debops.icinga_web default variables

APT packages, UNIX environment

icinga_web__base_packages

List of default APT packages to install for Icinga 2 Web support.

icinga_web__base_packages:
  - 'icingaweb2'
  - 'icingaweb2-module-doc'
  - 'icingaweb2-module-monitoring'
  - 'icingacli'
icinga_web__packages

List of additional APT packages to install with Icinga 2 Web support.

icinga_web__packages: []
icinga_web__user

The UNIX account used by Icinga 2 Web. This account should be present on the system by default.

icinga_web__user: 'www-data'
Icinga_web__group

The UNIX group used by Icinga 2 Web. This group will be created automatically by the APT package.

icinga_web__group: 'icingaweb2'
icinga_web__src

Directory where custom source code will be downloaded by the role, for example module repositories.

icinga_web__src: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
                     + "/icinga_web" }}'

Network configuration

icinga_web__fqdn

The Fully Qualified Domain Name of the Icinga 2 Web service. The web interface will be available on this address. This address is also used to access the Icinga 2 Director API.

icinga_web__fqdn: 'icinga.{{ icinga_web__domain }}'
icinga_web__domain

The domain used by the Icinga 2 Web interface.

icinga_web__domain: '{{ ansible_domain }}'
icinga_web__node_fqdn

The Fully Qualified Domain Name of the local Icinga 2 node. This hostname will be used to access the Icinga 2 REST API.

icinga_web__node_fqdn: '{{ ansible_fqdn }}'

Icinga 2 Web modules

These variables define what Icinga 2 Web modules should be installed and/or enabled. External modules will be cloned using git command. See icinga_web__modules for more details.

icinga_web__default_modules

List of Icinga 2 Web modules installed by default.

icinga_web__default_modules:

  - name: 'toplevelview'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-toplevelview'
    git_version: 'v0.3.1'
    state: 'present'

  - name: 'monitoring'
    state: 'present'

  - name: 'businessprocess'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-businessprocess'
    git_version: 'v2.3.1'
    state: 'present'

  - name: 'graphite'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-graphite'
    git_version: 'v1.1.0'
    enabled: False
    state: 'present'

  - name: 'director'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-director'
    git_version: 'v1.7.2'
    state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'

  - name: 'generictts'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-generictts'
    git_version: 'v2.0.0'
    state: 'present'

  - name: 'grafana'
    git_repo: 'https://github.com/Mikesch-mp/icingaweb2-module-grafana'
    git_version: 'v1.3.6'
    state: 'present'

  - name: 'map'
    git_repo: 'https://github.com/nbuchwitz/icingaweb2-module-map'
    git_version: 'v1.1.0'
    state: 'present'

  - name: 'pnp'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-pnp'
    git_version: 'v1.1.0'
    enabled: False
    state: 'present'

  - name: 'elasticsearch'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-elasticsearch'
    git_version: 'v0.9.0'
    state: 'present'

  - name: 'cube'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-cube'
    git_version: 'v1.1.0'
    state: 'present'

  - name: 'netboximport'
    git_repo: 'https://github.com/Uberspace/icingaweb2-module-netboximport'
    git_version: 'master'
    state: 'present'

  - name: 'doc'
    state: 'present'

  - name: 'ipl'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-ipl'
    git_version: 'v0.4.0'
    state: 'present'

  - name: 'reactbundle'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-reactbundle'
    git_version: 'v0.7.0'
    state: 'present'

  - name: 'incubator'
    git_repo: 'https://github.com/Icinga/icingaweb2-module-incubator'
    git_version: 'v0.5.0'
    state: 'present'

  - name: 'x509'
    git_repo: 'https://github.com/icinga/icingaweb2-module-x509'
    git_version: 'v1.0.0'
    state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
icinga_web__modules

List of additional Icinga 2 Web modules that should be installed/managed by the role.

icinga_web__modules: []

Icinga 2 Web internal database

icinga_web__database_type

Specify the type of the database to use for Icinga 2 Web internal database, either postgresql (preferred) or mariadb. The role will try to detect the available databases automatically based on the Ansible local facts.

icinga_web__database_type: '{{ ansible_local.icinga_web.database_type
                               if (ansible_local.icinga_web.database_type|d())
                               else ("postgresql"
                                     if (ansible_local|d() and ansible_local.postgresql is defined)
                                     else ("mariadb"
                                           if (ansible_local|d() and ansible_local.mariadb is defined)
                                           else "Icinga Web requires a database")) }}'
icinga_web__database_name

Name of the Icinga 2 Web internal database.

icinga_web__database_name: '{{ "icingaweb2_production"
                               if (icinga_web__database_type == "postgresql")
                               else ("icingaweb2"
                                     if (icinga_web__database_type == "mariadb")
                                     else "") }}'
icinga_web__database_user

Name of the Icinga 2 Web internal database user.

icinga_web__database_user: 'icingaweb2'
icinga_web__database_password_path

Path to database password file located on the Ansible Controller. See the debops.secret role for more details.

icinga_web__database_password_path: '{{ secret + "/" + icinga_web__database_type + "/" +
                                        ansible_local[icinga_web__database_type].delegate_to }}{%
                                          if icinga_web__database_type == "postgresql" %}/{{ ansible_local[icinga_web__database_type].port }}{% endif
                                        %}{{ "/credentials/" + icinga_web__database_user +
                                        "/password" }}'
icinga_web__database_password

Password for Icinga 2 Web internal database.

icinga_web__database_password: "{{ lookup('password', icinga_web__database_password_path
                                   + ' length=48 chars=ascii_letters,digits,.-_') }}"
icinga_web__database_host

The address of the Icinga 2 Web internal database server.

icinga_web__database_host: '{{ ansible_local[icinga_web__database_type].server
                               if (ansible_local|d() and ansible_local[icinga_web__database_type]|d() and
                                   ansible_local[icinga_web__database_type].server|d())
                               else "localhost" }}'
icinga_web__database_port

