summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/icinga2_agent.pp
diff options
context:
space:
mode:
Diffstat (limited to 'sitemodules/profiles/manifests/icinga2_agent.pp')
-rw-r--r--sitemodules/profiles/manifests/icinga2_agent.pp60
1 files changed, 37 insertions, 23 deletions
diff --git a/sitemodules/profiles/manifests/icinga2_agent.pp b/sitemodules/profiles/manifests/icinga2_agent.pp
index 285ba74..178bdf8 100644
--- a/sitemodules/profiles/manifests/icinga2_agent.pp
+++ b/sitemodules/profiles/manifests/icinga2_agent.pp
@@ -6,10 +6,12 @@
# Parameters
# ----------
#
-# @param pki_api_user Icinga2 API user name for retrieving a
-# ticket for a certificate signing request
-# @param pki_api_password Icinga2 API password for retrieving a ticket
-# for a certificate signing request
+# @param pki_ticket Ticket for getting a signed certificate
+# from the master
+#
+# @param master_host Hostname of the master
+#
+# @param master_certificate TLS certificate of the master
#
# Examples
# --------
@@ -29,32 +31,44 @@
#
# Copyright 2019 Jan Dittberner
class profiles::icinga2_agent (
- String $pki_api_user,
- String $pki_api_password,
+ String $pki_ticket,
+ String $master_host,
+ String $master_certificate,
) {
include 'profiles::icinga2_common'
- file { '/var/lib/icinga2/setup_agent.sh':
+ file { "/var/lib/icinga2/certs/trusted-cert.crt":
ensure => file,
- content => epp('profiles/icinga2_agent/setup_agent.sh.epp', {
- pki_api_user => $pki_api_user,
- pki_api_password => $pki_api_password,
- master_host => $::profiles::icinga2_common::master_host,
- }),
+ content => $master_certificate,
owner => 'nagios',
group => 'nagios',
- mode => '0700',
+ mode => '0644',
+ require => File['/var/lib/icinga2/certs'],
}
- exec { '/bin/sh /var/lib/icinga2/setup_agent.sh':
- creates => "/etc/icinga2/pki/${::fqdn}.key",
- require => [
- File['/var/lib/icinga2/setup_agent.sh'],
- File['/var/lib/icinga2/certs/ca.crt'],
- File["/var/lib/icinga2/certs/${::profiles::icinga2_common::master_host}.crt"],
- Package['icinga2'],
- ],
+
+ class { '::icinga2':
+ manage_repo => false,
+ features => ['mainlog'],
+ }
+
+ class { '::icinga2::feature::api':
+ pki => 'none',
+ accept_config => true,
+ accept_commands => true,
+ ticket_id => $pki_ticket,
+ endpoints => {
+ 'NodeName' => {},
+ }
+ zones => {
+ 'ZoneName' => {
+ 'endpoints' => ['NodeName'],
+ 'parent' => $master_host,
+ },
+ $master_host => {
+ 'endpoints' => [$master_host],
+ }
+ }
}
- Exec['/bin/sh /var/lib/icinga2/setup_agent.sh'] ~> Service<| name == 'icinga2' |>
@@icinga2::object::endpoint { $::fqdn:
ensure => present,
@@ -64,7 +78,7 @@ class profiles::icinga2_agent (
@@icinga2::object::zone { $::fqdn:
ensure => present,
endpoints => [$::fqdn],
- parent => $::profiles::icinga2_common::master_host,
+ parent => $master_host,
target => "/etc/icinga2/zones.d/${::fqdn}.conf",
}
}