Vendor Galaxy Roles and Collections

ansible_collections/debops/debops/roles/icinga_web/COPYRIGHT

@@ -0,0 +1,21 @@
+debops.icinga_web - Manage Icinga 2 Webservice using Ansible
+
+Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+Copyright (C) 2020 Gabriel Lewertowski <gabriel.lewertowski@trust-in-soft.com>
+Copyright (C) 2023 David Härdeman <david@hardeman.nu>
+Copyright (C) 2018 DebOps <https://debops.org/>
+SPDX-License-Identifier: GPL-3.0-only
+
+This Ansible role is part of DebOps.
+
+DebOps is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 3, as
+published by the Free Software Foundation.
+
+DebOps is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with DebOps. If not, see https://www.gnu.org/licenses/.

ansible_collections/debops/debops/roles/icinga_web/files/script/icingaweb-config2

@@ -0,0 +1,56 @@
+#!/usr/bin/env python2
+
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Get current Icinga Web configuration values
+
+from __future__ import print_function
+from json import dumps
+from os import path
+from os import listdir
+from os import walk
+
+try:
+    from configparser import ConfigParser
+except ImportError:
+    from ConfigParser import ConfigParser
+
+
+def get_config(config_file):
+    config_data = []
+    if path.isfile(config_file):
+        config = ConfigParser()
+        config.read(config_file)
+
+        for section in config.sections():
+
+            section_options = []
+            for name, value in config.items(section):
+                section_options.append({"name": name,
+                                        "value": value.strip('"')})
+
+            config_data.append({"name": section, "options": section_options})
+    return config_data
+
+
+output = {}
+
+root_config_dir = '/etc/icingaweb2'
+
+ini_directories = [x[0] for x in walk(root_config_dir)]
+
+for dir_path in ini_directories:
+    if path.exists(dir_path):
+
+        ini_prefix = dir_path.lstrip(root_config_dir)
+        ini_files = ([f for f in listdir(dir_path)
+                      if (path.isfile(path.join(dir_path, f))
+                      and f.endswith('.ini'))])
+
+        for ini_file in ini_files:
+            output.update({path.join(ini_prefix, ini_file).lstrip('/'):
+                           get_config(path.join(dir_path, ini_file))})
+
+print(dumps(output, sort_keys=True, indent=4))

ansible_collections/debops/debops/roles/icinga_web/files/script/icingaweb-config3

@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Get current Icinga Web configuration values
+
+from __future__ import print_function
+from json import dumps
+from os import path
+from os import listdir
+from os import walk
+
+try:
+    from configparser import ConfigParser
+except ImportError:
+    from ConfigParser import ConfigParser
+
+
+def get_config(config_file):
+    config_data = []
+    if path.isfile(config_file):
+        config = ConfigParser()
+        config.read(config_file)
+
+        for section in config.sections():
+
+            section_options = []
+            for name, value in config.items(section):
+                section_options.append({"name": name,
+                                        "value": value.strip('"')})
+
+            config_data.append({"name": section, "options": section_options})
+    return config_data
+
+
+output = {}
+
+root_config_dir = '/etc/icingaweb2'
+
+ini_directories = [x[0] for x in walk(root_config_dir)]
+
+for dir_path in ini_directories:
+    if path.exists(dir_path):
+
+        ini_prefix = dir_path.lstrip(root_config_dir)
+        ini_files = ([f for f in listdir(dir_path)
+                      if (path.isfile(path.join(dir_path, f))
+                      and f.endswith('.ini'))])
+
+        for ini_file in ini_files:
+            output.update({path.join(ini_prefix, ini_file).lstrip('/'):
+                           get_config(path.join(dir_path, ini_file))})
+
+print(dumps(output, sort_keys=True, indent=4))

ansible_collections/debops/debops/roles/icinga_web/meta/main.yml

@@ -0,0 +1,31 @@
+---
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Ensure that custom Ansible plugins and modules included in the main DebOps
+# collection are available to roles in other collections.
+collections: [ 'debops.debops' ]
+
+dependencies: []
+
+galaxy_info:
+
+  author: 'Maciej Delmanowski'
+  description: 'Manage Icinga 2 Web installation'
+  company: 'DebOps'
+  license: 'GPL-3.0-only'
+  min_ansible_version: '2.4.0'
+  platforms:
+    - name: Ubuntu
+      versions:
+        - xenial
+        - bionic
+    - name: Debian
+      versions:
+        - stretch
+        - buster
+  galaxy_tags:
+    - monitoring
+    - icinga
+    - nagios

ansible_collections/debops/debops/roles/icinga_web/meta/watch-businessprocess

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: businessprocess
+# Version: 2.3.1
+
+version=4
+https://github.com/Icinga/icingaweb2-module-businessprocess/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-cube

