diff --git a/REFERENCE.md b/REFERENCE.md
index 4bab04992..5fa03c343 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -6950,6 +6950,9 @@ The following parameters are available in the `prometheus::mysqld_exporter` clas
* [`proxy_type`](#-prometheus--mysqld_exporter--proxy_type)
* [`web_config_file`](#-prometheus--mysqld_exporter--web_config_file)
* [`web_config_content`](#-prometheus--mysqld_exporter--web_config_content)
+* [`cnf_ssl_ca`](#-prometheus--mysqld_exporter--cnf_ssl_ca)
+* [`cnf_ssl_cert`](#-prometheus--mysqld_exporter--cnf_ssl_cert)
+* [`cnf_ssl_key`](#-prometheus--mysqld_exporter--cnf_ssl_key)
* [`export_scrape_job`](#-prometheus--mysqld_exporter--export_scrape_job)
* [`scrape_host`](#-prometheus--mysqld_exporter--scrape_host)
* [`scrape_port`](#-prometheus--mysqld_exporter--scrape_port)
@@ -7096,7 +7099,7 @@ Default value: `true`
Data type: `Boolean`
-Should puppet manage the service? (default true)
+Should puppet manage the service?
Default value: `true`
@@ -7140,7 +7143,7 @@ Default value: `true`
Data type: `Boolean`
-Should puppet restart the service on configuration change? (default true)
+Should puppet restart the service on configuration change?
Default value: `true`
@@ -7148,7 +7151,7 @@ Default value: `true`
Data type: `Boolean`
-Whether to enable the service from puppet (default true)
+Whether to enable the service from puppet
Default value: `true`
@@ -7156,7 +7159,7 @@ Default value: `true`
Data type: `Stdlib::Ensure::Service`
-State ensured for the service (default 'running')
+State ensured for the service
Default value: `'running'`
@@ -7164,7 +7167,9 @@ Default value: `'running'`
Data type: `String[1]`
-Name of the mysqld exporter service (default 'mysqld_exporter')
+Name of the mysqld exporter service
+
+Default value: `'mysqld_exporter'`
##### `user`
@@ -7184,7 +7189,7 @@ Default value: `'0.15.1'`
Data type: `Optional[String[1]]`
-Optional proxy server, with port number if needed. ie: https://example.com:8080
+proxy server, with port number if needed. ie: https://example.com:8080
Default value: `undef`
@@ -7192,7 +7197,7 @@ Default value: `undef`
Data type: `Optional[Enum['none', 'http', 'https', 'ftp']]`
-Optional proxy server type (none|http|https|ftp)
+proxy server type
Default value: `undef`
@@ -7212,6 +7217,30 @@ Unless empty the content of the web-config yaml which will handed over as option
Default value: `{}`
+##### `cnf_ssl_ca`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path name of the Certificate Authority (CA) certificate file in PEM format.
+
+Default value: `undef`
+
+##### `cnf_ssl_cert`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path name of the client SSL public key certificate file in PEM format.
+
+Default value: `undef`
+
+##### `cnf_ssl_key`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path name of the client SSL private key file in PEM format.
+
+Default value: `undef`
+
##### `export_scrape_job`
Data type: `Boolean`
diff --git a/data/defaults.yaml b/data/defaults.yaml
index d8bc45044..524bfd529 100644
--- a/data/defaults.yaml
+++ b/data/defaults.yaml
@@ -148,7 +148,6 @@ prometheus::mysqld_exporter::extra_groups: []
prometheus::mysqld_exporter::group: 'mysqld-exporter'
prometheus::mysqld_exporter::package_ensure: 'latest'
prometheus::mysqld_exporter::package_name: 'mysqld_exporter'
-prometheus::mysqld_exporter::service_name: 'mysqld_exporter'
prometheus::mysqld_exporter::user: 'mysqld-exporter'
prometheus::node_exporter::download_extension: 'tar.gz'
prometheus::node_exporter::download_url_base: 'https://github.com/prometheus/node_exporter/releases'
diff --git a/manifests/mysqld_exporter.pp b/manifests/mysqld_exporter.pp
index 9879fa044..f533cdeda 100644
--- a/manifests/mysqld_exporter.pp
+++ b/manifests/mysqld_exporter.pp
@@ -37,7 +37,7 @@
# @param manage_group
# Whether to create a group for or rely on external code for that
# @param manage_service
-# Should puppet manage the service? (default true)
+# Should puppet manage the service?
# @param manage_user
# Whether to create user or rely on external code for that
# @param os
@@ -49,25 +49,31 @@
# @param purge_config_dir
# Purge config files no longer generated by Puppet
# @param restart_on_change
-# Should puppet restart the service on configuration change? (default true)
+# Should puppet restart the service on configuration change?
# @param service_enable
-# Whether to enable the service from puppet (default true)
+# Whether to enable the service from puppet
# @param service_ensure
-# State ensured for the service (default 'running')
+# State ensured for the service
# @param service_name
-# Name of the mysqld exporter service (default 'mysqld_exporter')
+# Name of the mysqld exporter service
# @param user
# User which runs the service
# @param version
# The binary release version
# @param proxy_server
-# Optional proxy server, with port number if needed. ie: https://example.com:8080
+# proxy server, with port number if needed. ie: https://example.com:8080
# @param proxy_type
-# Optional proxy server type (none|http|https|ftp)
+# proxy server type
# @param web_config_file
# Path of file where the web-config will be saved to
# @param web_config_content
# Unless empty the content of the web-config yaml which will handed over as option to the exporter
+# @param cnf_ssl_ca
+# The path name of the Certificate Authority (CA) certificate file in PEM format.
