def generate_cert(name):
"""
Generate an icinga2 certificate and key on the client.
name
The domain name for which this certificate and key will be generated
"""
ret = {"name": name, "changes": {}, "result": True, "comment": ""}
cert = "{0}{1}.crt".format(get_certs_path(), name)
key = "{0}{1}.key".format(get_certs_path(), name)
# Checking if execution is needed.
if os.path.isfile(cert) and os.path.isfile(key):
ret[
"comment"
] = "No execution needed. Cert: {0} and key: {1} already generated.".format(
cert, key
)
return ret
if __opts__["test"]:
ret["result"] = None
ret["comment"] = "Certificate and key generation would be executed"
return ret
# Executing the command.
cert_save = __salt__["icinga2.generate_cert"](name)
if not cert_save["retcode"]:
ret["comment"] = "Certificate and key generated"
ret["changes"]["cert"] = "Executed. Certificate saved: {0}".format(cert)
ret["changes"]["key"] = "Executed. Key saved: {0}".format(key)
return ret
def generate_cert(name):
'''
Generate an icinga2 certificate and key on the client.
name
The domain name for which this certificate and key will be generated
'''
ret = {'name': name,
'changes': {},
'result': True,
'comment': ''}
cert = "{0}{1}.crt".format(get_certs_path(), name)
key = "{0}{1}.key".format(get_certs_path(), name)
# Checking if execution is needed.
if os.path.isfile(cert) and os.path.isfile(key):
ret['comment'] = 'No execution needed. Cert: {0} and key: {1} already generated.'.format(cert, key)
return ret
if __opts__['test']:
ret['result'] = None
ret['comment'] = 'Certificate and key generation would be executed'
return ret
# Executing the command.
cert_save = __salt__['icinga2.generate_cert'](name)
if not cert_save['retcode']:
ret['comment'] = "Certificate and key generated"
ret['changes']['cert'] = "Executed. Certificate saved: {0}".format(cert)
ret['changes']['key'] = "Executed. Key saved: {0}".format(key)
return ret
def save_cert(domain, master):
"""
Save the certificate for master icinga2 node.
Returns::
icinga2 pki save-cert --key /etc/icinga2/pki/domain.tld.key --cert /etc/icinga2/pki/domain.tld.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host master.domain.tld
CLI Example:
.. code-block:: bash
salt '*' icinga2.save_cert domain.tld master.domain.tld
"""
result = __salt__["cmd.run_all"](
[
"icinga2",
"pki",
"save-cert",
"--key",
"{}{}.key".format(get_certs_path(), domain),
"--cert",
"{}{}.cert".format(get_certs_path(), domain),
"--trustedcert",
"{}trusted-master.crt".format(get_certs_path()),
"--host",
master,
],
python_shell=False,
)
return result
def generate_cert(domain):
"""
Generate an icinga2 client certificate and key.
Returns::
icinga2 pki new-cert --cn domain.tld --key /etc/icinga2/pki/domain.tld.key --cert /etc/icinga2/pki/domain.tld.crt
CLI Example:
.. code-block:: bash
salt '*' icinga2.generate_cert domain.tld
"""
result = __salt__["cmd.run_all"](
[
"icinga2",
"pki",
"new-cert",
"--cn",
domain,
"--key",
"{}{}.key".format(get_certs_path(), domain),
"--cert",
"{}{}.crt".format(get_certs_path(), domain),
],
python_shell=False,
)
return result
def request_cert(domain, master, ticket, port):
'''
Request CA cert from master icinga2 node.
Returns::
icinga2 pki request --host master.domain.tld --port 5665 --ticket TICKET_ID --key /etc/icinga2/pki/domain.tld.key --cert /etc/icinga2/pki/domain.tld.crt --trustedcert \
/etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.crt
CLI Example:
.. code-block:: bash
salt '*' icinga2.request_cert domain.tld master.domain.tld TICKET_ID
'''
result = __salt__['cmd.run_all']([
"icinga2", "pki", "request", "--host", master, "--port", port,
"--ticket", ticket, "--key", "{0}{1}.key".format(
get_certs_path(), domain), "--cert", "{0}{1}.crt".format(
get_certs_path(), domain), "--trustedcert",
"{0}trusted-master.crt".format(
get_certs_path()), "--ca", "{0}ca.crt".format(get_certs_path())
],
python_shell=False)
return result
def save_cert(name, master):
'''
Save the certificate on master icinga2 node.
name
The domain name for which this certificate will be saved
master
Icinga2 master node for which this certificate will be saved
'''
ret = {'name': name,
'changes': {},
'result': True,
'comment': ''}
cert = "{0}trusted-master.crt".format(get_certs_path())
# Checking if execution is needed.
if os.path.isfile(cert):
ret['comment'] = 'No execution needed. Cert: {0} already saved.'.format(cert)
return ret
if __opts__['test']:
ret['result'] = None
ret['comment'] = 'Certificate save for icinga2 master would be executed'
return ret
# Executing the command.
cert_save = __salt__['icinga2.save_cert'](name, master)
if not cert_save['retcode']:
ret['comment'] = "Certificate for icinga2 master saved"
ret['changes']['cert'] = "Executed. Certificate saved: {0}".format(cert)
return ret
def save_cert(name, master):
"""
Save the certificate on master icinga2 node.
name
The domain name for which this certificate will be saved
master
Icinga2 master node for which this certificate will be saved
"""
ret = {"name": name, "changes": {}, "result": True, "comment": ""}
cert = "{0}trusted-master.crt".format(get_certs_path())
# Checking if execution is needed.
if os.path.isfile(cert):
ret["comment"] = "No execution needed. Cert: {0} already saved.".format(cert)
return ret
if __opts__["test"]:
ret["result"] = None
ret["comment"] = "Certificate save for icinga2 master would be executed"
return ret
# Executing the command.
cert_save = __salt__["icinga2.save_cert"](name, master)
if not cert_save["retcode"]:
ret["comment"] = "Certificate for icinga2 master saved"
ret["changes"]["cert"] = "Executed. Certificate saved: {0}".format(cert)
return ret
def node_setup(domain, master, ticket):
"""
Setup the icinga2 node.
