summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-08-04 09:37:48 +0200
committerJan Dittberner <jandd@cacert.org>2019-08-04 09:37:48 +0200
commitb4558ff4c0134312ae6bccabd43fea6b59756942 (patch)
tree37f1b2d743d789f86348018b6a1eb5691b44cd1a
parentf69a10d21a05d2857a7335ebf14562c99d3814a4 (diff)
downloadcacert-puppet-b4558ff4c0134312ae6bccabd43fea6b59756942.tar.gz
cacert-puppet-b4558ff4c0134312ae6bccabd43fea6b59756942.tar.xz
cacert-puppet-b4558ff4c0134312ae6bccabd43fea6b59756942.zip
Add client certificates for monitoring
- provide new profile profiles::icinga2_certificates - add extmon_client on extmon - add monitor_client on monitor
-rw-r--r--hieradata/nodes/extmon.yaml105
-rw-r--r--hieradata/nodes/monitor.yaml105
-rw-r--r--sitemodules/profiles/manifests/icinga2_certificates.pp68
-rw-r--r--sitemodules/profiles/manifests/icinga2_common.pp2
4 files changed, 280 insertions, 0 deletions
diff --git a/hieradata/nodes/extmon.yaml b/hieradata/nodes/extmon.yaml
index b297d5b..2f42ab0 100644
--- a/hieradata/nodes/extmon.yaml
+++ b/hieradata/nodes/extmon.yaml
@@ -15,3 +15,108 @@ profiles::icinga2_agent::pki_ticket: >
IdVtKzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAZdHtu1JgImxyR3tiB
9Iz7gDAdG7RekYIvLTmxoQxapU0ATmqM8lsDrFs1fy8LRz4T921fD8FqiC7x
EEWxfzNn0ZI=]
+profiles::icinga2_certificates::certificates:
+ -
+ name: extmon_client
+ key: >
+ ENC[PKCS7,MIILLQYJKoZIhvcNAQcDoIILHjCCCxoCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAG1qZ5pPhQAQv9ghCMKaDPplIln6/YnO2/qvH
+ 93vQPs5MMxuX43jlio12HyakQ2S9pn7EjQFd+rRKNMwIw84472DgpXrvZq9z
+ hmIVar+2Tg15+7cWcPf2jGGmLesCH95o1v4uV667fXrUbOCowMQfG+4zGsnV
+ Qo+n9pe3CnvK0HyDNDj1Sd7+mjum6cSUbt9pnXZy7G+Q4XYzu+So1CoKmhdY
+ c8pz/o48ALeOjPT5DOIni87b/rOtclldATQtgtksE8CCA5jC/hIk3LaMh9wi
+ J15NKxy29U/zoMLsWfYQn1/5aIgHuPeV85lz5Eiglue+rCxikpmfsx+L+ZPM
+ G8/zBjCCCe4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEA1+ZW6MTau1jUPA
+ FrfiXqSAggnATj/0QSn1fjaYvsQJH9dV3imq+vh7+scp7sFAzzwEKMOABaFm
+ hgUPQQjuJ/CD/AYTdarGMqI860D3vDE48RoqFSxW57FB3ZAqANigzZg0k+TY
+ X82r1Yq6qdZ6StuiokU97OHFbKd68i7Ibf0nm4XhaZ8JKvti+xKpJxaLY5iL
+ KGcCIQbZE7QOmlpIDEUFYdVX9jbV+9NJNo8F7jmSvT7ZI1gU46PapPoRKQun
