debops.icinga default variables¶
Sections
Upstream configuration, APT packages¶
-
icinga__upstream
¶
Enable or disable support for Icinga 2 upstream packages instead of the ones included in a given OS release.
icinga__upstream: '{{ True
if (ansible_distribution_release in
[ "wheezy", "precise", "trusty" ])
else False }}'
-
icinga__upstream_apt_key_id
¶
The GPG key id of the upstream Icinga 2 APT repository.
icinga__upstream_apt_key_id: 'F51A 91A5 EE00 1AA5 D77D 53C4 C6E3 19C3 3441 0682'
-
icinga__upstream_apt_repo
¶
The sources.list
entry of the upstream Icinga 2 APT repository.
icinga__upstream_apt_repo: 'deb https://packages.icinga.com/{{ icinga__distribution | lower }} icinga-{{ icinga__distribution_release | lower }} main'
-
icinga__distribution
¶
Name of the OS distribution used to select the correct upstream APT repository.
icinga__distribution: '{{ ansible_local.core.distribution|d(ansible_distribution) }}'
-
icinga__distribution_release
¶
Name of the OS release used to select the correct upstream APT repository.
icinga__distribution_release: '{{ ansible_local.core.distribution_release|d(ansible_distribution_release) }}'
-
icinga__version
¶
The version of the installed Icinga 2 package, detected by the Ansible local fact script. This variable can be used in conditional Icinga 2 configuration.
icinga__version: '{{ ansible_local.icinga.version|d("0.0.0") }}'
-
icinga__base_packages
¶
List of APT packages to install for Icinga 2 support.
icinga__base_packages:
- 'icinga2'
- 'ssl-cert'
- 'monitoring-plugins'
- 'nagios-plugins-contrib'
-
icinga__packages
¶
List of additional APT packages to install with Icinga 2.
icinga__packages: []
User and group configuration¶
-
icinga__user
¶
Name of the UNIX system account which is used to run Icinga 2. This account is created by the APT package and you shouldn't change it here.
icinga__user: 'nagios'
-
icinga__group
¶
Name of the UNIX system group which is used to run Icinga 2. This group is created by the APT package and you shouldn't change it here.
icinga__group: 'nagios'
-
icinga__additional_groups
¶
List of additional UNIX groups which the Icinga 2 user should be a member of.
icinga__additional_groups:
- 'ssl-cert'
- '{{ ansible_local.proc_hidepid.group
if (ansible_local.proc_hidepid.group|d() and
(ansible_local.proc_hidepid.enabled|d())|bool)
else [] }}'
Network, DNS configuration, API configuration¶
-
icinga__fqdn
¶
The Fully Qualified Domain Name of this Icinga 2 node. This variable is used during the node registration in the Icinga 2 Director and in the zone configuration.
icinga__fqdn: '{{ ansible_fqdn }}'
-
icinga__display_name
¶
The short display name of this Icinga 2 node. This variable is used during the node registration in the Icinga 2 Director and in the zone configuration.
icinga__display_name: '{{ (inventory_hostname_short | d(inventory_hostname.split(".")[0]))
if (inventory_hostname_short | d(inventory_hostname.split(".")[0]) != "localhost")
else ansible_hostname }}'
-
icinga__ipv4_address
¶
The IPv4 address (or FQDN used to lookup the IPv4 address) of this Icinga 2 node. This variable is used during the node registration in the Icinga 2 Director (and will be used to contact the node for monitoring purposes).
icinga__ipv4_address: '{{ ansible_default_ipv4.address
| d(ansible_all_ipv4_addresses | d([]) | first)
| d(icinga_fqdn) }}'
-
icinga__ipv6_address
¶
The IPv6 address (or FQDN used to lookup the IPv4 address) of this Icinga 2 node. This variable is used during the node registration in the Icinga 2 Director (and will be used to contact the node for monitoring purposes).
icinga__ipv6_address: '{{ ansible_default_ipv6.address
| d(ansible_all_ipv6_addresses | d([]) | first)
| d(omit, true) }}'
-
icinga__domain
¶
The main DNS domain used by the role to configure Icinga 2.
icinga__domain: '{{ ansible_domain }}'
-
icinga__master_nodes
¶
List which contains the result of the DNS query for Icinga 2 master node
SRV
resource records in the host's domain. This is a DebOps-specific
feature, which does not have a corresponding RFC.
