icingaweb2
: Installs and configures Icinga Web 2.icingaweb2::globals
: This class loads the default parameters by doing a hiera lookup.icingaweb2::module::audit
: Installs and enables the audit module.icingaweb2::module::businessprocess
: Installs and enables the businessprocess module.icingaweb2::module::cube
: Installs and enables the cube module.icingaweb2::module::director
: Install and configure the director module.icingaweb2::module::doc
: The doc module provides an interface to the Icinga 2 and Icinga Web 2 documentation.icingaweb2::module::elasticsearch
: The Elasticsearch module displays events from data stored in Elasticsearch.icingaweb2::module::fileshipper
: The fileshipper module extends the Director. It offers import sources to deal with CSV, JSON, YAML and XML files.icingaweb2::module::generictts
: Installs and enables the generictts module.icingaweb2::module::graphite
: The Graphite module draws graphs out of time series data stored in Graphite.icingaweb2::module::icingadb
: Manages the icingadb module. This module is still optional at the moment.icingaweb2::module::idoreports
: Installs, configures and enables the idoreports module. The module is deprecated.icingaweb2::module::monitoring
: Manages the monitoring module. This module is deprecated.icingaweb2::module::pdfexport
: Installs, configures and enables the pdfexport module.icingaweb2::module::puppetdb
: Installs and configures the puppetdb module.icingaweb2::module::reporting
: Installs the reporting moduleicingaweb2::module::translation
: Installs and configures the translation module.icingaweb2::module::vspheredb
: Installs the vsphereDB pluginicingaweb2::module::x509
: Installs the x509 module
icingaweb2::config
: Configures Icinga Web 2.icingaweb2::install
: Installs Icinga Web 2 and extra packages.icingaweb2::module::director::config
: Configure the director module.icingaweb2::module::director::install
: Install the director module.icingaweb2::module::director::kickstart
: Import or update the database schema. Also start the initial kickstart run if required.icingaweb2::module::director::service
: Manage the director service.icingaweb2::module::icingadb::config
: Configure the icingadb module.icingaweb2::module::icingadb::install
: Install the icingadb module.icingaweb2::module::monitoring::config
: Configure the monitoring module.icingaweb2::module::monitoring::install
: Installs the monitoring module.icingaweb2::module::reporting::config
: Configure the reporting module.icingaweb2::module::reporting::install
: Install the reporting module.icingaweb2::module::reporting::service
: Manage the reporting service.icingaweb2::module::vspheredb::config
: Configure the VSphereDB moduleicingaweb2::module::vspheredb::install
: Install the VSphereDB moduleicingaweb2::module::vspheredb::service
: Manage the vspheredb service.icingaweb2::module::x509::config
: Configure the x509 moduleicingaweb2::module::x509::install
: Install the x509 moduleicingaweb2::module::x509::service
: Manage the x509 job scheduler.
icingaweb2::config::authmethod
: Manage Icinga Web 2 authentication methods. Auth methods may be chained by setting proper ordering.icingaweb2::config::dashboard
: Manage a dashboard.icingaweb2::config::dashlet
: Manage a dashlet.icingaweb2::config::groupbackend
: Groups of users can be stored either in a database, LDAP or ActiveDirectory. This defined type configures backends that store groups.icingaweb2::config::navigation
: Navigate defines a menu entry, host- or service action.icingaweb2::config::role
: Roles define a set of permissions that may be applied to users or groups.icingaweb2::inisection
: Manage settings in INI configuration files.icingaweb2::module
: Download, enable and configure Icinga Web 2 modules.icingaweb2::resource::database
: Create and remove Icinga Web 2 database resources.icingaweb2::resource::ldap
: Create and remove Icinga Web 2 resources. Resources may be referenced in other configuration sections.
icingaweb2::module::elasticsearch::eventtype
: Manages an Elasticsearch event typesicingaweb2::module::elasticsearch::instance
: Manages an Elasticsearch instanceicingaweb2::module::fileshipper::basedir
: Manages base directories for the fileshipper module.icingaweb2::module::fileshipper::directory
: Manages directories with plain Icinga 2 configuration files.icingaweb2::module::generictts::ticketsystem
: Manages ticketsystem configuration for the generictts module.icingaweb2::module::icingadb::commandtransport
: Manages commandtransport configuration for the icingadb module.icingaweb2::module::monitoring::commandtransport
: Manages commandtransport configuration for the monitoring module.icingaweb2::module::puppetdb::certificate
: Installs a certificate for the Icinga Web 2 puppetdb module.
icingaweb2::pick
: This function returns first parameter if set.
Icingaweb2::AdminRole
: A strict type for the default admin roleIcingaweb2::ImportSchema
: A type for setting import database schemata
oracle
, mssql
, ibm
, oci
, sqlite
goes to icingaweb2::resource::database
.
include ::mysql::server
mysql::db { 'icingaweb2':
user => 'icingaweb2',
password => Sensitive('supersecret'),
host => 'localhost',
grant => [ 'ALL' ],
}
class { 'icingaweb2':
manage_repos => true,
import_schema => true,
db_type => 'mysql',
db_host => 'localhost',
db_port => 3306,
db_username => 'icingaweb2',
db_password => Sensitive('supersecret'),
require => Mysql::Db['icingaweb2'],
}
include ::postgresql::server
postgresql::server::db { 'icingaweb2':
user => 'icingaweb2',
password => postgresql_password('icingaweb2', Sensitive('icingaweb2')),
}
class { 'icingaweb2':
manage_repos => true,
import_schema => true,
db_type => 'pgsql',
db_host => 'localhost',
db_port => 5432,
db_username => 'icingaweb2',
db_password => 'icingaweb2',
require => Postgresql::Server::Db['icingaweb2'],
}
class { 'icingaweb2':
resources => {
'my-ldap' => {
type => 'ldap',
host => 'localhost',
port => 389,
root_dn => 'ou=users,dc=icinga,dc=com',
bind_dn => 'cn=icingaweb2,ou=users,dc=icinga,dc=com',
bind_pw => Sensitive('supersecret'),
}
},
user_backends => {
'ldap-auth' => {
backend => 'ldap',
resource => 'my-ldap',
ldap_user_class => 'user',
ldap_filter => '(memberof:1.2.840.113556.1.4.1941:=CN=monitoring,OU=groups,DC=icinga,DC=com)',
ldap_user_name_attribute => 'userPrincipalName',
order => '05',
},
},
group_backends => {
'ldap-auth' => {
backend => 'ldap',
resource => 'my-ldap',
ldap_group_class => 'group',
ldap_group_name_attribute => 'cn',
ldap_group_member_attribute => 'member',
ldap_base_dn => 'ou=groups,dc=icinga,dc=com',
domain => 'icinga.com',
order => '05',
},
},
}
The following parameters are available in the icingaweb2
class:
logging
logging_file
logging_level
logging_facility
logging_application
show_stacktraces
module_path
theme
theme_disabled
manage_repos
manage_package
extra_packages
import_schema
db_type
db_resource_name
db_host
db_port
db_name
db_username
db_password
use_tls
tls_key_file
tls_cert_file
tls_cacert_file
tls_key
tls_cert
tls_cacert
tls_capath
tls_noverify
tls_cipher
conf_user
conf_group
default_domain
cookie_path
use_strict_csp
admin_role
default_admin_username
default_admin_password
resources
default_auth_backend
user_backends
group_backends
Data type: Enum['file', 'syslog', 'php', 'none']
Whether Icinga Web 2 should log to 'file', 'syslog' or 'php' (web server's error log). Setting 'none' disables logging.
