PeterEdmond/Icingaweb2
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working ANSIBLE solution for monitor.telos.digital

Browse Source
This commit is contained in:
Peter Edmond 2025-06-19 22:24:35 +01:00
commit 775b3f1aac
53 changed files with 1088 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ANSIBLE/README.md Normal file
View File

@ -0,0 +1,15 @@
README.md
=========
This is an index of all of the ansible scripts used for building Telos Digital systems, as created by Peter Edmond
If running under sudo, then:
eval `ssh-agent`
ssh-add
in order to avoid retyping in the password all the time!
icinga.yml
----------------
Playbook configures the Telos Digital ICINGA2 monitoring system

3
ANSIBLE/ansible.cfg Normal file
View File

@ -0,0 +1,3 @@
[defaults]
inventory = ./hosts
remote_user = ubuntu

12
ANSIBLE/group_vars/db/vault.yml Normal file
View File

@ -0,0 +1,12 @@
$ANSIBLE_VAULT;1.1;AES256
36613939323066666438386364306162333535383734646265346662316330663830636337353730
6464306339366432353562633535646238383763623734660a326336623865396233353438353936
32396434376532633236343539616338323639663837653132666435623138666335663561613262
3936623531626331360a313538663964343830373761353865663861613833623466656164303038
66323533373766656563636261643132323165666239336563363736323462623263623932623033
36646136623561386533613666373733336138653561633165366564326334326666613061613363
36326134396135323736373633396563613661303066646435326234306363616639333364353231
65366432373165646161663635376462643364656338316539656561616165373038643038383436
61373462303537363837633764343466656431323761396332326336383438613461623036333531
63656234393931633333383935663464396535626164373733316164366537613835643839333333
386135626233626433656161346439636564

15
ANSIBLE/host_vars/monitor.telos.digital.yml Normal file
View File

@ -0,0 +1,15 @@
site_name: monitor.telos.digital
site_root: /var/www/html
admin_email: peter.edmond@telos.digital
php_version: 8.3
#These are not used but can be used to customise the php-fpm environment if required.
php_upload_max_filesize: 20M
php_post_max_size: 25M
php_memory_limit: 128M
php_max_execution_time: 60

6
ANSIBLE/hosts Normal file
View File

@ -0,0 +1,6 @@
[web]
monitor.telos.digital
[monitor]
monitor.telos.digital

75
ANSIBLE/httpd.yml Normal file
View File

@ -0,0 +1,75 @@
- name: Configure Apache with Let's Encrypt
hosts: monitor
become: yes
gather_facts: yes
tasks:
- name: Install Apache2
apt:
name: apache2
state: present
update_cache: yes
- name: Install Certbot and Apache plugin
apt:
name:
- certbot
- python3-certbot-apache
state: present
- name: Ensure site root exists
file:
path: "{{ site_root }}"
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Create index.html
template:
src: templates/index.html.j2
dest: "{{ site_root }}/index.html"
owner: www-data
group: www-data
mode: '0644'
- name: Create Apache virtual host config
template:
src: templates/vhost.conf.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
notify: Reload Apache
- name: Enable site
command: a2ensite {{ site_name }}
notify: Reload Apache
- name: Enable SSL module
command: a2enmod ssl
notify: Reload Apache
- name: Ensure Apache is running and enabled
service:
name: apache2
state: started
enabled: yes
- name: Obtain Let's Encrypt certificate using certbot
command: >
certbot --apache -n --agree-tos --redirect
-d {{ site_name }}
--email {{ admin_email }}
args:
creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
handlers:
- name: Reload Apache
service:
name: apache2
state: reloaded
- name: Restart Apache
service:
name: apache2
state: restarted

20
ANSIBLE/icinga.yml Normal file
View File

@ -0,0 +1,20 @@
---
#- import_playbook: httpd.yml
- name: Install php and icinga2 web
hosts: monitor
become: yes
gather_facts: yes
vars_files:
- group_vars/db/vault.yml # This is encrypted
roles:
#- httpd_with_php
#- mariadb
- icinga2
- icingaweb2
tasks:
- debug:
msg: "Finished configuring DNS"

4
ANSIBLE/make_new_role.sh Normal file
View File

@ -0,0 +1,4 @@
#Create a new role using the command - This gives framework!
cp -aRp roles/skel roles/gittea

