From 58095b98c4b5cda3cfb5e23d3903d4b699b55f3c Mon Sep 17 00:00:00 2001 From: Lennart Betz Date: Tue, 5 Sep 2017 20:13:19 +0200 Subject: [PATCH] fix #367, #366 and remove management of conf_dir --- manifests/feature/api.pp | 35 ++++++++++------------------------- manifests/install.pp | 9 +-------- manifests/params.pp | 7 ++++++- spec/classes/api_spec.rb | 12 ------------ 4 files changed, 17 insertions(+), 46 deletions(-) diff --git a/manifests/feature/api.pp b/manifests/feature/api.pp index 80eac658f..f4c166652 100644 --- a/manifests/feature/api.pp +++ b/manifests/feature/api.pp @@ -169,6 +169,8 @@ # pki directory must exists and icinga binary is required for icinga2 pki require ::icinga2::install + $icinga2_bin = $::icinga2::params::icinga2_bin + $bin_dir = $::icinga2::params::bin_dir $conf_dir = $::icinga2::params::conf_dir $pki_dir = $::icinga2::params::pki_dir $ca_dir = $::icinga2::params::ca_dir @@ -189,11 +191,6 @@ group => $group, } - Exec { - user => 'root', - path => $::path, - } - # validation validate_re($ensure, [ '^present$', '^absent$' ], "${ensure} isn't supported. Valid values are 'present' and 'absent'.") @@ -314,43 +311,31 @@ $ticket_id = icinga2_ticket_id($node_name, $ticket_salt) $trusted_cert = "${pki_dir}/trusted-cert.crt" - exec { 'icinga2 pki create key': - command => "icinga2 pki new-cert --cn '${node_name}' --key '${_ssl_key_path}' --cert '${_ssl_cert_path}'", - creates => $_ssl_key_path, + Exec { + path => $bin_dir, notify => Class['::icinga2::service'], } - -> file { - $_ssl_key_path: - mode => '0600'; - $_ssl_cert_path: + exec { 'icinga2 pki create key': + command => "${icinga2_bin} pki new-cert --cn ${node_name} --key ${_ssl_key_path} --cert ${_ssl_cert_path}", + creates => $_ssl_key_path, } -> exec { 'icinga2 pki get trusted-cert': - command => "icinga2 pki save-cert --host '${ca_host}' --port ${ca_port} --key '${_ssl_key_path}' --cert '${_ssl_cert_path}' --trustedcert '${trusted_cert}'", + command => "${icinga2_bin} pki save-cert --host ${ca_host} --port ${ca_port} --key ${_ssl_key_path} --cert ${_ssl_cert_path} --trustedcert ${trusted_cert}", creates => $trusted_cert, - notify => Class['::icinga2::service'], - } - - -> file { $trusted_cert: - ensure => file, } -> exec { 'icinga2 pki request': - command => "icinga2 pki request --host '${ca_host}' --port ${ca_port} --ca '${_ssl_cacert_path}' --key '${_ssl_key_path}' --cert '${_ssl_cert_path}' --trustedcert '${trusted_cert}' --ticket '${ticket_id}'", + command => "${icinga2_bin} pki request --host ${ca_host} --port ${ca_port} --ca ${_ssl_cacert_path} --key ${_ssl_key_path} --cert ${_ssl_cert_path} --trustedcert ${trusted_cert} --ticket ${ticket_id}", creates => $_ssl_cacert_path, - notify => Class['::icinga2::service'], - } - - -> file { $_ssl_cacert_path: - ensure => file, } } # icinga2 'ca': { class { '::icinga2::pki::ca': } - notice('This parameter is deprecated and will be removed in future versions! Please use ::icinga2::pki::ca instead') + warning('This parameter is deprecated and will be removed in future versions! Please use ::icinga2::pki::ca instead') } # ca } # case pki diff --git a/manifests/install.pp b/manifests/install.pp index 71c057394..189e2c139 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -17,8 +17,6 @@ assert_private() $package = $::icinga2::params::package - $conf_dir = $::icinga2::params::conf_dir - $purge_features = $::icinga2::purge_features $manage_package = $::icinga2::manage_package $pki_dir = $::icinga2::params::pki_dir $user = $::icinga2::params::user @@ -29,18 +27,13 @@ package { $package: ensure => installed, - before => File["${conf_dir}/features-enabled", $pki_dir, $conf_dir], + before => File[$pki_dir], } } - # anchor, i.e. for config directory set by confd parameter - file { $conf_dir: - ensure => directory, - } file { $pki_dir: ensure => directory, owner => $user, group => $group, - recurse => true, } } diff --git a/manifests/params.pp b/manifests/params.pp index 3b0e70530..6c6192a84 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -83,6 +83,8 @@ case $::kernel { 'linux': { + $icinga2_bin = 'icinga2' + $bin_dir = '/sbin' $conf_dir = '/etc/icinga2' $log_dir = '/var/log/icinga2' $run_dir = '/var/run/icinga2' @@ -134,8 +136,11 @@ } # Linux 'windows': { - $user = 'SYSTEM' + #$user = 'SYSTEM' + $user = undef $group = undef + $icinga2_bin = 'icinga2.exe' + $bin_dir = 'C:/Program Files/icinga2/sbin' $conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' $log_dir = 'C:/ProgramData/icinga2/var/log/icinga2' $run_dir = 'C:/ProgramData/icinga2/var/run/icinga2' diff --git a/spec/classes/api_spec.rb b/spec/classes/api_spec.rb index 50c9d0622..3a243ec28 100644 --- a/spec/classes/api_spec.rb +++ b/spec/classes/api_spec.rb @@ -76,10 +76,6 @@ it { is_expected.to contain_exec('icinga2 pki create key') } it { is_expected.to contain_exec('icinga2 pki get trusted-cert') } it { is_expected.to contain_exec('icinga2 pki request') } - - it { is_expected.to contain_file('/etc/icinga2/pki/host.example.org.key') } - it { is_expected.to contain_file('/etc/icinga2/pki/host.example.org.crt') } - it { is_expected.to contain_file('/etc/icinga2/pki/ca.crt') } end context "#{os} with pki => ca" do @@ -87,10 +83,6 @@ it { is_expected.to contain_exec('icinga2 pki create certificate signing request') } it { is_expected.to contain_exec('icinga2 pki sign certificate') } - - it { is_expected.to contain_file('/etc/icinga2/pki/host.example.org.key') } - it { is_expected.to contain_file('/etc/icinga2/pki/host.example.org.crt') } - it { is_expected.to contain_file('/etc/icinga2/pki/ca.crt') } end context "#{os} with pki => foo (not a valid value)" do @@ -384,10 +376,6 @@ it { is_expected.to contain_exec('icinga2 pki create key') } it { is_expected.to contain_exec('icinga2 pki get trusted-cert') } it { is_expected.to contain_exec('icinga2 pki request') } - - it { is_expected.to contain_file('C:/ProgramData/icinga2/etc/icinga2/pki/host.example.org.key') } - it { is_expected.to contain_file('C:/ProgramData/icinga2/etc/icinga2/pki/host.example.org.crt') } - it { is_expected.to contain_file('C:/ProgramData/icinga2/etc/icinga2/pki/ca.crt') } end