Data type: Stdlib::Absolutepath
If 'logging' is set to 'file', this is the target log file.
Data type: Enum['ERROR', 'WARNING', 'INFO', 'DEBUG']
Logging verbosity. Possible values are 'ERROR', 'WARNING', 'INFO' and 'DEBUG'.
Data type: Pattern[/user|local[0-7]/]
Logging facility when using syslog. Possible values are 'user' or 'local0' up to 'local7'.
Data type: String[1]
Logging application name when using syslog.
Data type: Boolean
Whether to display stacktraces in the web interface or not.
Data type:
Optional[Variant[Stdlib::Absolutepath,
Array[Stdlib::Absolutepath]]]
Additional path to module sources. Multiple paths must be separated by colon.
Default value: undef
Data type: String[1]
The default theme setting. Users may override this settings.
Data type: Boolean
Whether users can change themes or not.
Data type: Boolean
When set to true this module will use the module icinga/puppet-icinga to manage repositories, e.g. the release repo on packages.icinga.com repository by default, the EPEL repository or Backports. For more information, see http://github.com/icinga/puppet-icinga.
Data type: Boolean
If set to false
packages aren't managed.
Data type: Optional[Array[String[1]]]
An array of packages to install additionally.
Default value: undef
Data type: Optional[Icingaweb2::ImportSchema]
Whether to import the MySQL schema or not. New options mariadb
and mysql
,
both means true. With mariadb its cli options are used for the import,
whereas with mysql its different options.
Default value: undef
Data type: Enum['mysql', 'pgsql']
Database type, can be either mysql
or pgsql
.
Data type: String[1]
Name for the icingaweb2 database resource.
Data type: Stdlib::Host
Database hostname.
Data type: Optional[Stdlib::Port]
Port to connect on the database host.
Default value: undef
Data type: String[1]
Database name.
Data type: String[1]
Username for database access.
Data type: Optional[Icinga::Secret]
Password for database access.
Default value: undef
Data type: Optional[Boolean]
Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to 'true'.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the private key for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the certificate for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the ca certificate. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Icinga::Secret]
The private key to store in spicified tls_key_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The certificate to store in spicified tls_cert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The ca certificate to store in spicified tls_cacert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.
Default value: undef
Data type: Optional[Boolean]
Disable validation of the server certificate.
Default value: undef
Data type: Optional[String[1]]
Cipher to use for the encrypted database connection.
Default value: undef
Data type: String[1]
By default this module expects Apache2 on the server. You can change the owner of the config files with this parameter.
Data type: String[1]
Group membership of config files.
Data type: Optional[String[1]]
When using domain-aware authentication, you can set a default domain here.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Path to where cookies are stored.
Default value: undef
Data type: Optional[Boolean]
Enable the inclusion of Content Security Policy (CSP) headers in application responses.
Default value: undef
Data type: Variant[Icingaweb2::AdminRole, Boolean[false]]
Manage a role for admin access.
Data type: String[1]
Default username for initial admin access. This parameter is only used
if import_schema
is set to true
and only during the import itself.
Data type: Icinga::Secret
Default password for initial admin access. This parameter is only used
if import_schema
is set to true
and only during the import itself.
Data type: Hash[String[1], Hash[String[1], Any]]
Additional resources. Option type
has to be set as hash key. Type of ldap
declares a define resource of icingaweb2::resource::ldap
, a type of mysql
, pgsql
,
Data type: Variant[String[1], Boolean[false]]
Name of the user and group backend authentication of the icingaweb2 resource.
If set to false
the default authentication method is deactivated.
Data type: Hash[String[1], Hash[String[1], Any]]
Additional user backends for access control. See icingaweb2::config::authmethod
.
Data type: Hash[String[1], Hash[String[1], Any]]
Additional group backends for access control. See icingaweb2::config::groupbackend
.
This class loads the default parameters by doing a hiera lookup.
- Note This parameters depend on the os plattform. Changes maybe will break the functional capability of the supported plattforms and versions. Please only do changes when you know what you're doing.
The following parameters are available in the icingaweb2::globals
class:
package_name
conf_dir
state_dir
data_dir
role_replace
comp_db_schema_dir
default_module_path
mysql_db_schema
pgsql_db_schema
mysql_vspheredb_schema
pgsql_vspheredb_schema
mysql_reporting_schema
pgsql_reporting_schema
mysql_idoreports_slaperiods
mysql_idoreports_sla_percent
pgsql_idoreports_slaperiods
pgsql_idoreports_sla_percent
mysql_x509_schema
pgsql_x509_schema
gettext_package_name
icingacli_bin
Data type: String[1]
Package to install.
Data type: Stdlib::Absolutepath
Path to the config files.
Data type: Stdlib::Absolutepath
Path to variable application data.
Data type: Stdlib::Absolutepath
Location of PHP data files.
Data type: Boolean
Specifies whether to overwrite the roles.ini file if it already exists.
Data type: Stdlib::Absolutepath
For compatibility, since in Icinga Web 2 2.11.4 the schema files have been moved.
Data type: Stdlib::Absolutepath
Location of the modules.
Data type: Stdlib::Absolutepath
Location of the database schema for MySQL/MariaDB.
Data type: Stdlib::Absolutepath
Location of the database schema for PostgreSQL.
Data type: Stdlib::Absolutepath
Location of the vspheredb database schema for MySQL/MariaDB.
Data type: Stdlib::Absolutepath
Location of the vspheredb database schema for PostgreSQL.
Data type: Stdlib::Absolutepath
Location of the reporting database schema for MySQL/MariaDB.
Data type: Stdlib::Absolutepath
Location of the reporting database schema for PostgreSQL.
Data type: Stdlib::Absolutepath
Location of the slaperiods database extension for MySQL.
Data type: Stdlib::Absolutepath
Location of the get_sla_ok_percent database extension for MySQL.
