Paladox has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/374046 )
Change subject: Fix director install
......................................................................
Fix director install
Change-Id: Ie5fa164dbeccd8f7efee406245e18f6b61b58479
---
M manifests/init.pp
M manifests/plugins.pp
M manifests/web.pp
A templates/api-users.conf.erb
A templates/config.ini.erb
R templates/gerrit-icinga.wmflabs.org.erb
A templates/kickstart.ini.erb
A templates/zones.conf.erb
8 files changed, 107 insertions(+), 50 deletions(-)
Approvals:
Paladox: Verified; Looks good to me, approved
diff --git a/manifests/init.pp b/manifests/init.pp
index bfc7bdb..c56e708 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -16,6 +16,7 @@
$icinga_ido_user_name = hiera('icinga_ido_user_name'),
$icinga_ido_password = hiera('icinga_ido_password'),
$os = hiera('icinga_apt_dist'),
+ $icinga_api_password = hiera('icinga_api_password'),
) {
apt::repository { 'icinga2':
uri => 'http://packages.icinga.com/debian',
@@ -69,82 +70,98 @@
}
file { '/etc/icinga2/constants.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/constants.conf.erb'),
- owner => 'root',
- group => 'root',
+ owner => 'root',
+ group => 'root',
+ notify => Base::Service_unit['icinga2'],
+ }
+
+ file { '/etc/icinga2/zones.conf':
+ ensure => present,
+ content => template('icinga2/zones.conf.erb'),
+ owner => 'root',
+ group => 'root',
+ notify => Base::Service_unit['icinga2'],
+ }
+
+ file { '/etc/icinga2/conf.d/api-users.conf':
+ ensure => present,
+ content => template('icinga2/api-users.conf.erb'),
+ owner => 'root',
+ group => 'root',
notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/apt.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/apt.conf.erb'),
- owner => 'root',
- group => 'root',
+ owner => 'root',
+ group => 'root',
notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/commands.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/commands.conf.erb'),
- owner => 'root',
- group => 'root',
+ owner => 'root',
+ group => 'root',
notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/downtimes.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/downtimes.conf.erb'),
- owner => 'root',
- group => 'root',
- notify => Base::Service_unit['icinga2'],
+ owner => 'root',
+ group => 'root',
+ notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/groups.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/groups.conf.erb'),
- owner => 'root',
- group => 'root',
- notify => Base::Service_unit['icinga2'],
+ owner => 'root',
+ group => 'root',
+ notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/hosts.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/hosts.conf.erb'),
- owner => 'root',
- group => 'root',
+ owner => 'root',
+ group => 'root',
notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/notifications.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/notifications.conf.erb'),
- owner => 'root',
- group => 'root',
+ owner => 'root',
+ group => 'root',
notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/satellite.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/satellite.conf.erb'),
- owner => 'root',
- group => 'root',
+ owner => 'root',
+ group => 'root',
notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/services.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/services.conf.erb'),
- owner => 'root',
- group => 'root',
+ owner => 'root',
+ group => 'root',
notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/templates.conf':
- ensure => present,
+ ensure => present,
content => template('icinga2/templates.conf.erb'),
- owner => 'root',
- group => 'root',
+ owner => 'root',
+ group => 'root',
notify => Base::Service_unit['icinga2'],
}
@@ -153,7 +170,7 @@
source => 'puppet:///modules/icinga2/timeperiods.conf',
owner => 'root',
group => 'root',
- notify => Base::Service_unit['icinga2'],
+ notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/conf.d/users.conf':
@@ -161,7 +178,7 @@
source => 'puppet:///modules/icinga2/users.conf',
owner => 'root',
group => 'root',
- notify => Base::Service_unit['icinga2'],
+ notify => Base::Service_unit['icinga2'],
}
file { '/etc/icinga2/scripts/mail-host-notification.sh':
@@ -259,10 +276,4 @@
group => 'www-data',
mode => '2755',
}
-
- # Purge unmanaged nagios_host and nagios_services resources
- # This will only happen for non exported resources, that is resources that
- # are declared by the icinga host itself
- resources { 'nagios_host': purge => true, }
- resources { 'nagios_service': purge => true, }
}
diff --git a/manifests/plugins.pp b/manifests/plugins.pp
index 9a312d2..32dca10 100644
--- a/manifests/plugins.pp
+++ b/manifests/plugins.pp
@@ -12,24 +12,28 @@
