Skip to content

Commit

Permalink
Merge branch 'main' into remove-el7-support
Browse files Browse the repository at this point in the history
  • Loading branch information
lbetz authored Aug 15, 2024
2 parents 8716d9d + 2a9ea6c commit a79d35e
Show file tree
Hide file tree
Showing 29 changed files with 147 additions and 97 deletions.
3 changes: 3 additions & 0 deletions .github/labeler.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
skip-changelog:
- head-branch: ['^release-*', 'release']
2 changes: 1 addition & 1 deletion .msync.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
# Managed by modulesync - DO NOT EDIT
# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/

modulesync_config_version: '8.0.1'
modulesync_config_version: '9.0.0'
4 changes: 2 additions & 2 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -248,8 +248,8 @@ Default value: `true`

Data type: `Boolean`

If set to true the icinga selinux package is installed. Requires a `selinux_package_name` (icinga2::globals)
and `manage_packages` has to be set to true.
If set to true the icinga selinux package is installed if selinux is enabled. Also requires a
`selinux_package_name` (icinga2::globals) and `manage_packages` has to be set to true.

Default value: `false`

Expand Down
7 changes: 4 additions & 3 deletions manifests/config.pp
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,10 @@
}

File {
owner => $user,
group => $group,
mode => $file_permissions,
owner => $user,
group => $group,
mode => $file_permissions,
seltype => 'icinga2_etc_t',
}

file { "${conf_dir}/constants.conf":
Expand Down
7 changes: 4 additions & 3 deletions manifests/config/fragment.pp
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,10 @@
) {
if $facts['os']['family'] != 'windows' {
Concat {
owner => $icinga2::globals::user,
group => $icinga2::globals::group,
mode => '0640',
owner => $icinga2::globals::user,
group => $icinga2::globals::group,
seltype => 'icinga2_etc_t',
mode => '0640',
}
}

Expand Down
2 changes: 2 additions & 0 deletions manifests/feature.pp
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@
ensure => $_ensure,
owner => $user,
group => $group,
seluser => 'unconfined_u',
seltype => 'icinga2_etc_t',
target => "../features-available/${feature}.conf",
require => Concat["${conf_dir}/features-available/${feature}.conf"],
notify => Class['icinga2::service'],
Expand Down
40 changes: 29 additions & 11 deletions manifests/feature/api.pp
Original file line number Diff line number Diff line change
Expand Up @@ -185,25 +185,27 @@
# cert directory must exists and icinga binary is required for icinga2 pki
require icinga2::install

$icinga2_bin = $icinga2::globals::icinga2_bin
$conf_dir = $icinga2::globals::conf_dir
$cert_dir = $icinga2::globals::cert_dir
$ca_dir = $icinga2::globals::ca_dir
$user = $icinga2::globals::user
$group = $icinga2::globals::group
$node_name = $icinga2::_constants['NodeName']
$_ssl_key_mode = $facts['os']['family'] ? {
$icinga2_bin = $icinga2::globals::icinga2_bin
$manage_selinux = $icinga2::_selinux
$conf_dir = $icinga2::globals::conf_dir
$cert_dir = $icinga2::globals::cert_dir
$ca_dir = $icinga2::globals::ca_dir
$user = $icinga2::globals::user
$group = $icinga2::globals::group
$node_name = $icinga2::_constants['NodeName']
$_ssl_key_mode = $facts['os']['family'] ? {
'windows' => undef,
default => '0600',
}
$_notify = $ensure ? {
$_notify = $ensure ? {
'present' => Class['icinga2::service'],
default => undef,
}

File {
owner => $user,
group => $group,
owner => $user,
group => $group,
seltype => 'icinga2_var_lib_t',
}

# Set defaults for certificate stuff
Expand Down Expand Up @@ -357,6 +359,22 @@
create_resources('icinga2::object::endpoint', $endpoints)
create_resources('icinga2::object::zone', $zones)

if $manage_selinux and $bind_port {
# if port is free
exec { "Add port ${bind_port} for icinga2_port_t":
command => ['/usr/sbin/semanage', 'port', '-a', '-t', 'icinga2_port_t', '-p', 'tcp', $bind_port],
unless => "/usr/sbin/semanage port -l | grep -qw '\\s${bind_port}'",
before => Icinga2::Object['icinga2::object::ApiListener::api'],
}

