debops.icinga_web default variables¶
Sections
- APT packages, UNIX environment
- Network configuration
- Icinga 2 Web modules
- Icinga 2 Web internal database
- Icinga 2 master database
- Icinga 2 Director support
- Icinga 2 x509 module support
- Icinga 2 REST API
- Icinga 2 Web initial user accounts
- LDAP authentication
- The
authentication.iniconfiguration file - The
config.iniconfiguration file - The
groups.iniconfiguration file - The
resources.iniconfiguration file - The
roles.iniconfiguration file - The
modules/monitoring/backends.iniconfiguration file - The
modules/monitoring/commandtransports.iniconfiguration file - The
modules/director/config.iniconfiguration file - The
modules/director/kickstart.iniconfiguration file - The
modules/x509/config.iniconfiguration file - Configuration for other Ansible roles
APT packages, UNIX environment¶
-
icinga_web__base_packages¶
List of default APT packages to install for Icinga 2 Web support.
icinga_web__base_packages:
- 'icingaweb2'
- 'icingaweb2-module-doc'
- 'icingaweb2-module-monitoring'
- 'icingacli'
-
icinga_web__packages¶
List of additional APT packages to install with Icinga 2 Web support.
icinga_web__packages: []
-
icinga_web__user¶
The UNIX account used by Icinga 2 Web. This account should be present on the system by default.
icinga_web__user: 'www-data'
-
Icinga_web__group¶
The UNIX group used by Icinga 2 Web. This group will be created automatically by the APT package.
icinga_web__group: 'icingaweb2'
-
icinga_web__src¶
Directory where custom source code will be downloaded by the role, for example module repositories.
icinga_web__src: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
+ "/icinga_web" }}'
Network configuration¶
-
icinga_web__fqdn¶
The Fully Qualified Domain Name of the Icinga 2 Web service. The web interface will be available on this address. This address is also used to access the Icinga 2 Director API.
icinga_web__fqdn: 'icinga.{{ icinga_web__domain }}'
-
icinga_web__domain¶
The domain used by the Icinga 2 Web interface.
icinga_web__domain: '{{ ansible_domain }}'
-
icinga_web__node_fqdn¶
The Fully Qualified Domain Name of the local Icinga 2 node. This hostname will be used to access the Icinga 2 REST API.
icinga_web__node_fqdn: '{{ ansible_fqdn }}'
Icinga 2 Web modules¶
These variables define what Icinga 2 Web modules should be installed and/or enabled. External modules will be cloned using git command. See icinga_web__modules for more details.
-
icinga_web__default_modules¶
List of Icinga 2 Web modules installed by default.
icinga_web__default_modules:
- name: 'toplevelview'
git_repo: 'https://github.com/Icinga/icingaweb2-module-toplevelview'
git_version: 'v0.3.1'
state: 'present'
- name: 'monitoring'
state: 'present'
- name: 'businessprocess'
git_repo: 'https://github.com/Icinga/icingaweb2-module-businessprocess'
git_version: 'v2.3.1'
state: 'present'
- name: 'graphite'
git_repo: 'https://github.com/Icinga/icingaweb2-module-graphite'
git_version: 'v1.1.0'
enabled: False
state: 'present'
- name: 'director'
git_repo: 'https://github.com/Icinga/icingaweb2-module-director'
git_version: 'v1.7.2'
state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
- name: 'generictts'
git_repo: 'https://github.com/Icinga/icingaweb2-module-generictts'
git_version: 'v2.0.0'
state: 'present'
- name: 'grafana'
git_repo: 'https://github.com/Mikesch-mp/icingaweb2-module-grafana'
git_version: 'v1.3.6'
state: 'present'
- name: 'map'
git_repo: 'https://github.com/nbuchwitz/icingaweb2-module-map'
git_version: 'v1.1.0'
state: 'present'
- name: 'pnp'
git_repo: 'https://github.com/Icinga/icingaweb2-module-pnp'
git_version: 'v1.1.0'
enabled: False
state: 'present'
- name: 'elasticsearch'
git_repo: 'https://github.com/Icinga/icingaweb2-module-elasticsearch'
git_version: 'v0.9.0'
state: 'present'
- name: 'cube'
git_repo: 'https://github.com/Icinga/icingaweb2-module-cube'
git_version: 'v1.1.0'
state: 'present'
- name: 'netboximport'
git_repo: 'https://github.com/Uberspace/icingaweb2-module-netboximport'
git_version: 'master'
state: 'present'
- name: 'doc'
state: 'present'
- name: 'ipl'
git_repo: 'https://github.com/Icinga/icingaweb2-module-ipl'
git_version: 'v0.4.0'
state: 'present'
- name: 'reactbundle'
git_repo: 'https://github.com/Icinga/icingaweb2-module-reactbundle'
git_version: 'v0.7.0'
state: 'present'
- name: 'incubator'
git_repo: 'https://github.com/Icinga/icingaweb2-module-incubator'
git_version: 'v0.5.0'
state: 'present'
- name: 'x509'
git_repo: 'https://github.com/icinga/icingaweb2-module-x509'
git_version: 'v1.0.0'
state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
-
icinga_web__modules¶
List of additional Icinga 2 Web modules that should be installed/managed by the role.
icinga_web__modules: []
Icinga 2 Web internal database¶
-
icinga_web__database_type¶
Specify the type of the database to use for Icinga 2 Web internal database,
either postgresql (preferred) or mariadb. The role will try to detect
the available databases automatically based on the Ansible local facts.
icinga_web__database_type: '{{ ansible_local.icinga_web.database_type
if (ansible_local.icinga_web.database_type|d())
else ("postgresql"
if (ansible_local|d() and ansible_local.postgresql is defined)
else ("mariadb"
if (ansible_local|d() and ansible_local.mariadb is defined)
else "Icinga Web requires a database")) }}'
-
icinga_web__database_name¶
Name of the Icinga 2 Web internal database.
