diff --git a/AUTHORS b/AUTHORS index e874317..a425a1d 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,44 +1,45 @@ Alan Jenkins Alessandro Lorenzi Alexander Schaber Andrea Cervesato Andreas Ntaflos Andreas Paul Ben Ford Benedikt Trefzer Benjamin Akhras Blerim Sheqa David Raison Dirk Goetz Erez Zarum Ewoud Kohl van Wijngaarden Fionera Florian Baumann +Gordon Bleux Gunnar Beutner Henry Pauli James Fryman Jan-Otto Kröpke Jerome Charaoui Lennart Betz Markus Frosch Matthias Baur Matthias Ritter Michael Friedrich Ott, Jörn WI (Fa. Allgeier Experts / Goetzfried) Philipp Dallig Rowan Ruseler Rudy Gevaert -Simon Hoenscheid +Simon Hoenscheid Stefan Kleindl Thomas Dalichow Thomas Gelf Thorsten Kahler Till Adam Tim Meusel Tom De Vylder Tomas Barton Wyatt Alt Zach Leslie jas01 murmur paladox diff --git a/examples/example1/modules/profile/manifests/icinga2/api_agent.pp b/examples/example1/modules/profile/manifests/icinga2/api_agent.pp deleted file mode 100644 index fe3be7e..0000000 --- a/examples/example1/modules/profile/manifests/icinga2/api_agent.pp +++ /dev/null @@ -1,44 +0,0 @@ -# Definition -class profile::icinga2::agent( - $endpoints, - $zones, -) { - - class { 'icinga2': - confd => false, - features => ['mainlog'], - } - - # Feature: api - class { 'icinga2::feature::api': - pki => 'none', - accept_config => true, - accept_commands => true, - endpoints => $endpoints, - zones => $zones, - } - - icinga2::object::zone { 'global-templates': - global => true, - } -} - - -# Declaration -class { 'profile::icinga2::agent': - endpoints => { - 'NodeName' => {}, - 'satellite.example.org' => { - 'host' => '172.16.2.11', - }, - }, - zones => { - 'ZoneName' => { - 'endpoints' => ['NodeName'], - 'parent' => 'dmz', - }, - 'dmz' => { - 'endpoints' => ['satellite.example.org'], - }, - }, -} diff --git a/examples/example1/modules/profile/manifests/icinga2/api_master.pp b/examples/example1/modules/profile/manifests/icinga2/api_master.pp deleted file mode 100644 index a06aab6..0000000 --- a/examples/example1/modules/profile/manifests/icinga2/api_master.pp +++ /dev/null @@ -1,44 +0,0 @@ -# Definition -class profile::icinga2::master( - $endpoints, - $zones, -) { - - class { 'icinga2': - confd => false, - features => ['checker','mainlog','notification','statusdata','compatlog','command'], - constants => { - 'ZoneName' => 'master', - }, - } - - class { 'icinga2::feature::api': - accept_commands => true, - endpoints => $endpoints, - zones => $zones, - } - - icinga2::object::zone { 'global-templates': - global => true, - } -} - - -# Declaration -class { 'profile::icinga2::master': - endpoints => { - 'master.example.org' => {}, - 'satellite.example.org' => { - 'host' => '172.16.2.11', - }, - }, - zones => { - 'master' => { - 'endpoints' => ['master.example.org'], - }, - 'dmz' => { - 'endpoints' => ['satellite.example.org'], - 'parent' => 'master', - }, - }, -} diff --git a/examples/example1/modules/profile/manifests/icinga2/api_satellite.pp b/examples/example1/modules/profile/manifests/icinga2/api_satellite.pp deleted file mode 100644 index 3d2465c..0000000 --- a/examples/example1/modules/profile/manifests/icinga2/api_satellite.pp +++ /dev/null @@ -1,48 +0,0 @@ -# Definition -class profile::icinga2::satellite( - $zone_name, - $endpoints, - $zones, -) { - - class { 'icinga2': - confd => false, - features => ['checker','mainlog'], - constants => { - 'ZoneName' => $zone_name, - }, - } - - # Feature: api - class { 'icinga2::feature::api': - accept_config => true, - accept_commands => true, - endpoints => $endpoints, - zones => $zones, - } - - icinga2::object::zone { 'global-templates': - global => true, - } -} - - -# Declaration -class { 'profile::icinga2::satellite': - zone_name => 'dmz', - endpoints => { - 'satellite.example.org' => {}, - 'master.example.org' => { - 'host' => '172.16.1.11', - }, - }, - zones => { - 'master' => { - 'endpoints' => ['master.example.org'], - }, - 'dmz' => { - 'endpoints' => ['satellite.example.org'], - 'parent' => 'master', - }, - }, -} diff --git a/examples/example2/hieradata/nodes/agent.local.yaml b/examples/example2/hieradata/nodes/agent.local.yaml deleted file mode 100755 index 5ee853a..0000000 --- a/examples/example2/hieradata/nodes/agent.local.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -icinga2::manage_repos: true -icinga2::confd: false -icinga2::features: - - 'api' - - 'mainlog' -icinga2::constants: - NodeName: "%{::fqdn}" - ZoneName: 'satellite' -icinga2::feature::api::endpoints: - 'agent.local': {} - 'satellite.local': - host: 192.168.33.57 -icinga2::feature::api::zones: - satellite: - endpoints: - - 'satellite.local' - agent: - endpoints: - - 'agent.local' - parent: 'satellite' -profiles::icinga2::icinga_agent::os_independent_zones: - 'global-templates': - global: true -profiles::icinga2::icinga_agent::windows_zones: - 'windows-commands': - global: true -profiles::icinga2::icinga_agent::linux_zones: - 'linux-commands': - global: true diff --git a/examples/example2/hieradata/nodes/master.local.yaml b/examples/example2/hieradata/nodes/master.local.yaml deleted file mode 100755 index bc37cc7..0000000 --- a/examples/example2/hieradata/nodes/master.local.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -icinga2::manage_repos: true -icinga2::confd: false -icinga2::features: - - 'api' - - 'checker' - - 'mainlog' - - 'notification' - - 'statusdata' - - 'compatlog' - - 'command' - - 'idomysql' -icinga2::constants: - NodeName: "%{::fqdn}" - ZoneName: 'master' -icinga2::feature::api::endpoints: - 'master.local': {} - 'satellite.local': - host: 192.168.33.57 -icinga2::feature::api::zones: - master: - endpoints: - - 'master.local' - satellite: - endpoints: - - 'satellite.local' - parent: 'master' -icinga2::feature::idomysql::user: 'icinga' -icinga2::feature::idomysql::password: 'icingapassword' -icinga2::feature::idomysql::database: 'icinga' -icinga2::feature::idomysql::import_schema: true -profiles::icinga2::icinga_master::zones: - 'global-templates': - global: true - 'windows-commands': - global: true - 'linux-commands': - global: true -mysql::server::root_password: 'supersecure' -mysql::server::databases: - icinga: - ensure: 'present' -mysql::server::users: - 'icinga@localhost': - ensure: 'present' - password_hash: '*C78C76985162B449CDE1FA2732002C8ACB175936' #icingapassword -mysql::server::grants: - 'icinga@localhost/icinga.*': - ensure: 'present' - privileges: - - 'ALTER' - - 'CREATE' - - 'SELECT' - - 'INSERT' - - 'UPDATE' - - 'DELETE' - - 'DROP' - - 'CREATE VIEW' - - 'INDEX' - - 'EXECUTE' - table: 'icinga.*' - user: 'icinga@localhost' diff --git a/examples/example2/hieradata/nodes/satellite.local.yaml b/examples/example2/hieradata/nodes/satellite.local.yaml deleted file mode 100755 index e1ecf6a..0000000 --- a/examples/example2/hieradata/nodes/satellite.local.