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: cube
+# Version: 1.1.1
+
+version=4
+https://github.com/Icinga/icingaweb2-module-cube/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-director

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: director
+# Version: 1.8.1
+
+version=4
+https://github.com/Icinga/icingaweb2-module-director/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-elasticsearch

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: elasticsearch
+# Version: 0.9.0
+
+version=4
+https://github.com/Icinga/icingaweb2-module-elasticsearch/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-generictts

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: generictts
+# Version: 2.0.0
+
+version=4
+https://github.com/Icinga/icingaweb2-module-generictts/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-grafana

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: grafana
+# Version: 1.4.2
+
+version=4
+https://github.com/Mikesch-mp/icingaweb2-module-grafana/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-graphite

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: graphite
+# Version: 1.1.0
+
+version=4
+https://github.com/Icinga/icingaweb2-module-graphite/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-incubator

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: incubator
+# Version: 0.6.0
+
+version=4
+https://github.com/Icinga/icingaweb2-module-incubator/tags .*\/v?(\d[0-9.]+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-ipl

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: ipl
+# Version: 0.5.0
+
+version=4
+https://github.com/Icinga/icingaweb2-module-ipl/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-map

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: map
+# Version: 1.1.0
+
+version=4
+https://github.com/nbuchwitz/icingaweb2-module-map/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-pnp

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: pnp
+# Version: 1.1.0
+
+version=4
+https://github.com/Icinga/icingaweb2-module-pnp/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-reactbundle

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: reactbundle
+# Version: 0.9.0
+
+version=4
+https://github.com/Icinga/icingaweb2-module-reactbundle/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-toplevelview

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: toplevelview
+# Version: 0.3.3
+
+version=4
+https://github.com/Icinga/icingaweb2-module-toplevelview/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/meta/watch-x509

@@ -0,0 +1,10 @@
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: icinga_web
+# Package: x509
+# Version: 1.0.0
+
+version=4
+https://github.com/Icinga/icingaweb2-module-x509/tags .*\/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/icinga_web/tasks/main.yml

