Skip to content

Commit

Permalink
add options to set tls parameters for mysql config used by mysqld_exp…
Browse files Browse the repository at this point in the history
…orter

fixes #604
  • Loading branch information
TheMeier committed Dec 30, 2024
1 parent 76b9e76 commit f6ca32c
Show file tree
Hide file tree
Showing 5 changed files with 88 additions and 41 deletions.
43 changes: 36 additions & 7 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -6950,6 +6950,9 @@ The following parameters are available in the `prometheus::mysqld_exporter` clas
* [`proxy_type`](#-prometheus--mysqld_exporter--proxy_type)
* [`web_config_file`](#-prometheus--mysqld_exporter--web_config_file)
* [`web_config_content`](#-prometheus--mysqld_exporter--web_config_content)
* [`cnf_ssl_ca`](#-prometheus--mysqld_exporter--cnf_ssl_ca)
* [`cnf_ssl_cert`](#-prometheus--mysqld_exporter--cnf_ssl_cert)
* [`cnf_ssl_key`](#-prometheus--mysqld_exporter--cnf_ssl_key)
* [`export_scrape_job`](#-prometheus--mysqld_exporter--export_scrape_job)
* [`scrape_host`](#-prometheus--mysqld_exporter--scrape_host)
* [`scrape_port`](#-prometheus--mysqld_exporter--scrape_port)
Expand Down Expand Up @@ -7096,7 +7099,7 @@ Default value: `true`

Data type: `Boolean`

Should puppet manage the service? (default true)
Should puppet manage the service?

Default value: `true`

Expand Down Expand Up @@ -7140,31 +7143,33 @@ Default value: `true`

Data type: `Boolean`

Should puppet restart the service on configuration change? (default true)
Should puppet restart the service on configuration change?

Default value: `true`

##### <a name="-prometheus--mysqld_exporter--service_enable"></a>`service_enable`

Data type: `Boolean`

Whether to enable the service from puppet (default true)
Whether to enable the service from puppet

Default value: `true`

##### <a name="-prometheus--mysqld_exporter--service_ensure"></a>`service_ensure`

Data type: `Stdlib::Ensure::Service`

State ensured for the service (default 'running')
State ensured for the service

Default value: `'running'`

##### <a name="-prometheus--mysqld_exporter--service_name"></a>`service_name`

Data type: `String[1]`

Name of the mysqld exporter service (default 'mysqld_exporter')
Name of the mysqld exporter service

Default value: `'mysqld_exporter'`

##### <a name="-prometheus--mysqld_exporter--user"></a>`user`

Expand All @@ -7184,15 +7189,15 @@ Default value: `'0.15.1'`

Data type: `Optional[String[1]]`

Optional proxy server, with port number if needed. ie: https://example.com:8080
proxy server, with port number if needed. ie: https://example.com:8080

Default value: `undef`

##### <a name="-prometheus--mysqld_exporter--proxy_type"></a>`proxy_type`

Data type: `Optional[Enum['none', 'http', 'https', 'ftp']]`

Optional proxy server type (none|http|https|ftp)
proxy server type

Default value: `undef`

Expand All @@ -7212,6 +7217,30 @@ Unless empty the content of the web-config yaml which will handed over as option

Default value: `{}`

##### <a name="-prometheus--mysqld_exporter--cnf_ssl_ca"></a>`cnf_ssl_ca`

Data type: `Optional[Stdlib::Absolutepath]`

The path name of the Certificate Authority (CA) certificate file in PEM format.

Default value: `undef`

##### <a name="-prometheus--mysqld_exporter--cnf_ssl_cert"></a>`cnf_ssl_cert`

Data type: `Optional[Stdlib::Absolutepath]`

The path name of the client SSL public key certificate file in PEM format.

Default value: `undef`

##### <a name="-prometheus--mysqld_exporter--cnf_ssl_key"></a>`cnf_ssl_key`

Data type: `Optional[Stdlib::Absolutepath]`

The path name of the client SSL private key file in PEM format.

