summaryrefslogtreecommitdiff
path: root/sitemodules
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-07-21 14:49:56 +0200
committerJan Dittberner <jandd@cacert.org>2019-07-21 14:49:56 +0200
commit75a96e7ce55f92c855324fe1b45017ade38e7004 (patch)
treeae08a8de3c40e2f9d451dbb3636487cde1e36fb5 /sitemodules
parent601b7f575aed0ae09dd2e62b8c179dede4110643 (diff)
downloadcacert-puppet-75a96e7ce55f92c855324fe1b45017ade38e7004.tar.gz
cacert-puppet-75a96e7ce55f92c855324fe1b45017ade38e7004.tar.xz
cacert-puppet-75a96e7ce55f92c855324fe1b45017ade38e7004.zip
Add missing changes for icinga2 module
Diffstat (limited to 'sitemodules')
-rw-r--r--sitemodules/profiles/manifests/icinga2_common.pp9
-rw-r--r--sitemodules/profiles/manifests/icinga2_master.pp259
2 files changed, 101 insertions, 167 deletions
diff --git a/sitemodules/profiles/manifests/icinga2_common.pp b/sitemodules/profiles/manifests/icinga2_common.pp
index 0c9bb0a..7cfdf91 100644
--- a/sitemodules/profiles/manifests/icinga2_common.pp
+++ b/sitemodules/profiles/manifests/icinga2_common.pp
@@ -33,10 +33,8 @@ class profiles::icinga2_common (
String $master_certificate,
) {
class { '::icinga2':
- manage_repo => false,
- manage_package => false,
- manage_service => false,
- purge_features => false,
+ manage_repo => false,
+ features => ['mainlog']
}
if $::lsbdistcodename == 'stretch' {
apt::pin { 'icinga2_backports':
@@ -53,9 +51,6 @@ class profiles::icinga2_common (
}
Apt::Pin['icinga2_backports'] -> Package <| name == 'icinga2' or name == 'icinga2-ido-pgsql' |>
}
- package { 'icinga2':
- ensure => latest,
- }
file { '/var/lib/icinga2/certs':
ensure => directory,
owner => 'nagios',
diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp
index e200fb3..ce196e0 100644
--- a/sitemodules/profiles/manifests/icinga2_master.pp
+++ b/sitemodules/profiles/manifests/icinga2_master.pp
@@ -42,6 +42,19 @@ class profiles::icinga2_master (
) {
include 'profiles::icinga2_common'
+ postgresql::server::db { 'icinga2':
+ user => 'icinga2',
+ password => postgresql_password('icinga2', $ido_database_password),
+ }
+
+ class { '::icinga2::feature::idopgsql':
+ user => 'icinga2',
+ password => $ido_database_password,
+ database => 'icinga2',
+ import_schema => true,
+ require => Postgresql::Server::Db['icinga2'],
+ }
+
class { '::icinga2::feature::api':
endpoints => {
$::fqdn => {},
@@ -53,170 +66,96 @@ class profiles::icinga2_master (
},
}
- postgresql::server::db { 'icinga2':
- user => 'icinga2',
- password => postgresql_password('icinga2', $ido_database_password),
- }
-
icinga2::object::zone { 'global-templates':
global => true,
}
- file { '/var/cache/debconf/icinga2-ido-pgsql.preseed':
- ensure => file,
- source => 'puppet:///modules/profiles/icinga2_master/icinga2-ido-pgsql.preseed',
- owner => 'root',
- group => 'root',
- mode => '0600',
- }
- package { 'icinga2-ido-pgsql':
- ensure => latest,
- responsefile => '/var/cache/debconf/icinga2-ido-pgsql.preseed',
- require => [
- Package['icinga2'],
- File['/var/cache/debconf/icinga2-ido-pgsql.preseed'],
- ]
- }
- file { '/etc/icinga2/icinga2.conf':
- ensure => file,
- source => 'puppet:///modules/profiles/icinga2_master/icinga2.conf',
- owner => 'root',
- group => 'root',
- mode => '0644',
- }
