diff --git a/REFERENCE.md b/REFERENCE.md
index dbf52896..1bf46902 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -31,7 +31,7 @@
* [`icingaweb2::module::translation`](#icingaweb2--module--translation): Installs and configures the translation module.
* [`icingaweb2::module::vspheredb`](#icingaweb2--module--vspheredb): Installs the vsphereDB plugin
* [`icingaweb2::module::x509`](#icingaweb2--module--x509): Installs the x509 module
-* [`icingaweb2::module::x509::service`](#icingaweb2--module--x509--service): Installs and configures the x509 job scheduler.
+* [`icingaweb2::module::x509::install`](#icingaweb2--module--x509--install): Install the x509 module
#### Private Classes
@@ -50,6 +50,8 @@
* `icingaweb2::module::vspheredb::config`: Configure the VSphereDB module
* `icingaweb2::module::vspheredb::install`: Install the VSphereDB module
* `icingaweb2::module::vspheredb::service`: Manage the vspheredb service.
+* `icingaweb2::module::x509::config`: Configure the x509 module
+* `icingaweb2::module::x509::service`: Manage the x509 job scheduler.
### Defined types
@@ -3350,6 +3352,10 @@ The following parameters are available in the `icingaweb2::module::x509` class:
* [`tls_noverify`](#-icingaweb2--module--x509--tls_noverify)
* [`tls_cipher`](#-icingaweb2--module--x509--tls_cipher)
* [`import_schema`](#-icingaweb2--module--x509--import_schema)
+* [`manage_service`](#-icingaweb2--module--x509--manage_service)
+* [`service_ensure`](#-icingaweb2--module--x509--service_ensure)
+* [`service_enable`](#-icingaweb2--module--x509--service_enable)
+* [`service_user`](#-icingaweb2--module--x509--service_user)
##### `ensure`
@@ -3359,15 +3365,15 @@ Ensures the state of the x509 module.
##### `module_dir`
-Data type: `Optional[Stdlib::Absolutepath]`
+Data type: `Stdlib::Absolutepath`
Target directory of the module.
-Default value: `undef`
+Default value: `"${icingaweb2::globals::default_module_path}/x509"`
##### `git_repository`
-Data type: `String`
+Data type: `Stdlib::HTTPUrl`
The upstream module repository.
@@ -3397,16 +3403,12 @@ Data type: `Enum['mysql', 'pgsql']`
The database type. Either mysql or pgsql.
-Default value: `'mysql'`
-
##### `db_host`
Data type: `Stdlib::Host`
The host where the database will be running
-Default value: `'localhost'`
-
##### `db_port`
Data type: `Optional[Stdlib::Port]`
@@ -3421,16 +3423,12 @@ Data type: `String`
The name of the database this module should use.
-Default value: `'x509'`
-
##### `db_username`
Data type: `String`
The username needed to access the database.
-Default value: `'x509'`
-
##### `db_password`
Data type: `Optional[Icingaweb2::Secret]`
@@ -3539,42 +3537,33 @@ whereas with mysql its different options.
Default value: `false`
-### `icingaweb2::module::x509::service`
-
-Installs and configures the x509 job scheduler.
-
-* **Note** Only systemd is supported by the Icinga Team and this module.
+##### `manage_service`
-#### Examples
-
-#####
+Data type: `Boolean`
-```puppet
-include icingaweb2::module::x509::service
-```
+If set to true the service (daemon) is managed.
-#### Parameters
+##### `service_ensure`
-The following parameters are available in the `icingaweb2::module::x509::service` class:
+Data type: `Stdlib::Ensure::Service`
-* [`ensure`](#-icingaweb2--module--x509--service--ensure)
-* [`enable`](#-icingaweb2--module--x509--service--enable)
+Wether the service is `running` or `stopped`.
-##### `ensure`
+##### `service_enable`
-Data type: `Stdlib::Ensure::Service`
+Data type: `Boolean`
-Whether the x509 service should be running.
+Whether the service should be started at boot time.
-Default value: `'running'`
+##### `service_user`
-##### `enable`
+Data type: `String`
-Data type: `Boolean`
+The user as which the service is running. Only valid if `install_method` is set to `git`.
-Enable or disable the service.
