Add client certificates for monitoring
authorJan Dittberner <jandd@cacert.org>
Sun, 4 Aug 2019 07:37:48 +0000 (09:37 +0200)
committerJan Dittberner <jandd@cacert.org>
Sun, 4 Aug 2019 07:37:48 +0000 (09:37 +0200)
- provide new profile profiles::icinga2_certificates
- add extmon_client on extmon
- add monitor_client on monitor

hieradata/nodes/extmon.yaml
hieradata/nodes/monitor.yaml
sitemodules/profiles/manifests/icinga2_certificates.pp [new file with mode: 0644]
sitemodules/profiles/manifests/icinga2_common.pp

index b297d5b..2f42ab0 100644 (file)
@@ -15,3 +15,108 @@ profiles::icinga2_agent::pki_ticket: >
     IdVtKzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAZdHtu1JgImxyR3tiB
     9Iz7gDAdG7RekYIvLTmxoQxapU0ATmqM8lsDrFs1fy8LRz4T921fD8FqiC7x
     EEWxfzNn0ZI=]
+profiles::icinga2_certificates::certificates:
+  -
+    name: extmon_client
+    key: >
+        ENC[PKCS7,MIILLQYJKoZIhvcNAQcDoIILHjCCCxoCAQAxggEhMIIBHQIBADAFMAACAQEw
+        DQYJKoZIhvcNAQEBBQAEggEAG1qZ5pPhQAQv9ghCMKaDPplIln6/YnO2/qvH
+        93vQPs5MMxuX43jlio12HyakQ2S9pn7EjQFd+rRKNMwIw84472DgpXrvZq9z
+        hmIVar+2Tg15+7cWcPf2jGGmLesCH95o1v4uV667fXrUbOCowMQfG+4zGsnV
+        Qo+n9pe3CnvK0HyDNDj1Sd7+mjum6cSUbt9pnXZy7G+Q4XYzu+So1CoKmhdY
+        c8pz/o48ALeOjPT5DOIni87b/rOtclldATQtgtksE8CCA5jC/hIk3LaMh9wi
+        J15NKxy29U/zoMLsWfYQn1/5aIgHuPeV85lz5Eiglue+rCxikpmfsx+L+ZPM
+        G8/zBjCCCe4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEA1+ZW6MTau1jUPA
+        FrfiXqSAggnATj/0QSn1fjaYvsQJH9dV3imq+vh7+scp7sFAzzwEKMOABaFm
+        hgUPQQjuJ/CD/AYTdarGMqI860D3vDE48RoqFSxW57FB3ZAqANigzZg0k+TY
+        X82r1Yq6qdZ6StuiokU97OHFbKd68i7Ibf0nm4XhaZ8JKvti+xKpJxaLY5iL
+        KGcCIQbZE7QOmlpIDEUFYdVX9jbV+9NJNo8F7jmSvT7ZI1gU46PapPoRKQun
+        +Ka8Fw3BncTx14IoqDJgzfXpdqLLB8sXEcCbUF4uLBcFi76dkw2be93x32RZ
+        UoajUlY4q4OFbGrtQSEvQ2uEI5iI6UmPnN6u333ddmH5NvW7Iu+pCc122v4b
+        VKR0DBGhsasvKNyxnIk5u7cYV6azG6tKTTsYoNMkiBqgEGuLr6FtZKyaqtri
+        HYGq/tiq8AWlMtl9hSEKHePwng5RDiRZu3K1Ux4m93sf7dyw0PrQxv34OlxS
+        QMDJeMqmUMyF9iwDCs9h1YWgHlSpUbtpw9CiVJMu6mzxjNBIwnKfhq5L+nCQ
+        c4nDXkzvYQN/KA4wUl/+76IPKo2fSLWtkbwOPDCmjojbSIacIORgzl9zuA2t
+        j8n7QDPtFxEoC3Hj36XlYQlPITwGb0Gu6DhIOYt5rYo7IjNGglSyK6OfFFOb
