Skip to content

Commit

Permalink
Update readme and changelog
Browse files Browse the repository at this point in the history
  • Loading branch information
@benjamin-robertson
benjamin-robertson committed Jun 21, 2024
1 parent 8094eee commit be627d4
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 4 deletions.
25 changes: 25 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,31 @@

All notable changes to this project will be documented in this file.

## Release 3.0.0

**Upgrade warning**

The following default parameters for passwords have been removed from the modules.
- observium::db_password
- observium::rootdb_password
- observium::snmpv3_authpass
- observium::snmpv3_cryptopass
- observium::admin_password

If you were relying on these defaults you will need to set them in your control repo hiera before upgrading to 3.0.0. Passwords and other sensitive data in your control repo should be encrypted and protected, see https://www.puppet.com/docs/puppet/8/securing-sensitive-data.html.

**Features**

- Added support for RHEL9
- Added support for stdlib 9.0 or later. **Note:** the observium module itself supports stdlib 9, however its dependencies did not. When upgrading to stdlib 9 please ensure you upgrade other dependant modules.
- Incorporated security recommendations from baile320, removal of default passwords.
- Bumped module dependencies to later versions.
- Bumped PDK version to 3.2.0.
- Lint and other minor fixes.
- Added lint, unit and litmus tests within Github actions.

Thanks to https://github.com/baile320 for their security recommendations for this release. :)

## Release 2.0.0

**Features**
Expand Down
55 changes: 51 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,16 +52,51 @@ Please ensure you meet the dependency requirements and have the following in you
- puppet-snmp
- puppet-firewalld - only required for RHEL and if managing firewall
- puppetlabs-resource_api
- domkrm-ufw - only required for Ubuntu and if managing firewall
- puppetlabs-firewall - only required for Ubuntu and if managing firewall
- puppetlabs-translate
- camptocamp-systemd

### Password requirements ###

Beginning with the 3.0.0 release, default passwords are no longer provided by this module. This was a insecure default as every instances of observium setup with these defaults would use the same passwords.

With the removal of the default, users now need to specify these password when using this module. There are two methods to do this in Puppet.

1. Via parameters through resource like declarations. (Least preferred as you cannot protect these values)
```
class { 'observium':
db_password => 'your_password_here',
rootdb_password => 'your_password_here',
snmpv3_authpass => 'your_password_here',
snmpv3_cryptopass => 'your_password_here',
admin_password => 'very_secure',
}
```

2. Via environment hiera. (Preferred as we can encrypt these values)
Within environment hiera place the values as shown.
```
---
observium::db_password: "your_password_here"
observium::rootdb_password: "your_password_here"
observium::snmpv3_authpass: "your_password_here"
observium::snmpv3_cryptopass: "your_password_here"
observium::admin_password: "very_secure"
```

These values should be encrypted using the [hiera-eyaml][11] gem. See Puppet [documentation][12].

### Beginning with observium

In its most basic form you can install observium by
```
include observium
class { 'observium':
db_password => 'your_password_here',
rootdb_password => 'your_password_here',
snmpv3_authpass => 'your_password_here',
snmpv3_cryptopass => 'your_password_here',
admin_password => 'very_secure',
}
```

## Usage
Expand Down Expand Up @@ -118,6 +153,7 @@ Tested with the following setups.
- RHEL
- 7
- 8
- 9
- Rocky
- 8
- Ubuntu
Expand All @@ -134,7 +170,7 @@ RHEL 7 requires the following yum repos for installation - these will be automat
- [remi-php72][7]
- [remi-safe][8]

RHEL 8 require the follwing yum repos for installation - these will be automatically added if you host has internet connection.
RHEL 8 require the following yum repos for installation - these will be automatically added if you host has internet connection.

- [EPEL][4]
- [OpenNMS common][5]
Expand All @@ -145,6 +181,14 @@ RHEL 8 require the follwing yum repos for installation - these will be automatic
```
- [remi-safe][10]

RHEL 9 require the following yum repos for installation - these will be automatically added if you host has internet connection.

- [EPEL][4]
- [OpenNMS common][5]
- [OpenNMS RHEL8][13]
- [remi-modular][14]
- [remi-safe][14]


## Upgrading Observium
Please see [Upgrading][2] steps from Observium to upgrade. If you are managaing Observium with Puppet,
Expand Down Expand Up @@ -175,4 +219,7 @@ If you find any issues with this module, please log them in the issues register
[8]: http://cdn.remirepo.net/enterprise/7/safe/mirro
[9]: https://yum.opennms.org/stable/rhel8/
[10]: https://rpms.remirepo.net/enterprise/8/

[11]: https://github.com/voxpupuli/hiera-eyaml
[12]: https://www.puppet.com/docs/puppet/8/securing-sensitive-data.html
[13]: https://yum.opennms.org/stable/rhel9/
[14]: https://rpms.remirepo.net/enterprise/9/

0 comments on commit be627d4

Please sign in to comment.