Add IcingaDB configuration

adfinis · Jul 30, 2024 · 811b2d9 · 811b2d9
1 parent 2aa1a1e
commit 811b2d9
Show file tree

Hide file tree

Showing 7 changed files with 2,518 additions and 4 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -153,14 +153,31 @@ icinga2_master_graphite_host: 127.0.0.1
 # The port graphite is listening on
 icinga2_master_graphite_port: 2003
 
-## Icinga2 ido database settings
+## Icinga2db settings (DO NOT USE ICINGADB AND IDO AT THE SAME TIME)
 
-# Enable ido feature
+# Enable icingadb feature
+icinga2_master_icingadb_enabled: False
+
+# Icingadb database user
+icinga2_master_icingadb_user: icingadb
+
+# Database user's password
+icinga2_master_icingadb_password: 'passw0rd'
+
+# Database name for icingadb
+icinga2_master_icingadb_database: icingadb
+
+# Enable ido feature (deprecated)
 icinga2_master_ido_enabled: false
 
+# redis default password, please change
+icinga2_master_redis_password: "sheag6oghoo0ohXa1Ito"
+
+# Icinga2 database settings
+
 # icinga2 database name
 icinga2_master_icinga2_database_name: icinga2
-#
+
 # icinga2 database host
 icinga2_master_icinga2_database_host: 127.0.0.1
 

diff --git a/tasks/configuration.yml b/tasks/configuration.yml
@@ -1,4 +1,62 @@
 ---
+- name: configure icingadb feature
+  template:
+    src: etc/icinga2/features-available/icingadb.conf.j2
+    dest: /etc/icinga2/features-available/icingadb.conf
+    owner: "{{ icinga2_master_owner }}"
+    group: "{{ icinga2_master_group }}"
+    mode: 0640
+    seuser: system_u
+    serole: object_r
+    setype: icinga2_etc_t
+    selevel: s0
+  when: icinga2_master_icingadb_enabled|bool
+
+- name: configure icingadb
+  template:
+    src: etc/icingadb/config.yml.j2
+    dest: /etc/icingadb/config.yml
+    owner: "icingadb"
+    group: "{{ icinga2_master_group }}"
+    mode: 0640
+    seuser: system_u
+    serole: object_r
+    setype: icinga2_etc_t
+    selevel: s0
+  when: icinga2_master_icingadb_enabled|bool
+
+- name: configure icingadb-redis
+  template:
+    src: etc/icingadb-redis/icingadb-redis.conf.j2
+    dest: /etc/icingadb-redis/icingadb-redis.conf
+    owner: "icingadb-redis"
+    group: "{{ icinga2_master_group }}"
+    mode: 0640
+    seuser: system_u
+    serole: object_r
+    setype: icinga2_etc_t
+    selevel: s0
+  when: icinga2_master_icingadb_enabled|bool
+
+- name: ensure that icingadb-redis is started and enabled on boot
+  service:
+    name: icingadb-redis
+    state: started
+    enabled: true
+
+- name: ensure that icingadb is started and enabled on boot
+  service:
+    name: icingadb
+    state: started
+    enabled: true
+
+- name: enable icingadb feature
+  file:
+    src: /etc/icinga2/features-available/icingadb.conf
+    dest: /etc/icinga2/features-enabled/icingadb.conf
+    state: link
+  when: icinga2_master_icingadb_enabled|bool
+
 - name: Configure icinga2 ido feature
   ansible.builtin.template:
     src: etc/icinga2/features-available/ido-mysql.conf.j2

diff --git a/tasks/installation.yml b/tasks/installation.yml
@@ -1,5 +1,15 @@
 ---
-- name: Install packages
+- name: install packages for icingadb
+  package:
+    name: '{{ icinga2_master_icingadb_packages }}'
+    state: present
+  when: icinga2_master_icingadb_enabled|bool
+  register: icinga2_master_register_packages_installed
+  until: icinga2_master_register_packages_installed is success
+  retries: 10
+  delay: 2
+
+- name: install packages for ido
   ansible.builtin.package:
     name: "{{ icinga2_master_ido_packages }}"
     state: present
@@ -9,6 +19,54 @@
   retries: 10
   delay: 2
 
+- name: check if icingadb table and user in mysql exist
+  ansible.builtin.shell: >
+    set -o pipefail;
+    mysql
+    --user={{ icinga2_master_db_root_user }}
+    --password={{ icinga2_master_db_root_pass }}
+    --host={{ icinga2_master_icinga2_database_host }}
+    --ssl-ca={{ icinga2_master_ca_path }}
+    {{ icinga2_master_icinga2_database_name }}
+    -e "SHOW TABLES;" | grep "icinga_hosts"
+  args:
+    executable: /bin/bash
+  register: icinga2_master_register_icinga2_imported
+  changed_when: icinga2_master_register_icinga2_imported.rc == 1
+  failed_when: "'Access denied for' in icinga2_master_register_icinga2_imported.stderr"
+  when: icinga2_master_icingadb_enabled|bool
+  check_mode: false
+
+ name: import icingadb database schema using the root user
+  mysql_db:
+    name: '{{ icinga2_master_icinga2_database_name }}'
+    login_host: '{{ icinga2_master_icinga2_database_host }}'
+    login_port: '{{ icinga2_master_icinga2_database_port }}'
+    login_user: '{{ icinga2_master_db_root_user }}'
+    login_password: '{{ icinga2_master_db_root_pass }}'
+    ssl_ca: '{{ icinga2_master_ca_path }}'
+    state: import
+    target: /usr/share/icingadb/schema/mysql/schema.sql
+  run_once: true
+  when: icinga2_master_icingadb_enabled|bool and
+        icinga2_master_register_icinga2_imported.rc == 1
+
+- name: create a user with access only to the icingadb database using the root user
+  mysql_user:
+    name: '{{ icinga2_master_icingadb_user }}'
+    password: '{{ icinga2_master_icingadb_password }}'
+    priv: '{{ icinga2_master_icingadb_database_name }}.*:ALL'
+    host: '%'
+    login_host: '{{ icinga2_master_icinga2_database_host }}'
+    login_port: '{{ icinga2_master_icinga2_database_port }}'
+    login_user: '{{ icinga2_master_db_root_user }}'
+    login_password: '{{ icinga2_master_db_root_pass }}'
+    ssl_ca: '{{ icinga2_master_ca_path }}'
+    state: present
+  run_once: true
+  when: icinga2_master_icingadb_enabled|bool and
+        icinga2_master_register_icinga2_imported.rc == 1
+
 - name: Check if icinga2 ido table and user in mysql exist
   ansible.builtin.shell: >
     set -o pipefail;