diff --git a/.fixtures.yml b/.fixtures.yml
index 0d45dde..006b647 100644
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -4,41 +4,47 @@
fixtures:
forge_modules:
stdlib:
- repo: "puppetlabs/stdlib"
- ref: "8.6.0"
+ repo: "puppetlabs/stdlib" # needs stdlib 9 >
+ ref: "9.6.0"
puppetlabs-yumrepo_core:
repo: "puppetlabs/yumrepo_core"
- ref: "2.0.0"
+ ref: "2.1.0"
puppet-archive:
repo: "puppet/archive"
- ref: "5.0.0"
+ ref: "7.1.0"
puppetlabs-mysql:
- repo: "puppetlabs/mysql"
- ref: "13.3.0"
+ repo: "puppetlabs/mysql" # needs 15 or >
+ ref: "15.0.0"
puppetlabs-cron_core:
repo: "puppetlabs/cron_core"
- ref: "1.0.5"
+ ref: "1.3.0"
puppet-selinux:
- repo: "puppet/selinux"
- ref: "3.4.0"
+ repo: "puppet/selinux" # needs stdlib 9 >
+ ref: "4.1.0" # needs 4>
puppetlabs-apache:
repo: "puppetlabs/apache"
- ref: "10.0.0"
+ ref: "12.1.0"
puppet-snmp:
- repo: "puppet/snmp"
- ref: "5.1.1"
+ repo: "puppet/snmp" # needs systemd 2.5.1 >
+ ref: "7.1.0"
puppet-firewalld:
repo: "puppet/firewalld"
- ref: "4.4.0"
- domkrm-ufw:
- repo: "domkrm/ufw"
- ref: "1.1.4"
- camptocamp-systemd:
- repo: "camptocamp/systemd"
- ref: "3.0.0"
- puppetlabs-concat:
+ ref: "5.0.0"
+ puppetlabs-firewall:
+ repo: "puppetlabs/firewall"
+ ref: "8.0.2"
+ puppet-systemd: # inifile is dep
+ repo: "puppet/systemd"
+ ref: "7.0.0"
+ puppetlabs-concat: # needs stdlib 9 >
repo: "puppetlabs/concat"
- ref: "7.0.1"
+ ref: "9.0.2"
puppetlabs-augeas_core:
repo: "puppetlabs/augeas_core"
- ref: "1.1.2"
\ No newline at end of file
+ ref: "1.5.0"
+ repositories:
+ provision: https://github.com/puppetlabs/provision.git
+ puppet_agent:
+ repo: https://github.com/puppetlabs/puppetlabs-puppet_agent.git
+ ref: v4.19.0
+ facts: https://github.com/puppetlabs/puppetlabs-facts.git
\ No newline at end of file
diff --git a/.github/workflows/acceptance_test.yml b/.github/workflows/acceptance_test.yml
new file mode 100644
index 0000000..d396ac7
--- /dev/null
+++ b/.github/workflows/acceptance_test.yml
@@ -0,0 +1,99 @@
+---
+name: "Acceptance Testing"
+
+on:
+ pull_request:
+ branches:
+ - "main"
+
+jobs:
+
+ setup_matrix:
+ name: "Setup Test Matrix"
+ runs-on: ubuntu-22.04
+ outputs:
+ matrix: ${{ steps.get-matrix.outputs.matrix }}
+
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v3
+
+ - name: Activate Ruby 3.2
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: "3.2.3"
+ bundler-cache: true
+
+ - name: Print bundle environment
+ run: |
+ echo ::group::bundler environment
+ bundle env
+ echo ::endgroup::
+
+ - name: Setup Integration Test Matrix
+ id: get-matrix
+ run: |
+ echo "matrix=$(cat test_matrix.json | tr -s '\n' ' ')" >> $GITHUB_OUTPUT
+ cat $GITHUB_OUTPUT
+
+ acceptance:
+ name: "Acceptance tests (${{matrix.collection.agent_version}})"
+ needs:
+ - setup_matrix
+ if: ${{ needs.setup_matrix.outputs.matrix != '{}' }}
+
+ runs-on: ubuntu-22.04
+ strategy:
+ fail-fast: false
+ matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}}
+
+ env:
+ PUPPET_GEM_VERSION: ${{matrix.collection.gem_version}}
+ FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set?
+
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v3
+
+ - name: Activate Ruby 3.2
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: "3.2.3"
+ bundler-cache: true
+
+ - name: Print bundle environment
+ run: |
+ echo ::group::bundler environment
+ bundle env
+ echo ::endgroup::
+
+ - name: Create the fixtures directory
+ run: |
+ bundle exec rake spec_prep
+
+ - name: check vars
+ run: |
+ export
+
+ - name: Provision test environment
+ run: |
+ bundle exec rake 'litmus:provision_list[docker]'
+ FILE='spec/fixtures/litmus_inventory.yaml'
+
+ - name: Install Agents and module
+ run: |
+ # bundle exec rake 'litmus:install_agent'
+ bundle exec rake 'litmus:install_agent[${{ matrix.collection.agent_version }}]'
+ bundle exec rake litmus:install_module
+
+ - name: Run integration tests
+ run: |
+ bundle exec rake litmus:acceptance:parallel
+
+ - name: Remove test environment
+ if: ${{ always() }}
+ continue-on-error: true
+ run: |
+ ls -lh ./spec/fixtures/
+ cat ./spec/fixtures/litmus_inventory.yaml
+ bundle exec rake 'litmus:tear_down'
\ No newline at end of file
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
new file mode 100644
index 0000000..c2f88dc
--- /dev/null
+++ b/.github/workflows/lint.yaml
@@ -0,0 +1,71 @@
+---
+name: "Lint testing"
+
+on:
+ pull_request:
+ branches:
+ - "main"
+
+jobs:
+ setup_matrix:
+ name: "Setup Test Matrix"
+ runs-on: ubuntu-22.04
+ outputs:
+ matrix: ${{ steps.get-matrix.outputs.matrix }}
+
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v3
+
+ - name: Activate Ruby 3.2
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: "3.2.3"
+ bundler-cache: true
+
+ - name: Print bundle environment
+ run: |
+ echo ::group::bundler environment
+ bundle env
+ echo ::endgroup::
+
+ - name: Setup Integration Test Matrix
+ id: get-matrix
+ run: |
+ echo "matrix=$(cat test_matrix.json | tr -s '\n' ' ')" >> $GITHUB_OUTPUT
+ cat $GITHUB_OUTPUT
+
+ lint:
+ name: "Lint tests (${{matrix.collection.agent_version}})"
+ needs:
+ - setup_matrix
+ if: ${{ needs.setup_matrix.outputs.matrix != '{}' }}
+
+ runs-on: ubuntu-22.04
+ strategy:
+ fail-fast: false
+ matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}}
+
+ env:
+ PUPPET_GEM_VERSION: ${{matrix.collection.gem_version}}
+ FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set?
+
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v3
+
+ - name: Activate Ruby 3.2
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: "3.2.3"
+ bundler-cache: true
+
+ - name: Print bundle environment
+ run: |
+ echo ::group::bundler environment
+ bundle env
+ echo ::endgroup::
+
+ - name: "Run tests"
+ run: |
+ bundle exec rake validate
\ No newline at end of file
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
new file mode 100644
index 0000000..2e3fea2
--- /dev/null
+++ b/.github/workflows/unit_tests.yml
@@ -0,0 +1,71 @@
+---
+name: "Unit Testing"
+
+on:
+ pull_request:
+ branches:
+ - "main"
+
+jobs:
+ setup_matrix:
+ name: "Setup Test Matrix"
+ runs-on: ubuntu-22.04
+ outputs:
+ matrix: ${{ steps.get-matrix.outputs.matrix }}
+
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v3
+
+ - name: Activate Ruby 3.2
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: "3.2.3"
+ bundler-cache: true
+
+ - name: Print bundle environment
+ run: |
+ echo ::group::bundler environment
+ bundle env
+ echo ::endgroup::
+
+ - name: Setup Integration Test Matrix
+ id: get-matrix
+ run: |
+ echo "matrix=$(cat test_matrix.json | tr -s '\n' ' ')" >> $GITHUB_OUTPUT
+ cat $GITHUB_OUTPUT
+
+ Unit:
+ name: "Unit tests (${{matrix.collection.agent_version}})"
+ needs:
+ - setup_matrix
+ if: ${{ needs.setup_matrix.outputs.matrix != '{}' }}
+
+ runs-on: ubuntu-22.04
+ strategy:
+ fail-fast: false
+ matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}}
+
+ env:
+ PUPPET_GEM_VERSION: ${{matrix.collection.gem_version}}
+ FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set?