icinga_web__database_name: '{{ "icingaweb2_production"
if (icinga_web__database_type == "postgresql")
else ("icingaweb2"
if (icinga_web__database_type == "mariadb")
else "") }}'
-
icinga_web__database_user¶
Name of the Icinga 2 Web internal database user.
icinga_web__database_user: 'icingaweb2'
-
icinga_web__database_password_path¶
Path to database password file located on the Ansible Controller. See the debops.secret role for more details.
icinga_web__database_password_path: '{{ secret + "/" + icinga_web__database_type + "/" +
ansible_local[icinga_web__database_type].delegate_to }}{%
if icinga_web__database_type == "postgresql" %}/{{ ansible_local[icinga_web__database_type].port }}{% endif
%}{{ "/credentials/" + icinga_web__database_user +
"/password" }}'
-
icinga_web__database_password¶
Password for Icinga 2 Web internal database.
icinga_web__database_password: "{{ lookup('password', icinga_web__database_password_path
+ ' length=48 chars=ascii_letters,digits,.-_') }}"
-
icinga_web__database_host¶
The address of the Icinga 2 Web internal database server.
icinga_web__database_host: '{{ ansible_local[icinga_web__database_type].server
if (ansible_local|d() and ansible_local[icinga_web__database_type]|d() and
ansible_local[icinga_web__database_type].server|d())
else "localhost" }}'
-
icinga_web__database_port¶
The port on which the Icinga 2 Web internal database server listens for connections.
icinga_web__database_port: '{{ ansible_local[icinga_web__database_type].port
if (ansible_local|d() and ansible_local[icinga_web__database_type]|d() and
ansible_local[icinga_web__database_type].port|d())
else "" }}'
-
icinga_web__database_delegate_to¶
The Ansible inventory name of the host to which the database tasks will be delegated to.
icinga_web__database_delegate_to: '{{ ansible_local[icinga_web__database_type].delegate_to
if (ansible_local|d() and ansible_local[icinga_web__database_type]|d() and
ansible_local[icinga_web__database_type].delegate_to|d())
else inventory_hostname }}'
-
icinga_web__database_schema¶
Absolute path to the Icinga 2 Web internal database schema which will be imported during initialization. The schema needs to be located on the remote host with the database.
icinga_web__database_schema: '{{ "/usr/share/icingaweb2/etc/schema/"
+ ("pgsql.schema.sql"
if (icinga_web__database_type == "postgresql")
else "mysql.schema.sql") }}'
-
icinga_web__database_init¶
Enable or disable initialization of the Icinga 2 Web internal database.
icinga_web__database_init: '{{ False
if (ansible_local|d() and ansible_local.icinga_web|d() and
(ansible_local.icinga_web.installed|d())|bool)
else True }}'
Icinga 2 master database¶
These variables control configuration of the Icinga 2 master database, managed by debops.icinga_db Ansible role. This database is usually on the same host the Web interface is installed, but if not, you might need to configure access to a remote database here.
-
icinga_web__master_database_enabled¶
Enable or disable configuration of the Icinga 2 master database resource in the Icinga 2 Web interface. This does not control the configuration of the actual database, see debops.icinga_db role for that.
icinga_web__master_database_enabled: '{{ True
if (ansible_local|d() and ansible_local.icinga_db|d() and
(ansible_local.icinga_db.configured|d())|bool)
else False }}'
-
icinga_web__master_database_type¶
Specify the type of the Icinga 2 master database, either postgresql or
mariadb.
icinga_web__master_database_type: '{{ ansible_local.icinga_db.type|d("") }}'
-
icinga_web__master_database_name¶
Name of the Icinga 2 master database.
icinga_web__master_database_name: '{{ ansible_local.icinga_db.dbc_dbname|d("icinga2") }}'
-
icinga_web__master_database_user¶
Name of the Icinga 2 master database user.
icinga_web__master_database_user: '{{ ansible_local.icinga_db.dbc_dbuser|d("icinga2") }}'
-
icinga_web__master_database_password¶
Password for the Icinga 2 master database.
icinga_web__master_database_password: '{{ ansible_local.icinga_db.dbc_dbpass|d("") }}'
-
icinga_web__master_database_host¶
The address of the Icinga 2 master database host.
icinga_web__master_database_host: '{{ ansible_local.icinga_db.dbc_dbserver|d("localhost") }}'
-
icinga_web__master_database_port¶
The port on which the Icinga 2 master database listens for connections.
icinga_web__master_database_port: '{{ ansible_local.icinga_db.dbc_dbport|d("") }}'
Icinga 2 Director support¶
-
icinga_web__director_enabled¶
Enable or disable support for Icinga 2 Web Director module.
icinga_web__director_enabled: True
-
icinga_web__director_user¶
The username of the Icinga 2 Director Unix account, which will be automatically created by this role.
icinga_web__director_user: 'icingadirector'
-
icinga_web__director_group¶
The primary group of the Icinga 2 Director Unix account. Defaults to the group created by the icingaweb2 APT package.
icinga_web__director_group: '{{ icinga_web__group }}'
-
icinga_web__director_home¶
The home directory of the Icinga 2 Director Unix account.
icinga_web__director_home: '/var/local/{{ icinga_web__director_user }}'
-
icinga_web__director_home_mode¶
Octal permissions on the home directory of the Icinga 2 Director Unix account.
icinga_web__director_home_mode: '0755'
-
icinga_web__director_shell¶
The shell of the Icinga 2 Director Unix account.
icinga_web__director_shell: '/usr/sbin/nologin'
-
icinga_web__director_api_fqdn¶
Fully Qualified Domain Name which is part of the URL to the Icinga 2 Director REST API. It is usually the same as the Icinga 2 Web interface FQDN.
icinga_web__director_api_fqdn: '{{ icinga_web__fqdn }}'
-
icinga_web__director_api_url¶
The URL of the Icinga 2 Director REST API which will be used to interact with Icinga Director.
