How add new icinga-agents from the shell?

#1

Hello,

i´m working on an ansible playbook to add new icinga-agents to icinga-master. I use the icinga-director for all my work.

Now I have a Playbook that installs the icinga agent on the client. But the new machine is not visible in icinga-director? Must I execute a host add command on the icinga-master? Had found an old topic, here somebody used:

/usr/sbin/icinga2 node add newclient

But this is not workling on my Icinga2 version: r2.10.2-1

To run the playbook I give the playbook the new client to install:

ansible-playbook icinga2_install_agent-pb/icinga2_install_agent-pb.yml -e hostitem=webserver01.mgmt.xyz.de

Here the Ansible playbook that I use:

  • hosts: icinga2.mgmt.xyz.de
    become: true
    tasks:
    • name: generate ticket on the icinga master and save it as a variable
      shell: /usr/lib64/icinga2/sbin/icinga2 pki ticket --cn {{ hostitem }}
      register: ticket
  • hosts: “{{ hostitem }}”
    become: true
    vars:
    master_hostname: icinga2.mgmt.xyz.de
    master_ip: “{{ hostvars[‘icinga2.mgmt.xyz.de’][‘ansible_default_ipv4’][‘address’] }}”
    master_port: 5665
    tasks:
    • name: installiere Icinga2
      zypper:
      update_cache: yes
      name: icinga2
      state: present

    • name: installiere monitoring-plugins
      zypper:
      name: monitoring-plugins
      state: present

    • name: create pki folder
      file: path=/etc/icinga2/pki state=directory mode=0700 owner=icinga group=icinga

    • name: create cert
      shell: /usr/sbin/icinga2 pki new-cert --cn {{ hostitem }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt

    • name: save the masters cert as trustedcert
      shell: /usr/sbin/icinga2 pki save-cert --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host {{ master_hostname }}

    • name: request the certificate from the icinga server
      shell: “/usr/sbin/icinga2 pki request --host icinga2.mgmt.xyz.de --port 5665 --ticket {{ hostvars[‘icinga2.mgmt.xyz.de’][‘ticket’][‘stdout’] }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.key”

    • name: node setup
      shell: “/usr/sbin/icinga2 node setup --ticket {{ hostvars[‘icinga2.mgmt.xyz.de’][‘ticket’][‘stdout’] }} --endpoint {{ master_hostname }} --zone {{ hostitem }} --master_host {{ master_hostname }} --trustedcert /etc/icinga2/pki/trusted-master.crt --cn {{ hostitem }}”

    • name: Disable icinga2.conf conf.d
      replace:
      destfile: /etc/icinga2/icinga2.conf
      regexp: ‘^include_recursive “conf.d”$’
      replace: ‘//include_recursive “conf.d”’

      notify:

      • restart icinga2
        handlers:
    • name : restart icinga2
      service: name=icinga2 state=restarted

  • hosts: icinga2.mgmt.xyz.de
    become: true
    tasks:
    • name: add host
      shell: /usr/sbin/icinga2 node add {{ hostitem }}
    • name: set host ip
      shell: /usr/sbin/icinga2 node set {{ hostitem }} --host {{ hostitem }} --port 5665
      notify:
      • restart icinga2
        handlers:
    • name: restart icinga2
      service: name=icinga2 state=restarted
(Nicolai) #2

You have to create a Host object in Director. I do this with the Director API and Ansible as following:

[...]
    - name: Add node to director
      uri:
        url: "{{ icinga_director_url }}/host"
        method: POST
        user: "{{ icinga_director_user }}"
        password: "{{ icinga_director_password }}"
        force_basic_auth: yes
        headers:
          Accept: "application/json"
        body_format: json
        body: "{{ lookup('template', 'director-host.json.j2') }}"
        status_code: 201
        return_content: yes
      register: director_request
      delegate_to: localhost
      failed_when: director_request.status not in [201, 422]
      changed_when: director_request.status == 201
      tags:
        - director
[...]