See DNS SRV records for details if you want to specify this list manually.
icinga__master_nodes: '{{ q("debops.debops.dig_srv", "_icinga-master._tcp." + icinga__domain,
"icinga-master." + icinga__domain, icinga__api_port) }}'
-
icinga__master_delegate_to
¶
The host to which tasks that must execute on the master node will be delegated.
It's used when icinga__master_*_configuration
is set and configuration
files are written on the master node.
icinga__master_delegate_to: '{{ icinga__master_nodes[0]["target"] }}'
-
icinga__director_nodes
¶
List which contains the result of the DNS query for Icinga 2 director node
SRV
resource records in the host's domain. This is a DebOps-specific
feature, which does not have a corresponding RFC.
Only the first entry in the list will be used to register a node.
See DNS SRV records for details if you want to specify this list manually.
icinga__director_nodes: '{{ q("debops.debops.dig_srv", "_icinga-director._tcp." + icinga__domain,
"icinga-director." + icinga__domain, 443) }}'
-
icinga__node_type
¶
Specify the type of this Icinga 2 node, either master
or client
.
Master nodes are not registered automatically in the Icinga 2 Director, and have the default API user configured automatically.
Client nodes are registered in the Icinga 2 Director if one is available.
icinga__node_type: '{{ "master"
if (icinga__fqdn in
(icinga__master_nodes | map(attribute="target")) or
not icinga__director_enabled|bool)
else "client" }}'
-
icinga__allow
¶
List of IP addresses or subnets that are allowed to talk to the Icinga 2 Agent over the network, configured on all hosts in the Ansible inventory. If no entries are specified, access through the firewall is disabled.
icinga__allow: []
-
icinga__group_allow
¶
List of IP addresses or subnets that are allowed to talk to the Icinga 2 Agent over the network, configured on hosts in a specific Ansible inventory group. If no entries are specified, access through the firewall is disabled.
icinga__group_allow: []
-
icinga__host_allow
¶
List of IP addresses or subnets that are allowed to talk to the Icinga 2 Agent over the network, configured on specific hosts in the Ansible inventory. If no entries are specified, access through the firewall is disabled.
icinga__host_allow: []
-
icinga__api_listen
¶
IP address on which the Icinga 2 REST API should listen. Defaults to all IPv4 and IPv6 addresses.
icinga__api_listen: '::'
-
icinga__api_port
¶
The TCP port on which the Icinga 2 REST API should listen.
icinga__api_port: '5665'
-
icinga__api_user
¶
The default user account for the REST API with superuser privileges. This account will be defined only on the master Icinga 2 nodes.
This account is used by the debops.icinga_web Ansible role to perform
the configuration kickstart and to access the Icinga REST API. It should be
synchronized with the corresponding icinga_web__icinga_api_user
variable.
icinga__api_user: 'root'
-
icinga__api_password
¶
The password for the Icinga 2 REST API "root" account. It will be generated
only on the master Icinga 2 nodes. It should be synchronized with the
corresponding icinga_web__icinga_api_password
variable.
icinga__api_password: '{{ lookup("password", secret + "/icinga/api/"
+ icinga__fqdn + "/credentials/"
+ icinga__api_user + "/password")
if (icinga__node_type == "master")
else "" }}'
-
icinga__api_permissions
¶
List of the default permissions for the "root" account accessible via the REST API.
icinga__api_permissions: [ '*' ]
Icinga 2 Director options¶
-
icinga__director_enabled
¶
Enable or disable support for the Icinga 2 Director configuration. Support
will be automatically enabled if DNS SRV
records exist for the Icinga 2
master and director nodes.
See DNS SRV records for more details.
icinga__director_enabled: '{{ True
if (icinga__master_nodes[0]["dig_srv_src"]|d("") != "fallback" and
icinga__director_nodes[0]["dig_srv_src"]|d("") != "fallback")
else False }}'
-
icinga__director_register
¶
Enable or disable automatic registration of configured hosts in Icinga 2 Director.
icinga__director_register: '{{ True
if (icinga__director_enabled|bool)
else False }}'
-
icinga__director_register_api_fqdn
¶
The Fully Qualified Domain Name of the Icinga 2 Director host where a given
host will be registered. The address will be found using DNS SRV
records
by default. See DNS SRV records for more details.
