Merge pull request voxpupuli#8 from alexjfisher/install_config_service

Major refactor into install/config/service pattern

manifests/command.pp

@@ -1,17 +1,33 @@
+# @summary Installs NRPE commands
 #
+# @example Install a command called `check_users`
+#   nrpe::command { 'check_users':
+#     ensure  => present,
+#     command => 'check_users -w 5 -c 10',
+#   }
+#
+# @param name
+#   The name of the command.
+# @param command
+#   The command plugin to run and its arguments.
+# @param ensure
+#   Whether to install or remove the command.
+# @param file_mode
+#   The mode to use for the command file.  Defaults to `$nrpe::command_file_default_mode`.
+# @param sudo
+#   Whether the command should use sudo.
+# @param sudo_user
+#   The user to run the command as when using sudo.
 define nrpe::command (
-  String[1]                            $command,
-  Enum['present', 'absent']            $ensure       = present,
-  Stdlib::Absolutepath                 $include_dir  = $nrpe::include_dir,
-  Variant[String[1], Array[String[1]]] $package_name = $nrpe::package_name,
-  String[1]                            $service_name = $nrpe::service_name,
-  Stdlib::Absolutepath                 $libdir       = $nrpe::params::libdir,
-  String[1]                            $file_group   = $nrpe::params::nrpe_files_group,
-  Stdlib::Filemode                     $file_mode    = $nrpe::command_file_default_mode,
-  Boolean                              $sudo         = false,
-  String[1]                            $sudo_user    = 'root',
+  String[1]                  $command,
+  Enum['present', 'absent']  $ensure    = present,
+  Optional[Stdlib::Filemode] $file_mode = undef,
+  Boolean                    $sudo      = false,
+  String[1]                  $sudo_user = 'root',
 ) {
-  file { "${include_dir}/${title}.cfg":
+  include nrpe
+
+  file { "${nrpe::include_dir}/${title}.cfg":
     ensure  => $ensure,
     content => epp(
       'nrpe/command.cfg.epp',
@@ -20,13 +36,11 @@
         'command'      => $command,
         'sudo'         => $sudo,
         'sudo_user'    => $sudo_user,
-        'libdir'       => $libdir,
+        'libdir'       => $nrpe::params::libdir,
       },
     ),
     owner   => 'root',
-    group   => $file_group,
-    mode    => $file_mode,
-    require => Package[$package_name],
-    notify  => Service[$service_name],
+    group   => $nrpe::params::nrpe_files_group,
+    mode    => pick($file_mode, $nrpe::command_file_default_mode),
   }
 }

manifests/config.pp

@@ -0,0 +1,60 @@
+# @api private
+class nrpe::config
+{
+  unless $nrpe::supplementary_groups.empty {
+    user { $nrpe::nrpe_user:
+      gid    => $nrpe::nrpe_group,
+      groups => $nrpe::supplementary_groups,
+    }
+  }
+
+  concat { $nrpe::config:
+    ensure => present,
+  }
+
+  $_allow_bash_command_substitution = $nrpe::allow_bash_command_substitution ? {
+    undef   => undef,
+    default => bool2str($nrpe::allow_bash_command_substitution, '1', '0'),
+  }
+
+  concat::fragment { 'nrpe main config':
+    target  => $nrpe::config,
+    content => epp(
+      'nrpe/nrpe.cfg.epp',
+      {
+        'log_facility'                    => $nrpe::log_facility,
+        'nrpe_pid_file'                   => $nrpe::nrpe_pid_file,
+        'server_port'                     => $nrpe::server_port,
+        'server_address'                  => $nrpe::server_address,
+        'nrpe_user'                       => $nrpe::nrpe_user,
+        'nrpe_group'                      => $nrpe::nrpe_group,
+        'allowed_hosts'                   => $nrpe::allowed_hosts,
+        'dont_blame_nrpe'                 => bool2str($nrpe::dont_blame_nrpe, '1', '0'),
+        'allow_bash_command_substitution' => $_allow_bash_command_substitution,
+        'libdir'                          => $nrpe::params::libdir,
+        'command_prefix'                  => $nrpe::command_prefix,
+        'debug'                           => bool2str($nrpe::debug, '1', '0'),
+        'command_timeout'                 => $nrpe::command_timeout,
+        'connection_timeout'              => $nrpe::connection_timeout,
+      }
+    ),
+    order   => '01',
+  }
+
+  if $nrpe::ssl_cert_file_content {
+    contain nrpe::config::ssl
+  }
+
+  concat::fragment { 'nrpe includedir':
+    target  => $nrpe::config,
+    content => "include_dir=${nrpe::include_dir}\n",
+    order   => '99',
+  }
+
+  file { 'nrpe_include_dir':
+    ensure  => directory,
+    name    => $nrpe::include_dir,
+    purge   => $nrpe::purge,
+    recurse => $nrpe::recurse,
+  }
+}

