Add pg_hba rule to allow zabbix server #411 (#412)

* Add pg_hba rule to allow zabbix server Add a pg_hba rule to aways add this rule for allow zabbix server connect to database. #411 * Rake fix * Add database_host_ip param * Include validation for database host ip and server ip * include spec for zabbix_database in another server than zabbix_server and zabbix_web * fix param * Include databsse_host_ip on spec for multiple module * allow create pg_hba rule for zabbix_server alson when database_host is not setted * if fixing * Spell fix * fix spell
voxpupuli · Jun 26, 2017 · 2b8814e · 2b8814e
1 parent 3f7bb07
commit 2b8814e
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 6 deletions.
diff --git a/manifests/database.pp b/manifests/database.pp
@@ -126,6 +126,7 @@
   $database_user                   = $zabbix::params::server_database_user,
   $database_password               = $zabbix::params::server_database_password,
   $database_host                   = $zabbix::params::server_database_host,
+  $database_host_ip                = $zabbix::params::server_database_host_ip,
   $database_charset                = $zabbix::params::server_database_charset,
   $database_collate                = $zabbix::params::server_database_collate,
 ) inherits zabbix::params {
@@ -144,11 +145,8 @@
           require  => Class['postgresql::server'],
         }
 
-        # When every component has its own server, we have to allow those servers to
-        # access the database from the network. Postgresl allows this via the
-        # pg_hba.conf file. As this file only accepts ip addresses, the ip address
-        # of server and web has to be supplied as an parameter.
-        if $zabbix_web_ip != $zabbix_server_ip {
+        # When database not in some server with zabbix server include pg_hba_rule to server
+        if ($database_host_ip != $zabbix_server_ip) or ($zabbix_web_ip != $zabbix_server_ip){
           postgresql::server::pg_hba_rule { 'Allow zabbix-server to access database':
             description => 'Open up postgresql for access from zabbix-server',
             type        => 'host',
@@ -157,7 +155,13 @@
             address     => "${zabbix_server_ip}/32",
             auth_method => 'md5',
           }
+        }
 
+        # When every component has its own server, we have to allow those servers to
+        # access the database from the network. Postgresql allows this via the
+        # pg_hba.conf file. As this file only accepts ip addresses, the ip address
+        # of server and web has to be supplied as an parameter.
+        if $zabbix_web_ip != $zabbix_server_ip {
           postgresql::server::pg_hba_rule { 'Allow zabbix-web to access database':
             description => 'Open up postgresql for access from zabbix-web',
             type        => 'host',

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -130,6 +130,7 @@
   $server_database_charset                  = 'utf8'
   $server_database_collate                  = 'utf8_general_ci'
   $server_database_host                     = 'localhost'
+  $server_database_host_ip                  = '127.0.0.1'
   $server_database_name                     = 'zabbix_server'
   $server_database_password                 = 'zabbix_server'
   $server_database_port                     = undef

diff --git a/spec/classes/database_spec.rb b/spec/classes/database_spec.rb
@@ -23,7 +23,8 @@
             database_user: 'zabbix-server',
             zabbix_type: 'server',
             zabbix_web_ip: '127.0.0.2',
-            zabbix_server_ip: '127.0.0.1'
+            zabbix_server_ip: '127.0.0.1',
+            database_host_ip: '127.0.0.3'
           }
         end
 
@@ -65,6 +66,32 @@
         it { is_expected.to contain_class('zabbix::params') }
       end
 
+      describe 'database_type is postgresql, zabbix_type is server and zabbbix_server and a zabbix_web in the some server but zabbix_database is on other server' do
+        let :params do
+          {
+            database_type: 'postgresql',
+            database_name: 'zabbix-server',
+            database_user: 'zabbix-server',
+            zabbix_type: 'server',
+            zabbix_web_ip: '127.0.0.1',
+            zabbix_server_ip: '127.0.0.1',
+            database_host_ip: '127.0.0.2'
+          }
+        end
+
+        it { is_expected.to contain_postgresql__server__db('zabbix-server').with_name('zabbix-server') }
+        it { is_expected.to contain_postgresql__server__db('zabbix-server').with_user('zabbix-server') }
+
+        it { is_expected.to contain_postgresql__server__pg_hba_rule('Allow zabbix-server to access database').with_database('zabbix-server') }
+        it { is_expected.to contain_postgresql__server__pg_hba_rule('Allow zabbix-server to access database').with_user('zabbix-server') }
+        it { is_expected.to contain_postgresql__server__pg_hba_rule('Allow zabbix-server to access database').with_address('127.0.0.1/32') }
+
+        it { is_expected.not_to contain_postgresql__server__pg_hba_rule('Allow zabbix-web to access database').with_database('zabbix-server') }
+        it { is_expected.not_to contain_postgresql__server__pg_hba_rule('Allow zabbix-web to access database').with_user('zabbix-server') }
+        it { is_expected.not_to contain_postgresql__server__pg_hba_rule('Allow zabbix-web to access database').with_address('127.0.0.2/32') }
+        it { is_expected.to contain_class('zabbix::params') }
+      end
+
       describe 'database_type is postgresql, zabbix_type is proxy' do
         let :params do
           {