Skip to content

Commit

Permalink
change default directory for certificates and keys (icingaweb2 database)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lbetz
lbetz committed Nov 2, 2023
1 parent 6836a36 commit e45e821
Show file tree
Hide file tree
Showing 14 changed files with 334 additions and 239 deletions.
36 changes: 8 additions & 28 deletions manifests/config.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
class icingaweb2::config {
$conf_dir = $icingaweb2::globals::conf_dir
$default_module_path = $icingaweb2::globals::default_module_path
$ssl_dir = "${icingaweb2::globals::state_dir}/certs"

$logging = $icingaweb2::logging
$logging_file = $icingaweb2::logging_file
Expand All @@ -27,14 +28,7 @@
$import_schema = $icingaweb2::import_schema
$mysql_db_schema = $icingaweb2::globals::mysql_db_schema
$pgsql_db_schema = $icingaweb2::globals::pgsql_db_schema
$db = {
type => $icingaweb2::db_type,
name => $icingaweb2::db_name,
host => $icingaweb2::db_host,
port => pick($icingaweb2::db_port, $icingaweb2::globals::port[$icingaweb2::db_type]),
user => $icingaweb2::db_username,
pass => $icingaweb2::db_password,
}
$db = $icingaweb2::db

$default_domain = $icingaweb2::default_domain
$admin_role = $icingaweb2::admin_role
Expand All @@ -43,16 +37,7 @@
$config_resource = "${db['type']}-icingaweb2"

$use_tls = $icingaweb2::use_tls
$tls = icingaweb2::cert::files(
'client',
$conf_dir,
$icingaweb2::tls_key_file,
$icingaweb2::tls_cert_file,
$icingaweb2::tls_cacert_file,
$icingaweb2::tls_key,
$icingaweb2::tls_cert,
$icingaweb2::tls_cacert,
) + {
$tls = $icingaweb2::tls + {
capath => $icingaweb2::tls_capath,
noverify => $icingaweb2::tls_noverify,
cipher => $icingaweb2::tls_cipher,
Expand All @@ -62,7 +47,6 @@
path => $facts['path'],
provider => shell,
user => 'root',
require => Icingaweb2::Tls::Client['icingaweb2 tls client config'],
}

icingaweb2::inisection { 'config-logging':
Expand Down Expand Up @@ -149,17 +133,13 @@
}
}

icingaweb2::tls::client { 'icingaweb2 tls client config':
args => $tls,
}

-> icingaweb2::resource::database { "${db['type']}-icingaweb2":
icingaweb2::resource::database { "${db['type']}-icingaweb2":
type => $db['type'],
host => $db['host'],
port => $db['port'],
database => $db['name'],
username => $db['user'],
password => $db['pass'],
database => $db['database'],
username => $db['username'],
password => $db['password'],
use_tls => $use_tls,
tls_noverify => $tls['noverify'],
tls_key => $tls['key_file'],
Expand Down Expand Up @@ -187,7 +167,7 @@
} else {
$import_schema
}
$db_cli_options = icingaweb2::db::connect($db + { type => $real_db_type }, $tls, $use_tls)
$db_cli_options = icinga::db::connect($db + { type => $real_db_type }, $tls, $use_tls)

if $admin_role {
icingaweb2::config::role { $admin_role['name']:
Expand Down
22 changes: 22 additions & 0 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,10 +249,32 @@
) {
require icingaweb2::globals

$cert_dir = "${icingaweb2::globals::state_dir}/certs"

if $manage_repos {
require icinga::repos
}

$db = {
type => $db_type,
database => $db_name,
host => $db_host,
port => pick($db_port, $icingaweb2::globals::port[$db_type]),
username => $db_username,
password => $db_password,
}

$tls = icinga::cert::files(
$db_username,
$cert_dir,
$tls_key_file,
$tls_cert_file,
$tls_cacert_file,
$tls_key,
$tls_cert,
$tls_cacert,
)

class { 'icingaweb2::install': }
-> class { 'icingaweb2::config': }

Expand Down
15 changes: 13 additions & 2 deletions manifests/install.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,16 @@
assert_private("You're not supposed to use this defined type manually.")

$conf_dir = $icingaweb2::globals::conf_dir
$state_dir = $icingaweb2::globals::state_dir
$cert_dir = $icingaweb2::cert_dir
$package_name = $icingaweb2::globals::package_name
$data_dir = $icingaweb2::globals::data_dir
$comp_dir = $icingaweb2::globals::comp_db_schema_dir
$manage_package = $icingaweb2::manage_package
$extra_packages = $icingaweb2::extra_packages
$conf_user = $icingaweb2::conf_user
$conf_group = $icingaweb2::conf_group
$use_tls = $icingaweb2::use_tls
$tls = $icingaweb2::tls

#
# Packages
Expand Down Expand Up @@ -45,11 +48,19 @@
prefix(['modules', 'enabledModules', 'navigation', 'preferences', 'dashboards'], "${conf_dir}/"):
mode => '2770',
;
"${state_dir}/certs":
$cert_dir:
mode => '2770',
;
}

if $use_tls {
icinga::cert { 'icingaweb2 tls client config':
owner => $conf_user,
group => $conf_group,
args => $tls,
}
}

#
# Compatmode: db schema files were moved in Icinga Web 2.11.0
#
Expand Down
81 changes: 0 additions & 81 deletions spec/classes/config_spec.rb
View file

This file was deleted.