+
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout@v3
+
+ - name: Activate Ruby 3.2
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: "3.2.3"
+ bundler-cache: true
+
+ - name: Print bundle environment
+ run: |
+ echo ::group::bundler environment
+ bundle env
+ echo ::endgroup::
+
+ - name: "Run tests"
+ run: |
+ bundle exec rake parallel_spec
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 988dcbb..3f15512 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,7 +16,7 @@
/log/
/pkg/
/spec/fixtures/manifests/
-/spec/fixtures/modules/
+/spec/fixtures/modules/*
/tmp/
/vendor/
/convert_report.txt
diff --git a/.pdkignore b/.pdkignore
index c538bea..862847a 100644
--- a/.pdkignore
+++ b/.pdkignore
@@ -16,7 +16,7 @@
/log/
/pkg/
/spec/fixtures/manifests/
-/spec/fixtures/modules/
+/spec/fixtures/modules/*
/tmp/
/vendor/
/convert_report.txt
@@ -26,20 +26,17 @@
.envrc
/inventory.yaml
/spec/fixtures/litmus_inventory.yaml
-/appveyor.yml
-/.editorconfig
/.fixtures.yml
/Gemfile
/.gitattributes
+/.github/
/.gitignore
-/.gitlab-ci.yml
/.pdkignore
/.puppet-lint.rc
/Rakefile
/rakelib/
/.rspec
-/.rubocop.yml
-/.travis.yml
+/..yml
/.yardopts
/spec/
/.vscode/
diff --git a/.rubocop.yml b/.rubocop.yml
index 31e8248..21b82b9 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -3,8 +3,9 @@ require:
- rubocop-performance
- rubocop-rspec
AllCops:
+ NewCops: enable
DisplayCopNames: true
- TargetRubyVersion: '2.5'
+ TargetRubyVersion: '2.6'
Include:
- "**/*.rb"
Exclude:
@@ -111,8 +112,14 @@ Style/MethodCalledOnDoEndBlock:
Enabled: true
Style/StringMethods:
Enabled: true
+Bundler/GemFilename:
+ Enabled: false
Bundler/InsecureProtocolSource:
Enabled: false
+Capybara/CurrentPathExpectation:
+ Enabled: false
+Capybara/VisibilityMatcher:
+ Enabled: false
Gemspec/DuplicatedAssignment:
Enabled: false
Gemspec/OrderedDependencies:
@@ -287,11 +294,9 @@ Performance/UriDefaultParser:
Enabled: false
RSpec/Be:
Enabled: false
-RSpec/Capybara/CurrentPathExpectation:
- Enabled: false
RSpec/Capybara/FeatureMethods:
Enabled: false
-RSpec/Capybara/VisibilityMatcher:
+RSpec/ContainExactly:
Enabled: false
RSpec/ContextMethod:
Enabled: false
@@ -331,6 +336,8 @@ RSpec/LeakyConstantDeclaration:
Enabled: false
RSpec/LetBeforeExamples:
Enabled: false
+RSpec/MatchArray:
+ Enabled: false
RSpec/MissingExampleGroupArgument:
Enabled: false
RSpec/MultipleExpectations:
@@ -373,8 +380,6 @@ Style/AccessModifierDeclarations:
Enabled: false
Style/AccessorGrouping:
Enabled: false
-Style/AsciiComments:
- Enabled: false
Style/BisectedAttrAccessor:
Enabled: false
Style/CaseLikeIf:
@@ -485,35 +490,241 @@ Style/TrailingMethodEndStatement:
Enabled: false
Style/UnpackFirst:
Enabled: false
+Capybara/MatchStyle:
+ Enabled: false
+Capybara/NegationMatcher:
+ Enabled: false
+Capybara/SpecificActions:
+ Enabled: false
+Capybara/SpecificFinders:
+ Enabled: false
+Capybara/SpecificMatcher:
+ Enabled: false
+Gemspec/DeprecatedAttributeAssignment:
+ Enabled: false
+Gemspec/DevelopmentDependencies:
+ Enabled: false
+Gemspec/RequireMFA:
+ Enabled: false
+Layout/LineContinuationLeadingSpace:
+ Enabled: false
+Layout/LineContinuationSpacing:
+ Enabled: false
+Layout/LineEndStringConcatenationIndentation:
+ Enabled: false
+Layout/SpaceBeforeBrackets:
+ Enabled: false
+Lint/AmbiguousAssignment:
+ Enabled: false
+Lint/AmbiguousOperatorPrecedence:
+ Enabled: false
+Lint/AmbiguousRange:
+ Enabled: false
+Lint/ConstantOverwrittenInRescue:
+ Enabled: false
+Lint/DeprecatedConstants:
+ Enabled: false
Lint/DuplicateBranch:
Enabled: false
+Lint/DuplicateMagicComment:
+ Enabled: false
+Lint/DuplicateMatchPattern:
+ Enabled: false
Lint/DuplicateRegexpCharacterClassElement:
Enabled: false
Lint/EmptyBlock:
Enabled: false
Lint/EmptyClass:
Enabled: false
+Lint/EmptyInPattern:
+ Enabled: false
+Lint/IncompatibleIoSelectWithFiberScheduler:
+ Enabled: false
+Lint/LambdaWithoutLiteralBlock:
+ Enabled: false
Lint/NoReturnInBeginEndBlocks:
Enabled: false
+Lint/NonAtomicFileOperation:
+ Enabled: false
+Lint/NumberedParameterAssignment:
+ Enabled: false
+Lint/OrAssignmentToConstant:
+ Enabled: false
+Lint/RedundantDirGlobSort:
+ Enabled: false
+Lint/RefinementImportMethods:
+ Enabled: false
+Lint/RequireRangeParentheses:
+ Enabled: false
+Lint/RequireRelativeSelfPath:
+ Enabled: false
+Lint/SymbolConversion:
+ Enabled: false
Lint/ToEnumArguments:
Enabled: false
+Lint/TripleQuotes:
+ Enabled: false
Lint/UnexpectedBlockArity:
Enabled: false
Lint/UnmodifiedReduceAccumulator:
Enabled: false
+Lint/UselessRescue:
+ Enabled: false
+Lint/UselessRuby2Keywords:
+ Enabled: false
+Metrics/CollectionLiteralLength:
+ Enabled: false
+Naming/BlockForwarding:
+ Enabled: false
Performance/CollectionLiteralInLoop:
Enabled: false
+Performance/ConcurrentMonotonicTime:
+ Enabled: false
+Performance/MapCompact:
+ Enabled: false
+Performance/RedundantEqualityComparisonBlock:
+ Enabled: false
+Performance/RedundantSplitRegexpArgument:
+ Enabled: false
+Performance/StringIdentifierArgument:
+ Enabled: false
+RSpec/BeEq:
+ Enabled: false
+RSpec/BeNil:
+ Enabled: false
+RSpec/ChangeByZero:
+ Enabled: false
+RSpec/ClassCheck:
+ Enabled: false
+RSpec/DuplicatedMetadata:
+ Enabled: false
+RSpec/ExcessiveDocstringSpacing:
+ Enabled: false
+RSpec/FactoryBot/ConsistentParenthesesStyle:
+ Enabled: false
+RSpec/FactoryBot/FactoryNameStyle:
+ Enabled: false
+RSpec/FactoryBot/SyntaxMethods:
+ Enabled: false
+RSpec/IdenticalEqualityAssertion:
+ Enabled: false
+RSpec/NoExpectationExample:
+ Enabled: false
+RSpec/PendingWithoutReason:
+ Enabled: false
+RSpec/Rails/AvoidSetupHook:
+ Enabled: false
+RSpec/Rails/HaveHttpStatus:
+ Enabled: false
+RSpec/Rails/InferredSpecType:
+ Enabled: false
+RSpec/Rails/MinitestAssertions:
+ Enabled: false
+RSpec/Rails/TravelAround:
+ Enabled: false
+RSpec/RedundantAround:
+ Enabled: false
+RSpec/SkipBlockInsideExample:
+ Enabled: false
+RSpec/SortMetadata:
+ Enabled: false
+RSpec/SubjectDeclaration:
+ Enabled: false
+RSpec/VerifiedDoubleReference:
+ Enabled: false
+Security/CompoundHash:
+ Enabled: false
+Security/IoMethods:
+ Enabled: false
Style/ArgumentsForwarding:
Enabled: false
+Style/ArrayIntersect:
+ Enabled: false
Style/CollectionCompact:
Enabled: false
+Style/ComparableClamp:
+ Enabled: false
+Style/ConcatArrayLiterals:
+ Enabled: false
+Style/DataInheritance:
+ Enabled: false
+Style/DirEmpty:
+ Enabled: false
Style/DocumentDynamicEvalDefinition:
Enabled: false
+Style/EmptyHeredoc:
+ Enabled: false
+Style/EndlessMethod:
+ Enabled: false
+Style/EnvHome:
+ Enabled: false
+Style/FetchEnvVar:
+ Enabled: false
+Style/FileEmpty:
+ Enabled: false
+Style/FileRead:
+ Enabled: false
+Style/FileWrite:
+ Enabled: false
+Style/HashConversion:
+ Enabled: false
+Style/HashExcept:
+ Enabled: false
+Style/IfWithBooleanLiteralBranches:
+ Enabled: false
+Style/InPatternThen:
+ Enabled: false
+Style/MagicCommentFormat:
+ Enabled: false
+Style/MapCompactWithConditionalBlock:
+ Enabled: false
+Style/MapToHash:
+ Enabled: false
+Style/MapToSet:
+ Enabled: false
+Style/MinMaxComparison:
+ Enabled: false
+Style/MultilineInPatternThen:
+ Enabled: false
Style/NegatedIfElseCondition:
Enabled: false
+Style/NestedFileDirname:
+ Enabled: false
Style/NilLambda:
Enabled: false
+Style/NumberedParameters:
+ Enabled: false
+Style/NumberedParametersLimit:
+ Enabled: false
+Style/ObjectThen:
+ Enabled: false
+Style/OpenStructUse:
+ Enabled: false
+Style/OperatorMethodCall:
+ Enabled: false
+Style/QuotedSymbols:
+ Enabled: false
Style/RedundantArgument:
Enabled: false
+Style/RedundantConstantBase:
+ Enabled: false
+Style/RedundantDoubleSplatHashBraces:
+ Enabled: false
+Style/RedundantEach:
+ Enabled: false
+Style/RedundantHeredocDelimiterQuotes:
+ Enabled: false
+Style/RedundantInitialize:
+ Enabled: false
+Style/RedundantLineContinuation:
+ Enabled: false
+Style/RedundantSelfAssignmentBranch:
+ Enabled: false
+Style/RedundantStringEscape:
+ Enabled: false
+Style/SelectByRegexp:
+ Enabled: false
+Style/StringChars:
+ Enabled: false
Style/SwapValues:
Enabled: false
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
index 2f1e4f7..6da8d47 100644
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -1,6 +1,6 @@
{
"recommendations": [
"puppet.puppet-vscode",
- "rebornix.Ruby"
+ "Shopify.ruby-lsp"
]
}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 34729a9..5f6c51c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,31 @@
All notable changes to this project will be documented in this file.
+## Release 3.0.0
+
+**Upgrade warning**
+
+The following default parameters for passwords have been removed from the module.
+- observium::db_password
+- observium::rootdb_password
+- observium::snmpv3_authpass
+- observium::snmpv3_cryptopass
+- observium::admin_password
+
+If you were relying on these defaults you will need to set them in your control repo hiera before upgrading to 3.0.0. Passwords and other sensitive data in your control repo should be encrypted and protected, see https://www.puppet.com/docs/puppet/8/securing-sensitive-data.html.
+
+**Features**
+
+- Added support for RHEL9
+- Added support for stdlib 9.0 or later. **Note:** the observium module itself supports stdlib 9, however its dependencies did not. When upgrading to stdlib 9 please ensure you upgrade other dependant modules.
+- Incorporated security recommendations from baile320, removal of default passwords.
+- Bumped module dependencies to later versions.
+- Bumped PDK version to 3.2.0.
+- Lint and other minor fixes.
+- Added lint, unit and litmus tests within Github actions pipeline.
+
+Thanks to https://github.com/baile320 for their security recommendations for this release. :)
+
## Release 2.0.0
**Features**
diff --git a/Gemfile b/Gemfile
index 4ffa786..7a9ef2e 100644
--- a/Gemfile
+++ b/Gemfile
@@ -14,30 +14,35 @@ def location_for(place_or_version, fake_version = nil)
end
group :development do
- gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
- gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
- gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
- gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
- gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
- gem "voxpupuli-puppet-lint-plugins", '~> 3.1', require: false
- gem "facterdb", '~> 1.18', require: false
- gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0', require: false
- gem "puppetlabs_spec_helper", '>= 3.0.0', '< 5.0.0', require: false
- gem "rspec-puppet-facts", '~> 2.0', require: false
- gem "codecov", '~> 0.2', require: false
- gem "dependency_checker", '~> 0.2', require: false
- gem "parallel_tests", '~> 3.4', require: false
- gem "pry", '~> 0.10', require: false
- gem "simplecov-console", '~> 0.5', require: false
- gem "puppet-debugger", '~> 1.0', require: false
- gem "rubocop", '= 1.6.1', require: false
- gem "rubocop-performance", '= 1.9.1', require: false
- gem "rubocop-rspec", '= 2.0.1', require: false
- gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
+ gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "deep_merge", '~> 1.0', require: false
+ gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
+ gem "facterdb", '~> 1.18', require: false
+ gem "metadata-json-lint", '~> 4.0', require: false
+ gem "rspec-puppet-facts", '~> 3.0', require: false
+ gem "dependency_checker", '~> 1.0.0', require: false
+ gem "parallel_tests", '= 3.12.1', require: false
+ gem "pry", '~> 0.10', require: false
+ gem "simplecov-console", '~> 0.9', require: false
+ gem "puppet-debugger", '~> 1.0', require: false
+ gem "rubocop", '~> 1.50.0', require: false
+ gem "rubocop-performance", '= 1.16.0', require: false
+ gem "rubocop-rspec", '= 2.19.0', require: false
+ gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
+end
+group :development, :release_prep do
+ gem "puppet-strings", '~> 4.0', require: false
+ gem "puppetlabs_spec_helper", '~> 7.0', require: false
end
group :system_tests do
- gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby]
- gem "serverspec", '~> 2.41', require: false
+ gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
+ gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw]
+ gem "serverspec", '~> 2.41', require: false
end
puppet_version = ENV['PUPPET_GEM_VERSION']
diff --git a/README.md b/README.md
index 540e378..f03fd38 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ A Puppet module which installs and configures Observium monitoring software. For
1. [Setup - The basics of getting started with observium](#setup)
* [What observium affects](#what-observium-affects)
* [Setup requirements](#setup-requirements)
+ * [Password requirements](#password-requirements)
* [Beginning with observium](#beginning-with-observium)
1. [Usage - Configuration options and additional functionality](#usage)
1. [Limitations - OS compatibility, etc.](#limitations)
@@ -52,16 +53,51 @@ Please ensure you meet the dependency requirements and have the following in you
- puppet-snmp
- puppet-firewalld - only required for RHEL and if managing firewall
- puppetlabs-resource_api
-- domkrm-ufw - only required for Ubuntu and if managing firewall
+- puppetlabs-firewall - only required for Ubuntu and if managing firewall
- puppetlabs-translate
- camptocamp-systemd
+### Password requirements
+
+Beginning with the 3.0.0 release, default passwords are no longer provided by this module. This was a insecure default as every instances of observium setup with these defaults would use the same passwords.