+ +Ka8Fw3BncTx14IoqDJgzfXpdqLLB8sXEcCbUF4uLBcFi76dkw2be93x32RZ
+ UoajUlY4q4OFbGrtQSEvQ2uEI5iI6UmPnN6u333ddmH5NvW7Iu+pCc122v4b
+ VKR0DBGhsasvKNyxnIk5u7cYV6azG6tKTTsYoNMkiBqgEGuLr6FtZKyaqtri
+ HYGq/tiq8AWlMtl9hSEKHePwng5RDiRZu3K1Ux4m93sf7dyw0PrQxv34OlxS
+ QMDJeMqmUMyF9iwDCs9h1YWgHlSpUbtpw9CiVJMu6mzxjNBIwnKfhq5L+nCQ
+ c4nDXkzvYQN/KA4wUl/+76IPKo2fSLWtkbwOPDCmjojbSIacIORgzl9zuA2t
+ j8n7QDPtFxEoC3Hj36XlYQlPITwGb0Gu6DhIOYt5rYo7IjNGglSyK6OfFFOb
+ WiSmaJaUCrpCWpgaASOZdLFzo6oav7WDj74yyiV+eLziTqSnn6caBJ6eKrXh
+ Fjue4rwqNX4fF8P4iu0NoxJDkiK3DsDRPHpRpJM8LLIKgiROJccWrOX8O0Uk
+ xlLyMI97r4vnX9R2pHPSGfsA1OwJHOKPC+dld9edFzuqy/Wt9MAQI6xyYs1V
+ kGjHA1DGxDHCMTaOUm3gJ3CZg4FU0A7RuqUjNCXHydCfE4kv069xVgfvfOFt
+ Y/dEnON+iJYtWjmAr2nYkDHYfD/l998W0W7D2DuvhzhtYZsR8A9dwWal8vhQ
+ e2rh+Rev33DiuC4GfOFXY3BBEsDjcOeRu7SnN43ffkFwnc3cS43oaFwF7Qte
+ 6NkwvmXgV6vguDSSLdcUtvjkiog4PlgIRLiEyxhmA37yLNhn58r8KnY4+GX6
+ ELGwbWY/Tkx42EGbiidTUD2Mudg8O6lOyThQo7u0p2fxw4v8jhI6HxUmWbXr
+ hVlivhznMuFjleU3BFPEO/U2p4CjiwBoLnsJ78f8EOGurS1bA6nAZoFKdzS+
+ IkpXNrwlXZY1TiTUpxTjJQOJi6kmiDsM4JlqwghfOmn2HVC0CFMgq1BQMJCq
+ E3pzAWBLNydJXlCQKr+jn+ddKjEK6Lbi9ksnltfrru93ieU25+aCNwiPd2EV
+ NCC6Z+KPBJykt2CEcuDggK284qBLdzOTZEF5B30tPlRnoJAAC3YfwCTktqp2
+ ej71uEjEXrm9iZX6EQmVJojjjIkWeASmmB7rR/wMVsMwG0Pcz2xgtvKQ2pQm
+ wXaZcbBQPuyMDuvZQFCmU+3fbs5N38gw2QSqklmH/vKdzFP3h81ZSnnhrE1P
+ VlPnsSjgsuoj0DEP7LFQ6AbkMOquwnwidQpYZQlRLP9tX6wzSS9d3pTwcqkK
+ KlYMYDXQF1acQM0DC2dEX9NzwqPbeWEbe/8HrRdMc2B2pc1GXJcHmQEkOP8m
+ 3FNCU5uqJVzmRVL2aFJfTPhgb7zzOWdzwTHDJ+4PKGFu6ILbYsztkAgLYAOS
+ I2tlOYd7D/WJT/n+rO0QWd4I1GbS2kK5IYMMexRgi7DhpvRCh92qJMgPCcoc
+ /0kVHE/u/TLxgJ7qcPjUDfYGir3Bhna/3G3LCZDZ8Kw921iosVVTYAnoIa5P
+ G7Bm2guZv1o8QerMxTdHxEBmT/pEYpKvl9BrTmTZcMPfxInhfVCAyspCTBI5
+ 0zC+QNrppDweVzaFoFyjk1Taf5/1dzUkQstUyhP+uJ8Hq2d7pvBjiVXRnRB0
+ juQ3zNtwXxOGE+jBZCNC5xWL/5ooT5yclBRo7typGI/NLIm8EW9Dr60T9elE
+ s8dtTDROf5Mitd3ZPyBKe2qc7OvzTey5IbiIFYPIVzt696vrm689uw4Cl8Vy
+ 5Jqb3kFNtgfZEZW4wnidxoBGwqMPVRFWbpHNSvPnS9HW2u6y6SGs2nuWZvcu
+ lB+J5TNVeAzPw81OELhZZEmAOX/rcL/oMvAudUJlRFYVZY4z+tvFLbDP9Hzi
+ Do9ykUApp9ljQ1XQNDyKIISv/jJKEEy16rb7HhdSs8uwtZ6mPD1QaNq8uO5b
+ FZY4c7R3EJue5n6mpGJ97Z2QijnEh5NNw9Yt10K6WES3/7JBDjt0OjQCnbaF
