diff options
| -rw-r--r-- | hieradata/common.yaml | 29 | ||||
| -rw-r--r-- | hieradata/nodes/monitor.yaml | 29 | ||||
| -rw-r--r-- | sitemodules/profiles/manifests/icinga2_master.pp | 13 |
3 files changed, 40 insertions, 31 deletions
diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 9a71926..6961942 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -142,35 +142,6 @@ profiles::icinga2_agent::pki_api_password: > gCG3gDAX0FOzW/oWi8c1PDIFb+0B4cTQRi9gP2fzugKu0bp0FBB7akZV6Zx0 T5GP0WQAzU0=] profiles::icinga2_common::master_host: monitor.infra.cacert.org -profiles::icinga2_common::ca_certificate: | - -----BEGIN CERTIFICATE----- - MIIEyjCCArKgAwIBAgIVAMGxGJbZJq/vXMuXAnAC8QvFtvhMMA0GCSqGSIb3DQEB - CwUAMBQxEjAQBgNVBAMMCUljaW5nYSBDQTAeFw0xOTA3MTkxODIwNDVaFw0zNDA3 - MTUxODIwNDVaMBQxEjAQBgNVBAMMCUljaW5nYSBDQTCCAiIwDQYJKoZIhvcNAQEB - BQADggIPADCCAgoCggIBAMh+p0jach/6ICsP/o01nku28g0jFB/HSp5n/WZjzykW - MvgvYc/1lEaiuIeB93AobGB3EACNw2/Xfh1deRGP8UsIOIjeeUibfk0i4SOmFBRb - 0ZmwUeNVygY7rmhO+fwTPi6bb2+AA50RkDP7jTpwaQFxppziTXUqW8mj0LBSLtNL - z8dC2YS/JLKSoNyHupQcL+pHVHO5S9QnFWTnhwIbnWSJTG13BOYw/RUz6WcxFDHl - Xi/lprjcorBUDsH5YBfy+/2WJ0MZFqRnCPQKb5oilR1/k+9XpmFz8W98KCujjpNm - BEantf7OaaYFIxxoWyrGC1RiMnkSQwa9Pcxgwflca5UC1fW0Jx2zsgDscdWp+Xeo - lhYtyHa6upgny66SvekjM9mAm6vtlsBplxYZtz6BgqoxXqk0AwAwiU/9nyXGekAp - FPMmENBLZvANuA6hdaMJQpOoyHBDOT8teoIJOut92ptk5bVE4gxwcWc1uFCP05nr - gA8iTXnabihXbm2Wb8kk/+34wEru5jpwMh1NEH/TvaqPnly/dBHkmEhJquYyoZFS - ttKl64XXdy9HGaTaA6b3dQPeZqHbmadRZzcsxjn+zP8Nu8OTZ4HXkAJ2e3nxlRKs - 2EaZDJK4SoNBvvkYLScLLYH5X1uC2gs6AHiQDiczQYxMqai5pEnrLHO7B/pE+d/1 - AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGYh - pqAK55ei8+S+rXt1wQbejAphJ2GtTft8XjlfVbpk7s7wd/Wt0gLAs4dvPPI1U0k9 - N6E5WJrn31QbaXHFDwdxFw1ViLxDmepAp+Kp3pQE5bPNjo5e6iwgOGVB20R20ADo - foUfk5u6WfGGSJznDkTTdoYdSsHm1d1nsZKt0i2QFnLEIEBOJW4gwY4LiW7ArfYS - 21Ji9VLgKxF9We4Y0ppY+7rU8r/aNDrYv0Ghe+IA0+k8KoTGuhBXzxfwUUZ+1+yA - JYSmxFzhPJCdwRX3IBn4uTVMRlugntgpmB7m5RyW18MUlAw52Ppe5EtOke1lxxh0 - G5KYt+pKPnkOVj2LRLvOcAOO47i42q+3P4m2elkPHTrI2JmnTwWNjpkNNc4LeFXs - 3HE3SoSvXvImabhBfioqThVMAEEjrtkAQSOFg281vaIgUPbwqcVmbOHv/2Cow0xw - gYrp+hB0hhf5rpYi1SMLTKIQUJT6CKnIgN9KHMwcz6Zq4WcshXQxZZrazXomJJ9k - WKBpvys1Mfn0Y+phqmCXW7D9Yh1T32pnyOTm8kUonBhIoDEwYN5v175ySw8jjiUD - Dlkc/kuv3szLVWx63FvOPc6ra9rmmdwmDaVTd9fGlo/NrquCQOGu59hiACPept+I - y+bP1kZ0Z+5qrmlX0zrcLspzXOyY0VX/YZ3unzyp - -----END CERTIFICATE----- profiles::icinga2_common::master_certificate: | -----BEGIN CERTIFICATE----- MIIE+jCCAuKgAwIBAgIUKbBk4rIgCPf77noCKofD3WKBR6EwDQYJKoZIhvcNAQEL diff --git a/hieradata/nodes/monitor.yaml b/hieradata/nodes/monitor.yaml index 2d8b10b..4872c67 100644 --- a/hieradata/nodes/monitor.yaml +++ b/hieradata/nodes/monitor.yaml @@ -70,6 +70,35 @@ profiles::icinga2_master::pki_ticket_salt: > wEtKajBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC71KjJDv29zuAaxnyH o3uJgDDydzmhZKEQxhkFNW9TNquxCTXdfPZ/zYPb/TqWq3amcnQwoqNltz+5 QoSf/2LDk4o=] +profiles::icinga2_master::ca_certificate: | + -----BEGIN CERTIFICATE----- + MIIEyjCCArKgAwIBAgIVAMGxGJbZJq/vXMuXAnAC8QvFtvhMMA0GCSqGSIb3DQEB + CwUAMBQxEjAQBgNVBAMMCUljaW5nYSBDQTAeFw0xOTA3MTkxODIwNDVaFw0zNDA3 + MTUxODIwNDVaMBQxEjAQBgNVBAMMCUljaW5nYSBDQTCCAiIwDQYJKoZIhvcNAQEB + BQADggIPADCCAgoCggIBAMh+p0jach/6ICsP/o01nku28g0jFB/HSp5n/WZjzykW + MvgvYc/1lEaiuIeB93AobGB3EACNw2/Xfh1deRGP8UsIOIjeeUibfk0i4SOmFBRb + 0ZmwUeNVygY7rmhO+fwTPi6bb2+AA50RkDP7jTpwaQFxppziTXUqW8mj0LBSLtNL + z8dC2YS/JLKSoNyHupQcL+pHVHO5S9QnFWTnhwIbnWSJTG13BOYw/RUz6WcxFDHl + Xi/lprjcorBUDsH5YBfy+/2WJ0MZFqRnCPQKb5oilR1/k+9XpmFz8W98KCujjpNm + BEantf7OaaYFIxxoWyrGC1RiMnkSQwa9Pcxgwflca5UC1fW0Jx2zsgDscdWp+Xeo + lhYtyHa6upgny66SvekjM9mAm6vtlsBplxYZtz6BgqoxXqk0AwAwiU/9nyXGekAp + FPMmENBLZvANuA6hdaMJQpOoyHBDOT8teoIJOut92ptk5bVE4gxwcWc1uFCP05nr + gA8iTXnabihXbm2Wb8kk/+34wEru5jpwMh1NEH/TvaqPnly/dBHkmEhJquYyoZFS + ttKl64XXdy9HGaTaA6b3dQPeZqHbmadRZzcsxjn+zP8Nu8OTZ4HXkAJ2e3nxlRKs + 2EaZDJK4SoNBvvkYLScLLYH5X1uC2gs6AHiQDiczQYxMqai5pEnrLHO7B/pE+d/1 + AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGYh + pqAK55ei8+S+rXt1wQbejAphJ2GtTft8XjlfVbpk7s7wd/Wt0gLAs4dvPPI1U0k9 + N6E5WJrn31QbaXHFDwdxFw1ViLxDmepAp+Kp3pQE5bPNjo5e6iwgOGVB20R20ADo + foUfk5u6WfGGSJznDkTTdoYdSsHm1d1nsZKt0i2QFnLEIEBOJW4gwY4LiW7ArfYS + 21Ji9VLgKxF9We4Y0ppY+7rU8r/aNDrYv0Ghe+IA0+k8KoTGuhBXzxfwUUZ+1+yA + JYSmxFzhPJCdwRX3IBn4uTVMRlugntgpmB7m5RyW18MUlAw52Ppe5EtOke1lxxh0 + G5KYt+pKPnkOVj2LRLvOcAOO47i42q+3P4m2elkPHTrI2JmnTwWNjpkNNc4LeFXs + 3HE3SoSvXvImabhBfioqThVMAEEjrtkAQSOFg281vaIgUPbwqcVmbOHv/2Cow0xw + gYrp+hB0hhf5rpYi1SMLTKIQUJT6CKnIgN9KHMwcz6Zq4WcshXQxZZrazXomJJ9k + WKBpvys1Mfn0Y+phqmCXW7D9Yh1T32pnyOTm8kUonBhIoDEwYN5v175ySw8jjiUD + Dlkc/kuv3szLVWx63FvOPc6ra9rmmdwmDaVTd9fGlo/NrquCQOGu59hiACPept+I + y+bP1kZ0Z+5qrmlX0zrcLspzXOyY0VX/YZ3unzyp + -----END CERTIFICATE----- profiles::icinga2_master::ca_key: > ENC[PKCS7,MIIOHQYJKoZIhvcNAQcDoIIODjCCDgoCAQAxggEhMIIBHQIBADAFMAACAQEw DQYJKoZIhvcNAQEBBQAEggEAndhxooQI/m9cfD6jfWVHSce7ePzRwpt8F4qy diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp index eeb033d..e14879f 100644 --- a/sitemodules/profiles/manifests/icinga2_master.pp +++ b/sitemodules/profiles/manifests/icinga2_master.pp @@ -12,6 +12,7 @@ # @param web2_database_password database password for IcingaWeb2 database # @param api_users Icinga2 API users # @param ca_key Icinga2 CA private key content +# @param ca_certificate Icinga2 CA certificate content # @param master_key Icinga2 master private key content # @param master_csr Icinga2 master CSR # @@ -38,6 +39,7 @@ class profiles::icinga2_master ( Array[Hash[String, Variant[String, Tuple[String, 1]]]] $api_users, String $pki_ticket_salt, String $ca_key, + String $ca_certificate, String $master_key, String $master_csr, ) { @@ -51,6 +53,11 @@ class profiles::icinga2_master ( }, } + class { '::icinga2::pki::ca': + ca_cert => $ca_certificate, + ca_key => $ca_key, + } + postgresql::server::db { 'icinga2': user => 'icinga2', password => postgresql_password('icinga2', $ido_database_password), @@ -65,10 +72,12 @@ class profiles::icinga2_master ( } class { '::icinga2::feature::api': - endpoints => { + pki => 'icinga2', + ticket_salt => $pki_ticket_salt, + endpoints => { $::fqdn => {}, }, - zones => { + zones => { $::fqdn => { 'endpoints' => [$::fqdn], }, |