manifests/config/ssl.pp

@@ -0,0 +1,59 @@
+# @api private
+class nrpe::config::ssl
+{
+  $_ssl_client_certs = $nrpe::ssl_client_certs ? {
+    'ask'     => '1',
+    'require' => '2',
+    default   => '0', # $ssl_client_certs = 'no'
+  }
+
+  concat::fragment { 'nrpe ssl fragment':
+    target  => $nrpe::config,
+    content => epp(
+      'nrpe/nrpe.cfg-ssl.epp',
+      {
+        'ssl_version'      => $nrpe::ssl_version,
+        'ssl_ciphers'      => $nrpe::ssl_ciphers,
+        'nrpe_ssl_dir'     => $nrpe::nrpe_ssl_dir,
+        'ssl_client_certs' => $_ssl_client_certs,
+        'ssl_logging'      => nrpe::ssl_logging(
+          $nrpe::ssl_log_startup_params,
+          $nrpe::ssl_log_remote_ip,
+          $nrpe::ssl_log_protocol_version,
+          $nrpe::ssl_log_cipher,
+          $nrpe::ssl_log_client_cert,
+          $nrpe::ssl_log_client_cert_details
+        )
+      }
+    ),
+    order   =>  '02',
+  }
+
+  file { $nrpe::nrpe_ssl_dir:
+    ensure => directory,
+    owner  => 'root',
+    group  => $nrpe::nrpe_group,
+    mode   => '0750',
+  }
+  file { "${nrpe::nrpe_ssl_dir}/ca-cert.pem":
+    ensure  => file,
+    owner   => 'root',
+    group   => $nrpe::nrpe_group,
+    mode    => '0640',
+    content => $nrpe::ssl_cacert_file_content,
+  }
+  file { "${nrpe::nrpe_ssl_dir}/nrpe-cert.pem":
+    ensure  => file,
+    owner   => 'root',
+    group   => $nrpe::nrpe_group,
+    mode    => '0640',
+    content => $nrpe::ssl_cert_file_content,
+  }
+  file { "${nrpe::nrpe_ssl_dir}/nrpe-key.pem":
+    ensure  => file,
+    owner   => 'root',
+    group   => $nrpe::nrpe_group,
+    mode    => '0640',
+    content => $nrpe::ssl_privatekey_file_content,
+  }
+}

manifests/init.pp

@@ -1,23 +1,4 @@
-# == Class: nrpe
-#
-# Full description of class nrpe here.
-#
-# === Parameters
-#
-# Document parameters here.
-#
-#
-# === Variables
-#
-# Here you should define a list of variables that this module would require.
-#
-# === Examples
-#
-#
-# === Copyright
-#
-# Copyright 2013 Computer Action Team, unless otherwise noted.
-#
+# @summary Installs and configures NRPE
 class nrpe (
   Array[Stdlib::Host]                  $allowed_hosts                   = ['127.0.0.1'],
   Stdlib::IP::Address                  $server_address                  = '0.0.0.0',
@@ -57,140 +38,20 @@
   Array[String[1]]                     $supplementary_groups            = [],
 ) inherits nrpe::params {
 
