Add Icinga2 master configuration files

author: Jan Dittberner <jandd@cacert.org> 2019-07-19 22:32:44 +0200
committer: Jan Dittberner <jandd@cacert.org> 2019-07-19 22:32:44 +0200
commit: 75fe9c5c44d8645f43cb604c1cb3d7344a77ecd7 (patch)
tree: bafb4b8cd2f11a4b89faabd6941ab2a8bfd19ea0
parent: 7057c8f72da80f2bfd374c3ec1a18ee7f9971ee3 (diff)
download: cacert-puppet-75fe9c5c44d8645f43cb604c1cb3d7344a77ecd7.tar.gz
cacert-puppet-75fe9c5c44d8645f43cb604c1cb3d7344a77ecd7.tar.xz
cacert-puppet-75fe9c5c44d8645f43cb604c1cb3d7344a77ecd7.zip
12 files changed, 666 insertions, 0 deletions
diff --git a/hieradata/nodes/monitor.yaml b/hieradata/nodes/monitor.yaml
index 6da4a22..c9aea0e 100644
--- a/hieradata/nodes/monitor.yaml
+++ b/hieradata/nodes/monitor.yaml
@@ -33,3 +33,268 @@ profiles::icinga2_master::web2_database_password: >
     ocPHkTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDV+5TW/J23xVA6MGZo
     zfzCgDBHbsaS9cJaGXgnZSKLOQwUlJmG7WgOL0FCgIEp8vYT8upZFuikokHH
     vGkNL7s7xDw=]
+profiles::icinga2_master::api_users:
+    -
+      username: root
+      password:  >
+        ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEw
+        DQYJKoZIhvcNAQEBBQAEggEAAXgaqzTk009MfssP5rTCvy5jC0j3Fq76LjSO
+        OQPj+ig09ExElNIDMQwJJCgKUXpdPJsaNPHC69BpvHzKi1HWWmk0Km587cI5
+        7PyYRHTuexa7hy9n0zi9Ve7NWhHjRWD8dC8JFkL5cziBd62A5v5SJlyTSNW8
+        xVlr2Ev87VjIe6+izpyXTTuk1lZ/R0i8iBl7zkcJOh77ADbhwRsAg/40URGa
+        SdAPuGVQXr81DjHwCoWxXyDkkTfukEHBUTPqSTr5h7YH8ubSqiNhPrN3JLad
+        /YNiRwaMTvFzJWJEgsALtrz8btR17frqmLTUxRHBuPsQ9/rfvVzNKWkLjzoG
+        mdVJ7zBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD9j8oHi6KXGZb3NVka
+        m6FAgCANdUSEzaa11dqzqKjYFQaOYamtjsYL36wa/PXdit5lhQ==]
+      permissions:
+        - "*"
+profiles::icinga2_master::ca_key: >
+    ENC[PKCS7,MIIOHQYJKoZIhvcNAQcDoIIODjCCDgoCAQAxggEhMIIBHQIBADAFMAACAQEw
+    DQYJKoZIhvcNAQEBBQAEggEAndhxooQI/m9cfD6jfWVHSce7ePzRwpt8F4qy
+    j4SrGT4OWsGYVSDoql2l/w0SGKaw68zBCYJhaI48EvztPsJIO1VwCGjhYbpj
+    R6gAemOpmYAXMoD+2uei+ZSHwyyNZraXHUwYnJVLKSzAGAkhr7XWv/L4+s9+
+    kEOCnEmJ84I40hPKnwuY4VTaMmq3UzI4KvS0pFx5j7c3GnX5XRcP+LcuyrxB
+    eE2tC6G+naiGjXL9M/V+vUPT21sfaRuCXRZHnkzP6gOiGiCCTevAyjbPH2fc
+    rBXGGg/et2IFZIEIdEMIH0DUIO10D8S1l526ODWxCWwnD8CmfnDxYajHdW3s
+    DO0PEjCCDN4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEENJfLNIsVAoEd0lc
+    lXN6TiOAggywLP849H4ful3AaaT/IxQF0L5R9ohoTsyVjIOkSX1c7MXTK7tg
+    uILL/LlqZWSsY9uE2glTFPXZR83DgArMF335+wNBDwhLVAUdf0b+BE8m7Lpg
+    DGMomJNgqFtDjNqvX6i3O6RH0Iz/zjwKDTHuWtBq739VE1d3x3IU7gNq64MN
+    oYA83C81YLys73la+ETrruAYUR+qxUNn+DdU0r894wHtSWrRQ4nIN5algsBI
+    mJx/k5pmii2k5bWhPAM6FMsJfaUKHRTz5r1ngHry+LcOFzotGmDhFsndqaKv
+    FBnP9tC7v3JlMzcMVN5hI4oZXkURsiZMuFK19UClf6+50qh0VIp6u5xG4tcb
+    t8zumv1wWySZnRNFgF4eXcvDY8w4G0nyaYreN5JcP/vE6OFXGqu2hqi0/Dl3
+    9Y9775N8YphqZBWZdCPFVEA0eh3aC1zhLeM9wo00koDTjaALs9Vp7CSsA4j3
+    G/Y3Mq2muQmiz9vxcgLc+x6ooD2BKIgveZmLr49zEd4kmHThkhZbj4l8ZCBl
+    7GVRuLleV/D/zXEpejPuFd/rd0dHV0qkKdbjEHi4gjr5ZXcU/ZyAs+kyTk1O
+    3OUxMVId487I5F/oUh4MkwqNJp1Fc8mKed/AYmB0bEG7aCvJGcK+G4LynTAZ
+    R2/XqVDq3wp3hfaEgwaVANpf+7z4Du+K5uqGlwkrzUov6wSgfNV84ddus/on
+    tLSqeeW8NFVnVaUw3mnfs+H/c+MLZvxYhLEELjfzHYsZEr/KwPgULoak60LZ
+    bjtsWI1ruI+YJu9F2f+PckOZyfwLEb19vLTJnyBYYZ6gCqWxGsgjDVL6G4V9
+    /WcfrjrU0TopfPoPMtPlKRkltxef4xoSchcONQBwKNn6CJKkZSJHZ5WlciiM
+    BSdcKJj+fA8h/EXvZ3DVP1ka9PSEN3WU7REon9IWi74iLZOlzDRs0bCW4nhD
+    pphj67QfW0fpCbphw4RkYSp7WCe+s+GpRIKyg6KbM4wEVawqoTjWsvDSflcJ
+    CX7joJhvjdepWWwWX1yfX5lwFi1vqexGME0XtYVWrKItSKfVAbqRmDNx6GjJ
+    fImihwy7fhVsOtvDgo+nIGn779TfMvy6yQAWQ3cbGGg89mCHVumVEfn9nj3k
