diff --git a/examples/init_influxdb2.pp b/examples/init_influxdb2.pp new file mode 100644 index 0000000..93c415a --- /dev/null +++ b/examples/init_influxdb2.pp @@ -0,0 +1,10 @@ +class { 'icinga2': + manage_repos => true, +} + +class{ 'icinga2::feature::influxdb2': + ensure => present, + organization => 'ICINGA', + bucket => 'icinga2', + auth_token => 'supersecret', +} diff --git a/manifests/feature/influxdb.pp b/manifests/feature/influxdb.pp index ac85e4c..91b146d 100644 --- a/manifests/feature/influxdb.pp +++ b/manifests/feature/influxdb.pp @@ -1,259 +1,259 @@ # @summary # Configures the Icinga 2 feature influxdb. # # @example # class { 'icinga2::feature::influxdb': # host => "10.10.0.15", # username => "icinga2", # password => "supersecret", # database => "icinga2" # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature influxdb, absent disables it. # # @param [Optional[Stdlib::Host]] host # InfluxDB host address. # # @param [Optional[Stdlib::Port]] port # InfluxDB HTTP port. # # @param [Optional[String]] database # InfluxDB database name. # # @param [Optional[String]] username # InfluxDB user name. # # @param [Optional[String]] password # InfluxDB user password. The password parameter isn't parsed anymore. # # @param [Optional[Hash[Enum['username', 'password'], String]]] basic_auth # Username and password for HTTP basic authentication. # # @param [Optional[Boolean]] enable_ssl # Either enable or disable SSL. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Boolean]] ssl_noverify # Disable TLS peer verification. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in ssl_key_path file. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in ssl_cert_path file. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded to store in ssl_cacert_path file. # # @param [String] host_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] host_tags # Tags defined in this hash will be set in the host_template. # # @param [String] service_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] service_tags # Tags defined in this hash will be set in the service_template. # # @param [Optional[Boolean]] enable_send_thresholds # Whether to send warn, crit, min & max tagged data. # # @param [Optional[Boolean]] enable_send_metadata # Whether to send check metadata e.g. states, execution time, latency etc. # # @param [Optional[Icinga2::Interval]] flush_interval # How long to buffer data points before transfering to InfluxDB. # # @param [Optional[Integer[1]]] flush_threshold # How many data points to buffer before forcing a transfer to InfluxDB. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # class icinga2::feature::influxdb( Enum['absent', 'present'] $ensure = present, Optional[Stdlib::Host] $host = undef, Optional[Stdlib::Port] $port = undef, Optional[String] $database = undef, Optional[String] $username = undef, Optional[String] $password = undef, Optional[Hash[Enum['username', 'password'], String]] $basic_auth = undef, Optional[Boolean] $enable_ssl = undef, Optional[Boolean] $ssl_noverify = undef, Optional[Stdlib::Absolutepath] $ssl_key_path = undef, Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, Optional[Stdlib::Base64] $ssl_key = undef, Optional[Stdlib::Base64] $ssl_cert = undef, Optional[Stdlib::Base64] $ssl_cacert = undef, String $host_measurement = '$host.check_command$', Hash $host_tags = { hostname => '$host.name$' }, String $service_measurement = '$service.check_command$', Hash $service_tags = { hostname => '$host.name$', service => '$service.name$' }, Optional[Boolean] $enable_send_thresholds = undef, Optional[Boolean] $enable_send_metadata = undef, Optional[Icinga2::Interval] $flush_interval = undef, Optional[Integer[1]] $flush_threshold = undef, Optional[Boolean] $enable_ha = undef, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $user = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $ssl_dir = $::icinga2::globals::cert_dir $_ssl_key_mode = $::facts['kernel'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } File { owner => $user, group => $group, } $host_template = { measurement => $host_measurement, tags => $host_tags } $service_template = { measurement => $service_measurement, tags => $service_tags} if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { $_ssl_key_path = "${ssl_dir}/InfluxdbWriter_influxdb.key" } $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: ensure => file, mode => $_ssl_key_mode, content => $_ssl_key, tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { $_ssl_cert_path = "${ssl_dir}/InfluxdbWriter_influxdb.crt" } $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $_ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { $_ssl_cacert_path = "${ssl_dir}/InfluxdbWriter_influxdb_ca.crt" } $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $_ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } $attrs_ssl = { ssl_enable => $enable_ssl, - ssl_insecure_noverify => ssl_noverify, + ssl_insecure_noverify => $ssl_noverify, ssl_ca_cert => $_ssl_cacert_path, ssl_cert => $_ssl_cert_path, ssl_key => $_ssl_key_path, } } # enable_ssl else { $attrs_ssl = { ssl_enable => $enable_ssl } } # The password parameter isn't parsed anymore. if $password { $_password = "-:\"${password}\"" } else { $_password = undef } $attrs = { host => $host, port => $port, database => $database, username => $username, password => $_password, basic_auth => $basic_auth, host_template => $host_template, service_template => $service_template, enable_send_thresholds => $enable_send_thresholds, enable_send_metadata => $enable_send_metadata, flush_interval => $flush_interval, flush_threshold => $flush_threshold, enable_ha => $enable_ha, } # create object icinga2::object { 'icinga2::object::InfluxdbWriter::influxdb': object_name => 'influxdb', object_type => 'InfluxdbWriter', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => keys($attrs), target => "${conf_dir}/features-available/influxdb.conf", notify => $_notify, order => 10, } # import library 'perfdata' concat::fragment { 'icinga2::feature::influxdb': target => "${conf_dir}/features-available/influxdb.conf", content => "library \"perfdata\"\n\n", order => '05', } icinga2::feature { 'influxdb': ensure => $ensure, } } diff --git a/manifests/feature/influxdb.pp b/manifests/feature/influxdb2.pp similarity index 58% copy from manifests/feature/influxdb.pp copy to manifests/feature/influxdb2.pp index ac85e4c..3f7d61e 100644 --- a/manifests/feature/influxdb.pp +++ b/manifests/feature/influxdb2.pp @@ -1,259 +1,240 @@ # @summary -# Configures the Icinga 2 feature influxdb. +# Configures the Icinga 2 feature influxdb2. # # @example -# class { 'icinga2::feature::influxdb': -# host => "10.10.0.15", -# username => "icinga2", -# password => "supersecret", -# database => "icinga2" +# class { 'icinga2::feature::influxdb2': +# host => "10.10.0.15", +# organization => "ICINGA", +# bucket => "icinga2", +# auth_token => "supersecret", # } # # @param [Enum['absent', 'present']] ensure # Set to present enables the feature influxdb, absent disables it. # # @param [Optional[Stdlib::Host]] host # InfluxDB host address. # # @param [Optional[Stdlib::Port]] port # InfluxDB HTTP port. # -# @param [Optional[String]] database -# InfluxDB database name. +# @param [String] organization +# InfluxDB organization name. # -# @param [Optional[String]] username -# InfluxDB user name. +# @param [String] bucket +# InfluxDB bucket name. # -# @param [Optional[String]] password -# InfluxDB user password. The password parameter isn't parsed anymore. -# -# @param [Optional[Hash[Enum['username', 'password'], String]]] basic_auth -# Username and password for HTTP basic authentication. +# @param [String] auth_token +# InfluxDB authentication token. # # @param [Optional[Boolean]] enable_ssl # Either enable or disable SSL. Other SSL parameters are only affected if this is set to 'true'. # # @param [Optional[Boolean]] ssl_noverify # Disable TLS peer verification. # # @param [Optional[Stdlib::Absolutepath]] ssl_key_path # Location of the private key. # # @param [Optional[Stdlib::Absolutepath]] ssl_cert_path # Location of the certificate. # # @param [Optional[Stdlib::Absolutepath]] ssl_cacert_path # Location of the CA certificate. # # @param [Optional[Stdlib::Base64]] ssl_key # The private key in a base64 encoded string to store in ssl_key_path file. # # @param [Optional[Stdlib::Base64]] ssl_cert # The certificate in a base64 encoded string to store in ssl_cert_path file. # # @param [Optional[Stdlib::Base64]] ssl_cacert # The CA root certificate in a base64 encoded to store in ssl_cacert_path file. # # @param [String] host_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] host_tags # Tags defined in this hash will be set in the host_template. # # @param [String] service_measurement # The value of this is used for the measurement setting in host_template. # # @param [Hash] service_tags # Tags defined in this hash will be set in the service_template. # # @param [Optional[Boolean]] enable_send_thresholds # Whether to send warn, crit, min & max tagged data. # # @param [Optional[Boolean]] enable_send_metadata # Whether to send check metadata e.g. states, execution time, latency etc. # # @param [Optional[Icinga2::Interval]] flush_interval # How long to buffer data points before transfering to InfluxDB. # # @param [Optional[Integer[1]]] flush_threshold # How many data points to buffer before forcing a transfer to InfluxDB. # # @param [Optional[Boolean]] enable_ha # Enable the high availability functionality. Only valid in a cluster setup. # -class icinga2::feature::influxdb( - Enum['absent', 'present'] $ensure = present, - Optional[Stdlib::Host] $host = undef, - Optional[Stdlib::Port] $port = undef, - Optional[String] $database = undef, - Optional[String] $username = undef, - Optional[String] $password = undef, - Optional[Hash[Enum['username', 'password'], String]] $basic_auth = undef, - Optional[Boolean] $enable_ssl = undef, - Optional[Boolean] $ssl_noverify = undef, - Optional[Stdlib::Absolutepath] $ssl_key_path = undef, - Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, - Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, - Optional[Stdlib::Base64] $ssl_key = undef, - Optional[Stdlib::Base64] $ssl_cert = undef, - Optional[Stdlib::Base64] $ssl_cacert = undef, - String $host_measurement = '$host.check_command$', - Hash $host_tags = { hostname => '$host.name$' }, - String $service_measurement = '$service.check_command$', - Hash $service_tags = { hostname => '$host.name$', service => '$service.name$' }, - Optional[Boolean] $enable_send_thresholds = undef, - Optional[Boolean] $enable_send_metadata = undef, - Optional[Icinga2::Interval] $flush_interval = undef, - Optional[Integer[1]] $flush_threshold = undef, - Optional[Boolean] $enable_ha = undef, +class icinga2::feature::influxdb2( + String $organization, + String $bucket, + String $auth_token, + Enum['absent', 'present'] $ensure = present, + Optional[Stdlib::Host] $host = undef, + Optional[Stdlib::Port] $port = undef, + Optional[Boolean] $enable_ssl = undef, + Optional[Boolean] $ssl_noverify = undef, + Optional[Stdlib::Absolutepath] $ssl_key_path = undef, + Optional[Stdlib::Absolutepath] $ssl_cert_path = undef, + Optional[Stdlib::Absolutepath] $ssl_cacert_path = undef, + Optional[Stdlib::Base64] $ssl_key = undef, + Optional[Stdlib::Base64] $ssl_cert = undef, + Optional[Stdlib::Base64] $ssl_cacert = undef, + String $host_measurement = '$host.check_command$', + Hash $host_tags = { hostname => '$host.name$' }, + String $service_measurement = '$service.check_command$', + Hash $service_tags = { hostname => '$host.name$', service => '$service.name$' }, + Optional[Boolean] $enable_send_thresholds = undef, + Optional[Boolean] $enable_send_metadata = undef, + Optional[Icinga2::Interval] $flush_interval = undef, + Optional[Integer[1]] $flush_threshold = undef, + Optional[Boolean] $enable_ha = undef, ) { if ! defined(Class['::icinga2']) { fail('You must include the icinga2 base class before using any icinga2 feature class!') } $user = $::icinga2::globals::user $group = $::icinga2::globals::group $conf_dir = $::icinga2::globals::conf_dir $ssl_dir = $::icinga2::globals::cert_dir $_ssl_key_mode = $::facts['kernel'] ? { 'windows' => undef, default => '0600', } $_notify = $ensure ? { 'present' => Class['::icinga2::service'], default => undef, } File { owner => $user, group => $group, } $host_template = { measurement => $host_measurement, tags => $host_tags } $service_template = { measurement => $service_measurement, tags => $service_tags} if $enable_ssl { # Set defaults for certificate stuff if $ssl_key { if $ssl_key_path { $_ssl_key_path = $ssl_key_path } else { - $_ssl_key_path = "${ssl_dir}/InfluxdbWriter_influxdb.key" + $_ssl_key_path = "${ssl_dir}/Influxdb2Writer_influxdb2.key" } $_ssl_key = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'), default => $ssl_key, } file { $_ssl_key_path: ensure => file, mode => $_ssl_key_mode, content => $_ssl_key, tag => 'icinga2::config::file', } } else { $_ssl_key_path = $ssl_key_path } if $ssl_cert { if $ssl_cert_path { $_ssl_cert_path = $ssl_cert_path } else { - $_ssl_cert_path = "${ssl_dir}/InfluxdbWriter_influxdb.crt" + $_ssl_cert_path = "${ssl_dir}/Influxdb2Writer_influxdb2.crt" } $_ssl_cert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cert, '\n', "\r\n", 'EMG'), default => $ssl_cert, } file { $_ssl_cert_path: ensure => file, content => $_ssl_cert, tag => 'icinga2::config::file', } } else { $_ssl_cert_path = $ssl_cert_path } if $ssl_cacert { if $ssl_cacert_path { $_ssl_cacert_path = $ssl_cacert_path } else { - $_ssl_cacert_path = "${ssl_dir}/InfluxdbWriter_influxdb_ca.crt" + $_ssl_cacert_path = "${ssl_dir}/Influxdb2Writer_influxdb2_ca.crt" } $_ssl_cacert = $::facts['os']['family'] ? { 'windows' => regsubst($ssl_cacert, '\n', "\r\n", 'EMG'), default => $ssl_cacert, } file { $_ssl_cacert_path: ensure => file, content => $_ssl_cacert, tag => 'icinga2::config::file', } } else { $_ssl_cacert_path = $ssl_cacert_path } $attrs_ssl = { ssl_enable => $enable_ssl, - ssl_insecure_noverify => ssl_noverify, + ssl_insecure_noverify => $ssl_noverify, ssl_ca_cert => $_ssl_cacert_path, ssl_cert => $_ssl_cert_path, ssl_key => $_ssl_key_path, } } # enable_ssl else { $attrs_ssl = { ssl_enable => $enable_ssl } } - # The password parameter isn't parsed anymore. - if $password { - $_password = "-:\"${password}\"" - } else { - $_password = undef - } - $attrs = { host => $host, port => $port, - database => $database, - username => $username, - password => $_password, - basic_auth => $basic_auth, + organization => $organization, + bucket => $bucket, + auth_token => "-:\"${auth_token}\"", host_template => $host_template, service_template => $service_template, enable_send_thresholds => $enable_send_thresholds, enable_send_metadata => $enable_send_metadata, flush_interval => $flush_interval, flush_threshold => $flush_threshold, enable_ha => $enable_ha, } # create object - icinga2::object { 'icinga2::object::InfluxdbWriter::influxdb': - object_name => 'influxdb', - object_type => 'InfluxdbWriter', + icinga2::object { 'icinga2::object::Influxdb2Writer::influxdb2': + object_name => 'influxdb2', + object_type => 'Influxdb2Writer', attrs => delete_undef_values(merge($attrs, $attrs_ssl)), attrs_list => keys($attrs), - target => "${conf_dir}/features-available/influxdb.conf", + target => "${conf_dir}/features-available/influxdb2.conf", notify => $_notify, order => 10, } - # import library 'perfdata' - concat::fragment { 'icinga2::feature::influxdb': - target => "${conf_dir}/features-available/influxdb.conf", - content => "library \"perfdata\"\n\n", - order => '05', - } - - icinga2::feature { 'influxdb': + icinga2::feature { 'influxdb2': ensure => $ensure, } } diff --git a/spec/classes/influxdb2_spec.rb