@@ -0,0 +1,321 @@
+---
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2020 Gabriel Lewertowski <gabriel.lewertowski@trust-in-soft.com>
+# Copyright (C) 2023 David Härdeman <david@hardeman.nu>
+# Copyright (C) 2018-2023 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+- name: Import custom Ansible plugins
+  ansible.builtin.import_role:
+    name: 'ansible_plugins'
+
+- name: Import DebOps global handlers
+  ansible.builtin.import_role:
+    name: 'global_handlers'
+
+- name: Import DebOps secret role
+  ansible.builtin.import_role:
+    name: 'secret'
+
+- name: Assert that the DB types are valid
+  ansible.builtin.assert:
+    that:
+      - 'icinga_web__database_map[icinga_web__database_type].db_name is defined'
+      - 'icinga_web__director_enabled | d(False) | bool == False or
+         icinga_web__director_database_map[icinga_web__director_database_type].db_name is defined'
+      - 'icinga_web__x509_enabled | d(False) | bool == False or
+         icinga_web__x509_database_map[icinga_web__x509_database_type].db_name is defined'
+  become: False
+  run_once: True
+  delegate_to: 'localhost'
+
+- name: Install required Icinga Web packages
+  ansible.builtin.package:
+    name: '{{ q("flattened", icinga_web__base_packages + icinga_web__packages) }}'
+    state: 'present'
+  register: icinga_web__register_packages
+  until: icinga_web__register_packages is succeeded
+
+- name: Get current Icinga Web configuration
+  ansible.builtin.script: 'script/icingaweb-config{{ "2" if (ansible_python_version is version_compare("3.5", "<")) else "3" }}'
+  register: icinga_web__register_config
+  changed_when: False
+  check_mode: False
+
+- name: Ensure that configuration directories exist
+  ansible.builtin.file:
+    path: '/etc/icingaweb2/{{ item.name }}'
+    state: 'directory'
+    owner: '{{ icinga_web__user }}'
+    group: '{{ icinga_web__group }}'
+    mode: '{{ item.mode | d("02770") }}'
+  with_items:
+    - name: 'enabledModules'
+      mode: '02750'
+    - name: 'modules/monitoring'
+    - name: 'modules/director'
+    - name: 'modules/x509'
+  when: item.state | d('present') not in ['absent', 'ignore', 'init']
+
+- name: Download and install Icinga upstream modules
+  ansible.builtin.git:
+    repo: '{{ item.git_repo }}'
+    dest: '{{ icinga_web__src + "/" + item.git_repo.split("://")[1] }}'
+    version: '{{ item.git_version }}'
+  with_items: '{{ (icinga_web__default_modules + icinga_web__modules) | debops.debops.parse_kv_items }}'
+  when: item.name | d() and item.git_repo | d() and
+        item.git_version | d() and item.state | d('present') != 'absent'
+
+- name: Symlink Icinga upstream modules to Icinga Web application
+  ansible.builtin.file:
+    path: '{{ "/usr/share/icingaweb2/modules/" + item.name }}'
+    src: '{{ icinga_web__src + "/" + item.git_repo.split("://")[1] }}'
+    state: 'link'
+    force: '{{ True if ansible_check_mode | bool else omit }}'
+    mode: '0755'
+  with_items: '{{ (icinga_web__default_modules + icinga_web__modules) | debops.debops.parse_kv_items }}'
+  when: item.name | d() and item.git_repo | d() and
+        item.git_version | d() and item.state | d('present') != 'absent'
+
+- name: Manage Icinga Web modules
+  ansible.builtin.file:
+    path: '/etc/icingaweb2/enabledModules/{{ item.name }}'
+    src: '{{ (item.path | d("/usr/share/icingaweb2/modules/" + item.name))
+             if (item.state | d("present") != "absent" and (item.enabled | d(True)) | bool) else omit }}'
+    state: '{{ "link" if (item.state | d("present") != "absent" and (item.enabled | d(True)) | bool) else "absent" }}'
+    force: '{{ True if ansible_check_mode | bool else omit }}'
+    mode: '0755'
+  with_items: '{{ (icinga_web__default_modules + icinga_web__modules) | debops.debops.parse_kv_items }}'
+  when: item.name | d()
+
+- name: Generate Icinga Web configuration
+  ansible.builtin.template:
+    src: 'etc/icingaweb2/template.ini.j2'
+    dest: '/etc/icingaweb2/{{ item.filename }}'
+    owner: '{{ icinga_web__user }}'
+    group: '{{ icinga_web__group }}'
+    mode: '0660'
+  no_log: '{{ debops__no_log | d(item.no_log) | d(False) }}'
+  with_items:
+    - filename: 'authentication.ini'
+      config: '{{ icinga_web__combined_authentication }}'
+    - filename: 'config.ini'
+      config: '{{ icinga_web__combined_config }}'
+    - filename: 'groups.ini'
