Icinga · mkayontour · Jul 5, 2023 · May 5, 2023 · May 5, 2023 · May 31, 2023
diff --git a/doc/role-icingaweb2/module-director.md b/doc/role-icingaweb2/module-director.md
@@ -0,0 +1,37 @@
+## Module Director
+
+The module Icinga Director provides a management GUI for Icinga 2 DSL.
+
+## Configuration
+
+The general module parameter like `enabled` and `source` can be applied here.
+
+For every config file, create a dictionary with sections as keys and the parameters as values. For all parameters please check the [module documentation](https://icinga.com/docs/icinga-director/latest/doc/03-Automation/)
+
+The database resource won't be created
+as Icinga Web 2 resource, please use the `icingaweb2_resources` variable to define
+the resource.
+
+`import_schema`: Checks for pending migrations on the database and applies them if needed.
+
+`run_kickstart`: Runs kickstart when needed, please make sure the api user is available before.
+
+
+
+```
+icingaweb2_modules:
+  director:
+    enabled: true
+    source: package
+    import_schema: true
+    run_kickstart: true
+    kickstart:
+      config:
+        endpoint: "{{ ansible_fqdn }}"
+        host: 127.0.0.1
+        username: root
+        password: root
+    config:
+      db:
+        resource: director_db
+```
diff --git a/doc/role-icingaweb2/module-icingadb.md b/doc/role-icingaweb2/module-icingadb.md
@@ -0,0 +1,32 @@
+## Module IcingaDB
+
+This module IcingaDB is the replacement for the monitoring module with IcingaDB as database backend.
+
+## Configuration
+
+The general module parameter like `enabled` and `source` can be applied here.
+
+For every config file, create a dictionary with sections as keys and the parameters as values. For all parameters please check the [module documentation](https://icinga.com/docs/icinga-db-web/latest/doc/01-About/)
+
+```
+icingaweb2_modules:
+  icingadb:
+    enabled: true
+    source: package
+    commandtransports:
+      instance01:
+        transport: api
+        host: 127.0.0.1
+        username: root
+        password: root
+    config:
+      icingadb:
+        resource: icingadb
+      redis:
+        tls: '0'
+    redis:
+      redis1:
+        host: "192.168.56.200"
+      redis2:
+        host: "192.168.56.201"
+```
diff --git a/doc/role-icingaweb2/role-icingaweb2.md b/doc/role-icingaweb2/role-icingaweb2.md
@@ -0,0 +1,29 @@
+# Role icinga.icinga.icingaweb2
+
+The role icingaweb2 installs and configures Icinga Web 2 and its modules.
+
+### Modules
+* [Director](./module-director.md)
+* [IcingaDB](./module-icingadb.md)
+* [Monitoring](./module-monitoring.md)
+
+## Variables
+
+### Icinga Web 2 DB Configuration
+
+If you use this configuration it will be your main Icinga Web DB, this means if the variable `icingaweb2_db_import_schema` is used the schema will be imported to this database.
+
+```
+icingaweb2_db:
+  type: mysql
+  name: icingaweb
+  host: 127.0.0.1
+  user: icingaweb
+  password: icingaweb
+```
+
+* `icingaweb2_db_import_schema: boolean`
+  * Decides whether the schema should be imported in the database defined at `icingaweb2_db`. **Default: False**
+
+* `icingaweb2_admin_<username|password>: string`
+  * Set the username and password for the first admin user for Icinga Web 2.
