Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , , , , ,
This module has been deprecated by its author since May 21st 2024.
The author has suggested puppet-icinga as its replacement.
Start using this module
Documentation
icinga
Table of Contents
- Description
- Setup - The basics of getting started with icinga
- Usage - Configuration options and additional functionality
- Enable and disable repositories
- [Installing from non upstream repositories](#Installing from Non-Upstream Repositories)
- Reference
- Release notes
Description
This module provides several non private helper classes for the other official Icinga modules:
- [icinga/icinga2]
- [icinga/icingaweb2]
- [icinga/icingadb]
How to use the classes for Icinga Web an databases with MariaDB on Debian bookwork
To get Icinga Web 2 running on Debian bookworm use puppet-php >=8.1.0 and set:
php::globals::php_version: '8.2'
The current MariaDB logs to syslog by default so set:
mysql::server::override_options:
mysqld:
log-error: ~
This disables the logging to file and the requirement and management of an existing directory /var/log/mysql.
Setup
What the Icinga Puppet module supports
- [icinga::repos] involves the needed repositories to install icinga2, icingadb and icingaweb2:
- The Icinga Project repository for the stages: stable, testing or nightly builds
- EPEL repository for RHEL simular platforms
- Backports repository for Debian and Ubuntu
- NETWAYS extras repository for Icinga Web 2
- NETWAYS plugins repository with some additional monitoring plugins
- Classes to manage and setup an Icinga environment much easier:
- [icinga::server] setups an Icinga 2 including CA, config server, zones and workers aka satellites
- [icinga::worker] installs an Icinga 2 worker aka satellite
- [icinga::ido] configures the IDO backend including the database
- [icinga::web] manages Icinga Web 2, an Apache and a PHP-FPM
Setup Requirements
The requirements depend on the class to be used.
Beginning with icinga
Add this declaration to your Puppetfile:
mod 'icinga',
:git => 'https://github.com/icinga/puppet-icinga.git',
:tag => 'v2.5.0'
Then run:
bolt puppetfile install
Or do a git clone
by hand into your modules directory:
git clone https://github.com/icinga/puppet-icinga.git icinga
Change to icinga
directory and check out your desired version:
cd icinga
git checkout v2.5.0
Usage
icinga::repos
The class supports:
- [puppet] >= 7.0 < 9.0
And requiers:
- [puppetlabs/stdlib] >= 6.6.0 < 10.0.0
- [puppetlabs/apt] >= 7.7.0 < 10.0.0
- [puppet/zypprepo] >= 4.0.0 < 6.0.0
- [puppetlabs/yumrepo_core] >= 1.1.0 < 3.0.0
By default the upstream Icinga repository for stable release are involved.
include icinga::repos
To setup the testing repository for release candidates use instead:
class { 'icinga::repos':
manage_stable => false,
manage_testing => true,
}
Or the nightly builds:
class { 'icinga::repos':
manage_stable => false,
manage_nightly => true,
}
Other possible needed repositories like EPEL on RHEL or the Backports on Debian can also be involved:
class { 'icinga::repos':
manage_epel => true,
configure_backports => true,
}
The prefix configure
means that the repository is not manageable by the module. But backports can be configured by the class apt::backports, that is used by this module.
Enable and Disable Repositories
When manage is set to true
for a repository the ressource is managed and the repository is enabled by default. To switch off a repository again, it still has to be managed and the corresponding parameter has to set via hiera. The module does a deep merge lookup for a hash named icinga::repos
. Allowed keys are:
- icinga-stable-release
- icinga-testing-builds
- icinga-snapshot-builds
- epel (only on RHEL platforms)
- powertools (only RHEL 8 platforms)
- crb (only RHEL 9 platforms)
- netways-plugins
- netways-extras
An example for Yum or Zypper based platforms to change from stable to testing repo:
---
icinga::repos::manage_testing: true
icinga::repos:
icinga-stable-release:
enabled: 0
Or on Apt based platforms:
---
icinga::repos::manage_testing: true
icinga::repos:
icinga-stable-release:
ensure: absent
Configure Icinga subscription repositories
For some time now, access to current RPM packages on Icinga has required a paid subscription. Unfortunately, using older package versions for an Icinga server is not provided for in this project.
A subscription is required, it is configured as follows, e.g. in hiera:
---
icinga::repos:
icinga-stable-release:
baseurl: 'https://packages.icinga.com/subscription/rhel/$releasever/release/'
username: <username>
password: <password>
Installing from Non-Upstream Repositories
To change to a non upstream repository, e.g. a local mirror, the repos can be customized via hiera. The module does a deep merge lookup for a hash named icinga::repos
. Allowed keys are:
- icinga-stable-release
- icinga-testing-builds
- icinga-snapshot-builds
- epel (only on RHEL Enterprise platforms)
- powertools (only RHEL 8 platforms)
- crb (only RHEL 9 platforms)
- netways-plugins
- netways-extras
An example to configure a local mirror of the stable release:
---
icinga::repos:
icinga-stable-release:
baseurl: 'https://repo.example.com/icinga/epel/$releasever/release/'
gpgkey: https://repo.example.com/icinga/icinga.key
IMPORTANT: The configuration hash depends on the platform an requires one of the following resources:
- apt::source (Debian family, https://forge.puppet.com/puppetlabs/apt)
- yumrepo (RedHat family, https://forge.puppet.com/puppetlabs/yumrepo_core)
- zypprepo (SUSE, https://forge.puppet.com/puppet/zypprepo)
Also the Backports repo on Debian can be configured like the apt class of course, see https://forge.puppet.com/puppetlabs/apt to configure the class apt::backports
via Hiera.
As an example, how you configure backports on a debian squeeze. For squeeze the repository is already moved to the unsupported archive:
---
apt::confs:
no-check-valid-until:
content: 'Acquire::Check-Valid-Until no;'
priority: 99
notify_update: true
apt::backports::location: 'https://archive.debian.org/debian'
icinga::server / icinga::worker / icinga::agent
The class supports:
- [puppet] >= 7.0 < 9.0
And requiers:
- [icinga/icinga2] >= 3.1.0 < 5.0.0
Setting up a Icinga Server with a CA and to store configuration:
class { 'icinga::server':
ca => true,
ticket_salt => Sensitive('supersecret'),
config_server => true,
workers => { 'dmz' => { 'endpoints' => { 'worker.example.org' => { 'host' => '172.16.2.11' }}, }},
global_zones => [ 'global-templates', 'linux-commands', 'windows-commands' ],
}
Addtition a connection to a worker is configured. By default the zone for the server is named main
. When config_server
is enabled directories are managed for all zones, including the worker and global zones.