Returns::
icinga2 node setup --ticket TICKET_ID --endpoint master.domain.tld --zone domain.tld --master_host master.domain.tld --trustedcert \
/etc/icinga2/pki/trusted-master.crt
CLI Example:
.. code-block:: bash
salt '*' icinga2.node_setup domain.tld master.domain.tld TICKET_ID
"""
result = __salt__["cmd.run_all"](
[
"icinga2",
"node",
"setup",
"--ticket",
ticket,
"--endpoint",
master,
"--zone",
domain,
"--master_host",
master,
"--trustedcert",
"{}trusted-master.crt".format(get_certs_path()),
],
python_shell=False,
)
return result
def node_setup(name, master, ticket):
'''
Setup the icinga2 node.
name
The domain name for which this certificate will be saved
master
Icinga2 master node for which this certificate will be saved
ticket
Authentication ticket generated on icinga2 master
'''
ret = {'name': name,
'changes': {},
'result': True,
'comment': ''}
cert = "{0}{1}.crt.orig".format(get_certs_path(), name)
key = "{0}{1}.key.orig".format(get_certs_path(), name)
# Checking if execution is needed.
if os.path.isfile(cert) and os.path.isfile(cert):
ret['comment'] = 'No execution needed. Node already configured.'
return ret
if __opts__['test']:
ret['result'] = None
ret['comment'] = 'Node setup will be executed.'
return ret
# Executing the command.
node_setup = __salt__['icinga2.node_setup'](name, master, ticket)
if not node_setup['retcode']:
ret['comment'] = "Node setup executed."
ret['changes']['cert'] = "Node setup finished successfully."
return ret
ret['comment'] = "FAILED. Node setup failed with outpu: {0}".format(node_setup['stdout'])
ret['result'] = False
return ret
def node_setup(name, master, ticket):
"""
Setup the icinga2 node.
name
The domain name for which this certificate will be saved
master
Icinga2 master node for which this certificate will be saved
ticket
Authentication ticket generated on icinga2 master
"""
ret = {"name": name, "changes": {}, "result": True, "comment": ""}
cert = "{0}{1}.crt.orig".format(get_certs_path(), name)
key = "{0}{1}.key.orig".format(get_certs_path(), name)
# Checking if execution is needed.
if os.path.isfile(cert) and os.path.isfile(cert):
ret["comment"] = "No execution needed. Node already configured."
return ret
if __opts__["test"]:
ret["result"] = None
ret["comment"] = "Node setup will be executed."
return ret
# Executing the command.
node_setup = __salt__["icinga2.node_setup"](name, master, ticket)
if not node_setup["retcode"]:
ret["comment"] = "Node setup executed."
ret["changes"]["cert"] = "Node setup finished successfully."
return ret
ret["comment"] = "FAILED. Node setup failed with outpu: {0}".format(
node_setup["stdout"]
)
ret["result"] = False
return ret
def request_cert(name, master, ticket, port="5665"):
'''
Request CA certificate from master icinga2 node.
name
The domain name for which this certificate will be saved
master
Icinga2 master node for which this certificate will be saved
ticket
Authentication ticket generated on icinga2 master
port
Icinga2 port, defaults to 5665
'''
ret = {'name': name,
'changes': {},
'result': True,
'comment': ''}
cert = "{0}ca.crt".format(get_certs_path())
# Checking if execution is needed.
if os.path.isfile(cert):
ret['comment'] = 'No execution needed. Cert: {0} already exists.'.format(cert)
return ret
if __opts__['test']:
ret['result'] = None
ret['comment'] = 'Certificate request from icinga2 master would be executed'
return ret
# Executing the command.
cert_request = __salt__['icinga2.request_cert'](name, master, ticket, port)
if not cert_request['retcode']:
ret['comment'] = "Certificate request from icinga2 master executed"
ret['changes']['cert'] = "Executed. Certificate requested: {0}".format(cert)
return ret
ret['comment'] = "FAILED. Certificate requested failed with output: {0}".format(cert_request['stdout'])
ret['result'] = False
return ret
def request_cert(name, master, ticket, port="5665"):
"""
Request CA certificate from master icinga2 node.
name
The domain name for which this certificate will be saved
master
Icinga2 master node for which this certificate will be saved
ticket
Authentication ticket generated on icinga2 master
port
Icinga2 port, defaults to 5665
"""
ret = {"name": name, "changes": {}, "result": True, "comment": ""}
cert = "{}ca.crt".format(get_certs_path())
# Checking if execution is needed.
if os.path.isfile(cert):
ret["comment"] = "No execution needed. Cert: {} already exists.".format(
cert)
return ret
if __opts__["test"]:
ret["result"] = None
ret["comment"] = "Certificate request from icinga2 master would be executed"
return ret
# Executing the command.
cert_request = __salt__["icinga2.request_cert"](name, master, ticket, port)
if not cert_request["retcode"]:
ret["comment"] = "Certificate request from icinga2 master executed"
ret["changes"]["cert"] = "Executed. Certificate requested: {}".format(
cert)
return ret
ret["comment"] = "FAILED. Certificate requested failed with output: {}".format(
cert_request["stdout"])
ret["result"] = False
return ret