+    14IMF97GHNTNSUIzCUw88DxjWVDyuqJNtpwNCFdorRpH1d3p3pEHM5GGvIFI
+    hkVdDmFgKPUpavEX+MBVP+INGvfQA8NFsTd14vaS3we48dH+BxMsp9omZlnJ
+    fZWcBlcsTlAf1mLjMqgkOy46b2+61MXVp/EkU1t+JOiHiVmT+SEloof4W+ti
+    xRxFOA9r2+k5iwprEJokojethAR/rZhMeq/U3mPeU4veo0uvdMNzSOeEejXV
+    ALcLridts1/tT+ggj7EPUThmxjO/iI5SF/HjFBOAy0vmBjfTCX6y52W3RpBf
+    Jk6e261a8fwaD8jEYJy/x7nbvBj1+yUhvHzvPsowQ1lIN6DLugg8aCyNprlB
+    r9/P4rj6t/cmFJrorMi9yoyk5oekQlg/OkQBu+vyvVjIvVmHhmZ5yGl26TUt
+    wJja48XhSE+S7arDKbZqDZro+/lALluOtdwpW8twwlaYmEBG0IPgm5PWtq6T
+    sRMpLGfUnhJrjGST0l9jOswgdngvW4gbcmKuN1HCEi/soj2QIcMEwRHRr4er
+    gECzO/TbL+OIt4I24TfQJhstfOd/s5rgGyuuhtd8Z83QCeUoZl3QmyYWzaNK
+    6QKwdLZQAgrOPKnCE9Vp7lC0/NyjYWlFt0Cm48kJtAdv1pbV8I/W6QkoQHmU
+    Tx9XBuJPFspXmpZDrVNQvCBvM3Q/zTLDo4bh4EP6BP0US3GwPCH7dIqaqiIT
+    wi++3XeHtXhpJC5+D66Qy8WfAxhvCPIpufI8rjVl+DyzOikT7Uy5GCg7uhM7
+    3W/n8HBk2kOMq4EJOp5iq0Aa1zspi32oPTP/4VM3zq2J8TxgaWAWt6vY3K7Z
+    DeJesj8YWHLisCyjwjeShrCr7D6nmkmXCzl+m4/NF9Wqgk9RSPIE3RFYAa5A
+    90dCj/mihDT01Dzt6D2TRBrGiXv8GX+Axt1OJDbJLESorqjkKq7+5qIiKA3+
+    QSyWL2k/TNdTuXbk4s0ZC6/Zkagxysn2K5skngiKYIil7LuJVs+aQ9ZeEqXP
+    G8/kGX3m/Icg1XeKYjdkbnhTS71Jr40rrqXGzD7JmIxF9NvVyKweUOfDomPV
+    7+/Ig3orrNn85oWpz1I0dNDuF3RPa0JLrSoSymRs7iygP13AlQJ4pXSqQ5JA
+    X66BD7GASdcMVcJkI5DH1vcLHWgqJLTOoSDl4SQLzcbksdFGDXcbtzppHLeV
+    wwfMiuiK3McgXJyAHMiRPMyGuzc1NViDROG8ysa1RaygVMeosNp/BZigCAPK
+    DGODa4C8LoQp5ynSPaLkPdCi+7lk/0UrIDgBaXnYHO1L1LA0ecwQsb02K789
+    SmsZLX5iFgSPoREJXn/VQpJH+Td0bl2uZa6Rf0W7pmz34HnapiSln28VaTpe
+    OA04FC1JbQiV6DoU22iBz+gBlz4C1YtoZ0QrPrrpSr3SlVr6wZj7IrgBaKL+
+    I7Bu1gA42UpgQ2Loy86rNtZOHNhruYRfW6k1TZxIHNFLFfs30XfMIfoGp8tg
+    +o3cxrN9vvRuLEUthPsosU6F5c7Y+1FOc9kJLzw6JVOOxpqAgHl2es8gJh5B
+    ni5q906VAy+UGsc6KF2cj5m0ZaszZxF/TC+mVmJqE1jv74eqdOqNeGE7O+US
+    IdCtJrtn4Uew6AXjo5bQsIBGM/I1OAF67ossbsjIJHmT1kKy1Rec7JlkZs7B
+    EXVS5h3nROi/3ImCnqdf+HaZw3xsWaHs17JekLbE+7mSuidU1XCvVFxChN1s
+    HILG6xuf2oh3f1KsxqgR0OOyiNf5XikgkAn71lCT0DSd1K69uEzCyfsgfRMf
+    pmtmLeB/Xn+SQAlCxxgeeDwcc/tao2G015weu3t9fs1LRsFCiF0Q66yVr8kp
+    dJ/lfTNkr6oFz0e20D0ZsjOOGIJDZHlA6fz9hiIz4VHMUrt+JHdPMiIwIGaA
+    tXGkHU+od8fp7QsQJ+Es1L4wEHO7D18RzZzqoJUShkdDOELTy+kb3cI++o26
+    0pD7FwsN9LtqHi7fh8dzetBOKWpVEkOVoEjYX3RBPZHimUJfTC9prG+SsyI9
+    KrJNmBrd4/sWadfHGInht2xaAfcdpOqF7BsXGWeM8zuythAyy5dyg9w31oLL
+    hszXRQD/aIxrmXhT0Fp3j53gIHqH9o/kBvMd81OqfnWsgqwMxgH4x7l5+zbA
+    LpWBuJNP9rNQYKnWtgmLXAefYPDb0MddluyhuhQrkOZMGN8sJXj/0ZOhb/Hy
+    gM1RBr9Qx2YI7YsBZgZ+27nwOH6AXZtzCktMin9C/fxh+e4/YdUMtA3ciOmR
+    WH1itD+tA3enNBpLuiL7qs0a51AXBWtjj8nQD+CK4dRMTvP+tUuV06ghgmgs
+    VyvfeSd2DU2szu6BR5WTfg0jUxy09zWnK2Hc3eazGrJR3rg/BL8EKv9DTOXT
+    US/LJrmzdFH3T7qdtHm9gX1OPYxNIPUOL6i3HxRIQ/iPpAqQpWCZtIzgOXzh
+    9AsKT4INrUBVdYGl+ox6WaPzJ/2ZyWduOTP3PxopBXD5khn+y6Kl96W0CaR1
+    A7VEMLHnrx++cYJn3S1Y0S4QLyvgZe27HIoA47Xx6RT2lxb++wxefIs3U+hJ
+    98eBY8MMUWng3t4RoCYMQpMgh0q4VuKkQDJsdE2yW7elRWG3tfAW5AR6P2pu
+    jg4pclb3nFEDNWaKTtgYjtLljy6zBKqC2FUASNMeqs+YQC/ZR5v+monKt1Mf
+    H5ZIJFAojQ+J9ce6GVC82+wqolVKCnzI0pJAJ5iXhiiNLxZBfO5NdYCEMg6U
+    plW4nyl/0UrYI6p8VuMMFMZStf6QMPY+Gyz2/3jDdWH7CEaSrrHba1iz69jg
+    F24Ts8m7BQefJhKsBwxbhCJisijfp0Q2Wrwi9p3upzalYQqG6Il/cr0b6NMv
+    ZFoFMO0YlM6sEpGrs/mMEgoiSlPXVMciRpV4PWLiZMqRTmnsxnHPKCeMEkwq
+    DPOcDtcL1RUiFiohwx345kNwKqeu5VO43A2v6ppFdTaE3N1v2ws8X+/3JEXn
+    d1i7bkBQjer0NQEOnVCxrO+uOOOVvmtUkVk8QJi9oCBQMUJJ3gm9HZXwvEYV
+    QHfjLm7Vy2L/2vsAqJHmaYwLJbnCO4KbCGzoLFBBE2gz17wYIPIgDbVxjNRu
+    W1HABIXMJ8IEQJnN9mDYZWjUsutf8FRFsfAPMoAGX5M5tLVrTUQbXUjtpJ6v
+    RA3cuu7epXa+RGV/NdgBV1k=]
+profiles::icinga2_master::ca_certificate: |
+    -----BEGIN CERTIFICATE-----
