Usage as a role dependency

The debops.icinga role can be used as a dependency by other Ansible roles to manage contents of the /etc/icinga2/ directory idempotently. Configuration options from multiple roles can be merged together and included in the Icinga 2 configuration, or removed conditionally.

Dependent role variable

The role exposes the icinga__dependent_configuration variable which can be used to define Icinga configuration files by other Ansible roles through the role dependent variables.

The variable is an YAML list with YAML dictionaries as entries. A short format of the configuration uses the dictionary key as a name of the dependent role and dictionary value as that role's configuration, in the format defined by icinga__configuration variable, respectively (see playbook excerpt below):

roles:

  - role: icinga
    icinga__dependent_configuration:
      - role_name: '{{ role_name__icinga__dependent_configuration }}'

The extended version of the configuration uses YAML dictionaries with specific parameters:

role

Required. Name of the role, used to save its configuration in a YAML dictionary on the Ansible Controller. Shouldn't be changed once selected, otherwise the configuration will be desynchronized.

config

Required. YAML list with definition of the Icinga configuration files in the same format defined by icinga__configuration variables.

state

Optional. If not specified or present, the configuration will be included in the generated configuration files. If absent, the configuration will be removed from the configuration files. If ignore, a given configuration entries will be skipped during data evaluation and won't affect any existing entries.

An example extended configuration (playbook excerpt):

roles:

  - role: icinga
    icinga__dependent_configuration:
      - role: 'role_name'
        config: '{{ role_name__icinga__dependent_configuration }}'

The above configuration layout allows for use of the multiple role dependencies in one playbook by providing configuration of each role in a separate configuration entry.

Dependent configuration storage and retrieval

The dependent configuration from other roles is stored in the secret/ directory on the Ansible Controller (see debops.secret for more details) in a JSON file (one for each variable), with each role configuration in a separate dictionary. The debops.icinga role reads these files when Ansible local facts indicate that the Icinga support is installed, otherwise empty files are created. This ensures that the stale configuration is not present on a new or re-installed host.

The YAML dictionaries from different roles are merged with the main configuration in the icinga__combined_configuration variable that are used to generate the final configuration. The merge order of the different icinga__*_configuration variables allows to further affect the dependent configuration through Ansible inventory if necessary, therefore the Ansible roles that use this method don't need to provide additional variables for this purpose themselves.