diff --git a/.devcontainer/README.md b/.devcontainer/README.md index cc4675e5d..a71936168 100644 --- a/.devcontainer/README.md +++ b/.devcontainer/README.md @@ -13,14 +13,18 @@ https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/pupp // Set *default* container specific settings.json values on container create. "settings": { - "terminal.integrated.shell.linux": "/bin/bash" + "terminal.integrated.profiles.linux": { + "bash": { + "path": "bash", + } + } }, // Add the IDs of extensions you want installed when the container is created. "extensions": [ "puppet.puppet-vscode", "rebornix.Ruby" - ] + ], // Use 'forwardPorts' to make a list of ports inside the container available locally. "forwardPorts": [], diff --git a/.fixtures.puppet4.yml b/.fixtures.puppet4.yml deleted file mode 100644 index bb8bb1d37..000000000 --- a/.fixtures.puppet4.yml +++ /dev/null @@ -1,19 +0,0 @@ -fixtures: - forge_modules: - stdlib: - repo: icinga/icinga - stdlib: - repo: puppetlabs/stdlib - ref: 5.2.0 - concat: - repo: puppetlabs/concat - ref: 5.3.0 - apt: - repo: puppetlabs/apt - ref: 6.3.0 - chocolatey: - repo: puppetlabs/chocolatey - ref: 3.3.0 - zypprepo: - repo: puppet/zypprepo - ref: 2.2.2 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c1f75327c..f7545a421 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,6 +1,7 @@ name: Test on: + - workflow_dispatch - pull_request - push @@ -23,5 +24,5 @@ jobs: run: bundle exec rake rubocop - name: Run Puppet Linter run: bundle exec rake lint - - name: Check if REFERENCE.md is up2date - run: bundle exec rake strings:validate:reference + - name: Run unit tests + run: bundle exec rake parallel_spec diff --git a/.mailmap b/.mailmap deleted file mode 100644 index 203cc3784..000000000 --- a/.mailmap +++ /dev/null @@ -1,2 +0,0 @@ - - diff --git a/.rspec b/.rspec index b3eb8b494..16f9cdb01 100644 --- a/.rspec +++ b/.rspec @@ -1,2 +1,2 @@ --color ---format documentation \ No newline at end of file +--format documentation diff --git a/.rspec_parallel b/.rspec_parallel deleted file mode 100644 index 38f19f53a..000000000 --- a/.rspec_parallel +++ /dev/null @@ -1 +0,0 @@ ---format progress \ No newline at end of file diff --git a/.rubocop.yml b/.rubocop.yml index c483c4620..98443ac87 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -4,7 +4,7 @@ require: - rubocop-rspec AllCops: DisplayCopNames: true - TargetRubyVersion: '2.4' + TargetRubyVersion: '2.5' Include: - "**/*.rb" Exclude: @@ -518,4 +518,3 @@ Style/RedundantArgument: Enabled: false Style/SwapValues: Enabled: false - diff --git a/.sync.yml b/.sync.yml index a228b3026..938126e9a 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,3 +1,11 @@ +# This file can be used to customize the files managed by PDK. +# +# See https://github.com/puppetlabs/pdk-templates/blob/main/README.md +# for more information. +# +# See https://github.com/puppetlabs/pdk-templates/blob/main/config_defaults.yml +# for the default values. +--- --- Gemfile: optional: @@ -5,4 +13,4 @@ Gemfile: - gem: 'github_changelog_generator' git: 'https://github.com/skywinder/github-changelog-generator' ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' - condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')" \ No newline at end of file + condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2') diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index f797bd855..000000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,39 +0,0 @@ -# Contributing -A roadmap of this project is located at https://github.com/Icinga/puppet-icinga2/milestones. Please consider -this roadmap when you start contributing to the project. - -Before starting your work on this module, you should [fork the project] to your GitHub account. This allows you to -freely experiment with your changes. When your changes are complete, submit a [pull request]. All pull requests will be -reviewed and merged if they suit some general guidelines: - -* Changes are located in a topic branch -* For new functionality, proper tests are written -* Changes should not solve certain problems on special environments -* Your change does not handle third party software for which dedicated Puppet modules exist - * such as creating databases, installing webserver etc. - -## Notes - -* The master branch now is moved to v2.x - -## Branches -Choosing a proper name for a branch helps us identify its purpose and possibly find an associated bug or feature. -Generally a branch name should include a topic such as `fix` or `feature` followed by a description and an issue number -if applicable. Branches should have only changes relevant to a specific issue. - -``` -git checkout -b fix/service-template-typo-1234 -git checkout -b feature/config-handling-1235 -``` - -## Testing -Classes and defined types are unit tested with [RSpec]. For integration tests we use [Serverspec]. When modifying -existing classes or types, make sure all existing tests pass. If you add new functionality, make sure to write appropriate -tests as well. A complete guide on how to run tests is described in [TESTING.md]. - - -[fork the project]: https://help.github.com/articles/fork-a-repo/ -[pull request]: https://help.github.com/articles/using-pull-requests/ -[RSpec]: http://rspec-puppet.com/ -[Serverspec]: http://serverspec.org/ -[TESTING.md]: TESTING.md diff --git a/Gemfile b/Gemfile index 1818b963e..fc2865859 100644 --- a/Gemfile +++ b/Gemfile @@ -24,7 +24,7 @@ group :development do gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "github_changelog_generator", require: false, git: 'https://github.com/skywinder/github-changelog-generator', ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2') + gem "voxpupuli-puppet-lint-plugins", '>= 3.0', require: false end group :system_tests do gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] diff --git a/REFERENCE.md b/REFERENCE.md index 81a1726d2..d912bd647 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -54,7 +54,7 @@ start on boot and will be restarted if stopped. * [`icinga2::object::eventcommand`](#icinga2objecteventcommand): Manage Icinga 2 EventCommand objects. * [`icinga2::object::host`](#icinga2objecthost): Manage Icinga 2 Host objects. * [`icinga2::object::hostgroup`](#icinga2objecthostgroup): Manage Icinga 2 HostGroup objects. -* [`icinga2::object::icingaapplication`](#icinga2objecticingaapplication) +* [`icinga2::object::icingaapplication`](#icinga2objecticingaapplication): Manage Icinga 2 IcingaApplication objects. * [`icinga2::object::notification`](#icinga2objectnotification): Manage Icinga 2 notification objects. * [`icinga2::object::notificationcommand`](#icinga2objectnotificationcommand): Manage Icinga 2 notificationcommand objects. * [`icinga2::object::scheduleddowntime`](#icinga2objectscheduleddowntime): Manage Icinga 2 scheduleddowntime objects. @@ -69,13 +69,16 @@ start on boot and will be restarted if stopped. * `icinga2::feature`: Private define resource to used by this module only. * `icinga2::object`: Define resource to used by this module only. +* `icinga2::tls::client`: A class to generate tls key, cert and cacert paths. ### Functions +* [`icinga2::cert`](#icinga2cert): Choose the path of tls key, cert and ca file. * [`icinga2::icinga2_attributes`](#icinga2icinga2_attributes): Calls the simple parser to decide what to quote. For more information, see lib/puppet_x/icinga2/utils.rb. * [`icinga2::icinga2_ticket_id`](#icinga2icinga2_ticket_id): Summarise what the function does here -* [`icinga2::parse`](#icinga2parse) +* [`icinga2::parse`](#icinga2parse): This function parse icinga object attributes. +* [`icinga2::unwrap`](#icinga2unwrap): This function returns an unwrap string if necessary. ### Data types @@ -101,7 +104,7 @@ This module installs and configures Icinga 2. ```puppet -include ::icinga2 +include icinga2 ``` ##### If you want to use the module icinga/puppet-icinga, e.g. to use the official Icinga Project repositories, enable the manage_repos parameter. @@ -128,7 +131,7 @@ package { 'icinga2': notifiy => Class['icinga2'], } -class { '::icinga2': +class { 'icinga2': manage_packages => false, } ``` @@ -149,7 +152,7 @@ class { 'icinga2': ##### Enabling features with there defaults or loading parameters via Hiera: ```puppet -class { '::icinga2': +class { 'icinga2': manage_repos => true, features => ['checker', 'mainlog', 'command'], } @@ -326,7 +329,7 @@ Configures the Icinga 2 feature api. ##### Use the puppet certificates and key copy these files to the cert directory named to 'hostname.key', 'hostname.crt' and 'ca.crt' if the contant NodeName is set to 'hostname'. ```puppet -include ::icinga2::feature::api +include icinga2::feature::api ``` ##### To use your own certificates and key as file resources if the contant NodeName is set to fqdn (default) do: @@ -363,7 +366,7 @@ class { 'icinga2::feature::api': ##### Fine tune TLS settings ```puppet -class { '::icinga2::feature::api': +class { 'icinga2::feature::api': ssl_protocolmin => 'TLSv1.2', ssl_cipher_list => 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', } @@ -372,7 +375,7 @@ class { '::icinga2::feature::api': ##### Transfer a CA certificate and key from an existing CA by using the file resource: ```puppet -include ::icinga2 +include icinga2 file { '/var/lib/icinga2/ca/ca.crt': source => '...', @@ -563,7 +566,7 @@ Data type: `Hash[String, Hash]` Hash to configure zone objects. `ZoneName` and `NodeName` are icinga2 constants. -Default value: `{ 'ZoneName' => { endpoints => [ 'NodeName' ] } }` +Default value: `{ 'ZoneName' => { endpoints => ['NodeName'] } }` ##### `ssl_protocolmin` @@ -771,7 +774,7 @@ Data type: `Stdlib::Absolutepath` Absolute path to the log file. -Default value: `"${::icinga2::globals::log_dir}/debug.log"` +Default value: `"${icinga2::globals::log_dir}/debug.log"` ### `icinga2::feature::elasticsearch` @@ -1102,7 +1105,7 @@ Configures the Icinga 2 feature graphite. ##### ```puppet -class { '::icinga2::feature::graphite': +class { 'icinga2::feature::graphite': host => '10.10.0.15', port => 2003, enable_send_thresholds => true, @@ -1201,6 +1204,19 @@ The following parameters are available in the `icinga2::feature::icingadb` class * [`socket_path`](#socket_path) * [`connect_timeout`](#connect_timeout) * [`password`](#password) +* [`env_id`](#env_id) +* [`enable_tls`](#enable_tls) +* [`tls_key_file`](#tls_key_file) +* [`tls_cert_file`](#tls_cert_file) +* [`tls_cacert_file`](#tls_cacert_file) +* [`tls_crl_file`](#tls_crl_file) +* [`tls_key`](#tls_key) +* [`tls_cert`](#tls_cert) +* [`tls_cacert`](#tls_cacert) +* [`tls_capath`](#tls_capath) +* [`tls_cipher`](#tls_cipher) +* [`tls_protocolmin`](#tls_protocolmin) +* [`tls_noverify`](#tls_noverify) ##### `ensure` @@ -1250,6 +1266,116 @@ IcingaDB Redis password. The password parameter isn't parsed anymore. Default value: ``undef`` +##### `env_id` + +Data type: `Optional[Variant[String, Sensitive[String]]]` + +The ID is used in all Icinga DB components to separate data from multiple +different environments and is written to the file `/var/lib/icinga2/icingadb.env` +by Icinga 2. Icinga 2 generates a unique environment ID from its CA certificate +when it is first started with the Icinga DB feature enabled. + +Default value: ``undef`` + +##### `enable_tls` + +Data type: `Boolean` + +Either enable or disable SSL/TLS. Other SSL parameters are only affected if this is set to 'true'. + +Default value: ``false`` + +##### `tls_key_file` + +Data type: `Optional[Stdlib::Absolutepath]` + +Location of the private key. Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_cert_file` + +Data type: `Optional[Stdlib::Absolutepath]` + +Location of the certificate. Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_cacert_file` + +Data type: `Optional[Stdlib::Absolutepath]` + +Location of the CA certificate. Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_crl_file` + +Data type: `Optional[Stdlib::Absolutepath]` + +Location of the Certicicate Revocation List. Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_key` + +Data type: `Optional[Variant[String, Sensitive[String]]]` + +The private key in a PEM formated string to store spicified in tls_key_file. +Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_cert` + +Data type: `Optional[String]` + +The certificate in a PEM format string to store spicified in tls_cert_file. +Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_cacert` + +Data type: `Optional[String]` + +The CA root certificate in a PEM formated string to store spicified in tls_cacert_file. +Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_capath` + +Data type: `Optional[String]` + +Path to all trusted CA certificates. Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_cipher` + +Data type: `Optional[String]` + +List of allowed ciphers. Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_protocolmin` + +Data type: `Optional[String]` + +Minimum TLS protocol version like `TLSv1.2`. Only valid if tls is enabled. + +Default value: ``undef`` + +##### `tls_noverify` + +Data type: `Optional[Boolean]` + +Whether not to verify the peer. + +Default value: ``undef`` + ### `icinga2::feature::idomysql` Installs and configures the Icinga 2 feature ido-mysql. @@ -1603,7 +1729,7 @@ Default value: `'icinga'` Data type: `Optional[Enum['disable', 'allow', 'prefer', 'verify-full', - 'verify-ca', 'require']]` + 'verify-ca', 'require']]` Enable SSL connection mode. @@ -2279,7 +2405,7 @@ Data type: `Stdlib::Absolutepath` Absolute path to the log file. -Default value: `"${::icinga2::globals::log_dir}/icinga2.log"` +Default value: `"${icinga2::globals::log_dir}/icinga2.log"` ### `icinga2::feature::notification` @@ -2643,8 +2769,8 @@ The following parameters are available in the `icinga2::config::fragment` define * [`content`](#content) * [`target`](#target) -* [`order`](#order) * [`code_name`](#code_name) +* [`order`](#order) ##### `content` @@ -2659,21 +2785,21 @@ Data type: `Stdlib::Absolutepath` Destination config file to store in this fragment. File will be declared the first time. -##### `order` - -Data type: `Variant[String, Integer]` +##### `code_name` -String or integer to set the position in the target file, sorted in alpha numeric order. Defaults to `00`. +Data type: `String` -Default value: `'00'` +Namevar of the fragment. -##### `code_name` +Default value: `$title` -Data type: `String` +##### `order` +Data type: `Variant[String, Integer]` +String or integer to set the position in the target file, sorted in alpha numeric order. Defaults to `00`. -Default value: `$title` +Default value: `'00'` ### `icinga2::object::apiuser` @@ -3666,13 +3792,13 @@ icinga2::object::hostgroup { 'monitoring-hosts': The following parameters are available in the `icinga2::object::hostgroup` defined type: * [`ensure`](#ensure) +* [`hostgroup_name`](#hostgroup_name) * [`display_name`](#display_name) * [`groups`](#groups) * [`assign`](#assign) * [`ignore`](#ignore) * [`target`](#target) * [`order`](#order) -* [`hostgroup_name`](#hostgroup_name) ##### `ensure` @@ -3682,6 +3808,14 @@ Set to present enables the object, absent disables it. Default value: `present` +##### `hostgroup_name` + +Data type: `String` + +Namevar of the hostgroup. + +Default value: `$title` + ##### `display_name` Data type: `Optional[String]` @@ -3729,25 +3863,14 @@ String or integer to set the position in the target file, sorted alpha numeric. Default value: `55` -##### `hostgroup_name` - -Data type: `String` - - - -Default value: `$title` - ### `icinga2::object::icingaapplication` -The icinga2::object::icingaapplication class. +Manage Icinga 2 IcingaApplication objects. #### Parameters The following parameters are available in the `icinga2::object::icingaapplication` defined