rework module icingadb

voxpupuli · Nov 6, 2023 · a975e8a · a975e8a
1 parent 3defff0
commit a975e8a
Show file tree

Hide file tree

Showing 6 changed files with 202 additions and 153 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -38,6 +38,8 @@
 
 * `icingaweb2::config`: Configures Icinga Web 2.
 * `icingaweb2::install`: Installs Icinga Web 2 and extra packages.
+* `icingaweb2::module::icingadb::config`: Configure the icingadb module.
+* `icingaweb2::module::icingadb::install`: Install the icingadb module.
 * `icingaweb2::module::reporting::config`: Configure the reporting module.
 * `icingaweb2::module::reporting::install`: Install the reporting module.
 * `icingaweb2::module::reporting::service`: Manage the reporting service.
@@ -1893,8 +1895,6 @@ Data type: `Enum['absent', 'present']`
 
 Enable or disable module.
 
-Default value: `'present'`
-
 ##### <a name="-icingaweb2--module--icingadb--package_name"></a>`package_name`
 
 Data type: `String`
@@ -1913,8 +1913,6 @@ Data type: `Stdlib::Host`
 
 Hostname of the IcingaDB database.
 
-Default value: `'localhost'`
-
 ##### <a name="-icingaweb2--module--icingadb--db_port"></a>`db_port`
 
 Data type: `Optional[Stdlib::Port]`
@@ -1929,16 +1927,12 @@ Data type: `String`
 
 Name of the IcingaDB database.
 
-Default value: `'icingadb'`
-
 ##### <a name="-icingaweb2--module--icingadb--db_username"></a>`db_username`
 
 Data type: `String`
 
 Username for IcingaDB database connection.
 
-Default value: `'icingadb'`
-
 ##### <a name="-icingaweb2--module--icingadb--db_password"></a>`db_password`
 
 Data type: `Optional[Icingaweb2::Secret]`
@@ -2043,8 +2037,6 @@ Data type: `Stdlib::Host`
 
 Redis host to connect.
 
-Default value: `'localhost'`
-
 ##### <a name="-icingaweb2--module--icingadb--redis_port"></a>`redis_port`
 
 Data type: `Optional[Stdlib::Port]`

diff --git a/data/common.yaml b/data/common.yaml
@@ -24,6 +24,12 @@ icingaweb2::module::x509::install_method: git
 icingaweb2::module::x509::git_repository: https://github.com/Icinga/icingaweb2-module-x509.git
 icingaweb2::module::x509::package_name: icingaweb2-module-x509
 
+icingaweb2::module::icingadb::ensure: present
+icingaweb2::module::icingadb::redis_host: localhost
+icingaweb2::module::icingadb::db_host: localhost
+icingaweb2::module::icingadb::db_name: icingadb
+icingaweb2::module::icingadb::db_username: icingadb
+
 icingaweb2::globals::mysql_reporting_schema: /schema/mysql.sql
 icingaweb2::globals::pgsql_reporting_schema: /schema/postgresql.sql
 icingaweb2::module::reporting::ensure: present

diff --git a/manifests/module/icingadb.pp b/manifests/module/icingadb.pp
@@ -116,13 +116,14 @@
 #   A hash of command transports.
 #
 class icingaweb2::module::icingadb (
+  Enum['absent', 'present']       $ensure,
   String                          $package_name,
+  Stdlib::Host                    $redis_host,
+  Stdlib::Host                    $db_host,
   Enum['mysql', 'pgsql']          $db_type,
-  Enum['absent', 'present']       $ensure                   = 'present',
-  Stdlib::Host                    $db_host                  = 'localhost',
+  String                          $db_name,
+  String                          $db_username,
   Optional[Stdlib::Port]          $db_port                  = undef,
-  String                          $db_name                  = 'icingadb',
-  String                          $db_username              = 'icingadb',
   Optional[Icingaweb2::Secret]    $db_password              = undef,
   Optional[String]                $db_charset               = undef,
   Optional[Boolean]               $db_use_tls               = undef,
@@ -135,7 +136,6 @@
   Optional[Stdlib::Absolutepath]  $db_tls_capath            = undef,
   Optional[Boolean]               $db_tls_noverify          = undef,
   Optional[String]                $db_tls_cipher            = undef,
-  Stdlib::Host                    $redis_host               = 'localhost',
   Optional[Stdlib::Port]          $redis_port               = undef,
   Optional[Icingaweb2::Secret]    $redis_password           = undef,
   Stdlib::Host                    $redis_primary_host       = $redis_host,
@@ -157,29 +157,36 @@
 