+    MIIEyjCCArKgAwIBAgIVAMGxGJbZJq/vXMuXAnAC8QvFtvhMMA0GCSqGSIb3DQEB
+    CwUAMBQxEjAQBgNVBAMMCUljaW5nYSBDQTAeFw0xOTA3MTkxODIwNDVaFw0zNDA3
+    MTUxODIwNDVaMBQxEjAQBgNVBAMMCUljaW5nYSBDQTCCAiIwDQYJKoZIhvcNAQEB
+    BQADggIPADCCAgoCggIBAMh+p0jach/6ICsP/o01nku28g0jFB/HSp5n/WZjzykW
+    MvgvYc/1lEaiuIeB93AobGB3EACNw2/Xfh1deRGP8UsIOIjeeUibfk0i4SOmFBRb
+    0ZmwUeNVygY7rmhO+fwTPi6bb2+AA50RkDP7jTpwaQFxppziTXUqW8mj0LBSLtNL
+    z8dC2YS/JLKSoNyHupQcL+pHVHO5S9QnFWTnhwIbnWSJTG13BOYw/RUz6WcxFDHl
+    Xi/lprjcorBUDsH5YBfy+/2WJ0MZFqRnCPQKb5oilR1/k+9XpmFz8W98KCujjpNm
+    BEantf7OaaYFIxxoWyrGC1RiMnkSQwa9Pcxgwflca5UC1fW0Jx2zsgDscdWp+Xeo
+    lhYtyHa6upgny66SvekjM9mAm6vtlsBplxYZtz6BgqoxXqk0AwAwiU/9nyXGekAp
+    FPMmENBLZvANuA6hdaMJQpOoyHBDOT8teoIJOut92ptk5bVE4gxwcWc1uFCP05nr
+    gA8iTXnabihXbm2Wb8kk/+34wEru5jpwMh1NEH/TvaqPnly/dBHkmEhJquYyoZFS
+    ttKl64XXdy9HGaTaA6b3dQPeZqHbmadRZzcsxjn+zP8Nu8OTZ4HXkAJ2e3nxlRKs
+    2EaZDJK4SoNBvvkYLScLLYH5X1uC2gs6AHiQDiczQYxMqai5pEnrLHO7B/pE+d/1
+    AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGYh
+    pqAK55ei8+S+rXt1wQbejAphJ2GtTft8XjlfVbpk7s7wd/Wt0gLAs4dvPPI1U0k9
+    N6E5WJrn31QbaXHFDwdxFw1ViLxDmepAp+Kp3pQE5bPNjo5e6iwgOGVB20R20ADo
+    foUfk5u6WfGGSJznDkTTdoYdSsHm1d1nsZKt0i2QFnLEIEBOJW4gwY4LiW7ArfYS
+    21Ji9VLgKxF9We4Y0ppY+7rU8r/aNDrYv0Ghe+IA0+k8KoTGuhBXzxfwUUZ+1+yA
+    JYSmxFzhPJCdwRX3IBn4uTVMRlugntgpmB7m5RyW18MUlAw52Ppe5EtOke1lxxh0
+    G5KYt+pKPnkOVj2LRLvOcAOO47i42q+3P4m2elkPHTrI2JmnTwWNjpkNNc4LeFXs
+    3HE3SoSvXvImabhBfioqThVMAEEjrtkAQSOFg281vaIgUPbwqcVmbOHv/2Cow0xw
+    gYrp+hB0hhf5rpYi1SMLTKIQUJT6CKnIgN9KHMwcz6Zq4WcshXQxZZrazXomJJ9k
+    WKBpvys1Mfn0Y+phqmCXW7D9Yh1T32pnyOTm8kUonBhIoDEwYN5v175ySw8jjiUD
+    Dlkc/kuv3szLVWx63FvOPc6ra9rmmdwmDaVTd9fGlo/NrquCQOGu59hiACPept+I
+    y+bP1kZ0Z+5qrmlX0zrcLspzXOyY0VX/YZ3unzyp
+    -----END CERTIFICATE-----
+profiles::icinga2_master::host_key: >
+    ENC[PKCS7,MIIOHQYJKoZIhvcNAQcDoIIODjCCDgoCAQAxggEhMIIBHQIBADAFMAACAQEw
+    DQYJKoZIhvcNAQEBBQAEggEASQymCvxrCeRMnoUhNaP646T/OWnBGMRatfh5
+    o8sQFTcj/eF5ur7iZV6dg3qGTWBAYs72DSoDE8OfCH0vVP1qA1JzyOkmGfjm
+    BdUAganZCMXezWH7+M02lxkIAVsccmH3nJSXJ3rYzGeHUr/thvaqLUDNSTXd
+    rELo2KNVADc4KvWe0nSfk3QVEYJlJn2GVJC7C2nIH8tA7FCE/FGys+3eXgjk
+    L9pOCNpx9fFr2YNfUPo0BT9o9WVg1VKusr88tCW7ZA7DrLW2+8wUhIQsqiuH
+    Ob6GWVt8w4mNgb6SELGbQUWgfWOBMWLLfwwrarpZ7ms9nqFZ8j1gQ35MAKvL
+    o0TXzzCCDN4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEOlVpsROKOYrHE1s
+    G0YqHkaAggywe7XS1015/42rKh8UGD/sFwJSNjPhBW9kyV+qSmfieXme0xnm
+    pRd+xEfJYKsvC6kXZ9sB1dCuU4nE+4KSmEuGkNsfOwGGn15AiCPl72+5nnO5
+    BvpV0oqgpUa9z1wJcycoqr7lOoi9QwTWvWPUwaD4y531XN69vbasAnyOlVeN
+    d9Xc01a639g/rI4zNFdtOpu1AEi50nBP2zbbCtax48BVI8eG0p5TY36u6DhY
+    3hTw70NERuOdq39rd6zv89mfn1eVW0160TSwQRh45TU1uXrTkYDjPqa2sodM
+    sV+1rIBPOYj22skYkVGvmhLFaiauxhEdGLNnVQs5TzGiqw3Xse8F0DkbAIEN
+    9xWDYyJS8QOyhe5OwHXzryLbWue/W4lWb/T3vMix9wLqev6FUjo1joY297I8
+    EVm1WhAJ6PFVBpzRuR2/rCHRbOAUcCTiB19wnVYWKKUoA6AJfYlLo/2HWcHS
+    WIPw6tDZ5CpK1Vae3SztHcQ6IIKMdUe0mj2jTQxkCuc5d1tBo2TGYVdsIXkl
+    Z9IDMzibGoBKFzgEYk+C7MYY73TUq6idRC5qW03Xkgt6ibjevKD0Rv9ne9HR
+    81tKamXgr/qORF+xqXf2tmSaV4wMND4xvSGaiWvrgMiVJLy1sNfXzQgfxrtk
+    22xvO5VpjgDpbEYmRaakVeO+/awKM/lexZ4FHFULMdSrt6/6vGvWWFgNOHf7
+    n0vdW1K+dj2eRY6ReC1w5Cj9HUoZboUZFKXZLiIevJeO4YJP415vYyNdkGfG
+    m85CZdQdVhXAzJXZRQRBDZgnJ7V/4w9j3tBreu2a+AsCChQzJIaR/Gudx1yY
+    eUbdlL86izqm4uhH7eqd2/eJZRa2GRpdafMpH3PgcdOT9UL9QFEEdURJWeCn
+    7eqBz/3VLYwq4u26UUs6WX0tzLzTrA/1LwhL2hN9vAthN07gh/wnEwhji/51
+    RFnIqEml9ojW9jgjrJW5YklzKixktCVjRcaU12tmrIwFyqZzhNFX9dQhyNM0
+    dFh1rz/zXbwXD8hPH3i3SM/hjzEy2IeArbTHqd8InJuvtrZWGzE7zB0bgQkj
