From 08601a6cd0aa5434cf6d422139e248271cb885e5 Mon Sep 17 00:00:00 2001 From: markuszilch Date: Sat, 6 Jul 2024 23:52:58 +0200 Subject: [PATCH 1/5] modulesync 9.0.0 --- .github/labeler.yml | 3 +++ .msync.yml | 2 +- Gemfile | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 .github/labeler.yml diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..7899de8 --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,3 @@ +--- +skip-changelog: + - head-branch: ['^release-*', 'release'] diff --git a/.msync.yml b/.msync.yml index 876cb3b..3607168 100644 --- a/.msync.yml +++ b/.msync.yml @@ -2,4 +2,4 @@ # Managed by modulesync - DO NOT EDIT # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ -modulesync_config_version: '8.0.1' +modulesync_config_version: '9.0.0' diff --git a/Gemfile b/Gemfile index ec7b4cd..27cdc0d 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source ENV['GEM_SOURCE'] || 'https://rubygems.org' group :test do - gem 'voxpupuli-test', '~> 7.2', :require => false + gem 'voxpupuli-test', '~> 8.0', :require => false gem 'coveralls', :require => false gem 'simplecov-console', :require => false gem 'puppet_metadata', '~> 4.0', :require => false From 7c3351eb9bf0877248724ec309a64f1083153d11 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 9 Jul 2024 16:30:06 +0200 Subject: [PATCH 2/5] modulesync 9.1.0 --- .github/CONTRIBUTING.md | 12 ++++++++-- .github/labeler.yml | 3 +++ .github/release.yml | 42 +++++++++++++++++++++++++++++++++++ .github/workflows/labeler.yml | 17 ++++++++++++++ .github/workflows/release.yml | 7 ++++++ .msync.yml | 2 +- .puppet-lint.rc | 3 +++ Gemfile | 2 +- spec/spec_helper.rb | 4 ++++ 9 files changed, 88 insertions(+), 4 deletions(-) create mode 100644 .github/release.yml create mode 100644 .github/workflows/labeler.yml diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 8809327..daceb64 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -245,15 +245,23 @@ with: BEAKER_PUPPET_COLLECTION=puppet7 BEAKER_setfile=debian11-64 bundle exec rake beaker ``` +or + +```sh +BEAKER_PUPPET_COLLECTION=none BEAKER_setfile=archlinux-64 bundle exec rake beaker +``` + +This latter example will use the distribution's own version of Puppet. + You can replace the string `debian11` with any common operating system. The following strings are known to work: * ubuntu2004 * ubuntu2204 * debian11 -* centos7 -* centos8 +* debian12 * centos9 +* archlinux * almalinux8 * almalinux9 * fedora36 diff --git a/.github/labeler.yml b/.github/labeler.yml index 7899de8..f2d08d6 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -1,3 +1,6 @@ --- +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + skip-changelog: - head-branch: ['^release-*', 'release'] diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..f5b5d7a --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,42 @@ +--- +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + +# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes + +changelog: + exclude: + labels: + - duplicate + - invalid + - modulesync + - question + - skip-changelog + - wont-fix + - wontfix + + categories: + - title: Breaking Changes 🛠 + labels: + - backwards-incompatible + + - title: New Features 🎉 + labels: + - enhancement + + - title: Bug Fixes 🐛 + labels: + - bug + + - title: Documentation Updates 📚 + labels: + - documentation + - docs + + - title: Dependency Updates ⬆️ + labels: + - dependencies + + - title: Other Changes + labels: + - "*" diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml new file mode 100644 index 0000000..66127cd --- /dev/null +++ b/.github/workflows/labeler.yml @@ -0,0 +1,17 @@ +--- +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + +name: "Pull Request Labeler" + +on: + pull_request_target: {} + +jobs: + labeler: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@v5 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 55324aa..93b33c2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,3 +20,10 @@ jobs: # https://docs.github.com/en/actions/security-guides/encrypted-secrets