Merge branch 'master' into add-suse-support

carraroj · Jun 14, 2023 · 2a63aa9 · 2a63aa9
2 parents 6cd26eb + 2a9e8ed
commit 2a63aa9
Show file tree

Hide file tree

Showing 5 changed files with 251 additions and 1 deletion.
diff --git a/.sync.yml b/.sync.yml
@@ -5,4 +5,9 @@
 #
 # See https://github.com/puppetlabs/pdk-templates/blob/main/config_defaults.yml
 # for the default values.
---- {}
+---
+Gemfile:
+  optional:
+    ':development':
+      - gem: 'concurrent-ruby'
+        version: '< 1.2.0'
diff --git a/examples/mysql/standalone-icingadb-x509.pp b/examples/mysql/standalone-icingadb-x509.pp
@@ -0,0 +1,60 @@
+class { 'icinga::repos':
+  manage_epel   => true,
+  manage_extras => true,
+}
+
+# Setting riquired for MySQL < 5.7 and MariaDB < 10.2
+if $facts['os']['family'] == 'redhat' and Integer($facts['os']['release']['major']) < 8 {
+  class { 'mysql::server':
+    override_options => {
+      mysqld => {
+        innodb_file_format    => 'barracuda',
+        innodb_file_per_table => 1,
+        innodb_large_prefix   => 1,
+      },
+    },
+  }
+}
+
+class { 'icinga::server':
+  ca                => true,
+  config_server     => true,
+  global_zones      => ['global-templates', 'linux-commands', 'windows-commands'],
+  web_api_pass      => Sensitive('icingaweb2'),
+  director_api_pass => Sensitive('director'),
+  run_web           => true,
+}
+
+class { 'icinga::db':
+  db_type         => 'mysql',
+  db_pass         => Sensitive('icinga2'),
+  manage_database => true,
+}
+
+class { 'icinga::web':
+  db_type            => 'mysql',
+  db_pass            => Sensitive('icingaweb2'),
+  default_admin_user => 'admin',
+  default_admin_pass => Sensitive('admin'),
+  manage_database    => true,
+  api_pass           => $icinga::server::web_api_pass,
+}
+
+class { 'icinga::web::icingadb':
+  db_type => $icinga::db::db_type,
+  db_pass => $icinga::db::db_pass,
+}
+
+class { 'icinga::web::director':
+  db_type         => 'mysql',
+  db_pass         => Sensitive('director'),
+  manage_database => true,
+  endpoint        => $facts['networking']['fqdn'],
+  api_pass        => $icinga::server::director_api_pass,
+}
+
+class { 'icinga::web::x509':
+  db_type         => 'mysql',
+  db_pass         => Sensitive('x509'),
+  manage_database => true,
+}
diff --git a/examples/pgsql/standalone-icingadb-x509.pp b/examples/pgsql/standalone-icingadb-x509.pp
@@ -0,0 +1,47 @@
+class { 'icinga::repos':
+  manage_epel   => true,
+  manage_extras => true,
+}
+
+class { 'icinga::server':
+  ca                => true,
+  config_server     => true,
+  global_zones      => ['global-templates', 'linux-commands', 'windows-commands'],
+  web_api_pass      => Sensitive('icingaweb2'),
+  director_api_pass => Sensitive('director'),
+  run_web           => true,
+}
+
+class { 'icinga::db':
+  db_type         => 'pgsql',
+  db_pass         => Sensitive('icinga2'),
+  manage_database => true,
+}
+
+class { 'icinga::web':
+  db_type            => 'pgsql',
+  db_pass            => Sensitive('icingaweb2'),
+  default_admin_user => 'admin',
+  default_admin_pass => Sensitive('admin'),
+  manage_database    => true,
+  api_pass           => $icinga::server::web_api_pass,
+}
+
+class { 'icinga::web::icingadb':
+  db_type => $icinga::db::db_type,
+  db_pass => $icinga::db::db_pass,
+}
+
+class { 'icinga::web::director':
+  db_type         => 'pgsql',
+  db_pass         => Sensitive('director'),
+  manage_database => true,
+  endpoint        => $facts['networking']['fqdn'],
+  api_pass        => $icinga::server::director_api_pass,
+}
+
+class { 'icinga::web::x509':
+  db_type         => 'pgsql',
+  db_pass         => Sensitive('x509'),
+  manage_database => true,
+}
diff --git a/manifests/web/x509.pp b/manifests/web/x509.pp
@@ -0,0 +1,90 @@
+# @summary
+#   Setup the x509 module for Icinga Web 2
