diff --git a/examples/init_worker.pp b/examples/init_worker.pp index 9805a5a..ce534e5 100644 --- a/examples/init_worker.pp +++ b/examples/init_worker.pp @@ -1,33 +1,32 @@ $server_cert = 'server.localdomain' $server_ip = '192.168.5.23' class { '::icinga2': manage_repos => true, constants => { 'NodeName' => 'worker.localdomain', }, } class { '::icinga2::feature::api': pki => 'icinga2', ca_host => $server_ip, -# ticket_salt => Sensitive('5a3d695b8aef8f18452fc494593056a4'), - ticket_salt => '5a3d695b8aef8f18452fc494593056a4', + ticket_salt => Sensitive('5a3d695b8aef8f18452fc494593056a4'), accept_config => true, accept_commands => true, endpoints => { 'NodeName' => {}, "${server_cert}" => { 'host' => $server_ip, } }, zones => { 'ZoneName' => { 'endpoints' => [ 'NodeName' ], 'parent' => 'main', }, - 'main' => { + 'main' => { 'endpoints' => [ $server_cert ], }, } } diff --git a/examples/init_worker_validate.pp b/examples/init_worker_validate.pp index 2ff6844..78e3bce 100644 --- a/examples/init_worker_validate.pp +++ b/examples/init_worker_validate.pp @@ -1,36 +1,36 @@ $server_cert = 'server.localdomain' $server_ip = '192.168.5.23' # get it on CA host 'openssl x509 -noout -fingerprint -sha256 -inform pem -in /var/lib/icinga2/certs/server.localdomain.crt' $fingerprint = 'D8:98:82:1B:14:8A:6A:89:4B:7A:40:32:50:68:01:D8:98:82:1B:14:8A:6A:89:4B:7A:40:32:99:3D:96:72:72' class { '::icinga2': manage_repos => true, constants => { 'NodeName' => 'worker.localdomain', }, } class { '::icinga2::feature::api': pki => 'icinga2', ca_host => $server_ip, ticket_salt => '5a3d695b8aef8f18452fc494593056a4', accept_config => true, accept_commands => true, endpoints => { 'NodeName' => {}, "${server_cert}" => { 'host' => $server_ip, } }, zones => { 'ZoneName' => { 'endpoints' => [ 'NodeName' ], 'parent' => 'main', }, - 'main' => { + 'main' => { 'endpoints' => [ $server_cert ], }, }, fingerprint => $fingerprint, } diff --git a/spec/classes/idomysql_spec.rb b/spec/classes/idomysql_spec.rb index 38b4dfb..a994c10 100644 --- a/spec/classes/idomysql_spec.rb +++ b/spec/classes/idomysql_spec.rb @@ -1,247 +1,247 @@ require 'spec_helper' describe('icinga2::feature::idomysql', type: :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], constants => {'NodeName' => 'host.example.org'} }", ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do case facts[:kernel] when 'windows' facts.merge( { icinga2_puppet_hostcert: 'C:/ProgramData/PuppetLabs/puppet/ssl/certs/host.example.org.pem', icinga2_puppet_hostprivkey: 'C:/ProgramData/PuppetLabs/puppet/ssl/private_keys/host.example.org.pem', icinga2_puppet_localcacert: 'C:/ProgramData/PuppetLabs/var/lib/puppet/ssl/certs/ca.pem', }, ) else facts.merge( { icinga2_puppet_hostcert: '/etc/puppetlabs/puppet/ssl/certs/host.example.org.pem', icinga2_puppet_hostprivkey: '/etc/puppetlabs/puppet/ssl/private_keys/host.example.org.pem', icinga2_puppet_localcacert: '/etc/lib/puppetlabs/puppet/ssl/certs/ca.pem', }, ) end end case facts[:kernel] when 'windows' let(:icinga2_conf_dir) { 'C:/ProgramData/icinga2/etc/icinga2' } let(:icinga2_pki_dir) { 'C:/ProgramData/icinga2/var/lib/icinga2/certs' } let(:ido_mysql_schema_dir) { 'C:/Program Files/icinga2/usr/share/icinga2-ido-mysql/schema' } let(:icinga2_sslkey_mode) { nil } let(:icinga2_user) { nil } let(:icinga2_group) { nil } when 'FreeBSD' let(:icinga2_conf_dir) { '/usr/local/etc/icinga2' } let(:icinga2_pki_dir) { '/var/lib/icinga2/certs' } let(:ido_mysql_schema_dir) { '/usr/local/share/icinga2-ido-mysql/schema' } let(:icinga2_sslkey_mode) { '0600' } let(:icinga2_user) { 'icinga' } let(:icinga2_group) { 'icinga' } else let(:icinga2_conf_dir) { '/etc/icinga2' } let(:icinga2_pki_dir) { '/var/lib/icinga2/certs' } let(:ido_mysql_schema_dir) { '/usr/share/icinga2-ido-mysql/schema' } let(:icinga2_sslkey_mode) { '0600' } case facts[:os]['family'] when 'Debian' let(:icinga2_user) { 'nagios' } let(:icinga2_group) { 'nagios' } else let(:icinga2_user) { 'icinga' } let(:icinga2_group) { 'icinga' } end end context 'with defaults' do let(:params) do { password: 'foo', } end if facts[:kernel] == 'Linux' it { is_expected.to contain_package('icinga2-ido-mysql').with({ 'ensure' => 'installed' }) } end if facts[:os]['family'] == 'Debian' it { is_expected.to contain_file('/etc/dbconfig-common/icinga2-ido-mysql.conf').with( { 'ensure' => 'file', 'owner' => 'root', 'group' => 