chrnie / ansible-role-icinga2 Goto Github PK
View Code? Open in Web Editor NEWinstall icinga2 on rhel or debian
License: Apache License 2.0
ansible-role-icinga2's People
Contributors
Stargazers
Watchers
ansible-role-icinga2's Issues
Install icinga2 Agent on Linux Systems with CA Proxy
Since not every system in a network can get a ticket via API from the Master/Director system (firewall, zones, vlan etc), the implementation of the "CA Proxy Certificate Signing Request" method would be necessary.
Task expects missing directory
The playbook:
---
- hosts: monitoring.hostname.tld
roles:
- geerlingguy.mysql
- chrnie.icinga2
vars:
- icinga2_role: master
The failing task:
TASK [chrnie.icinga2 : create cert] **********************************************************************************************************************************************
fatal: [monitoring.hostname.tld]: FAILED! => {
"changed": true,
"cmd": "/usr/sbin/icinga2 pki new-cert --cn monitoring --key '/var/lib/icinga2/certs/monitoring.key' --cert '/var/lib/icinga2/certs/monitoring.crt'",
"delta": "0:00:02.024617",
"end": "2018-05-09 13:53:21.146083",
"rc": 1,
"start": "2018-05-09 13:53:19.121466"
}STDOUT:
[2018-05-09 13:53:19 +0000] warning/icinga-app: Sysconfig file '/etc/sysconfig/icinga2' cannot be read. Using default values.
information/base: Writing private key to '/var/lib/icinga2/certs/monitoring.key'.
critical/SSL: Error while opening private RSA key file '/var/lib/icinga2/certs/monitoring.key': 33558530, "error:02001002:system library:fopen:No such file or directory"MSG:
non-zero return code
Error creates and include_tasks
Hi @chrnie
there is an error in the include of the pki.yml:
- name: Manage Certificates
include_tasks: "pki.yml"
creates: "/var/lib/icinga2/certs/{{ icinga2_nodename }}.crt"
when: inventory_hostname != icinga2_ca_host
tags:
- install
- update
FAILED! => {"reason": "'creates' is not a valid attribute for a TaskInclude\n\nThe error appears to have been in '/data/icinga2-vagrant-ansible/roles/chrnie.icinga2/tasks/config-master.yml': line 38, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Manage Certificates\n ^ here\n\nThis error can be suppressed as a warning using the \"invalid_task_attribute_failed\" configuration"}
can you fix this please? it seems that creates is not supported anymore in this case.
Error: Cannot make SSL context for cert path
When running this task:
- name: Test config before restart icinga 2
shell: "{{ icinga2_binary }} daemon -C"
register: configTest
changed_when: configTest.rc == 0
notify: Restart Icinga 2
This is the error when running with -vvv:
RUNNING HANDLER [chrnie.icinga2 : Test config before restart icinga 2] ****
task path: /Users/cjefferies/Documents/code/gitlab/ansible/base/roles/chrnie.icinga2/handlers/main.yml:3
9-03-20 18:40:43 +0000] critical/config: 1 error",
"stdout_lines": [
"[2019-03-20 18:40:43 +0000] information/cli: Icinga application loader (version: r2.10.4-1)",
"[2019-03-20 18:40:43 +0000] information/cli: Loading configuration file(s).",
"[2019-03-20 18:40:43 +0000] information/ConfigItem: Committing config item(s).",
"[2019-03-20 18:40:43 +0000] information/ApiListener: My API identity: mon.my.int",
"[2019-03-20 18:40:43 +0000] critical/SSL: Error loading and verifying locations in ca key file '/var/lib/icinga2/certs//ca.crt': 33558530, \"error:02001002:system library:fopen:No such file or directory\"",
"[2019-03-20 18:40:43 +0000] critical/config: Error: Cannot make SSL context for cert path: '/var/lib/icinga2/certs//mon.my.int.crt' key path: '/var/lib/icinga2/certs//mon.my.int.key' ca path: '/var/lib/icinga2/certs//ca.crt'.",
"Location: in /etc/icinga2/features-enabled/api.conf: 4:1-4:24",
"/etc/icinga2/features-enabled/api.conf(2): * The API listener is used for distributed monitoring setups.",
"/etc/icinga2/features-enabled/api.conf(3): */",
"/etc/icinga2/features-enabled/api.conf(4): object ApiListener \"api\" {",
" ^^^^^^^^^^^^^^^^^^^^^^^^",
"/etc/icinga2/features-enabled/api.conf(5): ",
"/etc/icinga2/features-enabled/api.conf(6): accept_config = false",
"",
"[2019-03-20 18:40:43 +0000] critical/config: 1 error"
]
}
I defined the ca host variable like this: icinga2_ca_host: "mon.my.int" - This is the master monitoring server that I assume works as the ca for the monitored system.