+ 64garOvcHKzbpLhHhJtQ6vjxAKV1Q+HzVohOJKDZBJDP8f8xDIwXfVjVMlx8
+ pjLQ6pjIaYKD8beKyJMd2IHrXb8IUs0AQIKHL6dGH4pgYZ+Wr9VVktCf1GR3
+ 2IB4j8b3lJ4AjqTuGWrVAoxH4FkV8J4mJOq34RkE3V0REnurIodjZKL1LW1Y
+ CKzgIi6TUlZNFRBn3+/PLPnHOF0SXOgbiQv1ikLReZGkDeBAx5Jieb70ewIz
+ eawLyRRtwInmrOV4ajszSfarYRkh8ulN6AwcF8AVJt2cxx2iXcMoEHQBbcVs
+ VT+MxTfLRde61Nc6lMWyfsjkvptIyLc7MkErrPYXo/psJGwvjJw70TEHiKLQ
+ Y+X/hZ7ESj26bu1oiBGGD+4v6CMo4qa3RnKcvHyMbdgNccFbWQktZ0kjvQGA
+ MWoz/8jdz61tA+tlokM3ZEkWclrJEcyQG8N1gYM/ER9pZBuM6PWZZvp4Yfxw
+ F5Beu2pgJ1HlKaePwtm3itVPwuIm7K57YEyY76912L+GYiAPpvXt3B7ijCiX
+ kpHTUw9U2yq2R2zT1zgVePUA2pa379QmBnH1pwzfOzlU+4zli2qSlBTJAibR
+ LW1afjWaarigdwbDkuxVVinB/SM/U/7jQgXnCQIeVmteW2crwvH/rtfYCmja
+ ffmJCCsjwDL908TcpJGTFtHxKyGrseMWSqgjlQw1mqmbOU//8DXzNUIn/AJj
+ p/h7NmRwDQbDnmoZApNGrd9ZiNzlO/nxCD561qD4FPOmSRAIJhQuFjTfompM
+ U3gNYE4cGPlbBHP9O1YHWfbjWNRqgZHYa772yEJ20+4HIa0lcNOCjCqm/NPB
+ 7Irj881O9z/hZRWLpHW/MAtesZNe8XDjgXAs5gsYmsYHBlZZ/dP6Pwz0qIO/
+ V8FVDMyMLDkJMgAKHr7F+DMzCPOsA56mdPqhHnhTIKIpBTW0R2wPWMomVg7c
+ vTtI+ddYRIYMdBMgaWN0z9IRWR1PFlQ6aTVGdxTBJ4gf5k8ITtjdykssa1dS
+ 8ObTnGjMEyiHGlJmK6cm/EYXmOOj8p2HPoBQrqSk]
+ certificate: |
+ -----BEGIN CERTIFICATE-----
+ MIIGUTCCBDmgAwIBAgIDAtitMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB
+ Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
+ BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTkwODA0MDY1OTQ0WhcNMjAwODAz
+ MDY1OTQ0WjCBrjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG
+ U3lkbmV5MRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEcMBoGA1UECxMTSW5mcmFzdHJ1
+ Y3R1cmUgVGVhbTEjMCEGA1UEAxMaQ0FjZXJ0IGV4dGVybmFsIG1vbml0b3Jpbmcx
+ JzAlBgkqhkiG9w0BCQEWGGV4dG1vbi1jbGllbnRAY2FjZXJ0Lm9yZzCCAaIwDQYJ
+ KoZIhvcNAQEBBQADggGPADCCAYoCggGBANIdW3yyGH9LWYseNDIIs+DDHEd3HGOO
+ H31JQKng8LdEZynotRISXDhCfI+Ys0yxMy/t6Sj9pphdoJLFpoTXUB23Hx55LYD3
+ /DiUnoz9WXj0pqiiVKZFdEh1Uwb/M4LDXD4IalAnFpSz28CCr2/24f47e21y6xz2
+ LLEIjFpWreBpk81Yceu1Hh+OAtabzs9R0DRX2hILfmb4QjnUNmmoSjMd4/kCShtU
+ xSaKGKQ9TUc8fjmq1E5fmE6lbKkiwpIDNBIJeJCTo5tq3t6ncFt/L6Tv3gsCQUag
+ lXq09Ca3jyWp6KzTB2sBu/8RFZaBgCcp8yJig89e07IfTqEJDKLzVqj49SMWtajM
+ vv0oArXNQ0C5f8ZUNV0jkszopWqgEhDyso94Yuk5MPVcCPsq9UYVEMEuPFMNVVpV
