tentwentyfour · arjanoosting · Nov 13, 2019 · Nov 14, 2019 · Nov 18, 2019 · Nov 18, 2019
diff --git a/.travis.yml b/.travis.yml
@@ -12,10 +12,8 @@ script:
   - molecule test
 matrix:
   include:
-    - env: ANSIBLE_VERSION="2.5.9"
-    - env: ANSIBLE_VERSION="2.6.5"
-    - env: ANSIBLE_VERSION="2.7.0"
-    - env: ANSIBLE_VERSION="2.7.5"
+    - env: ANSIBLE_VERSION="2.9.2"
+    - env: ANSIBLE_VERSION="2.8.7"
 branches:
   only:
     - master

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -33,8 +33,9 @@ i2_remove_unmanaged_features: no
 i2_remove_unmanaged_objects: no
 i2_remove_unmanaged_objects_in_zone: no
 
-i2_master: no
-i2_satellite: no
+i2_webui: "{{ inventory_hostname == i2_configuration_master }}"
+i2_master: "{{ inventory_hostname in groups[i2_master_group] }}"
+i2_satellite: "{{ inventory_hostname in groups[i2_satellite_group] }}"
 i2_api_port: 5665
 i2_connection_direction: 'top-down'
 
@@ -68,10 +69,17 @@ i2_webui_php_all: no
 i2_webui_modules_dir: "/usr/share/icingaweb2/modules"
 i2_timezone: "UTC"
 i2_webui_modules:
-  - map
-  - cube
-  - toplevelview
-  - businessprocess
+  - name: cube
+    version: v1.1.0
+  - name: map
+    version: v1.1.0
+    repo: https://github.com/nbuchwitz/icingaweb2-module-map.git
+  - name: toplevelview
+    version: v0.3.1
+  - name: ipl
+    version: v0.4.0
+  - name: businessprocess
+    version: v2.2.0
 i2_webui_params:
   database: icingaweb
   user: icingaweb
@@ -84,5 +92,113 @@ i2_webui_params:
 # {{ ansible_facts.default_ipv4.address }}
 i2_webui_connectfrom:
   - localhost
+i2_webui_user: "www-data" # fixme this is httpd on RedHat
+i2_webui_group: icingaweb2
+i2_webui_admins: []
 
+i2_webui_default_config:
+  authentication:
+    file: authentication.ini
+    sections:
+      icingaweb2:
+        backend: db
+        resource: icingaweb_db
+  config:
+    file: config.ini
+    sections:
+      global:
+        show_stacktraces: "0"
+        show_application_state_messages: "1"
+        config_backend: db
+        config_resource: icingaweb_db
+      logging:
+        log: syslog
+        level: ERROR
+        application: icingaweb2
+        facility: user
+  groups:
+    file: groups.ini
+    sections:
+      icingaweb2:
+        backend: db
+        resource: icingaweb_db
+  resources:
+    file: resources.ini
+    sections:
+      icingaweb_db:
+        type: db
+        db: mysql
+        host: "{{ i2_webui_params.host|default('localhost') }}"
+        port: "{{ i2_webui_params.port|default(omit) }}"
+        dbname: "{{ i2_webui_params.database }}"
+        username: "{{ i2_webui_params.user }}"
+        password: "{{ i2_webui_params.password }}"
+        charset: utf8
+        use_ssl: "0"
+      icinga_ido:
+        type: db
+        db: mysql
+        host: "{{ i2_ido_params.host|default('localhost') }}"
+        port: "{{ i2_ido_params.port|default(omit) }}"
+        dbname: "{{ i2_ido_params.database }}"
+        username: "{{ i2_ido_params.user }}"
+        password: "{{ i2_ido_params.password }}"
+        charset: latin1
+        use_ssl: "0"
+  roles:
+    file: roles.ini
+    sections:
+      Administrators:
+        users: "{{ i2_webui_admins|join(',') }}"
+        permissions: "*"
+        groups: Administrators
+  modules_monitoring_backends:
+    file: modules/monitoring/backends.ini
+    sections:
+      icinga:
+        type: ido
+        resource: icinga_ido
+  modules_monitoring_commandtransports:
+    file: modules/monitoring/commandtransports.ini
+    sections:
+      icinga2:
+        transport: api
+        host: "{{ i2_api_host }}"
+        port: "{{ i2_api_port }}"
+        username: "{{ i2_api_webui_user }}"
+        password: "{{ i2_api_webui_password }}"
+  modules_monitoring_config:
+    file: modules/monitoring/config.ini
+    sections:
+      security:
+        protected_customvars: "*pw*,*pass*,community"
+i2_webui_default_module_config:
+  director:
+    resources:
+      sections:
+        director_db:
+          type: db
+          db: mysql
+          host: "{{ i2_director_params.host|default('localhost') }}"
+          port: ""
+          dbname: "{{ i2_director_params.database }}"
+          username: "{{ i2_director_params.user }}"
+          password: "{{ i2_director_params.password }}"
+          charset: utf8
+          use_ssl: "0"
+    modules_director_config:
+      file: modules/director/config.ini
+      sections:
+        db:
+          resource: director_db
+    modules_director_kickstart:
+      file: modules/director/kickstart.ini
+      sections:
+        config:
+          endpoint: "{{ i2_hostname }}"
+          username: director
+          password: "{{ i2_api_director_password }}"
+i2_webui_custom_config: {}
+i2_webui_config: "{{ i2_webui_default_config|combine(i2_webui_custom_config, recursive=True) }}"
 