+
+With the removal of the default, users now need to specify these password when using this module. There are two methods to do this in Puppet.
+
+1. Via parameters through resource like declarations. (Least preferred as you cannot protect these values)
+```
+class { 'observium':
+ db_password => 'your_password_here',
+ rootdb_password => 'your_password_here',
+ snmpv3_authpass => 'your_password_here',
+ snmpv3_cryptopass => 'your_password_here',
+ admin_password => 'very_secure',
+}
+```
+
+2. Via environment hiera. (Preferred as we can encrypt these values)
+Within environment hiera place the values like shown.
+```
+---
+observium::db_password: "your_password_here"
+observium::rootdb_password: "your_password_here"
+observium::snmpv3_authpass: "your_password_here"
+observium::snmpv3_cryptopass: "your_password_here"
+observium::admin_password: "very_secure"
+```
+
+These values should be encrypted using the [hiera-eyaml][11] gem. See Puppet [documentation][12].
### Beginning with observium
In its most basic form you can install observium by
```
-include observium
+class { 'observium':
+ db_password => 'your_password_here',
+ rootdb_password => 'your_password_here',
+ snmpv3_authpass => 'your_password_here',
+ snmpv3_cryptopass => 'your_password_here',
+ admin_password => 'very_secure',
+}
```
## Usage
@@ -118,6 +154,7 @@ Tested with the following setups.
- RHEL
- 7
- 8
+ - 9
- Rocky
- 8
- Ubuntu
@@ -134,7 +171,7 @@ RHEL 7 requires the following yum repos for installation - these will be automat
- [remi-php72][7]
- [remi-safe][8]
-RHEL 8 require the follwing yum repos for installation - these will be automatically added if you host has internet connection.
+RHEL 8 requires the following yum repos for installation - these will be automatically added if you host has internet connection.
- [EPEL][4]
- [OpenNMS common][5]
@@ -145,6 +182,17 @@ RHEL 8 require the follwing yum repos for installation - these will be automatic
```
- [remi-safe][10]
+RHEL 9 requires the following yum repos for installation - these will be automatically added if you host has internet connection.
+
+- [EPEL][4]
+- [OpenNMS common][5]
+- [OpenNMS RHEL9][13]
+- [remi-modular][14] - note you will need to enable php8.2 after adding this repo
+```
+/bin/dnf module -y install php:remi-8.2
+```
+- [remi-safe][14]
+
## Upgrading Observium
Please see [Upgrading][2] steps from Observium to upgrade. If you are managaing Observium with Puppet,
@@ -175,4 +223,7 @@ If you find any issues with this module, please log them in the issues register
[8]: http://cdn.remirepo.net/enterprise/7/safe/mirro
[9]: https://yum.opennms.org/stable/rhel8/
[10]: https://rpms.remirepo.net/enterprise/8/
-
+[11]: https://github.com/voxpupuli/hiera-eyaml
+[12]: https://www.puppet.com/docs/puppet/8/securing-sensitive-data.html
+[13]: https://yum.opennms.org/stable/rhel9/
+[14]: https://rpms.remirepo.net/enterprise/9/
diff --git a/REFERENCE.md b/REFERENCE.md
index 7e71c0f..773c6ad 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -15,8 +15,8 @@
* `observium::apache`: Class: observium::apache inherits observium Configure apache server with virtual host for observium
* `observium::config`: Class: observium::config Configure observium configuration files lint:ignore:140chars lint:ignore:arrow_alignment
* `observium::database_init`: Class: obversium Init the observium database after install. lint:ignore:140chars
+* `observium::firewall`: Class: observium::firewall Manage iptables on ubuntu
* `observium::firewalld`: Class: observium::firewall Manages firewall and opens ports for observium
-* `observium::firewallufw`: Class: observium::firewallufw Manage UFW on ubuntu
* `observium::install`: Class: observium::install Creates folder structure for Observium, and install from tar
* `observium::mariadb`: Class: observium::mariadb Install mysql or mariadb - OS dependant
* `observium::packages`: Class: observium::packages Installs required packges for observium
@@ -46,165 +46,172 @@ include observium
The following parameters are available in the `observium` class:
-* [`auth_mechanism`](#auth_mechanism)
-* [`db_password`](#db_password)
-* [`rootdb_password`](#rootdb_password)
-* [`download_url`](#download_url)
-* [`installer_name`](#installer_name)
-* [`install_dir`](#install_dir)
-* [`db_host`](#db_host)
-* [`db_user`](#db_user)
-* [`db_charset`](#db_charset)
-* [`db_collate`](#db_collate)
-* [`community`](#community)
-* [`snmpv3_authlevel`](#snmpv3_authlevel)
-* [`snmpv3_authname`](#snmpv3_authname)
-* [`snmpv3_authpass`](#snmpv3_authpass)
-* [`snmpv3_authalgo`](#snmpv3_authalgo)
-* [`snmpv3_cryptopass`](#snmpv3_cryptopass)
-* [`snmpv3_cryptoalgo`](#snmpv3_cryptoalgo)
-* [`mib_locations`](#mib_locations)
-* [`additional_mib_location`](#additional_mib_location)
-* [`additional_snmp_conf_options`](#additional_snmp_conf_options)
-* [`fping_location`](#fping_location)
-* [`email_default`](#email_default)
-* [`email_from`](#email_from)
-* [`admin_password`](#admin_password)
-* [`apache_bind_ip`](#apache_bind_ip)
-* [`apache_access_log`](#apache_access_log)
-* [`apache_error_log`](#apache_error_log)
-* [`apache_custom_options`](#apache_custom_options)
-* [`apache_auth_require`](#apache_auth_require)
-* [`apache_hostname`](#apache_hostname)
-* [`apache_port`](#apache_port)
-* [`apache_sslport`](#apache_sslport)
-* [`custom_ssl_cert`](#custom_ssl_cert)
-* [`custom_ssl_key`](#custom_ssl_key)
-* [`manage_repo`](#manage_repo)
-* [`manage_selinux`](#manage_selinux)
-* [`manage_fw`](#manage_fw)
-* [`manage_snmp`](#manage_snmp)
-* [`manage_mysql`](#manage_mysql)
-* [`manage_apache`](#manage_apache)
-* [`manage_apachephp`](#manage_apachephp)
-* [`manage_ssl`](#manage_ssl)
-* [`repos`](#repos)
-* [`gpgkeys`](#gpgkeys)
-* [`observium_additional_conf`](#observium_additional_conf)
-
-##### `auth_mechanism`
+* [`auth_mechanism`](#-observium--auth_mechanism)
+* [`db_password`](#-observium--db_password)
+* [`rootdb_password`](#-observium--rootdb_password)
+* [`download_url`](#-observium--download_url)
+* [`installer_name`](#-observium--installer_name)
+* [`install_dir`](#-observium--install_dir)
+* [`db_host`](#-observium--db_host)
+* [`db_user`](#-observium--db_user)
+* [`db_charset`](#-observium--db_charset)
+* [`db_collate`](#-observium--db_collate)
+* [`community`](#-observium--community)
+* [`snmpv3_authlevel`](#-observium--snmpv3_authlevel)
+* [`snmpv3_authname`](#-observium--snmpv3_authname)
+* [`snmpv3_authpass`](#-observium--snmpv3_authpass)
+* [`snmpv3_authalgo`](#-observium--snmpv3_authalgo)
+* [`snmpv3_cryptopass`](#-observium--snmpv3_cryptopass)
+* [`snmpv3_cryptoalgo`](#-observium--snmpv3_cryptoalgo)
+* [`snmpd_agentaddress`](#-observium--snmpd_agentaddress)
+* [`mib_locations`](#-observium--mib_locations)
+* [`additional_mib_location`](#-observium--additional_mib_location)
+* [`additional_snmp_conf_options`](#-observium--additional_snmp_conf_options)
+* [`fping_location`](#-observium--fping_location)
+* [`email_default`](#-observium--email_default)
+* [`email_from`](#-observium--email_from)
+* [`admin_password`](#-observium--admin_password)
+* [`apache_bind_ip`](#-observium--apache_bind_ip)
+* [`apache_access_log`](#-observium--apache_access_log)
+* [`apache_error_log`](#-observium--apache_error_log)
+* [`apache_custom_options`](#-observium--apache_custom_options)
+* [`apache_auth_require`](#-observium--apache_auth_require)
+* [`apache_hostname`](#-observium--apache_hostname)
+* [`apache_port`](#-observium--apache_port)
+* [`apache_sslport`](#-observium--apache_sslport)
+* [`custom_ssl_cert`](#-observium--custom_ssl_cert)
+* [`custom_ssl_key`](#-observium--custom_ssl_key)
+* [`manage_repo`](#-observium--manage_repo)
+* [`manage_selinux`](#-observium--manage_selinux)
+* [`manage_fw`](#-observium--manage_fw)
+* [`manage_snmp`](#-observium--manage_snmp)
+* [`manage_mysql`](#-observium--manage_mysql)
+* [`manage_apache`](#-observium--manage_apache)
+* [`manage_apachephp`](#-observium--manage_apachephp)
+* [`manage_ssl`](#-observium--manage_ssl)
+* [`repos`](#-observium--repos)
+* [`gpgkeys`](#-observium--gpgkeys)
+* [`observium_additional_conf`](#-observium--observium_additional_conf)
+
+##### `auth_mechanism`
Data type: `String`
Auth mechanism to use
default: mysql
-##### `db_password`
+##### `db_password`
Data type: `String`
Mysql password for observium user - default 'changeme'
