feat: set owner and group for configs

[fionera]

Currently when you do an installation you get the following error because it falls back to root:

==> icinga2_master: Jan 11 06:02:42 localhost.localdomain icinga2[1055]: [2021-01-11 06:02:42 +0000] information/cli: Icinga application loader (version: 2.12.3)
==> icinga2_master: Jan 11 06:02:42 localhost.localdomain icinga2[1055]: [2021-01-11 06:02:42 +0000] information/cli: Loading configuration file(s).
==> icinga2_master: Jan 11 06:02:42 localhost.localdomain icinga2[1055]: [2021-01-11 06:02:42 +0000] critical/cli: Could not compile config files: Error: Function call 'std::ifstream::open' for file '/etc/icinga2/icinga2.conf' failed with error code 13, 'Permission denied'
==> icinga2_master: Jan 11 06:02:42 localhost.localdomain icinga2[1055]: (0) Compiling configuration file '/etc/icinga2/icinga2.conf'
==> icinga2_master: Jan 11 06:02:42 localhost.localdomain systemd[1]: icinga2.service: main process exited, code=exited, status=1/FAILURE

[lbetz]

Not correctly. The resources are unmanaged owner/group and so puppet doesn't change the owner or group membership. That mean the icinga2 package installs the file icinga2.conf and puppet leave owner and group untouched.

[fionera]

Ok thats weird then because I just tried to install it with the config from the example and it fails to start since the icinga2.conf has rw-r----- and is owned by root:root. Any idea why it is that way?

[lbetz]

You're using the official Icinga packages from packages.icinga.com? What version of Icinga? SELinux enabled or disabled?

[fionera]

I set manage_repos to true and have stable enabled. Running on a fresh CentOS 7. SELinux is enabled but set to permissive

[lbetz]

Strange. On my Centos7 Bento box (vagrant):

$ puppet apply examples/init_repos.pp
...
Notice: /Stage[main]/Icinga2::Config/File[/etc/icinga2/icinga2.conf]/content: content changed
...
$ ls -al /etc/icinga2/icinga2.conf
-rw-r-----. 1 icinga icinga 1406 Jan 11 04:48 /etc/icinga2/icinga2.conf

[lbetz]

Do you manage other modules on this host. A code snippet at a profile class or other module like

File {
owner => root,
group => root,
}

will have this effect. When managing owner, group and permissions are a idea, maybe. But the problem is, we support Windows.

[lbetz]

Please send me the output of 'rpm -qV icinga2' executed after the puppet run.

[lbetz]

The object class is design as a helper class. We don't wanna change that.
Why you wanna have custom objects? What you're missing?

[fionera]

Ooops didnt want to push it into this PR :) I create GraphiteWriter Objects with it and it was easier to just use the icinga2::object class

[lbetz]

To configure a second GraphiteWriter Object please use icinga2::config:.fragment and keep in mind the quoting like '".."' for strings or ""..."" for string with puppet variables.

[lbetz]

refs #648