Ansible Role linuxfabrik.lfops.icingadb¶
IcingaDB consists of multiple components. This role only installs the IcingaDB daemon. Generally, IcingaDB Web is also required, use the linuxfabrik.lfops.icingadb_web role for that.
When running the icingadb:migration tag, the role tries to prepare the configuration file required for the migration from the old IDO feature to Icinga DB. Note that the migration requires the following manual steps after running the role:
1. Double check the values in /tmp/icingadb-migration.yml
2. Run the migration: icingadb-migrate --config /tmp/icingadb-migration.yml --cache /tmp/icingadb-migration.cache
3. Clean up: rm -rf /tmp/icingadb-migration.cache /tmp/icingadb-migration.yml
4. If everything works, disable the old IcingaWeb2 monitoring module: icingacli module disable monitoring
Also have a look at https://icinga.com/docs/icinga-db-web/latest/doc/10-Migration/ for other migration steps.
Notes on high availability / Icinga2 Master clusters:
- Redis: "Each of the master nodes must have the Icinga DB feature enabled and have their own dedicated Redis server set up for it."
- SQL database: "Icinga DB instances must write to the same database, which of course can be replicated or a cluster."
- Environment ID: Make sure that
/var/lib/icinga2/icingadb.envis the same on all master nodes. - "Although Icinga DB can run anywhere in an Icinga environment, we recommend to install it where the corresponding Icinga 2 node and Redis server is running to keep latency between the components low."
- Have a look at the official documentation.
Mandatory Requirements¶
- A configured Icinga2 Master Setup. This can be done using the linuxfabrik.lfops.setup_icinga2_master playbook.
Tags¶
icingadb
- Installs and configures IcingaDB.
- Triggers: icinga2.service restart, icingadb.service restart.
icingadb:migration
- Only executed on demand. Prepares the migration of the history from the IDO feature to Icinga DB.
- Triggers: none.
Mandatory Role Variables¶
icingadb__database_login
- The user account for accessing the IcingaDB SQL database. Currently, only MySQL is supported.
- Type: Dictionary.
- Default: none
Example:
# mandatory
icingadb__database_login:
username: 'icingadb'
password: 'linuxfabrik'
Optional Role Variables¶
icingadb__database_host
- The host on which the IcingaDB SQL database is reachable.
- Type: String.
- Default:
'127.0.0.1'
icingadb__database_login_host
- The Host-part of the SQL database user.
- Type: String.
- Default:
'127.0.0.1'
icingadb__database_name
- The name of the IcingaDB SQL database.
- Type: String.
- Default:
'icingadb'
icingadb__logging_level
- The loglevel of IcingaDB. One of
'fatal','error','warn','info'or'debug'. - Type: String.
- Default:
'info'
icingadb__redis_ca
- Path to the CA certificate used to check the Redis TLS certificate.
- Type: String.
- Default: unset
icingadb__redis_host
- The host on which Redis instance is reachable.
- Type: String.
- Default:
'127.0.0.1'
icingadb__redis_insecure
- Allow insecure connections to Redis via TLS.
- Type: Bool.
- Default:
false
icingadb__redis_password
- The password for the Redis instance, if authentication is enabled.
- Type: String.
- Default: unset
icingadb__redis_port
- The port on which Redis instance is reachable.
- Type: Number.
- Default:
6379
icingadb__redis_tls
- Enable TLS when connecting to Redis.
- Type: Bool.
- Default:
false
icingadb__retention_history_days
- Number of days to retain full historical data. By default, historical data is retained forever.
- Type: Number.
- Default: unset
icingadb__service_enabled
- Enables or disables the IcingaDB service, analogous to
systemctl enable/disable --now. - Type: Bool.
- Default:
true
Example:
# optional
icingadb__database_host: '127.0.0.1'
icingadb__database_login_host: 'localhost'
icingadb__database_name: 'icingadb'
icingadb__logging_level: 'debug'
icingadb__redis_ca: '/etc/pki/tls/certs/rootCA.pem'
icingadb__redis_host: '127.0.0.1'
icingadb__redis_insecure: true
icingadb__redis_password: 'linuxfabrik'
icingadb__redis_port: 6379
icingadb__redis_tls: true
icingadb__retention_history_days: 360
icingadb__service_enabled: true