diff --git a/.gitignore b/.gitignore index e69de29..b4b23bf 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,7 @@ +.vscode/ +*.retry +roles/* +venv/* +.venv/* +ic2venv/* +collections/* diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..138392c --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,18 @@ +[defaults] +roles_path = roles +collections_path = collections +#inventory = inventory +#vault_password_file = .vault_pass + +gathering = smart +callbacks_enabled = profile_tasks +ansible_managed = "This file is managed by ansible, don't make changes here." + +retry_files_enabled = False +display_skipped_hosts = False +#deprecation_warnings=False +#host_key_checking=False + +[ssh_connection] +pipelining=True +ssh_args = -o ControlMaster=auto -o ControlPersist=10m -o ConnectionAttempts=20 diff --git a/create-rollout-user.yaml b/create-rollout-user.yaml new file mode 100644 index 0000000..a38c617 --- /dev/null +++ b/create-rollout-user.yaml @@ -0,0 +1,41 @@ +--- +- name: Create Rollout User + hosts: icingaserver + remote_user: root + #become: true + tags: server + + tasks: + + # - name: Create new user + # ansible.builtin.user: + # name: "{{ rollout_user_name }}" + # home: "/home/{{ rollout_user_name }}" + - name: Create .ssh folder + ansible.builtin.file: + path: "~{{ rollout_user_name }}/.ssh" + state: directory + owner: "{{ rollout_user_name }}" + group: "{{ rollout_user_name }}" + mode: "0700" + - name: Upload private key + ansible.builtin.template: + src: templates/id_ed25519.j2 + dest: "~{{ rollout_user_name }}/.ssh/id_ed25519" + owner: "{{ rollout_user_name }}" + group: "{{ rollout_user_name }}" + mode: "0700" + - name: Upload public key + ansible.builtin.template: + src: templates/id_ed25519.pub.j2 + dest: "~{{ rollout_user_name }}/.ssh/id_ed25519.pub" + owner: "{{ rollout_user_name }}" + group: "{{ rollout_user_name }}" + mode: "0700" + - name: Create ssh config file + ansible.builtin.template: + src: templates/config.j2 + dest: "~{{ rollout_user_name }}/.ssh/config" + owner: "{{ rollout_user_name }}" + group: "{{ rollout_user_name }}" + mode: "0400" diff --git a/files/global/base-templates.conf b/files/global/base-templates.conf new file mode 100644 index 0000000..0593d9b --- /dev/null +++ b/files/global/base-templates.conf @@ -0,0 +1,39 @@ +/* + * Generic template examples. + */ + + +/** + * Provides default settings for hosts. By convention + * all hosts should import this template. + * + * The CheckCommand object `hostalive` is provided by + * the plugin check command templates. + * Check the documentation for details. + */ +template Host "generic-host" { + max_check_attempts = 3 + check_interval = 1m + retry_interval = 30s + + check_command = "hostalive" +} + +/** + * Provides default settings for services. By convention + * all services should import this template. + */ +template Service "generic-service" { + max_check_attempts = 5 + check_interval = 1m + retry_interval = 30s +} + +/** + * Provides default settings for users. By convention + * all users should inherit from this template. + */ + +template User "generic-user" { + +} diff --git a/files/master/icinga-server.conf b/files/master/icinga-server.conf new file mode 100644 index 0000000..ac94c01 --- /dev/null +++ b/files/master/icinga-server.conf @@ -0,0 +1,34 @@ +object Host "icinga-test.devnet.local" { + /* Import the default host template defined in `templates.conf`. */ + import "generic-host" + + /* Specify the address attributes for checks e.g. `ssh` or `http`. */ + address = "192.168.56.11" + #address6 = "::1" + + /* Set custom variable `os` for hostgroup assignment in `groups.conf`. */ + vars.os = "Linux" + vars.flavour = "Debian 12" + vars.flavour_name = "Bookworm" + + + //vars.disks["disk"] = { + // /* No parameters. */ + //} + + vars.disks["disk /"] = { + disk_partitions = "/" + } + + + vars.http_vhosts["http"] = { + http_uri = "/" + } + + vars.http_vhosts["Icinga