-##### `rootdb_password`
+##### `rootdb_password`
Data type: `String`
Mysql root password - default 'hello123'
-##### `download_url`
+##### `download_url`
Data type: `String`
Url to the installer, IE http://observium.com/, can be a file path - default 'http://www.observium.org/'
-##### `installer_name`
+##### `installer_name`
Data type: `String`
Installer name, IE observium-installer.tar - default 'observium-community-latest.tar.gz'
-##### `install_dir`
+##### `install_dir`
Data type: `String`
Install directory - default '/opt/observium'
-##### `db_host`
+##### `db_host`
Data type: `String`
Database host to use - default 'localhost'
-##### `db_user`
+##### `db_user`
Data type: `String`
Database user to use - default 'observium'
-##### `db_charset`
+##### `db_charset`
Data type: `String`
Database charset to use - default 'utf8' Ubuntu 22.04 'utf8mb3'
-##### `db_collate`
+##### `db_collate`
Data type: `String`
Database collate to use - default 'utf8_general_ci' Ubuntu 22.04 'utf8mb3_general_ci'
-##### `community`
+##### `community`
Data type: `String`
Default SNMP community to configure - default 'puppet'
-##### `snmpv3_authlevel`
+##### `snmpv3_authlevel`
Data type: `Enum['noAuthNoPriv','authNoPriv','authPriv']`
Default SNMP authlevel to use - default 'authPriv'
Valid options - ['noAuthNoPriv','authNoPriv','authPriv']
-##### `snmpv3_authname`
+##### `snmpv3_authname`
Data type: `String`
SNMP Authname SNMPv3 user - default 'observium'
-##### `snmpv3_authpass`
+##### `snmpv3_authpass`
Data type: `String`
Auth password - min 8 character
-##### `snmpv3_authalgo`
+##### `snmpv3_authalgo`
Data type: `Enum['SHA','MD5']`
Auth algorithm - defualt 'SHA'
Valid options - ['SHA','MD5']
-##### `snmpv3_cryptopass`
+##### `snmpv3_cryptopass`
Data type: `String`
Crypto pass - min 8 character
-##### `snmpv3_cryptoalgo`
+##### `snmpv3_cryptoalgo`
Data type: `Enum['AES','DES']`
Crypto algorithm - default 'AES'
Valid options - ['AES','DES']
-##### `mib_locations`
+##### `snmpd_agentaddress`
+
+Data type: `Array`
+
+An array of addresses, on which snmpd will listen for queries. - default ['udp:127.0.0.1:161','udp6:[::1]:161']
+
+##### `mib_locations`
Data type: `Array`
Miblocations for observium to add to snmp.conf, default ['/opt/observium/mibs/rfc','/opt/observium/mibs/net-snmp']
-##### `additional_mib_location`
+##### `additional_mib_location`
Data type: `Array`
@@ -212,7 +219,7 @@ Additional mib locations to add to snmp.conf. Appended to built in mib_locations
Default value: `[]`
-##### `additional_snmp_conf_options`
+##### `additional_snmp_conf_options`
Data type: `Array`
@@ -220,31 +227,31 @@ Additional options to add to snmp.conf. default []
Default value: `[]`
-##### `fping_location`
+##### `fping_location`
Data type: `String`
Change if fping is in a non default locaiton - default, RHEL '/sbin/fping' Ubuntu '/usr/bin/fping'
-##### `email_default`
+##### `email_default`
Data type: `String`
Not setup yet, use additional config option to setup email default
-##### `email_from`
+##### `email_from`
Data type: `String`
Not setup yet, use additional config option to setup email from
-##### `admin_password`
+##### `admin_password`
Data type: `String`
Admin password for the default admin observium user - default 'changeme'
-##### `apache_bind_ip`
+##### `apache_bind_ip`
Data type: `String`
@@ -252,19 +259,19 @@ Bind IP address - default $facts['ipaddress']
Default value: `$facts['networking']['ip']`
-##### `apache_access_log`
+##### `apache_access_log`
Data type: `Stdlib::Unixpath`
Apache access log file - default '/opt/observium/logs/access_log'
-##### `apache_error_log`
+##### `apache_error_log`
Data type: `Stdlib::Unixpath`
Apache error log file - default '/opt/observium/logs/error_log'
-##### `apache_custom_options`
+##### `apache_custom_options`
Data type: `Hash`
@@ -279,13 +286,13 @@ observium::apache_custom_options:
```
Default value: {}
-##### `apache_auth_require`
+##### `apache_auth_require`
Data type: `String`
Apache auth require parameter - default 'all granted'
-##### `apache_hostname`
+##### `apache_hostname`
Data type: `String`
@@ -293,99 +300,99 @@ Apache hostname for observium site - default $facts['hostname']
Default value: `$facts['networking']['hostname']`
-##### `apache_port`
+##### `apache_port`
Data type: `Stdlib::Port`
Apache non SSL port - note if SSL is enabled this will have no effect - default '80'
-##### `apache_sslport`
+##### `apache_sslport`
Data type: `Stdlib::Port`
Apache SSL port - note if SSL isn't enable this will have no effect - defautl '443'
-##### `custom_ssl_cert`
+##### `custom_ssl_cert`
Data type: `String`
Path to SSL certificate, note this module will automatically create a cert in this location '/etc/ssl/observium_cert.pem' - default '/etc/ssl/observium_cert.pem'
-##### `custom_ssl_key`
+##### `custom_ssl_key`
Data type: `String`
Path to SSL certificate key, note this module will automatically create a key in this location '/etc/ssl/observium_key.pem' - default '/etc/ssl/observium_key.pem'
-##### `manage_repo`
+##### `manage_repo`
Data type: `Boolean`
Manage repo, RHEL only, - default true
-##### `manage_selinux`
+##### `manage_selinux`
Data type: `Boolean`
Manage selinux, RHEL only. This will set selinux to permissive mode as observium havn't published a selinux profile - default true
-##### `manage_fw`
+##### `manage_fw`
Data type: `Boolean`
Manage firewalld on RHEL. UFW on ubuntu. - default RHEL true, Ubuntu false
-##### `manage_snmp`
+##### `manage_snmp`
Data type: `Boolean`
Configure snmpd on the observium and add to observium - default true
-##### `manage_mysql`
+##### `manage_mysql`
Data type: `Boolean`
Install and configure mysql, - default true
-##### `manage_apache`
+##### `manage_apache`
Data type: `Boolean`
Install and configure Apache, - defalt true
-##### `manage_apachephp`
+##### `manage_apachephp`
Data type: `Boolean`
Configure Apachemod php, - default true
-##### `manage_ssl`
+##### `manage_ssl`
Data type: `Boolean`
Setup the web site as SSL. If no cert provided, a self signed one will be used. - default false
-##### `repos`
+##### `repos`
Data type: `Optional[Hash]`
Customise repoistory locations for RedHat
-Default value: ``undef``
+Default value: `undef`
-##### `gpgkeys`
+##### `gpgkeys`
Data type: `Optional[Hash]`
Customise GPG keys for RedHat
-Default value: ``undef``
+Default value: `undef`
-##### `observium_additional_conf`
+##### `observium_additional_conf`
Data type: `Optional[Array]`
Array of additional configurations options to add to /opt/observium/config.php
-Default value: ``undef``
+Default value: `undef`
diff --git a/Rakefile b/Rakefile
index 0f8754e..77590fe 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,89 +1,9 @@
# frozen_string_literal: true
require 'bundler'
-require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any?
+require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax'
-require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
-require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any?
-require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any?
-
-def changelog_user
- return unless Rake.application.top_level_tasks.include? "changelog"
- returnVal = nil || JSON.load(File.read('metadata.json'))['author']
- raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
- puts "GitHubChangelogGenerator user:#{returnVal}"
- returnVal
-end
-
-def changelog_project
- return unless Rake.application.top_level_tasks.include? "changelog"
-
- returnVal = nil
- returnVal ||= begin
- metadata_source = JSON.load(File.read('metadata.json'))['source']
- metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z})
-
- metadata_source_match && metadata_source_match[1]
- end
-
- raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil?
-
- puts "GitHubChangelogGenerator project:#{returnVal}"
- returnVal
-end
-
-def changelog_future_release
- return unless Rake.application.top_level_tasks.include? "changelog"
- returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
- raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
- puts "GitHubChangelogGenerator future_release:#{returnVal}"
- returnVal
-end
+require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
PuppetLint.configuration.send('disable_relative')
-
-
-if Bundler.rubygems.find_name('github_changelog_generator').any?