+      config: '{{ icinga_web__combined_groups }}'
+    - filename: 'resources.ini'
+      config: '{{ icinga_web__combined_resources }}'
+      no_log: '{{ debops__no_log | d(True) }}'
+    - filename: 'roles.ini'
+      config: '{{ icinga_web__combined_roles }}'
+    - filename: 'modules/monitoring/backends.ini'
+      config: '{{ icinga_web__combined_backends }}'
+    - filename: 'modules/monitoring/commandtransports.ini'
+      config: '{{ icinga_web__combined_commandtransports }}'
+    - filename: 'modules/director/config.ini'
+      config: '{{ icinga_web__combined_director_cfg }}'
+    - filename: 'modules/director/kickstart.ini'
+      config: '{{ icinga_web__combined_director_kickstart_cfg }}'
+    - filename: 'modules/x509/config.ini'
+      config: '{{ icinga_web__combined_x509_cfg }}'
+  when: item.state | d('present') not in ['absent', 'ignore', 'init']
+
+- name: Generate initial data file
+  ansible.builtin.template:
+    src: 'tmp/icingaweb-initial-data.sql.j2'
+    dest: '/tmp/icingaweb-initial-data.sql'
+    owner: 'root'
+    group: 'root'
+    mode: '0600'
+  when: icinga_web__database_init | bool
+  no_log: '{{ debops__no_log | d(True) }}'
+
+- name: Create Icinga Web PostgreSQL tables
+  community.postgresql.postgresql_db:
+    name: '{{ icinga_web__database_name }}'
+    state: 'restore'
+    target: '{{ item }}'
+    login_host: '{{ icinga_web__database_host }}'
+    login_user: '{{ icinga_web__database_user }}'
+    login_password: '{{ icinga_web__database_password }}'
+    ssl_mode: '{{ "verify-full" if icinga_web__database_ssl | d(False) | bool else "disable" }}'
+  with_items:
+    - '{{ icinga_web__database_schema }}'
+    - '/tmp/icingaweb-initial-data.sql'
+  no_log: '{{ debops__no_log | d(True) }}'
+  when: icinga_web__database_type == 'postgresql' and
+        icinga_web__database_init | bool
+
+- name: Create Icinga Web x509 PostgreSQL tables
+  community.postgresql.postgresql_db:
+    name: '{{ icinga_web__x509_database_name }}'
+    state: 'restore'
+    target: '{{ icinga_web__x509_database_schema }}'
+    login_host: '{{ icinga_web__x509_database_host }}'
+    login_user: '{{ icinga_web__x509_database_user }}'
+    login_password: '{{ icinga_web__x509_database_password }}'
+    ssl_mode: '{{ "verify-full" if icinga_web__x509_database_ssl | d(False) | bool else "disable" }}'
+  no_log: '{{ debops__no_log | d(True) }}'
+  when: icinga_web__x509_enabled | bool and
+        icinga_web__x509_database_type == 'postgresql' and
+        icinga_web__x509_database_init | bool
+
+- name: Create Icinga Web MariaDB tables
+  community.mysql.mysql_db:
+    name: '{{ icinga_web__database_name }}'
+    state: 'import'
+    target: '{{ item }}'
+    login_host: '{{ icinga_web__database_host }}'
+    login_user: '{{ icinga_web__database_user }}'
+    login_password: '{{ icinga_web__database_password }}'
+    check_hostname: '{{ icinga_web__database_ssl | d(False) | bool }}'
+  with_items:
+    - '{{ icinga_web__database_schema }}'
+    - '/tmp/icingaweb-initial-data.sql'
+  no_log: '{{ debops__no_log | d(True) }}'
+  when: icinga_web__database_type == 'mariadb' and
+        icinga_web__database_init | bool
+
+- name: Create Icinga Web x509 MariaDB tables
+  community.mysql.mysql_db:
+    name: '{{ icinga_web__x509_database_name }}'
+    state: 'import'
+    target: '{{ icinga_web__x509_database_schema }}'
+    login_host: '{{ icinga_web__x509_database_host }}'
+    login_port: '{{ icinga_web__x509_database_port }}'
+    login_user: '{{ icinga_web__x509_database_user }}'
+    login_password: '{{ icinga_web__x509_database_password }}'
+    check_hostname: '{{ icinga_web__x509_database_ssl | d(False) | bool }}'
+  no_log: '{{ debops__no_log | d(True) }}'
+  when: icinga_web__x509_enabled | bool and
+        icinga_web__x509_database_type == 'mariadb' and
+        icinga_web__x509_database_init | bool
+
+- name: Ensure that initial data schema is removed
+  ansible.builtin.file:
+    path: '/tmp/icingaweb-initial-data.sql'
+    state: 'absent'
+
+- name: Create or migrate Icinga Director database
+  ansible.builtin.command: 'icingacli director migration run'
+  register: icinga_web__register_director_migrate
+  changed_when: icinga_web__register_director_migrate.changed | bool
+  when: icinga_web__director_enabled | bool and