The port on which the Icinga 2 Web internal database server listens for connections.

icinga_web__database_port: '{{ ansible_local[icinga_web__database_type].port
                               if (ansible_local|d() and ansible_local[icinga_web__database_type]|d() and
                                   ansible_local[icinga_web__database_type].port|d())
                               else "" }}'
icinga_web__database_delegate_to

The Ansible inventory name of the host to which the database tasks will be delegated to.

icinga_web__database_delegate_to: '{{ ansible_local[icinga_web__database_type].delegate_to
                                      if (ansible_local|d() and ansible_local[icinga_web__database_type]|d() and
                                          ansible_local[icinga_web__database_type].delegate_to|d())
                                      else inventory_hostname }}'
icinga_web__database_schema

Absolute path to the Icinga 2 Web internal database schema which will be imported during initialization. The schema needs to be located on the remote host with the database.

icinga_web__database_schema: '{{ "/usr/share/icingaweb2/etc/schema/"
                                 + ("pgsql.schema.sql"
                                    if (icinga_web__database_type == "postgresql")
                                    else "mysql.schema.sql") }}'
icinga_web__database_init

Enable or disable initialization of the Icinga 2 Web internal database.

icinga_web__database_init: '{{ False
                               if (ansible_local|d() and ansible_local.icinga_web|d() and
                                   (ansible_local.icinga_web.installed|d())|bool)
                               else True }}'

Icinga 2 master database

These variables control configuration of the Icinga 2 master database, managed by debops.icinga_db Ansible role. This database is usually on the same host the Web interface is installed, but if not, you might need to configure access to a remote database here.

icinga_web__master_database_enabled

Enable or disable configuration of the Icinga 2 master database resource in the Icinga 2 Web interface. This does not control the configuration of the actual database, see debops.icinga_db role for that.

icinga_web__master_database_enabled: '{{ True
                                         if (ansible_local|d() and ansible_local.icinga_db|d() and
                                             (ansible_local.icinga_db.configured|d())|bool)
                                         else False }}'
icinga_web__master_database_type

Specify the type of the Icinga 2 master database, either postgresql or mariadb.

icinga_web__master_database_type: '{{ ansible_local.icinga_db.type|d("") }}'
icinga_web__master_database_name

Name of the Icinga 2 master database.

icinga_web__master_database_name: '{{ ansible_local.icinga_db.dbc_dbname|d("icinga2") }}'
icinga_web__master_database_user

Name of the Icinga 2 master database user.

icinga_web__master_database_user: '{{ ansible_local.icinga_db.dbc_dbuser|d("icinga2") }}'
icinga_web__master_database_password

Password for the Icinga 2 master database.

icinga_web__master_database_password: '{{ ansible_local.icinga_db.dbc_dbpass|d("") }}'
icinga_web__master_database_host

The address of the Icinga 2 master database host.

icinga_web__master_database_host: '{{ ansible_local.icinga_db.dbc_dbserver|d("localhost") }}'
icinga_web__master_database_port

The port on which the Icinga 2 master database listens for connections.

icinga_web__master_database_port: '{{ ansible_local.icinga_db.dbc_dbport|d("") }}'

Icinga 2 Director support

icinga_web__director_enabled

Enable or disable support for Icinga 2 Web Director module.

icinga_web__director_enabled: True
icinga_web__director_user

The username of the Icinga 2 Director Unix account, which will be automatically created by this role.

icinga_web__director_user: 'icingadirector'
icinga_web__director_group

The primary group of the Icinga 2 Director Unix account. Defaults to the group created by the icingaweb2 APT package.

icinga_web__director_group: '{{ icinga_web__group }}'
icinga_web__director_home

The home directory of the Icinga 2 Director Unix account.

icinga_web__director_home: '/var/local/{{ icinga_web__director_user }}'
icinga_web__director_home_mode

Octal permissions on the home directory of the Icinga 2 Director Unix account.

icinga_web__director_home_mode: '0755'
icinga_web__director_shell

The shell of the Icinga 2 Director Unix account.

icinga_web__director_shell: '/usr/sbin/nologin'
icinga_web__director_api_fqdn

Fully Qualified Domain Name which is part of the URL to the Icinga 2 Director REST API. It is usually the same as the Icinga 2 Web interface FQDN.

icinga_web__director_api_fqdn: '{{ icinga_web__fqdn }}'
icinga_web__director_api_url

The URL of the Icinga 2 Director REST API which will be used to interact with Icinga Director.

icinga_web__director_api_url: 'https://{{ icinga_web__director_api_fqdn }}/director'
icinga_web__director_api_user

Name of the Icinga 2 Director API user, used by the debops.icinga role to authenticate to the Director REST API.

icinga_web__director_api_user: 'director-api'
icinga_web__director_api_password

The password for the Icinga 2 Director API user used by the debops.icinga role.

icinga_web__director_api_password: '{{ lookup("password", secret + "/icinga_web/api/"
                                       + icinga_web__director_api_fqdn + "/credentials/"
                                       + icinga_web__director_api_user + "/password") }}'
icinga_web__director_database_type

Specify the database type for the Icinga 2 Director database, either postgresql (preferred) or mariadb. It's usually the same type as the main Icinga 2 Web database.

icinga_web__director_database_type: '{{ ansible_local.icinga_web.database_type
                                        if (ansible_local.icinga_web.database_type|d())
                                        else ("postgresql"
                                              if (ansible_local|d() and ansible_local.postgresql is defined)
                                              else ("mariadb"
                                                    if (ansible_local|d() and ansible_local.mariadb is defined)
                                                    else "Icinga Director requires a database")) }}'
icinga_web__director_database_name

Name of the Icinga 2 Director database.

icinga_web__director_database_name: '{{ "icinga2_director_production"
                                        if (icinga_web__director_database_type == "postgresql")
                                        else ("icinga2_director"
                                              if (icinga_web__director_database_type == "mariadb")
                                              else "") }}'
icinga_web__director_database_user