type: -* [`environment`](#environment) -* [`target`](#target) -* [`order`](#order) * [`ensure`](#ensure) * [`app_name`](#app_name) * [`enable_notifications`](#enable_notifications) @@ -3757,38 +3880,15 @@ The following parameters are available in the `icinga2::object::icingaapplicatio * [`enable_service_checks`](#enable_service_checks) * [`enable_perfdata`](#enable_perfdata) * [`vars`](#vars) - -##### `environment` - -Data type: `Optional[String]` - -Specify the Icinga environment. This overrides the Environment constant -specified in the configuration or on the CLI with --define. - -Default value: ``undef`` - -##### `target` - -Data type: `Optional[Stdlib::Absolutepath]` - -Destination config file to store in this object. File will be declared at the -first time. - -Default value: ``undef`` - -##### `order` - -Data type: `Variant[String, Integer]` - -String or integer to control the position in the target file, sorted alpha numeric. - -Default value: `5` +* [`environment`](#environment) +* [`target`](#target) +* [`order`](#order) ##### `ensure` Data type: `Enum['absent', 'present']` - +Set to present enables the object, absent disables it. Default value: `present` @@ -3796,7 +3896,7 @@ Default value: `present` Data type: `String` - +Set the Icinga 2 name of the IcingaApplication object. Default value: `$title` @@ -3804,7 +3904,7 @@ Default value: `$title` Data type: `Optional[Boolean]` - +Whether notifications are globally enabled. Default value: ``undef`` @@ -3812,7 +3912,7 @@ Default value: ``undef`` Data type: `Optional[Boolean]` - +Whether event handlers are globally enabled. Default value: ``undef`` @@ -3820,7 +3920,7 @@ Default value: ``undef`` Data type: `Optional[Boolean]` - +Whether flap detection is globally enabled. Default value: ``undef`` @@ -3828,7 +3928,7 @@ Default value: ``undef`` Data type: `Optional[Boolean]` - +Whether active host checks are globally enabled. Default value: ``undef`` @@ -3836,7 +3936,7 @@ Default value: ``undef`` Data type: `Optional[Boolean]` - +Whether active service checks are globally enabled. Default value: ``undef`` @@ -3844,7 +3944,7 @@ Default value: ``undef`` Data type: `Optional[Boolean]` - +Whether performance data processing is globally enabled. Default value: ``undef`` @@ -3852,10 +3952,38 @@ Default value: ``undef`` Data type: `Optional[Icinga2::CustomAttributes]` +A dictionary containing custom attributes that are specific to this service, +a string to do operations on this dictionary or an array for multiple use +of custom attributes. + +Default value: ``undef`` + +##### `environment` + +Data type: `Optional[String]` +Specify the Icinga environment. This overrides the Environment constant +specified in the configuration or on the CLI with --define. Default value: ``undef`` +##### `target` + +Data type: `Optional[Stdlib::Absolutepath]` + +Destination config file to store in this object. File will be declared at the +first time. + +Default value: ``undef`` + +##### `order` + +Data type: `Variant[String, Integer]` + +String or integer to control the position in the target file, sorted alpha numeric. + +Default value: `5` + ### `icinga2::object::notification` Manage Icinga 2 notification objects. @@ -4066,7 +4194,7 @@ Default value: `85` Data type: `Array` - +Assign notification using the assign rules. Default value: `[]` @@ -4074,7 +4202,7 @@ Default value: `[]` Data type: `Array` - +Exclude notification using the ignore rules. Default value: `[]` @@ -4689,7 +4817,7 @@ Default value: ``false`` Data type: `Array` -Assign user group members using the group assign rules. +Assign service using the assign rules. Default value: `[]` @@ -4697,7 +4825,7 @@ Default value: `[]` Data type: `Array` -Exclude users using the group ignore rules. +Exclude service using the ignore rules. Default value: `[]` @@ -5208,7 +5336,7 @@ Default value: `$title` ##### `endpoints` -Data type: `Optional[Array]` +Data type: `Array` List of endpoints belong to this zone. @@ -5224,7 +5352,7 @@ Default value: ``undef`` ##### `global` -Data type: `Optional[Boolean]` +Data type: `Boolean` If set to true, a global zone is defined and the parameter endpoints and parent are ignored. @@ -5250,6 +5378,60 @@ Default value: `45` ## Functions +### `icinga2::cert` + +Type: Puppet Language + +Choose the path of tls key, cert and ca file. + +#### `icinga2::cert(String $name, Optional[Stdlib::Absolutepath] $key_file = undef, Optional[Stdlib::Absolutepath] $cert_file = undef, Optional[Stdlib::Absolutepath] $cacert_file = undef, Optional[Variant[String, Sensitive]] $key = undef, Optional[String] $cert = undef, Optional[String] $cacert = undef)` + +The icinga2::cert function. + +Returns: `Hash` Returned hash includes all paths and the key, cert and cacert. + +##### `name` + +Data type: `String` + + + +##### `key_file` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +##### `cert_file` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +##### `cacert_file` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +##### `key` + +Data type: `Optional[Variant[String, Sensitive]]` + + + +##### `cert` + +Data type: `Optional[String]` + + + +##### `cacert` + +Data type: `Optional[String]` + + + ### `icinga2::icinga2_attributes` Type: Ruby 4.x API @@ -5347,6 +5529,24 @@ Data type: `Hash[String, Any]` +### `icinga2::unwrap` + +Type: Puppet Language + +This function returns an unwrap string if necessary. + +#### `icinga2::unwrap(Optional[Variant[String, Sensitive[String]]] $arg = undef)` + +The icinga2::unwrap function. + +Returns: `Any` The unwraped string. + +##### `arg` + +Data type: `Optional[Variant[String, Sensitive[String]]]` + + + ## Data types ### `Icinga2::BasicAuth` @@ -5357,8 +5557,8 @@ Alias of ```puppet Struct[{ - 'username' => String, - 'password' => Variant[String, Sensitive[String]], + 'username' => String, + 'password' => Variant[String, Sensitive[String]], }] ``` diff --git a/Rakefile b/Rakefile index 4f9be33c0..ae2a4f0d5 100644 --- a/Rakefile +++ b/Rakefile @@ -41,9 +41,8 @@ def changelog_future_release returnVal end -PuppetLint.configuration.send('disable_140chars') PuppetLint.configuration.send('disable_relative') - +PuppetLint.configuration.send('disable_140chars') if Bundler.rubygems.find_name('github_changelog_generator').any? GitHubChangelogGenerator::RakeTask.new :changelog do |config| diff --git a/data/FreeBSD-kernel.yaml b/data/FreeBSD-kernel.yaml index 371325eb8..b3655b048 100644 --- a/data/FreeBSD-kernel.yaml +++ b/data/FreeBSD-kernel.yaml @@ -13,8 +13,7 @@ icinga2::globals::log_dir: /var/log/icinga2 icinga2::globals::run_dir: /var/run/icinga2 icinga2::globals::spool_dir: /var/spool/icinga2 icinga2::globals::cache_dir: /var/cache/icinga2 -icinga2::globals::cert_dir: /var/lib/icinga2/certs -icinga2::globals::ca_dir: /var/lib/icinga2/ca +icinga2::globals::data_dir: /var/lib/icinga2 icinga2::globals::constants: - PluginDir: '/usr/local/libexec/nagios' - PluginContribDir: '/usr/local/libexec/nagios' + PluginDir: /usr/local/libexec/nagios + PluginContribDir: /usr/local/libexec/nagios diff --git a/data/Linux-kernel.yaml b/data/Linux-kernel.yaml index e6e88b929..e6b752668 100644 --- a/data/Linux-kernel.yaml +++ b/data/Linux-kernel.yaml @@ -12,8 +12,7 @@ icinga2::globals::log_dir: /var/log/icinga2 icinga2::globals::run_dir: /var/run/icinga2 icinga2::globals::spool_dir: /var/spool/icinga2 icinga2::globals::cache_dir: /var/cache/icinga2 -icinga2::globals::cert_dir: /var/lib/icinga2/certs -icinga2::globals::ca_dir: /var/lib/icinga2/ca +icinga2::globals::data_dir: /var/lib/icinga2 icinga2::globals::constants: PluginDir: /usr/lib/nagios/plugins PluginContribDir: /usr/lib/nagios/plugins diff --git a/data/OpenBSD-kernel.yaml b/data/OpenBSD-kernel.yaml index 1462c9702..c50d2b7e5 100644 --- a/data/OpenBSD-kernel.yaml +++ b/data/OpenBSD-kernel.yaml @@ -13,8 +13,7 @@ icinga2::globals::log_dir: '/var/log/icinga2' icinga2::globals::run_dir: '/var/run/icinga2' icinga2::globals::spool_dir: '/var/spool/icinga2' icinga2::globals::cache_dir: '/var/cache/icinga2' -icinga2::globals::cert_dir: '/var/lib/icinga2/certs' -icinga2::globals::ca_dir: '/var/lib/icinga2/ca' +icinga2::globals::data_dir: '/var/lib/icinga2' icinga2::globals::constants: PluginDir: '/usr/local/libexec/nagios' PluginContribDir: '/usr/local/share/icinga2/include/plugins-contrib.d' diff --git a/data/common.yaml b/data/common.yaml index 6697d94a7..c02fa5576 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -12,6 +12,8 @@ icinga2::globals::constants: NodeName: '%{facts.networking.fqdn}' ZoneName: '%{facts.networking.fqdn}' TicketSalt: '' +icinga2::globals::cert_dir: "%{lookup('icinga2::globals::data_dir')}/certs" +icinga2::globals::ca_dir: "%{lookup('icinga2::globals::data_dir')}/ca" icinga2::globals::reserved: - Acknowledgement - ApiBindHost diff --git a/data/windows-kernel.yaml b/data/windows-kernel.yaml index b847848a0..4518101f6 100644 --- a/data/windows-kernel.yaml +++ b/data/windows-kernel.yaml @@ -10,8 +10,7 @@ icinga2::globals::log_dir: C:/ProgramData/icinga2/var/log/icinga2 icinga2::globals::run_dir: C:/ProgramData/icinga2/var/run/icinga2 icinga2::globals::spool_dir: C:/ProgramData/icinga2/var/spool/icinga2 icinga2::globals::cache_dir: C:/ProgramData/icinga2/var/cache/icinga2 -icinga2::globals::cert_dir: C:/ProgramData/icinga2/var/lib/icinga2/certs -icinga2::globals::ca_dir: C:/ProgramData/icinga2/var/lib/icinga2/ca +icinga2::globals::data_dir: C:/ProgramData/icinga2/var/lib/icinga2 icinga2::globals::constants: PluginDir: C:/Program Files/ICINGA2/sbin PluginContribDir: C:/Program Files/ICINGA2/sbin diff --git a/examples/apply_service.pp b/examples/apply_service.pp index b3c0807ef..cad3e6e69 100644 --- a/examples/apply_service.pp +++ b/examples/apply_service.pp @@ -3,8 +3,8 @@ icinga2::object::service { 'testservice': target => '/etc/icinga2/conf.d/test.conf', apply => true, - assign => [ 'host.vars.os == Linux' ], - ignore => [ 'host.vars.os == Windows' ], + assign => ['host.vars.os == Linux'], + ignore => ['host.vars.os == Windows'], display_name => 'Test Service', check_command => 'mysql', } @@ -13,8 +13,8 @@ target => '/etc/icinga2/conf.d/test.conf', apply => 'identifier => oid in host.vars.oids', apply_target => 'Host', - assign => [ 'host.vars.os == Linux' ], - ignore => [ 'host.vars.os == Windows' ], + assign => ['host.vars.os == Linux'], + ignore => ['host.vars.os == Windows'], display_name => 'Test Service', check_command => 'mysql', } @@ -23,9 +23,8 @@ target => '/etc/icinga2/conf.d/test.conf', apply => true, apply_target => 'Service', - assign => [ 'host.vars.os == Linux' ], - ignore => [ 'host.vars.os == Windows' ], + assign => ['host.vars.os == Linux'], + ignore => ['host.vars.os == Windows'], import => ['mail-service-notification'], - user_groups => ['icingaadmins'] + user_groups => ['icingaadmins'], } - diff --git a/examples/example_config.pp b/examples/example_config.pp index 5482b45f4..80c62bcab 100644 --- a/examples/example_config.pp +++ b/examples/example_config.pp @@ -1,4 +1,4 @@ -class { '::icinga2': +class { 'icinga2': manage_repos => true, confd => 'example.d', } @@ -10,7 +10,6 @@ recurse => true, } - # # Hosts # @@ -25,7 +24,7 @@ ::icinga2::object::host { 'NodeName': target => '/etc/icinga2/example.d/hosts.conf', - import => [ 'generic-host' ], + import => ['generic-host'], address => '127.0.0.1', address6 => '::1', vars => { @@ -43,7 +42,7 @@ }, notification => { mail => { - groups => [ 'icingaadmins' ], + groups => ['icingaadmins'], }, }, }, @@ -52,13 +51,13 @@ ::icinga2::object::hostgroup { 'linux-servers': target => '/etc/icinga2/example.d/groups.conf', display_name => 'Linux Servers', - assign => [ 'host.vars.os == Linux' ], + assign => ['host.vars.os == Linux'], } ::icinga2::object::hostgroup { 'windows-servers': target => '/etc/icinga2/example.d/groups.conf', display_name => 'Windows Servers', - assign => [ 'host.vars.os == Windows' ], + assign => ['host.vars.os == Windows'], } # @@ -75,31 +74,31 @@ ::icinga2::object::service { 'ping4': target => '/etc/icinga2/example.d/services.conf', apply => true, - import => [ 'generic-service' ], + import => ['generic-service'], check_command => 'ping4', - assign => [ 'host.address' ], + assign => ['host.address'], } ::icinga2::object::service { 'ping6': target => '/etc/icinga2/example.d/services.conf', apply => true, - import => [ 'generic-service' ], + import => ['generic-service'], check_command => 'ping6', - assign => [ 'host.address6' ], + assign => ['host.address6'], } ::icinga2::object::service { 'ssh': target => '/etc/icinga2/example.d/services.conf', apply => true, - import => [ 'generic-service' ], + import => ['generic-service'], check_command => 'ssh', - assign => [ '(host.address || host.address6) && host.vars.os == Linux' ], + assign => ['(host.address || host.address6) && host.vars.os == Linux'], } ::icinga2::object::service { 'http': target => '/etc/icinga2/example.d/services.conf', apply => 'vhost => config in host.vars.http_vhosts', - import => [ 'generic-service' ], + import => ['generic-service'], check_command => 'http', vars => '+ config', } @@ -107,7 +106,7 @@ ::icinga2::object::service { 'disk': target => '/etc/icinga2/example.d/services.conf', apply => 'disk => config in host.vars.disks', - import => [ 'generic-service' ], + import => ['generic-service'], check_command => '-:"disk"', vars => '+ config', } @@ -115,57 +114,56 @@ ::icinga2::object::service { 'icinga': target => '/etc/icinga2/example.d/services.conf', apply => true, - import => [ 'generic-service' ], + import => ['generic-service'], check_command => 'icinga', - assign => [ 'host.name == NodeName' ], + assign => ['host.name == NodeName'], } ::icinga2::object::service { 'load': target => '/etc/icinga2/example.d/services.conf', apply => true, - import => [ 'generic-service' ], + import => ['generic-service'], check_command => 'load', vars => { backup_downtime => '02:00-03:00', }, - assign => [ 'host.name == NodeName' ], + assign => ['host.name == NodeName'], } ::icinga2::object::service { 'procs': target => '/etc/icinga2/example.d/services.conf', apply => true, - import => [ 'generic-service' ], + import => ['generic-service'], check_command => 'procs', - assign => [ 'host.name == NodeName' ], + assign => ['host.name == NodeName'], } ::icinga2::object::service { 'swap': target => '/etc/icinga2/example.d/services.conf', apply => true, - import => [ 'generic-service' ], + import => ['generic-service'], check_command => 'swap', - assign => [ 'host.name == NodeName' ], + assign => ['host.name == NodeName'], } ::icinga2::object::servicegroup { 'ping': target => '/etc/icinga2/example.d/groups.conf', display_name => 'Ping Checks', - assign => [ 'match(ping*, service.check_command)' ], + assign => ['match(ping*, service.check_command)'], } ::icinga2::object::servicegroup { 'http': target => '/etc/icinga2/example.d/groups.conf', display_name => 'HTTP Checks', - assign => [ 'match(http*, service.check_command)' ], + assign => ['match(http*, service.check_command)'], } ::icinga2::object::servicegroup { 'disk': target => '/etc/icinga2/example.d/groups.conf', display_name => 'Disk Checks', - assign => [ 'match(disk*, service.check_command)' ], + assign => ['match(disk*, service.check_command)'], } - # # Users # @@ -177,9 +175,9 @@ ::icinga2::object::service { 'users': target => '/etc/icinga2/example.d/services.conf', apply => true, - import => [ 'generic-service' ], + import => ['generic-service'], check_command => 'users', - assign => [ 'host.name == NodeName' ], + assign => ['host.name == NodeName'], } ::icinga2::object::scheduleddowntime { 'backup-downtime': @@ -197,14 +195,14 @@ saturday => 'service.vars.backup_downtime', sunday => 