Change icinga2_master role to use icinga2 module

3 files changed, 35 insertions, 6 deletions

diff --git a/Puppetfile b/Puppetfile
index 919f01f..5460b49 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -2,6 +2,7 @@ mod 'icinga/icinga2', :latest
 mod 'puppetlabs/apt', :latest
 mod 'puppetlabs/concat', :latest
 mod 'puppetlabs/mailalias_core', :latest
+mod 'puppetlabs/postgresql', :latest
 mod 'puppetlabs/stdlib', :latest
 mod 'saz/sudo', :latest
 mod 'stm/debconf', :latest
diff --git a/hieradata/nodes/monitor.yaml b/hieradata/nodes/monitor.yaml
index edb8eea..87c0ad6 100644
--- a/hieradata/nodes/monitor.yaml
+++ b/hieradata/nodes/monitor.yaml
@@ -7,8 +7,6 @@ profiles::base::admins:
 profiles::base::crl_job_enable: true
 profiles::base::crl_job_services:
   - apache2
-profiles::icinga2_master::web2_database_name: icingaweb2
-profiles::icinga2_master::web2_database_user: icingawb2
 profiles::icinga2_master::web2_database_password: >
     ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
     DQYJKoZIhvcNAQEBBQAEggEAIgd5qF6rnFWYhyo38MRacrz2VcYdoni/m8Zd
@@ -20,9 +18,20 @@ profiles::icinga2_master::web2_database_password: >
     ocPHkTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDV+5TW/J23xVA6MGZo
     zfzCgDBHbsaS9cJaGXgnZSKLOQwUlJmG7WgOL0FCgIEp8vYT8upZFuikokHH
     vGkNL7s7xDw=]
+profiles::icinga2_master::ido_database_password: >
+    ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
+    DQYJKoZIhvcNAQEBBQAEggEAQVzlV3aXJTf54OReOA96VsrAPutFLx939Qf2
+    pkjU4uzfh14wF6hCUBzJM3TsG8+EYFZmHQv7LqCbDQLfYVNs62sDlOBigWh4
+    za1YWqewtuasrvqZdUKPD1tIyIGLh2+idv0/XJHpkv7nt/oVRoINZdzO+Afr
+    dbx6Dx6aFWpX98HLQdsw/G1X8o+YZwwklASfSXCw/1pGLsPWWYSoYjyD4N9U
+    eaOTiPQ2OLLnJtkAlyUMxTeq76iJw67vj0Vu8QqATZAoVU9rA/FnliMiYGrB
+    GC/c/ACt9A5HZ6orBlztCqFj8/Z61pyFH2+09jCxODdgebyLt+gRuVP6RZvC
+    XcFLlzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB4LvLBDu+VZkAgtJ4b
+    nmt5gDBW4KHCxlUcs8bRo71HIiDcSMBOTahi2hMlzwNC12NZlIR2spYytjH4
+    2/8qhSpCx+U=]
 profiles::icinga2_master::api_users:
     -
-      username: root
+      apiuser_name: root
       password:  >
         ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEw
         DQYJKoZIhvcNAQEBBQAEggEAAXgaqzTk009MfssP5rTCvy5jC0j3Fq76LjSO
@@ -36,7 +45,7 @@ profiles::icinga2_master::api_users:
       permissions:
         - "*"
     -
-      username: client-pki-ticket
+      apiuser_name: client-pki-ticket
       password: >
         ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
         DQYJKoZIhvcNAQEBBQAEggEAjrore6zK7GJXbP9FZ6ORUWvpt7FS2fXHiwB+
diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp
index ece3674..e200fb3 100644
--- a/sitemodules/profiles/manifests/icinga2_master.pp
+++ b/sitemodules/profiles/manifests/icinga2_master.pp
@@ -33,8 +33,7 @@
 #
 # Copyright 2019 Jan Dittberner
 class profiles::icinga2_master (
-  String $web2_database_name,
-  String $web2_database_user,
+  String $ido_database_password,
   String $web2_database_password,
   Array[Hash[String, Variant[String, Tuple[String, 1]]]] $api_users,
   String $ca_key,
@@ -43,6 +42,26 @@ class profiles::icinga2_master (
 ) {
   include 'profiles::icinga2_common'
 
+  class { '::icinga2::feature::api':
+    endpoints => {
+      $::fqdn => {},
+    },
+    zones     => {
+      $::fqdn => {
+        'endpoints' => [$::fqdn],
+      },
+    },
+  }
+
+  postgresql::server::db { 'icinga2':
+    user     => 'icinga2',
+    password => postgresql_password('icinga2', $ido_database_password),
+  }
+
+  icinga2::object::zone { 'global-templates':
+    global => true,
+  }
+
   file { '/var/cache/debconf/icinga2-ido-pgsql.preseed':
     ensure => file,
     source => 'puppet:///modules/profiles/icinga2_master/icinga2-ido-pgsql.preseed',