- GitHubChangelogGenerator::RakeTask.new :changelog do |config|
- raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
- config.user = "#{changelog_user}"
- config.project = "#{changelog_project}"
- config.future_release = "#{changelog_future_release}"
- config.exclude_labels = ['maintenance']
- config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
- config.add_pr_wo_labels = true
- config.issues = false
- config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
- config.configure_sections = {
- "Changed" => {
- "prefix" => "### Changed",
- "labels" => ["backwards-incompatible"],
- },
- "Added" => {
- "prefix" => "### Added",
- "labels" => ["enhancement", "feature"],
- },
- "Fixed" => {
- "prefix" => "### Fixed",
- "labels" => ["bug", "documentation", "bugfix"],
- },
- }
- end
-else
- desc 'Generate a Changelog from GitHub'
- task :changelog do
- raise < 1.15'
- condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
-EOM
- end
-end
-
diff --git a/data/common.yaml b/data/common.yaml
index cfac302..bb21258 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,7 +1,5 @@
---
observium::auth_mechanism: "mysql"
-observium::db_password: "changeme"
-observium::rootdb_password: "hello123"
observium::download_url: "http://www.observium.org/"
observium::installer_name: "observium-community-latest.tar.gz"
observium::install_dir: "/opt/observium"
@@ -10,10 +8,11 @@ observium::db_user: "observium"
observium::community: "puppet"
observium::snmpv3_authlevel: "authPriv"
observium::snmpv3_authname: "observium"
-observium::snmpv3_authpass: "setme1234"
observium::snmpv3_authalgo: "SHA"
-observium::snmpv3_cryptopass: "setme1234"
observium::snmpv3_cryptoalgo: "AES"
+observium::snmpd_agentaddress:
+ - udp:127.0.0.1:161
+ - udp6:[::1]:161 # need to disable for litmus tests to pass
observium::mib_locations:
- /opt/observium/mibs/rfc
- /opt/observium/mibs/net-snmp
@@ -23,7 +22,6 @@ observium::observium_additional_conf:
- '//extra lines'
- '//as many as you'
- '//would like'
-observium::admin_password: "changeme"
observium::apache_custom_options: {}
observium::apache_auth_require: "all granted"
observium::apache_port: 80
diff --git a/data/os/RedHat-9.yaml b/data/os/RedHat-9.yaml
new file mode 100644
index 0000000..d70189d
--- /dev/null
+++ b/data/os/RedHat-9.yaml
@@ -0,0 +1,85 @@
+---
+observium::repos:
+ epel:
+ ensure: 'present'
+ enabled: 1
+ descr: "Extra Packages for Enterprise Linux %{facts.os.release.major} - $basearch"
+ # mirrorlist: "https://mirrors.fedoraproject.org/metalink?repo=epel-%{facts.os.release.major}&arch=$basearch"
+ metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-%{facts.os.release.major}&arch=$basearch&infra=$infra&content=$contentdir"
+ gpgcheck: 1
+ failovermethod: 'priority'
+ gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-%{facts.os.release.major}"
+ target: '/etc/yum.repos.d/epel.repo'
+ epel-next:
+ ensure: 'present'
+ enabled: 1
+ descr: "Extra Packages for Enterprise Linux %{facts.os.release.major} - Next - $basearch"
+ # mirrorlist: "https://mirrors.fedoraproject.org/metalink?repo=epel-%{facts.os.release.major}&arch=$basearch"
+ metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-next-%{facts.os.release.major}&arch=$basearch&infra=$infra&content=$contentdir"
+ gpgcheck: 1
+ failovermethod: 'priority'
+ gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-%{facts.os.release.major}"
+ target: '/etc/yum.repos.d/epel-next.repo'
+ remi-modular:
+ ensure: 'present'
+ enabled: 1
+ descr: "Remi's Modular repository for Enterprise Linux $releasever - $basearch"
+ mirrorlist: "http://cdn.remirepo.net/enterprise/$releasever/modular/$basearch/mirror"
+ gpgcheck: 1
+ failovermethod: 'priority'
+ gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el%{facts.os.release.major}"
+ target: '/etc/yum.repos.d/epel-next.repo'
+ remi-safe:
+ ensure: 'present'
+ enabled: 1
+ descr: "Safe Remi's RPM repository for Enterprise Linux $releasever - $basearch"
+ mirrorlist: "http://cdn.remirepo.net/enterprise/$releasever/safe/$basearch/mirror"
+ gpgcheck: 1
+ gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el%{facts.os.release.major}"
+ target: '/etc/yum.repos.d/epel-next.repo'
+ opennms-common:
+ ensure: 'present'
+ enabled: 1
+ descr: 'RPMs Common to All OpenNMS Architectures (stable)'
+ baseurl: 'https://yum.opennms.org/stable/common'
+ gpgcheck: 1
+ gpgkey: 'file:///etc/yum.repos.d/opennms-repo-stable-rhel%{facts.os.release.major}.gpg'
+ target: '/etc/yum.repos.d/opennms-repo-stable-rhel%{facts.os.release.major}.repo'
+ opennms-rhel%{facts.os.release.major}:
+ ensure: 'present'
+ enabled: 1
+ descr: 'RedHat Enterprise Linux %{facts.os.release.major}.x and CentOS %{facts.os.release.major}.x (stable)'
+ baseurl: 'https://yum.opennms.org/stable/rhel%{facts.os.release.major}'
+ gpgcheck: 1
+ gpgkey: 'file:///etc/yum.repos.d/opennms-repo-stable-rhel%{facts.os.release.major}.gpg'
+ target: '/etc/yum.repos.d/opennms-repo-stable-rhel%{facts.os.release.major}.repo'
+
+observium::required_packages:
+ - 'wget'
+ - 'php'
+ - 'php-ldap'
+ - 'php-opcache'
+ - 'php-mysqlnd'
+ - 'php-gd'
+ - 'php-posix'
+ - 'php-pear'
+ - 'cronie'
+ - 'net-snmp-utils'
+ - 'fping'
+ - 'python3-PyMySQL'
+ - 'rrdtool'
+ - 'subversion'
+ - 'whois'
+ - 'ipmitool'
+ - 'graphviz'
+ - 'ImageMagick'
+ - 'php-sodium'
+ - 'libvirt'
+ - 'php-json'
+ # - 'python3' Not required for RHEL9
+observium::fping_location: "/sbin/fping"
+observium::apache_user: "apache"
+observium::apache_service: "httpd"
+observium::openssl_location: "/bin/openssl"
+observium::mysql_location: "/bin/mysql"
+observium::apache_php_version: "8"
\ No newline at end of file
diff --git a/data/os/RedHat-9gpg.yaml b/data/os/RedHat-9gpg.yaml
new file mode 100644
index 0000000..6a44ab5
--- /dev/null
+++ b/data/os/RedHat-9gpg.yaml
@@ -0,0 +1,171 @@
+---
+observium::gpgkeys:
+ /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9: # https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
+ content: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp
+ CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6
+ 2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW
+ DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu
+ n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z
+ 39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy
+ XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK
+ 44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS
+ 9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH
+ DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq
+ uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB
+ tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI
+ ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE
+ FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF
+ 3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC
+ nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n
+ R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG
+ 4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe
+ CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL
+ 9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7
+ w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT
+ /yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd
+ fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE
+ r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux
+ VL469Kj5m13T6w==
+ =Mjs/
+ -----END PGP PUBLIC KEY BLOCK-----
+ /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9: # https://rpms.remirepo.net/
+ content: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQINBF/zKcUBEADvJpDrH7Lf8JSyAQxSO7v+q9CWf++NPVL8zBUp99cFAS5+AK8E
+ qbfYTohcNFExuu8fJTzZWubc2HJVqnuvxwpCtb/pvrnIIg935AAjatDqa+5Aib1q
+ bGIQhAy7Rb92JtGfIC7pNqcRPzpurCtIp7SwpEwGI/ScJdmVCMFXrUJnaCYgkvfm
+ +Z6jEp3GCr3Yzw8ewNUeXk/vb0XzlZipDdTSpVcYUjPWn7BxVFUUmscd1WFL+dgD
+ XHJkmtjwU/AV3JcngENMAAxzrZQljL2dveptpI/cmPmBRwMBsneG8RBSiFtSoHy9
+ K/p4letvgAonP5+5rIOPSBglw7heiUfMk+iSuCignTZawgQDxAt6sRY5bDwwtpBB
+ 5rpPLVVm3BRysQ5aiQvZdm7xKfZmb8IoOaEi0EdKp7Txg16KsX9BGo9X4Nj9BK7Y
+ lrOFWIl6V3P8lajbkWictlGw69SiIF4aWyc4F7BiQd12tqCwNOi8AMmhSVhmsJbV
+ PVmN1xTUytD1E85lehF6XCzb2GEojbWF/l2nmNUEf4Fs9pMuoeUbTGN1GOjpQkbd
+ cU+FIAgOv8U7qqEqczRsHf47WlDm8gjV59+/QHPScGZH0/G8+gLmDF7sG65K5gmn
+ VTXQy5VOR4zK/r3o/WFlxa+fWz3guCzzG752FYHWI69fYYhdo0pkFeyJXQARAQAB
+ tEZSZW1pJ3MgUlBNIHJlcG9zaXRvcnkgKGh0dHBzOi8vcnBtcy5yZW1pcmVwby5u
