From 89c4bb4f53274773818849de2c8cac551668c9e9 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Wed, 10 Dec 2014 16:01:54 +0100 Subject: [PATCH] puppet: Use hiera in icingaweb2_dev --- .../profiles/icingaweb2_dev/manifests/init.pp | 74 +++++++++---------- 1 file changed, 36 insertions(+), 38 deletions(-) diff --git a/.vagrant-puppet/profiles/icingaweb2_dev/manifests/init.pp b/.vagrant-puppet/profiles/icingaweb2_dev/manifests/init.pp index e0015b69d..638809881 100644 --- a/.vagrant-puppet/profiles/icingaweb2_dev/manifests/init.pp +++ b/.vagrant-puppet/profiles/icingaweb2_dev/manifests/init.pp @@ -1,15 +1,22 @@ -class icingaweb2_dev { +class icingaweb2_dev ( + $log = hiera('icingaweb2::log'), + $db_user = hiera('icingaweb2::db_user'), + $db_pass = hiera('icingaweb2::db_pass'), + $db_name = hiera('icingaweb2::db_name'), +) { include apache include php - include icingaweb2 + include icingaweb2::config include icingacli include icinga_packages include openldap + # TODO(el): Only include zend_framework. Apache does not have to be notified class { 'zend_framework': notify => Service['apache'], } + # TODO(el): icinga-gui is not a icingaweb2_dev package package { [ 'php-pdo', 'php-ldap', 'php-phpunit-PHPUnit', 'icinga-gui' ]: ensure => latest, notify => Service['apache'], @@ -18,16 +25,8 @@ class icingaweb2_dev { Exec { path => '/usr/local/bin:/usr/bin:/bin' } - file { '/etc/icingaweb/enabledModules': - ensure => directory, - owner => 'apache', - group => 'apache', - mode => 6755, - require => [ - Class['apache'], - File['icingaweb2cfgDir'] - ], - } + # TODO(el): Enabling/disabling modules should be a resource + User <| alias == apache |> { groups +> 'icingaweb' } -> exec { 'enable-monitoring-module': command => 'icingacli module enable monitoring', user => 'apache', @@ -38,48 +37,43 @@ class icingaweb2_dev { user => 'apache' } + # TODO(el): 'icingacmd' is NOT a icingaweb2_dev group group { 'icingacmd': ensure => present, } - -> exec { 'usermod -aG icingacmd apache': - command => '/usr/sbin/usermod -aG icingacmd apache', - require => [ - Class['icingacli'], - User['apache'] - ], - notify => Service['apache'], - } - file { '/var/log/icingaweb.log': - ensure => file, - owner => 'apache', - group => 'apache', - require => Class['apache'], + User <| alias == apache |> { groups +> 'icingacmd' } + + file { "${log}": + ensure => directory, + owner => 'root', + group => 'icingaweb', + mode => '2775' } $icingaadminSelect = "as CNT from icingaweb_user where name = \'icingaadmin\'\" |grep -qwe \'cnt=0\'" $icingaadminInsert = "\"INSERT INTO icingaweb_user (name, active, password_hash) VALUES (\'icingaadmin\', 1, \'\\\$1\\\$JMdnEc9M\\\$FW7yapAjv0atS43NkapGo/\');\"" - mysql::database::populate { 'icingaweb': - username => 'icingaweb', - password => 'icingaweb', + mysql::database::populate { "${db_name}": + username => "${db_user}", + password => "${db_pass}", privileges => 'ALL', schemafile => '/vagrant/etc/schema/mysql.schema.sql', } -> exec { 'mysql-icingaadmin': - onlyif => "mysql -uicingaweb -picingaweb icingaweb -e \"select CONCAT(\'cnt=\', COUNT(name)) ${icingaadminSelect}", - command => "mysql -uicingaweb -picingaweb icingaweb -e ${icingaadminInsert}", + onlyif => "mysql -u${db_user} -p${db_pass} ${db_name} -e \"select CONCAT(\'cnt=\', COUNT(name)) ${icingaadminSelect}", + command => "mysql -u${db_user} -p${db_pass} ${db_name} -e ${icingaadminInsert}", } - pgsql::database::populate { 'icingaweb': - username => 'icingaweb', - password => 'icingaweb', + pgsql::database::populate { "${db_name}": + username => "${db_user}", + password => "${db_pass}", schemafile => '/vagrant/etc/schema/pgsql.schema.sql', } -> exec { 'pgsql-icingaadmin': - onlyif => "psql -U icingaweb -w -d icingaweb -c \"select 'cnt=' || COUNT(name) ${icingaadminSelect}", - command => "psql -U icingaweb -w -d icingaweb -c ${icingaadminInsert}", - environment => 'PGPASSWORD=icingaweb', + onlyif => "psql -U ${db_user} -w -d ${db_name} -c \"select 'cnt=' || COUNT(name) ${icingaadminSelect}", + command => "psql -U ${db_user} -w -d ${db_name} -c ${icingaadminInsert}", + environment => "PGPASSWORD=${db_pass}", } file { '/etc/httpd/conf.d/icingaweb.conf': @@ -97,17 +91,20 @@ class icingaweb2_dev { } icingaweb2::config::module { [ 'backends', 'config', 'instances' ]: + module => 'monitoring', source => 'puppet:///modules/icingaweb2_dev', } + # TODO(el): Should be a resource package { 'iptables': ensure => latest } -> exec { 'iptables-allow-http': - unless => 'grep -Fxqe "-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT" /etc/sysconfig/iptables', + unless => 'grep -qe "-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT" /etc/sysconfig/iptables', command => '/sbin/iptables -I INPUT 1 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT && /sbin/iptables-save > /etc/sysconfig/iptables' } + # TODO(el): Don't define inside a class define openldap_file { file { "openldap/${name}.ldif": path => "/usr/share/openldap-servers/${name}.ldif", @@ -119,7 +116,7 @@ class icingaweb2_dev { openldap_file { [ 'db', 'dit', 'users' ]: } exec { 'populate-openldap': - # TODO: Split the command and use unless instead of trying to populate openldap everytime + # TODO(el): Split the command and use unless instead of trying to populate openldap everytime command => 'sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f /usr/share/openldap-servers/db.ldif || true && \ sudo ldapadd -c -D cn=admin,dc=icinga,dc=org -x -w admin -f /usr/share/openldap-servers/dit.ldif || true && \ sudo ldapadd -c -D cn=admin,dc=icinga,dc=org -x -w admin -f /usr/share/openldap-servers/users.ldif || true', @@ -133,6 +130,7 @@ class icingaweb2_dev { ], } + # TODO(el): Should be a module package { 'php-deepend-Mockery': ensure => latest, }