diff --git a/molecule/local-default/collections.yml b/molecule/local-default/collections.yml
@@ -0,0 +1,6 @@
+collections:
+  - name: community.docker
+    version: ">=1.9.0,<2.0.0"
+  - name: community.general
+    version: ">=2,<3"
+  - name: community.mysql
diff --git a/molecule/local-default/converge.yml b/molecule/local-default/converge.yml
@@ -0,0 +1,167 @@
+- name: Converge
+  hosts: all
+  become: true
+  vars:
+    icingaweb2_resources:
+      director_db:
+        type: db
+        db: mysql
+        host: localhost
+        dbname: directordb
+        username: directordb
+        password: directordb
+        charset: utf8
+      icinga_ido:
+        type: db
+        db: mysql
+        host: localhost
+        dbname: icinga
+        username: icinga
+        password: icinga
+        use_ssl: 0
+        charset: utf8
+    icingaweb2_modules:
+      director:
+        enabled: true
+        source: package
+        import_schema: true
+        run_kickstart: true
+        kickstart:
+          config:
+            endpoint: "{{ ansible_fqdn }}"
+            host: 127.0.0.1
+            username: root
+            password: root
+        config:
+          db:
+            resource: director_db
+      icingadb:
+        enabled: true
+        source: package
+        commandtransports:
+          instance01:
+            transport: api
+            host: 127.0.0.1
+            username: root
+            password: root
+        config:
+          icingadb:
+            resource: icingadb
+          redis:
+            tls: '0'
+        redis:
+          redis1:
+            host: "192.168.56.200"
+          redis2:
+            host: "192.168.56.201"
+      monitoring:
+        enabled: false
+        backends:
+          icinga2_ido_mysql:
+            type: ido
+            resource: icinga_ido
+    icingaweb2_roles:
+      my_admins:
+        users:
+          - blubber
+          - robby
+        permissions:
+          - "config/*"
+          - "module/monitoring"
+          - "monitoring/commands/schedule-check"
+        'monitoring/filter/objects': "host_name=*win*"
+    icingaweb2_db:
+      type: mysql
+      name: icingaweb
+      host: 127.0.0.1
+      user: icingaweb
+      password: icingaweb
+    icingaweb2_admin_username: admin
+    icingaweb2_admin_password: admin
+    icingaweb2_db_import_schema: true
+    icingadb_database_import_schema: true
+    mysql_innodb_file_format: barracuda
+    mysql_innodb_large_prefix: 1
+    mysql_innodb_file_per_table: 1
+    mysql_packages:
+      - mariadb-client
+      - mariadb-server
+      - python3-mysqldb
+    mysql_users:
+      - name: directordb
+        host: "%"
+        password: directordb
+        priv: "directordb.*:ALL"
+      - name: icingadb
+        host: "%"
+        password: icingadb
+        priv: "icingadb.*:ALL"
+      - name: icingaweb
+        host: "%"
+        password: icingaweb
+        priv: "icingaweb.*:ALL"
+      - name: icinga
+        host: "%"
+        password: icinga
+        priv: "icinga.*:ALL"
+    mysql_databases:
+      - name: icingaweb
+      - name: icinga
+      - name: directordb
+      - name: icingadb
+        collation: utf8mb4_general_ci
+        encoding: utf8mb4
+    icinga2_confd: true
+    icinga2_features:
+      - name: perfdata
+        host_perfdata_path: "/var/spool/icinga2/perfdata/host-perfdata"
+        service_perfdata_path: "/var/spool/icinga2/perfdata/service-perfdata"
+      - name: gelf
+        host: localhost
+        port: 12201
+      - name: elasticsearch
+        host: localhost
+        port: 9200
+        index: "icinga2"
+        enable_send_perfdata: true
+        flush_interval: 10
+        flush_threshold: 1024
+      - name: opentsdb
+        host: localhost
+        port: 4242
+      - name: icingadb
+        host: 127.0.0.1
+      - name: idomysql
+        host: localhost
+        database: icinga
+        user: icinga
+        password: icinga
+        import_schema: true
+      - name: notification
+      - name: checker
+      - name: influxdb2
