diff --git a/manifests/config.pp b/manifests/config.pp index 4fc9c73..26e80de 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,50 +1,50 @@ # @summary # This class exists to manage general configuration files needed by Icinga 2 to run. # # @api private # class icinga2::config { assert_private() $constants = prefix($::icinga2::_constants, 'const ') $conf_dir = $::icinga2::globals::conf_dir $user = $::icinga2::globals::user $group = $::icinga2::globals::group $plugins = $::icinga2::plugins $confd = $::icinga2::_confd $purge_features = $::icinga2::purge_features - if $::kernel != 'windows' { + if $::facts['kernel'] != 'windows' { $template_constants = icinga2_attributes($constants) $template_mainconfig = template('icinga2/icinga2.conf.erb') $file_permissions = '0640' } else { $template_constants = regsubst(icinga2_attributes($constants), '\n', "\r\n", 'EMG') $template_mainconfig = regsubst(template('icinga2/icinga2.conf.erb'), '\n', "\r\n", 'EMG') $file_permissions = undef } File { owner => $user, group => $group, mode => $file_permissions, } file { "${conf_dir}/constants.conf": ensure => file, content => $template_constants, } file { "${conf_dir}/icinga2.conf": ensure => file, content => $template_mainconfig, } file { "${conf_dir}/features-enabled": ensure => directory, purge => $purge_features, recurse => $purge_features, } } diff --git a/manifests/config/fragment.pp b/manifests/config/fragment.pp index 090054b..202480a 100644 --- a/manifests/config/fragment.pp +++ b/manifests/config/fragment.pp @@ -1,73 +1,73 @@ # @summary # Set a code fragment in a target configuration file. # # @example To create a custom configuration add content to a specified target at the position you set in the order parameter. You can use also templates to add content. # include ::icinga2 # # icinga2::object::service { 'load': # display_name => 'Load', # apply => true, # check_command => 'load', # assign => ['vars.os == Linux'], # target => '/etc/icinga2/conf.d/service_load.conf', # order => 30, # } # # icinga2::config::fragment { 'load-function': # target => '/etc/icinga2/conf.d/service_load.conf', # order => 10, # content => 'vars.load_wload1 = {{ # if (get_time_period("backup").is_inside) { # return 20 # } else { # return 5 # } # }}', # } # # @param [String] content # Content to insert in file specified in target. # # @param [Stdlib::Absolutepath]target # Destination config file to store in this fragment. File will be declared the # first time. # # @param [Variant[String, Integer]] order # String or integer to set the position in the target file, sorted in alpha numeric order. Defaults to `00`. # define icinga2::config::fragment( String $content, Stdlib::Absolutepath $target, String $code_name = $title, Variant[String, Integer] $order = '00', ) { - case $::osfamily { + case $::facts['os']['family'] { 'windows': { $_content = regsubst($content, '\n', "\r\n", 'EMG') } # windows default: { Concat { owner => $::icinga2::globals::user, group => $::icinga2::globals::group, mode => '0640', } $_content = $content } # default } if !defined(Concat[$target]) { concat { $target: ensure => present, tag => 'icinga2::config::file', warn => true, } } concat::fragment { "icinga2::config::${code_name}": target => $target, content => $_content, order => $order, } } diff --git a/manifests/feature.pp b/manifests/feature.pp index 90629ae..46e3aa7 100644 --- a/manifests/feature.pp +++ b/manifests/feature.pp @@ -1,47 +1,47 @@ # @summary # Private define resource to used by this module only. # # @api private # define icinga2::feature( Enum['absent', 'present'] $ensure = present, String $feature = $title, ) { assert_private() $user = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir - if $::osfamily != 'windows' { + if $::facts['os']['family'] != 'windows' { $_ensure = $ensure ? { 'present' => link, default => absent, } file { "${conf_dir}/features-enabled/${feature}.conf": ensure => $_ensure, owner => $user, group => $group, target => "../features-available/${feature}.conf", require => Concat["${conf_dir}/features-available/${feature}.conf"], notify => Class['::icinga2::service'], } } else { $_ensure = $ensure ? { 'present' => file, default => absent, } file { "${conf_dir}/features-enabled/${feature}.conf": ensure => $_ensure, owner => $user, group => $group, content => "include \"../features-available/${feature}.conf\"\r\n", require => Concat["${conf_dir}/features-available/${feature}.conf"], notify => Class['::icinga2::service'], } } } diff --git a/manifests/feature/api.pp b/manifests/feature/api.pp index 92b7c8c..f225c22 100644 --- a/manifests/feature/api.pp +++ b/manifests/feature/api.pp @@ -1,376 +1,376 @@ # @summary # Configures the Icinga 2 feature api. # # @example Use the puppet certificates and key copy these files to the cert directory named to 'hostname.key', 'hostname.crt' and 'ca.crt' if the contant NodeName is set to 'hostname'. # include ::icinga2::feature::api # # @example To use your own certificates and key as file resources if the contant NodeName is set to fqdn (default) do: # class { 'icinga2::feature::api': # pki => 'none', # } # # File { # owner => 'icinga', # group => 'icinga', # } # # file { "/var/lib/icinga2/certs/${::fqdn}.key": # ensure => file, # tag => 'icinga2::config::file', # source => "puppet:///modules/profiles/private_keys/${::fqdn}.key", # } # ... # # @example If you like to manage the certificates and the key as strings in base64 encoded format: # class { 'icinga2::feature::api': # pki => 'none', # ssl_cacert => '-----BEGIN CERTIFICATE----- ...', # ssl_key => '-----BEGIN RSA PRIVATE KEY----- ...', # ssl_cert => '-----BEGIN CERTIFICATE----- ...', # } # # @example Fine tune TLS settings # class { '::icinga2::feature::api': # ssl_protocolmin => 'TLSv1.2', # ssl_cipher_list => 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', # } # # @example Transfer a CA certificate and key from an existing CA by using the file resource: # include ::icinga2 # # file { '/var/lib/icinga2/ca/ca.crt': # source => '...', # tag => 'icinga2::config::file', # } # # file { '/var/lib/icinga2/ca/ca.key': # source => '...', # tag => 'icinga2::config::file', # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature api, absent disabled it. # # @param [Enum['ca', 'icinga2', 'none', 'puppet']] pki # Provides multiple sources for the certificate, key and ca. # - puppet: Copies the key, cert and CAcert from the Puppet ssl directory to the cert directory # /var/lib/icinga2/certs on Linux and C:/ProgramData/icinga2/var/lib/icinga2/certs on Windows. # - icinga2: Uses the icinga2 CLI to generate a Certificate Request and Key to obtain a signed # Certificate from 'ca_host' using the icinga2 ticket mechanism. # In case the 'ticket_salt' has been configured the ticket_id will be generated # by the module in a custom function that imitates the icinga ticket generation. # The 'ticket_id' parameter can be used to directly set an ticket_id. # - none: Does nothing and you either have to manage the files yourself as file resources # or use the ssl_key, ssl_cert, ssl_cacert parameters. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in cert directory. This parameter # requires pki to be set to 'none'. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in cert directory This parameter # requires pki to be set to 'none'. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded string to store in cert directory. This parameter # requires pki to be set to 'none'. # # @param [Optional[Stdlib::Absolutepath]] ssl_crl # Optional location of the certificate revocation list. # # @param [Optional[Boolean]] accept_config # Accept zone configuration. # # @param [Optional[Boolean]] accept_commands # Accept remote commands. # # @param [Optional[Integer[0]]] max_anonymous_clients # Limit the number of anonymous client connections (not configured endpoints and signing requests). # # @param [Optional[Stdlib::Host]] ca_host # This host will be connected to request the certificate. Set this if you use the icinga2 pki. # # @param [Stdlib::Port::Unprivileged] ca_port # Port of the 'ca_host'. # # @param [Optional[Icinga2::Fingerprint]] fingerprint # Fingerprint of the CA host certificate for validation. Requires pki is set to `icinga2`. # You can get the fingerprint via 'openssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt]' # on your CA host. (Icinga2 versions before 2.12.0 require '-sha1' as digest algorithm.) -# +# # @param [String] ticket_salt # Salt to use for ticket generation. The salt is stored to api.conf if none or ca is chosen for pki. # Defaults to constant TicketSalt. Keep in mind this parameter is parsed so please use only alpha numric # characters as salt or a constant. # # @param [Optional[String]] ticket_id # If a ticket_id is given it will be used instead of generating an ticket_id. # The ticket_id will be used only when requesting a certificate from the ca_host # in case the pki is set to 'icinga2'. # # @param [Hash[String, Hash]] endpoints # Hash to configure endpoint objects. `NodeName` is a icnga2 constant. # # @param [Hash[String, Hash]] zones # Hash to configure zone objects. `ZoneName` and `NodeName` are icinga2 constants. # # @param [Optional[Enum['TLSv1', 'TLSv1.1', 'TLSv1.2']]] ssl_protocolmin # Minimal TLS version to require. # # @param [Optional[Icinga2::Interval]] ssl_handshake_timeout # TLS Handshake timeout. # # @param [Optional[String]] ssl_cipher_list # List of allowed TLS ciphers, to finetune encryption. # # @param [Optional[Stdlib::Host]] bind_host # The IP address the api listener will be bound to. # # @param [Optional[Stdlib::Port::Unprivileged]] bind_port # The port the api listener will be bound to. # # @param [Optional[Array[String]]] access_control_allow_origin # Specifies an array of origin URLs that may access the API. # # @param [Optional[Boolean]] access_control_allow_credentials # Indicates whether or not the actual request can be made using credentials. # # @param [Optional[String]] access_control_allow_headers # Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. # # @param [Optional[Array[Enum['GET', 'POST', 'PUT', 'DELETE']]]] access_control_allow_methods # Used in response to a preflight request to indicate which HTTP methods can be used when making the actual request. # # @param [Optional[String]] environment # Used as suffix in TLS SNI extension name; default from constant ApiEnvironment, which is empty. # class icinga2::feature::api( Enum['absent', 'present'] $ensure = present, Enum['ca', 'icinga2', 'none', 'puppet'] $pki = 'icinga2', Optional[Stdlib::Absolutepath] $ssl_crl = undef, Optional[Boolean] $accept_config = undef, Optional[Boolean] $accept_commands = undef, Optional[Integer[0]] $max_anonymous_clients = undef, Optional[Stdlib::Host] $ca_host = undef, Stdlib::Port::Unprivileged $ca_port = 5665, String $ticket_salt = 'TicketSalt', Optional[String] $ticket_id = undef, Hash[String, Hash] $endpoints = { 'NodeName' => {} }, Hash[String, Hash] $zones = { 'ZoneName' => { endpoints => [ 'NodeName' ] } }, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, Optional[Enum['TLSv1', 'TLSv1.1', 'TLSv1.2']] $ssl_protocolmin = undef, Optional[Icinga2::Interval] $ssl_handshake_timeout = undef, Optional[String] $ssl_cipher_list = undef, Optional[Stdlib::Host] $bind_host = undef, Optional[Stdlib::Port::Unprivileged] $bind_port = undef, Optional[Array[Enum['GET', 'POST', 'PUT', 'DELETE']]] $access_control_allow_methods = undef, Optional[Array[String]] $access_control_allow_origin = undef, Optional[Boolean] $access_control_allow_credentials = undef, Optional[String] $access_control_allow_headers = undef, Optional[Icinga2::Fingerprint] $fingerprint = undef, Optional[String] $environment = undef, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } # cert directory must exists and icinga binary is required for icinga2 pki require ::icinga2::install $icinga2_bin = $::icinga2::globals::icinga2_bin $conf_dir = $::icinga2::globals::conf_dir $cert_dir = $::icinga2::globals::cert_dir $ca_dir = $::icinga2::globals::ca_dir $user = $::icinga2::globals::user $group = $::icinga2::globals::group $node_name = $::icinga2::_constants['NodeName'] - $_ssl_key_mode = $::osfamily ? { + $_ssl_key_mode = $::facts['os']['family'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } File { owner => $user, group => $group, } # Set defaults for certificate stuff $_ssl_key_path = "${cert_dir}/${node_name}.key" $_ssl_cert_path = "${cert_dir}/${node_name}.crt" $_ssl_csr_path = "${cert_dir}/${node_name}.csr" $_ssl_cacert_path = "${cert_dir}/ca.crt" # handle the certificate's stuff case $pki { 'puppet': { $_ticket_salt = undef file { $_ssl_key_path: ensure => file, mode => $_ssl_key_mode, - source => $::icinga2_puppet_hostprivkey, + source => $::facts['icinga2_puppet_hostprivkey'], tag => 'icinga2::config::file', show_diff => false, backup => false, } file { $_ssl_cert_path: ensure => file, - source => $::icinga2_puppet_hostcert, + source => $::facts['icinga2_puppet_hostcert'], tag => 'icinga2::config::file', } file { $_ssl_cacert_path: ensure => file, - source => $::icinga2_puppet_localcacert, + source => $::facts['icinga2_puppet_localcacert'], tag => 'icinga2::config::file', } } # puppet 'none': { # non means you manage the CA on your own and so # the salt has to be stored in api.conf $_ticket_salt = $ticket_salt if $ssl_key { - $_ssl_key = $::osfamily ? { + $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: ensure => file, mode => $_ssl_key_mode, content => $_ssl_key, tag => 'icinga2::config::file', show_diff => false, backup => false, } } if $ssl_cert { - $_ssl_cert = $::osfamily ? { + $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $_ssl_cert, tag => 'icinga2::config::file', } } if $ssl_cacert { - $_ssl_cacert = $::osfamily ? { + $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $_ssl_cacert, tag => 'icinga2::config::file', } } } # none # icinga2 as default default: { $_ticket_salt = undef $trusted_cert = "${cert_dir}/trusted-cert.crt" $cmd_pki_get_cert = "\"${icinga2_bin}\" pki save-cert --host ${ca_host} --port ${ca_port} --key ${_ssl_key_path} --cert ${_ssl_cert_path} --trustedcert ${trusted_cert}" if($ticket_id) { $_ticket = "--ticket ${ticket_id}" } elsif($ticket_salt != 'TicketSalt') { $_ticket = "--ticket ${icinga2_ticket_id($node_name, $ticket_salt)}" } else { $_ticket = '' } if $fingerprint { $_fingerprint = upcase(regsubst($fingerprint, ':', ' ', 'G')) - if $::osfamily != 'Windows' { + if $::facts['os']['family'] != 'Windows' { $_cmd_pki_get_cert = "${cmd_pki_get_cert} |grep '${_fingerprint}\s*$'" } else { $_cmd_pki_get_cert = "cmd.exe /c \"${cmd_pki_get_cert} |findstr /R /C:\"${_fingerprint}\"\"" } } else { $_cmd_pki_get_cert = $cmd_pki_get_cert } - $_env = $::kernel ? { + $_env = $::facts['kernel'] ? { 'windows' => undef, default => ["ICINGA2_USER=${user}", "ICINGA2_GROUP=${group}"], } Exec { environment => $_env, notify => Class['::icinga2::service'], } exec { 'icinga2 pki create key': command => "\"${icinga2_bin}\" pki new-cert --cn ${node_name} --key ${_ssl_key_path} --cert ${_ssl_cert_path}", creates => $_ssl_key_path, } -> exec { 'icinga2 pki get trusted-cert': - path => $::path, + path => $::facts['path'], command => $_cmd_pki_get_cert, creates => $trusted_cert, } -> exec { 'icinga2 pki request': command => "\"${icinga2_bin}\" pki request --host ${ca_host} --port ${ca_port} --ca ${_ssl_cacert_path} --key ${_ssl_key_path} --cert ${_ssl_cert_path} --trustedcert ${trusted_cert} ${_ticket}", # lint:ignore:140chars creates => $_ssl_cacert_path, } } # icinga2 } # case pki # compose attributes $attrs = { crl_path => $ssl_crl, accept_commands => $accept_commands, accept_config => $accept_config, max_anonymous_clients => $max_anonymous_clients, ticket_salt => $_ticket_salt, tls_protocolmin => $ssl_protocolmin, tls_handshake_timeout => $ssl_handshake_timeout, cipher_list => $ssl_cipher_list, bind_host => $bind_host, bind_port => $bind_port, access_control_allow_origin => $access_control_allow_origin, access_control_allow_credentials => $access_control_allow_credentials, access_control_allow_headers => $access_control_allow_headers, access_control_allow_methods => $access_control_allow_methods, environment => $environment, } # create endpoints and zones create_resources('icinga2::object::endpoint', $endpoints) create_resources('icinga2::object::zone', $zones) # create object icinga2::object { 'icinga2::object::ApiListener::api': object_name => 'api', object_type => 'ApiListener', attrs => delete_undef_values($attrs), attrs_list => keys($attrs), target => "${conf_dir}/features-available/api.conf", order => 10, notify => $_notify, } # manage feature icinga2::feature { 'api': ensure => $ensure, } } diff --git a/manifests/feature/elasticsearch.pp b/manifests/feature/elasticsearch.pp index 3685b52..ffe27b7 100644 --- a/manifests/feature/elasticsearch.pp +++ b/manifests/feature/elasticsearch.pp @@ -1,222 +1,222 @@ # @summary # Configures the Icinga 2 feature elasticsearch. # # @example # class { 'icinga2::feature::elasticsearch': # host => "10.10.0.15", # index => "icinga2" # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature elasticsearch, absent disables it. # # @param [Optional[Stdlib::Host]] host # Elasticsearch host address. # # @param [Optional[Stdlib::Port::Unprivileged]] port # Elasticsearch HTTP port. # # @param [Optional[String]] index # Elasticsearch index name. # # @param [Optional[String]] username # Elasticsearch user name. # # @param [Optional[String]] password # Elasticsearch user password. The password parameter isn't parsed anymore. # # @param [Optional[Boolean]] enable_ssl # Either enable or disable SSL. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in spicified ssl_key_path file. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded to store in spicified ssl_cert_path file. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded string to store in spicified ssl_cacert_path file. # # @param [Optional[Boolean]] enable_send_perfdata # Whether to send check performance data metrics. # # @param [Optional[Icinga2::Interval]] flush_interval # How long to buffer data points before transferring to Elasticsearch. # # @param [Optional[Integer]] flush_threshold # How many data points to buffer before forcing a transfer to Elasticsearch. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # class icinga2::feature::elasticsearch( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port::Unprivileged] $port = undef, Optional[String] $index = undef, Optional[String] $username = undef, Optional[String] $password = undef, Optional[Boolean] $enable_ssl = undef, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, Optional[Boolean] $enable_send_perfdata = undef, Optional[Icinga2::Interval] $flush_interval = undef, Optional[Integer] $flush_threshold = undef, Optional[Boolean] $enable_ha = undef, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $user = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } File { owner => $user, group => $group, } if $enable_ssl { $ssl_dir = $::icinga2::globals::cert_dir - $_ssl_key_mode = $::kernel ? { + $_ssl_key_mode = $::facts['kernel'] ? { 'windows' => undef, default => '0600', } # Set defaults for certificate stuff and/or do validation if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/ElasticsearchWriter_elasticsearch.key" } - $_ssl_key = $::osfamily ? { + $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: ensure => file, mode => $_ssl_key_mode, content => $_ssl_key, tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/ElasticsearchWriter_elasticsearch.crt" } - $_ssl_cert = $::osfamily ? { + $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $_ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/ElasticsearchWriter_elasticsearch_ca.crt" } - $_ssl_cacert = $::osfamily ? { + $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $_ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } $attrs_ssl = { enable_tls => $enable_ssl, ca_path => $_ssl_cacert_path, cert_path => $_ssl_cert_path, key_path => $_ssl_key_path, } } # enable_ssl else { $attrs_ssl = { enable_tls => $enable_ssl } } # The password parameter isn't parsed anymore. if $password { $_password = "-:\"${password}\"" } else { $_password = undef } $attrs = { host => $host, port => $port, index => $index, username => $username, password => $_password, enable_send_perfdata => $enable_send_perfdata, flush_interval => $flush_interval, flush_threshold => $flush_threshold, enable_ha => $enable_ha, } # create object icinga2::object { 'icinga2::object::ElasticsearchWriter::elasticsearch': object_name => 'elasticsearch', object_type => 'ElasticsearchWriter', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => keys($attrs), target => "${conf_dir}/features-available/elasticsearch.conf", notify => $_notify, order => 10, } # import library 'perfdata' concat::fragment { 'icinga2::feature::elasticsearch': target => "${conf_dir}/features-available/elasticsearch.conf", content => "library \"perfdata\"\n\n", order => '05', } icinga2::feature { 'elasticsearch': ensure => $ensure, } } diff --git a/manifests/feature/idomysql.pp b/manifests/feature/idomysql.pp index ba7b22c..e35fbb6 100644 --- a/manifests/feature/idomysql.pp +++ b/manifests/feature/idomysql.pp @@ -1,331 +1,331 @@ # @summary # Installs and configures the Icinga 2 feature ido-mysql. # # @example The ido-mysql featue requires an existing database and a user with permissions. This example uses the [puppetlabs/mysql](https://forge.puppet.com/puppetlabs/mysql) module. # include mysql::server # # mysql::db { 'icinga2': # user => 'icinga2', # password => 'supersecret', # host => 'localhost', # grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER'], # } # # class{ 'icinga2::feature::idomysql': # user => "icinga2", # password => "supersecret", # database => "icinga2", # import_schema => true, # require => Mysql::Db['icinga2'] # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature ido-mysql, absent disables it. # # @param [Stdlib::Host] host # MySQL database host address. # # @param [Optional[Stdlib::Port::Unprivileged]] port # MySQL database port. # # @param [Optional[Stdlib::Absolutepath]] socket_path # MySQL socket path. # # @param [String] user # MySQL database user with read/write permission to the icinga database. # # @param [String] password # MySQL database user's password. The password parameter isn't parsed anymore. # # @param [String] database # MySQL database name. # # @param [Boolean] enable_ssl # Either enable or disable SSL/TLS. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. Only valid if ssl is enabled. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. Only valid if ssl is enabled. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. Only valid if ssl is enabled. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in spicified ssl_key_path file. # Only valid if ssl is enabled. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in spicified ssl_cert_path file. # Only valid if ssl is enabled. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded string to store in spicified ssl_cacert_path file. # Only valid if ssl is enabled. # # @param [Optional[Stdlib::Absolutepath]] ssl_capath # MySQL SSL trusted SSL CA certificates in PEM format directory path. Only valid if ssl is enabled. # # @param [Optional[String]] ssl_cipher # MySQL SSL list of allowed ciphers. Only valid if ssl is enabled. # # @param [Optional[String]] table_prefix # MySQL database table prefix. # # @param [Optional[String]] instance_name # Unique identifier for the local Icinga 2 instance. # # @param [Optional[String]] instance_description # Description for the Icinga 2 instance. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # # @param [Optional[Icinga2::Interval]] failover_timeout # Set the failover timeout in a HA cluster. Must not be lower than 60s. # # @param [Optional[Hash[String,Icinga2::Interval]]] cleanup # Hash with items for historical table cleanup. # # @param [Optional[Array]] categories # Array of information types that should be written to the database. # # @param [Boolean] import_schema # Whether to import the MySQL schema or not. # class icinga2::feature::idomysql( String $password, Enum['absent', 'present'] $ensure = present, Stdlib::Host $host = 'localhost', Optional[Stdlib::Port::Unprivileged] $port = undef, Optional[Stdlib::Absolutepath] $socket_path = undef, String $user = 'icinga', String $database = 'icinga', Boolean $enable_ssl = false, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, Optional[Stdlib::Absolutepath] $ssl_capath = undef, Optional[String] $ssl_cipher = undef, Optional[String] $table_prefix = undef, Optional[String] $instance_name = undef, Optional[String] $instance_description = undef, Optional[Boolean] $enable_ha = undef, Optional[Icinga2::Interval] $failover_timeout = undef, Optional[Hash[String,Icinga2::Interval]] $cleanup = undef, Optional[Array] $categories = undef, Boolean $import_schema = false, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $owner = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $ssl_dir = $::icinga2::globals::cert_dir $ido_mysql_package_name = $::icinga2::globals::ido_mysql_package_name $ido_mysql_schema = $::icinga2::globals::ido_mysql_schema $manage_package = $::icinga2::manage_package $manage_packages = $::icinga2::manage_packages - $_ssl_key_mode = $::osfamily ? { + $_ssl_key_mode = $::facts['os']['family'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } # to build mysql exec command to import schema if $import_schema { $_mysql_options = join(any2array(delete_undef_values({ '-h' => $host ? { /localhost/ => undef, default => $host, }, '-P' => $port, '-u' => $user, })), ' ') } File { owner => $owner, group => $group, } if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/IdoMysqlConnection_ido-mysql.key" } - $_ssl_key = $::osfamily ? { + $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: ensure => file, mode => $_ssl_key_mode, content => $ssl_key, tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/IdoMysqlConnection_ido-mysql.crt" } - $_ssl_cert = $::osfamily ? { + $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/IdoMysqlConnection_ido-mysql_ca.crt" } - $_ssl_cacert = $::osfamily ? { + $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } if $import_schema { $_ssl_options = join(any2array(delete_undef_values({ '--ssl-ca' => $_ssl_cacert_path, '--ssl-cert' => $_ssl_cert_path, '--ssl-key' => $_ssl_key_path, '--ssl-capath' => $ssl_capath, '--ssl-cipher' => $ssl_cipher, })), ' ') # set cli options for mysql connection via tls $_mysql_command = "mysql ${_mysql_options} -p'${password}' ${_ssl_options} ${database}" } $attrs_ssl = { enable_ssl => $enable_ssl, ssl_ca => $_ssl_cacert_path, ssl_cert => $_ssl_cert_path, ssl_key => $_ssl_key_path, ssl_capath => $ssl_capath, ssl_cipher => $ssl_cipher, } } # enable_ssl else { # set cli options for mysql connection if $import_schema { $_mysql_command = "mysql ${_mysql_options} -p'${password}' ${database}" } $attrs_ssl = { enable_ssl => $enable_ssl } } $attrs = { host => $host, port => $port, socket_path => $socket_path, user => $user, password => "-:\"${password}\"", # The password parameter isn't parsed anymore. database => $database, table_prefix => $table_prefix, instance_name => $instance_name, instance_description => $instance_description, enable_ha => $enable_ha, failover_timeout => $failover_timeout, cleanup => $cleanup, categories => $categories, } # install additional package if $ido_mysql_package_name and ($manage_package or $manage_packages) { - if $::osfamily == 'debian' { + if $::facts['os']['family'] == 'debian' { ensure_resources('file', { '/etc/dbconfig-common' => { ensure => directory, owner => 'root', group => 'root' } }) file { "/etc/dbconfig-common/${ido_mysql_package_name}.conf": ensure => file, content => "dbc_install='false'\ndbc_upgrade='false'\ndbc_remove='false'\n", owner => 'root', group => 'root', mode => '0600', before => Package[$ido_mysql_package_name], } } # Debian package { $ido_mysql_package_name: ensure => installed, before => Icinga2::Feature['ido-mysql'], } } # import db schema if $import_schema { if $ido_mysql_package_name and ($manage_package or $manage_packages) { Package[$ido_mysql_package_name] -> Exec['idomysql-import-schema'] } exec { 'idomysql-import-schema': user => 'root', - path => $::path, + path => $::facts['path'], command => "${_mysql_command} < \"${ido_mysql_schema}\"", unless => "${_mysql_command} -Ns -e 'select version from icinga_dbversion'", } } # create object icinga2::object { 'icinga2::object::IdoMysqlConnection::ido-mysql': object_name => 'ido-mysql', object_type => 'IdoMysqlConnection', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => concat(keys($attrs), keys($attrs_ssl)), target => "${conf_dir}/features-available/ido-mysql.conf", order => 10, notify => $_notify, } # import library concat::fragment { 'icinga2::feature::ido-mysql': target => "${conf_dir}/features-available/ido-mysql.conf", content => "library \"db_ido_mysql\"\n\n", order => '05', } icinga2::feature { 'ido-mysql': ensure => $ensure, } } diff --git a/manifests/feature/idopgsql.pp b/manifests/feature/idopgsql.pp index 1b734dc..dd603eb 100644 --- a/manifests/feature/idopgsql.pp +++ b/manifests/feature/idopgsql.pp @@ -1,164 +1,164 @@ # @summary # Installs and configures the Icinga 2 feature ido-pgsql. # # @example The ido-pgsql featue requires an existing database and a user with permissions. This example uses the [puppetlab/postgresql](https://forge.puppet.com/puppetlabs/postgresql) module. # include icinga2 # include postgresql::server # # postgresql::server::db { 'icinga2': # user => 'icinga2', # password => postgresql_password('icinga2', 'supersecret'), # } # # class{ 'icinga2::feature::idopgsql': # user => 'icinga2', # password => 'supersecret', # database => 'icinga2', # import_schema => true, # require => Postgresql::Server::Db['icinga2'] # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature ido-pgsql, absent disables it. # # @param [Stdlib::Host] host # PostgreSQL database host address. # # @param [Stdlib::Port::Unprivileged] port # PostgreSQL database port. # # @param [String] user # PostgreSQL database user with read/write permission to the icinga database. # # @param [String] password # PostgreSQL database user's password. The password parameter isn't parsed anymore. # # @param [String] database # PostgreSQL database name. # # @param [Optional[String]] table_prefix # PostgreSQL database table prefix. # # @param [Optional[String]] instance_name # Unique identifier for the local Icinga 2 instance. # # @param [Optional[String]] instance_description # Description of the Icinga 2 instance. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # # @param [Optional[Icinga2::Interval]] failover_timeout # Set the failover timeout in a HA cluster. Must not be lower than 60s. # # @param [Optional[Hash]] cleanup # Hash with items for historical table cleanup. # # @param [Optional[Array]] categories # Array of information types that should be written to the database. # # @param [Boolean] import_schema # Whether to import the PostgreSQL schema or not. # class icinga2::feature::idopgsql( String $password, Enum['absent', 'present'] $ensure = present, Stdlib::Host $host = 'localhost', Stdlib::Port::Unprivileged $port = 5432, String $user = 'icinga', String $database = 'icinga', Optional[String] $table_prefix = undef, Optional[String] $instance_name = undef, Optional[String] $instance_description = undef, Optional[Boolean] $enable_ha = undef, Optional[Icinga2::Interval] $failover_timeout = undef, Optional[Hash] $cleanup = undef, Optional[Array] $categories = undef, Boolean $import_schema = false, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $conf_dir = $::icinga2::globals::conf_dir $ido_pgsql_package_name = $::icinga2::globals::ido_pgsql_package_name $ido_pgsql_schema = $::icinga2::globals::ido_pgsql_schema $manage_package = $::icinga2::manage_package $manage_packages = $::icinga2::manage_packages $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } $attrs = { host => $host, port => $port, user => $user, password => "-:\"${password}\"", # The password parameter isn't parsed anymore. database => $database, table_prefix => $table_prefix, instance_name => $instance_name, instance_description => $instance_description, enable_ha => $enable_ha, failover_timeout => $failover_timeout, cleanup => $cleanup, categories => $categories, } # install additional package if $ido_pgsql_package_name and ($manage_package or $manage_packages) { - if $::osfamily == 'debian' { + if $::facts['os']['family'] == 'debian' { ensure_resources('file', { '/etc/dbconfig-common' => { ensure => directory, owner => 'root', group => 'root' } }) file { "/etc/dbconfig-common/${ido_pgsql_package_name}.conf": ensure => file, content => "dbc_install='false'\ndbc_upgrade='false'\ndbc_remove='false'\n", owner => 'root', group => 'root', mode => '0600', before => Package[$ido_pgsql_package_name], } } # Debian package { $ido_pgsql_package_name: ensure => installed, before => Icinga2::Feature['ido-pgsql'], } } # import db schema if $import_schema { if $ido_pgsql_package_name and ($manage_package or $manage_packages) { Package[$ido_pgsql_package_name] -> Exec['idopgsql-import-schema'] } exec { 'idopgsql-import-schema': user => 'root', - path => $::path, + path => $::facts['path'], environment => ["PGPASSWORD=${password}"], command => "psql -h '${host}' -U '${user}' -p '${port}' -d '${database}' -w -f \"${ido_pgsql_schema}\"", unless => "psql -h '${host}' -U '${user}' -p '${port}' -d '${database}' -w -c 'select version from icinga_dbversion'", } } # create object icinga2::object { 'icinga2::object::IdoPgsqlConnection::ido-pgsql': object_name => 'ido-pgsql', object_type => 'IdoPgsqlConnection', attrs => delete_undef_values($attrs), attrs_list => keys($attrs), target => "${conf_dir}/features-available/ido-pgsql.conf", order => 10, notify => $_notify, } # import library concat::fragment { 'icinga2::feature::ido-pgsql': target => "${conf_dir}/features-available/ido-pgsql.conf", content => "library \"db_ido_pgsql\"\n\n", order => '05', } icinga2::feature { 'ido-pgsql': ensure => $ensure, } } diff --git a/manifests/feature/influxdb.pp b/manifests/feature/influxdb.pp index ca52824..39c028f 100644 --- a/manifests/feature/influxdb.pp +++ b/manifests/feature/influxdb.pp @@ -1,249 +1,249 @@ # @summary # Configures the Icinga 2 feature influxdb. # # @example # class { 'icinga2::feature::influxdb': # host => "10.10.0.15", # username => "icinga2", # password => "supersecret", # database => "icinga2" # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature influxdb, absent disables it. # # @param [Optional[Stdlib::Host]] host # InfluxDB host address. # # @param [Optional[Stdlib::Port]] port # InfluxDB HTTP port. # # @param [Optional[String]] database # InfluxDB database name. # # @param [Optional[String]] username # InfluxDB user name. # # @param [Optional[String]] password # InfluxDB user password. The password parameter isn't parsed anymore. # # @param [Optional[Boolean]] enable_ssl # Either enable or disable SSL. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in ssl_key_path file. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in ssl_cert_path file. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded to store in ssl_cacert_path file. # # @param [String] host_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] host_tags # Tags defined in this hash will be set in the host_template. # # @param [String] service_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] service_tags # Tags defined in this hash will be set in the service_template. # # @param [Optional[Boolean]] enable_send_thresholds # Whether to send warn, crit, min & max tagged data. # # @param [Optional[Boolean]] enable_send_metadata # Whether to send check metadata e.g. states, execution time, latency etc. # # @param [Optional[Icinga2::Interval]] flush_interval # How long to buffer data points before transfering to InfluxDB. # # @param [Optional[Integer[1]]] flush_threshold # How many data points to buffer before forcing a transfer to InfluxDB. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # class icinga2::feature::influxdb( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port] $port = undef, Optional[String] $database = undef, Optional[String] $username = undef, Optional[String] $password = undef, Optional[Boolean] $enable_ssl = undef, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, String $host_measurement = '$host.check_command$', Hash $host_tags = { hostname => '$host.name$' }, String $service_measurement = '$service.check_command$', Hash $service_tags = { hostname => '$host.name$', service => '$service.name$' }, Optional[Boolean] $enable_send_thresholds = undef, Optional[Boolean] $enable_send_metadata = undef, Optional[Icinga2::Interval] $flush_interval = undef, Optional[Integer[1]] $flush_threshold = undef, Optional[Boolean] $enable_ha = undef, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $user = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $ssl_dir = $::icinga2::globals::cert_dir - $_ssl_key_mode = $::kernel ? { + $_ssl_key_mode = $::facts['kernel'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } File { owner => $user, group => $group, } $host_template = { measurement => $host_measurement, tags => $host_tags } $service_template = { measurement => $service_measurement, tags => $service_tags} if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/InfluxdbWriter_influxdb.key" } - $_ssl_key = $::osfamily ? { + $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: ensure => file, mode => $_ssl_key_mode, content => $_ssl_key, tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/InfluxdbWriter_influxdb.crt" } - $_ssl_cert = $::osfamily ? { + $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $_ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/InfluxdbWriter_influxdb_ca.crt" } - $_ssl_cacert = $::osfamily ? { + $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $_ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } $attrs_ssl = { ssl_enable => $enable_ssl, ssl_ca_cert => $_ssl_cacert_path, ssl_cert => $_ssl_cert_path, ssl_key => $_ssl_key_path, } } # enable_ssl else { $attrs_ssl = { ssl_enable => $enable_ssl } } # The password parameter isn't parsed anymore. if $password { $_password = "-:\"${password}\"" } else { $_password = undef } $attrs = { host => $host, port => $port, database => $database, username => $username, password => $_password, host_template => $host_template, service_template => $service_template, enable_send_thresholds => $enable_send_thresholds, enable_send_metadata => $enable_send_metadata, flush_interval => $flush_interval, flush_threshold => $flush_threshold, enable_ha => $enable_ha, } # create object icinga2::object { 'icinga2::object::InfluxdbWriter::influxdb': object_name => 'influxdb', object_type => 'InfluxdbWriter', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => keys($attrs), target => "${conf_dir}/features-available/influxdb.conf", notify => $_notify, order => 10, } # import library 'perfdata' concat::fragment { 'icinga2::feature::influxdb': target => "${conf_dir}/features-available/influxdb.conf", content => "library \"perfdata\"\n\n", order => '05', } icinga2::feature { 'influxdb': ensure => $ensure, } } diff --git a/manifests/globals.pp b/manifests/globals.pp index 21208c2..6dc9e2b 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -1,112 +1,112 @@ # @summary # This class loads the default parameters by doing a hiera lookup. # # @note This parameters depend on the os plattform. Changes maybe will break the functional capability of the supported plattforms and versions. Please only do changes when you know what you're doing. # # @api private # # @param [String] package_name # The name of the icinga package to manage. # # @param [String] service_name # The name of the icinga service to manage. # # @param [Optional[String]] user # User as the icinga process runs. # CAUTION: This does not manage the user context for the runnig icinga 2 process! # The parameter is only used for ownership of files or directories. # # @param [Optional[String]] group # Group as the icinga process runs. # CAUTION: This does not manage the group context for the runnig icinga 2 process! # The parameter is only used for group membership of files or directories. # # @param [Optional[String]] logon_account # The user context in which the service should run. # ATM only relevant on Windows. # # @param [Optional[String]] selinux_package_name # The name of the icinga selinux package. # # @param [Optional[String]] ido_mysql_package_name # The name of the icinga package that's needed for MySQL. # # @param [String] ido_mysql_schema # Path to the MySQL schema to import. # # @param [Optional[String]] ido_pgsql_package_name # The name of the icinga package that's needed for Postrgesql. # # @param [String] ido_pgsql_schema # Path to the Postgresql schema to import. # # @param [Stdlib::Absolutepath] icinga2_bin # Path to the icinga2 binary. # # @param [Stdlib::Absolutepath] conf_dir # Location of the configuration directory of Icinga. # # @param [Stdlib::Absolutepath] lib_dir # Path to the directory contained the system libs. # # @param [Stdlib::Absolutepath] log_dir # Location to store Icinga log files. # # @param [Stdlib::Absolutepath] run_dir # Runtime directory of Icinga. # # @param [Stdlib::Absolutepath] spool_dir # Path to spool files of Icinga. # # @param [Stdlib::Absolutepath] cache_dir # Path to cache files of Icinga. # # @param [Stdlib::Absolutepath] cert_dir # Path to the directory where Icinga stores keys and certificates. # # @param [Stdlib::Absolutepath] ca_dir # Path to CA. # # @param [Optional[String]] service_reload # How to do a reload of the Icinga process. # class icinga2::globals( String $package_name, String $service_name, String $ido_mysql_schema, String $ido_pgsql_schema, Stdlib::Absolutepath $icinga2_bin, Stdlib::Absolutepath $conf_dir, Stdlib::Absolutepath $lib_dir, Stdlib::Absolutepath $log_dir, Stdlib::Absolutepath $run_dir, Stdlib::Absolutepath $spool_dir, Stdlib::Absolutepath $cache_dir, Stdlib::Absolutepath $cert_dir, Stdlib::Absolutepath $ca_dir, Array[String] $reserved, Optional[String] $user = undef, Optional[String] $group = undef, Optional[String] $logon_account = undef, Optional[String] $selinux_package_name = undef, Optional[String] $ido_mysql_package_name = undef, Optional[String] $ido_pgsql_package_name = undef, Optional[String] $service_reload = undef, ) { assert_private() - if ( versioncmp($::puppetversion, '6' ) >= 0 and versioncmp(load_module_metadata('stdlib')['version'], '5.1.0') < 0 ) { + if ( versioncmp($::facts['puppetversion'], '6' ) >= 0 and versioncmp(load_module_metadata('stdlib')['version'], '5.1.0') < 0 ) { fail('You be affected by this bug: https://github.com/Icinga/puppet-icinga2/issues/505 so you should update your stdlib to version 5.1 or higher') } # Logon account on Windows if $facts['os']['kernel'] == 'windows' { - if $logon_account and versioncmp($::puppetversion, '6.18.0') < 0 { + if $logon_account and versioncmp($::facts['puppetversion'], '6.18.0') < 0 { fail('Using logon_account requieres a Puppet version 6.18 or higher') } } $constants = lookup('icinga2::globals::constants', Hash, 'deep', {}) } diff --git a/manifests/install.pp b/manifests/install.pp index 8f89643..3725fb3 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,43 +1,43 @@ # @summary # This class handles the installation of the Icinga 2 package. # On Windows only chocolatey is supported as installation source. # # @api private # class icinga2::install { assert_private() $package_name = $::icinga2::globals::package_name $manage_package = $::icinga2::manage_package $manage_packages = $::icinga2::manage_packages $selinux_package_name = $::icinga2::globals::selinux_package_name $manage_selinux = $::icinga2::manage_selinux $cert_dir = $::icinga2::globals::cert_dir $conf_dir = $::icinga2::globals::conf_dir $user = $::icinga2::globals::user $group = $::icinga2::globals::group if $manage_package or $manage_packages { - if $::osfamily == 'windows' { Package { provider => chocolatey, } } + if $::facts['os']['family'] == 'windows' { Package { provider => chocolatey, } } package { $package_name: ensure => installed, before => File[$cert_dir, $conf_dir], } if str2bool($manage_selinux) and $selinux_package_name { package { $selinux_package_name: ensure => installed, require => Package[$package_name], } } } file { [$conf_dir, $cert_dir]: ensure => directory, owner => $user, group => $group, } } diff --git a/manifests/object.pp b/manifests/object.pp index 5246a78..de2a195 100644 --- a/manifests/object.pp +++ b/manifests/object.pp @@ -1,113 +1,113 @@ # @summary # Define resource to used by this module only. # # @api private # # @param [Enum['present', 'absent']] ensure # Set to present enables the object, absent disabled it. # # @param [String] object_name # Set the icinga2 name of the object. # # @param [Boolean] template # Set to true will define a template otherwise an object. # Ignored if apply is set. # # @param [Variant[Boolean, Pattern[/^.