Lint the whole collection and introduce a common style

changelogs/fragments/feature_add_x509_module_installation.yml

@@ -0,0 +1,3 @@
+---
+major_changes:
+  - Added Installation of x509 certificate monitoring model

doc/getting-started.md

@@ -1,11 +1,19 @@
 ### Getting Started
 
-The collection includes two roles in the current version.
+The collection includes six roles in the current version.
 
 * icinga.repos: Role to manage repositories
   * [Documentation: doc/role-repos](role-repos/role-repos.md)
 * icinga.icinga2: Role to install and manage Icinga 2 instances.
   * [Documentation: doc/role-icinga2](role-icinga2/role-icinga2.md)
+* icinga.icingadb: Role to install and manage IcingaDB, Icinga2's new data backend.
+  * [Documentation: doc/role-icingadb](role-icingadb/role-icingadb.md)
+* icinga.icingadb_redis: Role to install and manage Redis, IcingaDB's cache backend.
+  * [Documentation: doc/role-icingadb_redis](role-icingadb_redis/role-icingadb_redis.md)
+* icinga.icingaweb2: Role to install and manage Icinga Web 2.
+  * [Documentation: doc/role-icingaweb2](role-icingaweb2/role-icingaweb2.md)
+* icinga.monitoring_plugins: Role to install and manage Icinga2 compatible monitoring plugins.
+  * [Documentation: doc/role-monitoring_plugins](role-monitoring_plugins/role-monitoring_plugins.md)
 
 
 ---
@@ -39,6 +47,36 @@ ansible-galaxy collection build ansible-collection-icinga
 ansible-galaxy collection install icinga-icinga-0.3.0.tar.gz
 ```
 
+## Databases
+
+Icinga2 relies on relational databases for many parts of its functionality. **None** of those databases get installed by the roles. You need to install and configure them yourself. For doing so, there are many ways available, e.g. the Ansible role [geerlingguy.mysql](https://galaxy.ansible.com/geerlingguy/mysql) for MySQL flavours (both MySQL and MariaDB) or [geerlingguy.postgresql](https://galaxy.ansible.com/geerlingguy/postgresql) for PostGresQL:
+
+```yaml
+- name: Configure databases for Icinga2
+  hosts: database
+  vars:
+    mysql_databases:
+      - name: icingadb
+      - name: icingaweb
+      - name: vspheredb
+        encoding: utf8mb4
+        collation: utf8mb4_unicode_ci
+      - name: director
+    mysql_users:
+      - name: icingadb-user
+        host: localhost
+        password: icingadb-password
+        priv: "icingadb.*:ALL"
+    [...]
+  roles:
+    - role: geerlingguy.mysql
+```
+
+> [!NOTE]
+> Schema migrations needed for the respective Icinga components to work will be handled either by the respective roles or by the Icinga components themselves.
+
+
+
 ## Example Playbooks
 
 This is an example on how to install an Icinga 2 server/master instance.

doc/role-icingadb/role-icingadb.md

@@ -5,7 +5,12 @@ This role installs and configures the IcingaDB daemon. In addition it can also i
 It serves as the official, more performant successor to Icinga IDO. More information about its purpose and design can be found [in the official documentation](https://icinga.com/docs/icinga-db/latest/doc/01-About/).
 
 
-> :information_source: In many scenarios you want to install the [icingadb_redis role](../role-icingadb_redis/) together with this role. It is part of this collection, too.
+> [!TIP]
+> In many scenarios you want to install the [icingadb_redis role](../role-icingadb_redis/) together with this role. It is part of this collection, too.
+
+## Database
+
+IcingaDB relies on a relational database to persist received data. This database **won't** be created by this role - you need to deploy and configure one in advance. For more information, see the [Databases](../getting-started.md#databases) section in the getting started guide.
 
