You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
- {% from 'icinga2/map.jinja' import icinga2 with context %}
-
- include:
- - icinga2.pki
-
- icinga2_ca_dir:
- file.directory:
- - name: {{icinga2.ca_dir}}
- - user: {{icinga2.user}}
- - group: {{icinga2.group}}
-
- icinga2_ca_key:
- x509.private_key_managed:
- - name: {{icinga2.ca_dir}}/ca.key
- - bits: 4096
- - backup: True
- - require:
- - file: icinga2_ca_dir
-
- icinga2_ca_key_perms:
- file.managed:
- - name: {{icinga2.ca_dir}}/ca.key
- - user: {{icinga2.user}}
- - group: {{icinga2.group}}
- - mode: 600
- - watch:
- - x509: icinga2_ca_key
-
- icinga2_ca_cert:
- x509.certificate_managed:
- - name: {{icinga2.ca_dir}}/ca.crt
- - signing_private_key: {{icinga2.ca_dir}}/ca.key
- - CN: 'Icinga2 CA'
- - basicConstraints: "critical CA:true"
- - days_valid: 3650
- - backup: True
- - require:
- - x509: icinga2_ca_key
-
- icinga2_ca_cert_perms:
- file.managed:
- - name: {{icinga2.ca_dir}}/ca.crt
- - user: {{icinga2.user}}
- - group: {{icinga2.group}}
- - watch:
- - x509: icinga2_ca_cert
-
- /etc/salt/minion.d/signing_policies.conf:
- file.managed:
- - source: salt://icinga2/pki/signing_policies.conf
- - template: jinja
- - require:
- - x509: icinga2_ca_cert
-
- # Restart the salt minion if the signing_policies changes
- icinga2_restart_ca_minion:
- module.wait:
- - name: service.restart
- - m_name: salt-minion
- - watch:
- - file: /etc/salt/minion.d/signing_policies.conf
-
- # Save the ca certificate in mine so the minions can collect it
- icinga2_mine_ca_cert:
- module.run:
- - name: mine.update
- - onchanges:
- - x509: icinga2_ca_cert
|