+\s+(=>\s+.+\s+)?in\s+.+$/]]] apply # Dispose an apply instead an object if set to 'true'. Value is taken as statement, # i.e. 'vhost => config in host.vars.vhosts'. # # @param [Variant[Boolean, String]] prefix # Set object_name as prefix in front of 'apply for'. Only effects if apply is a string. # # @param [Optional[Enum['Host', 'Service']]] apply_target # Optional for an object type on which to target the apply rule. Valid values are `Host` and `Service`. # # @param [Array] import # A sorted list of templates to import in this object. # # @param [Array] assign # Array of assign rules. # # @param [Array] ignore # Array of ignore rules. # # @param [Hash] attrs # Hash for the attributes of this object. Keys are the attributes and # values are there values. # # @param [String] object_type # Icinga 2 object type for this object. # # @param [Stdlib::Absolutepath] target # Destination config file to store in this object. File will be declared the # first time. # # @param [Variant[String, Integer]] order # String or integer to set the position in the target file, sorted alpha numeric. # # @param [Array] attrs_list # Array of all possible attributes for this object type. # define icinga2::object( String $object_type, Stdlib::Absolutepath $target, Variant[String, Integer] $order, Enum['present', 'absent'] $ensure = present, String $object_name = $title, Boolean $template = false, Variant[Boolean, Pattern[/^.+\s+(=>\s+.+\s+)?in\s+.+$/]] $apply = false, Array $attrs_list = [], Optional[Enum['Host', 'Service']] $apply_target = undef, Variant[Boolean, String] $prefix = false, Array $import = [], Array $assign = [], Array $ignore = [], Hash $attrs = {}, ) { assert_private() - case $::osfamily { + case $::facts['os']['family'] { 'windows': { } # windows default: { Concat { owner => $::icinga2::globals::user, group => $::icinga2::globals::group, mode => '0640', } } # default } if $object_type == $apply_target { fail('The object type must be different from the apply target') } $_attrs = merge($attrs, { 'assign where' => $assign, 'ignore where' => $ignore, }) - $_content = $::osfamily ? { + $_content = $::facts['os']['family'] ? { 'windows' => regsubst(template('icinga2/object.conf.erb'), '\n', "\r\n", 'EMG'), default => template('icinga2/object.conf.erb'), } if !defined(Concat[$target]) { concat { $target: ensure => present, tag => 'icinga2::config::file', warn => true, } } if $ensure != 'absent' { concat::fragment { $title: target => $target, content => $_content, order => $order, } } } diff --git a/manifests/pki/ca.pp b/manifests/pki/ca.pp index 449abe1..4c98896 100644 --- a/manifests/pki/ca.pp +++ b/manifests/pki/ca.pp @@ -1,128 +1,128 @@ # @summary # This class provides multiple ways to create the CA used by Icinga 2. # # @example Let Icinga 2 generate a CA for you: # include icinga2 # include icinga2::pki::ca # # @example Set the content of CA certificate and key: # include icinga2 # # class { 'icinga2::pki::ca': # ca_cert => '-----BEGIN CERTIFICATE----- ...', # ca_key => '-----BEGIN RSA PRIVATE KEY----- ...', # } # # @param [Optional[String]] ca_cert # Content of the CA certificate. If this is unset, a certificate will be generated with the # Icinga 2 CLI. # # @param [Optional[String]] ca_key # Content of the CA key. If this is unset, a key will be generated with the Icinga 2 CLI. # class icinga2::pki::ca( Optional[String] $ca_cert = undef, Optional[String] $ca_key = undef, ) { require ::icinga2::config $icinga2_bin = $::icinga2::globals::icinga2_bin $ca_dir = $::icinga2::globals::ca_dir $cert_dir = $::icinga2::globals::cert_dir $user = $::icinga2::globals::user $group = $::icinga2::globals::group $node_name = $::icinga2::_constants['NodeName'] $_ssl_key_path = "${cert_dir}/${node_name}.key" $_ssl_csr_path = "${cert_dir}/${node_name}.csr" $_ssl_cert_path = "${cert_dir}/${node_name}.crt" $_ssl_cacert_path = "${cert_dir}/ca.crt" File { owner => $user, group => $group, } - if $::osfamily != 'windows' { + if $::facts['os']['family'] != 'windows' { $_ca_key_mode = '0600' } else { $_ca_key_mode = undef } if !$ca_cert or !$ca_key { exec { 'create-icinga2-ca': command => "\"${icinga2_bin}\" pki new-ca", environment => ["ICINGA2_USER=${user}", "ICINGA2_GROUP=${group}"], creates => "${ca_dir}/ca.crt", before => File[$_ssl_cacert_path], notify => Class['::icinga2::service'], } } else { - if $::osfamily == 'windows' { + if $::facts['os']['family'] == 'windows' { $_ca_cert = regsubst($ca_cert, '\n', "\r\n", 'EMG') $_ca_key = regsubst($ca_key, '\n', "\r\n", 'EMG') } else { $_ca_cert = $ca_cert $_ca_key = $ca_key } file { $ca_dir: ensure => directory, } file { "${ca_dir}/ca.crt": ensure => file, content => $_ca_cert, tag => 'icinga2::config::file', before => File[$_ssl_cacert_path], } file { "${ca_dir}/ca.key": ensure => file, mode => $_ca_key_mode, content => $_ca_key, tag => 'icinga2::config::file', show_diff => false, backup => false, } } file { $_ssl_cacert_path: ensure => file, - source => $::kernel ? { + source => $::facts['kernel'] ? { 'windows' => "file:///${ca_dir}/ca.crt", default => "${ca_dir}/ca.crt", }, } exec { 'icinga2 pki create certificate signing request': command => "\"${icinga2_bin}\" pki new-cert --cn ${node_name} --key ${_ssl_key_path} --csr ${_ssl_csr_path}", environment => ["ICINGA2_USER=${user}", "ICINGA2_GROUP=${group}"], creates => $_ssl_key_path, require => File[$_ssl_cacert_path], } -> file { $_ssl_key_path: ensure => file, mode => $_ca_key_mode, show_diff => false, backup => false, } exec { 'icinga2 pki sign certificate': command => "\"${icinga2_bin}\" pki sign-csr --csr ${_ssl_csr_path} --cert ${_ssl_cert_path}", environment => ["ICINGA2_USER=${user}", "ICINGA2_GROUP=${group}"], subscribe => Exec['icinga2 pki create certificate signing request'], refreshonly => true, notify => Class['::icinga2::service'], } -> file { $_ssl_cert_path: ensure => file; $_ssl_csr_path: ensure => absent; } } diff --git a/manifests/service.pp b/manifests/service.pp index c260006..d9cb3e3 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,42 +1,42 @@ # @summary # This class handles the Icinga 2 service. By default the service will # start on boot and will be restarted if stopped. # # @api private # class icinga2::service { assert_private() $ensure = $::icinga2::ensure $enable = $::icinga2::enable $manage_service = $::icinga2::manage_service $service_name = $::icinga2::globals::service_name $reload = $::icinga2::globals::service_reload $logon_account = $::icinga2::globals::logon_account $hasrestart = $reload ? { undef => false, default => true, } if $manage_service { - if $facts['os']['kernel'] == 'windows' and versioncmp($::puppetversion, '6.18.0') >= 0 { + if $facts['os']['kernel'] == 'windows' and versioncmp($::facts['puppetversion'], '6.18.0') >= 0 { service { $service_name: ensure => $ensure, enable => $enable, hasrestart => $hasrestart, restart => $reload, logonaccount => $logon_account, } } else { service { $service_name: ensure => $ensure, enable => $enable, hasrestart => $hasrestart, restart => $reload, } } } } diff --git a/spec/classes/api_spec.rb b/spec/classes/api_spec.rb index 464603e..5bef409 100644 --- a/spec/classes/api_spec.rb +++ b/spec/classes/api_spec.rb @@ -1,225 +1,225 @@ require 'spec_helper' describe('icinga2::feature::api', :type => :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], constants => {'NodeName' => 'host.example.org'} }" ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do case facts[:kernel] when 'windows' facts.merge({ :icinga2_puppet_hostcert => 'C:/ProgramData/PuppetLabs/puppet/ssl/certs/host.example.org.pem', :icinga2_puppet_hostprivkey => 'C:/ProgramData/PuppetLabs/puppet/ssl/private_keys/host.example.org.pem', :icinga2_puppet_localcacert => 'C:/ProgramData/PuppetLabs/var/lib/puppet/ssl/certs/ca.pem', }) else facts.merge({ :icinga2_puppet_hostcert => '/etc/puppetlabs/puppet/ssl/certs/host.example.org.pem', :icinga2_puppet_hostprivkey => '/etc/puppetlabs/puppet/ssl/private_keys/host.example.org.pem', :icinga2_puppet_localcacert => '/etc/lib/puppetlabs/puppet/ssl/certs/ca.pem', }) end end before(:each) do case facts[:kernel] when 'windows' @icinga2_bin = 'C:/Program Files/icinga2/sbin/icinga2.exe' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' @icinga2_pki_dir = 'C:/ProgramData/icinga2/var/lib/icinga2/certs' @icinga2_sslkey_mode = nil @icinga2_user = nil @icinga2_group = nil when 'FreeBSD' @icinga2_bin = '/usr/local/sbin/icinga2' @icinga2_conf_dir = '/usr/local/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @icinga2_sslkey_mode = '0600' @icinga2_user = 'icinga' @icinga2_group = 'icinga' else @icinga2_conf_dir = '/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @icinga2_sslkey_mode = '0600' - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' @icinga2_user = 'nagios' @icinga2_group = 'nagios' @icinga2_bin = '/usr/sbin/icinga2' else @icinga2_user = 'icinga' @icinga2_group = 'icinga' - if facts[:osfamily] != 'RedHat' + if facts[:os]['family'] != 'RedHat' @icinga2_bin = '/usr/sbin/icinga2' else - case facts[:operatingsystemmajrelease] + case facts[:os]['release']['major'] when '5' @icinga2_bin = '/usr/sbin/icinga2' when '6' @icinga2_bin = '/usr/sbin/icinga2' else @icinga2_bin = '/sbin/icinga2' end end end end end context "with pki => 'puppet'" do let(:params) do { :ensure => 'present', :pki => 'puppet' } end it { is_expected.to contain_icinga2__feature('api').with({ 'ensure' => 'present' }) } it { is_expected.to contain_icinga2__object('icinga2::object::ApiListener::api') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/api.conf" }) .that_notifies('Class[icinga2::service]') } it { is_expected.to contain_file("#{@icinga2_pki_dir}/host.example.org.key") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, 'mode' => @icinga2_sslkey_mode, 'show_diff' => false, 'backup' => false, }) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/host.example.org.crt") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, }) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/ca.crt") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, }) } it { is_expected.to contain_icinga2__object__endpoint('NodeName') } it { is_expected.to contain_icinga2__object__zone('ZoneName') .with({ 'endpoints' => [ 'NodeName' ] }) } end context "with ensure => absent, pki => 'puppet'" do let(:params) do { :ensure => 'absent', :pki => 'puppet' } end it { is_expected.to contain_icinga2__feature('api').with({ 'ensure' => 'absent', }) } end context "with pki => 'none', ssl_key => 'foo', ssl_cert => 'bar', ssl_cacert => 'baz'" do let(:params) do { :pki => 'none', :ssl_key => 'foo', :ssl_cert => 'bar', :ssl_cacert => 'baz' } end it { is_expected.to contain_file("#{@icinga2_pki_dir}/host.example.org.key") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, 'mode' => @icinga2_sslkey_mode, 'show_diff' => false, 'backup' => false, }) .with_content(/^foo$/) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/host.example.org.crt") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .with_content(/^bar$/) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/ca.crt") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .with_content(/^baz$/) } end context "with pki => 'icinga2', ca_host => 'foo', ca_port => 1234, ticket_salt => 'bar'" do let(:params) do { :pki => 'icinga2', :ca_host => 'foo', :ca_port => 1234, :ticket_salt => 'bar' } end it { is_expected.to contain_exec('icinga2 pki create key') .with({ 'command' => "\"#{@icinga2_bin}\" pki new-cert --cn host.example.org --key #{@icinga2_pki_dir}/host.example.org.key --cert #{@icinga2_pki_dir}/host.example.org.crt", 'creates' => "#{@icinga2_pki_dir}/host.example.org.key", }) .that_notifies('Class[icinga2::service]') } it { is_expected.to contain_exec('icinga2 pki get trusted-cert') .with({ 'command' => "\"#{@icinga2_bin}\" pki save-cert --host foo --port 1234 --key #{@icinga2_pki_dir}/host.example.org.key --cert #{@icinga2_pki_dir}/host.example.org.crt --trustedcert #{@icinga2_pki_dir}/trusted-cert.crt", 'creates' => "#{@icinga2_pki_dir}/trusted-cert.crt", }) .that_notifies('Class[icinga2::service]') } it { is_expected.to contain_exec('icinga2 pki request') .with({ 'command' => "\"#{@icinga2_bin}\" pki request --host foo --port 1234 --ca #{@icinga2_pki_dir}/ca.crt --key #{@icinga2_pki_dir}/host.example.org.key --cert #{@icinga2_pki_dir}/host.example.org.crt --trustedcert #{@icinga2_pki_dir}/trusted-cert.crt --ticket ac5cb0d8c98f3f50ceff399b3cfedbb03782c117", 'creates' => "#{@icinga2_pki_dir}/ca.crt", }) .that_notifies('Class[icinga2::service]') } end context "with pki => 'icinga2', ca_host => 'foo', ca_port => 1234, ticket_id => 'bar'" do let(:params) do { :pki => 'icinga2', :ca_host => 'foo', :ca_port => 1234, :ticket_id => 'bar' } end it { is_expected.to contain_exec('icinga2 pki create key') .with({ 'command' => "\"#{@icinga2_bin}\" pki new-cert --cn host.example.org --key #{@icinga2_pki_dir}/host.example.org.key --cert #{@icinga2_pki_dir}/host.example.org.crt", 'creates' => "#{@icinga2_pki_dir}/host.example.org.key", }) .that_notifies('Class[icinga2::service]') } it { is_expected.to contain_exec('icinga2 pki get trusted-cert') .with({ 'command' => "\"#{@icinga2_bin}\" pki save-cert --host foo --port 1234 --key #{@icinga2_pki_dir}/host.example.org.key --cert #{@icinga2_pki_dir}/host.example.org.crt --trustedcert #{@icinga2_pki_dir}/trusted-cert.crt", 'creates' => "#{@icinga2_pki_dir}/trusted-cert.crt", }) .that_notifies('Class[icinga2::service]') } it { is_expected.to contain_exec('icinga2 pki request') .with({ 'command' => "\"#{@icinga2_bin}\" pki request --host foo --port 1234 --ca #{@icinga2_pki_dir}/ca.crt --key #{@icinga2_pki_dir}/host.example.org.key --cert #{@icinga2_pki_dir}/host.example.org.crt --trustedcert #{@icinga2_pki_dir}/trusted-cert.crt --ticket bar", 'creates' => "#{@icinga2_pki_dir}/ca.crt", }) .that_notifies('Class[icinga2::service]') } end end end end diff --git a/spec/classes/debuglog_spec.rb b/spec/classes/debuglog_spec.rb index 179cc3c..eeaf798 100644 --- a/spec/classes/debuglog_spec.rb +++ b/spec/classes/debuglog_spec.rb @@ -1,60 +1,60 @@ require 'spec_helper' describe('icinga2::feature::debuglog', :type => :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], }" ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts end before(:each) do case facts[:kernel] when 'windows' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' when 'FreeBSD' @icinga2_conf_dir = '/usr/local/etc/icinga2' else @icinga2_conf_dir = '/etc/icinga2' end end context "with defaults" do it { is_expected.to contain_icinga2__feature('debuglog').with({'ensure' => 'present'}) } it { is_expected.to contain_icinga2__object('icinga2::object::FileLogger::debuglog') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/debuglog.conf" }) .that_notifies('Class[icinga2::service]') } - case facts[:osfamily] + case facts[:os]['family'] when 'windows' it { is_expected.to contain_concat__fragment('icinga2::object::FileLogger::debuglog') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/debuglog.conf", }) .with_content(/path = \"C:\/ProgramData\/icinga2\/var\/log\/icinga2\/debug.log\"/) } else it { is_expected.to contain_concat__fragment('icinga2::object::FileLogger::debuglog') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/debuglog.conf", }) .with_content(/path = \"\/var\/log\/icinga2\/debug.log\"/) } end end context "with ensure => absent" do let(:params) do { :ensure => 'absent' } end it { is_expected.to contain_icinga2__feature('debuglog').with({'ensure' => 'absent'}) } end end end end diff --git a/spec/classes/elasticsearch_spec.rb b/spec/classes/elasticsearch_spec.rb index 0f4276b..10882fa 100644 --- a/spec/classes/elasticsearch_spec.rb +++ b/spec/classes/elasticsearch_spec.rb @@ -1,125 +1,125 @@ require 'spec_helper' describe('icinga2::feature::elasticsearch', :type => :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], constants => {'NodeName' => 'host.example.org'} }" ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts end before(:each) do case facts[:kernel] when 'windows' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' @icinga2_pki_dir = 'C:/ProgramData/icinga2/var/lib/icinga2/certs' @icinga2_sslkey_mode = nil @icinga2_user = nil @icinga2_group = nil when 'FreeBSD' @icinga2_conf_dir = '/usr/local/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @icinga2_sslkey_mode = '0600' @icinga2_user = 'icinga' @icinga2_group = 'icinga' else - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' @icinga2_conf_dir = '/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @icinga2_sslkey_mode = '0600' @icinga2_user = 'nagios' @icinga2_group = 'nagios' else @icinga2_conf_dir = '/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @icinga2_sslkey_mode = '0600' @icinga2_user = 'icinga' @icinga2_group = 'icinga' end end end context "with defaults" do it { is_expected.to contain_icinga2__feature('elasticsearch').with({ 'ensure' => 'present', }) } it { is_expected.to contain_icinga2__object('icinga2::object::ElasticsearchWriter::elasticsearch') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/elasticsearch.conf" }) .that_notifies('Class[icinga2::service]') } it { is_expected.to contain_concat__fragment('icinga2::feature::elasticsearch') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/elasticsearch.conf", 'order' => '05', }) .with_content(/library \"perfdata\"$/) } end context "with ensure => absent" do let(:params) do { :ensure => 'absent' } end it { is_expected.to contain_icinga2__feature('elasticsearch').with({'ensure' => 'absent'}) } end context "with enable_ssl = true, ssl_key => foo, ssl_cert => bar, ssl_cacert => baz" do let(:params) do { :enable_ssl => true, :ssl_key => 'foo', :ssl_cert => 'bar', :ssl_cacert => 'baz' } end it { is_expected.to contain_file("#{@icinga2_pki_dir}/ElasticsearchWriter_elasticsearch.key") .with({ 'owner' => @icinga2_user, 'group' => @icinga2_group, 'mode' => @icinga2_sslkey_mode }) .with_content(/^foo$/) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/ElasticsearchWriter_elasticsearch.crt") .with({ 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .with_content(/^bar$/) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/ElasticsearchWriter_elasticsearch_ca.crt") .with({ 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .with_content(/^baz$/) } end context "with enable_ssl = true, ssl_key_path, ssl_cert_path and ssl_cacert_path set" do let(:params) do { :enable_ssl => true, :ssl_key_path => "#{@icinga2_pki_dir}/ElasticsearchWriter_elasticsearch.key", :ssl_cert_path => "#{@icinga2_pki_dir}/ElasticsearchWriter_elasticsearch.crt", :ssl_cacert_path => "#{@icinga2_pki_dir}/ElasticsearchWriter_elasticsearch_ca.crt" } end it { is_expected.to contain_concat__fragment('icinga2::object::ElasticsearchWriter::elasticsearch') .with_content %r{key_path = "#{@icinga2_pki_dir}/ElasticsearchWriter_elasticsearch.key"} } it { is_expected.to contain_concat__fragment('icinga2::object::ElasticsearchWriter::elasticsearch') .with_content %r{cert_path = "#{@icinga2_pki_dir}/ElasticsearchWriter_elasticsearch.crt"} } it { is_expected.to contain_concat__fragment('icinga2::object::ElasticsearchWriter::elasticsearch') .with_content %r{ca_path = "#{@icinga2_pki_dir}/ElasticsearchWriter_elasticsearch_ca.crt"} } end end end end diff --git a/spec/classes/gelf_spec.rb b/spec/classes/gelf_spec.rb index 31768c4..bcbdfd4 100644 --- a/spec/classes/gelf_spec.rb +++ b/spec/classes/gelf_spec.rb @@ -1,53 +1,53 @@ require 'spec_helper' describe('icinga2::feature::gelf', :type => :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], }" ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts end before(:each) do case facts[:kernel] when 'windows' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' when 'FreeBSD' @icinga2_conf_dir = '/usr/local/etc/icinga2' else @icinga2_conf_dir = '/etc/icinga2' end end context "with defaults" do it { is_expected.to contain_icinga2__feature('gelf').with({'ensure' => 'present'}) } it { is_expected.to contain_icinga2__object('icinga2::object::GelfWriter::gelf') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/gelf.conf" }) .that_notifies('Class[icinga2::service]') } it { is_expected.to contain_concat__fragment('icinga2::feature::gelf') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/gelf.conf", 'order' => '05', }) .with_content(/library \"perfdata\"$/) } end context "with ensure => absent" do let(:params) do { :ensure => 'absent' } end it { is_expected.to contain_icinga2__feature('gelf').with({'ensure' => 'absent'}) } end end - + end end diff --git a/spec/classes/icinga2_spec.rb b/spec/classes/icinga2_spec.rb index fff2e22..d1c7975 100644 --- a/spec/classes/icinga2_spec.rb +++ b/spec/classes/icinga2_spec.rb @@ -1,172 +1,172 @@ require 'spec_helper' describe('icinga2', :type => :class) do on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts end before(:each) do case facts[:kernel] when 'windows' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' when 'FreeBSD' @icinga2_conf_dir = '/usr/local/etc/icinga2' else @icinga2_conf_dir = '/etc/icinga2' end end context 'with defaults' do it { is_expected.to contain_package('icinga2') .with({ 'ensure' => 'installed' }) } it { is_expected.to contain_service('icinga2') .with({ 'ensure' => 'running', 'enable' => true }) } it { is_expected.to contain_file("#{@icinga2_conf_dir}/features-enabled") .with({ 'ensure' => 'directory', 'purge' => true, 'recurse' => true, }) } it { is_expected.to contain_icinga2__feature('checker') .with({'ensure' => 'present'}) } it { is_expected.to contain_icinga2__feature('mainlog') .with({'ensure' => 'present'}) } it { is_expected.to contain_icinga2__feature('notification') .with({'ensure' => 'present'}) } end context "with manage_packages => false" do let(:params) do {:manage_packages => false} end it { is_expected.not_to contain_package('icinga2').with({ 'ensure' => 'installed' }) } end context "with manage_selinux => true" do let(:params) do {:manage_selinux => true} end - case facts[:osfamily] + case facts[:os]['family'] when 'RedHat' it { is_expected.to contain_package('icinga2-selinux').with({ 'ensure' => 'installed' }) } end end context "with confd => false" do let(:params) do {:confd => false} end it { is_expected.to contain_file("#{@icinga2_conf_dir}/icinga2.conf") .without_content %r{^include_recursive \"conf.d\"} } end context "with confd => example.d" do let(:params) do {:confd => "#{@icinga2_conf_dir}/example.d"} end case facts[:kernel] when 'windows' let(:pre_condition) do [ "file { 'C:/ProgramData/icinga2/etc/icinga2/example.d': ensure => directory, tag => 'icinga2::config::file' }", "file { 'C:/ProgramData/icinga2/etc/icinga2/example.d/foo': ensure => file, tag => 'icinga2::config::file' }", ] end it { is_expected.to contain_file("#{@icinga2_conf_dir}/icinga2.conf") .with_content %r{^include_recursive \"C:/ProgramData/icinga2/etc/icinga2/example.d\"} } when 'FreeBSD' let(:pre_condition) do [ "file { '/usr/local/etc/icinga2/example.d': ensure => directory, tag => 'icinga2::config::file' }", "file { '/usr/local/etc/icinga2/example.d/foo': ensure => file, tag => 'icinga2::config::file' }", ] end it { is_expected.to contain_file("#{@icinga2_conf_dir}/icinga2.conf") .with_content %r{^include_recursive \"/usr/local/etc/icinga2/example.d\"} } else let(:pre_condition) do [ "file { '/etc/icinga2/example.d': ensure => directory, tag => 'icinga2::config::file' }", "file { '/etc/icinga2/example.d/foo': ensure => file, tag => 'icinga2::config::file' }", ] end it { is_expected.to contain_file("#{@icinga2_conf_dir}/icinga2.conf") .with_content %r{^include_recursive \"/etc/icinga2/example.d\"} } end it { is_expected.to contain_file("#{@icinga2_conf_dir}/example.d") .with({ 'ensure' => 'directory', 'tag' => 'icinga2::config::file', }) } it { is_expected.to contain_file("#{@icinga2_conf_dir}/example.d/foo") .with({ 'ensure' => 'file', 'tag' => 'icinga2::config::file', }) .that_notifies('Class[icinga2::service]') } end context "with constants => { foo => bar }" do let(:params) do { :constants => {'foo' => 'bar'} } end it { is_expected.to contain_file("#{@icinga2_conf_dir}/constants.conf") .with_content(/^const foo = \"bar\"/) } end context "with plugins => [ foo, bar ]" do let(:params) do { :plugins => ['foo', 'bar'] } end it { is_expected.to contain_file("#{@icinga2_conf_dir}/icinga2.conf") .with_content(/^include /) .with_content(/^include /) } end context "with ensure => stopped, enable => false" do let(:params) do { :ensure => 'stopped', :enable => false } end it { is_expected.to contain_service('icinga2') .with({ 'ensure' => 'stopped', 'enable' => false, }) } end context "with manage_service => false" do let(:params) do { :manage_service => false } end it { is_expected.not_to contain_service('icinga2') } end end end end diff --git a/spec/classes/idomysql_spec.rb b/spec/classes/idomysql_spec.rb index 1dad067..85adec7 100644 --- a/spec/classes/idomysql_spec.rb +++ b/spec/classes/idomysql_spec.rb @@ -1,206 +1,206 @@ require 'spec_helper' describe('icinga2::feature::idomysql', :type => :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], constants => {'NodeName' => 'host.example.org'} }" ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do case facts[:kernel] when 'windows' facts.merge({ :icinga2_puppet_hostcert => 'C:/ProgramData/PuppetLabs/puppet/ssl/certs/host.example.org.pem', :icinga2_puppet_hostprivkey => 'C:/ProgramData/PuppetLabs/puppet/ssl/private_keys/host.example.org.pem', :icinga2_puppet_localcacert => 'C:/ProgramData/PuppetLabs/var/lib/puppet/ssl/certs/ca.pem', }) else facts.merge({ :icinga2_puppet_hostcert => '/etc/puppetlabs/puppet/ssl/certs/host.example.org.pem', :icinga2_puppet_hostprivkey => '/etc/puppetlabs/puppet/ssl/private_keys/host.example.org.pem', :icinga2_puppet_localcacert => '/etc/lib/puppetlabs/puppet/ssl/certs/ca.pem', }) end end before(:each) do case facts[:kernel] when 'windows' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' @icinga2_pki_dir = 'C:/ProgramData/icinga2/var/lib/icinga2/certs' @ido_mysql_schema_dir = 'C:/Program Files/icinga2/usr/share/icinga2-ido-mysql/schema' @icinga2_sslkey_mode = nil @icinga2_user = nil @icinga2_group = nil when 'FreeBSD' @icinga2_conf_dir = '/usr/local/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @ido_mysql_schema_dir = '/usr/local/share/icinga2-ido-mysql/schema' @icinga2_sslkey_mode = '0600' @icinga2_user = 'icinga' @icinga2_group = 'icinga' else @icinga2_conf_dir = '/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @ido_mysql_schema_dir = '/usr/share/icinga2-ido-mysql/schema' @icinga2_sslkey_mode = '0600' - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' @icinga2_user = 'nagios' @icinga2_group = 'nagios' else @icinga2_user = 'icinga' @icinga2_group = 'icinga' end end end context "with defaults" do let(:params) do { :password => 'foo' } end if facts[:kernel] == 'Linux' it { is_expected.to contain_package('icinga2-ido-mysql').with({ 'ensure' => 'installed' }) } end - if facts[:osfamily] == 'Debian' + if facts[:os]['family'] == 'Debian' it { is_expected.to contain_file('/etc/dbconfig-common/icinga2-ido-mysql.conf') .with({ 'ensure' => 'file', 'owner' => 'root', 'group' => 'root', }) } end it { is_expected.to contain_icinga2__feature('ido-mysql').with({'ensure' => 'present'}) } it { is_expected.to contain_icinga2__object('icinga2::object::IdoMysqlConnection::ido-mysql') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/ido-mysql.conf" }) .that_notifies('Class[icinga2::service]') } it { is_expected.to contain_concat__fragment('icinga2::feature::ido-mysql') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/ido-mysql.conf", 'order' => '05', }) .with_content(/library \"db_ido_mysql\"$/) } end context "with ensure => absent" do let(:params) do { :ensure => 'absent', :password => 'foo' } end it { is_expected.to contain_icinga2__feature('ido-mysql').with({'ensure' => 'absent'}) } end context "with import_schema => true" do let(:params) do { :import_schema => true, :password => 'foo' } end it { is_expected.to contain_exec('idomysql-import-schema') .with({ 'user' => 'root', 'command' => "mysql -u icinga -p'foo' icinga < \"#{@ido_mysql_schema_dir}/mysql.sql\"", }) } end if facts[:kernel] == 'Linux' context "with icinga2::manage_packages => false" do let(:params) do { :password => 'foo' } end let(:pre_condition) do [ "class { 'icinga2': features => [], manage_packages => false }" ] end it { is_expected.not_to contain_package('icinga2').with({ 'ensure' => 'installed' }) } it { is_expected.not_to contain_package('icinga2-ido-mysql').with({ 'ensure' => 'installed' }) } end end context "with enable_ssl => true, host => 127.0.0.1, port => 3306, import_schema => true, ssl_key => foo, ssl_cert => bar, ssl_cacert => baz" do let(:params) do { :enable_ssl => true, :ssl_key => 'foo', :ssl_cert => 'bar', :ssl_cacert => 'baz', :host => '127.0.0.1', :port => 3306, :import_schema => true, :password => 'foo' } end it { is_expected.to contain_file("#{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key") .with({ 'mode' => @icinga2_sslkey_mode, 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .with_content(/^foo/) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt") .with({ 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .with_content(/^bar$/) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt") .with({ 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .with_content(/^baz$/) } it { is_expected.to contain_exec('idomysql-import-schema') .with({ 'user' => 'root', 'command' => "mysql -h 127.0.0.1 -P 3306 -u icinga -p'foo' --ssl-ca #{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt --ssl-cert #{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt --ssl-key #{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key icinga < \"#{@ido_mysql_schema_dir}/mysql.sql\"", }) } end context "with enable_ssl => true, import_schema => true, ssl_key_path, ssl_cert_path and ssl_cacert_path set" do let(:params) do { :enable_ssl => true, :ssl_key_path => "#{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key", :ssl_cert_path => "#{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt", :ssl_cacert_path => "#{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt", :import_schema => true, :password => 'foo' } end it { is_expected.to contain_concat__fragment('icinga2::object::IdoMysqlConnection::ido-mysql') .with_content %r{ssl_key = "#{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key"} } it { is_expected.to contain_concat__fragment('icinga2::object::IdoMysqlConnection::ido-mysql') .with_content %r{ssl_cert = "#{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt"} } it { is_expected.to contain_concat__fragment('icinga2::object::IdoMysqlConnection::ido-mysql') .with_content %r{ssl_ca = "#{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt"} } it { is_expected.to contain_exec('idomysql-import-schema') .with({ 'user' => 'root', 'command' => "mysql -u icinga -p'foo' --ssl-ca #{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql_ca.crt --ssl-cert #{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.crt --ssl-key #{@icinga2_pki_dir}/IdoMysqlConnection_ido-mysql.key icinga < \"#{@ido_mysql_schema_dir}/mysql.sql\"", }) } end end end end diff --git a/spec/classes/idopgsql_spec.rb b/spec/classes/idopgsql_spec.rb index 255c55b..7b809c8 100644 --- a/spec/classes/idopgsql_spec.rb +++ b/spec/classes/idopgsql_spec.rb @@ -1,121 +1,121 @@ require 'spec_helper' describe('icinga2::feature::idopgsql', :type => :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], }" ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts end before(:each) do case facts[:kernel] when 'windows' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' @icinga2_pki_dir = 'C:/ProgramData/icinga2/var/lib/icinga2/certs' @ido_pgsql_schema_dir = 'C:/Program Files/icinga2/usr/share/icinga2-ido-pgsql/schema' @icinga2_sslkey_mode = nil @icinga2_user = nil @icinga2_group = nil when 'FreeBSD' @icinga2_conf_dir = '/usr/local/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @ido_pgsql_schema_dir = '/usr/local/share/icinga2-ido-pgsql/schema' @icinga2_sslkey_mode = '0600' @icinga2_user = 'icinga' @icinga2_group = 'icinga' else @icinga2_conf_dir = '/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @ido_pgsql_schema_dir = '/usr/share/icinga2-ido-pgsql/schema' @icinga2_sslkey_mode = '0600' - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' @icinga2_user = 'nagios' @icinga2_group = 'nagios' else @icinga2_user = 'icinga' @icinga2_group = 'icinga' end end end context "with defaults" do let(:params) do { :password => 'foo' } end if facts[:kernel] == 'Linux' it { is_expected.to contain_package('icinga2-ido-pgsql').with({ 'ensure' => 'installed' }) } end - if facts[:osfamily] == 'Debian' + if facts[:os]['family'] == 'Debian' it { is_expected.to contain_file('/etc/dbconfig-common/icinga2-ido-pgsql.conf') .with({ 'ensure' => 'file', 'owner' => 'root', 'group' => 'root', }) } end it { is_expected.to contain_icinga2__feature('ido-pgsql').with({'ensure' => 'present'}) } it { is_expected.to contain_concat__fragment('icinga2::object::IdoPgsqlConnection::ido-pgsql') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/ido-pgsql.conf" }) } end context "with ensure => absent" do let(:params) do { :ensure => 'absent', :password => 'foo' } end it { is_expected.to contain_icinga2__feature('ido-pgsql').with({'ensure' => 'absent'}) } end context "with import_schema => true" do let(:params) do { :import_schema => true, :password => 'foo' } end it { is_expected.to contain_exec('idopgsql-import-schema') .with({ 'user' => 'root', 'environment' => ["PGPASSWORD=foo"], 'command' => "psql -h 'localhost' -U 'icinga' -p '5432' -d 'icinga' -w -f \"#{@ido_pgsql_schema_dir}/pgsql.sql\"" }) } end if facts[:kernel] == 'Linux' context "with manage_packages => false" do let(:params) do { :password => 'foo' } end let(:pre_condition) do [ "class { 'icinga2': features => [], manage_packages => false }" ] end it { is_expected.not_to contain_package('icinga2').with({ 'ensure' => 'installed' }) } it { is_expected.not_to contain_package('icinga2-ido-pgsql').with({ 'ensure' => 'installed' }) } end end end end end diff --git a/spec/classes/influxdb_spec.rb b/spec/classes/influxdb_spec.rb index c9bb89f..8bca738 100644 --- a/spec/classes/influxdb_spec.rb +++ b/spec/classes/influxdb_spec.rb @@ -1,121 +1,121 @@ require 'spec_helper' describe('icinga2::feature::influxdb', :type => :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], constants => {'NodeName' => 'host.example.org'} }" ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts end before(:each) do case facts[:kernel] when 'windows' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' @icinga2_pki_dir = 'C:/ProgramData/icinga2/var/lib/icinga2/certs' @icinga2_sslkey_mode = nil @icinga2_user = nil @icinga2_group = nil when 'FreeBSD' @icinga2_conf_dir = '/usr/local/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @icinga2_sslkey_mode = '0600' @icinga2_user = 'icinga' @icinga2_group = 'icinga' else @icinga2_conf_dir = '/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @icinga2_sslkey_mode = '0600' - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' @icinga2_user = 'nagios' @icinga2_group = 'nagios' else @icinga2_user = 'icinga' @icinga2_group = 'icinga' end end end context "with all defaults" do it { is_expected.to contain_icinga2__feature('influxdb').with({'ensure' => 'present'}) } it { is_expected.to contain_concat__fragment('icinga2::object::InfluxdbWriter::influxdb') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/influxdb.conf" }) .that_notifies('Class[icinga2::service]') } it { is_expected.to contain_concat__fragment('icinga2::feature::influxdb') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/influxdb.conf", 'order' => '05', }) .with_content(/library \"perfdata\"$/) } end context "with ensure => absent" do let(:params) do { :ensure => 'absent' } end it { is_expected.to contain_icinga2__feature('influxdb').with({'ensure' => 'absent'}) } end context "with enable_ssl = true, ssl_key => foo, ssl_cert => bar, ssl_cacert => baz" do let(:params) do { :enable_ssl => true, :ssl_key => 'foo', :ssl_cert => 'bar', :ssl_cacert => 'baz' } end it { is_expected.to contain_file("#{@icinga2_pki_dir}/InfluxdbWriter_influxdb.key") .with({ 'owner' => @icinga2_user, 'group' => @icinga2_group, 'mode' => @icinga2_sslkey_mode, }) .with_content(/^foo$/) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/InfluxdbWriter_influxdb.crt") .with({ 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .with_content(/^bar$/) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/InfluxdbWriter_influxdb_ca.crt") .with({ 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .with_content(/^baz$/) } end context "with enable_ssl = true, ssl_key_path, ssl_cert_path and ssl_cacert_path set" do let(:params) do { :enable_ssl => true, :ssl_key_path => "#{@icinga2_pki_dir}/InfluxdbWriter_influxdb.key", :ssl_cert_path => "#{@icinga2_pki_dir}/InfluxdbWriter_influxdb.crt", :ssl_cacert_path => "#{@icinga2_pki_dir}/InfluxdbWriter_influxdb_ca.crt" } end it { is_expected.to contain_concat__fragment('icinga2::object::InfluxdbWriter::influxdb') .with_content %r{ssl_key = "#{@icinga2_pki_dir}/InfluxdbWriter_influxdb.key"} } it { is_expected.to contain_concat__fragment('icinga2::object::InfluxdbWriter::influxdb') .with_content %r{ssl_cert = "#{@icinga2_pki_dir}/InfluxdbWriter_influxdb.crt"} } it { is_expected.to contain_concat__fragment('icinga2::object::InfluxdbWriter::influxdb') .with_content %r{ssl_ca_cert = "#{@icinga2_pki_dir}/InfluxdbWriter_influxdb_ca.crt"} } end end end end diff --git a/spec/classes/mainlog_spec.rb b/spec/classes/mainlog_spec.rb index 642ac7f..e8d3e83 100644 --- a/spec/classes/mainlog_spec.rb +++ b/spec/classes/mainlog_spec.rb @@ -1,66 +1,66 @@ require 'spec_helper' describe('icinga2::feature::mainlog', :type => :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], }" ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts end before(:each) do case facts[:kernel] when 'windows' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' when 'FreeBSD' @icinga2_conf_dir = '/usr/local/etc/icinga2' else @icinga2_conf_dir = '/etc/icinga2' end end context "with defaults" do let(:params) do { :ensure => 'present' } end it { is_expected.to contain_icinga2__feature('mainlog').with({'ensure' => 'present'}) } it { is_expected.to contain_icinga2__object('icinga2::object::FileLogger::mainlog') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/mainlog.conf" }) .that_notifies('Class[icinga2::service]') } - case facts[:osfamily] + case facts[:os]['family'] when 'windows' it { is_expected.to contain_concat__fragment('icinga2::object::FileLogger::mainlog') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/mainlog.conf", }) .with_content(/path = \"C:\/ProgramData\/icinga2\/var\/log\/icinga2\/icinga2.log\"/) } else it { is_expected.to contain_concat__fragment('icinga2::object::FileLogger::mainlog') .with({ 'target' => "#{@icinga2_conf_dir}/features-available/mainlog.conf", }) .with_content(/path = \"\/var\/log\/icinga2\/icinga2.log\"/) } end end context "#{os} with ensure => absent" do let(:params) do { :ensure => 'absent' } end it { is_expected.to contain_icinga2__feature('mainlog').with({'ensure' => 'absent'}) } end end end end diff --git a/spec/classes/pki_ca_spec.rb b/spec/classes/pki_ca_spec.rb index 863db89..b78a1d1 100644 --- a/spec/classes/pki_ca_spec.rb +++ b/spec/classes/pki_ca_spec.rb @@ -1,171 +1,171 @@ require 'spec_helper' describe('icinga2::pki::ca', :type => :class) do let(:pre_condition) do [ "class { 'icinga2': features => [], constants => {'NodeName' => 'host.example.org'} }" ] end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do case facts[:kernel] when 'windows' facts.merge({ :icinga2_puppet_hostcert => 'C:/ProgramData/PuppetLabs/puppet/ssl/certs/host.example.org.pem', :icinga2_puppet_hostprivkey => 'C:/ProgramData/PuppetLabs/puppet/ssl/private_keys/host.example.org.pem', :icinga2_puppet_localcacert => 'C:/ProgramData/PuppetLabs/var/lib/puppet/ssl/certs/ca.pem', }) else facts.merge({ :icinga2_puppet_hostcert => '/etc/puppetlabs/puppet/ssl/certs/host.example.org.pem', :icinga2_puppet_hostprivkey => '/etc/puppetlabs/puppet/ssl/private_keys/host.example.org.pem', :icinga2_puppet_localcacert => '/etc/lib/puppetlabs/puppet/ssl/certs/ca.pem', }) end end before(:each) do case facts[:kernel] when 'windows' @icinga2_bin = 'C:/Program Files/icinga2/sbin/icinga2.exe' @icinga2_conf_dir = 'C:/ProgramData/icinga2/etc/icinga2' @icinga2_pki_dir = 'C:/ProgramData/icinga2/var/lib/icinga2/certs' @icinga2_ca_dir = 'C:/ProgramData/icinga2/var/lib/icinga2/ca' @icinga2_sslkey_mode = nil @icinga2_user = nil @icinga2_group = nil when 'FreeBSD' @icinga2_bin = '/usr/local/sbin/icinga2' @icinga2_conf_dir = '/usr/local/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @icinga2_ca_dir = '/var/lib/icinga2/ca' @icinga2_sslkey_mode = '0600' @icinga2_user = 'icinga' @icinga2_group = 'icinga' else @icinga2_conf_dir = '/etc/icinga2' @icinga2_pki_dir = '/var/lib/icinga2/certs' @icinga2_ca_dir = '/var/lib/icinga2/ca' @icinga2_sslkey_mode = '0600' - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' @icinga2_user = 'nagios' @icinga2_group = 'nagios' @icinga2_bin = '/usr/sbin/icinga2' else @icinga2_user = 'icinga' @icinga2_group = 'icinga' - if facts[:osfamily] != 'RedHat' + if facts[:os]['family'] != 'RedHat' @icinga2_bin = '/usr/sbin/icinga2' else - case facts[:operatingsystemmajrelease] + case facts[:os]['release']['major'] when '5' @icinga2_bin = '/usr/sbin/icinga2' when '6' @icinga2_bin = '/usr/sbin/icinga2' else @icinga2_bin = '/sbin/icinga2' end end end end end context "with defaults" do it { is_expected.to contain_exec('create-icinga2-ca') .with({ 'command' => "\"#{@icinga2_bin}\" pki new-ca", 'creates' => "#{@icinga2_ca_dir}/ca.crt", }) .that_notifies('Class[icinga2::service]') .that_comes_before("File[#{@icinga2_pki_dir}/ca.crt]") } it { is_expected.to contain_exec('icinga2 pki create certificate signing request') .with({ 'command' => "\"#{@icinga2_bin}\" pki new-cert --cn host.example.org --key #{@icinga2_pki_dir}/host.example.org.key --csr #{@icinga2_pki_dir}/host.example.org.csr", 'creates' => "#{@icinga2_pki_dir}/host.example.org.key", }) .that_requires("File[#{@icinga2_pki_dir}/ca.crt]") } - + it { is_expected.to contain_exec('icinga2 pki sign certificate') .with({ 'command' => "\"#{@icinga2_bin}\" pki sign-csr --csr #{@icinga2_pki_dir}/host.example.org.csr --cert #{@icinga2_pki_dir}/host.example.org.crt", 'refreshonly' => true, }) .that_notifies('Class[icinga2::service]') .that_subscribes_to('Exec[icinga2 pki create certificate signing request]') } it { is_expected.to contain_file("#{@icinga2_pki_dir}/ca.crt") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, }) } it { is_expected.to contain_file("#{@icinga2_pki_dir}/host.example.org.key") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, 'mode' => @icinga2_sslkey_mode, 'show_diff' => false, 'backup' => false, }) .that_requires('Exec[icinga2 pki create certificate signing request]') } it { is_expected.to contain_file("#{@icinga2_pki_dir}/host.example.org.crt") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, }) .that_requires('Exec[icinga2 pki sign certificate]') } it { is_expected.to contain_file("#{@icinga2_pki_dir}/host.example.org.csr") .with({ 'ensure' => 'absent', }) .that_requires('Exec[icinga2 pki sign certificate]') } end context "with ca_cert => 'foo', ca_key => 'bar'" do let(:params) do { :ca_cert => 'foo', :ca_key => 'bar' } end it { is_expected.to contain_exec('icinga2 pki create certificate signing request') .with({ 'command' => "\"#{@icinga2_bin}\" pki new-cert --cn host.example.org --key #{@icinga2_pki_dir}/host.example.org.key --csr #{@icinga2_pki_dir}/host.example.org.csr", 'creates' => "#{@icinga2_pki_dir}/host.example.org.key", }) .that_requires("File[#{@icinga2_pki_dir}/ca.crt]") } - + it { is_expected.to contain_exec('icinga2 pki sign certificate') .with({ 'command' => "\"#{@icinga2_bin}\" pki sign-csr --csr #{@icinga2_pki_dir}/host.example.org.csr --cert #{@icinga2_pki_dir}/host.example.org.crt", 'refreshonly' => true, }) .that_notifies('Class[icinga2::service]') .that_subscribes_to('Exec[icinga2 pki create certificate signing request]') } it { is_expected.to contain_file("#{@icinga2_ca_dir}/ca.crt") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, - 'tag' => 'icinga2::config::file', }) + 'tag' => 'icinga2::config::file', }) .with_content(/^foo$/) .that_comes_before("File[#{@icinga2_pki_dir}/ca.crt]") } it { is_expected.to contain_file("#{@icinga2_ca_dir}/ca.key") .with({ 'ensure' => 'file', 'owner' => @icinga2_user, 'group' => @icinga2_group, 'mode' => @icinga2_sslkey_mode, 'tag' => 'icinga2::config::file', 'show_diff' => false, 'backup' => false, }) .with_content(/bar/) } end end end end diff --git a/spec/defines/feature_spec.rb b/spec/defines/feature_spec.rb index fdd0c36..c5aa9dc 100644 --- a/spec/defines/feature_spec.rb +++ b/spec/defines/feature_spec.rb @@ -1,111 +1,111 @@ require 'spec_helper' describe('icinga2::feature', :type => :define) do