+        icinga_web__director_database_init | bool
+
+- name: Kickstart Icinga Director configuration
+  ansible.builtin.command: 'icingacli director kickstart run'
+  register: icinga_web__register_director_kickstart
+  changed_when: icinga_web__register_director_kickstart.changed | bool
+  when: icinga_web__director_enabled | bool and
+        icinga_web__director_database_init | bool and
+        icinga_web__director_kickstart_enabled | bool
+
+- name: Deploy Icinga Director configuration
+  ansible.builtin.command: 'icingacli director config deploy'
+  register: icinga_web__register_director_deploy
+  changed_when: icinga_web__register_director_deploy.changed | bool
+  when: icinga_web__director_enabled | bool and
+        icinga_web__director_database_init | bool and
+        icinga_web__director_kickstart_enabled | bool
+
+- name: Create Director Unix account
+  ansible.builtin.user:
+    name: '{{ icinga_web__director_user }}'
+    group: '{{ icinga_web__director_group }}'
+    system: True
+    home: '{{ icinga_web__director_home }}'
+    shell: '{{ icinga_web__director_shell }}'
+
+- name: Set permissions on Director home directory
+  ansible.builtin.file:
+    path: '{{ icinga_web__director_home }}'
+    mode: '{{ icinga_web__director_home_mode }}'
+
+- name: Check if old Director jobs service exists
+  ansible.builtin.stat:
+    path: '/etc/systemd/system/icinga2-director-jobs.service'
+  register: icinga_web__register_director_jobs_service
+
+- name: Stop and disable old Director jobs service
+  ansible.builtin.systemd:
+    name: 'icinga2-director-jobs.service'
+    state: 'stopped'
+    enabled: False
+  when: icinga_web__register_director_jobs_service.stat.exists
+
+- name: Remove old Director jobs service
+  ansible.builtin.file:
+    path: '/etc/systemd/system/icinga2-director-jobs.service'
+    state: 'absent'
+
+- name: Configure Director service
+  ansible.builtin.template:
+    src: 'etc/systemd/system/icinga-director.service.j2'
+    dest: '/etc/systemd/system/icinga-director.service'
+    mode: '0644'
+
+- name: Start and enable Director service
+  ansible.builtin.systemd:
+    daemon_reload: True
+    name: 'icinga-director.service'
+    enabled: True
+    state: 'started'
+  when: icinga_web__director_enabled | bool
+
+- name: Stop and disable Director service
+  ansible.builtin.systemd:
+    name: 'icinga-director.service'
+    enabled: False
+    state: 'stopped'
+  when: not icinga_web__director_enabled | bool
+
+- name: Import CA certificates to Icinga Web x509 truststore
+  ansible.builtin.command: 'icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt'
+  register: icinga_web__register_import_ca
+  changed_when: icinga_web__register_import_ca.changed | bool
+  when: icinga_web__x509_enabled | bool and
+        icinga_web__x509_database_init | bool
+
+- name: Make sure that Ansible local facts directory exists
+  ansible.builtin.file:
+    path: '/etc/ansible/facts.d'
+    state: 'directory'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+
+- name: Save Icinga Web local facts
+  ansible.builtin.template:
+    src: 'etc/ansible/facts.d/icinga_web.fact.j2'
+    dest: '/etc/ansible/facts.d/icinga_web.fact'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+  notify: [ 'Refresh host facts' ]
+  tags: [ 'meta::facts' ]
+
+- name: Update Ansible facts if they were modified
+  ansible.builtin.meta: 'flush_handlers'
+
+- name: Register Icinga templates in Icinga Director
+  ansible.builtin.uri:
+    body_format: 'json'
+    headers:
+      Accept: 'application/json'
+    method: 'POST'
+    body: '{{ item.data }}'
+    url: '{{ icinga_web__director_api_url + item.api_endpoint }}'
+    user: '{{ icinga_web__director_api_user }}'
+    password: '{{ icinga_web__director_api_password }}'
+    status_code: [ '201', '422', '500' ]
+    force_basic_auth: True
+  loop: '{{ icinga_web__director_combined_templates | debops.debops.parse_kv_items }}'
+  loop_control:
+    label: '{{ {"name": item.name, "state": item.state | d("present")} }}'
+  register: icinga_web__register_director_templates
+  when: icinga_web__director_enabled | bool and
+        item.state | d('present') not in ['absent', 'init', 'ignore']
+  changed_when: icinga_web__register_director_templates.status == 201
+  no_log: '{{ debops__no_log | d(True) }}'
+  tags: [ 'role::icinga_web:templates' ]