icinga_web__director_api_url: 'https://{{ icinga_web__director_api_fqdn }}/director'
-
icinga_web__director_api_user¶
Name of the Icinga 2 Director API user, used by the debops.icinga role to authenticate to the Director REST API.
icinga_web__director_api_user: 'director-api'
-
icinga_web__director_api_password¶
The password for the Icinga 2 Director API user used by the debops.icinga role.
icinga_web__director_api_password: '{{ lookup("password", secret + "/icinga_web/api/"
+ icinga_web__director_api_fqdn + "/credentials/"
+ icinga_web__director_api_user + "/password") }}'
-
icinga_web__director_database_type¶
Specify the database type for the Icinga 2 Director database, either
postgresql (preferred) or mariadb. It's usually the same type as the
main Icinga 2 Web database.
icinga_web__director_database_type: '{{ ansible_local.icinga_web.database_type
if (ansible_local.icinga_web.database_type|d())
else ("postgresql"
if (ansible_local|d() and ansible_local.postgresql is defined)
else ("mariadb"
if (ansible_local|d() and ansible_local.mariadb is defined)
else "Icinga Director requires a database")) }}'
-
icinga_web__director_database_name¶
Name of the Icinga 2 Director database.
icinga_web__director_database_name: '{{ "icinga2_director_production"
if (icinga_web__director_database_type == "postgresql")
else ("icinga2_director"
if (icinga_web__director_database_type == "mariadb")
else "") }}'
-
icinga_web__director_database_user¶
Name of the Icinga 2 Director database user.
icinga_web__director_database_user: 'icinga2_director'
-
icinga_web__director_database_password_path¶
Path to database password file located on the Ansible Controller for the Icinga 2 Director database.
icinga_web__director_database_password_path: '{{ secret + "/" + icinga_web__director_database_type + "/" +
ansible_local[icinga_web__director_database_type].delegate_to }}{%
if icinga_web__director_database_type == "postgresql" %}/{{ ansible_local[icinga_web__director_database_type].port }}{% endif
%}{{ "/credentials/" + icinga_web__director_database_user +
"/password" }}'
-
icinga_web__director_database_password¶
Database password for the Icinga 2 Director database.
icinga_web__director_database_password: "{{ lookup('password', icinga_web__director_database_password_path
+ ' length=48 chars=ascii_letters,digits,.-_') }}"
-
icinga_web__director_database_host¶
Address of the Icinga 2 Director database server.
icinga_web__director_database_host: '{{ ansible_local[icinga_web__director_database_type].server
if (ansible_local|d() and ansible_local[icinga_web__director_database_type]|d() and
ansible_local[icinga_web__director_database_type].server|d())
else "localhost" }}'
-
icinga_web__director_database_port¶
The port on which the Icinga 2 Director database server listens for connections.
icinga_web__director_database_port: '{{ ansible_local[icinga_web__director_database_type].port
if (ansible_local|d() and ansible_local[icinga_web__director_database_type]|d() and
ansible_local[icinga_web__director_database_type].port|d())
else "" }}'
-
icinga_web__director_database_delegate_to¶
The Ansible inventory hostname of the host where the database-related role tasks will be delegated to.
icinga_web__director_database_delegate_to: '{{ ansible_local[icinga_web__director_database_type].delegate_to
if (ansible_local|d() and ansible_local[icinga_web__director_database_type]|d() and
ansible_local[icinga_web__director_database_type].delegate_to|d())
else inventory_hostname }}'
-
icinga_web__director_database_init¶
Enable or disable initialization of the Icinga 2 Director database.
icinga_web__director_database_init: '{{ False
if (ansible_local|d() and ansible_local.icinga_web|d() and
(ansible_local.icinga_web.installed|d())|bool)
else True }}'
-
icinga_web__director_kickstart_enabled¶
Enable or disable initial import (kickstart) of the Icinga 2 configuration into the Director database.
icinga_web__director_kickstart_enabled: '{{ True
if (ansible_local|d() and ansible_local.icinga|d() and
(ansible_local.icinga.installed|d())|bool)
else False }}'
-
icinga_web__director_default_templates¶
List of default templates to create in Icinga Director. See icinga_web__director_templates for more details.
icinga_web__director_default_templates:
- name: 'generic-host'
api_endpoint: '/host'
data:
object_type: 'template'
object_name: 'generic-host'
check_command: 'hostalive'
check_interval: '5m'
retry_interval: '30s'
max_check_attempts: '5'
state: 'present'
- name: 'icinga-agent-host'
api_endpoint: '/host'
data:
object_type: 'template'
object_name: 'icinga-agent-host'
has_agent: true
master_should_connect: true
accept_config: true
imports:
- 'generic-host'
state: 'present'
-
icinga_web__director_templates¶
List of templates to create in Icinga Director defined on all hosts in the Ansible inventory. See icinga_web__director_templates for more details.
icinga_web__director_templates: []
-
icinga_web__director_group_templates¶
List of templates to create in Icinga Director defined on hosts in a specific Ansible inventory group. See icinga_web__director_templates for more details.
icinga_web__director_group_templates: []
-
icinga_web__director_host_templates¶
List of templates to create in Icinga Director defined on specific hosts in the Ansible inventory. See icinga_web__director_templates for more details.
icinga_web__director_host_templates: []
-
icinga_web__director_combined_templates¶
Variable which combines all of the Icinga Director template lists and is used in role tasks and templates.
icinga_web__director_combined_templates: '{{ icinga_web__director_default_templates
+ icinga_web__director_templates
+ icinga_web__director_group_templates
+ icinga_web__director_host_templates }}'
Icinga 2 x509 module support¶
-
icinga_web__x509_enabled¶
Enable or disable support for Icinga 2 Web x509 module. It requires MariaDB/MySQL. See https://github.com/icinga/icingaweb2-module-x509 for more details
icinga_web__x509_enabled: '{{ ansible_local.mariadb is defined }}'
-
icinga_web__x509_database_name¶
Name of the Icinga 2 Web database used for the X509 module
icinga_web__x509_database_name: 'icingaweb2_x509'
-
icinga_web__x509_database_user¶
Name of the Icinga 2 Web x509 database user.