- file { '/etc/icinga2/init.conf':
- ensure => file,
- source => 'puppet:///modules/profiles/icinga2_master/init.conf',
- owner => 'root',
- group => 'root',
- mode => '0644',
- }
- file { '/etc/icinga2/features-available/checker.conf':
- ensure => file,
- source => 'puppet:///modules/profiles/icinga2_master/features-available/checker.conf',
- owner => 'root',
- group => 'root',
- mode => '0644',
- require => Package['icinga2'],
- }
- file { '/etc/icinga2/features-available/mainlog.conf':
- ensure => file,
- source => 'puppet:///modules/profiles/icinga2_master/features-available/mainlog.conf',
- owner => 'root',
- group => 'root',
- mode => '0644',
- require => Package['icinga2'],
- }
- file { '/etc/icinga2/features-enabled/checker.conf':
- ensure => link,
- target => '/etc/icinga2/features-available/checker.conf',
- owner => 'root',
- group => 'root',
- }
- file { '/etc/icinga2/features-enabled/mainlog.conf':
- ensure => link,
- target => '/etc/icinga2/features-available/mainlog.conf',
- owner => 'root',
- group => 'root',
- }
- file { '/etc/icinga2/features-enabled/notification.conf':
- ensure => link,
- target => '/etc/icinga2/features-available/notification.conf',
- owner => 'root',
- group => 'root',
- }
- file { '/etc/icinga2/zones.conf':
- ensure => file,
- content => epp('profiles/icinga2_master/zones.conf.epp'),
- owner => 'root',
- group => 'root',
- mode => '0644',
- require => Package['icinga2'],
- }
- file { '/etc/icinga2/conf.d/api-users.conf':
- ensure => file,
- content => epp('profiles/icinga2_master/conf.d/api-users.conf.epp', {
- 'api_users' => $api_users
- }),
- owner => 'root',
- group => 'nagios',
- mode => '0640',
- require => Package['icinga2'],
- }
- file { "/var/lib/icinga2/certs/${::facts['fqdn']}.key":
- ensure => file,
- owner => 'nagios',
- group => 'nagios',
- mode => '0600',
- content => $master_key,
- require => File['/var/lib/icinga2/certs'],
- }
- file { "/var/lib/icinga2/certs/${::facts['fqdn']}.csr":
- ensure => file,
- owner => 'nagios',
- group => 'nagios',
- mode => '0644',
- content => $master_csr,
- require => File['/var/lib/icinga2/certs'],
- }
- file { '/var/lib/icinga2/ca':
- ensure => directory,
- owner => 'nagios',
- group => 'nagios',
- mode => '0700',
- require => Package['icinga2'],
- }
- file { '/var/lib/icinga2/ca/ca.key':
- ensure => file,
- content => $ca_key,
- owner => 'nagios',
- group => 'nagios',
- mode => '0600',
- require => File['/var/lib/icinga2/ca'],
- }
- file { '/var/lib/icinga2/ca/ca.crt':
- ensure => file,
- content => $::profiles::icinga2_common::ca_certificate,
- owner => 'nagios',
- group => 'nagios',
- mode => '0644',
- require => File['/var/lib/icinga2/ca'],
- }
- exec { "/usr/sbin/icinga2 node setup --master":
- creates => "/etc/icinga2/features-enabled/api.conf",
- require => [
- Package['icinga2'],
- File['/var/lib/icinga2/ca/ca.key'],
- File["/var/lib/icinga2/certs/${::facts['fqdn']}.key"]
- ],
- notify => Service['icinga2'],
- }
- exec { '/usr/sbin/icinga2 feature enable ido-pgsql':
- creates => "/etc/icinga2/features-enabled/ido-pgsql.conf",
- require => Package['icinga2-ido-pgsql'],
- notify => Service['icinga2'],
- }
- service { 'icinga2':
- ensure => 'running',
- enable => true,