+#
+# @param service_ensure
+#   Manages if the x509 service should be stopped or running.
+#
+# @param service_enable
+#   If set to true the x509 service will start on boot.
+#
+# @param db_type
+#   Type of your database.
+#
+# @param db_host
+#   Hostname of the database.
+#
+# @param db_port
+#   Port of the database.
+#
+# @param db_name
+#   Name of the database.
+#
+# @param db_user
+#   Username for DB connection.
+#
+# @param db_pass
+#   Password for DB connection.
+#
+# @param manage_database
+#   Create database and import schema.
+#
+class icinga::web::x509 (
+  Enum['mysql', 'pgsql']    $db_type,
+  Icinga::Secret            $db_pass,
+  Stdlib::Ensure::Service   $service_ensure  = 'running',
+  Boolean                   $service_enable  = true,
+  Stdlib::Host              $db_host         = 'localhost',
+  Optional[Stdlib::Port]    $db_port         = undef,
+  String                    $db_name         = 'x509',
+  String                    $db_user         = 'x509',
+  Boolean                   $manage_database = false,
+) {
+  unless defined(Class['icinga::web::icingadb']) or defined(Class['icinga::web::monitoring']) {
+    fail('Class icinga::web::icingadb or icinga::web::monitoring has to be declared before!')
+  }
+
+  $_db_charset = $db_type ? {
+    'mysql' => 'utf8mb4',
+    default => 'UTF8',
+  }
+
+  #
+  # Database
+  #
+  if $manage_database {
+    class { 'icinga::web::x509::database':
+      db_type       => $db_type,
+      db_name       => $db_name,
+      db_user       => $db_user,
+      db_pass       => $db_pass,
+      web_instances => ['localhost'],
+      before        => Class['icingaweb2::module::x509'],
+    }
+    $_db_host = 'localhost'
+  } else {
+    if $db_type != 'pgsql' {
+      include mysql::client
+    } else {
+      include postgresql::client
+    }
+    $_db_host = $db_host
+  }
+
+  class { 'icingaweb2::module::x509':
+    install_method => 'package',
+    db_type        => $db_type,
+    db_host        => $_db_host,
+    db_port        => $db_port,
+    db_name        => $db_name,
+    db_username    => $db_user,
+    db_password    => $db_pass,
+    db_charset     => $_db_charset,
+    import_schema  => lookup('icingaweb2::module::x509::import_schema', undef, undef, true),
+  }
+
+  service { 'icinga-x509':
+    ensure  => $service_ensure,
+    enable  => $service_enable,
+    require => Class['icingaweb2::module::x509'],
+  }
+}
diff --git a/manifests/web/x509/database.pp b/manifests/web/x509/database.pp
@@ -0,0 +1,48 @@
+# @summary
+#   Setup the x509 database.
+#
+# @param db_type
+#   What kind of database type to use.
+#
+# @param web_instances
+#   List of Hosts to allow write access to the database.
+#   Usually an Icinga Web 2 instance.
+#
+# @param db_pass
+#   Password to connect the database.
+#
+# @param db_name
+#   Name of the database.
+#
+# @param db_user
+#   Database user name.
+#
+# @param tls
+#   Access only for TLS encrypted connections. Authentication via `password` or `cert`,
+#   value `true` means password auth.
+#
+class icinga::web::x509::database (
+  Enum['mysql','pgsql']      $db_type,
+  Array[Stdlib::Host]        $web_instances,
+  Icinga::Secret             $db_pass,
+  String                     $db_user = 'x509',
+  String                     $db_name = 'x509',
+  Variant[Boolean,
+  Enum['password','cert']]   $tls      = false,
+) {
+  $_encoding = $db_type ? {
+    'mysql' => 'utf8',
+    default => 'UTF8',
+  }
+
+  icinga::database { "${db_type}-${db_name}":
+    db_type          => $db_type,
+    db_name          => $db_name,
+    db_user          => $db_user,
+    db_pass          => $db_pass,
+    access_instances => $web_instances,
+    mysql_privileges => ['ALL'],
+    encoding         => $_encoding,
+    tls              => $tls,
+  }
+}