icinga__director_register_api_fqdn: '{{ icinga__director_nodes[0]["target"] }}'
-
icinga__director_register_api_url
¶
The URL of the Icinga 2 Director REST API which will be used to register the host in Icinga 2 Director.
icinga__director_register_api_url: 'https://{{ icinga__director_register_api_fqdn }}/director/host'
-
icinga__director_register_api_user
¶
The user account in the Icinga 2 Director REST API which will be used for
host registration. This variable corresponds to the
icinga_web__director_api_user
variable.
icinga__director_register_api_user: 'director-api'
-
icinga__director_register_api_password
¶
The password of the Icinga 2 Director REST API user used to register the host
in Icinga. This variable corresponds to the
icinga_web__director_api_password
variable.
icinga__director_register_api_password: '{{ lookup("password", secret + "/icinga_web/api/"
+ icinga__director_register_api_fqdn + "/credentials/"
+ icinga__director_register_api_user + "/password") }}'
-
icinga__director_register_default_templates
¶
List of default host templates to use for a given host during registration. The templates need to be prepared beforehand in the Icinga 2 Director.
icinga__director_register_default_templates:
- 'icinga-agent-host'
-
icinga__director_register_templates
¶
List of host templates to use for a given host during registration. These templates are used for all hosts in the Ansible inventory. The templates need to be prepared beforehand in the Icinga 2 Director.
icinga__director_register_templates: []
-
icinga__director_register_group_templates
¶
List of host templates to use for a given host during registration. These templates are used for hosts in a specific Ansible inventory group. The templates need to be prepared beforehand in the Icinga 2 Director.
icinga__director_register_group_templates: []
-
icinga__director_register_host_templates
¶
List of host templates to use for a given host during registration. These templates are used for specific hosts in the Ansible inventory. The templates need to be prepared beforehand in the Icinga 2 Director.
icinga__director_register_host_templates: []
-
icinga__director_register_default_vars
¶
YAML dictionary that contains default environment variables defined for a given host during registration. The key is the variable name, and the value is the variable value.
icinga__director_register_default_vars:
'ansible_managed': True
-
icinga__director_register_vars
¶
YAML dictionary that contains environment variables defined for a given host during registration. These variables will be set for all hosts in the Ansible inventory. The key is the variable name, and the value is the variable value.
icinga__director_register_vars: {}
-
icinga__director_register_group_vars
¶
YAML dictionary that contains environment variables defined for a given host during registration. These variables will be set for hosts in a specific Ansible inventory group. The key is the variable name, and the value is the variable value.
icinga__director_register_group_vars: {}
-
icinga__director_register_host_vars
¶
YAML dictionary that contains environment variables defined for a given host during registration. These variables will be set for specific hosts in the Ansible inventory. The key is the variable name, and the value is the variable value.
icinga__director_register_host_vars: {}
-
icinga__director_register_host_object
¶
The host object data passed to the Icinga 2 Director via the REST API during host registration.
icinga__director_register_host_object:
object_type: 'object'
object_name: '{{ icinga__fqdn }}'
display_name: '{{ icinga__display_name }}'
address: '{{ icinga__ipv4_address }}'
address6: '{{ icinga__ipv6_address }}'
imports: '{{ q("flattened",
(icinga__director_register_default_templates
+ icinga__director_register_templates
+ icinga__director_register_group_templates
+ icinga__director_register_host_templates)) }}'
vars: '{{ icinga__director_register_default_vars
| combine(icinga__director_register_vars,
icinga__director_register_group_vars,
icinga__director_register_host_vars) }}'
-
icinga__director_deploy
¶
Enable or disable automatic deployment of new Icinga configuration via Icinga 2 Director. The deployment will be triggered only once if any host on the current run is registered in Icinga.
icinga__director_deploy: '{{ True
if (icinga__director_register|bool)
else False }}'
-
icinga__director_deploy_api_fqdn
¶
The Fully Qualified Domain Name of the Icinga 2 Director host where the deployment will be performed. The address will be found using DNS SRV records by default. See DNS SRV records for more details.
icinga__director_deploy_api_fqdn: '{{ icinga__director_nodes[0]["target"] }}'
-
icinga__director_deploy_api_url
¶
The REST API URL used to execute new configuration deployment.
icinga__director_deploy_api_url: 'https://{{ icinga__director_deploy_api_fqdn }}/director/config/deploy'
-
icinga__director_deploy_api_user
¶
The user account in the Icinga 2 Director REST API which will be used for
configuration deployment. This variable corresponds to the
icinga_web__director_api_user
variable.