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -icinga2::manage_repos: true -icinga2::confd: false -icinga2::features: - - 'api' - - 'checker' - - 'mainlog' -icinga2::constants: - NodeName: "%{::fqdn}" - ZoneName: 'satellite' -icinga2::feature::api::endpoints: - 'satellite.local': {} - 'master.local': - host: 192.168.33.56 -icinga2::feature::api::zones: - master: - endpoints: - - 'master.local' - satellite: - endpoints: - - 'satellite.local' - parent: 'master' -profiles::icinga2::icinga_satellite::zones: - 'global-templates': - global: true - 'windows-commands': - global: true - 'linux-commands': - global: true diff --git a/examples/example3/README.md b/examples/example3/README.md deleted file mode 100644 index 8aa1bb5..0000000 --- a/examples/example3/README.md +++ /dev/null @@ -1,85 +0,0 @@ -## Example 3 – Using virtual resources and collection in a master-agent set-up. - -This is an (almost) complete example for a master-agent set-up using virtual resources in Puppet. - -__Note:__ If you're getting "_Error 400 on SERVER: "puppet.domain.tld" is not an Array. It looks to be a String at […]/modules/icinga2/manifests/object/zone.pp:51 on node node.domain.tld_" issues while applying this configuration on your nodes, you're most likely running into a [known bug in the Puppet parser](https://tickets.puppetlabs.com/browse/PUP-1299). In order to make this work, you will need to switch to the [Future Parser](https://docs.puppet.com/puppet/3.8/experiments_future.html): - - -``` -# environment.conf -manifest = site.pp -modulepath = modules:site -parser = future -``` - -### Manifests - -All nodes that should be monitored inherit from the _monitorednode_ role, thus applying the `profile::icinga::agent` class. - -Each monitored node exports itself as an endpoint and a zone. This information is then automatically collected on the master to generate the necessary configuration files. - -Agents also export a `Host` object (`@@icinga2::object::host`) and use hiera_hash() to get and assemble host properties from the respective hiera files throughout the hiera hierarchy. - -#### A word of caution on services and apply rules - -This set-up does not use any "manually" created `Service` objects, but _applies_ services to hosts based on their vars exclusively. The result is a much simplier Icinga2 configuration, among other things. - -There are two things to note here about `Apply Rules`: - -1. We don't use `icinga2::object::service` to define the apply rules, since the current version (0.7.1) of this Puppet module does not yet support the entire range of available functions and macros. Instead, we use `file` resources from a custom, dedicated module, together with the _icinga2::config::file_ tag. The tag makes sure the files will be put in place at the correct point in time and the icinga2 service restarted afterwards (see the module's [README](https://github.com/Icinga/puppet-icinga2#custom-configuration) for more information). - -An example for one such apply rule file would be: - -``` -apply Service "nginx-status" to Host { - import "generic-service" - - vars += host.vars.checks["nginx-status"] - check_command = "nginx_status" - command_endpoint = host.vars.client_endpoint - - assign where host.vars.os == "Linux" && host.vars.checks["nginx-status"] - ignore where !host.address || !host.vars.client_endpoint || !host.vars.checks -} -``` - -2. Most apply rules are defined on the master and not on the individual nodes. Although it would be preferable to define apply rules as exported resources on the individual nodes – so that they are created only as additional services (profiles) are added to a node, this is not possible when you have more than one node with the same services in your infrastructure since it will lead to duplicate resource definitions. - -Compare the `profile::backuppc::server` manifest to the `profile::nginx` profile. In the first, you will find the apply rule definition is exported as a file resource to be collected in `profile::icinga::applyrules` at the very bottom, whereas the second does not contain any `Service` object at all. -Apply rules for the _nginx_ profile have been defined in `profile::icinga::applyrules` since there are several nodes using this same profile. - -The nginx profile, however, additionally installs a check script that does not come with any of the _monitoring-plugins-*_ packages on Debian. - -### Hiera - -With a hiera hierarchy as the following (simplified), all nodes will consume both common.yaml and their dedicated yaml file, if they have one: - -```yaml ---- -:backends: - - yaml -:hierarchy: - - "nodes/%{::fqdn}" - - common -``` - -In common.yaml, we define host vars valid for all hosts throughout the infrastructure, while in the respective nodes' yaml files, we define further checks and vars that apply to that host only. - -The icingamaster.yaml file contains most of the config necessary for the master configuration. - -It's important that we set empty endpoints and zones in this file, so they will not be automatically generated by the icinga2 module, which uses defaults if the values are not set. - -```yaml -icinga2::feature::api::endpoints: {} -icinga2::feature::api::zones: {} -``` - -We use hiera_array() and hiera_hash() lookup functions from the manifests in order to merge arrays and hashes from the various levels in our hierarchy, something that Puppet does not support with automatically looked up values (cf. https://tickets.puppetlabs.com/browse/HI-233) - -### Notes - -The example is not 100% complete, some of the profile classes that are not relevant to illustrate a master-agent set-up using virtual resources in Puppet are not included and are left as an exercise to the reader. - -### Disclaimer - -This example does not claim to be a perfect setup. You might have improvements to suggest and those are of course welcome. diff --git a/examples/example3/hieradata/common.yaml b/examples/example3/hieradata/common.yaml deleted file mode 100644 index 8bab8cc..0000000 --- a/examples/example3/hieradata/common.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -classes: - - 'profile::base' - -icinga_vars: - os: Linux - cores: "%{::processorcount}" - virtual_machine: "%{::is_virtual}" - distro: "%{::operatingsystem}" - disks: - 'disk /': - disk_partitions: '/' diff --git a/examples/example3/hieradata/nodes/icingamaster.yaml b/examples/example3/hieradata/nodes/icingamaster.yaml deleted file mode 100644 index bc9ad84..0000000 --- a/examples/example3/hieradata/nodes/icingamaster.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -icinga2::manage_repos: true -icinga2::confd: true -icinga2::constants: - NodeName: "%{::fqdn}" - ZoneName: 'master' -icinga2::features: - - 'api' - - 'checker' - - 'mainlog' - - 'notification' - - 'statusdata' - - 'compatlog' - - 'command' - - 'idomysql' - - 'graphite' - # - 'debuglog' - -icinga2::feature::api::accept_commands: true -icinga2::feature::api::endpoints: {} -icinga2::feature::api::zones: {} - -icinga2::feature::graphite::host: '192.168.1.8' -icinga2::feature::graphite::port: '2003' -icinga2::feature::graphite::enable_send_tresholds: true -icinga2::feature::graphite::enable_send_metadata: true - -icinga2::feature::idomysql::database: icinga2 -icinga2::feature::idomysql::user: icinga2 -icinga2::feature::idomysql::password: "*************" -icinga2::feature::idomysql::import_schema: true diff --git a/examples/example3/hieradata/nodes/webserver.yaml b/examples/example3/hieradata/nodes/webserver.yaml deleted file mode 100644 index 902e260..0000000 --- a/examples/example3/hieradata/nodes/webserver.