'root', }, ) } end it { is_expected.to contain_icinga2__feature('ido-mysql').with({ 'ensure' => 'present' }) } it { is_expected.to contain_icinga2__object('icinga2::object::IdoMysqlConnection::ido-mysql').with( { 'target' => "#{icinga2_conf_dir}/features-available/ido-mysql.conf" }, ).that_notifies('Class[icinga2::service]') } it { is_expected.to contain_concat__fragment('icinga2::feature::ido-mysql').with( { 'target' => "#{icinga2_conf_dir}/features-available/ido-mysql.conf", 'order' => '05', }, ).with_content(%r{library \"db_ido_mysql\"$}) } end context 'with ensure => absent' do let(:params) do { ensure: 'absent', password: 'foo', } end it { is_expected.to contain_icinga2__feature('ido-mysql').with({ 'ensure' => 'absent' }) } end context 'with import_schema => true' do let(:params) do { import_schema: true, password: 'foo', } end it { is_expected.to contain_exec('idomysql-import-schema').with( { user: 'root', command: "mysql -u icinga -p'foo' icinga < \"#{ido_mysql_schema_dir}/mysql.sql\"", }, ) } end if facts[:kernel] == 'Linux' context 'with icinga2::manage_packages => false' do let(:params) do { password: 'foo', } end let(:pre_condition) do [ "class { 'icinga2': features => [], manage_packages => false }", ] end it { is_expected.not_to contain_package('icinga2').with({ 'ensure' => 'installed' }) } it { is_expected.not_to contain_package('icinga2-ido-mysql').with({ 'ensure' => 'installed' }) } end end context "with enable_ssl => true, host => '127.0.0.1', port => 3306, import_schema => true, ssl_key => 'foo', ssl_cert => 'bar', ssl_cacert => 'baz'" do let(:params) do { enable_ssl: true, ssl_key: 'foo', ssl_cert: 'bar', ssl_cacert: 'baz', host: '127.0.0.1', port: 3306, import_schema: true, password: 'foo', } end it { is_expected.to contain_file("#{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key").with( { 'mode' => icinga2_sslkey_mode, 'owner' => icinga2_user, 'group' => icinga2_group, }, ).with_content(%r{^foo}) } it { is_expected.to contain_file("#{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt").with( { 'owner' => icinga2_user, 'group' => icinga2_group, }, ).with_content(%r{^bar$}) } it { is_expected.to contain_file("#{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt").with( { 'owner' => icinga2_user, 'group' => icinga2_group, }, ).with_content(%r{^baz$}) } it { is_expected.to contain_exec('idomysql-import-schema').with( { 'user' => 'root', - 'command' => "mysql -h 127.0.0.1 -P 3306 -u icinga -p'foo' --ssl-ca #{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt" \ + 'command' => "mysql -h 127.0.0.1 -P 3306 -u icinga -p'foo' --ssl --ssl-ca #{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt" \ " --ssl-cert #{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt --ssl-key #{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key icinga < \"#{ido_mysql_schema_dir}/mysql.sql\"", }, ) } end context 'with enable_ssl => true, import_schema => true, ssl_key_path, ssl_cert_path and ssl_cacert_path set' do let(:params) do { enable_ssl: true, ssl_key_path: "#{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key", ssl_cert_path: "#{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt", ssl_cacert_path: "#{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt", import_schema: true, password: 'foo', } end it { is_expected.to contain_concat__fragment('icinga2::object::IdoMysqlConnection::ido-mysql').with_content( %r{ssl_key = "#{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key"}, ) } it { is_expected.to contain_concat__fragment('icinga2::object::IdoMysqlConnection::ido-mysql').with_content( %r{ssl_cert = "#{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt"}, ) } it { is_expected.to contain_concat__fragment('icinga2::object::IdoMysqlConnection::ido-mysql').with_content( %r{ssl_ca = "#{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt"}, ) } it { is_expected.to contain_exec('idomysql-import-schema').with( { 'user' => 'root', - 'command' => "mysql -u icinga -p'foo' --ssl-ca #{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt" \ + 'command' => "mysql -u icinga -p'foo' --ssl --ssl-ca #{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt" \ " --ssl-cert #{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt --ssl-key #{icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key icinga < \"#{ido_mysql_schema_dir}/mysql.sql\"", }, ) } end end end end