The director-host.json.j2 looks like this:

{
    "address": "{{ ansible_host }}",
    "has_agent": true,
    "imports": [
        "<YOUR DEFAULT TEMPLATE>"
    ],
    "master_should_connect": false,
    "object_name": "{{ system_name }}",
    "object_type": "object"
}

1 Like
#3

Thank you Nicolai for the fast answer,

have some troube to understand some details. Have set you code in my playbook and set the variables to my values. My playbook looks like this:

   - hosts: icinga2.mgmt.xyz.de
  become: true
  tasks:
   - name: generate ticket on the icinga master and save it as a variable
     shell: /usr/lib64/icinga2/sbin/icinga2 pki ticket --cn {{ hostitem }}
     register: ticket
- hosts: "{{ hostitem }}"
  become: true
  vars:
   master_hostname: icinga2.mgmt.xyz.de
   master_ip: "{{ hostvars['icinga2.mgmt.xyz.de']['ansible_default_ipv4']['address'] }}"
   master_port: 5665
  tasks:
    - name: installiere Icinga2
      zypper:
        update_cache: yes
        name: icinga2
        state: present
    - name: installiere monitoring-plugins
      zypper:
        name: monitoring-plugins
        state: present
    - name: create pki folder
      file: path=/etc/icinga2/pki state=directory mode=0700 owner=icinga group=icinga
    - name: create cert
      shell: /usr/sbin/icinga2 pki new-cert --cn {{ hostitem }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt
    - name: save the masters cert as trustedcert
      shell: /usr/sbin/icinga2 pki save-cert --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host {{ master_hostname }}
    - name: request the certificate from the icinga server
      shell: "/usr/sbin/icinga2 pki request --host icinga2.mgmt.xyz.de --port 5665 --ticket {{ hostvars['icinga2.mgmt.xyz.de']['ticket']['stdout'] }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.key"
    - name: node setup
      shell: "/usr/sbin/icinga2 node setup --ticket {{ hostvars['icinga2.mgmt.xyz.de']['ticket']['stdout'] }} --endpoint {{ master_hostname }} --zone {{ hostitem }} --master_host {{ master_hostname }} --trustedcert /etc/icinga2/pki/trusted-master.crt --cn {{ hostitem }}"
    
    - name: Disable icinga2.conf conf.d
      replace:
        destfile: /etc/icinga2/icinga2.conf
        regexp: '^include_recursive "conf.d"$'
        replace: '//include_recursive "conf.d"'  

      notify:
        - restart icinga2
  handlers:
    - name : restart icinga2 
      service: name=icinga2 state=restarted

- hosts: icinga2.mgmt.xyz.de
  become: true
  tasks:
    - name: Add node to director
      uri:
        url: "{{ https://icinga2.mgmt.xyz.de/director }}/host"
        method: POST
        user: "{{ root }}"
        password: "{{ 635624f8dedab6a8 }}"
        force_basic_auth: yes
        headers:
          Accept: "application/json"
        body_format: json
        body: "{{ lookup('template', 'director-host.json.j2') }}"
        status_code: 201
        return_content: yes
      register: director_request
      delegate_to: localhost
      failed_when: director_request.status not in [201, 422]
      changed_when: director_request.status == 201
      tags:
        - director
      notify:
        - restart icinga2
  handlers:
   - name: restart icinga2
     service: name=icinga2 state=restarted

And the template I have modified as follows:

{
    "address": "{{ ansible_host }}",
    "has_agent": true,
    "imports": [
        ""generic-host""
    ],
    "master_should_connect": false,
    "object_name": "{{ hostitem }}",
    "object_type": "object"
}

After execution of the playbook I become the following error:

PLAY [icinga2.mgmt.xyz.de] ********************************************************************************************************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [icinga2.mgmt.xyz.de]

