fix #15 Add new class to manage Icinga Web 2

voxpupuli · Apr 22, 2021 · 24b342c · 24b342c
1 parent d91eefc
commit 24b342c
Show file tree

Hide file tree

Showing 4 changed files with 286 additions and 54 deletions.
diff --git a/manifests/database.pp b/manifests/database.pp
@@ -0,0 +1,62 @@
+# @summary
+#   Private define resource for database backends.
+#
+# @api private
+#
+define icinga::database(
+  Enum['mysql','pgsql']  $db_type,
+  Array[Stdlib::Host]    $access_instances,
+  String                 $db_pass,
+  String                 $db_name,
+  String                 $db_user,
+  Array[String]          $mysql_privileges,
+) {
+
+  if $db_type == 'pgsql' {
+    include ::postgresql::server
+
+    postgresql::server::db { $db_name:
+      user     => $db_user,
+      password => postgresql::postgresql_password($db_user, $db_pass),
+    }
+
+    $access_instances.each |$host| {
+
+      if $host =~ Stdlib::IP::Address::V4 {
+        $_net = '/32'
+      } elsif $host =~ Stdlib::IP::Address::V6 {
+        $_net = '/128'
+      } else {
+        $_net = ''
+      }
+
+      ::postgresql::server::pg_hba_rule { "${db_user}@${host}":
+        type        => 'host',
+        database    => $db_name,
+        user        => $db_user,
+        auth_method => 'md5',
+        address     => "${host}${_net}",
+      }
+    }
+  } else {
+    include ::mysql::server
+
+    mysql::db { $db_name:
+      host     => $access_instances[0],
+      user     => $db_user,
+      password => $db_pass,
+      grant    => $mysql_privileges,
+    }
+
+    delete_at($access_instances,0).each |$host| {
+      mysql_user { "${db_user}@${host}":
+        password_hash => mysql::password($db_pass),
+      }
+      mysql_grant { "${db_user}@${host}/${db_name}.*":
+        user          => "${db_user}@${host}",
+        table         => "${db_name}.*",
+        privileges    => $mysql_privileges,
+      }
+    }
+  }
+}
diff --git a/manifests/ido.pp b/manifests/ido.pp
@@ -34,12 +34,12 @@
 
   if $manage_database {
     class { '::icinga::ido::database':
-      db_type       => $db_type,
-      db_name       => $db_name,
-      db_user       => $db_user,
-      db_pass       => $db_pass,
-      ido_instances => [ 'localhost' ],
-      before        => Class["icinga2::feature::ido${db_type}"],
+      db_type          => $db_type,
+      db_name          => $db_name,
+      db_user          => $db_user,
+      db_pass          => $db_pass,
+      access_instances => [ 'localhost' ],
+      before           => Class["icinga2::feature::ido${db_type}"],
     }
    $_db_host = 'localhost'
   } else {
@@ -87,57 +87,19 @@
 
 class icinga::ido::database(
   Enum['mysql','pgsql']  $db_type,
-  Array[Stdlib::Host]    $ido_instances,
+  Array[Stdlib::Host]    $access_instances,
   String                 $db_pass,
   String                 $db_name       = 'icinga2',
   String                 $db_user       = 'icinga2',
 ) {
 
