mirror of
https://github.com/FAUSheppy/no-secrets-athq-ansible
synced 2025-12-09 21:08:32 +01:00
191 lines
4.3 KiB
YAML
191 lines
4.3 KiB
YAML
- name: Install Dependecies
|
|
apt:
|
|
pkg:
|
|
- git
|
|
- docker-compose
|
|
- nginx
|
|
state: present
|
|
|
|
- name: Clone Passive Monitoring
|
|
git:
|
|
repo: https://github.com/FAUSheppy/icinga-passive-checks-monitoring
|
|
dest: "/etc/monitoring/"
|
|
version: master
|
|
|
|
- name: Clone Monitoring tools
|
|
git:
|
|
repo: https://github.com/FAUSheppy/monitoring-tools
|
|
dest: "/etc/monitoring-tools/"
|
|
version: master
|
|
notify: restart icinga
|
|
|
|
- name: Set monitoring tools permissions
|
|
file:
|
|
dest: /etc/monitoring-tools/
|
|
owner: root
|
|
mode: u=rwX,g=rX,o=rX
|
|
recurse: yes
|
|
|
|
- name: Set monitoring permissions
|
|
file:
|
|
dest: /etc/monitoring/
|
|
owner: root
|
|
mode: u=rwX,g=rX,o=rX
|
|
recurse: yes
|
|
|
|
- name: Copy nsca-ng and send_nsca to /bin/
|
|
copy:
|
|
src: nsca-ng
|
|
dest: /bin/nsca-ng
|
|
mode: 0755
|
|
|
|
- name: Copy nsca-ng and send_nsca to /bin/
|
|
copy:
|
|
src: send_nsca
|
|
dest: /bin/send_nsca
|
|
mode: 0755
|
|
|
|
- name: Create nsca server directory
|
|
file:
|
|
path: /etc/nsca-ng/
|
|
mode: 0750
|
|
owner: root
|
|
group: nagios
|
|
|
|
- name: Copy nsca server config
|
|
template:
|
|
src: nsca_server.conf
|
|
dest: /etc/nsca-ng/nsca-ng.cfg
|
|
owner: root
|
|
group: nagios
|
|
mode: 0644
|
|
notify:
|
|
- nsca-ng service reload
|
|
|
|
- name: Copy nsca systemd unit
|
|
copy:
|
|
src: nsca-ng.service
|
|
dest: /etc/systemd/user/nsca-ng.service
|
|
mode: 0644
|
|
notify:
|
|
- nsca-ng service reload
|
|
|
|
- name: Enable and start nsca-ng
|
|
systemd:
|
|
name: nsca-ng.service
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Copy icinga configuration
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /etc/icinga2/conf.d/
|
|
owner: root
|
|
group: nagios
|
|
mode: 0640
|
|
with_items:
|
|
- icinga_master_hosts.conf
|
|
- services_vhosts_http_checks.conf
|
|
- services_passive.conf
|
|
- services_passive_mail_extern.conf
|
|
- services_async.conf
|
|
- users.conf
|
|
- michy-ese-server.conf
|
|
- async-icinga-services-dynamic.conf
|
|
notify:
|
|
- restart icinga
|
|
|
|
- name: Template icinga configuration
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: /etc/icinga2/conf.d/
|
|
owner: root
|
|
group: nagios
|
|
mode: 0640
|
|
with_items:
|
|
- mail_notifications.conf
|
|
notify:
|
|
- restart icinga
|
|
|
|
- name: Change icinga log level
|
|
lineinfile:
|
|
path: /etc/icinga2/features-enabled/mainlog.conf
|
|
line: ' severity = "warning"'
|
|
notify: restart icinga
|
|
|
|
- name: Add signal vars
|
|
lineinfile:
|
|
path: /etc/icinga2/constants.conf
|
|
line: "{{ item }}"
|
|
with_items:
|
|
# WARNING ME LAZY BITCH, YOU HAVE TO DELETE THOSE ON THE SERVER OR IT WONT WORK #
|
|
# i mean it will work because they will be added at the end and overwrite
|
|
# previous definitions but ya know write a regex its fucking 03:39 am
|
|
- 'const signal_gateway_host = "{{ event_dispatcher_host }}"'
|
|
- 'const signal_gateway_port = "{{ event_dispatcher_port }}"'
|
|
- 'const signal_gateway_proto = "{{ event_dispatcher_proto }}"'
|
|
- 'const dispatch_access_token = "{{ event_dispatcher_pass }}"'
|
|
notify: restart icinga
|
|
|
|
- name: Signal command loaded from monitoring tools
|
|
lineinfile:
|
|
path: /etc/icinga2/icinga2.conf
|
|
line: '"include /etc/monitoring-tools/commands.d/signal-notify.conf"'
|
|
notify:
|
|
- restart icinga
|
|
|
|
- name: OAuth2Proxy directories
|
|
file:
|
|
path: "/opt/oauth2proxy/{{ item }}/"
|
|
state: directory
|
|
recurse: yes
|
|
with_items:
|
|
- icinga
|
|
|
|
- name: include services ports
|
|
include_vars: services.yaml
|
|
|
|
- name: Deploy OAuth2Proxy compose files
|
|
template:
|
|
src: oauth-standalone-docker-compose.yaml
|
|
dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
|
|
with_items:
|
|
- icinga
|
|
|
|
- name: Deploy OAuth2Proxy
|
|
community.docker.docker_compose:
|
|
project_src: /opt/oauth2proxy/{{ item }}/
|
|
pull: true
|
|
with_items:
|
|
- icinga
|
|
|
|
- name: Copy icinga web nginx conf
|
|
copy:
|
|
src: icinga-nginx.conf
|
|
dest: /etc/nginx/sites-enabled/icinga.conf
|
|
mode: 0755
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: Copy icingaweb2-config
|
|
template:
|
|
src: "icingaweb2/{{ item }}"
|
|
dest: "/etc/icingaweb2/{{ item }}"
|
|
mode: 0660
|
|
owner: root
|
|
group: icingaweb2
|
|
with_items:
|
|
- resources.ini
|
|
- roles.ini
|
|
- config.ini
|
|
- authentication.ini
|
|
- groups.ini
|
|
|
|
- name: Template dispatcher gateway passfile
|
|
template:
|
|
src: dispatcher-pass-file.txt
|
|
dest: /etc/icinga2/dispatcher-pass-file.txt
|
|
mode: 0660
|
|
owner: root
|
|
group: nagios
|