create private, certificate, and CA certificate files in munin.tls

This commit is contained in:
Kenny Do 2014-01-06 17:38:14 -08:00
parent 38d4b9e069
commit 0ad2f25d31
4 changed files with 59 additions and 1 deletions

View File

@ -14,6 +14,7 @@ States
Generates a config file for the munin node based on pillar data.
``munin.tls``
Installs the Perl package Net::SSLEay so munin can use TLS.
Also, if the private key, certificate, or CA certificate are specified (as in ``pillar.example``), then the appropriate files are created. Note that it is up to the user to correctly specify the location of these files in their master and node config files.
Configuration
=============

View File

@ -34,3 +34,16 @@
'package': 'perl-Net-SSLeay',
},
}, merge=salt['pillar.get']('net_ssleay:lookup')) %}
{% set munin_tls = salt['grains.filter_by']({
'Debian': {
'private_key': '/etc/munin/tls/key.pem',
'certificate': '/etc/munin/tls/crt.pem',
'ca_certificate': '/etc/munin/tls/cacert.pem',
},
'RedHat': {
'private_key': '/etc/munin/tls/key.pem',
'certificate': '/etc/munin/tls/crt.pem',
'ca_certificate': '/etc/munin/tls/cacert.pem',
},
}, merge=salt['pillar.get']('munin_tls:lookup')) %}

View File

@ -1,5 +1,35 @@
{% from "munin/map.jinja" import net_ssleay with context %}
{% from "munin/map.jinja" import net_ssleay, munin_tls with context %}
net_ssleay:
pkg.installed:
- name: {{ net_ssleay.package }}
{%- if salt['pillar.get']('munin_tls:private_pem') %}
munin_tls_private_key:
file.managed:
- name: {{ munin_tls.private_key }}
- user: munin
- group: munin
- mode: 600
- contents_pillar: munin_tls:private_pem
{%- endif %}
{%- if salt['pillar.get']('munin_tls:certificate_pem') %}
munin_tls_certificate:
file.managed:
- name: {{ munin_tls.certificate }}
- user: munin
- group: munin
- mode: 600
- contents_pillar: munin_tls:certificate_pem
{%- endif %}
{%- if salt['pillar.get']('munin_tls:ca_certificate_pem') %}
munin_tls_ca_certificate:
file.managed:
- name: {{ munin_tls.ca_certificate }}
- user: munin
- group: munin
- mode: 600
- contents_pillar: munin_tls:ca_certificate_pem
{%- endif %}

View File

@ -31,3 +31,17 @@ munin_node:
- "^::1$"
host: "*"
port: 4949
munin_tls:
private_pem: |
-----BEGIN RSA PRIVATE KEY-----
Inline key here
-----END RSA PRIVATE KEY-----
certificate_pem: |
-----BEGIN CERTIFICATE-----
Inline certificate key
-----END CERTIFICATE-----
ca_certificate_pem: |
-----BEGIN CERTIFICATE-----
Inline CA certificate key
-----END CERTIFICATE-----