Data type: Stdlib::Absolutepath
Location of the slaperiods database extension for PostgreSQL.
Data type: Stdlib::Absolutepath
Location of the get_sla_ok_percent database extension for PostgreSQL.
Data type: Stdlib::Absolutepath
Location of the x509 database schema for MySQL/MariaDB.
Data type: Stdlib::Absolutepath
Location of the x509 database schema for PostgreSQL.
Data type: String[1]
Package name gettext
tool belongs to.
Data type: Stdlib::Absolutepath
Path to `icingacli' comand line tool.
Installs and enables the audit module.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed.
class { 'icingaweb2::module::audit':
git_revision => 'v1.0.2',
log_type => 'syslog',
log_facility => 'authpriv',
}
The following parameters are available in the icingaweb2::module::audit
class:
ensure
module_dir
git_repository
git_revision
install_method
package_name
log_type
log_file
log_ident
log_facility
stream_format
stream_file
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/audit"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v1.0.2
.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Enum['file', 'syslog', 'none']
Logging type to use.
Data type: Optional[Stdlib::Absolutepath]
Location of the log file. Only valid if log_type
is set to file
.
Default value: undef
Data type: Optional[String]
Logging prefix ident. Only valid if log_type
is set to syslog
.
Default value: undef
Data type:
Variant[
Enum['auth', 'user', 'authpriv'],
Pattern[/^local[0-7]$/]
]
Facility to log to. Only valid if log_type
is set to syslog
.
Data type: Enum['json', 'none']
Set to json
to stream in JSON format. Disabled by setting to none
.
Data type: Optional[Stdlib::Absolutepath]
Path to the stream destination.
Default value: undef
Installs and enables the businessprocess module.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
class { 'icingaweb2::module::businessprocess':
git_revision => 'v2.1.0'
}
The following parameters are available in the icingaweb2::module::businessprocess
class:
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/businessprocess"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v2.1.0
.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Installs and enables the cube module.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
class { 'icingaweb2::module::cube':
git_revision => 'v1.0.0'
}
The following parameters are available in the icingaweb2::module::cube
class:
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/cube"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v1.0.0
.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Install and configure the director module.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
class { 'icingaweb2::module::director':
git_revision => 'v1.7.2',
db_host => 'localhost',
db_name => 'director',
db_username => 'director',
db_password => 'supersecret',
import_schema => true,
kickstart => true,
endpoint => 'puppet-icingaweb2.localdomain',
api_username => 'director',
api_password => 'supersecret',
require => Mysql::Db['director']
}
The following parameters are available in the icingaweb2::module::director
class:
ensure
module_dir
git_repository
git_revision
install_method
package_name
db_type
db_resource_name
db_host
db_port
db_name
db_username
db_password
db_charset
use_tls
tls_key_file
tls_cert_file
tls_cacert_file
tls_key
tls_cert
tls_cacert
tls_capath
tls_noverify
tls_cipher
import_schema
kickstart
endpoint
api_host
api_port
api_username
api_password
manage_service
service_ensure
service_enable
service_user
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/director"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v1.3.2
.
Default value: undef
Data type: Enum['git', 'package', 'none']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Enum['mysql', 'pgsql']
Type of your database. Either mysql
or pgsql
.
Data type: String[1]
Name for the director database resource.
Data type: Stdlib::Host
Hostname of the database.
Data type: Optional[Stdlib::Port]
Port of the database.
Default value: undef
Data type: String[1]
Name of the database.
Data type: String[1]
Username for DB connection.
Data type: Optional[Icinga::Secret]
Password for DB connection.
Default value: undef
Data type: Optional[String[1]]
Character set to use for the database.
Default value: undef
Data type: Optional[Boolean]
Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to 'true'.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the private key for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the certificate for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the ca certificate. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Icinga::Secret]
The private key to store in spicified tls_key_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The certificate to store in spicified tls_cert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The ca certificate to store in spicified tls_cacert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.
Default value: undef
Data type: Optional[Boolean]
Disable validation of the server certificate.
Default value: undef
Data type: Optional[String[1]]
Cipher to use for the encrypted database connection.
Default value: undef
Data type: Optional[Boolean]
Import database schema.
Default value: undef
Data type: Boolean
Run kickstart command after database migration. This requires import_schema
to be true
.
Data type: Optional[String[1]]
Endpoint object name of Icinga 2 API. This setting is only valid if kickstart
is true
.
Default value: undef
Data type: Stdlib::Host
Icinga 2 API hostname. This setting is only valid if kickstart
is true
.
Data type: Stdlib::Port
Icinga 2 API port. This setting is only valid if kickstart
is true
.
Data type: Optional[String[1]]
Icinga 2 API username. This setting is only valid if kickstart
is true
.
Default value: undef
Data type: Optional[Icinga::Secret]
Icinga 2 API password. This setting is only valid if kickstart
is true
.
Default value: undef
Data type: Boolean
If set to true the service (daemon) is managed.
Data type: Stdlib::Ensure::Service
Wether the service is running
or stopped
.
Data type: Boolean
Whether the service should be started at boot time.
Data type: String[1]
The user as which the service is running. Only valid if install_method
is set to git
.
The doc module provides an interface to the Icinga 2 and Icinga Web 2 documentation.
The following parameters are available in the icingaweb2::module::doc
class:
Data type: Enum['absent', 'present']
Enable or disable module. Defaults to present
The Elasticsearch module displays events from data stored in Elasticsearch.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
class { 'icingaweb2::module::elasticsearch':
git_revision => 'v0.9.0',
instances => {
'elastic' => {
uri => 'http://localhost:9200',
user => 'foo',
password => 'bar',
}
},
eventtypes => {
'filebeat' => {
instance => 'elastic',
index => 'filebeat-*',
filter => 'beat.hostname={host.name}',
fields => 'input_type, source, message',
}
}
}
The following parameters are available in the icingaweb2::module::elasticsearch
class:
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/elasticsearch"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v1.3.2
.
Default value: undef
Data type: Optional[Hash]
A hash that configures one or more Elasticsearch instances that this module connects to. The defined type
icingaweb2::module::elasticsearch::instance
is used to create the instance configuration.
Default value: undef
Data type: Optional[Hash]
A hash oft ypes of events that should be displayed. Event types are always connected to instances. The defined type
icingaweb2::module::elasticsearch::eventtype
is used to create the event types.
Default value: undef
@example: class { 'icingaweb2::module::fileshipper': git_revision => 'v1.0.1', base_directories => { temp => '/var/lib/fileshipper' }, directories => { 'test' => { 'source' => '/var/lib/fileshipper/source', 'target' => '/var/lib/fileshipper/target', } } }
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
The following parameters are available in the icingaweb2::module::fileshipper
class:
ensure
module_dir
git_repository
install_method
package_name
git_revision
base_directories
directories
Data type: Enum['absent', 'present']
Enables or disables module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/fileshipper"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v1.3.2
.
