On 27-10-15 11:40, [email protected] wrote:
Hi all,
there is `node wizard` to configure a new icinga2 master or client with
interaction. It generates the pki-infrastructure and the neccessary
zones.conf/constants.conf-files.
For our salt-environment, I need a way to do this without interaction.
I solved it like this with Ansible. The steps are based on what I found
in the source on
https://raw.githubusercontent.com/Icinga/icinga2/master/lib/cli/nodewizardcommand.cpp
Works on Debian Wheezy with the debmon.org packages. I have a small
vagrant project that installs an Icinga2 master an "monitored" box
configured with Ansible. I can review it and push it to Github if anyone
is interested. The Ansible code in
https://github.com/Icinga/icinga2-ansible is just the basic installation...
Luc
# Icinga2 ca & csr generation runs as the icinga user and can't write in
/etc/icinga2/pki
# so we need lot's of extra steps to move everything in place here... :(
- name: generate ca
shell: icinga2 pki new-ca creates=/var/lib/icinga2/ca/ca.key
notify: restart icinga
- name: configure master node | create csr dir
file: path=/var/lib/icinga2/csr state=directory owner=nagios
group=nagios mode=0700
- name: configure master node | generate csr
shell: icinga2 pki new-cert --cn {{ ansible_fqdn }} --key
/var/lib/icinga2/csr/{{ ansible_fqdn }}.key --csr
/var/lib/icinga2/csr/{{ ansible_fqdn }}.csr
creates=/var/lib/icinga2/csr/{{ ansible_fqdn }}.csr
- name: configure master node | sign csr
shell: icinga2 pki sign-csr --csr /var/lib/icinga2/csr/{{
ansible_fqdn }}.csr --cert /var/lib/icinga2/csr/{{ ansibl
e_fqdn }}.crt creates=/var/lib/icinga2/csr/{{ ansible_fqdn }}.crt
- name: configure master node | copy ca to /etc/icinga2/pki
shell: rsync -a /var/lib/icinga2/ca/ca.crt /etc/icinga2/pki/ca.crt
creates=/etc/icinga2/pki/ca.crt
notify: restart icinga
- name: configure master node | copy key to /etc/icinga2/pki
shell: rsync -a /var/lib/icinga2/csr/{{ ansible_fqdn }}.key
/etc/icinga2/pki/{{ ansible_fqdn }}.key creates=/etc/ic
inga2/pki/{{ ansible_fqdn }}.key
notify: restart icinga
- name: configure master node | copy csr to /etc/icinga2/pki
shell: rsync -a /var/lib/icinga2/csr/{{ ansible_fqdn }}.csr
/etc/icinga2/pki/{{ ansible_fqdn }}.csr creates=/etc/ic
inga2/pki/{{ ansible_fqdn }}.csr
notify: restart icinga
- name: configure master node | copy crt to /etc/icinga2/pki
shell: rsync -a /var/lib/icinga2/csr/{{ ansible_fqdn }}.crt
/etc/icinga2/pki/{{ ansible_fqdn }}.crt creates=/etc/ic
inga2/pki/{{ ansible_fqdn }}.crt
notify: restart icinga
- name: configure master node | enable api
shell: icinga2 feature enable api
creates=/etc/icinga2/features-enabled/api.conf
notify: restart icinga
- name: configure master node | configure zones.conf
template: src=zones.conf.j2 dest=/etc/icinga2/zones.conf owner=root
group=root mode=0644
notify: restart icinga
- name: configure master node | configure constants.conf
template: src=constants.conf.j2 dest=/etc/icinga2/constants.conf
owner=root group=root mode=0644
notify: restart icinga
_______________________________________________
icinga-users mailing list
[email protected]
https://lists.icinga.org/mailman/listinfo/icinga-users