-  if $manage_package {
-    package { $package_name:
-      ensure   => installed,
-      provider => $provider,
-      before   => [
-        Service[$service_name],
-        File['nrpe_include_dir'],
-        Concat[$config],
-      ],
-    }
-  }
-
-  unless $supplementary_groups.empty {
-    user { $nrpe_user:
-      gid    => $nrpe_group,
-      groups => $supplementary_groups,
-    }
-    # Let the package create the user.  We're only managing its groups.
-    if $manage_package { Package[$package_name] -> User[$nrpe_user] }
-  }
-
-  service { $service_name:
-    ensure    => running,
-    name      => $service_name,
-    enable    => true,
-    subscribe => Concat[$config],
-  }
-
-  concat { $config:
-    ensure => present,
-  }
-
-  $_allow_bash_command_substitution = $allow_bash_command_substitution ? {
-    undef   => undef,
-    default => bool2str($allow_bash_command_substitution, '1', '0'),
-  }
-
-  concat::fragment { 'nrpe main config':
-    target  => $config,
-    content => epp(
-      'nrpe/nrpe.cfg.epp',
-      {
-        'log_facility'                    => $log_facility,
-        'nrpe_pid_file'                   => $nrpe_pid_file,
-        'server_port'                     => $server_port,
-        'server_address'                  => $server_address,
-        'nrpe_user'                       => $nrpe_user,
-        'nrpe_group'                      => $nrpe_group,
-        'allowed_hosts'                   => $allowed_hosts,
-        'dont_blame_nrpe'                 => bool2str($dont_blame_nrpe, '1', '0'),
-        'allow_bash_command_substitution' => $_allow_bash_command_substitution,
-        'libdir'                          => $nrpe::params::libdir,
-        'command_prefix'                  => $command_prefix,
-        'debug'                           => bool2str($debug, '1', '0'),
-        'command_timeout'                 => $command_timeout,
-        'connection_timeout'              => $connection_timeout,
-      }
-    ),
-    order   => '01',
-  }
-
+  # Extra validation
   if $ssl_cert_file_content {
-
-    $_ssl_client_certs = $ssl_client_certs ? {
-      'ask'     => '1',
-      'require' => '2',
-      default   => '0', # $ssl_client_certs = 'no'
-    }
-
-    concat::fragment { 'nrpe ssl fragment':
-      target  => $config,
-      content => epp(
-        'nrpe/nrpe.cfg-ssl.epp',
-        {
-          'ssl_version'      => $ssl_version,
-          'ssl_ciphers'      => $ssl_ciphers,
-          'nrpe_ssl_dir'     => $nrpe_ssl_dir,
-          'ssl_client_certs' => $_ssl_client_certs,
-          'ssl_logging'      => nrpe::ssl_logging(
-            $ssl_log_startup_params,
-            $ssl_log_remote_ip,
-            $ssl_log_protocol_version,
-            $ssl_log_cipher,
-            $ssl_log_client_cert,
-            $ssl_log_client_cert_details
-          )
-        }
-      ),
-      order   =>  '02',
-    }
-
-    file { $nrpe_ssl_dir:
-      ensure => directory,
-      owner  => 'root',
-      group  => $nrpe_group,
-      mode   => '0750',
-    }
-    file { "${nrpe_ssl_dir}/ca-cert.pem":
-      ensure  => file,
-      owner   => 'root',
-      group   => $nrpe_group,
-      mode    => '0640',
-      content => $ssl_cacert_file_content,
-      notify  => Service[$service_name],
-    }
-    file { "${nrpe_ssl_dir}/nrpe-cert.pem":
-      ensure  => file,
-      owner   => 'root',
-      group   => $nrpe_group,
-      mode    => '0640',
-      content => $ssl_cert_file_content,
-      notify  => Service[$service_name],
-    }
-    file { "${nrpe_ssl_dir}/nrpe-key.pem":
-      ensure  => file,
-      owner   => 'root',
-      group   => $nrpe_group,
-      mode    => '0640',
-      content => $ssl_privatekey_file_content,
-      notify  => Service[$service_name],
-    }
+    assert_type(String[1], $ssl_privatekey_file_content)
+    assert_type(String[1], $ssl_cacert_file_content)
   }
 
-  concat::fragment { 'nrpe includedir':
-    target  => $config,
-    content => "include_dir=${include_dir}\n",
-    order   => '99',
-  }
+  contain nrpe::install
+  contain nrpe::config
+  contain nrpe::service
 
-  file { 'nrpe_include_dir':
-    ensure  => directory,
-    name    => $include_dir,
-    purge   => $purge,
-    recurse => $recurse,
-  }
+  Class['nrpe::install']
+  -> Class['nrpe::config']
+  ~> Class['nrpe::service']
 
+  Class['nrpe::install'] -> Nrpe::Plugin <||>
+  Class['nrpe::install'] -> Nrpe::Command <||> ~> Class['nrpe::service']
 }

manifests/install.pp

@@ -0,0 +1,10 @@
+# @api private
+class nrpe::install
+{
+  if $nrpe::manage_package {
+    package { $nrpe::package_name:
+      ensure   => installed,
+      provider => $nrpe::provider,
+    }
+  }
+}