Name of the Icinga 2 Director database user.

icinga_web__director_database_user: 'icinga2_director'
icinga_web__director_database_password_path

Path to database password file located on the Ansible Controller for the Icinga 2 Director database.

icinga_web__director_database_password_path: '{{ secret + "/" + icinga_web__director_database_type + "/" +
                                                 ansible_local[icinga_web__director_database_type].delegate_to }}{%
                                                   if icinga_web__director_database_type == "postgresql" %}/{{ ansible_local[icinga_web__director_database_type].port }}{% endif
                                                 %}{{ "/credentials/" + icinga_web__director_database_user +
                                                 "/password" }}'
icinga_web__director_database_password

Database password for the Icinga 2 Director database.

icinga_web__director_database_password: "{{ lookup('password', icinga_web__director_database_password_path
                                            + ' length=48 chars=ascii_letters,digits,.-_') }}"
icinga_web__director_database_host

Address of the Icinga 2 Director database server.

icinga_web__director_database_host: '{{ ansible_local[icinga_web__director_database_type].server
                                        if (ansible_local|d() and ansible_local[icinga_web__director_database_type]|d() and
                                            ansible_local[icinga_web__director_database_type].server|d())
                                        else "localhost" }}'
icinga_web__director_database_port

The port on which the Icinga 2 Director database server listens for connections.

icinga_web__director_database_port: '{{ ansible_local[icinga_web__director_database_type].port
                                        if (ansible_local|d() and ansible_local[icinga_web__director_database_type]|d() and
                                            ansible_local[icinga_web__director_database_type].port|d())
                                        else "" }}'
icinga_web__director_database_delegate_to

The Ansible inventory hostname of the host where the database-related role tasks will be delegated to.

icinga_web__director_database_delegate_to: '{{ ansible_local[icinga_web__director_database_type].delegate_to
                                               if (ansible_local|d() and ansible_local[icinga_web__director_database_type]|d() and
                                                   ansible_local[icinga_web__director_database_type].delegate_to|d())
                                               else inventory_hostname }}'
icinga_web__director_database_init

Enable or disable initialization of the Icinga 2 Director database.

icinga_web__director_database_init: '{{ False
                                        if (ansible_local|d() and ansible_local.icinga_web|d() and
                                            (ansible_local.icinga_web.installed|d())|bool)
                                        else True }}'
icinga_web__director_kickstart_enabled

Enable or disable initial import (kickstart) of the Icinga 2 configuration into the Director database.

icinga_web__director_kickstart_enabled: '{{ True
                                            if (ansible_local|d() and ansible_local.icinga|d() and
                                                (ansible_local.icinga.installed|d())|bool)
                                            else False }}'
icinga_web__director_default_templates

List of default templates to create in Icinga Director. See icinga_web__director_templates for more details.

icinga_web__director_default_templates:

  - name: 'generic-host'
    api_endpoint: '/host'
    data:
      object_type: 'template'
      object_name: 'generic-host'
      check_command: 'hostalive'
      check_interval: '5m'
      retry_interval: '30s'
      max_check_attempts: '5'
    state: 'present'

  - name: 'icinga-agent-host'
    api_endpoint: '/host'
    data:
      object_type: 'template'
      object_name: 'icinga-agent-host'
      has_agent: true
      master_should_connect: true
      accept_config: true
      imports:
        - 'generic-host'
    state: 'present'
icinga_web__director_templates

List of templates to create in Icinga Director defined on all hosts in the Ansible inventory. See icinga_web__director_templates for more details.

icinga_web__director_templates: []
icinga_web__director_group_templates

List of templates to create in Icinga Director defined on hosts in a specific Ansible inventory group. See icinga_web__director_templates for more details.

icinga_web__director_group_templates: []
icinga_web__director_host_templates

List of templates to create in Icinga Director defined on specific hosts in the Ansible inventory. See icinga_web__director_templates for more details.

icinga_web__director_host_templates: []
icinga_web__director_combined_templates

Variable which combines all of the Icinga Director template lists and is used in role tasks and templates.

icinga_web__director_combined_templates: '{{ icinga_web__director_default_templates
                                             + icinga_web__director_templates
                                             + icinga_web__director_group_templates
                                             + icinga_web__director_host_templates }}'

Icinga 2 x509 module support

icinga_web__x509_enabled

Enable or disable support for Icinga 2 Web x509 module. It requires MariaDB/MySQL. See https://github.com/icinga/icingaweb2-module-x509 for more details

icinga_web__x509_enabled: '{{ ansible_local.mariadb is defined }}'
icinga_web__x509_database_name

Name of the Icinga 2 Web database used for the X509 module

icinga_web__x509_database_name: 'icingaweb2_x509'
icinga_web__x509_database_user

Name of the Icinga 2 Web x509 database user.

icinga_web__x509_database_user: 'icingaweb2_x509'
icinga_web__x509_database_password

Password for Icinga 2 Web x509 database.

icinga_web__x509_database_password: '{{ lookup("password", secret + "/mariadb/"
                                        + ansible_local.mariadb.delegate_to|d(inventory_hostname)
                                        + "/credentials/" + icinga_web__x509_database_user + "/password"
                                        + " length=48 chars=ascii_letters,digits,.-_") }}'
icinga_web__x509_database_host

Address of the Icinga 2 X509 database server.

icinga_web__x509_database_host: '{{ ansible_local.mariadb.server|d("localhost") }}'
icinga_web__x509_database_port

The port on which the Icinga 2 x509 database server listens for connections.

icinga_web__x509_database_port: '{{ ansible_local.mariadb.port|d("3306") }}'
icinga_web__x5609_database_schema

Absolute path to the Icinga 2 Web internal database schema which will be imported during initialization.

