Puppet Class: icingaweb2

Defined in:: manifests/init.pp

Summary

Installs and configures Icinga Web 2.

Overview

‘oracle`, `mssql`, `ibm`, `oci`, `sqlite` goes to `icingaweb2::resource::database`.

Examples:

Use MySQL as backend for user authentication:

include ::mysql::server

mysql::db { 'icingaweb2':
  user     => 'icingaweb2',
  password => Sensitive('supersecret'),
  host     => 'localhost',
  grant    => [ 'ALL' ],
}

class { 'icingaweb2':
  manage_repos  => true,
  import_schema => true,
  db_type       => 'mysql',
  db_host       => 'localhost',
  db_port       => 3306,
  db_username   => 'icingaweb2',
  db_password   => Sensitive('supersecret'),
  require       => Mysql::Db['icingaweb2'],
}

Use PostgreSQL as backend for user authentication:

include ::postgresql::server

postgresql::server::db { 'icingaweb2':
  user     => 'icingaweb2',
  password => postgresql_password('icingaweb2', Sensitive('icingaweb2')),
}

class { 'icingaweb2':
  manage_repos  => true,
  import_schema => true,
  db_type       => 'pgsql',
  db_host       => 'localhost',
  db_port       => 5432,
  db_username   => 'icingaweb2',
  db_password   => 'icingaweb2',
  require       => Postgresql::Server::Db['icingaweb2'],
}

Icinga Web 2 with an additional resource of type ‘ldap`, e.g. for authentication:

class { 'icingaweb2':
  resources       => {
    'my-ldap' => {
      type    => 'ldap',
      host    => 'localhost',
      port    => 389,
      root_dn => 'ou=users,dc=icinga,dc=com',
      bind_dn => 'cn=icingaweb2,ou=users,dc=icinga,dc=com',
      bind_pw => Sensitive('supersecret'),
    }
  },
  user_backends   => {
    'ldap-auth' => {
      backend                  => 'ldap',
      resource                 => 'my-ldap',
      ldap_user_class          => 'user',
      ldap_filter              => '(memberof:1.2.840.113556.1.4.1941:=CN=monitoring,OU=groups,DC=icinga,DC=com)',
      ldap_user_name_attribute => 'userPrincipalName',
      order                    => '05',
    },
  },
  group_backends => {
    'ldap-auth' => {
      backend                     => 'ldap',
      resource                    => 'my-ldap',
      ldap_group_class            => 'group',
      ldap_group_name_attribute   => 'cn',
      ldap_group_member_attribute => 'member',
      ldap_base_dn                => 'ou=groups,dc=icinga,dc=com',
      domain                      => 'icinga.com',
      order                       => '05',
    },
  },
}

Parameters:

logging (Enum['file', 'syslog', 'php', 'none']) (defaults to: 'file') —

Whether Icinga Web 2 should log to ‘file’, ‘syslog’ or ‘php’ (web server’s error log). Setting ‘none’ disables logging.
logging_file (Stdlib::Absolutepath) —

If ‘logging’ is set to ‘file’, this is the target log file.
logging_level (Enum['ERROR', 'WARNING', 'INFO', 'DEBUG']) (defaults to: 'INFO') —

Logging verbosity. Possible values are ‘ERROR’, ‘WARNING’, ‘INFO’ and ‘DEBUG’.
logging_facility (Pattern[/user|local[0-7]/]) (defaults to: 'user') —

Logging facility when using syslog. Possible values are ‘user’ or ‘local0’ up to ‘local7’.
logging_application (String) (defaults to: 'icingaweb2') —

Logging application name when using syslog.
show_stacktraces (Boolean) (defaults to: false) —

Whether to display stacktraces in the web interface or not.
module_path (Optional[Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]]]) (defaults to: undef) —

Additional path to module sources. Multiple paths must be separated by colon.
theme (String) (defaults to: 'Icinga') —

The default theme setting. Users may override this settings.
theme_disabled (Boolean) (defaults to: false) —

Whether users can change themes or not.
manage_repo (Boolean) (defaults to: false) —

Deprecated, use manage_repos.
manage_repos (Boolean) (defaults to: false) —

When set to true this module will use the module icinga/puppet-icinga to manage repositories, e.g. the release repo on packages.icinga.com repository by default, the EPEL repository or Backports. For more information, see github.com/icinga/puppet-icinga.
manage_package (Boolean) (defaults to: true) —

If set to ‘false` packages aren’t managed.
extra_packages (Optional[Array[String]]) (defaults to: undef) —

An array of packages to install additionally.
import_schema (Variant[Boolean, Enum['mariadb', 'mysql']]) (defaults to: false) —

Whether to import the MySQL schema or not. New options ‘mariadb` and `mysql`, both means true. With mariadb its cli options are used for the import, whereas with mysql its different options.
db_type (Enum['mysql', 'pgsql']) (defaults to: 'mysql') —

Database type, can be either ‘mysql` or `pgsql`.
db_host (Stdlib::Host) (defaults to: 'localhost') —

Database hostname.
db_port (Optional[Stdlib::Port]) (defaults to: undef) —

Port to connect on the database host.
db_name (String) (defaults to: 'icingaweb2') —

Database name.
db_username (String) (defaults to: 'icingaweb2') —

Username for database access.
db_password (Optional[Icingaweb2::Secret]) (defaults to: undef) —

Password for database access.
use_tls (Optional[Boolean]) (defaults to: undef) —

Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to ‘true’.
tls_key_file (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Location of the private key for client authentication. Only valid if tls is enabled.
tls_cert_file (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Location of the certificate for client authentication. Only valid if tls is enabled.
tls_cacert_file (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Location of the ca certificate. Only valid if tls is enabled.
tls_key (Optional[Icingaweb2::Secret]) (defaults to: undef) —

