Updated chef-vault usage to 100% completion

This commit is contained in:
Eric Renfro 2017-02-13 00:06:00 -05:00
parent 66ae4ce460
commit e535a6047b
No known key found for this signature in database
GPG key ID: 9A949323CBE78F97
7 changed files with 31 additions and 40 deletions

View file

@ -58,25 +58,6 @@ remote_directory "/etc/zabbix/trap.d" do
action :create action :create
end end
if node['recipes'].include?('mongodb') or node['tags'].include?('mongodb')
template "/etc/zabbix/trap.d/mongo26.config" do
owner "root"
group "root"
mode "0700"
source "mongo26.config.erb"
sensitive true
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:users => credentials['mongo']['users'][node.chef_environment]
})
end
else
file "/etc/zabbix/trap.d/mongo26.config" do
action :delete
end
end
# Link live agents to node # Link live agents to node
node['zabbix']['trap_scripts']['live']['add'].each do |script| node['zabbix']['trap_scripts']['live']['add'].each do |script|
link "/etc/zabbix/trap.d/live/#{script}" do link "/etc/zabbix/trap.d/live/#{script}" do

View file

@ -27,9 +27,7 @@ end
template "/etc/zabbix/zabbix_proxy.conf" do template "/etc/zabbix/zabbix_proxy.conf" do
credentials = chef_vault_item("secrets", "zabbix") credentials = chef_vault_item("secrets", "zabbix")
variables({ variables({
:DBUsername => credentials['username'], :credentials => credentials
:DBPassword => credentials['password'],
:DBDatabase => credentials['database']
}) })
source %W{ source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb

View file

@ -51,9 +51,7 @@ end
template "/etc/zabbix/zabbix_server.conf" do template "/etc/zabbix/zabbix_server.conf" do
credentials = chef_vault_item("secrets", "zabbix") credentials = chef_vault_item("secrets", "zabbix")
variables({ variables({
:DBUsername => credentials['username'], :credentials => credentials
:DBPassword => credentials['password'],
:DBDatabase => credentials['database']
}) })
source %W{ source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb
@ -91,9 +89,7 @@ end
template "/etc/zabbix/web/zabbix.conf.php" do template "/etc/zabbix/web/zabbix.conf.php" do
credentials = chef_vault_item("secrets", "zabbix") credentials = chef_vault_item("secrets", "zabbix")
variables({ variables({
:DBUsername => credentials['username'], :credentials => credentials
:DBPassword => credentials['password'],
:DBDatabase => credentials['database']
}) })
source %W{ source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb

View file

@ -7,6 +7,8 @@
# Eric Renfro <psi-jack@linux-help.org> # Eric Renfro <psi-jack@linux-help.org>
# #
include_recipe 'chef-vault'
node.override['zabbix']['trap_scripts']['live']['add'] = [] node.override['zabbix']['trap_scripts']['live']['add'] = []
node.override['zabbix']['trap_scripts']['live']['del'] = [] node.override['zabbix']['trap_scripts']['live']['del'] = []
node.override['zabbix']['trap_scripts']['daily']['add'] = [] node.override['zabbix']['trap_scripts']['daily']['add'] = []
@ -41,8 +43,23 @@ end
if node['recipes'].include?('mongodb') or node.tags.include?('mongodb') if node['recipes'].include?('mongodb') or node.tags.include?('mongodb')
node.override['zabbix']['trap_scripts']['live']['add'] += ['mongo26.sh', 'ssl_check_mongo.sh'] node.override['zabbix']['trap_scripts']['live']['add'] += ['mongo26.sh', 'ssl_check_mongo.sh']
node.override['zabbix']['agent_meta'] += ['MongoDB'] node.override['zabbix']['agent_meta'] += ['MongoDB']
template "/etc/zabbix/trap.d/mongo26.config" do
owner "root"
group "root"
mode "0700"
source "mongo26.config.erb"
sensitive true
credentials = chef_vault_item("secrets", "mongodb")
variables({
:credentials => credentials
})
end
else else
node.override['zabbix']['trap_scripts']['live']['del'] += ['mongo26.sh', 'ssl_check_mongo.sh'] node.override['zabbix']['trap_scripts']['live']['del'] += ['mongo26.sh', 'ssl_check_mongo.sh']
file "/etc/zabbix/trap.d/mongo26.config" do
action :delete
end
end end
########################################################### ###########################################################

View file

@ -1,3 +1,2 @@
mongoUser="<%= @users['mmsagent']['username'] %>" mongoUser="<%= @credentials['username'] %>"
mongoPass="<%= @users['mmsagent']['password'] %>" mongoPass="<%= @credentials['password'] %>"

View file

@ -7,9 +7,9 @@ global $DB;
$DB['TYPE'] = 'POSTGRESQL'; $DB['TYPE'] = 'POSTGRESQL';
$DB['SERVER'] = 'localhost'; $DB['SERVER'] = 'localhost';
$DB['PORT'] = '0'; $DB['PORT'] = '0';
$DB['DATABASE'] = '<%= @DBDatabase %>'; $DB['DATABASE'] = '<%= @credentials['database'] %>';
$DB['USER'] = '<%= @DBUsername %>'; $DB['USER'] = '<%= @credentials['username'] %>';
$DB['PASSWORD'] = '<%= @DBPassword %>'; $DB['PASSWORD'] = '<%= @credentials['password'] %>';
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = ''; $DB['SCHEMA'] = '';

View file

@ -81,7 +81,7 @@ PidFile=/var/run/zabbix/zabbix_server.pid
# Default: # Default:
# DBName= # DBName=
DBName=<%= @DBDatabase %> DBName=<%= @credentials['database'] %>
### Option: DBSchema ### Option: DBSchema
# Schema name. Used for IBM DB2 and PostgreSQL. # Schema name. Used for IBM DB2 and PostgreSQL.
@ -97,7 +97,7 @@ DBName=<%= @DBDatabase %>
# Default: # Default:
# DBUser= # DBUser=
DBUser=<%= @DBUsername %> DBUser=<%= @credentials['username'] %>
### Option: DBPassword ### Option: DBPassword
# Database password. Ignored for SQLite. # Database password. Ignored for SQLite.
@ -105,7 +105,7 @@ DBUser=<%= @DBUsername %>
# #
# Mandatory: no # Mandatory: no
# Default: # Default:
DBPassword=<%= @DBPassword %> DBPassword=<%= @credentials['password'] %>
### Option: DBSocket ### Option: DBSocket
# Path to MySQL socket. # Path to MySQL socket.