+        WiSmaJaUCrpCWpgaASOZdLFzo6oav7WDj74yyiV+eLziTqSnn6caBJ6eKrXh
+        Fjue4rwqNX4fF8P4iu0NoxJDkiK3DsDRPHpRpJM8LLIKgiROJccWrOX8O0Uk
+        xlLyMI97r4vnX9R2pHPSGfsA1OwJHOKPC+dld9edFzuqy/Wt9MAQI6xyYs1V
+        kGjHA1DGxDHCMTaOUm3gJ3CZg4FU0A7RuqUjNCXHydCfE4kv069xVgfvfOFt
+        Y/dEnON+iJYtWjmAr2nYkDHYfD/l998W0W7D2DuvhzhtYZsR8A9dwWal8vhQ
+        e2rh+Rev33DiuC4GfOFXY3BBEsDjcOeRu7SnN43ffkFwnc3cS43oaFwF7Qte
+        6NkwvmXgV6vguDSSLdcUtvjkiog4PlgIRLiEyxhmA37yLNhn58r8KnY4+GX6
+        ELGwbWY/Tkx42EGbiidTUD2Mudg8O6lOyThQo7u0p2fxw4v8jhI6HxUmWbXr
+        hVlivhznMuFjleU3BFPEO/U2p4CjiwBoLnsJ78f8EOGurS1bA6nAZoFKdzS+
+        IkpXNrwlXZY1TiTUpxTjJQOJi6kmiDsM4JlqwghfOmn2HVC0CFMgq1BQMJCq
+        E3pzAWBLNydJXlCQKr+jn+ddKjEK6Lbi9ksnltfrru93ieU25+aCNwiPd2EV
+        NCC6Z+KPBJykt2CEcuDggK284qBLdzOTZEF5B30tPlRnoJAAC3YfwCTktqp2
+        ej71uEjEXrm9iZX6EQmVJojjjIkWeASmmB7rR/wMVsMwG0Pcz2xgtvKQ2pQm
+        wXaZcbBQPuyMDuvZQFCmU+3fbs5N38gw2QSqklmH/vKdzFP3h81ZSnnhrE1P
+        VlPnsSjgsuoj0DEP7LFQ6AbkMOquwnwidQpYZQlRLP9tX6wzSS9d3pTwcqkK
+        KlYMYDXQF1acQM0DC2dEX9NzwqPbeWEbe/8HrRdMc2B2pc1GXJcHmQEkOP8m
+        3FNCU5uqJVzmRVL2aFJfTPhgb7zzOWdzwTHDJ+4PKGFu6ILbYsztkAgLYAOS
+        I2tlOYd7D/WJT/n+rO0QWd4I1GbS2kK5IYMMexRgi7DhpvRCh92qJMgPCcoc
+        /0kVHE/u/TLxgJ7qcPjUDfYGir3Bhna/3G3LCZDZ8Kw921iosVVTYAnoIa5P
+        G7Bm2guZv1o8QerMxTdHxEBmT/pEYpKvl9BrTmTZcMPfxInhfVCAyspCTBI5
+        0zC+QNrppDweVzaFoFyjk1Taf5/1dzUkQstUyhP+uJ8Hq2d7pvBjiVXRnRB0
+        juQ3zNtwXxOGE+jBZCNC5xWL/5ooT5yclBRo7typGI/NLIm8EW9Dr60T9elE
+        s8dtTDROf5Mitd3ZPyBKe2qc7OvzTey5IbiIFYPIVzt696vrm689uw4Cl8Vy
+        5Jqb3kFNtgfZEZW4wnidxoBGwqMPVRFWbpHNSvPnS9HW2u6y6SGs2nuWZvcu
+        lB+J5TNVeAzPw81OELhZZEmAOX/rcL/oMvAudUJlRFYVZY4z+tvFLbDP9Hzi
+        Do9ykUApp9ljQ1XQNDyKIISv/jJKEEy16rb7HhdSs8uwtZ6mPD1QaNq8uO5b
+        FZY4c7R3EJue5n6mpGJ97Z2QijnEh5NNw9Yt10K6WES3/7JBDjt0OjQCnbaF
+        64garOvcHKzbpLhHhJtQ6vjxAKV1Q+HzVohOJKDZBJDP8f8xDIwXfVjVMlx8
+        pjLQ6pjIaYKD8beKyJMd2IHrXb8IUs0AQIKHL6dGH4pgYZ+Wr9VVktCf1GR3
+        2IB4j8b3lJ4AjqTuGWrVAoxH4FkV8J4mJOq34RkE3V0REnurIodjZKL1LW1Y
+        CKzgIi6TUlZNFRBn3+/PLPnHOF0SXOgbiQv1ikLReZGkDeBAx5Jieb70ewIz
+        eawLyRRtwInmrOV4ajszSfarYRkh8ulN6AwcF8AVJt2cxx2iXcMoEHQBbcVs