TASK [generate ticket on the icinga master and save it as a variable] **************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [icinga2.mgmt.xyz.de]

PLAY [ase5.mgmt.xyz.de] ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [ase5.mgmt.xyz.de]

TASK [installiere Icinga2] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [ase5.mgmt.xyz.de]

TASK [installiere monitoring-plugins] **********************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [ase5.mgmt.xyz.de]

TASK [create pki folder] ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [ase5.mgmt.xyz.de]

TASK [create cert] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [ase5.mgmt.xyz.de]

TASK [save the masters cert as trustedcert] ****************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [ase5.mgmt.xyz.de]

TASK [request the certificate from the icinga server] ******************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [ase5.mgmt.xyz.de]

TASK [node setup] ******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [ase5.mgmt.xyz.de]

TASK [Disable icinga2.conf conf.d] *************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [ase5.mgmt.xyz.de]

PLAY [icinga2.mgmt.xyz.de] ********************************************************************************************************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [icinga2.mgmt.xyz.de]

TASK [Add node to director] **********************************************************************************************************************************************************************************************************************************************************************************

fatal: [icinga2.mgmt.xyz.de]: FAILED! => {“failed”: true, “msg”: “template error while templating string: expected token ‘end of print statement’, got ‘:’. String: {{ https://icinga2.mgmt.xyz.de/director }}/host”};to retry, use: --limit @/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.retry

PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************************
ase5.mgmt.xyz.de : ok=9 ;changed=4 ;unreachable=0 ;failed=0;
icinga2.mgmt.xyz.de : ok=3 ;changed=1 ;unreachable=0 ;failed=1;
(Nicolai) #4

Remove the double quotation from your template name:

"import": [ "generic-host" ] instead of "import": [ ""generic-host"" ]

There is also no need for restarting the icinga2 daemon after creating a host in director. If you want to take your config “live” you have to deploy your config as unsual via webinterface, CLI or API.

#5

Oh yes double quotation is not good have now removed that. But the error is the same he complains about the URL line.

TASK [Add node to director] ***************************************************************************************************************************************************************************
fatal: [icinga2.mgmt.xyz.de]: FAILED! => {"failed": true, "msg": "template error while templating string: expected token 'end of print statement', got ':'. String: {{ https://icinga2.mgmt.xyz.de/director }}/host"}
        to retry, use: --limit @/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.retry
(Nicolai) #6

Ah missed the cause: Remove the curly brackets as it is no variable.

#7

Okay, have removed the curly brackets on every place where is no variable. Now there is another fatal message from ansible: “director_request.status == 201): ‘dict object’ has no attribute ‘status’”

TASK [Add node to director] ***************************************************************************************************************************************************************************
fatal: [icinga2.mgmt.xyz.de]: FAILED! =>; {"failed": true, "msg": "The conditional check 'director_request.status == 201' failed. The error was: error while evaluating conditional (director_request.s
tatus == 201): 'dict object' has no attribute 'status'"} 
to retry, use: --limit @/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.retry

In the Icinga Documentation I have read:
“New objects must be created by sending a PUT request…”

https://icinga.com/docs/icinga2/latest/doc/12-icinga2-api/#creating-config-objects

But we have a method: POST? Had test it with PUT but the fatal-message is the same.

(Nicolai) #8

The quote is from the Icinga 2 documentation, but we’re talking about the director, which has its own API.

Please share the content of your director_request object:

- name: Debug request
  debug:
    msg: "{{ director_request }}"
#9

Now I understand that here are two different things Icinga API and Director API. Thank you.

Have modify the playbook and insert the following lines:

- name: Debug request
  debug:
    msg: "{{ director_request }}"

after:

  tags:
    - director

And the output is now that director_request’ is undefined"?

