Folgende Dateien werden in einem Verzeichnis abgelegt. Die Ansible Playbooks werden in der Reihenfolge gestartet wie sie benannt sind (*step1... *step2... *step3).
ansible.cfg
inventory = /opt/ansible/test
ask_pass = False
host_key_checking = False
gathering = explicit
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
command_timeout = 180
connect_timeout = 100
connect_retry_timeout = 100
[accelerate]
[selinux]
[colors]
[diff]inventory
[icingahost]
icinga2 ansible_host=IP-ADDRESS
[icingahost:vars]
ansible_connection=ssh
ansible_user=root
ansible_password=SECUREicinga_install_step_1.yml
- name: Automatische Icinga Installation und Konfiguration
hosts: icinga2
vars:
icinga_url: http://IP-ADDRESS
hostname: host.domain.local
tasks:
- name: Setting Hostname to {{ hostname }}
ansible.builtin.hostname:
name: "{{ hostname }}"
use: systemd
- name: Disable SELinux
ansible.posix.selinux:
state: disabled
- name: Disable and Stop Firewalld
service:
name: firewalld
state: stopped
enabled: false
- name: Create incubator Install Script
ansible.builtin.lineinfile:
path: /tmp/php_install.sh
line: '{{ item }}'
create: yes
mode: '0755'
with_items:
- dnf module -y reset php
- dnf module -y enable php:7.3
- dnf module -y install php:7.3/common
- name: Start PHP Install
shell: /tmp/php_install.sh
- name: Reboot Machine
ansible.builtin.reboot:icinga_install_step_2.yml
- name: Automatische Icinga Installation und Konfiguration
hosts: icinga2
vars:
icinga_url: http://IP-ADDRESS
ipaddress: IP-ADDRESS
hostname_short: host
hostname: host.domain.local
http_user: apache
mysql_pass: SECURE
tasks:
- rpm_key:
state: present
key: 'https://packages.icinga.com/icinga.key'
- rpm_key:
state: present
key: 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8'
- name: Install Packages
dnf:
name: 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm'
state: present
update_cache: True
- name: Update all Packages on System
ansible.builtin.dnf:
name: "*"
state: latest
- name: Install CPAN und perl-devel
yum: name={{ item }}
state=present
with_items:
- perl
- perl-devel
- perl-CPAN
- name: download cpanm
get_url: url=http://cpanmin.us/
dest=/tmp/cpanm.pl
mode=755
- name: Install cpan fuer die Nutzung vom cpan Ansible Modul
command: perl cpanm.pl App::cpanminus
args:
chdir: /tmp/
creates: /usr/bin/cpanm
- name: Install Perl Net::SNMP
cpanm: name=Net::SNMP
notest=True
- name: Install Packages
dnf:
name: '{{ item }}'
state: present
update_cache: True
with_items:
- php
- php-common
- php-fpm
- php-cli
- php-devel
- php-xml
- php-json
- php-pear
- php-intl
- php-dba
- php-pdo
- php-soap
- php-mysqlnd
- php-gd
- php-snmp
- php-mbstring
- php-pecl-zip
- php-pear-Date
- php-pear-Mail
- php-pear-Net-URL
- python3-mysqlclient
- compat-openssl10
- libnsl
- php-gmp
- ntfs-3g
- perl-Time-Duration
- nagios-plugins
- rsync
- git
- wget
- expect
- ruby-devel
- ant
- texlive
- '@Development Tools'
- ImageMagick
- ImageMagick-perl
- ImageMagick-libs
- ImageMagick-devel
- nagios-plugins-apt
- nagios-plugins-bonding
- nagios-plugins-breeze
- nagios-plugins-by_ssh
- nagios-plugins-cluster
- nagios-plugins-dbi
- nagios-plugins-dhcp
- nagios-plugins-dig
- nagios-plugins-disk
- nagios-plugins-dns
- nagios-plugins-dummy
- nagios-plugins-file_age
- nagios-plugins-flexlm
- nagios-plugins-fping
- nagios-plugins-fts
- nagios-plugins-hpjd
- nagios-plugins-http
- nagios-plugins-icmp
- nagios-plugins-ide_smart
- nagios-plugins-ircd
- nagios-plugins-ldap
- nagios-plugins-load
- nagios-plugins-log
- nagios-plugins-mailq
- nagios-plugins-mrtg
- nagios-plugins-mrtgtraf
- nagios-plugins-mysql
- nagios-plugins-nagios
- nagios-plugins-nrpe
- nagios-plugins-nt
- nagios-plugins-ntp
- nagios-plugins-nwstat
- nagios-plugins-oracle
- nagios-plugins-overcr
- nagios-plugins-perl
- nagios-plugins-pgsql