+        VT+MxTfLRde61Nc6lMWyfsjkvptIyLc7MkErrPYXo/psJGwvjJw70TEHiKLQ
+        Y+X/hZ7ESj26bu1oiBGGD+4v6CMo4qa3RnKcvHyMbdgNccFbWQktZ0kjvQGA
+        MWoz/8jdz61tA+tlokM3ZEkWclrJEcyQG8N1gYM/ER9pZBuM6PWZZvp4Yfxw
+        F5Beu2pgJ1HlKaePwtm3itVPwuIm7K57YEyY76912L+GYiAPpvXt3B7ijCiX
+        kpHTUw9U2yq2R2zT1zgVePUA2pa379QmBnH1pwzfOzlU+4zli2qSlBTJAibR
+        LW1afjWaarigdwbDkuxVVinB/SM/U/7jQgXnCQIeVmteW2crwvH/rtfYCmja
+        ffmJCCsjwDL908TcpJGTFtHxKyGrseMWSqgjlQw1mqmbOU//8DXzNUIn/AJj
+        p/h7NmRwDQbDnmoZApNGrd9ZiNzlO/nxCD561qD4FPOmSRAIJhQuFjTfompM
+        U3gNYE4cGPlbBHP9O1YHWfbjWNRqgZHYa772yEJ20+4HIa0lcNOCjCqm/NPB
+        7Irj881O9z/hZRWLpHW/MAtesZNe8XDjgXAs5gsYmsYHBlZZ/dP6Pwz0qIO/
+        V8FVDMyMLDkJMgAKHr7F+DMzCPOsA56mdPqhHnhTIKIpBTW0R2wPWMomVg7c
+        vTtI+ddYRIYMdBMgaWN0z9IRWR1PFlQ6aTVGdxTBJ4gf5k8ITtjdykssa1dS
+        8ObTnGjMEyiHGlJmK6cm/EYXmOOj8p2HPoBQrqSk]
+      certificate: |
+        -----BEGIN CERTIFICATE-----
+        MIIGUTCCBDmgAwIBAgIDAtitMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB
+        Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
+        BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTkwODA0MDY1OTQ0WhcNMjAwODAz
+        MDY1OTQ0WjCBrjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG
+        U3lkbmV5MRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEcMBoGA1UECxMTSW5mcmFzdHJ1
+        Y3R1cmUgVGVhbTEjMCEGA1UEAxMaQ0FjZXJ0IGV4dGVybmFsIG1vbml0b3Jpbmcx
+        JzAlBgkqhkiG9w0BCQEWGGV4dG1vbi1jbGllbnRAY2FjZXJ0Lm9yZzCCAaIwDQYJ
+        KoZIhvcNAQEBBQADggGPADCCAYoCggGBANIdW3yyGH9LWYseNDIIs+DDHEd3HGOO
+        H31JQKng8LdEZynotRISXDhCfI+Ys0yxMy/t6Sj9pphdoJLFpoTXUB23Hx55LYD3
+        /DiUnoz9WXj0pqiiVKZFdEh1Uwb/M4LDXD4IalAnFpSz28CCr2/24f47e21y6xz2
+        LLEIjFpWreBpk81Yceu1Hh+OAtabzs9R0DRX2hILfmb4QjnUNmmoSjMd4/kCShtU
+        xSaKGKQ9TUc8fjmq1E5fmE6lbKkiwpIDNBIJeJCTo5tq3t6ncFt/L6Tv3gsCQUag
+        lXq09Ca3jyWp6KzTB2sBu/8RFZaBgCcp8yJig89e07IfTqEJDKLzVqj49SMWtajM
+        vv0oArXNQ0C5f8ZUNV0jkszopWqgEhDyso94Yuk5MPVcCPsq9UYVEMEuPFMNVVpV
+        qq12MNYrWPySwQzsCAgAuEva8rrwmfrlUA17yhvdxRvp/fJtxq3f/5OA4uCT28kS
+        gehoo41dTJtRdpx0BvbWZIIC2mzC4kHGJQIDAQABo4IBTzCCAUswDAYDVR0TAQH/
+        BAIwADBWBglghkgBhvhCAQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRl
+        IGZvciBGUkVFIGhlYWQgb3ZlciB0byBodHRwOi8vd3d3LkNBY2VydC5vcmcwDgYD
+        VR0PAQH/BAQDAgOoMEAGA1UdJQQ5MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYB
+        BAGCNwoDBAYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMDIGCCsGAQUFBwEBBCYwJDAi
+        BggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzA4BgNVHR8EMTAvMC2g
+        K6AphidodHRwOi8vY3JsLmNhY2VydC5vcmcvY2xhc3MzLXJldm9rZS5jcmwwIwYD
+        VR0RBBwwGoEYZXh0bW9uLWNsaWVudEBjYWNlcnQub3JnMA0GCSqGSIb3DQEBCwUA
+        A4ICAQBofV0FG3bqinpjPTQ44Ol3WKCyrR6dZ3ZQiFN3GFpldMms13rBXKLErlPq
+        3Z4ZvqvjQ8vDb51Mu8AoGoKjgidyzdPUAgR40MDz8La9JOtcun244iqndp3wUUfQ
+        5C56W44viX3NxQX1h2MlY3HyREL0zjJy8f64AQZTNHDwNg/M6At/jlHtATLMERjz
+        ZdqonsdveaqNcy2MxZ1t+L61IVwsjLFGYzW32LvlhgdV29/dykCGd9JthVGvJCt6
+        2fMXeuYbmkY3o+KbOsio+zXp2zAue++0xRMICrnJlZVFxkspYpy5feJvTp/UEqzL
+        SbnDG2/nlwTLwc/pR5fKkvNTZqEzyr7oGrNvRCbePVo7EbvEfRkDSHtsC2KFLaRu
+        mtbQLFPGe8KaZ4XHpLUNURb3S1LoN6SUFwiq0SmPzFOtgm4emJakKNnm03Kf5yhf
+        qEwF0kluQoO1fD7qtImzFDkPvGG6qBaPBMsY8OlxjQeBSppmE1/hs+BL4eHVTz9p
+        1Xr3xZJ/3UjGEM6QxsxD2eIUZm+XOoZE+NFi3j2zMzgBa/SIeLF2MZ7o1TNXj01R
+        loTBcfQtTPdu9oZ3NJG4MvT45bYskIi5o+vpJHzq/zapGB7L2MxkXuxntRUCvjBG
+        ek9xfHb6UqMc8sluhPmiZkrBjrRn/LKOxO2kSoxc9P5IZg+sFw==
+        -----END CERTIFICATE-----
index 826453f..0492643 100644 (file)
@@ -297,3 +297,108 @@ profiles::icinga2_master::icingaweb_admins:
   - jandd@cacert.org
   - wytze@cacert.org
   - mario@cacert.org
+profiles::icinga2_certificates::certificates:
+  -
+    name: monitor_client
+    key: >
+        ENC[PKCS7,MIILLQYJKoZIhvcNAQcDoIILHjCCCxoCAQAxggEhMIIBHQIBADAFMAACAQEw
+        DQYJKoZIhvcNAQEBBQAEggEAfMlzYDhHEBOZ0ePImcGVWe8jUv833wi0GsRG
+        oGrDtBq1G7bNe8Vjd+cpnuJtkIpvg4UUf6yU3rsMb3JL32rUUP9Jjhp8k/3D
+        8WLadEKRjahlw9kh+/iaz1AGZGiWM4CSpSOKJ24sfFr9djWm8XY0qLakY3q5
+        fwz9xjKIwRhyF2bb1Z92fKNDFYO7Wa9lD7zbf7BraUAWpfL26lrpGkrZmqtM
+        K4wd2RkVZe66azE0lT93aOIPrXwXWIVZL0u+6YFAQx5D/98qbtbwGEtabTSq
+        TTuTikkV6nsq7eblsH3zjkT8olE3cY62VBPq1lKQNTgBWmgBbvebeRzJj8q/
+        gpZNdjCCCe4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEPjAQ+687nD2HSP7
+        xVzkMIWAggnAQ6dpcwNyBBKLNr4uYDAZerNqErnpRRnnJ62FpE2pR/MokRNO