+    CdpRbDQC9IetF/kuOs+DM6OMt+m3x/MeySXBEO18fhTaMXyKydPgik45UujJ
+    tgXQfc60qKnrpmb0EXBY4PpJ5pZB7AOaKes3vU4p9MoZPX1eCt47F+SnwB11
+    qxEKu9xX5Qr3Px5HCHzZPcEfC1494PHT4bcRsX+RMzOta0cGVL6jd4FwAdGj
+    1Xz8WXA/o+HsHe2NSO26vPJMHVEV1lhjoiEv2gM1FZwQZFm+9Px4wss+IdCK
+    p1mqxtnHZdEh6KRWMnCa28uVdhP2eDBB4yyl9wMIlvNTLx460CQV2vrFtdn1
+    j8EVjhwkYzhjijczNg1c3zyT35DgcKtcWA89rI9JZAMj1tLxdilngtI/4G9b
+    nlKFacHsFh+cdj/ndDTDj1/n9XKxAHWSaygAVgemG8DXmRSZBoWKqc5j7FR4
+    14x41H2dc5UAuA2BUX8W3ujRygvHHdUN1bvjgU5+Di9S0XbMam+UI0vkUtIs
+    pohCL8v4JlxhB8xnbQHLx9EgO7BnVP386UsZMVFiwx1ts39VTUsKGouj1Bja
+    pttgSbrcJb7pyZ7Zl2iv16tMiJQkw+OaJj7gI2+VYOD5apJMwGrOU4oywhwn
+    XA2tvD4HeuQ2jpYpBQHmg7k+Sa1OtS9amnY2Vlx+kDCWdfs8iR329fgJmJ/P
+    qFXCcd6oymgpS/kGrFRG5GkaVMcrf4CV7ujNYoUcGc2nuyigO0mq+VYTrpcd
+    9jwYtAt14UyklvVvblK8PALI+mrg+O+j/tXOdsUF450M+nvyulxEnZOYXLKv
+    5hprj18tMU8cQOjiTtw9kEaP+Oz7BUlfsoR/Z2PT7DC4C5vFDoEHaqsD98PO
+    5Dov9XAXPR6uwxH2bxHpoGbpRW2BIurp004O/7BjG24zv3CXMrjJjyL44nuF
+    GaiWfrTv/B8NRqSQytT9ge7AOMtu9obP2W7DPtaXERIOpp+LMWKuq/LI3p3d
+    TS2BZ4ZcITqh9Jm8O+/SCbSjvGnw/4KXXZjH2qDhZq62EG48JvzfFaJCbV/a
+    CWAbGsweyFJEVtj5Up4sYs/wlR25V+BvdCdOn8Cq0qdKpZB7dt8CdWVhYRCe
+    l/uvOJTRDIbehOY961n0ym5CzuSeqNZHfgl5l4yUodUHWiSvnwuL7jP29i7M
+    XwV1kXTBPIlQcmvDEZ04mtNF/IEqDIXqVtT/Ztj1hSR0fvETksmG7Uk9Z6GA
+    TnT+nMgXjjCz50JEgCPka0wVF1McEp782mh+DaGFkqno3+wd9UFnSrzcxwzs
+    UT/8VZ0f8bK1Nug58zc/1DVlcWVhiigpBny6bxo5/cQ2+ukQHC+pC8vjaqqw
+    rsoaCf1JgigPl4mVYuKFJpeeg8Ulrz7EDDXvwy9Ujlxh6U0/lcAjYiQBfq2v
+    /7F/H3kwIZM2dmuqwfzZlrnJFSmoeF6WB1JuowvmMXGnTTFH0sF2CoyjrAQ+
+    BWt1J4eO448f8D+9TnBSqSv9Bkvhek+wQ+NwXI29al33O3F0GotF439XNXRa
+    EI5chGq6YQ0LSm5qogOg2sPeiyqJSWI/qrfuV8dnovphRwSx/PW7w9hmXzK7
+    fnmzgaWicewjxpYcAq6HRyKkSbO/9iz19oMqLwvoakA+RW9BguAu0f9sOLXa
+    Uxud824ka7q5/P13Us4qaQDZezho82c4tmXxoaLAhSzWEz6dLKFOlPeJ0QLC
+    Y3JaahZ9SHMdjgO7sCUL3/73hT6CaclnAEi4JBNsAxTfI1waTxzhFLFK+PA3
+    8X98K8oXClRKArErujq555dwTqhlK13SSxeZ+++rVJOfjLUou3kG+r7Lixo1
+    T8rrnwV5lUwPuEAWp1esr4BRvoILRm+jYcnn0AF+USr+Eqwr7lG4BfZL9kRm
+    sFEDgP5UX/OtL3g162HwNRF9Xt3Ov5Lh95dzI4fOh+C8Ak/xvn1YOzsLLiIR
+    UxG32ESTHGhcYZ+SWmd9EtYJgGAXiqFiKqKrH2cAKzZXuGnkBhATq17/31f4
+    uMXXEhaLoqzHxaNPxk8MMGPVbk8YNSSY7KqCUp67SzISzCGFSzNtUEfxVc3g
+    Zl4jgddxikkwuXtryBOj8cXB3n7i304LSnaGJ7j9loe9vQrsYmgFppeMx5Km
+    9OLGf33xJ5yA28YbWWFEeXHWOBrsLR1kHkFLqnWGczZvEbTzSwQ/jnFLadZw
+    r2xEViMfUYR1u3VANAyXRGLNO01CB4iSKzldjadY4GopbJdvdZr+Pzi4DPnU
+    qXh51A/z29hSnlAzsbclnThYB78w21ft12mPRbE2q1VRij0BL9+qVU5/orc3
+    htwz55DOFt+St8Ms15BUlxmhLl/OZ49wtBOIjDSqdPDBt12it/pDBEHBIehJ
+    rwXVj52gT55joE4AFBLaD/gVPY1rZWhTW9G3jxpM4T6smR5yl7JUDTeDB8H/
+    eZZ5V0TFa9wIFfb8gu5u1gr7JMBlQ2+CBFPYb3siiLFGc4uJK5AH0w+rcLUX
+    o4raFU3yI1paTJ0miFAQUoe7JgK3bH1/Er9D9XIKyM70MeB2jtNf1eM0A87g
+    g42wv1rTxShGmOFwKIquMTvUlcuIDpUYfHTL5GF+6igXkaGseuQFBCYXNPzJ
+    sCuey5w4WVj4RI7ptFtZY1DubvA6kiWiTnU/+/WYWZnfmQvRjLwxFbRd+fen
+    a4THancpcy/gxvSgPHSiVxEFp+KEm51Z/RWXEYSlLRmYKvee7ZokXh1Ubsk0
+    sgqOvX0BK0ktY4L6/7phCdeFjq6TjPQXARXBjqX8zoQ2LZsA9UOXplhMGsvL
+    V5G34QemUCeWKZNniB+2aRwW9UGpJHZZQc97ag/5mOo5ccWLjHfSSnE/T1SF
+    wrgqx26ebetn8N1fhEQtY9ohkeH40R106qjrdtWJrVOp7cUVfejTqzRqrjrN
+    jUf2qPoYpuXJZaiO5mnfs/hm1kDQoZY3+YHyND0vSHGXXY8FNlVpPXjMsed4
+    kHtsRej3IqQJGjeEj4keuxp7OJsUJavKHJJRtManyKbuvwtdyHKHaOsLlZF3
+    DstVnMABPuez3aJfyjsWO393NwrtCUixU1DQibV4c8AUIGhYpmmxjW5zrmsW
+    cCIZjvvVsOYP9pQGnLTEEmGhp08acD8dq1GCDnVKY/q0Y1auFQOqUXIw1lGI
+    ZVmEZYi/WFL1iLDRvmLhHV5/9GarOEJpIfjZJoGf1LveF5kSLQXBuKigi7p2
+    GGH79JpkANNaGIsOtYlBf1VSkR0/nHEGtMC9+sJ91lpd/P6fbNWAeOltW9ZJ
+    6dem2ihI4z2lY4pvqZ4PjLQ=]
+profiles::icinga2_master::host_certificate: |
