create private, certificate, and CA certificate files in munin.tls
This commit is contained in:
		| @@ -14,6 +14,7 @@ States | |||||||
|     Generates a config file for the munin node based on pillar data. |     Generates a config file for the munin node based on pillar data. | ||||||
| ``munin.tls`` | ``munin.tls`` | ||||||
|     Installs the Perl package Net::SSLEay so munin can use TLS. |     Installs the Perl package Net::SSLEay so munin can use TLS. | ||||||
|  |     Also, if the private key, certificate, or CA certificate are specified (as in ``pillar.example``), then the appropriate files are created. Note that it is up to the user to correctly specify the location of these files in their master and node config files. | ||||||
|  |  | ||||||
| Configuration | Configuration | ||||||
| ============= | ============= | ||||||
|   | |||||||
| @@ -34,3 +34,16 @@ | |||||||
|         'package': 'perl-Net-SSLeay', |         'package': 'perl-Net-SSLeay', | ||||||
|     }, |     }, | ||||||
| }, merge=salt['pillar.get']('net_ssleay:lookup')) %} | }, merge=salt['pillar.get']('net_ssleay:lookup')) %} | ||||||
|  |  | ||||||
|  | {% set munin_tls = salt['grains.filter_by']({ | ||||||
|  |     'Debian': { | ||||||
|  |         'private_key': '/etc/munin/tls/key.pem', | ||||||
|  |         'certificate': '/etc/munin/tls/crt.pem', | ||||||
|  |         'ca_certificate': '/etc/munin/tls/cacert.pem', | ||||||
|  |     }, | ||||||
|  |     'RedHat': { | ||||||
|  |         'private_key': '/etc/munin/tls/key.pem', | ||||||
|  |         'certificate': '/etc/munin/tls/crt.pem', | ||||||
|  |         'ca_certificate': '/etc/munin/tls/cacert.pem', | ||||||
|  |     }, | ||||||
|  | }, merge=salt['pillar.get']('munin_tls:lookup')) %} | ||||||
|   | |||||||
| @@ -1,5 +1,35 @@ | |||||||
| {% from "munin/map.jinja" import net_ssleay with context %} | {% from "munin/map.jinja" import net_ssleay, munin_tls with context %} | ||||||
|  |  | ||||||
| net_ssleay: | net_ssleay: | ||||||
|   pkg.installed: |   pkg.installed: | ||||||
|     - name: {{ net_ssleay.package }} |     - name: {{ net_ssleay.package }} | ||||||
|  |  | ||||||
|  | {%- if salt['pillar.get']('munin_tls:private_pem') %} | ||||||
|  | munin_tls_private_key: | ||||||
|  |   file.managed: | ||||||
|  |     - name: {{ munin_tls.private_key }} | ||||||
|  |     - user: munin | ||||||
|  |     - group: munin | ||||||
|  |     - mode: 600 | ||||||
|  |     - contents_pillar: munin_tls:private_pem | ||||||
|  | {%- endif %} | ||||||
|  |  | ||||||
|  | {%- if salt['pillar.get']('munin_tls:certificate_pem') %} | ||||||
|  | munin_tls_certificate: | ||||||
|  |   file.managed: | ||||||
|  |     - name: {{ munin_tls.certificate }} | ||||||
|  |     - user: munin | ||||||
|  |     - group: munin | ||||||
|  |     - mode: 600 | ||||||
|  |     - contents_pillar: munin_tls:certificate_pem | ||||||
|  | {%- endif %} | ||||||
|  |  | ||||||
|  | {%- if salt['pillar.get']('munin_tls:ca_certificate_pem') %} | ||||||
|  | munin_tls_ca_certificate: | ||||||
|  |   file.managed: | ||||||
|  |     - name: {{ munin_tls.ca_certificate }} | ||||||
|  |     - user: munin | ||||||
|  |     - group: munin | ||||||
|  |     - mode: 600 | ||||||
|  |     - contents_pillar: munin_tls:ca_certificate_pem | ||||||
|  | {%- endif %} | ||||||
|   | |||||||
| @@ -31,3 +31,17 @@ munin_node: | |||||||
|     - "^::1$" |     - "^::1$" | ||||||
|   host: "*" |   host: "*" | ||||||
|   port: 4949 |   port: 4949 | ||||||
|  |  | ||||||
|  | munin_tls: | ||||||
|  |   private_pem: | | ||||||
|  |     -----BEGIN RSA PRIVATE KEY----- | ||||||
|  |     Inline key here | ||||||
|  |     -----END RSA PRIVATE KEY----- | ||||||
|  |   certificate_pem: | | ||||||
|  |     -----BEGIN CERTIFICATE----- | ||||||
|  |     Inline certificate key | ||||||
|  |     -----END CERTIFICATE----- | ||||||
|  |   ca_certificate_pem: | | ||||||
|  |     -----BEGIN CERTIFICATE----- | ||||||
|  |     Inline CA certificate key | ||||||
|  |     -----END CERTIFICATE----- | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user