b/spec/classes/influxdb2_spec.rb new file mode 100644 index 0000000..b828293 --- /dev/null +++ b/spec/classes/influxdb2_spec.rb @@ -0,0 +1,145 @@ +require 'spec_helper' + +describe('icinga2::feature::influxdb2', type: :class) do + let(:pre_condition) do + [ + "class { 'icinga2': features => [], constants => {'NodeName' => 'host.example.org'} }", + ] + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts + end + + case facts[:kernel] + when 'windows' + let(:icinga2_conf_dir) { 'C:/ProgramData/icinga2/etc/icinga2' } + let(:icinga2_pki_dir) { 'C:/ProgramData/icinga2/var/lib/icinga2/certs' } + let(:icinga2_sslkey_mode) { nil } + let(:icinga2_user) { nil } + let(:icinga2_group) { nil } + when 'FreeBSD' + let(:icinga2_conf_dir) { '/usr/local/etc/icinga2' } + let(:icinga2_pki_dir) { '/var/lib/icinga2/certs' } + let(:icinga2_sslkey_mode) { '0600' } + let(:icinga2_user) { 'icinga' } + let(:icinga2_group) { 'icinga' } + else + let(:icinga2_conf_dir) { '/etc/icinga2' } + let(:icinga2_pki_dir) { '/var/lib/icinga2/certs' } + let(:icinga2_sslkey_mode) { '0600' } + case facts[:os]['family'] + when 'Debian' + let(:icinga2_user) { 'nagios' } + let(:icinga2_group) { 'nagios' } + else + let(:icinga2_user) { 'icinga' } + let(:icinga2_group) { 'icinga' } + end + end + + context "with all defaults" do + let(:params) do + { + organization: 'ICINGA', + bucket: 'icinga2', + auth_token: 'supersecret', + } + end + + it { is_expected.to contain_icinga2__feature('influxdb2').with({ 'ensure' => 'present' }) } + + it { + is_expected.to contain_concat__fragment('icinga2::object::Influxdb2Writer::influxdb2').with( + { 'target' => "#{icinga2_conf_dir}/features-available/influxdb2.conf" }, + ).that_notifies('Class[icinga2::service]') + } + end + + context 'with ensure => absent' do + let(:params) do + { + ensure: 'absent', + organization: 'ICINGA', + bucket: 'icinga2', + auth_token: 'supersecret', + } + end + + it { is_expected.to contain_icinga2__feature('influxdb2').with({ 'ensure' => 'absent' }) } + end + + context "with enable_ssl = true, ssl_key => 'foo', ssl_cert => 'bar', ssl_cacert => 'baz'" do + let(:params) do + { + ensure: 'absent', + organization: 'ICINGA', + bucket: 'icinga2', + auth_token: 'supersecret', + enable_ssl: true, + ssl_key: 'foo', + ssl_cert: 'bar', + ssl_cacert: 'baz', + } + end + + it { + is_expected.to contain_file("#{icinga2_pki_dir}/Influxdb2Writer_influxdb2.key").with( + { + 'owner' => icinga2_user, + 'group' => icinga2_group, + 'mode' => icinga2_sslkey_mode, + }, + ).with_content(%r{^foo$}) + } + + it { + is_expected.to contain_file("#{icinga2_pki_dir}/Influxdb2Writer_influxdb2.crt").with( + { + 'owner' => icinga2_user, + 'group' => icinga2_group, + }, + ).with_content(%r{^bar$}) + } + + it { + is_expected.to contain_file("#{icinga2_pki_dir}/Influxdb2Writer_influxdb2_ca.crt").with( + { + 'owner' => icinga2_user, + 'group' => icinga2_group, + }, + ).with_content(%r{^baz$}) + } + end + + context 'with enable_ssl = true, ssl_key_path, ssl_cert_path and ssl_cacert_path set' do + let(:params) do + { + ensure: 'absent', + organization: 'ICINGA', + bucket: 'icinga2', + auth_token: 'supersecret', + enable_ssl: true, + ssl_key_path: "#{icinga2_pki_dir}/Influxdb2Writer_influxdb2.key", + ssl_cert_path: "#{icinga2_pki_dir}/Influxdb2Writer_influxdb2.crt", + ssl_cacert_path: "#{icinga2_pki_dir}/Influxdb2Writer_influxdb2_ca.crt", + } + end + + it { + is_expected.to contain_concat__fragment('icinga2::object::Influxdb2Writer::influxdb2').with_content(%r{ssl_key = "#{icinga2_pki_dir}/Influxdb2Writer_influxdb2.key"}) + } + + it { + is_expected.to contain_concat__fragment('icinga2::object::Influxdb2Writer::influxdb2').with_content(%r{ssl_cert = "#{icinga2_pki_dir}/Influxdb2Writer_influxdb2.crt"}) + } + + it { + is_expected.to contain_concat__fragment('icinga2::object::Influxdb2Writer::influxdb2').with_content(%r{ssl_ca_cert = "#{icinga2_pki_dir}/Influxdb2Writer_influxdb2_ca.crt"}) + } + end + end + end +end