+        M309vB5EpbIBa09cn1PGMyQ7uaaIXydtUwxfeS6307Lfo46swoPyWvHNC+1B
+        ngpiohRSJhiOUR8IUc3uwXNZ8YP8mo3bcjH9heq1WDMeAla8FiBtrdog2Rev
+        bnD2A3S6ustUVIhdR9TCzIXgG1ExgW7oFUn5Iuppl8K6Wv9LPiCs/hLr20fy
+        mg7QJaHHy49rm+L0X5Sf0Jg+gfHEQY5qg2NTqCb88fpYh7t4g8R5HY4QFame
+        gFrj11ZeavxKrLakz0k0uB8weLUWWOE2xHj4mdh87obW5J/xwekZkYqOWHmU
+        PLEyg9X441EMCBSYWFRz9HEK2Zv9Vg0qxKe++DNikVwDT9ntEYHnh43e7Iwp
+        YKwvCtlxxvQGY09acLuC0l4pifpJOsqOcAUjxf3WXoe1cjsjEcL+Z3mMmerh
+        8JyXxJRp5Cu6TTMxcnQb/214/D8qYCKoPUYMddNC1G+XVosNY8QWbNp8nLUL
+        DZHsvI0tgk+CV/SPRl68dx7cE1bYioyS4EausMQub4eQykZl5My9qRR5htSl
+        C2zw+CP47EhsaA3zodbj6UgdYGBmhZNUOiW3oXWTKV0eSddkWcS/CmY271a9
+        6UIzE2TlRQ4w85GI8aD0W4DbsPyUvG0oay/lFYI6TzG1d6sL0rn/n1vvuUHB
+        n1OSyMdzcnUS0V7mt3gmGIKCYfEjG1auMaXlLag/NPPi5lvAkn8t8fY0uRn9
+        3kYpAPCPHFpqP8L/ZwIyHf/ePvRszzbuU23wkmcguIx3+UqGvwOyaMTGiy1K
+        0ML0PUCMHPVrVDjkIHf9Tee/eFbRP9toQEofeesQtSJY6jW5zCCa/EEmmazy
+        jyo1hdsSCcTpizMylT4NDGpdfc73ccMwoGcuSdTtlAolBhn0qbBvEMo/GQMZ
+        JmvvOlE0BlDUGxbXE4XTrjIS2tJIL6Mrg0nQEJLB8u41i9fDJdPai3dwYlYZ
+        oMUT/QX417fPKl88t6NwkfFpW8mgStqeZR0ataza5lzHC61d5C1z+Zxzh/yk
+        oCgwmWFcz2kS8woi//0t3DtJB93bFbV0za9FUodcKrEcLowx3mN+g+URe5n0
+        w7On4tjl4PGo5ko/15DDcRRlJlzQlUN28n0w3ENYaAgHiNKsksvXxqTL+mRo
+        kDhszsQyaatutqtjN7Tj9t5p+gIkjODhz5FmQop+ZirXwNElMX7N3WeFD8Tl
+        zLhopOuZ0loqaKWgTEY1hdYUINfkHTNyLIxwyYtJGPAU30q/c5qZ8opmil96
+        tk6kpctBVAeNYVBfRNJYkGfNRrK7AiENuLaWGurGt05J00lSKOEQQXQuLqGy
+        mPC694aJ26aqjinuWZ21TCLh+e+Oib0sVYWObCjy/cBGtMQAlvTGEt/1zs66
+        K+r1C0PJkWcDwDAF0mwnxDxFq1zcPYBG8xH90DrSPMoN0edLFMencGVrqMBI
+        agbUlkwePUdEc34zZ1khJbuBU/B0O8IRNY9rFQrU9ICCnKPVFvym85f0y8Ac
+        BphEJrS61CDa/L7techS1GTP8joSoZnT/OzzqXRXBe9Pgp9hubcckbGwi20k
+        sP4sCoChKe99wR4760z+q4JV91aVR/aKqAB+5R7aKor4ouQSaC203XzpDcOv
+        x/t6+l4cPetOvV5dtqPtpv1L+nPoLr9w3JS+ZGLOwmXAAx7Zr/DD8RGd6hM/
+        OHfplbHg4XYbbDG51OTj6ajRwDoDgcLQ6VHz4/3HmcaNff2VcY4DFxKSpv+D
+        WSoepaN+KB+o1B4YRQ3XyuYhcAL7UlMJzA0CBmezZ2AMLTfGIaxFtwnqDMEc
+        kJ+m7BP3cyk/E6CTBFVrQajC7C8Gs5nNqI1sS79pMk07S2dOX/MRFSP0hw8i
+        ploMyzV6tCPAF/h9OO510W3iOqSN6nQe61BGlTgMgWKut4VWunpqZyANkIvT
