From f769f0f999ffd4b586d7ba1cecb725395f8d14cb Mon Sep 17 00:00:00 2001
From: MajorDallas <79329882+MajorDallas@users.noreply.github.com>
Date: Wed, 9 Feb 2022 16:02:31 -0500
Subject: [PATCH 1/5] experimental Ubuntu/Debian support

---
 defaults/main.yml |  3 ++-
 meta/main.yml     | 13 ++++++-----
 tasks/linux.yml   | 59 ++++++++++++++++++++++++++++++-----------------
 3 files changed, 47 insertions(+), 28 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 0075225..2973bc3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,7 +9,8 @@ icinga2_node_zone: "{{ icinga2_node_endpoint }}"
 icinga2_node_endpoint: "{{ inventory_hostname }}"
 icinga2_node_global_zone: global-templates
 icinga2_node_features: [api, checker, mainlog]
-icinga2_node_nagios_plugins: [nagios-plugins-all]
+icinga2_node_nagios_plugins_rh: [nagios-plugins-all]
+icinga2_node_nagios_plugins_deb: [nagios-plugins-contrib]
 icinga2_node_service_password: ""
 icinga2_node_service_delayed: no
 icinga2_node_local_conf: no
diff --git a/meta/main.yml b/meta/main.yml
index 7657408..6475691 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -125,8 +125,9 @@ galaxy_info:
   #  - 9.1
   #  - 9.2
   #  - 9.3
-  #- name: Ubuntu
-  #  versions:
+  - name: Ubuntu
+    versions:
+    - focal
   #  - all
   #  - lucid
   #  - maverick
@@ -142,11 +143,11 @@ galaxy_info:
   #  - wily
   #  - xenial
   #  - yakkety
-  #- name: Debian
-  #  versions:
+  - name: Debian
+    versions:
   #  - all
-  #  - etch
-  #  - jessie
+    - etch
+    - jessie
   #  - lenny
   #  - sid
   #  - squeeze
diff --git a/tasks/linux.yml b/tasks/linux.yml
index e63d530..40f71a8 100644
--- a/tasks/linux.yml
+++ b/tasks/linux.yml
@@ -9,24 +9,46 @@
     delay: 0
     timeout: 10
 
-- name: ensure icinga2 repository is installed
-  yum:
-    name: "{{ icinga2_repo_icinga_url }}"
-  when: icinga2_node_repo_icinga_install
+- name: Install Icinga2 (RedHat)
+  when: ansible_os_family == "RedHat" or ansible_os_family == "Rocky"
+  block:
+  - name: ensure icinga2 repository is installed
+    yum:
+      name: "{{ icinga2_repo_icinga_url }}"
+    when: icinga2_node_repo_icinga_install
 
-- name: ensure epel-release is installed
-  yum:
-    name: epel-release
-    state: present
-  when: icinga2_node_repo_epel_install
-  tags:
-    - molecule-idempotence-notest
+  - name: ensure epel-release is installed
+    yum:
+      name: epel-release
+      state: present
+    when: icinga2_node_repo_epel_install
+    tags:
+      - molecule-idempotence-notest
+
+  - name: ensure icinga2 is installed (RedHat)
+    yum:
+      name: icinga2
+      disable_gpg_check: yes
+      state: latest  # noqa 403
+
+  - name: ensure nagios-plugins are installed (RedHat)
+    yum:
+      name: "{{ icinga2_node_nagios_plugins_rh }}"
+      state: latest  # noqa 403
 
-- name: ensure icinga2 is installed
-  yum:
-    name: icinga2
-    disable_gpg_check: yes
-    state: latest  # noqa 403
+
+- name: Install Icinga2 (Debian)
+  when: ansible_os_family == "Debian"
+  block:
+  - name: ensure icinga2 is installed (Debian)
+    apt:
+      name: icinga2
+      state: latest  # noqa 403
+
+  - name: ensure nagios-plugins are installed (Debian)
+    apt:
+      name: "{{ icinga2_node_nagios_plugins_deb }}"
+      state: latest  # noqa 403
 
 - name: ensure icinga2 service restarts on failure
   blockinfile:
@@ -45,11 +67,6 @@
     name: icinga2
     enabled: true
 
-- name: ensure nagios-plugins are installed
-  yum:
-    name: "{{ icinga2_node_nagios_plugins }}"
-    state: latest  # noqa 403
-
 - name: ensure rpcbind.socket is disabled
   systemd:
     name: '{{ item }}'

From 3243709dd32c9a14b9853fde355dd15afbddaf07 Mon Sep 17 00:00:00 2001
From: MajorDallas <79329882+MajorDallas@users.noreply.github.com>
Date: Wed, 9 Feb 2022 16:17:18 -0500
Subject: [PATCH 2/5] fix: Add debian family to `include` condition