group => 'root',
mode => '0755',
}
+
file { '/usr/lib/nagios/plugins':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
+
file { '/usr/lib/nagios/plugins/eventhandlers':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
+
file { '/etc/nagios-plugins':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
+
# TODO: Purge this directoy instead of populating it is probably not very
# future safe. We should be populating it instead
file { '/etc/nagios-plugins/config':
diff --git a/manifests/web.pp b/manifests/web.pp
index 8125ad4..0e78b19 100644
--- a/manifests/web.pp
+++ b/manifests/web.pp
@@ -15,22 +15,27 @@
$director_db_name = hiera('director_db_name'),
$director_user_name = hiera('director_user_name'),
$director_password = hiera('director_password'),
+ $icinga_api_password = hiera('icinga_api_password'),
) {
include ::icinga2
package { [ 'icingaweb2', 'icingaweb2-module-monitoring',
- 'icingaweb2-module-doc', 'icingacli' ] :
+ 'icingaweb2-module-doc', 'icingaweb2-module-director',
+ 'icingacli' ] :
ensure => present,
require => Apt::Repository['icinga2'],
}
include ::apache
+
if os_version('debian == jessie') {
include ::apache::mod::php5
}
+
if os_version('debian >= stretch') {
include ::apache::mod::php7
}
+
include ::apache::mod::ssl
include ::apache::mod::headers
include ::apache::mod::cgi
@@ -39,6 +44,7 @@
proto => 'tcp',
port => 443,
}
+
ferm::service { 'icinga2-http':
proto => 'tcp',
port => 80,
@@ -47,6 +53,7 @@
if os_version('debian >= stretch') {
require_package('php7.0')
require_package('php-dev')
+ require_package('php-curl')
require_package('php-imagick')
require_package('php-gd')
require_package('php-json')
@@ -56,6 +63,7 @@
require_package('php-ldap')
} else {
require_package('php5')
+ require_package('php5-curl')
require_package('php5-dev')
require_package('php5-imagick')
require_package('php5-gd')
@@ -94,6 +102,20 @@
group => 'icingaweb2',
}
+ file { '/etc/icingaweb2/modules/director/config.ini':
+ ensure => present,
+ content => template('icinga2/config.ini.erb'),
+ owner => 'www-data',
+ group => 'icingaweb2',
+ }
+
+ file { '/etc/icingaweb2/modules/director/kickstart.ini':
+ ensure => present,
+ content => template('icinga2/kickstart.ini.erb'),
+ owner => 'www-data',
+ group => 'icingaweb2',
+ }
+
file { '/etc/icingaweb2/modules/monitoring/backends.ini':
ensure => present,
content => template('icinga2/backends.ini.erb'),
@@ -114,9 +136,6 @@
owner => 'www-data',
group => 'icingaweb2',
}
-
- include ::passwords::ldap::wmf_cluster
- $proxypass = $passwords::ldap::wmf_cluster::proxypass
# install the Icinga Apache site
include ::apache::mod::rewrite
@@ -145,11 +164,6 @@
#}
apache::site { 'gerrit-icinga.wmflabs.org':
- content => template('icinga2/icinga.wmflabs.org.erb'),
+ content => template('icinga2/gerrit-icinga.wmflabs.org.erb'),
}
-
- file { '/etc/apache2/conf.d/icinga2.conf':
- ensure => absent,
- }
-
}
diff --git a/templates/api-users.conf.erb b/templates/api-users.conf.erb
new file mode 100644
index 0000000..43c2c19
--- /dev/null
+++ b/templates/api-users.conf.erb
@@ -0,0 +1,9 @@
+/**
+ * The APIUser objects are used for authentication against the API.
+ */
+object ApiUser "root" {
+ password = "<%= @icinga_api_password %>"
+ // client_cn = ""
+
+ permissions = [ "*" ]
+}
diff --git a/templates/config.ini.erb b/templates/config.ini.erb
new file mode 100644
index 0000000..ef128e5
--- /dev/null
+++ b/templates/config.ini.erb
@@ -0,0 +1,2 @@
+[db]
+resource = "director"
diff --git a/templates/icinga.wmflabs.org.erb
b/templates/gerrit-icinga.wmflabs.org.erb
similarity index 100%
rename from templates/icinga.wmflabs.org.erb
rename to templates/gerrit-icinga.wmflabs.org.erb
diff --git a/templates/kickstart.ini.erb b/templates/kickstart.ini.erb
new file mode 100644
index 0000000..b13184d
--- /dev/null
+++ b/templates/kickstart.ini.erb
@@ -0,0 +1,6 @@
+[config]
+endpoint = gerrit-mysql.git.eqiad.wmflabs
+; host = 127.0.0.1
+port = 5665
+username = root
+password = <%= @icinga_api_password %>
diff --git a/templates/zones.conf.erb b/templates/zones.conf.erb
new file mode 100644
index 0000000..19e9562
--- /dev/null
+++ b/templates/zones.conf.erb
@@ -0,0 +1,11 @@
+/*
+ * Generated by Icinga 2 node setup commands
+ * on 2017-08-20 11:20:59 +0000
+ */
+
+object Endpoint NodeName {
+}
+
+object Zone ZoneName {
+ endpoints = [ NodeName ]
+}
--
To view, visit https://gerrit.wikimedia.org/r/374046
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie5fa164dbeccd8f7efee406245e18f6b61b58479
Gerrit-PatchSet: 2
Gerrit-Project: labs/icinga2
Gerrit-Branch: master
Gerrit-Owner: Paladox <[email protected]>
Gerrit-Reviewer: Paladox <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
