1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
# Class: profiles::icinga2_master
# ===============================
#
# This class installs and configures the Icinga2 master with
# PostgreSQL IDO backend
#
# Parameters
# ----------
#
# @param ido_database_password database password for Icinga2 IDO database
# @param web2_database_password database password for IcingaWeb2 database
# @param api_users Icinga2 API users
# @param pki_ticket_salt Ticket salt for API endpoint
# @param ca_key Icinga2 CA private key content
# @param ca_certificate Icinga2 CA certificate content
#
# Examples
# --------
#
# @example
# class roles::myhost {
# include profiles::icinga2_master
# }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2019 Jan Dittberner
class profiles::icinga2_master (
String $ido_database_password,
String $web2_database_password,
Hash[String, Hash[String, Variant[String, Tuple[String, 1]]]] $api_users,
String $pki_ticket_salt,
String $ca_key,
String $ca_certificate,
) {
include profiles::icinga2_common
include postgresql::server
class { '::icinga2':
manage_repo => false,
features => ['mainlog', 'checker'],
constants => {
'TicketSalt' => $pki_ticket_salt,
'ZoneName' => $::fqdn,
},
}
file { $::icinga2::globals::ca_dir:
ensure => directory,
owner => 'nagios',
group => 'nagios',
mode => '0755',
} ->
class { '::icinga2::pki::ca':
ca_cert => $ca_certificate,
ca_key => $ca_key,
}
postgresql::server::db { 'icinga2':
user => 'icinga2',
password => postgresql_password('icinga2', $ido_database_password),
}
class { '::icinga2::feature::idopgsql':
user => 'icinga2',
password => $ido_database_password,
database => 'icinga2',
import_schema => true,
require => Postgresql::Server::Db['icinga2'],
}
class { '::icinga2::feature::api':
pki => 'none',
}
icinga2::object::zone { 'global-templates':
global => true,
}
create_resources(icinga2::object::apiuser, $api_users)
Icinga2::Object::Zone <<| |>> ~> Service['icinga2']
Icinga2::Object::Endpoint <<| |>> ~> Service['icinga2']
postgresql::server::db { 'icingaweb2':
user => 'icingaweb2',
password => postgresql_password(
'icingaweb2', $web2_database_password
),
}
class { '::icingaweb2':
manage_repo => false,
import_schema => true,
db_type => 'pgsql',
db_host => 'localhost',
db_port => '5432',
db_username => 'icingaweb2',
db_password => $web2_database_password,
require => Postgresql::Server::Db['icingaweb2'],
}
class { '::icingaweb2::module::monitoring',
ido_type => 'pgsql',
ido_host => 'localhost',
ido_port => 5432,
ido_db_name => 'icinga2',
ido_db_username => 'icinga2',
ido_db_password => $ido_database_password,
commandtransports => {
icinga2 => {
transport => 'api',
username => 'root',
password => $api_users['root']['password'],
}
}
}
}
|