TASK [Debug request] **************************************************************************************************************************
fatal: [icinga2.mgmt.xyz.de]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'director_request' is undefined\n\nThe error appears to have been in '/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.yml_bak03': line 51, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n  tasks:\n    - name: Debug request\n      ^ here\n\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'director_request' is undefined"}
    to retry, use: --limit @/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.retry
(Nicolai) #10

So there is a problem with your return variable. Could you please share the whole playbook (without credentials)? Double check the register: director_request part.

#11

I have some question marks with the director-host.json.j2 is this a seperate file and where I must put this file? In the same directory how the playbook? At the moment it lays in the same directory

{
    "address": "{{ ansible_host }}",
    "has_agent": true,
    "imports": [
        "generic-host"
    ],
    "master_should_connect": false,
    "object_name": "{{ hostitem }}",
    "object_type": "object"
}

Back to the Playbook. Executed the playbook with:

ansible-playbook icinga2_install_agent-pb.yml_bak03 -e hostitem=webserver01.mgmt.xyz.de

An this playbook contains:

---
# Installiert und Konfiguriert den Icinga Agent. Ticket wird vom Monitoing Master geholt
- hosts: icinga2.mgmt.xyz.de
  become: true
  tasks:
   - name: generate ticket on the icinga master and save it as a variable
     shell: "/usr/lib64/icinga2/sbin/icinga2 pki ticket --cn {{ hostitem }}"
     register: ticket
- hosts: "{{ hostitem }}"
  become: true
  vars:
   master_hostname: icinga2.mgmt.xyz.de
   master_ip: "{{ hostvars['icinga2.mgmt.xyz.de']['ansible_default_ipv4']['address'] }}"
   master_port: 5665
  tasks:
   - name: installiere Icinga2
     zypper:
        update_cache: yes
        name: icinga2
        state: present
   - name: installiere monitoring-plugins
     zypper:
        name: monitoring-plugins
        state: present
   - name: create pki folder
     file: path=/etc/icinga2/pki state=directory mode=0700 owner=icinga group=icinga
   - name: create cert
     shell: /usr/sbin/icinga2 pki new-cert --cn {{ hostitem }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt
   - name: save the masters cert as trustedcert
     shell: /usr/sbin/icinga2 pki save-cert --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host {{ master_hostname }}
   - name: request the certificate from the icinga server
     shell: "/usr/sbin/icinga2 pki request --host icinga2.mgmt.xyz.de --port 5665 --ticket {{ hostvars['icinga2.mgmt.xyz.de']['ticket']['stdout'] }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.key"
   - name: node setup
     shell: "/usr/sbin/icinga2 node setup --ticket {{ hostvars['icinga2.mgmt.xyz.de']['ticket']['stdout'] }} --endpoint {{ master_hostname }} --zone {{ hostitem }} --master_host {{ master_hostname }} --trustedcert /etc/icinga2/pki/trusted-master.crt --cn {{ hostitem }}"
        
   - name: Disable icinga2.conf conf.d
     replace:
        destfile: /etc/icinga2/icinga2.conf
        regexp: '^include_recursive "conf.d"$'
        replace: '//include_recursive "conf.d"'  

     notify:
       - restart icinga2
  handlers:
      - name : restart icinga2 
        service: name=icinga2 state=restarted

- hosts: icinga2.mgmt.xyz.de
  become: true
  tasks:
    - name: Debug request
      debug:
        msg: "{{ director_request }}"
    - name: Add node to director
      uri:
        url: "https://icinga2.mgmt.xyz.de/director/host"
        method: POST
        user: "root"
        password: "here I put the password from /etc/icinga2/conf.d/api-users.conf"
        force_basic_auth: yes
        headers:
        Accept: "application/json"
        body_format: json
        body: "{{ lookup('template', 'director-host.json.j2') }}"
        status_code: 201
        return_content: yes
      register: director_request
      delegate_to: localhost
      failed_when: director_request.status not in [201, 422]
      changed_when: director_request.status == 201
      tags:
          - director
      notify:
          - restart icinga2
  handlers:
  - name: restart icinga2
    service: name=icinga2 state=restarted