icinga_web__x509_database_schema: '/usr/share/icingaweb2/modules/x509/etc/schema/mysql.schema.sql'
icinga_web__x509_database_init

Enable or disable initialization of the Icinga 2 Web x509 database.

icinga_web__x509_database_init: '{{ not ansible_local.icinga_web.x509_installed | d(False) }}'

Icinga 2 REST API

These variables configure access to the Icinga 2 REST API. Using that API, the Icinga 2 Web and Director interface communicates with the Icinga 2 cluster nodes.

icinga_web__icinga_api_fqdn

Fully Qualified Domain Name of the Icinga 2 API endpoint. It's usually on the same host as the Icinga 2 Web interface.

icinga_web__icinga_api_fqdn: '{{ icinga_web__node_fqdn }}'
icinga_web__icinga_api_port

The port on which the Icinga 2 service listens for new API connections.

icinga_web__icinga_api_port: '5665'
icinga_web__icinga_api_user

The name of the API user used for authentication to the Icinga 2 REST API.

icinga_web__icinga_api_user: 'root'
icinga_web__icinga_api_password

The password of the Icinga 2 REST API user.

icinga_web__icinga_api_password: '{{ lookup("password", secret + "/icinga/api/"
                                     + icinga_web__icinga_api_fqdn + "/credentials/"
                                     + icinga_web__icinga_api_user
                                     + "/password") }}'

Icinga 2 Web initial user accounts

icinga_web__initial_account_groups

List of initial user groups created by the role in the Icinga 2 Web database during initialization. See icinga_web__initial_account_groups for more details.

icinga_web__initial_account_groups:

  - name: 'Administrators'

  - name: 'Users'
icinga_web__initial_accounts

List of initial user accounts created by the role in the Icinga 2 Web database during initialization. See icinga_web__initial_accounts for more details.

icinga_web__initial_accounts:

  - name: 'root'
    password: '{{ lookup("password", secret + "/icinga_web/auth/"
                  + inventory_hostname + "/credentials/root/password") }}'

  - name: '{{ icinga_web__director_api_user }}'
    password: '{{ icinga_web__director_api_password }}'
icinga_web__default_account_password

The default password used for the initial accounts which don't specifiy their own password.

icinga_web__default_account_password: '{{ lookup("password", secret + "/icinga_web/auth/"
                                          + inventory_hostname + "/default_password") }}'

LDAP authentication

Refer to the official Icinga web documentation for more details.

icinga_web__ldap_enabled

Enable LDAP support

icinga_web__ldap_enabled: '{{ True
                              if ansible_local.ldap.enabled|d()|bool
                              else False }}'
icinga_web__ldap_base_dn

The base Distinguished Name which should be used to create Distinguished Names of the LDAP directory objects, defined as a YAML list.

icinga_web__ldap_base_dn: '{{ ansible_local.ldap.base_dn|d([]) }}'
icinga_web__ldap_groups_rdn

The Relative Distinguished Name of the object which contains the groups stored in LDAP.

icinga_web__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn
                                 |d("ou=Groups") }}'
icinga_web__ldap_groups_dn

The Distinguished Name where Icinga Web will look for groups, defined as a YAML list.

icinga_web__ldap_groups_dn: '{{ [ icinga_web__ldap_groups_rdn ]
                                + icinga_web__ldap_base_dn }}'
icinga_web__ldap_people_rdn

The Relative Distinguished Name of the object which contains the user accounts stored in LDAP.

icinga_web__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn
                                 |d("ou=People") }}'
icinga_web__ldap_people_dn

The base Distinguished Name where Icinga Web will look for users, defined as a YAML list.

icinga_web__ldap_people_dn: '{{ [ icinga_web__ldap_people_rdn ]
                                + icinga_web__ldap_base_dn }}'
icinga_web__ldap_device_dn

The Distinguished Name of the current host LDAP object, defined as a YAML list. It will be used as a base for the Icinga web service account LDAP object. If the list is empty, the role will not create the account LDAP object automatically.

icinga_web__ldap_device_dn: '{{ ansible_local.ldap.device_dn|d([]) }}'
icinga_web__ldap_self_rdn

The Relative Distinguished Name of the account LDAP object used by the Icinga Web service to access the LDAP directory.

icinga_web__ldap_self_rdn: 'uid=icingaweb'
icinga_web__ldap_self_object_classes

List of the LDAP object classes which will be used to create the LDAP object used by the Icinga Web service to access the LDAP directory.

icinga_web__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
icinga_web__ldap_self_attributes

YAML dictionary that defines the attributes of the LDAP object used by the Icinga Web service to access the LDAP directory.

icinga_web__ldap_self_attributes:
  uid: '{{ icinga_web__ldap_self_rdn.split("=")[1] }}'
  userPassword: '{{ icinga_web__ldap_bindpw }}'
  host: '{{ [ ansible_fqdn, ansible_hostname ] | unique }}'
  description: 'Account used by the "Icinga Web" service to access the LDAP directory'
icinga_web__ldap_binddn

The Distinguished Name of the account LDAP object used by the Icinga Web service to bind to the LDAP directory.

icinga_web__ldap_binddn: '{{ ([ icinga_web__ldap_self_rdn ]
                              + icinga_web__ldap_device_dn) | join(",") }}'
icinga_web__ldap_bindpw

The password stored in the account LDAP object used by the Icinga Web service to bind to the LDAP directory.

icinga_web__ldap_bindpw: '{{ (lookup("password", secret + "/ldap/credentials/"
                                     + icinga_web__ldap_binddn | to_uuid
                                     + ".password length=48 "
                                     + "chars=ascii_letters,digits,.-_"))
                              if icinga_web__ldap_enabled|bool
                              else "" }}'
icinga_web__ldap_hostname

The LDAP URI that points to the directory server which should be used by Icinga Web.

icinga_web__ldap_hostname: '{{ ansible_local.ldap.hosts|d([""]) | first }}'
icinga_web__ldap_encryption