+        SIeTR09cpSI5fhWfMdjv07TocakibiWFRZpvpOd0dkVA0FR5BurPxYoUB0od
+        FkWPGlgfTVCVuVLfVjEgig2j+YzoZM3Y/GkVu7IVkaxGI8+/uq6Hyordk051
+        uDxbNDiuq0mXfL6KTiPJ/3TVPPLUnnFvEdWvgLIg4wnHpXxpkF44dFkKF4/y
+        d5Ykxpc6eThoV8aIVMUl5dod68LjclHL0Iv3l7+rTE6qPrTiShONvQbIu8lv
+        5KXBK6GdjTFWz8c9Lr6zR/ABQ+XhQAlCqmwhfp+rEr1qReBEus5U4bL1ObuB
+        1AA0r6AlmjCLH9F9BA3PcNVi5Zm988chcoCjl1GTjeMVcK501l9/KYcSjIzZ
+        bfaguVPCiSGG0/imDQ/QiBtDNGKHbdknJlTjBBaGWJkCFu/vpV6uzjfzMXRO
+        FXc/E31UdogZfprKRt1c1WHW8ozo8hV6/2D4X+tB1Jn4bELIgSZRhB7d29tm
+        jAxd8kAsCDsIK5NX0VXXzenZcut1L10lDVHcr+WOTT5lbGLgZCa508ExdtQk
+        /FsgqnzNOrqlCBx2gYU9UcrMxlOf7teEHxJmoFMqe7II2M/ye6eBYdy515GR
+        ywU0R8pRUuSs8njm7rYeuzG3rCd1j4RCasjbmLQLkuAVlxPjys+Hxe07jb8b
+        N4VyAQsUaFruuwkIUanANJdaOA72IJyPJCZf4HCScQEKG1EkU6oHNDelE0J/
+        J9zTdzuUSwfv74pk/2PExloRH42glTAB/FOoIenzrtO7XvsV+HAaqoqJQ1Gr
+        7lvjwU0B8GMijM20YQPOzhc9H34BWya5Y8BAaTbue+puAIjfLQaMPIcy/ilh
+        qIrVd1sNXCJtXJ2Smo5O3wGI3Qw29pQn98x20pJUCwXwLtdRWSocSL7qWlAh
+        pofd1vZ+5F5iW1XOm9//SIZ3lgHlEsWwnBL1v6mETXPA6UezJGSm2fhI14xx
+        EnFI3t1K0+JSkHq45nyxHGfiS1KcHvrblNnGOHWfxKDjdIKADAMI6yP3pWrQ
+        2kmTSMSRcAN9TQxd2sFsLVe7zpFxBagp1SaXzKC/VpmWQu6Y6BNt6EjmZ7+r
+        UjpnfOY8H2efR2aNzMEdvtz/mY9pdzLSHIDNSndM+RqccpbcyJKTQXIdjHiZ
+        iHpfoZJ6g4VdkaXVRttaNfjuuwuAJuUaxoSdDOeswHIOIeNQ2N8e5OE0U4r7
+        xvd/XDaPh2AE1061vN+InhW9lC2QrIxSrHzQoz0uVVq23D1aMyin8UHTTo1e
+        h8zTkvycy4d/FiozapuXBuM49p8DgcX0kESTVnL4A99qzFr7PU4CWDQssgkU
+        WGs3X/Ut0GKaJXFMwajblcJu80p7HRmaXJWIBmwe]
+    certificate: |
+        -----BEGIN CERTIFICATE-----
+        MIIGUzCCBDugAwIBAgIDAtiuMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB
+        Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
+        BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTkwODA0MDcxODI5WhcNMjAwODAz
+        MDcxODI5WjCBrzELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG
+        U3lkbmV5MRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEcMBoGA1UECxMTSW5mcmFzdHJ1
+        Y3R1cmUgVGVhbTEjMCEGA1UEAxMaQ0FjZXJ0IGV4dGVybmFsIG1vbml0b3Jpbmcx
+        KDAmBgkqhkiG9w0BCQEWGW1vbml0b3ItY2xpZW50QGNhY2VydC5vcmcwggGiMA0G