And the output from Ansible ends with a fatal message:

PLAY [icinga2.mgmt.xyz.de] **************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************
ok: [icinga2.mgmt.xyz.de]

TASK [generate ticket on the icinga master and save it as a variable] ********************************************************************************************************************************************************
changed: [icinga2.mgmt.xyz.de]

PLAY [webserver01.mgmt.xyz.de] *****************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************
ok: [webserver01.mgmt.xyz.de]

TASK [installiere Icinga2] ***************************************************************************************************************************************************************************************************
ok: [webserver01.mgmt.xyz.de]

TASK [installiere monitoring-plugins] ****************************************************************************************************************************************************************************************
ok: [webserver01.mgmt.xyz.de]

TASK [create pki folder] *****************************************************************************************************************************************************************************************************
ok: [webserver01.mgmt.xyz.de]

TASK [create cert] ***********************************************************************************************************************************************************************************************************
changed: [webserver01.mgmt.xyz.de]

TASK [save the masters cert as trustedcert] **********************************************************************************************************************************************************************************
changed: [webserver01.mgmt.xyz.de]

TASK [request the certificate from the icinga server] ************************************************************************************************************************************************************************
changed: [webserver01.mgmt.xyz.de]

TASK [node setup] ************************************************************************************************************************************************************************************************************
changed: [webserver01.mgmt.xyz.de]

TASK [Disable icinga2.conf conf.d] *******************************************************************************************************************************************************************************************
ok: [webserver01.mgmt.xyz.de]

PLAY [icinga2.mgmt.xyz.de] **************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************
ok: [icinga2.mgmt.xyz.de]

TASK [Debug request] *********************************************************************************************************************************************************************************************************
fatal: [icinga2.mgmt.xyz.de]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'director_request' is undefined\n\nThe error appears to have been in '/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.yml_bak03': line 51, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n  tasks:\n    - name: Debug request\n      ^ here\n\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'director_request' is undefined"}
        to retry, use: --limit @/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.retry

PLAY RECAP *******************************************************************************************************************************************************************************************************************
webserver01.mgmt.xyz.de          : ok=9    changed=4    unreachable=0    failed=0   
icinga2.mgmt.xyz.de       : ok=3    changed=1    unreachable=0    failed=1
(Nicolai) #12

I have some question marks with the director-host.json.j2 is this a seperate file and where I must put this file? In the same directory how the playbook? At the moment it lays in the same directory

Ansible will lookup in your local folder or in the templates folder which is imho best practice. It could also be a absolute path. For more details have a look into the template module documentation.

The debug task must put AFTER the uri task, as it prints a object which is the result of the uri task.

Is there a special reason why you put the director task into a separate play? I would execute the director tasks as part of the client setup and change the delegate_to line to a host which could access the director. This could be the icinga2 master or your ansible master or even the node.

password: "here I put the password from /etc/icinga2/conf.d/api-users.conf" force_basic_auth: yes

This is wrong. As i mentioned above the director API and the Icinga2 API are two totally different things. You have to create a separate user in Icinga Web 2 with sufficient permissions (See Authentication section in the REST API chapter)

user: "{{ root }}"

Is root a variable with your director username? If not: Remove the curly brackets. Please remember, that you have to put here the username you created in Icinga Web 2.

#13

Have modified the playbook but it´s end with a fatal message and can not execute the debug task, because it end before. The Ansible output is:

TASK [Add node to director] ***********************************************************************************************************************************
fatal: [web01.mgmt.xyz.de]: FAILED! =&gt; {"failed": true, "msg": "The conditional check 'director_request.status == 201' failed. The error was: error while evaluating conditional (director_request.status == 201
): 'dict object' has no attribute 'status'"} to retry, use: --limit @/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.retry

Here is my actual playbook:

---
# Installiert und Konfiguriert den Icinga Agent. Ticket wird vom Monitoing Master geholt
- hosts: icinga2.mgmt.xyz.de
  become: true
  tasks:
   - name: generate ticket on the icinga master and save it as a variable
     shell: "/usr/lib64/icinga2/sbin/icinga2 pki ticket --cn {{ hostitem }}"
     register: ticket
- hosts: "{{ hostitem }}"
  become: true
  vars:
   master_hostname: icinga2.mgmt.xyz.de
   master_ip: "{{ hostvars['icinga2.mgmt.xyz.de']['ansible_default_ipv4']['address'] }}"
   master_port: 5665
  tasks:
   - name: installiere Icinga2
     zypper:
        update_cache: yes
        name: icinga2
        state: present
   - name: installiere monitoring-plugins
     zypper:
        name: monitoring-plugins
        state: present
   - name: create pki folder
     file: path=/etc/icinga2/pki state=directory mode=0700 owner=icinga group=icinga
   - name: create cert
     shell: /usr/sbin/icinga2 pki new-cert --cn {{ hostitem }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt
   - name: save the masters cert as trustedcert
     shell: /usr/sbin/icinga2 pki save-cert --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host {{ master_hostname }}
   - name: request the certificate from the icinga server
     shell: "/usr/sbin/icinga2 pki request --host icinga2.mgmt.xyz.de --port 5665 --ticket {{ hostvars['icinga2.mgmt.xyz.de']['ticket']['stdout'] }} --key /etc/icinga2/pki/{{ hostitem }}.key --cert /etc/icinga2/pki/{{ hostitem }}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.key"
   - name: node setup
     shell: "/usr/sbin/icinga2 node setup --ticket {{ hostvars['icinga2.mgmt.xyz.de']['ticket']['stdout'] }} --endpoint {{ master_hostname }} --zone {{ hostitem }} --master_host {{ master_hostname }} --trustedcert /etc/icinga2/pki/trusted-master.crt --cn {{ hostitem }}"
        
   - name: Disable icinga2.conf conf.d
     replace:
        destfile: /etc/icinga2/icinga2.conf
        regexp: '^include_recursive "conf.d"$'
        replace: '//include_recursive "conf.d"'  

     notify:
       - restart icinga2

   - name: Add node to director
     uri:
       url: "https://icinga2.mgmt.xyz.de/director/host"
       method: POST
       user: "myuser"
       password: "mypassword"
       force_basic_auth: yes
       headers:
       Accept: "application/json"
       body_format: json
       body: "{{ lookup('template', 'director-host.json.j2') }}"
       status_code: 201
       return_content: yes
     register: director_request
     delegate_to: icinga2.mgmt.xyz.de
     failed_when: director_request.status not in [201, 422]
     changed_when: director_request.status == 201
     tags:
       - director
   - name: Debug request
     debug:
       msg: "{{ director_request }}"

  handlers:
  - name: restart icinga2
    service: name=icinga2 state=restarted
(Nicolai) #14

comment the two lines, so the next task could be executed

#15

The two lines I have now deactivated but become again a fatal message and he can not execute the Debug request. The server running the playbook is the smt1 and the server ase5 is the one I add.

The Ansible version used is:

ansible --version
ansible 2.4.1.0
   config file = /etc/ansible/ansible.cfg
   configured module search path = [u '/ home / ansible / .ansible / plugins / modules', u '/ usr / share / ansible / plugins / modules']
   ansible python module location = /usr/lib/python2.7/site-packages/ansible
   executable location = / usr / bin / ansible
   python version = 2.7.13 (default, Jan 11 2017, 10:56:06) [GCC]

And the Last Lines from Ansilbe output:

....
TASK [Disable icinga2.conf conf.d] **********************************************************************************************************************************
ok: [ase5.mgmt.xyz.de]