'service.vars.backup_downtime', }, - assign => [ 'service.vars.backup_downtime' ], + assign => ['service.vars.backup_downtime'], } ::icinga2::object::user { 'icingaadmin': target => '/etc/icinga2/example.d/users.conf', - import => [ 'generic-user' ], + import => ['generic-user'], display_name => 'Icinga 2 Admin', - groups => [ 'icingaadmins'], + groups => ['icingaadmins'], email => 'icinga@localhost', } @@ -213,13 +211,12 @@ display_name => 'Icinga 2 Admin Group', } - # # Notifications # ::icinga2::object::notificationcommand { 'mail-host-notification': target => '/etc/icinga2/example.d/commands.conf', - command => [ 'SysconfDir + /icinga2/scripts/mail-host-notification.sh' ], + command => ['SysconfDir + /icinga2/scripts/mail-host-notification.sh'], env => { 'NOTIFICATIONTYPE' => '$notification.type$', 'HOSTNAME' => '$host.name$', @@ -236,7 +233,7 @@ ::icinga2::object::notificationcommand { 'mail-service-notification': target => '/etc/icinga2/example.d/commands.conf', - command => [ 'SysconfDir + /icinga2/scripts/mail-service-notification.sh' ], + command => ['SysconfDir + /icinga2/scripts/mail-service-notification.sh'], env => { 'NOTIFICATIONTYPE' => '$notification.type$', 'SERVICENAME' => '$service.name$', @@ -257,8 +254,8 @@ target => '/etc/icinga2/example.d/templates.conf', template => true, command => 'mail-host-notification', - states => [ 'Up', 'Down' ], - types => [ 'Problem', 'Acknowledgement', 'Recovery', 'Custom', 'FlappingStart', 'FlappingEnd', 'DowntimeStart', 'DowntimeEnd', 'DowntimeRemoved' ], + states => ['Up', 'Down'], + types => ['Problem', 'Acknowledgement', 'Recovery', 'Custom', 'FlappingStart', 'FlappingEnd', 'DowntimeStart', 'DowntimeEnd', 'DowntimeRemoved'], period => '24x7', } @@ -266,8 +263,8 @@ target => '/etc/icinga2/example.d/templates.conf', template => true, command => 'mail-service-notification', - states => [ 'OK', 'Warning', 'Critical', 'Unknown' ], - types => [ 'Problem', 'Acknowledgement', 'Recovery', 'Custom', 'FlappingStart', 'FlappingEnd', 'DowntimeStart', 'DowntimeEnd', 'DowntimeRemoved' ], + states => ['OK', 'Warning', 'Critical', 'Unknown'], + types => ['Problem', 'Acknowledgement', 'Recovery', 'Custom', 'FlappingStart', 'FlappingEnd', 'DowntimeStart', 'DowntimeEnd', 'DowntimeRemoved'], period => '24x7', } @@ -276,10 +273,10 @@ notification_name => 'mail-icingaadmin', apply => true, apply_target => 'Host', - import => [ 'mail-host-notification' ], + import => ['mail-host-notification'], user_groups => 'host.vars.notification.mail.groups', users => 'host.vars.notification.mail.users', - assign => [ 'host.vars.notification.mail' ], + assign => ['host.vars.notification.mail'], } ::icinga2::object::notification { 'mail-service-icingaadmin': @@ -287,19 +284,18 @@ notification_name => 'mail-icingaadmin', apply => true, apply_target => 'Service', - import => [ 'mail-service-notification' ], + import => ['mail-service-notification'], user_groups => 'host.vars.notification.mail.groups', users => 'host.vars.notification.mail.users', - assign => [ 'host.vars.notification.mail' ], + assign => ['host.vars.notification.mail'], } - # # Timeperiods # ::icinga2::object::timeperiod { '24x7': target => '/etc/icinga2/example.d/timeperiods.conf', - import => [ 'legacy-timeperiod' ], + import => ['legacy-timeperiod'], display_name => 'Icinga 2 24x7 TimePeriod', ranges => { monday => '00:00-24:00', @@ -314,7 +310,7 @@ ::icinga2::object::timeperiod { '9to5': target => '/etc/icinga2/example.d/timeperiods.conf', - import => [ 'legacy-timeperiod' ], + import => ['legacy-timeperiod'], display_name => 'Icinga 2 9to5 TimePeriod', ranges => { monday => '09:00-17:00', @@ -329,7 +325,7 @@ ::icinga2::object::timeperiod { 'never': target => '/etc/icinga2/example.d/timeperiods.conf', - import => [ 'legacy-timeperiod' ], + import => ['legacy-timeperiod'], display_name => 'Icinga 2 never TimePeriod', ranges => {}, } diff --git a/examples/example_service_mysql.pp b/examples/example_service_mysql.pp index f5efb2025..0e0e01224 100644 --- a/examples/example_service_mysql.pp +++ b/examples/example_service_mysql.pp @@ -1,25 +1,4 @@ -# Example service MySQL -# -# == Service: mysql -# -# [*mysql_hostname*] -# If set to an external address, the agent will check an external database. Usefull to check -# connectivity between two replications. -# -# == Service: mysql_health -# -# [*command_endpoint*] -# If set to name, the check source will be the agent itself. This means the agent needs to be -# hosting the database itself. -# -# [*mysql_health_name*] -# It is best to contain the query within single quotes ('') followed by a hypend (-) and colon (:). -# Then contain the query as normal within double quotes ("") and escape (\) anything that would break the string. -# -# Example: -# mysql_health_name => '-:"SELECT COUNT(*) FROM t1;"' -# -class { '::icinga2': +class { 'icinga2': manage_repos => true, confd => 'example.d', } @@ -34,7 +13,7 @@ # # MySQL # -class { '::mysql::server': +class { 'mysql::server': root_password => 'secret', remove_default_accounts => true, } @@ -45,7 +24,7 @@ host => 'localhost', grant => [ 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', - 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER' + 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER', ], } diff --git a/examples/hostgroup.pp b/examples/hostgroup.pp index d044d7633..1ac5748a2 100644 --- a/examples/hostgroup.pp +++ b/examples/hostgroup.pp @@ -2,7 +2,7 @@ icinga2::object::hostgroup { 'monitoring-hosts': display_name => 'Linux Servers', - groups => [ 'linux-servers' ], + groups => ['linux-servers'], target => '/etc/icinga2/conf.d/groups2.conf', - assign => [ 'host.name == NodeName' ], + assign => ['host.name == NodeName'], } diff --git a/examples/init_api.pp b/examples/init_api.pp index 1ff420ac2..519b1f718 100644 --- a/examples/init_api.pp +++ b/examples/init_api.pp @@ -1,26 +1,26 @@ class { 'icinga2': } -class { '::icinga2::feature::api': +class { 'icinga2::feature::api': pki => none, } -include ::icinga2::pki::ca +include icinga2::pki::ca -#::icinga2::object::apiuser { 'director': +#icinga2::object::apiuser { 'director': # ensure => present, # password => 'Eih5Weefoo2oa8sh', -# permissions => [ "*" ], +# permissions => ["*"], # target => '/etc/icinga2/conf.d/api-users.conf', #} -::icinga2::object::apiuser { 'icingaweb2': +icinga2::object::apiuser { 'icingaweb2': ensure => present, password => Sensitive('read(write'), - permissions => [ 'status/query', 'actions/*', 'objects/modify/*', 'objects/query/*' ], + permissions => ['status/query', 'actions/*', 'objects/modify/*', 'objects/query/*'], target => '/etc/icinga2/conf.d/api-users.conf', } -::icinga2::object::apiuser { 'read': +icinga2::object::apiuser { 'read': ensure => present, password => 'rea)d', permissions => [ diff --git a/examples/init_elasticsearch.pp b/examples/init_elasticsearch.pp index 92fe17680..94a68ef7a 100644 --- a/examples/init_elasticsearch.pp +++ b/examples/init_elasticsearch.pp @@ -1,5 +1,5 @@ include icinga2 -class { '::icinga2::feature::elasticsearch': +class { 'icinga2::feature::elasticsearch': password => Sensitive('super(secret'), } diff --git a/examples/init_icingadb.pp b/examples/init_icingadb.pp index 55df2349d..bf23c382a 100644 --- a/examples/init_icingadb.pp +++ b/examples/init_icingadb.pp @@ -1,8 +1,17 @@ -class { '::icinga2': +class { 'icinga2': manage_repos => true, } -class { '::icinga2::feature::icingadb': - password => Sensitive('super(secret'), - #password => 'super(secret', +include icinga2::pki::ca + +class { 'icinga2::feature::api': + pki => none, +} + +class { 'icinga2::feature::icingadb': + host => 'db.icinga.com', + port => 6381, + password => Sensitive('supersecret'), + enable_tls => true, +# tls_noverify => true, } diff --git a/examples/init_idomysql.pp b/examples/init_idomysql.pp index f9eaea3e6..99bdb37ee 100644 --- a/examples/init_idomysql.pp +++ b/examples/init_idomysql.pp @@ -1,6 +1,6 @@ $password = Sensitive('super(secret') -include ::mysql::server +include mysql::server mysql::db { 'icinga2': user => 'icinga2', @@ -9,13 +9,11 @@ grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER'], } -class { '::icinga2': +class { 'icinga2': manage_repos => true, } -notice($password) - -class{ '::icinga2::feature::idomysql': +class { 'icinga2::feature::idomysql': user => 'icinga2', password => $password, database => 'icinga2', diff --git a/examples/init_idomysql_ssl.pp b/examples/init_idomysql_ssl.pp index 74f1aa7a7..c8ac23603 100644 --- a/examples/init_idomysql_ssl.pp +++ b/examples/init_idomysql_ssl.pp @@ -85,7 +85,7 @@ mysqld => { ssl => true, }, - } + }, } mysql::db { 'icinga': @@ -93,22 +93,21 @@ password => 'supersecret', host => 'localhost', grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER'], - tls_options => [ 'X509' ], + tls_options => ['X509'], } -class { '::icinga2': +class { 'icinga2': manage_repos => true, } -class{ '::icinga2::feature::idomysql': +class { 'icinga2::feature::idomysql': user => 'icinga', password => 'supersecret', database => 'icinga', - import_schema => $::mysql::params::provider, + import_schema => $mysql::params::provider, enable_ssl => true, ssl_key_path => '/etc/mysql/server-key.pem', ssl_cert_path => '/etc/mysql/server-cert.pem', ssl_cacert_path => '/etc/mysql/cacert.pem', require => Mysql::Db['icinga'], } - diff --git a/examples/init_idopgsql.pp b/examples/init_idopgsql.pp index ef7452b10..cc448d0b5 100644 --- a/examples/init_idopgsql.pp +++ b/examples/init_idopgsql.pp @@ -1,19 +1,17 @@ $password = Sensitive('super(secret') -include ::postgresql::server +include postgresql::server postgresql::server::db { 'icinga2': user => 'icinga2', password => postgresql::postgresql_password('icinga2', $password.unwrap), } -class{ 'icinga2': +class { 'icinga2': manage_repos => true, } -notice($password) - -class{ 'icinga2::feature::idopgsql': +class { 'icinga2::feature::idopgsql': user => 'icinga2', password => $password, database => 'icinga2', diff --git a/examples/init_influxdb.pp b/examples/init_influxdb.pp index 67db40ee2..db4cb23b6 100644 --- a/examples/init_influxdb.pp +++ b/examples/init_influxdb.pp @@ -2,7 +2,7 @@ manage_repos => true, } -class { '::icinga2::feature::influxdb': +class { 'icinga2::feature::influxdb': password => Sensitive('super(secret'), basic_auth => { username => 'icinga2', diff --git a/examples/init_influxdb2.pp b/examples/init_influxdb2.pp index 60a1cd2d9..2b7e67f4b 100644 --- a/examples/init_influxdb2.pp +++ b/examples/init_influxdb2.pp @@ -2,7 +2,7 @@ manage_repos => true, } -class{ 'icinga2::feature::influxdb2': +class { 'icinga2::feature::influxdb2': ensure => present, organization => 'ICINGA', bucket => 'icinga2', diff --git a/examples/init_package.pp b/examples/init_package.pp index 9af5ff4c0..141590b80 100644 --- a/examples/init_package.pp +++ b/examples/init_package.pp @@ -1,10 +1,10 @@ -include ::icinga2::repo +include icinga2::repo package { 'icinga2': ensure => latest, notify => Class['icinga2'], } -class { '::icinga2': +class { 'icinga2': manage_packages => false, } diff --git a/examples/init_package_idomysql.pp b/examples/init_package_idomysql.pp index db7f6b8fd..5ae0ac62f 100644 --- a/examples/init_package_idomysql.pp +++ b/examples/init_package_idomysql.pp @@ -1,4 +1,4 @@ -include ::icinga2::repo +include icinga2::repo package { ['icinga2', 'icinga2-ido-mysql']: ensure => latest, diff --git a/examples/init_package_idopgsql.pp b/examples/init_package_idopgsql.pp index 88f57891b..18771644d 100644 --- a/examples/init_package_idopgsql.pp +++ b/examples/init_package_idopgsql.pp @@ -1,15 +1,15 @@ -include ::icinga2::repo +include icinga2::repo package { ['icinga2', 'icinga2-ido-pgsql']: ensure => latest, notify => Class['icinga2'], } -class{ 'icinga2': +class { 'icinga2': manage_packages => false, } -class{ 'icinga2::feature::idopgsql': +class { 'icinga2::feature::idopgsql': host => '127.0.0.1', user => 'icinga2', password => 'icinga2', diff --git a/examples/init_plugins.pp b/examples/init_plugins.pp index eae3b37cc..ea13b58f2 100644 --- a/examples/init_plugins.pp +++ b/examples/init_plugins.pp @@ -1,3 +1,3 @@ class { 'icinga2': - plugins => [ 'plugins', 'plugins-contrib', 'windows-plugins', 'nscp' ] + plugins => ['plugins', 'plugins-contrib', 'windows-plugins', 'nscp'], } diff --git a/examples/init_server.pp b/examples/init_server.pp index ccd5a406f..6d118e07c 100644 --- a/examples/init_server.pp +++ b/examples/init_server.pp @@ -1,20 +1,19 @@ -class { '::icinga2': +class { 'icinga2': manage_repos => true, constants => { 'NodeName' => 'server.localdomain', 'ZoneName' => 'main', 'TicketSalt' => Sensitive('5a3d695b8aef8f18452fc494593056a4'), - } + }, } -class { '::icinga2::feature::api': +class { 'icinga2::feature::api': pki => 'none', zones => { 'main' => { - 'endpoints' => [ 'NodeName' ], + 'endpoints' => ['NodeName'], }, - } + }, } -class { '::icinga2::pki::ca': } - +class { 'icinga2::pki::ca': } diff --git a/examples/init_syslog.pp b/examples/init_syslog.pp index a02441556..3895c588c 100644 --- a/examples/init_syslog.pp +++ b/examples/init_syslog.pp @@ -1,6 +1,6 @@ include icinga2 -class { '::icinga2::feature::syslog': +class { 'icinga2::feature::syslog': severity => 'critical', facility => 'LOG_LOCAL7', } diff --git a/examples/init_worker.pp b/examples/init_worker.pp index ce534e51d..06be7eb98 100644 --- a/examples/init_worker.pp +++ b/examples/init_worker.pp @@ -1,14 +1,14 @@ $server_cert = 'server.localdomain' $server_ip = '192.168.5.23' -class { '::icinga2': +class { 'icinga2': manage_repos => true, constants => { 'NodeName' => 'worker.localdomain', }, } -class { '::icinga2::feature::api': +class { 'icinga2::feature::api': pki => 'icinga2', ca_host => $server_ip, ticket_salt => Sensitive('5a3d695b8aef8f18452fc494593056a4'), @@ -18,15 +18,15 @@ 'NodeName' => {}, "${server_cert}" => { 'host' => $server_ip, - } + }, }, zones => { 'ZoneName' => { - 'endpoints' => [ 'NodeName' ], + 'endpoints' => ['NodeName'], 'parent' => 'main', }, 'main' => { - 'endpoints' => [ $server_cert ], + 'endpoints' => [$server_cert], }, - } + }, } diff --git a/examples/init_worker_validate.pp b/examples/init_worker_validate.pp index 78e3bce99..2bca18235 100644 --- a/examples/init_worker_validate.pp +++ b/examples/init_worker_validate.pp @@ -4,14 +4,14 @@ # get it on CA host 'openssl x509 -noout -fingerprint -sha256 -inform pem -in /var/lib/icinga2/certs/server.localdomain.crt' $fingerprint = 'D8:98:82:1B:14:8A:6A:89:4B:7A:40:32:50:68:01:D8:98:82:1B:14:8A:6A:89:4B:7A:40:32:99:3D:96:72:72' -class { '::icinga2': +class { 'icinga2': manage_repos => true, constants => { 'NodeName' => 'worker.localdomain', }, } -class { '::icinga2::feature::api': +class { 'icinga2::feature::api': pki => 'icinga2', ca_host => $server_ip, ticket_salt => '5a3d695b8aef8f18452fc494593056a4', @@ -21,15 +21,15 @@ 'NodeName' => {}, "${server_cert}" => { 'host' => $server_ip, - } + }, }, zones => { 'ZoneName' => { - 'endpoints' => [ 'NodeName' ], + 'endpoints' => ['NodeName'], 'parent' => 'main', }, 'main' => { - 'endpoints' => [ $server_cert ], + 'endpoints' => [$server_cert], }, }, fingerprint => $fingerprint, diff --git a/examples/objects_from_hiera.pp b/examples/objects_from_hiera.pp index 565432738..12a0c53bd 100644 --- a/examples/objects_from_hiera.pp +++ b/examples/objects_from_hiera.pp @@ -36,6 +36,7 @@ ensure_resource( $object_type, $object_name, - deep_merge($defaults[$object_type], $object_config)) + deep_merge($defaults[$object_type], $object_config) + ) } } diff --git a/examples/ticket_id.pp b/examples/ticket_id.pp index e9ade4119..4e4afd863 100644 --- a/examples/ticket_id.pp +++ b/examples/ticket_id.pp @@ -13,7 +13,7 @@ 'NodeName' => {}, 'icinga2-master.example.com' => { 