# if port is also used by another app
exec { "Add available port ${bind_port} also for icinga2_port_t":
command => ['/usr/sbin/semanage', 'port', '-m', '-t', 'icinga2_port_t', '-p', 'tcp', $bind_port],
onlyif => "/usr/sbin/semanage port -l | grep -wv '^icinga2_port_t' | grep -wq '\s${bind_port}'",
before => Icinga2::Object['icinga2::object::ApiListener::api'],
}
}

# create object
icinga2::object { 'icinga2::object::ApiListener::api':
object_name => 'api',
Expand Down
5 changes: 0 additions & 5 deletions manifests/feature/elasticsearch.pp
Original file line number Diff line number Diff line change
Expand Up @@ -103,11 +103,6 @@
default => undef,
}

File {
owner => $owner,
group => $group,
}

if $enable_ssl {
$cert = icinga::cert::files(
'ElasticsearchWriter_elasticsearch',
Expand Down
5 changes: 0 additions & 5 deletions manifests/feature/gelf.pp
Original file line number Diff line number Diff line change
Expand Up @@ -73,11 +73,6 @@
default => undef,
}

File {
owner => $owner,
group => $group,
}

if $enable_ssl {
$cert = icinga::cert::files(
'GelfWriter_gelf',
Expand Down
8 changes: 3 additions & 5 deletions manifests/feature/icingadb.pp
Original file line number Diff line number Diff line change
Expand Up @@ -108,15 +108,13 @@
default => undef,
}

File {
owner => $owner,
group => $group,
}

if $env_id {
file { "${data_dir}/icingadb.env":
ensure => file,
owner => $owner,
group => $group,
mode => '0600',
seltype => 'icinga2_etc_t',
content => sprintf('"%s"', unwrap($env_id)),
show_diff => false,
tag => 'icinga2::config::file',
Expand Down
5 changes: 0 additions & 5 deletions manifests/feature/idomysql.pp
Original file line number Diff line number Diff line change
Expand Up @@ -142,11 +142,6 @@
default => undef,
}

File {
owner => $owner,
group => $group,
}

if $enable_ssl {
$cert = icinga::cert::files(
'IdoMysqlConnection_ido-mysql',
Expand Down
5 changes: 0 additions & 5 deletions manifests/feature/idopgsql.pp
Original file line number Diff line number Diff line change
Expand Up @@ -128,11 +128,6 @@
default => undef,
}

File {
owner => $owner,
group => $group,
}

if $enable_ssl {
$cert = icinga::cert::files(
'IdoPgsqlConnection_ido-pgsql',
Expand Down
5 changes: 0 additions & 5 deletions manifests/feature/influxdb.pp
Original file line number Diff line number Diff line change
Expand Up @@ -139,11 +139,6 @@
undef
}

File {
owner => $owner,
group => $group,
}

$host_template = { measurement => $host_measurement, tags => $host_tags }
$service_template = { measurement => $service_measurement, tags => $service_tags }

Expand Down
5 changes: 0 additions & 5 deletions manifests/feature/influxdb2.pp
Original file line number Diff line number Diff line change
Expand Up @@ -117,11 +117,6 @@
default => undef,
}

File {
owner => $owner,
group => $group,
}

$host_template = { measurement => $host_measurement, tags => $host_tags }
$service_template = { measurement => $service_measurement, tags => $service_tags }

Expand Down
13 changes: 11 additions & 2 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@
# If set to false packages aren't managed.
#
# @param manage_selinux
# If set to true the icinga selinux package is installed. Requires a `selinux_package_name` (icinga2::globals)
# and `manage_packages` has to be set to true.
# If set to true the icinga selinux package is installed if selinux is enabled. Also requires a
# `selinux_package_name` (icinga2::globals) and `manage_packages` has to be set to true.
#
# @param manage_service
# If set to true the service is managed otherwise the service also
Expand Down Expand Up @@ -126,6 +126,15 @@
) {
require icinga2::globals

$selinux_package_name = $icinga2::globals::selinux_package_name

# check selinux
$_selinux = if fact('os.selinux.enabled') and $facts['os']['selinux']['enabled'] and $selinux_package_name {
$manage_selinux
} else {
false
}

# load reserved words
$_reserved = $icinga2::globals::reserved

Expand Down
21 changes: 15 additions & 6 deletions manifests/install.pp
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@

