puppet: Use hiera in icingaweb2_dev

.vagrant-puppet/profiles/icingaweb2_dev/manifests/init.pp

@@ -1,15 +1,22 @@
-class icingaweb2_dev {
+class icingaweb2_dev (
+  $log      = hiera('icingaweb2::log'),
+  $db_user  = hiera('icingaweb2::db_user'),
+  $db_pass  = hiera('icingaweb2::db_pass'),
+  $db_name  = hiera('icingaweb2::db_name'),
+) {
   include apache
   include php
-  include icingaweb2
+  include icingaweb2::config
   include icingacli
   include icinga_packages
   include openldap
 
+  # TODO(el): Only include zend_framework. Apache does not have to be notified
   class { 'zend_framework':
     notify => Service['apache'],
   }
 
+  # TODO(el): icinga-gui is not a icingaweb2_dev package
   package { [ 'php-pdo', 'php-ldap', 'php-phpunit-PHPUnit', 'icinga-gui' ]:
     ensure => latest,
     notify => Service['apache'],
@@ -18,16 +25,8 @@ class icingaweb2_dev {
 
   Exec { path => '/usr/local/bin:/usr/bin:/bin' }
 
-  file { '/etc/icingaweb/enabledModules':
-    ensure  => directory,
-    owner   => 'apache',
-    group   => 'apache',
-    mode    => 6755,
-    require => [
-      Class['apache'],
-      File['icingaweb2cfgDir']
-    ],
-  }
+  # TODO(el): Enabling/disabling modules should be a resource
+  User <| alias == apache |> { groups +> 'icingaweb' }
   -> exec { 'enable-monitoring-module':
     command => 'icingacli module enable monitoring',
     user    => 'apache',
@@ -38,48 +37,43 @@ class icingaweb2_dev {
     user    => 'apache'
   }
 
+  # TODO(el): 'icingacmd' is NOT a icingaweb2_dev group
   group { 'icingacmd':
     ensure => present,
   }
-  -> exec { 'usermod -aG icingacmd apache':
-    command => '/usr/sbin/usermod -aG icingacmd apache',
-    require => [
-      Class['icingacli'],
-      User['apache']
-    ],
-    notify  => Service['apache'],
-  }
 
-  file { '/var/log/icingaweb.log':
-    ensure  => file,
-    owner   => 'apache',
-    group   => 'apache',
-    require => Class['apache'],
+  User <| alias == apache |> { groups +> 'icingacmd' }
+
+  file { "${log}":
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'icingaweb',
+    mode    => '2775'
   }
 
   $icingaadminSelect = "as CNT from icingaweb_user where name = \'icingaadmin\'\" |grep -qwe \'cnt=0\'"
   $icingaadminInsert = "\"INSERT INTO icingaweb_user (name, active, password_hash) VALUES (\'icingaadmin\', 1, \'\\\$1\\\$JMdnEc9M\\\$FW7yapAjv0atS43NkapGo/\');\""
 
-  mysql::database::populate { 'icingaweb':
-    username   => 'icingaweb',
-    password   => 'icingaweb',
+  mysql::database::populate { "${db_name}":
+    username   => "${db_user}",
+    password   => "${db_pass}",
     privileges => 'ALL',
     schemafile => '/vagrant/etc/schema/mysql.schema.sql',
   }
   -> exec { 'mysql-icingaadmin':
-    onlyif  => "mysql -uicingaweb -picingaweb icingaweb -e \"select CONCAT(\'cnt=\', COUNT(name)) ${icingaadminSelect}",
-    command => "mysql -uicingaweb -picingaweb icingaweb -e ${icingaadminInsert}",
+    onlyif  => "mysql -u${db_user} -p${db_pass} ${db_name} -e \"select CONCAT(\'cnt=\', COUNT(name)) ${icingaadminSelect}",
+    command => "mysql -u${db_user} -p${db_pass} ${db_name} -e ${icingaadminInsert}",
   }
 
-  pgsql::database::populate { 'icingaweb':
-    username => 'icingaweb',
-    password => 'icingaweb',
+  pgsql::database::populate { "${db_name}":
+    username   => "${db_user}",
+    password   => "${db_pass}",
     schemafile => '/vagrant/etc/schema/pgsql.schema.sql',
   }
   -> exec { 'pgsql-icingaadmin':
-    onlyif      => "psql -U icingaweb -w -d icingaweb -c \"select 'cnt=' || COUNT(name) ${icingaadminSelect}",
-    command     => "psql -U icingaweb -w -d icingaweb -c ${icingaadminInsert}",
-    environment => 'PGPASSWORD=icingaweb',
+    onlyif      => "psql -U ${db_user} -w -d ${db_name} -c \"select 'cnt=' || COUNT(name) ${icingaadminSelect}",
+    command     => "psql -U ${db_user} -w -d ${db_name} -c ${icingaadminInsert}",
+    environment => "PGPASSWORD=${db_pass}",
   }
 
   file { '/etc/httpd/conf.d/icingaweb.conf':
@@ -97,17 +91,20 @@ class icingaweb2_dev {
   }
 
   icingaweb2::config::module { [ 'backends', 'config', 'instances' ]:
+    module  => 'monitoring',
     source  => 'puppet:///modules/icingaweb2_dev',
   }
 
+  # TODO(el): Should be a resource
   package { 'iptables':
     ensure => latest
   }
   -> exec { 'iptables-allow-http':
-    unless  => 'grep -Fxqe "-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT" /etc/sysconfig/iptables',
+    unless  => 'grep -qe "-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT" /etc/sysconfig/iptables',
     command => '/sbin/iptables -I INPUT 1 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT && /sbin/iptables-save > /etc/sysconfig/iptables'
   }
 
+  # TODO(el): Don't define inside a class
   define openldap_file {
     file { "openldap/${name}.ldif":
       path    => "/usr/share/openldap-servers/${name}.ldif",
@@ -119,7 +116,7 @@ class icingaweb2_dev {
   openldap_file { [ 'db', 'dit', 'users' ]: }
 
   exec { 'populate-openldap':
-    # TODO: Split the command and use unless instead of trying to populate openldap everytime
+    # TODO(el): Split the command and use unless instead of trying to populate openldap everytime
     command => 'sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f /usr/share/openldap-servers/db.ldif || true && \
                 sudo ldapadd -c -D cn=admin,dc=icinga,dc=org -x -w admin -f /usr/share/openldap-servers/dit.ldif || true && \
                 sudo ldapadd -c -D cn=admin,dc=icinga,dc=org -x -w admin -f /usr/share/openldap-servers/users.ldif || true',
@@ -133,6 +130,7 @@ class icingaweb2_dev {
     ],
   }
 
+  # TODO(el): Should be a module
   package { 'php-deepend-Mockery':
     ensure => latest,
   }