 ## Variables
 

doc/role-icingaweb2/module-x509.md

@@ -0,0 +1,95 @@
+## Module x509
+
+### Variables and Configuration
+
+The general module parameter like `enabled` and `source` can be applied here.
+
+| Variable | Value      |
+|----------|------------|
+| enabled  | true/false |
+| source   | package    |
+
+#### Section configuration
+
+The backend database for the module needs to be available and configured at the `icingaweb2_resources` variable.
+
+```
+icingaweb2_modules:
+  x509:
+    source: package
+    enabled: true
+    config:
+      backend:
+        resource: x509
+```
+
+#### Configure SNI Names.
+
+To configure SNIs for a IP address, use the dictionary `sni`.
+
+Example:
+
+```
+icingaweb2_modules:
+  x509:
+    source: package
+    enabled: true
+    config:
+      backend:
+        resource: x509
+    sni:
+      192.168.56.213:
+        hostnames:
+          - icinga.com
+          - test2.icinga.com
+```
+
+#### Import Certificates
+
+To import certificates use the **list** `certificate_files` all files need to be
+available locally beforehand.
+
+```
+icingaweb2_modules:
+  x509:
+    source: package
+    enabled: true
+    config:
+      backend:
+        resource: x509
+    certificate_files:
+      - /etc/ssl/certs/ca-certificates.crt
+```
+
+#### Database Schema Setup
+
+To import the database schema use `database` dictionary with the following variables.
+
+| Variable | Type | Description | Default |
+|----------|------|-------------|---------|
+| `import_schema` | `Boolean` | Defines wether the schema will be imported or not. | false |
+| `host` | `String` | Defines database address to connect to. | `localhost` |
+| `port` | `int` | Defines the database port to connect to. | `3306` or `5432` |
+| `user` | `string` | Defines database user | `x509` |
+| `name` | `String` | Defines the database to connect to. | `x509` |
+| `password` | `String` | Defines the database password to connect with. | OMITTED |
+| `ssl_mode` | `String` | Clients attempt to connect using encryption, falling back to an unencrypted connection if an encrypted connection cannot be established |**n/a** |
+|`ssl_ca`| `String`| Defines the path to the ca certificate for client authentication. | **n/a** |
+|`ssl_cert`|`String`| Defines the path to the certificate for client authentication. | **n/a** |
+|`ssl_key`| `String` | Defines the path to the certificate key for client key authentication. | **n/a** |
+|`ssl_cipher`|`String`| Ciphers for the client authentication. | **n/a** |
+|`ssl_extra_options`|`String`| Extra options for the client authentication. | **n/a** |
+
+
+```
+icingaweb2_modules:
+  x509:
+    source: package
+    enabled: true
+    database:
+      import_schema: true
+      host: localhost
+      port: 3306
+      user: x509
+      password: secret
+```

doc/role-icingaweb2/role-icingaweb2.md

@@ -7,6 +7,10 @@ The role icingaweb2 installs and configures Icinga Web 2 and its modules.
 * [IcingaDB](./module-icingadb.md)
 * [Monitoring](./module-monitoring.md)
 
+## Databases
+
+Icingaweb2 and some of its modules rely on a relational database to persist data. These databases **won't** be created by this role - you need to deploy and configure them in advance. For more information, see the [Databases](../getting-started.md#databases) section in the getting started guide.
+
 ## Variables
 
 ### Icinga Web 2 DB Configuration

doc/role-repos/role-repos.md

@@ -8,21 +8,21 @@ This role configures Icinga 2 related repositories to provide all necessary pack
 To enable the EPEL repository.
 