TASK [Add node to director] **********************************************************************************************************************************
fatal: [ase5.mgmt.xyz.de ->; smt1.mgmt.xyz.de]: FAILED! =>; {"changed": false, "failed": true, "module_stderr": "Shared connection to smt1.mgmt.xyz.de closed.\r\n", "module_stdout": "Traceback (most recent c
all last):\r\n File \"/tmp/ansible_ecmjA3/ansible_module_uri.py\", line 498, in &lt;module&gt;\r\n main()\r\n File \"/tmp/ansible_ecmjA3/ansible_module_uri.py\", line 409, in main\r\n  lower_header_keys = [key.lower() for key in dict_headers]\r\nTypeError: 'NoneType' object is not iterable\r\n", "msg": "MODULE FAILURE", "rc": 0} ;to retry, use: --limit @/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.retry

PLAY RECAP ************************************************************************************************************************************
ase5.mgmt.xyz.de : ok=9 ;changed=4 ;unreachable=0 ;failed=1
icinga2.mgmt.xyz.de : ok=2 ;changed=1 ;unreachable=0 ;failed=0
(Nicolai) #16

has to be

headers:
  Accept: "application/json"

as Accept is a headers item

#17

Okay, now we are one step further.

TASK [Add node to director] ***************************************************************************************************************************
fatal: [ase5.mgmt.xyz.de -> icinga2.mgmt.xyz.de]: FAILED! => {"changed": false, "connection": "close", "content": "{\n    \"error\": \"Failed to load icinga_host \\\"generic-host\\\"\"\n}\n", "content_length": "63", "content_type": "application/json", "date": "Wed, 09 Jan 2019 14:37:45 GMT", "failed": true, "json": {"error": "Failed to load icinga_host \"generic-host\""}, "msg": "Status code was not [201]: HTTP Error 404: Not Found", "redirected": false, "server": "Apache", "status": 404, "url": "https://icinga2.mgmt.xyz.de/director/host", "x_powered_by": "PHP/7.0.7"}
        to retry, use: --limit @/home/ansible/playbooks/icinga2_install_agent-pb/icinga2_install_agent-pb.retry

Oh sorry, see I had make a mistake. In the file director-host.json.j2 _ had write a wrong host template.

#18

It works, after changing the host-template and I see a host in Icinga Director now :slight_smile: The IP-adress i must change but here i must look in my playbook.

The Output is now:

TASK [Debug request] ***********************************************************************************************************************************************************************************************************************
ok: [ase5.mgmt.xyz.de] => {
   “msg”: {
       “changed”: false,  
       “connection”: “close”,  
       “content”: “{\n    “address”: “icinga2.mgmt.xyz.de”,\n    “has_agent”: true,\n    “imports”: [\n        “generic-host_tpl”\n    ],\n    “master_should_connect”: false,\n    “object_name”: “ase5.mgmt.xyz.de”,\n
  “object_type”: “object”\n}\n”,                                                                                                                                                                                                        
       “content_length”: “221”,  
       “content_type”: “application/json”,  
       “cookies”: {},  
       “date”: “Wed, 09 Jan 2019 14:42:37 GMT”,  
       “failed”: false,  
       “json”: {
           “address”: “icinga2.mgmt.xyz.de”,  
           “has_agent”: true,  
           “imports”: [
               “generic-host_tpl”
           ],  
           “master_should_connect”: false,  
           “object_name”: “ase5.mgmt.xyz.de”,  
           “object_type”: “object”
       },  
       “msg”: “OK (221 bytes)”,  
       “redirected”: false,  
       “server”: “Apache”,  
       “status”: 201,  
       “url”: “https://icinga2.mgmt.xyz.de/director/host”,  
       “x_powered_by”: “PHP/7.0.7”
   }
}

(Nicolai) #19

So the problem was the bad headers section. If you’re enable the two commented lines it should also working.

#20

Exactly, then it works too. Now I will continue to study the playbook. But my main problem is solved, Thank you Nicolai.