+ qq12MNYrWPySwQzsCAgAuEva8rrwmfrlUA17yhvdxRvp/fJtxq3f/5OA4uCT28kS
+ gehoo41dTJtRdpx0BvbWZIIC2mzC4kHGJQIDAQABo4IBTzCCAUswDAYDVR0TAQH/
+ BAIwADBWBglghkgBhvhCAQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRl
+ IGZvciBGUkVFIGhlYWQgb3ZlciB0byBodHRwOi8vd3d3LkNBY2VydC5vcmcwDgYD
+ VR0PAQH/BAQDAgOoMEAGA1UdJQQ5MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYB
+ BAGCNwoDBAYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMDIGCCsGAQUFBwEBBCYwJDAi
+ BggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzA4BgNVHR8EMTAvMC2g
+ K6AphidodHRwOi8vY3JsLmNhY2VydC5vcmcvY2xhc3MzLXJldm9rZS5jcmwwIwYD
+ VR0RBBwwGoEYZXh0bW9uLWNsaWVudEBjYWNlcnQub3JnMA0GCSqGSIb3DQEBCwUA
+ A4ICAQBofV0FG3bqinpjPTQ44Ol3WKCyrR6dZ3ZQiFN3GFpldMms13rBXKLErlPq
+ 3Z4ZvqvjQ8vDb51Mu8AoGoKjgidyzdPUAgR40MDz8La9JOtcun244iqndp3wUUfQ
+ 5C56W44viX3NxQX1h2MlY3HyREL0zjJy8f64AQZTNHDwNg/M6At/jlHtATLMERjz
+ ZdqonsdveaqNcy2MxZ1t+L61IVwsjLFGYzW32LvlhgdV29/dykCGd9JthVGvJCt6
+ 2fMXeuYbmkY3o+KbOsio+zXp2zAue++0xRMICrnJlZVFxkspYpy5feJvTp/UEqzL
+ SbnDG2/nlwTLwc/pR5fKkvNTZqEzyr7oGrNvRCbePVo7EbvEfRkDSHtsC2KFLaRu
+ mtbQLFPGe8KaZ4XHpLUNURb3S1LoN6SUFwiq0SmPzFOtgm4emJakKNnm03Kf5yhf
+ qEwF0kluQoO1fD7qtImzFDkPvGG6qBaPBMsY8OlxjQeBSppmE1/hs+BL4eHVTz9p
+ 1Xr3xZJ/3UjGEM6QxsxD2eIUZm+XOoZE+NFi3j2zMzgBa/SIeLF2MZ7o1TNXj01R
+ loTBcfQtTPdu9oZ3NJG4MvT45bYskIi5o+vpJHzq/zapGB7L2MxkXuxntRUCvjBG
+ ek9xfHb6UqMc8sluhPmiZkrBjrRn/LKOxO2kSoxc9P5IZg+sFw==
+ -----END CERTIFICATE-----
diff --git a/hieradata/nodes/monitor.yaml b/hieradata/nodes/monitor.yaml
index 826453f..0492643 100644
--- a/hieradata/nodes/monitor.yaml
+++ b/hieradata/nodes/monitor.yaml
@@ -297,3 +297,108 @@ profiles::icinga2_master::icingaweb_admins:
- jandd@cacert.org
- wytze@cacert.org
- mario@cacert.org
+profiles::icinga2_certificates::certificates:
+ -
+ name: monitor_client
+ key: >
+ ENC[PKCS7,MIILLQYJKoZIhvcNAQcDoIILHjCCCxoCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAfMlzYDhHEBOZ0ePImcGVWe8jUv833wi0GsRG
+ oGrDtBq1G7bNe8Vjd+cpnuJtkIpvg4UUf6yU3rsMb3JL32rUUP9Jjhp8k/3D
+ 8WLadEKRjahlw9kh+/iaz1AGZGiWM4CSpSOKJ24sfFr9djWm8XY0qLakY3q5
+ fwz9xjKIwRhyF2bb1Z92fKNDFYO7Wa9lD7zbf7BraUAWpfL26lrpGkrZmqtM
