diff --git a/manifests/feature/elasticsearch.pp b/manifests/feature/elasticsearch.pp index 2d0f5b4..774de05 100644 --- a/manifests/feature/elasticsearch.pp +++ b/manifests/feature/elasticsearch.pp @@ -1,227 +1,228 @@ # @summary # Configures the Icinga 2 feature elasticsearch. # # @example # class { 'icinga2::feature::elasticsearch': # host => "10.10.0.15", # index => "icinga2" # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature elasticsearch, absent disables it. # # @param [Optional[Stdlib::Host]] host # Elasticsearch host address. # # @param [Optional[Stdlib::Port::Unprivileged]] port # Elasticsearch HTTP port. # # @param [Optional[String]] index # Elasticsearch index name. # # @param [Optional[String]] username # Elasticsearch user name. # # @param [Optional[String]] password # Elasticsearch user password. The password parameter isn't parsed anymore. # # @param [Optional[Boolean]] enable_ssl # Either enable or disable SSL. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Boolean]] ssl_noverify # Disable TLS peer verification. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in spicified ssl_key_path file. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded to store in spicified ssl_cert_path file. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded string to store in spicified ssl_cacert_path file. # # @param [Optional[Boolean]] enable_send_perfdata # Whether to send check performance data metrics. # # @param [Optional[Icinga2::Interval]] flush_interval # How long to buffer data points before transferring to Elasticsearch. # # @param [Optional[Integer]] flush_threshold # How many data points to buffer before forcing a transfer to Elasticsearch. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # class icinga2::feature::elasticsearch( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port::Unprivileged] $port = undef, Optional[String] $index = undef, Optional[String] $username = undef, Optional[String] $password = undef, Optional[Boolean] $enable_ssl = undef, Optional[Boolean] $ssl_noverify = undef, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, Optional[Boolean] $enable_send_perfdata = undef, Optional[Icinga2::Interval] $flush_interval = undef, Optional[Integer] $flush_threshold = undef, Optional[Boolean] $enable_ha = undef, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $user = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } File { owner => $user, group => $group, } if $enable_ssl { $ssl_dir = $::icinga2::globals::cert_dir $_ssl_key_mode = $::facts['kernel'] ? { 'windows' => undef, default => '0600', } # Set defaults for certificate stuff and/or do validation if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/ElasticsearchWriter_elasticsearch.key" } $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: - ensure => file, - mode => $_ssl_key_mode, - content => $_ssl_key, - tag => 'icinga2::config::file', + ensure => file, + mode => $_ssl_key_mode, + content => $_ssl_key, + show_diff => false, + tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/ElasticsearchWriter_elasticsearch.crt" } $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $_ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/ElasticsearchWriter_elasticsearch_ca.crt" } $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $_ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } $attrs_ssl = { enable_tls => $enable_ssl, insecure_noverify => $ssl_noverify, ca_path => $_ssl_cacert_path, cert_path => $_ssl_cert_path, key_path => $_ssl_key_path, } } # enable_ssl else { $attrs_ssl = { enable_tls => $enable_ssl } } # The password parameter isn't parsed anymore. if $password { $_password = "-:\"${password}\"" } else { $_password = undef } $attrs = { host => $host, port => $port, index => $index, username => $username, password => $_password, enable_send_perfdata => $enable_send_perfdata, flush_interval => $flush_interval, flush_threshold => $flush_threshold, enable_ha => $enable_ha, } # create object icinga2::object { 'icinga2::object::ElasticsearchWriter::elasticsearch': object_name => 'elasticsearch', object_type => 'ElasticsearchWriter', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => keys($attrs), target => "${conf_dir}/features-available/elasticsearch.conf", notify => $_notify, order => 10, } # import library 'perfdata' concat::fragment { 'icinga2::feature::elasticsearch': target => "${conf_dir}/features-available/elasticsearch.conf", content => "library \"perfdata\"\n\n", order => '05', } icinga2::feature { 'elasticsearch': ensure => $ensure, } } diff --git a/manifests/feature/gelf.pp b/manifests/feature/gelf.pp index 1439e21..c6e544f 100644 --- a/manifests/feature/gelf.pp +++ b/manifests/feature/gelf.pp @@ -1,201 +1,202 @@ # @summary # Configures the Icinga 2 feature gelf. # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature gelf, absent disables it. # # @param [Optional[Stdlib::Host]] host # GELF receiver host address. # # @param [Optional[Stdlib::Port::Unprivileged]] port # GELF receiver port. # # @param [Optional[String]] source # Source name for this instance. # # @param [Boolean] enable_ssl # Either enable or disable SSL/TLS. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. Only valid if ssl is enabled. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. Only valid if ssl is enabled. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. Only valid if ssl is enabled. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in spicified ssl_key_path file. # Only valid if ssl is enabled. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in spicified ssl_cert_path file. # Only valid if ssl is enabled. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded string to store in spicified ssl_cacert_path file. # Only valid if ssl is enabled. # # @param [Optional[Boolean]] ssl_noverify # Disable TLS peer verification. # # @param [Optional[Boolean]] enable_send_perfdata # Enable performance data for 'CHECK RESULT' events. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # class icinga2::feature::gelf( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port::Unprivileged] $port = undef, Optional[String] $source = undef, Boolean $enable_ssl = false, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, Optional[Boolean] $ssl_noverify = undef, Optional[Boolean] $enable_send_perfdata = undef, Optional[Boolean] $enable_ha = undef, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $owner = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $ssl_dir = $::icinga2::globals::cert_dir $_ssl_key_mode = $::facts['os']['family'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } File { owner => $owner, group => $group, } if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/GelfWriter_gelf.key" } $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: - ensure => file, - mode => $_ssl_key_mode, - content => $ssl_key, - tag => 'icinga2::config::file', + ensure => file, + mode => $_ssl_key_mode, + content => $ssl_key, + show_diff => false, + tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/GelfWriter_gelf.crt" } $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/GelfWriter_gelf_ca.crt" } $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } $attrs_ssl = { enable_tls => $enable_ssl, insecure_noverify => $ssl_noverify, ca_path => $_ssl_cacert_path, cert_path => $_ssl_cert_path, key_path => $_ssl_key_path, } } # enable_ssl else { $attrs_ssl = { enable_tls => $enable_ssl } } # compose attributes $attrs = { host => $host, port => $port, source => $source, enable_send_perfdata => $enable_send_perfdata, enable_ha => $enable_ha, } # create object icinga2::object { 'icinga2::object::GelfWriter::gelf': object_name => 'gelf', object_type => 'GelfWriter', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => keys($attrs), target => "${conf_dir}/features-available/gelf.conf", order => 10, notify => $_notify, } # import library 'perfdata' concat::fragment { 'icinga2::feature::gelf': target => "${conf_dir}/features-available/gelf.conf", content => "library \"perfdata\"\n\n", order => '05', } # manage feature icinga2::feature { 'gelf': ensure => $ensure, } } diff --git a/manifests/feature/idomysql.pp b/manifests/feature/idomysql.pp index 9e0a188..106ec06 100644 --- a/manifests/feature/idomysql.pp +++ b/manifests/feature/idomysql.pp @@ -1,336 +1,337 @@ # @summary # Installs and configures the Icinga 2 feature ido-mysql. # # @example The ido-mysql featue requires an existing database and a user with permissions. This example uses the [puppetlabs/mysql](https://forge.puppet.com/puppetlabs/mysql) module. # include mysql::server # # mysql::db { 'icinga2': # user => 'icinga2', # password => 'supersecret', # host => 'localhost', # grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER'], # } # # class{ 'icinga2::feature::idomysql': # user => "icinga2", # password => "supersecret", # database => "icinga2", # import_schema => true, # require => Mysql::Db['icinga2'] # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature ido-mysql, absent disables it. # # @param [Stdlib::Host] host # MySQL database host address. # # @param [Optional[Stdlib::Port::Unprivileged]] port # MySQL database port. # # @param [Optional[Stdlib::Absolutepath]] socket_path # MySQL socket path. # # @param [String] user # MySQL database user with read/write permission to the icinga database. # # @param [String] password # MySQL database user's password. The password parameter isn't parsed anymore. # # @param [String] database # MySQL database name. # # @param [Boolean] enable_ssl # Either enable or disable SSL/TLS. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. Only valid if ssl is enabled. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. Only valid if ssl is enabled. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. Only valid if ssl is enabled. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in spicified ssl_key_path file. # Only valid if ssl is enabled. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in spicified ssl_cert_path file. # Only valid if ssl is enabled. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded string to store in spicified ssl_cacert_path file. # Only valid if ssl is enabled. # # @param [Optional[Stdlib::Absolutepath]] ssl_capath # MySQL SSL trusted SSL CA certificates in PEM format directory path. Only valid if ssl is enabled. # # @param [Optional[String]] ssl_cipher # MySQL SSL list of allowed ciphers. Only valid if ssl is enabled. # # @param [Optional[String]] table_prefix # MySQL database table prefix. # # @param [Optional[String]] instance_name # Unique identifier for the local Icinga 2 instance. # # @param [Optional[String]] instance_description # Description for the Icinga 2 instance. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # # @param [Optional[Icinga2::Interval]] failover_timeout # Set the failover timeout in a HA cluster. Must not be lower than 60s. # # @param [Optional[Icinga2::IdoCleanup]] cleanup # Hash with items for historical table cleanup. # # @param [Optional[Array]] categories # Array of information types that should be written to the database. # # @param [Boolean] import_schema # Whether to import the MySQL schema or not. # class icinga2::feature::idomysql( String $password, Enum['absent', 'present'] $ensure = present, Stdlib::Host $host = 'localhost', Optional[Stdlib::Port::Unprivileged] $port = undef, Optional[Stdlib::Absolutepath] $socket_path = undef, String $user = 'icinga', String $database = 'icinga', Boolean $enable_ssl = false, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, Optional[Stdlib::Absolutepath] $ssl_capath = undef, Optional[String] $ssl_cipher = undef, Optional[String] $table_prefix = undef, Optional[String] $instance_name = undef, Optional[String] $instance_description = undef, Optional[Boolean] $enable_ha = undef, Optional[Icinga2::Interval] $failover_timeout = undef, Optional[Icinga2::IdoCleanup] $cleanup = undef, Optional[Array] $categories = undef, Boolean $import_schema = false, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $owner = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $ssl_dir = $::icinga2::globals::cert_dir $ido_mysql_package_name = $::icinga2::globals::ido_mysql_package_name $ido_mysql_schema = $::icinga2::globals::ido_mysql_schema $manage_package = $::icinga2::manage_package $manage_packages = $::icinga2::manage_packages $_ssl_key_mode = $::facts['os']['family'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } # to build mysql exec command to import schema if $import_schema { $_mysql_options = join(any2array(delete_undef_values({ '-h' => $host ? { /localhost/ => undef, default => $host, }, '-P' => $port, '-u' => $user, })), ' ') } File { owner => $owner, group => $group, } if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/IdoMysqlConnection_ido-mysql.key" } $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: - ensure => file, - mode => $_ssl_key_mode, - content => $ssl_key, - tag => 'icinga2::config::file', + ensure => file, + mode => $_ssl_key_mode, + content => $ssl_key, + show_diff => false, + tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/IdoMysqlConnection_ido-mysql.crt" } $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/IdoMysqlConnection_ido-mysql_ca.crt" } $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } if $import_schema { if $enable_ssl { $_ssl_options = join(any2array(delete_undef_values({ '--ssl' => '', '--ssl-ca' => $_ssl_cacert_path, '--ssl-cert' => $_ssl_cert_path, '--ssl-key' => $_ssl_key_path, '--ssl-capath' => $ssl_capath, '--ssl-cipher' => $ssl_cipher, })), ' ') } else { $_ssl_options = '' } # set cli options for mysql connection via tls $_mysql_command = "mysql ${_mysql_options} -p'${password}' ${_ssl_options} ${database}" } $attrs_ssl = { enable_ssl => $enable_ssl, ssl_ca => $_ssl_cacert_path, ssl_cert => $_ssl_cert_path, ssl_key => $_ssl_key_path, ssl_capath => $ssl_capath, ssl_cipher => $ssl_cipher, } } # enable_ssl else { # set cli options for mysql connection if $import_schema { $_mysql_command = "mysql ${_mysql_options} -p'${password}' ${database}" } $attrs_ssl = { enable_ssl => $enable_ssl } } $attrs = { host => $host, port => $port, socket_path => $socket_path, user => $user, password => "-:\"${password}\"", # The password parameter isn't parsed anymore. database => $database, table_prefix => $table_prefix, instance_name => $instance_name, instance_description => $instance_description, enable_ha => $enable_ha, failover_timeout => $failover_timeout, cleanup => $cleanup, categories => $categories, } # install additional package if $ido_mysql_package_name and ($manage_package or $manage_packages) { if $::facts['os']['family'] == 'debian' { ensure_resources('file', { '/etc/dbconfig-common' => { ensure => directory, owner => 'root', group => 'root' } }) file { "/etc/dbconfig-common/${ido_mysql_package_name}.conf": ensure => file, content => "dbc_install='false'\ndbc_upgrade='false'\ndbc_remove='false'\n", owner => 'root', group => 'root', mode => '0600', before => Package[$ido_mysql_package_name], } } # Debian package { $ido_mysql_package_name: ensure => installed, before => Icinga2::Feature['ido-mysql'], } } # import db schema if $import_schema { if $ido_mysql_package_name and ($manage_package or $manage_packages) { Package[$ido_mysql_package_name] -> Exec['idomysql-import-schema'] } exec { 'idomysql-import-schema': user => 'root', path => $::facts['path'], command => "${_mysql_command} < \"${ido_mysql_schema}\"", unless => "${_mysql_command} -Ns -e 'select version from icinga_dbversion'", } } # create object icinga2::object { 'icinga2::object::IdoMysqlConnection::ido-mysql': object_name => 'ido-mysql', object_type => 'IdoMysqlConnection', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => concat(keys($attrs), keys($attrs_ssl)), target => "${conf_dir}/features-available/ido-mysql.conf", order => 10, notify => $_notify, } # import library concat::fragment { 'icinga2::feature::ido-mysql': target => "${conf_dir}/features-available/ido-mysql.conf", content => "library \"db_ido_mysql\"\n\n", order => '05', } icinga2::feature { 'ido-mysql': ensure => $ensure, } } diff --git a/manifests/feature/idopgsql.pp b/manifests/feature/idopgsql.pp index 87300c2..dab051a 100644 --- a/manifests/feature/idopgsql.pp +++ b/manifests/feature/idopgsql.pp @@ -1,289 +1,290 @@ # @summary # Installs and configures the Icinga 2 feature ido-pgsql. # # @example The ido-pgsql featue requires an existing database and a user with permissions. This example uses the [puppetlab/postgresql](https://forge.puppet.com/puppetlabs/postgresql) module. # include icinga2 # include postgresql::server # # postgresql::server::db { 'icinga2': # user => 'icinga2', # password => postgresql_password('icinga2', 'supersecret'), # } # # class{ 'icinga2::feature::idopgsql': # user => 'icinga2', # password => 'supersecret', # database => 'icinga2', # import_schema => true, # require => Postgresql::Server::Db['icinga2'] # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature ido-pgsql, absent disables it. # # @param [Stdlib::Host] host # PostgreSQL database host address. # # @param [Stdlib::Port::Unprivileged] port # PostgreSQL database port. # # @param [String] user # PostgreSQL database user with read/write permission to the icinga database. # # @param [String] password # PostgreSQL database user's password. The password parameter isn't parsed anymore. # # @param [String] database # PostgreSQL database name. # # @param [Optional[Enum[disable', 'allow', 'prefer', 'verify-full', 'varify-ca', 'require']]] ssl_mode # Enable SSL connection mode. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in spicified ssl_key_path file. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in spicified ssl_cert_path file. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded string to store in spicified ssl_cacert_path file. # # @param [Optional[String]] table_prefix # PostgreSQL database table prefix. # # @param [Optional[String]] instance_name # Unique identifier for the local Icinga 2 instance. # # @param [Optional[String]] instance_description # Description of the Icinga 2 instance. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # # @param [Optional[Icinga2::Interval]] failover_timeout # Set the failover timeout in a HA cluster. Must not be lower than 60s. # # @param [Optional[Icinga2::IdoCleanup]] cleanup # Hash with items for historical table cleanup. # # @param [Optional[Array]] categories # Array of information types that should be written to the database. # # @param [Boolean] import_schema # Whether to import the PostgreSQL schema or not. # class icinga2::feature::idopgsql( String $password, Enum['absent', 'present'] $ensure = present, Stdlib::Host $host = 'localhost', Stdlib::Port::Unprivileged $port = 5432, String $user = 'icinga', String $database = 'icinga', Optional[Enum[ 'disable', 'allow', 'prefer', 'verify-full', 'verify-ca', 'require']] $ssl_mode = undef, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, Optional[String] $table_prefix = undef, Optional[String] $instance_name = undef, Optional[String] $instance_description = undef, Optional[Boolean] $enable_ha = undef, Optional[Icinga2::Interval] $failover_timeout = undef, Optional[Icinga2::IdoCleanup] $cleanup = undef, Optional[Array] $categories = undef, Boolean $import_schema = false, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $owner = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $ssl_dir = $::icinga2::globals::cert_dir $ido_pgsql_package_name = $::icinga2::globals::ido_pgsql_package_name $ido_pgsql_schema = $::icinga2::globals::ido_pgsql_schema $manage_package = $::icinga2::manage_package $manage_packages = $::icinga2::manage_packages $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } $_ssl_key_mode = $::facts['os']['family'] ? { 'windows' => undef, default => '0600', } File { owner => $owner, group => $group, } # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/IdoPgsqlConnection_ido-pgsql.key" } $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: - ensure => file, - mode => $_ssl_key_mode, - content => $ssl_key, - tag => 'icinga2::config::file', + ensure => file, + mode => $_ssl_key_mode, + content => $ssl_key, + show_diff => false, + tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/IdoPgsqlConnection_ido-pgsql.crt" } $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/IdoPgsqlConnection_ido-pgsql_ca.crt" } $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } $attrs = { host => $host, port => $port, user => $user, password => "-:\"${password}\"", # The password parameter isn't parsed anymore. database => $database, ssl_mode => $ssl_mode, ssl_key => $_ssl_key_path, ssl_cert => $_ssl_cert_path, ssl_ca => $_ssl_cacert_path, table_prefix => $table_prefix, instance_name => $instance_name, instance_description => $instance_description, enable_ha => $enable_ha, failover_timeout => $failover_timeout, cleanup => $cleanup, categories => $categories, } # install additional package if $ido_pgsql_package_name and ($manage_package or $manage_packages) { if $::facts['os']['family'] == 'debian' { ensure_resources('file', { '/etc/dbconfig-common' => { ensure => directory, owner => 'root', group => 'root' } }) file { "/etc/dbconfig-common/${ido_pgsql_package_name}.conf": ensure => file, content => "dbc_install='false'\ndbc_upgrade='false'\ndbc_remove='false'\n", owner => 'root', group => 'root', mode => '0600', before => Package[$ido_pgsql_package_name], } } # Debian package { $ido_pgsql_package_name: ensure => installed, before => Icinga2::Feature['ido-pgsql'], } } # import db schema if $import_schema { if $ido_pgsql_package_name and ($manage_package or $manage_packages) { Package[$ido_pgsql_package_name] -> Exec['idopgsql-import-schema'] } $_connection = regsubst(join(any2array(delete_undef_values({ 'host=' => $host, 'sslmode=' => $ssl_mode, 'sslcert=' => $_ssl_cert_path, 'sslkey=' => $_ssl_key_path, 'sslrootcert=' => $_ssl_cacert_path, 'user=' => $user, 'port=' => $port, 'dbname=' => $database, })), ' '), '= ', '=', 'G') exec { 'idopgsql-import-schema': user => 'root', path => $::facts['path'], environment => ["PGPASSWORD=${password}"], command => "psql '${_connection}' -w -f '${ido_pgsql_schema}'", unless => "psql '${_connection}' -w -c 'select version from icinga_dbversion'", } } # create object icinga2::object { 'icinga2::object::IdoPgsqlConnection::ido-pgsql': object_name => 'ido-pgsql', object_type => 'IdoPgsqlConnection', attrs => delete_undef_values($attrs), attrs_list => keys($attrs), target => "${conf_dir}/features-available/ido-pgsql.conf", order => 10, notify => $_notify, } # import library concat::fragment { 'icinga2::feature::ido-pgsql': target => "${conf_dir}/features-available/ido-pgsql.conf", content => "library \"db_ido_pgsql\"\n\n", order => '05', } icinga2::feature { 'ido-pgsql': ensure => $ensure, } } diff --git a/manifests/feature/influxdb.pp b/manifests/feature/influxdb.pp index 91b146d..4ab63be 100644 --- a/manifests/feature/influxdb.pp +++ b/manifests/feature/influxdb.pp @@ -1,259 +1,260 @@ # @summary # Configures the Icinga 2 feature influxdb. # # @example # class { 'icinga2::feature::influxdb': # host => "10.10.0.15", # username => "icinga2", # password => "supersecret", # database => "icinga2" # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature influxdb, absent disables it. # # @param [Optional[Stdlib::Host]] host # InfluxDB host address. # # @param [Optional[Stdlib::Port]] port # InfluxDB HTTP port. # # @param [Optional[String]] database # InfluxDB database name. # # @param [Optional[String]] username # InfluxDB user name. # # @param [Optional[String]] password # InfluxDB user password. The password parameter isn't parsed anymore. # # @param [Optional[Hash[Enum['username', 'password'], String]]] basic_auth # Username and password for HTTP basic authentication. # # @param [Optional[Boolean]] enable_ssl # Either enable or disable SSL. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Boolean]] ssl_noverify # Disable TLS peer verification. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in ssl_key_path file. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in ssl_cert_path file. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded to store in ssl_cacert_path file. # # @param [String] host_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] host_tags # Tags defined in this hash will be set in the host_template. # # @param [String] service_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] service_tags # Tags defined in this hash will be set in the service_template. # # @param [Optional[Boolean]] enable_send_thresholds # Whether to send warn, crit, min & max tagged data. # # @param [Optional[Boolean]] enable_send_metadata # Whether to send check metadata e.g. states, execution time, latency etc. # # @param [Optional[Icinga2::Interval]] flush_interval # How long to buffer data points before transfering to InfluxDB. # # @param [Optional[Integer[1]]] flush_threshold # How many data points to buffer before forcing a transfer to InfluxDB. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # class icinga2::feature::influxdb( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port] $port = undef, Optional[String] $database = undef, Optional[String] $username = undef, Optional[String] $password = undef, Optional[Hash[Enum['username', 'password'], String]] $basic_auth = undef, Optional[Boolean] $enable_ssl = undef, Optional[Boolean] $ssl_noverify = undef, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, String $host_measurement = '$host.check_command$', Hash $host_tags = { hostname => '$host.name$' }, String $service_measurement = '$service.check_command$', Hash $service_tags = { hostname => '$host.name$', service => '$service.name$' }, Optional[Boolean] $enable_send_thresholds = undef, Optional[Boolean] $enable_send_metadata = undef, Optional[Icinga2::Interval] $flush_interval = undef, Optional[Integer[1]] $flush_threshold = undef, Optional[Boolean] $enable_ha = undef, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $user = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $ssl_dir = $::icinga2::globals::cert_dir $_ssl_key_mode = $::facts['kernel'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } File { owner => $user, group => $group, } $host_template = { measurement => $host_measurement, tags => $host_tags } $service_template = { measurement => $service_measurement, tags => $service_tags} if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/InfluxdbWriter_influxdb.key" } $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: - ensure => file, - mode => $_ssl_key_mode, - content => $_ssl_key, - tag => 'icinga2::config::file', + ensure => file, + mode => $_ssl_key_mode, + content => $_ssl_key, + show_diff => false, + tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/InfluxdbWriter_influxdb.crt" } $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $_ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/InfluxdbWriter_influxdb_ca.crt" } $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $_ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } $attrs_ssl = { ssl_enable => $enable_ssl, ssl_insecure_noverify => $ssl_noverify, ssl_ca_cert => $_ssl_cacert_path, ssl_cert => $_ssl_cert_path, ssl_key => $_ssl_key_path, } } # enable_ssl else { $attrs_ssl = { ssl_enable => $enable_ssl } } # The password parameter isn't parsed anymore. if $password { $_password = "-:\"${password}\"" } else { $_password = undef } $attrs = { host => $host, port => $port, database => $database, username => $username, password => $_password, basic_auth => $basic_auth, host_template => $host_template, service_template => $service_template, enable_send_thresholds => $enable_send_thresholds, enable_send_metadata => $enable_send_metadata, flush_interval => $flush_interval, flush_threshold => $flush_threshold, enable_ha => $enable_ha, } # create object icinga2::object { 'icinga2::object::InfluxdbWriter::influxdb': object_name => 'influxdb', object_type => 'InfluxdbWriter', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => keys($attrs), target => "${conf_dir}/features-available/influxdb.conf", notify => $_notify, order => 10, } # import library 'perfdata' concat::fragment { 'icinga2::feature::influxdb': target => "${conf_dir}/features-available/influxdb.conf", content => "library \"perfdata\"\n\n", order => '05', } icinga2::feature { 'influxdb': ensure => $ensure, } } diff --git a/manifests/feature/influxdb2.pp b/manifests/feature/influxdb2.pp index 3f7d61e..85fd443 100644 --- a/manifests/feature/influxdb2.pp +++ b/manifests/feature/influxdb2.pp @@ -1,240 +1,241 @@ # @summary # Configures the Icinga 2 feature influxdb2. # # @example # class { 'icinga2::feature::influxdb2': # host => "10.10.0.15", # organization => "ICINGA", # bucket => "icinga2", # auth_token => "supersecret", # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature influxdb, absent disables it. # # @param [Optional[Stdlib::Host]] host # InfluxDB host address. # # @param [Optional[Stdlib::Port]] port # InfluxDB HTTP port. # # @param [String] organization # InfluxDB organization name. # # @param [String] bucket # InfluxDB bucket name. # # @param [String] auth_token # InfluxDB authentication token. # # @param [Optional[Boolean]] enable_ssl # Either enable or disable SSL. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Boolean]] ssl_noverify # Disable TLS peer verification. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in ssl_key_path file. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in ssl_cert_path file. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded to store in ssl_cacert_path file. # # @param [String] host_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] host_tags # Tags defined in this hash will be set in the host_template. # # @param [String] service_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] service_tags # Tags defined in this hash will be set in the service_template. # # @param [Optional[Boolean]] enable_send_thresholds # Whether to send warn, crit, min & max tagged data. # # @param [Optional[Boolean]] enable_send_metadata # Whether to send check metadata e.g. states, execution time, latency etc. # # @param [Optional[Icinga2::Interval]] flush_interval # How long to buffer data points before transfering to InfluxDB. # # @param [Optional[Integer[1]]] flush_threshold # How many data points to buffer before forcing a transfer to InfluxDB. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # class icinga2::feature::influxdb2( String $organization, String $bucket, String $auth_token, Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port] $port = undef, Optional[Boolean] $enable_ssl = undef, Optional[Boolean] $ssl_noverify = undef, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, String $host_measurement = '$host.check_command$', Hash $host_tags = { hostname => '$host.name$' }, String $service_measurement = '$service.check_command$', Hash $service_tags = { hostname => '$host.name$', service => '$service.name$' }, Optional[Boolean] $enable_send_thresholds = undef, Optional[Boolean] $enable_send_metadata = undef, Optional[Icinga2::Interval] $flush_interval = undef, Optional[Integer[1]] $flush_threshold = undef, Optional[Boolean] $enable_ha = undef, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $user = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $ssl_dir = $::icinga2::globals::cert_dir $_ssl_key_mode = $::facts['kernel'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } File { owner => $user, group => $group, } $host_template = { measurement => $host_measurement, tags => $host_tags } $service_template = { measurement => $service_measurement, tags => $service_tags} if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/Influxdb2Writer_influxdb2.key" } $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: - ensure => file, - mode => $_ssl_key_mode, - content => $_ssl_key, - tag => 'icinga2::config::file', + ensure => file, + mode => $_ssl_key_mode, + content => $_ssl_key, + show_diff => false, + tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/Influxdb2Writer_influxdb2.crt" } $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $_ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/Influxdb2Writer_influxdb2_ca.crt" } $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $_ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } $attrs_ssl = { ssl_enable => $enable_ssl, ssl_insecure_noverify => $ssl_noverify, ssl_ca_cert => $_ssl_cacert_path, ssl_cert => $_ssl_cert_path, ssl_key => $_ssl_key_path, } } # enable_ssl else { $attrs_ssl = { ssl_enable => $enable_ssl } } $attrs = { host => $host, port => $port, organization => $organization, bucket => $bucket, auth_token => "-:\"${auth_token}\"", host_template => $host_template, service_template => $service_template, enable_send_thresholds => $enable_send_thresholds, enable_send_metadata => $enable_send_metadata, flush_interval => $flush_interval, flush_threshold => $flush_threshold, enable_ha => $enable_ha, } # create object icinga2::object { 'icinga2::object::Influxdb2Writer::influxdb2': object_name => 'influxdb2', object_type => 'Influxdb2Writer', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => keys($attrs), target => "${conf_dir}/features-available/influxdb2.conf", notify => $_notify, order => 10, } icinga2::feature { 'influxdb2': ensure => $ensure, } }