The private key to store in spicified ‘tls_key_file` file. Only valid if tls is enabled.
tls_cert (Optional[String]) (defaults to: undef) —

The certificate to store in spicified ‘tls_cert_file` file. Only valid if tls is enabled.
tls_cacert (Optional[String]) (defaults to: undef) —

The ca certificate to store in spicified ‘tls_cacert_file` file. Only valid if tls is enabled.
tls_capath (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.
tls_noverify (Optional[Boolean]) (defaults to: undef) —

Disable validation of the server certificate.
tls_cipher (Optional[String]) (defaults to: undef) —

Cipher to use for the encrypted database connection.
config_backend (Enum['ini', 'db']) (defaults to: 'ini') —

The global Icinga Web 2 preferences can either be stored in a database or in ini files. This parameter can either be set to ‘db` or `ini`.
conf_user (String) —

By default this module expects Apache2 on the server. You can change the owner of the config files with this parameter.
conf_group (String) —

Group membership of config files.
default_domain (Optional[String]) (defaults to: undef) —

When using domain-aware authentication, you can set a default domain here.
cookie_path (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Path to where cookies are stored.
admin_role (Variant[Icingaweb2::AdminRole, Boolean[false]]) —

Manage a role for admin access.
default_admin_username (String) —

Default username for initial admin access. This parameter is only used if ‘import_schema` is set to `true` and only during the import itself.
default_admin_password (Icingaweb2::Secret) —

Default password for initial admin access. This parameter is only used if ‘import_schema` is set to `true` and only during the import itself.
resources (Hash[String, Hash[String, Any]]) (defaults to: {}) —

Additional resources. Option ‘type` has to be set as hash key. Type of `ldap` declares a define resource of `icingaweb2::resource::ldap`, a type of `mysql`, `pgsql`,
default_auth_backend (Variant[String, Boolean[false]]) (defaults to: "${db_type}-auth") —

Name of the user and group backend authentication of the icingaweb2 resource. If set to ‘false` the default authentication method is deactivated.
user_backends (Hash[String, Hash[String, Any]]) (defaults to: {}) —

Additional user backends for access control. See ‘icingaweb2::config::authmethod`.
group_backends (Hash[String, Hash[String, Any]]) (defaults to: {}) —

Additional group backends for access control. See ‘icingaweb2::config::groupbackend`.

# File 'manifests/init.pp', line 219

class icingaweb2 (
  Stdlib::Absolutepath                            $logging_file,
  String                                          $conf_user,
  String                                          $conf_group,
  Variant[Icingaweb2::AdminRole, Boolean[false]]  $admin_role,
  String                                          $default_admin_username,
  Icingaweb2::Secret                              $default_admin_password,
  Optional[Variant[Stdlib::Absolutepath,
  Array[Stdlib::Absolutepath]]]                   $module_path          = undef,
  Enum['file', 'syslog', 'php', 'none']           $logging              = 'file',
  Enum['ERROR', 'WARNING', 'INFO', 'DEBUG']       $logging_level        = 'INFO',
  Pattern[/user|local[0-7]/]                      $logging_facility     = 'user',
  String                                          $logging_application  = 'icingaweb2',
  Boolean                                         $show_stacktraces     = false,
  String                                          $theme                = 'Icinga',
  Boolean                                         $theme_disabled       = false,
  Boolean                                         $manage_repo          = false,
  Boolean                                         $manage_repos         = false,
  Boolean                                         $manage_package       = true,
  Optional[Array[String]]                         $extra_packages       = undef,
  Variant[Boolean, Enum['mariadb', 'mysql']]      $import_schema        = false,
  Enum['mysql', 'pgsql']                          $db_type              = 'mysql',
  Stdlib::Host                                    $db_host              = 'localhost',
  Optional[Stdlib::Port]                          $db_port              = undef,
  String                                          $db_name              = 'icingaweb2',
  String                                          $db_username          = 'icingaweb2',
  Optional[Icingaweb2::Secret]                    $db_password          = undef,
  Optional[Boolean]                               $use_tls              = undef,
  Optional[Stdlib::Absolutepath]                  $tls_key_file         = undef,
  Optional[Stdlib::Absolutepath]                  $tls_cert_file        = undef,
  Optional[Stdlib::Absolutepath]                  $tls_cacert_file      = undef,
  Optional[Stdlib::Absolutepath]                  $tls_capath           = undef,
  Optional[Icingaweb2::Secret]                    $tls_key              = undef,
  Optional[String]                                $tls_cert             = undef,
  Optional[String]                                $tls_cacert           = undef,
  Optional[Boolean]                               $tls_noverify         = undef,
  Optional[String]                                $tls_cipher           = undef,
  Enum['ini', 'db']                               $config_backend       = 'ini',
  Optional[String]                                $default_domain       = undef,
  Optional[Stdlib::Absolutepath]                  $cookie_path          = undef,
  Variant[String, Boolean[false]]                 $default_auth_backend = "${db_type}-auth",
  Hash[String, Hash[String, Any]]                 $resources            = {},
  Hash[String, Hash[String, Any]]                 $user_backends        = {},
  Hash[String, Hash[String, Any]]                 $group_backends       = {},
) {
  require icingaweb2::globals

  if $manage_repos or $manage_repo {
    require icinga::repos
    if $manage_repo {
      deprecation('manage_repo', 'manage_repo is deprecated and will be replaced by manage_repos in the future.')
    }
  }

  class { 'icingaweb2::install': }
  -> class { 'icingaweb2::config': }

  contain icingaweb2::install
  contain icingaweb2::config
}