diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/nagios_server/tasks/freeipa.yml | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'roles/nagios_server/tasks/freeipa.yml')
-rw-r--r-- | roles/nagios_server/tasks/freeipa.yml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/roles/nagios_server/tasks/freeipa.yml b/roles/nagios_server/tasks/freeipa.yml new file mode 100644 index 0000000..59ab7b3 --- /dev/null +++ b/roles/nagios_server/tasks/freeipa.yml @@ -0,0 +1,42 @@ +- name: create HBAC service + ipahbacsvc: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ nagios_hbac_service }}' + description: nagios web interface + state: present + run_once: yes + +- name: create nagios servers hostgroup + ipahostgroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ nagios_hbac_hostgroup }}' + description: Nagios Servers + host: "{{ groups[nagios_hbac_hostgroup] | map('regex_replace', '$', '.' ~ ansible_domain) }}" + state: present + run_once: yes + +- name: create access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ nagios_access_group }}' + description: nagios Administrators + nonposix: yes + state: present + run_once: yes + +- name: create HBAC rule + ipahbacrule: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: allow_nagios_users_on_nagios_servers + description: Allow nagios admins on nagios servers + hostgroup: + - '{{ nagios_hbac_hostgroup }}' + group: + - '{{ nagios_access_group }}' + hbacsvc: + - '{{ nagios_hbac_service }}' + run_once: yes |