debops.icinga_web default variables¶
Sections
- APT packages, UNIX environment
- Network configuration
- Icinga 2 Web modules
- Icinga 2 Web database
- Icinga 2 master database
- Icinga 2 Director support
- Icinga 2 x509 module support
- Icinga 2 REST API
- Icinga 2 Web initial user accounts
- LDAP authentication
- The
authentication.iniconfiguration file - The
config.iniconfiguration file - The
groups.iniconfiguration file - The
resources.iniconfiguration file - The
roles.iniconfiguration file - The
modules/monitoring/backends.iniconfiguration file - The
modules/monitoring/commandtransports.iniconfiguration file - The
modules/director/config.iniconfiguration file - The
modules/director/kickstart.iniconfiguration file - The
modules/x509/config.iniconfiguration file - Configuration for other Ansible roles
APT packages, UNIX environment¶
-
icinga_web__base_packages¶
List of default APT packages to install for Icinga 2 Web support.
icinga_web__base_packages:
- 'icingaweb2'
- 'icingaweb2-module-doc'
- 'icingaweb2-module-monitoring'
- 'icingacli'
-
icinga_web__packages¶
List of additional APT packages to install with Icinga 2 Web support.
icinga_web__packages: []
-
icinga_web__user¶
The UNIX account used by Icinga 2 Web. This account should be present on the system by default.
icinga_web__user: 'www-data'
-
Icinga_web__group¶
The UNIX group used by Icinga 2 Web. This group will be created automatically by the APT package.
icinga_web__group: 'icingaweb2'
-
icinga_web__src¶
Directory where custom source code will be downloaded by the role, for example module repositories.
icinga_web__src: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
+ "/icinga_web" }}'
Network configuration¶
-
icinga_web__fqdn¶
The Fully Qualified Domain Name of the Icinga 2 Web service. The web interface will be available on this address. This address is also used to access the Icinga 2 Director API.
icinga_web__fqdn: 'icinga.{{ icinga_web__domain }}'
-
icinga_web__domain¶
The domain used by the Icinga 2 Web interface.
icinga_web__domain: '{{ ansible_domain }}'
-
icinga_web__node_fqdn¶
The Fully Qualified Domain Name of the local Icinga 2 node. This hostname will be used to access the Icinga 2 REST API.
icinga_web__node_fqdn: '{{ ansible_fqdn }}'
Icinga 2 Web modules¶
These variables define what Icinga 2 Web modules should be installed and/or enabled. External modules will be cloned using git command. See icinga_web__modules for more details.
-
icinga_web__default_modules¶
List of Icinga 2 Web modules installed by default.
icinga_web__default_modules:
- name: 'toplevelview'
git_repo: 'https://github.com/Icinga/icingaweb2-module-toplevelview'
git_version: 'v0.3.3'
state: 'present'
- name: 'monitoring'
state: 'present'
- name: 'businessprocess'
git_repo: 'https://github.com/Icinga/icingaweb2-module-businessprocess'
git_version: 'v2.3.1'
state: 'present'
- name: 'graphite'
git_repo: 'https://github.com/Icinga/icingaweb2-module-graphite'
git_version: 'v1.1.0'
enabled: False
state: 'present'
- name: 'director'
git_repo: 'https://github.com/Icinga/icingaweb2-module-director'
git_version: 'v1.8.1'
state: '{{ "present" if icinga_web__director_enabled | bool else "ignore" }}'
- name: 'generictts'
git_repo: 'https://github.com/Icinga/icingaweb2-module-generictts'
git_version: 'v2.0.0'
state: 'present'
- name: 'grafana'
git_repo: 'https://github.com/Mikesch-mp/icingaweb2-module-grafana'
git_version: 'v1.4.2'
state: 'present'
- name: 'map'
git_repo: 'https://github.com/nbuchwitz/icingaweb2-module-map'
git_version: 'v1.1.0'
state: 'present'
- name: 'pnp'
git_repo: 'https://github.com/Icinga/icingaweb2-module-pnp'
git_version: 'v1.1.0'
enabled: False
state: 'present'
- name: 'elasticsearch'
git_repo: 'https://github.com/Icinga/icingaweb2-module-elasticsearch'
git_version: 'v0.9.0'
state: 'present'
- name: 'cube'
git_repo: 'https://github.com/Icinga/icingaweb2-module-cube'
git_version: 'v1.1.1'
state: 'present'
- name: 'netboximport'
git_repo: 'https://github.com/Uberspace/icingaweb2-module-netboximport'
git_version: 'master'
state: 'present'
- name: 'doc'
state: 'present'
- name: 'ipl'
git_repo: 'https://github.com/Icinga/icingaweb2-module-ipl'
git_version: 'v0.5.0'
state: 'present'
- name: 'reactbundle'
git_repo: 'https://github.com/Icinga/icingaweb2-module-reactbundle'
git_version: 'v0.9.0'
state: 'present'
- name: 'incubator'
git_repo: 'https://github.com/Icinga/icingaweb2-module-incubator'
git_version: 'v0.6.0'
state: 'present'
- name: 'x509'
git_repo: 'https://github.com/icinga/icingaweb2-module-x509'
git_version: 'v1.0.0'
state: '{{ "present" if icinga_web__x509_enabled | bool else "ignore" }}'
-
icinga_web__modules¶
List of additional Icinga 2 Web modules that should be installed/managed by the role.
icinga_web__modules: []
Icinga 2 Web database¶
-
icinga_web__database_type¶
Specify the type of the Icinga 2 Web database, either postgresql
(preferred) or mariadb. The role will try to detect the available
databases automatically based on the Ansible local facts.
icinga_web__database_type: '{{ ansible_local.icinga_web.database_type
| d(ansible_local.icinga_db.type | d(""), true)
| d("postgresql" if ansible_local.postgresql is defined else "", true)
| d("mariadb" if ansible_local.mariadb is defined else "", true) }}'
-
icinga_web__database_map¶
A map containing per-database settings for the Icinga 2 Web database.
