debops.icinga_db default variables

General configuration

icinga_db__icinga_installed

Variable which defines if Icinga 2 has been installed on the host. If it's not installed, the role will not perform the database configuration.

You should install Icinga with the debops.icinga role before configuring a database for it. The default DebOps playbook should do that automatically if the main Icinga role is enabled on a host.

icinga_db__icinga_installed: '{{ ansible_local.icinga.installed | d(False) | bool }}'

Database configuration

icinga_db__type

The database type to configure for Icinga 2, either PostgreSQL (preferred) or MariaDB/MySQL. Debian installation supports only one database type at a time.

icinga_db__type: '{{ ansible_local.icinga_db.type
                     | d("postgresql" if ansible_local.postgresql is defined else "", true)
                     | d("mariadb" if ansible_local.mariadb is defined else "", true) }}'
icinga_db__database_map

A map containing per-database settings for the Icinga 2 database.

icinga_db__database_map:
  postgresql:
    ido:       'pgsql'
    db_name:   'icinga2'
    db_user:   'icinga2'
    db_host:   '{{ ansible_local.postgresql.server | d("localhost") }}'
    db_port:   '{{ ansible_local.postgresql.port | d(5432) }}'
    db_schema: '/usr/share/icinga2-ido-pgsql/schema/pgsql.sql'
    pw_path:   '{{ secret + "/postgresql/"
                   + ansible_local.postgresql.delegate_to | d(inventory_hostname)
                   + "/" + ansible_local.postgresql.port | d("5432")
                   + "/credentials/icinga2/password" }}'
  mariadb:
    ido:       'mysql'
    db_name:   'icinga2'
    db_user:   'icinga2'
    db_host:   '{{ ansible_local.mariadb.server | d("localhost") }}'
    db_port:   '{{ ansible_local.mariadb.port | d() }}'
    db_schema: '/usr/share/icinga2-ido-mysql/schema/mysql.sql'
    pw_path:   '{{ secret + "/mariadb/"
                   + ansible_local.mariadb.delegate_to | d(inventory_hostname)
                   + "/credentials/icinga2/password" }}'
icinga_db__ido

The IDO driver to use for the Icinga 2 database.

icinga_db__ido: '{{ icinga_db__database_map[icinga_db__type].ido }}'
icinga_db__host

The host where the Icinga 2 database will be installed.

icinga_db__host: '{{ icinga_db__database_map[icinga_db__type].db_host }}'
icinga_db__port

The port used to connect to the Icinga 2 database.

icinga_db__port: '{{ icinga_db__database_map[icinga_db__type].db_port }}'
icinga_db__ssl

Whether to use SSL when communicating with the Icinga 2 database.

icinga_db__ssl: '{{ False if icinga_db__host == "localhost"
                    else ansible_local.pki.enabled | d(False) | bool }}'
icinga_db__user

Name of the database user for Icinga 2.

icinga_db__user: '{{ icinga_db__database_map[icinga_db__type].db_user }}'
icinga_db__database

Name of the database for Icinga 2.

icinga_db__database: '{{ icinga_db__database_map[icinga_db__type].db_name }}'
icinga_db__password_path

Path to database password file located on the Ansible Controller. See the debops.secret role for more details.

icinga_db__password_path: '{{ icinga_db__database_map[icinga_db__type].pw_path }}'
icinga_db__password

Password of the Icinga 2 database user.

icinga_db__password: "{{ lookup('password', icinga_db__password_path
                                   + ' length=48 chars=ascii_letters,digits,.-_') }}"
icinga_db__init

Should the Icinga 2 database be initialized ? Per default, it should be initialized only the first time this role runs.

icinga_db__init: '{{ not (ansible_local.icinga_db.configured | d(False) | bool) }}'
icinga_db__schema

Absolute path to the Icinga 2 database schema which will be imported during initialization. The schema needs to be located on the remote host where Icinga 2 is being configured.

icinga_db__schema: '{{ icinga_db__database_map[icinga_db__type].db_schema }}'
icinga_db__default_configuration