+ K4wd2RkVZe66azE0lT93aOIPrXwXWIVZL0u+6YFAQx5D/98qbtbwGEtabTSq
+ TTuTikkV6nsq7eblsH3zjkT8olE3cY62VBPq1lKQNTgBWmgBbvebeRzJj8q/
+ gpZNdjCCCe4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEPjAQ+687nD2HSP7
+ xVzkMIWAggnAQ6dpcwNyBBKLNr4uYDAZerNqErnpRRnnJ62FpE2pR/MokRNO
+ M309vB5EpbIBa09cn1PGMyQ7uaaIXydtUwxfeS6307Lfo46swoPyWvHNC+1B
+ ngpiohRSJhiOUR8IUc3uwXNZ8YP8mo3bcjH9heq1WDMeAla8FiBtrdog2Rev
+ bnD2A3S6ustUVIhdR9TCzIXgG1ExgW7oFUn5Iuppl8K6Wv9LPiCs/hLr20fy
+ mg7QJaHHy49rm+L0X5Sf0Jg+gfHEQY5qg2NTqCb88fpYh7t4g8R5HY4QFame
+ gFrj11ZeavxKrLakz0k0uB8weLUWWOE2xHj4mdh87obW5J/xwekZkYqOWHmU
+ PLEyg9X441EMCBSYWFRz9HEK2Zv9Vg0qxKe++DNikVwDT9ntEYHnh43e7Iwp
+ YKwvCtlxxvQGY09acLuC0l4pifpJOsqOcAUjxf3WXoe1cjsjEcL+Z3mMmerh
+ 8JyXxJRp5Cu6TTMxcnQb/214/D8qYCKoPUYMddNC1G+XVosNY8QWbNp8nLUL
+ DZHsvI0tgk+CV/SPRl68dx7cE1bYioyS4EausMQub4eQykZl5My9qRR5htSl
+ C2zw+CP47EhsaA3zodbj6UgdYGBmhZNUOiW3oXWTKV0eSddkWcS/CmY271a9
+ 6UIzE2TlRQ4w85GI8aD0W4DbsPyUvG0oay/lFYI6TzG1d6sL0rn/n1vvuUHB
+ n1OSyMdzcnUS0V7mt3gmGIKCYfEjG1auMaXlLag/NPPi5lvAkn8t8fY0uRn9
+ 3kYpAPCPHFpqP8L/ZwIyHf/ePvRszzbuU23wkmcguIx3+UqGvwOyaMTGiy1K
+ 0ML0PUCMHPVrVDjkIHf9Tee/eFbRP9toQEofeesQtSJY6jW5zCCa/EEmmazy
+ jyo1hdsSCcTpizMylT4NDGpdfc73ccMwoGcuSdTtlAolBhn0qbBvEMo/GQMZ
+ JmvvOlE0BlDUGxbXE4XTrjIS2tJIL6Mrg0nQEJLB8u41i9fDJdPai3dwYlYZ
+ oMUT/QX417fPKl88t6NwkfFpW8mgStqeZR0ataza5lzHC61d5C1z+Zxzh/yk
+ oCgwmWFcz2kS8woi//0t3DtJB93bFbV0za9FUodcKrEcLowx3mN+g+URe5n0
+ w7On4tjl4PGo5ko/15DDcRRlJlzQlUN28n0w3ENYaAgHiNKsksvXxqTL+mRo
+ kDhszsQyaatutqtjN7Tj9t5p+gIkjODhz5FmQop+ZirXwNElMX7N3WeFD8Tl
+ zLhopOuZ0loqaKWgTEY1hdYUINfkHTNyLIxwyYtJGPAU30q/c5qZ8opmil96
+ tk6kpctBVAeNYVBfRNJYkGfNRrK7AiENuLaWGurGt05J00lSKOEQQXQuLqGy
+ mPC694aJ26aqjinuWZ21TCLh+e+Oib0sVYWObCjy/cBGtMQAlvTGEt/1zs66
+ K+r1C0PJkWcDwDAF0mwnxDxFq1zcPYBG8xH90DrSPMoN0edLFMencGVrqMBI
+ agbUlkwePUdEc34zZ1khJbuBU/B0O8IRNY9rFQrU9ICCnKPVFvym85f0y8Ac
+ BphEJrS61CDa/L7techS1GTP8joSoZnT/OzzqXRXBe9Pgp9hubcckbGwi20k
+ sP4sCoChKe99wR4760z+q4JV91aVR/aKqAB+5R7aKor4ouQSaC203XzpDcOv
+ x/t6+l4cPetOvV5dtqPtpv1L+nPoLr9w3JS+ZGLOwmXAAx7Zr/DD8RGd6hM/
+ OHfplbHg4XYbbDG51OTj6ajRwDoDgcLQ6VHz4/3HmcaNff2VcY4DFxKSpv+D
+ WSoepaN+KB+o1B4YRQ3XyuYhcAL7UlMJzA0CBmezZ2AMLTfGIaxFtwnqDMEc
