1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# Class: profiles::icinga2_common
# ===============================
#
# This profile puts certificate in Icinga2 hosts. This can be used to put
# client certificates onto Icinga2 instances that should check mutually
# authenticated TLS connections.
#
# This manifest is meant to be included from other manifests.
#
# Parameters
# ----------
#
# @param certificates List of Hashes with the keys "name", "key" and
# "certificate" that defines a list of certificates
#
# Examples
# --------
#
# @example
# include profiles::icinga2_certificates
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2019 Jan Dittberner
class profiles::icinga2_certificates (
Array[Hash[String, String]] $certificates = []
) {
if $certificates.length > 0 {
file { ['/etc/icinga2/ssl', '/etc/icinga2/ssl/certs', '/etc/icinga2/ssl/keys']:
ensure => directory,
owner => 'nagios',
group => 'nagios',
mode => '0700',
require => Package['icinga2'],
}
}
$certificates.each |$certificate| {
if 'name' in $certificate and 'certificate' in $certificate {
file { "/etc/icinga2/ssl/certs/${certificate[name]}.crt.pem":
ensure => file,
owner => 'nagios',
group => 'nagios',
mode =>'0600',
content => $certificate['certificate'],
}
if 'key' in $certificate {
file { "/etc/icinga2/ssl/keys/${certificate[name]}.key.pem":
ensure => file,
owner => 'nagios',
group => 'nagios',
mode =>'0600',
content => $certificate['key'],
}
}
} else {
$fields = join(keys($certificate), '\', \'')
notify { 'missing fields in certificate hash':
message => "Each certificate block needs a 'name', 'certificate' and an optional 'key': found '${fields}'"
}
}
}
}
|
