You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
- {% from 'icinga2/map.jinja' import icinga2 with context %}
- {% set fqdn = salt.grains.get('fqdn') %}
-
- # TODO: Import salt_settings same as other modules at Lexicon
- # for things like salt_settings.ca.host and
- # salt_settings.ca.policy
-
- include:
- - icinga2.pki
-
- # Get ca certificate from mine
- icinga2_node_ca_cert:
- file.symlink:
- - name: {{ icinga2.pki_dir }}/ca.crt
- - target: {{ icinga2.ca_trusted_root_cert }}
- - require:
- - file: icinga2_pki_dir
-
- icinga2_node_cert:
- x509.certificate_managed:
- - name: {{ icinga2.pki_dir }}/{{ fqdn }}.crt
- - ca_server: {{ salt_settings.ca.host }}
- - signing_policy: {{ salt_settings.ca.policy }}
- - public_key: {{ icinga2.pki_dir }}/{{ fqdn }}.key
- - CN: {{ fqdn }}
- - days_remaining: 30
- - backup: True
- - managed_private_key:
- name: {{ icinga2.pki_dir }}/{{ fqdn }}.key
- bits: 4096
- backup: True
- - require:
- - file: icinga2_pki_dir
-
- icinga2_node_key_perms:
- file.managed:
- - name: {{ icinga2.pki_dir }}/{{ fqdn }}.key
- - user: {{ icinga2.user }}
- - group: {{ icinga2.group }}
- - mode: 600
- - watch:
- - x509: icinga2_node_cert
-
- icinga2_node_cert_perms:
- file.managed:
- - name: {{ icinga2.pki_dir }}/{{ fqdn }}.crt
- - user: {{ icinga2.user }}
- - group: {{ icinga2.group }}
- - watch:
- - x509: icinga2_node_cert
|
