1 files changed, 27 insertions, 10 deletions

diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp
index fb3e132..06506b6 100644
--- a/sitemodules/profiles/manifests/icinga2_master.pp
+++ b/sitemodules/profiles/manifests/icinga2_master.pp
@@ -14,6 +14,8 @@
 #                               Icinga2 node authentication
 # @param api_users              Icinga2 API users
 # @param ca_key                 Icinga2 CA private key content
+# @param master_key             Icinga2 master private key content
+# @param master_csr             Icinga2 master CSR
 #
 # Examples
 # --------
@@ -39,6 +41,8 @@ class profiles::icinga2_master (
   String $icinga2_ticket_salt,
   Array[Hash[String, Variant[String, Tuple[String, 1]]]] $api_users,
   String $ca_key,
+  String $master_key,
+  String $master_csr,
 ) {
   include 'profiles::icinga2_common'
 
@@ -97,12 +101,6 @@ class profiles::icinga2_master (
     mode    => '0644',
     require => Package['icinga2'],
   }
-  file { '/etc/icinga2/features-enabled/api.conf':
-    ensure => link,
-    target => '/etc/icinga2/features-available/api.conf',
-    owner  => 'root',
-    group  => 'root',
-  }
   file { '/etc/icinga2/features-enabled/checker.conf':
     ensure => link,
     target => '/etc/icinga2/features-available/checker.conf',
@@ -139,6 +137,22 @@ class profiles::icinga2_master (
     mode    => '0640',
     require => Package['icinga2'],
   }
+  file { "/var/lib/icinga2/certs/${::facts['fqdn']}.key":
+    ensure  => file,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0600',
+    content => $master_key,
+    require => File['/var/lib/icinga2/certs'],
+  }
+  file { "/var/lib/icinga2/certs/${::facts['fqdn']}.csr":
+    ensure  => file,
+    owner   => 'nagios',
+    group   => 'nagios',
+    mode    => '0644',
+    content => $master_csr,
+    require => File['/var/lib/icinga2/certs'],
+  }
   file { '/var/lib/icinga2/ca':
     ensure  => directory,
     owner   => 'nagios',
@@ -163,8 +177,12 @@ class profiles::icinga2_master (
     require => File['/var/lib/icinga2/ca'],
   }
   exec { "/usr/sbin/icinga2 node setup --master --zone ${::facts['fqdn']} --cn ${::facts['fqdn']}":
-    creates => "/var/lib/icinga2/certs/${::facts['fqdn']}.crt",
-    require => Package['icinga2'],
+    creates => "/etc/icinga2/features-enabled/api.conf",
+    require => [
+      Package['icinga2'],
+      File['/var/lib/icinga2/ca/ca.key'],
+      File["/var/lib/icinga2/certs/${::facts['fqdn']}.key"]
+    ],
     notify  => Service['icinga2'],
   }
   exec { '/usr/sbin/icinga2 feature enable ido-pgsql':
@@ -192,8 +210,7 @@ class profiles::icinga2_master (
       File['/var/lib/icinga2/ca'],
       File['/var/lib/icinga2/ca/ca.key'],
       File['/var/lib/icinga2/ca/ca.crt'],
-      File['/etc/icinga2/pki'],
-      File['/etc/icinga2/pki/ca.crt'],
+      File['/var/lib/icinga2/certs/ca.crt'],
     ],
   }
 }