+i2_bootstrap_cacheable: False
diff --git a/files/icinga-director.service b/files/icinga-director.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Icinga Director - Monitoring Configuration
+Documentation=https://icinga.com/docs/director/latest/
+Wants=network.target
+
+[Service]
+EnvironmentFile=-/etc/default/icinga-director
+EnvironmentFile=-/etc/sysconfig/icinga-director
+ExecStart=/usr/bin/icingacli director daemon run
+ExecReload=/bin/kill -HUP ${MAINPID}
+User=icingadirector
+SyslogIdentifier=icingadirector
+Type=notify
+
+NotifyAccess=main
+WatchdogSec=10
+RestartSec=30
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,4 +1,9 @@
 ---
+- name: reload systemd
+  become: yes
+  systemd:
+    daemon_reload: yes
+
 - name: start icinga2
   become: yes
   service:
@@ -44,6 +49,12 @@
     state: restarted
   when: i2_manage_service
 
+- name: restart icinga-director
+  become: yes
+  service:
+    name: icinga-director
+    state: restarted
+
 - name: restart php-fpm
   become: yes
   service:

diff --git a/tasks/icinga2-Debian.yml b/tasks/icinga2-Debian.yml
@@ -1,10 +1,15 @@
 ---
+- name: Debian - Determine apt version
+  package_facts:
+
 - name: Debian - Install apt-transport-https
   become: yes
   apt:
     name: apt-transport-https
     state: present
-  when: i2_manage_repository
+  when:
+    - i2_manage_repository
+    - ansible_facts.packages['apt'] | map(attribute='version') | first is version('1.5', '<')
 
 - name: Debian - Add Icinga 2 repository key
   become: yes
@@ -24,16 +29,16 @@
   become: yes
   apt:
     name: icinga2
-    state: present
-  notify: start icinga2
+    state: "{{ i2_package_state|default('present') }}"
+  notify: restart icinga2
   when: i2_manage_package
 
 - name: Debian - Ensure IDO is installed on the masters
   become: yes
   apt:
     name: "icinga2-ido-{{ i2_ido_backend }}"
-    state: present
-  notify: start icinga2
+    state: "{{ i2_package_state|default('present') }}"
+  notify: retart icinga2
   when:
     - i2_manage_package
     - i2_ido_backend is defined

diff --git a/tasks/icinga2-RedHat.yml b/tasks/icinga2-RedHat.yml
@@ -20,17 +20,17 @@
   become: yes
   yum:
     name: icinga2
-    state: present
+    state: "{{ i2_package_state|default('present') }}"
     update_cache: yes
-  notify: start icinga2
+  notify: restart icinga2
   when: i2_manage_package
 
 - name: RedHat - Ensure IDO is installed on the masters
   become: yes
   yum:
     name: "icinga2-ido-{{ i2_ido_backend }}"
     state: present
-  notify: start icinga2
+  notify: restart icinga2
   when:
     - i2_manage_package
     - i2_ido_backend is defined

diff --git a/tasks/icinga2-api.yml b/tasks/icinga2-api.yml
@@ -10,7 +10,7 @@
 
 - name: Master - Create Certificate Authority
   become: yes
-  command: icinga2 pki new-ca
+  command: /usr/sbin/icinga2 pki new-ca
   args:
     creates: "{{ i2_ca_file }}"
   when: inventory_hostname == i2_configuration_master
@@ -97,7 +97,7 @@
 - name: Master - Create Host Certificate
   become: yes
   command: >
-    icinga2 pki new-cert
+    /usr/sbin/icinga2 pki new-cert
     --cn {{ i2_hostname }}
     --key {{ i2_pki_path }}/{{ i2_hostname }}.key
     --csr {{ i2_pki_path }}/{{ i2_hostname }}.csr
@@ -107,7 +107,7 @@
 - name: Master - Sign Host Certificate
   become: yes
   command: >
-    icinga2 pki sign-csr
+    /usr/sbin/icinga2 pki sign-csr
     --csr {{ i2_pki_path }}/{{ i2_hostname }}.csr
     --cert {{ i2_pki_path }}/{{ i2_hostname }}.crt
   args:
@@ -152,28 +152,14 @@
 # Blerim made i2_confd an array of locations to be included.
 - name: Master - Create Api-Users config file
   become: yes
-  blockinfile:
-    create: yes
+  template:
+    src: api-users.conf.j2
     dest: "{{ i2_zones_dir }}/{{ i2_zonename }}/api-users.conf"
-    marker: "// {mark} Ansible managed block for {{ item.key }}"
-    content: "{{ lookup('template', 'api_users_fragment.j2') }}"
     owner: "{{ i2_user }}"
     group: "{{ i2_group }}"
     mode: 0644
-    directory_mode: 0755
-  with_dict: "{{ i2_api_users }}"
   when:
     - inventory_hostname == i2_configuration_master
     - i2_api_users is defined
   notify:
     - reload icinga2
-
-- name: Master – Restart Icinga2 Service on Config Master
-  service:
-    name: icinga2
-    state: started
-    enabled: yes
-  when:
-    - inventory_hostname == i2_configuration_master
-    - i2_manage_service
-