Setting up icinga2 nodes via Ansible: how to get the ticket from the master

ansibleicinga

I'm trying to write an Ansible playbook to set up Icinga2 nodes, but each host needs a unique ticket from the Icinga2 master to authenticate. Right now I'm thinking of ssh'ing out from the node to the master to grab the ticket, but that doesn't seem like a good idea. I also tried using Ansible's prompts, but I'm running the playbook from Ansible Tower, which apparently doesn't support that (it just hangs waiting for stdin).

Best Answer

Ansible allows to get facts from other hosts with the delegate_to parameter.

To grab the ticket from the icinga2 server you will need something like this:

- name: Get ticket.
  command: icinga2 pki ticket --cn 'your cn'
  register: ticket
  delegate_to: icinga2_server

This tasks will store the output of the icinga2 pki ticket command in the ticket variable. You might need to filter a bit to get only the ticket id. Take a look at Ansible examples repository for more information. You will also need to have the icinga2_server in you inventory for the delegation.

Related Solutions

Command or Shell task hangs when using ssh to create a tunnel

If you're using sudo and a key I would wager you're not preserving the SSH_AUTH_SOCK environment variable. This will be required in order to establish a connection from the orchestrated machine to the mongodb instance. In this situation you should add something like the following to /etc/sudoers:

Defaults        env_keep+=SSH_AUTH_SOCK
Defaults        env_reset

Linux – Is the SSH SFTP subsystem required on the managed nodes for Ansible to work

Yes, ansible depends on being able to transfer files to the remote machine. It uses sftp to do this by default. You can override this to use scp using

scp_if_ssh
Occasionally users may be managing a remote system that doesn’t have SFTP enabled. If set to True, we can cause scp to be used to transfer remote files instead:

scp_if_ssh=False
There’s really no reason to change this unless problems are encountered, and then there’s also no real drawback to managing the switch. Most environments support SFTP by default and this doesn’t usually need to be changed.

The above information was taken from this page:

http://docs.ansible.com/intro_configuration.html#openssh-specific-settings

Best Answer

Related Solutions

Command or Shell task hangs when using ssh to create a tunnel

Linux – Is the SSH SFTP subsystem required on the managed nodes for Ansible to work

Related Topic