ansible_collections/debops/debops/roles/icinga_web/templates/etc/ansible/facts.d/icinga_web.fact.j2

@@ -0,0 +1,30 @@
+#!{{ ansible_python['executable'] }}
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2018 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# {{ ansible_managed }}
+
+from __future__ import print_function
+from json import loads, dumps
+from sys import exit
+import os
+
+
+def cmd_exists(cmd):
+    return any(
+        os.access(os.path.join(path, cmd), os.X_OK)
+        for path in os.environ["PATH"].split(os.pathsep)
+    )
+
+
+output = loads('''{{ {"installed": False,
+                      "x509_installed": icinga_web__x509_enabled,
+                      "database_type": icinga_web__database_type}
+                     | to_nice_json }}''')
+
+output['installed'] = cmd_exists('icingacli')
+
+print(dumps(output, sort_keys=True, indent=4))

ansible_collections/debops/debops/roles/icinga_web/templates/etc/icingaweb2/template.ini.j2

@@ -0,0 +1,19 @@
+{# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2018 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+{% for element in item.config | debops.debops.parse_kv_items %}
+{%   if element.state | d("present") not in [ "absent", "ignore", "init" ] %}
+{%     if not loop.first %}
+
+{%     endif %}
+{{ '[{}]'.format(element.name) }}
+{%     if element.options | d() %}
+{%       for thing in element.options %}
+{%         if thing.state | d("present") not in [ "absent", "ignore", "init" ] %}
+{{ '{} = "{}"'.format(thing.name, thing.value) }}
+{%         endif %}
+{%       endfor %}
+{%     endif %}
+{%   endif %}
+{% endfor %}

ansible_collections/debops/debops/roles/icinga_web/templates/etc/systemd/system/icinga-director.service.j2

@@ -0,0 +1,27 @@
+{# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2018 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+# {{ ansible_managed }}
+
+[Unit]
+Description=Icinga Director - Monitoring Configuration
+Documentation=https://icinga.com/docs/director/latest/
+Wants=network.target
+
+[Service]
+EnvironmentFile=-/etc/default/icinga-director
+EnvironmentFile=-/etc/sysconfig/icinga-director
+ExecStart=/usr/bin/icingacli director daemon run
+ExecReload=/bin/kill -HUP ${MAINPID}
+User={{ icinga_web__director_user }}
+SyslogIdentifier=icingadirector
+Type=notify
+
+NotifyAccess=main
+WatchdogSec=10
+RestartSec=30
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

ansible_collections/debops/debops/roles/icinga_web/templates/tmp/icingaweb-initial-data.sql.j2

@@ -0,0 +1,32 @@
+{# Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2018 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+-- {{ ansible_managed }}
+
+INSERT INTO icingaweb_group (id, name, ctime)
+VALUES
+{% for element in icinga_web__initial_account_groups %}
+{%   if element.name | d() and element.state | d('present') != 'absent' %}
+{{ "    ({}, '{}', NOW()){}".format(loop.index, element.name, (';' if loop.last else ',')) }}
+{%   endif %}
+{% endfor %}
+
+INSERT INTO icingaweb_user (name, active, password_hash, ctime)
+VALUES
+{% for element in icinga_web__initial_accounts %}
+{%   if element.name | d() and element.state | d('present') != 'absent' %}
+{{ "    ('{}', 1, '{}', NOW()){}".format(element.name,
+    (element.password_hash | d((element.password | d(icinga_web__default_account_password))
+    | password_hash('md5', (65534 | random(seed=(element.name + inventory_hostname))
+    | string | hash('sha256'))[0:8]))), (';' if loop.last else ',')) }}
+{%   endif %}
+{% endfor %}
+
+INSERT INTO icingaweb_group_membership (group_id, username, ctime)
+VALUES
+{% for element in icinga_web__initial_accounts %}
+{%   if element.name | d() and element.state | d('present') != 'absent' %}
+{{ "    ({}, '{}', NOW()){}".format(element.group_id | d('1'), element.name, (';' if loop.last else ',')) }}
+{%   endif %}
+{% endfor %}