create private, certificate, and CA certificate files in munin.tls

2014-01-06 17:38:14 -08:00
parent 38d4b9e069
commit 0ad2f25d31
4 changed files with 59 additions and 1 deletions
--- a/README.rst
+++ b/README.rst
@@ -14,6 +14,7 @@ States
    Generates a config file for the munin node based on pillar data.
 ``munin.tls``
    Installs the Perl package Net::SSLEay so munin can use TLS.
+    Also, if the private key, certificate, or CA certificate are specified (as in ``pillar.example``), then the appropriate files are created. Note that it is up to the user to correctly specify the location of these files in their master and node config files.

 Configuration
 =============
--- a/munin/map.jinja
+++ b/munin/map.jinja
@@ -34,3 +34,16 @@
        'package': 'perl-Net-SSLeay',
    },
 }, merge=salt['pillar.get']('net_ssleay:lookup')) %}
+
+{% set munin_tls = salt['grains.filter_by']({
+    'Debian': {
+        'private_key': '/etc/munin/tls/key.pem',
+        'certificate': '/etc/munin/tls/crt.pem',
+        'ca_certificate': '/etc/munin/tls/cacert.pem',
+    },
+    'RedHat': {
+        'private_key': '/etc/munin/tls/key.pem',
+        'certificate': '/etc/munin/tls/crt.pem',
+        'ca_certificate': '/etc/munin/tls/cacert.pem',
+    },
+}, merge=salt['pillar.get']('munin_tls:lookup')) %}
--- a/munin/tls.sls
+++ b/munin/tls.sls
@@ -1,5 +1,35 @@
-{% from "munin/map.jinja" import net_ssleay with context %}
+{% from "munin/map.jinja" import net_ssleay, munin_tls with context %}

 net_ssleay:
  pkg.installed:
    - name: {{ net_ssleay.package }}
+
+{%- if salt['pillar.get']('munin_tls:private_pem') %}
+munin_tls_private_key:
+  file.managed:
+    - name: {{ munin_tls.private_key }}
+    - user: munin
+    - group: munin
+    - mode: 600
+    - contents_pillar: munin_tls:private_pem
+{%- endif %}
+
+{%- if salt['pillar.get']('munin_tls:certificate_pem') %}
+munin_tls_certificate:
+  file.managed:
+    - name: {{ munin_tls.certificate }}
+    - user: munin
+    - group: munin
+    - mode: 600
+    - contents_pillar: munin_tls:certificate_pem
+{%- endif %}
+
+{%- if salt['pillar.get']('munin_tls:ca_certificate_pem') %}
+munin_tls_ca_certificate:
+  file.managed:
+    - name: {{ munin_tls.ca_certificate }}
+    - user: munin
+    - group: munin
+    - mode: 600
+    - contents_pillar: munin_tls:ca_certificate_pem
+{%- endif %}
--- a/pillar.example
+++ b/pillar.example
@@ -31,3 +31,17 @@ munin_node:
    - "^::1$"
  host: "*"
  port: 4949
+
+munin_tls:
+  private_pem: |
+    -----BEGIN RSA PRIVATE KEY-----
+    Inline key here
+    -----END RSA PRIVATE KEY-----
+  certificate_pem: |
+    -----BEGIN CERTIFICATE-----
+    Inline certificate key
+    -----END CERTIFICATE-----
+  ca_certificate_pem: |
+    -----BEGIN CERTIFICATE-----
+    Inline CA certificate key
+    -----END CERTIFICATE-----