Default value: undef
Data type: Hash
Hash of base directories. These directories can later be selected in the import source (Director).
Data type: Hash
Deploy plain Icinga 2 configuration files through the Director to your Icinga 2 master.
Installs and enables the generictts module.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
class { 'icingaweb2::module::generictts':
git_revision => 'v2.0.0',
ticketsystems => {
'my-ticket-system' => {
pattern => '/#([0-9]{4,6})/',
url => 'https://my.ticket.system/tickets/id=$1',
},
},
}
The following parameters are available in the icingaweb2::module::generictts
class:
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/generictts"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v2.0.0
.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Hash
A hash of ticketsystems. The hash expects a patten
and a url
for each ticketsystem.
The regex pattern is to match the ticket ID, eg. /#([0-9]{4,6})/
. Place the ticket ID
in the URL, eg. https://my.ticket.system/tickets/id=$1
.
The Graphite module draws graphs out of time series data stored in Graphite.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
class { 'icingaweb2::module::graphite':
git_revision => 'v0.9.0',
url => 'https://localhost:8080'
}
The following parameters are available in the icingaweb2::module::graphite
class:
ensure
module_dir
git_repository
git_revision
install_method
package_name
url
insecure
user
password
graphite_writer_host_name_template
graphite_writer_service_name_template
customvar_obscured_check_command
default_time_range_unit
default_time_range
disable_no_graphs
Data type: Enum['absent', 'present']
Enables or disables module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/graphite"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v1.3.2
.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Optional[Stdlib::HTTPUrl]
URL to your Graphite Web/API.
Default value: undef
Data type: Optional[Boolean]
Do not verify the TLS certificate.
Default value: undef
Data type: Optional[String[1]]
A user with access to your Graphite Web via HTTP basic authentication.
Default value: undef
Data type: Optional[Icinga::Secret]
The users password.
Default value: undef
Data type: Optional[String[1]]
The value of your Icinga 2 GraphiteWriter's attribute host_name_template
(if specified).
Default value: undef
Data type: Optional[String[1]]
The value of your icinga 2 GraphiteWriter's attribute service_name_template
(if specified).
Default value: undef
Data type: Optional[String[1]]
The Icinga custom variable with the actual
check command obscured by e.g. check_by_ssh.
Default value: undef
Data type:
Optional[Enum[
'minutes', 'hours', 'days',
'weeks', 'months', 'years'
]]
Set unit for the time range.
Default value: undef
Data type: Optional[Integer[1]]
Set the displayed time range.
Default value: undef
Data type: Optional[Boolean]
Do not display empty graphs.
Default value: undef
Manages the icingadb module. This module is still optional at the moment.
- Note At first have a look at the IcingaDB module documentation.
The following parameters are available in the icingaweb2::module::icingadb
class:
ensure
package_name
db_type
db_resource_name
db_host
db_port
db_name
db_username
db_password
db_charset
db_use_tls
db_tls_cert_file
db_tls_key_file
db_tls_cacert_file
db_tls_cert
db_tls_key
db_tls_cacert
db_tls_capath
db_tls_noverify
db_tls_cipher
redis_host
redis_port
redis_password
redis_primary_host
redis_primary_port
redis_primary_password
redis_secondary_host
redis_secondary_port
redis_secondary_password
redis_use_tls
redis_tls_cert
redis_tls_key
redis_tls_cacert
redis_tls_cert_file
redis_tls_key_file
redis_tls_cacert_file
settings
commandtransports
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: String[1]
IicngaDB-Web module package name.
Data type: Enum['mysql', 'pgsql']
Type of your IDO database. Either mysql
or pgsql
.
Data type: String[1]
Name for the icingadb database resource.
Data type: Stdlib::Host
Hostname of the IcingaDB database.
Data type: Optional[Stdlib::Port]
Port of the IcingaDB database.
Default value: undef
Data type: String[1]
Name of the IcingaDB database.
Data type: String[1]
Username for IcingaDB database connection.
Data type: Optional[Icinga::Secret]
Password for IcingaDB database connection.
Default value: undef
Data type: Optional[String[1]]
The character set to use for the IcingaDB database connection.
Default value: undef
Data type: Optional[Boolean]
Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to 'true'.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the certificate for client authentication. Only valid if db_use_tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the private key for client authentication. Only valid if db_use_tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the CA root certificate. Only valid if db_use_tls is enabled.
Default value: undef
Data type: Optional[String]
The client certificate in PEM format. Only valid if db_use_tls is enabled.
Default value: undef
Data type: Optional[Icinga::Secret]
The client private key in PEM format. Only valid if db_use_tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The CA root certificate in PEM format. Only valid if db_use_tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.
Default value: undef
Data type: Optional[Boolean]
Disable validation of the server certificate.
Default value: undef
Data type: Optional[String[1]]
Cipher to use for the encrypted database connection.
Default value: undef
Data type: Stdlib::Host
Redis host to connect.
Data type: Optional[Stdlib::Port]
Connect redis_host
om this port.
Default value: undef
Data type: Optional[Icinga::Secret]
Password for Redis connection.
Default value: undef
Data type: Stdlib::Host
Alternative parameter to use for redis_host
. Useful for high availability environments.
Default value: $redis_host
Data type: Optional[Stdlib::Port]
Alternative parameter to use for redis_port
. Useful for high availability environments.
Default value: $redis_port
Data type: Optional[Icinga::Secret]
Alternative parameter to use for redis_passwod
. Useful for high availability environments.
Default value: $redis_password
Data type: Optional[Stdlib::Host]
Fallback Redis host to connect if the first one fails.
Default value: undef
Data type: Optional[Stdlib::Port]
Port to connect on the fallback Redis server.
Default value: undef
Data type: Optional[Icinga::Secret]
Password for the second Redis server.
Default value: undef
Data type: Optional[Boolean]
Use tls encrypt connection for Redis. All Credentials are applied for both connections in a high availability environments.
Default value: undef
Data type: Optional[String[1]]
Client certificate in PEM format to authenticate to Redis. Only valid if redis_use_tls is enabled.
Default value: undef
Data type: Optional[Icinga::Secret]
Client private key in PEM format. Only valid if redis_use_tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The CA certificate in PEM format. Only valid if redis_use_tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the client certificate. Only valid if redis_use_tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the private key. Only valid if redis_use_tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the CA certificate. Only valid if redis_use_tls is enabled.
Default value: undef
Data type: Hash[String[1], Any]
General configuration of module icingadb. See official Icinga documentation
Data type: Hash[String[1], Hash]
A hash of command transports.