The LDAP encryption to use, either starttls, ldaps or plain (discouraged).

icinga_web__ldap_encryption: '{{ "ldaps"
                                 if ansible_local.ldap.protocol | d("") == "ldaps"
                                 else ("starttls"
                                       if ansible_local.ldap.start_tls | d(True) | bool
                                       else "plain") }}'
icinga_web__ldap_port

The TCP port to use for LDAP connections.

icinga_web__ldap_port: '{{ ansible_local.ldap.port | d(389) }}'
icinga_web__ldap_user_filter

Use this to control which LDAP users are listed as Icinga Web users.

icinga_web__ldap_user_filter: '(&
                                 (objectClass={{ icinga_web__ldap_user_class }})
                                 (|
                                   (authorizedService=all)
                                   (authorizedService=icingaweb)
                                 )
                               )'
icinga_web__ldap_user_class

The objectClass of LDAP users.

icinga_web__ldap_user_class: 'inetOrgPerson'
icinga_web__ldap_user_name_attribute

The LDAP attribute which contains the username.

icinga_web__ldap_user_name_attribute: 'uid'
icinga_web__ldap_group_filter

Use this to control which LDAP groups are listed as Icinga Web groups.

icinga_web__ldap_group_filter: 'objectClass={{ icinga_web__ldap_group_class }}'
icinga_web__ldap_group_class

The objectClass of LDAP groups.

icinga_web__ldap_group_class: 'groupOfNames'
icinga_web__ldap_group_member_attribute

The LDAP attribute where a group’s members are stored.

icinga_web__ldap_group_member_attribute: 'member'
icinga_web__ldap_group_name_attribute

The LDAP attribute which contains the group name.

icinga_web__ldap_group_name_attribute: 'cn'

The authentication.ini configuration file

These variables manage the contents of the /etc/icingaweb2/authentication.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_authentication

The current contents of the config file, gathered during runtime.

icinga_web__current_authentication: '{{ (icinga_web__register_config.stdout
                                         | from_json)["authentication.ini"] | d([]) }}'
icinga_web__default_authentication

The default authentication configuration appled by the role.

icinga_web__default_authentication:

  - name: 'icingaweb2'
    options:

      - name: 'backend'
        value: 'db'

      - name: 'resource'
        value: 'icingaweb_db'

  - name: 'ldap_users'
    options:

      - name: 'backend'
        value: 'ldap'

      - name: 'resource'
        value: 'ldap_db'

      - name: 'user_class'
        value: '{{ icinga_web__ldap_user_class }}'

      - name: 'user_name_attribute'
        value: '{{ icinga_web__ldap_user_name_attribute }}'

      - name: 'filter'
        value: '{{ icinga_web__ldap_user_filter }}'

    state: '{{ "present" if icinga_web__ldap_enabled|bool else "ignore" }}'
icinga_web__authentication

Custom authentication configuration defined in the Ansible inventory.

icinga_web__authentication: []
icinga_web__combined_authentication

The variable which combines the authentication configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_authentication: '{{ icinga_web__current_authentication
                                         + icinga_web__default_authentication
                                         + icinga_web__authentication }}'

The config.ini configuration file

These variables manage the contents of the /etc/icingaweb2/config.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_config

The current contents of the config file, gathered during runtime.

icinga_web__current_config: '{{ (icinga_web__register_config.stdout
                                 | from_json)["config.ini"] | d([]) }}'
icinga_web__default_config

The default global configuration appled by the role.

icinga_web__default_config:

  - name: 'global'
    options:

      - name: 'show_stacktraces'
        value: '0'

      - name: 'config_backend'
        value: 'db'

      - name: 'config_resource'
        value: 'icingaweb_db'

      - name: 'module_path'
        value: '/usr/share/icingaweb2/modules'

  - name: 'logging'
    options:

      - name: 'log'
        value: 'syslog'

      - name: 'level'
        value: 'ERROR'

      - name: 'application'
        value: 'icingaweb2'

      - name: 'facility'
        value: 'user'

  - name: 'themes'
icinga_web__config

Custom global configuration defined in the Ansible inventory.

icinga_web__config: []
icinga_web__combined_config

The variable which combines the global configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_config: '{{ icinga_web__current_config
                                 + icinga_web__default_config
                                 + icinga_web__config }}'

The groups.ini configuration file

These variables manage the contents of the /etc/icingaweb2/groups.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_groups

The current contents of the config file, gathered during runtime.

icinga_web__current_groups: '{{ (icinga_web__register_config.stdout
                                 | from_json)["groups.ini"] | d([]) }}'
icinga_web__default_groups

The default group configuration appled by the role.

icinga_web__default_groups:

  - name: 'icingaweb2'
    options:

      - name: 'backend'
        value: 'db'

      - name: 'resource'
        value: 'icingaweb_db'

  - name: 'ldap_groups'
    options:

      - name: 'backend'
        value: 'ldap'

      - name: 'resource'
        value: 'ldap_db'

      - name: 'user_backend'
        value: 'ldap_users'

      - name: 'base_dn'
        value: '{{ icinga_web__ldap_groups_dn | join(",") }}'

      - name: 'group_class'
        value: '{{ icinga_web__ldap_group_class }}'

      - name: 'group_member_attribute'
        value: '{{ icinga_web__ldap_group_member_attribute }}'

      - name: 'group_name_attribute'
        value: '{{ icinga_web__ldap_group_name_attribute }}'

      - name: 'group_filter'
        value: '{{ icinga_web__ldap_group_filter }}'

    state: '{{ "present" if icinga_web__ldap_enabled|bool else "ignore" }}'
icinga_web__groups

Custom group configuration defined in the Ansible inventory.

icinga_web__groups: []
icinga_web__combined_groups

The variable which combines the group configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_groups: '{{ icinga_web__current_groups
                                 + icinga_web__default_groups
                                 + icinga_web__groups }}'

