diff options
author | Jan Dittberner <jandd@cacert.org> | 2019-07-21 10:35:26 +0200 |
---|---|---|
committer | Jan Dittberner <jandd@cacert.org> | 2019-07-21 10:35:26 +0200 |
commit | a976c461a97254faa3af872b23889efd725b0a86 (patch) | |
tree | 24447d0d2f3df738e8b292de2f682103d4e1be00 | |
parent | 0b243f6ed18188c2e43ecc48adde0e14b4e6e3f1 (diff) | |
download | cacert-puppet-a976c461a97254faa3af872b23889efd725b0a86.tar.gz cacert-puppet-a976c461a97254faa3af872b23889efd725b0a86.tar.xz cacert-puppet-a976c461a97254faa3af872b23889efd725b0a86.zip |
Rework of icinga2 master setup
- replace debconf calls with preseed config for icinga2-ido-pgsql
package
- remove host key and certificate from monitor (these will be setup
later)
- disable icinga2_agent installation on puppet
-rw-r--r-- | hieradata/common.yaml | 2 | ||||
-rw-r--r-- | hieradata/nodes/monitor.yaml | 139 | ||||
-rw-r--r-- | sitemodules/profiles/manifests/icinga2_master.pp | 105 | ||||
-rw-r--r-- | sitemodules/profiles/templates/icinga2_master/icinga2-ido-pgsql.preseed.epp | 12 | ||||
-rw-r--r-- | sitemodules/roles/manifests/puppetmaster.pp | 2 |
5 files changed, 27 insertions, 233 deletions
diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 41fd187..8239ac2 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -141,7 +141,7 @@ profiles::icinga2_agent::pki_api_password: > RmIpGTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAAs0An2QOnxac51GTU gCG3gDAX0FOzW/oWi8c1PDIFb+0B4cTQRi9gP2fzugKu0bp0FBB7akZV6Zx0 T5GP0WQAzU0=] -profiles::icinga2_agent::master_host: monitor.cacert.org +profiles::icinga2_agent::master_host: monitor.infra.cacert.org profiles::icinga2_agent::master_ip: 10.0.0.18 profiles::icinga2_common::ca_certificate: | -----BEGIN CERTIFICATE----- diff --git a/hieradata/nodes/monitor.yaml b/hieradata/nodes/monitor.yaml index 4ac6e59..971cbbf 100644 --- a/hieradata/nodes/monitor.yaml +++ b/hieradata/nodes/monitor.yaml @@ -155,142 +155,3 @@ profiles::icinga2_master::ca_key: > QHfjLm7Vy2L/2vsAqJHmaYwLJbnCO4KbCGzoLFBBE2gz17wYIPIgDbVxjNRu W1HABIXMJ8IEQJnN9mDYZWjUsutf8FRFsfAPMoAGX5M5tLVrTUQbXUjtpJ6v RA3cuu7epXa+RGV/NdgBV1k=] -profiles::icinga2_master::host_key: > - ENC[PKCS7,MIIOHQYJKoZIhvcNAQcDoIIODjCCDgoCAQAxggEhMIIBHQIBADAFMAACAQEw - DQYJKoZIhvcNAQEBBQAEggEASQymCvxrCeRMnoUhNaP646T/OWnBGMRatfh5 - o8sQFTcj/eF5ur7iZV6dg3qGTWBAYs72DSoDE8OfCH0vVP1qA1JzyOkmGfjm - BdUAganZCMXezWH7+M02lxkIAVsccmH3nJSXJ3rYzGeHUr/thvaqLUDNSTXd - rELo2KNVADc4KvWe0nSfk3QVEYJlJn2GVJC7C2nIH8tA7FCE/FGys+3eXgjk - L9pOCNpx9fFr2YNfUPo0BT9o9WVg1VKusr88tCW7ZA7DrLW2+8wUhIQsqiuH - Ob6GWVt8w4mNgb6SELGbQUWgfWOBMWLLfwwrarpZ7ms9nqFZ8j1gQ35MAKvL - o0TXzzCCDN4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEOlVpsROKOYrHE1s - G0YqHkaAggywe7XS1015/42rKh8UGD/sFwJSNjPhBW9kyV+qSmfieXme0xnm - pRd+xEfJYKsvC6kXZ9sB1dCuU4nE+4KSmEuGkNsfOwGGn15AiCPl72+5nnO5 - BvpV0oqgpUa9z1wJcycoqr7lOoi9QwTWvWPUwaD4y531XN69vbasAnyOlVeN - d9Xc01a639g/rI4zNFdtOpu1AEi50nBP2zbbCtax48BVI8eG0p5TY36u6DhY - 3hTw70NERuOdq39rd6zv89mfn1eVW0160TSwQRh45TU1uXrTkYDjPqa2sodM - sV+1rIBPOYj22skYkVGvmhLFaiauxhEdGLNnVQs5TzGiqw3Xse8F0DkbAIEN - 9xWDYyJS8QOyhe5OwHXzryLbWue/W4lWb/T3vMix9wLqev6FUjo1joY297I8 - EVm1WhAJ6PFVBpzRuR2/rCHRbOAUcCTiB19wnVYWKKUoA6AJfYlLo/2HWcHS - WIPw6tDZ5CpK1Vae3SztHcQ6IIKMdUe0mj2jTQxkCuc5d1tBo2TGYVdsIXkl - Z9IDMzibGoBKFzgEYk+C7MYY73TUq6idRC5qW03Xkgt6ibjevKD0Rv9ne9HR - 81tKamXgr/qORF+xqXf2tmSaV4wMND4xvSGaiWvrgMiVJLy1sNfXzQgfxrtk - 22xvO5VpjgDpbEYmRaakVeO+/awKM/lexZ4FHFULMdSrt6/6vGvWWFgNOHf7 - n0vdW1K+dj2eRY6ReC1w5Cj9HUoZboUZFKXZLiIevJeO4YJP415vYyNdkGfG - m85CZdQdVhXAzJXZRQRBDZgnJ7V/4w9j3tBreu2a+AsCChQzJIaR/Gudx1yY - eUbdlL86izqm4uhH7eqd2/eJZRa2GRpdafMpH3PgcdOT9UL9QFEEdURJWeCn - 7eqBz/3VLYwq4u26UUs6WX0tzLzTrA/1LwhL2hN9vAthN07gh/wnEwhji/51 - RFnIqEml9ojW9jgjrJW5YklzKixktCVjRcaU12tmrIwFyqZzhNFX9dQhyNM0 - dFh1rz/zXbwXD8hPH3i3SM/hjzEy2IeArbTHqd8InJuvtrZWGzE7zB0bgQkj - CdpRbDQC9IetF/kuOs+DM6OMt+m3x/MeySXBEO18fhTaMXyKydPgik45UujJ - tgXQfc60qKnrpmb0EXBY4PpJ5pZB7AOaKes3vU4p9MoZPX1eCt47F+SnwB11 - qxEKu9xX5Qr3Px5HCHzZPcEfC1494PHT4bcRsX+RMzOta0cGVL6jd4FwAdGj - 1Xz8WXA/o+HsHe2NSO26vPJMHVEV1lhjoiEv2gM1FZwQZFm+9Px4wss+IdCK - p1mqxtnHZdEh6KRWMnCa28uVdhP2eDBB4yyl9wMIlvNTLx460CQV2vrFtdn1 - j8EVjhwkYzhjijczNg1c3zyT35DgcKtcWA89rI9JZAMj1tLxdilngtI/4G9b - nlKFacHsFh+cdj/ndDTDj1/n9XKxAHWSaygAVgemG8DXmRSZBoWKqc5j7FR4 - 14x41H2dc5UAuA2BUX8W3ujRygvHHdUN1bvjgU5+Di9S0XbMam+UI0vkUtIs - pohCL8v4JlxhB8xnbQHLx9EgO7BnVP386UsZMVFiwx1ts39VTUsKGouj1Bja - pttgSbrcJb7pyZ7Zl2iv16tMiJQkw+OaJj7gI2+VYOD5apJMwGrOU4oywhwn - XA2tvD4HeuQ2jpYpBQHmg7k+Sa1OtS9amnY2Vlx+kDCWdfs8iR329fgJmJ/P - qFXCcd6oymgpS/kGrFRG5GkaVMcrf4CV7ujNYoUcGc2nuyigO0mq+VYTrpcd - 9jwYtAt14UyklvVvblK8PALI+mrg+O+j/tXOdsUF450M+nvyulxEnZOYXLKv - 5hprj18tMU8cQOjiTtw9kEaP+Oz7BUlfsoR/Z2PT7DC4C5vFDoEHaqsD98PO - 5Dov9XAXPR6uwxH2bxHpoGbpRW2BIurp004O/7BjG24zv3CXMrjJjyL44nuF - GaiWfrTv/B8NRqSQytT9ge7AOMtu9obP2W7DPtaXERIOpp+LMWKuq/LI3p3d - TS2BZ4ZcITqh9Jm8O+/SCbSjvGnw/4KXXZjH2qDhZq62EG48JvzfFaJCbV/a - CWAbGsweyFJEVtj5Up4sYs/wlR25V+BvdCdOn8Cq0qdKpZB7dt8CdWVhYRCe - l/uvOJTRDIbehOY961n0ym5CzuSeqNZHfgl5l4yUodUHWiSvnwuL7jP29i7M - XwV1kXTBPIlQcmvDEZ04mtNF/IEqDIXqVtT/Ztj1hSR0fvETksmG7Uk9Z6GA - TnT+nMgXjjCz50JEgCPka0wVF1McEp782mh+DaGFkqno3+wd9UFnSrzcxwzs - UT/8VZ0f8bK1Nug58zc/1DVlcWVhiigpBny6bxo5/cQ2+ukQHC+pC8vjaqqw - rsoaCf1JgigPl4mVYuKFJpeeg8Ulrz7EDDXvwy9Ujlxh6U0/lcAjYiQBfq2v - /7F/H3kwIZM2dmuqwfzZlrnJFSmoeF6WB1JuowvmMXGnTTFH0sF2CoyjrAQ+ - BWt1J4eO448f8D+9TnBSqSv9Bkvhek+wQ+NwXI29al33O3F0GotF439XNXRa - EI5chGq6YQ0LSm5qogOg2sPeiyqJSWI/qrfuV8dnovphRwSx/PW7w9hmXzK7 - fnmzgaWicewjxpYcAq6HRyKkSbO/9iz19oMqLwvoakA+RW9BguAu0f9sOLXa - Uxud824ka7q5/P13Us4qaQDZezho82c4tmXxoaLAhSzWEz6dLKFOlPeJ0QLC - Y3JaahZ9SHMdjgO7sCUL3/73hT6CaclnAEi4JBNsAxTfI1waTxzhFLFK+PA3 - 8X98K8oXClRKArErujq555dwTqhlK13SSxeZ+++rVJOfjLUou3kG+r7Lixo1 - T8rrnwV5lUwPuEAWp1esr4BRvoILRm+jYcnn0AF+USr+Eqwr7lG4BfZL9kRm - sFEDgP5UX/OtL3g162HwNRF9Xt3Ov5Lh95dzI4fOh+C8Ak/xvn1YOzsLLiIR - UxG32ESTHGhcYZ+SWmd9EtYJgGAXiqFiKqKrH2cAKzZXuGnkBhATq17/31f4 - uMXXEhaLoqzHxaNPxk8MMGPVbk8YNSSY7KqCUp67SzISzCGFSzNtUEfxVc3g - Zl4jgddxikkwuXtryBOj8cXB3n7i304LSnaGJ7j9loe9vQrsYmgFppeMx5Km - 9OLGf33xJ5yA28YbWWFEeXHWOBrsLR1kHkFLqnWGczZvEbTzSwQ/jnFLadZw - r2xEViMfUYR1u3VANAyXRGLNO01CB4iSKzldjadY4GopbJdvdZr+Pzi4DPnU - qXh51A/z29hSnlAzsbclnThYB78w21ft12mPRbE2q1VRij0BL9+qVU5/orc3 - htwz55DOFt+St8Ms15BUlxmhLl/OZ49wtBOIjDSqdPDBt12it/pDBEHBIehJ - rwXVj52gT55joE4AFBLaD/gVPY1rZWhTW9G3jxpM4T6smR5yl7JUDTeDB8H/ - eZZ5V0TFa9wIFfb8gu5u1gr7JMBlQ2+CBFPYb3siiLFGc4uJK5AH0w+rcLUX - o4raFU3yI1paTJ0miFAQUoe7JgK3bH1/Er9D9XIKyM70MeB2jtNf1eM0A87g - g42wv1rTxShGmOFwKIquMTvUlcuIDpUYfHTL5GF+6igXkaGseuQFBCYXNPzJ - sCuey5w4WVj4RI7ptFtZY1DubvA6kiWiTnU/+/WYWZnfmQvRjLwxFbRd+fen - a4THancpcy/gxvSgPHSiVxEFp+KEm51Z/RWXEYSlLRmYKvee7ZokXh1Ubsk0 - sgqOvX0BK0ktY4L6/7phCdeFjq6TjPQXARXBjqX8zoQ2LZsA9UOXplhMGsvL - V5G34QemUCeWKZNniB+2aRwW9UGpJHZZQc97ag/5mOo5ccWLjHfSSnE/T1SF - wrgqx26ebetn8N1fhEQtY9ohkeH40R106qjrdtWJrVOp7cUVfejTqzRqrjrN - jUf2qPoYpuXJZaiO5mnfs/hm1kDQoZY3+YHyND0vSHGXXY8FNlVpPXjMsed4 - kHtsRej3IqQJGjeEj4keuxp7OJsUJavKHJJRtManyKbuvwtdyHKHaOsLlZF3 - DstVnMABPuez3aJfyjsWO393NwrtCUixU1DQibV4c8AUIGhYpmmxjW5zrmsW - cCIZjvvVsOYP9pQGnLTEEmGhp08acD8dq1GCDnVKY/q0Y1auFQOqUXIw1lGI - ZVmEZYi/WFL1iLDRvmLhHV5/9GarOEJpIfjZJoGf1LveF5kSLQXBuKigi7p2 - GGH79JpkANNaGIsOtYlBf1VSkR0/nHEGtMC9+sJ91lpd/P6fbNWAeOltW9ZJ - 6dem2ihI4z2lY4pvqZ4PjLQ=] -profiles::icinga2_master::host_certificate: | - -----BEGIN CERTIFICATE----- - MIIE7jCCAtagAwIBAgIUWgeaQ9+6HvLOnn5ja9MwuP0haRgwDQYJKoZIhvcNAQEL - BQAwFDESMBAGA1UEAwwJSWNpbmdhIENBMB4XDTE5MDcxOTE4MjA0NloXDTM0MDcx - NTE4MjA0NlowHTEbMBkGA1UEAwwSbW9uaXRvci5jYWNlcnQub3JnMIICIjANBgkq - hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAugwFfqd7pNcP3phZbBEfn2fjW28cu+S3 - iidwMCMx38BcmfgJ/h0pAl3ONR/CfASFqC6Avsz6z11uDwISwkv0KIVIF14xkLDy - b3yGLNml/8sCxWnv/l2O2UUp5CTAEc89kjAFtYuX+bY+ulTeiOhfXud5IPZx1NQ8 - iwai8NAJwDjmgk12XZGEJG+ootnDJ0iusWCk7ylmQojJkBFW6ODlAkXRDXlZ7yHY - MxBH8Ssq9RzA/L8Gz3bR/6nNLovTpGNfH0gh+MgrVpANCy8hEnkxhZUbhk+hfmep - HDny21Dp5G+7AFlyweHuhT2o8AUlS2FUdKgpGJ+ufneOe9YgJvbUb37Pp4W8SB33 - 6KGTbiDfpZb3IHyzn8fnG3cRmBpAvRtANeWCtlntRkZieUGX6nETd6lrWtZCesu8 - VSE6GBtvA10rrra1+dBOBIRu6zHISfA+KSptilTfiObT9IsYGb3byYl3Ah9XyLeG - 8163OnBDKNdUt4p7BaJvKWwrKGuE3P//+OWUx921iXxwS3/+L9cyg+6fPc0/VF05 - QozUYdZdd0uWQPfOS7hZprg0UNGAse+wzq13asNWwb060G/uAq+ms4HS6WKr3yMC - KwnQGlrcJhUVQSIvo0zKLaUwAuJvrx41OZbdWcIpr5Q0sGj+v03Mz5KO/OLjNaJg - 45DI1x+0sf0CAwEAAaMvMC0wDAYDVR0TAQH/BAIwADAdBgNVHREEFjAUghJtb25p - dG9yLmNhY2VydC5vcmcwDQYJKoZIhvcNAQELBQADggIBAJtsW2Yg0c3yCBmmJeCQ - 4r2BHfzOq4bzz/LQymzixq8EeD8iCJCvNr9Hax09S0X/tiKXddb/9PrmeCDktHXo - VerLjVOqelrC5rvnk6Fhq2X9TEOjsDpXZ/SoHLJoBm622hUy9KNeLFJ/3LrHSObO - 6wVeaiyS45CsALLk2STRxiMiJG/f7SuC168bMJm0POc6OvD4NrpqnrQYUTHEQX1i - WxTZWpQ/SxWLID0qfJE4MChTyKG4/6tFtopUInsy8eiSYajBRQaTWCyZgAWgJwpI - 7EqMRGniTjqdAOQrl7un/cGQkr6KT3d3iIQvaI1/W/52ZOfynV3VifyJGj5FTfCP - oqTzHyzf6f+MBQ3/SvBWL796arBc3aclp+I4PI/DDOrzw5Ifw1BJ5bvY2QzMEP44 - pJSpn5WhMQGLdWNcQHZNSwXP2G7Zs2Gz9l2rOuG6LcsZ5Dwfw44tIfChhFcw04Cj - a/AXGNTB+nptx426fiwwTFz59lGOfmgMQZjaWDFjaXQtCbwr4zMsqCZenFlb1Aci - z6Z+16xyJct8FncZ5P7LDzEH3wV/m4gNJ3iztRFnackuRPsiWGt4m0cdAQegW7iF - Cy67BtZnIgT3n4n488G7g6ApwoYdq90V4/CC2jWSqpXRsGhlRRzwzRFjQBH5akhE - YT/rjqxUcrVgpy5DDSESeUWa - -----END CERTIFICATE----- -profiles::icinga2_master::host_csr: | - -----BEGIN CERTIFICATE REQUEST----- - MIIEYjCCAkoCAQAwHTEbMBkGA1UEAwwSbW9uaXRvci5jYWNlcnQub3JnMIICIjAN - BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAugwFfqd7pNcP3phZbBEfn2fjW28c - u+S3iidwMCMx38BcmfgJ/h0pAl3ONR/CfASFqC6Avsz6z11uDwISwkv0KIVIF14x - kLDyb3yGLNml/8sCxWnv/l2O2UUp5CTAEc89kjAFtYuX+bY+ulTeiOhfXud5IPZx - 1NQ8iwai8NAJwDjmgk12XZGEJG+ootnDJ0iusWCk7ylmQojJkBFW6ODlAkXRDXlZ - 7yHYMxBH8Ssq9RzA/L8Gz3bR/6nNLovTpGNfH0gh+MgrVpANCy8hEnkxhZUbhk+h - fmepHDny21Dp5G+7AFlyweHuhT2o8AUlS2FUdKgpGJ+ufneOe9YgJvbUb37Pp4W8 - SB336KGTbiDfpZb3IHyzn8fnG3cRmBpAvRtANeWCtlntRkZieUGX6nETd6lrWtZC - esu8VSE6GBtvA10rrra1+dBOBIRu6zHISfA+KSptilTfiObT9IsYGb3byYl3Ah9X - yLeG8163OnBDKNdUt4p7BaJvKWwrKGuE3P//+OWUx921iXxwS3/+L9cyg+6fPc0/ - VF05QozUYdZdd0uWQPfOS7hZprg0UNGAse+wzq13asNWwb060G/uAq+ms4HS6WKr - 3yMCKwnQGlrcJhUVQSIvo0zKLaUwAuJvrx41OZbdWcIpr5Q0sGj+v03Mz5KO/OLj - NaJg45DI1x+0sf0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQCNRiZuJUqNUaV7 - 4FFnD21KceOZi7LXt4CgaTw4qCtgiW4EY0mkRpcrXRrMKkOHHoLYR6TjuElDO4YS - 8GwVvRbIZPwe9THuIp5VQtkx+cmj5uEScPXX1a1cCBmfp0hot3Rgmrqwc8z72Nvt - U7FOPuWmExpF1Pe4v44Hbb1ilcRXQD9bbtCpUWsooSRglMwAHnGwxjFvwvY/BP/a - EhFgL1lO85NJh3GvVZIf551KM5Qc5Q9BM4u+Oc16tjk3ht03PM9pzt2RanxuOM5/ - Ek3Cb/tXdnM27JhLOwngcDfDdN0qm8X7Zyi8ff0Lj1LUarRRrXNOOrcH2+uIMQ66 - 33xRXoTbQ8jUdKfxnx05fgcQ34TWAncpREtwbHKfxBtCigJtz0dMqxovfYjvw+YT - Wj/KsuFrZzDk8R1pbTcZmbwHRMSo7lU5KduVqlH1vh4f8vky6adb3HKhojFEqGE3 - PflEr2oTRfIcQ9lUnvNn49Z9vH+HxU9Iw0PuXC9nJyYQHbAPWqskijy8wfF7Ry1g - Zc/kUGfiI16uayGHOrSHZsTrTItBxQYqK67i637EV/1ZeOBjs9MwT5vi7DxPQeTN - HvhMo8mfo99lj2B4crUsw2MSrOeIjap1GUtfbubKbn/4n8drlRk6z9CcrKuggWOC - xxj9i1LH8CBDGIt/a0ogOwcR3FTiew== - -----END CERTIFICATE REQUEST----- diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp index f1764e0..42a5a3f 100644 --- a/sitemodules/profiles/manifests/icinga2_master.pp +++ b/sitemodules/profiles/manifests/icinga2_master.pp @@ -17,10 +17,6 @@ # Icinga2 node authentication # @param api_users Icinga2 API users # @param ca_key Icinga2 CA private key content -# @param host_key Icinga2 host private key content -# @param host_certificate Icinga2 host certificate content -# @param host_csr Icinga2 host certificate signing request -# content # # Examples # -------- @@ -49,72 +45,24 @@ class profiles::icinga2_master ( String $icinga2_ticket_salt, Array[Hash[String, Variant[String, Tuple[String, 1]]]] $api_users, String $ca_key, - String $host_key, - String $host_certificate, - String $host_csr, ) { include 'profiles::icinga2_common' - debconf { 'icinga2-ido-pgsql/pgsql/app-pass': - package => 'icinga2-ido-pgsql', - type => 'password', - value => $ido_database_password, - seen => true, - } - debconf { 'icinga2-ido-pgsql/app-password-confirm': - package => 'icinga2-ido-pgsql', - type => 'password', - value => $ido_database_password, - seen => true, - } - debconf { 'icinga2-ido-pgsql/remote/host': - package => 'icinga2-ido-pgsql', - value => 'localhost', - type => 'string', - seen => true, - } - debconf { 'icinga2-ido-pgsql/db/dbname': - package => 'icinga2-ido-pgsql', - value => $ido_database_name, - type => 'string', - seen => true, - } - debconf { 'icinga2-ido-pgsql/db/app-user': - package => 'icinga2-ido-pgsql', - value => "${ido_database_user}@localhost", - type => 'string', - seen => true, - } - debconf { 'icinga2-ido-pgsql/enable': - package => 'icinga2-ido-pgsql', - type => 'boolean', - value => 'true', # lint:ignore:quoted_booleans - seen => true, - } - debconf { 'icinga2-ido-pgsql/dbconfig-reinstall': - package => 'icinga2-ido-pgsql', - type => 'boolean', - value => 'false', # lint:ignore:quoted_booleans - seen => true, - } - debconf { 'icinga2-ido-pgsql/dbconfig-install': - package => 'icinga2-ido-pgsql', - type => 'boolean', - value => 'true', # lint:ignore:quoted_booleans - seen => true, + file { '/var/cache/debconf/icinga2-ido-pgsql.preseed': + ensure => file, + content => epp('profiles/icinga2_master/icinga2-ido-pgsql.preseed.epp', { + dbname => $ido_database_name, + dbuser => $ido_database_user, + dbpassword => $ido_database_password, + }, + owner => 'root', + group => 'root', + mode => '0600', } package { 'icinga2-ido-pgsql': - ensure => latest, - require => [ - Debconf['icinga2-ido-pgsql/pgsql/app-pass'], - Debconf['icinga2-ido-pgsql/app-password-confirm'], - Debconf['icinga2-ido-pgsql/remote/host'], - Debconf['icinga2-ido-pgsql/db/dbname'], - Debconf['icinga2-ido-pgsql/db/app-user'], - Debconf['icinga2-ido-pgsql/enable'], - Debconf['icinga2-ido-pgsql/dbconfig-reinstall'], - Debconf['icinga2-ido-pgsql/dbconfig-install'], - ], + ensure => latest, + responsefile => '/var/cache/debconf/icinga2-ido-pgsql.preseed', + require => File['/var/cache/debconf/icinga2-ido-pgsql.preseed'], } file { '/etc/icinga2/constants.conf': ensure => file, @@ -247,30 +195,6 @@ class profiles::icinga2_master ( mode => '0644', require => File['/var/lib/icinga2/ca'], } - file { "/etc/icinga2/pki/${facts['fqdn']}.key": - ensure => file, - content => $host_key, - owner => 'nagios', - group => 'nagios', - mode => '0600', - require => File['/etc/icinga2/pki'], - } - file { "/etc/icinga2/pki/${facts['fqdn']}.crt": - ensure => file, - content => $host_certificate, - owner => 'nagios', - group => 'nagios', - mode => '0644', - require => File['/etc/icinga2/pki'], - } - file { "/etc/icinga2/pki/${facts['fqdn']}.csr": - ensure => file, - content => $host_csr, - owner => 'nagios', - group => 'nagios', - mode => '0644', - require => File['/etc/icinga2/pki'], - } service { 'icinga2': ensure => 'running', enable => true, @@ -290,9 +214,6 @@ class profiles::icinga2_master ( File['/var/lib/icinga2/ca/ca.crt'], File['/etc/icinga2/pki'], File['/etc/icinga2/pki/ca.crt'], - File["/etc/icinga2/pki/${facts['fqdn']}.key"], - File["/etc/icinga2/pki/${facts['fqdn']}.crt"], - File["/etc/icinga2/pki/${facts['fqdn']}.csr"], ], } } diff --git a/sitemodules/profiles/templates/icinga2_master/icinga2-ido-pgsql.preseed.epp b/sitemodules/profiles/templates/icinga2_master/icinga2-ido-pgsql.preseed.epp new file mode 100644 index 0000000..1be594e --- /dev/null +++ b/sitemodules/profiles/templates/icinga2_master/icinga2-ido-pgsql.preseed.epp @@ -0,0 +1,12 @@ +<%-| String $dbname, + String $dbuser, + String $dbpassword +|-%> +icinga2-ido-pgsql icinga2-ido-pgsql/app-password-confirm password <%= $dbpassword %> +icinga2-ido-pgsql icinga2-ido-pgsql/pgsql/app-pass password <%= $dbpassword %> +icinga2-ido-pgsql icinga2-ido-pgsql/db/dbname string <%= $dbname %> +icinga2-ido-pgsql icinga2-ido-pgsql/db/app-user string <%= $dbuser %>@@localhost +icinga2-ido-pgsql icinga2-ido-pgsql/remote/host string localhost +icinga2-ido-pgsql icinga2-ido-pgsql/dbconfig-reinstall boolean false +icinga2-ido-pgsql icinga2-ido-pgsql/enable boolean true +icinga2-ido-pgsql icinga2-ido-pgsql/dbconfig-install boolean true diff --git a/sitemodules/roles/manifests/puppetmaster.pp b/sitemodules/roles/manifests/puppetmaster.pp index b839cdb..6074c75 100644 --- a/sitemodules/roles/manifests/puppetmaster.pp +++ b/sitemodules/roles/manifests/puppetmaster.pp @@ -24,6 +24,6 @@ class roles::puppetmaster { include profiles::base include profiles::rsyslog include profiles::nrpe_agent - include profiles::icinga2_agent + #include profiles::icinga2_agent include profiles::puppet_server } |