icinga_web__x509_database_user: 'icingaweb2_x509'
-
icinga_web__x509_database_password¶
Password for Icinga 2 Web x509 database.
icinga_web__x509_database_password: '{{ lookup("password", secret + "/mariadb/"
+ ansible_local.mariadb.delegate_to|d(inventory_hostname)
+ "/credentials/" + icinga_web__x509_database_user + "/password"
+ " length=48 chars=ascii_letters,digits,.-_") }}'
-
icinga_web__x509_database_host¶
Address of the Icinga 2 X509 database server.
icinga_web__x509_database_host: '{{ ansible_local.mariadb.server|d("localhost") }}'
-
icinga_web__x509_database_port¶
The port on which the Icinga 2 x509 database server listens for connections.
icinga_web__x509_database_port: '{{ ansible_local.mariadb.port|d("3306") }}'
-
icinga_web__x5609_database_schema¶
Absolute path to the Icinga 2 Web internal database schema which will be imported during initialization.
icinga_web__x509_database_schema: '/usr/share/icingaweb2/modules/x509/etc/schema/mysql.schema.sql'
-
icinga_web__x509_database_init¶
Enable or disable initialization of the Icinga 2 Web x509 database.
icinga_web__x509_database_init: '{{ not ansible_local.icinga_web.x509_installed | d(False) }}'
Icinga 2 REST API¶
These variables configure access to the Icinga 2 REST API. Using that API, the Icinga 2 Web and Director interface communicates with the Icinga 2 cluster nodes.
-
icinga_web__icinga_api_fqdn¶
Fully Qualified Domain Name of the Icinga 2 API endpoint. It's usually on the same host as the Icinga 2 Web interface.
icinga_web__icinga_api_fqdn: '{{ icinga_web__node_fqdn }}'
-
icinga_web__icinga_api_port¶
The port on which the Icinga 2 service listens for new API connections.
icinga_web__icinga_api_port: '5665'
-
icinga_web__icinga_api_user¶
The name of the API user used for authentication to the Icinga 2 REST API.
icinga_web__icinga_api_user: 'root'
-
icinga_web__icinga_api_password¶
The password of the Icinga 2 REST API user.
icinga_web__icinga_api_password: '{{ lookup("password", secret + "/icinga/api/"
+ icinga_web__icinga_api_fqdn + "/credentials/"
+ icinga_web__icinga_api_user
+ "/password") }}'
Icinga 2 Web initial user accounts¶
-
icinga_web__initial_account_groups¶
List of initial user groups created by the role in the Icinga 2 Web database during initialization. See icinga_web__initial_account_groups for more details.
icinga_web__initial_account_groups:
- name: 'Administrators'
- name: 'Users'
-
icinga_web__initial_accounts¶
List of initial user accounts created by the role in the Icinga 2 Web database during initialization. See icinga_web__initial_accounts for more details.
icinga_web__initial_accounts:
- name: 'root'
password: '{{ lookup("password", secret + "/icinga_web/auth/"
+ inventory_hostname + "/credentials/root/password") }}'
- name: '{{ icinga_web__director_api_user }}'
password: '{{ icinga_web__director_api_password }}'
-
icinga_web__default_account_password¶
The default password used for the initial accounts which don't specifiy their own password.
icinga_web__default_account_password: '{{ lookup("password", secret + "/icinga_web/auth/"
+ inventory_hostname + "/default_password") }}'
LDAP authentication¶
Refer to the official Icinga web documentation for more details.
-
icinga_web__ldap_enabled¶
Enable LDAP support
icinga_web__ldap_enabled: '{{ True
if ansible_local.ldap.enabled|d()|bool
else False }}'
-
icinga_web__ldap_base_dn¶
The base Distinguished Name which should be used to create Distinguished Names of the LDAP directory objects, defined as a YAML list.
icinga_web__ldap_base_dn: '{{ ansible_local.ldap.base_dn|d([]) }}'
-
icinga_web__ldap_groups_rdn¶
The Relative Distinguished Name of the object which contains the groups stored in LDAP.
icinga_web__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn
|d("ou=Groups") }}'
-
icinga_web__ldap_groups_dn¶
The Distinguished Name where Icinga Web will look for groups, defined as a YAML list.
icinga_web__ldap_groups_dn: '{{ [ icinga_web__ldap_groups_rdn ]
+ icinga_web__ldap_base_dn }}'
-
icinga_web__ldap_people_rdn¶
The Relative Distinguished Name of the object which contains the user accounts stored in LDAP.
icinga_web__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn
|d("ou=People") }}'
-
icinga_web__ldap_people_dn¶
The base Distinguished Name where Icinga Web will look for users, defined as a YAML list.
icinga_web__ldap_people_dn: '{{ [ icinga_web__ldap_people_rdn ]
+ icinga_web__ldap_base_dn }}'
-
icinga_web__ldap_device_dn¶
The Distinguished Name of the current host LDAP object, defined as a YAML list. It will be used as a base for the Icinga web service account LDAP object. If the list is empty, the role will not create the account LDAP object automatically.
icinga_web__ldap_device_dn: '{{ ansible_local.ldap.device_dn|d([]) }}'
-
icinga_web__ldap_self_rdn¶
The Relative Distinguished Name of the account LDAP object used by the Icinga Web service to access the LDAP directory.
icinga_web__ldap_self_rdn: 'uid=icingaweb'
-
icinga_web__ldap_self_object_classes¶
List of the LDAP object classes which will be used to create the LDAP object used by the Icinga Web service to access the LDAP directory.
icinga_web__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
-
icinga_web__ldap_self_attributes¶
YAML dictionary that defines the attributes of the LDAP object used by the Icinga Web service to access the LDAP directory.
