolic link for module incubator ansible.builtin.file: src: /usr/share/icingaweb2/modules/incubator diff --git a/templates/etc/icingaweb2/enabledModules/graphite/config.ini.j2 b/templates/etc/icingaweb2/enabledModules/graphite/config.ini.j2 new file mode 100644 index 0000000..4ad88e5 --- /dev/null +++ b/templates/etc/icingaweb2/enabledModules/graphite/config.ini.j2 @@ -0,0 +1,4 @@ +;{{ ansible_managed }} +[graphite] +url = "{{ icinga2_web_graphite_url }}" +insecure = "{{ icinga2_web_graphite_insecure }}" From 8b231c01d3beed576e9f048ea1c7429a9b82c562 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Mon, 23 Sep 2024 10:06:17 +0200 Subject: [PATCH 20/29] feat: add grafana dashboard and datasource cfg --- defaults/main.yml | 17 ++++++++ tasks/configuration.yml | 40 +++++++++++++++++++ .../dashboards/dashboards.yaml.j2 | 10 +++++ .../datasources/datasources.yaml.j2 | 4 ++ 4 files changed, 71 insertions(+) create mode 100644 templates/etc/grafana/provisioning/dashboards/dashboards.yaml.j2 create mode 100644 templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 81bf563..67f76aa 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -261,5 +261,22 @@ icinga2_web_icingadb: [] # token_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/token # api_url: https://sso.example.com/auth/realms/example/protocol/openid-connect/userinfo # role_attribute_path: contains(groups[*], '/admin') && 'Admin' + +icinga2_web_grafana_datasources: [] +# Grafana datasources +# icinga2_web_grafana_datasources: +# # Sets the name you use to refer to +# # the data source in panels and queries. +# - name: Graphite +# type: graphite +# access: proxy +# orgId: 1 +# url: http://localhost:8080 + +icinga2_web_grafana_dashboards: [] +# Grafana dashboard JSON URLs, will be downloaded +# icinga2_web_grafana_dashboards: +# - https://grafana.com/api/dashboards/56/revisions/3/download + icinga2_web_graphite_url: '' icinga2_web_graphite_insecure: 0 diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 56c403f..c4a72b6 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -269,3 +269,43 @@ selevel: s0 notify: Icinga2_web restart grafana-server when: icinga2_web_grafana.enabled + +- name: Make sure grafana dashboard folder exists + ansible.builtin.file: + path: /var/lib/grafana/dashboards + mode: '0644' + state: directory + when: + - icinga2_web_grafana.enabled + - icinga2_web_grafana_dashboards | length != 0 + + +- name: Download grafana dashboards + ansible.builtin.get_url: + url: "{{ item }}" + dest: "/var/lib/grafana/dashboards/{{ item | basename }}" + mode: '0644' + loop: "{{ icinga2_web_grafana_dashboards }}" + when: + - icinga2_web_grafana.enabled + - icinga2_web_grafana_dashboards | length != 0 + +- name: Copy grafana dashboard config + ansible.builtin.template: + src: etc/grafana/provisioning/dashboards/dashboards.yaml.j2 + dest: etc/grafana/provisioning/dashboards/dashboards.yaml + mode: '0644' + notify: Icinga2_web restart grafana-server + when: + - icinga2_web_grafana.enabled + - icinga2_web_grafana_dashboards | length != 0 + +- name: Copy grafana datasource config + ansible.builtin.template: + src: etc/grafana/provisioning/datasources/datasources.yaml.j2 + dest: etc/grafana/provisioning/datasources/datasources.yaml + mode: '0644' + notify: Icinga2_web restart grafana-server + when: + - icinga2_web_grafana.enabled + - icinga2_web_grafana_datasources | length != 0 diff --git a/templates/etc/grafana/provisioning/dashboards/dashboards.yaml.j2 b/templates/etc/grafana/provisioning/dashboards/dashboards.yaml.j2 new file mode 100644 index 0000000..e8ced4f --- /dev/null +++ b/templates/etc/grafana/provisioning/dashboards/dashboards.yaml.j2 @@ -0,0 +1,10 @@ +apiVersion: 1 + +providers: + - name: 'default' + orgId: 1 + folder: '' + folderUid: '' + type: file + options: + path: /var/lib/grafana/dashboards diff --git a/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 new file mode 100644 index 0000000..3dc37b3 --- /dev/null +++ b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 @@ -0,0 +1,4 @@ +apiVersion: 1 + +datasources: + {{ icinga2_web_grafana_datasources | to_nice_yaml(indent=2) }} From 19d479eda29387707b2d45af05c56c055b2a2e0e Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Mon, 23 Sep 2024 10:10:53 +0200 Subject: [PATCH 21/29] fix: json filename from url hash --- tasks/configuration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index c4a72b6..cae69c2 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -283,7 +283,7 @@ - name: Download grafana dashboards ansible.builtin.get_url: url: "{{ item }}" - dest: "/var/lib/grafana/dashboards/{{ item | basename }}" + dest: "/var/lib/grafana/dashboards/{{ item | hash('sha256') }}.json" mode: '0644' loop: "{{ icinga2_web_grafana_dashboards }}" when: From 9d7d87413c191b0c95747a897d399ccaf5c58a66 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Mon, 23 Sep 2024 10:15:29 +0200 Subject: [PATCH 22/29] fix: fix template dest dir --- tasks/configuration.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index cae69c2..c97450f 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -293,7 +293,7 @@ - name: Copy grafana dashboard config ansible.builtin.template: src: etc/grafana/provisioning/dashboards/dashboards.yaml.j2 - dest: etc/grafana/provisioning/dashboards/dashboards.yaml + dest: /etc/grafana/provisioning/dashboards/dashboards.yaml mode: '0644' notify: Icinga2_web restart grafana-server when: @@ -303,7 +303,7 @@ - name: Copy grafana datasource config ansible.builtin.template: src: etc/grafana/provisioning/datasources/datasources.yaml.j2 - dest: etc/grafana/provisioning/datasources/datasources.yaml + dest: /etc/grafana/provisioning/datasources/datasources.yaml mode: '0644' notify: Icinga2_web restart grafana-server when: From 2f2216bab44ddd2073d343e47c6908d71dd53476 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Mon, 23 Sep 2024 10:28:32 +0200 Subject: [PATCH 23/29] fix: fix datasource template --- .../etc/grafana/provisioning/datasources/datasources.yaml.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 index 3dc37b3..c465155 100644 --- a/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 +++ b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 @@ -1,4 +1,6 @@ apiVersion: 1 datasources: - {{ icinga2_web_grafana_datasources | to_nice_yaml(indent=2) }} +{% for datasource in icinga2_web_grafana_datasources %} + - {{ datasource | to_nice_yaml(indent=4) }} +{% endfor %} From 062317f7c768b047cddd08510b5442f98f48fdff Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Mon, 23 Sep 2024 11:24:47 +0200 Subject: [PATCH 24/29] fix: another try at jinja for datasource --- .../etc/grafana/provisioning/datasources/datasources.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 index c465155..810756a 100644 --- a/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 +++ b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 @@ -2,5 +2,5 @@ apiVersion: 1 datasources: {% for datasource in icinga2_web_grafana_datasources %} - - {{ datasource | to_nice_yaml(indent=4) }} + - {{ datasource | to_nice_yaml(indent=2) | indent(2) }} {% endfor %} From 98ba996421b9f7a188642e22b7d04e6c73003804 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Mon, 23 Sep 2024 11:27:16 +0200 Subject: [PATCH 25/29] fix: fix jinja indents --- .../etc/grafana/provisioning/datasources/datasources.