self-hosting/roles/icinga2_master/tasks/main.yml

---

- name: Allow icinga2 to/from Agent, and needed ports for some checks
  become: true
  ansible.builtin.template:
    src: "nftables/{{ item }}.d/icinga2.conf.j2"
    dest: "/etc/nftables/{{ item }}.d/icinga2.conf"
    mode: 0640
  loop:
    - input
    - output
  notify: Reload nftables service

- name: Add Icinga2 Agent to /etc/hosts
  become: true
  ansible.builtin.lineinfile:
    path: /etc/hosts
    line: "{{ hostvars[icinga2_agent].ipv4_addr }}\t{{ icinga2_agent }}"

- name: Setup Master node
  become: true
  ansible.builtin.command:
    cmd: "icinga2 node setup --master --cn {{ ansible_hostname }} --disable-confd"
    creates: "/var/lib/icinga2/certs/{{ ansible_hostname }}.crt"
  notify: Restart icinga2 service

- name: Copy zones.conf file
  become: true
  ansible.builtin.template:
    src: zones.conf.j2
    dest: /etc/icinga2/zones.conf
    owner: nagios
    group: nagios
    mode: 0644
  notify: Reload icinga2 service

- name: Create master zone directory
  become: true
  ansible.builtin.file:
    path: /etc/icinga2/zones.d/master
    state: directory
    owner: nagios
    group: nagios
    mode: 0750

- name: Copy files under master zone directory
  become: true
  ansible.builtin.template:
    src: "{{ item }}"
    dest: "/etc/icinga2/zones.d/master/{{ item | basename | replace('.j2', '') }}"
    owner: nagios
    group: nagios
    mode: 0644
  with_fileglob:
    - "{{ role_path }}/templates/zones.d/master/*"
  notify: Reload icinga2 service

- name: Install bsd-mailx for sending mail notifications
  become: true
  ansible.builtin.apt:
    name: bsd-mailx

- name: Copy get_service_states.sh script
  become: true
  ansible.builtin.template:
    src: get_service_states.sh.j2
    dest: /usr/local/bin/get_service_states.sh
    owner: root
    group: root
    mode: 0700
Start role icinga2_master 2025-01-11 12:44:28 +01:00			`---`

Add needed ports to check hosts 2025-01-24 23:42:30 +01:00			`- name: Allow icinga2 to/from Agent, and needed ports for some checks`
Allow icinga2 in nftables 2025-01-12 11:02:58 +01:00			`become: true`
Restrict nftables icinga2 master/agent rules to each other 2025-01-14 11:07:46 +01:00			`ansible.builtin.template:`
Allow icinga2 connections in both directions 2025-01-19 19:23:40 +01:00			`src: "nftables/{{ item }}.d/icinga2.conf.j2"`
			`dest: "/etc/nftables/{{ item }}.d/icinga2.conf"`
Allow icinga2 in nftables 2025-01-12 11:02:58 +01:00			`mode: 0640`
Allow icinga2 connections in both directions 2025-01-19 19:23:40 +01:00			`loop:`
			`- input`
			`- output`
Allow icinga2 in nftables 2025-01-12 11:02:58 +01:00			`notify: Reload nftables service`

Icinga2: Add each other to /etc/hosts 2025-01-14 11:25:27 +01:00			`- name: Add Icinga2 Agent to /etc/hosts`
			`become: true`
			`ansible.builtin.lineinfile:`
			`path: /etc/hosts`
Use fixed addresses for accessing each host No need for ansible_facts.default_ipv4 which yields errors 2025-01-24 10:14:47 +01:00			`line: "{{ hostvars[icinga2_agent].ipv4_addr }}\t{{ icinga2_agent }}"`
Icinga2: Add each other to /etc/hosts 2025-01-14 11:25:27 +01:00
Add icinga2 master setup 2025-01-12 10:32:24 +01:00			`- name: Setup Master node`
			`become: true`
			`ansible.builtin.command:`
			`cmd: "icinga2 node setup --master --cn {{ ansible_hostname }} --disable-confd"`
			`creates: "/var/lib/icinga2/certs/{{ ansible_hostname }}.crt"`
			`notify: Restart icinga2 service`
Start configuration of zones.d 2025-01-14 13:08:24 +01:00
Copy zones.conf with to connect endpoints of master/agent 2025-01-16 22:23:32 +01:00			`- name: Copy zones.conf file`
			`become: true`
			`ansible.builtin.template:`
			`src: zones.conf.j2`
			`dest: /etc/icinga2/zones.conf`
			`owner: nagios`
			`group: nagios`
			`mode: 0644`
			`notify: Reload icinga2 service`

Start configuration of zones.d 2025-01-14 13:08:24 +01:00			`- name: Create master zone directory`
			`become: true`
			`ansible.builtin.file:`
			`path: /etc/icinga2/zones.d/master`
			`state: directory`
			`owner: nagios`
			`group: nagios`
			`mode: 0750`
Start adding hosts and services 2025-01-16 22:45:11 +01:00
			`- name: Copy files under master zone directory`
			`become: true`
			`ansible.builtin.template:`
			`src: "{{ item }}"`
			`dest: "/etc/icinga2/zones.d/master/{{ item \| basename \| replace('.j2', '') }}"`
			`owner: nagios`
			`group: nagios`
			`mode: 0644`
			`with_fileglob:`
with_fileglob doesn't work out of the box for templates 2025-01-17 22:43:08 +01:00			`- "{{ role_path }}/templates/zones.d/master/*"`
Start adding hosts and services 2025-01-16 22:45:11 +01:00			`notify: Reload icinga2 service`
Log icinga2 notifications to syslog while testing 2025-01-19 22:02:12 +01:00
			`- name: Install bsd-mailx for sending mail notifications`
			`become: true`
			`ansible.builtin.apt:`
			`name: bsd-mailx`
Add a script to query service states 2025-01-24 23:22:05 +01:00
			`- name: Copy get_service_states.sh script`
			`become: true`
			`ansible.builtin.template:`
			`src: get_service_states.sh.j2`
			`dest: /usr/local/bin/get_service_states.sh`
			`owner: root`
			`group: root`
			`mode: 0700`