[icinga-checkins] icinga.org: chef-icinga2/master: Add pki ticket generation through environment provider

git at icinga.org git at icinga.org
Sat Jul 16 19:49:35 CEST 2016


Module: chef-icinga2
Branch: master
Commit: 6a060adc7de8a8f87bfab9c87146a525677e33b5
URL:    https://git.icinga.org/?p=chef-icinga2.git;a=commit;h=6a060adc7de8a8f87bfab9c87146a525677e33b5

Author: Thomas Peitz <thomas.peitz at invision.de>
Date:   Thu Jun 16 11:18:43 2016 +0200

Add pki ticket generation through environment provider

---

 libraries/provider_environment.rb |   44 +++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/libraries/provider_environment.rb b/libraries/provider_environment.rb
index 9c95161..3b0275c 100644
--- a/libraries/provider_environment.rb
+++ b/libraries/provider_environment.rb
@@ -123,6 +123,7 @@ class Chef
         return true if hosts_template.updated? || create_hostgroups(env_resources)
         return true if hosts_template.updated? || create_endpoints(env_resources)
         return true if hosts_template.updated? || create_zones(env_resources)
+        return true if hosts_template.updated? || create_pki_tickets(env_resources)
       end
 
       def create_hostgroups(env_resources)
@@ -171,6 +172,49 @@ class Chef
 
         zone_template.updated?
       end
+
+      def create_pki_tickets(env_resources)
+        env       = new_resource.environment
+        salt      = new_resource.pki_ticket_salt
+        nodes     = env_resources['nodes']
+        all_fqdns = nodes.map { |n| n[1]['fqdn'] }
+        tickets   = {}
+
+        begin
+          databag_item = data_bag_item('icinga2', "#{env}-pki-tickets")
+          tickets      = databag_item['tickets']
+
+          if tickets['salt'] != salt
+            uncreated_tickets_fqdns = all_fqdns
+          else
+            tickets_fqdns = tickets.map { |k, _v| k }
+            uncreated_tickets_fqdns = all_fqdns - tickets_fqdns
+          end
+        rescue
+          uncreated_tickets_fqdns = all_fqdns
+        end
+
+        unless uncreated_tickets_fqdns.empty?
+          uncreated_tickets_fqdns.each do |f|
+            ruby_block "Create PKI-Ticket #{f}" do
+              block do
+                ticket_bash = Mixlib::ShellOut.new("icinga2 pki ticket --cn #{f} --salt #{salt}")
+                ticket_bash.run_command
+                tickets[f] = ticket_bash.stdout.chomp
+                databag_item = Chef::DataBagItem.new
+                databag_item.data_bag('icinga2')
+                databag_item.raw_data = {
+                  'id'      => "#{env}-pki-tickets",
+                  'tickets' => tickets,
+                  'salt'    => salt
+                }
+                databag_item.save
+              end
+              action :create
+            end
+          end
+        end
+      end
     end
   end
 end



More information about the icinga-checkins mailing list