icinga_web__database_map:
postgresql:
ido: 'pgsql'
db_name: 'icingaweb2_production'
db_user: 'icingaweb2'
db_host: '{{ ansible_local.postgresql.server | d("localhost") }}'
db_port: '{{ ansible_local.postgresql.port | d(5432) }}'
db_schema: '/usr/share/icingaweb2/etc/schema/pgsql.schema.sql'
pw_path: '{{ secret + "/postgresql/"
+ ansible_local.postgresql.delegate_to | d(inventory_hostname)
+ "/" + ansible_local.postgresql.port | d("5432")
+ "/credentials/icingaweb2/password" }}'
mariadb:
ido: 'mysql'
db_name: 'icingaweb2'
db_user: 'icingaweb2'
db_host: '{{ ansible_local.mariadb.server | d("localhost") }}'
db_port: '{{ ansible_local.mariadb.port | d(3306) }}'
db_schema: '/usr/share/icingaweb2/etc/schema/mysql.schema.sql'
pw_path: '{{ secret + "/mariadb/"
+ ansible_local.mariadb.delegate_to | d(inventory_hostname)
+ "/credentials/icingaweb2/password" }}'
-
icinga_web__database_name¶
Name of the Icinga 2 Web database.
icinga_web__database_name: '{{ icinga_web__database_map[icinga_web__database_type].db_name }}'
-
icinga_web__database_user¶
Name of the Icinga 2 Web database user.
icinga_web__database_user: '{{ icinga_web__database_map[icinga_web__database_type].db_user }}'
-
icinga_web__database_password_path¶
Path to database password file located on the Ansible Controller. See the debops.secret role for more details.
icinga_web__database_password_path: '{{ icinga_web__database_map[icinga_web__database_type].pw_path }}'
-
icinga_web__database_password¶
Password for Icinga 2 Web database.
icinga_web__database_password: "{{ lookup('password', icinga_web__database_password_path
+ ' length=48 chars=ascii_letters,digits,.-_') }}"
-
icinga_web__database_host¶
The address of the Icinga 2 Web database server.
icinga_web__database_host: '{{ icinga_web__database_map[icinga_web__database_type].db_host }}'
-
icinga_web__database_port¶
The port on which the Icinga 2 Web database server listens for connections.
icinga_web__database_port: '{{ icinga_web__database_map[icinga_web__database_type].db_port }}'
-
icinga_web__database_ssl¶
Whether to use SSL when communicating with the Icinga 2 Web database.
icinga_web__database_ssl: '{{ False if icinga_web__database_host == "localhost"
else ansible_local.pki.enabled | d(False) | bool }}'
-
icinga_web__database_schema¶
Absolute path to the Icinga 2 Web database schema which will be imported during initialization. The schema needs to be located on the remote host where Icinga 2 Web is being configured.
icinga_web__database_schema: '{{ icinga_web__database_map[icinga_web__database_type].db_schema }}'
-
icinga_web__database_init¶
Enable or disable initialization of the Icinga 2 Web database.
icinga_web__database_init: '{{ not (ansible_local.icinga_web.installed | d(False) | bool) }}'
Icinga 2 master database¶
These variables control configuration of the Icinga 2 master database, managed by debops.icinga_db Ansible role. This database is usually on the same host the Web interface is installed, but if not, you might need to configure access to a remote database here.
-
icinga_web__master_database_enabled¶
Enable or disable configuration of the Icinga 2 master database resource in the Icinga 2 Web interface. This does not control the configuration of the actual database, see debops.icinga_db role for that.
icinga_web__master_database_enabled: '{{ ansible_local.icinga_db.configured | d(False) | bool }}'
-
icinga_web__master_database_type¶
Specify the type of the Icinga 2 master database, either postgresql or
mariadb.
icinga_web__master_database_type: '{{ ansible_local.icinga_db.type | d("") }}'
-
icinga_web__master_database_ido¶
Specify the IDO driver of the Icinga 2 master database, either pgsql or
mysql.
icinga_web__master_database_ido: '{{ ansible_local.icinga_db.ido | d("") }}'
-
icinga_web__master_database_name¶
Name of the Icinga 2 master database.
icinga_web__master_database_name: '{{ ansible_local.icinga_db.db_name | d("icinga2") }}'
-
icinga_web__master_database_user¶
Name of the Icinga 2 master database user.
icinga_web__master_database_user: '{{ ansible_local.icinga_db.db_user | d("icinga2") }}'
-
icinga_web__master_database_password¶
Password for the Icinga 2 master database.
icinga_web__master_database_password: '{{ ansible_local.icinga_db.db_password | d("") }}'
-
icinga_web__master_database_host¶
The address of the Icinga 2 master database host.
icinga_web__master_database_host: '{{ ansible_local.icinga_db.db_host | d("localhost") }}'
-
icinga_web__master_database_port¶
The port on which the Icinga 2 master database listens for connections.
icinga_web__master_database_port: '{{ ansible_local.icinga_db.db_port | d("") }}'
-
icinga_web__master_database_ssl¶
Whether to use SSL when communicating with the Icinga 2 master database.
icinga_web__master_database_ssl: '{{ ansible_local.icinga_db.db_ssl | d(False) }}'
Icinga 2 Director support¶
-
icinga_web__director_enabled¶
Enable or disable support for Icinga 2 Web Director module.
icinga_web__director_enabled: True
-
icinga_web__director_user¶
The username of the Icinga 2 Director Unix account, which will be automatically created by this role.
icinga_web__director_user: 'icingadirector'
-
icinga_web__director_group¶
The primary group of the Icinga 2 Director Unix account. Defaults to the group created by the icingaweb2 APT package.
icinga_web__director_group: '{{ icinga_web__group }}'
-
icinga_web__director_home¶
The home directory of the Icinga 2 Director Unix account.
icinga_web__director_home: '/var/local/{{ icinga_web__director_user }}'
-
icinga_web__director_home_mode¶
Octal permissions on the home directory of the Icinga 2 Director Unix account.
icinga_web__director_home_mode: '0755'
-
icinga_web__director_shell¶
The shell of the Icinga 2 Director Unix account.
icinga_web__director_shell: '/usr/sbin/nologin'
-
icinga_web__director_api_fqdn¶
Fully Qualified Domain Name which is part of the URL to the Icinga 2 Director REST API. It is usually the same as the Icinga 2 Web interface FQDN.
icinga_web__director_api_fqdn: '{{ icinga_web__fqdn }}'
-
icinga_web__director_api_url¶
The URL of the Icinga 2 Director REST API which will be used to interact with Icinga Director.
icinga_web__director_api_url: 'https://{{ icinga_web__director_api_fqdn }}/director'
-
icinga_web__director_api_user¶
Name of the Icinga 2 Director API user, used by the debops.icinga role to authenticate to the Director REST API.
icinga_web__director_api_user: 'director-api'
-
icinga_web__director_api_password¶
The password for the Icinga 2 Director API user used by the debops.icinga role.