+ kJ+m7BP3cyk/E6CTBFVrQajC7C8Gs5nNqI1sS79pMk07S2dOX/MRFSP0hw8i
+ ploMyzV6tCPAF/h9OO510W3iOqSN6nQe61BGlTgMgWKut4VWunpqZyANkIvT
+ SIeTR09cpSI5fhWfMdjv07TocakibiWFRZpvpOd0dkVA0FR5BurPxYoUB0od
+ FkWPGlgfTVCVuVLfVjEgig2j+YzoZM3Y/GkVu7IVkaxGI8+/uq6Hyordk051
+ uDxbNDiuq0mXfL6KTiPJ/3TVPPLUnnFvEdWvgLIg4wnHpXxpkF44dFkKF4/y
+ d5Ykxpc6eThoV8aIVMUl5dod68LjclHL0Iv3l7+rTE6qPrTiShONvQbIu8lv
+ 5KXBK6GdjTFWz8c9Lr6zR/ABQ+XhQAlCqmwhfp+rEr1qReBEus5U4bL1ObuB
+ 1AA0r6AlmjCLH9F9BA3PcNVi5Zm988chcoCjl1GTjeMVcK501l9/KYcSjIzZ
+ bfaguVPCiSGG0/imDQ/QiBtDNGKHbdknJlTjBBaGWJkCFu/vpV6uzjfzMXRO
+ FXc/E31UdogZfprKRt1c1WHW8ozo8hV6/2D4X+tB1Jn4bELIgSZRhB7d29tm
+ jAxd8kAsCDsIK5NX0VXXzenZcut1L10lDVHcr+WOTT5lbGLgZCa508ExdtQk
+ /FsgqnzNOrqlCBx2gYU9UcrMxlOf7teEHxJmoFMqe7II2M/ye6eBYdy515GR
+ ywU0R8pRUuSs8njm7rYeuzG3rCd1j4RCasjbmLQLkuAVlxPjys+Hxe07jb8b
+ N4VyAQsUaFruuwkIUanANJdaOA72IJyPJCZf4HCScQEKG1EkU6oHNDelE0J/
+ J9zTdzuUSwfv74pk/2PExloRH42glTAB/FOoIenzrtO7XvsV+HAaqoqJQ1Gr
+ 7lvjwU0B8GMijM20YQPOzhc9H34BWya5Y8BAaTbue+puAIjfLQaMPIcy/ilh
+ qIrVd1sNXCJtXJ2Smo5O3wGI3Qw29pQn98x20pJUCwXwLtdRWSocSL7qWlAh
+ pofd1vZ+5F5iW1XOm9//SIZ3lgHlEsWwnBL1v6mETXPA6UezJGSm2fhI14xx
+ EnFI3t1K0+JSkHq45nyxHGfiS1KcHvrblNnGOHWfxKDjdIKADAMI6yP3pWrQ
+ 2kmTSMSRcAN9TQxd2sFsLVe7zpFxBagp1SaXzKC/VpmWQu6Y6BNt6EjmZ7+r
+ UjpnfOY8H2efR2aNzMEdvtz/mY9pdzLSHIDNSndM+RqccpbcyJKTQXIdjHiZ
+ iHpfoZJ6g4VdkaXVRttaNfjuuwuAJuUaxoSdDOeswHIOIeNQ2N8e5OE0U4r7
+ xvd/XDaPh2AE1061vN+InhW9lC2QrIxSrHzQoz0uVVq23D1aMyin8UHTTo1e
+ h8zTkvycy4d/FiozapuXBuM49p8DgcX0kESTVnL4A99qzFr7PU4CWDQssgkU
+ WGs3X/Ut0GKaJXFMwajblcJu80p7HRmaXJWIBmwe]
+ certificate: |
+ -----BEGIN CERTIFICATE-----
+ MIIGUzCCBDugAwIBAgIDAtiuMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB
+ Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
+ BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTkwODA0MDcxODI5WhcNMjAwODAz
+ MDcxODI5WjCBrzELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG
+ U3lkbmV5MRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEcMBoGA1UECxMTSW5mcmFzdHJ1
+ Y3R1cmUgVGVhbTEjMCEGA1UEAxMaQ0FjZXJ0IGV4dGVybmFsIG1vbml0b3Jpbmcx
+ KDAmBgkqhkiG9w0BCQEWGW1vbml0b3ItY2xpZW50QGNhY2VydC5vcmcwggGiMA0G
+ CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDRI7wnPoPtuP9w15cJBIWLOvM2pe1O
