diff --git a/Puppetfile b/Puppetfile index 34fa5dcd..fa9085d9 100644 --- a/Puppetfile +++ b/Puppetfile @@ -1,181 +1,181 @@ mod 'dar', :git => 'https://forge.softwareheritage.org/source/puppet-swh-dar', :branch => :control_branch, :default_branch => 'master' mod 'gunicorn', :git => 'https://forge.softwareheritage.org/source/puppet-swh-gunicorn', :branch => :control_branch, :default_branch => 'master' mod 'mediawiki', :git => 'https://forge.softwareheritage.org/source/puppet-swh-mediawiki', :branch => :control_branch, :default_branch => 'master' mod 'postfix', :git => 'https://forge.softwareheritage.org/source/puppet-swh-postfix', :branch => :control_branch, :default_branch => 'master' mod 'uwsgi', :git => 'https://forge.softwareheritage.org/source/puppet-swh-uwsgi', :branch => :control_branch, :default_branch => 'master' mod 'apt', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-apt', :tag => 'v7.0.1' mod 'archive', :git => 'https://forge.softwareheritage.org/source/puppet-puppet-archive', :tag => 'v2.3.0' mod 'bind', :git => 'https://forge.softwareheritage.org/source/puppet-inkblot-bind', :ref => '7.3.1' mod 'apache', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-apache', :tag => '3.0.0' mod 'ceph', :git => 'https://forge.softwareheritage.org/source/puppet-openstack-ceph', :ref => 'master' mod 'concat', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-concat', :tag => '3.0.0' mod 'cups', :git => 'https://forge.softwareheritage.org/source/puppet-mosen-cups', :ref => 'master' mod 'debconf', :git => 'https://forge.softwareheritage.org/source/puppet-stm-debconf', :ref => 'v2.1.0' mod 'debnet', :git => 'https://forge.softwareheritage.org/source/puppet-trepasi-debnet', :ref => 'v1.5.2' mod 'extlib', :git => 'https://forge.softwareheritage.org/source/puppet-puppet-extlib', :tag => 'v2.0.1' mod 'grafana', :git => 'https://forge.softwareheritage.org/source/puppet-puppet-grafana', :tag => 'v6.0.0' mod 'hitch', :git => 'https://forge.softwareheritage.org/source/puppet-ssm-hitch', :ref => 'feature/additional-config' mod 'icinga2', :git => 'https://forge.softwareheritage.org/source/puppet-icinga-icinga2', - :tag => 'v2.1.1' + :tag => 'v1.3.5' mod 'icingaweb2', :git => 'https://forge.softwareheritage.org/source/puppet-icinga-icingaweb2', :tag => 'v2.1.0' mod 'inifile', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-inifile', :ref => '2.2.0' mod 'java', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-java', :tag => '2.4.0' mod 'kafka', :git => 'https://forge.softwareheritage.org/source/puppet-puppet-kafka', :ref => 'v5.0.0' mod 'letsencrypt', :git => 'https://forge.softwareheritage.org/source/puppet-puppet-letsencrypt', :ref => 'v4.0.0' mod 'locales', :git => 'https://forge.softwareheritage.org/source/puppet-saz-locales', :ref => 'v2.5.0' mod 'munin', :git => 'https://forge.softwareheritage.org/source/puppet-ssm-munin', :ref => '0.1.0' mod 'mysql', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-mysql', :ref => '5.3.0' mod 'nginx', :git => 'https://forge.softwareheritage.org/source/puppet-puppet-nginx', :ref => 'v0.11.0' mod 'ntp', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-ntp', :ref => '6.4.1' mod 'php', :git => 'https://forge.softwareheritage.org/source/puppet-puppet-php', :ref => 'v5.3.0' mod 'postgresql', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-postgresql', :ref => '5.3.0' mod 'pgbouncer', :git => 'https://forge.softwareheritage.org/source/puppet-covermymeds-pgbouncer', :ref => '9ec0d8a1255bbb309c2ff38f229167209cad496b' mod 'puppet', :git => 'https://forge.softwareheritage.org/source/puppet-theforeman-puppet', :tag => '8.2.0' mod 'puppetdb', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-puppetdb', :ref => '6.0.2' mod 'memcached', :git => 'https://forge.softwareheritage.org/source/puppet-saz-memcached', :ref => 'v3.1.0' mod 'resolv_conf', :git => 'https://forge.softwareheritage.org/source/puppet-saz-resolv_conf', :ref => 'v3.3.0' mod 'ssh', :git => 'https://forge.softwareheritage.org/source/puppet-saz-ssh', :ref => 'v3.0.1' mod 'stdlib', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-stdlib', :ref => '4.25.0' mod 'sudo', :git => 'https://forge.softwareheritage.org/source/puppet-saz-sudo', :ref => 'v5.0.0' mod 'systemd', :git => 'https://forge.softwareheritage.org/source/puppet-camptocamp-systemd', :ref => '1.1.1' mod 'timezone', :git => 'https://forge.softwareheritage.org/source/puppet-saz-timezone', :ref => 'v4.1.1' mod 'unattended_upgrades', :git => 'https://forge.softwareheritage.org/source/puppet-puppet-unattended_upgrades', :ref => 'v3.1.0' mod 'varnish', :git => 'https://forge.softwareheritage.org/source/puppet-claranet-varnish', :ref => '5.0.0' mod 'vcsrepo', :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-vcsrepo', :ref => '2.3.0' mod 'zookeeper', :git => 