Ansible Role icingadb¶
IcingaDB consists of multiple components. This role only installs the IcingaDB daemon. Generally, IcingaDB Web is also required, use the linuxfabrik.lfops.icingadb_web role for that.
When running the icingadb:migration tag, the role tries to prepare the configuration file required for the migration from the old IDO feature to Icinga DB. Note that the migration requires the following manual steps after running the role:
Double check the values in
/tmp/icingadb-migration.ymlRun the migration:
icingadb-migrate --config /tmp/icingadb-migration.yml --cache /tmp/icingadb-migration.cacheClean up:
rm -rf /tmp/icingadb-migration.cache /tmp/icingadb-migration.ymlIf everything works, disable the old IcingaWeb2 monitoring module:
icingacli module disable monitoringAlso have a look at https://icinga.com/docs/icinga-db-web/latest/doc/10-Migration/ for other migration steps.
Notes on high availability / Icinga2 Master clusters:
Redis: „Each of the master nodes must have the Icinga DB feature enabled and have their own dedicated Redis server set up for it.“
SQL database: „Icinga DB instances must write to the same database, which of course can be replicated or a cluster.“
Environment ID: Make sure that
/var/lib/icinga2/icingadb.envis the same on all master nodes.„Although Icinga DB can run anywhere in an Icinga environment, we recommend to install it where the corresponding Icinga 2 node and Redis server is running to keep latency between the components low.“
Have a look at the official documentation.
Mandatory Requirements¶
A configured Icinga2 Master Setup. This can be done using the linuxfabrik.lfops.setup_icinga2_master playbook.
Mandatory Role Variables¶
icingadb__database_login
The user account for accessing the IcingaDB SQL database. Currently, only MySQL is supported.
Type: Dictionary.
Default: none
Example:
# mandatory
icingadb__database_login:
username: 'icingadb'
password: 'linuxfabrik'
Optional Role Variables¶
icingadb__database_host
The host on which the IcingaDB SQL database is reachable.
Type: String.
Default:
'127.0.0.1'
icingadb__database_login_host
The Host-part of the SQL database user.
Type: String.
Default:
'127.0.0.1'
icingadb__database_name
The name of the IcingaDB SQL database.
Type: String.
Default:
'icingadb'
icingadb__logging_level
The loglevel of IcingaDB. One of
'fatal','error','warn','info'or'debug'.Type: String.
Default:
'info'
icingadb__redis_ca
Path to the CA certificate used to check the Redis TLS certificate.
Type: String.
Default: unset
icingadb__redis_host
The host on which Redis instance is reachable.
Type: String.
Default:
'127.0.0.1'
icingadb__redis_insecure
Allow insecure connections to Redis via TLS.
Type: Bool.
Default:
false
icingadb__redis_password
The password for the Redis instance, if authentication is enabled.
Type: String.
Default: unset
icingadb__redis_port
The port on which Redis instance is reachable.
Type: Number.
Default:
6379
icingadb__redis_tls
Enable TLS when connecting to Redis.
Type: Bool.
Default:
false
icingadb__retention_history_days
Number of days to retain full historical data. By default, historical data is retained forever.
Type: Number.
Default: unset
icingadb__service_enabled
Enables or disables the IcingaDB service, analogous to
systemctl enable/disable --now.Type: Bool.
Default:
true
Example:
# optional
icingadb__database_host: '127.0.0.1'
icingadb__database_login_host: 'localhost'
icingadb__database_name: 'icingadb'
icingadb__logging_level: 'debug'
icingadb__redis_ca: '/etc/pki/tls/certs/rootCA.pem'
icingadb__redis_host: '127.0.0.1'
icingadb__redis_insecure: true
icingadb__redis_password: 'linuxfabrik'
icingadb__redis_port: 6379
icingadb__redis_tls: true
icingadb__retention_history_days: 360
icingadb__service_enabled: true