icinga_web__director_api_password: '{{ lookup("password", secret + "/icinga_web/api/"
+ icinga_web__director_api_fqdn + "/credentials/"
+ icinga_web__director_api_user + "/password") }}'
-
icinga_web__director_database_type¶
Specify the type of the Icinga 2 Director database, either postgresql
(preferred) or mariadb. It's usually the same type as the main Icinga 2
Web database.
icinga_web__director_database_type: '{{ icinga_web__database_type | d("invalid") }}'
-
icinga_web__director_database_map¶
A map containing per-database settings for the Icinga 2 Director database.
icinga_web__director_database_map:
postgresql:
ido: 'pgsql'
db_name: 'icinga2_director_production'
db_user: 'icinga2_director'
db_host: '{{ ansible_local.postgresql.server | d("localhost") }}'
db_port: '{{ ansible_local.postgresql.port | d(5432) }}'
pw_path: '{{ secret + "/postgresql/"
+ ansible_local.postgresql.delegate_to | d(inventory_hostname)
+ "/" + ansible_local.postgresql.port | d("5432")
+ "/credentials/icinga2_director/password" }}'
mariadb:
ido: 'mysql'
db_name: 'icinga2_director'
db_user: 'icinga2_director'
db_host: '{{ ansible_local.mariadb.server | d("localhost") }}'
db_port: '{{ ansible_local.mariadb.port | d() }}'
pw_path: '{{ secret + "/mariadb/"
+ ansible_local.mariadb.delegate_to | d(inventory_hostname)
+ "/credentials/icinga2_director/password" }}'
-
icinga_web__director_database_name¶
Name of the Icinga 2 Director database.
icinga_web__director_database_name: '{{ icinga_web__director_database_map[icinga_web__director_database_type].db_name }}'
-
icinga_web__director_database_user¶
Name of the Icinga 2 Director database user.
icinga_web__director_database_user: '{{ icinga_web__director_database_map[icinga_web__director_database_type].db_user }}'
-
icinga_web__director_database_password_path¶
Path to database password file located on the Ansible Controller for the Icinga 2 Director database.
icinga_web__director_database_password_path: '{{ icinga_web__director_database_map[icinga_web__director_database_type].pw_path }}'
-
icinga_web__director_database_password¶
Database password for the Icinga 2 Director database.
icinga_web__director_database_password: "{{ lookup('password', icinga_web__director_database_password_path
+ ' length=48 chars=ascii_letters,digits,.-_') }}"
-
icinga_web__director_database_host¶
Address of the Icinga 2 Director database server.
icinga_web__director_database_host: '{{ icinga_web__director_database_map[icinga_web__director_database_type].db_host }}'
-
icinga_web__director_database_port¶
The port on which the Icinga 2 Director database server listens for connections.
icinga_web__director_database_port: '{{ icinga_web__director_database_map[icinga_web__director_database_type].db_port }}'
-
icinga_web__director_database_ssl¶
Whether to use SSL when communicating with the Icinga 2 Director database.
icinga_web__director_database_ssl: '{{ False if icinga_web__director_database_host == "localhost"
else ansible_local.pki.enabled | d(False) | bool }}'
-
icinga_web__director_database_init¶
Enable or disable initialization of the Icinga 2 Director database.
icinga_web__director_database_init: '{{ not (ansible_local.icinga_web.installed | d(False) | bool) }}'
-
icinga_web__director_kickstart_enabled¶
Enable or disable initial import (kickstart) of the Icinga 2 configuration into the Director database.
icinga_web__director_kickstart_enabled: '{{ ansible_local.icinga.installed | d(False) | bool }}'
-
icinga_web__director_default_templates¶
List of default templates to create in Icinga Director. See icinga_web__director_templates for more details.
icinga_web__director_default_templates:
- name: 'generic-host'
api_endpoint: '/host'
data:
object_type: 'template'
object_name: 'generic-host'
check_command: 'hostalive'
check_interval: '5m'
retry_interval: '30s'
max_check_attempts: '5'
state: 'present'
- name: 'icinga-agent-host'
api_endpoint: '/host'
data:
object_type: 'template'
object_name: 'icinga-agent-host'
has_agent: true
master_should_connect: true
accept_config: true
imports:
- 'generic-host'
state: 'present'
-
icinga_web__director_templates¶
List of templates to create in Icinga Director defined on all hosts in the Ansible inventory. See icinga_web__director_templates for more details.
icinga_web__director_templates: []
-
icinga_web__director_group_templates¶
List of templates to create in Icinga Director defined on hosts in a specific Ansible inventory group. See icinga_web__director_templates for more details.
icinga_web__director_group_templates: []
-
icinga_web__director_host_templates¶
List of templates to create in Icinga Director defined on specific hosts in the Ansible inventory. See icinga_web__director_templates for more details.
icinga_web__director_host_templates: []
-
icinga_web__director_combined_templates¶
Variable which combines all of the Icinga Director template lists and is used in role tasks and templates.
icinga_web__director_combined_templates: '{{ icinga_web__director_default_templates
+ icinga_web__director_templates
+ icinga_web__director_group_templates
+ icinga_web__director_host_templates }}'
Icinga 2 x509 module support¶
-
icinga_web__x509_enabled¶
Enable or disable support for Icinga 2 Web x509 module. It currently only supports MariaDB. See https://github.com/icinga/icingaweb2-module-x509 for more details
icinga_web__x509_enabled: '{{ icinga_web__director_database_type == "mariadb"
and ansible_local.mariadb is defined }}'
-
icinga_web__x509_database_type¶
Specify the type of the Icinga 2 Web x509 module database. Either
postgresql (under development) or mariadb. It's usually the same type
as the main Icinga 2 Web database.
icinga_web__x509_database_type: '{{ icinga_web__database_type | d("invalid") }}'
-
icinga_web__x509_database_map¶
A map containing per-database settings for the Icinga 2 Web x509 module database.
