feat: icingaweb2 auth config

2025-12-09 21:38:33 +01:00 · 2023-07-07 10:37:20 +00:00
parent f7fbbe0565
commit daaf6c173a
6 changed files with 101 additions and 0 deletions
--- a/roles/monitoring-master/tasks/icinga.yaml
+++ b/roles/monitoring-master/tasks/icinga.yaml
@@ -165,3 +165,17 @@
    mode: 0755
  notify:
    - restart nginx
+
+- name: Copy icingaweb2-config
+  template:
+    src: "icingaweb2/{{ item }}"
+    dest: "/etc/icingaweb2/{{ item }}"
+    mode: 0660
+    owner: root
+    group: icingaweb2
+  with_items:
+    - resources.ini
+    - roles.ini
+    - config.ini
+    - authentication.ini
+    - groups.ini
--- a/roles/monitoring-master/templates/icingaweb2/authentication.ini
+++ b/roles/monitoring-master/templates/icingaweb2/authentication.ini
@@ -0,0 +1,14 @@
+[icingaweb2]
+backend = "db"
+resource = "icingaweb_db"
+
+[autologin]
+backend    = "external"
+
+[ldap_users]
+backend             = ldap
+resource            = ldap_auth
+group_backend       = "ldap_groups"
+user_class          = inetOrgPerson
+user_name_attribute = uid
+#filter              = "memberOf=cn=icinga,cn=groups,cn=accounts,dc=icinga,dc=org"
--- a/roles/monitoring-master/templates/icingaweb2/config.ini
+++ b/roles/monitoring-master/templates/icingaweb2/config.ini
@@ -0,0 +1,10 @@
+[global]
+show_stacktraces = "1"
+show_application_state_messages = "1"
+config_backend = "db"
+config_resource = "icingaweb_db"
+
+[logging]
+log = "file"
+level = "INFO"
+file = "/var/log/icingaweb2.log"
--- a/roles/monitoring-master/templates/icingaweb2/groups.ini
+++ b/roles/monitoring-master/templates/icingaweb2/groups.ini
@@ -0,0 +1,12 @@
+[icingaweb2]
+backend = "db"
+resource = "icingaweb_db"
+
+[ldap_groups]
+backend = "ldap"
+resource = "ldap_groups_auth"
+group_class = "groupOfNames"
+group_name_attribute = "cn"
+user_name_attribute = "uid"
+user_backend = "ldap_users"
+user_class = "inetOrgPerson"
--- a/roles/monitoring-master/templates/icingaweb2/resources.ini
+++ b/roles/monitoring-master/templates/icingaweb2/resources.ini
@@ -0,0 +1,41 @@
+[icingaweb_db]
+type = "db"
+db = "pgsql"
+host = "localhost"
+port = "5432"
+dbname = "icinga_web"
+username = "icinga_web"
+password = "HISTORY_PURGED_SECRET"
+charset = ""
+use_ssl = "0"
+
+[icinga_ido]
+type = "db"
+db = "pgsql"
+host = "localhost"
+port = "5432"
+dbname = "icinga2"
+username = "icinga2"
+password = "HISTORY_PURGED_SECRET"
+charset = ""
+use_ssl = "0"
+
+[ldap_auth]
+type = "ldap"
+hostname = "{{ ldap_server }}"
+port = "389"
+encryption = "none"
+root_dn = "{{ ldap_user_dn }}"
+bind_dn = "{{ ldap_bind_dn }}"
+bind_pw = "{{ ldap_password }}"
+timeout = "5"
+
+[ldap_groups_auth]
+type = "ldap"
+hostname = "{{ ldap_server }}"
+port = "389"
+encryption = "none"
+root_dn = "{{ ldap_group_dn }}"
+bind_dn = "{{ ldap_bind_dn }}"
+bind_pw = "{{ ldap_password }}"
+timeout = "5"
--- a/roles/monitoring-master/templates/icingaweb2/roles.ini
+++ b/roles/monitoring-master/templates/icingaweb2/roles.ini
@@ -0,0 +1,10 @@
+[Administrators]
+users = "sheppy"
+permissions = "*"
+groups = "Administrators"
+
+[icinga]
+users = "*"
+groups = "icinga"
+monitoring/filter/objects = "host_name=$user:local_name$"
+permissions = "module/monitoring,monitoring/*"