Installs, configures and enables the idoreports module. The module is deprecated.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
class { 'icingaweb2::module::idoreports':
git_revision => 'v0.10.0',
}
The following parameters are available in the icingaweb2::module::idoreports
class:
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/idoreports"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v2.1.0
.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Optional[Icingaweb2::ImportSchema]
The IDO database needs some extensions for reorting. Whether to import the database extensions or not.
Options mariadb
and mysql
, both means true. With mariadb its cli options are used for the import,
whereas with mysql its different options.
Default value: undef
Requirements:
- IDO feature in Icinga 2 (MySQL or PostgreSQL)
ApiUser
object in Icinga 2 with proper permissions
class {'icingaweb2::module::monitoring': ido_host => 'localhost', ido_type => 'mysql', ido_db_name => 'icinga2', ido_db_username => 'icinga2', ido_db_password => 'supersecret', commandtransports => { icinga2 => { transport => 'api', username => 'icingaweb2', password => 'supersecret', } } }
- Note At first have a look at the Monitoring module documentation.
This module is mandatory for almost every setup. It connects your Icinga Web interface to the Icinga 2 core. Current and history information are queried through the IDO database. Actions such as Check Now
, Set Downtime
or Acknowledge
are send to the Icinga 2 API.
The following parameters are available in the icingaweb2::module::monitoring
class:
ensure
protected_customvars
ido_type
ido_host
ido_port
ido_resource_name
ido_db_name
ido_db_username
ido_db_password
ido_db_charset
use_tls
tls_key_file
tls_cert_file
tls_cacert_file
tls_key
tls_cert
tls_cacert
tls_capath
tls_noverify
tls_cipher
settings
commandtransports
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Variant[String[1], Array[String[1]]]
Custom variables in Icinga 2 may contain sensible information. Set patterns for custom variables that should be hidden in the web interface.
Data type: Enum['mysql', 'pgsql']
Type of your IDO database. Either mysql
or pgsql
.
Data type: Stdlib::Host
Hostname of the IDO database.
Data type: Optional[Stdlib::Port]
Port of the IDO database.
Default value: undef
Data type: String
Resource name for the IDO database.
Data type: String
Name of the IDO database.
Data type: String
Username for IDO DB connection.
Data type: Optional[Icinga::Secret]
Password for IDO DB connection.
Default value: undef
Data type: Optional[String[1]]
The character set to use for the database connection.
Default value: undef
Data type: Optional[Boolean]
Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to 'true'.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the private key for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the certificate for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the ca certificate. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Icinga::Secret]
The private key to store in spicified tls_key_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The certificate to store in spicified tls_cert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The ca certificate to store in spicified tls_cacert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.
Default value: undef
Data type: Optional[Boolean]
Disable validation of the server certificate.
Default value: undef
Data type: Optional[String[1]]
Cipher to use for the encrypted database connection.
Default value: undef
Data type: Hash[String[1], Any]
General configuration of module monitoring. See official Icinga documentation
Data type: Hash
A hash of command transports.
Installs, configures and enables the pdfexport module.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
class { 'icingaweb2::module::pdfexport':
git_revision => 'v0.10.0',
chrome_binary => '/usr/bin/chromium-browser',
}
The following parameters are available in the icingaweb2::module::pdfexport
class:
ensure
module_dir
git_repository
git_revision
install_method
package_name
chrome_binary
force_temp_storage
remote_host
remote_port
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/pdfexport"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v2.1.0
.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Optional[Stdlib::Absolutepath]
Path of the chrome or Chrome/Chromium binary.
Default value: undef
Data type: Optional[Boolean]
Force using of local temp storage.
Default value: undef
Data type: Optional[Stdlib::Host]
Connect a remote running Chrome/Chromium.
Default value: undef
Data type: Optional[Stdlib::Port]
Port to connect the remote running Chrome/Chromium.
Default value: undef
Installs and configures the puppetdb module.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
$certificates = {
'pupdb1' => {
:ssl_key => '-----BEGIN RSA PRIVATE KEY----- abc...',
:ssl_cacert => '-----BEGIN RSA PRIVATE KEY----- def...',
},
'pupdb2' => {
:ssl_key => '-----BEGIN RSA PRIVATE KEY----- zyx...',
:ssl_cacert => '-----BEGIN RSA PRIVATE KEY----- wvur...',
},
}
class { '::icingaweb2::module::puppetdb':
git_revision => 'master',
ssl => 'none',
certificates => $certificates,
}
class {'::icingaweb2::module::puppetdb':
git_revision => 'master',
ssl => 'puppet',
host => 'puppetdb.example.com',
}
The following parameters are available in the icingaweb2::module::puppetdb
class:
Data type: Enum['absent', 'present']
Enable or disable module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/puppetdb"
Data type: Stdlib::HTTPUrl
Set a git repository URL.
Data type: Optional[String[1]]
Set either a branch or a tag name, eg. master
or v1.3.2
.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Enum['none', 'puppet']
How to set up ssl certificates. To copy certificates from the local puppet installation, use puppet
.
Data type: Optional[Stdlib::Host]
Hostname of the server where PuppetDB is running. The ssl
parameter needs to be set to puppet
.
Default value: undef
Data type: Hash
Hash with icingaweb2::module::puppetdb::certificate resources.
Installs the reporting module
class { 'icingaweb2::module::reporting':
ensure => present,
git_revision => 'v0.9.0',
db_host => 'localhost',
db_name => 'reporting',
db_username => 'reporting',
db_password => 'supersecret',
}
The following parameters are available in the icingaweb2::module::reporting
class:
ensure
module_dir
git_repository
git_revision
install_method
package_name
db_type
db_resource_name
db_host
db_port
db_name
db_username
db_password
db_charset
use_tls
tls_key_file
tls_cert_file
tls_cacert_file
tls_key
tls_cert
tls_cacert
tls_capath
tls_noverify
tls_cipher
import_schema
mail
manage_service
service_ensure
service_enable
service_user
Data type: Enum['absent', 'present']
Ensures the state of the reporting module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/reporting"
Data type: Stdlib::HTTPUrl
The upstream module repository.
Data type: Optional[String[1]]
The version of the module that needs to be used.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Enum['mysql', 'pgsql']
The database type. Either mysql or postgres.
Data type: String[1]
Name for the reporting database resource.
Data type: Stdlib::Host
The host where the reporting database will be running
Data type: Optional[Stdlib::Port]
The port on which the database is accessible.
Default value: undef
Data type: String[1]
The name of the database this module should use.
Data type: String[1]
The username needed to access the database.
Data type: Optional[Icinga::Secret]
The password needed to access the database.
