diff options
| author | Jan Dittberner <jandd@cacert.org> | 2019-07-22 19:01:33 +0200 |
|---|---|---|
| committer | Jan Dittberner <jandd@cacert.org> | 2019-07-22 19:01:33 +0200 |
| commit | 587ef04ec791bb6acc14e9e72dbd2c5600c76727 (patch) | |
| tree | af2bceabc8483a1574260e0cd7e8678e4dddce4f | |
| parent | c9a19628f4659b8c51ca058abb7ce878f7bfdc2a (diff) | |
| download | cacert-puppet-587ef04ec791bb6acc14e9e72dbd2c5600c76727.tar.gz cacert-puppet-587ef04ec791bb6acc14e9e72dbd2c5600c76727.tar.xz cacert-puppet-587ef04ec791bb6acc14e9e72dbd2c5600c76727.zip | |
Add support for icingaweb2 admins
| -rw-r--r-- | hieradata/nodes/monitor.yaml | 5 | ||||
| -rw-r--r-- | sitemodules/profiles/manifests/icinga2_master.pp | 20 |
2 files changed, 19 insertions, 6 deletions
diff --git a/hieradata/nodes/monitor.yaml b/hieradata/nodes/monitor.yaml index 23551c0..826453f 100644 --- a/hieradata/nodes/monitor.yaml +++ b/hieradata/nodes/monitor.yaml @@ -292,3 +292,8 @@ profiles::icinga2_master::master_csr: | yTxDP2rWDE3fKgm17An4i+n+6IU4u0M+3s1dE0wrKpzUC2VbKBPrsGTRPNKCny7W UmvCla/Pixt8dYj9NTuBfoh5/m4A/uD/iVVVO54RA9u8Fg== -----END CERTIFICATE REQUEST----- +profiles::icinga2_master::icingaweb_admins: + - icingaadmin + - jandd@cacert.org + - wytze@cacert.org + - mario@cacert.org diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp index f013df8..32b318a 100644 --- a/sitemodules/profiles/manifests/icinga2_master.pp +++ b/sitemodules/profiles/manifests/icinga2_master.pp @@ -9,10 +9,11 @@ # # @param ido_database_password database password for Icinga2 IDO database # @param web2_database_password database password for IcingaWeb2 database -# @param api_users Icinga2 API users -# @param pki_ticket_salt Ticket salt for API endpoint -# @param ca_key Icinga2 CA private key content -# @param ca_certificate Icinga2 CA certificate content +# @param api_users Icinga2 API users +# @param pki_ticket_salt Ticket salt for API endpoint +# @param ca_key Icinga2 CA private key content +# @param ca_certificate Icinga2 CA certificate content +# @param $icingaweb_admins List of icingaweb admin users # # Examples # -------- @@ -38,6 +39,7 @@ class profiles::icinga2_master ( String $pki_ticket_salt, String $ca_key, String $ca_certificate, + Array[String] $icingaweb_admins = ['icingaadmin'], ) { include profiles::icinga2_common include postgresql::server @@ -128,7 +130,13 @@ class profiles::icinga2_master ( } } - class { '::icingaweb2::config::authmethod': - backend => 'external', + icingaweb2::config::authmethod { 'external': + require => Class['::icingaweb2'], + } + + icingaweb2::config::role { 'admin': + users => join($icingaweb_admins, ","), + permissions => '*', + require => Class['::icingaweb2'], } } |