+ HdaIBnKiEIP60zJHc5KOIazCC+eF9wt5eOszIyooPCoPkG/qcIQlWQ6uuFZS52fK
+ RkfnQ77JL4GNtwQsrTWduebfJFvI1iA/GhHCeKlbTCio0U7gg4wi/LJ+4sO7TbhT
+ bJmtoAoCHgktgmSu5BPmO6HFMqc+CzNhVsaXzvxemeIp2WBSxjxX6aAvIpl3tGDY
+ R3dBu06CeMQhKuzswt6yFpaMKVQ0NwwYUpsYkTR7wgVzcOQ+UCV8dWdv4vD55rI1
+ ZMCYa9ELRGjvkrmV/6/7UCnT+bCD98h+s5Ut1GUW1SwD3rg8MneFxigRJLmXWGkk
+ mOqWfxW9KSuRyw+wJwap7xHuvZrCElLeA4FKI5FWQkKLENc8yps81C+gwlkBrwKT
+ Zjcm41mnXRNyy5d4JckfFfKaEZT1mWE4cu1swKGdR67y36UysTFrTxabp8Jm+uXD
+ lJjAJCsnWON6XA2cX58/wtyHsgs8AmwUpDcCAwEAAaOCAVAwggFMMAwGA1UdEwEB
+ /wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0
+ ZSBmb3IgRlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4G
+ A1UdDwEB/wQEAwIDqDBABgNVHSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisG
+ AQQBgjcKAwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggrBgEFBQcBAQQmMCQw
+ IgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwOAYDVR0fBDEwLzAt
+ oCugKYYnaHR0cDovL2NybC5jYWNlcnQub3JnL2NsYXNzMy1yZXZva2UuY3JsMCQG
+ A1UdEQQdMBuBGW1vbml0b3ItY2xpZW50QGNhY2VydC5vcmcwDQYJKoZIhvcNAQEL
+ BQADggIBAIqCf+GvdSkLlrvkGMCxvAnUKfNl4WrwxxQ79XAnRLnlLzu13AiL3HYp
+ sd7M98d55xZmmWpezDDdBBBE6Se/JnbWWyMUyGEy+lvqkhnCbb9w9T+7ycHJfYO6
+ u3+LLAEPNC1Pz08IDh/QofI3eCyOojiyQh70/Yi19yw3XIQofxbx/whgRLXEm65S
+ guZtpzOV3WJcEpeRFEX49uPFEN1I+taPn30UgWLqoaxBkrOd+zu+kf0aA7Q5UR41
+ Xl0iUYCPDI0tFhxFk42V3S/fVx45C9U/UIjEukM+4OudWdlciaTxQ8/wh6ghtQ05
+ Q/X5kPV8+9JsKYqW59R0uW6XdVsrdBiK2wp5xycdrrPCp3Ay2XgGzrm4WWjfC2ou
+ Nxgm1ahgcf8IxUK5Dek4Nl6PyD4gb1KZxoOLhEAUVzAK1tc6QRnuNjNwxVzo7dT6
+ NfDPnYwkz4W9o6fDqBa1FrCDPGeKmzsnYB+rOY7ckkQRZXd9Qc9gYLkIfaLk8uE5
+ v8kcjQ93BLKCjFPbApp7oHOOKCujT65FG5osfKpVtwUPhxoaEPb/EvlJqXIImpLZ
+ 4/wS92taummJijXtRYHVJNHtvZZM9wpxsUJdrSgi/ZbmwIvVtqnJMgQED7xPWhQ4
+ Pil7k+bHn74rp3aFqqXDn3NqQgD049hxLfbIi0PUOYHlWK69wnk8
+ -----END CERTIFICATE-----
diff --git a/sitemodules/profiles/manifests/icinga2_certificates.pp b/sitemodules/profiles/manifests/icinga2_certificates.pp
new file mode 100644
index 0000000..ab566d3
--- /dev/null
+++ b/sitemodules/profiles/manifests/icinga2_certificates.pp
@@ -0,0 +1,68 @@
+# Class: profiles::icinga2_common
