diff --git a/manifests/config.pp b/manifests/config.pp index 0d97ef2..6ccfe6f 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,192 +1,194 @@ # == Class: icingaweb2::config # # This class manages general configuration files of Icinga Web 2. # # === Parameters # # This class does not provide any parameters. # # === Examples # # This class is private and should not be called by others than this module. # class icingaweb2::config { $conf_dir = $::icingaweb2::params::conf_dir $conf_user = $::icingaweb2::conf_user $conf_group = $::icingaweb2::params::conf_group $logging = $::icingaweb2::logging $logging_file = $::icingaweb2::logging_file $logging_dir = dirname($::icingaweb2::logging_file) $logging_level = $::icingaweb2::logging_level $logging_facility = $::icingaweb2::logging_facility $logging_application = $::icingaweb2::logging_application $show_stacktraces = $::icingaweb2::show_stacktraces $module_path = $::icingaweb2::module_path $theme = $::icingaweb2::theme $theme_disabled = $::icingaweb2::theme_disabled $cookie_path = $::icingaweb2::cookie_path $import_schema = $::icingaweb2::import_schema $schema_dir = $::icingaweb2::params::schema_dir $db_name = $::icingaweb2::db_name $db_host = $::icingaweb2::db_host $db_port = $::icingaweb2::db_port $db_type = $::icingaweb2::db_type $db_username = $::icingaweb2::db_username $db_password = $::icingaweb2::db_password $default_domain = $::icingaweb2::default_domain $config_backend = $::icingaweb2::config_backend $config_resource = $::icingaweb2::config_backend ? { 'ini' => undef, 'db' => "${db_type}-icingaweb2", } File { mode => '0660', owner => $conf_user, group => $conf_group } Exec { user => 'root', path => $::path, } file { $logging_dir: ensure => directory, mode => '0750', } file { $logging_file: ensure => file, mode => '0640', } icingaweb2::inisection { 'config-logging': section_name => 'logging', target => "${conf_dir}/config.ini", settings => { 'log' => $logging, 'file' => $logging_file, 'level' => $logging_level, 'facility' => $logging_facility, 'application' => $logging_application, }, } $settings = { 'show_stacktraces' => $show_stacktraces, 'module_path' => $module_path, 'config_backend' => $config_backend, 'config_resource' => $config_resource, } icingaweb2::inisection { 'config-global': section_name => 'global', target => "${conf_dir}/config.ini", settings => delete_undef_values($settings), } if $default_domain { icingaweb2::inisection { 'config-authentication': section_name => 'authentication', target => "${conf_dir}/config.ini", settings => { 'default_domain' => $default_domain, } } } icingaweb2::inisection { 'config-themes': section_name => 'themes', target => "${conf_dir}/config.ini", settings => { 'default' => $theme, 'disabled' => $theme_disabled, }, } if $cookie_path { icingaweb2::inisection {'config-cookie': section_name => 'cookie', target => "${conf_dir}/config.ini", settings => { 'path' => $cookie_path, }, } } file { "${conf_dir}/modules": - ensure => 'directory' + ensure => 'directory', + mode => '2770', } file { "${conf_dir}/enabledModules": - ensure => 'directory' + ensure => 'directory', + mode => '2770', } if $import_schema or $config_backend == 'db' { icingaweb2::config::resource { "${db_type}-icingaweb2": type => 'db', host => $db_host, port => $db_port, db_type => $db_type, db_name => $db_name, db_username => $db_username, db_password => $db_password, } } if $import_schema { icingaweb2::config::authmethod { "${db_type}-auth": backend => 'db', resource => "${db_type}-icingaweb2" } icingaweb2::config::role { 'default admin user': users => 'icingaadmin', permissions => '*', } icingaweb2::config::groupbackend { "${db_type}-group": backend => 'db', resource => "${db_type}-icingaweb2" } case $db_type { 'mysql': { exec { 'import schema': command => "mysql -h '${db_host}' -P '${db_port}' -u '${db_username}' -p'${db_password}' '${db_name}' < '${schema_dir}/mysql.schema.sql'", unless => "mysql -h '${db_host}' -P '${db_port}' -u '${db_username}' -p'${db_password}' '${db_name}' -Ns -e 'SELECT 1 FROM icingaweb_user'", notify => Exec['create default user'], } exec { 'create default user': command => "mysql -h '${db_host}' -P '${db_port}' -u '${db_username}' -p'${db_password}' '${db_name}' -Ns -e 'INSERT INTO icingaweb_user (name, active, password_hash) VALUES (\"icingaadmin\", 1, \"\$1\$3no6eqZp\$FlcHQDdnxGPqKadmfVcCU.