From cd748a09e035787dea26e4ac4fbcef4cf68aad9c Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Fri, 17 May 2024 15:59:24 -0500 Subject: [PATCH 01/11] add todos --- data/common.yaml | 10 +++++----- manifests/database_init.pp | 1 + manifests/mariadb.pp | 1 + 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index cfac302..5a65399 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,7 @@ --- observium::auth_mechanism: "mysql" -observium::db_password: "changeme" -observium::rootdb_password: "hello123" +observium::db_password: "changeme" # TODO: NO PASSWORDS IN DATA FILES +observium::rootdb_password: "hello123" # TODO: NO PASSWORDS IN DATA FILES observium::download_url: "http://www.observium.org/" observium::installer_name: "observium-community-latest.tar.gz" observium::install_dir: "/opt/observium" @@ -10,9 +10,9 @@ observium::db_user: "observium" observium::community: "puppet" observium::snmpv3_authlevel: "authPriv" observium::snmpv3_authname: "observium" -observium::snmpv3_authpass: "setme1234" +observium::snmpv3_authpass: "setme1234" # TODO: NO PASSWORDS IN DATA FILES observium::snmpv3_authalgo: "SHA" -observium::snmpv3_cryptopass: "setme1234" +observium::snmpv3_cryptopass: "setme1234" # TODO: NO PASSWORDS IN DATA FILES observium::snmpv3_cryptoalgo: "AES" observium::mib_locations: - /opt/observium/mibs/rfc @@ -23,7 +23,7 @@ observium::observium_additional_conf: - '//extra lines' - '//as many as you' - '//would like' -observium::admin_password: "changeme" +observium::admin_password: "changeme" # TODO: NO PASSWORDS IN DATA FILES observium::apache_custom_options: {} observium::apache_auth_require: "all granted" observium::apache_port: 80 diff --git a/manifests/database_init.pp b/manifests/database_init.pp index 67d5657..bbfce96 100644 --- a/manifests/database_init.pp +++ b/manifests/database_init.pp @@ -10,6 +10,7 @@ # Lookup location of mysql binary $mysql_location = lookup(observium::mysql_location, String) + # TODO: is this right? # init the database if the user table is not present exec { 'init observium databse': command => '/opt/observium/discovery.php -u', diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index 3d4ba2c..0277596 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -19,6 +19,7 @@ } 'Debian': { Class { '::mysql::server': + # TODO: This should not just be commented out. #package_name => 'mariadb-server', #package_ensure => 'present', #service_name => 'mysqld', From 57c2cea94e87425b29ff7c958d5a8fe898963ea3 Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Fri, 17 May 2024 16:00:49 -0500 Subject: [PATCH 02/11] we accept this as a variable so we should respect it --- manifests/database_init.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/database_init.pp b/manifests/database_init.pp index bbfce96..10aeb50 100644 --- a/manifests/database_init.pp +++ b/manifests/database_init.pp @@ -14,12 +14,12 @@ # init the database if the user table is not present exec { 'init observium databse': command => '/opt/observium/discovery.php -u', - unless => "${mysql_location} -u observium --password=${observium::db_password} observium -e 'select * from users'", + unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select * from users'", } exec { 'Create admin user': command => "/opt/observium/adduser.php admin ${observium::admin_password} 10", - unless => "${mysql_location} -u observium --password=${observium::db_password} observium -e 'select * from users WHERE username LIKE \"admin\"' | grep admin", + unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select * from users WHERE username LIKE \"admin\"' | grep admin", } # add local host to database @@ -31,7 +31,7 @@ } exec { 'Add local host as device': command => "/opt/observium/add_device.php 127.0.0.1 ${v3auth} v3 ${observium::snmpv3_authname} ${observium::snmpv3_authpass} ${observium::snmpv3_cryptopass} ${observium::snmpv3_authalgo} ${observium::snmpv3_cryptoalgo}", - unless => "${mysql_location} -u observium --password=${observium::db_password} observium -e 'select hostname from devices WHERE hostname LIKE \"127.0.0.1\"' | grep 127.0.0.1", + unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select hostname from devices WHERE hostname LIKE \"127.0.0.1\"' | grep 127.0.0.1", } # Perform discovery for nodes which have been