salt
/
icinga2-formula
Segui 2
Vota 0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Sfoglia il codice sorgente

Adding multi-master to Icinga2 Formula 

Adding baseline for multi-master to Icinga2 formula
master
Nate Bohman 5 anni fa
parent
3eb444d4e5
commit
44989afea2
6 ha cambiato i file con 101 aggiunte e 19 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. +4
    -0
      icinga2/master.sls
  2. +12
    -1
      icinga2/os_family.yaml
  3. +5
    -0
      icinga2/pki/node.sls
  4. +50
    -0
      icinga2/pki/salt_master_ca_cert.sls
  5. +4
    -5
      icinga2/templates/api.conf.jinja
  6. +26
    -13
      icinga2/templates/zones.conf.jinja

+ 4
- 0
icinga2/master.sls Vedi File

@@ -1,5 +1,7 @@
include:
{% if icinga2.salt_master_ca is False %}
- icinga2.pki.master
{% endif %}
- icinga2.config
- icinga2.features

@@ -7,5 +9,7 @@ extend:
icinga2_api_enable:
file:
- require:
{% if icinga2.salt_master_ca is False %}
- x509: icinga2_node_ca_cert
{% endif %}
- x509: icinga2_node_cert

+ 12
- 1
icinga2/os_family.yaml Vedi File

@@ -5,5 +5,16 @@ Debian:
repo_file: /etc/apt/sources.list.d/icinga2.list
config_dir: /etc/icinga2
ca_dir: /var/lib/icinga2/ca
pki_dir: /etc/icinga2/pki
ca_trusted_root_cert: {{ pillar.salt.ca.trusted_cert_root_debian }}/ca_{{ pillar.salt.domain }}.crt
salt_master_ca: True
pki_dir: /var/lib/icinga2/certs
pki_pkg: python-m2crypto
CentOS:
user: icinga2
group: icinga2
config_dir: /etc/icinga2
ca_dir: /var/lib/icinga2/ca
ca_trusted_root_cert: pillar.salt.ca.trusted_cert_root_centos }}/ca_{{ pillar.salt.domain }}.crt
salt_master_ca: True
pki_dir: /var/lib/icinga2/certs
pki_pkg: python-m2crypto

+ 5
- 0
icinga2/pki/node.sls Vedi File

@@ -1,6 +1,9 @@
{% from 'icinga2/map.jinja' import icinga2 with context %}

include:
{% if icinga2.salt_master_ca is True %}
- icinga2.salt_master_ca_cert
{% else %}
- icinga2.pki.cert

# Get master certificate from mine
@@ -18,3 +21,5 @@ icinga2_node_master_cert_perms:
- group: {{icinga2.group}}
- watch:
- x509: icinga2_node_master_cert

{% endif %}

+ 50
- 0
icinga2/pki/salt_master_ca_cert.sls Vedi File

@@ -0,0 +1,50 @@
{% from 'icinga2/map.jinja' import icinga2 with context %}
{% set fqdn = salt.grains.get('fqdn') %}

# TODO: Import salt_settings same as other modules at Lexicon
# for things like salt_settings.ca.host and
# salt_settings.ca.policy

include:
- icinga2.pki

# Get ca certificate from mine
icinga2_node_ca_cert:
file.symlink:
- name: {{ icinga2.pki_dir }}/ca.crt
- target: {{ icinga2.ca_trusted_root_cert }}
- require:
- file: icinga2_pki_dir

icinga2_node_cert:
x509.certificate_managed:
- name: {{ icinga2.pki_dir }}/{{ fqdn }}.crt
- ca_server: {{ salt_settings.ca.host }}
- signing_policy: {{ salt_settings.ca.policy }}
- public_key: {{ icinga2.pki_dir }}/{{ fqdn }}.key
- CN: {{ fqdn }}
- days_remaining: 30
- backup: True
- managed_private_key:
name: {{ icinga2.pki_dir }}/{{ fqdn }}.key
bits: 4096
backup: True
- require:
- file: icinga2_pki_dir

icinga2_node_key_perms:
file.managed:
- name: {{ icinga2.pki_dir }}/{{ fqdn }}.key
- user: {{ icinga2.user }}
- group: {{ icinga2.group }}
- mode: 600
- watch:
- x509: icinga2_node_cert

icinga2_node_cert_perms:
file.managed:
- name: {{ icinga2.pki_dir }}/{{ fqdn }}.crt
- user: {{ icinga2.user }}
- group: {{ icinga2.group }}
- watch:
- x509: icinga2_node_cert

+ 4
- 5
icinga2/templates/api.conf.jinja Vedi File

@@ -2,11 +2,10 @@
{% set fqdn = salt.grains.get('fqdn') -%}

object ApiListener "api" {
cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
{% if fqdn != icinga2.master_fqdn -%}
cert_path = "{{ icinga2.pki_dir }}/{{ fqdn }}.crt"
key_path = "{{ icinga2.pki_dir }}/{{ fqdn }}.key"
ca_path = "{{ icinga2.pki_dir }}/ca.crt"
accept_config = true
accept_commands = true
{% endif -%}
}

+ 26
- 13
icinga2/templates/zones.conf.jinja Vedi File

@@ -1,23 +1,36 @@
{%- from 'icinga2/map.jinja' import icinga2 with context %}
{%- set fqdn = salt.grains.get('fqdn') -%}

{% if fqdn != icinga2.master_fqdn -%}
object Endpoint "{{icinga2.master_fqdn}}" {
host = "{{icinga2.master_fqdn}}"
port = "5665"
{% if icinga2.get("parent_zone") is not None -%}
object Zone "{{ icinga2.get("parent_zone") }}" {
endpoints = [
{{ icinga2.parent_endpoints }}
]
}
{% endif -%}

object Zone "master" {
endpoints = [ "{{icinga2.master_fqdn}}" ]
object Zone "{{ icinga2.get("zone", fqdn) }}" {
{% if icinga2.get("parent_zone") is not None %}parent = "{{ icinga2.get("parent_zone") }}"{% endif -%}
endpoints = [
"{{ fqdn }}"
]
}
{%- endif %}

object Endpoint NodeName {
object Endpoint "{{ fqdn }}" {
}

object Zone ZoneName {
endpoints = [ NodeName ]
{% if fqdn != icinga2.master_fqdn -%}
parent = "master"
{%- endif %}
{% if icinga2.get("parent_endpoints") is not None -%}
{% for parent_endpoint in icinga2.get("parent_endpoints") -%}
object Endpoint "{{ parent_endpoint }}" {
}
{% endfor -%}
{% endif -%}

/* sync global commands */
object Zone "global-templates" {
global = true
}

object Zone "director-global" {
global = true
}

Write Preview
Loading…
Annulla
Salva