11
ANSIBLE/roles/httpd/handlers/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Reload Apache
service:
name: apache2
state: reloaded
- name: Restart Apache
service:
name: apache2
state: restarted

59
ANSIBLE/roles/httpd/tasks/main.yml Normal file
View File

@ -0,0 +1,59 @@
---
- name: Install Apache2
apt:
name: apache2
state: present
update_cache: yes
- name: Install Certbot and Apache plugin
apt:
name:
- certbot
- python3-certbot-apache
state: present
- name: Ensure site root exists
file:
path: "{{ site_root }}"
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Create index.html
template:
src: index.html.j2
dest: "{{ site_root }}/index.html"
owner: www-data
group: www-data
mode: '0644'
- name: Create Apache virtual host config
template:
src: vhost.conf.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
notify: Reload Apache
- name: Enable site
command: a2ensite {{ site_name }}
notify: Reload Apache
- name: Enable SSL module
command: a2enmod ssl
notify: Reload Apache
- name: Ensure Apache is running and enabled
service:
name: apache2
state: started
enabled: yes
- name: Obtain Let's Encrypt certificate using certbot
command: >
certbot --apache -n --agree-tos --redirect
-d {{ site_name }}
--email your-email@example.com
args:
creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem

12
ANSIBLE/roles/httpd/templates/index.html.j2 Normal file
View File

@ -0,0 +1,12 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Welcome to {{ site_name }}</title>
</head>
<body>
<h1>Welcome to {{ site_name }}</h1>
<p>This site is served from: {{ site_root }}</p>
</body>
</html>

14
ANSIBLE/roles/httpd/templates/vhost.conf.j2 Normal file
View File

@ -0,0 +1,14 @@
<VirtualHost *:80>
ServerName {{ site_name }}
DocumentRoot {{ site_root }}
<Directory {{ site_root }}>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
</VirtualHost>

16
ANSIBLE/roles/httpd_with_php/handlers/main.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Reload Apache
service:
name: apache2
state: reloaded
- name: Restart Apache
service:
name: apache2
state: restarted
- name: Restart PHP-FPM
service:
name: php{{ php_version }}-fpm
state: restarted

59
ANSIBLE/roles/httpd_with_php/tasks/main.yml Normal file
View File

@ -0,0 +1,59 @@
---
- name: Install Apache2
apt:
name: apache2
state: present
update_cache: yes
- name: Install Certbot and Apache plugin
apt:
name:
- certbot
- python3-certbot-apache
state: present
- name: Ensure site root exists
file:
path: "{{ site_root }}"
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Create index.html
template:
src: index.html.j2
dest: "{{ site_root }}/index.html"
owner: www-data
group: www-data
mode: '0644'
- name: Create Apache virtual host config
template:
src: vhost.conf.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
notify: Reload Apache
- name: Enable site
command: a2ensite {{ site_name }}
notify: Reload Apache
- name: Enable SSL module
command: a2enmod ssl
notify: Reload Apache
- name: Ensure Apache is running and enabled
service:
name: apache2
state: started
enabled: yes
- name: Obtain Let's Encrypt certificate using certbot
command: >
certbot --apache -n --agree-tos --redirect
-d {{ site_name }}
--email your-email@example.com
args:
creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
- import_tasks: php.yml

42
ANSIBLE/roles/httpd_with_php/tasks/php.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Install PHP, PHP-FPM, and common extensions
apt:
name:
- php
- php-fpm
- php-cli
- php-mysql
- php-curl
- php-gd
- php-mbstring
- php-xml
- php-zip
state: present
update_cache: yes
- name: Enable Apache modules for PHP-FPM
command: a2enmod {{ item }}
loop:
- proxy_fcgi
- setenvif
- php{{ php_version }} # or php8.1 depending on your distro
notify: Reload Apache
ignore_errors: yes # in case some modules aren't available
- name: Ensure PHP-FPM service is running
service:
name: php{{ php_version }}-fpm
state: started
enabled: yes
when: php_version is defined
- name: Deploy custom PHP-FPM pool config
template:
src: www.conf.j2
dest: /etc/php/{{ php_version }}/fpm/pool.d/www.conf
owner: root
group: root
mode: '0644'
notify: Restart PHP-FPM