+    -----BEGIN CERTIFICATE-----
+    MIIE7jCCAtagAwIBAgIUWgeaQ9+6HvLOnn5ja9MwuP0haRgwDQYJKoZIhvcNAQEL
+    BQAwFDESMBAGA1UEAwwJSWNpbmdhIENBMB4XDTE5MDcxOTE4MjA0NloXDTM0MDcx
+    NTE4MjA0NlowHTEbMBkGA1UEAwwSbW9uaXRvci5jYWNlcnQub3JnMIICIjANBgkq
+    hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAugwFfqd7pNcP3phZbBEfn2fjW28cu+S3
+    iidwMCMx38BcmfgJ/h0pAl3ONR/CfASFqC6Avsz6z11uDwISwkv0KIVIF14xkLDy
+    b3yGLNml/8sCxWnv/l2O2UUp5CTAEc89kjAFtYuX+bY+ulTeiOhfXud5IPZx1NQ8
+    iwai8NAJwDjmgk12XZGEJG+ootnDJ0iusWCk7ylmQojJkBFW6ODlAkXRDXlZ7yHY
+    MxBH8Ssq9RzA/L8Gz3bR/6nNLovTpGNfH0gh+MgrVpANCy8hEnkxhZUbhk+hfmep
+    HDny21Dp5G+7AFlyweHuhT2o8AUlS2FUdKgpGJ+ufneOe9YgJvbUb37Pp4W8SB33
+    6KGTbiDfpZb3IHyzn8fnG3cRmBpAvRtANeWCtlntRkZieUGX6nETd6lrWtZCesu8
+    VSE6GBtvA10rrra1+dBOBIRu6zHISfA+KSptilTfiObT9IsYGb3byYl3Ah9XyLeG
+    8163OnBDKNdUt4p7BaJvKWwrKGuE3P//+OWUx921iXxwS3/+L9cyg+6fPc0/VF05
+    QozUYdZdd0uWQPfOS7hZprg0UNGAse+wzq13asNWwb060G/uAq+ms4HS6WKr3yMC
+    KwnQGlrcJhUVQSIvo0zKLaUwAuJvrx41OZbdWcIpr5Q0sGj+v03Mz5KO/OLjNaJg
+    45DI1x+0sf0CAwEAAaMvMC0wDAYDVR0TAQH/BAIwADAdBgNVHREEFjAUghJtb25p
+    dG9yLmNhY2VydC5vcmcwDQYJKoZIhvcNAQELBQADggIBAJtsW2Yg0c3yCBmmJeCQ
+    4r2BHfzOq4bzz/LQymzixq8EeD8iCJCvNr9Hax09S0X/tiKXddb/9PrmeCDktHXo
+    VerLjVOqelrC5rvnk6Fhq2X9TEOjsDpXZ/SoHLJoBm622hUy9KNeLFJ/3LrHSObO
+    6wVeaiyS45CsALLk2STRxiMiJG/f7SuC168bMJm0POc6OvD4NrpqnrQYUTHEQX1i
+    WxTZWpQ/SxWLID0qfJE4MChTyKG4/6tFtopUInsy8eiSYajBRQaTWCyZgAWgJwpI
+    7EqMRGniTjqdAOQrl7un/cGQkr6KT3d3iIQvaI1/W/52ZOfynV3VifyJGj5FTfCP
+    oqTzHyzf6f+MBQ3/SvBWL796arBc3aclp+I4PI/DDOrzw5Ifw1BJ5bvY2QzMEP44
+    pJSpn5WhMQGLdWNcQHZNSwXP2G7Zs2Gz9l2rOuG6LcsZ5Dwfw44tIfChhFcw04Cj
+    a/AXGNTB+nptx426fiwwTFz59lGOfmgMQZjaWDFjaXQtCbwr4zMsqCZenFlb1Aci
+    z6Z+16xyJct8FncZ5P7LDzEH3wV/m4gNJ3iztRFnackuRPsiWGt4m0cdAQegW7iF
+    Cy67BtZnIgT3n4n488G7g6ApwoYdq90V4/CC2jWSqpXRsGhlRRzwzRFjQBH5akhE
+    YT/rjqxUcrVgpy5DDSESeUWa
+    -----END CERTIFICATE-----
+profiles::icinga2_master::host_csr: |
+    -----BEGIN CERTIFICATE REQUEST-----
+    MIIEYjCCAkoCAQAwHTEbMBkGA1UEAwwSbW9uaXRvci5jYWNlcnQub3JnMIICIjAN
+    BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAugwFfqd7pNcP3phZbBEfn2fjW28c
+    u+S3iidwMCMx38BcmfgJ/h0pAl3ONR/CfASFqC6Avsz6z11uDwISwkv0KIVIF14x
+    kLDyb3yGLNml/8sCxWnv/l2O2UUp5CTAEc89kjAFtYuX+bY+ulTeiOhfXud5IPZx
+    1NQ8iwai8NAJwDjmgk12XZGEJG+ootnDJ0iusWCk7ylmQojJkBFW6ODlAkXRDXlZ
+    7yHYMxBH8Ssq9RzA/L8Gz3bR/6nNLovTpGNfH0gh+MgrVpANCy8hEnkxhZUbhk+h
+    fmepHDny21Dp5G+7AFlyweHuhT2o8AUlS2FUdKgpGJ+ufneOe9YgJvbUb37Pp4W8
+    SB336KGTbiDfpZb3IHyzn8fnG3cRmBpAvRtANeWCtlntRkZieUGX6nETd6lrWtZC
+    esu8VSE6GBtvA10rrra1+dBOBIRu6zHISfA+KSptilTfiObT9IsYGb3byYl3Ah9X
+    yLeG8163OnBDKNdUt4p7BaJvKWwrKGuE3P//+OWUx921iXxwS3/+L9cyg+6fPc0/
+    VF05QozUYdZdd0uWQPfOS7hZprg0UNGAse+wzq13asNWwb060G/uAq+ms4HS6WKr
+    3yMCKwnQGlrcJhUVQSIvo0zKLaUwAuJvrx41OZbdWcIpr5Q0sGj+v03Mz5KO/OLj
+    NaJg45DI1x+0sf0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQCNRiZuJUqNUaV7
+    4FFnD21KceOZi7LXt4CgaTw4qCtgiW4EY0mkRpcrXRrMKkOHHoLYR6TjuElDO4YS
+    8GwVvRbIZPwe9THuIp5VQtkx+cmj5uEScPXX1a1cCBmfp0hot3Rgmrqwc8z72Nvt
+    U7FOPuWmExpF1Pe4v44Hbb1ilcRXQD9bbtCpUWsooSRglMwAHnGwxjFvwvY/BP/a
+    EhFgL1lO85NJh3GvVZIf551KM5Qc5Q9BM4u+Oc16tjk3ht03PM9pzt2RanxuOM5/
+    Ek3Cb/tXdnM27JhLOwngcDfDdN0qm8X7Zyi8ff0Lj1LUarRRrXNOOrcH2+uIMQ66
+    33xRXoTbQ8jUdKfxnx05fgcQ34TWAncpREtwbHKfxBtCigJtz0dMqxovfYjvw+YT
+    Wj/KsuFrZzDk8R1pbTcZmbwHRMSo7lU5KduVqlH1vh4f8vky6adb3HKhojFEqGE3
+    PflEr2oTRfIcQ9lUnvNn49Z9vH+HxU9Iw0PuXC9nJyYQHbAPWqskijy8wfF7Ry1g
+    Zc/kUGfiI16uayGHOrSHZsTrTItBxQYqK67i637EV/1ZeOBjs9MwT5vi7DxPQeTN