added. From 2f7d1b7d608a4f26e4535436da5ea974256cf772 Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Fri, 17 May 2024 16:04:56 -0500 Subject: [PATCH 03/11] remove commented out code --- manifests/mariadb.pp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index 0277596..259fd8a 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -6,8 +6,9 @@ # class observium::mariadb { assert_private() + # Check we are managing mysql - if observium::manage_mysql { + if $observium::manage_mysql { case $facts['os']['family'] { 'RedHat': { Class { '::mysql::server': @@ -19,10 +20,6 @@ } 'Debian': { Class { '::mysql::server': - # TODO: This should not just be commented out. - #package_name => 'mariadb-server', - #package_ensure => 'present', - #service_name => 'mysqld', root_password => $observium::rootdb_password, override_options => { 'mysqld' => { From 78332749be839d32004edf103a3beedce7491f40 Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Mon, 20 May 2024 09:00:50 -0500 Subject: [PATCH 04/11] no passwords in the data files --- data/common.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index 5a65399..c23883d 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,5 @@ --- observium::auth_mechanism: "mysql" -observium::db_password: "changeme" # TODO: NO PASSWORDS IN DATA FILES -observium::rootdb_password: "hello123" # TODO: NO PASSWORDS IN DATA FILES observium::download_url: "http://www.observium.org/" observium::installer_name: "observium-community-latest.tar.gz" observium::install_dir: "/opt/observium" @@ -10,9 +8,7 @@ observium::db_user: "observium" observium::community: "puppet" observium::snmpv3_authlevel: "authPriv" observium::snmpv3_authname: "observium" -observium::snmpv3_authpass: "setme1234" # TODO: NO PASSWORDS IN DATA FILES observium::snmpv3_authalgo: "SHA" -observium::snmpv3_cryptopass: "setme1234" # TODO: NO PASSWORDS IN DATA FILES observium::snmpv3_cryptoalgo: "AES" observium::mib_locations: - /opt/observium/mibs/rfc @@ -23,7 +19,6 @@ observium::observium_additional_conf: - '//extra lines' - '//as many as you' - '//would like' -observium::admin_password: "changeme" # TODO: NO PASSWORDS IN DATA FILES observium::apache_custom_options: {} observium::apache_auth_require: "all granted" observium::apache_port: 80 From 32bdc57e1d1c1c6cd688002a0e061b759c566daf Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Wed, 22 May 2024 08:25:59 -0500 Subject: [PATCH 05/11] specifically specify our database --- manifests/database_init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/database_init.pp b/manifests/database_init.pp index 10aeb50..42cd12e 100644 --- a/manifests/database_init.pp +++ b/manifests/database_init.pp @@ -14,12 +14,12 @@ # init the database if the user table is not present exec { 'init observium databse': command => '/opt/observium/discovery.php -u', - unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select * from users'", + unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select * from observium.users'", } exec { 'Create admin user': command => "/opt/observium/adduser.php admin ${observium::admin_password} 10", - unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select * from users WHERE username LIKE \"admin\"' | grep admin", + unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select * from observium.users WHERE username LIKE \"admin\"' | grep admin", } # add local host to database From 54212f8e5428b82b8db083e92a4e237e433a5d50 Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Wed, 22 May 2024 08:27:40 -0500 Subject: [PATCH 06/11] escape the password just in case --- manifests/database_init.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/database_init.pp b/manifests/database_init.pp index 42cd12e..5af7f3c 100644 --- a/manifests/database_init.pp +++ b/manifests/database_init.pp @@ -14,12 +14,12 @@ # init the database if the user table is not present exec { 'init observium databse': command => '/opt/observium/discovery.php -u', - unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select * from observium.users'", + unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e 'select * from observium.users'", } exec { 'Create admin user': command => "/opt/observium/adduser.php admin ${observium::admin_password} 10", - unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select * from observium.users WHERE username LIKE \"admin\"' | grep admin", + unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e 'select * from observium.users WHERE username LIKE \"admin\"' | grep admin", } # add local host to database @@ -31,7 +31,7 @@ } exec { 'Add local host as device': command => "/opt/observium/add_device.php 127.0.0.1 ${v3auth} v3 ${observium::snmpv3_authname} ${observium::snmpv3_authpass} ${observium::snmpv3_cryptopass} ${observium::snmpv3_authalgo} ${observium::snmpv3_cryptoalgo}", - unless => "${mysql_location} -u ${observium::db_user} --password=${observium::db_password} observium -e 'select hostname from devices WHERE hostname LIKE \"127.0.0.1\"' | grep 127.0.0.1", + unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e 'select hostname from devices WHERE hostname LIKE \"127.0.0.1\"' | grep 127.0.0.1", } # Perform discovery for nodes which have been added. From 07aa004954ecd5202e8cef1012896a114f3fb92b Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Wed, 22 May 2024 08:27:50 -0500 Subject: [PATCH 07/11] empty commit From 8d231bff97c82b2bf4edce432f09b2c8f6986374 Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Wed, 22 May 2024 08:34:54 -0500 Subject: [PATCH 08/11] try this syntax --- manifests/database_init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/database_init.pp b/manifests/database_init.pp index 5af7f3c..f231133 100644 --- a/manifests/database_init.pp +++ b/manifests/database_init.pp @@ -14,12 +14,12 @@ # init the database if the user table is not present exec { 'init observium databse': command => '/opt/observium/discovery.php -u', - unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e 'select * from observium.users'", + unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e \"select * from observium.users\"", } exec { 'Create admin user': command => "/opt/observium/adduser.php admin ${observium::admin_password} 10", - unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e 'select * from observium.users WHERE username LIKE \"admin\"' | grep admin", + unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e \"select * from observium.users WHERE username LIKE 'admin'\" | grep admin", } # add local host to database From bff1ea8eadb5fcc9440972edc876cec38d663c37 Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Wed, 22 May 2024 08:35:40 -0500 Subject: [PATCH 09/11] empty commit From 26b94ecf316358272e066bb6522bf7bb7e5da903 Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Wed, 22 May 2024 08:49:04 -0500 Subject: [PATCH 10/11] remote can't add users --- manifests/database_init.pp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/manifests/database_init.pp b/manifests/database_init.pp index f231133..96cd8c4 100644 --- a/manifests/database_init.pp +++ b/manifests/database_init.pp @@ -17,9 +17,12 @@ unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e \"select * from observium.users\"", } - exec { 'Create admin user': - command => "/opt/observium/adduser.php admin ${observium::admin_password} 10", - unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e \"select * from observium.users WHERE username LIKE 'admin'\" | grep admin", + # when auth_mechanism is 'remote', privilege level is given by observium's auth_remote_userlevel setting + unless $observium::auth_mechanism == 'remote' { + exec { 'Create admin user': + command => "/opt/observium/adduser.php admin ${observium::admin_password} 10", + unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e \"select * from observium.users WHERE username LIKE 'admin'\" | grep admin", + } } # add local host to database From a46b363e92ccc1073dd1315cadb49cc396e26c97 Mon Sep 17 00:00:00 2001 From: tyler bailey Date: Wed, 22 May 2024 08:50:35 -0500 Subject: [PATCH 11/11] remove todo --- manifests/database_init.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/database_init.pp b/manifests/database_init.pp index 96cd8c4..0574f4b 100644 --- a/manifests/database_init.pp +++ b/manifests/database_init.pp @@ -10,7 +10,6 @@ # Lookup location of mysql binary $mysql_location = lookup(observium::mysql_location, String) - # TODO: is this right? # init the database if the user table is not present exec { 'init observium databse': command => '/opt/observium/discovery.php -u',