+        host: 127.0.0.1
+        port: 8086
+        organization: monitoring
+        bucket: icinga2
+        auth_token: testtoken123
+      - name: mainlog
+      - name: api
+        ca_host: none
+        endpoints:
+          - name: "{{ ansible_fqdn }}"
+        zones:
+          - name: "main"
+            endpoints:
+              - "{{ ansible_fqdn }}"
+    icinga2_config_directories:
+      - zones.d/main/commands
+      - zones.d/main/hosts
+      - zones.d/main/services
+  collections:
+    - icinga.icinga
+  roles:
+    - repos
+    - geerlingguy.mysql
+    - icinga2
+    - icingaweb2
diff --git a/molecule/local-default/host_vars/icinga-default.yaml b/molecule/local-default/host_vars/icinga-default.yaml
@@ -0,0 +1,86 @@
+icinga2_objects:
+  icinga-default:
+    - name: root
+      type: ApiUser
+      file: conf.d/apiusers.conf
+      password: root
+      permissions:
+        - '*'
+# icinga2_custom_config:
+#   - name: icinga2_command
+#     path: zones.d/main/commands/custom_commands.conf
+#
+#
+# icinga2_objects:
+#   icinga-default:
+#     - name: eventcommand-test
+#       type: EventCommand
+#       file: zones.d/main/eventcommand.conf
+#       command: [ ConfigDir + /scripts/eventcommand.sh ]
+#     - name: scheduled-downtime-test
+#       type: ScheduledDowntime
+#       file: zones.d/main/ScheduledDowntime.conf
+#       host_name: agent.localdomain
+#       author: icingaadmin
+#       comment: "Downtime"
+#       fixed: false
+#       duration: 30m
+#       ranges:
+#         sunday: 02:00-03:00
+#     - name: dependency-test
+#       type: Dependency
+#       file: zones.d/main/dependencies.conf
+#       apply: true
+#       apply_target: Host
+#       parent_host_name: agent.localdomain
+#       disable_checks: true
+#       disable_notifications: true
+#       states:
+#         - Up
+#       assign:
+#         - host.name == test.localdomain
+#     - name: agent.localdomain
+#       type: Endpoint
+#       file: zones.d/main/hosts/agent.localdomain.conf
+#     - name: agent.localdomain
+#       type: Zone
+#       file: zones.d/main/hosts/agent.localdomain.conf
+#       parent: main
+#       endpoints:
+#         - agent.localdomain
+#     - name: agent.localdomain
+#       type: Host
+#       file: zones.d/main/hosts/agent.localdomain.conf
+#       check_command: hostalive
+#       address: 127.0.0.1
+#       check_interval: 3m
+#     - name: generic-service
+#       type: Service
+#       file: zones.d/main/services/services.conf
+#       template: true
+#       check_interval: 300s
+#       retry_interval: 30s
+#       order: 1
+#     - name: 'ping /'
+#       type: Service
+#       apply: true
+#       file: zones.d/main/services/services.conf
+#       imports:
+#         - generic-service
+#       check_command: ping4
+#       assign:
+#         - host.address
+#       ignore:
+#         - match(no*, host.name)
+#     - name: group-ping
+#       type: ServiceGroup
+#       file: zones.d/main/servicegroups.conf
+#       display_name: "Ping Services"
+#       assign:
+#         - match(ping*, service.check_command)
+#     - name: group-linux
+#       type: HostGroup
+#       file: zones.d/main/hostgroups.conf
+#       display_name: Linux Hosts
+#       assign:
+#         - match(linux, host.vars.os)
diff --git a/molecule/local-default/molecule.yml b/molecule/local-default/molecule.yml
@@ -0,0 +1,21 @@
+dependency:
+  name: galaxy
+
+
+driver:
+  name: vagrant
+
+platforms:
+  - name: icinga-default
+    box: ubuntu/jammy64
+    memory: 512
+    cpus: 1
+    interfaces:
+      - network_name: private_network
+        ip: 192.168.56.213
+
+provisioner:
+  name: ansible
+  inventory:
+    link:
+      host_vars: host_vars/
diff --git a/molecule/local-default/prepare.yml b/molecule/local-default/prepare.yml
@@ -0,0 +1,12 @@
+---
+- name: Prepare
+  hosts: all
+  become: yes
+  tasks:
+    - name: Install requirements for Debian
+      apt:
+        name:
+          - gpg
+          - apt-transport-https
+        update_cache: yes
+      when: ansible_os_family == "Debian"