icinga_web__x509_database_map:
postgresql:
ido: 'pgsql'
db_name: 'icingaweb2_x509'
db_user: 'icingaweb2_x509'
db_host: '{{ ansible_local.postgresql.server | d("localhost") }}'
db_port: '{{ ansible_local.postgresql.port | d(5432) }}'
db_schema: '/usr/share/icingaweb2/modules/x509/etc/schema/pgsql.schema.sql'
pw_path: '{{ secret + "/postgresql/"
+ ansible_local.postgresql.delegate_to | d(inventory_hostname)
+ "/" + ansible_local.postgresql.port | d("5432")
+ "/credentials/icingaweb2_x509/password" }}'
mariadb:
ido: 'mysql'
db_name: 'icingaweb2_x509'
db_user: 'icingaweb2_x509'
db_host: '{{ ansible_local.mariadb.server | d("localhost") }}'
db_port: '{{ ansible_local.mariadb.port | d(3306) }}'
db_schema: '/usr/share/icingaweb2/modules/x509/etc/schema/mysql.schema.sql'
pw_path: '{{ secret + "/mariadb/"
+ ansible_local.mariadb.delegate_to | d(inventory_hostname)
+ "/credentials/icingaweb2_x509/password" }}'
-
icinga_web__x509_database_name¶
Name of the Icinga 2 Web x509 module database.
icinga_web__x509_database_name: '{{ icinga_web__x509_database_map[icinga_web__x509_database_type].db_name }}'
-
icinga_web__x509_database_user¶
Name of the Icinga 2 Web x509 module database user.
icinga_web__x509_database_user: '{{ icinga_web__x509_database_map[icinga_web__x509_database_type].db_user }}'
-
icinga_web__x509_database_password_path¶
Path to the database password file located on the Ansible Controller. See the debops.secret role for more details.
icinga_web__x509_database_password_path: '{{ icinga_web__x509_database_map[icinga_web__x509_database_type].pw_path }}'
-
icinga_web__x509_database_password¶
Password for the Icinga 2 Web x509 module database.
icinga_web__x509_database_password: '{{ lookup("password", icinga_web__x509_database_password_path
+ " length=48 chars=ascii_letters,digits,.-_") }}'
-
icinga_web__x509_database_host¶
The address of the Icinga 2 Web x509 module database server.
icinga_web__x509_database_host: '{{ icinga_web__x509_database_map[icinga_web__x509_database_type].db_host }}'
-
icinga_web__x509_database_port¶
The port on which the Icinga 2 Web x509 module database server listens for connections.
icinga_web__x509_database_port: '{{ icinga_web__x509_database_map[icinga_web__x509_database_type].db_port }}'
-
icinga_web__x509_database_schema¶
Absolute path to the Icinga 2 Web x509 module database scheme which will be imported during initialization.
icinga_web__x509_database_schema: '{{ icinga_web__x509_database_map[icinga_web__x509_database_type].db_schema }}'
-
icinga_web__x509_database_ssl¶
Whether to use SSL when communicating with the Icinga 2 Web x509 module database.
icinga_web__x509_database_ssl: '{{ False if icinga_web__x509_database_host == "localhost"
else ansible_local.pki.enabled | d(False) | bool }}'
-
icinga_web__x509_database_init¶
Enable or disable initialization of the Icinga 2 Web x509 module database.
icinga_web__x509_database_init: '{{ not ansible_local.icinga_web.x509_installed | d(False) }}'
Icinga 2 REST API¶
These variables configure access to the Icinga 2 REST API. Using that API, the Icinga 2 Web and Director interface communicates with the Icinga 2 cluster nodes.
-
icinga_web__icinga_api_fqdn¶
Fully Qualified Domain Name of the Icinga 2 API endpoint. It's usually on the same host as the Icinga 2 Web interface.
icinga_web__icinga_api_fqdn: '{{ icinga_web__node_fqdn }}'
-
icinga_web__icinga_api_port¶
The port on which the Icinga 2 service listens for new API connections.
icinga_web__icinga_api_port: '5665'
-
icinga_web__icinga_api_user¶
The name of the API user used for authentication to the Icinga 2 REST API.
icinga_web__icinga_api_user: 'root'
-
icinga_web__icinga_api_password¶
The password of the Icinga 2 REST API user.
icinga_web__icinga_api_password: '{{ lookup("password", secret + "/icinga/api/"
+ icinga_web__icinga_api_fqdn + "/credentials/"
+ icinga_web__icinga_api_user
+ "/password") }}'
Icinga 2 Web initial user accounts¶
-
icinga_web__initial_account_groups¶
List of initial user groups created by the role in the Icinga 2 Web database during initialization. See icinga_web__initial_account_groups for more details.
icinga_web__initial_account_groups:
- name: 'Administrators'
- name: 'Users'
-
icinga_web__initial_accounts¶
List of initial user accounts created by the role in the Icinga 2 Web database during initialization. See icinga_web__initial_accounts for more details.
icinga_web__initial_accounts:
- name: 'root'
password: '{{ lookup("password", secret + "/icinga_web/auth/"
+ inventory_hostname + "/credentials/root/password") }}'
- name: '{{ icinga_web__director_api_user }}'
password: '{{ icinga_web__director_api_password }}'
-
icinga_web__default_account_password¶
The default password used for the initial accounts which don't specify their own password.
icinga_web__default_account_password: '{{ lookup("password", secret + "/icinga_web/auth/"
+ inventory_hostname + "/default_password") }}'
LDAP authentication¶
Refer to the official Icinga web documentation for more details.
-
icinga_web__ldap_enabled¶
Enable LDAP support
icinga_web__ldap_enabled: '{{ True
if ansible_local.ldap.enabled | d() | bool
else False }}'
-
icinga_web__ldap_base_dn¶
The base Distinguished Name which should be used to create Distinguished Names of the LDAP directory objects, defined as a YAML list.
icinga_web__ldap_base_dn: '{{ ansible_local.ldap.base_dn | d([]) }}'
-
icinga_web__ldap_groups_rdn¶
The Relative Distinguished Name of the object which contains the groups stored in LDAP.
icinga_web__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn
| d("ou=Groups") }}'
-
icinga_web__ldap_groups_dn¶
The Distinguished Name where Icinga Web will look for groups, defined as a YAML list.
icinga_web__ldap_groups_dn: '{{ [icinga_web__ldap_groups_rdn]
+ icinga_web__ldap_base_dn }}'
-
icinga_web__ldap_people_rdn¶
The Relative Distinguished Name of the object which contains the user accounts stored in LDAP.
icinga_web__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn
| d("ou=People") }}'
-
icinga_web__ldap_people_dn¶
The base Distinguished Name where Icinga Web will look for users, defined as a YAML list.