'https://forge.softwareheritage.org/source/puppet-deric-zookeeper', :ref => 'v0.7.7' diff --git a/site-modules/profile/manifests/icinga2/agent.pp b/site-modules/profile/manifests/icinga2/agent.pp index a5d6c8e5..c45e2e15 100644 --- a/site-modules/profile/manifests/icinga2/agent.pp +++ b/site-modules/profile/manifests/icinga2/agent.pp @@ -1,79 +1,78 @@ # Icinga2 agent configuration class profile::icinga2::agent { $features = lookup('icinga2::features') $icinga2_network = lookup('icinga2::network') $hiera_host_vars = lookup('icinga2::host::vars', Hash, 'deep') $parent_zone = lookup('icinga2::parent_zone') $parent_endpoints = lookup('icinga2::parent_endpoints') include profile::icinga2::objects::agent_checks $check_mounts = $::mounts.filter |$mount| { $mount !~ /^\/srv\/containers\// and $mount !~ /^\/var\/lib\/docker\/overlay2\// } $local_host_vars = { disks => hash(flatten( $check_mounts.map |$mount| { ["disk ${mount}", {disk_partitions => $mount}] }, )), plugins => keys($profile::icinga2::objects::agent_checks::plugins), } class {'::icinga2': confd => true, features => $features, } class { '::icinga2::feature::api': - pki => 'puppet', accept_config => true, accept_commands => true, zones => { 'ZoneName' => { endpoints => ['NodeName'], parent => $parent_zone, }, }, } create_resources('::icinga2::object::endpoint', $parent_endpoints) ::icinga2::object::zone {$parent_zone: endpoints => keys($parent_endpoints), } @@::icinga2::object::endpoint {$::fqdn: host => ip_for_network($icinga2_network), target => "/etc/icinga2/zones.d/${parent_zone}/${::fqdn}.conf", } @@::icinga2::object::zone {$::fqdn: endpoints => [$::fqdn], parent => $parent_zone, target => "/etc/icinga2/zones.d/${parent_zone}/${::fqdn}.conf", } @@::icinga2::object::host {$::fqdn: address => ip_for_network($icinga2_network), display_name => $::fqdn, check_command => 'hostalive', vars => deep_merge($local_host_vars, $hiera_host_vars), target => "/etc/icinga2/zones.d/${parent_zone}/${::fqdn}.conf", } icinga2::object::zone { 'global-templates': global => true, } file {['/etc/icinga2/conf.d']: ensure => directory, owner => 'nagios', group => 'nagios', mode => '0755', purge => true, recurse => true, tag => 'icinga2::config::file', } } diff --git a/site-modules/profile/manifests/icinga2/master.pp b/site-modules/profile/manifests/icinga2/master.pp index 47045cea..acb6f369 100644 --- a/site-modules/profile/manifests/icinga2/master.pp +++ b/site-modules/profile/manifests/icinga2/master.pp @@ -1,102 +1,101 @@ # An icinga master host class profile::icinga2::master { $zonename = lookup('icinga2::master::zonename') $features = lookup('icinga2::features') $icinga2_network = lookup('icinga2::network') $hiera_host_vars = lookup('icinga2::host::vars', Hash, 'deep') $icinga2_db_username = lookup('icinga2::master::db::username') $icinga2_db_password = lookup('icinga2::master::db::password') $icinga2_db_database = lookup('icinga2::master::db::database') include profile::icinga2::objects include profile::icinga2::objects::agent_checks $local_host_vars = { disks => hash(flatten( $::mounts.map |$mount| { ["disk ${mount}", {disk_partitions => $mount}] }, )), plugins => keys($profile::icinga2::objects::agent_checks::plugins), } include ::postgresql::server ::postgresql::server::db {$icinga2_db_database: user => $icinga2_db_username, password => postgresql_password($icinga2_db_username, $icinga2_db_password) } class {'::icinga2': confd => true, features => $features, constants => { 'ZoneName' => $zonename, }, } class { '::icinga2::feature::api': - pki => 'puppet', accept_commands => true, zones => {}, endpoints => {}, } class { '::icinga2::feature::idopgsql': user => $icinga2_db_username, password => $icinga2_db_password, database => $icinga2_db_database, import_schema => true, require => Postgresql::Server::Db[$icinga2_db_database], } @@::icinga2::object::endpoint {$::fqdn: target => "/etc/icinga2/zones.d/${zonename}/${::fqdn}.conf", } @@::icinga2::object::zone {$zonename: endpoints => [$::fqdn], target => "/etc/icinga2/zones.d/${zonename}/${::fqdn}.conf", } @@::icinga2::object::host {$::fqdn: address => ip_for_network($icinga2_network), display_name => $::fqdn, check_command => 'hostalive', vars => deep_merge($local_host_vars, $hiera_host_vars), target => "/etc/icinga2/zones.d/${zonename}/${::fqdn}.conf", } ::Icinga2::Object::Host <<| |>> ::Icinga2::Object::Endpoint <<| |>> ::Icinga2::Object::Zone <<| |>> ::icinga2::object::zone { 'global-templates': global => true, } file {[ '/etc/icinga2/zones.d/global-templates', "/etc/icinga2/zones.d/${zonename}", ]: ensure => directory, owner => 'nagios', group => 'nagios', mode => '0755', tag => 'icinga2::config::file', recurse => true, purge => true, } file {'/etc/icinga2/conf.d': ensure => directory, owner => 'nagios', group => 'nagios', mode => '0755', purge => true, recurse => true, tag => 'icinga2::config::file', } }