create private, certificate, and CA certificate files in munin.tls
This commit is contained in:
Kenny Do
parent
38d4b9e069
commit
0ad2f25d31
@ -14,6 +14,7 @@ States
|
|||||||
Generates a config file for the munin node based on pillar data.
|
Generates a config file for the munin node based on pillar data.
|
||||||
``munin.tls``
|
``munin.tls``
|
||||||
Installs the Perl package Net::SSLEay so munin can use TLS.
|
Installs the Perl package Net::SSLEay so munin can use TLS.
|
||||||
|
Also, if the private key, certificate, or CA certificate are specified (as in ``pillar.example``), then the appropriate files are created. Note that it is up to the user to correctly specify the location of these files in their master and node config files.
|
||||||
|
|
||||||
Configuration
|
Configuration
|
||||||
=============
|
=============
|
||||||
|
|||||||
@ -34,3 +34,16 @@
|
|||||||
'package': 'perl-Net-SSLeay',
|
'package': 'perl-Net-SSLeay',
|
||||||
},
|
},
|
||||||
}, merge=salt['pillar.get']('net_ssleay:lookup')) %}
|
}, merge=salt['pillar.get']('net_ssleay:lookup')) %}
|
||||||
|
|
||||||
|
{% set munin_tls = salt['grains.filter_by']({
|
||||||
|
'Debian': {
|
||||||
|
'private_key': '/etc/munin/tls/key.pem',
|
||||||
|
'certificate': '/etc/munin/tls/crt.pem',
|
||||||
|
'ca_certificate': '/etc/munin/tls/cacert.pem',
|
||||||
|
},
|
||||||
|
'RedHat': {
|
||||||
|
'private_key': '/etc/munin/tls/key.pem',
|
||||||
|
'certificate': '/etc/munin/tls/crt.pem',
|
||||||
|
'ca_certificate': '/etc/munin/tls/cacert.pem',
|
||||||
|
},
|
||||||
|
}, merge=salt['pillar.get']('munin_tls:lookup')) %}
|
||||||
|
|||||||
@ -1,5 +1,35 @@
|
|||||||
{% from "munin/map.jinja" import net_ssleay with context %}
|
{% from "munin/map.jinja" import net_ssleay, munin_tls with context %}
|
||||||
|
|
||||||
net_ssleay:
|
net_ssleay:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
- name: {{ net_ssleay.package }}
|
- name: {{ net_ssleay.package }}
|
||||||
|
|
||||||
|
{%- if salt['pillar.get']('munin_tls:private_pem') %}
|
||||||
|
munin_tls_private_key:
|
||||||
|
file.managed:
|
||||||
|
- name: {{ munin_tls.private_key }}
|
||||||
|
- user: munin
|
||||||
|
- group: munin
|
||||||
|
- mode: 600
|
||||||
|
- contents_pillar: munin_tls:private_pem
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
{%- if salt['pillar.get']('munin_tls:certificate_pem') %}
|
||||||
|
munin_tls_certificate:
|
||||||
|
file.managed:
|
||||||
|
- name: {{ munin_tls.certificate }}
|
||||||
|
- user: munin
|
||||||
|
- group: munin
|
||||||
|
- mode: 600
|
||||||
|
- contents_pillar: munin_tls:certificate_pem
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
{%- if salt['pillar.get']('munin_tls:ca_certificate_pem') %}
|
||||||
|
munin_tls_ca_certificate:
|
||||||
|
file.managed:
|
||||||
|
- name: {{ munin_tls.ca_certificate }}
|
||||||
|
- user: munin
|
||||||
|
- group: munin
|
||||||
|
- mode: 600
|
||||||
|
- contents_pillar: munin_tls:ca_certificate_pem
|
||||||
|
{%- endif %}
|
||||||
|
|||||||
@ -31,3 +31,17 @@ munin_node:
|
|||||||
- "^::1$"
|
- "^::1$"
|
||||||
host: "*"
|
host: "*"
|
||||||
port: 4949
|
port: 4949
|
||||||
|
|
||||||
|
munin_tls:
|
||||||
|
private_pem: |
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Inline key here
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
certificate_pem: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
Inline certificate key
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
ca_certificate_pem: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
Inline CA certificate key
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user