Posted on by alteholz

TDC: Test-driven configuration, the first module

The first module I want to develop with TDC is just a small one. I want to distribute email certificates obtained by Lets Encrypt to some email servers:

 class email_cert {

 }

I am using the puppet module puppet-tdc , that is at the moment only available on github.

The first things to add are some tests:

 class email_cert {
  class{'tdc':
  }
  class{'tdc::test_directory':
     directory    => ['/etc/email-cert'],
  }
  class{'tdc::test_file':
     file    => ['/etc/email-cert/mail-fullchain.pem', '/etc/email-cert/mail-privkey.pem'],
  }
 }

I am using the new class tdc and want to check whether the directory for the certificates is available and whether the certificates itself are there.

Great, after awhile my nagios shows lots of red stuff. Every server that uses my new class email_cert is automatically creating tests for nagios and distributes them. All of them fail.

So now it is time for the real data:

class email_cert {

  class{'tdc':
  }
  class{'tdc::test_directory':
     directory    => ['/etc/email-cert'],
  }
  class{'tdc::test_file':
     file    => ['/etc/email-cert/mail-fullchain.pem', '/etc/email-cert/mail-privkey.pem'],
  }

  file { [ '/etc/email-cert', 
         ]:
          ensure => 'directory',
          mode   => '750',
          owner  => 'Debian-exim',
          group  => 'nagios',
       }
  file { 'cert-fullchain.pem': 
         path    => "/etc/email-cert/mail-fullchain.pem", 
         ensure  => file, 
         mode    => '640',
         owner   => 'Debian-exim',
         group   => 'nagios',
         source  => "puppet:///modules/email_cert/cert/mail-$fqdn-fullchain.pem"
  } 
  file { 'cert-privkey.pem': 
         path    => "/etc/email-cert/mail-privkey.pem", 
         ensure  => file, 
         mode    => '640',
         owner   => 'Debian-exim',
         group   => 'nagios',
         source  => "puppet:///modules/email_cert/cert/mail-$fqdn-privkey.pem"
  } 
 }

After waiting some time, my nagios calms down and everything is green again. According to aNag, I also got 30 new tests.

Of course I had to change the config of nrpe and nagios a bit. In nrpe_local.cfg I had to add:

include_dir=/usr/local/nagios/tdc/config

in order to let nrpe know those newly created tests on the puppet agent.

I also had to tell the nagios server via its puppet module, that there is a new directory containing config data:

      file { '/etc/nagios4/conf.d/tdc':
          ensure => 'directory',
          source => 'puppet:///modules/nagios4_server/tdc',
          recurse => 'remote',
          path => '/etc/nagios4/conf.d/tdc',
          owner => 'root',
          group => 'root',
          mode  => '0755',
          notify  => Service["nagios4"],
        }