tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

munin: Add TLS support

Browse source 
Closes #1.
This commit is contained in:
Ossi Salmi 2013-06-13 15:18:26 +03:00
parent 28055dcea7
commit 6efac4de21
3 changed files with 74 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
munin/manifests/init.pp
View file

@ -1,12 +1,40 @@
# Install and configure munin node. # Install and configure munin node.
# #
# === Global variables
#
# $munin_tls:
# Enable and require TLS if set to "true".
#
class munin::node { class munin::node {
package { "munin-node": package { "munin-node":
ensure => installed, ensure => installed,
} }
if $munin_tls == "true" {
case $::operatingsystem {
"centos", "redhat", "fedora": {
package { "perl-Net-SSLeay":
ensure => installed,
before => Service["munin-node"],
}
}
"debian", "ubuntu": {
package { "libnet-ssleay-perl":
ensure => installed,
before => Service["munin-node"],
}
}
"openbsd": {
package { "p5-Net-SSLeay":
ensure => installed,
before => Service["munin-node"],
}
}
}
}
service { "munin-node": service { "munin-node":
name => $::operatingsystem ? { name => $::operatingsystem ? {
"openbsd" => "munin_node", "openbsd" => "munin_node",
@ -197,6 +225,11 @@ define munin::plugin($config = "") {
# #
# * Storedconfigs # * Storedconfigs
# #
# === Global variables
#
# $munin_tls:
# Enable and require TLS if set to "true".
#
class munin::server { class munin::server {
package { [ "munin", "munin-cgi" ] : package { [ "munin", "munin-cgi" ] :
@ -299,6 +332,26 @@ class munin::server {
require => File["/var/www/html/munin/cgi"], require => File["/var/www/html/munin/cgi"],
} }
if $munin_tls == "true" {
include ssl
file { "${ssl::certs}/munin.crt":
ensure => present,
source => "${puppet_ssldir}/certs/${homename}.pem",
mode => "0640",
owner => "root",
group => "munin",
require => Package["munin"],
}
file { "${ssl::private}/munin.key":
ensure => present,
source => "${puppet_ssldir}/private_keys/${homename}.pem",
mode => "0640",
owner => "root",
group => "munin",
require => Package["munin"],
}
}
file { "/etc/munin/conf.d": file { "/etc/munin/conf.d":
ensure => directory, ensure => directory,
purge => true, purge => true,
@ -316,7 +369,7 @@ class munin::server {
owner => "root", owner => "root",
group => "root", group => "root",
mode => "0644", mode => "0644",
source => "puppet:///modules/munin/munin.conf", content => template("munin/munin.conf.erb"),
require => Package["munin"], require => Package["munin"],
} }

10
munin/templates/munin-node.conf.erb
View file

@ -45,3 +45,13 @@ host <%= @ipaddress %>
# And which port # And which port
port 4949 port 4949
<% if @munin_tls == "true" -%>
# Require TLS
tls paranoid
tls_verify_certificate yes
tls_ca_certificate <%= @puppet_ssldir %>/certs/ca.pem
tls_certificate <%= @puppet_ssldir %>/certs/<%= @homename %>.pem
tls_private_key <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem
tls_verify_depth 5
<% end -%>

10
munin/files/munin.conf → munin/templates/munin.conf.erb
View file

@ -14,6 +14,16 @@ tmpldir /etc/munin/templates
html_strategy cgi html_strategy cgi
graph_strategy cgi graph_strategy cgi
cgiurl_graph /munin/cgi/munin-cgi-graph cgiurl_graph /munin/cgi/munin-cgi-graph
<% if @munin_tls == "true" -%>
# Require TLS
tls paranoid
tls_verify_certificate yes
tls_ca_certificate <%= @puppet_ssldir %>/certs/ca.pem
tls_certificate <%= scope.lookupvar('ssl::certs') %>/munin.crt
tls_private_key <%= scope.lookupvar('ssl::private') %>/munin.key
tls_verify_depth 5
<% end -%>
# Include nodes # Include nodes
includedir /etc/munin/conf.d includedir /etc/munin/conf.d