+### `icingaweb2::module::x509::install`
-Default value: `true`
+Install the x509 module
## Defined types
diff --git a/data/Linux-kernel.yaml b/data/Linux-kernel.yaml
index 1e621f2c..f5d1df39 100644
--- a/data/Linux-kernel.yaml
+++ b/data/Linux-kernel.yaml
@@ -10,8 +10,6 @@ icingaweb2::globals::mysql_idoreports_slaperiods: /usr/share/icingaweb2/modules/
icingaweb2::globals::mysql_idoreports_sla_percent: /usr/share/icingaweb2/modules/idoreports/schema/mysql/get_sla_ok_percent.sql
icingaweb2::globals::pgsql_idoreports_slaperiods: /usr/share/icingaweb2/modules/idoreports/schema/postgresql/slaperiods.sql
icingaweb2::globals::pgsql_idoreports_sla_percent: /usr/share/icingaweb2/modules/idoreports/schema/postgresql/get_sla_ok_percent.sql
-icingaweb2::globals::mysql_x509_schema: /usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql
-icingaweb2::globals::pgsql_x509_schema: /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql
icingaweb2::globals::gettext_package_name: gettext
icingaweb2::globals::icingacli_bin: /usr/bin/icingacli
icingaweb2::globals::default_module_path: /usr/share/icingaweb2/modules
@@ -23,3 +21,4 @@ icingaweb2::module::director::package_name: icingaweb2-module-director
icingaweb2::module::reporting::package_name: icingaweb2-module-reporting
icingaweb2::module::idoreports::package_name: icingaweb2-module-idoreports
icingaweb2::module::vspheredb::package_name: icingaweb2-module-vspheredb
+icingaweb2::module::x509::package_name: icingaweb2-module-x509
diff --git a/data/common.yaml b/data/common.yaml
index ffc7b4f4..d4672793 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -14,10 +14,6 @@ icingaweb2::module::graphite::git_repository: https://github.com/Icinga/icingawe
icingaweb2::module::incubator::git_repository: https://github.com/Icinga/icingaweb2-module-incubator.git
icingaweb2::module::incubator::git_revision: v0.19.0
icingaweb2::module::puppetdb::git_repository: https://github.com/Icinga/icingaweb2-module-puppetdb.git
-icingaweb2::module::x509::ensure: present
-icingaweb2::module::x509::install_method: git
-icingaweb2::module::x509::git_repository: https://github.com/Icinga/icingaweb2-module-x509.git
-icingaweb2::module::x509::package_name: icingaweb2-module-x509
icingaweb2::module::monitoring::ensure: present
icingaweb2::module::monitoring::protected_customvars:
@@ -64,6 +60,20 @@ icingaweb2::module::idoreports::ensure: present
icingaweb2::module::idoreports::install_method: git
icingaweb2::module::idoreports::git_repository: https://github.com/Icinga/icingaweb2-module-idoreports.git
+icingaweb2::globals::mysql_x509_schema: /schema/mysql.schema.sql
+icingaweb2::globals::pgsql_x509_schema: /schema/pgsql.schema.sql
+icingaweb2::module::x509::ensure: present
+icingaweb2::module::x509::install_method: git
+icingaweb2::module::x509::git_repository: https://github.com/Icinga/icingaweb2-module-x509.git
+icingaweb2::module::x509::package_name: icingaweb2-module-x509
+icingaweb2::module::x509::manage_service: true
+icingaweb2::module::x509::service_ensure: running
+icingaweb2::module::x509::service_enable: true
+icingaweb2::module::x509::service_user: icingax509
+icingaweb2::module::x509::db_host: localhost
+icingaweb2::module::x509::db_name: x509
+icingaweb2::module::x509::db_username: x509
+
icingaweb2::globals::mysql_vspheredb_schema: /schema/mysql.sql
icingaweb2::globals::pgsql_vspheredb_schema: /schema/pgsql.sql
icingaweb2::module::vspheredb::ensure: present
diff --git a/manifests/globals.pp b/manifests/globals.pp
index 2fb9a206..97304f69 100644
--- a/manifests/globals.pp
+++ b/manifests/globals.pp
@@ -96,11 +96,13 @@
'director' => 'utf8',
'vspheredb' => 'utf8mb4',
'reporting' => 'utf8mb4',
+ 'x509' => 'utf8',
},
'pgsql' => {
'director' => 'UTF8',
'vspheredb' => 'UTF8',
'reporting' => 'UTF8',
+ 'x509' => 'UTF8',
},
}
diff --git a/manifests/module/x509.pp b/manifests/module/x509.pp
index 42219af5..ef0b6945 100644
--- a/manifests/module/x509.pp
+++ b/manifests/module/x509.pp
@@ -76,6 +76,18 @@
# both means true. With mariadb its cli options are used for the import,
# whereas with mysql its different options.
#
+# @param manage_service
+# If set to true the service (daemon) is managed.
