Skip to content

Commit e29bea9

Browse files
losten-gitDonien
andcommitted
Add ability to add more users to Icinga Web
This commit allows for the use of `icingaweb2_users` to create more Icinga Web users other than the default admin. Also, the 'recreation' of users is possible, meaning they can be reactivated or/and their passwords reset. Co-authored-by: Donien <[email protected]>
1 parent d9efd5c commit e29bea9

14 files changed

+174
-174
lines changed
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
---
2+
minor_changes:
3+
- Add the ability to create additional Icinga Web 2 users - Thanks @losten-git

doc/role-icingaweb2/role-icingaweb2.md

+15
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,21 @@ icingaweb2_db:
3232
* `icingaweb2_admin_<username|password>: string`
3333
* Set the username and password for the first admin user for Icinga Web 2.
3434

35+
* `icingaweb2_admin_recreate: boolean`
36+
* Recreate can be used to change the password of the admin. **Default: False**
37+
38+
In addition to the Icinga Web 2 Admin, other users can be configured by defining `icingaweb2_users`.<br>
39+
The `recreate` parameter can be used to change passwords or to enable the user if he has been disabled. **Default: False**
40+
41+
```yaml
42+
icingaweb2_users:
43+
- username: 'foo'
44+
password: 'bar'
45+
recreate: true
46+
- username: webadmin
47+
[...]
48+
```
49+
3550
### Resources
3651

3752
Besides the standard Icinga Web 2 database you may configure additional resources for IcingaDB or automated imports.

roles/icingaweb2/defaults/main.yml

+1
Original file line numberDiff line numberDiff line change
@@ -41,3 +41,4 @@ icingaweb2_config:
4141
themes:
4242
default: Icinga
4343
icingaweb2_cli: icingacli
44+
icingaweb2_users: []

roles/icingaweb2/tasks/main.yml

+4-2
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,10 @@
4040
ansible.builtin.include_tasks: "manage_icingaweb_config.yml"
4141

4242
- name: Manage Icinga Web 2 DB
43-
ansible.builtin.include_tasks: "manage_icingaweb_{{ icingaweb2_db.type }}_db.yml"
44-
when: icingaweb2_db is defined
43+
ansible.builtin.include_tasks: "manage_icingaweb_db.yml"
44+
when:
45+
- icingaweb2_db is defined
46+
- (icingaweb2_db_import_schema | default(false)) or (icingaweb2_users is defined) or (icingaweb2_admin_username is defined)
4547

4648
- name: Manage module states
4749
ansible.builtin.file:
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
---
2+
3+
- name: Prepare database
4+
ansible.builtin.include_tasks: "{{ icingaweb2_db.type | default('mysql') }}/prepare_db.yml"
5+
6+
- name: Import database schema
7+
ansible.builtin.include_tasks: "{{ icingaweb2_db.type | default('mysql') }}/import_db.yml"
8+
when: icingaweb2_db_import_schema | default(false)
9+
10+
- name: Add admin to users list
11+
ansible.builtin.set_fact:
12+
icingaweb2_users: "{{ icingaweb2_users + [_current_user]}}"
13+
vars:
14+
_current_user:
15+
username: "{{ icingaweb2_admin_username }}"
16+
password: "{{ icingaweb2_admin_password }}"
17+
recreate: "{{ icingaweb2_admin_recreate | default(false) }}"
18+
when:
19+
- icingaweb2_admin_username is defined
20+
- icingaweb2_admin_password is defined
21+
22+
- name: Add Icinga web 2 users
23+
ansible.builtin.include_tasks: "{{ icingaweb2_db.type | default('mysql') }}/users_db.yml"
24+
loop: "{{ icingaweb2_users }}"
25+
loop_control:
26+
loop_var: _current_user
27+
when: icingaweb2_users | length > 0

roles/icingaweb2/tasks/manage_icingaweb_mysql_db.yml

-70
This file was deleted.