+# @param cnf_ssl_cert
+# The path name of the client SSL public key certificate file in PEM format.
+# @param cnf_ssl_key
+# The path name of the client SSL private key file in PEM format.
class prometheus::mysqld_exporter (
String $download_extension,
Prometheus::Uri $download_url_base,
@@ -75,10 +81,10 @@
String[1] $group,
String[1] $package_ensure,
String[1] $package_name,
- String[1] $service_name,
String[1] $user,
# renovate: depName=prometheus/mysqld_exporter
String[1] $version = '0.15.1',
+ String[1] $service_name = 'mysqld_exporter',
Stdlib::Absolutepath $cnf_config_path = '/etc/mysqld_exporter-my.cnf',
Stdlib::Host $cnf_host = localhost,
Stdlib::Port $cnf_port = 3306,
@@ -109,6 +115,9 @@
Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,
Stdlib::Absolutepath $web_config_file = '/etc/mysqld_exporter_web-config.yml',
Prometheus::Web_config $web_config_content = {},
+ Optional[Stdlib::Absolutepath] $cnf_ssl_ca = undef,
+ Optional[Stdlib::Absolutepath] $cnf_ssl_cert = undef,
+ Optional[Stdlib::Absolutepath] $cnf_ssl_key = undef,
) inherits prometheus {
#Please provide the download_url for versions < 0.9.0
$real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}")
@@ -117,6 +126,17 @@
default => undef,
}
+ $_cnf_settings = {
+ 'user' => $cnf_user,
+ 'password' => $cnf_password,
+ 'port' => $cnf_port,
+ 'host' => $cnf_host,
+ 'socket' => $cnf_socket,
+ 'ssl-ca' => $cnf_ssl_ca,
+ 'ssl-cert' => $cnf_ssl_cert,
+ 'ssl-key' => $cnf_ssl_key,
+ }.filter |$k, $v| { $v != undef }
+
file { $cnf_config_path:
ensure => file,
mode => $config_mode,
@@ -125,13 +145,7 @@
content => Sensitive(
epp(
'prometheus/my.cnf.epp',
- {
- 'cnf_user' => $cnf_user,
- 'cnf_password' => $cnf_password,
- 'cnf_port' => $cnf_port,
- 'cnf_host' => $cnf_host,
- 'cnf_socket' => $cnf_socket,
- },
+ { 'settings' => $_cnf_settings }
)
),
notify => $notify_service,
diff --git a/spec/classes/mysqld_exporter_spec.rb b/spec/classes/mysqld_exporter_spec.rb
index 2b6dea2d4..751a735e3 100644
--- a/spec/classes/mysqld_exporter_spec.rb
+++ b/spec/classes/mysqld_exporter_spec.rb
@@ -37,6 +37,24 @@
it do
content = catalogue.resource('file', '/etc/mysqld_exporter-my.cnf').send(:parameters)[:content]
expect(content).to include('secret')
+ expect(content).not_to include('ssl-ca')
+ end
+ end
+
+ context 'with tls parameters for exporter' do
+ let(:params) do
+ {
+ cnf_ssl_ca: '/foo/bar/ca.pem',
+ cnf_ssl_cert: '/foo/bar/cert.pem',
+ cnf_ssl_key: '/foo/bar/key.pem'
+ }
+ end
+
+ it do
+ content = catalogue.resource('file', '/etc/mysqld_exporter-my.cnf').send(:parameters)[:content]
+ expect(content).to include('ssl-ca = "/foo/bar/ca.pem"')
+ expect(content).to include('ssl-cert = "/foo/bar/cert.pem"')
+ expect(content).to include('ssl-key = "/foo/bar/key.pem"')
end
end
diff --git a/templates/my.cnf.epp b/templates/my.cnf.epp
index bdc4dc0a0..ade6f6358 100644
--- a/templates/my.cnf.epp
+++ b/templates/my.cnf.epp
@@ -1,23 +1,10 @@
<%- |
- String $cnf_user,
- Variant[Sensitive[String],String] $cnf_password,
- Stdlib::Port $cnf_port,
- Stdlib::Host $cnf_host,
- Optional[Stdlib::Absolutepath] $cnf_socket = undef,
+ Hash[String[1],Variant[Sensitive[String],String,Integer]] $settings,
| -%>
+
# THIS FILE IS MANAGED BY PUPPET
[client]
-user = <%= $cnf_user %>
-<%-
- $_cnf_password = $cnf_password ? {
- Sensitive => $cnf_password.unwrap,
- default => $cnf_password,
- }
--%>
-password = <%= $_cnf_password %>
-<% if $cnf_socket { -%>
-socket = <%= $cnf_socket %>
-<%- } else { -%>
-host = <%= $cnf_host %>
-port = <%= $cnf_port %>
+
+<% $settings.each |$key, $value| { -%>
+<%= $key %> = "<%= $value %>"
<% } -%>