The resources.ini configuration file

These variables manage the contents of the /etc/icingaweb2/resources.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_resources

The current contents of the config file, gathered during runtime.

icinga_web__current_resources: '{{ (icinga_web__register_config.stdout
                                    | from_json)["resources.ini"] | d([]) }}'
icinga_web__default_resources

The default resource configuration appled by the role.

icinga_web__default_resources:

  - name: 'icingaweb_db'
    options:

      - name: 'type'
        value: 'db'

      - name: 'db'
        value: '{{ "pgsql"
                   if (icinga_web__database_type == "postgresql")
                   else ("mysql"
                         if (icinga_web__database_type == "mariadb")
                         else "unknown") }}'

      - name: 'host'
        value: '{{ icinga_web__database_host }}'

      - name: 'port'
        value: '{{ icinga_web__database_port }}'
        state: '{{ "present" if icinga_web__database_port|d() else "absent" }}'

      - name: 'dbname'
        value: '{{ icinga_web__database_name }}'

      - name: 'username'
        value: '{{ icinga_web__database_user }}'

      - name: 'password'
        value: '{{ icinga_web__database_password }}'

      - name: 'charset'
        value: 'utf8'

      - name: 'persistent'
        value: '0'

      - name: 'use_ssl'
        value: '0'

  - name: 'icinga2'
    state: '{{ "present"
               if (icinga_web__master_database_enabled|bool)
               else "ignore" }}'
    options:

      - name: 'type'
        value: 'db'

      - name: 'db'
        value: '{{ "pgsql"
                   if (icinga_web__master_database_type == "postgresql")
                   else ("mysql"
                         if (icinga_web__master_database_type == "mariadb")
                         else "unknown") }}'

      - name: 'host'
        value: '{{ icinga_web__master_database_host }}'

      - name: 'port'
        value: '{{ icinga_web__master_database_port }}'
        state: '{{ "present" if icinga_web__master_database_port|d() else "absent" }}'

      - name: 'dbname'
        value: '{{ icinga_web__master_database_name }}'

      - name: 'username'
        value: '{{ icinga_web__master_database_user }}'

      - name: 'password'
        value: '{{ icinga_web__master_database_password }}'

      - name: 'charset'
        value: 'utf8'

      - name: 'persistent'
        value: '0'

      - name: 'use_ssl'
        value: '0'

  - name: 'icinga2_director'
    options:

      - name: 'type'
        value: 'db'

      - name: 'db'
        value: '{{ "pgsql"
                   if (icinga_web__director_database_type == "postgresql")
                   else ("mysql"
                         if (icinga_web__director_database_type == "mariadb")
                         else "unknown") }}'

      - name: 'host'
        value: '{{ icinga_web__director_database_host }}'

      - name: 'port'
        value: '{{ icinga_web__director_database_port }}'
        state: '{{ "present" if icinga_web__director_database_port|d() else "absent" }}'

      - name: 'dbname'
        value: '{{ icinga_web__director_database_name }}'

      - name: 'username'
        value: '{{ icinga_web__director_database_user }}'

      - name: 'password'
        value: '{{ icinga_web__director_database_password }}'

      - name: 'charset'
        value: 'utf8'

      - name: 'persistent'
        value: '0'

      - name: 'use_ssl'
        value: '0'

    state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'

  - name: 'ldap_db'
    options:

      - name: 'type'
        value: 'ldap'

      - name: 'hostname'
        value: '{{ icinga_web__ldap_hostname }}'

      - name: 'port'
        value: '{{ icinga_web__ldap_port }}'

      - name: 'root_dn'
        value: '{{ icinga_web__ldap_base_dn | join(",") }}'

      - name: 'bind_dn'
        value: '{{ icinga_web__ldap_binddn }}'

      - name: 'bind_pw'
        value: '{{ icinga_web__ldap_bindpw }}'

      - name: 'encryption'
        value: '{{ icinga_web__ldap_encryption }}'

    state: '{{ "present" if icinga_web__ldap_enabled|bool else "ignore" }}'

  - name: 'icingaweb2_x509'
    options:

      - name: 'type'
        value: 'db'

      - name: 'db'
        value: 'mysql'

      - name: 'host'
        value: '{{ icinga_web__x509_database_host }}'

      - name: 'port'
        value: '{{ icinga_web__x509_database_port }}'

      - name: 'dbname'
        value: '{{ icinga_web__x509_database_name }}'

      - name: 'username'
        value: '{{ icinga_web__x509_database_user }}'

      - name: 'password'
        value: '{{ icinga_web__x509_database_password }}'

      - name: 'charset'
        value: 'utf8'

    state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
icinga_web__resources

Custom resource configuration defined in the Ansible inventory.

icinga_web__resources: []
icinga_web__combined_resources

The variable which combines the resource configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_resources: '{{ icinga_web__current_resources
                                    + icinga_web__default_resources
                                    + icinga_web__resources }}'

The roles.ini configuration file

These variables manage the contents of the /etc/icingaweb2/roles.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_roles

The current contents of the config file, gathered during runtime.

icinga_web__current_roles: '{{ (icinga_web__register_config.stdout
                                | from_json)["roles.ini"] | d([]) }}'
icinga_web__default_roles

The default user role configuration appled by the role.

icinga_web__default_roles:

  - name: 'Administrators'
    options:

      - name: 'users'
        value: '{{ ansible_local.core.admin_users|d([]) | join(",") }}'

      - name: 'permissions'
        value: '*'

      - name: 'groups'
        value: 'Administrators'
icinga_web__roles

Custom user role configuration defined in the Ansible inventory.

icinga_web__roles: []
icinga_web__combined_roles

The variable which combines the user role configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_roles: '{{ icinga_web__current_roles
                                + icinga_web__default_roles
                                + icinga_web__roles }}'

The modules/monitoring/backends.ini configuration file

These variables manage the contents of the /etc/icingaweb2/modules/monitoring/backends.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_backends