icinga_web__ldap_self_attributes:
uid: '{{ icinga_web__ldap_self_rdn.split("=")[1] }}'
userPassword: '{{ icinga_web__ldap_bindpw }}'
host: '{{ [ ansible_fqdn, ansible_hostname ] | unique }}'
description: 'Account used by the "Icinga Web" service to access the LDAP directory'
-
icinga_web__ldap_binddn¶
The Distinguished Name of the account LDAP object used by the Icinga Web service to bind to the LDAP directory.
icinga_web__ldap_binddn: '{{ ([ icinga_web__ldap_self_rdn ]
+ icinga_web__ldap_device_dn) | join(",") }}'
-
icinga_web__ldap_bindpw¶
The password stored in the account LDAP object used by the Icinga Web service to bind to the LDAP directory.
icinga_web__ldap_bindpw: '{{ (lookup("password", secret + "/ldap/credentials/"
+ icinga_web__ldap_binddn | to_uuid
+ ".password length=48 "
+ "chars=ascii_letters,digits,.-_"))
if icinga_web__ldap_enabled|bool
else "" }}'
-
icinga_web__ldap_hostname¶
The LDAP URI that points to the directory server which should be used by Icinga Web.
icinga_web__ldap_hostname: '{{ ansible_local.ldap.hosts|d([""]) | first }}'
-
icinga_web__ldap_encryption¶
The LDAP encryption to use, either starttls, ldaps or plain
(discouraged).
icinga_web__ldap_encryption: '{{ "ldaps"
if ansible_local.ldap.protocol | d("") == "ldaps"
else ("starttls"
if ansible_local.ldap.start_tls | d(True) | bool
else "plain") }}'
-
icinga_web__ldap_port¶
The TCP port to use for LDAP connections.
icinga_web__ldap_port: '{{ ansible_local.ldap.port | d(389) }}'
-
icinga_web__ldap_user_filter¶
Use this to control which LDAP users are listed as Icinga Web users.
icinga_web__ldap_user_filter: '(&
(objectClass={{ icinga_web__ldap_user_class }})
(|
(authorizedService=all)
(authorizedService=icingaweb)
)
)'
-
icinga_web__ldap_user_class¶
The objectClass of LDAP users.
icinga_web__ldap_user_class: 'inetOrgPerson'
-
icinga_web__ldap_user_name_attribute¶
The LDAP attribute which contains the username.
icinga_web__ldap_user_name_attribute: 'uid'
-
icinga_web__ldap_group_filter¶
Use this to control which LDAP groups are listed as Icinga Web groups.
icinga_web__ldap_group_filter: 'objectClass={{ icinga_web__ldap_group_class }}'
-
icinga_web__ldap_group_class¶
The objectClass of LDAP groups.
icinga_web__ldap_group_class: 'groupOfNames'
-
icinga_web__ldap_group_member_attribute¶
The LDAP attribute where a group’s members are stored.
icinga_web__ldap_group_member_attribute: 'member'
-
icinga_web__ldap_group_name_attribute¶
The LDAP attribute which contains the group name.
icinga_web__ldap_group_name_attribute: 'cn'
The authentication.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/authentication.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_authentication¶
The current contents of the config file, gathered during runtime.
icinga_web__current_authentication: '{{ (icinga_web__register_config.stdout
| from_json)["authentication.ini"] | d([]) }}'
-
icinga_web__default_authentication¶
The default authentication configuration appled by the role.
icinga_web__default_authentication:
- name: 'icingaweb2'
options:
- name: 'backend'
value: 'db'
- name: 'resource'
value: 'icingaweb_db'
- name: 'ldap_users'
options:
- name: 'backend'
value: 'ldap'
- name: 'resource'
value: 'ldap_db'
- name: 'user_class'
value: '{{ icinga_web__ldap_user_class }}'
- name: 'user_name_attribute'
value: '{{ icinga_web__ldap_user_name_attribute }}'
- name: 'filter'
value: '{{ icinga_web__ldap_user_filter }}'
state: '{{ "present" if icinga_web__ldap_enabled|bool else "ignore" }}'
-
icinga_web__authentication¶
Custom authentication configuration defined in the Ansible inventory.
icinga_web__authentication: []
-
icinga_web__combined_authentication¶
The variable which combines the authentication configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_authentication: '{{ icinga_web__current_authentication
+ icinga_web__default_authentication
+ icinga_web__authentication }}'
The config.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/config.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_config¶
The current contents of the config file, gathered during runtime.
icinga_web__current_config: '{{ (icinga_web__register_config.stdout
| from_json)["config.ini"] | d([]) }}'
-
icinga_web__default_config¶
The default global configuration appled by the role.
icinga_web__default_config:
- name: 'global'
options:
- name: 'show_stacktraces'
value: '0'
- name: 'config_backend'
value: 'db'
- name: 'config_resource'
value: 'icingaweb_db'
- name: 'module_path'
value: '/usr/share/icingaweb2/modules'
- name: 'logging'
options:
- name: 'log'
value: 'syslog'
- name: 'level'
value: 'ERROR'
- name: 'application'
value: 'icingaweb2'
- name: 'facility'
value: 'user'
- name: 'themes'
-
icinga_web__config¶
Custom global configuration defined in the Ansible inventory.
icinga_web__config: []
-
icinga_web__combined_config¶
The variable which combines the global configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_config: '{{ icinga_web__current_config
+ icinga_web__default_config
+ icinga_web__config }}'
The groups.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/groups.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_groups¶
The current contents of the config file, gathered during runtime.
icinga_web__current_groups: '{{ (icinga_web__register_config.stdout
| from_json)["groups.ini"] | d([]) }}'
-
icinga_web__default_groups¶
The default group configuration appled by the role.