 ```
-icinga_repo_epel: true
-icinga_repo_scl: true
+repos_icinga_epel: true
+repos_icinga_scl: true
 ```
 
 To manage which Icinga Repos to use the following variables: 
 
 ```
-icinga_repo_stable: true
-icinga_repo_testing: false
-icinga_repo_snapshot: false
+repos_icinga_stable: true
+repos_icinga_testing: false
+repos_icinga_snapshot: false
 ```
 
 To use the Icinga Repository Subscription:
 
 ```
-icinga_repo_subscription_username: "Your username"
-icinga_repo_subscription_password: "Your password"
+repos_icinga_subscription_username: "Your username"
+repos_icinga_subscription_password: "Your password"
 ```

roles/icinga2/tasks/objects.yml

@@ -1,11 +1,11 @@
 ---
-- name: collect all config objects for myself
+- name: Collect all config objects for myself
   set_fact:
     tmp_objects: "{{ tmp_objects| default([]) + lookup('list', hostvars[item]['icinga2_objects'][icinga2_config_host]) }}"
   with_items: "{{ groups['all'] }}"
   when: hostvars[item]['icinga2_objects'][icinga2_config_host] is defined
 
-- name: collect all config objects in play vars
+- name: Collect all config objects in play vars
   set_fact:
     tmp_objects: "{{ tmp_objects| default([]) + lookup('list', icinga2_objects[icinga2_config_host]) }}"
   when: vars['icinga2_objects'][icinga2_config_host] is defined
@@ -21,26 +21,26 @@
   with_items: "{{ result.results }}"
   when: result.results is defined
 
-- name: prepare custom config
+- name: Prepare custom config
   when: icinga2_custom_config is defined and icinga2_custom_config|length > 0
   block:
-    - name: construct _icinga2_custom_conf_paths
+    - name: Construct _icinga2_custom_conf_paths
       set_fact:
         _icinga2_custom_conf_paths: "{{ _icinga2_custom_conf_paths + [ icinga2_fragments_path + '/' + item.path + '/' + item.order|default('20')|string + '_' + item.name] }}"
       loop: "{{ icinga2_custom_config }}"
 
-    - name: prepare custom config paths
+    - name: Prepare custom config paths
       file:
         state: directory
         owner: root
         group: root
         path: "{{ icinga2_fragments_path }}/{{ item.path }}/"
       loop: "{{ icinga2_custom_config }}"
 
-    - name: add custom config to assemble
+    - name: Add custom config to assemble
       ansible.builtin.copy:
         owner: root
         group: root
         src: "files/{{ item.name }}"
-        dest: "{{ icinga2_fragments_path }}/{{ item.path }}/{{ item.order|default('20')|string }}_{{ item.name }}"
+        dest: "{{ icinga2_fragments_path }}/{{ item.path }}/{{ item.order | default('20') | string }}_{{ item.name }}"
       loop: "{{ icinga2_custom_config }}"

roles/icinga2/tasks/service.yml

@@ -1,6 +1,6 @@
 ---
-- name: "{{ icinga2_state }} service icinga2"
-  service:
+- name: "Set service icinga2 to {{ icinga2_state }}"
+  ansible.builtin.service:
     name: icinga2
     state: "{{ icinga2_state }}"
     enabled: "{{ icinga2_enabled }}"

roles/icingadb/handlers/main.yml

@@ -1,4 +1,4 @@
-- name: icingadb-restart
+- name: Icingadb-restart
   ansible.builtin.service:
     name: "{{ icingadb_service_name }}"
     state: restarted

roles/icingadb/meta/main.yml

@@ -4,10 +4,10 @@ galaxy_info:
     - Daniel Bodky <[email protected]>
   description: Role to install, configure or manage IcingaDB.
   license: Apache-2.0
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   platforms:
     - name: EL
-      versions: ['7']
+#      versions: ['7']
     - name: Debian
       versions: ['buster','bullseye']
     - name: Ubuntu
@@ -23,4 +23,4 @@ galaxy_info:
     - icingadb
     - redis
     - redis
-dependencies: []
+# dependencies: []

roles/icingadb/tasks/manage_config.yml

@@ -6,4 +6,4 @@
     owner: "{{ icingadb_user }}"
     group: "{{ icingadb_group }}"
     mode: 0640
-  notify: icingadb-restart
+  notify: Icingadb-restart

roles/icingadb/tasks/manage_schema_mysql.yml

@@ -4,10 +4,10 @@
     - name: Build mysql command
       ansible.builtin.set_fact:
         mysqlcmd: >-
-          mysql {% if icingadb_database_host | default('localhost') != 'localhost'  %} -h "{{ icingadb_database_host }}" {%- endif %}
-          {% if icingadb_database_ca is defined %} --ssl-ca "{{ icingadb_database_ca }}" {%- endif %}
-          {% if icingadb_database_cert is defined %} --ssl-cert "{{ icingadb_database_cert }}" {%- endif %}
-          {% if icingadb_database_key is defined %} --ssl-key "{{ icingadb_database_key }}" {%- endif %}
+          mysql {% if icingadb_database_host | default('localhost') != 'localhost' %} -h "{{ icingadb_database_host }}"{%- endif %}