12
ANSIBLE/roles/httpd_with_php/templates/index.html.j2 Normal file
View File

@ -0,0 +1,12 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Welcome to {{ site_name }}</title>
</head>
<body>
<h1>Welcome to {{ site_name }}</h1>
<p>This site is served from: {{ site_root }}</p>
</body>
</html>

14
ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2 Normal file
View File

@ -0,0 +1,14 @@
<VirtualHost *:80>
ServerName {{ site_name }}
DocumentRoot {{ site_root }}
<Directory {{ site_root }}>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
</VirtualHost>

31
ANSIBLE/roles/httpd_with_php/templates/www.conf.j2 Normal file
View File

@ -0,0 +1,31 @@
[www]
user = www-data
group = www-data
listen = /run/php/php{{ php_version }}-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = dynamic
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
; Logging
catch_workers_output = yes
; Uncomment for more detailed error logging
; php_admin_value[error_log] = /var/log/php{{ php_version }}-fpm.log
; php_admin_flag[log_errors] = on
; Additional PHP configuration values
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 25M
php_admin_value[memory_limit] = 128M
php_admin_value[max_execution_time] = 60

38
ANSIBLE/roles/icinga2/README.md Normal file
View File

@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

6
ANSIBLE/roles/icinga2/defaults/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
# defaults file for roles/icinga2
icinga2_install_web: true
icinga2_repo_url: "https://packages.icinga.com/ubuntu"
icinga2_release: "noble" # or other version, etc.

5
ANSIBLE/roles/icinga2/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: Restart Icinga2
service:
name: icinga2
state: restarted

52
ANSIBLE/roles/icinga2/meta/main.yml Normal file
View File

@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

35
ANSIBLE/roles/icinga2/tasks/icinga2-ido.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Create IDO database
community.mysql.mysql_db:
name: "{{ icinga_db_name }}"
state: present
login_user: root
login_password: "{{ mariadb_root_password }}"
- name: Create IDO DB user
community.mysql.mysql_user:
name: "{{ icinga_db_user }}"
password: "{{ icinga_db_password }}"
priv: "{{ icinga_db_name }}.*:ALL"
host: localhost
state: present
login_user: root
login_password: "{{ mariadb_root_password }}"
column_case_sensitive: true
- name: Check if IDO schema has already been imported
stat:
path: /var/lib/icinga2/ido_schema_imported.flag
register: ido_schema_marker
- name: Import IDO schema
shell: |
mysql -u root -p'{{ mariadb_root_password }}' {{ icinga_db_name }} < /usr/share/icinga2-ido-mysql/schema/mysql.sql
when: not ido_schema_marker.stat.exists
- name: Mark IDO schema as imported
file:
path: /var/lib/icinga2/ido_schema_imported.flag
state: touch
when: not ido_schema_marker.stat.exists

87
ANSIBLE/roles/icinga2/tasks/main.yml Normal file
View File

@ -0,0 +1,87 @@
---
- name: Ensure keyrings directory exists
file:
path: /etc/apt/keyrings
state: directory
mode: '0755'
- name: Download Icinga GPG key to keyrings
get_url:
url: https://packages.icinga.com/icinga.key
dest: /etc/apt/keyrings/icinga.asc
mode: '0644'
- name: Add Icinga APT repository (Ubuntu 24.04 "noble")
apt_repository:
repo: "deb [signed-by=/etc/apt/keyrings/icinga.asc] https://packages.icinga.com/ubuntu icinga-noble main"
state: present
filename: icinga
- name: Add Icinga 2 GPG key
apt_key:
url: https://packages.icinga.com/icinga.key
state: present
- name: Install Icinga 2
apt:
name: icinga2
state: present
update_cache: yes
# Include IDO DB setup tasks
- name: Setup Icinga2 IDO DB
include_tasks: icinga2-ido.yml
- name: Start and enable icinga2 service
service:
name: icinga2
state: started
enabled: yes
- name: Install Icinga Web 2 and Apache (optional)
when: icinga2_install_web
apt:
name:
- icingaweb2
- icingacli
- apache2
- php
- php-cli
- php-mysql
- php-xml
- php-gd
- php-imagick
- php-curl
state: present
- name: Enable Apache for Icinga Web
when: icinga2_install_web
service:
name: apache2
state: started
enabled: yes
- name: Configure Icinga Web 2 database (optional)
when: icinga2_install_web
debug:
msg: "You can add DB config, MySQL setup, etc. here."
- name: Install Icinga2 IDO MySQL module
apt:
name: icinga2-ido-mysql
state: present
- name: Enable the IDO MySQL feature
command: icinga2 feature enable ido-mysql
notify: Restart Icinga2
- name: Configure IDO DB connection
template:
src: ido-mysql.conf.j2
dest: /etc/icinga2/features-enabled/ido-mysql.conf
owner: root
group: root
mode: '0644'
notify: Restart Icinga2

