From e535a6047b81d995434f1c9d4402994308345e87 Mon Sep 17 00:00:00 2001 From: Eric Renfro Date: Mon, 13 Feb 2017 00:06:00 -0500 Subject: [PATCH] Updated chef-vault usage to 100% completion --- recipes/agent.rb | 19 ----------------- recipes/proxy.rb | 4 +--- recipes/server.rb | 8 ++----- recipes/trap_scripts.rb | 23 ++++++++++++++++++--- templates/default/mongo26.config.erb | 5 ++--- templates/zabbix/3.0/zabbix.conf.php.erb | 6 +++--- templates/zabbix/3.0/zabbix_server.conf.erb | 6 +++--- 7 files changed, 31 insertions(+), 40 deletions(-) diff --git a/recipes/agent.rb b/recipes/agent.rb index ee0d1e5..da11cbc 100644 --- a/recipes/agent.rb +++ b/recipes/agent.rb @@ -58,25 +58,6 @@ remote_directory "/etc/zabbix/trap.d" do action :create end -if node['recipes'].include?('mongodb') or node['tags'].include?('mongodb') - template "/etc/zabbix/trap.d/mongo26.config" do - owner "root" - group "root" - mode "0700" - source "mongo26.config.erb" - sensitive true - credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials") - variables({ - :users => credentials['mongo']['users'][node.chef_environment] - }) - end -else - file "/etc/zabbix/trap.d/mongo26.config" do - action :delete - end -end - - # Link live agents to node node['zabbix']['trap_scripts']['live']['add'].each do |script| link "/etc/zabbix/trap.d/live/#{script}" do diff --git a/recipes/proxy.rb b/recipes/proxy.rb index 3613868..dda119f 100644 --- a/recipes/proxy.rb +++ b/recipes/proxy.rb @@ -27,9 +27,7 @@ end template "/etc/zabbix/zabbix_proxy.conf" do credentials = chef_vault_item("secrets", "zabbix") variables({ - :DBUsername => credentials['username'], - :DBPassword => credentials['password'], - :DBDatabase => credentials['database'] + :credentials => credentials }) source %W{ zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb diff --git a/recipes/server.rb b/recipes/server.rb index 7e39cf7..9e588db 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -51,9 +51,7 @@ end template "/etc/zabbix/zabbix_server.conf" do credentials = chef_vault_item("secrets", "zabbix") variables({ - :DBUsername => credentials['username'], - :DBPassword => credentials['password'], - :DBDatabase => credentials['database'] + :credentials => credentials }) source %W{ zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb @@ -91,9 +89,7 @@ end template "/etc/zabbix/web/zabbix.conf.php" do credentials = chef_vault_item("secrets", "zabbix") variables({ - :DBUsername => credentials['username'], - :DBPassword => credentials['password'], - :DBDatabase => credentials['database'] + :credentials => credentials }) source %W{ zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb diff --git a/recipes/trap_scripts.rb b/recipes/trap_scripts.rb index 39dd2b7..e7e39ef 100644 --- a/recipes/trap_scripts.rb +++ b/recipes/trap_scripts.rb @@ -7,6 +7,8 @@ # Eric Renfro # +include_recipe 'chef-vault' + node.override['zabbix']['trap_scripts']['live']['add'] = [] node.override['zabbix']['trap_scripts']['live']['del'] = [] node.override['zabbix']['trap_scripts']['daily']['add'] = [] @@ -39,10 +41,25 @@ end # MongoDB # if node['recipes'].include?('mongodb') or node.tags.include?('mongodb') - node.override['zabbix']['trap_scripts']['live']['add'] += ['mongo26.sh', 'ssl_check_mongo.sh'] - node.override['zabbix']['agent_meta'] += ['MongoDB'] + node.override['zabbix']['trap_scripts']['live']['add'] += ['mongo26.sh', 'ssl_check_mongo.sh'] + node.override['zabbix']['agent_meta'] += ['MongoDB'] + + template "/etc/zabbix/trap.d/mongo26.config" do + owner "root" + group "root" + mode "0700" + source "mongo26.config.erb" + sensitive true + credentials = chef_vault_item("secrets", "mongodb") + variables({ + :credentials => credentials + }) + end else - node.override['zabbix']['trap_scripts']['live']['del'] += ['mongo26.sh', 'ssl_check_mongo.sh'] + node.override['zabbix']['trap_scripts']['live']['del'] += ['mongo26.sh', 'ssl_check_mongo.sh'] + file "/etc/zabbix/trap.d/mongo26.config" do + action :delete + end end ########################################################### diff --git a/templates/default/mongo26.config.erb b/templates/default/mongo26.config.erb index 6816385..62e51a6 100644 --- a/templates/default/mongo26.config.erb +++ b/templates/default/mongo26.config.erb @@ -1,3 +1,2 @@ -mongoUser="<%= @users['mmsagent']['username'] %>" -mongoPass="<%= @users['mmsagent']['password'] %>" - +mongoUser="<%= @credentials['username'] %>" +mongoPass="<%= @credentials['password'] %>" diff --git a/templates/zabbix/3.0/zabbix.conf.php.erb b/templates/zabbix/3.0/zabbix.conf.php.erb index 0fd8ed9..dd2fb66 100644 --- a/templates/zabbix/3.0/zabbix.conf.php.erb +++ b/templates/zabbix/3.0/zabbix.conf.php.erb @@ -7,9 +7,9 @@ global $DB; $DB['TYPE'] = 'POSTGRESQL'; $DB['SERVER'] = 'localhost'; $DB['PORT'] = '0'; -$DB['DATABASE'] = '<%= @DBDatabase %>'; -$DB['USER'] = '<%= @DBUsername %>'; -$DB['PASSWORD'] = '<%= @DBPassword %>'; +$DB['DATABASE'] = '<%= @credentials['database'] %>'; +$DB['USER'] = '<%= @credentials['username'] %>'; +$DB['PASSWORD'] = '<%= @credentials['password'] %>'; // Schema name. Used for IBM DB2 and PostgreSQL. $DB['SCHEMA'] = ''; diff --git a/templates/zabbix/3.0/zabbix_server.conf.erb b/templates/zabbix/3.0/zabbix_server.conf.erb index 7d15fe7..d8c1eba 100644 --- a/templates/zabbix/3.0/zabbix_server.conf.erb +++ b/templates/zabbix/3.0/zabbix_server.conf.erb @@ -81,7 +81,7 @@ PidFile=/var/run/zabbix/zabbix_server.pid # Default: # DBName= -DBName=<%= @DBDatabase %> +DBName=<%= @credentials['database'] %> ### Option: DBSchema # Schema name. Used for IBM DB2 and PostgreSQL. @@ -97,7 +97,7 @@ DBName=<%= @DBDatabase %> # Default: # DBUser= -DBUser=<%= @DBUsername %> +DBUser=<%= @credentials['username'] %> ### Option: DBPassword # Database password. Ignored for SQLite. @@ -105,7 +105,7 @@ DBUser=<%= @DBUsername %> # # Mandatory: no # Default: -DBPassword=<%= @DBPassword %> +DBPassword=<%= @credentials['password'] %> ### Option: DBSocket # Path to MySQL socket.