'host' => '192.168.56.103', - } + }, }, zones => { 'NodeName' => { @@ -21,9 +21,9 @@ 'parent' => 'master', }, 'master' => { - 'endpoints' => ['icinga2-master.example.com'] - } - } + 'endpoints' => ['icinga2-master.example.com'], + }, + }, } icinga2::object::zone { 'global-templates': diff --git a/functions/cert.pp b/functions/cert.pp new file mode 100644 index 000000000..d5860952b --- /dev/null +++ b/functions/cert.pp @@ -0,0 +1,76 @@ +# @summary +# Choose the path of tls key, cert and ca file. +# +# @return +# Returned hash includes all paths and the key, cert and cacert. +# +function icinga2::cert( + String $name, + Optional[Stdlib::Absolutepath] $key_file = undef, + Optional[Stdlib::Absolutepath] $cert_file = undef, + Optional[Stdlib::Absolutepath] $cacert_file = undef, + Optional[Variant[String, Sensitive]] $key = undef, + Optional[String] $cert = undef, + Optional[String] $cacert = undef, +) >> Hash { + # @param name + # The base name of certicate, key and ca file. + # + # @param tls_cert_path + # Location of the certificate. + # + # @param tls_cacert_path + # Location of the CA certificate. + # + # @param tls_crl_path + # Location of the Certicicate Revocation List. + # + # @param tls_key + # The private key in a base64 encoded string to store in spicified tls_key_path file. + # + # @param tls_cert + # The certificate in a base64 encoded string to store in spicified tls_cert_path file. + # + # @param tls_cacert + # The CA root certificate in a base64 encoded string to store in spicified tls_cacert_path file. + # + # @param tls_capath + # Trusted CA certificates in PEM format directory path. + # + $default_dir = $icinga2::globals::cert_dir + + $result = { + 'key' => $key, + 'key_file' => if $key { + if $key_file { + $key_file + } else { + "${default_dir}/${name}.key" + } + } else { + $key_file + }, + 'cert' => $cert, + 'cert_file' => if $cert { + if $cert_file { + $cert_file + } else { + "${default_dir}/${name}.crt" + } + } else { + $cert_file + }, + 'cacert' => $cacert, + 'cacert_file' => if $cacert { + if $cacert_file { + $cacert_file + } else { + "${default_dir}/${name}_ca.crt" + } + } else { + $cacert_file + }, + } + + $result +} diff --git a/functions/parse.pp b/functions/parse.pp index 7798a3725..5add3c12b 100644 --- a/functions/parse.pp +++ b/functions/parse.pp @@ -1,6 +1,9 @@ # @summary # This function parse icinga object attributes. +# @return +# The parsed string. +# # @return # The parsed string. # @@ -24,8 +27,8 @@ function icinga2::parse( # icinga2::icinga2_attributes( $attrs, - concat($::icinga2::globals::reserved, $reserved), - merge($::icinga2::_constants, $constants), + concat($icinga2::globals::reserved, $reserved), + merge($icinga2::_constants, $constants), $indent ) } diff --git a/functions/unwrap.pp b/functions/unwrap.pp new file mode 100644 index 000000000..e91b93222 --- /dev/null +++ b/functions/unwrap.pp @@ -0,0 +1,16 @@ +# @summary +# This function returns an unwrap string if necessary. +# +# @return +# The unwraped string. +# +function icinga2::unwrap(Optional[Variant[String, Sensitive[String]]] $arg = undef) { + # @param arg + # A sensitive or string. + # + if $arg =~ Sensitive { + $arg.unwrap + } else { + $arg + } +} diff --git a/manifests/config.pp b/manifests/config.pp index 7c568a942..99e89c609 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -4,18 +4,17 @@ # @api private # class icinga2::config { - assert_private() - $constants = prefix($::icinga2::_constants, 'const ') - $conf_dir = $::icinga2::globals::conf_dir - $user = $::icinga2::globals::user - $group = $::icinga2::globals::group - $plugins = $::icinga2::plugins - $confd = $::icinga2::_confd - $purge_features = $::icinga2::purge_features + $constants = prefix($icinga2::_constants, 'const ') + $conf_dir = $icinga2::globals::conf_dir + $user = $icinga2::globals::user + $group = $icinga2::globals::group + $plugins = $icinga2::plugins + $confd = $icinga2::_confd + $purge_features = $icinga2::purge_features - if $::facts['kernel'] != 'windows' { + if $facts['kernel'] != 'windows' { $template_constants = icinga2::parse($constants) $template_mainconfig = template('icinga2/icinga2.conf.erb') $file_permissions = '0640' @@ -46,5 +45,4 @@ purge => $purge_features, recurse => $purge_features, } - } diff --git a/manifests/config/fragment.pp b/manifests/config/fragment.pp index 76a4df332..574667b50 100644 --- a/manifests/config/fragment.pp +++ b/manifests/config/fragment.pp @@ -32,24 +32,26 @@ # Destination config file to store in this fragment. File will be declared the # first time. # +# @param code_name +# Namevar of the fragment. +# # @param order # String or integer to set the position in the target file, sorted in alpha numeric order. Defaults to `00`. # -define icinga2::config::fragment( +define icinga2::config::fragment ( String $content, Stdlib::Absolutepath $target, String $code_name = $title, Variant[String, Integer] $order = '00', ) { - - case $::facts['os']['family'] { + case $facts['os']['family'] { 'windows': { $_content = regsubst($content, '\n', "\r\n", 'EMG') } # windows default: { Concat { - owner => $::icinga2::globals::user, - group => $::icinga2::globals::group, + owner => $icinga2::globals::user, + group => $icinga2::globals::group, mode => '0640', } $_content = $content @@ -69,5 +71,4 @@ content => $_content, order => $order, } - } diff --git a/manifests/feature.pp b/manifests/feature.pp index 46e3aa71d..953a76fb4 100644 --- a/manifests/feature.pp +++ b/manifests/feature.pp @@ -3,18 +3,17 @@ # # @api private # -define icinga2::feature( +define icinga2::feature ( Enum['absent', 'present'] $ensure = present, String $feature = $title, ) { - assert_private() - $user = $::icinga2::globals::user - $group = $::icinga2::globals::group - $conf_dir = $::icinga2::globals::conf_dir + $user = $icinga2::globals::user + $group = $icinga2::globals::group + $conf_dir = $icinga2::globals::conf_dir - if $::facts['os']['family'] != 'windows' { + if $facts['os']['family'] != 'windows' { $_ensure = $ensure ? { 'present' => link, default => absent, @@ -26,7 +25,7 @@ group => $group, target => "../features-available/${feature}.conf", require => Concat["${conf_dir}/features-available/${feature}.conf"], - notify => Class['::icinga2::service'], + notify => Class['icinga2::service'], } } else { $_ensure = $ensure ? { @@ -40,8 +39,7 @@ group => $group, content => "include \"../features-available/${feature}.conf\"\r\n", require => Concat["${conf_dir}/features-available/${feature}.conf"], - notify => Class['::icinga2::service'], + notify => Class['icinga2::service'], } } - } diff --git a/manifests/feature/api.pp b/manifests/feature/api.pp index f9b973dac..2f749df5d 100644 --- a/manifests/feature/api.pp +++ b/manifests/feature/api.pp @@ -2,7 +2,7 @@ # Configures the Icinga 2 feature api. # # @example Use the puppet certificates and key copy these files to the cert directory named to 'hostname.key', 'hostname.crt' and 'ca.crt' if the contant NodeName is set to 'hostname'. -# include ::icinga2::feature::api +# include icinga2::feature::api # # @example To use your own certificates and key as file resources if the contant NodeName is set to fqdn (default) do: # class { 'icinga2::feature::api': @@ -30,13 +30,13 @@ # } # # @example Fine tune TLS settings -# class { '::icinga2::feature::api': +# class { 'icinga2::feature::api': # ssl_protocolmin => 'TLSv1.2', # ssl_cipher_list => 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', # } # # @example Transfer a CA certificate and key from an existing CA by using the file resource: -# include ::icinga2 +# include icinga2 # # file { '/var/lib/icinga2/ca/ca.crt': # source => '...', @@ -149,7 +149,7 @@ # @param environment # Used as suffix in TLS SNI extension name; default from constant ApiEnvironment, which is empty. # -class icinga2::feature::api( +class icinga2::feature::api ( Enum['absent', 'present'] $ensure = present, Enum['ca', 'icinga2', 'none', 'puppet'] $pki = 'icinga2', Optional[Stdlib::Absolutepath] $ssl_crl = undef, @@ -161,7 +161,7 @@ Variant[String, Sensitive[String]] $ticket_salt = 'TicketSalt', Optional[Variant[String, Sensitive[String]]] $ticket_id = undef, Hash[String, Hash] $endpoints = { 'NodeName' => {} }, - Hash[String, Hash] $zones = { 'ZoneName' => { endpoints => [ 'NodeName' ] } }, + Hash[String, Hash] $zones = { 'ZoneName' => { endpoints => ['NodeName'] } }, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, @@ -178,27 +178,26 @@ Optional[Icinga2::Fingerprint] $fingerprint = undef, Optional[String] $environment = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } # cert directory must exists and icinga binary is required for icinga2 pki - require ::icinga2::install + require icinga2::install - $icinga2_bin = $::icinga2::globals::icinga2_bin - $conf_dir = $::icinga2::globals::conf_dir - $cert_dir = $::icinga2::globals::cert_dir - $ca_dir = $::icinga2::globals::ca_dir - $user = $::icinga2::globals::user - $group = $::icinga2::globals::group - $node_name = $::icinga2::_constants['NodeName'] - $_ssl_key_mode = $::facts['os']['family'] ? { + $icinga2_bin = $icinga2::globals::icinga2_bin + $conf_dir = $icinga2::globals::conf_dir + $cert_dir = $icinga2::globals::cert_dir + $ca_dir = $icinga2::globals::ca_dir + $user = $icinga2::globals::user + $group = $icinga2::globals::group + $node_name = $icinga2::_constants['NodeName'] + $_ssl_key_mode = $facts['os']['family'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -221,7 +220,7 @@ file { $_ssl_key_path: ensure => file, mode => $_ssl_key_mode, - source => $::facts['icinga2_puppet_hostprivkey'], + source => $facts['icinga2_puppet_hostprivkey'], tag => 'icinga2::config::file', show_diff => false, backup => false, @@ -229,13 +228,13 @@ file { $_ssl_cert_path: ensure => file, - source => $::facts['icinga2_puppet_hostcert'], + source => $facts['icinga2_puppet_hostcert'], tag => 'icinga2::config::file', } file { $_ssl_cacert_path: ensure => file, - source => $::facts['icinga2_puppet_localcacert'], + source => $facts['icinga2_puppet_localcacert'], tag => 'icinga2::config::file', } } # puppet @@ -250,7 +249,7 @@ } if $ssl_key { - $_ssl_key = $::facts['os']['family'] ? { + $_ssl_key = $facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } @@ -266,7 +265,7 @@ } if $ssl_cert { - $_ssl_cert = $::facts['os']['family'] ? { + $_ssl_cert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } @@ -279,7 +278,7 @@ } if $ssl_cacert { - $_ssl_cacert = $::facts['os']['family'] ? { + $_ssl_cacert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } @@ -312,7 +311,7 @@ } if $fingerprint { $_fingerprint = upcase(regsubst($fingerprint, ':', ' ', 'G')) - if $::facts['os']['family'] != 'Windows' { + if $facts['os']['family'] != 'Windows' { $_cmd_pki_get_cert = "${cmd_pki_get_cert} |grep '${_fingerprint}\s*$'" } else { $_cmd_pki_get_cert = "cmd.exe /c \"${cmd_pki_get_cert} |findstr /R /C:\"${_fingerprint}\"\"" @@ -321,14 +320,14 @@ $_cmd_pki_get_cert = $cmd_pki_get_cert } - $_env = $::facts['kernel'] ? { + $_env = $facts['kernel'] ? { 'windows' => undef, default => ["ICINGA2_USER=${user}", "ICINGA2_GROUP=${group}"], } Exec { environment => $_env, - notify => Class['::icinga2::service'], + notify => Class['icinga2::service'], } exec { 'icinga2 pki create key': @@ -337,7 +336,7 @@ } -> exec { 'icinga2 pki get trusted-cert': - path => $::facts['path'], + path => $facts['path'], command => $_cmd_pki_get_cert, creates => $trusted_cert, } diff --git a/manifests/feature/checker.pp b/manifests/feature/checker.pp index 0cfed5a07..cc6774c1e 100644 --- a/manifests/feature/checker.pp +++ b/manifests/feature/checker.pp @@ -10,18 +10,17 @@ # @note Deprecated in Icinga 2.11, replaced by global constant # MaxConcurrentChecks which will be set if you still use concurrent_checks. # -class icinga2::feature::checker( +class icinga2::feature::checker ( Enum['absent', 'present'] $ensure = present, Optional[Integer[1]] $concurrent_checks = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -52,5 +51,4 @@ icinga2::feature { 'checker': ensure => $ensure, } - } diff --git a/manifests/feature/command.pp b/manifests/feature/command.pp index 25ce7b70f..7b8f50618 100644 --- a/manifests/feature/command.pp +++ b/manifests/feature/command.pp @@ -7,18 +7,17 @@ # @param command_path # Absolute path to the command pipe. # -class icinga2::feature::command( +class icinga2::feature::command ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Absolutepath] $command_path = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } diff --git a/manifests/feature/compatlog.pp b/manifests/feature/compatlog.pp index 9c53e69b5..a97fcf16d 100644 --- a/manifests/feature/compatlog.pp +++ b/manifests/feature/compatlog.pp @@ -10,19 +10,18 @@ # @param rotation_method # Sets how often should the log file be rotated. # -class icinga2::feature::compatlog( +class icinga2::feature::compatlog ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Absolutepath] $log_dir = undef, Optional[Enum['DAILY', 'HOURLY', 'MONTHLY', 'WEEKLY']] $rotation_method = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } diff --git a/manifests/feature/debuglog.pp b/manifests/feature/debuglog.pp index 41a888857..69571c589 100644 --- a/manifests/feature/debuglog.pp +++ b/manifests/feature/debuglog.pp @@ -7,18 +7,17 @@ # @param path # Absolute path to the log file. # -class icinga2::feature::debuglog( +class icinga2::feature::debuglog ( Enum['absent', 'present'] $ensure = present, - Stdlib::Absolutepath $path = "${::icinga2::globals::log_dir}/debug.log", + Stdlib::Absolutepath $path = "${icinga2::globals::log_dir}/debug.log", ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } diff --git a/manifests/feature/elasticsearch.pp b/manifests/feature/elasticsearch.pp index fa966fc6e..71844a32f 100644 --- a/manifests/feature/elasticsearch.pp +++ b/manifests/feature/elasticsearch.pp @@ -61,7 +61,7 @@ # @param enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # -class icinga2::feature::elasticsearch( +class icinga2::feature::elasticsearch ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port::Unprivileged] $port = undef, @@ -81,16 +81,15 @@ Optional[Integer] $flush_threshold = undef, Optional[Boolean] $enable_ha = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $user = $::icinga2::globals::user - $group = $::icinga2::globals::group - $conf_dir = $::icinga2::globals::conf_dir + $user = $icinga2::globals::user + $group = $icinga2::globals::group + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -100,9 +99,8 @@ } if $enable_ssl { - - $ssl_dir = $::icinga2::globals::cert_dir - $_ssl_key_mode = $::facts['kernel'] ? { + $ssl_dir = $icinga2::globals::cert_dir + $_ssl_key_mode = $facts['kernel'] ? { 'windows' => undef, default => '0600', } @@ -110,12 +108,12 @@ # Set defaults for certificate stuff and/or do validation if $ssl_key { if $ssl_key_path { - $_ssl_key_path = $ssl_key_path } - else { + $_ssl_key_path = $ssl_key_path + } else { $_ssl_key_path = "${ssl_dir}/ElasticsearchWriter_elasticsearch.key" } - $_ssl_key = $::facts['os']['family'] ? { + $_ssl_key = $facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } @@ -133,12 +131,12 @@ if $ssl_cert { if $ssl_cert_path { - $_ssl_cert_path = $ssl_cert_path } - else { + $_ssl_cert_path = $ssl_cert_path + } else { $_ssl_cert_path = "${ssl_dir}/ElasticsearchWriter_elasticsearch.crt" } - $_ssl_cert = $::facts['os']['family'] ? { + $_ssl_cert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } @@ -154,12 +152,12 @@ if $ssl_cacert { if $ssl_cacert_path { - $_ssl_cacert_path = $ssl_cacert_path } - else { + $_ssl_cacert_path = $ssl_cacert_path + } else { $_ssl_cacert_path = "${ssl_dir}/ElasticsearchWriter_elasticsearch_ca.crt" } - $_ssl_cacert = $::facts['os']['family'] ? { + $_ssl_cacert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } diff --git a/manifests/feature/gelf.pp b/manifests/feature/gelf.pp index db36913b6..fcc6414d9 100644 --- a/manifests/feature/gelf.pp +++ b/manifests/feature/gelf.pp @@ -46,7 +46,7 @@ # @param enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # -class icinga2::feature::gelf( +class icinga2::feature::gelf ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port::Unprivileged] $port = undef, @@ -62,23 +62,22 @@ Optional[Boolean] $enable_send_perfdata = undef, Optional[Boolean] $enable_ha = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $owner = $::icinga2::globals::user - $group = $::icinga2::globals::group - $conf_dir = $::icinga2::globals::conf_dir - $ssl_dir = $::icinga2::globals::cert_dir + $owner = $icinga2::globals::user + $group = $icinga2::globals::group + $conf_dir = $icinga2::globals::conf_dir + $ssl_dir = $icinga2::globals::cert_dir - $_ssl_key_mode = $::facts['os']['family'] ? { + $_ssl_key_mode = $facts['os']['family'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -87,17 +86,16 @@ group => $group, } - if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { - $_ssl_key_path = $ssl_key_path } - else { + $_ssl_key_path = $ssl_key_path + } else { $_ssl_key_path = "${ssl_dir}/GelfWriter_gelf.key" } - $_ssl_key = $::facts['os']['family'] ? { + $_ssl_key = $facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } @@ -115,12 +113,12 @@ if $ssl_cert { if $ssl_cert_path { - $_ssl_cert_path = $ssl_cert_path } - else { + $_ssl_cert_path = $ssl_cert_path + } else { $_ssl_cert_path = "${ssl_dir}/GelfWriter_gelf.crt" } - $_ssl_cert = $::facts['os']['family'] ? { + $_ssl_cert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } @@ -136,12 +134,12 @@ if $ssl_cacert { if $ssl_cacert_path { - $_ssl_cacert_path = $ssl_cacert_path } - else { + $_ssl_cacert_path = $ssl_cacert_path + } else { $_ssl_cacert_path = "${ssl_dir}/GelfWriter_gelf_ca.crt" } - $_ssl_cacert = $::facts['os']['family'] ? { + $_ssl_cacert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } @@ -167,7 +165,6 @@ $attrs_ssl = { enable_tls => $enable_ssl } } - # compose attributes $attrs = { host => $host, diff --git a/manifests/feature/graphite.pp b/manifests/feature/graphite.pp index 74a225de5..a8f337f5f 100644 --- a/manifests/feature/graphite.pp +++ b/manifests/feature/graphite.pp @@ -2,7 +2,7 @@ # Configures the Icinga 2 feature graphite. # # @example -# class { '::icinga2::feature::graphite': +# class { 'icinga2::feature::graphite': # host => '10.10.0.15', # port => 2003, # enable_send_thresholds => true, @@ -31,7 +31,7 @@ # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # -class icinga2::feature::graphite( +class icinga2::feature::graphite ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port::Unprivileged] $port = undef, @@ -41,14 +41,13 @@ Optional[Boolean] $enable_send_metadata = undef, Optional[Boolean] $enable_ha = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } diff --git a/manifests/feature/icingadb.pp b/manifests/feature/icingadb.pp index 85b47bdd6..88949d369 100644 --- a/manifests/feature/icingadb.pp +++ b/manifests/feature/icingadb.pp @@ -19,32 +19,131 @@ # @param password # IcingaDB Redis password. The password parameter isn't parsed anymore. # -class icinga2::feature::icingadb( +# @param env_id +# The ID is used in all Icinga DB components to separate data from multiple +# different environments and is written to the file `/var/lib/icinga2/icingadb.env` +# by Icinga 2. Icinga 2 generates a unique environment ID from its CA certificate +# when it is first started with the Icinga DB feature enabled. +# +# @param enable_tls +# Either enable or disable SSL/TLS. Other SSL parameters are only affected if this is set to 'true'. +# +# @param tls_key_file +# Location of the private key. Only valid if tls is enabled. +# +# @param tls_cert_file +# Location of the certificate. Only valid if tls is enabled. +# +# @param tls_cacert_file +# Location of the CA certificate. Only valid if tls is enabled. +# +# @param tls_crl_file +# Location of the Certicicate Revocation List. Only valid if tls is enabled. +# +# @param tls_key +# The private key in a PEM formated string to store spicified in tls_key_file. +# Only valid if tls is enabled. +# +# @param tls_cert +# The certificate in a PEM format string to store spicified in tls_cert_file. +# Only valid if tls is enabled. +# +# @param tls_cacert +# The CA root certificate in a PEM formated string to store spicified in tls_cacert_file. +# Only valid if tls is enabled. +# +# @param tls_capath +# Path to all trusted CA certificates. Only valid if tls is enabled. +# +# @param tls_cipher +# List of allowed ciphers. Only valid if tls is enabled. +# +# @param tls_protocolmin +# Minimum TLS protocol version like `TLSv1.2`. Only valid if tls is enabled. +# +# @param tls_noverify +# Whether not to verify the peer. +# +class icinga2::feature::icingadb ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port::Unprivileged] $port = undef, Optional[Stdlib::Absolutepath] $socket_path = undef, Optional[Icinga2::Interval] $connect_timeout = undef, Optional[Variant[String, Sensitive[String]]] $password = undef, + Optional[Variant[String, Sensitive[String]]] $env_id = undef, + Boolean $enable_tls = false, + Optional[Stdlib::Absolutepath] $tls_key_file = undef, + Optional[Stdlib::Absolutepath] $tls_cert_file = undef, + Optional[Stdlib::Absolutepath] $tls_cacert_file = undef, + Optional[Stdlib::Absolutepath] $tls_crl_file = undef, + Optional[Variant[String, Sensitive[String]]] $tls_key = undef, + Optional[String] $tls_cert = undef, + Optional[String] $tls_cacert = undef, + Optional[String] $tls_capath = undef, + Optional[String] $tls_cipher = undef, + Optional[String] $tls_protocolmin = undef, + Optional[Boolean] $tls_noverify = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $owner = $icinga2::globals::user + $group = $icinga2::globals::group + $conf_dir = $icinga2::globals::conf_dir + $data_dir = $icinga2::globals::data_dir + $ssl_dir = $icinga2::globals::cert_dir - $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + $_notify = $ensure ? { + 'present' => Class['icinga2::service'], default => undef, } - $_password = if $password =~ String { - Sensitive($password) - } elsif $password =~ Sensitive { - $password - } else { - undef + File { + owner => $owner, + group => $group, + } + + if $env_id { + file { "${data_dir}/icingadb.env": + ensure => file, + mode => '0600', + content => sprintf('"%s"', icinga2::unwrap($env_id)), + show_diff => false, + tag => 'icinga2::config::file', + } + } + + if $enable_tls { + $cert = icinga2::cert( + 'IcingaDB-icingadb', + $tls_key_file, + $tls_cert_file, + $tls_cacert_file, + $tls_key, + $tls_cert, + $tls_cacert, + ) + + $attrs_tls = { + enable_tls => true, + ca_path => $cert['cacert_file'], + cert_path => $cert['cert_file'], + key_path => $cert['key_file'], + crl_path => $tls_crl_file, + insecure_noverify => $tls_noverify, + cipher_list => $tls_cipher, + tls_protocolmin => $tls_protocolmin, + } + + icinga2::tls::client { 'IcingaDB-icingadb': + args => $cert, + notify => $_notify, + } + } # enable_tls + else { + $attrs_tls = { enable_tls => false } } # compose attributes @@ -52,15 +151,15 @@ host => $host, port => $port, path => $socket_path, - password => $_password, + password => $password, } # create object icinga2::object { 'icinga2::object::IcingaDB::icingadb': object_name => 'icingadb', object_type => 'IcingaDB', - attrs => delete_undef_values($attrs), - attrs_list => keys($attrs), + attrs => delete_undef_values(merge($attrs, $attrs_tls)), + attrs_list => concat(keys($attrs), keys($attrs_tls)), target => "${conf_dir}/features-available/icingadb.conf", order => 10, notify => $_notify, diff --git a/manifests/feature/idomysql.pp b/manifests/feature/idomysql.pp index 15879f50f..1e901afc0 100644 --- a/manifests/feature/idomysql.pp +++ b/manifests/feature/idomysql.pp @@ -96,7 +96,7 @@ # both means true. With mariadb its cli options are used for the import, # whereas with mysql its different options. # -class icinga2::feature::idomysql( +class icinga2::feature::idomysql ( Variant[String, Sensitive[String]] $password, Enum['absent', 'present'] $ensure = present, Stdlib::Host $host = 'localhost', @@ -122,27 +122,26 @@ Optional[Array] $categories = undef, Variant[Boolean, Enum['mariadb', 'mysql']] $import_schema = false, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $owner = $::icinga2::globals::user - $group = $::icinga2::globals::group - $conf_dir = $::icinga2::globals::conf_dir - $ssl_dir = $::icinga2::globals::cert_dir - $ido_mysql_package_name = $::icinga2::globals::ido_mysql_package_name - $ido_mysql_schema = $::icinga2::globals::ido_mysql_schema - $manage_package = $::icinga2::manage_package - $manage_packages = $::icinga2::manage_packages + $owner = $icinga2::globals::user + $group = $icinga2::globals::group + $conf_dir = $icinga2::globals::conf_dir + $ssl_dir = $icinga2::globals::cert_dir + $ido_mysql_package_name = $icinga2::globals::ido_mysql_package_name + $ido_mysql_schema = $icinga2::globals::ido_mysql_schema + $manage_package = $icinga2::manage_package + $manage_packages = $icinga2::manage_packages - $_ssl_key_mode = $::facts['os']['family'] ? { + $_ssl_key_mode = $facts['os']['family'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -155,12 +154,12 @@ # to build mysql exec command to import schema if $import_schema { $_mysql_options = join(any2array(delete_undef_values({ - '-h' => $host ? { - /localhost/ => undef, - default => $host, - }, - '-P' => $port, - '-u' => $user, + '-h' => $host ? { + /localhost/ => undef, + default => $host, + }, + '-P' => $port, + '-u' => $user, })), ' ') } @@ -169,17 +168,16 @@ group => $group, } - if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { - $_ssl_key_path = $ssl_key_path } - else { + $_ssl_key_path = $ssl_key_path + } else { $_ssl_key_path = "${ssl_dir}/IdoMysqlConnection_ido-mysql.key" } - $_ssl_key = $::facts['os']['family'] ? { + $_ssl_key = $facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } @@ -197,12 +195,12 @@ if $ssl_cert { if $ssl_cert_path { - $_ssl_cert_path = $ssl_cert_path } - else { + $_ssl_cert_path = $ssl_cert_path + } else { $_ssl_cert_path = "${ssl_dir}/IdoMysqlConnection_ido-mysql.crt" } - $_ssl_cert = $::facts['os']['family'] ? { + $_ssl_cert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } @@ -218,12 +216,12 @@ if $ssl_cacert { if $ssl_cacert_path { - $_ssl_cacert_path = $ssl_cacert_path } - else { + $_ssl_cacert_path = $ssl_cacert_path + } else { $_ssl_cacert_path = "${ssl_dir}/IdoMysqlConnection_ido-mysql_ca.crt" } - $_ssl_cacert = $::facts['os']['family'] ? { + $_ssl_cacert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } @@ -241,21 +239,21 @@ if $enable_ssl { if $import_schema =~ Boolean or $import_schema == 'mariadb' { $_ssl_options = join(any2array(delete_undef_values({ - '--ssl' => '', - '--ssl-ca' => $_ssl_cacert_path, - '--ssl-cert' => $_ssl_cert_path, - '--ssl-key' => $_ssl_key_path, - '--ssl-capath' => $ssl_capath, - '--ssl-cipher' => $ssl_cipher, + '--ssl' => '', + '--ssl-ca' => $_ssl_cacert_path, + '--ssl-cert' => $_ssl_cert_path, + '--ssl-key' => $_ssl_key_path, + '--ssl-capath' => $ssl_capath, + '--ssl-cipher' => $ssl_cipher, })), ' ') } else { $_ssl_options = join(any2array(delete_undef_values({ - '--ssl-mode' => 'required', - '--ssl-ca' => $_ssl_cacert_path, - '--ssl-cert' => $_ssl_cert_path, - '--ssl-key' => $_ssl_key_path, - '--ssl-capath' => $ssl_capath, - '--ssl-cipher' => $ssl_cipher, + '--ssl-mode' => 'required', + '--ssl-ca' => $_ssl_cacert_path, + '--ssl-cert' => $_ssl_cert_path, + '--ssl-key' => $_ssl_key_path, + '--ssl-capath' => $ssl_capath, + '--ssl-cipher' => $ssl_cipher, })), ' ') } } else { @@ -278,8 +276,8 @@ else { # set cli options for mysql connection if $import_schema { - $_mysql_command = "mysql ${_mysql_options} -p'${_password.unwrap}' ${database}" } - + $_mysql_command = "mysql ${_mysql_options} -p'${_password.unwrap}' ${database}" + } $attrs_ssl = { enable_ssl => $enable_ssl } } @@ -301,7 +299,7 @@ # install additional package if $ido_mysql_package_name and ($manage_package or $manage_packages) { - if $::facts['os']['family'] == 'debian' { + if $facts['os']['family'] == 'debian' { ensure_resources('file', { '/etc/dbconfig-common' => { ensure => directory, owner => 'root', group => 'root' } }) file { "/etc/dbconfig-common/${ido_mysql_package_name}.conf": ensure => file, @@ -326,7 +324,7 @@ } exec { 'idomysql-import-schema': user => 'root', - path => $::facts['path'], + path => $facts['path'], command => "${_mysql_command} < \"${ido_mysql_schema}\"", unless => "${_mysql_command} -Ns -e 'select version from icinga_dbversion'", } diff --git a/manifests/feature/idopgsql.pp b/manifests/feature/idopgsql.pp index 4f06fcc43..be8daf38d 100644 --- a/manifests/feature/idopgsql.pp +++ b/manifests/feature/idopgsql.pp @@ -81,7 +81,7 @@ # @param import_schema # Whether to import the PostgreSQL schema or not. # -class icinga2::feature::idopgsql( +class icinga2::feature::idopgsql ( Variant[String, Sensitive[String]] $password, Enum['absent', 'present'] $ensure = present, Stdlib::Host $host = 'localhost', @@ -90,7 +90,7 @@ String $database = 'icinga', Optional[Enum['disable', 'allow', 'prefer', 'verify-full', - 'verify-ca', 'require']] $ssl_mode = undef, + 'verify-ca', 'require']] $ssl_mode = undef, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, @@ -106,25 +106,24 @@ Optional[Array] $categories = undef, Boolean $import_schema = false, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $owner = $::icinga2::globals::user - $group = $::icinga2::globals::group - $conf_dir = $::icinga2::globals::conf_dir - $ssl_dir = $::icinga2::globals::cert_dir - $ido_pgsql_package_name = $::icinga2::globals::ido_pgsql_package_name - $ido_pgsql_schema = $::icinga2::globals::ido_pgsql_schema - $manage_package = $::icinga2::manage_package - $manage_packages = $::icinga2::manage_packages + $owner = $icinga2::globals::user + $group = $icinga2::globals::group + $conf_dir = $icinga2::globals::conf_dir + $ssl_dir = $icinga2::globals::cert_dir + $ido_pgsql_package_name = $icinga2::globals::ido_pgsql_package_name + $ido_pgsql_schema = $icinga2::globals::ido_pgsql_schema + $manage_package = $icinga2::manage_package + $manage_packages = $icinga2::manage_packages $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } - $_ssl_key_mode = $::facts['os']['family'] ? { + $_ssl_key_mode = $facts['os']['family'] ? { 'windows' => undef, default => '0600', } @@ -143,12 +142,12 @@ # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { - $_ssl_key_path = $ssl_key_path } - else { + $_ssl_key_path = $ssl_key_path + } else { $_ssl_key_path = "${ssl_dir}/IdoPgsqlConnection_ido-pgsql.key" } - $_ssl_key = $::facts['os']['family'] ? { + $_ssl_key = $facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } @@ -166,12 +165,12 @@ if $ssl_cert { if $ssl_cert_path { - $_ssl_cert_path = $ssl_cert_path } - else { + $_ssl_cert_path = $ssl_cert_path + } else { $_ssl_cert_path = "${ssl_dir}/IdoPgsqlConnection_ido-pgsql.crt" } - $_ssl_cert = $::facts['os']['family'] ? { + $_ssl_cert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } @@ -187,12 +186,12 @@ if $ssl_cacert { if $ssl_cacert_path { - $_ssl_cacert_path = $ssl_cacert_path } - else { + $_ssl_cacert_path = $ssl_cacert_path + } else { $_ssl_cacert_path = "${ssl_dir}/IdoPgsqlConnection_ido-pgsql_ca.crt" } - $_ssl_cacert = $::facts['os']['family'] ? { + $_ssl_cacert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } @@ -227,7 +226,7 @@ # install additional package