Web 2"] = { + http_uri = "/icingaweb2" + } + + + vars.my_groups = ["icinga2-master"] +} diff --git a/files/master/icinga-services.conf b/files/master/icinga-services.conf new file mode 100644 index 0000000..e528241 --- /dev/null +++ b/files/master/icinga-services.conf @@ -0,0 +1,22 @@ +## Icinga APP +apply Service "Icinga2 App Status" { + import "generic-service" + check_command = "icinga" + command_endpoint = host.name + assign where "icinga2-master" in host.vars.my_groups +} + +apply Service "IcingaDB Status" { + import "generic-service" + check_command = "icingadb" + command_endpoint = host.name + assign where "icinga2-master" in host.vars.my_groups +} + +# master only +apply Service "Icinga2 Cluster" { + import "generic-service" + check_command = "cluster" + command_endpoint = host.name + assign where "icinga2-master" in host.vars.my_groups +} diff --git a/inventory/group_vars/icingaserver/constants.yaml b/inventory/group_vars/icingaserver/constants.yaml new file mode 100644 index 0000000..07b0f5e --- /dev/null +++ b/inventory/group_vars/icingaserver/constants.yaml @@ -0,0 +1,2 @@ +icinga2_constants: + TicketSalt: "teletubbi" diff --git a/inventory/group_vars/icingaserver/database.yaml b/inventory/group_vars/icingaserver/database.yaml new file mode 100644 index 0000000..4031f69 --- /dev/null +++ b/inventory/group_vars/icingaserver/database.yaml @@ -0,0 +1,34 @@ +--- +icingadb_database_name: icingadb +icingadb_database_user: icingadb +icingadb_database_host: 127.0.0.1 +icingadb_database_password: icingadb +icingadb_database_type: mysql +icingadb_database_import_schema: true + +icingaweb2_db: + type: mysql + name: icingaweb + host: 127.0.0.1 + user: icingaweb + password: icingaweb + +mysql_packages: + - mariadb-client + - mariadb-server + - python3-mysqldb + +mysql_users: + - name: "{{ icingadb_database_user }}" + host: "%" + password: "{{ icingadb_database_password }}" + priv: "{{ icingadb_database_name }}.*:ALL,GRANT" + - name: "{{ icingaweb2_db.user }}" + host: "%" + password: "{{ icingaweb2_db.password }}" + priv: "{{ icingaweb2_db.name }}.*:ALL" +mysql_databases: + - name: "{{ icingaweb2_db.name }}" + - name: "{{ icingadb_database_name }}" + collation: utf8mb4_general_ci + encoding: utf8mb4 diff --git a/inventory/group_vars/icingaserver/icinga.yaml b/inventory/group_vars/icingaserver/icinga.yaml new file mode 100644 index 0000000..8b0f288 --- /dev/null +++ b/inventory/group_vars/icingaserver/icinga.yaml @@ -0,0 +1,49 @@ +--- + +icinga2_features: + - name: api + ca_host: none + endpoints: + - name: "{{ ansible_fqdn }}" + zones: + - name: "master" + endpoints: + - "{{ ansible_fqdn }}" + - name: "global" + global: true + - name: checker + state: present + - name: icingadb + state: present + host: 127.0.0.1 + port: 6380 + - name: mainlog + severity: information + +icinga2_objects: + icinga-test.devnet.local: + - name: root + type: ApiUser + password: rootpw + file: local.d/apiuser.conf + permissions: + - "*" + - name: icingaweb + type: ApiUser + password: icingaweb + file: local.d/apiuser.conf + permissions: + - "*" + +icinga2_confd: local.d +icinga2_config_directories: + - local.d/ + - zones.d/global/ + - zones.d/global/git + - zones.d/global/static + - zones.d/master/ + - zones.d/master/git + - zones.d/master/static + +icinga_monitoring_plugins_check_commands: + - "all" diff --git a/inventory/group_vars/icingaserver/icingaweb2.yaml b/inventory/group_vars/icingaserver/icingaweb2.yaml new file mode 100644 index 0000000..0c40251 --- /dev/null +++ b/inventory/group_vars/icingaserver/icingaweb2.yaml @@ -0,0 +1,33 @@ +--- +icingaweb2_admin_username: icinga +icingaweb2_admin_password: icinga +icingaweb2_db_import_schema: true + +icingaweb2_resources: + icingadb: + type: db + db: "{{ icingadb_database_type }}" + host: localhost + dbname: "{{ icingadb_database_name }}" + username: "{{ icingadb_database_user }}" + password: "{{ icingadb_database_password }}" + charset: utf8 + +icingaweb2_modules: + icingadb: + enabled: true + source: package + commandtransports: + instance01: + transport: api + host: 127.0.0.1 + username: icingaweb + password: icingaweb + config: + icingadb: + resource: icingadb + redis: + tls: '0' + redis: + redis1: + host: localhost diff --git a/inventory/group_vars/icingaserver/staticfiles.yaml b/inventory/group_vars/icingaserver/staticfiles.yaml new file mode 100644 index 0000000..8c280a0 --- /dev/null +++ b/inventory/group_vars/icingaserver/staticfiles.yaml @@ -0,0 +1,25 @@ +icinga2_custom_config: +## global templates + - name: global/base-templates.conf + path: zones.d/global/static/base_templates.conf + order: 10 + # - name: notification_templates.conf + # path: zones.d/global/notification_templates.conf + # order: 11 + # - name: notification_commands.conf + # path: zones.d/global/notification_commands.conf + # order: 12 + # - name: timeperiods.conf + # path: zones.d/global/timeperiods.conf + # order: 13 + # - name: fsc_commands.conf + # path: zones.d/global/fsc_commands.conf + # order: 14 +## static hosts + - name: master/icinga-server.conf + path: zones.d/master/static/icinga-server.conf + order: 10 +## static services + - name: master/icinga-services.conf + path: zones.d/master/static/icinga-services.conf + order: 10 diff --git a/inventory/host_vars/icinga-test.devnet.local.yaml b/inventory/host_vars/icinga-test.devnet.local.yaml new file mode 100644 index 0000000..ddfc88c --- /dev/null +++ b/inventory/host_vars/icinga-test.devnet.local.yaml @@ -0,0 +1,11 @@ +--- +rollout_user_name: nagios +rollout_privat_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACD0PtL8FseLNvYAlCTzfvIGLwc6n3CTVX53Iu0wAgf4ZgAAAKAYZqcfGGan + HwAAAAtzc2gtZWQyNTUxOQAAACD0PtL8FseLNvYAlCTzfvIGLwc6n3CTVX53Iu0wAgf4Zg + AAAEBNJlQSFz6bCsyuRXeLKqFpDOG3Duap0UG165dn6UaE7vQ+0vwWx4s29gCUJPN+8gYv + BzqfcJNVfnci7TACB/hmAAAAGmljaW5nYS1yb2xsb3V0QGZzYy1sbngtdDE0AQID + -----END OPENSSH PRIVATE KEY----- +rollout_public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQ+0vwWx4s29gCUJPN+8gYvBzqfcJNVfnci7TACB/hm diff --git a/inventory/inventory.yaml b/inventory/inventory.yaml new file mode 100644 index 0000000..51e5824 --- /dev/null +++ b/inventory/inventory.yaml @@ -0,0 +1,9 @@ +--- +all: + children: + icingaserver: + +icingaserver: + hosts: + icinga-test.devnet.local: + ansible_host: 192.168.56.11 diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..90d4055 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +ansible diff --git a/requirements.yaml b/requirements.yaml new file mode 100644 index 0000000..ba229ec --- /dev/null +++ b/requirements.yaml @@ -0,0 +1,6 @@ +--- +roles: +- name: geerlingguy.mysql + +collections: +- icinga.icinga diff --git a/setup-icinga-server.yaml b/setup-icinga-server.yaml new file mode 100644 index 0000000..3ca7937 --- /dev/null +++ b/setup-icinga-server.yaml @@ -0,0 +1,23 @@ +--- +- name: Provision Icinga Server + hosts: icingaserver + remote_user: root + #become: true + tags: server + + roles: + - icinga.icinga.repos + - geerlingguy.mysql + - icinga.icinga.icinga2 + - icinga.icinga.icingadb + - icinga.icinga.icingadb_redis + - icinga.icinga.monitoring_plugins + +- name: setup icingaweb + hosts: icingaserver + remote_user: root + #become: true + tags: web + + roles: + - icinga.icinga.icingaweb2 diff --git a/templates/config.j2 b/templates/config.j2 new file mode 100644 index 0000000..f30d239 --- /dev/null +++ b/templates/config.j2 @@ -0,0 +1,2 @@ +Host * + StrictHostKeyChecking no diff --git a/templates/id_ed25519.j2 b/templates/id_ed25519.j2 new file mode 100644 index 0000000..8006607 --- /dev/null +++ b/templates/id_ed25519.j2 @@ -0,0 +1 @@ +{{ rollout_privat_key }} diff --git a/templates/id_ed25519.pub.j2 b/templates/id_ed25519.pub.j2 new file mode 100644 index 0000000..543ae05 --- /dev/null +++ b/templates/id_ed25519.pub.j2 @@ -0,0 +1 @@ +{{ rollout_public_key }} {{ rollout_user_name }}