make it working

.gitignore

@@ -0,0 +1,7 @@
+.vscode/
+*.retry
+roles/*
+venv/*
+.venv/*
+ic2venv/*
+collections/*

ansible.cfg

@@ -0,0 +1,18 @@
+[defaults]
+roles_path = roles
+collections_path = collections
+#inventory = inventory
+#vault_password_file = .vault_pass
+
+gathering = smart
+callbacks_enabled = profile_tasks
+ansible_managed = "This file is managed by ansible, don't make changes here."
+
+retry_files_enabled = False
+display_skipped_hosts = False
+#deprecation_warnings=False
+#host_key_checking=False
+
+[ssh_connection]
+pipelining=True
+ssh_args = -o ControlMaster=auto -o ControlPersist=10m -o ConnectionAttempts=20

create-rollout-user.yaml

@@ -0,0 +1,41 @@
+---
+- name: Create Rollout User
+  hosts: icingaserver
+  remote_user: root
+  #become: true
+  tags: server
+
+  tasks:
+
+    # - name: Create new user
+    #   ansible.builtin.user:
+    #     name: "{{ rollout_user_name }}"
+    #     home: "/home/{{ rollout_user_name }}"
+    - name: Create .ssh folder
+      ansible.builtin.file:
+        path: "~{{ rollout_user_name }}/.ssh"
+        state: directory
+        owner: "{{ rollout_user_name }}"
+        group: "{{ rollout_user_name }}"
+        mode: "0700"
+    - name: Upload private key
+      ansible.builtin.template:
+        src: templates/id_ed25519.j2
+        dest: "~{{ rollout_user_name }}/.ssh/id_ed25519"
+        owner: "{{ rollout_user_name }}"
+        group: "{{ rollout_user_name }}"
+        mode: "0700"
+    - name: Upload public key
+      ansible.builtin.template:
+        src: templates/id_ed25519.pub.j2
+        dest: "~{{ rollout_user_name }}/.ssh/id_ed25519.pub"
+        owner: "{{ rollout_user_name }}"
+        group: "{{ rollout_user_name }}"
+        mode: "0700"
+    - name: Create ssh config file
+      ansible.builtin.template:
+        src: templates/config.j2
+        dest: "~{{ rollout_user_name }}/.ssh/config"
+        owner: "{{ rollout_user_name }}"
+        group: "{{ rollout_user_name }}"
+        mode: "0400"

files/global/base-templates.conf

@@ -0,0 +1,39 @@
+/*
+ * Generic template examples.
+ */
+
+
+/**
+ * Provides default settings for hosts. By convention
+ * all hosts should import this template.
+ *
+ * The CheckCommand object `hostalive` is provided by
+ * the plugin check command templates.
+ * Check the documentation for details.
+ */
+template Host "generic-host" {
+  max_check_attempts = 3
+  check_interval = 1m
+  retry_interval = 30s
+
+  check_command = "hostalive"
+}
+
+/**
+ * Provides default settings for services. By convention
+ * all services should import this template.
+ */
+template Service "generic-service" {
+  max_check_attempts = 5
+  check_interval = 1m
+  retry_interval = 30s
+}
+
+/**
+ * Provides default settings for users. By convention
+ * all users should inherit from this template.
+ */
+
+template User "generic-user" {
+
+}

files/master/icinga-server.conf

@@ -0,0 +1,34 @@
+object Host "icinga-test.devnet.local" {
+  /* Import the default host template defined in `templates.conf`. */
+  import "generic-host"
+
+  /* Specify the address attributes for checks e.g. `ssh` or `http`. */
+  address = "192.168.56.11"
+  #address6 = "::1"
+
+  /* Set custom variable `os` for hostgroup assignment in `groups.conf`. */
+  vars.os = "Linux"
+  vars.flavour = "Debian 12"
+  vars.flavour_name = "Bookworm"
+
+
+  //vars.disks["disk"] = {
+  //  /* No parameters. */
+  //}
+
+  vars.disks["disk /"] = {
+    disk_partitions = "/"
+  }
+
+
+  vars.http_vhosts["http"] = {
+    http_uri = "/"
+  }
+
+  vars.http_vhosts["Icinga Web 2"] = {
+    http_uri = "/icingaweb2"
+  }
+
+
+  vars.my_groups = ["icinga2-master"]
+}