---
 tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index eebbd71..726752a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -23,7 +23,7 @@
   when: icinga2_node_sync_ca
 
 - include: "linux.yml"
-  when: ansible_os_family == "RedHat" or ansible_os_family == "Rocky"
+  when: ansible_os_family == "RedHat" or ansible_os_family == "Rocky" or ansible_os_family == "Debian"
 
 - include: "windows.yml"
   when: (ansible_os_family == "Windows")

From 53d64ee6870d7d83d0f179687bf39222a6e5e4a6 Mon Sep 17 00:00:00 2001
From: MajorDallas <79329882+MajorDallas@users.noreply.github.com>
Date: Wed, 9 Feb 2022 19:08:04 -0500
Subject: [PATCH 3/5] fix: corrects ownership in Ubuntu installs

---
 defaults/main.yml      |  2 ++
 tasks/linux.yml        | 14 ++++++++++++++
 tasks/linux_config.yml | 37 +++++++++++++++++++------------------
 3 files changed, 35 insertions(+), 18 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 2973bc3..0c66745 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -18,6 +18,8 @@ icinga2_node_sync_ca: no
 icinga2_node_service_restart: yes
 icinga2_node_repo_icinga_install: yes
 icinga2_node_repo_epel_install: yes
+icinga2_node_owner:  "{% if ansible_os_family == 'Debian' %}nagios{% else %}icinga{% endif %}"
+icinga2_node_group:  "{% if ansible_os_family == 'Debian' %}nagios{% else %}icinga{% endif %}"
 icinga2_chocolatey_retries: 5
 icinga2_chocolatey_delay: 10
 icinga2_restart_on_failure: yes
diff --git a/tasks/linux.yml b/tasks/linux.yml
index 40f71a8..e25ed32 100644
--- a/tasks/linux.yml
+++ b/tasks/linux.yml
@@ -44,11 +44,25 @@
     apt:
       name: icinga2
       state: latest  # noqa 403
+      cache_valid_time: 86400
 
   - name: ensure nagios-plugins are installed (Debian)
     apt:
       name: "{{ icinga2_node_nagios_plugins_deb }}"
       state: latest  # noqa 403
+      cache_valid_time: 86400
+
+  - name: Ensure ownership of /etc/icinga2 subdirs
+    # Ubuntu and Debian install everything as owned by root:root, which prevents all
+    # the automation later. Reported to Debian in 2016 at
+    # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824482,
+    # apparently still a problem on Ubuntu in 2022.
+    file:
+      state: directory
+      path: /etc/icinga2
+      recurse: yes
+      owner: "{{ icinga2_node_owner }}"
+      group: "{{ icinga2_node_group }}"
 
 - name: ensure icinga2 service restarts on failure
   blockinfile:
diff --git a/tasks/linux_config.yml b/tasks/linux_config.yml
index 6f01be0..53cb2d5 100644
--- a/tasks/linux_config.yml
+++ b/tasks/linux_config.yml
@@ -9,8 +9,8 @@
 #- name: ensure /usr/lib64/nagios/plugins/* is owned by icinga:icinga
 #  file:
 #    path: /usr/lib64/nagios/plugins
-#    owner: icinga
-#    group: icinga
+#    owner: "{{ icinga2_node_owner }}"
+#    group: "{{ icinga2_node_group }}"
 #    state: directory
 #    recurse: true
 
@@ -19,13 +19,14 @@
     name: icinga
     groups: nagios
     append: yes
+  when: not ansible_os_family == "Debian"
 
 - name: ensure directory /var/lib/icinga2/ca is present
   file:
     path: /var/lib/icinga2/ca
     state: directory
-    owner: icinga
-    group: icinga
+    owner: "{{ icinga2_node_owner }}"
+    group: "{{ icinga2_node_group }}"
   when: icinga2_node_sync_ca
 
 - name: get /var/lib/icinga2/ca/ca.crt contents from caserver
@@ -53,8 +54,8 @@
   copy:
     content: "{{ ca_crt['content'] | b64decode }}"
     dest: /var/lib/icinga2/ca/ca.crt
-    owner: icinga
-    group: icinga
+    owner: "{{ icinga2_node_owner }}"
+    group: "{{ icinga2_node_group }}"
     mode: 0644
   when: icinga2_node_sync_ca
 
@@ -62,8 +63,8 @@
   copy:
     content: "{{ ca_key['content'] | b64decode }}"
     dest: /var/lib/icinga2/ca/ca.key
-    owner: icinga
-    group: icinga
+    owner: "{{ icinga2_node_owner }}"
+    group: "{{ icinga2_node_group }}"
     mode: 0600
   when: icinga2_node_sync_ca
 