Default value: undef
Data type: Optional[String[1]]
The charset the database is set to.
Default value: undef
Data type: Optional[Boolean]
Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to 'true'.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the private key for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the certificate for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the ca certificate. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Icinga::Secret]
The private key to store in spicified tls_key_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The certificate to store in spicified tls_cert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The ca certificate to store in spicified tls_cacert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.
Default value: undef
Data type: Optional[Boolean]
Disable validation of the server certificate.
Default value: undef
Data type: Optional[String[1]]
Cipher to use for the encrypted database connection.
Default value: undef
Data type: Optional[Icingaweb2::ImportSchema]
Whether to import the database schema or not. Options mariadb
and mysql
,
both means true. With mariadb its cli options are used for the import,
whereas with mysql its different options.
Default value: undef
Data type: Optional[String[1]]
Mails are sent with this sender address.
Default value: undef
Data type: Boolean
If set to true the service (daemon) is managed.
Data type: Stdlib::Ensure::Service
Wether the service is running
or stopped
.
Data type: Boolean
Whether the service should be started at boot time.
Data type: String[1]
The user as which the service is running. Only valid if install_method
is set to git
.
Installs and configures the translation module.
The following parameters are available in the icingaweb2::module::translation
class:
Data type: Enum['absent', 'present']
Enable or disable module.
Installs the vsphereDB plugin
class { 'icingaweb2::module::vspheredb':
ensure => 'present',
git_revision => 'v1.1.0',
db_host => 'localhost',
db_name => 'vspheredb',
db_username => 'vspheredb',
db_password => 'supersecret',
}
The following parameters are available in the icingaweb2::module::vspheredb
class:
ensure
module_dir
git_repository
git_revision
install_method
package_name
db_type
db_resource_name
db_host
db_port
db_name
db_username
db_password
db_charset
use_tls
tls_key_file
tls_cert_file
tls_cacert_file
tls_key
tls_cert
tls_cacert
tls_capath
tls_noverify
tls_cipher
import_schema
manage_service
service_ensure
service_enable
service_user
Data type: Enum['absent', 'present']
Ensur es the state of the vspheredb module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/vspheredb"
Data type: Stdlib::HTTPUrl
The upstream module repository.
Data type: Optional[String[1]]
The version of the module that needs to be used.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Enum['mysql']
The database type. Either mysql or postgres.
Data type: String[1]
Name for the vspheredb database resource.
Data type: Stdlib::Host
The host where the vspheredb-database will be running
Data type: Optional[Stdlib::Port]
The port on which the database is accessible.
Default value: undef
Data type: String[1]
The name of the database this module should use.
Data type: String[1]
The username needed to access the database.
Data type: Optional[Icinga::Secret]
The password needed to access the database.
Default value: undef
Data type: Optional[String[1]]
The charset the database is set to.
Default value: undef
Data type: Optional[Boolean]
Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to 'true'.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the private key for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the certificate for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the ca certificate. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Icinga::Secret]
The private key to store in spicified tls_key_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The certificate to store in spicified tls_cert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The ca certificate to store in spicified tls_cacert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.
Default value: undef
Data type: Optional[Boolean]
Disable validation of the server certificate.
Default value: undef
Data type: Optional[String[1]]
Cipher to use for the encrypted database connection.
Default value: undef
Data type: Optional[Icingaweb2::ImportSchema]
Whether to import the database schema or not. New options mariadb
and mysql
,
both means true. With mariadb its cli options are used for the import,
whereas with mysql its different options.
Default value: undef
Data type: Boolean
If set to true the service (daemon) is managed.
Data type: Stdlib::Ensure::Service
Wether the service is running
or stopped
.
Data type: Boolean
Whether the service should be started at boot time.
Data type: String[1]
The user as which the service is running. Only valid if install_method
is set to git
.
Installs the x509 module
class { 'icingaweb2::module::x509':
ensure => present,
git_revision => 'v1.2.1',
db_host => 'localhost',
db_name => 'x509',
db_username => 'x509',
db_password => Sensitive('supersecret'),
}
The following parameters are available in the icingaweb2::module::x509
class:
ensure
module_dir
git_repository
git_revision
install_method
package_name
db_type
db_resource_name
db_host
db_port
db_name
db_username
db_password
db_charset
use_tls
tls_key_file
tls_cert_file
tls_cacert_file
tls_key
tls_cert
tls_cacert
tls_capath
tls_noverify
tls_cipher
import_schema
manage_service
service_ensure
service_enable
service_user
Data type: Enum['absent', 'present']
Ensures the state of the x509 module.
Data type: Stdlib::Absolutepath
Target directory of the module.
Default value: "${icingaweb2::globals::default_module_path}/x509"
Data type: Stdlib::HTTPUrl
The upstream module repository.
Data type: Optional[String[1]]
The version of the module that needs to be used.
Default value: undef
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method.
Data type: String[1]
Package name of the module. This setting is only valid in combination with the installation method package
.
Data type: Enum['mysql', 'pgsql']
The database type. Either mysql or pgsql.
Data type: String[1]
Name for the x509 database resource.
Data type: Stdlib::Host
The host where the database will be running
Data type: Optional[Stdlib::Port]
The port on which the database is accessible.
Default value: undef
Data type: String[1]
The name of the database this module should use.
Data type: String[1]
The username needed to access the database.
Data type: Optional[Icinga::Secret]
The password needed to access the database.
Default value: undef
Data type: Optional[String[1]]
The charset the database is set to.
Default value: undef
Data type: Optional[Boolean]
Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to 'true'.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the private key for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the certificate for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the ca certificate. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Icinga::Secret]
The private key to store in spicified tls_key_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The certificate to store in spicified tls_cert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[String[1]]
The ca certificate to store in spicified tls_cacert_file
file. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.
Default value: undef
Data type: Optional[Boolean]
Disable validation of the server certificate.
Default value: undef
Data type: Optional[String[1]]
Cipher to use for the encrypted database connection.
Default value: undef
Data type: Optional[Icingaweb2::ImportSchema]
Whether to import the database schema or not. Options mariadb
and mysql
,
both means true. With mariadb its cli options are used for the import,
whereas with mysql its different options.
Default value: undef
Data type: Boolean
If set to true the service (daemon) is managed.
Data type: Stdlib::Ensure::Service
Wether the service is running
or stopped
.
Data type: Boolean
Whether the service should be started at boot time.
Data type: String[1]
The user as which the service is running. Only valid if install_method
is set to git
.