IMPORTANT: A alpha numeric String has to be set to ticket_salt
in Hiera to protect the CA! An alternative is to set icinga::ticket_salt
in a hiera common section for all agents, workers and servers.
The associated worker could look like this:
class { 'icinga::worker':
ca_server => '172.16.1.11',
zone => 'dmz',
parent_endpoints => { 'server.example.org' => { 'host' => '172.16.1.11', }, },
global_zones => [ 'global-templates', 'linux-commands', 'windows-commands' ],
}
If the worker doesn't have a certificate, it sends a certificate request to the CA on the host ca_server
. The default parent zone is main
. Thus, only the associated endpoint has to be defined.
If icinga::ticket_salt
is also set in Hiera for the worker, he's automatically sent a certificate. Otherwise the request will be saved on the CA server and must be signed manually.
Both, server and workers, can operated with a parnter in the same zone to share load. The endpoint of the respective partner is specified as an Icinga object in colocation_endpoints
.
colocation_endpoints => { 'server2.example.org' => { 'host' => '172.16.1.12', } },
Of course, the second endpoint must also be specified in the respective parent_endpoints
of the worker or agent.
An agent is very similar to a worker, only it has no parameter colocation_endpoints
:
class { 'icinga::agent':
ca_server => '172.16.1.11',
parent_endpoints => { 'worker.example.org' => { 'host' => '172.16.2.11', }, } },
global_zones => [ 'linux-commands' ],
}
NOTICE: To switch off the package installation via chocolatey on windows, icinga2::manage_packgaes
must be set to false
for the corresponding hosts in Hiera. That works only on Windows, on Linux package installation is always used.
icinga::db
The class supports:
- [puppet] >= 7.0 < 9.0
Ands requires:
- [puppetlabs/mysql] >= 10.9.0 =< 16.0.0
- [puppetlabs/postgresql] >= 7.0.0 < 11.0.0
- [icinga/icinga2] >= 2.9.0 < 5.0.0
- [icinga/icingadb] >= 1.0.0 < 3.0.0
To activate and configure the IcingaDB (usally on a server) do:
class { 'icinga::db':
db_type => 'pgsql',
db_host => 'localhost',
db_pass => Sensitive('icingadb'),
manage_database => true,
manage_redis => true,
manage_feature => true,
}
Setting manage_database
to true
also setups a database as specified in db_type
including database for the IcingaDB. The same applies to manage_redis
and the required Redis cache. With manage_feature
the Icinga 2 feature for the IcingaDB is additionally activated. The latter two are switched on by default.
icinga::ido
The class supports:
- [puppet] >= 7.0 < 9.0
Ands requires:
- [puppetlabs/mysql] >= 10.9.0 =< 16.0.0
- [puppetlabs/postgresql] >= 7.0.0 < 11.0.0
- [icinga/icinga2] >= 2.9.0 < 5.0.0
To activate and configure the IDO feature (usally on a server) do:
class { 'icinga::ido':
db_type => 'pgsql',
db_host => 'localhost',
db_pass => Sensitive('icinga2'),
manage_database => true,
}
Setting manage_database
to true
also setups a database as specified in db_type
including database for the IDO. Supported are pgsql
for PostgreSQL und maysql
for MariaDB. By default the database name is set to icinga2
and the user to icinga2
.
icinga::web
The class supports:
- [puppet] >= 7.0 < 9.0
And requires:
- [puppetlabs/mysql] >= 10.9.0 =< 16.0.0
- [puppetlabs/postgresql] >= 7.0.0 < 11.0.0
- [icinga/icingaweb2] >= 3.6.0 < 5.0.0
- [icinga/icinga2] >= 2.9.0 < 5.0.0
- [puppetlabs/apache] >= 5.8.0 < 12.0.0
- [puppet/php] >= 8.0.0 < 11.0.0
A Icinga Web 2 with an Apache and PHP-FPM can be managed as follows:
class { 'icinga::web':
db_type => 'pgsql',
db_host => 'localhost',
db_pass => Sensitive('supersecret'),
manage_database => true,
api_pass => $icinga::server::web_api_pass,
}
Setting manage_database
to true
, a database of the specified type is also installed here. It is used to save user settings for the users of the Icinga Web 2 and serves as a backend for managing Icinga Web 2 users and user groups.
IMPORTANT: If you plan tu use icingacli as plugin, e.g. director health checks, businessprocess checks or vspheredb checks, set the parameter run_web => true
for icinga::server
on the same host icinga::web
is declared. That put the Icinga user to the group icingaweb2
and restart the icinga2 process if necessary.
icinga::web::icingadb
If the Icinga Web 2 is operated on the same host as the IcingaDB, the required user credentials can be accessed, otherwise they must be specified explicitly.
class { 'icinga::web::icingadb':
db_type => $icinga::db::db_type,
db_host => $icinga::db::db_host,
db_name => $icinga::db::db_name,
db_user => $icinga::db::db_user,
db_pass => $icinga::db::db_pass,
}
IMPORTANT: Must be declared on the same host as icinga::web
.
icinga::web::monitoring
If the Icinga Web 2 is operated on the same host as the IDO, the required user credentials can be accessed, otherwise they must be specified explicitly.
class { 'icinga::web::monitoring':
db_type => $icinga::ido::db_type,
db_host => $icinga::ido::db_host,
db_pass => $icinga::ido::db_pass,
}
IMPORTANT: Must be declareid on the same host as icinga::web
.
icinga::web::director
Install and manage the famous Icinga Director and the required database. A graphical addon to manage your monitoring environment, the hosts, services, notifications etc.
Here an example with an PostgreSQL database on the same host:
class { 'icinga::web::director':
db_type => 'pgsql',
db_host => 'localhost',
db_pass => Sensitive('supersecret'),
manage_database => true,
endpoint => $facts['networking']['fqdn'],
api_host => 'localhost',
api_pass => $icinga::server::director_api_pass,
}
In this example the Icinga server is running on the same Host like the web and the director.
icinga::web::vspheredb
The following example sets up the vspheredb
Icinga Web 2 module and the required database. At this time only MySQL/MariaDB is support by the Icinga team, so this class also supports only mysql
.
class { 'icinga::web::vspheredb':
db_type => 'mysql',
db_host => 'localhost',
db_pass => Sensitive('vspheredb'),
manage_database => true,
}
icinga::web::reporting
The class supports:
- [puppet] >= 7.0 < 9.0
And required in addition to icinga::web::icingadb
or icinga::web::monitoring
:
- [puppetlabs/mysql] >= 10.9.0 =< 16.0.0
- [puppetlabs/postgresql] >= 7.0.0 < 11.0.0
- [icinga/icingaweb2] >= 3.7.0 < 5.0.0
An example to setup reporting and the required database:
class { 'icinga::web::reporting':
db_type => 'pqsql',
db_host => 'localhost',
db_pass => Sensitive('reporting'),
manage_database => true,
}
If icinga::web::monitoring is declared before, the required module idoreports for IDO is declared automatically.
Reference
See REFERENCE.md
Release Notes
This code is a very early release and may still be subject to significant changes.
Reference
Table of Contents
Classes
Public Classes
icinga::agent
: Setup a Icinga agent.icinga::db
icinga::db::database
: Setup database for IcingaDB.icinga::ido
: Configure IDO Backend.icinga::ido::database
: Configure IDO backend database.icinga::redis
: Base class for all redis owned by Icinga.icinga::repos
: This class manages the stages stable, testing and snapshot of packages.icinga.com repository and depending on the operating system platform sicinga::server
: Setup a Icinga server.icinga::web
: Setup Icinga Web 2 including a database backend for user settings, PHP and a Webserver.icinga::web::database
: Setup Icinga Web 2 database for user settings.icinga::web::director
: Setup Director module for Icinga Web 2icinga::web::director::database
: Setup Director database.icinga::web::icingadb
: Setup IcingaDB module for the new backend.icinga::web::monitoring
: Setup Monitoring module for the IDO backend.icinga::web::reporting
: Setup the reporting module for Icinga Web 2icinga::web::reporting::database
: Setup the reporting database.icinga::web::vspheredb
: Setup VSphereDB module for Icinga Web 2icinga::web::vspheredb::database
: Setup VSphereDB database.icinga::web::x509
: Setup the x509 module for Icinga Web 2icinga::web::x509::database
: Setup the x509 database.icinga::worker
: Setup a Icinga worker (aka satellite).
Private Classes
icinga
: Configures the Icinga 2 Core and the api feature.icinga::ca
: Configures the Icinga 2 CA and the api feature.icinga::repos::apt
: Manage repositories viaapt
.icinga::repos::yum
: Manage repositories viayum
.icinga::repos::zypper
: Manage repositories viazypper
.
Defined types
Public Defined types
icinga::cert
: A class to generate tls key, cert and cacert files.
Private Defined types
icinga::database
: Private define resource for database backends.
Functions
icinga::cert::files
: Choose the path of tls key, cert and ca file.icinga::db::connect
: This function returns a string to connect databases with or without TLS information.icinga::newline
: Replace newlines for Windows systems.icinga::prepare_web
: This funktion checks for web preparation and display a warning if failsicinga::unwrap
: This function returns an unwrap string if necessary.
Data types
Icinga::Certificate
: A strict type for a certificateIcinga::LogLevel
: A strict type for log levelsIcinga::Secret
: A strict type for the secrets like passwords or keys
Classes
icinga::agent
Setup a Icinga agent.
Parameters
The following parameters are available in the icinga::agent
class:
ca_server
Data type: Stdlib::Host
The CA to send the certificate request to.
parent_zone
Data type: String
Name of the parent Icinga zone.
Default value: 'main'
parent_endpoints
Data type: Hash[String, Hash]
Configures these endpoints of the parent zone.
global_zones
Data type: Array[String]
List of global zones to configure.
Default value: []
logging_type
Data type: Enum['file', 'syslog']
Switch the log target. Only file
is supported on Windows.
Default value: 'file'
logging_level
Data type: Optional[Icinga::LogLevel]
Set the log level.
Default value: undef
zone
Data type: String
Set a dedicated zone name.
Default value: 'NodeName'
run_web
Data type: Boolean
Prepare to run Icinga Web 2 on the same machine. Manage a group icingaweb2
and add the Icinga user to this group.
Default value: false
icinga::db
The icinga::db class.
Parameters
The following parameters are available in the icinga::db
class:
db_type
db_host
db_port
db_name
db_user
db_pass
manage_database
db_accesses
redis_host
redis_bind
redis_port
redis_pass
manage_redis
manage_feature
db_type
Data type: Enum['mysql', 'pgsql']
Choose wether MySQL or PostgreSQL as backend for historical data.
db_host
Data type: Stdlib::Host
Database server.
Default value: 'localhost'
db_port
Data type: Optional[Stdlib::Port::Unprivileged]
Port to connect the database.
Default value: undef
db_name
Data type: String
The IcingaDB database.
Default value: 'icingadb'
db_user
Data type: String
User to connect the database.
Default value: 'icingadb'
db_pass
Data type: Icinga::Secret
Passwort to login into database.
manage_database
Data type: Boolean
Install and create database on localhost.
Default value: false
db_accesses
Data type: Array[Stdlib::Host]
List of hosts with access to the database, e.g. host running Icinga Web 2.
Omly valid if manage_database
is true
.
Default value: []
redis_host
Data type: Stdlib::Host
Redis host to connect.
Default value: 'localhost'
redis_bind
Data type: Optional[Array[Stdlib::Host]]
When Redis runs on a differnt host than Icinga, here the listining interfaces have to be set.
Default value: undef
redis_port
Data type: Optional[Stdlib::Port]
Port for Redis listening.
Default value: undef
redis_pass
Data type: Optional[Icinga::Secret]
Password to authenticate against Redis.
Default value: undef
manage_redis
Data type: Boolean
Install and create the IcingaDB Redis service on localhost.
Default value: true
manage_feature
Data type: Boolean
If you wanna manage the Icinga 2 feature for the IcingaDB, set this to true
.
This only make sense when an Icinga 2 Server is running on the same host.
Default value: true
icinga::db::database
Setup database for IcingaDB.
Parameters
The following parameters are available in the icinga::db::database
class:
db_type
Data type: Enum['mysql','pgsql']
What kind of database type to use.
access_instances
Data type: Array[Stdlib::Host]
List of Hosts to allow write access to the database. Usually an IcingaDB instance.
db_pass
Data type: Icinga::Secret
Password to connect the database.
db_name
Data type: String
Name of the database.
Default value: 'icingadb'
db_user
Data type: String
Database user name.
Default value: 'icingadb'
tls
Data type:
Variant[Boolean,
Enum['password','cert']]
Access only for TLS encrypted connections. Authentication via password
or cert
,
value true
means password auth.
Default value: false
icinga::ido
Configure IDO Backend.
Parameters
The following parameters are available in the icinga::ido
class:
db_pass
Data type: Icinga::Secret
Password to connect the database.
db_type
Data type: Enum['mysql','pgsql']
What kind of database type to use.
Default value: 'mysql'
db_host
Data type: Stdlib::Host
Database host to connect.
Default value: 'localhost'
db_port
Data type: Optional[Stdlib::Port]
Port to connect. Only affects for connection to remote database hosts.
Default value: undef
db_name
Data type: String
Name of the database.
Default value: 'icinga2'
db_user
Data type: String
Database user name.
Default value: 'icinga2'
manage_database
Data type: Boolean
Create database and import schema.
Default value: false
enable_ha
Data type: Boolean
Enable HA feature for database.
Default value: false
icinga::ido::database
Configure IDO backend database.
Parameters
The following parameters are available in the icinga::ido::database
class:
db_type
Data type: Enum['mysql','pgsql']
What kind of database type to use.
ido_instances
Data type: Array[Stdlib::Host]
List of Hosts to allow write access to the database. Usually an Icinga Server with enabled IDO feature.
db_pass
Data type: Icinga::Secret
Password to connect the database.
db_name
Data type: String
Name of the database.
Default value: 'icinga2'
db_user
Data type: String
Database user name.
Default value: 'icinga2'
tls
Data type:
Variant[Boolean,
Enum['password','cert']]
Access only for TLS encrypted connections. Authentication via password
or cert
,
value true
means password auth.
Default value: false
icinga::redis
Base class for all redis owned by Icinga.
icinga::repos
This class manages the stages stable, testing and snapshot of packages.icinga.com repository and depending on the operating system platform some other repositories.
Examples
require icinga::repos
Parameters
The following parameters are available in the icinga::repos
class:
manage_stable
manage_testing
manage_nightly
configure_backports
manage_epel
manage_powertools
manage_crb
manage_server_monitoring
manage_plugins
manage_extras
manage_stable
Data type: Boolean
Manage the Icinga stable repository. Disabled by setting to 'false'. Defaults to 'true'.
manage_testing
Data type: Boolean
Manage the Icinga testing repository to get access to release candidates. Enabled by setting to 'true'. Defaults to 'false'.
manage_nightly
Data type: Boolean
Manage the Icinga snapshot repository to get access to nightly snapshots. Enabled by setting to 'true'. Defaults to 'false'.
configure_backports
Data type: Boolean
Enables or Disables the backports repository. Has only an effect on plattforms simular to Debian. To configure the backports repo uses apt::backports in hiera.
manage_epel
Data type: Boolean
Manage the EPEL (Extra Packages Enterprise Linux) repository that is needed for some package like newer Boost libraries. Has only an effect on plattforms simular to RedHat Enterprise.
manage_powertools
Data type: Boolean
Manage the PowerTools repository that is needed for some package like nagios-plugins on Linux Enterprise systems like Alma 8, Rocky 8 and CentOS Stream 8.
manage_crb
Data type: Boolean
Manage the CRB repository that is needed for some package like nagios-plugins on Linux Enterprise systems like Alma 9, Rocky 9 and CentOS Stream 9.
manage_server_monitoring
Data type: Boolean
Manage the 'server:monitoring' repository on SLES platforms that is needed for some package like monitoring-plugins-common. Additional also the 'monitoring-plugins' are provided by this repository. Bye default the repository is added with a lower priority of 120.
manage_plugins
Data type: Boolean
Manage the NETWAYS plugins repository that provides some packages for additional plugins.
manage_extras
Data type: Boolean
Manage the NETWAYS extras repository that provides some packages for extras.
icinga::server
Setup a Icinga server.
Parameters
The following parameters are available in the icinga::server
class:
ca
config_server
zone
colocation_endpoints
workers
global_zones
ca_server
ticket_salt
web_api_user
web_api_pass
director_api_user
director_api_pass
logging_type
logging_level
run_web
ca
Data type: Boolean
Enables a CA on this node.
Default value: false
config_server
Data type: Boolean
Enables that this node is the central configuration server.
Default value: false
zone
Data type: String
Name of the Icinga zone.
Default value: 'main'
colocation_endpoints
Data type: Hash[String,Hash]
When the zone includes more than one endpoint, set here the additional endpoint(s). Icinga supports two endpoints per zone only.
Default value: {}
workers
Data type: Hash[String,Hash]
All worker zones with key 'endpoints' for endpoint objects.
Default value: {}
global_zones
Data type: Array[String]
List of global zones to configure.
Default value: []
ca_server
Data type: Optional[Stdlib::Host]
The CA to send the certificate request to.
Default value: undef
ticket_salt
Data type: Optional[Icinga::Secret]
Set an alternate ticket salt to icinga::ticket_salt from Hiera.
Default value: undef
web_api_user
Data type: String
Icinga API user to connect Icinga 2. Notice: user is only created if a password is set.
Default value: 'icingaweb2'
web_api_pass
Data type: Optional[Icinga::Secret]
Icinga API user password.
Default value: undef
director_api_user
Data type: String
Icinga API director user to connect Icinga 2. Notice: user is only created if a password is set.
Default value: 'director'
director_api_pass
Data type: Optional[Icinga::Secret]
Icinga API director user password.
Default value: undef
logging_type
Data type: Enum['file', 'syslog']
Switch the log target. Only file
is supported on Windows.
Default value: 'file'
logging_level
Data type: Optional[Icinga::LogLevel]
Set the log level.
Default value: undef
run_web
Data type: Boolean
Prepare to run Icinga Web 2 on the same machine. Manage a group icingaweb2
and add the Icinga user to this group.
Default value: false
icinga::web
Setup Icinga Web 2 including a database backend for user settings, PHP and a Webserver.
Parameters
The following parameters are available in the icinga::web
class:
default_admin_user
default_admin_pass
db_pass
apache_cgi_pass_auth
db_type
db_host
db_port
db_name
db_user
manage_database
api_host
api_user
api_pass
default_admin_user
Data type: String
Set the initial name of the admin user.
Default value: 'icingaadmin'
default_admin_pass
Data type: Icinga::Secret
Set the initial password for the admin user.
Default value: 'icingaadmin'
db_pass
Data type: Icinga::Secret
Password to connect the database.
apache_cgi_pass_auth
Data type: Boolean
Either turn on or off the apache cgi pass thru auth. An option available since Apache v2.4.15 and required for authenticated access to the Icinga Web Api.
db_type
Data type: Enum['mysql', 'pgsql']
What kind of database type to use.
Default value: 'mysql'
db_host
Data type: Stdlib::Host
Database host to connect.
Default value: 'localhost'
db_port
Data type: Optional[Stdlib::Port::Unprivileged]
Port to connect. Only affects for connection to remote database hosts.
Default value: undef
db_name
Data type: String
Name of the database.
Default value: 'icingaweb2'
db_user
Data type: String
Database user name.
Default value: 'icingaweb2'
manage_database
Data type: Boolean
Create database.
Default value: false
api_host
Data type: Variant[Stdlib::Host, Array[Stdlib::Host]]
Single or list of Icinga 2 API endpoints to connect.
Default value: 'localhost'
api_user
Data type: String
Icinga 2 API user.
Default value: 'icingaweb2'
api_pass
Data type: Icinga::Secret
Password to connect the Icinga 2 API.
icinga::web::database
Setup Icinga Web 2 database for user settings.
Parameters
The following parameters are available in the icinga::web::database
class:
db_type
Data type: Enum['mysql','pgsql']
What kind of database type to use.
web_instances
Data type: Array[Stdlib::Host]
List of Hosts to allow write access to the database. Usually an Icinga Web 2 instance.
db_pass
Data type: Icinga::Secret
Password to connect the database.
db_name
Data type: String
Name of the database.
Default value: 'icingaweb2'
db_user
Data type: String
Database user name.
Default value: 'icingaweb2'
tls
Data type:
Variant[Boolean,
Enum['password','cert']]
Access only for TLS encrypted connections. Authentication via password
or cert
,
value true
means password auth.
Default value: false
icinga::web::director
Setup Director module for Icinga Web 2
Parameters
The following parameters are available in the icinga::web::director
class:
service_ensure
service_enable
db_type
db_host
db_port
db_name
db_user
db_pass
endpoint
manage_database
api_host
api_user
api_pass
service_ensure
Data type: Stdlib::Ensure::Service
Manages if the Director service should be stopped or running.
Default value: 'running'
service_enable
Data type: Boolean
If set to true the Director service will start on boot.
Default value: true
db_type
Data type: Enum['mysql', 'pgsql']
Type of your database. Either mysql
or pgsql
.
Default value: 'mysql'
db_host
Data type: Stdlib::Host
Hostname of the database.
Default value: 'localhost'
db_port
Data type: Optional[Stdlib::Port]
Port of the database.
Default value: undef
db_name
Data type: String
Name of the database.
Default value: 'director'
db_user
Data type: String
Username for DB connection.
Default value: 'director'
db_pass
Data type: Icinga::Secret
Password for DB connection.
endpoint
Data type: String
Endpoint object name of Icinga 2 API.
manage_database
Data type: Boolean
Create database and import schema.
Default value: false
api_host
Data type: Stdlib::Host
Icinga 2 API hostname.
Default value: 'localhost'
api_user
Data type: String
Icinga 2 API username.
Default value: 'director'
api_pass
Data type: Icinga::Secret
Icinga 2 API password.
icinga::web::director::database
Setup Director database.
Parameters
The following parameters are available in the icinga::web::director::database
class:
db_type
Data type: Enum['mysql','pgsql']
What kind of database type to use.
web_instances
Data type: Array[Stdlib::Host]
List of Hosts to allow write access to the database. Usually an Icinga Web 2 instance.
db_pass
Data type: Icinga::Secret
Password to connect the database.
db_name
Data type: String
Name of the database.
Default value: 'director'
db_user
Data type: String
Database user name.
Default value: 'director'
tls
Data type:
Variant[Boolean,
Enum['password','cert']]
Access only for TLS encrypted connections. Authentication via password
or cert
,
value true
means password auth.
Default value: false
icinga::web::icingadb
Setup IcingaDB module for the new backend.
Parameters
The following parameters are available in the icinga::web::icingadb
class:
db_type
db_host
db_port
db_name
db_user
db_pass
redis_host
redis_port
redis_pass
redis_primary_host
redis_primary_port
redis_primary_pass
redis_secondary_host
redis_secondary_port
redis_secondary_pass
db_type
Data type: Enum['mysql', 'pgsql']
What kind of database type to use as backend.
db_host
Data type: Stdlib::Host
Database host to connect for the backenend.
Default value: 'localhost'
db_port
Data type: Optional[Stdlib::Port::Unprivileged]
Port to connect the backend.
Default value: undef
db_name
Data type: String
Name of the database backend.
Default value: 'icingadb'
db_user
Data type: String
Database backend user name.
Default value: 'icingadb'
db_pass
Data type: Icinga::Secret
Password to connect the backend.
redis_host
Data type: Stdlib::Host
Redis host to connect.
Default value: 'localhost'
redis_port
Data type: Optional[Stdlib::Port]
Connect redis_host
om this port.
Default value: undef
redis_pass
Data type: Optional[Icinga::Secret]
Password for Redis connection.
Default value: undef
redis_primary_host
Data type: Stdlib::Host
Alternative parameter to use for redis_host
. Useful for high availability environments.
Default value: $redis_host
redis_primary_port
Data type: Optional[Stdlib::Port]
Alternative parameter to use for redis_port
. Useful for high availability environments.
Default value: $redis_port
redis_primary_pass
Data type: Optional[Icinga::Secret]
Alternative parameter to use for redis_passwod
. Useful for high availability environments.
Default value: $redis_pass
redis_secondary_host
Data type: Optional[Stdlib::Host]
Fallback Redis host to connect if the first one fails.
Default value: undef
redis_secondary_port
Data type: Optional[Stdlib::Port]
Port to connect on the fallback Redis server.
Default value: undef
redis_secondary_pass
Data type: Optional[Icinga::Secret]
Password for the second Redis server.
Default value: undef
icinga::web::monitoring
Setup Monitoring module for the IDO backend.
Parameters
The following parameters are available in the icinga::web::monitoring
class:
db_type
Data type: Enum['mysql', 'pgsql']
What kind of database type to use as IDO backend.
Default value: 'mysql'
db_host
Data type: Stdlib::Host
Database host to connect for the IDO backenend.
Default value: 'localhost'
db_port
Data type: Optional[Stdlib::Port::Unprivileged]
Port to connect the IDO backend.
Default value: undef
db_name
Data type: String
Name of the IDO database backend.
Default value: 'icinga2'
db_user
Data type: String
IDO database backend user name.
Default value: 'icinga2'
db_pass
Data type: Icinga::Secret
Pasword to connect the IDO backend.
icinga::web::reporting
Setup the reporting module for Icinga Web 2
Parameters
The following parameters are available in the icinga::web::reporting
class:
service_ensure
Data type: Stdlib::Ensure::Service
Manages if the reporting service should be stopped or running.
Default value: 'running'
service_enable
Data type: Boolean
If set to true the reporting service will start on boot.
Default value: true
db_type
Data type: Enum['mysql', 'pgsql']
Type of your database.
db_host
Data type: Stdlib::Host
Hostname of the database.
Default value: 'localhost'
db_port
Data type: Optional[Stdlib::Port]
Port of the database.
Default value: undef
db_name
Data type: String
Name of the database.
Default value: 'reporting'
db_user
Data type: String
Username for DB connection.
Default value: 'reporting'
db_pass
Data type: Icinga::Secret
Password for DB connection.
manage_database
Data type: Boolean
Create database and import schema.
Default value: false
mail
Data type: Optional[String]
Mails are sent with this sender address.
Default value: undef
icinga::web::reporting::database
Setup the reporting database.
Parameters
The following parameters are available in the icinga::web::reporting::database
class:
db_type
Data type: Enum['mysql','pgsql']
What kind of database type to use.
web_instances
Data type: Array[Stdlib::Host]
List of Hosts to allow write access to the database. Usually an Icinga Web 2 instance.
db_pass
Data type: Icinga::Secret
Password to connect the database.
db_name
Data type: String
Name of the database.
Default value: 'reporting'
db_user
Data type: String
Database user name.
Default value: 'reporting'
tls
Data type:
Variant[Boolean,
Enum['password','cert']]
Access only for TLS encrypted connections. Authentication via password
or cert
,
value true
means password auth.
Default value: false
icinga::web::vspheredb
Setup VSphereDB module for Icinga Web 2
Parameters
The following parameters are available in the icinga::web::vspheredb
class:
service_ensure
Data type: Stdlib::Ensure::Service
Manages if the VSphereDB service should be stopped or running.
Default value: 'running'
service_enable
Data type: Boolean
If set to true the VSphereDB service will start on boot.
Default value: true
db_type
Data type: Enum['mysql']
Type of your database. At the moment only mysql
is supported by the Icinga team.
Default value: 'mysql'
db_host
Data type: Stdlib::Host
Hostname of the database.
Default value: 'localhost'
db_port
Data type: Optional[Stdlib::Port]
Port of the database.
Default value: undef
db_name
Data type: String
Name of the database.
Default value: 'vspheredb'
db_user
Data type: String
Username for DB connection.
Default value: 'vspheredb'
db_pass
Data type: Icinga::Secret
Password for DB connection.
manage_database
Data type: Boolean
Create database and import schema.
Default value: false
icinga::web::vspheredb::database
Setup VSphereDB database.
Parameters
The following parameters are available in the icinga::web::vspheredb::database
class:
db_type
Data type: Enum['mysql']
What kind of database type to use.
web_instances
Data type: Array[Stdlib::Host]
List of Hosts to allow write access to the database. Usually an Icinga Web 2 instance.
db_pass
Data type: Icinga::Secret
Password to connect the database.
db_name
Data type: String
Name of the database.
Default value: 'vspheredb'
db_user
Data type: String
Database user name.
Default value: 'vspheredb'
tls
Data type:
Variant[Boolean,
Enum['password','cert']]
Access only for TLS encrypted connections. Authentication via password
or cert
,
value true
means password auth.
Default value: false
icinga::web::x509
Setup the x509 module for Icinga Web 2
Parameters
The following parameters are available in the icinga::web::x509
class:
service_ensure
Data type: Stdlib::Ensure::Service
Manages if the x509 service should be stopped or running.
Default value: 'running'
service_enable
Data type: Boolean
If set to true the x509 service will start on boot.
Default value: true
db_type
Data type: Enum['mysql', 'pgsql']
Type of your database.
db_host
Data type: Stdlib::Host
Hostname of the database.
Default value: 'localhost'
db_port
Data type: Optional[Stdlib::Port]
Port of the database.
Default value: undef
db_name
Data type: String
Name of the database.
Default value: 'x509'
db_user
Data type: String
Username for DB connection.
Default value: 'x509'
db_pass
Data type: Icinga::Secret
Password for DB connection.
manage_database
Data type: Boolean
Create database and import schema.
Default value: false
icinga::web::x509::database
Setup the x509 database.
Parameters
The following parameters are available in the icinga::web::x509::database
class:
db_type
Data type: Enum['mysql','pgsql']
What kind of database type to use.
web_instances
Data type: Array[Stdlib::Host]
List of Hosts to allow write access to the database. Usually an Icinga Web 2 instance.
db_pass
Data type: Icinga::Secret
Password to connect the database.
db_name
Data type: String
Name of the database.
Default value: 'x509'
db_user
Data type: String
Database user name.
Default value: 'x509'
tls
Data type:
Variant[Boolean,
Enum['password','cert']]
Access only for TLS encrypted connections. Authentication via password
or cert
,
value true
means password auth.
Default value: false
icinga::worker
Setup a Icinga worker (aka satellite).
Parameters
The following parameters are available in the icinga::worker
class:
ca_server
zone
parent_zone
parent_endpoints
colocation_endpoints
workers
global_zones
logging_type
logging_level
run_web
ca_server
Data type: Stdlib::Host
The CA to send the certificate request to.
zone
Data type: String
Name of the Icinga zone.
parent_zone
Data type: String
Name of the parent Icinga zone.
Default value: 'main'
parent_endpoints
Data type: Hash[String, Hash]
Configures these endpoints of the parent zone.
colocation_endpoints
Data type: Hash[String, Hash]
When the zone includes more than one endpoint, set here the additional endpoint(s). Icinga supports two endpoints per zone only.
Default value: {}
workers
Data type: Hash[String, Hash]
All cascading worker zones with key 'endpoints' for endpoint objects.
Default value: {}
global_zones
Data type: Array[String]
List of global zones to configure.
Default value: []
logging_type
Data type: Enum['file', 'syslog']
Switch the log target. Only file
is supported on Windows.
Default value: 'file'
logging_level
Data type: Optional[Icinga::LogLevel]
Set the log level.
Default value: undef
run_web
Data type: Boolean
Prepare to run Icinga Web 2 on the same machine. Manage a group icingaweb2
and add the Icinga user to this group.
Default value: false
Defined types
icinga::cert
A class to generate tls key, cert and cacert files.
Parameters
The following parameters are available in the icinga::cert
defined type:
args
Data type: Icinga::Certificate
A config hash with the keys: key_file, cert_file, cacert_file, key, cert and cacert
owner
Data type: String
Owner of the files.
group
Data type: String
Group membership of all files.
Functions
icinga::cert::files
Type: Puppet Language
Choose the path of tls key, cert and ca file.
icinga::cert::files(String $name, Optional[Stdlib::Absolutepath] $default_dir, Optional[Stdlib::Absolutepath] $key_file = undef, Optional[Stdlib::Absolutepath] $cert_file = undef, Optional[Stdlib::Absolutepath] $cacert_file = undef, Optional[Variant[String, Sensitive]] $key = undef, Optional[String] $cert = undef, Optional[String] $cacert = undef)
The icinga::cert::files function.
Returns: Hash
Returned hash includes all paths and the key, cert and cacert.
name
Data type: String
default_dir
Data type: Optional[Stdlib::Absolutepath]
key_file
Data type: Optional[Stdlib::Absolutepath]
cert_file
Data type: Optional[Stdlib::Absolutepath]
cacert_file
Data type: Optional[Stdlib::Absolutepath]
key
Data type: Optional[Variant[String, Sensitive]]
cert
Data type: Optional[String]
cacert
Data type: Optional[String]
icinga::db::connect
Type: Puppet Language
This function returns a string to connect databases with or without TLS information.
`icinga::db::connect(Struct[{
type => Enum['pgsql','mysql','mariadb'],
host => Stdlib::Host,
port => Optional[Stdlib::Port],
database => String,
username => String,
password => Optional[Variant[String, Sensitive[String]]],
}] $db, Hash[String, Any] $tls, Optional[Boolean] $use_tls = undef, Optional[Enum['verify-full', 'verify-ca']] $ssl_mode = undef)`
The icinga::db::connect function.
Returns: String
Connection string to connect database.
db
Data type:
Struct[{
type => Enum['pgsql','mysql','mariadb'],
host => Stdlib::Host,
port => Optional[Stdlib::Port],
database => String,
username => String,
password => Optional[Variant[String, Sensitive[String]]],
}]
Data hash with database information.
tls
Data type: Hash[String, Any]
Data hash with TLS connection information.
use_tls
Data type: Optional[Boolean]
Wether or not to use TLS encryption.
ssl_mode
Data type: Optional[Enum['verify-full', 'verify-ca']]
Enable SSL connection mode.
icinga::newline
Type: Puppet Language
Replace newlines for Windows systems.
icinga::newline(Optional[String] $text)
The icinga::newline function.
Returns: String
Text with correct newlines.
text
Data type: Optional[String]
icinga::prepare_web
Type: Puppet Language
This funktion checks for web preparation and display a warning if fails
icinga::prepare_web(String $icingamod)
The icinga::prepare_web function.
Returns: Any
Nothing, statement function.
icingamod
Data type: String
icinga::unwrap
Type: Puppet Language
This function returns an unwrap string if necessary.
icinga::unwrap(Optional[Variant[String, Sensitive[String]]] $arg = undef)
The icinga::unwrap function.
Returns: Any
The unwraped string.
arg
Data type: Optional[Variant[String, Sensitive[String]]]
Data types
Icinga::Certificate
A strict type for a certificate
Alias of
Struct[{
cert => Optional[String],
key => Optional[Variant[String, Sensitive[String]]],
cacert => Optional[String],
insecure => Optional[Boolean],
cert_file => Optional[Stdlib::Absolutepath],
key_file => Optional[Stdlib::Absolutepath],
cacert_file => Optional[Stdlib::Absolutepath],
}]
Icinga::LogLevel
A strict type for log levels
Alias of Enum['debug', 'information', 'notice', 'warning', 'critical']
Icinga::Secret
A strict type for the secrets like passwords or keys
Alias of Variant[String, Sensitive[String]]
Changelog
v4.2.1 (2024-02-07)
Fixed bugs:
v4.2.0 (2024-02-07)
Implemented enhancements:
- Extend connection functionn to use ssl_mode #110 (SimonHoenscheid)
Closed issues:
- Support SUSE based distros #59
v4.1.1 (2023-12-21)
Fixed bugs:
- Add PostgreSQL 15 support #100
Closed issues:
- Add example for an Icinga HA and TLS based with dedicated MariaDB/MySQL and Icinga Web #101
v4.1.0 (2023-11-28)
Implemented enhancements:
- Add feature to add additional zones to server and workers e.g. for cascading satellites #99
- Add order to global zones to have them at the end of the file zones.conf #98
v4.0.0 (2023-11-23)
Implemented enhancements:
- Fix the icingaweb2 modules to run with older puppet-icingaweb2 than 4… #95 (lbetz)
- Add new parameter to mange a additional config dir like conf.d #94 (lbetz)
- Add Puppet 8 Support #93 (lbetz)
- Add x509 module support #87 (lbetz)
Fixed bugs:
- Add missing grants on mysql Ido database for idoreports #97
- mysql:db above 13.1.0 requires an array for the tis_options #91
- Fix some issues if tls and noverify for mariadb/mysql #96 (lbetz)
Closed issues:
v3.2.1 (2023-04-15)
Fixed bugs:
v3.2.0 (2023-03-10)
Implemented enhancements:
- Install icingaweb2 model pdfexport by default #85 (lbetz)
- Add additional Apache vhost support, add apache module proxy_http #84 (lbetz)
Fixed bugs:
v3.1.1 (2023-03-05)
Fixed bugs:
v3.1.0 (2023-03-05)
Implemented enhancements:
- Add classes to manage idoreports #47
- Add support for reporting #81 (lbetz)
- Add warning for CRB on unsupported os #77 (lbetz)
Fixed bugs:
- Turn on backports for Debian Buster by default #79
- Install pgcrypto extension via contrib class #80 (lbetz)
- fix broken idempotency on Debian #78 (lbetz)
Merged pull requests:
v3.0.1 (2023-02-02)
Fixed bugs:
v3.0.0 (2023-01-31)
Implemented enhancements:
- Add Ubuntu jammy support #62
- Add datatype sensitive to all passwords in all classes #73 (lbetz)
- Add IcingaDB support #72 (lbetz)
Closed issues:
v2.9.1 (2023-01-02)
Fixed bugs:
- Database schema import always failed for PostgreSQL #71
- error: Could not find template 'icinga/apache_custom_default.conf' #70
v2.9.0 (2022-12-27)
Implemented enhancements:
- Add management of databases for icingadb #66
- Fix Warnings and Errors from pdk validate #37
- Add param manage_crb to class icinga::repos #68 (lbetz)
v2.8.0 (2022-07-26)
Implemented enhancements:
- Add parameter for initial admin user and password to Icinga Web 2 #65
- Remove management of redis #64
Fixed bugs:
- The director database requires the postgresql extention pgcrypto #61
- Support Alma and Rocky Linux #55
v2.7.1 (2022-05-30)
Fixed bugs:
- Fix unsupported apache feature CGIPassAuth for older version like on RHEL7 #58
v2.7.0 (2022-03-08)
Implemented enhancements:
- Add support to manage repo server_monitoring on SLES #57
- Change apache mpm from worker to event #53
- Manage PowerTools on CentOS8 and other clones #42
Fixed bugs:
- Remove management of Fedora's EPEL from OracleLinux #56
v2.6.1 (2022-01-14)
Fixed bugs:
- Do not set an api user for the director and icingaweb2 if the password is empty #54
- Add missing mime apache module #52
v2.6.0 (2022-01-05)
Implemented enhancements:
v2.5.0 (2021-12-03)
Implemented enhancements:
- Add parameter to icinga to manage icingaweb2 group for the use of icingacli as plugins #49
- Add vshperedb support #45
Fixed bugs:
- Ubuntu focal does not know charset utf8 for mysql #48
- Idempotency of icinga::web::director is broken #44
v2.4.2 (2021-12-01)
Fixed bugs:
- set import_schema in web class to hiera lookup #34
v2.4.1 (2021-11-05)
Fixed bugs:
- Debian Bullseye support is broken #43
v2.4.0 (2021-11-05)
Implemented enhancements:
- Remove listen from icinga::web #40
- Extend icinga::database with a parameter to set database encoding #39
- Add director support #38
v2.3.3 (2021-09-03)
Fixed bugs:
- Namespace function postgresql::postgresql_password does not work on Puppet 5 #36
v2.3.2 (2021-08-17)
Fixed bugs:
- using data types of another module breaks puppet 5 compatibility #35
v2.3.1 (2021-06-21)
Fixed bugs:
- NETWAYS repos named the suffix -release by there packages #33
v2.3.0 (2021-06-05)
Implemented enhancements:
Fixed bugs:
- web_api_user has to manage only on config_server's #30
- Parameter api_host of class web should be also a list of Stdlib::Host #29
- Option to switch off the package management on windows #27
v2.2.0 (2021-05-19)
Implemented enhancements:
- Add direct management of logging to server, worker and agent #23
- Rework unit tests for class repos #19
- Add management of extra packages #17
v2.1.4 (2021-05-04)
Fixed bugs:
- Broken dependency for yumrepos #22
v2.1.3 (2021-05-04)
Fixed bugs:
v2.1.2 (2021-04-26)
Fixed bugs:
- Setting config_server manage a zones directory named zone #18
v2.1.1 (2021-04-26)
Fixed bugs:
- Setting manage for any repo does not work #16
v2.1.0 (2021-04-24)
Implemented enhancements:
- Add new class to manage Icinga Web 2 #15
- Add new class to supports IDO #14
- Add new classes for simple managing #13
- Add new repo packages.netways.de/plugins #12
- Add new repo packages.netways.de/extras #11
Closed issues:
- Fresh roll-out apt_key dependency error #10
- Duplicate declaration: Yumrepo[epel] is already declared #9
v2.0.0 (2021-01-11)
Fixed bugs:
- Change Management Behavoir for Repositories #6
Closed issues:
- Add Dependency to puppet-redis #8
v1.0.3 (2020-10-22)
Fixed bugs:
v1.0.2 (2020-10-13)
Implemented enhancements:
Closed issues:
- correct fixtures and metadata #4
v0.1.2 (2020-04-21)
v0.1.1 (2020-04-20)
v0.1.0 (2020-04-20)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 6.6.0 < 10.0.0)
- puppetlabs/apt (>= 7.7.0 < 10.0.0)
- puppet/zypprepo (>= 4.0.0 < 6.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.