+    HvhMo8mfo99lj2B4crUsw2MSrOeIjap1GUtfbubKbn/4n8drlRk6z9CcrKuggWOC
+    xxj9i1LH8CBDGIt/a0ogOwcR3FTiew==
+    -----END CERTIFICATE REQUEST-----
diff --git a/sitemodules/profiles/files/icinga2_master/features-available/checker.conf b/sitemodules/profiles/files/icinga2_master/features-available/checker.conf
new file mode 100644
index 0000000..5d086b5
--- /dev/null
+++ b/sitemodules/profiles/files/icinga2_master/features-available/checker.conf
@@ -0,0 +1,9 @@
+/**
+ * The checker component takes care of executing service checks.
+ *
+ * This file is managed by Puppet and should not be modified manually.
+ */
+
+library "checker"
+
+object CheckerComponent "checker" { }
diff --git a/sitemodules/profiles/files/icinga2_master/features-available/mainlog.conf b/sitemodules/profiles/files/icinga2_master/features-available/mainlog.conf
new file mode 100644
index 0000000..0e8f6aa
--- /dev/null
+++ b/sitemodules/profiles/files/icinga2_master/features-available/mainlog.conf
@@ -0,0 +1,11 @@
+/**
+ * The FileLogger type writes log information to a file.
+ *
+ * This file is managed by Puppet and should not be modified manually.
+ */
+
+object FileLogger "main-log" {
+  severity = "information"
+  path = LocalStateDir + "/log/icinga2/icinga2.log"
+}
+
diff --git a/sitemodules/profiles/files/icinga2_master/features-available/notification.conf b/sitemodules/profiles/files/icinga2_master/features-available/notification.conf
new file mode 100644
index 0000000..e3c8866
--- /dev/null
+++ b/sitemodules/profiles/files/icinga2_master/features-available/notification.conf
@@ -0,0 +1,9 @@
+/**
+ * The notification component takes care of executing service checks.
+ *
+ * This file is managed by Puppet and should not be modified manually.
+ */
+
+library "notification"
+
+object NotificationComponent "notification" { }
diff --git a/sitemodules/profiles/files/icinga2_master/icinga2.conf b/sitemodules/profiles/files/icinga2_master/icinga2.conf
new file mode 100644
index 0000000..5387c58
--- /dev/null
+++ b/sitemodules/profiles/files/icinga2_master/icinga2.conf
@@ -0,0 +1,65 @@
+/**
+ * Icinga 2 configuration file
+ * - this is where you define settings for the Icinga application including
+ * which hosts/services to check.
+ *
+ * For an overview of all available configuration options please refer
+ * to the documentation that is distributed as part of Icinga 2.
+ *
+ * This file is managed by Puppet and should not be modified manually.
+ */
+
+/**
+ * The constants.conf defines global constants.
+ */
+include "constants.conf"
+
+/**
+ * The zones.conf defines zones for a cluster setup.
+ * Not required for single instance setups.
+ */
+include "zones.conf"
+
+/**
+ * The Icinga Template Library (ITL) provides a number of useful templates
+ * and command definitions.
+ * Common monitoring plugin command definitions are included separately.
+ */
+include <itl>
+include <plugins>
+include <plugins-contrib>
+include <manubulon>
+
+/**
+ * This includes the Icinga 2 Windows plugins. These command definitions
+ * are required on a master node when a client is used as command endpoint.
+ */
+include <windows-plugins>
+
+/**
+ * This includes the NSClient++ check commands. These command definitions
+ * are required on a master node when a client is used as command endpoint.
+ */
+include <nscp>
+
+/**
+ * The features-available directory contains a number of configuration
+ * files for features which can be enabled and disabled using the
+ * icinga2 feature enable / icinga2 feature disable CLI commands.
+ * These commands work by creating and removing symbolic links in
+ * the features-enabled directory.
