diff --git a/examples/module_fileshipper.pp b/examples/module_fileshipper.pp index c0a87e6..188fa5b 100644 --- a/examples/module_fileshipper.pp +++ b/examples/module_fileshipper.pp @@ -1,14 +1,14 @@ include icingaweb2 class { 'icingaweb2::module::fileshipper': - git_revision => 'v1.0.1', + git_revision => 'v1.0.1', base_directories => { temp => '/tmp' }, directories => { 'test' => { - 'source' => '/tmp/source', - 'target' => '/tmp/target', + 'source' => '/tmp/source', + 'target' => '/tmp/target', } } } \ No newline at end of file diff --git a/examples/module_monitoring.pp b/examples/module_monitoring.pp index cd2c2fa..2c8a5a8 100644 --- a/examples/module_monitoring.pp +++ b/examples/module_monitoring.pp @@ -1,35 +1,35 @@ include ::mysql::server mysql::db { 'icingaweb2': user => 'icingaweb2', password => 'icingaweb2', host => 'localhost', grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER', 'REFERENCES'], } class {'icingaweb2': manage_repo => true, import_schema => true, db_type => 'mysql', db_host => 'localhost', db_port => 3306, db_username => 'icingaweb2', db_password => 'icingaweb2', require => Mysql::Db['icingaweb2'], } class {'icingaweb2::module::monitoring': - ido_host => 'localhost', - ido_db_name => 'icinga2', - ido_db_username => 'icinga2', - ido_db_password => 'supersecret', + ido_host => 'localhost', + ido_db_name => 'icinga2', + ido_db_username => 'icinga2', + ido_db_password => 'supersecret', protected_customvars => ['*pw*', '*pass*', 'community', 'testabc'], - commandtransports => { + commandtransports => { icinga2 => { transport => 'api', username => 'root', password => 'icinga', } } } \ No newline at end of file diff --git a/examples/nginx.pp b/examples/nginx.pp index 30ac899..2fa62b3 100644 --- a/examples/nginx.pp +++ b/examples/nginx.pp @@ -1,92 +1,92 @@ # Here is an example nginx resource for use with Slashbunny-phpfpm and the # voxpupuli-nginx module to get icingaweb2 running behind nginx. # $vhost = 'puppet-icingaweb2' include ::nginx nginx::resource::server { 'icingaweb2': server_name => [$vhost], ssl => true, ssl_cert => '/etc/ssl/certs/ssl-cert-snakeoil.pem', ssl_key => '/etc/ssl/private/ssl-cert-snakeoil.key', ssl_redirect => true, index_files => [], use_default_location => false, } nginx::resource::location { 'root': location => '/', server => 'icingaweb2', index_files => [], location_cfg_append => { rewrite => '^/(.*) https://$host/icingaweb2/$1 permanent' } } nginx::resource::location { 'icingaweb2_index': - location => '~ ^/icingaweb2/index\.php(.*)$', - server => 'icingaweb2', - ssl => true, - ssl_only => true, - index_files => [], - fastcgi => '127.0.0.1:9000', - fastcgi_index => 'index.php', - fastcgi_param => { + location => '~ ^/icingaweb2/index\.php(.*)$', + server => 'icingaweb2', + ssl => true, + ssl_only => true, + index_files => [], + fastcgi => '127.0.0.1:9000', + fastcgi_index => 'index.php', + fastcgi_param => { 'ICINGAWEB_CONFIGDIR' => '/etc/icingaweb2', 'REMOTE_USER' => '$remote_user', 'SCRIPT_FILENAME' => '/usr/share/icingaweb2/public/index.php', }, } nginx::resource::location { 'icingaweb': location => '~ ^/icingaweb2(.+)?', location_alias => '/usr/share/icingaweb2/public', try_files => ['$1', '$uri', '$uri/', '/icingaweb2/index.php$is_args$args'], index_files => ['index.php'], server => 'icingaweb2', ssl => true, ssl_only => true, } class { 'phpfpm': poold_purge => true, } phpfpm::pool { 'main': } include ::mysql::server mysql::db { 'icingaweb2': user => 'icingaweb2', password => 'icingaweb2', host => 'localhost', grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER', 'REFERENCES'], } class {'icingaweb2': manage_repo => true, import_schema => true, db_type => 'mysql', db_host => 'localhost', db_port => 3306, db_username => 'icingaweb2', db_password => 'icingaweb2', conf_user => 'nginx', require => Mysql::Db['icingaweb2'], } class {'icingaweb2::module::monitoring': ido_host => 'localhost', ido_db_name => 'icinga2', ido_db_username => 'icinga2', ido_db_password => 'supersecret', commandtransports => { icinga2 => { transport => 'api', username => 'root', password => 'icinga', } } } diff --git a/manifests/module/director/service.pp b/manifests/module/director/service.pp index 80426f0..d3f3aa0 100644 --- a/manifests/module/director/service.pp +++ b/manifests/module/director/service.pp @@ -1,51 +1,51 @@ # @summary # Installs and configures the director service. # # @note Only systemd is supported by the Icinga Team and this module. # # @param [Stdlib::Ensure::Service] ensure # Whether the director service should be running. # # @param [Boolean] enable # Enable or disable the service. # # @param [String] user # Specifies