+        CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDRI7wnPoPtuP9w15cJBIWLOvM2pe1O
+        HdaIBnKiEIP60zJHc5KOIazCC+eF9wt5eOszIyooPCoPkG/qcIQlWQ6uuFZS52fK
+        RkfnQ77JL4GNtwQsrTWduebfJFvI1iA/GhHCeKlbTCio0U7gg4wi/LJ+4sO7TbhT
+        bJmtoAoCHgktgmSu5BPmO6HFMqc+CzNhVsaXzvxemeIp2WBSxjxX6aAvIpl3tGDY
+        R3dBu06CeMQhKuzswt6yFpaMKVQ0NwwYUpsYkTR7wgVzcOQ+UCV8dWdv4vD55rI1
+        ZMCYa9ELRGjvkrmV/6/7UCnT+bCD98h+s5Ut1GUW1SwD3rg8MneFxigRJLmXWGkk
+        mOqWfxW9KSuRyw+wJwap7xHuvZrCElLeA4FKI5FWQkKLENc8yps81C+gwlkBrwKT
+        Zjcm41mnXRNyy5d4JckfFfKaEZT1mWE4cu1swKGdR67y36UysTFrTxabp8Jm+uXD
+        lJjAJCsnWON6XA2cX58/wtyHsgs8AmwUpDcCAwEAAaOCAVAwggFMMAwGA1UdEwEB
+        /wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0
+        ZSBmb3IgRlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4G
+        A1UdDwEB/wQEAwIDqDBABgNVHSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisG
+        AQQBgjcKAwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggrBgEFBQcBAQQmMCQw
+        IgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwOAYDVR0fBDEwLzAt
+        oCugKYYnaHR0cDovL2NybC5jYWNlcnQub3JnL2NsYXNzMy1yZXZva2UuY3JsMCQG
+        A1UdEQQdMBuBGW1vbml0b3ItY2xpZW50QGNhY2VydC5vcmcwDQYJKoZIhvcNAQEL
+        BQADggIBAIqCf+GvdSkLlrvkGMCxvAnUKfNl4WrwxxQ79XAnRLnlLzu13AiL3HYp
+        sd7M98d55xZmmWpezDDdBBBE6Se/JnbWWyMUyGEy+lvqkhnCbb9w9T+7ycHJfYO6
+        u3+LLAEPNC1Pz08IDh/QofI3eCyOojiyQh70/Yi19yw3XIQofxbx/whgRLXEm65S
+        guZtpzOV3WJcEpeRFEX49uPFEN1I+taPn30UgWLqoaxBkrOd+zu+kf0aA7Q5UR41
+        Xl0iUYCPDI0tFhxFk42V3S/fVx45C9U/UIjEukM+4OudWdlciaTxQ8/wh6ghtQ05
+        Q/X5kPV8+9JsKYqW59R0uW6XdVsrdBiK2wp5xycdrrPCp3Ay2XgGzrm4WWjfC2ou
+        Nxgm1ahgcf8IxUK5Dek4Nl6PyD4gb1KZxoOLhEAUVzAK1tc6QRnuNjNwxVzo7dT6
+        NfDPnYwkz4W9o6fDqBa1FrCDPGeKmzsnYB+rOY7ckkQRZXd9Qc9gYLkIfaLk8uE5
+        v8kcjQ93BLKCjFPbApp7oHOOKCujT65FG5osfKpVtwUPhxoaEPb/EvlJqXIImpLZ
+        4/wS92taummJijXtRYHVJNHtvZZM9wpxsUJdrSgi/ZbmwIvVtqnJMgQED7xPWhQ4
+        Pil7k+bHn74rp3aFqqXDn3NqQgD049hxLfbIi0PUOYHlWK69wnk8
+        -----END CERTIFICATE-----
diff --git a/sitemodules/profiles/manifests/icinga2_certificates.pp b/sitemodules/profiles/manifests/icinga2_certificates.pp
new file mode 100644 (file)
index 0000000..ab566d3
--- /dev/null