The current contents of the config file, gathered during runtime.

icinga_web__current_backends: '{{ (icinga_web__register_config.stdout
                                   | from_json)["modules/monitoring/backends.ini"] | d([]) }}'
icinga_web__default_backends

The default monitoring backend configuration appled by the role.

icinga_web__default_backends:

  - name: 'icinga2'
    state: '{{ "present"
               if (icinga_web__master_database_enabled|bool)
               else "ignore" }}'
    options:

      - name: 'type'
        value: 'ido'

      - name: 'resource'
        value: 'icinga2'
icinga_web__backends

Custom monitoring backend configuration defined in the Ansible inventory.

icinga_web__backends: []
icinga_web__combined_backends

The variable which combines the monitoring backend configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_backends: '{{ icinga_web__current_backends
                                   + icinga_web__default_backends
                                   + icinga_web__backends }}'

The modules/monitoring/commandtransports.ini configuration file

These variables manage the contents of the /etc/icingaweb2/modules/monitoring/commandtransports.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_commandtransports

The current contents of the config file, gathered during runtime.

icinga_web__current_commandtransports: '{{ (icinga_web__register_config.stdout
                                            | from_json)["modules/monitoring/commandtransports.ini"] | d([]) }}'
icinga_web__default_commandtransports

The default command transport configuration appled by the role.

icinga_web__default_commandtransports:

  - name: 'icinga2'
    options:

      - name: 'transport'
        value: 'api'

      - name: 'host'
        value: '{{ icinga_web__icinga_api_fqdn }}'

      - name: 'port'
        value: '{{ icinga_web__icinga_api_port }}'

      - name: 'username'
        value: '{{ icinga_web__icinga_api_user }}'

      - name: 'password'
        value: '{{ icinga_web__icinga_api_password }}'

    state: '{{ "present"
               if (ansible_local|d() and ansible_local.icinga|d() and
                   (ansible_local.icinga.installed|d())|bool)
               else "ignore" }}'
icinga_web__commandtransports

Custom command transport configuration defined in the Ansible inventory.

icinga_web__commandtransports: []
icinga_web__combined_commandtransports

The variable which combines the command transport configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_commandtransports: '{{ icinga_web__current_commandtransports
                                            + icinga_web__default_commandtransports
                                            + icinga_web__commandtransports }}'

The modules/director/config.ini configuration file

These variables manage the contents of the /etc/icingaweb2/modules/director/config.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_director_cfg

The current contents of the config file, gathered during runtime.

icinga_web__current_director_cfg: '{{ (icinga_web__register_config.stdout
                                       | from_json)["modules/director/config.ini"] | d([]) }}'
icinga_web__default_director_cfg

The default Icinga 2 Director configuration appled by the role.

icinga_web__default_director_cfg:

  - name: 'db'
    options:

      - name: 'resource'
        value: 'icinga2_director'

    state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
icinga_web__director_cfg

Custom Icinga 2 Director configuration defined in the Ansible inventory.

icinga_web__director_cfg: []
icinga_web__combined_director_cfg

The variable which combines the Icinga 2 Director configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_director_cfg: '{{ icinga_web__current_director_cfg
                                       + icinga_web__default_director_cfg
                                       + icinga_web__director_cfg }}'

The modules/director/kickstart.ini configuration file

These variables manage the contents of the /etc/icingaweb2/modules/director/kickstart.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_director_kickstart_cfg

The current contents of the config file, gathered during runtime.

icinga_web__current_director_kickstart_cfg: '{{ (icinga_web__register_config.stdout
                                                 | from_json)["modules/director/kickstart.ini"] | d([]) }}'
icinga_web__default_director_kickstart_cfg

The default kickstart configuration appled by the role.

icinga_web__default_director_kickstart_cfg:

  - name: 'config'
    options:

      - name: 'endpoint'
        value: '{{ icinga_web__icinga_api_fqdn }}'

      - name: 'host'
        value: '{{ icinga_web__icinga_api_fqdn }}'

      - name: 'port'
        value: '{{ icinga_web__icinga_api_port }}'

      - name: 'username'
        value: '{{ icinga_web__icinga_api_user }}'

      - name: 'password'
        value: '{{ icinga_web__icinga_api_password }}'

    state: '{{ "present"
               if (ansible_local|d() and ansible_local.icinga|d() and
                   (ansible_local.icinga.installed|d())|bool)
               else "ignore" }}'
icinga_web__director_kickstart_cfg

Custom kickstart configuration defined in the Ansible inventory.

icinga_web__director_kickstart_cfg: []
icinga_web__combined_director_kickstart

The variable which combines the kickstart configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_director_kickstart_cfg: '{{ icinga_web__current_director_kickstart_cfg
                                                 + icinga_web__default_director_kickstart_cfg
                                                 + icinga_web__director_kickstart_cfg }}'

The modules/x509/config.ini configuration file

These variables manage the contents of the /etc/icingaweb2/modules/x509/config.ini configuration file. See icinga_web__ini_configuration for more details.

icinga_web__current_x509_cfg

The current contents of the config file, gathered during runtime.

icinga_web__current_x509_cfg: '{{ (icinga_web__register_config.stdout
                                       | from_json)["modules/x509/config.ini"] | d([]) }}'
icinga_web__default_x509_cfg

The default Icinga 2 509 configuration appled by the role.

icinga_web__default_x509_cfg:

  - name: 'backend'
    options:

      - name: 'resource'
        value: 'icingaweb2_x509'

    state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
icinga_web__combined_x509_cfg

The variable which combines the Icinga 2 x509 configuration from different source variables and is used by the role task to generate the actual file.

icinga_web__combined_x509_cfg: '{{ icinga_web__current_x509_cfg
                                       + icinga_web__default_x509_cfg }}'

Configuration for other Ansible roles

icinga_web__apt_preferences__dependent_list

Configuration for the debops.apt_preferences Ansible role.