let(:title) do 'bar' end before(:each) do # Fake assert_private function from stdlib to not fail within this test Puppet::Parser::Functions.newfunction(:assert_private, :type => :rvalue) { |args| } end on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts end case facts[:kernel] when 'Linux' - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' before(:all) do @icinga2_config_dir = '/etc/icinga2' @icinga2_user = 'nagios' @icinga2_group = 'nagios' end else before(:all) do @icinga2_config_dir = '/etc/icinga2' @icinga2_user = 'icinga' @icinga2_group = 'icinga' end end when 'FreeBSD' before(:all) do @icinga2_config_dir = '/usr/local/etc/icinga2' @icinga2_user = 'icinga' @icinga2_group = 'icinga' end when 'windows' before(:all) do @icinga2_config_dir = 'C:/ProgramData/icinga2/etc/icinga2' end end let(:pre_condition) do [ "class { 'icinga2': features => [] }", "icinga2::object { 'icinga2::object::FooComponent::foo': object_name => 'foo', object_type => 'FooComponent', target => '#{@icinga2_config_dir}/features-available/foo.conf', order => 10, }" ] end case facts[:kernel] when 'windows' context "with ensure => present" do let(:params) do { :ensure => 'present', :feature => 'foo' } end it { is_expected.to contain_file("#{@icinga2_config_dir}/features-enabled/foo.conf") .with({ 'ensure' => 'file' }) .that_notifies('Class[icinga2::service]') } it { should compile } end else context "with ensure => present" do let(:params) do { :ensure => 'present', :feature => 'foo' } end it { is_expected.to contain_file("#{@icinga2_config_dir}/features-enabled/foo.conf") .with({ 'ensure' => 'link', 'owner' => @icinga2_user, 'group' => @icinga2_group, }).that_notifies('Class[icinga2::service]') } it { should compile } end end context "with ensure => absent" do let(:params) do { :ensure => 'absent', :feature => 'foo' } end it { is_expected.to contain_file("#{@icinga2_config_dir}/features-enabled/foo.conf") .with({ 'ensure' => 'absent'}) .that_notifies('Class[icinga2::service]') } it { should compile } end end end end diff --git a/spec/defines/objects_spec.rb b/spec/defines/objects_spec.rb index 5e292d1..e0bdb05 100644 --- a/spec/defines/objects_spec.rb +++ b/spec/defines/objects_spec.rb @@ -1,228 +1,228 @@ require 'spec_helper' facts = { :kernel => 'Linux', - :os => {:family => 'Debian', :name => 'Debian'}, - :osfamily => 'Debian' } + :os => {'family' => 'Debian', 'name' => 'Debian'}, +} describe('icinga2::object', :type => :define) do let(:title) do 'foo' end let(:pre_condition) do [ "class { 'icinga2': }" ] end before(:each) do # Fake assert_private function from stdlib to not fail within this test Puppet::Parser::Functions.newfunction(:assert_private, :type => :rvalue) { |args| } end on_supported_os.each do |os, complete_facts| let(:facts) do complete_facts end context "#{os} with object_type => 'foobar'" do let(:params) do { :object_type => 'foobar', :target => '/bar/baz', :order => '10' } end - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' before(:each) do @icinga2_user = 'nagios' @icinga2_group = 'nagios' end when 'Windows' before(:each) do @icinga2_user = null @icinga2_group = null end else before(:each) do @icinga2_user = 'icinga' @icinga2_group = 'icinga' end end it { is_expected.to contain_concat('/bar/baz') .with({ 'owner' => @icinga2_user, 'group' => @icinga2_group }).that_notifies('Class[icinga2::service]') } it { is_expected.to contain_concat__fragment('foo') .with({ 'target' => '/bar/baz', 'order' => '10' }).with_content(/object foobar "foo" \{/) } it { should compile } end end let(:facts) do facts end context "with template => true" do let(:params) do { :template => true, :object_type => 'foobar', :target => '/bar/baz', :order => '10' } end it { is_expected.to contain_concat__fragment('foo') .with_content(/template foobar "foo" \{/) } end context "with import => ['bar', 'baz']" do let(:params) do { :import => ['bar', 'baz'], :object_type => 'foobar', :target => '/bar/baz', :order => '10' } end it { is_expected.to contain_concat__fragment('foo') .with_content(/import "bar"\n import "baz"\n/) } end context "with apply_target => 'Service', object_type => 'Service' (same value)" do let(:params) do { :apply_target => 'Service', :object_type => 'Service', :target => '/bar/baz', :order => '10' } end it { is_expected.to raise_error(Puppet::Error, /must be different/) } end context "with apply => true, apply_target => 'Host'" do let(:params) do { :apply => true, :apply_target => 'Host', :object_type => 'foobar', :target => '/bar/baz', :order => '10' } end it { is_expected.to contain_concat__fragment('foo') .with_content(/apply foobar \"foo\" to Host \{/) } end context "with apply => true, apply_target => 'Service'" do let(:params) do { :apply => true, :apply_target => 'Service', :object_type => 'foobar', :target => '/bar/baz', :order => '10' } end it { is_expected.to contain_concat__fragment('foo') .with_content(/apply foobar \"foo\" to Service \{/) } end context "with apply => 'item in array', prefix => true" do let(:params) do { :apply => 'item in array', :prefix => true, :object_type => 'foobar', :target => '/bar/baz', :order => '10' } end it { is_expected.to contain_concat__fragment('foo') .with_content(/apply foobar \"foo\" for \(item in array\) \{/) } end context "with apply => 'key => value in hash', prefix => 'some string'" do let(:params) do { :apply => 'key => value in hash', :prefix => 'some string', :object_type => 'foobar', :target => '/bar/baz', :order => '10' } end it { is_expected.to contain_concat__fragment('foo') .with_content(/apply foobar \"some string\" for \(key => value in hash\) \{/) } end end on_icinga_objects = { 'ApiUser' => 'icinga2::object::apiuser', 'CheckCommand' => 'icinga2::object::checkcommand', 'Dependency' => 'icinga2::object::dependency', 'Endpoint' => 'icinga2::object::endpoint', 'EventCommand' => 'icinga2::object::eventcommand', 'Host' => 'icinga2::object::host', 'HostGroup' => 'icinga2::object::hostgroup', 'Notification' => 'icinga2::object::notification', 'NotificationCommand' => 'icinga2::object::notificationcommand', 'ScheduledDowntime' => 'icinga2::object::scheduleddowntime', 'Service' => 'icinga2::object::service', 'ServiceGroup' => 'icinga2::object::servicegroup', 'TimePeriod' => 'icinga2::object::timeperiod', 'User' => 'icinga2::object::user', 'UserGroup' => 'icinga2::object::usergroup', 'Zone' => 'icinga2::object::zone', } on_icinga_objects.each do |otype, rtype| describe(rtype, :type => :define) do let(:title) do 'foo' end let(:pre_condition) do [ "class { 'icinga2': }" ] end let(:facts) do facts end context "with all defaults" do let(:params) do { :target => '/bar/baz' } end it { is_expected.to contain_icinga2__object("icinga2::object::#{otype}::foo") .with_object_type(otype) } it { should compile } end end end diff --git a/spec/functions/attributes_spec.rb b/spec/functions/attributes_spec.rb index 15d7921..be3f610 100644 --- a/spec/functions/attributes_spec.rb +++ b/spec/functions/attributes_spec.rb @@ -1,605 +1,604 @@ require 'spec_helper' describe 'icinga2_attributes' do let(:pre_condition) do [ "class { 'icinga2': }" ] end let(:facts) do { :kernel => 'Linux', :os => { - :family => 'Debian', - :name => 'Debian' + 'family' => 'Debian', + 'name' => 'Debian' }, - :osfamily => 'Debian', } end it 'raises a ArgumentError if there is less than 1 arguments' do is_expected.to run.with_params.and_raise_error(Puppet::ParseError) end it 'raises a ArgumentError if there are more than 4 arguments' do is_expected.to run.with_params('one','two','three','four','five').and_raise_error(Puppet::ParseError) end it 'assign a string' do # foo = "some string, connected to another. Yeah!" is_expected.to run.with_params({ 'foo' => 'some string, connected to another. Yeah!' }).and_return("foo = \"some string, connected to another. Yeah!\"\n") # foo += "some string" is_expected.to run.with_params({ 'foo' => '+ some string, connected to another. Yeah!' }).and_return("foo += \"some string, connected to another. Yeah!\"\n") # vars.foo = "some string" is_expected.to run.with_params({ 'vars' => { 'foo' => 'some string, connected to another. Yeah!' } }).and_return("vars.foo = \"some string, connected to another. Yeah!\"\n") # vars.foo += "some string" is_expected.to run.with_params({ 'vars' => { 'foo' => '+ some string, connected to another. Yeah!' } }).and_return("vars.foo += \"some string, connected to another. Yeah!\"\n") # foo = "some string" + [ "bar", "baz", ] is_expected.to run.with_params({ 'foo' => 'some string + [ bar, baz ]' }).and_return("foo = \"some string\" + [ \"bar\", \"baz\", ]\n") # foo = "[ "bar", "baz", ] + "other string" is_expected.to run.with_params({ 'foo' => '[ bar, baz ] + other string' }).and_return("foo = [ \"bar\", \"baz\", ] + \"other string\"\n") # foo = "[ "bar", "baz", ] + [ "barbaz", ] is_expected.to run.with_params({ 'foo' => '[ bar, baz ] + [ barbaz ]' }).and_return("foo = [ \"bar\", \"baz\", ] + [ \"barbaz\", ]\n") # foo = "[ "bar", [ "baz", ], ] is_expected.to run.with_params({ 'foo' => '[ bar, [ baz ] ]' }).and_return("foo = [ \"bar\", [ \"baz\", ], ]\n") # result = "some string" + { # foo = "baz" # bar = "baz" # } is_expected.to run.with_params({ 'result' => '{ foo => baz, bar => baz }' }).and_return("result = {\n foo = \"baz\"\n bar = \"baz\"\n}\n") end it 'assign a boolean' do # foo = false is_expected.to run.with_params({ 'foo' => 'false' }).and_return("foo = false\n") # foo = true is_expected.to run.with_params({ 'foo' => 'true' }).and_return("foo = true\n") # foo = null is_expected.to run.with_params({ 'foo' => 'null' }).and_return("foo = null\n") # vars.foo = false is_expected.to run.with_params({ 'vars' => { 'foo' => 'false' } }).and_return("vars.foo = false\n") # vars.foo = true is_expected.to run.with_params({ 'vars' => { 'foo' => 'true' } }).and_return("vars.foo = true\n") # vars.foo = null is_expected.to run.with_params({ 'vars' => { 'foo' => 'null' } }).and_return("vars.foo = null\n") end it 'assign a number' do # foo = 42 is_expected.to run.with_params({ 'foo' => '42' }).and_return("foo = 42\n") # foo += 42 is_expected.to run.with_params({ 'foo' => '+ 42' }).and_return("foo += 42\n") # foo -= 42 is_expected.to run.with_params({ 'foo' => '- 42' }).and_return("foo -= 42\n") # foo = -42 is_expected.to run.with_params({ 'foo' => '-42' }).and_return("foo = -42\n") # foo += -42 is_expected.to run.with_params({ 'foo' => '+ -42' }).and_return("foo += -42\n") # foo -= -42 is_expected.to run.with_params({ 'foo' => '- -42' }).and_return("foo -= -42\n") # vars.foo = 42 is_expected.to run.with_params({ 'vars' => { 'foo' => '42' } }).and_return("vars.foo = 42\n") # vars.foo += 42 is_expected.to run.with_params({ 'vars' => { 'foo' => '+ 42' } }).and_return("vars.foo += 42\n") # vars.foo -= 42 is_expected.to run.with_params({ 'vars' => { 'foo' => '- 42' } }).and_return("vars.foo -= 42\n") # vars.foo = -42 is_expected.to run.with_params({ 'vars' => { 'foo' => '-42' } }).and_return("vars.foo = -42\n") # vars.foo += -42 is_expected.to run.with_params({ 'vars' => { 'foo' => '+ -42' } }).and_return("vars.foo += -42\n") # vars.foo -= -42 is_expected.to run.with_params({ 'vars' => { 'foo' => '- -42' } }).and_return("vars.foo -= -42\n") end it 'assign a floating point number' do # foo = 3.141 is_expected.to run.with_params({ 'foo' => '3.141' }).and_return("foo = 3.141\n") # foo += 3.141 is_expected.to run.with_params({ 'foo' => '+ 3.141' }).and_return("foo += 3.141\n") # foo -= 3.141 is_expected.to run.with_params({ 'foo' => '- 3.141' }).and_return("foo -= 3.141\n") # foo = -3.141 is_expected.to run.with_params({ 'foo' => '-3.141' }).and_return("foo = -3.141\n") # foo += -3.141 is_expected.to run.with_params({ 'foo' => '+ -3.141' }).and_return("foo += -3.141\n") # foo -= -3.141 is_expected.to run.with_params({ 'foo' => '- -3.141' }).and_return("foo -= -3.141\n") # vars.foo = 3.141 is_expected.to run.with_params({ 'vars' => { 'foo' => '3.141' } }).and_return("vars.foo = 3.141\n") # vars.foo += 3.141 is_expected.to run.with_params({ 'vars' => { 'foo' => '+ 3.141' } }).and_return("vars.foo += 3.141\n") # vars.foo -= 3.141 is_expected.to run.with_params({ 'vars' => { 'foo' => '- 3.141' } }).and_return("vars.foo -= 3.141\n") # vars.foo = -3.141 is_expected.to run.with_params({ 'vars' => { 'foo' => '-3.141' } }).and_return("vars.foo = -3.141\n") # vars.foo += -3.141 is_expected.to run.with_params({ 'vars' => { 'foo' => '+ -3.141' } }).and_return("vars.foo += -3.141\n") # vars.foo -= -3.141 is_expected.to run.with_params({ 'vars' => { 'foo' => '- -3.141' } }).and_return("vars.foo -= -3.141\n") end it 'assign numbers with time units' do # foo_s = 60s # foo_m = 5m # foo_h = 2.5h # foo_d = 2d is_expected.to run.with_params({ 'foo_s' => '60s', 'foo_m' => '5m', 'foo_h' => '2.5h', 'foo_d' => '2d' }).and_return("foo_s = 60s\nfoo_m = 5m\nfoo_h = 2.5h\nfoo_d = 2d\n") # vars.foo_s = 60s # vars.foo_m = 5m # vars.foo_h = 2.5h # vars.foo_d = 2d is_expected.to run.with_params({ 'vars' => { 'foo_s' => '60s', 'foo_m' => '5m', 'foo_h' => '2.5h', 'foo_d' => '2d' } }).and_return("vars.foo_s = 60s\nvars.foo_m = 5m\nvars.foo_h = 2.5h\nvars.foo_d = 2d\n") end it 'assign an array' do # foo = [ "some string, connected to another. Yeah!", NodeName, 42, 3.141, 2d, true, ] is_expected.to run.with_params({ 'foo' => ['some string, connected to another. Yeah!', 'NodeName', '42', '3.141', '2.5d', 'true'] }).and_return("foo = [ \"some string, connected to another. Yeah!\", NodeName, 42, 3.141, 2.5d, true, ]\n") # foo += [ "some string, connected to another. Yeah!", NodeName, 42, 3.141, 2d, true, ] is_expected.to run.with_params({ 'foo' => ['+', 'some string, connected to another. Yeah!', 'NodeName', '42', '3.141', '2.5d', 'true'] }).and_return("foo += [ \"some string, connected to another. Yeah!\", NodeName, 42, 3.141, 2.5d, true, ]\n") # foo -= [ "some string, connected to another. Yeah!", NodeName, 42, 3.141, 2d, true, ] is_expected.to run.with_params({ 'foo' => ['-', 'some string, connected to another. Yeah!', 'NodeName', '42', '3.141', '2.5d', 'true'] }).and_return("foo -= [ \"some string, connected to another. Yeah!\", NodeName, 42, 3.141, 2.5d, true, ]\n") # vars.foo = [ "some string, connected to another. Yeah!", NodeName, 42, 3.141, 2d, true, ] is_expected.to run.with_params({ 'vars' => { 'foo' => ['some string, connected to another. Yeah!', 'NodeName', '42', '3.141', '2.5d', 'true'] } }).and_return("vars.foo = [ \"some string, connected to another. Yeah!\", NodeName, 42, 3.141, 2.5d, true, ]\n") # vars.foo += [ "some string, connected to another. Yeah!", NodeName, 42, 3.141, 2d, true, ] is_expected.to run.with_params({ 'vars' => { 'foo' => ['+', 'some string, connected to another. Yeah!', 'NodeName', '42', '3.141', '2.5d', 'true'] } }).and_return("vars.foo += [ \"some string, connected to another. Yeah!\", NodeName, 42, 3.141, 2.5d, true, ]\n") # vars.foo -= [ "some string, connected to another. Yeah!", NodeName, 42, 3.141, 2d, true, ] is_expected.to run.with_params({ 'vars' => { 'foo' => ['-', 'some string, connected to another. Yeah!', 'NodeName', '42', '3.141', '2.5d', 'true'] } }).and_return("vars.foo -= [ \"some string, connected to another. Yeah!