+ ZXQvKSA8cmVtaUByZW1pcmVwby5uZXQ+iQJOBBMBCAA4FiEEsav3HhTJ10iX4Zio
+ sZUn8UePiUcFAl/zKcUCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQsZUn
+ 8UePiUeSXhAAmfIKurragDpYw07jZJEeEKjMkFrt7KKZ7Ll5CuRUy0Hzawj+ug0F
+ 0cKCm+NxRJSQ5Gt4HfPfbcEXPC1+VNsoMCi1/nvHJ+HDXKvf7P8qe09R4gPBesRa
+ Ob3CLPi0nTQIjcCRI/5NiQS9Ia5nOd47+H4dWElhJlP48UIXYZLE4Av4683m7TBM
+ AOQ6m9sSIsl21ktdpTTAxXYdB0+uLWbLssEAwhkFl2NOgi/Eri436eWDEsJeId1v
+ SCWZHVj52ROVm9yy1Me11ELndNKkos4KYR+0PjGBxsCW5Wp56lPtAY4aDQ7KTnjH
+ mEctsvvfPP0agbYC4YAy5wZ4P4MJS2N3TiP64sodAWmuHEf6TvkK6ObFn3QfyQ03
+ pCOIRvE+57U/MUz2qc2/xDIWVwSY9bzKUnfdDidEyaUfM9f6gLbsY2QWJ2uhHul5
+ gzJqkdU5cYNX+Vx3OFna99l9cwLsqQ4AX4zkJl2BQggOfsfFOYn5huXlF0fyjG5r
+ CLPxVqNdDRPfF/daFXt/6RrsZcANzjI9bkLxWYHDi12NJonnpouhcI5XsjgeXKmf
+ g6iw5/+VAGc6ATgQJmZ+7WJbuIKxBYTEE8NHhpouIzAiGP2ZfYnAhFp159IPwOCO
+ 0U9Aqp55JU7uJetD8zQ/muir8zYEIneizaCIiPT3GgdgpcHFg0rQbX+5Ag0EX/Mp
+ xQEQANlkm5nSNiuQAPO3/mbxQuPAQoVoGfPR5nv093vjQVPJ+4OAZjoXaVCxfkiI
+ VK1sAPv+4qUJh+SLr7LDEOWFrJo5yXImePUoMZxpx3MqzuX/Dwx62zY84m5ylRkb
+ hVDpnGd+zS0R/QA8l57Xw1amDdRzua18b6ldzHoEdxeQ18LzBJ2oCJ/UYD1XzQAJ
+ 7odWJmJMiCYBT2OKEpfEVkxV3layd8g4qGEaxrWn4ZeDyfhGoNmkGsm85DLHLctL
+ lcAowEVK9PKsLlGhEAYybjVj5dnep1AibbPFUQMslm/bj7JvWFc9vZ97vqvOMstm
+ QXpEwl9rQ5W+adEsgvAwY6dCsZJwt6pnqFiWUpGs0M0XC9InXm643zNPXPwDQmCt
+ d2kRSKElZD0u0zCyBtoN3ng1A/o3FDilgMUm0Mabk4+cRsmpSVHcSdKW6xizxMqp
+ YW5Shwc0qXQOhK+mO3CWol7dtUB+d5a/1C3UIH62ZMsWXOLzZkFHiqKuoRgaM4eA
+ rw5B3o/EVU5RBBaE3kM7VYa1PTCbNTQM39bT2h3DUDhWBD+gefiOgeoAhHaURHoI
+ YQqRnmuCxEpEEZvrLN8Le7mNveNAHli+xoxCju7t4GPT7Jfe8B3RNTz2G2zd4PA4
+ q8rVvC3AbkZWrzZ+4bK3ixZN5s5E/xuohDyHTnLFzj6KugHLABEBAAGJAjYEGAEI
+ ACAWIQSxq/ceFMnXSJfhmKixlSfxR4+JRwUCX/MpxQIbDAAKCRCxlSfxR4+JR+pu
+ D/9SNtGC8m7G8xtJcGjm5gX+5qIMCaymJgXjmMQ47Hb9qb+jLCC7/esOqaSq0C4M
+ n3s46wm40LkC2cLKFRPrNAA88tOJA3jkmBP7sGKVBxuBF6rarEOadXcd/6NWD1la
+ LogqrknhGpqxAv0Wf/LW1VFgz1h32dOFhT22K5jA5xpNCTW1gTCf3yOcWdMf6g3D
+ nG/ciSzAdl5ZV+dLsWu0i1aqOuq9GtMp2OiiwU4KeA20+3p3bn7+WfXLK7PWLEle
+ fMVWEBq2LQjpCIOYuW8UVEJP0JR6zVN7MROfXHjXETIE1UEmRO3NGkbpWIh98Qn2
+ vJ5wW9i3yfmE5bDkI4/Bk7yfWGZVeCyJxmg7tZx4d57WujwlZG66G5GjqaXtW3vk
+ ji71d8pib4I8ZlZrj/d8SAxwvsnnCAvrNp4eLYbdW/MpLXwvd64sUoll4UW872qN
+ bfBEhVA4QAa8P98UXs4YuIq7dhNdf3Oqzt8BsxMCRZ7WldhdVKOFBdrYS8JymWDG
+ zp88wcqChyLHRQw6On9jnmeXLOLx/K4mnOwMs+YpICSUWorbOZxBIV0som47MgLC
+ x6oQFn/9pfOD8vOmTk1c0GsMRC1embxO62TqwRtlpRpgQxeyY1VgeJPxRff5chwM
+ CmuPjl1YneigbUiUoEqmvPLpkXRAHY/BZcN2mm1jNWgzjQ==
+ =xAif
+ -----END PGP PUBLIC KEY BLOCK-----
+ /etc/yum.repos.d/opennms-repo-stable-rhel9.gpg:
+ content: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQGiBE8cWjoRBACVT11pxtPwvUeP3EbCG56IRnkUyEhdf0Daj9wGeFbY9I6nRr31
+ U/YqrDDMKyGBYCBRJ3FxrzNfSfUX8WVD4FtxhAmqyC3+nTn9PqdSLbVePuuFDyba
+ Q/AGKclRAPSCbqR2YjZQVy3ITxiUQ8SpRE37cvSlgLOTsYpbwXpSTy02MwCgi74K
+ jOxF3KP2xECe7GSo9Xmul30D/jDbbmmGQ3OcrNi1inVcOk7OFyObtX5pIR+oMvBV
+ 6MBlexGLeNgKGjbptURnX8OqXIwVMA6dunbKOgj+5HACOkN00ead9nJ8njrvwlEL
+ 3WD9xT4c9CejiaykKoNn752LQFRopX1/eLMmKu5iY55GRItEeIIounYdljHaN9Ms
+ OzJ1A/9kPJilfG8/9nMK2U2cszZu/z13xchBtz+aLs1fvPF7ZT3zS7Fqzl1FLRZn
+ 5fp5W6ZCao1ZLJtykAgXmdnNkRucem5kzFqCA3+gtG++GRs7K/4G+BhbjQ8ydHwc
+ aklq8dnYXiOC6ffAWNrWJ20ULkWayjImm3RIAXqupi7o26J/EbQ5T3Blbk5NUyBT
+ aWduaW5nIEtleSAyMDEyICgxMDI0LWJpdCkgPG9wZW5ubXNAb3Blbm5tcy5vcmc+
+ iGYEExECACYFAk8cWjoCGwMFCQWjmoAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
+ CRBXgB9vW579Q5FNAJwOfC/jnud3i/pfTxjvHiEQA2QpjgCfe3ydUPAbPdV0m3jx
+ zfwq5+3WQg2IZgQTEQIAJgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJUwANF
+ BQkPCaqLAAoJEFeAH29bnv1D9RwAn20L7xnR4tSygZqqKkxcC5sAFrMpAJ9DtClb
+ 7O1zrHthZ2UTZIPpom1KAIhgBBMRAgAgAhsDBgsJCAcDAgQVAggDBBYCAwECHgEC
+ F4AFAlTGpjAACgkQV4Afb1ue/UPpbQCfcuVbOndjUyNpgDF5JssmuK6vd1QAn09b
+ X/1mcaESjKICe0BRV7N+0bFvuQENBE8cWjoQBACzbdh9E3rBWncNoNCmp+i+sQI4
+ 69+6m/vNVxUYpP79Vq4wC1Mn+JVtqUnY907Inux/gzoeedALDRNQR//mbTKzOrjA
+ iG98BGP7qd6kJJcXXJK1OmPxPOVvHbh2IMg1N0sGSsYHosOgEPKik/Mg8u7Angxz
+ 5WjJd6VgYPFLv/pgXwADBQP+P/mppqcQsSsUXEowEOHp4spVFBkZT0f4v7QAa/39
+ +i0NfhoFxVG1G4rtiAFnW6ShYWkbexhKVoP7i7MZdBj8vlvP94QGtM9BxuBqIIzy
+ 2qIZNJ1/ISd1bHUq5D3XetV5z4WEtYmlkVs1HLpdMXrq40D5CuKWGjgmXq0CNeUE
+ 3bmITwQYEQIADwUCTxxaOgIbDAUJBaOagAAKCRBXgB9vW579QygTAJ9uOybiQ5w3
+ 7HhNxEn+bjAAaOB4wACdH62fHMTduH4Cm+zYIoKj/hWb0aWISQQYEQIACQIbDAUC
+ VMamGwAKCRBXgB9vW579Q/4vAJwLgBtbY9eBETaFXFeEpBSMeqoDCwCeOUqvKV5U
+ OnRUAWJ91FGZtqVJUWg=
+ =/H8o
+ -----END PGP PUBLIC KEY BLOCK-----
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQINBGO2+DMBEACqqpzXnYYNuBYYbKGqrc21NmPEcl6w3/kzxfm7RpLK7Cr8DPSn
+ GMzpfX/iCcf1jFjhWH7fc0Yx3lYLDEEDpfIjd+ix6TucnXXIvAZyp6DtClUXYV4y
+ wzH49hzDuE5BxxpdkayHYj0u//jWXHHSG2PPt4nK3XQfdcx+duMVcZhP9G9EOE/N
+ j4J+GagICQcKW6Uen278m1/+/0KQG3LsYl9u7QVsCXJtSzdMhoMzZxoG3mwu3FLe
+ mRSOtCgIHTRVvczxLCGEXrwhDssrKsR95GmBvcnu1odL/TGL8r8kHz0dR/35uUlv
+ +4Noj1Cs05xuj8kXg4Yf8MoqyIi+nX/sOVOxQ3ZpNi1OkJ80OrYzceZgWoagdtiI
+ 6MlztY1uefSYE9tf8kpfGYn6mmS7BNfKl7La1HbV/fIHJGb86iwf57Mphd0NeGYZ
+ itlJJiYD5YuyKugUac0YerA5xTxG7cWVcstahPbIqbiakg2i8N8P9Rhq5DF/lYtP
+ D/v8JEJGzopR/xLCpRytxqiYvS+GVgm6P0Y63SbkyXudAVapZt2E3chMdZK9OWw9
+ mvyiF7Yb9cmFbvbwkfilObIlyk4Uw8BXLTKpr66ouxYdEVT0OegXgeoIJpaIWacS
+ IDXSIuVRxF4vvaT0QTPrW3BhxIxib0zKgjaOJhbpqWXoYIohejNbVT/EEQARAQAB
+ tC5PcGVuTk1TIFNpZ25pbmcgS2V5IDIwMjMgPG9wZW5ubXNAb3Blbm5tcy5vcmc+
+ iQJRBBMBCAA7FiEEcB4UX+Jig/jAc7quaXZ3JDJg0HEFAmO2+DMCGwMFCwkIBwIC
+ IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQaXZ3JDJg0HHnqRAAhXcAa6D0EAAFyvTw
+ ndCKQuWkebB0H297dp28vDPUB7qx60o63Ix13Qixmn5w/8ToZw5oBp5CRPp5O9Vj
+ Xe4P4IA0jFCdHnW3aeaz25IjRvwwlUZfOal8L5abDtfXTypTLYzjjU/4MAcaG0LR
+ 9WKOzYiu9YM05AbVCJHhNvecNMBIFKxWqem4UAjVrl2D/8f/IBg44fG5SVewSK9e
+ oj9wJ9Z6QOoX7nJSU8mymvHXBnW7H4WFRt0LwG88rxZQMMBgvnmcIpwNLCo2GWcS
+ 0Z/eW+4T875Q/+rGOcFBzqEluCTRMPAQILObJXgjwDlJZEJqB7EdBWxm3i2KleBt
+ eRsDRxpqjWltmLgVIxFxekDouHxXIE3TOLXVGZpgXd9+WyPdWVfVBfWb/1EaBPJS
+ kPCbxKiDBkIR2qp9ZyOp3juicVTyeBED7JnkeQHdFidYBcyGDK2EdRyAZY51WDOy
+ Bnn6MEBJWWLCOPLTKJ/4LRE6oNMTf+duHKOHPmfF838tBZI6HF0KYuYVmvBhXsOt
+ m2XKPgxzy709z889arfc5VXocqH9kTlmXSd6fZyPvJVAoRjSTRFXZEYYCaaoPdIZ
+ BELlr7f4hxDSMR6HDnsbT2U2ppsqc1OU0XEB4ji9d2UQh+MJ+aWFRynhCXXnPViD
+ pdiQSlv6wyVdSoR6Psp+KyttqBe5Ag0EY7b4MwEQALQOOt0m770AoUmEmjL9v+8b
+ S8Rm3xRo7QuROQmZT7AtCT1R43KxFtoFqqiBSJJZAguhsijbtUdckwuv+K0uk2wc
+ H4P1Ph+j9LeqEFA8mDDJJQOX44ZKWfyry5VmOjjEj7ss6igkaw3Qj9f5mVNYKsVx
+ SKoevItr2hy5uIYL6YrP9ugr6w9oQz0bel6um9lfEUha/vJxFX9gLPI4Nby8npSX
+ T4eCfuWU6zFxD+l+EzNkyvisZ3GX5Vvd4b0+iMtcDQU8/fjAjzxyxtoGbVXdUlnT
+ m/kcK4vB7CHKtZG47tprR7h7p/v/nRU86yPtDK1t6ATFgh8vODHGf/a+A/ge4e+W
+ y1Vxfja6evw4p3OGpi3GFd7ECnH+O4WzcPkIV0dORaq6m9Al3X267AUBINH3H/Ds
+ RqO0UXHaIcR0NNZooG08N4QoGEErJsway/x6N5RaH56maSbmMBWUDcqvSCS1XR71
+ gWDa64r+AUQGH22aHCvNglLes3QK2OmUqz9Rd7MyOAxx/PcIndNWlRMqDdpp2RyM
+ RVcWKDS+9joZGJOVq8xWURC+4E/SZ+xNUhGL0imIOjNzXyZAiCBk0yO6ksJY2MZA
+ UQ5G3q9HDUpAORYkP+4HE+AGnPCkRRFJ2JrCD4/IxZdpJaxs/1lpNImiXjF70XI7
+ Ooc0+DxLcFGQHd9IuNexABEBAAGJAjYEGAEIACAWIQRwHhRf4mKD+MBzuq5pdnck
+ MmDQcQUCY7b4MwIbDAAKCRBpdnckMmDQcSbyD/4g8k0/LmpHlsWHV5BrSLB/dGbt
+ zTBSdWppH7tYnMXb9pm6Ba/Aa9mhENtNhxJHBOmMNoXt9NyLJW/r6Piz1U5Z1Hko
+ Y3AAXwwB0PQsE2NA+/pYvv2EJ+ZJxDqwEG7RZPFJB0g6T8iHORBCTKWQZWLGIima
+ La7TflytPIHAd4X0oIPKIkOjLr1p/n1+Hjwt48NXojRmplZbumHHl00+HCsCpaUJ
+ jBeyOkW+CxiHKdzVfY9uaTmXBqxBRxxe6lbZZ4/Ycrw0OulkTq4VQh5EUvirx78o
+ S3HNzqV905Wu1t9ETbCmqkgnTRXvvu4cGwo4G/dY7f7GW6XHAKWCHp17ZIXqczFh
+ z8ur4A4CqVD9XHL21FoKu0jWWLodQr2flSTrF34pzC8ZYSQ/q+J+lDvfEDtnAxIH
+ 9hJoSO/Qi7aTmdeKJvO77u9thxKW8JhlFFcpVr1n31xebq3Ygr0sflsuwROCeSQK
+ 5Sh5bs58KPHAwI7tT6fNf+qM02AhFPhOiVxJMjntLTDkdT8DDG9EW5g86BXO9PSO
+ olv1G2XIql0JySduRIYlaaENGGo0b6HEgK1CrNq513nqwsenkGyw7yPiJfBuMIzZ
+ jkHJnoc+/uLAqjVuEFC7gBIAJvXECWXeJvDML7axvX9vBYCen2GRS3pbtMrj9wP4
+ onnZjQia9Jy1YA1G7A==
+ =429p
+ -----END PGP PUBLIC KEY BLOCK-----
\ No newline at end of file
diff --git a/hiera-rpsec.yaml b/hiera-rpsec.yaml
new file mode 100644
index 0000000..7d0e31f
--- /dev/null
+++ b/hiera-rpsec.yaml
@@ -0,0 +1,10 @@
+---
+version: 5
+
+defaults: # Used for any hierarchy level that omits these keys.
+ datadir: spec/data # This path is relative to hiera.yaml's directory.
+ data_hash: yaml_data # Use the built-in YAML backend.
+
+hierarchy:
+ - name: 'Mock override'
+ path: 'common.yaml'
\ No newline at end of file
diff --git a/hiera.yaml b/hiera.yaml
index 246beff..d99047e 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -6,17 +6,10 @@ defaults: # Used for any hierarchy level that omits these keys.
data_hash: yaml_data # Use the built-in YAML backend.
