Skip to content

Commit

Permalink
fix #367, #366 and remove management of conf_dir
Browse files Browse the repository at this point in the history
  • Loading branch information
lbetz committed Sep 5, 2017
1 parent 13d33c6 commit 58095b9
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 46 deletions.
35 changes: 10 additions & 25 deletions manifests/feature/api.pp
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,8 @@
# pki directory must exists and icinga binary is required for icinga2 pki
require ::icinga2::install

$icinga2_bin = $::icinga2::params::icinga2_bin
$bin_dir = $::icinga2::params::bin_dir
$conf_dir = $::icinga2::params::conf_dir
$pki_dir = $::icinga2::params::pki_dir
$ca_dir = $::icinga2::params::ca_dir
Expand All @@ -189,11 +191,6 @@
group => $group,
}

Exec {
user => 'root',
path => $::path,
}

# validation
validate_re($ensure, [ '^present$', '^absent$' ],
"${ensure} isn't supported. Valid values are 'present' and 'absent'.")
Expand Down Expand Up @@ -314,43 +311,31 @@
$ticket_id = icinga2_ticket_id($node_name, $ticket_salt)
$trusted_cert = "${pki_dir}/trusted-cert.crt"

exec { 'icinga2 pki create key':
command => "icinga2 pki new-cert --cn '${node_name}' --key '${_ssl_key_path}' --cert '${_ssl_cert_path}'",
creates => $_ssl_key_path,
Exec {
path => $bin_dir,
notify => Class['::icinga2::service'],
}

-> file {
$_ssl_key_path:
mode => '0600';
$_ssl_cert_path:
exec { 'icinga2 pki create key':
command => "${icinga2_bin} pki new-cert --cn ${node_name} --key ${_ssl_key_path} --cert ${_ssl_cert_path}",
creates => $_ssl_key_path,
}

-> exec { 'icinga2 pki get trusted-cert':
command => "icinga2 pki save-cert --host '${ca_host}' --port ${ca_port} --key '${_ssl_key_path}' --cert '${_ssl_cert_path}' --trustedcert '${trusted_cert}'",
command => "${icinga2_bin} pki save-cert --host ${ca_host} --port ${ca_port} --key ${_ssl_key_path} --cert ${_ssl_cert_path} --trustedcert ${trusted_cert}",
creates => $trusted_cert,
notify => Class['::icinga2::service'],
}

-> file { $trusted_cert:
ensure => file,
}

-> exec { 'icinga2 pki request':
command => "icinga2 pki request --host '${ca_host}' --port ${ca_port} --ca '${_ssl_cacert_path}' --key '${_ssl_key_path}' --cert '${_ssl_cert_path}' --trustedcert '${trusted_cert}' --ticket '${ticket_id}'",
command => "${icinga2_bin} pki request --host ${ca_host} --port ${ca_port} --ca ${_ssl_cacert_path} --key ${_ssl_key_path} --cert ${_ssl_cert_path} --trustedcert ${trusted_cert} --ticket ${ticket_id}",
creates => $_ssl_cacert_path,
notify => Class['::icinga2::service'],
}

-> file { $_ssl_cacert_path:
ensure => file,
}
} # icinga2

'ca': {
class { '::icinga2::pki::ca': }

notice('This parameter is deprecated and will be removed in future versions! Please use ::icinga2::pki::ca instead')
warning('This parameter is deprecated and will be removed in future versions! Please use ::icinga2::pki::ca instead')
} # ca
} # case pki

Expand Down
9 changes: 1 addition & 8 deletions manifests/install.pp
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@
assert_private()

$package = $::icinga2::params::package
$conf_dir = $::icinga2::params::conf_dir
$purge_features = $::icinga2::purge_features
$manage_package = $::icinga2::manage_package
$pki_dir = $::icinga2::params::pki_dir
$user = $::icinga2::params::user
Expand All @@ -29,18 +27,13 @@

package { $package:
ensure => installed,
before => File["${conf_dir}/features-enabled", $pki_dir, $conf_dir],
before => File[$pki_dir],
}
}

# anchor, i.e. for config directory set by confd parameter
file { $conf_dir:
ensure => directory,
}
file { $pki_dir:
ensure => directory,
owner => $user,
group => $group,
recurse => true,
}
}
7 changes: 6 additions & 1 deletion manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@
case $::kernel {

'linux': {
$icinga2_bin = 'icinga2'
$bin_dir = '/sbin'
$conf_dir = '/etc/icinga2'
$log_dir = '/var/log/icinga2'
$run_dir = '/var/run/icinga2'
Expand Down Expand Up @@ -134,8 +136,11 @@
} # Linux

'windows': {
$user = 'SYSTEM'
#$user = 'SYSTEM'
$user = undef
$group = undef
$icinga2_bin = 'icinga2.exe'
$bin_dir = 'C:/Program Files/icinga2/sbin'
$conf_dir = 'C:/ProgramData/icinga2/etc/icinga2'
$log_dir = 'C:/ProgramData/icinga2/var/log/icinga2'
$run_dir = 'C:/ProgramData/icinga2/var/run/icinga2'
Expand Down
12 changes: 0 additions & 12 deletions spec/classes/api_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -76,21 +76,13 @@
it { is_expected.to contain_exec('icinga2 pki create key') }
it { is_expected.to contain_exec('icinga2 pki get trusted-cert') }
it { is_expected.to contain_exec('icinga2 pki request') }

it { is_expected.to contain_file('/etc/icinga2/pki/host.example.org.key') }
it { is_expected.to contain_file('/etc/icinga2/pki/host.example.org.crt') }
it { is_expected.to contain_file('/etc/icinga2/pki/ca.crt') }
end

context "#{os} with pki => ca" do
let(:params) { {:pki => 'ca'} }

it { is_expected.to contain_exec('icinga2 pki create certificate signing request') }
it { is_expected.to contain_exec('icinga2 pki sign certificate') }

it { is_expected.to contain_file('/etc/icinga2/pki/host.example.org.key') }
it { is_expected.to contain_file('/etc/icinga2/pki/host.example.org.crt') }
it { is_expected.to contain_file('/etc/icinga2/pki/ca.crt') }
end

context "#{os} with pki => foo (not a valid value)" do
Expand Down Expand Up @@ -384,10 +376,6 @@
it { is_expected.to contain_exec('icinga2 pki create key') }
it { is_expected.to contain_exec('icinga2 pki get trusted-cert') }
it { is_expected.to contain_exec('icinga2 pki request') }

it { is_expected.to contain_file('C:/ProgramData/icinga2/etc/icinga2/pki/host.example.org.key') }
it { is_expected.to contain_file('C:/ProgramData/icinga2/etc/icinga2/pki/host.example.org.crt') }
it { is_expected.to contain_file('C:/ProgramData/icinga2/etc/icinga2/pki/ca.crt') }
end


Expand Down

0 comments on commit 58095b9

Please sign in to comment.