self-hosting/roles/icinga2_agent/tasks/main.yml

---

- name: Allow outgoing icinga2
  become: true
  ansible.builtin.copy:
    src: nftables/output.d/icinga2.conf
    dest: /etc/nftables/output.d/icinga2.conf
    mode: 0640
  notify: Reload nftables service

- name: Make sure /var/lib/icinga2/certs directory exists
  become: true
  ansible.builtin.file:
    path: /var/lib/icinga2/certs
    state: directory
    owner: nagios
    group: nagios
    mode: 0700

- name: Create local self-signed certificate
  become: true
  ansible.builtin.command:
    cmd: "icinga2 pki new-cert --cn {{ ansible_hostname }} --key /var/lib/icinga2/certs/{{ ansible_hostname }}.key --cert /var/lib/icinga2/certs/{{ ansible_hostname }}.crt"
    creates: "/var/lib/icinga2/certs/{{ ansible_hostname }}.crt"

- name: Request the master certificate
  become: true
  ansible.builtin.command:
    cmd: "icinga2 pki save-cert --trustedcert /var/lib/icinga2/certs/trusted-master.crt --host {{ icinga2_master }}"
    creates: /var/lib/icinga2/certs/trusted-master.crt
Create local cert for icinga2 agent 2025-01-12 11:38:58 +01:00			`---`

			`- name: Allow outgoing icinga2`
			`become: true`
			`ansible.builtin.copy:`
			`src: nftables/output.d/icinga2.conf`
			`dest: /etc/nftables/output.d/icinga2.conf`
			`mode: 0640`
			`notify: Reload nftables service`

			`- name: Make sure /var/lib/icinga2/certs directory exists`
			`become: true`
			`ansible.builtin.file:`
			`path: /var/lib/icinga2/certs`
			`state: directory`
			`owner: nagios`
			`group: nagios`
			`mode: 0700`

			`- name: Create local self-signed certificate`
			`become: true`
			`ansible.builtin.command:`
			`cmd: "icinga2 pki new-cert --cn {{ ansible_hostname }} --key /var/lib/icinga2/certs/{{ ansible_hostname }}.key --cert /var/lib/icinga2/certs/{{ ansible_hostname }}.crt"`
			`creates: "/var/lib/icinga2/certs/{{ ansible_hostname }}.crt"`
Request master cert 2025-01-12 11:42:20 +01:00
			`- name: Request the master certificate`
			`become: true`
			`ansible.builtin.command:`
			`cmd: "icinga2 pki save-cert --trustedcert /var/lib/icinga2/certs/trusted-master.crt --host {{ icinga2_master }}"`
			`creates: /var/lib/icinga2/certs/trusted-master.crt`