diff --git a/manifests/database.pp b/manifests/database.pp new file mode 100644 index 0000000..b0e4291 --- /dev/null +++ b/manifests/database.pp @@ -0,0 +1,62 @@ +# @summary +# Private define resource for database backends. +# +# @api private +# +define icinga::database( + Enum['mysql','pgsql'] $db_type, + Array[Stdlib::Host] $access_instances, + String $db_pass, + String $db_name, + String $db_user, + Array[String] $mysql_privileges, +) { + + if $db_type == 'pgsql' { + include ::postgresql::server + + postgresql::server::db { $db_name: + user => $db_user, + password => postgresql::postgresql_password($db_user, $db_pass), + } + + $access_instances.each |$host| { + + if $host =~ Stdlib::IP::Address::V4 { + $_net = '/32' + } elsif $host =~ Stdlib::IP::Address::V6 { + $_net = '/128' + } else { + $_net = '' + } + + ::postgresql::server::pg_hba_rule { "${db_user}@${host}": + type => 'host', + database => $db_name, + user => $db_user, + auth_method => 'md5', + address => "${host}${_net}", + } + } + } else { + include ::mysql::server + + mysql::db { $db_name: + host => $access_instances[0], + user => $db_user, + password => $db_pass, + grant => $mysql_privileges, + } + + delete_at($access_instances,0).each |$host| { + mysql_user { "${db_user}@${host}": + password_hash => mysql::password($db_pass), + } + mysql_grant { "${db_user}@${host}/${db_name}.*": + user => "${db_user}@${host}", + table => "${db_name}.*", + privileges => $mysql_privileges, + } + } + } +} diff --git a/manifests/ido.pp b/manifests/ido.pp index ce784f0..feb7104 100644 --- a/manifests/ido.pp +++ b/manifests/ido.pp @@ -34,12 +34,12 @@ if $manage_database { class { '::icinga::ido::database': - db_type => $db_type, - db_name => $db_name, - db_user => $db_user, - db_pass => $db_pass, - ido_instances => [ 'localhost' ], - before => Class["icinga2::feature::ido${db_type}"], + db_type => $db_type, + db_name => $db_name, + db_user => $db_user, + db_pass => $db_pass, + access_instances => [ 'localhost' ], + before => Class["icinga2::feature::ido${db_type}"], } $_db_host = 'localhost' } else { @@ -87,57 +87,19 @@ class icinga::ido::database( Enum['mysql','pgsql'] $db_type, - Array[Stdlib::Host] $ido_instances, + Array[Stdlib::Host] $access_instances, String $db_pass, String $db_name = 'icinga2', String $db_user = 'icinga2', ) { - if $db_type == 'pgsql' { - include ::postgresql::server - - postgresql::server::db { $db_name: - user => $db_user, - password => postgresql::postgresql_password($db_user, $db_pass), - } - - $ido_instances.each |$ido_host| { - - if $ido_host =~ Stdlib::IP::Address::V4 { - $_net = '/32' - } elsif $ido_host =~ Stdlib::IP::Address::V6 { - $_net = '/128' - } else { - $_net = '' - } - - ::postgresql::server::pg_hba_rule { "${db_user}@${ido_host}": - type => 'host', - database => $db_name, - user => $db_user, - auth_method => 'md5', - address => "${ido_host}${_net}", - } - } - } else { - include ::mysql::server - - mysql::db { $db_name: - host => $ido_instances[0], - user => $db_user, - password => $db_pass, - grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'ALTER', 'INDEX', 'EXECUTE'], - } - - delete_at($ido_instances,0).each |$ido_host| { - mysql_user { "${db_user}@${ido_host}": - password_hash => mysql::password($db_pass), - } - mysql_grant { "${db_user}@${ido_host}/${db_name}.*": - user => "${db_user}@${ido_host}", - table => "${db_name}.*", - privileges => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'ALTER', 'INDEX', 'EXECUTE'], - } - } + ::icinga::database { "$db_type-$db_name": + db_type => $db_type, + db_name => $db_name, + db_user => $db_user, + db_pass => $db_pass, + access_instances => $access_instances, + mysql_privileges => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'ALTER', 'INDEX', 'EXECUTE'], } + } diff --git a/manifests/server.pp b/manifests/server.pp index 2b2299b..e9f59fa 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -17,9 +17,12 @@ # @param [Array[String]] global_zones # List of global zones to configure. # -# @param [Optional[Stdlib:Host]] ca_server +# @param [Optional[Stdlib::Host]] ca_server # The CA to send the certificate request to. # +# @param [Optional[String]] ticket_salt +# Set an alternate ticket salt to icinga::ticket_salt from Hiera. +# class icinga::server( Boolean $ca = false, Boolean $config_server = false, @@ -27,6 +30,7 @@ Hash[String,Hash] $colocation_endpoints = {}, Array[String] $global_zones = [], Optional[Stdlib::Host] $ca_server = undef, + Optional[String] $ticket_salt = undef, ) { if empty($colocation_endpoints) { @@ -47,6 +51,7 @@ zones => { 'ZoneName' => { 'endpoints' => { 'NodeName' => {}} + $colocation_endpoints }, }, + ticket_salt => $ticket_salt, } ::icinga2::object::zone { $global_zones: diff --git a/manifests/web.pp b/manifests/web.pp new file mode 100644 index 0000000..63e11aa --- /dev/null +++ b/manifests/web.pp @@ -0,0 +1,203 @@ +class icinga::web( + String $db_pass, + String $api_pass, + String $backend_db_pass, + Enum['mysql', 'pgsql'] $db_type = 'mysql', + Stdlib::Host $db_host = 'localhost', + Optional[Stdlib::Port::Unprivileged] $db_port = undef, + String $db_name = 'icingaweb2', + String $db_user = 'icingaweb2', + Boolean $manage_database = false, + String $api_user = 'icingaweb2', + Enum['mysql', 'pgsql'] $backend_db_type = 'mysql', + Stdlib::Host $backend_db_host = 'localhost', + Optional[Stdlib::Port::Unprivileged] $backend_db_port = undef, + String $backend_db_name = 'icinga2', + String $backend_db_user = 'icinga2', +) { + + unless $backend_db_port { + $_backend_db_port = $backend_db_type ? { + 'pgsql' => 5432, + default => 3306, + } + } else { + $_backend_db_port = $backend_db_port + } + + unless $db_port { + $_db_port = $db_type ? { + 'pgsql' => 5432, + default => 3306, + } + } else { + $_db_port = $db_port + } + + # + # Platform + # + case $::osfamily { + 'redhat': { + $php_globals = {} + $php_extensions = { + mbstring => { ini_prefix => '20-' }, + json => { ini_prefix => '20-' }, + ldap => { ini_prefix => '20-' }, + gd => { ini_prefix => '20-' }, + xml => { ini_prefix => '20-' }, + intl => { ini_prefix => '20-' }, + mysqlnd => { ini_prefix => '20-' }, + pgsql => { ini_prefix => '20-' }, + } + } # RedHat + + 'debian': { + $php_globals = {} + $php_extensions = { + mbstring => {}, + json => {}, + ldap => {}, + gd => {}, + xml => {}, + intl => {}, + mysql => {}, + pgsql => {}, + } + } # Debian + + default: { + fail("'Your operatingsystem ${::operatingsystem} is not supported.'") + } + } + + # + # PHP + # + class { '::php::globals': + * => $php_globals, + } + + class { '::php': + ensure => installed, + manage_repos => false, + apache_config => false, + fpm => true, + extensions => $php_extensions, + dev => false, + composer => false, + pear => false, + phpunit => false, + require => Class['::php::globals'], + } + + # + # Apache + # + $manage_package = false + + Package['icingaweb2'] + -> Class['apache'] + + package { 'icingaweb2': + ensure => installed, + } + + class { '::apache': + default_mods => false, + default_vhost => false, + mpm_module => 'worker', + } + + apache::listen { '80': } + + $web_conf_user = $::apache::user + + include ::apache::mod::alias + include ::apache::mod::status + include ::apache::mod::dir + include ::apache::mod::env + include ::apache::mod::rewrite + include ::apache::mod::proxy + include ::apache::mod::proxy_fcgi + + apache::custom_config { 'icingaweb2': + ensure => present, + source => 'puppet:///modules/icingaweb2/examples/apache2/for-mod_proxy_fcgi.conf', + verify_config => false, + priority => false, + } + + # + # Database + # + if $manage_database { + class { '::icinga::web::database': + db_type => $db_type, + db_name => $db_name, + db_user => $db_user, + db_pass => $db_pass, + access_instances => [ 'localhost' ], + before => Class['icingaweb2'], + } + $_db_host = 'localhost' + } else { + if $db_type != 'pgsql' { + include ::mysql::client + } else { + include ::postgresql::client + } + $_db_host = $db_host + } + + # + # Icinga Web 2 + # + class { 'icingaweb2': + db_type => $db_type, + db_host => $_db_host, + db_port => $_db_port, + db_name => $db_name, + db_username => $db_user, + db_password => $db_pass, + import_schema => true, + config_backend => 'db', + conf_user => $web_conf_user, + manage_package => $manage_package, + } + + class { '::icingaweb2::module::monitoring': + ido_type => $backend_db_type, + ido_host => $backend_db_host, + ido_port => $_backend_db_port, + ido_db_name => $backend_db_name, + ido_db_username => $backend_db_user, + ido_db_password => $backend_db_pass, + commandtransports => { + 'icinga2' => { + transport => 'api', + username => $api_user, + password => $api_pass, + } + }, + } + +} + +class icinga::web::database( + Enum['mysql','pgsql'] $db_type, + Array[Stdlib::Host] $access_instances, + String $db_pass, + String $db_name = 'icingaweb2', + String $db_user = 'icingaweb2', +) { + + ::icinga::database { "$db_type-$db_name": + db_type => $db_type, + db_name => $db_name, + db_user => $db_user, + db_pass => $db_pass, + access_instances => $access_instances, + mysql_privileges => ['ALL'], + } +}