diff options
Diffstat (limited to 'sitemodules/profiles')
| -rw-r--r-- | sitemodules/profiles/manifests/icinga2_common.pp | 29 | ||||
| -rw-r--r-- | sitemodules/profiles/manifests/icinga2_master.pp | 19 |
2 files changed, 30 insertions, 18 deletions
diff --git a/sitemodules/profiles/manifests/icinga2_common.pp b/sitemodules/profiles/manifests/icinga2_common.pp index c1c9be2..1703d2b 100644 --- a/sitemodules/profiles/manifests/icinga2_common.pp +++ b/sitemodules/profiles/manifests/icinga2_common.pp @@ -3,6 +3,19 @@ # # Common configuration code for Icinga2 agent and master setups. # +# This manifest is meant to be included from other manifests. +# +# Parameters +# ---------- +# +# @param ca_certificate Icinga2 CA certificate content +# +# Examples +# -------- +# +# @example +# include profiles::icinga2_common +# # Authors # ------- # @@ -13,6 +26,7 @@ # # Copyright 2019 Jan Dittberner class profiles::icinga2_common ( + String $ca_certificate, ) { if $::lsbdistcodename == 'stretch' { apt::pin { 'icinga2_backports': @@ -32,4 +46,19 @@ class profiles::icinga2_common ( package { 'icinga2': ensure => latest, } + file { '/etc/icinga2/pki': + ensure => directory, + owner => 'nagios', + group => 'nagios', + mode => '0700', + require => Package['icinga2'], + } + file { '/etc/icinga2/pki/ca.crt': + ensure => file, + content => $ca_certificate, + owner => 'nagios', + group => 'nagios', + mode => '0644', + require => File['/etc/icinga2/pki'], + } } diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp index d1c26e7..f1764e0 100644 --- a/sitemodules/profiles/manifests/icinga2_master.pp +++ b/sitemodules/profiles/manifests/icinga2_master.pp @@ -17,7 +17,6 @@ # Icinga2 node authentication # @param api_users Icinga2 API users # @param ca_key Icinga2 CA private key content -# @param ca_certificate Icinga2 CA certificate content # @param host_key Icinga2 host private key content # @param host_certificate Icinga2 host certificate content # @param host_csr Icinga2 host certificate signing request @@ -50,7 +49,6 @@ class profiles::icinga2_master ( String $icinga2_ticket_salt, Array[Hash[String, Variant[String, Tuple[String, 1]]]] $api_users, String $ca_key, - String $ca_certificate, String $host_key, String $host_certificate, String $host_csr, @@ -243,27 +241,12 @@ class profiles::icinga2_master ( } file { '/var/lib/icinga2/ca/ca.crt': ensure => file, - content => $ca_certificate, + content => $::profiles::icinga2_common::ca_certificate, owner => 'nagios', group => 'nagios', mode => '0644', require => File['/var/lib/icinga2/ca'], } - file { '/etc/icinga2/pki': - ensure => directory, - owner => 'nagios', - group => 'nagios', - mode => '0700', - require => Package['icinga2'], - } - file { '/etc/icinga2/pki/ca.crt': - ensure => file, - content => $ca_certificate, - owner => 'nagios', - group => 'nagios', - mode => '0644', - require => File['/etc/icinga2/pki'], - } file { "/etc/icinga2/pki/${facts['fqdn']}.key": ensure => file, content => $host_key, |