+#
+# @param service_ensure
+# Wether the service is `running` or `stopped`.
+#
+# @param service_enable
+# Whether the service should be started at boot time.
+#
+# @param service_user
+# The user as which the service is running. Only valid if `install_method` is set to `git`.
+#
# @example
# class { 'icingaweb2::module::x509':
# ensure => present,
@@ -89,18 +101,22 @@
class icingaweb2::module::x509 (
Enum['absent', 'present'] $ensure,
Enum['git', 'none', 'package'] $install_method,
- String $git_repository,
+ Stdlib::HTTPUrl $git_repository,
String $package_name,
- Optional[Stdlib::Absolutepath] $module_dir = undef,
- Optional[String] $git_revision = undef,
- Enum['mysql', 'pgsql'] $db_type = 'mysql',
- Stdlib::Host $db_host = 'localhost',
- Optional[Stdlib::Port] $db_port = undef,
- String $db_name = 'x509',
- String $db_username = 'x509',
+ Boolean $manage_service,
+ Stdlib::Ensure::Service $service_ensure,
+ Boolean $service_enable,
+ String $service_user,
+ Enum['mysql', 'pgsql'] $db_type,
+ Stdlib::Host $db_host,
+ String $db_name,
+ String $db_username,
Optional[Icingaweb2::Secret] $db_password = undef,
+ Optional[Stdlib::Port] $db_port = undef,
Optional[String] $db_charset = undef,
Variant[Boolean, Enum['mariadb', 'mysql']] $import_schema = false,
+ Stdlib::Absolutepath $module_dir = "${icingaweb2::globals::default_module_path}/x509",
+ Optional[String] $git_revision = undef,
Optional[Boolean] $use_tls = undef,
Optional[Stdlib::Absolutepath] $tls_key_file = undef,
Optional[Stdlib::Absolutepath] $tls_cert_file = undef,
@@ -114,116 +130,43 @@
) {
icingaweb2::assert_module()
- $conf_dir = $icingaweb2::globals::conf_dir
- $mysql_x509_schema = $icingaweb2::globals::mysql_x509_schema
- $pgsql_x509_schema = $icingaweb2::globals::pgsql_x509_schema
- $module_conf_dir = "${conf_dir}/modules/x509"
- $_db_port = pick($db_port, $icingaweb2::globals::port[$db_type])
+ $module_conf_dir = "${icingaweb2::globals::conf_dir}/modules/x509"
+ $cert_dir = "${icingaweb2::globals::state_dir}/x509/certs"
- $_db_charset = if $db_charset {
- $db_charset
- } else {
- if $db_type == 'mysql' {
- 'utf8mb4'
- } else {
- 'UTF8'
- }
+ $db = {
+ type => $db_type,
+ database => $db_name,
+ host => $db_host,
+ port => $db_port,
+ username => $db_username,
+ password => $db_password,
}
- $tls = delete($icingaweb2::config::tls, ['key', 'cert', 'cacert']) + delete_undef_values(icingaweb2::cert::files(
- 'client',
- $module_conf_dir,
- $tls_key_file,
- $tls_cert_file,
- $tls_cacert_file,
- $tls_key,
- $tls_cert,
- $tls_cacert,
- ), {
- capath => $tls_capath,
- noverify => $tls_noverify,
- cipher => $tls_cipher,
- })
+ $tls = icinga::cert::files(
+ $db_username,
+ $cert_dir,
+ $tls_key_file,
+ $tls_cert_file,
+ $tls_cacert_file,
+ $tls_key,
+ $tls_cert,
+ $tls_cacert,
+ )
- Exec {
- user => 'root',
- path => $facts['path'],
- provider => 'shell',
- require => [Icingaweb2::Module['x509'], Icingaweb2::Tls::Client['icingaweb2::module::x509 tls client config']],
- }
-
- icingaweb2::tls::client { 'icingaweb2::module::x509 tls client config':
- args => $tls,
- }
-
- icingaweb2::resource::database { 'x509':
- type => $db_type,
- host => $db_host,
- port => $_db_port,
- database => $db_name,
- username => $db_username,
- password => $db_password,
- charset => $_db_charset,
- use_tls => $use_tls,
- tls_noverify => $tls['noverify'],
- tls_key => $tls['key_file'],
- tls_cert => $tls['cert_file'],
- tls_cacert => $tls['cacert_file'],
- tls_capath => $tls['capath'],