icinga_web__apt_preferences__dependent_list:

  - package: [ 'icingaweb2', 'icingaweb2-*', 'icingacli', 'php-icinga' ]
    backports: [ 'stretch' ]
    by_role: 'debops.icinga_web'
    reason: 'Incompatibility with PHP 7.3'
icinga_web__ldap__dependent_tasks

Configuration for the debops.ldap Ansible role.

icinga_web__ldap__dependent_tasks:

  - name: 'Create Icinga Web account for {{ icinga_web__ldap_device_dn | join(",") }}'
    dn: '{{ icinga_web__ldap_binddn }}'
    objectClass: '{{ icinga_web__ldap_self_object_classes }}'
    attributes: '{{ icinga_web__ldap_self_attributes }}'
    no_log: True
    state: '{{ "present" if icinga_web__ldap_enabled else "ignore" }}'
icinga_web__postgresql__dependent_roles

Configuration of PostgreSQL roles for debops.postgresql Ansible role.

icinga_web__postgresql__dependent_roles:

  # Owner of the main Icinga Web database
  - name: '{{ icinga_web__database_name }}'
    flags: [ 'NOLOGIN' ]

  - name: '{{ icinga_web__database_user }}'
    password: '{{ icinga_web__database_password }}'
    db: '{{ icinga_web__database_name }}'
    priv: [ 'ALL' ]

  - name: '{{ icinga_web__director_database_name }}'
    flags: [ 'NOLOGIN' ]
    state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'

  - name: '{{ icinga_web__director_database_user }}'
    password: '{{ icinga_web__director_database_password }}'
    db: '{{ icinga_web__director_database_name }}'
    priv: [ 'ALL' ]
    state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
icinga_web__postgresql__dependent_databases

Configuration of PostgreSQL databases for the debops.postgresql Ansible role.

icinga_web__postgresql__dependent_databases:

  - name:  '{{ icinga_web__database_name }}'
    owner: '{{ icinga_web__database_name }}'

  - name:  '{{ icinga_web__director_database_name }}'
    owner: '{{ icinga_web__director_database_name }}'
    state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
icinga_web__postgresql__dependent_groups

Configuration of PostgreSQL groups for the debops.postgresql Ansible role.

icinga_web__postgresql__dependent_groups:

  - roles:  [ '{{ icinga_web__database_user }}' ]
    groups: [ '{{ icinga_web__database_name }}' ]
    database: '{{ icinga_web__database_name }}'

  - roles:  [ '{{ icinga_web__director_database_user }}' ]
    groups: [ '{{ icinga_web__director_database_name }}' ]
    database: '{{ icinga_web__director_database_name }}'
    state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
icinga_web__postgresql__dependent_extensions

Configuration of PostgreSQL extensions for the debops.postgresql Ansible role.

icinga_web__postgresql__dependent_extensions:

  - database: '{{ icinga_web__director_database_name }}'
    extension: 'pgcrypto'
    state: '{{ "present" if icinga_web__director_enabled|bool else "ignore" }}'
icinga_web__mariadb__dependent_databases

Database configuration for the debops.mariadb Ansible role.

icinga_web__mariadb__dependent_databases:

  - name: '{{ icinga_web__database_name }}'
    state: '{{ "present" if icinga_web__database_type == "mariadb" else "ignore" }}'

  - name: '{{ icinga_web__director_database_name }}'
    state: '{{ "present"
                if (icinga_web__director_enabled|bool and icinga_web__director_database_type == "mariadb")
                else "ignore" }}'

  - name: '{{ icinga_web__x509_database_name }}'
    state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
icinga_web__mariadb__dependent_users

User configuration for the debops.mariadb Ansible role.

icinga_web__mariadb__dependent_users:

  - database: '{{ icinga_web__database_name }}'
    user: '{{ icinga_web__database_user }}'
    state: '{{ "present" if icinga_web__database_type == "mariadb" else "ignore" }}'

  - database: '{{ icinga_web__director_database_name }}'
    user: '{{ icinga_web__director_database_user }}'
    state: '{{ "present"
                if (icinga_web__director_enabled|bool and icinga_web__director_database_type == "mariadb")
                else "ignore" }}'

  - database: '{{ icinga_web__x509_database_name }}'
    user: '{{ icinga_web__x509_database_user }}'
    state: '{{ "present" if icinga_web__x509_enabled|bool else "ignore" }}'
icinga_web__php__dependent_packages

List of php-* APT packages to install by the debops.php Ansible role.

icinga_web__php__dependent_packages:
  - 'mysql'
  - 'intl'
  - 'ldap'
  - 'imagick'
  - 'pgsql'
  - 'curl'
  - 'yaml'
  - 'gmp'
icinga_web__php__dependent_pools

PHP-FPM pool configuration for the debops.php Ansible role.

icinga_web__php__dependent_pools:

  - name: 'icingaweb'
    user: 'www-data'
    group: 'www-data'
icinga_web__nginx__dependent_upstreams

Upstream configuration for the debops.nginx Ansible role.

icinga_web__nginx__dependent_upstreams:

  - name: 'php_icingaweb'
    type: 'php'
    php_pool: 'icingaweb'
icinga_web__nginx__dependent_servers

Server configuration for the debops.nginx Ansible role.

icinga_web__nginx__dependent_servers:

  - by_role: 'debops.icinga_web'
    type: 'php'
    name: '{{ icinga_web__fqdn }}'
    root: '/usr/share/icingaweb2/public'
    webroot_create: False
    filename: 'debops.icinga_web'
    php_upstream: 'php_icingaweb'
    php_limit_except: [ 'GET', 'HEAD', 'POST', 'DELETE' ]

    options: |
      if (!-d $request_filename) {
              rewrite ^/(.+)/$ /$1 permanent;
      }

    location_list:

      - pattern: '/'
        options: 'try_files $1 $uri $uri/ /index.php$is_args$args;'