def generate_cert(name): """ Generate an icinga2 certificate and key on the client. name The domain name for which this certificate and key will be generated """ ret = {"name": name, "changes": {}, "result": True, "comment": ""} cert = "{0}{1}.crt".format(get_certs_path(), name) key = "{0}{1}.key".format(get_certs_path(), name) # Checking if execution is needed. if os.path.isfile(cert) and os.path.isfile(key): ret[ "comment" ] = "No execution needed. Cert: {0} and key: {1} already generated.".format( cert, key ) return ret if __opts__["test"]: ret["result"] = None ret["comment"] = "Certificate and key generation would be executed" return ret # Executing the command. cert_save = __salt__["icinga2.generate_cert"](name) if not cert_save["retcode"]: ret["comment"] = "Certificate and key generated" ret["changes"]["cert"] = "Executed. Certificate saved: {0}".format(cert) ret["changes"]["key"] = "Executed. Key saved: {0}".format(key) return ret
def generate_cert(name): ''' Generate an icinga2 certificate and key on the client. name The domain name for which this certificate and key will be generated ''' ret = {'name': name, 'changes': {}, 'result': True, 'comment': ''} cert = "{0}{1}.crt".format(get_certs_path(), name) key = "{0}{1}.key".format(get_certs_path(), name) # Checking if execution is needed. if os.path.isfile(cert) and os.path.isfile(key): ret['comment'] = 'No execution needed. Cert: {0} and key: {1} already generated.'.format(cert, key) return ret if __opts__['test']: ret['result'] = None ret['comment'] = 'Certificate and key generation would be executed' return ret # Executing the command. cert_save = __salt__['icinga2.generate_cert'](name) if not cert_save['retcode']: ret['comment'] = "Certificate and key generated" ret['changes']['cert'] = "Executed. Certificate saved: {0}".format(cert) ret['changes']['key'] = "Executed. Key saved: {0}".format(key) return ret
def save_cert(domain, master): """ Save the certificate for master icinga2 node. Returns:: icinga2 pki save-cert --key /etc/icinga2/pki/domain.tld.key --cert /etc/icinga2/pki/domain.tld.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host master.domain.tld CLI Example: .. code-block:: bash salt '*' icinga2.save_cert domain.tld master.domain.tld """ result = __salt__["cmd.run_all"]( [ "icinga2", "pki", "save-cert", "--key", "{}{}.key".format(get_certs_path(), domain), "--cert", "{}{}.cert".format(get_certs_path(), domain), "--trustedcert", "{}trusted-master.crt".format(get_certs_path()), "--host", master, ], python_shell=False, ) return result
def generate_cert(domain): """ Generate an icinga2 client certificate and key. Returns:: icinga2 pki new-cert --cn domain.tld --key /etc/icinga2/pki/domain.tld.key --cert /etc/icinga2/pki/domain.tld.crt CLI Example: .. code-block:: bash salt '*' icinga2.generate_cert domain.tld """ result = __salt__["cmd.run_all"]( [ "icinga2", "pki", "new-cert", "--cn", domain, "--key", "{}{}.key".format(get_certs_path(), domain), "--cert", "{}{}.crt".format(get_certs_path(), domain), ], python_shell=False, ) return result
def request_cert(domain, master, ticket, port): ''' Request CA cert from master icinga2 node. Returns:: icinga2 pki request --host master.domain.tld --port 5665 --ticket TICKET_ID --key /etc/icinga2/pki/domain.tld.key --cert /etc/icinga2/pki/domain.tld.crt --trustedcert \ /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.crt CLI Example: .. code-block:: bash salt '*' icinga2.request_cert domain.tld master.domain.tld TICKET_ID ''' result = __salt__['cmd.run_all']([ "icinga2", "pki", "request", "--host", master, "--port", port, "--ticket", ticket, "--key", "{0}{1}.key".format( get_certs_path(), domain), "--cert", "{0}{1}.crt".format( get_certs_path(), domain), "--trustedcert", "{0}trusted-master.crt".format( get_certs_path()), "--ca", "{0}ca.crt".format(get_certs_path()) ], python_shell=False) return result
def save_cert(name, master): ''' Save the certificate on master icinga2 node. name The domain name for which this certificate will be saved master Icinga2 master node for which this certificate will be saved ''' ret = {'name': name, 'changes': {}, 'result': True, 'comment': ''} cert = "{0}trusted-master.crt".format(get_certs_path()) # Checking if execution is needed. if os.path.isfile(cert): ret['comment'] = 'No execution needed. Cert: {0} already saved.'.format(cert) return ret if __opts__['test']: ret['result'] = None ret['comment'] = 'Certificate save for icinga2 master would be executed' return ret # Executing the command. cert_save = __salt__['icinga2.save_cert'](name, master) if not cert_save['retcode']: ret['comment'] = "Certificate for icinga2 master saved" ret['changes']['cert'] = "Executed. Certificate saved: {0}".format(cert) return ret
def save_cert(name, master): """ Save the certificate on master icinga2 node. name The domain name for which this certificate will be saved master Icinga2 master node for which this certificate will be saved """ ret = {"name": name, "changes": {}, "result": True, "comment": ""} cert = "{0}trusted-master.crt".format(get_certs_path()) # Checking if execution is needed. if os.path.isfile(cert): ret["comment"] = "No execution needed. Cert: {0} already saved.".format(cert) return ret if __opts__["test"]: ret["result"] = None ret["comment"] = "Certificate save for icinga2 master would be executed" return ret # Executing the command. cert_save = __salt__["icinga2.save_cert"](name, master) if not cert_save["retcode"]: ret["comment"] = "Certificate for icinga2 master saved" ret["changes"]["cert"] = "Executed. Certificate saved: {0}".format(cert) return ret