- tls_cipher => $tls['cipher'],
- }
-
- icingaweb2::module { 'x509':
- ensure => $ensure,
- git_repository => $git_repository,
- git_revision => $git_revision,
- install_method => $install_method,
- module_dir => $module_dir,
- package_name => $package_name,
- settings => {
- 'icingaweb2-module-x509-backend' => {
- 'section_name' => 'backend',
- 'target' => "${module_conf_dir}/config.ini",
- 'settings' => {
- 'resource' => 'x509',
- },
+ $settings = {
+ 'icingaweb2-module-x509-backend' => {
+ 'section_name' => 'backend',
+ 'target' => "${module_conf_dir}/config.ini",
+ 'settings' => {
+ 'resource' => 'x509',
},
},
}
- if $import_schema {
- $real_db_type = if $import_schema =~ Boolean {
- if $db_type == 'pgsql' { 'pgsql' } else { 'mariadb' }
- } else {
- $import_schema
- }
- $db_cli_options = icingaweb2::db::connect({
- type => $real_db_type,
- name => $db_name,
- host => $db_host,
- port => $_db_port,
- user => $db_username,
- pass => $db_password,
- }, $tls, $use_tls)
-
- case $db_type {
- 'mysql': {
- exec { 'import icingaweb2::module::x509 schema':
- command => "mysql ${db_cli_options} < '${mysql_x509_schema}'",
- unless => "mysql ${db_cli_options} -Ns -e 'SELECT * FROM report'",
- }
- }
- 'pgsql': {
- $_db_password = icingaweb2::unwrap($db_password)
- exec { 'import icingaweb2::module::x509 schema':
- environment => ["PGPASSWORD=${_db_password}"],
- command => "psql '${db_cli_options}' -w -f ${pgsql_x509_schema}",
- unless => "psql '${db_cli_options}' -w -c 'SELECT * FROM report'",
- }
- } # pgsql (not supported)
- default: {
- fail('The database type you provided is not supported.')
- }
- }
- } # schema import
+ class { 'icingaweb2::module::x509::install': }
+ -> class { 'icingaweb2::module::x509::config': }
+ ~> class { 'icingaweb2::module::x509::service': }
+ contain icingaweb2::module::x509::install
+ contain icingaweb2::module::x509::config
+ contain icingaweb2::module::x509::service
}
diff --git a/manifests/module/x509/config.pp b/manifests/module/x509/config.pp
new file mode 100644
index 00000000..430ae616
--- /dev/null
+++ b/manifests/module/x509/config.pp
@@ -0,0 +1,88 @@
+# @summary
+# Configure the x509 module
+#
+# @api private
+#
+class icingaweb2::module::x509::config {
+ assert_private()
+
+ $icingacli_bin = $icingaweb2::globals::icingacli_bin
+ $install_method = $icingaweb2::module::x509::install_method
+ $db = $icingaweb2::module::x509::db
+ $import_schema = $icingaweb2::module::x509::import_schema
+ $use_tls = $icingaweb2::module::x509::use_tls
+ $tls = $icingaweb2::module::x509::tls + {
+ cacert_file => icingaweb2::pick($icingaweb2::module::x509::tls['cacert_file'], $icingaweb2::config::tls['cacert_file']),
+ capath => icingaweb2::pick($icingaweb2::module::x509::tls_capath, $icingaweb2::config::tls['capath']),
+ noverify => icingaweb2::pick($icingaweb2::module::x509::tls_noverify, $icingaweb2::config::tls['noverify']),
+ cipher => icingaweb2::pick($icingaweb2::module::x509::tls_cipher, $icingaweb2::config::tls['cipher']),
+ }
+ $mysql_schema = "${icingaweb2::module::x509::module_dir}${icingaweb2::globals::mysql_x509_schema}"
+ $pgsql_schema = "${icingaweb2::module::x509::module_dir}${icingaweb2::globals::pgsql_x509_schema}"
+ $service_user = $icingaweb2::module::x509::service_user
+ $settings = $icingaweb2::module::x509::settings
+
+ Exec {
+ user => 'root',
+ path => $facts['path'],
+ provider => 'shell',
+ }
+
+ if $install_method == 'git' {
+ systemd::unit_file { 'icinga-x509.service':
+ ensure => 'present',