-  if $db_type == 'pgsql' {
-    include ::postgresql::server
-
-    postgresql::server::db { $db_name:
-      user     => $db_user,
-      password => postgresql::postgresql_password($db_user, $db_pass),
-    }
-
-    $ido_instances.each |$ido_host| {
-
-      if $ido_host =~ Stdlib::IP::Address::V4 {
-        $_net = '/32'
-      } elsif $ido_host =~ Stdlib::IP::Address::V6 {
-        $_net = '/128'
-      } else {
-        $_net = ''
-      }
-
-      ::postgresql::server::pg_hba_rule { "${db_user}@${ido_host}":
-        type        => 'host',
-        database    => $db_name,
-        user        => $db_user,
-        auth_method => 'md5',
-        address     => "${ido_host}${_net}",
-      }
-    }
-  } else {
-    include ::mysql::server
-
-    mysql::db { $db_name:
-      host     => $ido_instances[0],
-      user     => $db_user,
-      password => $db_pass,
-      grant    => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'ALTER', 'INDEX', 'EXECUTE'],
-    }
-
-    delete_at($ido_instances,0).each |$ido_host| {
-      mysql_user { "${db_user}@${ido_host}":
-        password_hash => mysql::password($db_pass),
-      }
-      mysql_grant { "${db_user}@${ido_host}/${db_name}.*":
-        user          => "${db_user}@${ido_host}",
-        table         => "${db_name}.*",
-        privileges    => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'ALTER', 'INDEX', 'EXECUTE'],
-      }
-    }
+  ::icinga::database { "$db_type-$db_name":
+    db_type          => $db_type,
+    db_name          => $db_name,
+    db_user          => $db_user,
+    db_pass          => $db_pass,
+    access_instances => $access_instances,
+    mysql_privileges => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'ALTER', 'INDEX', 'EXECUTE'],
   }
+
 }
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -17,16 +17,20 @@
 # @param [Array[String]] global_zones
 #   List of global zones to configure.
 #
-# @param [Optional[Stdlib:Host]] ca_server
+# @param [Optional[Stdlib::Host]] ca_server
 #   The CA to send the certificate request to.
 #
+# @param [Optional[String]] ticket_salt
+#   Set an alternate ticket salt to icinga::ticket_salt from Hiera.
+#
 class icinga::server(
   Boolean                 $ca                   = false,
   Boolean                 $config_server        = false,
   String                  $zone                 = 'main',
   Hash[String,Hash]       $colocation_endpoints = {},
   Array[String]           $global_zones         = [],
   Optional[Stdlib::Host]  $ca_server            = undef,
+  Optional[String]        $ticket_salt          = undef,
 ) {
 
   if empty($colocation_endpoints) {
@@ -47,6 +51,7 @@
     zones       => {
       'ZoneName' => { 'endpoints' => { 'NodeName' => {}} + $colocation_endpoints },
     },
+    ticket_salt  => $ticket_salt,
   }
 
   ::icinga2::object::zone { $global_zones:

