30 lines
993 B
YAML
30 lines
993 B
YAML
---
|
|
|
|
- name: Allow outgoing icinga2
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: nftables/output.d/icinga2.conf
|
|
dest: /etc/nftables/output.d/icinga2.conf
|
|
mode: 0640
|
|
notify: Reload nftables service
|
|
|
|
- name: Make sure /var/lib/icinga2/certs directory exists
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /var/lib/icinga2/certs
|
|
state: directory
|
|
owner: nagios
|
|
group: nagios
|
|
mode: 0700
|
|
|
|
- name: Create local self-signed certificate
|
|
become: true
|
|
ansible.builtin.command:
|
|
cmd: "icinga2 pki new-cert --cn {{ ansible_hostname }} --key /var/lib/icinga2/certs/{{ ansible_hostname }}.key --cert /var/lib/icinga2/certs/{{ ansible_hostname }}.crt"
|
|
creates: "/var/lib/icinga2/certs/{{ ansible_hostname }}.crt"
|
|
|
|
- name: Request the master certificate
|
|
become: true
|
|
ansible.builtin.command:
|
|
cmd: "icinga2 pki save-cert --trustedcert /var/lib/icinga2/certs/trusted-master.crt --host {{ icinga2_master }}"
|
|
creates: /var/lib/icinga2/certs/trusted-master.crt
|