From 7e671303cbd08cb910ee721a26966b4f9d21b313 Mon Sep 17 00:00:00 2001
From: Kenny Do <chinesedewey@gmail.com>
Date: Mon, 6 Jan 2014 17:56:55 -0800
Subject: [PATCH] Added TLS instructions to README

---
 README.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/README.rst b/README.rst
index b0e135d..f909918 100644
--- a/README.rst
+++ b/README.rst
@@ -14,6 +14,7 @@ States
     Generates a config file for the munin node based on pillar data.
 ``munin.tls``
     Installs the Perl package Net::SSLEay so munin can use TLS.
+    
     Also, if the private key, certificate, or CA certificate are specified (as in ``pillar.example``), then the appropriate files are created. Note that it is up to the user to correctly specify the location of these files in their master and node config files.
 
 Configuration
@@ -29,3 +30,17 @@ Node Config
 Consult http://munin-monitoring.org/wiki/munin-node.conf and ``man munin-node.conf`` for the full list of directives.
 
 For node configuration directives that allow repetition (ie: ``ignore_files``), make ``pillar['munin_node']['ignore_files']`` a list of values (see ``pillar.example`` for an example of this).
+
+TLS
+---
+Consult http://munin-monitoring.org/wiki/MuninConfigurationNetworkTLS.
+
+Instructions for the non-paraonid TLS setup:
+
+1. Generate a private key. For this example, we create a 1024-bit key: ``openssl genrsa -out private.pem 1024``
+#. Create a Certificate Signing Reqest: ``openssl req -new -key private.pem -out request.csr``
+#. Generate a self-signed certificate: ``openssl x509 -req -in request.csr -signkey private.pem -out certificate.crt``
+#. Inline the contents of ``private.pem`` into ``pillar['munin_tls']['private_key']``.
+#. Inline the contents of ``certificate.crt`` into ``pillar['munin_tls']['certificate_pem']``.
+#. Optional: delete the ``private.pem``, ``request.csr``, and ``certificate.crt`` files you generated. They aren't really needed now that you've inlined the important stuff into pillar.
+#. Update your munin config to enable TLS and also to point to the salt-managed PEM files. The default paths where this salt formula puts the PEM files are specified in ``munin/map.jinja``