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -classes: - - 'role::webserver' - -icinga_vars: - client_endpoint: "%{::fqdn}" - role: http-server - vhosts: - sub.domain.tld: - uri: '/ping' - checks: - 'nginx-status': - nginx_status_host_address: '127.0.0.1' - nginx_status_port: '8433' - nginx_status_url: '/nginx-status' - nginx_status_warn: '100,50,100' - nginx_status_critical: '200,100,200' diff --git a/examples/example3/site.pp b/examples/example3/site.pp deleted file mode 100644 index 7959e7b..0000000 --- a/examples/example3/site.pp +++ /dev/null @@ -1 +0,0 @@ -hiera_include('classes') diff --git a/examples/example3/site/profile/manifests/backuppc/server.pp b/examples/example3/site/profile/manifests/backuppc/server.pp deleted file mode 100644 index 4adf3fd..0000000 --- a/examples/example3/site/profile/manifests/backuppc/server.pp +++ /dev/null @@ -1,54 +0,0 @@ -class profile::backuppc::server { - class { '::backuppc::server': } - create_resources('backuppc::server::user', hiera('backuppc_users', [])) - - # Icinga CheckCommand and Apply Rules - @@icinga2::object::checkcommand { 'backuppc': - import => [ - 'plugin-check-command', - ], - command => [ - 'sudo', '-u', 'backuppc', - 'PluginContribDir + /check_backuppc', - ], - arguments => { - '-w' => '$backuppc_wtime$', - '-c' => '$backuppc_ctime$', - '-H' => { - 'value' => '$backuppc_desired$', - 'set_if' => '$backuppc_desired$', - }, - '-x' => { - 'value' => '$backuppc_exclude$', - 'set_if' => '$backuppc_exclude$', - }, - '-V' => { - 'set_if' => '$backuppc_version$' - }, - '-a' => { - 'set_if' => '$backuppc_archiveonly$', - }, - '-b' => { - 'set_if' => '$backuppc_backuponly$', - }, - '-s' => { - 'set_if' => '$backuppc_statusonly$', - }, - }, - vars => { - 'backuppc_wtime' => '2', - 'backuppc_ctime' => '4', - }, - target => '/etc/icinga2/zones.d/global-templates/backuppc-command.conf', - } - - @@file { '/etc/icinga2/conf.d/services/backuppc.conf': - ensure => file, - owner => 'nagios', - group => 'nagios', - tag => 'icinga2::config::exported', - source => [ - 'puppet:///modules/1024/icinga/services/backuppc.conf', - ], - } -} diff --git a/examples/example3/site/profile/manifests/icinga/agent.pp b/examples/example3/site/profile/manifests/icinga/agent.pp deleted file mode 100644 index 2524611..0000000 --- a/examples/example3/site/profile/manifests/icinga/agent.pp +++ /dev/null @@ -1,57 +0,0 @@ -class profile::icinga::agent { - - # By default, the icinga module only installs monitoring-plugins-base - ensure_packages([ - 'monitoring-plugins-standard', - 'nagios-plugins-contrib', - 'libmonitoring-plugin-perl', - ], { - install_options => ['--no-install-recommends'], - }) - - # Options valid for all agents, thus defined inside the manifest - class { '::icinga2': - manage_repos => true, - confd => false, - features => [ 'mainlog' ], - } - - # Leave this here or put it in a yaml file common - # to icinga agent nodes only. - class { '::icinga2::feature::api': - pki => 'puppet', - accept_config => true, - accept_commands => true, - endpoints => {}, - zones => {}, - } - - icinga2::object::zone { 'global-templates': - global => true, - } - - # All nodes export resources for icinga monitoring - # The vars (set in the various nodes hiera files) are used to Apply Services - # to these hosts. (See profile::icinga::server) - @@::icinga2::object::host { $::fqdn: - display_name => $::fqdn, - address => $::ipaddress_eth0, - check_command => 'hostalive', - vars => hiera_hash('icinga_vars', {}), - target => "/etc/icinga2/zones.d/master/${::fqdn}.conf" - } - - # Create virtual resources for this agent node - @@::icinga2::object::endpoint { "${::fqdn}": - host => "${::ipaddress_eth0}", - } - - @@::icinga2::object::zone { "${::fqdn}": - endpoints => [ "${::fqdn}", ], - parent => 'master', - } - - # Collect and realize info about self and master, but no other nodes. - Icinga2::Object::Endpoint <<| title == $::fqdn or title == 'master.sub.domain.tld' |>> { } - Icinga2::Object::Zone <<| title == $::fqdn or title == 'master' |>> { } -} diff --git a/examples/example3/site/profile/manifests/icinga/applyrules.pp b/examples/example3/site/profile/manifests/icinga/applyrules.pp deleted file mode 100644 index 2ec680a..0000000 --- a/examples/example3/site/profile/manifests/icinga/applyrules.pp +++ /dev/null @@ -1,53 +0,0 @@ -class profile::icinga::applyrules { - - # Global apply rules - # We attempt to export them with the respective services where possible. - # However, that only works if the service is unique on the infrastructure and would - # not lead to duplicate resources. - # - # All multi-use (apply) services are defined here. - # - # We do not use "icinga2::object::service" but files with the "icinga2::config::file" tag. See the - # example's README on why this is the case. - - file { '/etc/icinga2/conf.d/services/nginx.conf': - ensure => file, - owner => 'nagios', - group => 'nagios', - tag => 'icinga2::config::file', - source => [ - 'puppet:///modules/1024/icinga/services/nginx.conf', - ], - } - - file { '/etc/icinga2/conf.d/services/postgres.conf': - ensure => file, - owner => 'nagios', - group => 'nagios', - tag => 'icinga2::config::file', - source => [ - 'puppet:///modules/1024/icinga/services/postgres.conf', - ], - } - - file { '/etc/icinga2/conf.d/services/elasticsearch.conf': - ensure => file, - owner => 'nagios', - group => 'nagios', - tag => 'icinga2::config::file', - source => [ - 'puppet:///modules/1024/icinga/services/elasticsearch.conf', - ], - } - - # Collect any files exported and tagged elsewhere (can be created inside - # services or master zone) - # We need to use a different tag then icinga itself (icinga2::config::file) - # or the agent will try to collect any resources tagged so on himself. - File <<| ensure != 'directory' and tag == 'icinga2::config::exported' |>> { - require => [ - File['icinga2_masterzone'], - File['icinga2_services'], - ], - } -} diff --git a/examples/example3/site/profile/manifests/icinga/server.pp b/examples/example3/site/profile/manifests/icinga/server.pp deleted file mode 100644 index 66ec15f..0000000 --- a/examples/example3/site/profile/manifests/icinga/server.pp +++ /dev/null @@ -1,81 +0,0 @@ -class profile::icinga::server { - - class { '::icinga2': } - - icinga2::object::zone { 'global-templates': - global => true, - } - - file { 'icinga2_global_templates': - path => '/etc/icinga2/zones.d/global-templates', - ensure => directory, - purge => true, - recurse => true, - }-> - File <<| ensure != 'directory' and tag == 'icinga2::scripts::file' |>> { } - - # Collect all hosts into their respective directories. - file { 'icinga2_masterzone': - path => '/etc/icinga2/zones.d/master', - ensure => directory, - purge => true, - recurse => true, - }-> - file { 'icinga2_hosts': - path => '/etc/icinga2/conf.d/hosts', - ensure => directory, - purge => true, - recurse => true, - }-> - Icinga2::Object::Host <<| |>> { } - - # Export master zone and endpoint for all agents to collect - @@icinga2::object::zone { 'master': - endpoints => [ "$::fqdn", ], - } - @@icinga2::object::endpoint { "$::fqdn": - host => "$::ipaddress_eth0", - } - - # Collect and realize all agent zones and endpoints - Icinga2::Object::Endpoint <<| |>> { } - Icinga2::Object::Zone <<| |>> { } - - # Collect services and notifications exported on agent nodes - # (and not created by the Apply Rules included below) - file { 'icinga2_services': - path => '/etc/icinga2/conf.d/services', - ensure => directory, - purge => true, - recurse => true, - }-> - Icinga2::Object::Service <<| |>> { } - - file { 'icinga2_notifications': - path => '/etc/icinga2/conf.d/notifications', - ensure => directory, - purge => true, - recurse => true, - }-> - Icinga2::Object::Notification <<| |>> { } - - # Collect check and notification commands that are not created by Apply - file { 'icinga2_commands': - path => '/etc/icinga2/conf.d/commands', - ensure => directory, - purge => true, - recurse => true, - }-> - Icinga2::Object::Checkcommand <<| |>> { }-> - Icinga2::Object::NotificationCommand <<| |>> { } - - # Define apply rules that - contain profile::icinga::applyrules - - # Note: these manifests are not included in this example - contain profile::icinga::hostgroups - contain profile::icinga::users - contain profile::icinga::timeperiods - contain profile::icinga::notifications - contain profile::icinga::checkcommands -} diff --git a/examples/example3/site/profile/manifests/nginx.pp b/examples/example3/site/profile/manifests/nginx.pp deleted file mode 100644 index dc58bdc..0000000 --- a/examples/example3/site/profile/manifests/nginx.pp +++ /dev/null @@ -1,25 +0,0 @@ -class profile::nginx { - - # This profile can be used by many nodes and thus the node configuration is - # in the hiera file for the respective node! - class { '::nginx': - manage_repo => true, - package_source => 'nginx-stable' - }-> - class { '::collectd::plugin::nginx': - url => 'http://localhost:8433/nginx-status', - } - - # Icinga: install check into PluginContribDir - # (PluginContribDir could be a fact "icinga2 variable get PluginContribDir", - # but for that to work, puppet would probably have to run twice…) - file { '/usr/lib/nagios/plugins/check_nginx_status.pl': - ensure => file, - mode => '+x', - source => [ - 'puppet:///modules/1024/icinga/plugins/check_nginx_status.pl', - ], - require => Package['monitoring-plugins-standard'], - } - -} diff --git a/examples/example3/site/role/manifests/icingamaster.pp b/examples/example3/site/role/manifests/icingamaster.pp deleted file mode 100644 index b5ab919..0000000 --- a/examples/example3/site/role/manifests/icingamaster.pp +++ /dev/null @@ -1,9 +0,0 @@ -class role::icingamaster { - contain profile::hosts - contain profile::letsencrypt - contain profile::nginx - contain profile::php - contain profile::mysqlserver - contain profile::icinga::server - contain profile::graylog::collector_sidecar -} diff --git a/examples/example3/site/role/manifests/monitorednode.pp b/examples/example3/site/role/manifests/monitorednode.pp deleted file mode 100644 index 7f39fdc..0000000 --- a/examples/example3/site/role/manifests/monitorednode.pp +++ /dev/null @@ -1,4 +0,0 @@ -class role::monitorednode { - contain profile::icinga::agent - contain profile::graylog::collector_sidecar -} diff --git a/examples/example3/site/role/manifests/webserver.pp b/examples/example3/site/role/manifests/webserver.pp deleted file mode 100644 index 429f1de..0000000 --- a/examples/example3/site/role/manifests/webserver.pp +++ /dev/null @@ -1,4 +0,0 @@ -class role::webserver inherits role::monitorednode { - contain profile::php - contain profile::nginx -} diff --git a/examples/example4/README.md b/examples/example4/README.md deleted file mode 100644 index eaffa98..0000000 --- a/examples/example4/README.md +++ /dev/null @@ -1,12 +0,0 @@ -NOTICE: This example is for Puppet 4 only. - -The following syntax that's used in profile::icinga2::agent and profile::icinga2::slave is for Puppet 4. -``` - @@::icinga2::object::host { $::fqdn: - * => merge({ - display_name => $::hostname, - address => $agent_ip, - target => "/etc/icinga2/zones.d/${parent_zone}/${::hostname}.conf", - }, hiera_hash(icinga2::host)), - } -``` diff --git a/examples/example4/hiera.yaml b/examples/example4/hiera.yaml deleted file mode 100644 index d0c9f10..0000000 --- a/examples/example4/hiera.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -:backends: - - yaml -:hierarchy: - - "nodes/%{::trusted.certname}" - - "%{::domain}" - - "%{::kernel}" - - common -:merge_behavior: deeper - -:yaml: - :datadir: diff --git a/examples/example4/hieradata/Linux.yaml b/examples/example4/hieradata/Linux.yaml deleted file mode 100644 index befa1e3..0000000 --- a/examples/example4/hieradata/Linux.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -icinga2::host: - vars: - os: Linux - disks: - 'disk /': - disk_partition: / - import: - - linux-host diff --git a/examples/example4/hieradata/example.local.yaml b/examples/example4/hieradata/example.local.yaml deleted file mode 100644 index 6aabf16..0000000 --- a/examples/example4/hieradata/example.local.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -profile::icinga2::agent::parent_endpoints: - 'master.example.local': - host: 172.16.1.11 -profile::icinga2::agent::parent_zone: master diff --git a/examples/example4/hieradata/example.org.yaml b/examples/example4/hieradata/example.org.yaml deleted file mode 100644 index eb691ec..0000000 --- a/examples/example4/hieradata/example.org.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -profile::icinga2::agent::parent_endpoints: - 'slave.example.org': - host: 172.16.2.11 -profile::icinga2::agent::parent_zone: dmz diff --git a/examples/example4/hieradata/nodes/example.domain.org.yaml b/examples/example4/hieradata/nodes/example.domain.org.yaml deleted file mode 100644 index 76fdb81..0000000 --- a/examples/example4/hieradata/nodes/example.domain.org.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -icinga2::host: - vars: - disks: - 'disk /': - disk_wfree: 10% - disk_cfree: 5% - import: - - postgres-dbms diff --git a/examples/example4/hieradata/nodes/slave.example.org.yaml b/examples/example4/hieradata/nodes/slave.example.org.yaml deleted file mode 100644 index b8a295a..0000000 --- a/examples/example4/hieradata/nodes/slave.example.org.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -profile::icinga2::slave::slave_zone: dmz -profile::icinga2::slave::parent_endpoints: - - 'master.example.org' diff --git a/examples/example4/profile/files/icinga2/templates.conf b/examples/example4/profile/files/icinga2/templates.conf deleted file mode 100644 index 791f552..0000000 --- a/examples/example4/profile/files/icinga2/templates.conf +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Generic template examples. - */ - - -/** - * Provides default settings for hosts. By convention - * all hosts should import this template. - * - * The CheckCommand object `hostalive` is provided by - * the plugin check command templates. - * Check the documentation for details. - */ -template Host "generic-host" { - max_check_attempts = 3 - check_interval = 1m - retry_interval = 30s - - check_command = "hostalive" -} - -template Host "linux-host" { - import "generic-host" - - vars.os = "Linux" - vars.disks["disk /"] = { - disk_partition = "/" - } -} - -template Host "postgres-dbms" { -} - -/** - * Provides default settings for services. By convention - * all services should import this template. - */ -template Service "generic-service" { - max_check_attempts = 5 - check_interval = 1m - retry_interval = 30s -} - -/** - * Provides default settings for users. By convention - * all users should inherit from this template. - */ - -template User "generic-user" { - -} - -/** - * Provides default settings for host notifications. - * By convention all host notifications should import - * this template. - */ -template Notification "mail-host-notification" { - command = "mail-host-notification" - - states = [ Up, Down ] - types = [ Problem, Acknowledgement, Recovery, Custom, - FlappingStart, FlappingEnd, - DowntimeStart, DowntimeEnd, DowntimeRemoved ] - - period = "24x7" -} - -/** - * Provides default settings for service notifications. - * By convention all service notifications should import - * this template. - */ -template Notification "mail-service-notification" { - command = "mail-service-notification" - - states = [ OK, Warning, Critical, Unknown ] - types = [ Problem, Acknowledgement, Recovery, Custom, - FlappingStart, FlappingEnd, - DowntimeStart, DowntimeEnd, DowntimeRemoved ] - - period = "24x7" -} diff --git a/examples/example4/profile/manifests/agent.pp b/examples/example4/profile/manifests/agent.pp deleted file mode 100644 index 48dfead..0000000 --- a/examples/example4/profile/manifests/agent.pp +++ /dev/null @@ -1,63 +0,0 @@ -# Notice: this code contains Puppet 4 syntax! It doesn't run on Puppet 3. -class profile::icinga2::agent( - Hash $parent_endpoints, - String $parent_zone, - Stdlib::Compat::Ip_address $agent_ip = $::ipaddress, -) { - - contain ::profile::icinga2::plugins - - case $::osfamily { - 'redhat': { - package { 'epel-release': } - } # RedHat - } - - class { '::icinga2': - manage_repos => true, - confd => false, - features => ['mainlog'], - } - - # Feature: api - class { '::icinga2::feature::api': - accept_config => true, - accept_commands => true, - zones => { - 'ZoneName' => { - 'endpoints' => [ 'NodeName' ], - 'parent' => $parent_zone, - }, - }, - } - - ::icinga2::object::zone { 'linux-commands': - global => true, - order => '47', - } - - create_resources('icinga2::object::endpoint', $parent_endpoints) - - ::icinga2::object::zone { $parent_zone: - endpoints => keys($parent_endpoints), - } - - @@::icinga2::object::endpoint { $::fqdn: - target => "/etc/icinga2/zones.d/${parent_zone}/${::hostname}.conf", - } - - @@::icinga2::object::zone { $::fqdn: - endpoints => [ $::fqdn ], - parent => $parent_zone, - target => "/etc/icinga2/zones.d/${parent_zone}/${::hostname}.conf", - } - - @@::icinga2::object::host { $::fqdn: - # Puppet 4 syntax - * => merge({ - display_name => $::hostname, - address => $agent_ip, - target => "/etc/icinga2/zones.d/${parent_zone}/${::hostname}.conf", - }, hiera_hash(icinga2::host)), - } -} diff --git a/examples/example4/profile/manifests/master.pp b/examples/example4/profile/manifests/master.pp deleted file mode 100644 index a7ece7e..0000000 --- a/examples/example4/profile/manifests/master.pp +++ /dev/null @@ -1,98 +0,0 @@ -class profile::icinga2::master { - - contain ::profile::icinga2::plugins - - case $::osfamily { - 'redhat': { - package { 'epel-release': } - } # RedHat - } - - class { '::icinga2': - manage_repos => true, - purge_features => false, - confd => false, - constants => { - 'ZoneName' => 'master', - } - } - - # Feature: api - class { '::icinga2::feature::api': - accept_commands => true, - accept_config => true, - } - - icinga2::object::zone { ['global-templates', 'windows-commands', 'linux-commands']: - global => true, - order => '47', - } - - # Zone directories - file { ['/etc/icinga2/zones.d/master', - '/etc/icinga2/zones.d/windows-commands', - '/etc/icinga2/zones.d/linux-commands', - '/etc/icinga2/zones.d/global-templates']: - ensure => directory, - owner => 'icinga', - group => 'icinga', - mode => '0750', - tag => 'icinga2::config::file', - } - - File <<| tag == "icinga2::slave::zone" |>> - - # Static Icinga 2 objects - ::icinga2::object::service { 'ping4': - import => ['generic-service'], - apply => true, - check_command => 'ping', - assign => ['host.address'], - target => '/etc/icinga2/zones.d/global-templates/services.conf', - } - - ::icinga2::object::service { 'cluster zone': - import => ['generic-service'], - apply => true, - check_command => 'cluster-zone', - assign => ['host.vars.os == Linux || host.vars.os == Windows'], - ignore => ['host.vars.noagent'], - target => '/etc/icinga2/zones.d/global-templates/services.conf', - } - - ::icinga2::object::service { 'linux_load': - import => ['generic-service'], - service_name => 'load', - apply => true, - check_command => 'load', - command_endpoint => 'host.name', - assign => ['host.vars.os == Linux'], - ignore => ['host.vars.noagent'], - target => '/etc/icinga2/zones.d/global-templates/services.conf', - } - - ::icinga2::object::service { 'linux_disks': - import => ['generic-service'], - apply => 'disk_name => config in host.vars.disks', - check_command => 'disk', - command_endpoint => 'host.name', - vars => 'vars + config', - assign => ['host.vars.os == Linux'], - ignore => ['host.vars.noagent'], - target => '/etc/icinga2/zones.d/global-templates/services.conf', - } - - # Collect objects - ::Icinga2::Object::Endpoint <<| |>> - ::Icinga2::Object::Zone <<| |>> - ::Icinga2::Object::Host <<| |>> - - # Static config files - file { '/etc/icinga2/zones.d/global-templates/templates.conf': - ensure => file, - owner => 'icinga', - group => 'icinga', - mode => '0640', - source => 'puppet:///modules/profile/icinga2/templates.conf', - } -} diff --git a/examples/example4/profile/manifests/plugins.pp b/examples/example4/profile/manifests/plugins.pp deleted file mode 100644 index 932c9a4..0000000 --- a/examples/example4/profile/manifests/plugins.pp +++ /dev/null @@ -1,9 +0,0 @@ -class profile::icinga2::plugins { - - case $::kernel { - 'linux': { - package { 'nagios-plugins-all': } - } - } - -} diff --git a/examples/example4/profile/manifests/slave.pp b/examples/example4/profile/manifests/slave.pp deleted file mode 100644 index 6117d2c..0000000 --- a/examples/example4/profile/manifests/slave.pp +++ /dev/null @@ -1,83 +0,0 @@ -# Notice: this code contains Puppet 4 syntax! It doesn't run on Puppet 3. -class profile::icinga2::slave( - String $slave_zone, - Array $parent_endpoints, - String $parent_zone = 'master', - Stdlib::Compat::Ip_address $slave_ip = $::ipaddress, -) { - - contain ::profile::icinga2::plugins - - case $::osfamily { - 'redhat': { - package { 'epel-release': } - } # RedHat - } - - class { '::icinga2': - manage_repos => true, - confd => false, - features => ['checker','mainlog'], - constants => { - 'ZoneName' => $slave_zone, - }, - } - - # Feature: api - class { '::icinga2::feature::api': - accept_config => true, - accept_commands => true, - zones => { - 'ZoneName' => { - 'endpoints' => [ 'NodeName' ], - 'parent' => $parent_zone, - }, - }, - } - - ::icinga2::object::endpoint { $parent_endpoints: } - - ::icinga2::object::zone { $parent_zone: - endpoints => $parent_endpoints, - } - - ::icinga2::object::zone { ['global-templates', 'windows-commands', 'linux-commands']: - global => true, - order => '47', - } - - @@::icinga2::object::endpoint { $::fqdn: - host => $slave_ip, - tag => "icinga2::parent::${parent_zone}", - } - - @@::icinga2::object::zone { $slave_zone: - endpoints => [ $::fqdn ], - parent => $parent_zone, - tag => "icinga2::parent::${parent_zone}", - } - - @@file { "/etc/icinga2/zones.d/${slave_zone}": - ensure => directory, - owner => 'icinga', - group => 'icinga', - mode => '0750', - tag => 'icinga2::slave::zone', - } - - ::Icinga2::Object::Endpoint <<| tag == "icinga2::parent::${slave_zone}" |>> - ::Icinga2::Object::Zone <<| tag == "icinga2::parent::${slave_zone}" |>> - - @@::icinga2::object::host { $::fqdn: - # Puppet 4 syntax - * => deep_merge({ - display_name => $::hostname, - address => $slave_ip, - target => "/etc/icinga2/zones.d/${slave_zone}/${::hostname}.conf", - zone => $parent_zone, - vars => { - 'cluster_zone' => $slave_zone, - }, - }, hiera_hash(icinga2::host)), - } -} diff --git a/examples/example_config.pp b/examples/example_config.pp index 6028dfa..5482b45 100644 --- a/examples/example_config.pp +++ b/examples/example_config.pp @@ -1,335 +1,335 @@ class { '::icinga2': manage_repos => true, confd => 'example.d', } file { '/etc/icinga2/example.d': ensure => directory, tag => 'icinga2::config::file', purge => true, recurse => true, } -/* - * Hosts - */ +# +# Hosts +# ::icinga2::object::host { 'generic-host': template => true, target => '/etc/icinga2/example.d/templates.conf', check_interval => '1m', retry_interval => '30s', max_check_attempts => 3, check_command => 'hostalive', } ::icinga2::object::host { 'NodeName': target => '/etc/icinga2/example.d/hosts.conf', import => [ 'generic-host' ], address => '127.0.0.1', address6 => '::1', - vars => { + vars => { os => 'Linux', http_vhosts => { http => { http_uri => '/', }, }, - disks => { - disk => {}, - 'disk /' => { + disks => { + disk => {}, + 'disk /' => { disk_partition => '/', }, }, notification => { mail => { groups => [ 'icingaadmins' ], }, }, }, } ::icinga2::object::hostgroup { 'linux-servers': target => '/etc/icinga2/example.d/groups.conf', display_name => 'Linux Servers', assign => [ 'host.vars.os == Linux' ], } ::icinga2::object::hostgroup { 'windows-servers': target => '/etc/icinga2/example.d/groups.conf', display_name => 'Windows Servers', assign => [ 'host.vars.os == Windows' ], } -/* - * Services - */ +# +# Services +# ::icinga2::object::service { 'generic-service': template => true, target => '/etc/icinga2/example.d/templates.conf', check_interval => '1m', retry_interval => '30s', max_check_attempts => 5, } ::icinga2::object::service { 'ping4': target => '/etc/icinga2/example.d/services.conf', apply => true, import => [ 'generic-service' ], check_command => 'ping4', assign => [ 'host.address' ], } ::icinga2::object::service { 'ping6': target => '/etc/icinga2/example.d/services.conf', apply => true, import => [ 'generic-service' ], check_command => 'ping6', assign => [ 'host.address6' ], } ::icinga2::object::service { 'ssh': target => '/etc/icinga2/example.d/services.conf', apply => true, import => [ 'generic-service' ], check_command => 'ssh', assign => [ '(host.address || host.address6) && host.vars.os == Linux' ], } ::icinga2::object::service { 'http': target => '/etc/icinga2/example.d/services.conf', apply => 'vhost => config in host.vars.http_vhosts', import => [ 'generic-service' ], check_command => 'http', vars => '+ config', } ::icinga2::object::service { 'disk': target => '/etc/icinga2/example.d/services.conf', apply => 'disk => config in host.vars.disks', import => [ 'generic-service' ], check_command => '-:"disk"', vars => '+ config', } ::icinga2::object::service { 'icinga': target => '/etc/icinga2/example.d/services.conf', apply => true, import => [ 'generic-service' ], check_command => 'icinga', assign => [ 'host.name == NodeName' ], } ::icinga2::object::service { 'load': - target => '/etc/icinga2/example.d/services.conf', - apply => true, - import => [ 'generic-service' ], - check_command => 'load', - vars => { + target => '/etc/icinga2/example.d/services.conf', + apply => true, + import => [ 'generic-service' ], + check_command => 'load', + vars => { backup_downtime => '02:00-03:00', }, assign => [ 'host.name == NodeName' ], } ::icinga2::object::service { 'procs': target => '/etc/icinga2/example.d/services.conf', apply => true, import => [ 'generic-service' ], check_command => 'procs', assign => [ 'host.name == NodeName' ], } ::icinga2::object::service { 'swap': target => '/etc/icinga2/example.d/services.conf', apply => true, import => [ 'generic-service' ], check_command => 'swap', assign => [ 'host.name == NodeName' ], } ::icinga2::object::servicegroup { 'ping': target => '/etc/icinga2/example.d/groups.conf', display_name => 'Ping Checks', assign => [ 'match(ping*, service.check_command)' ], } ::icinga2::object::servicegroup { 'http': target => '/etc/icinga2/example.d/groups.conf', display_name => 'HTTP Checks', assign => [ 'match(http*, service.check_command)' ], } ::icinga2::object::servicegroup { 'disk': target => '/etc/icinga2/example.d/groups.conf', display_name => 'Disk Checks', assign => [ 'match(disk*, service.check_command)' ], } -/* - * Users - */ +# +# Users +# ::icinga2::object::user { 'generic-user': template => true, target => '/etc/icinga2/example.d/templates.conf', } ::icinga2::object::service { 'users': target => '/etc/icinga2/example.d/services.conf', apply => true, import => [ 'generic-service' ], check_command => 'users', assign => [ 'host.name == NodeName' ], } ::icinga2::object::scheduleddowntime { 'backup-downtime': target => '/etc/icinga2/example.d/downtimes.conf', apply => true, apply_target => 'Service', author => 'icingaadmin', comment => 'Scheduled downtime for backup', - ranges => { + ranges => { monday => 'service.vars.backup_downtime', tuesday => 'service.vars.backup_downtime', wednesday => 'service.vars.backup_downtime', thursday => 'service.vars.backup_downtime', friday => 'service.vars.backup_downtime', saturday => 'service.vars.backup_downtime', sunday => 'service.vars.backup_downtime', }, - assign => [ 'service.vars.backup_downtime' ], + assign => [ 'service.vars.backup_downtime' ], } ::icinga2::object::user { 'icingaadmin': target => '/etc/icinga2/example.d/users.conf', import => [ 'generic-user' ], display_name => 'Icinga 2 Admin', groups => [ 'icingaadmins'], email => 'icinga@localhost', } ::icinga2::object::usergroup { 'icingaadmins': target => '/etc/icinga2/example.d/users.conf', display_name => 'Icinga 2 Admin Group', } -/* - * Notifications - */ +# +# Notifications +# ::icinga2::object::notificationcommand { 'mail-host-notification': target => '/etc/icinga2/example.d/commands.conf', command => [ 'SysconfDir + /icinga2/scripts/mail-host-notification.sh' ], env => { 'NOTIFICATIONTYPE' => '$notification.type$', 'HOSTNAME' => '$host.name$', 'HOSTDISPLAYNAME' => '$host.display_name$', 'HOSTADDRESS' => '$address$', 'HOSTSTATE' => '$host.state$', 'LONGDATETIME' => '$icinga.long_date_time$', 'HOSTOUTPUT' => '$host.output$', 'NOTIFICATIONAUTHORNAME' => '$notification.author$', 'NOTIFICATIONCOMMENT' => '$notification.comment$', 'USEREMAIL' => '$user.email$', }, } ::icinga2::object::notificationcommand { 'mail-service-notification': target => '/etc/icinga2/example.d/commands.conf', command => [ 'SysconfDir + /icinga2/scripts/mail-service-notification.sh' ], env => { 'NOTIFICATIONTYPE' => '$notification.type$', 'SERVICENAME' => '$service.name$', 'HOSTNAME' => '$host.name$', 'HOSTDISPLAYNAME' => '$host.display_name$', 'HOSTADDRESS' => '$address$', 'SERVICESTATE' => '$service.state$', 'LONGDATETIME' => '$icinga.long_date_time$', 'SERVICEOUTPUT' => '$service.output$', 