- require => [
- Package['icinga2'],
- Package['icinga2-ido-pgsql'],
- ],
- subscribe => [
- File['/etc/icinga2/icinga2.conf'],
- File['/etc/icinga2/init.conf'],
- File['/etc/icinga2/features-enabled/checker.conf'],
- File['/etc/icinga2/features-enabled/mainlog.conf'],
- File['/etc/icinga2/features-enabled/notification.conf'],
- File['/etc/icinga2/zones.conf'],
- File['/etc/icinga2/conf.d/api-users.conf'],
- File['/var/lib/icinga2/ca'],
- File['/var/lib/icinga2/ca/ca.key'],
- File['/var/lib/icinga2/ca/ca.crt'],
- File['/var/lib/icinga2/certs/ca.crt'],
- ],
- }
+ #file { '/etc/icinga2/conf.d/api-users.conf':
+ # ensure => file,
+ # content => epp('profiles/icinga2_master/conf.d/api-users.conf.epp', {
+ # 'api_users' => $api_users
+ # }),
+ # owner => 'root',
+ # group => 'nagios',
+ # mode => '0640',
+ # require => Package['icinga2'],
+ #}
+
+ create_resources(icinga2::object::apiuser, $api_users)
+ #file { "/var/lib/icinga2/certs/${::facts['fqdn']}.key":
+ # ensure => file,
+ # owner => 'nagios',
+ # group => 'nagios',
+ # mode => '0600',
+ # content => $master_key,
+ # require => File['/var/lib/icinga2/certs'],
+ #}
+ #file { "/var/lib/icinga2/certs/${::facts['fqdn']}.csr":
+ # ensure => file,
+ # owner => 'nagios',
+ # group => 'nagios',
+ # mode => '0644',
+ # content => $master_csr,
+ # require => File['/var/lib/icinga2/certs'],
+ #}
+ #file { '/var/lib/icinga2/ca':
+ # ensure => directory,
+ # owner => 'nagios',
+ # group => 'nagios',
+ # mode => '0700',
+ # require => Package['icinga2'],
+ #}
+ #file { '/var/lib/icinga2/ca/ca.key':
+ # ensure => file,
+ # content => $ca_key,
+ # owner => 'nagios',
+ # group => 'nagios',
+ # mode => '0600',
+ # require => File['/var/lib/icinga2/ca'],
+ #}
+ #file { '/var/lib/icinga2/ca/ca.crt':
+ # ensure => file,
+ # content => $::profiles::icinga2_common::ca_certificate,
+ # owner => 'nagios',
+ # group => 'nagios',
+ # mode => '0644',
+ # require => File['/var/lib/icinga2/ca'],
+ #}
+ #exec { "/usr/sbin/icinga2 node setup --master":
+ # creates => "/etc/icinga2/features-enabled/api.conf",
+ # require => [
+ # Package['icinga2'],
+ # File['/var/lib/icinga2/ca/ca.key'],
+ # File["/var/lib/icinga2/certs/${::facts['fqdn']}.key"]
+ # ],
+ # notify => Service['icinga2'],
+ #}
+ #exec { '/usr/sbin/icinga2 feature enable ido-pgsql':
+ # creates => "/etc/icinga2/features-enabled/ido-pgsql.conf",
+ # require => Package['icinga2-ido-pgsql'],
+ # notify => Service['icinga2'],
+ #}
+ #service { 'icinga2':
+ # ensure => 'running',
+ # enable => true,
+ # require => [
+ # Package['icinga2'],
+ # Package['icinga2-ido-pgsql'],
+ # ],
+ # subscribe => [
+ # File['/etc/icinga2/icinga2.conf'],
+ # File['/etc/icinga2/init.conf'],
+ # File['/etc/icinga2/features-enabled/checker.conf'],
+ # File['/etc/icinga2/features-enabled/mainlog.conf'],
+ # File['/etc/icinga2/features-enabled/notification.conf'],
+ # File['/etc/icinga2/zones.conf'],
+ # File['/etc/icinga2/conf.d/api-users.conf'],
+ # File['/var/lib/icinga2/ca'],
+ # File['/var/lib/icinga2/ca/ca.key'],
+ # File['/var/lib/icinga2/ca/ca.crt'],
+ # File['/var/lib/icinga2/certs/ca.crt'],
+ # ],
+ #}
Icinga2::Object::Zone <<| |>> ~> Service['icinga2']
Icinga2::Object::Endpoint <<| |>> ~> Service['icinga2']