diff --git a/manifests/web.pp b/manifests/web.pp
@@ -0,0 +1,203 @@
+class icinga::web(
+  String                                 $db_pass,
+  String                                 $api_pass,
+  String                                 $backend_db_pass,
+  Enum['mysql', 'pgsql']                 $db_type          = 'mysql',
+  Stdlib::Host                           $db_host          = 'localhost',
+  Optional[Stdlib::Port::Unprivileged]   $db_port          = undef,
+  String                                 $db_name          = 'icingaweb2',
+  String                                 $db_user          = 'icingaweb2',
+  Boolean                                $manage_database  = false,
+  String                                 $api_user         = 'icingaweb2',
+  Enum['mysql', 'pgsql']                 $backend_db_type  = 'mysql',
+  Stdlib::Host                           $backend_db_host  = 'localhost',
+  Optional[Stdlib::Port::Unprivileged]   $backend_db_port  = undef,
+  String                                 $backend_db_name  = 'icinga2',
+  String                                 $backend_db_user  = 'icinga2',
+) {
+
+  unless $backend_db_port {
+    $_backend_db_port = $backend_db_type ? {
+      'pgsql' => 5432,
+      default => 3306,
+    }
+  } else {
+    $_backend_db_port = $backend_db_port
+  }
+
+  unless $db_port {
+    $_db_port = $db_type ? {
+      'pgsql' => 5432,
+      default => 3306,
+    }
+  } else {
+    $_db_port = $db_port
+  }
+
+  #
+  # Platform
+  #
+  case $::osfamily {
+    'redhat': {
+      $php_globals    = {}
+      $php_extensions = {
+        mbstring => { ini_prefix => '20-' },
+        json     => { ini_prefix => '20-' },
+        ldap     => { ini_prefix => '20-' },
+        gd       => { ini_prefix => '20-' },
+        xml      => { ini_prefix => '20-' },
+        intl     => { ini_prefix => '20-' },
+        mysqlnd  => { ini_prefix => '20-' },
+        pgsql    => { ini_prefix => '20-' },
+      }
+    } # RedHat
+
+    'debian': {
+      $php_globals    = {}
+      $php_extensions = {
+        mbstring => {},
+        json     => {},
+        ldap     => {},
+        gd       => {},
+        xml      => {},
+        intl     => {},
+        mysql    => {},
+        pgsql    => {},
+      }
+    } # Debian
+
+    default: {
+      fail("'Your operatingsystem ${::operatingsystem} is not supported.'")
+    }
+  }
+
+  #
+  # PHP
+  #
+  class { '::php::globals':
+    * => $php_globals,
+  }
+
+  class { '::php':
+    ensure        => installed,
+    manage_repos  => false,
+    apache_config => false,
+    fpm           => true,
+    extensions    => $php_extensions,
+    dev           => false,
+    composer      => false,
+    pear          => false,
+    phpunit       => false,
+    require       => Class['::php::globals'],
+  }
+
+  #
+  # Apache
+  #
+  $manage_package = false
+
+  Package['icingaweb2']
+    -> Class['apache']
+
+  package { 'icingaweb2':
+    ensure => installed,
+  }
+
+  class { '::apache':
+    default_mods  => false,
+    default_vhost => false,
+    mpm_module    => 'worker',
+  }
+
+  apache::listen { '80': }
+
+  $web_conf_user = $::apache::user
+
+  include ::apache::mod::alias
+  include ::apache::mod::status
+  include ::apache::mod::dir
+  include ::apache::mod::env
+  include ::apache::mod::rewrite
+  include ::apache::mod::proxy
+  include ::apache::mod::proxy_fcgi
+
+  apache::custom_config { 'icingaweb2':
+    ensure        => present,
+    source        => 'puppet:///modules/icingaweb2/examples/apache2/for-mod_proxy_fcgi.conf',
+    verify_config => false,
+    priority      => false,
+  }
+
+  #
+  # Database
+  #
+  if $manage_database {
+    class { '::icinga::web::database':
+      db_type          => $db_type,
+      db_name          => $db_name,
+      db_user          => $db_user,
+      db_pass          => $db_pass,
+      access_instances => [ 'localhost' ],
+      before           => Class['icingaweb2'],
+    }
+    $_db_host = 'localhost'
+  } else {
+   if $db_type != 'pgsql' {
+     include ::mysql::client
+   } else {
+     include ::postgresql::client
+   }
+   $_db_host = $db_host
+  }
+
+  #
+  # Icinga Web 2
+  #
+  class { 'icingaweb2':
+    db_type        => $db_type,
+    db_host        => $_db_host,
+    db_port        => $_db_port,
+    db_name        => $db_name,
+    db_username    => $db_user,
+    db_password    => $db_pass,
+    import_schema  => true,
+    config_backend => 'db',
+    conf_user      => $web_conf_user,
+    manage_package => $manage_package,
+  }
+
+  class { '::icingaweb2::module::monitoring':
+    ido_type          => $backend_db_type,
+    ido_host          => $backend_db_host,
+    ido_port          => $_backend_db_port,
+    ido_db_name       => $backend_db_name,
+    ido_db_username   => $backend_db_user,
+    ido_db_password   => $backend_db_pass,
+    commandtransports => {
+      'icinga2' => {
+        transport => 'api',
+        username  => $api_user,
+        password  => $api_pass,
+      }
+    },
+  }
+
+}
+
+class icinga::web::database(
+  Enum['mysql','pgsql']  $db_type,
+  Array[Stdlib::Host]    $access_instances,
+  String                 $db_pass,
+  String                 $db_name       = 'icingaweb2',
+  String                 $db_user       = 'icingaweb2',
+) {
+
+  ::icinga::database { "$db_type-$db_name":
+    db_type             => $db_type,
+    db_name             => $db_name,
+    db_user             => $db_user,
+    db_pass             => $db_pass,
+    access_instances    => $access_instances,
+    mysql_privileges    => ['ALL'],
+  }
+}