username: ${{ secrets.PUPPET_FORGE_USERNAME }} api_key: ${{ secrets.PUPPET_FORGE_API_KEY }} + + create-github-release: + name: Create GitHub Release + runs-on: ubuntu-latest + steps: + - name: Create GitHub release + uses: voxpupuli/gha-create-a-github-release@v1 diff --git a/.msync.yml b/.msync.yml index 3607168..95e8c97 100644 --- a/.msync.yml +++ b/.msync.yml @@ -2,4 +2,4 @@ # Managed by modulesync - DO NOT EDIT # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ -modulesync_config_version: '9.0.0' +modulesync_config_version: '9.1.0' diff --git a/.puppet-lint.rc b/.puppet-lint.rc index 02a3e71..37817b6 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,4 @@ +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + --fail-on-warnings diff --git a/Gemfile b/Gemfile index 27cdc0d..7123c66 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source ENV['GEM_SOURCE'] || 'https://rubygems.org' group :test do - gem 'voxpupuli-test', '~> 8.0', :require => false + gem 'voxpupuli-test', '~> 9.0', :require => false gem 'coveralls', :require => false gem 'simplecov-console', :require => false gem 'puppet_metadata', '~> 4.0', :require => false diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 9efb4ae..58c9b66 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -9,6 +9,10 @@ require 'voxpupuli/test/spec_helper' +RSpec.configure do |c| + c.facterdb_string_keys = false +end + add_mocked_facts! if File.exist?(File.join(__dir__, 'default_module_facts.yml')) From 21ae4e223302d5d1d3a84fd1abff96956c486a5a Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 25 Jul 2024 17:05:02 +0200 Subject: [PATCH 3/5] spec file: replace legacy fact --- spec/classes/icinga_spec.rb | 2 +- spec/classes/repos_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/classes/icinga_spec.rb b/spec/classes/icinga_spec.rb index 89d9106..bcefc07 100644 --- a/spec/classes/icinga_spec.rb +++ b/spec/classes/icinga_spec.rb @@ -22,7 +22,7 @@ it { is_expected.to compile } - case facts[:osfamily] + case facts[:os]['family'] when 'RedHat', 'Debian', 'Suse' context 'ca => true, this_zone => foo, zones => {}' do diff --git a/spec/classes/repos_spec.rb b/spec/classes/repos_spec.rb index 0541cec..ae86060 100644 --- a/spec/classes/repos_spec.rb +++ b/spec/classes/repos_spec.rb @@ -78,7 +78,7 @@ end end - case facts[:osfamily] + case facts[:os]['family'] when 'RedHat' context 'with manage_epel => false, manage_powertools => false' do let(:params) do From da92e0b462edc0443f957b5d7f9542b91ac5d2f7 Mon Sep 17 00:00:00 2001 From: Lennart Betz Date: Sat, 3 Aug 2024 19:49:44 +0200 Subject: [PATCH 4/5] Add SELinux support for the Icinga 2 core --- manifests/init.pp | 28 ++++++++++++++++++++-------- manifests/server.pp | 12 +++++++----- 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 448f085..6079751 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -89,6 +89,13 @@ features => [], } + # check selinux + $_selinux = if fact('os.selinux.enabled') and $facts['os']['selinux']['enabled'] and $icinga2::globals::selinux_package_name { + $icinga2::manage_selinux + } else { + false + } + # switch logging between mainlog, syslog and eventlog if $facts['kernel'] != 'windows' { if $logging_type == 'file' { @@ -125,16 +132,20 @@ case $facts['kernel'] { 'linux': { - $icinga_user = $icinga2::globals::user - $icinga_group = $icinga2::globals::group - $icinga_package = $icinga2::globals::package_name - $icinga_service = $icinga2::globals::service_name + $icinga_user = $icinga2::globals::user + $icinga_group = $icinga2::globals::group + $icinga_service = $icinga2::globals::service_name + $icinga_packages = if $_selinux { + [$icinga2::globals::package_name, $icinga2::globals::selinux_package_name] + $extra_packages + } else { + [$icinga2::globals::package_name] + $extra_packages + } case $facts['os']['family'] { 'redhat': { $icinga_user_homedir = $icinga2::globals::spool_dir - package { ['nagios-common', $icinga_package] + $extra_packages: + package { ['nagios-common'] + $icinga_packages: ensure => installed, before => Class['icinga2'], } @@ -147,7 +158,7 @@ 'debian': { $icinga_user_homedir = '/var/lib/nagios' - package { [$icinga_package] + $extra_packages: + package { $icinga_packages: ensure => installed, before => Class['icinga2'], } @@ -156,7 +167,7 @@ 'suse': { $icinga_user_homedir = $icinga2::globals::spool_dir - package { [$icinga_package] + $extra_packages: + package { $icinga_packages: ensure => installed, before => Class['icinga2'], } @@ -191,7 +202,8 @@ ensure => file, owner => $icinga_user, group => $icinga_group, - require => Package[$icinga_package]; + seltype => 'icinga2_spool_t', + require => Package[$icinga_packages]; ["${icinga_user_homedir}/.ssh", "${icinga_user_homedir}/.ssh/controlmasters"]: ensure => directory, mode => '0700'; diff --git a/manifests/server.pp b/manifests/server.pp index e37747d..51770b0 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -127,11 +127,12 @@ ($global_zones + keys($_workers) + $zone).each |String $dir| { file { "${icinga2::globals::conf_dir}/zones.d/${dir}": - ensure => directory, - tag => 'icinga2::config::file', - owner => $icinga2::globals::user, - group => $icinga2::globals::group, - mode => '0750', + ensure => directory, + tag => 'icinga2::config::file', + owner => $icinga2::globals::user, + group => $icinga2::globals::group, + mode => '0750', + seltype => 'icinga2_etc_t', } } } else { @@ -140,6 +141,7 @@ purge => true, recurse => true, force => true, + seltype => 'icinga2_etc_t', } } } From 9b6ab137399810f8f0f751d765a02f890ba2f71b Mon Sep 17 00:00:00 2001 From: Lennart Betz Date: Sat, 3 Aug 2024 20:18:42 +0200 Subject: [PATCH 5/5] Add new parameter to disable the default apache config for Icinga --- REFERENCE.md | 10 ++++++++++ manifests/web.pp | 17 ++++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 285876b..4625f1c 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -799,6 +799,7 @@ The following parameters are available in the `icinga::web` class: * [`default_admin_pass`](#-icinga--web--default_admin_pass) * [`db_pass`](#-icinga--web--db_pass) * [`apache_cgi_pass_auth`](#-icinga--web--apache_cgi_pass_auth) +* [`apache_config`](#-icinga--web--apache_config) * [`db_type`](#-icinga--web--db_type) * [`db_host`](#-icinga--web--db_host) * [`db_port`](#-icinga--web--db_port) @@ -838,6 +839,15 @@ Data type: `Boolean` Either turn on or off the apache cgi pass thru auth. An option available since Apache v2.4.15 and required for authenticated access to the Icinga Web Api. +##### `apache_config` + +Data type: `Boolean` + +Wether or not install an default Apache config for Icinga Web 2. If set to `true` Icinga is +reachable via `/icingaweb2`. + +Default value: `true` + ##### `db_type` Data type: `Enum['mysql', 'pgsql']` diff --git a/manifests/web.pp b/manifests/web.pp index 9534706..89a10be 100644 --- a/manifests/web.pp +++ b/manifests/web.pp @@ -15,6 +15,10 @@ # Either turn on or off the apache cgi pass thru auth. # An option available since Apache v2.4.15 and required for authenticated access to the Icinga Web Api. # +# @param apache_config +# Wether or not install an default Apache config for Icinga Web 2. If set to `true` Icinga is +# reachable via `/icingaweb2`. +# # @param db_type # What kind of database type to use. # @@ -56,6 +60,7 @@ Boolean $manage_database = false, Variant[Stdlib::Host, Array[Stdlib::Host]] $api_host = 'localhost', String $api_user = 'icingaweb2', + Boolean $apache_config = true, ) { # install all required php extentions # by icingaweb (done by package dependencies) before PHP @@ -152,11 +157,13 @@ include apache::mod::proxy_http include apache::mod::ssl - apache::custom_config { 'icingaweb2': - ensure => present, - content => template('icinga/apache_custom_default.conf.erb'), - verify_config => false, - priority => false, + if $apache_config { + apache::custom_config { 'icingaweb2': + ensure => present, + content => template('icinga/apache_custom_default.conf.erb'), + verify_config => false, + priority => false, + } } #