+ */
+include "features-enabled/*.conf"
+
+/**
+ * The repository.d directory contains all configuration objects
+ * managed by the 'icinga2 repository' CLI commands.
+ */
+include_recursive "repository.d"
+
+/**
+ * Although in theory you could define all your objects in this file
+ * the preferred way is to create separate directories and files in the conf.d
+ * directory. Each of these files must have the file extension ".conf".
+ */
+include_recursive "conf.d"
diff --git a/sitemodules/profiles/files/icinga2_master/init.conf b/sitemodules/profiles/files/icinga2_master/init.conf
new file mode 100644
index 0000000..5c475d4
--- /dev/null
+++ b/sitemodules/profiles/files/icinga2_master/init.conf
@@ -0,0 +1,9 @@
+/**
+ * This file is read by Icinga 2 before the main
+ * configuration file (icinga2.conf) is processed.
+ *
+ * This file is managed by Puppet and should not be modified manually.
+ */
+
+const RunAsUser = "nagios"
+const RunAsGroup = "nagios"
diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp
index 1825e58..630bf90 100644
--- a/sitemodules/profiles/manifests/icinga2_master.pp
+++ b/sitemodules/profiles/manifests/icinga2_master.pp
@@ -15,6 +15,13 @@
 # @param web2_database_password database password for IcingaWeb2 database
 # @param icinga2_ticket_salt    salt for certificate request tickets for
 #                               Icinga2 node authentication
+# @param api_users              Icinga2 API users
+# @param ca_key                 Icinga2 CA private key content
+# @param ca_certificate         Icinga2 CA certificate content
+# @param host_key               Icinga2 host private key content
+# @param host_certificate       Icinga2 host certificate content
+# @param host_csr               Icinga2 host certificate signing request
+#                               content
 #
 # Examples
 # --------
@@ -41,6 +48,12 @@ class profiles::icinga2_master (
   String $web2_database_user,
   String $web2_database_password,
   String $icinga2_ticket_salt,
+  Array[Hash[String, String] $api_users,
+  String $ca_key,
+  String $ca_certificate,
+  String $host_key,
+  String $host_certificate,
+  String $host_csr,
 ) {
   debconf { 'icinga2-ido-pgsql/pgsql/app-pass':
     package => 'icinga2-ido-pgsql',
@@ -103,4 +116,198 @@ class profiles::icinga2_master (
       Debconf['icinga2-ido-pgsql/dbconfig-install'],
     ],
   }
+  file { '/etc/icinga2/constants.conf':
+    ensure  => file,
+    content => epp('icinga2_master/constants.epp.conf', {
+      'ticket_salt' => $icinga2_ticket_salt
+    }),
+    owner   => 'root',
+    group   => 'nagios',
+    mode    => '0640',
+    require => Package['icinga2'],
+  }
+  file { '/etc/icinga2/icinga2.conf':
+    ensure => file,
+    source => 'puppet:///modules/profiles/icinga2_master/icinga2.conf',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0644',
+  }
+  file { '/etc/icinga2/init.conf':
+    ensure => file,
+    source => 'puppet:///modules/profiles/icinga2_master/init.conf',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0644',
+  }
+  file { '/etc/icinga2/features-available/api.conf':
+    ensure  => file,
+    content => epp('icinga2_master/features-available/api.epp.conf'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['icinga2'],
+  }
+  file { '/etc/icinga2/features-available/checker.conf':
+    ensure  => file,
+    source  => 'puppet:///modules/profiles/icinga2_master/features-available/checker.conf',
+    owner   => 'root',
+    group   => 'root'
+    mode    => '0644',
+    require => Package['icinga2'],
+  }
+  file { '/etc/icinga2/features-available/ido-pgsql.conf':
+    ensure  => file,
+    content => epp('icinga2_master/features-available/ido-pgsql.epp.conf', {
+      'db_name'     => $ido_database_name,
+      'db_user'     => $ido_database_user,
+      'db_password' => $ido_database_password
+    }),
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0600',
+    require => [Package['icinga2'], Package['icinga2-ido-pgsql']],
+  }
+  file { '/etc/icinga2/features-available/mainlog.conf':
+    ensure  => file,
+    source  => 'puppet:///modules/profiles/icinga2_master/features-available/mainlog.conf',
+    owner   => 'root',
+    group   => 'root'
+    mode    => '0644',
+    require => Package['icinga2'],
+  }
+  file { '/etc/icinga2/features-enabled/api.conf':
+    ensure => link,
+    target => '/etc/icinga2/features-available/api.conf',
+    owner  => 'root',
+    group  => 'root',
+  }
+  file { '/etc/icinga2/features-enabled/checker.conf':
+    ensure => link,
+    target => '/etc/icinga2/features-available/checker.conf',
+    owner  => 'root',
+    group  => 'root',
+  }
+  file { '/etc/icinga2/features-enabled/ido-pgsql.conf':
+    ensure => link,
+    target => '/etc/icinga2/features-available/ido-pgsql.conf',
+    owner  => 'root',
+    group  => 'root',
+  }
+  file { '/etc/icinga2/features-enabled/mainlog.conf':
+    ensure => link,
+    target => '/etc/icinga2/features-available/mainlog.conf',
+    owner  => 'root',
+    group  => 'root',
+  }
+  file { '/etc/icinga2/features-enabled/notification.conf':
+    ensure => link,
+    target => '/etc/icinga2/features-available/notification.conf',
+    owner  => 'root',
+    group  => 'root',
+  }
+  file { '/etc/icinga2/zones.conf':
+    ensure  => file,
+    content => epp('icinga2_master/zones.epp.conf'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['icinga2'],
+  }
+  file { '/etc/icinga2/conf.d/api-users.conf':
+    ensure  => file,
+    content => epp('icinga2_master/conf.d/api-users.epp.conf', {
+      'api_users' => $api_users
+    }),
+    owner   => 'root',
+    group   => 'nagios',
+    mode    => '0640',
+    require => Package['icinga2'],
+  }
+  file { '/var/lib/icinga2/ca':
+    ensure  => directory,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0700',
+    require => Package['icinga2'],
+  }
+  file { '/var/lib/icinga2/ca/ca.key':
+    ensure  => file,
+    content => $ca_key,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0600',
+    require => File['/var/lib/icinga2/ca'],
+  }
+  file { '/var/lib/icinga2/ca/ca.crt':
+    ensure  => file,
+    content => $ca_certificate,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0644',
+    require => File['/var/lib/icinga2/ca'],
+  }
+  file { '/etc/icinga2/pki':
+    ensure  => directory,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0700',
+    require => Package['icinga2'],
+  }
+  file { '/etc/icinga2/pki/ca.crt':
+    ensure  => file,
+    content => $ca_certificate,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0644',
+    require => File['/etc/icinga2/pki'],
+  }
+  file { "/etc/icinga2/pki/${facts['fqdn']}.key":
+    ensure  => file,
+    content => $host_key,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0600',
+    require => File['/etc/icinga2/pki'],
+  }
+  file { "/etc/icinga2/pki/${facts['fqdn']}.crt":
+    ensure  => file,
+    content => $host_certificate,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0644',
+    require => File['/etc/icinga2/pki'],
+  }
+  file { "/etc/icinga2/pki/${facts['fqdn']}.csr":
+    ensure  => file,
+    content => $host_csr,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0644',
+    require => File['/etc/icinga2/pki'],
+  }
+  service { 'icinga2':
+    ensure    => 'running',
+    enable    => true,
+    subscribe => [
+      File['/etc/icinga2/constants.conf'],
+      File['/etc/icinga2/icinga2.conf'],
+      File['/etc/icinga2/init.conf'],
+      File['/etc/icinga2/features-enabled/api.conf'],
+      File['/etc/icinga2/features-enabled/checker.conf'],
+      File['/etc/icinga2/features-enabled/ido-pgsql.conf'],
+      File['/etc/icinga2/features-enabled/mainlog.conf'],
+      File['/etc/icinga2/features-enabled/notification.conf'],
+      File['/etc/icinga2/zones.conf'],
+      File['/etc/icinga2/conf.d/api-users.conf'],
+      File['/var/lib/icinga2/ca'],
+      File['/var/lib/icinga2/ca/ca.key'],
+      File['/var/lib/icinga2/ca/ca.crt'],
+      File['/etc/icinga2/pki'],
+      File['/etc/icinga2/pki/ca.crt'],
+      File["/etc/icinga2/pki/${facts['fqdn']}.key"],
+      File["/etc/icinga2/pki/${facts['fqdn']}.crt"],
+      File["/etc/icinga2/pki/${facts['fqdn']}.csr"],
+    ],
+  }
 }
diff --git a/sitemodules/profiles/templates/icinga2_master/conf.d/api-users.epp.conf b/sitemodules/profiles/templates/icinga2_master/conf.d/api-users.epp.conf
new file mode 100644
index 0000000..4b73364
--- /dev/null
+++ b/sitemodules/profiles/templates/icinga2_master/conf.d/api-users.epp.conf
@@ -0,0 +1,15 @@
+<%- | Array[Hash[String, String]] $api_users
+| -%>
+/**
+ * The APIUser objects are used for authentication against the API.