icinga_web__default_groups:
- name: 'icingaweb2'
options:
- name: 'backend'
value: 'db'
- name: 'resource'
value: 'icingaweb_db'
- name: 'ldap_groups'
options:
- name: 'backend'
value: 'ldap'
- name: 'resource'
value: 'ldap_db'
- name: 'user_backend'
value: 'ldap_users'
- name: 'base_dn'
value: '{{ icinga_web__ldap_groups_dn | join(",") }}'
- name: 'group_class'
value: '{{ icinga_web__ldap_group_class }}'
- name: 'group_member_attribute'
value: '{{ icinga_web__ldap_group_member_attribute }}'
- name: 'group_name_attribute'
value: '{{ icinga_web__ldap_group_name_attribute }}'
- name: 'group_filter'
value: '{{ icinga_web__ldap_group_filter }}'
state: '{{ "present" if icinga_web__ldap_enabled|bool else "ignore" }}'
-
icinga_web__groups¶
Custom group configuration defined in the Ansible inventory.
icinga_web__groups: []
-
icinga_web__combined_groups¶
The variable which combines the group configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_groups: '{{ icinga_web__current_groups
+ icinga_web__default_groups
+ icinga_web__groups }}'
The resources.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/resources.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_resources¶
The current contents of the config file, gathered during runtime.
icinga_web__current_resources: '{{ (icinga_web__register_config.stdout
| from_json)["resources.ini"] | d([]) }}'
-
icinga_web__default_resources¶
The default resource configuration appled by the role.
icinga_web__default_resources:
- name: 'icingaweb_db'
options:
- name: 'type'
value: 'db'
- name: 'db'
value: '{{ "pgsql"
if (icinga_web__database_type == "postgresql")
else ("mysql"
if (icinga_web__database_type == "mariadb")
else "unknown") }}'
- name: 'host'
value: '{{ icinga_web__database_host }}'
- name: 'port'
value: '{{ icinga_web__database_port }}'
state: '{{ "present" if icinga_web__database_port|d() else "absent" }}'
- name: 'dbname'
value: '{{ icinga_web__database_name }}'
- name: 'username'
value: '{{ icinga_web__database_user }}'
- name: 'password'
value: '{{ icinga_web__database_password }}'
- name: 'charset'
value: 'utf8'
- name: 'persistent'
value: '0'
- name: 'use_ssl'
value: '0'
- name: 'icinga2'
state: '{{ "present"
if (icinga_web__master_database_enabled|bool)
else "ignore" }}'
options:
- name: 'type'
value: 'db'
- name: 'db'
value: '{{ "pgsql"
if (icinga_web__master_database_type == "postgresql")
else ("mysql"
if (icinga_web__master_database_type == "mariadb")
else "unknown") }}'
- name: 'host'
value: '{{ icinga_web__master_database_host }}'
- name: 'port'
value: '{{ icinga_web__master_database_port }}'
state: '{{ "present" if icinga_web__master_database_port|d() else "absent" }}'
- name: 'dbname'
value: '{{ icinga_web__master_database_name }}'
- name: 'username'
value: '{{ icinga_web__master_database_user }}'
- name: 'password'
value: '{{ icinga_web__master_database_password }}'
- name: 'charset'
value: 'utf8'
- name: 'persistent'
value: '0'
- name: 'use_ssl'
value: '0'
- name: 'icinga2_director'
options:
- name: 'type'
value: 'db'
- name: 'db'
value: '{{ "pgsql"
if (icinga_web__director_database_type == "postgresql")
else ("mysql"
if (icinga_web__director_database_type == "mariadb")
else "unknown") }}'
- name: 'host'
value: '{{ icinga_web__director_database_host }}'
- name: 'port'
value: '{{ icinga_web__director_database_port }}'
state: '{{ "present" if icinga_web__director_database_port|d() else "absent" }}'
- name: 'dbname'
value: '{{ icinga_web__director_database_name }}'
- name: 'username'
value: '{{ icinga_web__director_database_user }}'
- name: 'password'
value: '{{ icinga_web__director_database_password }}'
- name: 'charset'
value: 'utf8'
- name: 'persistent'
value: '0'
- name: 'use_ssl'
value: '0'
state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
- name: 'ldap_db'
options:
- name: 'type'
value: 'ldap'
- name: 'hostname'
value: '{{ icinga_web__ldap_hostname }}'
- name: 'port'
value: '{{ icinga_web__ldap_port }}'
- name: 'root_dn'
value: '{{ icinga_web__ldap_base_dn | join(",") }}'
- name: 'bind_dn'
value: '{{ icinga_web__ldap_binddn }}'
- name: 'bind_pw'
value: '{{ icinga_web__ldap_bindpw }}'
- name: 'encryption'
value: '{{ icinga_web__ldap_encryption }}'
state: '{{ "present" if icinga_web__ldap_enabled|bool else "ignore" }}'
- name: 'icingaweb2_x509'
options:
- name: 'type'
value: 'db'
- name: 'db'
value: 'mysql'
- name: 'host'
value: '{{ icinga_web__x509_database_host }}'
- name: 'port'
value: '{{ icinga_web__x509_database_port }}'
- name: 'dbname'
value: '{{ icinga_web__x509_database_name }}'
- name: 'username'
value: '{{ icinga_web__x509_database_user }}'
- name: 'password'
value: '{{ icinga_web__x509_database_password }}'
- name: 'charset'
value: 'utf8'
state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
-
icinga_web__resources¶
Custom resource configuration defined in the Ansible inventory.
icinga_web__resources: []
-
icinga_web__combined_resources¶
The variable which combines the resource configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_resources: '{{ icinga_web__current_resources
+ icinga_web__default_resources
+ icinga_web__resources }}'
The roles.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/roles.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_roles¶
The current contents of the config file, gathered during runtime.
icinga_web__current_roles: '{{ (icinga_web__register_config.stdout
| from_json)["roles.ini"] | d([]) }}'
-
icinga_web__default_roles¶
The default user role configuration appled by the role.