- nagios-plugins-ping
- nagios-plugins-procs
- nagios-plugins-radius
- nagios-plugins-real
- nagios-plugins-remove_perfdata
- nagios-plugins-rpc
- nagios-plugins-sensors
- nagios-plugins-smtp
- nagios-plugins-snmp
- nagios-plugins-snmp-disk-proc
- nagios-plugins-ssh
- nagios-plugins-ssl_validity
- nagios-plugins-swap
- nagios-plugins-tcp
- nagios-plugins-time
- nagios-plugins-ups
- nagios-plugins-uptime
- nagios-plugins-users
- nagios-plugins-wave
- 'https://packages.icinga.com/epel/icinga-rpm-release-8-latest.noarch.rpm'
- icinga2
- icinga2-ido-mysql
- cpan
- libzip
- name: Install pear package Imagick
community.general.pear:
name: pecl/Imagick
state: present
- name: Install Perl LWP
cpanm: name=LWP
notest=True
- name: Install Perl JSON
cpanm: name=JSON
notest=True
- name: Install Perl Time::Piece
cpanm: name=Time::Piece
notest=True
- name: Install Perl LWP::Protocol::https
cpanm: name=LWP::Protocol::https
notest=True
- name: Install Perl List::Compare
cpanm: name=List::Compare
notest=True
- name: Install pysnmp for Python 3.6 specifically, using the 'pip3.6' executable
ansible.builtin.pip:
name: pysnmp
executable: pip3.6
- name: Enable and start httpd
ansible.builtin.systemd:
name: httpd
state: started
enabled: yes
- name: User apache to Group icingacmd
user: name={{ http_user }}
groups=icingacmd
append=yes
- name: Install MySQL MariaDB
dnf:
name: '{{ item }}'
state: present
update_cache: True
with_items:
- mariadb
- mariadb-server
- mariadb-common
- name: Enable and start mariadb
ansible.builtin.systemd:
name: mariadb
state: started
enabled: yes
- name: Setting MySQL Password
mysql_user:
login_host: 'localhost'
login_user: 'root'
login_password: ''
name: 'root'
password: '{{ mysql_pass }}'
state: present
- name: Modify file /etc/hosts
ansible.builtin.lineinfile:
path: /etc/hosts
line: '{{ ipaddress }} {{ hostname }} {{ hostname_short }}'
- name: Setting MariaDB Parameter
ansible.builtin.lineinfile:
path: /etc/my.cnf.d/mariadb-server.cnf
line: '{{ item }}'
insertbefore: datadir
with_items:
- query_cache_limit = 16M
- query_cache_size = 128M
- query_cache_type = 1
- tmp_table_size= 960M
- max_heap_table_size= 830M
- performance_schema = ON
- innodb_log_file_size = 16M
- innodb_buffer_pool_instances = 1
- max_allowed_packet=500M
- name: Performance Tuning Limits
ansible.builtin.lineinfile:
path: /root/.bashrc
line: '{{ item }}'
insertafter: '# .bashrc'
with_items:
- ulimit -n 90000
- name: Enable Icinga2 Feature
community.general.icinga2_feature:
name: '{{ item }}'
state: present
with_items:
- perfdata
- statusdata
- livestatus
- syslog
- ido-mysql
- command
- name: Create database icingadb
community.mysql.mysql_db:
check_implicit_admin: yes
login_user: root
login_password: '{{ mysql_pass }}'
name: icingadb
state: present
- name: Create icinga user
community.mysql.mysql_user:
login_user: root
login_password: '{{ mysql_pass }}'
name: icinga
password: icinga
priv:
'icingadb.*': 'ALL,GRANT'
- name: Import icinga2 schema
community.mysql.mysql_db:
login_user: root
login_password: '{{ mysql_pass }}'
name: icingadb
target: '/usr/share/icinga2-ido-mysql/schema/mysql.sql'
state: import
- name: IDO-MySQL Konfiguration
ansible.builtin.lineinfile:
path: /etc/icinga2/features-available/ido-mysql.conf
line: '{{ item }}'
insertafter: 'object IdoMysqlConnection "ido-mysql" {'
with_items:
- user = "icinga"
- password = "icinga"
- host = "localhost"
- database = "icingadb"
- name: Restart Icinga2
ansible.builtin.systemd:
name: icinga2
state: restarted
- name: Reboot Machine
ansible.builtin.reboot:icinga_install_step_3.yml
- name: Automatische Icinga Installation und Konfiguration
hosts: icinga2
vars:
icinga_url: http://IP-ADDRESS
ipaddress: IP-ADDRESS
hostname_short: host
hostname: host.domain.local
http_user: apache
mysql_pass: SECURE