Default value: `undef`

##### <a name="-prometheus--mysqld_exporter--export_scrape_job"></a>`export_scrape_job`

Data type: `Boolean`
Expand Down
1 change: 0 additions & 1 deletion data/defaults.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,6 @@ prometheus::mysqld_exporter::extra_groups: []
prometheus::mysqld_exporter::group: 'mysqld-exporter'
prometheus::mysqld_exporter::package_ensure: 'latest'
prometheus::mysqld_exporter::package_name: 'mysqld_exporter'
prometheus::mysqld_exporter::service_name: 'mysqld_exporter'
prometheus::mysqld_exporter::user: 'mysqld-exporter'
prometheus::node_exporter::download_extension: 'tar.gz'
prometheus::node_exporter::download_url_base: 'https://github.com/prometheus/node_exporter/releases'
Expand Down
44 changes: 29 additions & 15 deletions manifests/mysqld_exporter.pp
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
# @param manage_group
# Whether to create a group for or rely on external code for that
# @param manage_service
# Should puppet manage the service? (default true)
# Should puppet manage the service?
# @param manage_user
# Whether to create user or rely on external code for that
# @param os
Expand All @@ -49,36 +49,42 @@
# @param purge_config_dir
# Purge config files no longer generated by Puppet
# @param restart_on_change
# Should puppet restart the service on configuration change? (default true)
# Should puppet restart the service on configuration change?
# @param service_enable
# Whether to enable the service from puppet (default true)
# Whether to enable the service from puppet
# @param service_ensure
# State ensured for the service (default 'running')
# State ensured for the service
# @param service_name
# Name of the mysqld exporter service (default 'mysqld_exporter')
# Name of the mysqld exporter service
# @param user
# User which runs the service
# @param version
# The binary release version
# @param proxy_server
# Optional proxy server, with port number if needed. ie: https://example.com:8080
# proxy server, with port number if needed. ie: https://example.com:8080
# @param proxy_type
# Optional proxy server type (none|http|https|ftp)
# proxy server type
# @param web_config_file
# Path of file where the web-config will be saved to
# @param web_config_content
# Unless empty the content of the web-config yaml which will handed over as option to the exporter
# @param cnf_ssl_ca
# The path name of the Certificate Authority (CA) certificate file in PEM format.
# @param cnf_ssl_cert
# The path name of the client SSL public key certificate file in PEM format.
# @param cnf_ssl_key
# The path name of the client SSL private key file in PEM format.
class prometheus::mysqld_exporter (
String $download_extension,
Prometheus::Uri $download_url_base,
Array $extra_groups,
String[1] $group,
String[1] $package_ensure,
String[1] $package_name,
String[1] $service_name,
String[1] $user,
# renovate: depName=prometheus/mysqld_exporter
String[1] $version = '0.15.1',
String[1] $service_name = 'mysqld_exporter',
Stdlib::Absolutepath $cnf_config_path = '/etc/mysqld_exporter-my.cnf',
Stdlib::Host $cnf_host = localhost,
Stdlib::Port $cnf_port = 3306,
Expand Down Expand Up @@ -109,6 +115,9 @@
Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,
Stdlib::Absolutepath $web_config_file = '/etc/mysqld_exporter_web-config.yml',
Prometheus::Web_config $web_config_content = {},
Optional[Stdlib::Absolutepath] $cnf_ssl_ca = undef,
Optional[Stdlib::Absolutepath] $cnf_ssl_cert = undef,
Optional[Stdlib::Absolutepath] $cnf_ssl_key = undef,
) inherits prometheus {
#Please provide the download_url for versions < 0.9.0
$real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}")
Expand All @@ -117,6 +126,17 @@
default => undef,
}

$_cnf_settings = {
'user' => $cnf_user,
'password' => $cnf_password,
'port' => $cnf_port,
'host' => $cnf_host,
'socket' => $cnf_socket,
'ssl-ca' => $cnf_ssl_ca,
'ssl-cert' => $cnf_ssl_cert,
'ssl-key' => $cnf_ssl_key,
}.filter |$k, $v| { $v != undef }

file { $cnf_config_path:
ensure => file,
mode => $config_mode,
Expand All @@ -125,13 +145,7 @@
content => Sensitive(
epp(
'prometheus/my.cnf.epp',
{
'cnf_user' => $cnf_user,
'cnf_password' => $cnf_password,
'cnf_port' => $cnf_port,
'cnf_host' => $cnf_host,
'cnf_socket' => $cnf_socket,
},
{ 'settings' => $_cnf_settings }
)
),
notify => $notify_service,
Expand Down
18 changes: 18 additions & 0 deletions spec/classes/mysqld_exporter_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,24 @@
it do
content = catalogue.resource('file', '/etc/mysqld_exporter-my.cnf').send(:parameters)[:content]
expect(content).to include('secret')
expect(content).not_to include('ssl-ca')
end
end

context 'with tls parameters for exporter' do
let(:params) do
{
cnf_ssl_ca: '/foo/bar/ca.pem',
cnf_ssl_cert: '/foo/bar/cert.pem',
cnf_ssl_key: '/foo/bar/key.pem'
}
end

it do
content = catalogue.resource('file', '/etc/mysqld_exporter-my.cnf').send(:parameters)[:content]
expect(content).to include('ssl-ca = "/foo/bar/ca.pem"')
expect(content).to include('ssl-cert = "/foo/bar/cert.pem"')
expect(content).to include('ssl-key = "/foo/bar/key.pem"')
end
end

Expand Down
23 changes: 5 additions & 18 deletions templates/my.cnf.epp
Original file line number Diff line number Diff line change
@@ -1,23 +1,10 @@
<%- |
String $cnf_user,
Variant[Sensitive[String],String] $cnf_password,
Stdlib::Port $cnf_port,
Stdlib::Host $cnf_host,
Optional[Stdlib::Absolutepath] $cnf_socket = undef,
Hash[String[1],Variant[Sensitive[String],String,Integer]] $settings,
| -%>

# THIS FILE IS MANAGED BY PUPPET
[client]
user = <%= $cnf_user %>
<%-
$_cnf_password = $cnf_password ? {
Sensitive => $cnf_password.unwrap,
default => $cnf_password,
}
-%>
password = <%= $_cnf_password %>
<% if $cnf_socket { -%>
socket = <%= $cnf_socket %>
<%- } else { -%>
host = <%= $cnf_host %>
port = <%= $cnf_port %>

<% $settings.each |$key, $value| { -%>
<%= $key %> = "<%= $value %>"
<% } -%>

0 comments on commit f6ca32c

Please sign in to comment.