icinga__director_deploy_api_user: 'director-api'
-
icinga__director_deploy_api_password
¶
The password of the Icinga 2 Director REST API user used to perform the
configuration deployment. This variable corresponds to the
icinga_web__director_api_password
variable.
icinga__director_deploy_api_password: '{{ lookup("password", secret + "/icinga_web/api/"
+ icinga__director_deploy_api_fqdn + "/credentials/"
+ icinga__director_deploy_api_user + "/password") }}'
DebOps PKI support¶
-
icinga__pki_enabled
¶
Enable or disable support for DebOps PKI. If disabled, Icinga will be configured with the default certificate and key paths, but no further configuration will be done to create the internal PKI.
icinga__pki_enabled: '{{ True
if (ansible_local|d() and ansible_local.pki|d() and
(ansible_local.pki.enabled|d())|bool)
else False }}'
-
icinga__pki_path
¶
The base path where the PKI realms are located.
icinga__pki_path: '{{ ansible_local.pki.path|d("/etc/pki/realms") }}'
-
icinga__pki_realm
¶
Name of the PKI realm to use for Icinga REST API.
icinga__pki_realm: '{{ ansible_local.pki.realm|d("domain") }}'
-
icinga__pki_ca
¶
Name of the file which contains the Root Certificate Authority certificate.
icinga__pki_ca: '{{ ansible_local.pki.ca|d("CA.crt") }}'
-
icinga__pki_crt
¶
Name of the file which contains the server certificate.
icinga__pki_crt: '{{ ansible_local.pki.crt|d("default.crt") }}'
-
icinga__pki_key
¶
Name of the file which contains the private key.
icinga__pki_key: '{{ ansible_local.pki.key|d("default.key") }}'
-
icinga__pki_cert_path
¶
Absolute path of the X.509 server certificate used by Icinga.
icinga__pki_cert_path: '{{ icinga__pki_path + "/" + icinga__pki_realm
+ "/" + icinga__pki_crt }}'
-
icinga__pki_key_path
¶
Absolute path of the X.509 private key used by Icinga.
icinga__pki_key_path: '{{ icinga__pki_path + "/" + icinga__pki_realm
+ "/" + icinga__pki_key }}'
-
icinga__pki_ca_path
¶
Absolute path of the Root Certificate Authority used by Icinga.
icinga__pki_ca_path: '{{ icinga__pki_path + "/" + icinga__pki_realm
+ "/" + icinga__pki_ca }}'
Icinga configuration files¶
These lists manage the files and directories stored in the
/etc/icinga2/
directory. See the icinga__configuration for
more details.
-
icinga__default_configuration
¶
The default Icinga configuration files defined by the role.
icinga__default_configuration:
- name: 'icinga2.conf'
divert: True
comment: |
Icinga 2 configuration file
- this is where you define settings for the Icinga application including
which hosts/services to check.
For an overview of all available configuration options please refer
to the documentation that is distributed as part of Icinga 2.
options:
- name: 'constants'
comment: 'The constant.conf defines global constants.'
value: |
include "constants.conf"
state: 'present'
- name: 'zones'
comment: |
The zones.conf defines zones for a cluster setup.
Not required for single instance setups.
value: |
include "zones.conf"
state: 'present'
- name: 'itl'
comment: |
The Icinga Template Library (ITL) provides a number of useful templates
and command definitions.
Common monitoring plugin command definitions are included separately.
value: |
include <itl>
include <plugins>
include <plugins-contrib>
include <manubulon>
state: 'present'
- name: 'windows_plugins'
comment: |
This includes the Icinga 2 Windows plugins. These command definitions
are required on a master node when a client is used as command endpoint.
value: |
include <windows-plugins>
state: 'present'
- name: 'nscp'
comment: |
This includes the NSClient++ check commands. These command definitions
are required on a master node when a client is used as command endpoint.
value: |
include <nscp>
state: 'present'
- name: 'features_enabled'
comment: |
The features-available directory contains a number of configuration
files for features which can be enabled and disabled using the
icinga2 feature enable / icinga2 feature disable CLI commands.
