munin-master: Force TLS when connecting to nodes
This commit is contained in:
parent
15fec6b391
commit
5d83306491
2 changed files with 19 additions and 0 deletions
|
|
@ -12,6 +12,12 @@
|
||||||
owner: munin
|
owner: munin
|
||||||
group: apache
|
group: apache
|
||||||
|
|
||||||
|
- name: add munin to hostkey group
|
||||||
|
user:
|
||||||
|
name: munin
|
||||||
|
groups: hostkey
|
||||||
|
append: yes
|
||||||
|
|
||||||
- name: create apache config
|
- name: create apache config
|
||||||
copy:
|
copy:
|
||||||
dest: /etc/httpd/conf.local.d/munin.conf
|
dest: /etc/httpd/conf.local.d/munin.conf
|
||||||
|
|
@ -21,6 +27,14 @@
|
||||||
group: "{{ ansible_wheel }}"
|
group: "{{ ansible_wheel }}"
|
||||||
notify: restart apache
|
notify: restart apache
|
||||||
|
|
||||||
|
- name: create tls config
|
||||||
|
template:
|
||||||
|
dest: /etc/munin/conf.d/00-tls.conf
|
||||||
|
src: tls.conf.j2
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: "{{ ansible_wheel }}"
|
||||||
|
|
||||||
- name: remove localhost node
|
- name: remove localhost node
|
||||||
file:
|
file:
|
||||||
path: /etc/munin/conf.d/local.conf
|
path: /etc/munin/conf.d/local.conf
|
||||||
|
|
|
||||||
5
roles/munin-master/templates/tls.conf.j2
Normal file
5
roles/munin-master/templates/tls.conf.j2
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
tls paranoid
|
||||||
|
tls_verify_certificate yes
|
||||||
|
tls_private_key {{ tls_private }}/{{ inventory_hostname }}.key
|
||||||
|
tls_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt
|
||||||
|
tls_ca_certificate {{ tls_certs }}/ca.crt
|
||||||
Loading…
Add table
Add a link
Reference in a new issue