9
ANSIBLE/roles/icinga2/templates/ido-mysql.conf.j2 Normal file
View File

@ -0,0 +1,9 @@
library "db_ido_mysql"
object IdoMysqlConnection "ido-mysql" {
user = "icinga"
password = "{{ icinga_db_password }}"
host = "localhost"
database = "icinga"
}

2
ANSIBLE/roles/icinga2/tests/inventory Normal file
View File

@ -0,0 +1,2 @@
localhost

5
ANSIBLE/roles/icinga2/tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- roles/icinga2

2
ANSIBLE/roles/icinga2/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for roles/icinga2

38
ANSIBLE/roles/icingaweb2/README.md Normal file
View File

@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

6
ANSIBLE/roles/icingaweb2/defaults/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
icinga_db_name: icinga
icinga_db_user: icinga
icingaweb2_db_name: icingaweb2
icingaweb2_db_user: icingaweb2

5
ANSIBLE/roles/icingaweb2/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: Restart Apache
service:
name: apache2
state: restarted

52
ANSIBLE/roles/icingaweb2/meta/main.yml Normal file
View File

@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

16
ANSIBLE/roles/icingaweb2/tasks/cleanup.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Stop MariaDB before DB cleanup
ansible.builtin.service:
name: mariadb
state: stopped
- name: Remove icingaweb2 database directory manually (if exists)
ansible.builtin.file:
path: /var/lib/mysql/icingaweb2
state: absent
- name: Start MariaDB after DB cleanup
ansible.builtin.service:
name: mariadb
state: started

12
ANSIBLE/roles/icingaweb2/tasks/config.yml Normal file
View File

@ -0,0 +1,12 @@
- name: Copy Icinga Web 2 resources.ini
template:
src: resources.ini.j2
dest: /etc/icingaweb2/resources.ini
mode: "0644"
- name: Copy Icinga Web 2 authentication.ini
template:
src: authentication.ini.j2
dest: /etc/icingaweb2/authentication.ini
mode: "0644"

5
ANSIBLE/roles/icingaweb2/tasks/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- import_tasks: cleanup.yml
when: icingaweb2_db_reset | default(false)
- import_tasks: setup.yml

43
ANSIBLE/roles/icingaweb2/tasks/setup.yml Normal file
View File

@ -0,0 +1,43 @@
---
- name: Install Icinga Web 2 and dependencies
apt:
name:
- icingaweb2
- icingacli
- monitoring-plugins-contrib
- apache2
- php
- php-mysql
- php-xml
- php-intl
- php-cli
- php-gd
- php-curl
state: present
update_cache: yes
- name: Create Icinga Web 2 DB
community.mysql.mysql_db:
name: "{{ icingaweb2_db_name }}"
state: present
login_user: root
login_password: "{{ mariadb_root_password }}"
- name: Create Icinga Web 2 DB user
community.mysql.mysql_user:
name: "{{ icingaweb2_db_user }}"
password: "{{ icingaweb2_db_password }}"
priv: "{{ icingaweb2_db_name }}.*:ALL"
host: localhost
state: present
login_user: root
login_password: "{{ mariadb_root_password }}"
# Optional: Setup from CLI (optional often done in web UI)
# icingacli setup config directory etc.
- name: Restart apache2
service:
name: apache2
state: restarted

4
ANSIBLE/roles/icingaweb2/templates/authentication.ini.j2 Normal file
View File

@ -0,0 +1,4 @@
[authentication]
backend = "db"
resource = "icinga_ido"