icinga_web__ldap_people_dn: '{{ [icinga_web__ldap_people_rdn]
+ icinga_web__ldap_base_dn }}'
-
icinga_web__ldap_device_dn¶
The Distinguished Name of the current host LDAP object, defined as a YAML list. It will be used as a base for the Icinga web service account LDAP object. If the list is empty, the role will not create the account LDAP object automatically.
icinga_web__ldap_device_dn: '{{ ansible_local.ldap.device_dn | d([]) }}'
-
icinga_web__ldap_self_rdn¶
The Relative Distinguished Name of the account LDAP object used by the Icinga Web service to access the LDAP directory.
icinga_web__ldap_self_rdn: 'uid=icingaweb'
-
icinga_web__ldap_self_object_classes¶
List of the LDAP object classes which will be used to create the LDAP object used by the Icinga Web service to access the LDAP directory.
icinga_web__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
-
icinga_web__ldap_self_attributes¶
YAML dictionary that defines the attributes of the LDAP object used by the Icinga Web service to access the LDAP directory.
icinga_web__ldap_self_attributes:
uid: '{{ icinga_web__ldap_self_rdn.split("=")[1] }}'
userPassword: '{{ icinga_web__ldap_bindpw }}'
host: '{{ [ansible_fqdn, ansible_hostname] | unique }}'
description: 'Account used by the "Icinga Web" service to access the LDAP directory'
-
icinga_web__ldap_binddn¶
The Distinguished Name of the account LDAP object used by the Icinga Web service to bind to the LDAP directory.
icinga_web__ldap_binddn: '{{ ([icinga_web__ldap_self_rdn]
+ icinga_web__ldap_device_dn) | join(",") }}'
-
icinga_web__ldap_bindpw¶
The password stored in the account LDAP object used by the Icinga Web service to bind to the LDAP directory.
icinga_web__ldap_bindpw: '{{ (lookup("password", secret + "/ldap/credentials/"
+ icinga_web__ldap_binddn | to_uuid
+ ".password length=48 "
+ "chars=ascii_letters,digits,.-_"))
if icinga_web__ldap_enabled | bool
else "" }}'
-
icinga_web__ldap_hostname¶
The LDAP URI that points to the directory server which should be used by Icinga Web.
icinga_web__ldap_hostname: '{{ ansible_local.ldap.hosts | d([""]) | first }}'
-
icinga_web__ldap_encryption¶
The LDAP encryption to use, either starttls, ldaps or plain
(discouraged).
icinga_web__ldap_encryption: '{{ "ldaps"
if ansible_local.ldap.protocol | d("") == "ldaps"
else ("starttls"
if ansible_local.ldap.start_tls | d(True) | bool
else "plain") }}'
-
icinga_web__ldap_port¶
The TCP port to use for LDAP connections.
icinga_web__ldap_port: '{{ ansible_local.ldap.port | d(389) }}'
-
icinga_web__ldap_user_filter¶
Use this to control which LDAP users are listed as Icinga Web users.
icinga_web__ldap_user_filter: '(&
(objectClass={{ icinga_web__ldap_user_class }})
( |
(authorizedService=all)
(authorizedService=icingaweb)
)
)'
-
icinga_web__ldap_user_class¶
The objectClass of LDAP users.
icinga_web__ldap_user_class: 'inetOrgPerson'
-
icinga_web__ldap_user_name_attribute¶
The LDAP attribute which contains the username.
icinga_web__ldap_user_name_attribute: 'uid'
-
icinga_web__ldap_group_filter¶
Use this to control which LDAP groups are listed as Icinga Web groups.
icinga_web__ldap_group_filter: 'objectClass={{ icinga_web__ldap_group_class }}'
-
icinga_web__ldap_group_class¶
The objectClass of LDAP groups.
icinga_web__ldap_group_class: 'groupOfNames'
-
icinga_web__ldap_group_member_attribute¶
The LDAP attribute where a group’s members are stored.
icinga_web__ldap_group_member_attribute: 'member'
-
icinga_web__ldap_group_name_attribute¶
The LDAP attribute which contains the group name.
icinga_web__ldap_group_name_attribute: 'cn'
The authentication.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/authentication.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_authentication¶
The current contents of the config file, gathered during runtime.
icinga_web__current_authentication: '{{ (icinga_web__register_config.stdout
| from_json)["authentication.ini"] | d([]) }}'
-
icinga_web__default_authentication¶
The default authentication configuration appled by the role.
icinga_web__default_authentication:
- name: 'icingaweb2'
options:
- name: 'backend'
value: 'db'
- name: 'resource'
value: 'icingaweb_db'
- name: 'ldap_users'
options:
- name: 'backend'
value: 'ldap'
- name: 'resource'
value: 'ldap_db'
- name: 'user_class'
value: '{{ icinga_web__ldap_user_class }}'
- name: 'user_name_attribute'
value: '{{ icinga_web__ldap_user_name_attribute }}'
- name: 'filter'
value: '{{ icinga_web__ldap_user_filter }}'
state: '{{ "present" if icinga_web__ldap_enabled | bool else "ignore" }}'
-
icinga_web__authentication¶
Custom authentication configuration defined in the Ansible inventory.
icinga_web__authentication: []
-
icinga_web__combined_authentication¶
The variable which combines the authentication configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_authentication: '{{ icinga_web__current_authentication
+ icinga_web__default_authentication
+ icinga_web__authentication }}'
The config.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/config.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_config¶
The current contents of the config file, gathered during runtime.
icinga_web__current_config: '{{ (icinga_web__register_config.stdout
| from_json)["config.ini"] | d([]) }}'
-
icinga_web__default_config¶
The default global configuration appled by the role.
icinga_web__default_config:
- name: 'global'
options:
- name: 'show_stacktraces'
value: '0'
- name: 'config_backend'
value: 'db'
- name: 'config_resource'
value: 'icingaweb_db'
- name: 'module_path'
value: '/usr/share/icingaweb2/modules'
- name: 'logging'
options:
- name: 'log'
value: 'syslog'
- name: 'level'
value: 'ERROR'
- name: 'application'
value: 'icingaweb2'
- name: 'facility'
value: 'user'
- name: 'themes'
-
icinga_web__config¶
Custom global configuration defined in the Ansible inventory.
icinga_web__config: []
-
icinga_web__combined_config¶
The variable which combines the global configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_config: '{{ icinga_web__current_config
+ icinga_web__default_config
+ icinga_web__config }}'
The groups.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/groups.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_groups¶
The current contents of the config file, gathered during runtime.