hierarchy:
- - name: "osfamily/major release"
- paths:
- # Used to distinguish between Debian and Ubuntu
- - "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
- - "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
- # Used for Solaris
- - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
- name: "osfamily"
paths:
- - "os/%{facts.os.name}.yaml"
- "os/%{facts.os.family}-%{facts.os.release.major}.yaml"
- "os/%{facts.os.family}-%{facts.os.release.major}gpg.yaml"
+ - "os/%{facts.os.name}.yaml"
- name: 'common'
path: 'common.yaml'
diff --git a/manifests/database_init.pp b/manifests/database_init.pp
index 67d5657..0574f4b 100644
--- a/manifests/database_init.pp
+++ b/manifests/database_init.pp
@@ -13,12 +13,15 @@
# init the database if the user table is not present
exec { 'init observium databse':
command => '/opt/observium/discovery.php -u',
- unless => "${mysql_location} -u observium --password=${observium::db_password} observium -e 'select * from users'",
+ unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e \"select * from observium.users\"",
}
- exec { 'Create admin user':
- command => "/opt/observium/adduser.php admin ${observium::admin_password} 10",
- unless => "${mysql_location} -u observium --password=${observium::db_password} observium -e 'select * from users WHERE username LIKE \"admin\"' | grep admin",
+ # when auth_mechanism is 'remote', privilege level is given by observium's auth_remote_userlevel setting
+ unless $observium::auth_mechanism == 'remote' {
+ exec { 'Create admin user':
+ command => "/opt/observium/adduser.php admin ${observium::admin_password} 10",
+ unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e \"select * from observium.users WHERE username LIKE 'admin'\" | grep admin",
+ }
}
# add local host to database
@@ -30,7 +33,7 @@
}
exec { 'Add local host as device':
command => "/opt/observium/add_device.php 127.0.0.1 ${v3auth} v3 ${observium::snmpv3_authname} ${observium::snmpv3_authpass} ${observium::snmpv3_cryptopass} ${observium::snmpv3_authalgo} ${observium::snmpv3_cryptoalgo}",
- unless => "${mysql_location} -u observium --password=${observium::db_password} observium -e 'select hostname from devices WHERE hostname LIKE \"127.0.0.1\"' | grep 127.0.0.1",
+ unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e 'select hostname from devices WHERE hostname LIKE \"127.0.0.1\"' | grep 127.0.0.1",
}
# Perform discovery for nodes which have been added.
diff --git a/manifests/firewall.pp b/manifests/firewall.pp
new file mode 100644
index 0000000..3558ac2
--- /dev/null
+++ b/manifests/firewall.pp
@@ -0,0 +1,62 @@
+# Class: observium::firewall
+#
+# Manage iptables on ubuntu
+#
+# @api private
+#
+class observium::firewall {
+ assert_private()
+ Firewall {
+ require => undef,
+ }
+
+ # Default firewall rules
+ firewall { '000 accept all icmp':
+ proto => 'icmp',
+ jump => 'accept',
+ }
+ -> firewall { '001 accept all to lo interface':
+ proto => 'all',
+ iniface => 'lo',
+ jump => 'accept',
+ }
+ -> firewall { '002 reject local traffic not on loopback interface':
+ iniface => '! lo',
+ proto => 'all',
+ destination => '127.0.0.1/8',
+ jump => 'reject',
+ }
+ -> firewall { '003 accept related established rules':
+ proto => 'all',
+ state => ['RELATED', 'ESTABLISHED'],
+ jump => 'accept',
+ }
+ # Add rules for apache
+ if $observium::manage_ssl {
+ firewall { "50 Allow https access ${observium::apache_sslport}":
+ dport => $observium::apache_sslport,
+ proto => 'tcp',
+ jump => 'accept',
+ }
+ }
+ else {
+ firewall { "50 Allow http access ${observium::apache_port}":
+ dport => $observium::apache_port,
+ proto => 'tcp',
+ jump => 'accept',
+ }
+ }
+ # Ensure ssh is open
+ firewall { '004 Allow inbound SSH':
+ dport => 22,
+ proto => 'tcp',
+ jump => 'accept',
+ }
+
+ # ensure we drop all other traffic
+ firewall { '999 drop all':
+ proto => 'all',
+ jump => 'drop',
+ before => undef,
+ }
+}
diff --git a/manifests/firewallufw.pp b/manifests/firewallufw.pp
deleted file mode 100644
index 9f8d4b5..0000000
--- a/manifests/firewallufw.pp
+++ /dev/null
@@ -1,29 +0,0 @@
-# Class: observium::firewallufw
-#
-# Manage UFW on ubuntu
-#
-# @api private
-#
-class observium::firewallufw {
- assert_private()
-
- # Add rules for apache
- class { 'ufw': }
- if $observium::manage_ssl {
- ufw::allow { "Allow https access ${observium::apache_sslport}":
- port => $observium::apache_sslport,
- from => '0.0.0.0/0',
- }
- }
- else {
- ufw::allow { "Allow https access ${observium::apache_port}":
- port => $observium::apache_port,
- from => '0.0.0.0/0',
- }
- }
- # Ensure ssh is open
- ufw::allow { 'Allow ssh access 22':
- port => '22',
- from => '0.0.0.0/0',
- }
-}
diff --git a/manifests/init.pp b/manifests/init.pp
index b6cb0a2..1acf92e 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -62,6 +62,9 @@
# Crypto algorithm - default 'AES'
# Valid options - ['AES','DES']
#
+# @param snmpd_agentaddress
+# An array of addresses, on which snmpd will listen for queries. - default ['udp:127.0.0.1:161','udp6:[::1]:161']
+#
# @param mib_locations
# Miblocations for observium to add to snmp.conf, default ['/opt/observium/mibs/rfc','/opt/observium/mibs/net-snmp']
#
@@ -174,6 +177,7 @@
Enum['SHA','MD5'] $snmpv3_authalgo,
String $snmpv3_cryptopass,
Enum['AES','DES'] $snmpv3_cryptoalgo,
+ Array $snmpd_agentaddress,
Array $mib_locations,
Array $additional_mib_location = [],
Array $additional_snmp_conf_options = [],
@@ -242,7 +246,7 @@
if $manage_fw {
case $facts['os']['family'] {
'RedHat': { include observium::firewalld }
- 'Debian': { include observium::firewallufw }
+ 'Debian': { include observium::firewall }
default: {}
}
}
diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp
index 3d4ba2c..259fd8a 100644
--- a/manifests/mariadb.pp
+++ b/manifests/mariadb.pp
@@ -6,8 +6,9 @@
#
class observium::mariadb {
assert_private()
+
# Check we are managing mysql
- if observium::manage_mysql {
+ if $observium::manage_mysql {
case $facts['os']['family'] {
'RedHat': {
Class { '::mysql::server':
@@ -19,9 +20,6 @@
}
'Debian': {
Class { '::mysql::server':
- #package_name => 'mariadb-server',
- #package_ensure => 'present',
- #service_name => 'mysqld',
root_password => $observium::rootdb_password,
override_options => {
'mysqld' => {
diff --git a/manifests/packages.pp b/manifests/packages.pp
index 1a62585..52a2d3b 100644
--- a/manifests/packages.pp
+++ b/manifests/packages.pp
@@ -33,6 +33,14 @@
creates => '/bin/python',
}
}
+ '9': {
+ # Running on rhel 9
+ $required_packages = lookup('observium::required_packages', Array)
+ package { $required_packages:
+ ensure => 'installed',
+ require => Class['observium::yum'],
+ }
+ }
default: { fail('Unsupported operating system, bailing out!!') }
}
}
diff --git a/manifests/snmp.pp b/manifests/snmp.pp
index 800072b..16b138f 100644
--- a/manifests/snmp.pp
+++ b/manifests/snmp.pp
@@ -29,6 +29,7 @@
# Setup SNMP class with snmpv3 user
class { 'snmp':
snmpd_config => ["rouser ${observium::snmpv3_authname} ${observium::snmpv3_authlevel}"],
+ agentaddress => $observium::snmpd_agentaddress,
service_config_dir_group => $ubuntu2004user,
service_config_dir_owner => $ubuntu2004user,
varnetsnmp_owner => $ubuntu2004user,
diff --git a/manifests/yum.pp b/manifests/yum.pp
index 88df859..975d4bf 100644
--- a/manifests/yum.pp
+++ b/manifests/yum.pp
@@ -41,6 +41,20 @@
unless => '/bin/dnf module list php | grep "remi-7.2 \\[e\\]"',
}
}
+ '9': {
+ $observium::repos.each | String $reponame, Hash $repoinfo | {
+ yumrepo { $reponame:
+ * => $repoinfo,
+ before => Exec['Set remi-8.2 as default php provider'],
+ }
+ }
+
+ # Set remi-8.2 module as default php provider RHEL 9 only
+ exec { 'Set remi-8.2 as default php provider':
+ command => '/bin/dnf module reset php -y | /bin/dnf module -y install php:remi-8.2',
+ unless => '/bin/dnf module list php | grep "remi-8.2 \\[e\\]"',
+ }
+ }
default: { fail('Unsupported operating system, bailing out!!') }
}
}
diff --git a/metadata.json b/metadata.json
index 5f15432..5b10227 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "benjaminrobertson-observium",
- "version": "2.0.0",
+ "version": "3.0.0",
"author": "benjaminrobertson",
"summary": "Configures and installs Observium for Redhat and Ubuntu",
"license": "Apache-2.0",
@@ -8,11 +8,11 @@
"dependencies": [
{
"name": "puppetlabs/stdlib",
- "version_requirement": ">= 6.0.0 < 9.0.0"
+ "version_requirement": ">= 9.0.0 < 10.0.0"
},
{
"name": "puppet/archive",
- "version_requirement": ">6.0.0 < 8.0.0"
+ "version_requirement": ">7.0.0 < 8.0.0"
},
{
"name": "puppetlabs/yumrepo_core",
@@ -20,7 +20,7 @@
},
{
"name": "puppetlabs/mysql",
- "version_requirement": ">=13.0.0 < 15.0.0"
+ "version_requirement": ">=15.0.0 < 16.0.0"
},
{
"name": "puppetlabs/cron_core",
@@ -28,35 +28,35 @@
},
{
"name": "puppet/selinux",
- "version_requirement": ">=3.0.0 < 4.0.0"
+ "version_requirement": ">=4.0.0 < 5.0.0"
},
{
"name": "puppetlabs/apache",
- "version_requirement": ">=8.1.0 < 11.0.0"
+ "version_requirement": ">=10.1.0 < 13.0.0"
},
{
"name": "puppet/snmp",
- "version_requirement": ">=5.0.0 < 7.0.0"
+ "version_requirement": ">=7.0.0 < 8.0.0"
},
{
"name": "puppet/firewalld",
- "version_requirement": ">=4.1.1 < 5.0.0"
+ "version_requirement": ">=5.0.0 < 6.0.0"
},
{
- "name": "domkrm/ufw",
- "version_requirement": ">=1.1.1 < 2.0.0"
+ "name": "puppetlabs/firewall",
+ "version_requirement": ">=6.0.0 < 9.0.0"
},
{
"name": "puppet/systemd",
- "version_requirement": ">=4.0.0 < 6.0.0"
+ "version_requirement": ">=5.1.0 < 8.0.0"
},
{
"name": "puppetlabs/inifile",
- "version_requirement": ">=5.0.0 < 7.0.0"
+ "version_requirement": ">=6.1.0 < 7.0.0"
},
{
"name": "puppetlabs/concat",
- "version_requirement": ">=7.0.0 < 9.0.0"
+ "version_requirement": ">=9.0.0 < 10.0.0"
}
],
"operatingsystem_support": [
@@ -64,14 +64,16 @@
"operatingsystem": "CentOS",
"operatingsystemrelease": [
"7",
- "8"
+ "8",
+ "9"
]
},
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"7",
- "8"
+ "8",
+ "9"
]
},
{
@@ -88,7 +90,7 @@
"version_requirement": ">= 7.0.0 < 9.0.0"
}
],
- "pdk-version": "2.6.1",
- "template-url": "pdk-default#2.7.1",
- "template-ref": "tags/2.7.1-0-g9a16c87"
+ "pdk-version": "3.2.0",
+ "template-url": "pdk-default#3.2.0",
+ "template-ref": "tags/3.2.0-0-gb257ef1"
}
diff --git a/provision.yaml b/provision.yaml
new file mode 100644
index 0000000..3fde78e
--- /dev/null
+++ b/provision.yaml
@@ -0,0 +1,8 @@
+---
+docker:
+ provisioner: docker
+ images: ['litmusimage/centos:stream8', 'litmusimage/ubuntu:22.04', 'litmusimage/centos:stream9']
+ # removed 'litmusimage/ubuntu:20.04' as it failed in github action pipeline
+vagrant:
+ provisioner: vagrant
+ images: ['centos/stream8', 'generic/ubuntu2204', 'generic/ubuntu2004']
\ No newline at end of file
diff --git a/spec/acceptance/observium_install_spec.rb b/spec/acceptance/observium_install_spec.rb
new file mode 100644
index 0000000..e457b6f
--- /dev/null
+++ b/spec/acceptance/observium_install_spec.rb
@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+
+require 'spec_helper_acceptance'
+require 'rspec-puppet-facts'
+
+describe 'Installation', if: ['centos', 'redhat', 'ubuntu'].include?(os[:family]) do
+ before(:all) do
+ if os[:family] == 'redhat' && os[:release] == '8'
+ install_packge('crontabs')
+ install_packge('curl')
+ elsif os[:family] == 'ubuntu'
+ install_packge('cron')
+ install_packge('curl')
+ end
+ end
+
+ # let(:hiera_config) { 'hiera-rpsec.yaml' } # litmus doesn't seem to respect this.