@@ -0,0 +1,68 @@
+# Class: profiles::icinga2_common
+# ===============================
+#
+# This profile puts certificate in Icinga2 hosts. This can be used to put
+# client certificates onto Icinga2 instances that should check mutually
+# authenticated TLS connections.
+#
+# This manifest is meant to be included from other manifests.
+#
+# Parameters
+# ----------
+#
+# @param certificates  List of Hashes with the keys "name", "key" and
+#                      "certificate" that defines a list of certificates
+#
+# Examples
+# --------
+#
+# @example
+#   include profiles::icinga2_certificates
+#
+# Authors
+# -------
+#
+# Jan Dittberner <jandd@cacert.org>
+#
+# Copyright
+# ---------
+#
+# Copyright 2019 Jan Dittberner
+class profiles::icinga2_certificates (
+  Array[Hash[String, String]] $certificates = []
+) {
+  if $certificates.length > 0 {
+    file { ['/etc/icinga2/ssl/certs', '/etc/icinga2/ssl/keys']:
+      ensure  => directory,
+      owner   => 'nagios',
+      group   => 'nagios',
+      mode    => '0700',
+      require => Package['icinga2'],
+    }
+  }
+  $certificates.each |$certificate| {
+    if 'name' in $certificate and 'certificate' in $certificate {
+      file { "/etc/icinga2/ssl/certs/${certificate[name]}.crt.pem":
+        ensure  => file,
+        owner   => 'nagios',
+        group   => 'nagios',
+        mode    =>'0600',
+        content => $certificate['certificate'],
+      }
+      if 'key' in $certificate {
+        file { "/etc/icinga2/ssl/keys/${certificate[name]}.key.pem":
+          ensure  => file,
+          owner   => 'nagios',
+          group   => 'nagios',
+          mode    =>'0600',
+          content => $certificate['key'],
+        }
+      }
+    } else {
+      $fields = join(keys($certificate), '\', \'')
+      notify { 'missing fields in certificate hash':
+        message => "Each certificate block needs a 'name', 'certificate' and an optional 'key': found '${fields}'"
+      }
+    }
+  }
+}
index caeb498..12fa6ca 100644 (file)
@@ -22,6 +22,8 @@
 # Copyright 2019 Jan Dittberner
 class profiles::icinga2_common (
 ) {
+  include profiles::icinga2_certificates
   if $::lsbdistcodename == 'stretch' {
     apt::pin { 'icinga2_backports':
       packages => [