'NOTIFICATIONAUTHORNAME' => '$notification.author$', 'NOTIFICATIONCOMMENT' => '$notification.comment$', 'SERVICEDISPLAYNAME' => '$service.display_name$', 'USEREMAIL' => '$user.email$', }, } ::icinga2::object::notification { 'mail-host-notification': target => '/etc/icinga2/example.d/templates.conf', template => true, command => 'mail-host-notification', states => [ 'Up', 'Down' ], types => [ 'Problem', 'Acknowledgement', 'Recovery', 'Custom', 'FlappingStart', 'FlappingEnd', 'DowntimeStart', 'DowntimeEnd', 'DowntimeRemoved' ], period => '24x7', } ::icinga2::object::notification { 'mail-service-notification': target => '/etc/icinga2/example.d/templates.conf', template => true, command => 'mail-service-notification', states => [ 'OK', 'Warning', 'Critical', 'Unknown' ], types => [ 'Problem', 'Acknowledgement', 'Recovery', 'Custom', 'FlappingStart', 'FlappingEnd', 'DowntimeStart', 'DowntimeEnd', 'DowntimeRemoved' ], period => '24x7', } ::icinga2::object::notification { 'mail-host-icingaadmin': target => '/etc/icinga2/example.d/notifications.conf', notification_name => 'mail-icingaadmin', apply => true, apply_target => 'Host', import => [ 'mail-host-notification' ], user_groups => 'host.vars.notification.mail.groups', users => 'host.vars.notification.mail.users', assign => [ 'host.vars.notification.mail' ], } ::icinga2::object::notification { 'mail-service-icingaadmin': target => '/etc/icinga2/example.d/notifications.conf', notification_name => 'mail-icingaadmin', apply => true, apply_target => 'Service', import => [ 'mail-service-notification' ], user_groups => 'host.vars.notification.mail.groups', users => 'host.vars.notification.mail.users', assign => [ 'host.vars.notification.mail' ], } -/* - * Timeperiods - */ +# +# Timeperiods +# ::icinga2::object::timeperiod { '24x7': target => '/etc/icinga2/example.d/timeperiods.conf', import => [ 'legacy-timeperiod' ], display_name => 'Icinga 2 24x7 TimePeriod', ranges => { monday => '00:00-24:00', tuesday => '00:00-24:00', wednesday => '00:00-24:00', thursday => '00:00-24:00', friday => '00:00-24:00', saturday => '00:00-24:00', sunday => '00:00-24:00', }, } ::icinga2::object::timeperiod { '9to5': target => '/etc/icinga2/example.d/timeperiods.conf', import => [ 'legacy-timeperiod' ], display_name => 'Icinga 2 9to5 TimePeriod', ranges => { monday => '09:00-17:00', tuesday => '09:00-17:00', wednesday => '09:00-17:00', thursday => '09:00-17:00', friday => '09:00-17:00', saturday => '09:00-17:00', sunday => '09:00-17:00', }, } ::icinga2::object::timeperiod { 'never': target => '/etc/icinga2/example.d/timeperiods.conf', import => [ 'legacy-timeperiod' ], display_name => 'Icinga 2 never TimePeriod', ranges => {}, } diff --git a/examples/example_service_mysql.pp b/examples/example_service_mysql.pp index b69f0fb..f5efb20 100644 --- a/examples/example_service_mysql.pp +++ b/examples/example_service_mysql.pp @@ -1,122 +1,118 @@ # Example service MySQL # # == Service: mysql # # [*mysql_hostname*] # If set to an external address, the agent will check an external database. Usefull to check # connectivity between two replications. # # == Service: mysql_health # # [*command_endpoint*] # If set to name, the check source will be the agent itself. This means the agent needs to be # hosting the database itself. # # [*mysql_health_name*] # It is best to contain the query within single quotes ('') followed by a hypend (-) and colon (:). # Then contain the query as normal within double quotes ("") and escape (\) anything that would break the string. # # Example: # mysql_health_name => '-:"SELECT COUNT(*) FROM t1;"' # -/* - * Icinga2 - */ class { '::icinga2': manage_repos => true, confd => 'example.d', } file { '/etc/icinga2/example.d': ensure => directory, tag => 'icinga2::config::file', purge => true, recurse => true, } -/* - * MySQL - */ +# +# MySQL +# class { '::mysql::server': root_password => 'secret', remove_default_accounts => true, } mysql::db { 'icinga2': user => 'icinga2', password => 'icinga2', host => 'localhost', grant => [ 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER' ], } -/* - * Hosts - */ +# +# Hosts +# ::icinga2::object::host { 'generic-host': template => true, target => '/etc/icinga2/example.d/templates.conf', check_interval => '1m', retry_interval => '30s', max_check_attempts => 3, check_command => 'hostalive', } ::icinga2::object::host { 'NodeName': target => '/etc/icinga2/example.d/hosts.conf', import => ['generic-host'], address => '127.0.0.1', address6 => '::1', vars => { client_endpoint => name, mysql => { db_connection => { mysql_hostname => 'localhost', mysql_username => 'icinga2', mysql_password => 'icinga2', }, }, mysql_health => { db_size => { mysql_health_mode => 'sql', mysql_health_name => '-:"SELECT SUM(date_length + index_length) / 1024 / 1024 AS \'db size\' FROM information_schema.tables WHERE table_schema = \'+ db_name +\';"', mysql_health_name2 => 'db_size', mysql_health_units => 'MB', mysql_health_username => 'icinga2', mysql_health_password => 'icinga2', }, }, }, } -/* - * Services - */ +# +# Services +# ::icinga2::object::service { 'generic-service': template => true, target => '/etc/icinga2/example.d/templates.conf', check_interval => '1m', retry_interval => '30s', max_check_attempts => 5, } ::icinga2::object::service { 'mysql': target => '/etc/icinga2/example.d/services.conf', apply => 'mysql => config in host.vars.mysql', import => ['generic-service'], check_command => '-:"mysql"', assign => ['host.vars.mysql'], vars => 'vars + config', } ::icinga2::object::service { 'mysql_health': - target => '/etc/icinga2/example.d/services.conf', - apply => 'mysql_health => config in host.vars.mysql_health', - import => ['generic-service'], - check_command => '-:"mysql_health"', -# command_endpoint => 'host.vars.client_endpoint', - assign => ['host.vars.mysql_health'], - vars => 'vars + config', + target => '/etc/icinga2/example.d/services.conf', + apply => 'mysql_health => config in host.vars.mysql_health', + import => ['generic-service'], + check_command => '-:"mysql_health"', + assign => ['host.vars.mysql_health'], + vars => 'vars + config', } diff --git a/examples/init_icingadb.pp b/examples/init_icingadb.pp index 5cca46e..9a52a0e 100644 --- a/examples/init_icingadb.pp +++ b/examples/init_icingadb.pp @@ -1,28 +1,31 @@ case $::facts['os']['name'] { 'redhat', 'centos': { if Integer($::facts['os']['release']['major']) < 8 { $epel = true $backports = false } else { $epel = false $backports = false } } # RedHat 'debian', 'ubuntu': { if $::facts['os']['distro']['codename'] in [ 'stretch', 'trusty' ] { $epel = false $backports = true } } # Debian + default: { + fail('Your operating system is not supported.') + } } class { '::icinga::repos': manage_release => false, manage_testing => true, manage_epel => $epel, configure_backports => $backports, } include ::icinga2 include ::icinga2::feature::icingadb diff --git a/examples/init_master.pp b/examples/init_master.pp index 0e20229..d670948 100644 --- a/examples/init_master.pp +++ b/examples/init_master.pp @@ -1,20 +1,20 @@ class { '::icinga2': manage_repos => true, constants => { 'NodeName' => 'master.localdomain', 'ZoneName' => 'master', 'TicketSalt' => '5a3d695b8aef8f18452fc494593056a4', } } class { '::icinga2::feature::api': - pki => 'none', - zones => { + pki => 