From daaf6c173a8fde0060f7b059d039e7cb371b4f65 Mon Sep 17 00:00:00 2001 From: Sheppy Date: Fri, 7 Jul 2023 10:37:20 +0000 Subject: [PATCH] feat: icingaweb2 auth config --- roles/monitoring-master/tasks/icinga.yaml | 14 +++++++ .../templates/icingaweb2/authentication.ini | 14 +++++++ .../templates/icingaweb2/config.ini | 10 +++++ .../templates/icingaweb2/groups.ini | 12 ++++++ .../templates/icingaweb2/resources.ini | 41 +++++++++++++++++++ .../templates/icingaweb2/roles.ini | 10 +++++ 6 files changed, 101 insertions(+) create mode 100644 roles/monitoring-master/templates/icingaweb2/authentication.ini create mode 100644 roles/monitoring-master/templates/icingaweb2/config.ini create mode 100644 roles/monitoring-master/templates/icingaweb2/groups.ini create mode 100644 roles/monitoring-master/templates/icingaweb2/resources.ini create mode 100644 roles/monitoring-master/templates/icingaweb2/roles.ini diff --git a/roles/monitoring-master/tasks/icinga.yaml b/roles/monitoring-master/tasks/icinga.yaml index e7ea503..8028e29 100644 --- a/roles/monitoring-master/tasks/icinga.yaml +++ b/roles/monitoring-master/tasks/icinga.yaml @@ -165,3 +165,17 @@ mode: 0755 notify: - restart nginx + +- name: Copy icingaweb2-config + template: + src: "icingaweb2/{{ item }}" + dest: "/etc/icingaweb2/{{ item }}" + mode: 0660 + owner: root + group: icingaweb2 + with_items: + - resources.ini + - roles.ini + - config.ini + - authentication.ini + - groups.ini diff --git a/roles/monitoring-master/templates/icingaweb2/authentication.ini b/roles/monitoring-master/templates/icingaweb2/authentication.ini new file mode 100644 index 0000000..76edd9a --- /dev/null +++ b/roles/monitoring-master/templates/icingaweb2/authentication.ini @@ -0,0 +1,14 @@ +[icingaweb2] +backend = "db" +resource = "icingaweb_db" + +[autologin] +backend = "external" + +[ldap_users] +backend = ldap +resource = ldap_auth +group_backend = "ldap_groups" +user_class = inetOrgPerson +user_name_attribute = uid +#filter = "memberOf=cn=icinga,cn=groups,cn=accounts,dc=icinga,dc=org" diff --git a/roles/monitoring-master/templates/icingaweb2/config.ini b/roles/monitoring-master/templates/icingaweb2/config.ini new file mode 100644 index 0000000..02b59ac --- /dev/null +++ b/roles/monitoring-master/templates/icingaweb2/config.ini @@ -0,0 +1,10 @@ +[global] +show_stacktraces = "1" +show_application_state_messages = "1" +config_backend = "db" +config_resource = "icingaweb_db" + +[logging] +log = "file" +level = "INFO" +file = "/var/log/icingaweb2.log" diff --git a/roles/monitoring-master/templates/icingaweb2/groups.ini b/roles/monitoring-master/templates/icingaweb2/groups.ini new file mode 100644 index 0000000..edd040e --- /dev/null +++ b/roles/monitoring-master/templates/icingaweb2/groups.ini @@ -0,0 +1,12 @@ +[icingaweb2] +backend = "db" +resource = "icingaweb_db" + +[ldap_groups] +backend = "ldap" +resource = "ldap_groups_auth" +group_class = "groupOfNames" +group_name_attribute = "cn" +user_name_attribute = "uid" +user_backend = "ldap_users" +user_class = "inetOrgPerson" diff --git a/roles/monitoring-master/templates/icingaweb2/resources.ini b/roles/monitoring-master/templates/icingaweb2/resources.ini new file mode 100644 index 0000000..c6dc334 --- /dev/null +++ b/roles/monitoring-master/templates/icingaweb2/resources.ini @@ -0,0 +1,41 @@ +[icingaweb_db] +type = "db" +db = "pgsql" +host = "localhost" +port = "5432" +dbname = "icinga_web" +username = "icinga_web" +password = "HISTORY_PURGED_SECRET" +charset = "" +use_ssl = "0" + +[icinga_ido] +type = "db" +db = "pgsql" +host = "localhost" +port = "5432" +dbname = "icinga2" +username = "icinga2" +password = "HISTORY_PURGED_SECRET" +charset = "" +use_ssl = "0" + +[ldap_auth] +type = "ldap" +hostname = "{{ ldap_server }}" +port = "389" +encryption = "none" +root_dn = "{{ ldap_user_dn }}" +bind_dn = "{{ ldap_bind_dn }}" +bind_pw = "{{ ldap_password }}" +timeout = "5" + +[ldap_groups_auth] +type = "ldap" +hostname = "{{ ldap_server }}" +port = "389" +encryption = "none" +root_dn = "{{ ldap_group_dn }}" +bind_dn = "{{ ldap_bind_dn }}" +bind_pw = "{{ ldap_password }}" +timeout = "5" diff --git a/roles/monitoring-master/templates/icingaweb2/roles.ini b/roles/monitoring-master/templates/icingaweb2/roles.ini new file mode 100644 index 0000000..6fe3f4b --- /dev/null +++ b/roles/monitoring-master/templates/icingaweb2/roles.ini @@ -0,0 +1,10 @@ +[Administrators] +users = "sheppy" +permissions = "*" +groups = "Administrators" + +[icinga] +users = "*" +groups = "icinga" +monitoring/filter/objects = "host_name=$user:local_name$" +permissions = "module/monitoring,monitoring/*"