if $ido_pgsql_package_name and ($manage_package or $manage_packages) { - if $::facts['os']['family'] == 'debian' { + if $facts['os']['family'] == 'debian' { ensure_resources('file', { '/etc/dbconfig-common' => { ensure => directory, owner => 'root', group => 'root' } }) file { "/etc/dbconfig-common/${ido_pgsql_package_name}.conf": ensure => file, @@ -252,19 +251,19 @@ } $_connection = regsubst(join(any2array(delete_undef_values({ - 'host=' => $host, - 'sslmode=' => $ssl_mode, - 'sslcert=' => $_ssl_cert_path, - 'sslkey=' => $_ssl_key_path, - 'sslrootcert=' => $_ssl_cacert_path, - 'user=' => $user, - 'port=' => $port, - 'dbname=' => $database, - })), ' '), '= ', '=', 'G') + 'host=' => $host, + 'sslmode=' => $ssl_mode, + 'sslcert=' => $_ssl_cert_path, + 'sslkey=' => $_ssl_key_path, + 'sslrootcert=' => $_ssl_cacert_path, + 'user=' => $user, + 'port=' => $port, + 'dbname=' => $database, + })), ' '), '= ', '=', 'G') exec { 'idopgsql-import-schema': user => 'root', - path => $::facts['path'], + path => $facts['path'], environment => ["PGPASSWORD=${_password.unwrap}"], command => "psql '${_connection}' -w -f '${ido_pgsql_schema}'", unless => "psql '${_connection}' -w -c 'select version from icinga_dbversion'", diff --git a/manifests/feature/influxdb.pp b/manifests/feature/influxdb.pp index 713fa8622..389e4fd52 100644 --- a/manifests/feature/influxdb.pp +++ b/manifests/feature/influxdb.pp @@ -81,7 +81,7 @@ # @param enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # -class icinga2::feature::influxdb( +class icinga2::feature::influxdb ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port] $port = undef, @@ -107,23 +107,22 @@ Optional[Integer[1]] $flush_threshold = undef, Optional[Boolean] $enable_ha = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $user = $::icinga2::globals::user - $group = $::icinga2::globals::group - $conf_dir = $::icinga2::globals::conf_dir - $ssl_dir = $::icinga2::globals::cert_dir + $user = $icinga2::globals::user + $group = $icinga2::globals::group + $conf_dir = $icinga2::globals::conf_dir + $ssl_dir = $icinga2::globals::cert_dir - $_ssl_key_mode = $::facts['kernel'] ? { + $_ssl_key_mode = $facts['kernel'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -143,19 +142,18 @@ } $host_template = { measurement => $host_measurement, tags => $host_tags } - $service_template = { measurement => $service_measurement, tags => $service_tags} + $service_template = { measurement => $service_measurement, tags => $service_tags } if $enable_ssl { - # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { - $_ssl_key_path = $ssl_key_path } - else { + $_ssl_key_path = $ssl_key_path + } else { $_ssl_key_path = "${ssl_dir}/InfluxdbWriter_influxdb.key" } - $_ssl_key = $::facts['os']['family'] ? { + $_ssl_key = $facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } @@ -173,12 +171,12 @@ if $ssl_cert { if $ssl_cert_path { - $_ssl_cert_path = $ssl_cert_path } - else { + $_ssl_cert_path = $ssl_cert_path + } else { $_ssl_cert_path = "${ssl_dir}/InfluxdbWriter_influxdb.crt" } - $_ssl_cert = $::facts['os']['family'] ? { + $_ssl_cert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } @@ -194,12 +192,12 @@ if $ssl_cacert { if $ssl_cacert_path { - $_ssl_cacert_path = $ssl_cacert_path } - else { + $_ssl_cacert_path = $ssl_cacert_path + } else { $_ssl_cacert_path = "${ssl_dir}/InfluxdbWriter_influxdb_ca.crt" } - $_ssl_cacert = $::facts['os']['family'] ? { + $_ssl_cacert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } diff --git a/manifests/feature/influxdb2.pp b/manifests/feature/influxdb2.pp index 3f4b14aa7..4b0b46c18 100644 --- a/manifests/feature/influxdb2.pp +++ b/manifests/feature/influxdb2.pp @@ -78,7 +78,7 @@ # @param enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # -class icinga2::feature::influxdb2( +class icinga2::feature::influxdb2 ( String $organization, String $bucket, Variant[String, Sensitive[String]] $auth_token, @@ -103,23 +103,22 @@ Optional[Integer[1]] $flush_threshold = undef, Optional[Boolean] $enable_ha = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $user = $::icinga2::globals::user - $group = $::icinga2::globals::group - $conf_dir = $::icinga2::globals::conf_dir - $ssl_dir = $::icinga2::globals::cert_dir + $user = $icinga2::globals::user + $group = $icinga2::globals::group + $conf_dir = $icinga2::globals::conf_dir + $ssl_dir = $icinga2::globals::cert_dir - $_ssl_key_mode = $::facts['kernel'] ? { + $_ssl_key_mode = $facts['kernel'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -135,19 +134,18 @@ } $host_template = { measurement => $host_measurement, tags => $host_tags } - $service_template = { measurement => $service_measurement, tags => $service_tags} + $service_template = { measurement => $service_measurement, tags => $service_tags } if $enable_ssl { - # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { - $_ssl_key_path = $ssl_key_path } - else { + $_ssl_key_path = $ssl_key_path + } else { $_ssl_key_path = "${ssl_dir}/Influxdb2Writer_influxdb2.key" } - $_ssl_key = $::facts['os']['family'] ? { + $_ssl_key = $facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } @@ -165,12 +163,12 @@ if $ssl_cert { if $ssl_cert_path { - $_ssl_cert_path = $ssl_cert_path } - else { + $_ssl_cert_path = $ssl_cert_path + } else { $_ssl_cert_path = "${ssl_dir}/Influxdb2Writer_influxdb2.crt" } - $_ssl_cert = $::facts['os']['family'] ? { + $_ssl_cert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } @@ -186,12 +184,12 @@ if $ssl_cacert { if $ssl_cacert_path { - $_ssl_cacert_path = $ssl_cacert_path } - else { + $_ssl_cacert_path = $ssl_cacert_path + } else { $_ssl_cacert_path = "${ssl_dir}/Influxdb2Writer_influxdb2_ca.crt" } - $_ssl_cacert = $::facts['os']['family'] ? { + $_ssl_cacert = $facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } diff --git a/manifests/feature/livestatus.pp b/manifests/feature/livestatus.pp index 2e036aa5f..356212f83 100644 --- a/manifests/feature/livestatus.pp +++ b/manifests/feature/livestatus.pp @@ -19,7 +19,7 @@ # @param compat_log_path # Required for historical table queries. Requires CompatLogger feature to be enabled. # -class icinga2::feature::livestatus( +class icinga2::feature::livestatus ( Enum['absent', 'present'] $ensure = present, Optional[Enum['tcp', 'unix']] $socket_type = undef, Optional[Stdlib::Host] $bind_host = undef, @@ -27,14 +27,13 @@ Optional[Stdlib::Absolutepath] $socket_path = undef, Optional[Stdlib::Absolutepath] $compat_log_path = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } diff --git a/manifests/feature/mainlog.pp b/manifests/feature/mainlog.pp index 89a3f5201..e868e3136 100644 --- a/manifests/feature/mainlog.pp +++ b/manifests/feature/mainlog.pp @@ -10,19 +10,18 @@ # @param path # Absolute path to the log file. # -class icinga2::feature::mainlog( +class icinga2::feature::mainlog ( Enum['absent', 'present'] $ensure = present, Icinga2::LogSeverity $severity = 'information', - Stdlib::Absolutepath $path = "${::icinga2::globals::log_dir}/icinga2.log", + Stdlib::Absolutepath $path = "${icinga2::globals::log_dir}/icinga2.log", ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -45,7 +44,6 @@ # manage feature icinga2::feature { 'mainlog': - ensure => $ensure, + ensure => $ensure, } - } diff --git a/manifests/feature/notification.pp b/manifests/feature/notification.pp index e5c435499..2a1b4aa72 100644 --- a/manifests/feature/notification.pp +++ b/manifests/feature/notification.pp @@ -7,18 +7,17 @@ # @param enable_ha # Notifications are load-balanced amongst all nodes in a zone. # -class icinga2::feature::notification( +class icinga2::feature::notification ( Enum['absent', 'present'] $ensure = present, Optional[Boolean] $enable_ha = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -47,7 +46,6 @@ # manage feature icinga2::feature { 'notification': - ensure => $ensure, + ensure => $ensure, } - } diff --git a/manifests/feature/opentsdb.pp b/manifests/feature/opentsdb.pp index 1f0d44e59..e5fa94898 100644 --- a/manifests/feature/opentsdb.pp +++ b/manifests/feature/opentsdb.pp @@ -13,20 +13,19 @@ # @param enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # -class icinga2::feature::opentsdb( +class icinga2::feature::opentsdb ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port::Unprivileged] $port = undef, Optional[Boolean] $enable_ha = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } diff --git a/manifests/feature/perfdata.pp b/manifests/feature/perfdata.pp index 93b0152ec..9bae127fe 100644 --- a/manifests/feature/perfdata.pp +++ b/manifests/feature/perfdata.pp @@ -29,7 +29,7 @@ # @param enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # -class icinga2::feature::perfdata( +class icinga2::feature::perfdata ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Absolutepath] $host_perfdata_path = undef, Optional[Stdlib::Absolutepath] $service_perfdata_path = undef, @@ -40,14 +40,13 @@ Optional[Icinga2::Interval] $rotation_interval = undef, Optional[Boolean] $enable_ha = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } diff --git a/manifests/feature/statusdata.pp b/manifests/feature/statusdata.pp index 7019033f4..89599b9b2 100644 --- a/manifests/feature/statusdata.pp +++ b/manifests/feature/statusdata.pp @@ -14,20 +14,19 @@ # Interval in seconds to update both status files. You can also specify # it in minutes with the letter m or in seconds with s. # -class icinga2::feature::statusdata( +class icinga2::feature::statusdata ( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Absolutepath] $status_path = undef, Optional[Stdlib::Absolutepath] $objects_path = undef, Optional[Icinga2::Interval] $update_interval = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } diff --git a/manifests/feature/syslog.pp b/manifests/feature/syslog.pp index 1ed8671e2..ba32ef388 100644 --- a/manifests/feature/syslog.pp +++ b/manifests/feature/syslog.pp @@ -11,19 +11,18 @@ # Defines the facility to use for syslog entries. This can be a facility constant # like FacilityDaemon. # -class icinga2::feature::syslog( +class icinga2::feature::syslog ( Enum['absent', 'present'] $ensure = present, Icinga2::LogSeverity $severity = 'warning', Optional[Icinga2::LogFacility] $facility = undef, ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -49,4 +48,3 @@ ensure => $ensure, } } - diff --git a/manifests/feature/windowseventlog.pp b/manifests/feature/windowseventlog.pp index b5b2a7a78..421bface1 100644 --- a/manifests/feature/windowseventlog.pp +++ b/manifests/feature/windowseventlog.pp @@ -7,12 +7,11 @@ # @param severity # You can choose the log severity between information, notice, warning or debug. # -class icinga2::feature::windowseventlog( +class icinga2::feature::windowseventlog ( Enum['absent', 'present'] $ensure = present, Icinga2::LogSeverity $severity = 'warning', ) { - - if ! defined(Class['::icinga2']) { + if ! defined(Class['icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } @@ -20,9 +19,9 @@ fail('The feature windowseventlogs is only supported on Windows platforms!') } - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir $_notify = $ensure ? { - 'present' => Class['::icinga2::service'], + 'present' => Class['icinga2::service'], default => undef, } @@ -47,4 +46,3 @@ ensure => $ensure, } } - diff --git a/manifests/globals.pp b/manifests/globals.pp index 5d09ae3b1..2954f47f7 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -61,6 +61,9 @@ # @param cache_dir # Path to cache files of Icinga. # +# @param data_dir +# Path to data files of Icinga. +# # @param cert_dir # Path to the directory where Icinga stores keys and certificates. # @@ -70,7 +73,7 @@ # @param service_reload # How to do a reload of the Icinga process. # -class icinga2::globals( +class icinga2::globals ( String $package_name, String $service_name, String $ido_mysql_schema, @@ -82,6 +85,7 @@ Stdlib::Absolutepath $run_dir, Stdlib::Absolutepath $spool_dir, Stdlib::Absolutepath $cache_dir, + Stdlib::Absolutepath $data_dir, Stdlib::Absolutepath $cert_dir, Stdlib::Absolutepath $ca_dir, Array[String] $reserved, @@ -93,7 +97,6 @@ Optional[String] $ido_pgsql_package_name = undef, Optional[String] $service_reload = undef, ) { - assert_private() if ( versioncmp($::facts['puppetversion'], '6' ) >= 0 and versioncmp(load_module_metadata('stdlib')['version'], '5.1.0') < 0 ) { @@ -108,5 +111,4 @@ } $constants = lookup('icinga2::globals::constants', Hash, 'deep', {}) - } diff --git a/manifests/init.pp b/manifests/init.pp index d0756995f..0392feffe 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,7 +3,7 @@ # # @example Declare icinga2 with all defaults. Keep in mind that your operating system may not have Icinga 2 in its package repository. # -# include ::icinga2 +# include icinga2 # # @example If you want to use the module icinga/puppet-icinga, e.g. to use the official Icinga Project repositories, enable the manage_repos parameter. # class { 'icinga2': @@ -21,7 +21,7 @@ # notifiy => Class['icinga2'], # } # -# class { '::icinga2': +# class { 'icinga2': # manage_packages => false, # } # @@ -38,7 +38,7 @@ # } # # @example Enabling features with there defaults or loading parameters via Hiera: -# class { '::icinga2': +# class { 'icinga2': # manage_repos => true, # features => ['checker', 'mainlog', 'command'], # } @@ -132,14 +132,13 @@ Hash $constants = {}, Variant[Boolean, String] $confd = true, ) { - - require ::icinga2::globals + require icinga2::globals # load reserved words - $_reserved = $::icinga2::globals::reserved + $_reserved = $icinga2::globals::reserved # merge constants with defaults - $_constants = merge($::icinga2::globals::constants, $constants) + $_constants = merge($icinga2::globals::constants, $constants) # validate confd, boolean or string if $confd =~ Boolean { @@ -148,32 +147,32 @@ $_confd = $confd } - Class['::icinga2::config'] + Class['icinga2::config'] -> Concat <| tag == 'icinga2::config::file' |> - ~> Class['::icinga2::service'] + ~> Class['icinga2::service'] if $manage_package { deprecation('manage_package', 'manage_package is deprecated and will be replaced by manage_packages in the future.') } if $manage_repos or $manage_repo { - require ::icinga::repos + require icinga::repos if $manage_repo { deprecation('manage_repo', 'manage_repo is deprecated and will be replaced by manage_repos in the future.') } } - anchor { '::icinga2::begin': - notify => Class['::icinga2::service'], + anchor { 'icinga2::begin': + notify => Class['icinga2::service'], } - -> class { '::icinga2::install': } + -> class { 'icinga2::install': } -> File <| ensure == 'directory' and tag == 'icinga2::config::file' |> - -> class { '::icinga2::config': notify => Class['::icinga2::service'] } + -> class { 'icinga2::config': notify => Class['icinga2::service'] } -> File <| ensure != 'directory' and tag == 'icinga2::config::file' |> - ~> class { '::icinga2::service': } - -> anchor { '::icinga2::end': - subscribe => Class['::icinga2::config'], + ~> class { 'icinga2::service': } + -> anchor { 'icinga2::end': + subscribe => Class['icinga2::config'], } - include prefix($features, '::icinga2::feature::') + include prefix($features, 'icinga2::feature::') } diff --git a/manifests/install.pp b/manifests/install.pp index 3725fb31a..daf9f6f24 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -5,21 +5,20 @@ # @api private # class icinga2::install { - assert_private() - $package_name = $::icinga2::globals::package_name - $manage_package = $::icinga2::manage_package - $manage_packages = $::icinga2::manage_packages - $selinux_package_name = $::icinga2::globals::selinux_package_name - $manage_selinux = $::icinga2::manage_selinux - $cert_dir = $::icinga2::globals::cert_dir - $conf_dir = $::icinga2::globals::conf_dir - $user = $::icinga2::globals::user - $group = $::icinga2::globals::group + $package_name = $icinga2::globals::package_name + $manage_package = $icinga2::manage_package + $manage_packages = $icinga2::manage_packages + $selinux_package_name = $icinga2::globals::selinux_package_name + $manage_selinux = $icinga2::manage_selinux + $cert_dir = $icinga2::globals::cert_dir + $conf_dir = $icinga2::globals::conf_dir + $user = $icinga2::globals::user + $group = $icinga2::globals::group if $manage_package or $manage_packages { - if $::facts['os']['family'] == 'windows' { Package { provider => chocolatey, } } + if $facts['os']['family'] == 'windows' { Package { provider => chocolatey, } } package { $package_name: ensure => installed, @@ -39,5 +38,4 @@ owner => $user, group => $group, } - } diff --git a/manifests/object.pp b/manifests/object.pp index 8c5614f52..d86420c8c 100644 --- a/manifests/object.pp +++ b/manifests/object.pp @@ -49,7 +49,7 @@ # @param attrs_list # Array of all possible attributes for this object type. # -define icinga2::object( +define icinga2::object ( String $object_type, Stdlib::Absolutepath $target, Variant[String, Integer] $order, @@ -65,16 +65,15 @@ Array $ignore = [], Hash $attrs = {}, ) { - assert_private() - case $::facts['os']['family'] { + case $facts['os']['family'] { 'windows': { } # windows default: { Concat { - owner => $::icinga2::globals::user, - group => $::icinga2::globals::group, + owner => $icinga2::globals::user, + group => $icinga2::globals::group, mode => '0640', } } # default @@ -85,11 +84,11 @@ } $_attrs = merge($attrs, { - 'assign where' => $assign, - 'ignore where' => $ignore, + 'assign where' => $assign, + 'ignore where' => $ignore, }) - $_content = $::facts['os']['family'] ? { + $_content = $facts['os']['family'] ? { 'windows' => regsubst(template('icinga2/object.conf.erb'), '\n', "\r\n", 'EMG'), default => template('icinga2/object.conf.erb'), } @@ -109,5 +108,4 @@ order => $order, } } - } diff --git a/manifests/object/apiuser.pp b/manifests/object/apiuser.pp index 3b44487af..faafc2afc 100644 --- a/manifests/object/apiuser.pp +++ b/manifests/object/apiuser.pp @@ -57,7 +57,7 @@ # @param [Variant[String, Integer]] order # String or integer to set the position in the target file, sorted alpha numeric. # -define icinga2::object::apiuser( +define icinga2::object::apiuser ( Stdlib::Absolutepath $target, Enum['absent', 'present'] $ensure = present, String $apiuser_name = $title, @@ -66,7 +66,6 @@ Optional[String] $client_cn = undef, Variant[String, Integer] $order = 30, ) { - $_password = if $password =~ String { Sensitive($password) } elsif $password =~ Sensitive { diff --git a/manifests/object/checkcommand.pp b/manifests/object/checkcommand.pp index b2796195b..676571f5d 100644 --- a/manifests/object/checkcommand.pp +++ b/manifests/object/checkcommand.pp @@ -40,7 +40,7 @@ # String or integer to set the position in the target file, sorted alpha numeric. # # -define icinga2::object::checkcommand( +define icinga2::object::checkcommand ( Stdlib::Absolutepath $target, Enum['absent', 'present'] $ensure = present, String $checkcommand_name = $title, @@ -53,7 +53,6 @@ Boolean $template = false, Variant[String, Integer] $order = 15, ) { - # compose the attributes $attrs = { command => $command, diff --git a/manifests/object/checkresultreader.pp b/manifests/object/checkresultreader.pp index e06efe8d4..e22152003 100644 --- a/manifests/object/checkresultreader.pp +++ b/manifests/object/checkresultreader.pp @@ -23,8 +23,7 @@ String $checkresultreader_name = $title, Optional[Stdlib::Absolutepath] $spool_dir = undef, Variant[String, Integer] $order = '05', -){ - +) { # compose the attributes $attrs = { 'spool_dir' => $spool_dir, diff --git a/manifests/object/dependency.pp b/manifests/object/dependency.pp index 48d00d106..7928651c5 100644 --- a/manifests/object/dependency.pp +++ b/manifests/object/dependency.pp @@ -89,8 +89,7 @@ Array $import = [], Boolean $template = false, Variant[String, Integer] $order = 70, -){ - +) { # compose attributes $attrs = { 'parent_host_name' => $parent_host_name, @@ -121,5 +120,4 @@ target => $target, order => $order, } - } diff --git a/manifests/object/endpoint.pp b/manifests/object/endpoint.pp index 1065e34b0..5061795c9 100644 --- a/manifests/object/endpoint.pp +++ b/manifests/object/endpoint.pp @@ -26,7 +26,7 @@ # @param order # String or integer to set the position in the target file, sorted alpha numeric. # -define icinga2::object::endpoint( +define icinga2::object::endpoint ( Enum['absent', 'present'] $ensure = present, String $endpoint_name = $title, Optional[Stdlib::Host] $host = undef, @@ -35,8 +35,7 @@ Optional[Stdlib::Absolutepath] $target = undef, Variant[String, Integer] $order = 40, ) { - - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir if $target { $_target = $target diff --git a/manifests/object/eventcommand.pp b/manifests/object/eventcommand.pp index 8e3f1aee5..91356b76e 100644 --- a/manifests/object/eventcommand.pp +++ b/manifests/object/eventcommand.pp @@ -47,8 +47,7 @@ Optional[Hash] $arguments = undef, Array $import = [], Variant[String, Integer] $order = 20, -){ - +) { # compose the attributes $attrs = { 'command' => $command, diff --git a/manifests/object/host.pp b/manifests/object/host.pp index 5564d70c8..9e33fb1ef 100644 --- a/manifests/object/host.pp +++ b/manifests/object/host.pp @@ -107,7 +107,7 @@ # @param order # String or integer to set the position in the target file, sorted alpha numeric. # -define icinga2::object::host( +define icinga2::object::host ( Stdlib::Absolutepath $target, Enum['absent', 'present'] $ensure = present, String $host_name = $title, @@ -143,7 +143,6 @@ Boolean $template = false, Variant[String, Integer] $order = 50, ) { - # compose the attributes $attrs = { address => $address, diff --git a/manifests/object/hostgroup.pp b/manifests/object/hostgroup.pp index 6bb5943fe..dea3bb53a 100644 --- a/manifests/object/hostgroup.pp +++ b/manifests/object/hostgroup.pp @@ -12,6 +12,9 @@ # @param ensure # Set to present enables the object, absent disables it. # +# @param hostgroup_name +# Namevar of the hostgroup. +# # @param display_name # A short description of the host group. # @@ -31,7 +34,7 @@ # @param order # String or integer to set the position in the target file, sorted alpha numeric. # -define icinga2::object::hostgroup( +define icinga2::object::hostgroup ( Stdlib::Absolutepath $target, Enum['absent', 'present'] $ensure = present, String $hostgroup_name = $title, @@ -41,7 +44,6 @@ Array $ignore = [], Variant[String, Integer] $order = 55, ) { - if $ignore != [] and $assign == [] { fail('When attribute ignore is used, assign must be set.') } diff --git a/manifests/object/icingaapplication.pp b/manifests/object/icingaapplication.pp index 8075fa570..198ce5ad9 100644 --- a/manifests/object/icingaapplication.pp +++ b/manifests/object/icingaapplication.pp @@ -29,7 +29,7 @@ # A dictionary containing custom attributes that are specific to this service, # a string to do operations on this dictionary or an array for multiple use # of custom attributes. - +# # @param environment # Specify the Icinga environment. This overrides the Environment constant # specified in the configuration or on the CLI with --define. @@ -41,7 +41,7 @@ # @param order # String or integer to control the position in the target file, sorted alpha numeric. # -define icinga2::object::icingaapplication( +define icinga2::object::icingaapplication ( Enum['absent', 'present'] $ensure = present, String $app_name = $title, Optional[Boolean] $enable_notifications = undef, @@ -55,8 +55,7 @@ Optional[Stdlib::Absolutepath] $target = undef, Variant[String, Integer] $order = 5, ) { - - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir # set defaults if $target { diff --git a/manifests/object/notification.pp b/manifests/object/notification.pp index d2b34c000..81f677f1b 100644 --- a/manifests/object/notification.pp +++ b/manifests/object/notification.pp @@ -72,6 +72,12 @@ # @param order # String or integer to set the position in the target file, sorted alpha numeric. # +# @param assign +# Assign notification using the assign rules. +# +# @param ignore +# Exclude notification using the ignore rules. +# define icinga2::object::notification ( Stdlib::Absolutepath $target, Enum['absent', 'present'] $ensure = present, @@ -96,8 +102,7 @@ Array $import = [], Boolean $template = false, Variant[String, Integer] $order = 85, -){ - +) { if $ignore != [] and $assign == [] { fail('When attribute ignore is used, assign must be set.') } @@ -135,5 +140,4 @@ assign => $assign, ignore => $ignore, } - } diff --git a/manifests/object/notificationcommand.pp b/manifests/object/notificationcommand.pp index f63c13dc0..f1b7462ce 100644 --- a/manifests/object/notificationcommand.pp +++ b/manifests/object/notificationcommand.pp @@ -52,8 +52,7 @@ Boolean $template = false, Array $import = [], Variant[String, Integer] $order = 25, -){ - +) { # compose attributes $attrs = { 'command' => $command, @@ -75,5 +74,4 @@ target => $target, order => $order, } - } diff --git a/manifests/object/scheduleddowntime.pp b/manifests/object/scheduleddowntime.pp index 9ac65879a..c470f84f2 100644 --- a/manifests/object/scheduleddowntime.pp +++ b/manifests/object/scheduleddowntime.pp @@ -68,8 +68,7 @@ Array $assign = [], Array $ignore = [], Variant[String, Integer] $order = 90, -){ - +) { # compose attributes $attrs = { 'host_name' => $host_name, @@ -96,5 +95,4 @@ target => $target, order => $order, } - } diff --git a/manifests/object/service.pp b/manifests/object/service.pp index 62b2e8512..cc1cf102d 100644 --- a/manifests/object/service.pp +++ b/manifests/object/service.pp @@ -130,10 +130,10 @@ # Set service_name as prefix in front of 'apply for'. Only effects if apply is a string. # # @param assign -# Assign user group members using the group assign rules. +# Assign service using the assign rules. # # @param ignore -# Exclude users using the group ignore rules. +# Exclude service using the ignore rules. # # @param import # Sorted List of templates to include. @@ -184,7 +184,6 @@ Boolean $template = false, Variant[String, Integer] $order = 60, ) { - # compose the attributes $attrs = { 'display_name' => $display_name, diff --git a/manifests/object/servicegroup.pp b/manifests/object/servicegroup.pp index f1e901b64..ab7578bd6 100644 --- a/manifests/object/servicegroup.pp +++ b/manifests/object/servicegroup.pp @@ -43,8 +43,7 @@ Boolean $template = false, Array $import = [], Variant[String, Integer] $order = 65, -){ - +) { # compose attributes $attrs = { 'display_name' => $display_name, @@ -65,5 +64,4 @@ target => $target, order => $order, } - } diff --git a/manifests/object/timeperiod.pp b/manifests/object/timeperiod.pp index 6e9d95e75..75cdd4cdb 100644 --- a/manifests/object/timeperiod.pp +++ b/manifests/object/timeperiod.pp @@ -47,8 +47,7 @@ Boolean $template = false, Array $import = ['legacy-timeperiod'], Variant[String, Integer] $order = 35, -){ - +) { # compose attributes $attrs = { 'display_name' => $display_name, @@ -70,5 +69,4 @@ target => $target, order => $order, } - } diff --git a/manifests/object/user.pp b/manifests/object/user.pp index 8f83c57c3..df3edca55 100644 --- a/manifests/object/user.pp +++ b/manifests/object/user.pp @@ -67,8 +67,7 @@ Array $import = [], Boolean $template = false, Variant[String, Integer] $order = 75, -){ - +) { # compose attributes $attrs = { 'display_name' => $display_name, @@ -94,5 +93,4 @@ target => $target, order => $order, } - } diff --git a/manifests/object/usergroup.pp b/manifests/object/usergroup.pp index e3f2c1581..f5afb5ead 100644 --- a/manifests/object/usergroup.pp +++ b/manifests/object/usergroup.pp @@ -43,8 +43,7 @@ Array $import = [], Boolean $template = false, Variant[String, Integer] $order = 80, -){ - +) { if $ignore != [] and $assign == [] { fail('When attribute ignore is used, assign must be set.') } @@ -69,5 +68,4 @@ target => $target, order => $order, } - } diff --git a/manifests/object/zone.pp b/manifests/object/zone.pp index 65ffbe72f..797eab31f 100644 --- a/manifests/object/zone.pp +++ b/manifests/object/zone.pp @@ -24,17 +24,16 @@ # @param order # String or integer to control the position in the target file, sorted alpha numeric. # -define icinga2::object::zone( +define icinga2::object::zone ( Enum['absent', 'present'] $ensure = present, String $zone_name = $title, - Optional[Array] $endpoints = [], + Array $endpoints = [], Optional[String] $parent = undef, - Optional[Boolean] $global = false, + Boolean $global = false, Optional[Stdlib::Absolutepath] $target = undef, Variant[String, Integer] $order = 45, ) { - - $conf_dir = $::icinga2::globals::conf_dir + $conf_dir = $icinga2::globals::conf_dir # set defaults if $target { diff --git a/manifests/pki/ca.pp b/manifests/pki/ca.pp index 08a387815..9c250f10c 100644 --- a/manifests/pki/ca.pp +++ b/manifests/pki/ca.pp @@ -20,19 +20,18 @@ # @param ca_key # Content of the CA key. If this is unset, a key will be generated with the Icinga 2 CLI. # -class icinga2::pki::ca( +class icinga2::pki::ca ( Optional[String] $ca_cert = undef, Optional[String] $ca_key = undef, ) { + require icinga2::config - require ::icinga2::config - - $icinga2_bin = $::icinga2::globals::icinga2_bin - $ca_dir = $::icinga2::globals::ca_dir - $cert_dir = $::icinga2::globals::cert_dir - $user = $::icinga2::globals::user - $group = $::icinga2::globals::group - $node_name = $::icinga2::_constants['NodeName'] + $icinga2_bin = $icinga2::globals::icinga2_bin + $ca_dir = $icinga2::globals::ca_dir + $cert_dir = $icinga2::globals::cert_dir + $user = $icinga2::globals::user + $group = $icinga2::globals::group + $node_name = $icinga2::_constants['NodeName'] $_ssl_key_path = "${cert_dir}/${node_name}.key" $_ssl_csr_path = "${cert_dir}/${node_name}.csr" @@ -50,17 +49,16 @@ $_ca_key_mode = undef } - if !$ca_cert or !