icinga_web__current_groups: '{{ (icinga_web__register_config.stdout
| from_json)["groups.ini"] | d([]) }}'
-
icinga_web__default_groups¶
The default group configuration appled by the role.
icinga_web__default_groups:
- name: 'icingaweb2'
options:
- name: 'backend'
value: 'db'
- name: 'resource'
value: 'icingaweb_db'
- name: 'ldap_groups'
options:
- name: 'backend'
value: 'ldap'
- name: 'resource'
value: 'ldap_db'
- name: 'user_backend'
value: 'ldap_users'
- name: 'base_dn'
value: '{{ icinga_web__ldap_groups_dn | join(",") }}'
- name: 'group_class'
value: '{{ icinga_web__ldap_group_class }}'
- name: 'group_member_attribute'
value: '{{ icinga_web__ldap_group_member_attribute }}'
- name: 'group_name_attribute'
value: '{{ icinga_web__ldap_group_name_attribute }}'
- name: 'group_filter'
value: '{{ icinga_web__ldap_group_filter }}'
state: '{{ "present" if icinga_web__ldap_enabled | bool else "ignore" }}'
-
icinga_web__groups¶
Custom group configuration defined in the Ansible inventory.
icinga_web__groups: []
-
icinga_web__combined_groups¶
The variable which combines the group configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_groups: '{{ icinga_web__current_groups
+ icinga_web__default_groups
+ icinga_web__groups }}'
The resources.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/resources.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_resources¶
The current contents of the config file, gathered during runtime.
icinga_web__current_resources: '{{ (icinga_web__register_config.stdout
| from_json)["resources.ini"] | d([]) }}'
-
icinga_web__default_resources¶
The default resource configuration appled by the role.
icinga_web__default_resources:
- name: 'icingaweb_db'
options:
- name: 'type'
value: 'db'
- name: 'db'
value: '{{ icinga_web__database_map[icinga_web__database_type].ido }}'
- name: 'host'
value: '{{ icinga_web__database_host }}'
- name: 'port'
value: '{{ icinga_web__database_port }}'
state: '{{ "present" if icinga_web__database_port | d() else "absent" }}'
- name: 'dbname'
value: '{{ icinga_web__database_name }}'
- name: 'username'
value: '{{ icinga_web__database_user }}'
- name: 'password'
value: '{{ icinga_web__database_password }}'
- name: 'charset'
value: 'utf8'
- name: 'persistent'
value: '0'
- name: 'use_ssl'
value: '{{ "1" if icinga_web__database_ssl | d(False) | bool else "0" }}'
- name: 'icinga2'
state: '{{ "present" if icinga_web__master_database_enabled | bool else "ignore" }}'
options:
- name: 'type'
value: 'db'
- name: 'db'
value: '{{ icinga_web__master_database_ido }}'
- name: 'host'
value: '{{ icinga_web__master_database_host }}'
- name: 'port'
value: '{{ icinga_web__master_database_port }}'
state: '{{ "present" if icinga_web__master_database_port | d() else "absent" }}'
- name: 'dbname'
value: '{{ icinga_web__master_database_name }}'
- name: 'username'
value: '{{ icinga_web__master_database_user }}'
- name: 'password'
value: '{{ icinga_web__master_database_password }}'
- name: 'charset'
value: 'utf8'
- name: 'persistent'
value: '0'
- name: 'use_ssl'
value: '{{ "1" if icinga_web__master_database_ssl | d(False) | bool else "0" }}'
- name: 'icinga2_director'
state: '{{ "present" if icinga_web__director_enabled | bool else "ignore" }}'
options:
- name: 'type'
value: 'db'
- name: 'db'
value: '{{ icinga_web__director_database_map[icinga_web__director_database_type].ido }}'
- name: 'host'
value: '{{ icinga_web__director_database_host }}'
- name: 'port'
value: '{{ icinga_web__director_database_port }}'
state: '{{ "present" if icinga_web__director_database_port | d() else "absent" }}'
- name: 'dbname'
value: '{{ icinga_web__director_database_name }}'
- name: 'username'
value: '{{ icinga_web__director_database_user }}'
- name: 'password'
value: '{{ icinga_web__director_database_password }}'
- name: 'charset'
value: 'utf8'
- name: 'persistent'
value: '0'
- name: 'use_ssl'
value: '{{ "1" if icinga_web__director_database_ssl | d(False) | bool else "0" }}'
- name: 'ldap_db'
state: '{{ "present" if icinga_web__ldap_enabled | bool else "ignore" }}'
options:
- name: 'type'
value: 'ldap'
- name: 'hostname'
value: '{{ icinga_web__ldap_hostname }}'
- name: 'port'
value: '{{ icinga_web__ldap_port }}'
- name: 'root_dn'
value: '{{ icinga_web__ldap_base_dn | join(",") }}'
- name: 'bind_dn'
value: '{{ icinga_web__ldap_binddn }}'
- name: 'bind_pw'
value: '{{ icinga_web__ldap_bindpw }}'
- name: 'encryption'
value: '{{ icinga_web__ldap_encryption }}'
- name: 'icingaweb2_x509'
state: '{{ "present" if icinga_web__x509_enabled | bool else "ignore" }}'
options:
- name: 'type'
value: 'db'
- name: 'db'
value: '{{ icinga_web__x509_database_map[icinga_web__x509_database_type].ido }}'
- name: 'host'
value: '{{ icinga_web__x509_database_host }}'
- name: 'port'
value: '{{ icinga_web__x509_database_port }}'
- name: 'dbname'
value: '{{ icinga_web__x509_database_name }}'
- name: 'username'
value: '{{ icinga_web__x509_database_user }}'
- name: 'password'
value: '{{ icinga_web__x509_database_password }}'
- name: 'charset'
value: 'utf8'
- name: 'use_ssl'
value: '{{ "1" if icinga_web__x509_database_ssl | d(False) | bool else "0" }}'
-
icinga_web__resources¶
Custom resource configuration defined in the Ansible inventory.
icinga_web__resources: []
-
icinga_web__combined_resources¶
The variable which combines the resource configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_resources: '{{ icinga_web__current_resources
+ icinga_web__default_resources
+ icinga_web__resources }}'
The roles.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/roles.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_roles¶
The current contents of the config file, gathered during runtime.
icinga_web__current_roles: '{{ (icinga_web__register_config.stdout
| from_json)["roles.ini"] | d([]) }}'
-
icinga_web__default_roles¶
The default user role configuration appled by the role.