icinga_web__default_roles:
- name: 'Administrators'
options:
- name: 'users'
value: '{{ ansible_local.core.admin_users|d([]) | join(",") }}'
- name: 'permissions'
value: '*'
- name: 'groups'
value: 'Administrators'
-
icinga_web__roles¶
Custom user role configuration defined in the Ansible inventory.
icinga_web__roles: []
-
icinga_web__combined_roles¶
The variable which combines the user role configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_roles: '{{ icinga_web__current_roles
+ icinga_web__default_roles
+ icinga_web__roles }}'
The modules/monitoring/backends.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/monitoring/backends.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_backends¶
The current contents of the config file, gathered during runtime.
icinga_web__current_backends: '{{ (icinga_web__register_config.stdout
| from_json)["modules/monitoring/backends.ini"] | d([]) }}'
-
icinga_web__default_backends¶
The default monitoring backend configuration appled by the role.
icinga_web__default_backends:
- name: 'icinga2'
state: '{{ "present"
if (icinga_web__master_database_enabled|bool)
else "ignore" }}'
options:
- name: 'type'
value: 'ido'
- name: 'resource'
value: 'icinga2'
-
icinga_web__backends¶
Custom monitoring backend configuration defined in the Ansible inventory.
icinga_web__backends: []
-
icinga_web__combined_backends¶
The variable which combines the monitoring backend configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_backends: '{{ icinga_web__current_backends
+ icinga_web__default_backends
+ icinga_web__backends }}'
The modules/monitoring/commandtransports.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/monitoring/commandtransports.ini
configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_commandtransports¶
The current contents of the config file, gathered during runtime.
icinga_web__current_commandtransports: '{{ (icinga_web__register_config.stdout
| from_json)["modules/monitoring/commandtransports.ini"] | d([]) }}'
-
icinga_web__default_commandtransports¶
The default command transport configuration appled by the role.
icinga_web__default_commandtransports:
- name: 'icinga2'
options:
- name: 'transport'
value: 'api'
- name: 'host'
value: '{{ icinga_web__icinga_api_fqdn }}'
- name: 'port'
value: '{{ icinga_web__icinga_api_port }}'
- name: 'username'
value: '{{ icinga_web__icinga_api_user }}'
- name: 'password'
value: '{{ icinga_web__icinga_api_password }}'
state: '{{ "present"
if (ansible_local|d() and ansible_local.icinga|d() and
(ansible_local.icinga.installed|d())|bool)
else "ignore" }}'
-
icinga_web__commandtransports¶
Custom command transport configuration defined in the Ansible inventory.
icinga_web__commandtransports: []
-
icinga_web__combined_commandtransports¶
The variable which combines the command transport configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_commandtransports: '{{ icinga_web__current_commandtransports
+ icinga_web__default_commandtransports
+ icinga_web__commandtransports }}'
The modules/director/config.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/director/config.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_director_cfg¶
The current contents of the config file, gathered during runtime.
icinga_web__current_director_cfg: '{{ (icinga_web__register_config.stdout
| from_json)["modules/director/config.ini"] | d([]) }}'
-
icinga_web__default_director_cfg¶
The default Icinga 2 Director configuration appled by the role.
icinga_web__default_director_cfg:
- name: 'db'
options:
- name: 'resource'
value: 'icinga2_director'
state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
-
icinga_web__director_cfg¶
Custom Icinga 2 Director configuration defined in the Ansible inventory.
icinga_web__director_cfg: []
-
icinga_web__combined_director_cfg¶
The variable which combines the Icinga 2 Director configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_director_cfg: '{{ icinga_web__current_director_cfg
+ icinga_web__default_director_cfg
+ icinga_web__director_cfg }}'
The modules/director/kickstart.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/director/kickstart.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_director_kickstart_cfg¶
The current contents of the config file, gathered during runtime.
icinga_web__current_director_kickstart_cfg: '{{ (icinga_web__register_config.stdout
| from_json)["modules/director/kickstart.ini"] | d([]) }}'
-
icinga_web__default_director_kickstart_cfg¶
The default kickstart configuration appled by the role.
icinga_web__default_director_kickstart_cfg:
- name: 'config'
options:
- name: 'endpoint'
value: '{{ icinga_web__icinga_api_fqdn }}'
- name: 'host'
value: '{{ icinga_web__icinga_api_fqdn }}'
- name: 'port'
value: '{{ icinga_web__icinga_api_port }}'
- name: 'username'
value: '{{ icinga_web__icinga_api_user }}'
- name: 'password'
value: '{{ icinga_web__icinga_api_password }}'
state: '{{ "present"
if (ansible_local|d() and ansible_local.icinga|d() and
(ansible_local.icinga.installed|d())|bool)
else "ignore" }}'
-
icinga_web__director_kickstart_cfg¶
Custom kickstart configuration defined in the Ansible inventory.
icinga_web__director_kickstart_cfg: []
-
icinga_web__combined_director_kickstart¶
The variable which combines the kickstart configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_director_kickstart_cfg: '{{ icinga_web__current_director_kickstart_cfg
+ icinga_web__default_director_kickstart_cfg
+ icinga_web__director_kickstart_cfg }}'
The modules/x509/config.ini configuration file¶
These variables manage the contents of the
/etc/icingaweb2/modules/x509/config.ini configuration file.
See icinga_web__ini_configuration for more details.
