Puppet Class: icinga::server

Defined in:
manifests/server.pp

Summary

Setup a Icinga server.

Overview

Parameters:

  • ca (Boolean) (defaults to: false)

    Enables a CA on this node.

  • config_server (Boolean) (defaults to: false)

    Enables that this node is the central configuration server.

  • zone (String) (defaults to: 'main')

    Name of the Icinga zone.

  • colocation_endpoints (Hash[String,Hash]) (defaults to: {})

    When the zone includes more than one endpoint, set here the additional endpoint(s). Icinga supports two endpoints per zone only.

  • workers (Hash[String,Hash]) (defaults to: {})

    All worker zones with key ‘endpoints’ for endpoint objects.

  • global_zones (Array[String]) (defaults to: [])

    List of global zones to configure.

  • ca_server (Optional[Stdlib::Host]) (defaults to: undef)

    The CA to send the certificate request to.

  • ticket_salt (Optional[Icinga::Secret]) (defaults to: undef)

    Set an alternate ticket salt to icinga::ticket_salt from Hiera.

  • web_api_user (String) (defaults to: 'icingaweb2')

    Icinga API user to connect Icinga 2. Notice: user is only created if a password is set.

  • web_api_pass (Optional[Icinga::Secret]) (defaults to: undef)

    Icinga API user password.

  • director_api_user (String) (defaults to: 'director')

    Icinga API director user to connect Icinga 2. Notice: user is only created if a password is set.

  • director_api_pass (Optional[Icinga::Secret]) (defaults to: undef)

    Icinga API director user password.

  • logging_type (Enum['file', 'syslog']) (defaults to: 'file')

    Switch the log target. Only ‘file` is supported on Windows.

  • logging_level (Optional[Icinga::LogLevel]) (defaults to: undef)

    Set the log level.

  • run_web (Boolean) (defaults to: false)

    Prepare to run Icinga Web 2 on the same machine. Manage a group ‘icingaweb2` and add the Icinga user to this group.



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
 
# File 'manifests/server.pp', line 51

class icinga::server (
  Boolean                         $ca                   = false,
  Boolean                         $config_server        = false,
  String                          $zone                 = 'main',
  Hash[String,Hash]               $colocation_endpoints = {},
  Hash[String,Hash]               $workers              = {},
  Array[String]                   $global_zones         = [],
  Optional[Stdlib::Host]          $ca_server            = undef,
  Optional[Icinga::Secret]        $ticket_salt          = undef,
  String                          $web_api_user         = 'icingaweb2',
  Optional[Icinga::Secret]        $web_api_pass         = undef,
  String                          $director_api_user    = 'director',
  Optional[Icinga::Secret]        $director_api_pass    = undef,
  Enum['file', 'syslog']          $logging_type         = 'file',
  Optional[Icinga::LogLevel]      $logging_level        = undef,
  Boolean                         $run_web              = false,
) {
  if empty($colocation_endpoints) {
    $_ca            = true
    $_config_server = true
  } else {
    if !$ca and !$ca_server {
      fail('Class[Icinga::Server]: expects a value for parameter \'ca_server\'')
    }
    $_ca            = $ca
    $_config_server = $config_server
  }

  # inject parent zone if no parent exists
  $_workers = $workers.reduce({}) |$memo, $worker| { $memo + { $worker[0] => { parent => $zone } + $worker[1] } }

  class { 'icinga':
    ca            => $_ca,
    ca_server     => $ca_server,
    this_zone     => $zone,
    zones         => { 'ZoneName' => { 'endpoints' => { 'NodeName' => {} } + $colocation_endpoints } } + $_workers,
    logging_type  => $logging_type,
    logging_level => $logging_level,
    ticket_salt   => $ticket_salt,
    prepare_web   => $run_web,
  }

  include icinga2::feature::checker
  include icinga2::feature::notification

  icinga2::object::zone { $global_zones:
    global => true,
    order  => 'zz',
  }

  if $_config_server {
    if $web_api_pass {
      icinga2::object::apiuser { $web_api_user:
        password    => $web_api_pass,
        permissions => ['status/query', 'actions/*', 'objects/modify/*', 'objects/query/*'],
        target      => "/etc/icinga2/zones.d/${zone}/api-users.conf",
      }
    }

    if $director_api_pass {
      icinga2::object::apiuser { $director_api_user:
        password    => $director_api_pass,
        permissions => ['*'],
        target      => "/etc/icinga2/zones.d/${zone}/api-users.conf",
      }
    }

    ($global_zones + keys($_workers) + $zone).each |String $dir| {
      file { "${icinga2::globals::conf_dir}/zones.d/${dir}":
        ensure => directory,
        tag    => 'icinga2::config::file',
        owner  => $icinga2::globals::user,
        group  => $icinga2::globals::group,
        mode   => '0750',
      }
    }
  } else {
    file { "${icinga2::globals::conf_dir}/zones.d":
      ensure  => directory,
      purge   => true,
      recurse => true,
      force   => true,
    }
  }
}