diff options
Diffstat (limited to 'sitemodules/profiles/manifests/icinga2_agent.pp')
| -rw-r--r-- | sitemodules/profiles/manifests/icinga2_agent.pp | 60 |
1 files changed, 37 insertions, 23 deletions
diff --git a/sitemodules/profiles/manifests/icinga2_agent.pp b/sitemodules/profiles/manifests/icinga2_agent.pp index 285ba74..178bdf8 100644 --- a/sitemodules/profiles/manifests/icinga2_agent.pp +++ b/sitemodules/profiles/manifests/icinga2_agent.pp @@ -6,10 +6,12 @@ # Parameters # ---------- # -# @param pki_api_user Icinga2 API user name for retrieving a -# ticket for a certificate signing request -# @param pki_api_password Icinga2 API password for retrieving a ticket -# for a certificate signing request +# @param pki_ticket Ticket for getting a signed certificate +# from the master +# +# @param master_host Hostname of the master +# +# @param master_certificate TLS certificate of the master # # Examples # -------- @@ -29,32 +31,44 @@ # # Copyright 2019 Jan Dittberner class profiles::icinga2_agent ( - String $pki_api_user, - String $pki_api_password, + String $pki_ticket, + String $master_host, + String $master_certificate, ) { include 'profiles::icinga2_common' - file { '/var/lib/icinga2/setup_agent.sh': + file { "/var/lib/icinga2/certs/trusted-cert.crt": ensure => file, - content => epp('profiles/icinga2_agent/setup_agent.sh.epp', { - pki_api_user => $pki_api_user, - pki_api_password => $pki_api_password, - master_host => $::profiles::icinga2_common::master_host, - }), + content => $master_certificate, owner => 'nagios', group => 'nagios', - mode => '0700', + mode => '0644', + require => File['/var/lib/icinga2/certs'], } - exec { '/bin/sh /var/lib/icinga2/setup_agent.sh': - creates => "/etc/icinga2/pki/${::fqdn}.key", - require => [ - File['/var/lib/icinga2/setup_agent.sh'], - File['/var/lib/icinga2/certs/ca.crt'], - File["/var/lib/icinga2/certs/${::profiles::icinga2_common::master_host}.crt"], - Package['icinga2'], - ], + + class { '::icinga2': + manage_repo => false, + features => ['mainlog'], + } + + class { '::icinga2::feature::api': + pki => 'none', + accept_config => true, + accept_commands => true, + ticket_id => $pki_ticket, + endpoints => { + 'NodeName' => {}, + } + zones => { + 'ZoneName' => { + 'endpoints' => ['NodeName'], + 'parent' => $master_host, + }, + $master_host => { + 'endpoints' => [$master_host], + } + } } - Exec['/bin/sh /var/lib/icinga2/setup_agent.sh'] ~> Service<| name == 'icinga2' |> @@icinga2::object::endpoint { $::fqdn: ensure => present, @@ -64,7 +78,7 @@ class profiles::icinga2_agent ( @@icinga2::object::zone { $::fqdn: ensure => present, endpoints => [$::fqdn], - parent => $::profiles::icinga2_common::master_host, + parent => $master_host, target => "/etc/icinga2/zones.d/${::fqdn}.conf", } } |