+ *
+ * This file is managed by Puppet and should not be modified manually.
+ */
+<%- $api_users.each |api_user| { -%>
+object ApiUser "<%= api_user['username'] %> {
+  password = "<%= api_user['password'] %>"
+  // client_cn = ""
+
+  permissions = [ "<%= $api_user['permissions'].join('", "') %>" ]
+}
+<% } -%>
diff --git a/sitemodules/profiles/templates/icinga2_master/constants.epp.conf b/sitemodules/profiles/templates/icinga2_master/constants.epp.conf
new file mode 100644
index 0000000..0baa08c
--- /dev/null
+++ b/sitemodules/profiles/templates/icinga2_master/constants.epp.conf
@@ -0,0 +1,32 @@
+<%- | String $ticket_salt
+| -%>
+/**
+ * This file defines global constants which can be used in
+ * the other configuration files.
+ *
+ * This file is managed by Puppet and should not be modified manually.
+ */
+
+/* The directory which contains the plugins from the Monitoring Plugins project. */
+const PluginDir = "/usr/lib/nagios/plugins"
+
+/* The directory which contains the Manubulon plugins.
+ * Check the documentation, chapter "SNMP Manubulon Plugin Check Commands", for details.
+ */
+const ManubulonPluginDir = "/usr/lib/nagios/plugins"
+
+/* The directory which you use to store additional plugins which ITL provides user contributed command definitions for.
+ * Check the documentation, chapter "Plugins Contribution", for details.
+ */
+const PluginContribDir = "/usr/lib/nagios/plugins"
+
+/* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`.
+ * This should be the common name from the API certificate.
+ */
+const NodeName = "<%= $facts['fqdn'] %>"
+
+/* Our local zone name. */
+const ZoneName = "<%= $facts['fqdn'] %>"
+
+/* Secret key for remote node tickets */
+const TicketSalt = "<%= $ticket_salt %>"
diff --git a/sitemodules/profiles/templates/icinga2_master/features-available/api.app.conf b/sitemodules/profiles/templates/icinga2_master/features-available/api.app.conf
new file mode 100644
index 0000000..57dc0e9
--- /dev/null
+++ b/sitemodules/profiles/templates/icinga2_master/features-available/api.app.conf
@@ -0,0 +1,13 @@
+/**
+ * The API listener is used for distributed monitoring setups.
+ *
+ * This file is managed by Puppet and should not be modified manually.
+ */
+object ApiListener "api" {
+  cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
+  key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
+  ca_path = SysconfDir + "/icinga2/pki/ca.crt"
+  bind_host = "<%= $facts['ip_address'] %>"
+
+  ticket_salt = TicketSalt
+}
diff --git a/sitemodules/profiles/templates/icinga2_master/features-available/ido-pgsql.epp.conf b/sitemodules/profiles/templates/icinga2_master/features-available/ido-pgsql.epp.conf
new file mode 100644
index 0000000..8673f58
--- /dev/null
+++ b/sitemodules/profiles/templates/icinga2_master/features-available/ido-pgsql.epp.conf
@@ -0,0 +1,19 @@
+<%-| String $db_name,
+     String $db_user,
+     String $db_password
+|-%>
+/**
+ * The db_ido_pgsql library implements IDO functionality
+ * for PostgreSQL.
+ *
+ * This file is managed by Puppet and should not be modified manually.
+ */
+
+library "db_ido_pgsql"
+
+object IdoPgsqlConnection "ido-pgsql" {
+  user = "<%= $db_user %>",
+  password = "<%= $db_password %>",
+  host = "localhost",
+  database = "<%= $db_name %>"
+}
diff --git a/sitemodules/profiles/templates/icinga2_master/zones.epp.conf b/sitemodules/profiles/templates/icinga2_master/zones.epp.conf
new file mode 100644
index 0000000..ac74bbe
--- /dev/null
+++ b/sitemodules/profiles/templates/icinga2_master/zones.epp.conf
@@ -0,0 +1,12 @@
+/*
+ * This file is managed by Puppet and should not be modified manually.
+ */
+
+object Endpoint NodeName {
+}
+
+object Zone ZoneName {
+	endpoints = [ NodeName ]
+}
+
+
author	Jan Dittberner <jandd@cacert.org>	2019-07-19 22:32:44 +0200
committer	Jan Dittberner <jandd@cacert.org>	2019-07-19 22:32:44 +0200
commit	75fe9c5c44d8645f43cb604c1cb3d7344a77ecd7 (patch)
tree	bafb4b8cd2f11a4b89faabd6941ab2a8bfd19ea0
parent	7057c8f72da80f2bfd374c3ec1a18ee7f9971ee3 (diff)
download	cacert-puppet-75fe9c5c44d8645f43cb604c1cb3d7344a77ecd7.tar.gz cacert-puppet-75fe9c5c44d8645f43cb604c1cb3d7344a77ecd7.tar.xz cacert-puppet-75fe9c5c44d8645f43cb604c1cb3d7344a77ecd7.zip