+
+ let(:pp) do
+ <<-MANIFEST
+ class { 'observium':
+ snmpd_agentaddress => ['udp:127.0.0.1:161'],
+ db_password => changeme,
+ rootdb_password => hello123,
+ snmpv3_authpass => setme1234,
+ snmpv3_cryptopass => setme1234,
+ admin_password => changeme
+ }
+ MANIFEST
+ end
+
+ # confirm we are not on 22.04. Ubuntu takes two run to complete setup.
+ if os[:release] != '22.04'
+ it 'applies idempotently' do
+ idempotent_apply(pp)
+ end
+ else
+ it 'applies' do
+ # run manifest twice for 2204
+ apply_manifest(pp)
+ apply_manifest(pp)
+ end
+ end
+
+ describe file('/opt/observium/config.php') do
+ it { is_expected.to be_file }
+ it { is_expected.to contain "$config['install_dir'] = \"/opt/observium\"" }
+ it { is_expected.to contain "$config['db_host'] = 'localhost';" }
+ end
+
+ describe port(80) do
+ it { is_expected.to be_listening }
+ end
+
+ # describe command('/usr/bin/curl http://127.0.0.1 -I') do # for some reason this isn't working as expected. Disabling test.
+ # its(:exit_status) { is_expected.to eq 0 }
+ # its(:stdout) { is_expected.to contain 'HTTP/1.1 200 OK' }
+ # end
+
+ describe cron do
+ it { is_expected.to have_entry('33 */6 * * * /opt/observium/discovery.php -h all >> /dev/null 2>&1').with_user('root') }
+ end
+
+ describe cron do
+ it { is_expected.to have_entry('*/5 * * * * /opt/observium/discovery.php -h new >> /dev/null 2>&1').with_user('root') }
+ end
+
+ describe cron do
+ it { is_expected.to have_entry('*/5 * * * * /opt/observium/poller-wrapper.py >> /dev/null 2>&1').with_user('root') }
+ end
+
+ describe cron do
+ it { is_expected.to have_entry('13 5 * * * /opt/observium/housekeeping.php -ysel').with_user('root') }
+ end
+
+ describe cron do
+ it { is_expected.to have_entry('47 4 * * * /opt/observium/housekeeping.php -yrptb').with_user('root') }
+ end
+
+ # Red hat specifc checks
+ if os[:family] == 'redhat'
+
+ describe service('httpd') do
+ it { is_expected.to be_running }
+ end
+
+ describe service('snmpd') do
+ it { is_expected.to be_running }
+ end
+
+ describe package('python3-PyMySQL') do
+ it { is_expected.to be_installed }
+ end
+
+ describe yumrepo('opennms-common') do
+ it { is_expected.to exist }
+ end
+
+ describe yumrepo('epel') do
+ it { is_expected.to exist }
+ end
+
+ elsif os[:family] == 'ubuntu'
+
+ describe service('apache2') do
+ it { is_expected.to be_running }
+ end
+
+ describe service('snmpd') do
+ it { is_expected.to be_running }
+ end
+
+ if os[:release] == '22.04'
+ describe package('imagemagick') do
+ it { is_expected.to be_installed }
+ end
+
+ describe package('php8.1-ldap') do
+ it { is_expected.to be_installed }
+ end
+ end
+
+ if os[:release] == '20.04'
+ describe package('php7.4-json') do
+ it { is_expected.to be_installed }
+ end
+
+ describe package('php7.4-ldap') do
+ it { is_expected.to be_installed }
+ end
+ end
+ end
+end
diff --git a/spec/classes/observium_spec.rb b/spec/classes/observium_spec.rb
index 326418e..ce01020 100644
--- a/spec/classes/observium_spec.rb
+++ b/spec/classes/observium_spec.rb
@@ -3,11 +3,165 @@
require 'spec_helper'
describe 'observium' do
+ let(:hiera_config) { 'hiera-rpsec.yaml' }
+
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
it { is_expected.to compile }
+
+ it { is_expected.to contain_cron('discovery all devices').with_command('/opt/observium/discovery.php -h all >> /dev/null 2>&1').with_user('root') }
+ it { is_expected.to contain_cron('discovery newly added devices').with_command('/opt/observium/discovery.php -h new >> /dev/null 2>&1').with_user('root') }
+ it { is_expected.to contain_cron('multithreaded pooler wrapper').with_command('/opt/observium/poller-wrapper.py >> /dev/null 2>&1').with_user('root') }
+ it { is_expected.to contain_cron('daily housekeeping for syslog, eventlog and alert log').with_command('/opt/observium/housekeeping.php -ysel').with_user('root') }
+ it { is_expected.to contain_cron('housekeeping script daily for rrds, ports, orphaned entries in the database and performance data').with_user('root') }
+
+ it { is_expected.to contain_snmp__snmpv3_user('observium') }
+ it { is_expected.to contain_mysql__db('observium') }
+
+ it { is_expected.to contain_package('rrdtool') }
+
+ it { is_expected.to contain_file('/opt/observium').with_ensure('directory') }
+ it { is_expected.to contain_file('/opt/observium/rrd').with_ensure('directory') }
+ it { is_expected.to contain_file('/opt/observium/config.php').with_ensure('file') }
+
+ it { is_expected.to contain_archive('observium-community-latest.tar.gz') }
+
+ it { is_expected.to contain_exec('Create TLS cert').with_refreshonly(true) }
+ end
+ end
+
+ context 'on rhel7' do
+ let(:facts) do
+ {
+ 'os' => {
+ 'family' => 'RedHat',
+ 'name' => 'RedHat',
+ 'release' => {
+ 'major' => '7',
+ },
+ 'selinux' => {
+ 'enabled' => true,
+ 'current_mode' => 'enforcing',
+ },
+ }
+ }
+ end
+
+ it { is_expected.to contain_service('httpd') }
+ end
+
+ context 'on rhel8' do
+ let(:facts) do
+ {
+ 'os' => {
+ 'family' => 'RedHat',
+ 'name' => 'RedHat',
+ 'release' => {
+ 'major' => '8',
+ },
+ 'selinux' => {
+ 'enabled' => true,
+ 'current_mode' => 'enforcing',
+ },
+ }
+ }
end
+
+ it { is_expected.to contain_service('httpd') }
+ it { is_expected.to contain_package('python3-PyMySQL') }
+ it { is_expected.to contain_package('php-json') }
+ end
+
+ context 'on rhel9' do
+ let(:facts) do
+ {
+ 'os' => {
+ 'family' => 'RedHat',
+ 'name' => 'RedHat',
+ 'release' => {
+ 'major' => '9',
+ },
+ 'selinux' => {
+ 'enabled' => true,
+ 'current_mode' => 'enforcing',
+ },
+ }
+ }
+ end
+
+ it { is_expected.to contain_service('httpd') }
+ it { is_expected.to contain_package('python3-PyMySQL') }
+ it { is_expected.to contain_package('php-json') }
+ end
+
+ context 'on ubuntu 18.04' do
+ let(:facts) do
+ {
+ 'os' => {
+ 'family' => 'Debian',
+ 'name' => 'Debian',
+ 'release' => {
+ 'major' => '18.04',
+ 'full' => '18.04',
+ },
+ 'selinux' => {
+ 'enabled' => true,
+ 'current_mode' => 'enforcing',
+ },
+ }
+ }
+ end
+
+ # it { is_expected.to contain_service('apache2') }
+ it { is_expected.to contain_package('php-pear') }
+ it { is_expected.to contain_package('php7.2-mysql') }
+ end
+
+ context 'on ubuntu 20.04' do
+ let(:facts) do
+ {
+ 'os' => {
+ 'family' => 'Debian',
+ 'name' => 'Debian',
+ 'release' => {
+ 'major' => '20.04',
+ 'full' => '20.04',
+ },
+ 'selinux' => {
+ 'enabled' => true,
+ 'current_mode' => 'enforcing',
+ },
+ }
+ }
+ end
+
+ # it { is_expected.to contain_service('apache2') }
+ it { is_expected.to contain_package('php7.4-ldap') }
+ it { is_expected.to contain_package('php7.4-json') }
+ end
+
+ context 'on ubuntu 22.04' do
+ let(:facts) do
+ {
+ 'os' => {
+ 'family' => 'Debian',
+ 'name' => 'Debian',
+ 'release' => {
+ 'major' => '22.04',
+ 'full' => '22.04',
+ },
+ 'selinux' => {
+ 'enabled' => true,
+ 'current_mode' => 'enforcing',
+ },
+ }
+ }
+ end
+
+ # it { is_expected.to contain_service('apache2') }
+ it { is_expected.to contain_package('php8.1-ldap') }
+ it { is_expected.to contain_package('imagemagick') }
end
end
diff --git a/spec/data/common.yaml b/spec/data/common.yaml
new file mode 100644
index 0000000..c600c9f
--- /dev/null
+++ b/spec/data/common.yaml
@@ -0,0 +1,6 @@
+---
+observium::db_password: "changeme"
+observium::rootdb_password: "hello123"
+observium::snmpv3_authpass: "setme1234"
+observium::snmpv3_cryptopass: "setme1234"
+observium::admin_password: "changeme"
\ No newline at end of file
diff --git a/spec/default_facts.yml b/spec/default_facts.yml
index f777abf..f15af20 100644
--- a/spec/default_facts.yml
+++ b/spec/default_facts.yml
@@ -2,7 +2,8 @@
#
# Facts specified here will override the values provided by rspec-puppet-facts.
---
-ipaddress: "172.16.254.254"
-ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA"
-is_pe: false
-macaddress: "AA:AA:AA:AA:AA:AA"
+networking:
+ ip: "172.16.254.254"
+ ip6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA"
+ mac: "AA:AA:AA:AA:AA:AA"
+is_pe: false
\ No newline at end of file
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 9b1fa6f..ae7c1f6 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -25,15 +25,16 @@
next unless File.exist?(f) && File.readable?(f) && File.size?(f)
begin
- default_facts.merge!(YAML.safe_load(File.read(f), [], [], true))
- rescue => e
+ require 'deep_merge'
+ default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
+ rescue StandardError => e
RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
end
end
# read default_facts and merge them over what is provided by facterdb
default_facts.each do |fact, value|
- add_custom_fact fact, value
+ add_custom_fact fact, value, merge_facts: true
end
RSpec.configure do |c|
@@ -46,6 +47,7 @@
end
c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT']
c.after(:suite) do
+ RSpec::Puppet::Coverage.report!(0)
end
# Filter backtrace noise
diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
new file mode 100644
index 0000000..73a0238
--- /dev/null
+++ b/spec/spec_helper_acceptance.rb
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+require 'puppet_litmus'
+PuppetLitmus.configure!
+
+require 'spec_helper_acceptance_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_acceptance_local.rb'))
diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb
new file mode 100644
index 0000000..883163a
--- /dev/null
+++ b/spec/spec_helper_acceptance_local.rb
@@ -0,0 +1,10 @@
+include PuppetLitmus
+
+def install_packge(package)
+ if os[:family] == 'redhat'
+ run_shell("yum -y install #{package}")
+ elsif os[:family] == 'ubuntu'
+ run_shell('apt update')
+ run_shell("apt -y install #{package}")
+ end
+end
diff --git a/test_matrix.json b/test_matrix.json
new file mode 100644
index 0000000..3df0627
--- /dev/null
+++ b/test_matrix.json
@@ -0,0 +1,12 @@
+{
+ "collection": [
+ {
+ "agent_version": "puppet7",
+ "gem_version": "~> 7.31"
+ },
+ {
+ "agent_version": "puppet8",
+ "gem_version": "~> 8.7"
+ }
+ ]
+}