create private, certificate, and CA certificate files in munin.tls

2014-01-06 17:38:14 -08:00
parent 38d4b9e069
commit 0ad2f25d31
4 changed files with 59 additions and 1 deletions
--- a/munin/map.jinja
+++ b/munin/map.jinja
@ -34,3 +34,16 @@
        'package': 'perl-Net-SSLeay',
    },
 }, merge=salt['pillar.get']('net_ssleay:lookup')) %}
+
+{% set munin_tls = salt['grains.filter_by']({
+    'Debian': {
+        'private_key': '/etc/munin/tls/key.pem',
+        'certificate': '/etc/munin/tls/crt.pem',
+        'ca_certificate': '/etc/munin/tls/cacert.pem',
+    },
+    'RedHat': {
+        'private_key': '/etc/munin/tls/key.pem',
+        'certificate': '/etc/munin/tls/crt.pem',
+        'ca_certificate': '/etc/munin/tls/cacert.pem',
+    },
+}, merge=salt['pillar.get']('munin_tls:lookup')) %}
--- a/munin/tls.sls
+++ b/munin/tls.sls
@ -1,5 +1,35 @@
-{% from "munin/map.jinja" import net_ssleay with context %}
+{% from "munin/map.jinja" import net_ssleay, munin_tls with context %}

 net_ssleay:
  pkg.installed:
    - name: {{ net_ssleay.package }}
+
+{%- if salt['pillar.get']('munin_tls:private_pem') %}
+munin_tls_private_key:
+  file.managed:
+    - name: {{ munin_tls.private_key }}
+    - user: munin
+    - group: munin
+    - mode: 600
+    - contents_pillar: munin_tls:private_pem
+{%- endif %}
+
+{%- if salt['pillar.get']('munin_tls:certificate_pem') %}
+munin_tls_certificate:
+  file.managed:
+    - name: {{ munin_tls.certificate }}
+    - user: munin
+    - group: munin
+    - mode: 600
+    - contents_pillar: munin_tls:certificate_pem
+{%- endif %}
+
+{%- if salt['pillar.get']('munin_tls:ca_certificate_pem') %}
+munin_tls_ca_certificate:
+  file.managed:
+    - name: {{ munin_tls.ca_certificate }}
+    - user: munin
+    - group: munin
+    - mode: 600
+    - contents_pillar: munin_tls:ca_certificate_pem
+{%- endif %}