\")'", refreshonly => true, } } 'pgsql': { exec { 'import schema': environment => ["PGPASSWORD=${db_password}"], command => "psql -h '${db_host}' -p '${db_port}' -U '${db_username}' -d '${db_name}' -w -f ${schema_dir}/pgsql.schema.sql", unless => "psql -h '${db_host}' -p '${db_port}' -U '${db_username}' -d '${db_name}' -w -c 'SELECT 1 FROM icingaweb_user'", notify => Exec['create default user'], } exec { 'create default user': environment => ["PGPASSWORD=${db_password}"], command => "psql -h '${db_host}' -p '${db_port}' -U '${db_username}' -d '${db_name}' -w -c \"INSERT INTO icingaweb_user(name, active, password_hash) VALUES ('icingaadmin', 1, '\\\$1\\\$3no6eqZp\\\$FlcHQDdnxGPqKadmfVcCU.')\"", refreshonly => true, } } default: { fail('The database type you provided is not supported.') } } } } diff --git a/manifests/module.pp b/manifests/module.pp index 7474036..acb8e85 100644 --- a/manifests/module.pp +++ b/manifests/module.pp @@ -1,116 +1,117 @@ # == Define: icingaweb2::module # # Download, enable and configure Icinga Web 2 modules. This is a public defined type and is meant to be used to install # modules developed by the community as well. # # === Parameters # # [*ensure*] # Enable or disable module. Defaults to `present` # # [*module*] # Name of the module. # # [*module_dir*] # Target directory of the module. # # [*install_method*] # Install methods are `git`, `package` and `none` is supported as installation method. Defaults to `git` # # [*git_repository*] # Git repository of the module. This setting is only valid in combination with the installation method `git`. # # [*git_revision*] # Tag or branch of the git repository. This setting is only valid in combination with the installation method `git`. # # [*package_name*] # Package name of the module. This setting is only valid in combination with the installation method `package`. # # [*settings*] # A hash with the module settings. Multiple configuration files with ini sections can be configured with this hash. # The `module_name` should be used as target directory for the configuration files. # # Example: # # $conf_dir = $::icingaweb2::params::conf_dir # $module_conf_dir = "${conf_dir}/modules/mymodule" # # $settings = { # 'section1' => { # 'target' => "${module_conf_dir}/config1.ini", # 'settings' => { # 'setting1' => 'value1', # 'setting2' => 'value2', # } # }, # 'section2' => { # 'target' => "${module_conf_dir}/config2.ini", # 'settings' => { # 'setting3' => 'value3', # 'setting4' => 'value4', # } # } # } # define icingaweb2::module( Enum['absent', 'present'] $ensure = 'present', String $module = $title, Stdlib::Absolutepath $module_dir = "${::icingaweb2::params::module_path}/${title}", Enum['git', 'none', 'package'] $install_method = 'git', Optional[String] $git_repository = undef, String $git_revision = 'master', Optional[String] $package_name = undef, Hash $settings = {}, ){ $conf_dir = $::icingaweb2::params::conf_dir $conf_user = $::icingaweb2::conf_user $conf_group = $::icingaweb2::params::conf_group File { owner => $conf_user, group => $conf_group } if $ensure == 'present' { $ensure_module_enabled = 'link' $ensure_module_config_dir = 'directory' $ensure_vcsrepo = 'present' create_resources('icingaweb2::inisection', $settings) } else { $ensure_module_enabled = 'absent' $ensure_module_config_dir = 'absent' $ensure_vcsrepo = 'absent' } file {"${conf_dir}/enabledModules/${module}": ensure => $ensure_module_enabled, target => $module_dir, } file {"${conf_dir}/modules/${module}": ensure => $ensure_module_config_dir, + mode => '2770', force => true, recurse => true, } case $install_method { 'git': { vcsrepo { $module_dir: ensure => $ensure_vcsrepo, provider => 'git', source => $git_repository, revision => $git_revision, } } 'none': { } 'package': { package { $package_name: ensure => $ensure, } } default: { fail('The installation method you provided is not supported.') } } }