These commands work by creating and removing symbolic links in
the features-enabled directory.
value: |
include "features-enabled/*.conf"
state: 'present'
- name: 'repository.d'
comment: |
The repository.d directory contains all configuration objects
managed by the 'icinga2 repository' CLI commands.
value: |
include_recursive "repository.d"
state: '{{ "absent"
if (icinga__version is version("2.8.0", ">="))
else "present" }}'
- name: 'conf.d'
comment: |
Although in theory you could define all your objects in this file
the preferred way is to create separate directories and files in the conf.d
directory. Each of these files must have the file extension ".conf".
value: |
include_recursive "conf.d"
state: '{{ "absent" if (icinga__director_enabled|bool) else "present" }}'
- name: 'api_users'
comment: |
Read the API User objects on master node.
value: |
include "conf.d/api-users.conf"
state: '{{ "present"
if (icinga__director_enabled|bool and
icinga__node_type == "master")
else "absent" }}'
- name: 'zones.conf'
divert: True
comment: |
Endpoint and Zone configuration for a cluster setup
This local example requires 'NodeName' defined in
constants.conf
options:
- name: 'object_master'
value: |
{% for record in icinga__master_nodes %}
{% if record.target|d() %}
object Endpoint "{{ record.target | regex_replace('\.$','') }}" {
host = "{{ record.target | regex_replace('\.$','') }}"
port = "{{ record.port }}"
}
{% endif %}
{% endfor %}
object Zone "master" {
endpoints = [ "{{ icinga__master_nodes | map(attribute='target') | join('", "') }}" ]
}
state: '{{ "present"
if (icinga__node_type != "master" and
icinga__master_nodes[0]["dig_srv_src"]|d("") != "fallback")
else "absent" }}'
- name: 'object_node'
value: |
object Endpoint NodeName {
host = NodeName
}
object Zone ZoneName {
endpoints = [ NodeName ]
{% if (icinga__director_enabled|bool and icinga__node_type != 'master') %}
parent = "master"
{% endif %}
}
state: 'present'
- name: 'object_global_templates'
value: |
object Zone "global-templates" {
global = true
}
state: 'present'
- name: 'object_director_global'
value: |
object Zone "director-global" {
global = true
}
state: '{{ "present" if (icinga__director_enabled|bool) else "absent" }}'
- name: 'conf.d/api-users.conf'
comment: 'The APIUser objects are used for authentication against the API.'
group: '{{ icinga__group }}'
mode: '0640'
no_log: '{{ debops__no_log | d(True) }}'
state: '{{ "present"
if (icinga__node_type == "master")
else "absent" }}'
options:
- name: 'api_user_root'
value: |
object ApiUser "{{ icinga__api_user }}" {
password = "{{ icinga__api_password }}"
permissions = [ "{{ icinga__api_permissions | join('", "') }}" ]
}
state: 'present'
- name: 'features-available/api.conf'
divert: True
comment: 'The API listener is used for distributed monitoring setups.'
value: |
object ApiListener "api" {
bind_host = "{{ icinga__api_listen }}"
bind_port = {{ icinga__api_port }}
{% if icinga__pki_enabled|bool %}
cert_path = "{{ icinga__pki_cert_path }}"
key_path = "{{ icinga__pki_key_path }}"
ca_path = "{{ icinga__pki_ca_path }}"
{% else %}
cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
{% endif %}
accept_config = {{ 'false' if (icinga__director_enabled|bool and icinga__node_type == 'master') else 'true' }}
accept_commands = {{ 'false' if (icinga__director_enabled|bool and icinga__node_type == 'master') else 'true' }}
ticket_salt = TicketSalt
}
state: 'present'
feature_name: 'api'
feature_state: 'present'
- name: 'features-available/notification.conf'
divert: True
state: '{{ "init" if (icinga__node_type == "master") else "feature" }}'
feature_name: 'notification'
feature_state: '{{ "present" if (icinga__node_type == "master") else "absent" }}'
- name: 'features-available/checker.conf'
divert: True
state: '{{ "init" if (icinga__node_type == "master") else "feature" }}'
feature_name: 'checker'
feature_state: '{{ "present" if (icinga__node_type == "master") else "absent" }}'
-
icinga__configuration
¶
List of the Icinga configuration files managed on all hosts in the Ansible inventory.
icinga__configuration: []
-
icinga__group_configuration
¶
List of the Icinga configuration files managed on hosts in a specific Ansible inventory group.
icinga__group_configuration: []
-
icinga__host_configuration
¶
List of the Icinga configuration files managed on specific hosts in the Ansible inventory.