roles/icingaweb2/tasks/manage_icingaweb_pgsql_db.yml

-64
This file was deleted.

roles/icingaweb2/tasks/manage_mysql_imports.yml

-38
This file was deleted.
+16
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
---
2+
3+
- name: MySQL check for icingaweb db schema
4+
ansible.builtin.shell: >
5+
{{ _tmp_mysqlcmd }}
6+
-Ns -e "select * from icingaweb_user"
7+
failed_when: false
8+
changed_when: false
9+
check_mode: false
10+
register: _icingaweb2_db_schema
11+
12+
- name: MySQL import icingaweb db schema
13+
ansible.builtin.shell: >
14+
{{ _tmp_mysqlcmd }}
15+
< /usr/share/icingaweb2/schema/mysql.schema.sql
16+
when: _icingaweb2_db_schema.rc != 0
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
---
2+
3+
- name: Check Database Credentials
4+
ansible.builtin.assert:
5+
that:
6+
- icingaweb2_db['user'] is defined
7+
- icingaweb2_db['password'] is defined
8+
fail_msg: "No database credentials defined. Please set icingaweb2_db.<user|password> or a privileged user with icingaweb2_priv_db_<user|password>"
9+
when: icingaweb2_priv_db_password is undefined and icingaweb2_priv_db_user is undefined
10+
11+
- name: Set db user with admin privileges
12+
ansible.builtin.set_fact:
13+
_priv_db_user: "{{ icingaweb2_priv_db_user }}"
14+
_priv_db_pass: "{{ icingaweb2_priv_db_password }}"
15+
when: icingaweb2_priv_db_password is defined and icingaweb2_priv_db_user is defined
16+
17+
- name: Build mysql command
18+
ansible.builtin.set_fact:
19+
_tmp_mysqlcmd: >-
20+
mysql {% if icingaweb2_db['host'] | default('localhost') != 'localhost' %} -h "{{ icingaweb2_db['host'] }}" {%- endif %}
21+
{% if icingaweb2_db['port'] is defined %} -P "{{ icingaweb2_db['port'] }}" {%- endif %}
22+
{% if icingaweb2_db['ssl_mode'] is defined %} --ssl-mode "{{ icingaweb2_db['ssl_mode'] }}" {%- endif %}
23+
{% if icingaweb2_db['ssl_ca'] is defined %} --ssl-ca "{{ icingaweb2_db['ssl_ca'] }}" {%- endif %}
24+
{% if icingaweb2_db['ssl_cert'] is defined %} --ssl-cert "{{ icingaweb2_db['ssl_cert'] }}" {%- endif %}
25+
{% if icingaweb2_db['ssl_key'] is defined %} --ssl-key "{{ icingaweb2_db['ssl_key'] }}" {%- endif %}
26+
{% if icingaweb2_db['ssl_cipher'] is defined %} --ssl-cipher "{{ icingaweb2_db['ssl_cipher'] }}" {%- endif %}
27+
{% if icingaweb2_db['ssl_extra_options'] is defined %} {{ icingaweb2_db['ssl_extra_options'] }} {%- endif %}
28+
-u "{{ icingaweb2_priv_db_user | default(icingaweb2_db['user']) }}"
29+
-p"{{ icingaweb2_priv_db_password | default(icingaweb2_db['password']) }}"
30+
"{{ icingaweb2_db['name'] }}"
+18
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
---
2+
3+
- name: MySQL check for icingaweb db schema
4+
ansible.builtin.shell: >
5+
{{ _tmp_mysqlcmd }}
6+
-Ns -e "select name from icingaweb_user where name like '{{ _current_user.username }}'"
7+
failed_when: false
8+
changed_when: false
9+
check_mode: false
10+
register: _icingaweb2_db_user
11+
12+
- name: Create user in Icinga Web (or reenable user / reset password)
13+
run_once: true
14+
ansible.builtin.shell: >-
15+
echo "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ _current_user.username }}', 1,
16+
