Puppet Class: icingaweb2

Defined in:
manifests/init.pp

Summary

Installs and configures Icinga Web 2.

Overview

‘oracle`, `mssql`, `ibm`, `oci`, `sqlite` goes to `icingaweb2::resource::database`.

Examples:

Use MySQL as backend for user authentication:

include ::mysql::server

mysql::db { 'icingaweb2':
  user     => 'icingaweb2',
  password => Sensitive('supersecret'),
  host     => 'localhost',
  grant    => [ 'ALL' ],
}

class { 'icingaweb2':
  manage_repos  => true,
  import_schema => true,
  db_type       => 'mysql',
  db_host       => 'localhost',
  db_port       => 3306,
  db_username   => 'icingaweb2',
  db_password   => Sensitive('supersecret'),
  require       => Mysql::Db['icingaweb2'],
}

Use PostgreSQL as backend for user authentication:

include ::postgresql::server

postgresql::server::db { 'icingaweb2':
  user     => 'icingaweb2',
  password => postgresql_password('icingaweb2', Sensitive('icingaweb2')),
}

class { 'icingaweb2':
  manage_repos  => true,
  import_schema => true,
  db_type       => 'pgsql',
  db_host       => 'localhost',
  db_port       => 5432,
  db_username   => 'icingaweb2',
  db_password   => 'icingaweb2',
  require       => Postgresql::Server::Db['icingaweb2'],
}

Icinga Web 2 with an additional resource of type ‘ldap`, e.g. for authentication:

class { 'icingaweb2':
  resources       => {
    'my-ldap' => {
      type    => 'ldap',
      host    => 'localhost',
      port    => 389,
      root_dn => 'ou=users,dc=icinga,dc=com',
      bind_dn => 'cn=icingaweb2,ou=users,dc=icinga,dc=com',
      bind_pw => Sensitive('supersecret'),
    }
  },
  user_backends   => {
    'ldap-auth' => {
      backend                  => 'ldap',
      resource                 => 'my-ldap',
      ldap_user_class          => 'user',
      ldap_filter              => '(memberof:1.2.840.113556.1.4.1941:=CN=monitoring,OU=groups,DC=icinga,DC=com)',
      ldap_user_name_attribute => 'userPrincipalName',
      order                    => '05',
    },
  },
  group_backends => {
    'ldap-auth' => {
      backend                     => 'ldap',
      resource                    => 'my-ldap',
      ldap_group_class            => 'group',
      ldap_group_name_attribute   => 'cn',
      ldap_group_member_attribute => 'member',
      ldap_base_dn                => 'ou=groups,dc=icinga,dc=com',
      domain                      => 'icinga.com',
      order                       => '05',
    },
  },
}

Parameters:

  • logging (Enum['file', 'syslog', 'php', 'none'])

    Whether Icinga Web 2 should log to ‘file’, ‘syslog’ or ‘php’ (web server’s error log). Setting ‘none’ disables logging.

  • logging_file (Stdlib::Absolutepath)

    If ‘logging’ is set to ‘file’, this is the target log file.

  • logging_level (Enum['ERROR', 'WARNING', 'INFO', 'DEBUG'])

    Logging verbosity. Possible values are ‘ERROR’, ‘WARNING’, ‘INFO’ and ‘DEBUG’.

  • logging_facility (Pattern[/user|local[0-7]/])

    Logging facility when using syslog. Possible values are ‘user’ or ‘local0’ up to ‘local7’.

  • logging_application (String[1])

    Logging application name when using syslog.

  • show_stacktraces (Boolean)

    Whether to display stacktraces in the web interface or not.

  • module_path (Optional[Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]]]) (defaults to: undef)

    Additional path to module sources. Multiple paths must be separated by colon.

  • theme (String[1])

    The default theme setting. Users may override this settings.

  • theme_disabled (Boolean)

    Whether users can change themes or not.

  • manage_repos (Boolean)

    When set to true this module will use the module icinga/puppet-icinga to manage repositories, e.g. the release repo on packages.icinga.com repository by default, the EPEL repository or Backports. For more information, see github.com/icinga/puppet-icinga.

  • manage_package (Boolean)

    If set to ‘false` packages aren’t managed.

  • extra_packages (Optional[Array[String[1]]]) (defaults to: undef)

    An array of packages to install additionally.

  • import_schema (Optional[Icingaweb2::ImportSchema]) (defaults to: undef)

    Whether to import the MySQL schema or not. New options ‘mariadb` and `mysql`, both means true. With mariadb its cli options are used for the import, whereas with mysql its different options.

  • db_type (Enum['mysql', 'pgsql'])

    Database type, can be either ‘mysql` or `pgsql`.

  • db_resource_name (String[1])

    Name for the icingaweb2 database resource.

  • db_host (Stdlib::Host)

    Database hostname.

  • db_port (Optional[Stdlib::Port]) (defaults to: undef)

    Port to connect on the database host.

  • db_name (String[1])

    Database name.

  • db_username (String[1])

    Username for database access.

  • db_password (Optional[Icinga::Secret]) (defaults to: undef)

    Password for database access.

  • use_tls (Optional[Boolean]) (defaults to: undef)

    Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to ‘true’.

  • tls_key_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Location of the private key for client authentication. Only valid if tls is enabled.

  • tls_cert_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Location of the certificate for client authentication. Only valid if tls is enabled.

  • tls_cacert_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Location of the ca certificate. Only valid if tls is enabled.

  • tls_key (Optional[Icinga::Secret]) (defaults to: undef)

    The private key to store in spicified ‘tls_key_file` file. Only valid if tls is enabled.