-
icinga_web__current_x509_cfg¶
The current contents of the config file, gathered during runtime.
icinga_web__current_x509_cfg: '{{ (icinga_web__register_config.stdout
| from_json)["modules/x509/config.ini"] | d([]) }}'
-
icinga_web__default_x509_cfg¶
The default Icinga 2 509 configuration appled by the role.
icinga_web__default_x509_cfg:
- name: 'backend'
options:
- name: 'resource'
value: 'icingaweb2_x509'
state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
-
icinga_web__combined_x509_cfg¶
The variable which combines the Icinga 2 x509 configuration from different source variables and is used by the role task to generate the actual file.
icinga_web__combined_x509_cfg: '{{ icinga_web__current_x509_cfg
+ icinga_web__default_x509_cfg }}'
Configuration for other Ansible roles¶
-
icinga_web__apt_preferences__dependent_list¶
Configuration for the debops.apt_preferences Ansible role.
icinga_web__apt_preferences__dependent_list:
- package: [ 'icingaweb2', 'icingaweb2-*', 'icingacli', 'php-icinga' ]
backports: [ 'stretch' ]
by_role: 'debops.icinga_web'
reason: 'Incompatibility with PHP 7.3'
-
icinga_web__ldap__dependent_tasks¶
Configuration for the debops.ldap Ansible role.
icinga_web__ldap__dependent_tasks:
- name: 'Create Icinga Web account for {{ icinga_web__ldap_device_dn | join(",") }}'
dn: '{{ icinga_web__ldap_binddn }}'
objectClass: '{{ icinga_web__ldap_self_object_classes }}'
attributes: '{{ icinga_web__ldap_self_attributes }}'
no_log: True
state: '{{ "present" if icinga_web__ldap_enabled else "ignore" }}'
-
icinga_web__postgresql__dependent_roles¶
Configuration of PostgreSQL roles for debops.postgresql Ansible role.
icinga_web__postgresql__dependent_roles:
# Owner of the main Icinga Web database
- name: '{{ icinga_web__database_name }}'
flags: [ 'NOLOGIN' ]
- name: '{{ icinga_web__database_user }}'
password: '{{ icinga_web__database_password }}'
db: '{{ icinga_web__database_name }}'
priv: [ 'ALL' ]
- name: '{{ icinga_web__director_database_name }}'
flags: [ 'NOLOGIN' ]
state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
- name: '{{ icinga_web__director_database_user }}'
password: '{{ icinga_web__director_database_password }}'
db: '{{ icinga_web__director_database_name }}'
priv: [ 'ALL' ]
state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
-
icinga_web__postgresql__dependent_databases¶
Configuration of PostgreSQL databases for the debops.postgresql Ansible role.
icinga_web__postgresql__dependent_databases:
- name: '{{ icinga_web__database_name }}'
owner: '{{ icinga_web__database_name }}'
- name: '{{ icinga_web__director_database_name }}'
owner: '{{ icinga_web__director_database_name }}'
state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
-
icinga_web__postgresql__dependent_groups¶
Configuration of PostgreSQL groups for the debops.postgresql Ansible role.
icinga_web__postgresql__dependent_groups:
- roles: [ '{{ icinga_web__database_user }}' ]
groups: [ '{{ icinga_web__database_name }}' ]
database: '{{ icinga_web__database_name }}'
- roles: [ '{{ icinga_web__director_database_user }}' ]
groups: [ '{{ icinga_web__director_database_name }}' ]
database: '{{ icinga_web__director_database_name }}'
state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
-
icinga_web__postgresql__dependent_extensions¶
Configuration of PostgreSQL extensions for the debops.postgresql Ansible role.
icinga_web__postgresql__dependent_extensions:
- database: '{{ icinga_web__director_database_name }}'
extension: 'pgcrypto'
state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
-
icinga_web__mariadb__dependent_databases¶
Database configuration for the debops.mariadb Ansible role.
icinga_web__mariadb__dependent_databases:
- name: '{{ icinga_web__database_name }}'
state: '{{ "present" if icinga_web__database_type == "mariadb" else "ignore" }}'
- name: '{{ icinga_web__director_database_name }}'
state: '{{ "present"
if (icinga_web__director_enabled|bool and icinga_web__director_database_type == "mariadb")
else "ignore" }}'
- name: '{{ icinga_web__x509_database_name }}'
state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
-
icinga_web__mariadb__dependent_users¶
User configuration for the debops.mariadb Ansible role.
icinga_web__mariadb__dependent_users:
- database: '{{ icinga_web__database_name }}'
user: '{{ icinga_web__database_user }}'
state: '{{ "present" if icinga_web__database_type == "mariadb" else "ignore" }}'
- database: '{{ icinga_web__director_database_name }}'
user: '{{ icinga_web__director_database_user }}'
state: '{{ "present"
if (icinga_web__director_enabled|bool and icinga_web__director_database_type == "mariadb")
else "ignore" }}'
- database: '{{ icinga_web__x509_database_name }}'
user: '{{ icinga_web__x509_database_user }}'
state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
-
icinga_web__php__dependent_packages¶
List of php-* APT packages to install by the debops.php Ansible
role.
icinga_web__php__dependent_packages:
- 'mysql'
- 'intl'
- 'ldap'
- 'imagick'
- 'pgsql'
- 'curl'
- 'yaml'
- 'gmp'
-
icinga_web__php__dependent_pools¶
PHP-FPM pool configuration for the debops.php Ansible role.
icinga_web__php__dependent_pools:
- name: 'icingaweb'
user: 'www-data'
group: 'www-data'
-
icinga_web__nginx__dependent_upstreams¶
Upstream configuration for the debops.nginx Ansible role.
icinga_web__nginx__dependent_upstreams:
- name: 'php_icingaweb'
type: 'php'
php_pool: 'icingaweb'
-
icinga_web__nginx__dependent_servers¶
Server configuration for the debops.nginx Ansible role.
icinga_web__nginx__dependent_servers:
- by_role: 'debops.icinga_web'
type: 'php'
name: '{{ icinga_web__fqdn }}'
root: '/usr/share/icingaweb2/public'
webroot_create: False
filename: 'debops.icinga_web'
php_upstream: 'php_icingaweb'
php_limit_except: [ 'GET', 'HEAD', 'POST', 'DELETE' ]
options: |
if (!-d $request_filename) {
rewrite ^/(.+)/$ /$1 permanent;
}
location_list:
- pattern: '/'
options: 'try_files $1 $uri $uri/ /index.php$is_args$args;'