icinga__host_configuration: []
-
icinga__dependent_configuration
¶
List of the Icinga configuration files defined by other Ansible roles using role-dependent variables. See Usage as a role dependency for more details about the usage.
icinga__dependent_configuration: []
-
icinga__dependent_configuration_filter
¶
Variable which contains the parsed list of Icinga configuration files defined by other Ansible roles.
icinga__dependent_configuration_filter: '{{ lookup("template",
"lookup/icinga__dependent_configuration_filter.j2")
| from_yaml }}'
-
icinga__combined_configuration
¶
Variable which combines all of the other Icinga configuration lists and is used in the role tasks.
icinga__combined_configuration: '{{ icinga__default_configuration
+ icinga__dependent_configuration_filter
+ icinga__configuration
+ icinga__group_configuration
+ icinga__host_configuration }}'
Icinga master node's configuration files¶
These lists manage the files and directories stored in the
/etc/icinga2/zones.d/
directory on the Icinga master node.
It may be used when the setup of an Icinga agent needs to add config files
to the master node. It's useful when Director module is not used and
Icinga objects (Zone, Endpoint, Host, ...) need to be defined both
on the agent and the master nodes.
The syntax for icinga__master_*_configuration
variables is the
same as icinga__configuration.
-
icinga__master_configuration
¶
List of the Icinga configuration files defined on the master node for every host.
icinga__master_configuration: []
-
icinga__master_group_configuration
¶
List of the Icinga configuration files defined on the master node for hosts in a specific Ansible inventory group.
icinga__master_group_configuration: []
-
icinga__master_host_configuration
¶
List of the Icinga configuration files defined on the master node for specific hosts in the Ansible inventory.
icinga__master_host_configuration: []
-
icinga__master_combined_configuration
¶
Variable which combines Icinga master node configuration from previous variables.
icinga__master_combined_configuration: '{{ icinga__master_configuration
+ icinga__master_group_configuration
+ icinga__master_host_configuration }}'
Custom files managed with Icinga¶
These lists can be used to manage custom files (by default scripts) on the hosts along with Icinga. See icinga__custom_files for more details.
-
icinga__custom_files
¶
List of custom files managed on all hosts in the Ansible inventory.
icinga__custom_files: []
-
icinga__group_custom_files
¶
List of custom files managed on hosts in a specific Ansible inventory group.
icinga__group_custom_files: []
-
icinga__host_custom_files
¶
List of custom files managed on specific hosts in the Ansible inventory.
icinga__host_custom_files: []
Configuration for other Ansible roles¶
-
icinga__apt_preferences__dependent_list
¶
Configuration for the debops.apt_preferences Ansible role.
icinga__apt_preferences__dependent_list:
- packages: [ 'icinga2', 'icinga2*', 'icingaweb2', 'icingaweb2*', 'libicinga2',
'monitoring-plugins', 'monitoring-plugins*',
'nagios-plugins', 'nagios-plugins*' ]
backports: [ 'jessie' ]
reason: 'Parity with Debian Stretch release'
by_role: 'debops_icinga'
-
icinga__etc_services__dependent_list
¶
Configuration for the debops.etc_services Ansible role.
icinga__etc_services__dependent_list:
- name: 'icinga-api'
port: '{{ icinga__api_port }}'
comment: 'Icinga 2 REST API'
-
icinga__keyring__dependent_apt_keys
¶
Configuration for the debops.keyring Ansible role.
icinga__keyring__dependent_apt_keys:
- id: '{{ icinga__upstream_apt_key_id }}'
repo: '{{ icinga__upstream_apt_repo }}'
state: '{{ "present" if icinga__upstream|bool else "absent" }}'
-
icinga__ferm__dependent_rules
¶
Configuration for the debops.ferm Ansible role.
icinga__ferm__dependent_rules:
- type: 'accept'
dport: [ 'icinga-api' ]
saddr: '{{ icinga__allow + icinga__group_allow + icinga__host_allow }}'
accept_any: False
weight: '40'
by_role: 'icinga'
name: 'icinga_api'
-
icinga__unattended_upgrades__dependent_origins
¶
List of origin patterns managed by the debops.unattended_upgrades role.
icinga__unattended_upgrades__dependent_origins:
- origin: 'site=packages.icinga.com'
by_role: 'debops.icinga'
state: '{{ "present" if icinga__upstream|bool else "absent" }}'