$package_name = $icinga2::globals::package_name
$manage_packages = $icinga2::manage_packages
$manage_selinux = $icinga2::_selinux
$selinux_package_name = $icinga2::globals::selinux_package_name
$manage_selinux = $icinga2::manage_selinux
$cert_dir = $icinga2::globals::cert_dir
$conf_dir = $icinga2::globals::conf_dir
$user = $icinga2::globals::user
Expand All @@ -24,17 +24,26 @@
before => File[$cert_dir, $conf_dir],
}

if str2bool($manage_selinux) and $selinux_package_name {
if $manage_selinux {
package { $selinux_package_name:
ensure => installed,
require => Package[$package_name],
}
}
}

file { [$conf_dir, $cert_dir]:
ensure => directory,
owner => $user,
group => $group,
file {
default:
ensure => directory,
owner => $user,
group => $group,
mode => '0750',
;
$conf_dir:
seltype => 'icinga2_etc_t',
;
$cert_dir:
seltype => 'icinga2_var_lib_t',
;
}
}
7 changes: 4 additions & 3 deletions manifests/object.pp
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,10 @@
} # windows
default: {
Concat {
owner => $icinga2::globals::user,
group => $icinga2::globals::group,
mode => '0640',
owner => $icinga2::globals::user,
group => $icinga2::globals::group,
seltype => 'icinga2_etc_t',
mode => '0640',
}
} # default
}
Expand Down
5 changes: 3 additions & 2 deletions manifests/pki/ca.pp
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,9 @@
$_ssl_cacert_path = "${cert_dir}/ca.crt"

File {
owner => $user,
group => $group,
owner => $user,
group => $group,
seltype => 'icinga2_var_lib_t',
}

if $::facts['os']['family'] != 'windows' {
Expand Down
7 changes: 4 additions & 3 deletions manifests/query_objects.pp
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,10 @@
} # windows
default: {
Concat {
owner => $icinga2::globals::user,
group => $icinga2::globals::group,
mode => '0640',
owner => $icinga2::globals::user,
group => $icinga2::globals::group,
seltype => 'icinga2_etc_t',
mode => '0640',
}
} # default
}
Expand Down
9 changes: 5 additions & 4 deletions metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
},
{
"name": "icinga/icinga",
"version_requirement": ">= 2.9.0 < 6.0.0"
"version_requirement": ">= 2.9.0 < 7.0.0"
}
],
"operatingsystem_support": [
Expand Down Expand Up @@ -60,7 +60,6 @@
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"10",
"11",
"12"
]
Expand All @@ -69,13 +68,15 @@
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"20.04",
"22.04"
"22.04",
"24.04"
]
},
{
"operatingsystem": "Fedora",
"operatingsystemrelease": [
"32"
"39",
"40"
]
},
{
Expand Down
18 changes: 18 additions & 0 deletions spec/classes/api_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,24 @@
end
end

if facts[:os]['family'] == 'RedHat'
context 'with icinga2::manage_selinux => true, bind_port => 1234' do
let(:pre_condition) do
[
"class { 'icinga2': manage_selinux => true, features => [], constants => {'NodeName' => 'host.example.org'} }",
]
end

let(:params) do
{
bind_port: 1234,
}
end

it { is_expected.to contain_exec('Add port 1234 for icinga2_port_t') }
end
end

context "with pki => 'puppet'" do
let(:params) do
{
Expand Down
4 changes: 2 additions & 2 deletions spec/classes/elasticsearch_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,13 @@
when 'FreeBSD'
let(:icinga2_conf_dir) { '/usr/local/etc/icinga2' }
let(:icinga2_pki_dir) { '/var/lib/icinga2/certs' }
let(:icinga2_sslkey_mode) { '0400' }
let(:icinga2_sslkey_mode) { '0440' }
let(:icinga2_user) { 'icinga' }
let(:icinga2_group) { 'icinga' }
else
let(:icinga2_conf_dir) { '/etc/icinga2' }
let(:icinga2_pki_dir) { '/var/lib/icinga2/certs' }
let(:icinga2_sslkey_mode) { '0400' }
let(:icinga2_sslkey_mode) { '0440' }
case facts[:os]['family']
when 'Debian'
let(:icinga2_user) { 'nagios' }
Expand Down
Loading

0 comments on commit a79d35e

Please sign in to comment.