summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-07-21 12:48:18 +0200
committerJan Dittberner <jandd@cacert.org>2019-07-21 12:48:18 +0200
commit35771b450fcb2e03e38e8f5cb1c60602a855e5d9 (patch)
treec9382b776cfcd6c7673dfbd0e01b47419ffea381
parent92d30ca710296814488ce50ba48d30f557451b81 (diff)
downloadcacert-puppet-35771b450fcb2e03e38e8f5cb1c60602a855e5d9.tar.gz
cacert-puppet-35771b450fcb2e03e38e8f5cb1c60602a855e5d9.tar.xz
cacert-puppet-35771b450fcb2e03e38e8f5cb1c60602a855e5d9.zip
Do not manage constants.conf
Let icinga2 node setup handle constants.conf, add global zone definitions to zones.conf.epp and remove explicit zone and cn parameters to node setup on master.
-rw-r--r--hieradata/nodes/monitor.yaml11
-rw-r--r--sitemodules/profiles/manifests/icinga2_master.pp16
-rw-r--r--sitemodules/profiles/templates/icinga2_master/constants.conf.epp32
-rw-r--r--sitemodules/profiles/templates/icinga2_master/zones.conf.epp8
4 files changed, 8 insertions, 59 deletions
diff --git a/hieradata/nodes/monitor.yaml b/hieradata/nodes/monitor.yaml
index 82007a1..edb8eea 100644
--- a/hieradata/nodes/monitor.yaml
+++ b/hieradata/nodes/monitor.yaml
@@ -20,17 +20,6 @@ profiles::icinga2_master::web2_database_password: >
ocPHkTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDV+5TW/J23xVA6MGZo
zfzCgDBHbsaS9cJaGXgnZSKLOQwUlJmG7WgOL0FCgIEp8vYT8upZFuikokHH
vGkNL7s7xDw=]
-profiles::icinga2_master::icinga2_ticket_salt: >
- ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
- DQYJKoZIhvcNAQEBBQAEggEAeo0XkV2uw22blf/fLkh/yIOBK7X6ecbJIWdH
- SFzVWWIgmo0qaaFz2uWBnVZ/hZcc6Bd3olh1+J4r9GUotfDFy5+nE1Q+Zadm
- bcYgpYtxf/uZjHt6/VEEjfb/OeZmvFpAYw+FEjZEiGBlztUNDjI3tCUD/Xv8
- vUqv/p2hLfOZSIQN77Tm+cbsDnLINs6P/O+RFT95tRM/q1SVazA0cfyAO/rd
- mCtTg4aGW5crnPRwZTU6R1BIHca3ekk4Kgs2x4vvPlAZBE29Mx7h+PM42tdB
- 2t9L5PmUOom7vtJbbR72i1ORw9Gxx4eqq9AHL8+IL1fymjD6xEYKT1RicFzA
- F/GNZjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDUQv4TpODL5EIfjW14
- rxNzgDAP9qIu8tOkVzQ9CI7Zm1/v3PdgTAg7RZTeDbOulALQXMygSRVvtr0k
- XTEfwYqkEEg=]
profiles::icinga2_master::api_users:
-
username: root
diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp
index d8d93c6..595112e 100644
--- a/sitemodules/profiles/manifests/icinga2_master.pp
+++ b/sitemodules/profiles/manifests/icinga2_master.pp
@@ -10,8 +10,6 @@
# @param web2_database_name database name for IcingaWeb2 database
# @param web2_database_user database user for IcingaWeb2 database
# @param web2_database_password database password for IcingaWeb2 database
-# @param icinga2_ticket_salt salt for certificate request tickets for
-# Icinga2 node authentication
# @param api_users Icinga2 API users
# @param ca_key Icinga2 CA private key content
# @param master_key Icinga2 master private key content
@@ -38,7 +36,6 @@ class profiles::icinga2_master (
String $web2_database_name,
String $web2_database_user,
String $web2_database_password,
- String $icinga2_ticket_salt,
Array[Hash[String, Variant[String, Tuple[String, 1]]]] $api_users,
String $ca_key,
String $master_key,
@@ -61,16 +58,6 @@ class profiles::icinga2_master (
File['/var/cache/debconf/icinga2-ido-pgsql.preseed'],
]
}
- file { '/etc/icinga2/constants.conf':
- ensure => file,
- content => epp('profiles/icinga2_master/constants.conf.epp', {
- 'ticket_salt' => $icinga2_ticket_salt
- }),
- owner => 'root',
- group => 'nagios',
- mode => '0640',
- require => Package['icinga2'],
- }
file { '/etc/icinga2/icinga2.conf':
ensure => file,
source => 'puppet:///modules/profiles/icinga2_master/icinga2.conf',
@@ -176,7 +163,7 @@ class profiles::icinga2_master (
mode => '0644',
require => File['/var/lib/icinga2/ca'],
}
- exec { "/usr/sbin/icinga2 node setup --master --zone ${::facts['fqdn']} --cn ${::facts['fqdn']}":
+ exec { "/usr/sbin/icinga2 node setup --master":
creates => "/etc/icinga2/features-enabled/api.conf",
require => [
Package['icinga2'],
@@ -198,7 +185,6 @@ class profiles::icinga2_master (
Package['icinga2-ido-pgsql'],
],
subscribe => [
- File['/etc/icinga2/constants.conf'],
File['/etc/icinga2/icinga2.conf'],
File['/etc/icinga2/init.conf'],
File['/etc/icinga2/features-enabled/checker.conf'],
diff --git a/sitemodules/profiles/templates/icinga2_master/constants.conf.epp b/sitemodules/profiles/templates/icinga2_master/constants.conf.epp
deleted file mode 100644
index 0baa08c..0000000
--- a/sitemodules/profiles/templates/icinga2_master/constants.conf.epp
+++ /dev/null
@@ -1,32 +0,0 @@
-<%- | String $ticket_salt
-| -%>
-/**
- * This file defines global constants which can be used in
- * the other configuration files.
- *
- * This file is managed by Puppet and should not be modified manually.
- */
-
-/* The directory which contains the plugins from the Monitoring Plugins project. */
-const PluginDir = "/usr/lib/nagios/plugins"
-
-/* The directory which contains the Manubulon plugins.
- * Check the documentation, chapter "SNMP Manubulon Plugin Check Commands", for details.
- */
-const ManubulonPluginDir = "/usr/lib/nagios/plugins"
-
-/* The directory which you use to store additional plugins which ITL provides user contributed command definitions for.
- * Check the documentation, chapter "Plugins Contribution", for details.
- */
-const PluginContribDir = "/usr/lib/nagios/plugins"
-
-/* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`.
- * This should be the common name from the API certificate.
- */
-const NodeName = "<%= $facts['fqdn'] %>"
-
-/* Our local zone name. */
-const ZoneName = "<%= $facts['fqdn'] %>"
-
-/* Secret key for remote node tickets */
-const TicketSalt = "<%= $ticket_salt %>"
diff --git a/sitemodules/profiles/templates/icinga2_master/zones.conf.epp b/sitemodules/profiles/templates/icinga2_master/zones.conf.epp
index ac74bbe..3430fae 100644
--- a/sitemodules/profiles/templates/icinga2_master/zones.conf.epp
+++ b/sitemodules/profiles/templates/icinga2_master/zones.conf.epp
@@ -6,7 +6,13 @@ object Endpoint NodeName {
}
object Zone ZoneName {
- endpoints = [ NodeName ]
+ endpoints = [ NodeName ]
}
+object Zone "global-templates" {
+ global = true
+}
+object Zone "director-global" {
+ global = true
+}