+# ===============================
+#
+# This profile puts certificate in Icinga2 hosts. This can be used to put
+# client certificates onto Icinga2 instances that should check mutually
+# authenticated TLS connections.
+#
+# This manifest is meant to be included from other manifests.
+#
+# Parameters
+# ----------
+#
+# @param certificates List of Hashes with the keys "name", "key" and
+# "certificate" that defines a list of certificates
+#
+# Examples
+# --------
+#
+# @example
+# include profiles::icinga2_certificates
+#
+# Authors
+# -------
+#
+# Jan Dittberner <jandd@cacert.org>
+#
+# Copyright
+# ---------
+#
+# Copyright 2019 Jan Dittberner
+class profiles::icinga2_certificates (
+ Array[Hash[String, String]] $certificates = []
+) {
+ if $certificates.length > 0 {
+ file { ['/etc/icinga2/ssl/certs', '/etc/icinga2/ssl/keys']:
+ ensure => directory,
+ owner => 'nagios',
+ group => 'nagios',
+ mode => '0700',
+ require => Package['icinga2'],
+ }
+ }
+ $certificates.each |$certificate| {
+ if 'name' in $certificate and 'certificate' in $certificate {
+ file { "/etc/icinga2/ssl/certs/${certificate[name]}.crt.pem":
+ ensure => file,
+ owner => 'nagios',
+ group => 'nagios',
+ mode =>'0600',
+ content => $certificate['certificate'],
+ }
+ if 'key' in $certificate {
+ file { "/etc/icinga2/ssl/keys/${certificate[name]}.key.pem":
+ ensure => file,
+ owner => 'nagios',
+ group => 'nagios',
+ mode =>'0600',
+ content => $certificate['key'],
+ }
+ }
+ } else {
+ $fields = join(keys($certificate), '\', \'')
+ notify { 'missing fields in certificate hash':
+ message => "Each certificate block needs a 'name', 'certificate' and an optional 'key': found '${fields}'"
+ }
+ }
+ }
+}
diff --git a/sitemodules/profiles/manifests/icinga2_common.pp b/sitemodules/profiles/manifests/icinga2_common.pp
index caeb498..12fa6ca 100644
--- a/sitemodules/profiles/manifests/icinga2_common.pp
+++ b/sitemodules/profiles/manifests/icinga2_common.pp
@@ -22,6 +22,8 @@
# Copyright 2019 Jan Dittberner
class profiles::icinga2_common (
) {
+ include profiles::icinga2_certificates
+
if $::lsbdistcodename == 'stretch' {
apt::pin { 'icinga2_backports':
packages => [