+          {% if icingadb_database_ca is defined %} --ssl-ca "{{ icingadb_database_ca }}"{%- endif %}
+          {% if icingadb_database_cert is defined %} --ssl-cert "{{ icingadb_database_cert }}"{%- endif %}
+          {% if icingadb_database_key is defined %} --ssl-key "{{ icingadb_database_key }}"{%- endif %}
           -u "{{ icingadb_database_user | default('icingadb') }}"
           -p"{{ icingadb_database_password }}"
           "{{ icingadb_database_name | default('icingadb') }}"

roles/icingadb/tasks/manage_schema_pgsql.yml

@@ -6,15 +6,15 @@
         _tmp_pgsqlcmd: >-
           PGPASSWORD="{{ icingadb_database_password }}"
           psql
-          "{% if icingadb_database_host | default('localhost') != 'localhost' %} host="{{ icingadb_database_host }}" {%- endif %}
-          {% if icingadb_database_port is defined %} port={{ icingadb_database_port }} {%- endif %}
+          "{% if icingadb_database_host | default('localhost') != 'localhost' %} host="{{ icingadb_database_host }}"{%- endif %}
+          {% if icingadb_database_port is defined %} port={{ icingadb_database_port }}{%- endif %}
           user={{ icingadb_database_user | default('icingadb') }}
           dbname={{ icingadb_database_name | default('icingadb') }}
-          {% if icingadb_database_sslmode is defined %} sslmode={{ icingadb_database_sslmode }} {%- endif %}
-          {% if icingadb_database_ca is defined %} sslrootcert={{ icingadb_database_ca }} {%- endif %}
-          {% if icingadb_database_cert is defined %} sslcert={{ icingadb_database_cert }} {%- endif %}
-          {% if icingadb_database_key is defined %} sslkey={{ icingadb_database_key }} {%- endif %}
-          {% if icingadb_database_ssl_extra_options is defined %} {{ icingadb_database_ssl_extra_options }} {%- endif %}"
+          {% if icingadb_database_sslmode is defined %} sslmode={{ icingadb_database_sslmode }}{%- endif %}
+          {% if icingadb_database_ca is defined %} sslrootcert={{ icingadb_database_ca }}{%- endif %}
+          {% if icingadb_database_cert is defined %} sslcert={{ icingadb_database_cert }}{%- endif %}
+          {% if icingadb_database_key is defined %} sslkey={{ icingadb_database_key }}{%- endif %}
+          {% if icingadb_database_ssl_extra_options is defined %} {{ icingadb_database_ssl_extra_options }}{%- endif %}"
 
     - name: PgSQL check for IcingaDB schema
       ansible.builtin.shell: >

roles/icingadb_redis/defaults/main.yml

@@ -49,8 +49,8 @@ icingadb_redis_auto_aof_rewrite_min_size: 64mb
 icingadb_redis_aof_load_truncated: 'yes'
 icingadb_redis_aof_use_rdb_preamble: 'yes'
 icingadb_redis_lua_time_limit: 5000
-icingadb_slowlog_log_slower_than: 10000
-icingadb_slowlog_max_len: 128
+icingadb_redis_slowlog_log_slower_than: 10000
+icingadb_redis_slowlog_max_len: 128
 icingadb_redis_latency_monitor_threshold: 0
 icingadb_redis_client_output_buffer_limits:
   - normal 0 0 0

roles/icingadb_redis/handlers/main.yml

@@ -1,5 +1,5 @@
 ---
-- name: icingadb-redis-restart
+- name: Icingadb-redis-restart
   ansible.builtin.service:
     name: "{{ icingadb_redis_service_name }}"
     state: restarted

roles/icingadb_redis/meta/main.yml

@@ -4,10 +4,10 @@ galaxy_info:
     - Daniel Bodky <[email protected]>
   description: Role to install, configure or manage icingadb-redis instance.
   license: Apache-2.0
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   platforms:
     - name: EL
-      versions: ['7']
+#      versions: ['7']
     - name: Debian
       versions: ['buster','bullseye']
     - name: Ubuntu
@@ -23,4 +23,4 @@ galaxy_info:
     - icingadb
     - redis
     - redis
-dependencies: []
+# dependencies: []

roles/icingadb_redis/tasks/manage_config.yml

@@ -6,4 +6,4 @@
     owner: "{{ icingadb_redis_user }}"
     group: "{{ icingadb_redis_group }}"
     mode: 0640
-  notify: icingadb-redis-restart
+  notify: Icingadb-redis-restart

roles/icingadb_redis/templates/icingadb-redis.conf.j2

@@ -120,8 +120,8 @@ lua-time-limit {{ icingadb_redis_lua_time_limit }}
 # cluster-announce-bus-port 6380
 
 ################################## SLOW LOG ###################################
-slowlog-log-slower-than {{ icingadb_slowlog_log_slower_than }}
-slowlog-max-len {{ icingadb_slowlog_max_len }}
+slowlog-log-slower-than {{ icingadb_redis_slowlog_log_slower_than }}
+slowlog-max-len {{ icingadb_redis_slowlog_max_len }}
 
 ################################ LATENCY MONITOR ##############################
 latency-monitor-threshold {{ icingadb_redis_latency_monitor_threshold }}