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 index 810756a..94a4ef3 100644 --- a/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 +++ b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 @@ -2,5 +2,5 @@ apiVersion: 1 datasources: {% for datasource in icinga2_web_grafana_datasources %} - - {{ datasource | to_nice_yaml(indent=2) | indent(2) }} + - {{ datasource | to_nice_yaml(indent=2) | indent(4) }} {% endfor %} From ad59ea97c866efdc46f4eafb9b5383887b8f7f85 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Mon, 23 Sep 2024 11:29:48 +0200 Subject: [PATCH 26/29] fix: last indent fix --- .../etc/grafana/provisioning/datasources/datasources.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 index 94a4ef3..8c3d030 100644 --- a/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 +++ b/templates/etc/grafana/provisioning/datasources/datasources.yaml.j2 @@ -2,5 +2,5 @@ apiVersion: 1 datasources: {% for datasource in icinga2_web_grafana_datasources %} - - {{ datasource | to_nice_yaml(indent=2) | indent(4) }} + - {{ datasource | to_nice_yaml(indent=2) | indent(4) }} {% endfor %} From e26c2ca875d751f053658799a79d590a2dc8585f Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Mon, 23 Sep 2024 13:14:53 +0200 Subject: [PATCH 27/29] fix: fix grafana permissions --- tasks/configuration.yml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index c97450f..41e9d5f 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -261,20 +261,19 @@ ansible.builtin.template: src: templates/etc/grafana/grafana.ini.j2 dest: /etc/grafana/grafana.ini - owner: root + owner: grafana group: grafana mode: "0660" - seuser: system_u - serole: object_r - selevel: s0 notify: Icinga2_web restart grafana-server when: icinga2_web_grafana.enabled - name: Make sure grafana dashboard folder exists ansible.builtin.file: path: /var/lib/grafana/dashboards - mode: '0644' + mode: '0660' state: directory + owner: grafana + group: grafana when: - icinga2_web_grafana.enabled - icinga2_web_grafana_dashboards | length != 0 @@ -284,7 +283,9 @@ ansible.builtin.get_url: url: "{{ item }}" dest: "/var/lib/grafana/dashboards/{{ item | hash('sha256') }}.json" - mode: '0644' + mode: '0660' + owner: grafana + group: grafana loop: "{{ icinga2_web_grafana_dashboards }}" when: - icinga2_web_grafana.enabled @@ -294,7 +295,9 @@ ansible.builtin.template: src: etc/grafana/provisioning/dashboards/dashboards.yaml.j2 dest: /etc/grafana/provisioning/dashboards/dashboards.yaml - mode: '0644' + mode: '0660' + owner: grafana + group: grafana notify: Icinga2_web restart grafana-server when: - icinga2_web_grafana.enabled @@ -304,7 +307,9 @@ ansible.builtin.template: src: etc/grafana/provisioning/datasources/datasources.yaml.j2 dest: /etc/grafana/provisioning/datasources/datasources.yaml - mode: '0644' + mode: '0660' + owner: grafana + group: grafana notify: Icinga2_web restart grafana-server when: - icinga2_web_grafana.enabled From 9311332e0fc7823fb7fba04d948802040b7a847c Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Mon, 23 Sep 2024 13:23:06 +0200 Subject: [PATCH 28/29] fix: make folder executable --- tasks/configuration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 41e9d5f..9b600fb 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -270,7 +270,7 @@ - name: Make sure grafana dashboard folder exists ansible.builtin.file: path: /var/lib/grafana/dashboards - mode: '0660' + mode: '0770' state: directory owner: grafana group: grafana From 6fac3ee7eb15582de34b17e92600d2db138fcce0 Mon Sep 17 00:00:00 2001 From: Gian Klug Date: Fri, 27 Sep 2024 10:18:49 +0200 Subject: [PATCH 29/29] feat!: deprecate RHEL, only support debian --- meta/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index b0f6ee6..00aeecf 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -12,9 +12,10 @@ galaxy_info: license: GNU General Public License v3 min_ansible_version: 2.6.0 platforms: - - name: EL + - name: Debian versions: - - "7" + - bullseye + - bookworm galaxy_tags: - icinga2 - monitoring