$ca_key { exec { 'create-icinga2-ca': command => "\"${icinga2_bin}\" pki new-ca", environment => ["ICINGA2_USER=${user}", "ICINGA2_GROUP=${group}"], creates => "${ca_dir}/ca.crt", before => File[$_ssl_cacert_path], - notify => Class['::icinga2::service'], + notify => Class['icinga2::service'], } } else { - if $::facts['os']['family'] == 'windows' { + if $facts['os']['family'] == 'windows' { $_ca_cert = regsubst($ca_cert, '\n', "\r\n", 'EMG') $_ca_key = regsubst($ca_key, '\n', "\r\n", 'EMG') } else { @@ -91,9 +89,10 @@ file { $_ssl_cacert_path: ensure => file, - source => $::facts['kernel'] ? { - 'windows' => "file:///${ca_dir}/ca.crt", - default => "${ca_dir}/ca.crt", + source => if $facts['kernel'] == 'windows' { + "file:///${ca_dir}/ca.crt" + } else { + "${ca_dir}/ca.crt" }, } @@ -116,7 +115,7 @@ environment => ["ICINGA2_USER=${user}", "ICINGA2_GROUP=${group}"], subscribe => Exec['icinga2 pki create certificate signing request'], refreshonly => true, - notify => Class['::icinga2::service'], + notify => Class['icinga2::service'], } -> file { diff --git a/manifests/service.pp b/manifests/service.pp index d9cb3e332..27fdea662 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -5,15 +5,14 @@ # @api private # class icinga2::service { - assert_private() - $ensure = $::icinga2::ensure - $enable = $::icinga2::enable - $manage_service = $::icinga2::manage_service - $service_name = $::icinga2::globals::service_name - $reload = $::icinga2::globals::service_reload - $logon_account = $::icinga2::globals::logon_account + $ensure = $icinga2::ensure + $enable = $icinga2::enable + $manage_service = $icinga2::manage_service + $service_name = $icinga2::globals::service_name + $reload = $icinga2::globals::service_reload + $logon_account = $icinga2::globals::logon_account $hasrestart = $reload ? { undef => false, @@ -38,5 +37,4 @@ } } } - } diff --git a/manifests/tls/client.pp b/manifests/tls/client.pp new file mode 100644 index 000000000..4f31c119f --- /dev/null +++ b/manifests/tls/client.pp @@ -0,0 +1,51 @@ +# @summary +# A class to generate tls key, cert and cacert paths. +# +# @api private +# +# @param args +# A config hash with the keys: +# key_file, cert_file, cacert_file, key, cert and cacert +# +define icinga2::tls::client ( + Hash[String, Any] $args, +) { + assert_private() + + $owner = $icinga2::globals::user + $group = $icinga2::globals::group + + if $facts['os']['family'] == 'Windows' { + $key_mode = undef + } else { + File { + owner => $owner, + group => $group, + mode => '0640', + } + $key_mode = '0400' + } + + if $args[key] { + file { $args['key_file']: + ensure => file, + content => icinga2::unwrap($args['key']), + mode => $key_mode, + show_diff => false, + } + } + + if $args['cert'] { + file { $args['cert_file']: + ensure => file, + content => $args['cert'], + } + } + + if $args['cacert'] { + file { $args['cacert_file']: + ensure => file, + content => $args['cacert'], + } + } +} diff --git a/metadata.json b/metadata.json index f6724b984..119a69cc4 100644 --- a/metadata.json +++ b/metadata.json @@ -18,64 +18,33 @@ } ], "operatingsystem_support": [ - { - "operatingsystem": "Windows", - "operatingsystemrelease": [ - "Server 2012 R2", - "Server 2016", - "Server 2019" - ] - }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ - "6", - "7", - "8" - ] - }, - { - "operatingsystem": "RedHat", - "operatingsystemrelease": [ - "6", - "7", - "8" + "7" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "6", - "7", - "8" - ] - }, - { - "operatingsystem": "Rocky", - "operatingsystemrelease": [ - "8" + "7" ] }, { - "operatingsystem": "AlmaLinux", + "operatingsystem": "RedHat", "operatingsystemrelease": [ "8" ] }, { - "operatingsystem": "Fedora", + "operatingsystem": "Scientific", "operatingsystemrelease": [ - "32", - "33", - "34", - "35" + "7" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ - "8", - "9", "10", "11" ] @@ -83,11 +52,17 @@ { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "16.04", "18.04", "20.04" ] }, + { + "operatingsystem": "Fedora", + "operatingsystemrelease": [ + "32" + + ] + }, { "operatingsystem": "SLES", "operatingsystemrelease": [ @@ -96,24 +71,20 @@ ] }, { - "operatingsystem": "FreeBSD", + "operatingsystem": "windows", "operatingsystemrelease": [ - "11", - "12", - "13" + "2019", + "10" ] } ], "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.12.0 < 8.0.0" + "version_requirement": ">= 6.0.0 < 8.0.0" } ], - "tags": [ - "monitoring" - ], - "pdk-version": "2.4.0", - "template-url": "pdk-default#2.4.0", - "template-ref": "tags/2.4.0-0-gfa6b6d2" + "pdk-version": "2.5.0", + "template-url": "https://github.com/puppetlabs/pdk-templates#2.5.0", + "template-ref": "tags/2.5.0-0-g369d483" } diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb deleted file mode 100644 index 1d11f6ff3..000000000 --- a/spec/acceptance/class_spec.rb +++ /dev/null @@ -1,102 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'icinga2 class' do - describe 'with API, IDO mysql and pgsql' do - let(:pp) do - <<-MANIFEST - case $::facts['os']['name'] { - 'redhat', 'centos': { - if Integer($::facts['os']['release']['major']) < 8 { - $epel = true - $backports = false - } - } # RedHat - 'debian', 'ubuntu': { - if $::facts['os']['distro']['codename'] in [ 'stretch', 'trusty' ] { - $epel = false - $backports = true - } - } # Debian - } - - class { '::icinga::repos': - manage_epel => $epel, - configure_backports => $backports, - } - - class { 'icinga2': - manage_repos => true, - constants => { - 'TicketSalt' => 'topsecret4ticketid', - }, - } - include mysql::server - include mysql::client - mysql::db { 'icinga2': - user => 'icinga2', - password => 'topsecret4idomysql', - host => 'localhost', - grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER'], - } - -> class { 'icinga2::feature::idomysql': - host => 'localhost', - user => 'icinga2', - password => 'topsecret4idomysql', - database => 'icinga2', - import_schema => true, - } - include ::postgresql::server - postgresql::server::db { 'icinga2': - user => 'icinga2', - password => postgresql_password('icinga2', 'topsecret4idopgsql'), - } - -> class { 'icinga2::feature::idopgsql': - host => 'localhost', - user => 'icinga2', - password => 'topsecret4idopgsql', - database => 'icinga2', - import_schema => true, - } - include ::icinga2::pki::ca - class { 'icinga2::feature::api': - pki => 'none', - } - icinga2::object::apiuser { 'ticketid': - ensure => present, - password => 'topsecret4ticketid', - permissions => [ 'actions/generate-ticket' ], - target => '/etc/icinga2/conf.d/api-users.conf', - } - MANIFEST - end - - it_behaves_like 'a idempotent resource' - - describe package('icinga2') do - it { is_expected.to be_installed } - end - - describe service('icinga2') do - it { is_expected.to be_running } - end - - describe port(5665) do - it { is_expected.to be_listening } - end - - describe command("mysql icinga2 -Ns -e 'select version from icinga_dbversion;'") do - its(:exit_status) { is_expected.to eq 0 } - its(:stdout) { is_expected.to match %r{^\d+\.\d+.\d+$} } - end - - describe command("sudo -u postgres psql -d 'icinga2' -w -c 'select version from icinga_dbversion'") do - its(:exit_status) { is_expected.to eq 0 } - its(:stdout) { is_expected.to match %r{\d+\.\d+.\d+} } - end - - describe command("curl -k -s -u ticketid:topsecret4ticketid -X POST -H 'Accept: application/json' -d '{\"cn\": \"agent.example.org\"}' https://localhost:5665/v1/actions/generate-ticket") do - its(:exit_status) { is_expected.to eq 0 } - its(:stdout) { is_expected.to match %r{e1cfea2cff7bc91bd9be1f0f02ef40a0e5233c2e} } - end - end -end diff --git a/spec/acceptance/nodesets/centos-6-x64.yml b/spec/acceptance/nodesets/centos-6-x64.yml deleted file mode 100644 index 7a1704b1d..000000000 --- a/spec/acceptance/nodesets/centos-6-x64.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -HOSTS: - i2centos6: - roles: - - agent - - default - platform: el-6-x86_64 - hypervisor: vagrant - box: bento/centos-6 - vagrant_memsize: 1024 -CONFIG: - type: aio diff --git a/spec/acceptance/nodesets/centos-8-x64.yml b/spec/acceptance/nodesets/centos-8-x64.yml deleted file mode 100644 index 12a4278e0..000000000 --- a/spec/acceptance/nodesets/centos-8-x64.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -HOSTS: - i2centos8: - roles: - - agent - - default - platform: el-8-x86_64 - hypervisor: vagrant - box: bento/centos-8 - vagrant_memsize: 1024 -CONFIG: - type: aio diff --git a/spec/acceptance/nodesets/debian-buster-amd.yml b/spec/acceptance/nodesets/debian-buster-amd.yml deleted file mode 100644 index 77c7862a0..000000000 --- a/spec/acceptance/nodesets/debian-buster-amd.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -HOSTS: - i2debian10: - roles: - - agent - - default - platform: debian-buster-amd - hypervisor: vagrant - box: bento/debian-10 - vagrant_memsize: 1024 -CONFIG: - type: aio diff --git a/spec/acceptance/nodesets/debian-stretch-amd.yml b/spec/acceptance/nodesets/debian-stretch-amd.yml deleted file mode 100644 index eb999d54b..000000000 --- a/spec/acceptance/nodesets/debian-stretch-amd.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -HOSTS: - i2debian9: - roles: - - agent - - default - platform: debian-stretch-amd - hypervisor: vagrant - box: bento/debian-9 - vagrant_memsize: 1024 -CONFIG: - type: aio diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml deleted file mode 100644 index 7f906c891..000000000 --- a/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -HOSTS: - i2centos7: - roles: - - agent - - default - platform: el-7-x86_64 - hypervisor: vagrant - box: bento/centos-7 - vagrant_memsize: 1024 -CONFIG: - type: aio diff --git a/spec/classes/icingadb_spec.rb b/spec/classes/icingadb_spec.rb index db2771920..e4c9ffd6b 100644 --- a/spec/classes/icingadb_spec.rb +++ b/spec/classes/icingadb_spec.rb @@ -16,10 +16,31 @@ case facts[:kernel] when 'windows' let(:icinga2_conf_dir) { 'C:/ProgramData/icinga2/etc/icinga2' } + let(:icinga2_pki_dir) { 'C:/ProgramData/icinga2/var/lib/icinga2/certs' } + let(:icinga2_sslkey_mode) { nil } + let(:icinga2_sslfile_owner) { nil } + let(:icinga2_sslfile_mode) { nil } + let(:icinga2_group) { nil } when 'FreeBSD' let(:icinga2_conf_dir) { '/usr/local/etc/icinga2' } + let(:icinga2_pki_dir) { '/var/lib/icinga2/certs' } + let(:icinga2_sslkey_mode) { '0400' } + let(:icinga2_sslfile_owner) { 'icinga' } + let(:icinga2_sslfile_mode) { '0640' } + let(:icinga2_group) { 'icinga' } else let(:icinga2_conf_dir) { '/etc/icinga2' } + let(:icinga2_pki_dir) { '/var/lib/icinga2/certs' } + let(:icinga2_sslkey_mode) { '0400' } + let(:icinga2_sslfile_mode) { '0640' } + case facts[:os]['family'] + when 'Debian' + let(:icinga2_sslfile_owner) { 'nagios' } + let(:icinga2_group) { 'nagios' } + else + let(:icinga2_sslfile_owner) { 'icinga' } + let(:icinga2_group) { 'icinga' } + end end context 'with defaults' do @@ -43,6 +64,91 @@ it { is_expected.to contain_icinga2__feature('icingadb').with({ 'ensure' => 'absent' }) } end + + context 'with enable_tls => true, tls_key => foo, tls_cert => bar, tls_cacert => baz' do + let(:params) do + { + enable_tls: true, + tls_key: 'foo', + tls_cert: 'bar', + tls_cacert: 'baz', + } + end + + it { + is_expected.to contain_file("#{icinga2_pki_dir}/IcingaDB-icingadb.key").with( + { + 'mode' => icinga2_sslkey_mode, + 'owner' => icinga2_sslfile_owner, + 'group' => icinga2_group, + }, + ).with_content(%r{^foo}) + } + + it { + is_expected.to contain_file("#{icinga2_pki_dir}/IcingaDB-icingadb.crt").with( + { + 'mode' => icinga2_sslfile_mode, + 'owner' => icinga2_sslfile_owner, + 'group' => icinga2_group, + }, + ).with_content(%r{^bar}) + } + + it { + is_expected.to contain_file("#{icinga2_pki_dir}/IcingaDB-icingadb_ca.crt").with( + { + 'mode' => icinga2_sslfile_mode, + 'owner' => icinga2_sslfile_owner, + 'group' => icinga2_group, + }, + ).with_content(%r{^baz}) + } + end + + context 'with enable_tls => true, tls_key => foo, tls_key_file => foobar.key, tls_cert => foo, tls_cert_file => foobar.crt, tls_cacert => baz, tls_cacert_file => foobar_ca.crt' do + let(:params) do + { + enable_tls: true, + tls_key: 'foo', + tls_key_file: "#{icinga2_pki_dir}/foobar.key", + tls_cert: 'bar', + tls_cert_file: "#{icinga2_pki_dir}/foobar.crt", + tls_cacert: 'baz', + tls_cacert_file: "#{icinga2_pki_dir}/foobar_ca.crt", + } + end + + it { + is_expected.to contain_file("#{icinga2_pki_dir}/foobar.key").with( + { + 'mode' => icinga2_sslkey_mode, + 'owner' => icinga2_sslfile_owner, + 'group' => icinga2_group, + }, + ).with_content(%r{^foo}) + } + + it { + is_expected.to contain_file("#{icinga2_pki_dir}/foobar.crt").with( + { + 'mode' => icinga2_sslfile_mode, + 'owner' => icinga2_sslfile_owner, + 'group' => icinga2_group, + }, + ).with_content(%r{^bar}) + } + + it { + is_expected.to contain_file("#{icinga2_pki_dir}/foobar_ca.crt").with( + { + 'mode' => icinga2_sslfile_mode, + 'owner' => icinga2_sslfile_owner, + 'group' => icinga2_group, + }, + ).with_content(%r{^baz}) + } + end end end end diff --git a/spec/functions/cert_spec.rb b/spec/functions/cert_spec.rb new file mode 100644 index 000000000..90e96daf2 --- /dev/null +++ b/spec/functions/cert_spec.rb @@ -0,0 +1,65 @@ +require 'spec_helper' + +describe 'icinga2::cert' do + let(:pre_condition) do + [ + "class { 'icinga2': }", + ] + end + + let(:facts) do + { + kernel: 'Linux', + os: { + family: 'Debian', + name: 'Debian', + }, + } + end + + it { is_expected.not_to eq(nil) } + + it 'with just a name' do + is_expected.to run.with_params( + 'foo', + ).and_return({ 'key' => nil, 'key_file' => nil, 'cert' => nil, 'cert_file' => nil, 'cacert' => nil, 'cacert_file' => nil }) + end + + it 'with key, cert and cacert' do + is_expected.to run.with_params( + 'foo', + nil, + nil, + nil, + 'key', + 'cert', + 'cacert', + ).and_return({ 'key' => 'key', 'key_file' => '/var/lib/icinga2/certs/foo.key', + 'cert' => 'cert', 'cert_file' => '/var/lib/icinga2/certs/foo.crt', + 'cacert' => 'cacert', 'cacert_file' => '/var/lib/icinga2/certs/foo_ca.crt' }) + end + + it 'with file paths only' do + is_expected.to run.with_params( + 'foo', + '/foo.key', + '/foo.crt', + '/ca.crt', + nil, + nil, + nil, + ).and_return({ 'key' => nil, 'key_file' => '/foo.key', 'cert' => nil, 'cert_file' => '/foo.crt', 'cacert' => nil, 'cacert_file' => '/ca.crt' }) + end + + it 'with all params' do + is_expected.to run.with_params( + 'foo', + '/foo.key', + '/foo.crt', + '/ca.crt', + 'key', + 'cert', + 'cacert', + ).and_return({ 'key' => 'key', 'key_file' => '/foo.key', 'cert' => 'cert', 'cert_file' => '/foo.crt', 'cacert' => 'cacert', 'cacert_file' => '/ca.crt' }) + end +end diff --git a/spec/functions/parse.spec b/spec/functions/parse_spec.rb similarity index 100% rename from spec/functions/parse.spec rename to spec/functions/parse_spec.rb diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb deleted file mode 100644 index 386093d22..000000000 --- a/spec/spec_helper_acceptance.rb +++ /dev/null @@ -1,48 +0,0 @@ -require 'beaker-rspec' -require 'beaker/puppet_install_helper' - -# Install Puppet on all hosts -install_puppet_agent_on(hosts, puppet_collection: 'puppet5') - -RSpec.configure do |c| - module_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) - - c.formatter = :documentation - - c.before :suite do - # Install module to all hosts - hosts.each do |host| - install_dev_puppet_module_on(host, source: module_root, module_name: 'icinga2', - target_module_path: '/etc/puppetlabs/code/modules') - - # Install dependencies - on(host, puppet('module', 'install', 'icinga-icinga')) - on(host, puppet('module', 'install', 'puppetlabs-stdlib')) - on(host, puppet('module', 'install', 'puppetlabs-concat')) - - # Install additional modules - on(host, puppet('module', 'install', 'puppetlabs-mysql')) - on(host, puppet('module', 'install', 'puppetlabs-postgresql')) - - if fact('os.family') == 'Debian' - on(host, puppet('module', 'install', 'puppetlabs-apt')) - end - - if fact('os.family') == 'Suse' - on(host, puppet('module', 'install', 'puppet-zypprepo')) - end - - # Add more setup code as needed - end - end -end - -shared_examples 'a idempotent resource' do - it 'applies with no errors' do - apply_manifest(pp, catch_failures: true) - end - - it 'applies a second time without changes', :skip_pup_5016 do - apply_manifest(pp, catch_changes: true) - end -end diff --git a/types/basicauth.pp b/types/basicauth.pp index f0b16835c..12ee11b3c 100644 --- a/types/basicauth.pp +++ b/types/basicauth.pp @@ -1,5 +1,5 @@ # A strict type for basic authentication type Icinga2::BasicAuth = Struct[{ - 'username' => String, - 'password' => Variant[String, Sensitive[String]], + 'username' => String, + 'password' => Variant[String, Sensitive[String]], }] diff --git a/types/fingerprint.pp b/types/fingerprint.pp index 507666829..1f9dbf189 100644 --- a/types/fingerprint.pp +++ b/types/fingerprint.pp @@ -2,4 +2,3 @@ # SHA1: 160 bit (20 byte) digest # SHA256: 256 bit (32 byte) digest type Icinga2::Fingerprint = Pattern[/^([0-9a-fA-F]{2}\:){19}(([0-9a-fA-F]{2}\:){12})?[0-9a-fA-F]{2}$/] - diff --git a/types/idocleanup.pp b/types/idocleanup.pp index a4989894c..2899e7473 100644 --- a/types/idocleanup.pp +++ b/types/idocleanup.pp @@ -16,4 +16,5 @@ 'statehistory_age', 'servicechecks_age', 'systemcommands_age', - ], String] + ], +String] diff --git a/types/logfacility.pp b/types/logfacility.pp index e238f9e65..d0a0d18c7 100644 --- a/types/logfacility.pp +++ b/types/logfacility.pp @@ -13,4 +13,5 @@ 'LOG_SYSLOG', 'LOG_USER', 'LOG_UUCP' - ], Pattern[/^LOG_LOCAL[0-7]$/]] + ], +Pattern[/^LOG_LOCAL[0-7]$/]]