The default database configuration applied by the role.

icinga_db__default_configuration:

  - name: 'library'
    raw: 'library "db_ido_{{ icinga_db__ido }}"'

  - name: 'connection'
    option: 'object Ido{{ icinga_db__ido | capitalize }}Connection "ido-{{ icinga_db__ido }}"'
    options:

      - name: 'user'
        value: '{{ icinga_db__user }}'

      - name: 'password'
        value: '{{ icinga_db__password }}'

      - name: 'host'
        value: '{{ icinga_db__host }}'

      - name: 'database'
        value: '{{ icinga_db__database }}'

      - name: 'port'
        value: '{{ icinga_db__port | d("") }}'
        state: '{{ "present" if icinga_db__port | d() else "ignore" }}'

      - name: 'ssl_mode'
        value: '{{ "verify-full" if icinga_db__ssl | d(False) | bool else "disable" }}'
        state: '{{ "present" if icinga_db__type | d() == "postgresql" else "ignore" }}'

      - name: 'enable_ssl'
        value: '{{ True if icinga_db__ssl | d(False) | bool else False }}'
        state: '{{ "present" if icinga_db__type | d() == "mariadb" else "ignore" }}'

      - name: 'ssl_ca'
        value: '{{ icinga_db__ssl_ca_certificate }}'
icinga_db__configuration

Custom database configuration defined in the Ansible inventory.

icinga_db__configuration: []
icinga_db__combined_configuration

A variable which combines the database configuration from different source variables and is used by the role to generate the actual configuration file.

icinga_db__combined_configuration: '{{ icinga_db__default_configuration
                                       + icinga_db__configuration }}'

Support for DebOps PKI and TLS

icinga_db__pki_path

Absolute path to the directory that contains PKI realms.

icinga_db__pki_path: '{{ ansible_local.pki.base_path | d("/etc/pki/realms") }}'
icinga_db__pki_realm

Default PKI realm used by the Icinga database server.

icinga_db__pki_realm: '{{ ansible_local.pki.realm | d("domain") }}'
icinga_db__pki_ca

Name of the Root CA certificate file, relative to the PKI realm directory.

icinga_db__pki_ca: 'CA.crt'
icinga_db__ssl_ca_certificate

Absolute path to the Root CA certificate used by the Icinga 2 master to authenticate database server certificates.

icinga_db__ssl_ca_certificate: '{{ icinga_db__pki_path + "/"
                                   + icinga_db__pki_realm + "/"
                                   + icinga_db__pki_ca }}'

APT packages

icinga_db__base_packages

The list of APT packages to install for Icinga 2 database support.

icinga_db__base_packages:

  # Disable dbconfig support, DebOps roles will handle the Icinga database
  - 'dbconfig-no-thanks'
  - '{{ "icinga2-ido-" + icinga_db__ido }}'
icinga_db__packages

List of additional APT packages to install with Icinga 2 database support.

icinga_db__packages: []

Configuration for other Ansible roles

icinga_db__postgresql__dependent_roles

Configuration of PostgreSQL roles for debops.postgresql Ansible role.

icinga_db__postgresql__dependent_roles:
  - name: '{{ icinga_db__user }}'
    password: '{{ icinga_db__password }}'
    db: '{{ icinga_db__database }}'
    priv: ['ALL']
icinga_db__postgresql__dependent_databases

Configuration of PostgreSQL databases for the debops.postgresql Ansible role.

icinga_db__postgresql__dependent_databases:
  - name: '{{ icinga_db__database }}'
    owner: '{{ icinga_db__user }}'
icinga_db__mariadb__dependent_users

Configuration of MariaDB users for debops.mariadb Ansible role.

icinga_db__mariadb__dependent_users:
  - name: '{{ icinga_db__user }}'
    password: '{{ icinga_db__password }}'
    database: '{{ icinga_db__database }}'
icinga_db__mariadb__dependent_databases

Configuration of MariaDB databases for debops.mariadb Ansible role.

icinga_db__mariadb__dependent_databases:
  - name: '{{ icinga_db__database }}'