Added TLS instructions to README
This commit is contained in:
parent
0ad2f25d31
commit
7e671303cb
15
README.rst
15
README.rst
@ -14,6 +14,7 @@ States
|
|||||||
Generates a config file for the munin node based on pillar data.
|
Generates a config file for the munin node based on pillar data.
|
||||||
``munin.tls``
|
``munin.tls``
|
||||||
Installs the Perl package Net::SSLEay so munin can use TLS.
|
Installs the Perl package Net::SSLEay so munin can use TLS.
|
||||||
|
|
||||||
Also, if the private key, certificate, or CA certificate are specified (as in ``pillar.example``), then the appropriate files are created. Note that it is up to the user to correctly specify the location of these files in their master and node config files.
|
Also, if the private key, certificate, or CA certificate are specified (as in ``pillar.example``), then the appropriate files are created. Note that it is up to the user to correctly specify the location of these files in their master and node config files.
|
||||||
|
|
||||||
Configuration
|
Configuration
|
||||||
@ -29,3 +30,17 @@ Node Config
|
|||||||
Consult http://munin-monitoring.org/wiki/munin-node.conf and ``man munin-node.conf`` for the full list of directives.
|
Consult http://munin-monitoring.org/wiki/munin-node.conf and ``man munin-node.conf`` for the full list of directives.
|
||||||
|
|
||||||
For node configuration directives that allow repetition (ie: ``ignore_files``), make ``pillar['munin_node']['ignore_files']`` a list of values (see ``pillar.example`` for an example of this).
|
For node configuration directives that allow repetition (ie: ``ignore_files``), make ``pillar['munin_node']['ignore_files']`` a list of values (see ``pillar.example`` for an example of this).
|
||||||
|
|
||||||
|
TLS
|
||||||
|
---
|
||||||
|
Consult http://munin-monitoring.org/wiki/MuninConfigurationNetworkTLS.
|
||||||
|
|
||||||
|
Instructions for the non-paraonid TLS setup:
|
||||||
|
|
||||||
|
1. Generate a private key. For this example, we create a 1024-bit key: ``openssl genrsa -out private.pem 1024``
|
||||||
|
#. Create a Certificate Signing Reqest: ``openssl req -new -key private.pem -out request.csr``
|
||||||
|
#. Generate a self-signed certificate: ``openssl x509 -req -in request.csr -signkey private.pem -out certificate.crt``
|
||||||
|
#. Inline the contents of ``private.pem`` into ``pillar['munin_tls']['private_key']``.
|
||||||
|
#. Inline the contents of ``certificate.crt`` into ``pillar['munin_tls']['certificate_pem']``.
|
||||||
|
#. Optional: delete the ``private.pem``, ``request.csr``, and ``certificate.crt`` files you generated. They aren't really needed now that you've inlined the important stuff into pillar.
|
||||||
|
#. Update your munin config to enable TLS and also to point to the salt-managed PEM files. The default paths where this salt formula puts the PEM files are specified in ``munin/map.jinja``
|
||||||
|
Loading…
Reference in New Issue
Block a user