It looks like it did not create the folder/file: /var/lib/icinga2/certs/ca.crt
The other cert files were created:
/var/lib/icinga2/certs/mon.my.int.key/var/lib/icinga2/certs/mon.my.int.crt
Any tips would be appreciated.
Thank you,
Chris.
The src option requires state to be 'link' or 'hard'. This will become an error in Ansible 2.10
TASK [chrnie.icinga2 : Enable icinga2 feature ido-pgsql - False] ****************************************************************************************************************************************************************************
Wednesday 15 August 2018 13:40:56 +0200 (0:00:00.350) 0:04:49.539 ******
[WARNING]: The src option requires state to be 'link' or 'hard'. This will become an error in Ansible 2.10
IDO Setup: Import icinga2 schema
The Task "Import icinga2 schema" and maybe other mysql related tasks cannot be executed when the mysql users are setup with "REQUIRE SSL"
icinga2_role and creation of master zones
I'm trying to understand how to deploy into a system that has about 25 servers. One will be the master (icinga2_role = master), the rest will be clients (icinga2_role = agent).
When I run master, I set the host of the playbook to be the monitoring server. It is the only one I am referencing from the inventory list. There is only one and Icinga as master is installed.
Now I want to run with icinga2_role = agent.
In my playbook I set to hosts: all, but I don't think I should include the master server in the inventory.
What is best practice scenario for running playbook for a a master server and then for the rest of the agent servers.
Thanks for any tips,
Chris.
[WARNING] - feature_ido-mysql.yml - found a duplicate dict key
FYI...
[WARNING]: While constructing a mapping from ... roles/chrnie.icinga2/tasks/feature_ido-mysql.yml, line 51, column 5, found a duplicate dict key (). Using last defined value only.
name: "{{ icinga2_ido_dbname }}"
login_host: "{{ icinga2_ido_host }}"
login_port: "{{ icinga2_ido_port }}"
login_user: "{{ icinga2_ido_user }}"
login_password: "{{ icinga2_ido_password|default(omit) }}"
target: /usr/share/icinga2-ido-mysql/schema/mysql.sql
Task "node setup" for agents expects not existing parameters
Non existent parameters parent_host and parent_zone used in Task:
- name: node setup
shell: |
{{ icinga2_binary }} node setup \
--ticket {{ icinga2_client_ticket['stdout'] }} \
--zone {{ inventory_hostname }} \
--parent_host {{ icinga2_cert_request_host }} \
--parent_zone {{ icinga2_ZoneName }} \
--trustedcert /var/lib/icinga2/certs/trustedcert.crt \
--cn {{ icinga2_nodename }} \
--accept-commands \
--accept-config
args:
creates: /etc/icinga2/zones.conf.orig
notify: Test config before restart icinga 2
when: icinga2_role == "agent"
ignore_errors: '{{ ansible_check_mode }}'
icinga2 node setup --help
icinga2 - The Icinga 2 network monitoring daemon (version: r2.8.4-1)
Usage:
icinga2 node setup [<arguments>]
Sets up an Icinga 2 node.
Global options:
-h [ --help ] show this help message
-V [ --version ] show version information
--color use VT100 color codes even when stdout is not a
terminal
-D [ --define ] arg define a constant
-a [ --app ] arg application library name (default: icinga)
-l [ --library ] arg load a library
-I [ --include ] arg add include search directory
-x [ --log-level ] arg specify the log level for the console log.
The valid value is either debug, notice,
information (default), warning, or critical
-X [ --script-debugger ] whether to enable the script debugger
Command options:
--zone arg The name of the local zone
--master_host arg The name of the master host for auto-signing the csr;
syntax: host[,port]
--endpoint arg Connect to remote endpoint; syntax: cn[,host,port]
--listen arg Listen on host,port
--ticket arg Generated ticket number for this request (optional)
--trustedcert arg Trusted master certificate file
--cn arg The certificate's common name
--accept-config Accept config from master
--accept-commands Accept commands from master
--master Use setup for a master instance
Report bugs at <https://github.com/Icinga/icinga2>
Get support: <https://www.icinga.com/support/>
Icinga home page: <https://www.icinga.com/>
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.