'"`php -r 'echo password_hash("{{ _current_user.password }}", PASSWORD_DEFAULT);'`"')
17+
ON DUPLICATE KEY UPDATE active = 1, password_hash = '"`php -r 'echo password_hash("{{ _current_user.password }}", PASSWORD_DEFAULT);'`"'" | {{ _tmp_mysqlcmd }} -Ns
18+
when: (_icingaweb2_db_user.stdout_lines | length <= 0) or (_current_user.recreate is true)
+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
---
2+
3+
- name: PostgreSQL check for icingaweb db schema
4+
ansible.builtin.shell: >
5+
{{ _tmp_pgsqlcmd }}
6+
-w -c "select * from icingaweb_user"
7+
failed_when: false
8+
changed_when: false
9+
check_mode: false
10+
register: _icingaweb2_db_schema
11+
12+
- name: PostgreSQL import icingaweb db schema
13+
ansible.builtin.shell: >
14+
{{ _tmp_pgsqlcmd }}
15+
-w -f /usr/share/icingaweb2/schema/pgsql.schema.sql
16+
when:
17+
- _icingaweb2_db_schema.rc != 0
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
---
2+
3+
- name: Check Database Credentials
4+
ansible.builtin.assert:
5+
that:
6+
- icingaweb2_db['user'] is defined
7+
- icingaweb2_db['password'] is defined
8+
fail_msg: "No database credentials defined. Please set icingaweb2_db.<user|password> or a privileged user with icingaweb2_priv_db_<user|password>"
9+
when: icingaweb2_priv_db_password is undefined and icingaweb2_priv_db_user is undefined
10+
11+
- name: Build psql command
12+
ansible.builtin.set_fact:
13+
_tmp_pgsqlcmd: >-
14+
PGPASSWORD="{{ icingaweb2_priv_db_password | default(icingaweb2_db['password']) }}"
15+
psql
16+
"host={{ icingaweb2_db['host'] }}
17+
{% if icingaweb2_db['port'] is defined %} port={{ icingaweb2_db['port'] }} {%- endif %}
18+
user={{ icingaweb2_priv_db_user | default(icingaweb2_db['user']) }}
19+
dbname={{ icingaweb2_db['name'] }}
20+
{% if icingaweb2_db['ssl_mode'] is defined %} sslmode={{ icingaweb2_db['ssl_mode'] | default('require') }} {%- endif %}
21+
{% if icingaweb2_db['ssl_cert'] is defined %} sslcert={{ icingaweb2_db['ssl_cert'] }} {%- endif %}
22+
{% if icingaweb2_db['ssl_key'] is defined %} sslkey={{ icingaweb2_db['ssl_key'] }} {%- endif %}
23+
{% if icingaweb2_db['ssl_extra_options'] is defined %} {{ icingaweb2_db['ssl_extra_options'] }} {%- endif %}"
+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
---
2+
3+
- name: PostgreSQL check for icingaweb admin user
4+
ansible.builtin.shell: >
5+
LANG=C
6+
{{ _tmp_pgsqlcmd }}
7+
-w -c "select name from icingaweb_user where name like '{{ _current_user.username }}'"
8+
failed_when: false
9+
changed_when: false
10+
check_mode: false
11+
register: _icingaweb2_db_user
12+
13+
- name: Create user in Icinga Web (or reenable user / reset password)
14+
run_once: true
15+
ansible.builtin.shell: >-
16+
echo "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('{{ _current_user.username }}', 1,
17+
'"`php -r 'echo password_hash("{{ _current_user.password }}", PASSWORD_DEFAULT);'`"')
18+
ON CONFLICT (name) DO UPDATE
19+
SET active = 1, password_hash = '"`php -r 'echo password_hash("{{ _current_user.password }}", PASSWORD_DEFAULT);'`"'" | {{ _tmp_pgsqlcmd }} -w
20+
when: ("(0 rows)" in _icingaweb2_db_user.stdout_lines) or (_current_user.recreate is true)

0 commit comments

Comments
 (0)