def node_setup(domain, master, ticket): """ Setup the icinga2 node. Returns:: icinga2 node setup --ticket TICKET_ID --endpoint master.domain.tld --zone domain.tld --master_host master.domain.tld --trustedcert \ /etc/icinga2/pki/trusted-master.crt CLI Example: .. code-block:: bash salt '*' icinga2.node_setup domain.tld master.domain.tld TICKET_ID """ result = __salt__["cmd.run_all"]( [ "icinga2", "node", "setup", "--ticket", ticket, "--endpoint", master, "--zone", domain, "--master_host", master, "--trustedcert", "{}trusted-master.crt".format(get_certs_path()), ], python_shell=False, ) return result
def node_setup(name, master, ticket): ''' Setup the icinga2 node. name The domain name for which this certificate will be saved master Icinga2 master node for which this certificate will be saved ticket Authentication ticket generated on icinga2 master ''' ret = {'name': name, 'changes': {}, 'result': True, 'comment': ''} cert = "{0}{1}.crt.orig".format(get_certs_path(), name) key = "{0}{1}.key.orig".format(get_certs_path(), name) # Checking if execution is needed. if os.path.isfile(cert) and os.path.isfile(cert): ret['comment'] = 'No execution needed. Node already configured.' return ret if __opts__['test']: ret['result'] = None ret['comment'] = 'Node setup will be executed.' return ret # Executing the command. node_setup = __salt__['icinga2.node_setup'](name, master, ticket) if not node_setup['retcode']: ret['comment'] = "Node setup executed." ret['changes']['cert'] = "Node setup finished successfully." return ret ret['comment'] = "FAILED. Node setup failed with outpu: {0}".format(node_setup['stdout']) ret['result'] = False return ret
def node_setup(name, master, ticket): """ Setup the icinga2 node. name The domain name for which this certificate will be saved master Icinga2 master node for which this certificate will be saved ticket Authentication ticket generated on icinga2 master """ ret = {"name": name, "changes": {}, "result": True, "comment": ""} cert = "{0}{1}.crt.orig".format(get_certs_path(), name) key = "{0}{1}.key.orig".format(get_certs_path(), name) # Checking if execution is needed. if os.path.isfile(cert) and os.path.isfile(cert): ret["comment"] = "No execution needed. Node already configured." return ret if __opts__["test"]: ret["result"] = None ret["comment"] = "Node setup will be executed." return ret # Executing the command. node_setup = __salt__["icinga2.node_setup"](name, master, ticket) if not node_setup["retcode"]: ret["comment"] = "Node setup executed." ret["changes"]["cert"] = "Node setup finished successfully." return ret ret["comment"] = "FAILED. Node setup failed with outpu: {0}".format( node_setup["stdout"] ) ret["result"] = False return ret
def request_cert(name, master, ticket, port="5665"): ''' Request CA certificate from master icinga2 node. name The domain name for which this certificate will be saved master Icinga2 master node for which this certificate will be saved ticket Authentication ticket generated on icinga2 master port Icinga2 port, defaults to 5665 ''' ret = {'name': name, 'changes': {}, 'result': True, 'comment': ''} cert = "{0}ca.crt".format(get_certs_path()) # Checking if execution is needed. if os.path.isfile(cert): ret['comment'] = 'No execution needed. Cert: {0} already exists.'.format(cert) return ret if __opts__['test']: ret['result'] = None ret['comment'] = 'Certificate request from icinga2 master would be executed' return ret # Executing the command. cert_request = __salt__['icinga2.request_cert'](name, master, ticket, port) if not cert_request['retcode']: ret['comment'] = "Certificate request from icinga2 master executed" ret['changes']['cert'] = "Executed. Certificate requested: {0}".format(cert) return ret ret['comment'] = "FAILED. Certificate requested failed with output: {0}".format(cert_request['stdout']) ret['result'] = False return ret
def request_cert(name, master, ticket, port="5665"): """ Request CA certificate from master icinga2 node. name The domain name for which this certificate will be saved master Icinga2 master node for which this certificate will be saved ticket Authentication ticket generated on icinga2 master port Icinga2 port, defaults to 5665 """ ret = {"name": name, "changes": {}, "result": True, "comment": ""} cert = "{}ca.crt".format(get_certs_path()) # Checking if execution is needed. if os.path.isfile(cert): ret["comment"] = "No execution needed. Cert: {} already exists.".format( cert) return ret if __opts__["test"]: ret["result"] = None ret["comment"] = "Certificate request from icinga2 master would be executed" return ret # Executing the command. cert_request = __salt__["icinga2.request_cert"](name, master, ticket, port) if not cert_request["retcode"]: ret["comment"] = "Certificate request from icinga2 master executed" ret["changes"]["cert"] = "Executed. Certificate requested: {}".format( cert) return ret ret["comment"] = "FAILED. Certificate requested failed with output: {}".format( cert_request["stdout"]) ret["result"] = False return ret