Manage Icinga Web 2 authentication methods. Auth methods may be chained by setting proper ordering.
icingaweb2::config::authmethod { 'db-auth':
backend => 'db',
resource => 'my-sql',
order => 20,
}
icingaweb2::config::authmethod { 'ldap-auth':
backend => 'ldap',
resource => 'my-ldap',
ldap_user_class => 'user',
ldap_filter => '(memberof:1.2.840.113556.1.4.1941:=CN=monitoring,OU=groups,DC=icinga,DC=com)',
ldap_user_name_attribute => 'userPrincipalName',
order => '05',
}
The following parameters are available in the icingaweb2::config::authmethod
defined type:
Data type: Enum['external', 'ldap', 'msldap', 'db']
Select between 'external', 'ldap', 'msldap' or 'db'. Each backend may require other settings.
Data type: Optional[String]
The name of the resource defined in resources.ini.
Default value: undef
Data type: Optional[String]
LDAP user class. Only valid if backend
is ldap
or msldap
.
Default value: undef
Data type: Optional[String]
LDAP attribute which contains the username. Only valid if backend
is ldap
or msldap
.
Default value: undef
Data type: Optional[String]
LDAP search filter. Only valid if backend
is ldap
or msladap
.
Default value: undef
Data type: Optional[String]
LDAP base DN. Only valid if backend
is ldap
or msldap
.
Default value: undef
Data type: Optional[String]
Domain for domain-aware authentication
Default value: undef
Data type: Variant[String, Integer]
Multiple authentication methods can be chained. The order of entries in the authentication configuration determines the order of the authentication methods.
Default value: '30'
Manage a dashboard.
icingaweb2::config::dashboard { 'icingaadmin-NewDashboard':
owner => 'icingaadmin',
dashboard => 'New Dashboard',
}
The following parameters are available in the icingaweb2::config::dashboard
defined type:
Data type: String
Owner of the dashboard.
Data type: String
Title of the dashboard.
Manage a dashlet.
icingaweb2::config::dashboard { 'icingaadmin-NewDashboard':
owner => 'icingaadmin',
dashboard => 'New Dashboard',
}
icingaweb2::config::dashlet { 'icingaadmin-NewDashboard':
owner => 'icingaadmin',
dashboard => 'New Dashboard',
dashlet => 'New Dashlet',
url => 'monitoring/list/hosts',
}
icingaweb2::config::dashlet { 'icingaadmin-Overdue-NewDashlet':
owner => 'icingaadmin',
dashboard => 'Overdue',
dashlet => 'New Dashlet',
url => 'monitoring/list/hosts',
}
The following parameters are available in the icingaweb2::config::dashlet
defined type:
Data type: String
Owner of the dashlet.
Data type: String
Dashboard to which the dashlet belongs.
Data type: String
Name of the dashlet.
Data type: String
URL of the dashlet.
Groups of users can be stored either in a database, LDAP or ActiveDirectory. This defined type configures backends that store groups.
icingaweb2::config::groupbackend { 'ldap-groups':
backend => 'ldap',
resource => 'my-ldap',
ldap_group_class => 'group',
ldap_group_name_attribute => 'cn',
ldap_group_member_attribute => 'member',
ldap_base_dn => 'ou=groups,dc=icinga,dc=com',
domain => 'icinga.com',
}
If you have imported the database schema (parameter import_schema
), this backend was also created automatically:
icingaweb2::config::groupbackend { 'mysql-backend':
backend => 'db',
resource => 'my-sql',
}
The following parameters are available in the icingaweb2::config::groupbackend
defined type:
group_name
backend
resource
ldap_user_backend
ldap_group_class
ldap_group_filter
ldap_group_name_attribute
ldap_group_member_attribute
ldap_base_dn
ldap_nested_group_search
domain
order
Data type: String
Name of the resources. Resources are referenced by their name in other configuration sections.
Default value: $title
Data type: Enum['db', 'ldap', 'msldap']
Type of backend. Valide values are: db
, ldap
and msldap
. Each backend supports different settings,
see the parameters for detailed information.
Data type: String
The resource used to connect to the backend. The resource contains connection information.
Data type: Optional[String]
A group backend can be connected with an authentication method. This parameter references the auth method.
Only valid with backend ldap
or msldap
.
Default value: undef
Data type: Optional[String]
Class used to identify group objects. Only valid with backend ldap
.
Default value: undef
Data type: Optional[String]
Use a LDAP filter to receive only certain groups. Only valid with backend ldap
or msldap
.
Default value: undef
Data type: Optional[String]
The group name attribute. Only valid with backend ldap
.
Default value: undef
Data type: Optional[String]
The group member attribute. Only valid with backend ldap
.
Default value: undef
Data type: Optional[String]
Base DN that is searched for groups. Only valid with backend ldap
with msldap
.
Default value: undef
Data type: Optional[Boolean]
Search for groups in groups. Only valid with backend msldap
.
Default value: undef
Data type: Optional[String]
Domain for domain-aware authentication.
Default value: undef
Data type: Variant[String, Integer]
Multiple authentication methods can be chained. The order of entries in the authentication configuration determines the order of the authentication methods.
Default value: '30'
Navigate defines a menu entry, host- or service action.
The following parameters are available in the icingaweb2::config::navigation
defined type:
Data type: String
Name of the menu entry, host- or service action.
Default value: $title
Data type: String
Owner of the navigation item.
Data type:
Enum[
'menu-item',
'host-action',
'service-action'
]
Type of the navigation item.
Default value: 'menu-item'
Data type: Boolean
Creates a shared navigation item.
Default value: false
Data type: Optional[Array[String]]
List of users who have access to the element. Only valid if shared.
Default value: undef
Data type: Optional[Array[String]]
List of user groups that have access to the element. Only valid if shared.
Default value: undef
Data type: Optional[String]
The name of the a parent item. Only valid for menu entries.
Important: shared
has to set if the parent entry is also shared
.
Default value: undef
Data type: Enum['_blank', '_main']
The target to view the content.
Default value: '_main'
Data type: String
Url to the content of the navigation item.
Data type: Optional[String]
Location of an icon for the navigation item.
Default value: undef
Data type: Optional[String]
Filter to restrict the result of the content. Only valid for actions.
Default value: undef
Roles define a set of permissions that may be applied to users or groups.
icingaweb2::config::role{ 'linux-user':
groups => 'linuxer',
permissions => '*',
filters => {
'monitoring/filter/objects' => 'host_name=linux-*'
}
}
The following parameters are available in the icingaweb2::config::role
defined type:
Data type: String
Name of the role.
Default value: $title
Data type: Optional[String]
Comma separated list of users this role applies to.
Default value: undef
Data type: Optional[String]
Comma separated list of groups this role applies to.
Default value: undef
Data type: Optional[String]
The name of the role from which to inherit privileges.