user to run director service daemon. # # @param [String] group # Specifies primary group for user to run director service daemon. # # @param [Boolean] manage_user # Whether to manage the server user resource. # class icingaweb2::module::director::service( Stdlib::Ensure::Service $ensure = 'running', Boolean $enable = true, String $user = 'icingadirector', String $group = 'icingaweb2', Boolean $manage_user = true, ) { require ::icingaweb2::module::director $icingacli_bin = $::icingaweb2::globals::icingacli_bin if $manage_user { user { $user: ensure => present, gid => $group, shell => '/bin/false', before => Systemd::Unit_file['icinga-director.service'], } } systemd::unit_file { 'icinga-director.service': source => template('icingaweb2/icinga-director.service.erb'), notify => Service['icinga-director'], } service {'icinga-director': - ensure => $ensure, - enable => $enable, + ensure => $ensure, + enable => $enable, } -} +} diff --git a/manifests/module/puppetdb.pp b/manifests/module/puppetdb.pp index bc506f2..9e03630 100644 --- a/manifests/module/puppetdb.pp +++ b/manifests/module/puppetdb.pp @@ -1,134 +1,134 @@ # @summary # Installs and configures the puppetdb module. # # @note If you want to use `git` as `install_method`, the CLI `git` command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameter `extra_packages`. # # @param [Enum['absent', 'present']] ensure # Enable or disable module. # # @param [String] git_repository # Set a git repository URL. # # @param [Optional[String]] git_revision # Set either a branch or a tag name, eg. `master` or `v1.3.2`. # # @param [Enum['none', 'puppet']] ssl # How to set up ssl certificates. To copy certificates from the local puppet installation, use `puppet`. # # @param [Optional[Stdlib::Host]] host # Hostname of the server where PuppetDB is running. The `ssl` parameter needs to be set to `puppet`. # # @param [Hash] certificates # Hash with icingaweb2::module::puppetdb::certificate resources. # # @note The [PuppetDB module documentation](https://www.icinga.com/docs/director/latest/puppetdb/doc/01-Installation/). # # @example Set up the PuppetDB module and configure two custom SSL keys: # $certificates = { # 'pupdb1' => { # :ssl_key => '-----BEGIN RSA PRIVATE KEY----- abc...', # :ssl_cacert => '-----BEGIN RSA PRIVATE KEY----- def...', # }, # 'pupdb2' => { # :ssl_key => '-----BEGIN RSA PRIVATE KEY----- zyx...', # :ssl_cacert => '-----BEGIN RSA PRIVATE KEY----- wvur...', # }, # } # # class { '::icingaweb2::module::puppetdb': # git_revision => 'master', # ssl => 'none', # certificates => $certificates, # } # # @example Set up the PuppetDB module and configure the hosts SSL key to connect to the PuppetDB host: # class {'::icingaweb2::module::puppetdb': # git_revision => 'master', # ssl => 'puppet', # host => 'puppetdb.example.com', # } # class icingaweb2::module::puppetdb( String $git_repository, Enum['absent', 'present'] $ensure = 'present', Optional[String] $git_revision = undef, Enum['none', 'puppet'] $ssl = 'none', Optional[Stdlib::Host] $host = undef, Hash $certificates = {}, ){ $conf_dir = "${::icingaweb2::globals::conf_dir}/modules/puppetdb" $ssl_dir = "${conf_dir}/ssl" $conf_user = $::icingaweb2::conf_user $conf_group = $::icingaweb2::conf_group file { $ssl_dir: ensure => 'directory', group => $conf_group, owner => $conf_user, mode => '2740', purge => true, force => true, recurse => true, } case $ssl { 'puppet': { $puppetdb_ssldir = "${ssl_dir}/${host}" file { [$puppetdb_ssldir, "${puppetdb_ssldir}/private_keys", "${puppetdb_ssldir}/certs"]: ensure => 'directory', group => $conf_group, owner => $conf_user, mode => '2740', purge => true, force => true, recurse => true, } file { "${puppetdb_ssldir}/certs/ca.pem": ensure => 'present', group => $conf_group, owner => $conf_user, mode => '0640', source => "${::settings::ssldir}/certs/ca.pem", } $combinedkey_path = "${puppetdb_ssldir}/private_keys/${::fqdn}_combined.pem" - notice("${::settings::ssldir}") + notice($::settings::ssldir) concat { $combinedkey_path: ensure => present, warn => false, owner => $conf_user, group => $conf_group, mode => '0640', ensure_newline => true, } concat::fragment { 'private_key': target => $combinedkey_path, source => "${::settings::ssldir}/private_keys/${::fqdn}.pem", order => 1, } concat::fragment { 'public_key': target => $combinedkey_path, source => "${::settings::ssldir}/certs/${::fqdn}.pem", order => 2, } } # puppet 'none': { } default: { } } # case ssl create_resources('icingaweb2::module::puppetdb::certificate',$certificates) icingaweb2::module {'puppetdb': ensure => $ensure, git_repository => $git_repository, git_revision => $git_revision, } }