'none', + zones => { 'master' => { 'endpoints' => [ 'NodeName' ], }, } } class { '::icinga2::pki::ca': } diff --git a/examples/init_package_idopgsql.pp b/examples/init_package_idopgsql.pp index b06e67b..bcbc0f9 100644 --- a/examples/init_package_idopgsql.pp +++ b/examples/init_package_idopgsql.pp @@ -1,18 +1,18 @@ include ::icinga2::repo package { ['icinga2', 'icinga2-ido-pgsql']: ensure => latest, notify => Class['icinga2'], } class{ 'icinga2': manage_packages => false, } class{ 'icinga2::feature::idopgsql': - host => "127.0.0.1", - user => "icinga2", - password => "icinga2", - database => "icinga2", + host => '127.0.0.1' + user => 'icinga2' + password => 'icinga2' + database => 'icinga2' import_schema => true } diff --git a/examples/init_slave.pp b/examples/init_slave.pp index 25c4012..9ef39f0 100644 --- a/examples/init_slave.pp +++ b/examples/init_slave.pp @@ -1,32 +1,32 @@ $master_cert = 'master.localdomain' $master_ip = '192.168.5.16' class { '::icinga2': manage_repos => true, constants => { 'NodeName' => 'slave.localdomain', }, } class { '::icinga2::feature::api': pki => 'icinga2', ca_host => $master_ip, ticket_salt => '5a3d695b8aef8f18452fc494593056a4', accept_config => true, accept_commands => true, endpoints => { 'NodeName' => {}, "${master_cert}" => { 'host' => $master_ip, } }, zones => { 'ZoneName' => { 'endpoints' => [ 'NodeName' ], 'parent' => 'master', }, - 'master' => { + 'master' => { 'endpoints' => [ $master_cert ], }, } } diff --git a/examples/init_slave_validate.pp b/examples/init_slave_validate.pp index 8f15e86..9cc54bd 100644 --- a/examples/init_slave_validate.pp +++ b/examples/init_slave_validate.pp @@ -1,36 +1,36 @@ $master_cert = 'master.localdomain' $master_ip = '192.168.5.12' # get it on CA host 'openssl x509 -noout -fingerprint -sha256 -inform pem -in /var/lib/icinga2/certs/master.localdomain.crt' $fingerprint = 'D8:98:82:1B:14:8A:6A:89:4B:7A:40:32:50:68:01:D8:98:82:1B:14:8A:6A:89:4B:7A:40:32:99:3D:96:72:72' class { '::icinga2': manage_repos => true, constants => { 'NodeName' => 'slave.localdomain', }, } class { '::icinga2::feature::api': pki => 'icinga2', ca_host => $master_ip, ticket_salt => '5a3d695b8aef8f18452fc494593056a4', accept_config => true, accept_commands => true, endpoints => { 'NodeName' => {}, "${master_cert}" => { 'host' => $master_ip, } }, zones => { 'ZoneName' => { 'endpoints' => [ 'NodeName' ], 'parent' => 'master', }, - 'master' => { + 'master' => { 'endpoints' => [ $master_cert ], }, }, fingerprint => $fingerprint, } diff --git a/examples/ticket_id.pp b/examples/ticket_id.pp index db23754..e9ade41 100644 --- a/examples/ticket_id.pp +++ b/examples/ticket_id.pp @@ -1,31 +1,31 @@ class { 'icinga2': - confd => false, - features => ['checker','mainlog'], + confd => false, + features => ['checker','mainlog'], } class { 'icinga2::feature::api': pki => 'icinga2', ca_host => 'icinga2-master.example.com', ticket_salt => '5a3d695b8aef8f18452fc494593056a4', accept_config => true, accept_commands => true, endpoints => { - 'NodeName' => {}, + 'NodeName' => {}, 'icinga2-master.example.com' => { 'host' => '192.168.56.103', } }, zones => { 'NodeName' => { 'endpoints' => ['NodeName'], - 'parent' => 'master', + 'parent' => 'master', }, - 'master' => { + 'master' => { 'endpoints' => ['icinga2-master.example.com'] } } } icinga2::object::zone { 'global-templates': global => true, } diff --git a/manifests/globals.pp b/manifests/globals.pp index 2a723b5..fe479d3 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -1,115 +1,115 @@ # @summary # This class loads the default parameters by doing a hiera lookup. # # @note This parameters depend on the os plattform. Changes maybe will break the functional capability of the supported plattforms and versions. Please only do changes when you know what you're doing. # # @api private # # @param [String] package_name # The name of the icinga package to manage. # # @param [String] service_name # The name of the icinga service to manage. # # @param [Optional[String]] user # User as the icinga process runs. # CAUTION: This does not manage the user context for the runnig icinga 2 process! # The parameter is only used for ownership of files or directories. # # @param [Optional[String]] group # Group as the icinga process runs. # CAUTION: This does not manage the group context for the runnig icinga 2 process! # The parameter is only used for group membership of files or directories. # # @param [Optional[String]] logon_account # The user context in which the service should run. # ATM only relevant on Windows. # # @param [Optional[String]] selinux_package_name # The name of the icinga selinux package. # # @param [Optional[String]] ido_mysql_package_name # The name of the icinga package that's needed for MySQL. # # @param [String] ido_mysql_schema # Path to the MySQL schema to import. # # @param [Optional[String]] ido_pgsql_package_name # The name of the icinga package that's needed for Postrgesql. # # @param [String] ido_pgsql_schema # Path to the Postgresql schema to import. # # @param [Stdlib::Absolutepath] icinga2_bin # Path to the icinga2 binary. # # @param [Stdlib::Absolutepath] conf_dir # Location of the configuration directory of Icinga. # # @param [Stdlib::Absolutepath] lib_dir # Path to the directory contained the system libs. # # @param [Stdlib::Absolutepath] log_dir # Location to store Icinga log files. # # @param [Stdlib::Absolutepath] run_dir # Runtime directory of Icinga. # # @param [Stdlib::Absolutepath] spool_dir # Path to spool files of Icinga. # # @param [Stdlib::Absolutepath] cache_dir # Path to cache files of Icinga. # # @param [Stdlib::Absolutepath] cert_dir # Path to the directory where Icinga stores keys and certificates. # # @param [Stdlib::Absolutepath] ca_dir # Path to CA. # # @param [Optional[String]] service_reload # How to do a reload of the Icinga process. # class icinga2::globals( String $package_name, String $service_name, String $ido_mysql_schema, String $ido_pgsql_schema, Stdlib::Absolutepath $icinga2_bin, Stdlib::Absolutepath $conf_dir, Stdlib::Absolutepath $lib_dir, Stdlib::Absolutepath $log_dir, Stdlib::Absolutepath $run_dir, Stdlib::Absolutepath $spool_dir, Stdlib::Absolutepath $cache_dir, Stdlib::Absolutepath $cert_dir, Stdlib::Absolutepath $ca_dir, Array[String] $reserved, Optional[String] $user = undef, Optional[String] $group = undef, Optional[String] $logon_account = undef, Optional[String] $selinux_package_name = undef, Optional[String] $ido_mysql_package_name = undef, Optional[String] $ido_pgsql_package_name = undef, Optional[String] $service_reload = undef, ) { assert_private() if ( versioncmp($::puppetversion, '6' ) >= 0 and versioncmp(load_module_metadata('stdlib')['version'], '5.1.0') < 0 ) { fail('You be affected by this bug: https://github.com/Icinga/puppet-icinga2/issues/505 so you should update your stdlib to version 5.1 or higher') } # Logon account on Windows if $facts['os']['kernel'] == 'windows' { - if $logon_account and versioncmp($puppetversion, '6.18.0') < 0 { + if $logon_account and versioncmp($::puppetversion, '6.18.0') < 0 { fail('Using logon_account requieres a Puppet version 6.18 or higher') } $_logonaccount = $logon_account } else { $_logonaccount = undef } $constants = lookup('icinga2::globals::constants', Hash, 'deep', {}) }