  • tls_cert (Optional[String[1]]) (defaults to: undef)

    The certificate to store in spicified ‘tls_cert_file` file. Only valid if tls is enabled.

  • tls_cacert (Optional[String[1]]) (defaults to: undef)

    The ca certificate to store in spicified ‘tls_cacert_file` file. Only valid if tls is enabled.

  • tls_capath (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.

  • tls_noverify (Optional[Boolean]) (defaults to: undef)

    Disable validation of the server certificate.

  • tls_cipher (Optional[String[1]]) (defaults to: undef)

    Cipher to use for the encrypted database connection.

  • conf_user (String[1])

    By default this module expects Apache2 on the server. You can change the owner of the config files with this parameter.

  • conf_group (String[1])

    Group membership of config files.

  • default_domain (Optional[String[1]]) (defaults to: undef)

    When using domain-aware authentication, you can set a default domain here.

  • cookie_path (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to where cookies are stored.

  • admin_role (Variant[Icingaweb2::AdminRole, Boolean[false]])

    Manage a role for admin access.

  • default_admin_username (String[1])

    Default username for initial admin access. This parameter is only used if ‘import_schema` is set to `true` and only during the import itself.

  • default_admin_password (Icinga::Secret)

    Default password for initial admin access. This parameter is only used if ‘import_schema` is set to `true` and only during the import itself.

  • resources (Hash[String[1], Hash[String[1], Any]])

    Additional resources. Option ‘type` has to be set as hash key. Type of `ldap` declares a define resource of `icingaweb2::resource::ldap`, a type of `mysql`, `pgsql`,

  • default_auth_backend (Variant[String[1], Boolean[false]])

    Name of the user and group backend authentication of the icingaweb2 resource. If set to ‘false` the default authentication method is deactivated.

  • user_backends (Hash[String[1], Hash[String[1], Any]])

    Additional user backends for access control. See ‘icingaweb2::config::authmethod`.

  • group_backends (Hash[String[1], Hash[String[1], Any]])

    Additional group backends for access control. See ‘icingaweb2::config::groupbackend`.



215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
 
# File 'manifests/init.pp', line 215

class icingaweb2 (
  Stdlib::Absolutepath                            $logging_file,
  String[1]                                       $conf_user,
  String[1]                                       $conf_group,
  Enum['mysql', 'pgsql']                          $db_type,
  Variant[Icingaweb2::AdminRole, Boolean[false]]  $admin_role,
  String[1]                                       $default_admin_username,
  Icinga::Secret                                  $default_admin_password,
  Enum['file', 'syslog', 'php', 'none']           $logging,
  Enum['ERROR', 'WARNING', 'INFO', 'DEBUG']       $logging_level,
  Pattern[/user|local[0-7]/]                      $logging_facility,
  String[1]                                       $logging_application,
  Boolean                                         $show_stacktraces,
  String[1]                                       $theme,
  Boolean                                         $theme_disabled,
  Boolean                                         $manage_repos,
  Boolean                                         $manage_package,
  Hash[String[1], Hash[String[1], Any]]           $resources,
  Variant[String[1], Boolean[false]]              $default_auth_backend,
  Hash[String[1], Hash[String[1], Any]]           $user_backends,
  Hash[String[1], Hash[String[1], Any]]           $group_backends,
  String[1]                                       $db_resource_name,
  Stdlib::Host                                    $db_host,
  String[1]                                       $db_name,
  String[1]                                       $db_username,
  Optional[Icinga::Secret]                        $db_password         = undef,
  Optional[Stdlib::Port]                          $db_port             = undef,
  Optional[Icingaweb2::ImportSchema]              $import_schema       = undef,
  Optional[Boolean]                               $use_tls             = undef,
  Optional[Stdlib::Absolutepath]                  $tls_key_file        = undef,
  Optional[Stdlib::Absolutepath]                  $tls_cert_file       = undef,
  Optional[Stdlib::Absolutepath]                  $tls_cacert_file     = undef,
  Optional[Stdlib::Absolutepath]                  $tls_capath          = undef,
  Optional[String[1]]                             $tls_cert            = undef,
  Optional[String[1]]                             $tls_cacert          = undef,
  Optional[Icinga::Secret]                        $tls_key             = undef,
  Optional[Boolean]                               $tls_noverify        = undef,
  Optional[String[1]]                             $tls_cipher          = undef,
  Optional[Variant[Stdlib::Absolutepath,
  Array[Stdlib::Absolutepath]]]                   $module_path         = undef,
  Optional[Array[String[1]]]                      $extra_packages      = undef,
  Optional[String[1]]                             $default_domain      = undef,
  Optional[Stdlib::Absolutepath]                  $cookie_path         = undef,
) {
  require icingaweb2::globals

  $cert_dir = "${icingaweb2::globals::state_dir}/certs"

  if $manage_repos {
    require icinga::repos
  }

  $db  = {
    type     => $db_type,
    database => $db_name,
    host     => $db_host,
    port     => pick($db_port, $icingaweb2::globals::port[$db_type]),
    username => $db_username,
    password => $db_password,
  }

  $tls = icinga::cert::files(
    $db_username,
    $cert_dir,
    $tls_key_file,
    $tls_cert_file,
    $tls_cacert_file,
    $tls_key,
    $tls_cert,
    $tls_cacert,
  )

  class { 'icingaweb2::install': }
  -> class { 'icingaweb2::config': }

  contain icingaweb2::install
  contain icingaweb2::config
}