summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/icinga2_common.pp
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-07-21 12:34:11 +0200
committerJan Dittberner <jandd@cacert.org>2019-07-21 12:34:11 +0200
commit3f0acb6f452091ba00bbb27dc85ebf5205c0e7de (patch)
treebebdb9f4bc6d5de1801161fc8738e6907d43c471 /sitemodules/profiles/manifests/icinga2_common.pp
parent7adaa98e8cc8a31c2856cf2652c1467197b86ac0 (diff)
downloadcacert-puppet-3f0acb6f452091ba00bbb27dc85ebf5205c0e7de.tar.gz
cacert-puppet-3f0acb6f452091ba00bbb27dc85ebf5205c0e7de.tar.xz
cacert-puppet-3f0acb6f452091ba00bbb27dc85ebf5205c0e7de.zip
Add master key and certificates
icinga2 node setup on agents requires the master certificate, the CA certificate is not sufficient.
Diffstat (limited to 'sitemodules/profiles/manifests/icinga2_common.pp')
-rw-r--r--sitemodules/profiles/manifests/icinga2_common.pp20
1 files changed, 16 insertions, 4 deletions
diff --git a/sitemodules/profiles/manifests/icinga2_common.pp b/sitemodules/profiles/manifests/icinga2_common.pp
index 1703d2b..83afceb 100644
--- a/sitemodules/profiles/manifests/icinga2_common.pp
+++ b/sitemodules/profiles/manifests/icinga2_common.pp
@@ -8,7 +8,9 @@
# Parameters
# ----------
#
-# @param ca_certificate Icinga2 CA certificate content
+# @param ca_certificate Icinga2 CA certificate content
+# @param master_host Icinga2 master hostname
+# @param master_certificate Icinga2 master certificate content
#
# Examples
# --------
@@ -27,6 +29,8 @@
# Copyright 2019 Jan Dittberner
class profiles::icinga2_common (
String $ca_certificate,
+ String $master_host,
+ String $master_certificate,
) {
if $::lsbdistcodename == 'stretch' {
apt::pin { 'icinga2_backports':
@@ -46,19 +50,27 @@ class profiles::icinga2_common (
package { 'icinga2':
ensure => latest,
}
- file { '/etc/icinga2/pki':
+ file { '/var/lib/icinga2/certs':
ensure => directory,
owner => 'nagios',
group => 'nagios',
mode => '0700',
require => Package['icinga2'],
}
- file { '/etc/icinga2/pki/ca.crt':
+ file { '/var/lib/icinga2/certs/ca.crt':
ensure => file,
content => $ca_certificate,
owner => 'nagios',
group => 'nagios',
mode => '0644',
- require => File['/etc/icinga2/pki'],
+ require => File['/var/lib/icinga2/certs'],
+ }
+ file { "/var/lib/icinga2/certs/${master_host}.crt":
+ ensure => file,
+ content => $master_certificate,
+ owner => 'nagios',
+ group => 'nagios',
+ mode => '0644',
+ require => File['/var/lib/icinga2/certs'],
}
}