\", NodeName, 42, 3.141, 2.5d, true, ]\n") end it 'assign a hash' do # foo = {} is_expected.to run.with_params({ 'foo' => {} }).and_return("foo = {}\n") # foo += {} is_expected.to run.with_params({ 'foo' => { '+' => true, } }).and_return("foo += {}\n") # foo = { # string = "some string, connected to another. Yeah!" # constant = NodeName # numbers = [ 42, 3.141, -42, -3.141, ] # time = 2.5d # bool = true # } is_expected.to run.with_params({ 'foo' => { 'string' => 'some string, connected to another. Yeah!', 'constant' => 'NodeName', 'numbers' => ['42', '3.141', '-42', '-3.141'], 'merge_array' => ['+', '42', '3.141', '-42', '-3.141'], 'time' => '2.5d', 'bool' => 'true', } }).and_return("foo = {\n string = \"some string, connected to another. Yeah!\"\n constant = NodeName\n numbers = [ 42, 3.141, -42, -3.141, ]\n merge_array += [ 42, 3.141, -42, -3.141, ]\n time = 2.5d\n bool = true\n}\n") # foo += { # string = "some string, connected to another. Yeah!" # constant = NodeName # numbers = [ 42, 3.141, -42, -3.141, ] # time = 2.5d # bool = true # } is_expected.to run.with_params({ 'foo' => { '+' => true, 'string' => 'some string, connected to another. Yeah!', 'constant' => 'NodeName', 'numbers' => ['42', '3.141', '-42', '-3.141'], 'merge_array' => ['+', '42', '3.141', '-42', '-3.141'], 'time' => '2.5d', 'bool' => 'true', } }).and_return("foo += {\n string = \"some string, connected to another. Yeah!\"\n constant = NodeName\n numbers = [ 42, 3.141, -42, -3.141, ]\n merge_array += [ 42, 3.141, -42, -3.141, ]\n time = 2.5d\n bool = true\n}\n") # vars.foo["string"] = "some string, connected to another. Yeah!" # vars.foo["constant"] = NodeName # vars.foo["numbers"] = [ 42, 3.141, -42, -3.141, ] # vars.foo["merge_array"] += [ 42, 3.141, -42, -3.141, ] # vars.foo["time"] = 2.5d # vars.foo["bool"] = true is_expected.to run.with_params({ 'vars' => { 'foo' => { 'string' => 'some string, connected to another. Yeah!', 'constant' => 'NodeName', 'numbers' => ['42', '3.141', '-42', '-3.141'], 'merge_array' => ['+', '42', '3.141', '-42', '-3.141'], 'time' => '2.5d', 'bool' => 'true' } } }).and_return("vars.foo[\"string\"] = \"some string, connected to another. Yeah!\"\nvars.foo[\"constant\"] = NodeName\nvars.foo[\"numbers\"] = [ 42, 3.141, -42, -3.141, ]\nvars.foo[\"merge_array\"] += [ 42, 3.141, -42, -3.141, ]\nvars.foo[\"time\"] = 2.5d\nvars.foo[\"bool\"] = true\n") end it 'assign a nested hash' do # foobar = { # foo += { # string = "some string, connected to another. Yeah!" # constant = NodeName # bool = true # } # fooz += {} # bar = { # numbers = [ 42, 3.141, -42, -3,141, ] # merge_array += [ 42, 3.141, -42, -3,141, ] # time = 2.5d # } # baz = {} # } is_expected.to run.with_params({ 'foobar' => { 'foo' => { '+' => true, 'string' => 'some string, connected to another. Yeah!', 'constant' => 'NodeName', 'bool' => 'true' }, 'fooz' => { '+' => true, }, 'bar' => { 'numbers' => ['42', '3.141', '-42', '-3.141'], 'merge_array' => ['+', '42', '3.141', '-42', '-3.141'], 'time' => '2.5d' }, 'baz' => {}, } }).and_return("foobar = {\n foo += {\n string = \"some string, connected to another. Yeah!\"\n constant = NodeName\n bool = true\n }\n fooz += {}\n bar = {\n numbers = [ 42, 3.141, -42, -3.141, ]\n merge_array += [ 42, 3.141, -42, -3.141, ]\n time = 2.5d\n }\n baz = {}\n}\n") # vars.foobar["foo"] += { # string = "some string, connected to another. Yeah!" # constant = NodeName # bool = true # } # vars.foobar["fooz"] += {} # vars.foobar["bar"] = { # numbers = [ 42, 3.141, -42, -3,141, ] # merge_array += [ 42, 3.141, -42, -3,141, ] # time = 2.5d # } # vars.foobar["baz"] = {} is_expected.to run.with_params({ 'vars' => { 'foobar' => { 'foo' => { '+' => true, 'string' => 'some string, connected to another. Yeah!', 'constant' => 'NodeName', 'bool' => 'true' }, 'fooz' => { '+' => true, }, 'bar' => { 'numbers' => ['42', '3.141', '-42', '-3.141'], 'merge_array' => ['+', '42', '3.141', '-42', '-3.141'], 'time' => '2.5d' }, 'baz' => {}, } } }).and_return("vars.foobar[\"foo\"] += {\n string = \"some string, connected to another. Yeah!\"\n constant = NodeName\n bool = true\n}\nvars.foobar[\"fooz\"] += {}\nvars.foobar[\"bar\"] = {\n numbers = [ 42, 3.141, -42, -3.141, ]\n merge_array += [ 42, 3.141, -42, -3.141, ]\n time = 2.5d\n}\nvars.foobar[\"baz\"] = {}\n") end it 'assign multiple custom attributes' do # vars += config1 is_expected.to run.with_params({ 'vars' => '+ config', }, 0, ['config']).and_return("vars += config\n") # vars = vars + config1 is_expected.to run.with_params({ 'vars' => 'vars + config', }, 0, ['vars','config']).and_return("vars = vars + config\n") # vars += config1 # vars += {} # vars.foo = "some string" # vars.bar += [ 42, 3.141, -42, -3.141, ] # vars.baz["number"] -= 42 # vars.baz["floating"] += 3.141 # vars += config2 is_expected.to run.with_params({ 'vars' => [ '+ config1', {}, { 'foo' => 'some string', 'bar' => [ '+', '42', '3.141', '-42', '-3.141' ], 'baz' => { '+' => true, 'number' => '- 42', 'floating' => '+ 3.141', }, }, '+ config2', ], }).and_return("vars += config1\nvars += {}\nvars.foo = \"some string\"\nvars.bar += [ 42, 3.141, -42, -3.141, ]\nvars.baz[\"number\"] -= 42\nvars.baz[\"floating\"] += 3.141\nvars += config2\n") end it 'arithmetic and logical expressions' do # result = 3 + 2 * 4 - (4 + (-2.5)) * 8 + func(3 * 2 + 1, funcN(-42)) + str(NodeName, "some string", "another string") is_expected.to run.with_params({ 'result' => '3 + 2 * 4 - (4 + (-2.5)) * 8 + func(3 * 2 + 1, funcN(-42)) + str(NodeName, some string, another string)' }).and_return("result = 3 + 2 * 4 - (4 + (-2.5)) * 8 + func(3 * 2 + 1, funcN(-42)) + str(NodeName, \"some string\", \"another string\")\n") # result += 3 + 2 * 4 - (4 + (-2.5)) * 8 + func(3 * 2 + 1, funcN(-42)) + str(NodeName, "some string", "another string") is_expected.to run.with_params({ 'result' => '+ 3 + 2 * 4 - (4 + (-2.5)) * 8 + func(3 * 2 + 1, funcN(-42)) + str(NodeName, some string, another string)' }).and_return("result += 3 + 2 * 4 - (4 + (-2.5)) * 8 + func(3 * 2 + 1, funcN(-42)) + str(NodeName, \"some string\", \"another string\")\n") # result = [ 3 + 4, 4 - (4 + (-2.5)) * 8, func(3 * 2 + 1, funcN(-42)) + str(NodeName, "some string", "another string"), ] is_expected.to run.with_params({ 'result' => [ '3 + 4', '4 - (4 + (-2.5)) * 8', 'func(3 * 2 + 1, funcN(-42)) + str(NodeName, some string, another string)' ] }).and_return("result = [ 3 + 4, 4 - (4 + (-2.5)) * 8, func(3 * 2 + 1, funcN(-42)) + str(NodeName, \"some string\", \"another string\"), ]\n") # result = { # add = 3 + 4 # expr = 4 - (4 + (-2.5)) * 8 # func = func(3 * 2 + 1, funcN(-42)) + str(NodeName, "some string", "another string") # } is_expected.to run.with_params({ 'result' => { 'add' => '3 + 4', 'expr' => '4 - (4 + (-2.5)) * 8', 'func' => 'func(3 * 2 + 1, funcN(-42)) + str(NodeName, some string, another string)' } }).and_return("result = {\n add = 3 + 4\n expr = 4 - (4 + (-2.5)) * 8\n func = func(3 * 2 + 1, funcN(-42)) + str(NodeName, \"some string\", \"another string\")\n}\n") # result = get_object("Endpoint", host.name).host + "host.example.org" is_expected.to run.with_params({ 'result' => 'get_object(Endpoint, host.name).attribute + string', }).and_return("result = get_object(\"Endpoint\", host.name).attribute + \"string\"\n") # assign where (host.address || host.address6) && host.vars.os == "Linux" # assign where get_object("Endpoint", host.name) is_expected.to run.with_params({ 'assign where' => [ '(host.address || host.address6) && host.vars.os == Linux', 'get_object(Endpoint, host.name)' ] }).and_return("assign where (host.address || host.address6) && host.vars.os == \"Linux\"\nassign where get_object(\"Endpoint\", host.name)\n") # ignore where get_object("Endpoint", host.name) || host.vars.os != "Windows" is_expected.to run.with_params({ 'ignore where' => [ 'get_object(Endpoint, host.name) || host.vars.os != Windows' ] }).and_return("ignore where get_object(\"Endpoint\", host.name) || host.vars.os != \"Windows\"\n") end it 'disable parsing' do # result = "unparsed string NodeName with quotes" is_expected.to run.with_params({ 'result' => '-:"unparsed string NodeName with quotes"' }).and_return("result = \"unparsed string NodeName with quotes\"\n") # result = "unparsed string NodeName with quotes", ] is_expected.to run.with_params({ 'result' => [ '-:"unparsed string NodeName with quotes"' ] }).and_return("result = [ \"unparsed string NodeName with quotes\", ]\n") # result = { # string = "unparsed string NodeName with quotes", # } is_expected.to run.with_params({ 'result' => { 'string' => '-:"unparsed string NodeName with quotes"' } }).and_return("result = {\n string = \"unparsed string NodeName with quotes\"\n}\n") end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index f11f216..e01a077 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,48 +1,48 @@ require 'beaker-rspec' require 'beaker/puppet_install_helper' # Install Puppet on all hosts install_puppet_agent_on(hosts, :puppet_collection => 'puppet5') RSpec.configure do |c| module_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) c.formatter = :documentation c.before :suite do # Install module to all hosts hosts.each do |host| install_dev_puppet_module_on(host, :source => module_root, :module_name => 'icinga2', :target_module_path => '/etc/puppetlabs/code/modules') # Install dependencies on(host, puppet('module', 'install', 'icinga-icinga')) on(host, puppet('module', 'install', 'puppetlabs-stdlib')) on(host, puppet('module', 'install', 'puppetlabs-concat')) # Install additional modules on(host, puppet('module', 'install', 'puppetlabs-mysql')) on(host, puppet('module', 'install', 'puppetlabs-postgresql')) - if fact('osfamily') == 'Debian' + if fact('os.family') == 'Debian' on(host, puppet('module', 'install', 'puppetlabs-apt')) end - if fact('osfamily') == 'Suse' + if fact('os.family') == 'Suse' on(host, puppet('module', 'install', 'puppet-zypprepo')) end # Add more setup code as needed end end end shared_examples 'a idempotent resource' do it 'applies with no errors' do apply_manifest(pp, catch_failures: true) end it 'applies a second time without changes', :skip_pup_5016 do apply_manifest(pp, catch_changes: true) end end diff --git a/spec/unit/facter/util/fact_icinga2_puppet_hostcert_spec.rb b/spec/unit/facter/util/fact_icinga2_puppet_hostcert_spec.rb index 7789757..62570cc 100644 --- a/spec/unit/facter/util/fact_icinga2_puppet_hostcert_spec.rb +++ b/spec/unit/facter/util/fact_icinga2_puppet_hostcert_spec.rb @@ -1,40 +1,42 @@ require 'spec_helper' describe Facter::Util::Fact do on_supported_os.each do |os, facts| let(:facts) do facts end context "#{os} icinga2_puppet_hostcert fact" do it { expect(Facter.fact(:icinga2_puppet_hostcert).value).to match(/\/ssl\/certs\/.*.pem/) } end end end describe('icinga2::feature::gelf', :type => :class) do let(:facts) do { :kernel => 'Windows', - :architecture => 'x86_64', - :osfamily => 'Windows', - :operatingsystem => 'Windows', - :operatingsystemmajrelease => '2012 R2', + :os => { + 'architecture' => 'x86_64', + 'family' => 'Windows', + 'name' => 'Windows', + 'release' => {'major' => '2012 R2'} + }, :path => 'C:\Program Files\Puppet Labs\Puppet\puppet\bin; C:\Program Files\Puppet Labs\Puppet\facter\bin; C:\Program Files\Puppet Labs\Puppet\hiera\bin; C:\Program Files\Puppet Labs\Puppet\mcollective\bin; C:\Program Files\Puppet Labs\Puppet\bin; C:\Program Files\Puppet Labs\Puppet\sys\ruby\bin; C:\Program Files\Puppet Labs\Puppet\sys\tools\bin; C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem; C:\Windows\System32\WindowsPowerShell\v1.0\; C:\ProgramData\chocolatey\bin;', } end context "Windows 2012 R2 icinga2_puppet_hostcert fact" do it { expect(Facter.fact(:icinga2_puppet_hostcert).value).to match(/\/ssl\/certs\/.*.pem/) } end end diff --git a/spec/unit/facter/util/fact_icinga2_puppet_hostprivkey_spec.rb b/spec/unit/facter/util/fact_icinga2_puppet_hostprivkey_spec.rb index 3255718..bada001 100644 --- a/spec/unit/facter/util/fact_icinga2_puppet_hostprivkey_spec.rb +++ b/spec/unit/facter/util/fact_icinga2_puppet_hostprivkey_spec.rb @@ -1,40 +1,42 @@ require 'spec_helper' describe Facter::Util::Fact do on_supported_os.each do |os, facts| let :facts do facts end context "#{os} icinga2_puppet_hostprivkey fact" do it { expect(Facter.fact(:icinga2_puppet_hostprivkey).value).to match(/\/ssl\/private_keys\/.*.pem/) } end end end describe('icinga2::feature::gelf', :type => :class) do let(:facts) do { :kernel => 'Windows', - :architecture => 'x86_64', - :osfamily => 'Windows', - :operatingsystem => 'Windows', - :operatingsystemmajrelease => '2012 R2', + :os => { + 'architecture' => 'x86_64', + 'family' => 'Windows', + 'name' => 'Windows', + 'release' => {'major' => '2012 R2'} + }, :path => 'C:\Program Files\Puppet Labs\Puppet\puppet\bin; C:\Program Files\Puppet Labs\Puppet\facter\bin; C:\Program Files\Puppet Labs\Puppet\hiera\bin; C:\Program Files\Puppet Labs\Puppet\mcollective\bin; C:\Program Files\Puppet Labs\Puppet\bin; C:\Program Files\Puppet Labs\Puppet\sys\ruby\bin; C:\Program Files\Puppet Labs\Puppet\sys\tools\bin; C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem; C:\Windows\System32\WindowsPowerShell\v1.0\; C:\ProgramData\chocolatey\bin;', } end context "Windows 2012 R2 icinga2_puppet_hostprivkey fact" do it { expect(Facter.fact(:icinga2_puppet_hostprivkey).value).to match(/\/ssl\/private_keys\/.*.pem/) } end end diff --git a/spec/unit/facter/util/fact_icinga2_puppet_localcacert_spec.rb b/spec/unit/facter/util/fact_icinga2_puppet_localcacert_spec.rb index c5a9004..06e5857 100644 --- a/spec/unit/facter/util/fact_icinga2_puppet_localcacert_spec.rb +++ b/spec/unit/facter/util/fact_icinga2_puppet_localcacert_spec.rb @@ -1,40 +1,42 @@ require 'spec_helper' describe Facter::Util::Fact do on_supported_os.each do |os, facts| let :facts do facts end context "#{os} icinga2_puppet_localcacert fact" do it { expect(Facter.fact(:icinga2_puppet_localcacert).value).to match(/\/ssl\/certs\/.*.pem/) } end end end describe('icinga2::feature::gelf', :type => :class) do let(:facts) do { :kernel => 'Windows', - :architecture => 'x86_64', - :osfamily => 'Windows', - :operatingsystem => 'Windows', - :operatingsystemmajrelease => '2012 R2', + :os => { + 'architecture' => 'x86_64', + 'family' => 'Windows', + 'name' => 'Windows', + 'release' => {'major' => '2012 R2'} + }, :path => 'C:\Program Files\Puppet Labs\Puppet\puppet\bin; C:\Program Files\Puppet Labs\Puppet\facter\bin; C:\Program Files\Puppet Labs\Puppet\hiera\bin; C:\Program Files\Puppet Labs\Puppet\mcollective\bin; C:\Program Files\Puppet Labs\Puppet\bin; C:\Program Files\Puppet Labs\Puppet\sys\ruby\bin; C:\Program Files\Puppet Labs\Puppet\sys\tools\bin; C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem; C:\Windows\System32\WindowsPowerShell\v1.0\; C:\ProgramData\chocolatey\bin;', } end context "Windows 2012 R2 icinga2_puppet_localcacert fact" do it { expect(Facter.fact(:icinga2_puppet_localcacert).value).to match(/\/ssl\/certs\/.*.pem/) } end end