icinga_web__default_roles:
- name: 'Administrators'
options:
- name: 'users'
value: '{{ ansible_local.core.admin_users | d([]) | join(",") }}'
- name: 'permissions'
value: '*'
- name: 'groups'
value: 'Administrators'
-
icinga_web__roles¶
Custom user role configuration defined in the Ansible inventory.
icinga_web__roles: []
-
icinga_web__combined_roles¶
The variable which combines the user role configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_roles: '{{ icinga_web__current_roles
+ icinga_web__default_roles
+ icinga_web__roles }}'
The modules/monitoring/backends.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/monitoring/backends.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_backends¶
The current contents of the config file, gathered during runtime.
icinga_web__current_backends: '{{ (icinga_web__register_config.stdout
| from_json)["modules/monitoring/backends.ini"] | d([]) }}'
-
icinga_web__default_backends¶
The default monitoring backend configuration appled by the role.
icinga_web__default_backends:
- name: 'icinga2'
state: '{{ "present"
if (icinga_web__master_database_enabled | bool)
else "ignore" }}'
options:
- name: 'type'
value: 'ido'
- name: 'resource'
value: 'icinga2'
-
icinga_web__backends¶
Custom monitoring backend configuration defined in the Ansible inventory.
icinga_web__backends: []
-
icinga_web__combined_backends¶
The variable which combines the monitoring backend configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_backends: '{{ icinga_web__current_backends
+ icinga_web__default_backends
+ icinga_web__backends }}'
The modules/monitoring/commandtransports.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/monitoring/commandtransports.ini
configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_commandtransports¶
The current contents of the config file, gathered during runtime.
icinga_web__current_commandtransports: '{{ (icinga_web__register_config.stdout
| from_json)["modules/monitoring/commandtransports.ini"] | d([]) }}'
-
icinga_web__default_commandtransports¶
The default command transport configuration appled by the role.
icinga_web__default_commandtransports:
- name: 'icinga2'
options:
- name: 'transport'
value: 'api'
- name: 'host'
value: '{{ icinga_web__icinga_api_fqdn }}'
- name: 'port'
value: '{{ icinga_web__icinga_api_port }}'
- name: 'username'
value: '{{ icinga_web__icinga_api_user }}'
- name: 'password'
value: '{{ icinga_web__icinga_api_password }}'
state: '{{ "present"
if (ansible_local | d() and ansible_local.icinga | d() and
(ansible_local.icinga.installed | d()) | bool)
else "ignore" }}'
-
icinga_web__commandtransports¶
Custom command transport configuration defined in the Ansible inventory.
icinga_web__commandtransports: []
-
icinga_web__combined_commandtransports¶
The variable which combines the command transport configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_commandtransports: '{{ icinga_web__current_commandtransports
+ icinga_web__default_commandtransports
+ icinga_web__commandtransports }}'
The modules/director/config.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/director/config.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_director_cfg¶
The current contents of the config file, gathered during runtime.
icinga_web__current_director_cfg: '{{ (icinga_web__register_config.stdout
| from_json)["modules/director/config.ini"] | d([]) }}'
-
icinga_web__default_director_cfg¶
The default Icinga 2 Director configuration appled by the role.
icinga_web__default_director_cfg:
- name: 'db'
options:
- name: 'resource'
value: 'icinga2_director'
state: '{{ "present" if icinga_web__director_enabled | bool else "ignore" }}'
-
icinga_web__director_cfg¶
Custom Icinga 2 Director configuration defined in the Ansible inventory.
icinga_web__director_cfg: []
-
icinga_web__combined_director_cfg¶
The variable which combines the Icinga 2 Director configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_director_cfg: '{{ icinga_web__current_director_cfg
+ icinga_web__default_director_cfg
+ icinga_web__director_cfg }}'
The modules/director/kickstart.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/director/kickstart.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_director_kickstart_cfg¶
The current contents of the config file, gathered during runtime.
icinga_web__current_director_kickstart_cfg: '{{ (icinga_web__register_config.stdout
| from_json)["modules/director/kickstart.ini"] | d([]) }}'
-
icinga_web__default_director_kickstart_cfg¶
The default kickstart configuration appled by the role.
icinga_web__default_director_kickstart_cfg:
- name: 'config'
options:
- name: 'endpoint'
value: '{{ icinga_web__icinga_api_fqdn }}'
- name: 'host'
value: '{{ icinga_web__icinga_api_fqdn }}'
- name: 'port'
value: '{{ icinga_web__icinga_api_port }}'
- name: 'username'
value: '{{ icinga_web__icinga_api_user }}'
- name: 'password'
value: '{{ icinga_web__icinga_api_password }}'
state: '{{ "present"
if (ansible_local | d() and ansible_local.icinga | d() and
(ansible_local.icinga.installed | d()) | bool)
else "ignore" }}'
-
icinga_web__director_kickstart_cfg¶
Custom kickstart configuration defined in the Ansible inventory.
icinga_web__director_kickstart_cfg: []
-
icinga_web__combined_director_kickstart¶
The variable which combines the kickstart configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_director_kickstart_cfg: '{{ icinga_web__current_director_kickstart_cfg
+ icinga_web__default_director_kickstart_cfg
+ icinga_web__director_kickstart_cfg }}'
The modules/x509/config.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/x509/config.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_x509_cfg¶
The current contents of the config file, gathered during runtime.
icinga_web__current_x509_cfg: '{{ (icinga_web__register_config.stdout
| from_json)["modules/x509/config.ini"] | d([]) }}'
-
icinga_web__default_x509_cfg¶
The default Icinga 2 509 configuration appled by the role.
icinga_web__default_x509_cfg:
- name: 'backend'
options:
- name: 'resource'
value: 'icingaweb2_x509'
state: '{{ "present" if icinga_web__x509_enabled | bool else "ignore" }}'
-
icinga_web__combined_x509_cfg¶
The variable which combines the Icinga 2 x509 configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_x509_cfg: '{{ icinga_web__current_x509_cfg
+ icinga_web__default_x509_cfg }}'
Configuration for other Ansible roles¶
-
icinga_web__apt_preferences__dependent_list¶
Configuration for the debops.apt_preferences Ansible role.
icinga_web__apt_preferences__dependent_list:
- package: [ 'icingaweb2', 'icingaweb2-*', 'icingacli', 'php-icinga' ]
backports: [ 'stretch' ]
by_role: 'debops.icinga_web'
reason: 'Incompatibility with PHP 7.3'
-
icinga_web__ldap__dependent_tasks¶
Configuration for the debops.ldap Ansible role.
icinga_web__ldap__dependent_tasks:
- name: 'Create Icinga Web account for {{ icinga_web__ldap_device_dn | join(",") }}'
dn: '{{ icinga_web__ldap_binddn }}'
objectClass: '{{ icinga_web__ldap_self_object_classes }}'
attributes: '{{ icinga_web__ldap_self_attributes }}'
no_log: '{{ debops__no_log | d(True) }}'
state: '{{ "present" if icinga_web__ldap_enabled else "ignore" }}'
-
icinga_web__postgresql__dependent_roles¶
Configuration of PostgreSQL roles for debops.postgresql Ansible role.
icinga_web__postgresql__dependent_roles:
# Owner of the main Icinga Web database
- name: '{{ icinga_web__database_name }}'
flags: [ 'NOLOGIN' ]
- name: '{{ icinga_web__database_user }}'
password: '{{ icinga_web__database_password }}'
db: '{{ icinga_web__database_name }}'
priv: [ 'ALL' ]
- name: '{{ icinga_web__director_database_name }}'
flags: [ 'NOLOGIN' ]
state: '{{ "present" if icinga_web__director_enabled | bool else "ignore" }}'
- name: '{{ icinga_web__director_database_user }}'
password: '{{ icinga_web__director_database_password }}'
db: '{{ icinga_web__director_database_name }}'
priv: [ 'ALL' ]
state: '{{ "present" if icinga_web__director_enabled | bool else "ignore" }}'
-
icinga_web__postgresql__dependent_databases¶
Configuration of PostgreSQL databases for the debops.postgresql Ansible role.
icinga_web__postgresql__dependent_databases:
- name: '{{ icinga_web__database_name }}'
owner: '{{ icinga_web__database_name }}'
- name: '{{ icinga_web__director_database_name }}'
owner: '{{ icinga_web__director_database_name }}'
state: '{{ "present" if icinga_web__director_enabled | bool else "ignore" }}'
-
icinga_web__postgresql__dependent_groups¶
Configuration of PostgreSQL groups for the debops.postgresql Ansible role.
icinga_web__postgresql__dependent_groups:
- roles: [ '{{ icinga_web__database_user }}' ]
groups: [ '{{ icinga_web__database_name }}' ]
database: '{{ icinga_web__database_name }}'
- roles: [ '{{ icinga_web__director_database_user }}' ]
groups: [ '{{ icinga_web__director_database_name }}' ]
database: '{{ icinga_web__director_database_name }}'
state: '{{ "present" if icinga_web__director_enabled | bool else "ignore" }}'
-
icinga_web__postgresql__dependent_privileges¶
Configuration of PostgreSQL privileges for the debops.postgresql Ansible role.
icinga_web__postgresql__dependent_privileges:
- roles: [ '{{ icinga_web__database_user }}' ]
database: '{{ icinga_web__database_name }}'
objs: [ 'ALL_DEFAULT' ]
privs: [ 'SELECT', 'INSERT', 'UPDATE', 'DELETE' ]
type: 'default_privs'
-
icinga_web__postgresql__dependent_extensions¶
Configuration of PostgreSQL extensions for the debops.postgresql Ansible role.
icinga_web__postgresql__dependent_extensions:
- database: '{{ icinga_web__director_database_name }}'
extension: 'pgcrypto'
state: '{{ "present" if icinga_web__director_enabled | bool else "ignore" }}'
-
icinga_web__mariadb__dependent_databases¶
Database configuration for the debops.mariadb Ansible role.
icinga_web__mariadb__dependent_databases:
- name: '{{ icinga_web__database_name }}'
state: '{{ "present" if icinga_web__database_type == "mariadb" else "ignore" }}'
- name: '{{ icinga_web__director_database_name }}'
state: '{{ "present"
if (icinga_web__director_enabled | bool and icinga_web__director_database_type == "mariadb")
else "ignore" }}'
- name: '{{ icinga_web__x509_database_name }}'
state: '{{ "present" if icinga_web__x509_enabled | bool else "ignore" }}'
-
icinga_web__mariadb__dependent_users¶
User configuration for the debops.mariadb Ansible role.
icinga_web__mariadb__dependent_users:
- database: '{{ icinga_web__database_name }}'
user: '{{ icinga_web__database_user }}'
password: '{{ icinga_web__database_password }}'
state: '{{ "present" if icinga_web__database_type == "mariadb" else "ignore" }}'
- database: '{{ icinga_web__director_database_name }}'
user: '{{ icinga_web__director_database_user }}'
password: '{{ icinga_web__director_database_password }}'
state: '{{ "present"
if (icinga_web__director_enabled | bool and icinga_web__director_database_type == "mariadb")
else "ignore" }}'
- database: '{{ icinga_web__x509_database_name }}'
user: '{{ icinga_web__x509_database_user }}'
state: '{{ "present" if icinga_web__x509_enabled | bool else "ignore" }}'
-
icinga_web__php__dependent_packages¶
List of php-* APT packages to install by the debops.php Ansible
role.
icinga_web__php__dependent_packages:
- 'mysql'
- 'intl'
- 'ldap'
- 'imagick'
- 'pgsql'
- 'curl'
- 'yaml'
- 'gmp'
-
icinga_web__php__dependent_pools¶
PHP-FPM pool configuration for the debops.php Ansible role.
icinga_web__php__dependent_pools:
- name: 'icingaweb'
user: 'www-data'
group: 'www-data'
-
icinga_web__nginx__dependent_upstreams¶
Upstream configuration for the debops.nginx Ansible role.
icinga_web__nginx__dependent_upstreams:
- name: 'php_icingaweb'
type: 'php'
php_pool: 'icingaweb'
-
icinga_web__nginx__dependent_servers¶
Server configuration for the debops.nginx Ansible role.
icinga_web__nginx__dependent_servers:
- by_role: 'debops.icinga_web'
type: 'php'
name: '{{ icinga_web__fqdn }}'
root: '/usr/share/icingaweb2/public'
webroot_create: False
filename: 'debops.icinga_web'
php_upstream: 'php_icingaweb'
php_limit_except: [ 'GET', 'HEAD', 'POST', 'DELETE' ]
options: |
if (!-d $request_filename) {
rewrite ^/(.+)/$ /$1 permanent;
}
location_list:
- pattern: '/'
options: 'try_files $1 $uri $uri/ /index.php$is_args$args;'