@@ -71,8 +72,8 @@
   copy:
     content: "{{ ca_serial['content'] | b64decode }}"
     dest: /var/lib/icinga2/ca/serial.txt
-    owner: icinga
-    group: icinga
+    owner: "{{ icinga2_node_owner }}"
+    group: "{{ icinga2_node_group }}"
     mode: 0644
   when: icinga2_node_sync_ca
 
@@ -80,8 +81,8 @@
   file:
     path: /etc/icinga2/pki
     state: directory
-    owner: icinga
-    group: icinga
+    owner: "{{ icinga2_node_owner }}"
+    group: "{{ icinga2_node_group }}"
 
 - name: check if pki key already exists
   stat:
@@ -139,8 +140,8 @@
   file:
     src: "/etc/icinga2/features-available/{{ item }}.conf"
     dest: "/etc/icinga2/features-enabled/{{ item }}.conf"
-    owner: icinga
-    group: icinga
+    owner: "{{ icinga2_node_owner }}"
+    group: "{{ icinga2_node_group }}"
     state: link
   with_items: "{{ icinga2_node_features }}"
   notify: linux node restart icinga2 service
@@ -149,16 +150,16 @@
   template:
     src: icinga2.conf.j2
     dest: /etc/icinga2/icinga2.conf
-    owner: icinga
-    group: icinga
+    owner: "{{ icinga2_node_owner }}"
+    group: "{{ icinga2_node_group }}"
   notify: linux node restart icinga2 service
 
 - name: ensure zones.conf corresponds to template
   template:
     src: zones.conf.j2
     dest: /etc/icinga2/zones.conf
-    owner: icinga
-    group: icinga
+    owner: "{{ icinga2_node_owner }}"
+    group: "{{ icinga2_node_group }}"
   notify: linux node restart icinga2 service
 
 - name: ensure NodeName constant is set

From 3c93643beec74560d1a02671d905882485a3e16c Mon Sep 17 00:00:00 2001
From: MajorDallas <79329882+MajorDallas@users.noreply.github.com>
Date: Tue, 16 Aug 2022 13:26:16 -0400
Subject: [PATCH 4/5] yum: disable gpg check; apt: always update cache

---
 tasks/linux.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tasks/linux.yml b/tasks/linux.yml
index e25ed32..b9883b5 100644
--- a/tasks/linux.yml
+++ b/tasks/linux.yml
@@ -15,6 +15,7 @@
   - name: ensure icinga2 repository is installed
     yum:
       name: "{{ icinga2_repo_icinga_url }}"
+      disable_gpg_check: yes
     when: icinga2_node_repo_icinga_install
 
   - name: ensure epel-release is installed
@@ -44,7 +45,7 @@
     apt:
       name: icinga2
       state: latest  # noqa 403
-      cache_valid_time: 86400
+      update_cache: yes
 
   - name: ensure nagios-plugins are installed (Debian)
     apt:

From d78c0342e507597d3dfb77119cb00e17e03cad26 Mon Sep 17 00:00:00 2001
From: MajorDallas <79329882+MajorDallas@users.noreply.github.com>
Date: Mon, 27 Nov 2023 15:27:58 -0500
Subject: [PATCH 5/5] Adds icinga2_cs_host_groups to host template

---
 README.md              | 1 +
 templates/host.conf.j2 | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 4ae187e..e64ff9f 100644
--- a/README.md
+++ b/README.md
@@ -64,6 +64,7 @@ icinga2_cs_host_template: "generic-host-template #value for template to import i
 icinga2_cs_host_display_name: "My Appserver" #value for display_name in host config | DEFAULT: undefined
 icinga2_cs_host_notes "Owner: Hans Muster" #value for notes in host config | DEFAULT: undefined
 icinga2_cs_host_custom_block: "" #custom block to include in host config | DEFAULT: undefined
+icinga2_cs_host_groups: #array of vars to include in groups via `groups +=` | DEFAULT: undefined
 icinga2_cs_host_vars: #array of vars to include in host config | DEFAULT: undefined
  - os: windows
  - role: dc
diff --git a/templates/host.conf.j2 b/templates/host.conf.j2
index 083d1ca..12feba9 100644
--- a/templates/host.conf.j2
+++ b/templates/host.conf.j2
@@ -8,6 +8,14 @@ object Host "{{ icinga2_cs_host_objectname }}" {
 {% if icinga2_cs_host_notes is defined %}
   notes = "{{ icinga2_cs_host_notes }}"
 {% endif %}
+{% if icinga2_cs_host_groups is defined %}
+  groups += [
+    {%- for g in icinga2_cs_host_groups %}
+	{{'\n    "' + g + '",'}}
+	{%- endfor %}
+
+  ]
+{% endif %}
 {% if icinga2_cs_host_check_command is defined %}
   check_command = "{{ icinga2_cs_host_check_command }}"
 {% endif %}