summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/icinga2_master.pp
diff options
context:
space:
mode:
Diffstat (limited to 'sitemodules/profiles/manifests/icinga2_master.pp')
-rw-r--r--sitemodules/profiles/manifests/icinga2_master.pp94
1 files changed, 87 insertions, 7 deletions
diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp
index acdaab8..258345c 100644
--- a/sitemodules/profiles/manifests/icinga2_master.pp
+++ b/sitemodules/profiles/manifests/icinga2_master.pp
@@ -7,13 +7,32 @@
# Parameters
# ----------
#
-# @param ido_database_password database password for Icinga2 IDO database
-# @param web2_database_password database password for IcingaWeb2 database
-# @param api_users Icinga2 API users
-# @param pki_ticket_salt Ticket salt for API endpoint
-# @param ca_key Icinga2 CA private key content
-# @param ca_certificate Icinga2 CA certificate content
-# @param $icingaweb_admins List of icingaweb admin users
+# @param ido_database_password database password for Icinga2 IDO database
+#
+# @param web2_database_password database password for IcingaWeb2 database
+#
+# @param api_users Icinga2 API users
+#
+# @param pki_ticket_salt Ticket salt for API endpoint
+#
+# @param ca_key Icinga2 CA private key content
+#
+# @param ca_certificate Icinga2 CA certificate content
+#
+# @param $icingaweb_admins List of icingaweb admin users
+#
+# @param git_pull_ssh_passphrase passphrase to use for the ssh key to pull new
+# configuration from the configuration repository
+#
+# @param git_pull_directory directory where the icinga2 configuration
+# is checked out
+#
+# @param git_pull_tokens list of tokens that are valid to trigger the
+# git pull hook
+#
+# @param git_repository configuration git repository
+#
+# @param git_branch configuration branch in the git repository
#
# Examples
# --------
@@ -40,8 +59,14 @@ class profiles::icinga2_master (
String $ca_key,
String $ca_certificate,
Array[String] $icingaweb_admins = ['icingaadmin'],
+ String $git_pull_ssh_passphrase,
+ String $git_pull_directory = '/etc/icinga2/conf.d',
+ Array[String] $git_pull_tokens,
+ String $git_repository = 'icinga2git@git:/var/lib/git/cacert-icinga2-conf_d.git',
+ String $git_branch = 'master',
) {
include profiles::icinga2_common
+ include profiles::systemd_reload
include postgresql::server
class { '::icinga2':
@@ -140,4 +165,59 @@ class profiles::icinga2_master (
permissions => '*',
require => Class['::icingaweb2'],
}
+
+ package { ['sshpass', 'git']:
+ ensure => installed,
+ }
+
+ $git_pull_hook = '/usr/local/sbin/icinga2-git-pull-hook'
+ $git_pull_hook_config = '/etc/default/icinga2-git-pull-hook.ini'
+ $git_pull_hook_service = '/etc/systemd/system/icinga2-git-pull-hook.service'
+
+ file { $git_pull_hook:
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0750',
+ source => 'puppet:///modules/profiles/icinga2_master/icinga2-git-pull-hook',
+ require => [Package['sshpass'], Package['git']],
+ notify => Exec['reload systemd configuration'],
+ }
+
+ file { $git_pull_hook_service:
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source => 'puppet:///modules/profiles/icinga2_master/icinga2-git-pull-hook.service',
+ notify => Exec['reload systemd configuration'],
+ }
+
+ file { $git_pull_hook_config:
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content => epp(
+ 'profiles/icinga2_master/icinga2-git-pull-hook.ini.epp',
+ {
+ 'ssh_passphrase' => $git_pull_ssh_passphrase,
+ 'tokens' => $git_pull_tokens,
+ 'git_directory' => $git_pull_directory,
+ 'git_repository' => $git_repository,
+ 'git_branch' => $git_branch,
+ }
+ ),
+ notify => Exec['reload systemd configuration'],
+ }
+
+ service { 'icinga2-git-pull-hook':
+ ensure => running,
+ enable => true,
+ require => [
+ File[$git_pull_hook],
+ File[$git_pull_hook_config],
+ File[$git_pull_hook_service],
+ ],
+ }
}