117 changes: 108 additions & 9 deletions spec/classes/icingaweb2_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,36 +8,109 @@
end

context 'with defaults' do
let(:params) do
{
db_type: 'mysql',
db_password: 'secret',
}
end
let(:params) { { db_type: 'mysql' } }

it { is_expected.to compile }
it { is_expected.to contain_class('icingaweb2::config') }
it { is_expected.to contain_class('icingaweb2::install') }
it { is_expected.not_to contain_class('icinga::repos') }

it { is_expected.to contain_package('icingaweb2').with('ensure' => 'installed') }
[ '/etc/icingaweb2/modules',
'/etc/icingaweb2/enabledModules',
'/etc/icingaweb2/navigation',
'/etc/icingaweb2/preferences',
'/etc/icingaweb2/dashboards',
'/var/lib/icingaweb2/certs' ].each do |file|
it {
is_expected.to contain_file(file)
.with_ensure('directory')
.with_mode('2770')
.with_owner('root')
.with_group('icingaweb2')
}
end
it {
is_expected.to contain_icingaweb2__inisection('config-logging')
.with_section_name('logging')
.with_target('/etc/icingaweb2/config.ini')
.with_settings(
{
'log' => 'syslog',
'file' => '/var/log/icingaweb2/icingaweb2.log',
'level' => 'INFO',
'facility' => 'user',
'application' => 'icingaweb2',
},
)
}
it {
is_expected.to contain_icingaweb2__inisection('config-global')
.with_section_name('global')
.with_target('/etc/icingaweb2/config.ini')
.with_settings(
{
'show_stacktraces' => false,
'module_path' => '/usr/share/icingaweb2/modules',
'config_resource' => 'mysql-icingaweb2',
},
)
}
it {
is_expected.to contain_icingaweb2__inisection('config-themes')
.with_section_name('themes')
.with_target('/etc/icingaweb2/config.ini')
.with_settings(
{
'default' => 'Icinga',
'disabled' => false,
},
)
}
it { is_expected.not_to contain_icingaweb2__inisection('config-authentication') }
it { is_expected.not_to contain_icingaweb2__inisection('config-cookie') }
it {
is_expected.to contain_icingaweb2__resource__database('mysql-icingaweb2')
.with_type('mysql')
.with_host('localhost')
.with_port(3306)
.with_database('icingaweb2')
.with_username('icingaweb2')
}
it { is_expected.not_to contain_exec('import schema') }
it { is_expected.not_to contain_exec('create default admin user') }
it { is_expected.not_to contain_icingaweb2__config__role('default admin user') }
end

context 'with manage_package => false' do
context "with manage_package 'false', cookie_path '/foo/bar', default_domain 'foobar'" do
let(:params) do
{
manage_package: false,
cookie_path: '/foo/bar',
default_domain: 'foobar',
db_type: 'mysql',
db_password: 'secret',
}
end

it { is_expected.not_to contain_package('icinga2').with('ensure' => 'installed') }
it {
is_expected.to contain_icingaweb2__inisection('config-cookie')
.with_section_name('cookie')
.with_target('/etc/icingaweb2/config.ini')
.with_settings({ 'path' => '/foo/bar' })
}
it {
is_expected.to contain_icingaweb2__inisection('config-authentication')
.with_section_name('authentication')
.with_target('/etc/icingaweb2/config.ini')
.with_settings({ 'default_domain' => 'foobar' })
}
end

context 'with additional resources, user and group backend' do
let(:params) do
{
db_type: 'mysql',
db_password: 'secret',
resources: {
foo: { type: 'ldap' },
baz: { type: 'pgsql', host: 'localhost', database: 'baz', port: 5432 },
Expand All @@ -56,6 +129,32 @@
it { is_expected.to contain_icingaweb2__config__authmethod('bar').with('resource' => 'foo') }
it { is_expected.to contain_icingaweb2__config__groupbackend('bar').with('resource' => 'foo') }
end

context "with db_type 'mysql', import_schema 'true'" do
let(:params) {{ import_schema: true, db_type: 'mysql' }}

it { is_expected.to contain_icingaweb2__resource__database('mysql-icingaweb2') }
it { is_expected.to contain_icingaweb2__config__authmethod('mysql-auth') }
it { is_expected.to contain_icingaweb2__config__role('default admin user') }
it { is_expected.to contain_exec('import schema') }
it { is_expected.to contain_exec('create default admin user') }
end

context "with db_type 'pgsql', import_schema 'true'" do
let(:params) {{ import_schema: true, db_type: 'pgsql' }}

it { is_expected.to contain_icingaweb2__resource__database('pgsql-icingaweb2') }
it { is_expected.to contain_icingaweb2__config__authmethod('pgsql-auth') }
it { is_expected.to contain_icingaweb2__config__role('default admin user') }
it { is_expected.to contain_exec('import schema') }
it { is_expected.to contain_exec('create default admin user') }
end

context 'with import_schema => true and admin_role => false' do
let(:params) {{ import_schema: true, db_type: 'mysql', admin_role: false }}

it { is_expected.not_to contain_icingaweb2__config__role('default admin user') }
end
end
end
end
2 changes: 1 addition & 1 deletion spec/defines/authmethod_spec.rb → spec/defines/config/authmethod_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
let(:title) { 'myauthmethod' }
let(:pre_condition) do
[
"class { 'icingaweb2': db_type => 'mysql', db_password => 'secret' }",
"class { 'icingaweb2': db_type => 'mysql' }",
]
end

Expand Down
Loading

0 comments on commit e45e821

Please sign in to comment.