+ content => epp('icingaweb2/icinga-x509.service.epp', {
+ 'conf_user' => $service_user,
+ 'icingacli_bin' => $icingacli_bin,
+ }),
+ }
+ }
+
+ icingaweb2::resource::database { 'x509':
+ type => $db['type'],
+ host => $db['host'],
+ port => $db['port'],
+ database => $db['database'],
+ username => $db['username'],
+ password => $db['password'],
+ charset => pick($icingaweb2::module::x509::db_charset, $icingaweb2::globals::db_charset[$db['type']]['x509']),
+ use_tls => $use_tls,
+ tls_noverify => $tls['noverify'],
+ tls_key => $tls['key_file'],
+ tls_cert => $tls['cert_file'],
+ tls_cacert => $tls['cacert_file'],
+ tls_capath => $tls['capath'],
+ tls_cipher => $tls['cipher'],
+ }
+
+ create_resources('icingaweb2::inisection', $settings)
+
+ if $import_schema {
+ $real_db_type = if $import_schema =~ Boolean {
+ if $db['type'] == 'pgsql' { 'pgsql' } else { 'mariadb' }
+ } else {
+ $import_schema
+ }
+ $db_cli_options = icinga::db::connect($db + { type => $real_db_type }, $tls, $use_tls)
+
+ case $db['type'] {
+ 'mysql': {
+ exec { 'import icingaweb2::module::x509 schema':
+ command => "mysql ${db_cli_options} < '${mysql_schema}'",
+ unless => "mysql ${db_cli_options} -Ns -e 'SELECT * FROM x509_certificate'",
+ }
+ }
+ 'pgsql': {
+ $_db_password = icingaweb2::unwrap($db['password'])
+ exec { 'import icingaweb2::module::x509 schema':
+ environment => ["PGPASSWORD=${_db_password}"],
+ command => "psql '${db_cli_options}' -w -f ${pgsql_schema}",
+ unless => "psql '${db_cli_options}' -w -c 'SELECT * FROM x509_certificate'",
+ }
+ } # pgsql (not supported)
+ default: {
+ fail('The database type you provided is not supported.')
+ }
+ }
+ } # schema import
+}
diff --git a/manifests/module/x509/install.pp b/manifests/module/x509/install.pp
new file mode 100644
index 00000000..cded7c40
--- /dev/null
+++ b/manifests/module/x509/install.pp
@@ -0,0 +1,51 @@
+# @summary
+# Install the x509 module
+#
+class icingaweb2::module::x509::install {
+ assert_private()
+
+ $conf_user = $icingaweb2::conf_user
+ $conf_group = $icingaweb2::conf_group
+ $module_dir = $icingaweb2::module::x509::module_dir
+ $cert_dir = $icingaweb2::module::x509::cert_dir
+ $ensure = $icingaweb2::module::x509::ensure
+ $git_repository = $icingaweb2::module::x509::git_repository
+ $git_revision = $icingaweb2::module::x509::git_revision
+ $install_method = $icingaweb2::module::x509::install_method
+ $package_name = $icingaweb2::module::x509::package_name
+ $use_tls = $icingaweb2::module::x509::use_tls
+ $tls = $icingaweb2::module::x509::tls
+ $service_user = $icingaweb2::module::x509::service_user
+
+ icingaweb2::module { 'x509':
+ ensure => $ensure,
+ git_repository => $git_repository,
+ git_revision => $git_revision,
+ install_method => $install_method,
+ module_dir => $module_dir,
+ package_name => $package_name,
+ }
+
+ if $install_method == 'git' {
+ user { $service_user:
+ ensure => present,
+ gid => $conf_group,
+ shell => '/bin/false',
+ }
+ }
+
+ if $use_tls {
+ file { $cert_dir:
+ ensure => directory,
+ owner => 'root',
+ group => $conf_group,
+ mode => '2770',
+ }
+
+ icinga::cert { 'icingaweb2::module::x509 tls client config':
+ owner => $conf_user,
+ group => $conf_group,
+ args => $tls,
+ }
+ }
+}
diff --git a/manifests/module/x509/service.pp b/manifests/module/x509/service.pp
index 1d482256..1b301d86 100644
--- a/manifests/module/x509/service.pp
+++ b/manifests/module/x509/service.pp
@@ -1,39 +1,18 @@
-# @summary Installs and configures the x509 job scheduler.
