Skip to content

Instantly share code, notes, and snippets.

@disassembler disassembler/-
Created Sep 28, 2017

Embed
What would you like to do?
@roles('icingamaster')
def getIcingaTicket(node):
return sudo('icinga2 pki ticket --cn ' + node)
@roles('icingamaster')
def getIcingaMasterCert():
get('/etc/icinga2/pki/' + env.host + '.crt', 'trusted-master.crt', use_sudo=True)
def setupIcinga():
host = env.host
sudo('mkdir -p /etc/icinga2/pki')
sudo('chown -R icinga:icinga /etc/icinga2/pki')
sudo('chmod 0700 /etc/icinga2/pki')
sudo('icinga2 pki new-cert --cn ' + host + ' --key /etc/icinga2/pki/' + host + '.key --cert /etc/icinga2/pki/' + host + '.crt')
execute(getIcingaMasterCert)
master_host = env.roledefs['icingamaster'][0]
put('trusted-master.crt', '/etc/icinga2/pki/trusted-master.crt', use_sudo=True)
sudo('chown -R icinga:icinga /etc/icinga2/pki/trusted-master.crt')
sudo('icinga2 pki save-cert --key /etc/icinga2/pki/' + host + '.key --cert /etc/icinga2/pki/' + host + '.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host ' + master_host)
print master_host
ticket = execute(getIcingaTicket, host)[master_host]
sudo('icinga2 pki request --host ' + master_host + ' --port 5665 --ticket ' + ticket + ' --key /etc/icinga2/pki/' + host + '.key --cert /etc/icinga2/pki/' + host + '.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.crt')
sudo('icinga2 node setup --ticket ' + ticket + ' --cn ' + env.host + ' --endpoint ' + master_host + ' --zone ' + env.host + ' --master_host ' + master_host + ' --trustedcert /etc/icinga2/pki/trusted-master.crt --accept-commands --accept-config')
sudo('systemctl restart icinga2')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.