tasks:
- name: Install Packages
dnf:
name: '{{ item }}'
state: present
update_cache: True
with_items:
- icingaweb2
- icingacli
- name: Setting php.ini Parameter
ansible.builtin.lineinfile:
path: /etc/php.ini
line: '{{ item }}'
with_items:
- date.timezone = "Europe/Berlin"
- date.default_latitude = 52.5194
- date.default_longitude = 13.4067
- extension = imagick.so
- name: Restart httpd
ansible.builtin.systemd:
name: httpd
state: restarted
- name: Icinga Token
shell: icingacli setup token create
register: tokencode
ignore_errors: True
- name: Tokencode Output
debug:
msg: "Tokencode ist: {{ tokencode }}"
- name: Enable Module setup
shell: icingacli module enable setup
- name: Icinga API Setup
shell: icinga2 api setup
- name: Icinga enable api feature
shell: icinga2 feature enable api
- name: Restart icinga2
ansible.builtin.systemd:
name: icinga2
state: restarted
- name: Setting icingaweb2 resources.ini
ansible.builtin.lineinfile:
path: /etc/icingaweb2/resources.ini
line: '{{ item }}'
create: yes
with_items:
- [Director DB]
- type = "db"
- db = "mysql"
- host = "localhost"
- dbname = "director"
- username = "director"
- password = "director"
- charset = "utf8"
- name: Create database director
community.mysql.mysql_db:
check_implicit_admin: yes
login_user: root
login_password: '{{ mysql_pass }}'
name: director
state: present
- name: Create director user
community.mysql.mysql_user:
login_user: root
login_password: '{{ mysql_pass }}'
name: director
password: director
priv:
'director.*': 'ALL,GRANT'
- name: Create director Install Script
ansible.builtin.lineinfile:
path: /tmp/director_install.sh
line: '{{ item }}'
create: yes
mode: '0755'
with_items:
- MODULE_VERSION="1.9.1"
- ICINGAWEB_MODULEPATH="/usr/share/icingaweb2/modules"
- REPO_URL="https://github.com/icinga/icingaweb2-module-director"
- TARGET_DIR="${ICINGAWEB_MODULEPATH}/director"
- useradd -r -g icingaweb2 -d /var/lib/icingadirector -s /bin/false icingadirector
- install -d -o icingadirector -g icingaweb2 -m 0750 /var/lib/icingadirector
- git clone "${REPO_URL}" "${TARGET_DIR}" --branch v${MODULE_VERSION}
- cp "${TARGET_DIR}/contrib/systemd/icinga-director.service" /etc/systemd/system/
- name: Start Director Install
shell: /tmp/director_install.sh
- name: Import Director schema
community.mysql.mysql_db:
login_user: root
login_password: '{{ mysql_pass }}'
name: director
target: '/usr/share/icingaweb2/modules/director/schema/mysql.sql'
state: import
- name: Create director config.ini
ansible.builtin.lineinfile:
path: /usr/share/icingaweb2/modules/director/config.ini
line: '{{ item }}'
create: yes
with_items:
- [db]
- resource = "Director DB"
- name: Systemctl daemon-reload
shell: systemctl daemon-reload
- name: Enable director
shell: icingacli module enable director
- name: Enable and start director
ansible.builtin.systemd:
name: icinga-director.service
enabled: yes
- name: Enable and start php-fpm
ansible.builtin.systemd:
name: php-fpm.service
state: started
enabled: yes
- name: Create incubator Install Script
ansible.builtin.lineinfile:
path: /tmp/incubator_install.sh
line: '{{ item }}'
create: yes
mode: '0755'
with_items:
- MODULE_NAME=incubator
- MODULE_VERSION=v0.19.0
- MODULES_PATH="/usr/share/icingaweb2/modules"
- MODULE_PATH="${MODULES_PATH}/${MODULE_NAME}"
- RELEASES="https://github.com/Icinga/icingaweb2-module-${MODULE_NAME}/archive"
- mkdir "$MODULE_PATH" && wget -q $RELEASES/${MODULE_VERSION}.tar.gz -O - | tar xfz - -C "$MODULE_PATH" --strip-components 1
- icingacli module enable "${MODULE_NAME}"
- name: Start Incubator Install
shell: /tmp/incubator_install.sh
- name: Setting owner resource.ini
shell: chown apache.icingaweb2 /etc/icingaweb2/resources.ini
- name: Setting rights for module directory
shell: chmod 770 /etc/icingaweb2/enabledModules/