+# @summary
+# Manage the x509 job scheduler.
#
-# @note Only systemd is supported by the Icinga Team and this module.
+# @api private
#
-# @param [Stdlib::Ensure::Service] ensure
-# Whether the x509 service should be running.
-#
-# @param [Boolean] enable
-# Enable or disable the service.
-#
-# @example
-# include icingaweb2::module::x509::service
-#
-class icingaweb2::module::x509::service (
- Stdlib::Ensure::Service $ensure = 'running',
- Boolean $enable = true,
-) {
- require icingaweb2::module::x509
+class icingaweb2::module::x509::service {
+ assert_private()
- $install_method = $icingaweb2::module::x509::install_method
+ if $icingaweb2::module::x509::manage_service {
+ $ensure = $icingaweb2::module::x509::service_ensure
+ $enable = $icingaweb2::module::x509::service_enable
- if $install_method != 'package' {
- $_unit_file = if $icingaweb2::module::x509::module_dir {
- "${icingaweb2::module::x509::module_dir}/config/systemd/icinga-x509.service"
- } else {
- "${icingaweb2::globals::default_module_path}/x509/config/systemd/icinga-x509.service"
+ service { 'icinga-x509':
+ ensure => $ensure,
+ enable => $enable,
}
- systemd::unit_file { 'icinga-x509.service':
- ensure => 'present',
- source => $_unit_file,
- notify => Service['icinga-x509'],
- }
- }
-
- service { 'icinga-x509':
- ensure => $ensure,
- enable => $enable,
}
}
diff --git a/spec/classes/modules/x509_spec.rb b/spec/classes/modules/x509_spec.rb
new file mode 100644
index 00000000..e2ded6cb
--- /dev/null
+++ b/spec/classes/modules/x509_spec.rb
@@ -0,0 +1,189 @@
+require 'spec_helper'
+
+describe('icingaweb2::module::x509', type: :class) do
+ let(:pre_condition) do
+ [
+ "class { 'icingaweb2': db_type => 'mysql', conf_user => 'foo', conf_group => 'bar' }",
+ ]
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let :facts do
+ facts
+ end
+
+ context "#{os} with git_revision 'v1.3.1', service_user 'foobaz'" do
+ let(:params) do
+ {
+ git_revision: 'v1.3.1',
+ db_type: 'mysql',
+ db_password: 'x509',
+ service_user: 'foobaz',
+ }
+ end
+
+ it {
+ is_expected.to contain_icingaweb2__resource__database('x509')
+ .with_type('mysql')
+ .with_host('localhost')
+ .with_database('x509')
+ .with_username('x509')
+ .with_password('x509')
+ .with_charset('utf8')
+ }
+
+ it {
+ is_expected.to contain_icingaweb2__module('x509')
+ .with_install_method('git')
+ .with_git_revision('v1.3.1')
+ .with_package_name('icingaweb2-module-x509')
+ }
+
+ it {
+ is_expected.to contain_icingaweb2__inisection('icingaweb2-module-x509-backend')
+ .with_section_name('backend')
+ .with_target('/etc/icingaweb2/modules/x509/config.ini')
+ .with_settings({ 'resource' => 'x509' })
+ }
+
+ it {
+ is_expected.to contain_user('foobaz')
+ .with_ensure('present')
+ .with_gid('bar')
+ .with_shell('/bin/false')
+ }
+
+ it {
+ is_expected.to contain_systemd__unit_file('icinga-x509.service')
+ .with_content(%r{User=foobaz})
+ .with_content(%r{ExecStart=/usr/bin/icingacli})
+ }
+
+ it {
+ is_expected.to contain_service('icinga-x509')
+ .with_ensure('running')
+ .with_enable(true)
+ }
+
+ it { is_expected.not_to contain_exec('import icingaweb2::module::x509 schema') }
+ end
+
+ context "#{os} with db_type 'mysql', db_port '4711', install_method 'package', manage_service 'false', import_schema 'true'" do
+ let(:params) do
+ {
