summaryrefslogtreecommitdiff
path: root/sitemodules
diff options
context:
space:
mode:
Diffstat (limited to 'sitemodules')
-rw-r--r--sitemodules/profiles/manifests/icinga2_certificates.pp68
-rw-r--r--sitemodules/profiles/manifests/icinga2_common.pp2
2 files changed, 70 insertions, 0 deletions
diff --git a/sitemodules/profiles/manifests/icinga2_certificates.pp b/sitemodules/profiles/manifests/icinga2_certificates.pp
new file mode 100644
index 0000000..ab566d3
--- /dev/null
+++ b/sitemodules/profiles/manifests/icinga2_certificates.pp
@@ -0,0 +1,68 @@
+# Class: profiles::icinga2_common
+# ===============================
+#
+# This profile puts certificate in Icinga2 hosts. This can be used to put
+# client certificates onto Icinga2 instances that should check mutually
+# authenticated TLS connections.
+#
+# This manifest is meant to be included from other manifests.
+#
+# Parameters
+# ----------
+#
+# @param certificates List of Hashes with the keys "name", "key" and
+# "certificate" that defines a list of certificates
+#
+# Examples
+# --------
+#
+# @example
+# include profiles::icinga2_certificates
+#
+# Authors
+# -------
+#
+# Jan Dittberner <jandd@cacert.org>
+#
+# Copyright
+# ---------
+#
+# Copyright 2019 Jan Dittberner
+class profiles::icinga2_certificates (
+ Array[Hash[String, String]] $certificates = []
+) {
+ if $certificates.length > 0 {
+ file { ['/etc/icinga2/ssl/certs', '/etc/icinga2/ssl/keys']:
+ ensure => directory,
+ owner => 'nagios',
+ group => 'nagios',
+ mode => '0700',
+ require => Package['icinga2'],
+ }
+ }
+ $certificates.each |$certificate| {
+ if 'name' in $certificate and 'certificate' in $certificate {
+ file { "/etc/icinga2/ssl/certs/${certificate[name]}.crt.pem":
+ ensure => file,
+ owner => 'nagios',
+ group => 'nagios',
+ mode =>'0600',
+ content => $certificate['certificate'],
+ }
+ if 'key' in $certificate {
+ file { "/etc/icinga2/ssl/keys/${certificate[name]}.key.pem":
+ ensure => file,
+ owner => 'nagios',
+ group => 'nagios',
+ mode =>'0600',
+ content => $certificate['key'],
+ }
+ }
+ } else {
+ $fields = join(keys($certificate), '\', \'')
+ notify { 'missing fields in certificate hash':
+ message => "Each certificate block needs a 'name', 'certificate' and an optional 'key': found '${fields}'"
+ }
+ }
+ }
+}
diff --git a/sitemodules/profiles/manifests/icinga2_common.pp b/sitemodules/profiles/manifests/icinga2_common.pp
index caeb498..12fa6ca 100644
--- a/sitemodules/profiles/manifests/icinga2_common.pp
+++ b/sitemodules/profiles/manifests/icinga2_common.pp
@@ -22,6 +22,8 @@
# Copyright 2019 Jan Dittberner
class profiles::icinga2_common (
) {
+ include profiles::icinga2_certificates
+
if $::lsbdistcodename == 'stretch' {
apt::pin { 'icinga2_backports':
packages => [