Default value: undef
Data type: Optional[String]
Comma separated lsit of permissions. Each module may add it's own permissions. Examples are
- Allow everything: '*'
- Allow config access: 'config/*'
- Allow access do module icingadb: 'module/icingadb'
- Allow scheduling checks: 'icingadb/command/schedule-checks'
- Grant admin permissions: 'admin'
Default value: undef
Data type: Optional[String]
Refusals are used to deny access. So they’re the exact opposite of permissions.
Default value: undef
Data type: Optional[Boolean]
If set to true
, owners of this role are not restricted in any way.
Default value: undef
Data type: Hash
Hash of filters. Modules may add new filter keys, some sample keys are:
- application/share/users
- application/share/groups
- icingadb/filter/objects A string value is expected for each used key. For example:
- icingadb/filter/objects = "host_name!=win"
Default value: {}
Manage settings in INI configuration files.
include icingawebeb2
icingaweb2::inisection { '/path/to/config.ini':
settings => {
'global' => {
'setting1' => 'value',
'setting2' => 'value',
},
},
}
The following parameters are available in the icingaweb2::inisection
defined type:
Data type: Stdlib::Absolutepath
Absolute path to the configuration file.
Data type: String[1]
Name of the target section. Settings are set under [$section_name]
Default value: $title
Data type: Hash
A hash of settings and their settings. Single settings may be set to absent.
Default value: {}
Data type: Variant[String[1], Integer[1]]
Ordering of the INI section within a file. Defaults to 01
Default value: '01'
Data type: Boolean
Specifies whether to overwrite the destination file if it already exists.
Default value: true
Download, enable and configure Icinga Web 2 modules.
- Note If you want to use
git
asinstall_method
, the CLIgit
command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameterextra_packages
.
$conf_dir = $icingaweb2::globals::conf_dir
$module_conf_dir = "${conf_dir}/modules/mymodule"
$settings = {
'section1' => {
'target' => "${module_conf_dir}/config1.ini",
'settings' => {
'setting1' => 'value1',
'setting2' => 'value2',
}
},
'section2' => {
'target' => "${module_conf_dir}/config2.ini",
'settings' => {
'setting3' => 'value3',
'setting4' => 'value4',
}
}
}
The following parameters are available in the icingaweb2::module
defined type:
Data type: Enum['absent', 'present']
Enable or disable module.
Default value: 'present'
Data type: String[1]
Name of the module.
Default value: $title
Data type: Stdlib::Absolutepath
Target directory of the module. Defaults to first item of module_path
.
Default value: "${icingaweb2::globals::default_module_path}/${title}"
Data type: Enum['git', 'none', 'package']
Install methods are git
, package
and none
is supported as installation method. Defaults to git
Default value: 'git'
Data type: Optional[String[1]]
The git repository. This setting is only valid in combination with the installation method git
.
Default value: undef
Data type: String
Tag or branch of the git repository. This setting is only valid in combination with the installation method git
.
Default value: 'master'
Data type: Optional[String[1]]
Package name of the module. This setting is only valid in combination with the installation method package
.
Default value: undef
Data type: Hash[String[1], Any]
A hash with the module settings. Multiple configuration files with ini sections can be configured with this hash.
The module_name
should be used as target directory for the configuration files.
Default value: {}
Create and remove Icinga Web 2 database resources.
icingaweb2::resource::database { 'mysql':
type => 'mysql',
host => 'localhost',
port => '3306',
database => 'icingaweb2',
username => 'icingaweb2',
password => 'supersecret',
}
The following parameters are available in the icingaweb2::resource::database
defined type:
resource_name
type
host
port
database
username
password
charset
use_tls
tls_noverify
tls_key
tls_cert
tls_cacert
tls_capath
tls_cipher
Data type: String[1]
Name of the resources. Resources are referenced by their name in other configuration sections.
Default value: $title
Data type:
Enum['mysql', 'pgsql', 'mssql',
'oci', 'oracle', 'ibm', 'sqlite']
Set database type to connect.
Data type: Optional[Stdlib::Host]
Connect to the database on the given host. For using unix domain sockets, specify 'localhost' for MySQL and the path to the unix domain socket and the directory for PostgreSQL.
Default value: undef
Data type: Optional[Stdlib::Port]
Port number to use.
Default value: undef
Data type: String[1]
The database to use.
Data type: Optional[String[1]]
The username to use when connecting to the server.
Default value: undef
Data type: Optional[Icinga::Secret]
The password to use when connecting the database.
Default value: undef
Data type: Optional[String[1]]
The character set to use for the database connection.
Default value: undef
Data type: Optional[Boolean]
Either enable or disable TLS encryption to the database. Other TLS parameters are only affected if this is set to 'true'.
Default value: undef
Data type: Optional[Boolean]
Disable validation of the server certificate.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the private key for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the certificate for client authentication. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Location of the ca certificate. Only valid if tls is enabled.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format. Only available for the mysql database.
Default value: undef
Data type: Optional[String[1]]
Chipher to use for the encrypted database connection.
Default value: undef
Create and remove Icinga Web 2 resources. Resources may be referenced in other configuration sections.
icingaweb2::resource::ldap{ 'my-ldap':
host => 'localhost',
port => 389,
root_dn => 'ou=users,dc=icinga,dc=com',
bind_dn => 'cn=icingaweb2,ou=users,dc=icinga,dc=com',
bind_pw => Sensitive('supersecret'),
}
The following parameters are available in the icingaweb2::resource::ldap
defined type:
Data type: String[1]
Name of the resources. Resources are referenced by their name in other configuration sections.
Default value: $title
Data type: String[1]
Connect to the database or ldap server on the given host. For using unix domain sockets, specify 'localhost' for MySQL and the path to the unix domain socket directory for PostgreSQL. When using the 'ldap' type you can also provide multiple hosts separated by a space.
Default value: 'localhost'
Data type: Optional[Stdlib::Port]
Port number to use.
Default value: undef
Data type: Optional[String[1]]
Root object of the tree, e.g. 'ou=people,dc=icinga,dc=com'.
Default value: undef
Data type: Optional[String[1]]
The user to use when connecting to the server.
Default value: undef
Data type: Optional[Icinga::Secret]
The password to use when connecting to the server.
Default value: undef
Data type: Enum['none', 'starttls', 'ldaps']
Type of encryption to use: none (default), starttls, ldaps.
Default value: 'none'
Data type: Integer
Timeout for the ldap connection.
Default value: 5
Type: Puppet Language
This function returns first parameter if set.
The icingaweb2::pick function.
Returns: Any
One of the two parameters.
Data type: Any
Data type: Any
A strict type for the default admin role
Alias of
Struct[{
name => String,
users => Optional[Array[String[1]]],
groups => Optional[Array[String[1]]],
}]
A type for setting import database schemata
Alias of Variant[Boolean, Enum['mariadb', 'mysql']]