   $module_conf_dir = "${icingaweb2::globals::conf_dir}/modules/icingadb"
   $cert_dir        = "${icingaweb2::globals::state_dir}/icingadb/certs"
-  $conf_user       = $icingaweb2::conf_user
-  $conf_group      = $icingaweb2::conf_group
+
+  $redis_tls = icinga::cert::files(
+    'redis',
+    $cert_dir,
+    $redis_tls_key_file,
+    $redis_tls_cert_file,
+    $redis_tls_cacert_file,
+    $redis_tls_key,
+    $redis_tls_cert,
+    $redis_tls_cacert,
+  )
+
+  $db_tls = icinga::cert::files(
+    $db_username,
+    $cert_dir,
+    $db_tls_key_file,
+    $db_tls_cert_file,
+    $db_tls_cacert_file,
+    $db_tls_key,
+    $db_tls_cert,
+    $db_tls_cacert,
+  )
 
   if $redis_use_tls {
-    $redis_tls_files = icinga::cert::files(
-      'redis',
-      $cert_dir,
-      $redis_tls_key_file,
-      $redis_tls_cert_file,
-      $redis_tls_cacert_file,
-      $redis_tls_key,
-      $redis_tls_cert,
-      $redis_tls_cacert,
-    )
     $redis_settings = delete_undef_values({
         tls  => true,
-        cert => $redis_tls_files['cert_file'],
-        key  => $redis_tls_files['key_file'],
-        ca   => $redis_tls_files['cacert_file'],
+        cert => $redis_tls['cert_file'],
+        key  => $redis_tls['key_file'],
+        ca   => icingaweb2::pick($redis_tls['cacert_file'], $icingaweb2::config::tls['cacert_file']),
     })
-    icinga::cert { 'icingaweb2::module::icingadb redis client tls config':
-      args  => $redis_tls_files,
-    }
   } else {
     $redis_settings = {}
   }
@@ -217,53 +224,8 @@
     },
   }
 