10
ANSIBLE/roles/icingaweb2/templates/resources.ini.j2 Normal file
View File

@ -0,0 +1,10 @@
[icinga_ido]
type = "db"
db = "mysql"
host = "{{ icingaweb2_db_host }}"
port = "3306"
dbname = "{{ icingaweb2_db_name }}"
username = "{{ icingaweb2_db_user }}"
password = "{{ icingaweb2_db_password }}"
charset = "utf8"

2
ANSIBLE/roles/icingaweb2/tests/inventory Normal file
View File

@ -0,0 +1,2 @@
localhost

5
ANSIBLE/roles/icingaweb2/tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- roles/icingaweb2

2
ANSIBLE/roles/icingaweb2/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for roles/icingaweb2

38
ANSIBLE/roles/mariadb/README.md Normal file
View File

@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
ANSIBLE/roles/mariadb/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# defaults file for roles/mariadb

5
ANSIBLE/roles/mariadb/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: Restart MariaDB
service:
name: mariadb
state: restarted

52
ANSIBLE/roles/mariadb/meta/main.yml Normal file
View File

@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

45
ANSIBLE/roles/mariadb/tasks/main.yml Normal file
View File

@ -0,0 +1,45 @@
---
- name: Install MariaDB server and client
apt:
name:
- mariadb-server
- mariadb-client
state: present
update_cache: yes
- name: Ensure PyMySQL is installed
apt:
name: python3-pymysql
state: present
- name: Ensure MariaDB is running and enabled
service:
name: mariadb
state: started
enabled: true
- name: Try to connect to MariaDB with root password
shell: |
mysql -u root -p'{{ mariadb_root_password }}' -e "SELECT 1;"
register: mysql_root_status
failed_when: false
changed_when: false
- name: Set MariaDB root password if not already set
mysql_user:
name: root
host: "{{ item }}"
password: "{{ mariadb_root_password }}"
login_unix_socket: /run/mysqld/mysqld.sock
check_implicit_admin: true
state: present
loop:
- localhost
- 127.0.0.1
- ::1
when: mysql_root_status.rc != 0
- debug:
msg: "MariaDB root password is already set, skipping reset"
when: mysql_root_status.rc == 0

2
ANSIBLE/roles/mariadb/tests/inventory Normal file
View File

@ -0,0 +1,2 @@
localhost

5
ANSIBLE/roles/mariadb/tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- roles/mariadb

2
ANSIBLE/roles/mariadb/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for roles/mariadb

12
ANSIBLE/templates/index.html.j2 Normal file
View File

@ -0,0 +1,12 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Welcome to {{ site_name }}</title>
</head>
<body>
<h1>Welcome to {{ site_name }}</h1>
<p>This site is served from: {{ site_root }}</p>
</body>
</html>

14
ANSIBLE/templates/vhost.conf.j2 Normal file
View File

@ -0,0 +1,14 @@
<VirtualHost *:80>
ServerName {{ site_name }}
DocumentRoot {{ site_root }}
<Directory {{ site_root }}>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
</VirtualHost>

9
README.md Normal file
View File

@ -0,0 +1,9 @@
OVERVIEW
========
This ansible playbook installs an icinga2 monitoring solution onto an Ubuntu 24.04 LTS system.
VARIABLES
=========
I need to do more documentation!

41
ansible.sh Executable file
View File

@ -0,0 +1,41 @@
#/bin/bash
#Sets up an initial ANSIBLE environment
set -e
CONTROLLER="./ANSIBLE"
mkdir -p $CONTROLLER
cd $CONTROLLER
cat <<EOT > ansible.cfg
[defaults]
inventory = $CONTROLLER/hosts
remote_user = root
EOT
#Make infrastructure
touch site.yml
touch hosts
touch servers.yml
touch fooservers.yml
mkdir -p ./roles/common/tasks
mkdir -p ./roles/common/handlers
mkdir -p ./roles/common/files
mkdir -p ./roles/common/templates
mkdir -p ./roles/common/vars
mkdir -p ./roles/common/defaults
mkdir -p ./roles/common/meta
mkdir -p ./roles/servers/tasks
mkdir -p ./roles/servers/handlers
mkdir -p ./roles/servers/files
mkdir -p ./roles/servers/templates
mkdir -p ./roles/servers/vars
mkdir -p ./roles/servers/defaults
mkdir -p ./roles/servers/meta
mkdir -p ./group_vars
mkdir -p ./host_vars