files/master/icinga-services.conf

@@ -0,0 +1,22 @@
+## Icinga APP
+apply Service "Icinga2 App Status" {
+  import "generic-service"
+  check_command = "icinga"
+  command_endpoint = host.name
+  assign where "icinga2-master" in host.vars.my_groups
+}
+
+apply Service "IcingaDB Status" {
+  import "generic-service"
+  check_command = "icingadb"
+  command_endpoint = host.name
+  assign where "icinga2-master" in host.vars.my_groups
+}
+
+# master only
+apply Service "Icinga2 Cluster" {
+  import "generic-service"
+  check_command = "cluster"
+  command_endpoint = host.name
+  assign where "icinga2-master" in host.vars.my_groups
+}

inventory/group_vars/icingaserver/constants.yaml

@@ -0,0 +1,2 @@
+icinga2_constants:
+   TicketSalt: "teletubbi"

inventory/group_vars/icingaserver/database.yaml

@@ -0,0 +1,34 @@
+---
+icingadb_database_name: icingadb
+icingadb_database_user: icingadb
+icingadb_database_host: 127.0.0.1
+icingadb_database_password: icingadb
+icingadb_database_type: mysql
+icingadb_database_import_schema: true
+
+icingaweb2_db:
+  type: mysql
+  name: icingaweb
+  host: 127.0.0.1
+  user: icingaweb
+  password: icingaweb
+
+mysql_packages:
+  - mariadb-client
+  - mariadb-server
+  - python3-mysqldb
+
+mysql_users:
+  - name: "{{ icingadb_database_user }}"
+    host: "%"
+    password: "{{ icingadb_database_password }}"
+    priv: "{{ icingadb_database_name }}.*:ALL,GRANT"
+  - name: "{{ icingaweb2_db.user }}"
+    host: "%"
+    password: "{{ icingaweb2_db.password }}"
+    priv: "{{ icingaweb2_db.name }}.*:ALL"
+mysql_databases:
+  - name: "{{ icingaweb2_db.name }}"
+  - name: "{{ icingadb_database_name }}"
+    collation: utf8mb4_general_ci
+    encoding: utf8mb4

inventory/group_vars/icingaserver/icinga.yaml

@@ -0,0 +1,49 @@
+---
+
+icinga2_features:
+  - name: api
+    ca_host: none
+    endpoints:
+      - name: "{{ ansible_fqdn }}"
+    zones:
+      - name: "master"
+        endpoints:
+          - "{{ ansible_fqdn }}"
+      - name: "global"
+        global: true
+  - name: checker
+    state: present
+  - name: icingadb
+    state: present
+    host: 127.0.0.1
+    port: 6380
+  - name: mainlog
+    severity: information
+
+icinga2_objects:
+  icinga-test.devnet.local:
+    - name: root
+      type: ApiUser
+      password: rootpw
+      file: local.d/apiuser.conf
+      permissions:
+        - "*"
+    - name: icingaweb
+      type: ApiUser
+      password: icingaweb
+      file: local.d/apiuser.conf
+      permissions:
+        - "*"
+
+icinga2_confd: local.d
+icinga2_config_directories:
+  - local.d/
+  - zones.d/global/
+  - zones.d/global/git
+  - zones.d/global/static
+  - zones.d/master/
+  - zones.d/master/git
+  - zones.d/master/static
+
+icinga_monitoring_plugins_check_commands:
+    - "all"