-  $db_tls = delete_undef_values(icinga::cert::files(
-      $db_username,
-      $cert_dir,
-      $db_tls_key_file,
-      $db_tls_cert_file,
-      $db_tls_cacert_file,
-      $db_tls_key,
-      $db_tls_cert,
-      $db_tls_cacert,
-  ))
-
-  file { $cert_dir:
-    ensure => directory,
-    owner  => 'root',
-    group  => $conf_group,
-    mode   => '2770',
-  }
-
-  icinga::cert { 'icingaweb2::module::icingadb tls client config':
-    owner => $conf_user,
-    group => $conf_group,
-    args  => $db_tls,
-  }
-
-  icingaweb2::resource::database { 'icingaweb2-module-icingadb':
-    type         => $db_type,
-    host         => $db_host,
-    port         => pick($db_port, $icingaweb2::globals::port[$db_type]),
-    database     => $db_name,
-    username     => $db_username,
-    password     => $db_password,
-    charset      => $db_charset,
-    use_tls      => $db_use_tls,
-    tls_noverify => unless $db_tls_noverify { $icingaweb2::config::tls['noverify'] } else { $db_tls_noverify },
-    tls_key      => $db_tls['key_file'],
-    tls_cert     => $db_tls['cert_file'],
-    tls_cacert   => unless $db_tls_cacert_file { $icingaweb2::config::tls['cacert_file'] } else { $db_tls_cacert_file },
-    tls_capath   => unless $db_tls_capath { $icingaweb2::config::tls['capath'] } else { $db_tls_capath },
-    tls_cipher   => unless $db_tls_cipher { $icingaweb2::config::tls['cipher'] } else { $db_tls_cipher },
-  }
-
-  create_resources('icingaweb2::module::icingadb::commandtransport', $commandtransports)
-
-  icingaweb2::module { 'icingadb':
-    ensure         => $ensure,
-    install_method => 'package',
-    package_name   => $package_name,
-    settings       => $settings,
-  }
+  class { 'icingaweb2::module::icingadb::install': }
+  -> class { 'icingaweb2::module::icingadb::config': }
+  contain icingaweb2::module::icingadb::install
+  contain icingaweb2::module::icingadb::config
 }
diff --git a/manifests/module/icingadb/config.pp b/manifests/module/icingadb/config.pp
@@ -0,0 +1,47 @@
+# @summary
+#   Configure the icingadb module.
+#
+# @api private
+#
+class icingaweb2::module::icingadb::config {
+  assert_private()
+
+  $ensure            = $icingaweb2::module::icingadb::ensure
+  $module_conf_dir   = "${icingaweb2::globals::conf_dir}/modules/icingadb"
+  $db_type           = $icingaweb2::module::icingadb::db_type
+  $db_host           = $icingaweb2::module::icingadb::db_host
+  $db_port           = $icingaweb2::module::icingadb::db_port
+  $db_name           = $icingaweb2::module::icingadb::db_name
+  $db_username       = $icingaweb2::module::icingadb::db_username
+  $db_password       = $icingaweb2::module::icingadb::db_password
+  $db_charset        = $icingaweb2::module::icingadb::db_charset
+  $db_use_tls        = $icingaweb2::module::icingadb::db_use_tls
+  $db_tls            = $icingaweb2::module::icingadb::db_tls + {
+    cacert_file => icingaweb2::pick($icingaweb2::module::icingadb::db_tls['cacert_file'], $icingaweb2::config::tls['cacert_file']),
+    capath      => icingaweb2::pick($icingaweb2::module::icingadb::db_tls_capath, $icingaweb2::config::tls['capath']),
+    noverify    => icingaweb2::pick($icingaweb2::module::icingadb::db_tls_noverify, $icingaweb2::config::tls['noverify']),
+    cipher      => icingaweb2::pick($icingaweb2::module::icingadb::db_tls_cipher, $icingaweb2::config::tls['cipher']),
+  }
+  $settings          = $icingaweb2::module::icingadb::settings
+  $commandtransports = $icingaweb2::module::icingadb::commandtransports
+
+  icingaweb2::resource::database { 'icingaweb2-module-icingadb':
+    type         => $db_type,
+    host         => $db_host,
+    port         => $db_port,
+    database     => $db_name,
+    username     => $db_username,
+    password     => $db_password,
+    charset      => $db_charset,
+    use_tls      => $db_use_tls,
+    tls_noverify => icingaweb2::pick($db_tls['noverify'], $icingaweb2::config::tls['noverify']),
+    tls_key      => $db_tls['key_file'],
+    tls_cert     => $db_tls['cert_file'],
+    tls_cacert   => icingaweb2::pick($db_tls['cacert_file'], $icingaweb2::config::tls['cacert_file']),
+    tls_capath   => icingaweb2::pick($db_tls['capath'], $icingaweb2::config::tls['capath']),
+    tls_cipher   => icingaweb2::pick($db_tls['cipher'], $icingaweb2::config::tls['cipher']),
+  }
+
+  create_resources('icingaweb2::inisection', $settings)
+  create_resources('icingaweb2::module::icingadb::commandtransport', $commandtransports)
+}
diff --git a/manifests/module/icingadb/install.pp b/manifests/module/icingadb/install.pp
@@ -0,0 +1,47 @@
+# @summary
+#   Install the icingadb module.
+#
+# @api private
+#
+class icingaweb2::module::icingadb::install {
+  assert_private()
+
+  $conf_user       = $icingaweb2::conf_user
+  $conf_group      = $icingaweb2::conf_group
+  $ensure          = $icingaweb2::module::icingadb::ensure
+  $package_name    = $icingaweb2::module::icingadb::package_name
+  $cert_dir        = $icingaweb2::module::icingadb::cert_dir
+  $redis_use_tls   = $icingaweb2::module::icingadb::redis_use_tls
+  $redis_tls       = $icingaweb2::module::icingadb::redis_tls
+  $db_use_tls      = $icingaweb2::module::icingadb::db_use_tls
+  $db_tls          = $icingaweb2::module::icingadb::db_tls
+
+  icingaweb2::module { 'icingadb':
+    ensure         => $ensure,
+    install_method => 'package',
+    package_name   => $package_name,
+  }
+
+  file { $cert_dir:
+    ensure => directory,
+    owner  => 'root',
+    group  => $conf_group,
+    mode   => '2770',
+  }
+
+  if $redis_use_tls {
+    icinga::cert { 'icingaweb2::module::icingadb redis client tls config':
+      owner => $conf_user,
+      group => $conf_group,
+      args  => $redis_tls,
+    }
+  }
+
+  if $db_use_tls {
+    icinga::cert { 'icingaweb2::module::icingadb database tls client config':
+      owner => $conf_user,
+      group => $conf_group,
+      args  => $db_tls,
+    }
+  }
+}