Created
April 18, 2016 12:14
-
-
Save chbiel/585625be2632619fca128738c26c7fd7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
state.sls: | |
#!py | |
import yaml | |
import logging | |
log = logging.getLogger(__name__) | |
def run(): | |
config = {} | |
config['icinga2'] = { | |
'pkg': [ | |
'installed', | |
[ | |
'require', | |
{'pkgrepo': 'icinga_repo'} | |
] | |
], | |
'service': [ | |
'running', | |
{'enable': True} | |
] | |
} | |
config['icinga_repo'] = { | |
'pkgrepo': [ | |
'managed', | |
{ | |
'gpgkey': 'http://packages.icinga.org/icinga.key', | |
'gpgcheck': 1, | |
'humanname': 'icinga_official', | |
'baseurl': 'http://packages.icinga.org/epel/$releasever/release/', | |
'name': 'icinga-release' | |
} | |
] | |
} | |
config['/etc/icinga2/pki'] = { | |
'file': [ | |
'directory', | |
{ | |
'user': 'icinga', | |
'group': 'icinga', | |
'dir_mode': 755, | |
'require': {'pkg': 'icinga2'} | |
} | |
] | |
} | |
if __salt__['cmd.retcode']("test -f /etc/icinga2/pki/" + __grains__['fqdn'] + ".key") == 1: | |
config['create-icinga2-self-signed-key'] = { | |
'cmd': [ | |
'run', | |
{ | |
'name': "icinga2 pki new-cert --cn " + __grains__['fqdn'] + " --key /etc/icinga2/pki/" + __grains__['fqdn'] + ".key --cert /etc/icinga2/pki/" + __grains__['fqdn'] + ".crt" | |
} | |
] | |
} | |
config['query-for-icing2-master-cert'] = { | |
'cmd': [ | |
'run', | |
{ | |
'name': "icinga2 pki save-cert --key /etc/icinga2/pki/" + __grains__['fqdn'] + ".key --cert /etc/icinga2/pki/" + __grains__['fqdn'] + ".crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host " + __pillar__['icinga2']['master'] | |
} | |
] | |
} | |
# TODO this is very bad and should be changed!!! | |
commandreturn = __salt__['cmd.run']("salt-call publish.publish '" + __pillar__['icinga2']['master'] + "' cmd.run 'icinga2 pki ticket --cn " + __grains__['fqdn'] + "'").splitlines(True) | |
commandreturn.pop(0) | |
commandreturn.pop(0) | |
commandreturn.pop(1) | |
icing2masterticket = yaml.load(''.join(commandreturn)) | |
log.debug(icing2masterticket) | |
config['request-ticket-on-icinga2-master'] = { | |
'cmd': [ | |
'run', | |
{ | |
'name': "icinga2 node setup --ticket " + icing2masterticket['local'][__pillar__['icinga2']['master']] + " --endpoint " + __pillar__['icinga2']['master'] + " --zone " + __grains__['fqdn'] + " --master_host " + __pillar__['icinga2']['master'] + " --trustedcert /etc/icinga2/pki/trusted-master.crt" | |
} | |
] | |
} | |
config['icinga2-service-restart'] = { | |
'cmd': [ | |
'run', | |
{ | |
'name': "service icinga2 restart" | |
} | |
] | |
} | |
log.debug(config) | |
return config | |
Result (config): | |
{'/etc/icinga2/pki': {'file': ['directory', {'dir_mode': 755, 'require': {'pkg': 'icinga2'}, 'group': 'icinga', 'user': 'icinga'}]}, 'create-icing | |
a2-self-signed-key': {'cmd': ['run', {'name': 'icinga2 pki new-cert --cn myhost --key /etc/icinga2/pki/hmb1s91020.business.jung | |
heinrich.com.key --cert /etc/icinga2/pki/myhost.crt'}]}, 'request-ticket-on-icinga2-master': {'cmd': ['run', {'name': 'icinga2 | |
node setup --ticket 123icingamasterkey456 --endpoint mymasterhost --zone myhost -- | |
master_host mymasterhost --trustedcert /etc/icinga2/pki/trusted-master.crt'}]}, 'query-for-icing2-master-cert': {'cmd': ['run', {'n | |
ame': 'icinga2 pki save-cert --key /etc/icinga2/pki/myhost.key --cert /etc/icinga2/pki/myhost.crt | |
--trustedcert /etc/icinga2/pki/trusted-master.crt --host mymasterhost'}]}, 'icinga2-service-restart': {'cmd': ['run', {'name': 'se | |
rvice icinga2 restart'}]}, 'icinga2': {'pkg': ['installed', ['require', {'pkgrepo': 'icinga_repo'}]], 'service': ['running', {'enable': True}]}, 'icinga_repo | |
': {'pkgrepo': ['managed', {'gpgcheck': 1, 'gpgkey': 'http://packages.icinga.org/icinga.key', 'baseurl': 'http://packages.icinga.org/epel/$releasever/release | |
/', 'name': 'icinga-release', 'humanname': 'icinga_official'}]}} | |
Error: | |
[WARNING ] Passed invalid arguments to state.apply: string indices must be integers, not str | |
.. versionadded:: 2015.5.0 | |
Apply states! This function will call highstate or state.sls based on the | |
arguments passed in, state.apply is intended to be the main gateway for | |
all state executions. | |
CLI Example: | |
.. code-block:: bash | |
salt '*' state.apply | |
salt '*' state.apply test | |
salt '*' state.apply test,pkgs | |
Traceback (most recent call last): | |
File "/usr/lib/python2.7/site-packages/salt/minion.py", line 1071, in _thread_return | |
return_data = func(*args, **kwargs) | |
File "/usr/lib/python2.7/site-packages/salt/modules/state.py", line 324, in apply_ | |
return sls(mods, **kwargs) | |
File "/usr/lib/python2.7/site-packages/salt/modules/state.py", line 760, in sls | |
ret = st_.state.call_high(high_) | |
File "/usr/lib/python2.7/site-packages/salt/state.py", line 2158, in call_high | |
ret = dict(list(disabled.items()) + list(self.call_chunks(chunks).items())) | |
File "/usr/lib/python2.7/site-packages/salt/state.py", line 1690, in call_chunks | |
running = self.call_chunk(low, running, chunks) | |
File "/usr/lib/python2.7/site-packages/salt/state.py", line 1865, in call_chunk | |
status, reqs = self.check_requisite(low, running, chunks, True) | |
File "/usr/lib/python2.7/site-packages/salt/state.py", line 1748, in check_requisite | |
req_val = req[req_key] | |
TypeError: string indices must be integers, not str |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment