Version information
This version is compatible with:
- Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 6.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-simp_grafana', '1.0.6'Learn more about managing modules with a PuppetfileDocumentation
Reference
Table of Contents
Classes
simp_grafana: Class: simp_grafana This module acts as a SIMP wrapper ("profile") for the Puppet, Inc. Approved Grafana module written by Bill Fraser and msimp_grafana::config::firewall: Class simp_grafana::config::firewall This class is meant to be called from simp_grafana. It ensures that firewall rules are defined.simp_grafana::config::pki: Class: simp_grafana::config::config::pki This class is meant to be called from simp_grafana. It ensures that pki rules are defined.simp_grafana::params: Class: simp_grafana::params This class is meant to be called from simp_grafana. It sets variables according to platform.
Classes
simp_grafana
Class: simp_grafana
This module acts as a SIMP wrapper ("profile") for the Puppet, Inc. Approved Grafana module written by Bill Fraser and maintained by Vox Pupuli. It sets baseline of secure defaults and integrates Grafana with other SIMP components.
Welcome to SIMP!
This module is a component of the System Integrity Management Platform (SIMP), a managed security compliance framework built on Puppet.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
-
As a SIMP wrapper module, the defaults use the larger SIMP ecosystem to manage security compliance settings from the Puppet server.
-
If used independently, all SIMP-managed security subsystems may be disabled via the
firewallandpkisettings.
Parameters
Examples
- Note If SIMP integration is not required, direct use of the component Grafana module is advised.
Examples
Resource-style class declaration
class { 'simp_grafana':
firewall => true,
pki => true,
trusted_nets => ['10.255.0.0/16'],
cfg => { 'auth.ldap' => { enabled => true } },
ldap_cfg => {
verbose_logging => true,
servers => [
{
host => 'ldap.example.com',
# @note: If using Puppet 3.x, the param `port` MUST use arithmetic.
# If it does not, it will be converted into a string and the LDAP
# configuration file will fail to load with a type error.
port => 635 + 1,
use_ssl => true,
bind_dn => 'uid=grafana,ou=Services,dc=test',
bind_password => '123$%^qweRTY',
search_filter => '(uid=%s)',
search_base_dns => ['ou=People,dc=test'],
group_search_filter => '(&(objectClass=posixGroup)(memberUid=%s))',
group_search_base_dns => ['ou=Group,dc=test'],
attributes => {
name => 'givenName',
surname => 'sn',
username => 'uid',
member_of => 'gidNumber',
email => 'mail',
},
group_mappings => [
{ group_dn => '50000', org_role => 'Admin' },
{ group_dn => '50001', org_role => 'Editor' },
],
},
],
},
}
Parameters
The following parameters are available in the simp_grafana class.
trusted_nets
Data type: Simplib::Netlist
A whitelist of subnets (in CIDR notation) permitted access.
Default value: $::simp_grafana::params::trusted_nets
firewall
Data type: Boolean
If true, manage firewall rules to accommodate simp_grafana.
Default value: $::simp_grafana::params::firewall
pki
Data type: Variant[Boolean,Enum['simp']]
- If 'simp', include SIMP's pki module and use pki::copy to manage application certs in /etc/pki/simp_apps/grafana/x509
- If true, do not include SIMP's pki module, but still use pki::copy to manage certs in /etc/pki/simp_apps/grafana/x509
- If false, do not include SIMP's pki module and do not use pki::copy
to manage certs. You will need to appropriately assign a subset of:
- app_pki_dir
- app_pki_key
- app_pki_cert
- app_pki_ca
- app_pki_ca_dir
Default value: simplib::lookup('simp_options::pki', { 'default_value' => false })
app_pki_external_source
Data type: String
-
If pki = 'simp' or true, this is the directory from which certs will be copied, via pki::copy. Defaults to /etc/pki/simp/x509.
-
If pki = false, this variable has no effect.
Default value: simplib::lookup('simp_options::pki::source', { 'default_value' => '/etc/pki/simp/x509' })
app_pki_dir
NOTE: Controlled in params.pp This variable controls the basepath of $app_pki_key, $app_pki_cert, $app_pki_ca, $app_pki_ca_dir, and $app_pki_crl. It defaults to /etc/pki/simp_apps/grafana/x509.
app_pki_key
NOTE: Controlled in params.pp Path and name of the private SSL key file
app_pki_cert
NOTE: Controlled in params.pp Path and name of the public SSL certificate
cfg
Data type: Hash
A passthrough to the Grafana component module, this will be
merged with the SIMP defaults in ::simp_grafana::params.
Default value: {}
ldap_cfg
Data type: Hash
A passthrough to the Grafana component module.
merged with the SIMP defaults in ::simp_grafana::params.
@note If using Puppet 3.x, Integer values in this Hash must be declared with
arithmetic expression to avoid converison to a String. For example, to
set a value to 1, the value should be declared as 0 + 1.
Default value: {}
install_method
Data type: String
A passthrough to the Grafana module, this sets the installation method of Grafana to a repository by default since this is the SIMP preferred method for installing packages.
Default value: 'repo'
use_internet_repo
Data type: Boolean
If set, allow the ::grafana module to point to the appropriate package repository on the Internet automatically.
Default value: false
version
Data type: String
Version of grafana to install
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
rpm_iteration
Data type: String
Default value: '1'
simp_dashboards
Data type: Boolean
Install SIMP dashboards
Default value: false
simp_grafana::config::firewall
Class simp_grafana::config::firewall
This class is meant to be called from simp_grafana. It ensures that firewall rules are defined.
simp_grafana::config::pki
Class: simp_grafana::config::config::pki
This class is meant to be called from simp_grafana. It ensures that pki rules are defined.
simp_grafana::params
Class: simp_grafana::params
This class is meant to be called from simp_grafana. It sets variables according to platform.
- Mon Oct 29 2018 Liz Nemsick lnemsick.simp@gmail.com - 1.0.6-0
- Fix bug in resource ordering of pki::copy and grafana::service
- Use simplib::passgen() in lieu of deprecated passgen()
- Update badges and contribution guide URL in README.md
- Tue Sep 11 2018 Nicholas Markowski nicholas.markowski@onyxpoint.com - 1.0.6-0
- Updated $app_pki_external_source to accept any string. This matches the functionality of pki::copy.
- Thu Jun 14 2018 Nick Miller nick.miller@onyxpoint.com - 1.0.6-0
- Update systemd fixtures and CI assets
- Add support for Puppet 5 and OEL
- Fri Feb 16 2018 Liz Nemsick liz.nemsick-simp@gmail.com - 1.0.5-0
- Update upper range of puppet/grafana module dependency to < 5.0.0
- Update README to include section on rubygem-puppetserver-toml
- Wed Jul 12 2017 Liz Nemsick liz.nemsick-simp@gmail.com - 1.0.4-0
- Workaround 2-pass grafana rpm install issue in acceptance tests
- Update README to reflect SIMP 6 global catalysts.
- Tue May 09 2017 Liz Nemsick liz.nemsick-simp@gmail.com - 1.0.4-0
- Update to latest Grafana (4.2.0) and Elasticsearch (5.4.0)
- simp_grafana::version now defaults to 'latest'
- Confine puppet version in metadata.json
- Fri Mar 23 2017 Trevor Vaughan tvaughan@onyxpoint.com - 1.0.3-0
- Fixed the Beaker tests
- Thu Mar 09 2017 Liz Nemsick liz.nemsick-simp@gmail.com - 1.0.2-0
- Update grafana GPG key used in acceptance test
- Mon Jan 23 2017 Nick Miller nick.miller@onyxpoint.com, Jeanne Greulich jeannegreulich@onyxpoint.com - 1.0.1-0
- Update module for Puppet 4
- Strong type module
- Update dependencies
- Thu Dec 02 2016 Nick Markowski nmarkowski@keywcorp.com - 1.0.1-0
- Removed pupmod-simp-sysctl in favor of augeas-sysctl
- Wed Nov 23 2016 Jeanne Greulich jgreulich@onyxpoint.com - 1.0.0-0
- Update major version for SIMP 6
- Wed Nov 16 2016 Liz Nemsick lnemsick.simp@gmail.com Nick Markowski nmarkowski@keywcorp.com - 0.1.2-0
- Updated iptables dependency version
- Removed vagrant-wrapper from the gemfile
- Sun Sep 25 2016 Ralph Wright rwright@onyxpoint.com - 0.1.1-0
- A few minor fixes for seemless install
- Added option to install SIMP dashboards
- Added option to allow SIMP dashboards to be installed
- Tue Jul 11 2016 Lucas Yamanishi lucas.yamanishi@onyxpoint.com - 0.1.0-0
- Initial Release
Dependencies
- puppet/grafana (>= 3.0.0 < 5.0.0)
- puppetlabs/stdlib (>= 4.13.1 < 5.0.0)
- simp/iptables (>= 6.0.0 < 7.0.0)
- simp/pki (>= 6.0.0 < 7.0.0)
- simp/simp_openldap (>= 6.0.0 < 7.0.0)
- simp/simplib (>= 3.5.0 < 4.0.0)
simp_grafana - A profile module to integrate Grafana with SIMP
Copyright 2016 Onyx Point, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.