Ansible role: Icinga2

Install and configure Icinga2

Requirements

• Ansible >= 2.9
• Debian
  • Bookworm

Role variables

• icinga2_db_type - set the database type mysql or postgresql (default: mysql)
• icinga2_ido_host - set the database host (default: 127.0.0.1)
• icinga2_ido_database - set the database name (default: icinga2)
• icinga2_ido_user - set the database user (default: icinga2)
• icinga2_ido_password - set the database password
• icinga2_master - set if the server is a master node (default: false)
• icinga2_endpoints - hash with the endpoint name and address

  local.loc: 127.0.0.1
  satellite.loc: 10.121.30.20

• icinga2_zones - hash with zone configuration

  master:
    endpoints:
      - loca.loc
  satellite:
    parent: master
    endpoints:
      - satellite.loc

• icinga2_templates - hash with template configuration

  generic-host:
    type: host
    vars:
      os: Linux
    options:
      check_command: hostalive
      check_interval: 1m
      retry_interval: 30s
      max_check_attempts: 3
  generic-service:
    type: service
    options:
      max_check_attempts: 5
      check_interval: 1m
      retry_interval: 30s

• icinga2_service_groups - hash with service group configuration

  smnp:
    display_name: SMNP
    match: 'snmp-*'

• icinga2_services - hash with service configuration

  ping:
    check_command: ping
    assign: host.address
  ssh:
    check_command: ssh
    assign: (host.address || host.address6) && host.vars.os == "Linux"
    vars:
      timeout: 5

• icinga2_host_groups - hash with host group configuration

  tomcat:
    assign: host.vars.tomcat_port
  influxdb:
    display_name: InfluxDB
    assign: match("influx-*", host.name)

• icinga2_hosts - hash with host configuration

  localhost:
    template: generic-host
    address: 127.0.0.1
    vars:
      dist: Debian

• icinga2_user_groups - hash with user group configuration

  admin:
    display_name: Administrateur

• icinga2_users - hash with the user configuration

  johndoe:
    display_name: John Doe
    email: john@doe.loc
    groups:
      - admin

• icinga2_api_users - hash with the user configuration for the API access

  icingaweb2:
    password: secret
    permissions:
      - '*'

• icinga2_timeperiods - hash with timeperiods configuration

  24x7:
    ranges:
      monday: 00:00-24:00
      tuesday: 00:00-24:00
      wednesday: 00:00-24:00
      thursday: 00:00-24:00
      friday: 00:00-24:00
      saturday: 00:00-24:00
      sunday: 00:00-24:00
    excludes:
      monday: 00:05-00:10
  default_exclude:
    prefer_includes: false
    ranges:
      monday: 00:00-01:00
    includes:
      monday: 00:05-00:10

• icinga2_dependencies - hash with dependencies configuration (view all options)

  postgresql-port:
    parent_host_name: host.name
    parent_service_name: postgresql-service
    child_service_name: postgresql-port
    disable_notifications: true
    states:
      - DOWN
    assign: '"postgresql" in host.groups'

• icinga2_notifications - hash with notifications configuration

  mail-icingaadmin-host:
    type: Host
    import: mail-host-notification
    assign: host.vars.notification.mail
    user_groups: host.vars.notification.mail.groups
    users: host.vars.notification.mail.users
  mail-icingaadmin-service:
    type: Service
    import: mail-service-notification
    assign: host.vars.notification.mail
    user_groups: host.vars.notification.mail.groups
    users: host.vars.notification.mail.users
    options:
      period: $service.vars.period$

• icinga2_notification_commands - hash with notification command configuration

  mail-service-notification:
    script: mail-service-notification.sh
    env:
      NOTIFICATIONTYPE: $notification.type$
      SERVICENAME: $service.name$
      HOSTNAME: $host.name$
      HOSTDISPLAYNAME: $host.display_name$
      HOSTADDRESS: $address$
      SERVICESTATE: $service.state$
      LONGDATETIME: $icinga.long_date_time$
      SERVICEOUTPUT: $service.output$
      NOTIFICATIONAUTHORNAME: $notification.author$
      NOTIFICATIONCOMMENT: $notification.comment$
      SERVICEDISPLAYNAME: $service.display_name$
      USEREMAIL: $user.email$
      MAILFROM: $notification_from$

• icinga2_check_commands - hash with check command configuration

  ping-ha:
    command: '"/bin/ping"'
    arguments:
      packet:
        value: 10
        required: true
    vars:
      timeout: 10

• icinga2_event_commands - hash with event command configuration (see check command config)
• icinga2_features - hash with the features to enable and thier configuration

  api:
    object: ApiListener
    config:
      accept_config: false
      accept_commands: true

• icinga2_scripts - hash with the scripts to use by icinga

  log-file: |
    #!/bin/bash
    echo "$(date) $HOSTDISPLAYNAME" >> /tmp/notification.log

How to use

- hosts: server
  roles:
    - icinga2

Development

Test with molecule and docker

• install docker
• install python3 and python3-pip
• install molecule and dependencies pip3 install molecule molecule-docker docker ansible-lint testinfra yamllint
• run molecule test

License

Copyright (c) 2019 Adrien Waksberg

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.