+ install_method: 'package',
+ manage_service: false,
+ db_type: 'mysql',
+ db_port: 4711,
+ import_schema: true,
+ }
+ end
+
+ it {
+ is_expected.to contain_package('icingaweb2-module-x509')
+ .with_ensure('installed')
+ }
+
+ it {
+ is_expected.to contain_icingaweb2__resource__database('x509')
+ .with_type('mysql')
+ .with_host('localhost')
+ .with_port(4711)
+ .with_database('x509')
+ .with_username('x509')
+ .with_charset('utf8')
+ }
+
+ it {
+ is_expected.to contain_exec('import icingaweb2::module::x509 schema')
+ .with_command(%r{^mysql.*\< '/usr/share/icingaweb2/modules/x509/schema/mysql.schema.sql'$})
+ .with_unless(%r{^mysql.* -Ns -e 'SELECT \* FROM x509_certificate'$})
+ }
+
+ it { is_expected.not_to contain_user('icingax509') }
+ it { is_expected.not_to contain_systemd__unit_file('icinga-x509.service') }
+ it { is_expected.not_to contain_service('icinga-x509') }
+ end
+
+ context "#{os} with use_tls 'true', tls_cacert 'cacert', tls_capath '/foo/bar', tls_noverify 'true', tls_cipher 'cipher'" do
+ let(:params) do
+ {
+ db_type: 'mysql',
+ use_tls: true,
+ tls_cacert_file: '/foo/bar',
+ tls_capath: '/foo/bar',
+ tls_noverify: true,
+ tls_cipher: 'cipher',
+ }
+ end
+
+ it {
+ is_expected.to contain_icingaweb2__resource__database('x509').with(
+ {
+ 'type' => 'mysql',
+ 'host' => 'localhost',
+ 'database' => 'x509',
+ 'username' => 'x509',
+ 'use_tls' => true,
+ 'tls_cacert' => '/foo/bar',
+ 'tls_capath' => '/foo/bar',
+ 'tls_noverify' => true,
+ 'tls_cipher' => 'cipher',
+ },
+ )
+ }
+ end
+
+ context "#{os} with db_type 'pgsql', use_tls 'true', import_schema 'true', service_ensure 'stopped', service_enabe 'false'" do
+ let(:pre_condition) do
+ [
+ "class { 'icingaweb2': db_type => 'pgsql', tls_cacert_file => '/foo/bar', tls_capath => '/foo/bar', tls_noverify => true, tls_cipher => 'cipher' }",
+ ]
+ end
+
+ let(:params) do
+ {
+ db_type: 'pgsql',
+ db_password: 'foo',
+ import_schema: true,
+ use_tls: true,
+ service_ensure: 'stopped',
+ service_enable: false,
+ }
+ end
+
+ it {
+ is_expected.to contain_icingaweb2__resource__database('x509').with(
+ {
+ 'type' => 'pgsql',
+ 'host' => 'localhost',
+ 'database' => 'x509',
+ 'username' => 'x509',
+ 'password' => 'foo',
+ 'use_tls' => true,
+ 'tls_cacert' => '/foo/bar',
+ 'tls_capath' => '/foo/bar',
+ 'tls_noverify' => true,
+ 'tls_cipher' => 'cipher',
+ 'charset' => 'UTF8',
+ },
+ )
+ }
+
+ it {
+ is_expected.to contain_exec('import icingaweb2::module::x509 schema')
+ .with_environment(['PGPASSWORD=foo'])
+ .with_command(%r{^psql.*-w -f /usr/share/icingaweb2/modules/x509/schema/pgsql.schema.sql$})
+ .with_unless(%r{^psql.* -w -c 'SELECT \* FROM x509_certificate'$})
+ }
+
+ it {
+ is_expected.to contain_service('icinga-x509')
+ .with_ensure('stopped')
+ .with_enable(false)
+ }
+ end
+ end
+ end
+end
diff --git a/templates/icinga-x509.service.epp b/templates/icinga-x509.service.epp
new file mode 100644
index 00000000..bff79aa9
--- /dev/null
+++ b/templates/icinga-x509.service.epp
@@ -0,0 +1,16 @@
+<%- |
+ String $conf_user,
+ String $icingacli_bin,
+| -%>
+[Unit]
+Description=Icinga Certificate Monitoring Module Jobs Runner
+
+[Service]
+Type=simple
+ExecStart=<%= $icingacli_bin %> x509 jobs run
+User=<%= $conf_user %>
+SyslogIdentifier=icingax509
+Restart=on-success
+
+[Install]
+WantedBy=multi-user.target