Salt-Formulas/munin-formula
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

create private, certificate, and CA certificate files in munin.tls

Browse Source
This commit is contained in:
Kenny Do 2014-01-06 17:38:14 -08:00
parent 38d4b9e069
commit 0ad2f25d31
4 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.rst
View File

@ -14,6 +14,7 @@ States
Generates a config file for the munin node based on pillar data. Generates a config file for the munin node based on pillar data.
``munin.tls`` ``munin.tls``
Installs the Perl package Net::SSLEay so munin can use TLS. Installs the Perl package Net::SSLEay so munin can use TLS.
Also, if the private key, certificate, or CA certificate are specified (as in ``pillar.example``), then the appropriate files are created. Note that it is up to the user to correctly specify the location of these files in their master and node config files.
Configuration Configuration
============= =============

13
munin/map.jinja
View File

@ -34,3 +34,16 @@
'package': 'perl-Net-SSLeay', 'package': 'perl-Net-SSLeay',
}, },
}, merge=salt['pillar.get']('net_ssleay:lookup')) %} }, merge=salt['pillar.get']('net_ssleay:lookup')) %}
{% set munin_tls = salt['grains.filter_by']({
'Debian': {
'private_key': '/etc/munin/tls/key.pem',
'certificate': '/etc/munin/tls/crt.pem',
'ca_certificate': '/etc/munin/tls/cacert.pem',
},
'RedHat': {
'private_key': '/etc/munin/tls/key.pem',
'certificate': '/etc/munin/tls/crt.pem',
'ca_certificate': '/etc/munin/tls/cacert.pem',
},
}, merge=salt['pillar.get']('munin_tls:lookup')) %}

32
munin/tls.sls
View File

@ -1,5 +1,35 @@
{% from "munin/map.jinja" import net_ssleay with context %} {% from "munin/map.jinja" import net_ssleay, munin_tls with context %}
net_ssleay: net_ssleay:
pkg.installed: pkg.installed:
- name: {{ net_ssleay.package }} - name: {{ net_ssleay.package }}
{%- if salt['pillar.get']('munin_tls:private_pem') %}
munin_tls_private_key:
file.managed:
- name: {{ munin_tls.private_key }}
- user: munin
- group: munin
- mode: 600
- contents_pillar: munin_tls:private_pem
{%- endif %}
{%- if salt['pillar.get']('munin_tls:certificate_pem') %}
munin_tls_certificate:
file.managed:
- name: {{ munin_tls.certificate }}
- user: munin
- group: munin
- mode: 600
- contents_pillar: munin_tls:certificate_pem
{%- endif %}
{%- if salt['pillar.get']('munin_tls:ca_certificate_pem') %}
munin_tls_ca_certificate:
file.managed:
- name: {{ munin_tls.ca_certificate }}
- user: munin
- group: munin
- mode: 600
- contents_pillar: munin_tls:ca_certificate_pem
{%- endif %}

14
pillar.example
View File

@ -31,3 +31,17 @@ munin_node:
- "^::1$" - "^::1$"
host: "*" host: "*"
port: 4949 port: 4949
munin_tls:
private_pem: |
-----BEGIN RSA PRIVATE KEY-----
Inline key here
-----END RSA PRIVATE KEY-----
certificate_pem: |
-----BEGIN CERTIFICATE-----
Inline certificate key
-----END CERTIFICATE-----
ca_certificate_pem: |
-----BEGIN CERTIFICATE-----
Inline CA certificate key
-----END CERTIFICATE-----