sitemodules/profiles/manifests/icinga2_master.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

# Class: profiles::icinga2_master
# ===============================
#
# This class installs and configures the Icinga2 master with
# PostgreSQL IDO backend
#
# Parameters
# ----------
#
# @param ido_database_password  database password for Icinga2 IDO database
# @param web2_database_password database password for IcingaWeb2 database
# @param api_users              Icinga2 API users
# @param pki_ticket_salt        Ticket salt for API endpoint
# @param ca_key                 Icinga2 CA private key content
# @param ca_certificate         Icinga2 CA certificate content
#
# Examples
# --------
#
# @example
#   class roles::myhost {
#     include profiles::icinga2_master
#   }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2019 Jan Dittberner
class profiles::icinga2_master (
  String $ido_database_password,
  String $web2_database_password,
  Hash[String, Hash[String, Variant[String, Tuple[String, 1]]]] $api_users,
  String $pki_ticket_salt,
  String $ca_key,
  String $ca_certificate,
) {
  include profiles::icinga2_common
  include postgresql::server

  class { '::icinga2':
    manage_repo => false,
    features    => ['mainlog', 'checker'],
    constants   => {
      'TicketSalt' => $pki_ticket_salt,
      'ZoneName'   => $::fqdn,
    },
  }

  file { $::icinga2::globals::ca_dir:
    ensure => directory,
    owner  => 'nagios',
    group  => 'nagios',
    mode   => '0755',
  } ->
  class { '::icinga2::pki::ca':
    ca_cert => $ca_certificate,
    ca_key  => $ca_key,
  }

  postgresql::server::db { 'icinga2':
    user     => 'icinga2',
    password => postgresql_password('icinga2', $ido_database_password),
  }

  class { '::icinga2::feature::idopgsql':
    user          => 'icinga2',
    password      => $ido_database_password,
    database      => 'icinga2',
    import_schema => true,
    require       => Postgresql::Server::Db['icinga2'],
  }

  class { '::icinga2::feature::api':
    pki        => 'none',
  }

  icinga2::object::zone { 'global-templates':
    global => true,
  }

  create_resources(icinga2::object::apiuser, $api_users)

  Icinga2::Object::Zone <<| |>> ~> Service['icinga2']
  Icinga2::Object::Endpoint <<| |>> ~> Service['icinga2']
}