diff --git a/data/defaults.yaml b/data/defaults.yaml index 90c6a928e..718a07f53 100644 --- a/data/defaults.yaml +++ b/data/defaults.yaml @@ -176,11 +176,6 @@ prometheus::rabbitmq_exporter::rabbit_exporters: - 'node' - 'overview' - 'queue' -prometheus::mysqld_exporter::cnf_config_path: '/etc/.my.cnf' -prometheus::mysqld_exporter::cnf_host: 'localhost' -prometheus::mysqld_exporter::cnf_password: 'password' -prometheus::mysqld_exporter::cnf_port: 3306 -prometheus::mysqld_exporter::cnf_user: 'login' prometheus::mysqld_exporter::download_extension: 'tar.gz' prometheus::mysqld_exporter::download_url_base: 'https://github.com/prometheus/mysqld_exporter/releases' prometheus::mysqld_exporter::extra_groups: [] diff --git a/manifests/mysqld_exporter.pp b/manifests/mysqld_exporter.pp index 02bc5c81a..236e859c9 100644 --- a/manifests/mysqld_exporter.pp +++ b/manifests/mysqld_exporter.pp @@ -1,32 +1,27 @@ -# Class: prometheus::mysqld_exporter +# @summary manages prometheus mysqld_exporter # -# This module manages prometheus mysqld_exporter +# @see https://github.com/prometheus/mysqld_exporter # -# Parameters: +# @param cnf_config_path +# The path to put the my.cnf file +# @param cnf_host +# The mysql host. +# @param cnf_password +# The mysql user password. +# @param cnf_port +# The port for which the mysql host is running. +# @param cnf_socket +# The socket which the mysql host is running. If defined, host and port are not used. +# @param cnf_user +# The mysql user to use when connecting. +# +# Other parameters: (TODO: Convert to puppet strings) # [*arch*] # Architecture (amd64 or i386) # # [*bin_dir*] # Directory where binaries are located # -# [*cnf_config_path*] -# The path to put the my.cnf file -# -# [*cnf_host*] -# The mysql host. Defaults to 'localhost' -# -# [*cnf_password*] -# The mysql user password. Defaults to 'password' -# -# [*cnf_port*] -# The port for which the mysql host is running. Defaults to 3306 -# -# [*cnf_socket*] -# The socket which the mysql host is running. If defined, host and port are not used. -# -# [*cnf_user*] -# The mysql user to use when connecting. Defaults to 'login' -# # [*config_mode*] # The permissions of the configuration files # @@ -91,11 +86,6 @@ # The binary release version class prometheus::mysqld_exporter ( - Stdlib::Absolutepath $cnf_config_path, - String $cnf_host, - String $cnf_password, - Stdlib::Port $cnf_port, - String $cnf_user, String $download_extension, Prometheus::Uri $download_url_base, Array $extra_groups, @@ -104,6 +94,14 @@ String $package_name, String $user, String $version, + + Stdlib::Absolutepath $cnf_config_path = '/etc/.my.cnf', + Stdlib::Host $cnf_host = localhost, + Stdlib::Port $cnf_port = 3306, + String[1] $cnf_user = login, + Variant[Sensitive[String],String] $cnf_password = 'password', + Optional[Stdlib::Absolutepath] $cnf_socket = undef, + Boolean $purge_config_dir = true, Boolean $restart_on_change = true, Boolean $service_enable = true, @@ -117,7 +115,6 @@ String $extra_options = '', Optional[Prometheus::Uri] $download_url = undef, String $config_mode = $prometheus::config_mode, - Optional[Stdlib::Absolutepath] $cnf_socket = undef, String $arch = $prometheus::real_arch, Stdlib::Absolutepath $bin_dir = $prometheus::bin_dir, Boolean $export_scrape_job = false, @@ -126,18 +123,29 @@ ) inherits prometheus { #Please provide the download_url for versions < 0.9.0 - $real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}") + $real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}") $notify_service = $restart_on_change ? { true => Service['mysqld_exporter'], default => undef, } file { $cnf_config_path: - ensure => 'file', + ensure => file, mode => $config_mode, owner => $user, group => $group, - content => template('prometheus/my.cnf.erb'), + content => Sensitive( + epp( + 'prometheus/my.cnf.epp', + { + 'cnf_user' => $cnf_user, + 'cnf_password' => $cnf_password, + 'cnf_port' => $cnf_port, + 'cnf_host' => $cnf_host, + 'cnf_socket' => $cnf_socket, + }, + ) + ), notify => $notify_service, } diff --git a/spec/classes/mysqld_exporter_spec.rb b/spec/classes/mysqld_exporter_spec.rb index 7e231e502..d6d967e0f 100644 --- a/spec/classes/mysqld_exporter_spec.rb +++ b/spec/classes/mysqld_exporter_spec.rb @@ -24,6 +24,19 @@ it { is_expected.to contain_prometheus__daemon('mysqld_exporter').with('options' => '-config.my-cnf=/etc/.my.cnf ') } end end + + context 'with Sensitive password' do + let(:params) do + { + cnf_password: RSpec::Puppet::RawString.new("Sensitive('secret')") + } + end + + it do + content = catalogue.resource('file', '/etc/.my.cnf').send(:parameters)[:content] + expect(content).to include('secret') + end + end end end end diff --git a/templates/my.cnf.epp b/templates/my.cnf.epp new file mode 100644 index 000000000..bdc4dc0a0 --- /dev/null +++ b/templates/my.cnf.epp @@ -0,0 +1,23 @@ +<%- | + String $cnf_user, + Variant[Sensitive[String],String] $cnf_password, + Stdlib::Port $cnf_port, + Stdlib::Host $cnf_host, + Optional[Stdlib::Absolutepath] $cnf_socket = undef, +| -%> +# THIS FILE IS MANAGED BY PUPPET +[client] +user = <%= $cnf_user %> +<%- + $_cnf_password = $cnf_password ? { + Sensitive => $cnf_password.unwrap, + default => $cnf_password, + } +-%> +password = <%= $_cnf_password %> +<% if $cnf_socket { -%> +socket = <%= $cnf_socket %> +<%- } else { -%> +host = <%= $cnf_host %> +port = <%= $cnf_port %> +<% } -%> diff --git a/templates/my.cnf.erb b/templates/my.cnf.erb deleted file mode 100644 index d539a0bb2..000000000 --- a/templates/my.cnf.erb +++ /dev/null @@ -1,9 +0,0 @@ -[client] -user = <%= @cnf_user %> -password = <%= @cnf_password %> -<% if @cnf_socket -%> -socket = <%= @cnf_socket %> -<%- else -%> -host = <%= @cnf_host %> -port = <%= @cnf_port %> -<% end -%>