summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/icinga2_agent.pp
blob: 5da7e2213aa90f1566ac5873de4f29b58707fa7b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# Class: profiles::icinga2_agent
# ==============================
#
# This class installs and configures an Icinga2 agent.
#
# Parameters
# ----------
#
# @param pki_ticket         Ticket for getting a signed certificate
#                           from the master
#
# @param master_host        Hostname of the master
#
# @param master_certificate TLS certificate of the master
#
# Examples
# --------
#
# @example
#   class roles::myhost {
#     include profiles::icinga2_agent
#   }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2019 Jan Dittberner
class profiles::icinga2_agent (
  String $pki_ticket,
  String $master_host,
  String $master_certificate,
) {
  include 'profiles::icinga2_common'

  $icinga_master_cert = '/var/lib/icinga2/certs/trusted-cert.crt'

  file { $icinga_master_cert:
    ensure  => file,
    content => $master_certificate,
    owner   => 'nagios',
    group   => 'nagios',
    mode    => '0644',
    require => File['/var/lib/icinga2/certs'],
  }

  class { '::icinga2':
    confd       => false,
    manage_repo => false,
    features    => ['mainlog'],
  }

  class { '::icinga2::feature::api':
    pki             => 'icinga2',
    ca_host         => $master_host,
    ticket_id       => $pki_ticket,
    accept_config   => true,
    accept_commands => true,
    endpoints       => {
      'NodeName'   => {},
      $master_host => {
        host => $master_host,
      },
    },
    zones           => {
      'ZoneName'   => {
        'endpoints' => ['NodeName'],
        'parent'    => $master_host,
      },
      $master_host => {
        'endpoints' => [$master_host],
      },
    },
    require         => File[$icinga_master_cert],
  }

  icinga2::object::zone { 'global-templates':
    global => true,
  }

  @@icinga2::object::endpoint { $::fqdn:
    ensure        => present,
  }

  @@icinga2::object::zone { $::fqdn:
    ensure    => present,
    endpoints => [$::fqdn],
    parent    => $master_host,
  }

  package { 'monitoring-plugins-basic':
    ensure => latest,
  }
}