--- - name: Gather Icinga2 Master facts delegate_to: "{{ icinga2_master }}" delegate_facts: true ansible.builtin.setup: gather_subset: default_ipv4 register: i2_master - name: Allow outgoing icinga2 become: true ansible.builtin.template: src: nftables/output.d/icinga2.conf.j2 dest: /etc/nftables/output.d/icinga2.conf mode: 0640 notify: Reload nftables service - name: Make sure /var/lib/icinga2/certs directory exists become: true ansible.builtin.file: path: /var/lib/icinga2/certs state: directory owner: nagios group: nagios mode: 0700 - name: Create local self-signed certificate become: true ansible.builtin.command: argv: - icinga2 - pki - new-cert - --cn - "{{ ansible_hostname }}" - --key - "/var/lib/icinga2/certs/{{ ansible_hostname }}.key" - --cert - "/var/lib/icinga2/certs/{{ ansible_hostname }}.crt" creates: "/var/lib/icinga2/certs/{{ ansible_hostname }}.crt" - name: Request the master certificate become: true ansible.builtin.command: argv: - icinga2 - pki - save-cert - --trustedcert - /var/lib/icinga2/certs/trusted-master.crt - --host - "{{ icinga2_master }}" creates: /var/lib/icinga2/certs/trusted-master.crt - name: Generate ticket delegate_to: "{{ icinga2_master }}" become: true ansible.builtin.command: cmd: icinga2 pki ticket --cn {{ ansible_hostname }} changed_when: false register: ticketsalt - name: Setup agent node become: true ansible.builtin.command: argv: - icinga2 - node - setup - --ticket - "{{ ticketsalt.stdout }}" - --cn - "{{ ansible_hostname }}" - --trustedcert - /var/lib/icinga2/certs/trusted-master.crt - --parent_host - "{{ icinga2_master }}" - --endpoint - "{{ icinga2_master }}" - --zone - "{{ ansible_hostname }}" - --parent_zone - master - --accept-config - --accept-commands - --disable-confd creates: /var/lib/icinga2/certs/ticket notify: Restart icinga2 service