inventory/group_vars/icingaserver/icingaweb2.yaml

@@ -0,0 +1,33 @@
+---
+icingaweb2_admin_username: icinga
+icingaweb2_admin_password: icinga
+icingaweb2_db_import_schema: true
+
+icingaweb2_resources:
+  icingadb:
+    type: db
+    db: "{{ icingadb_database_type }}"
+    host: localhost
+    dbname: "{{ icingadb_database_name }}"
+    username: "{{ icingadb_database_user }}"
+    password: "{{ icingadb_database_password }}"
+    charset: utf8
+
+icingaweb2_modules:
+  icingadb:
+    enabled: true
+    source: package
+    commandtransports:
+      instance01:
+        transport: api
+        host: 127.0.0.1
+        username: icingaweb
+        password: icingaweb
+    config:
+      icingadb:
+        resource: icingadb
+      redis:
+        tls: '0'
+    redis:
+      redis1:
+        host: localhost

inventory/group_vars/icingaserver/staticfiles.yaml

@@ -0,0 +1,25 @@
+icinga2_custom_config:
+## global templates
+  - name: global/base-templates.conf
+    path: zones.d/global/static/base_templates.conf
+    order: 10
+  # - name: notification_templates.conf
+  #   path: zones.d/global/notification_templates.conf
+  #   order: 11
+  # - name: notification_commands.conf
+  #   path: zones.d/global/notification_commands.conf
+  #   order: 12
+  # - name: timeperiods.conf
+  #   path: zones.d/global/timeperiods.conf
+  #   order: 13
+  # - name: fsc_commands.conf
+  #   path: zones.d/global/fsc_commands.conf
+  #   order: 14
+## static hosts
+  - name: master/icinga-server.conf
+    path: zones.d/master/static/icinga-server.conf
+    order: 10
+## static services
+  - name: master/icinga-services.conf
+    path: zones.d/master/static/icinga-services.conf
+    order: 10

inventory/host_vars/icinga-test.devnet.local.yaml

@@ -0,0 +1,11 @@
+---
+rollout_user_name: nagios
+rollout_privat_key: |
+  -----BEGIN OPENSSH PRIVATE KEY-----
+  b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+  QyNTUxOQAAACD0PtL8FseLNvYAlCTzfvIGLwc6n3CTVX53Iu0wAgf4ZgAAAKAYZqcfGGan
+  HwAAAAtzc2gtZWQyNTUxOQAAACD0PtL8FseLNvYAlCTzfvIGLwc6n3CTVX53Iu0wAgf4Zg
+  AAAEBNJlQSFz6bCsyuRXeLKqFpDOG3Duap0UG165dn6UaE7vQ+0vwWx4s29gCUJPN+8gYv
+  BzqfcJNVfnci7TACB/hmAAAAGmljaW5nYS1yb2xsb3V0QGZzYy1sbngtdDE0AQID
+  -----END OPENSSH PRIVATE KEY-----
+rollout_public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQ+0vwWx4s29gCUJPN+8gYvBzqfcJNVfnci7TACB/hm

inventory/inventory.yaml

@@ -0,0 +1,9 @@
+---
+all:
+  children:
+    icingaserver:
+
+icingaserver:
+  hosts:
+    icinga-test.devnet.local:
+      ansible_host: 192.168.56.11

requirements.txt

@@ -0,0 +1 @@
+ansible

requirements.yaml

@@ -0,0 +1,6 @@
+---
+roles:
+- name: geerlingguy.mysql
+
+collections:
+- icinga.icinga

setup-icinga-server.yaml

@@ -0,0 +1,23 @@
+---
+- name: Provision Icinga Server
+  hosts: icingaserver
+  remote_user: root
+  #become: true
+  tags: server
+
+  roles:
+    - icinga.icinga.repos
+    - geerlingguy.mysql
+    - icinga.icinga.icinga2
+    - icinga.icinga.icingadb
+    - icinga.icinga.icingadb_redis
+    - icinga.icinga.monitoring_plugins
+
+- name: setup icingaweb
+  hosts: icingaserver
+  remote_user: root
+  #become: true
+  tags: web
+
+  roles:
+    - icinga.icinga.icingaweb2

templates/config.j2

@@ -0,0 +1,2 @@
+Host *
+    StrictHostKeyChecking no

templates/id_ed25519.j2

@@ -0,0 +1 @@
+{{ rollout_privat_key }}

templates/id_ed25519.pub.j2

@@ -0,0 +1 @@
+{{ rollout_public_key }} {{ rollout_user_name }}