Fixes icinga2 certs path for newer versions 2.8+

salt/modules/icinga2.py

@@ -10,11 +10,11 @@
 # Import python libs
 from __future__ import absolute_import, print_function, unicode_literals
 import logging
-import subprocess
 
 # Import Salt libs
 import salt.utils.path
 import salt.utils.platform
+from salt.utils.icinga2 import get_certs_path, execute
 
 log = logging.getLogger(__name__)
 
@@ -32,18 +32,6 @@ def __virtual__():
     return (False, 'Icinga2 not installed.')
 
 
-def _execute(cmd, ret_code=False):
-    process = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
-    if ret_code:
-        return process.wait()
-    output, error = process.communicate()
-    if output:
-        log.debug(output)
-        return output
-    log.debug(error)
-    return error
-
-
 def generate_ticket(domain):
     '''
     Generate and save an icinga2 ticket.
@@ -58,7 +46,7 @@ def generate_ticket(domain):
         salt '*' icinga2.generate_ticket domain.tld
 
     '''
-    result = _execute(["icinga2", "pki", "ticket", "--cn", domain])
+    result = execute(["icinga2", "pki", "ticket", "--cn", domain])
     return result
 
 
@@ -76,7 +64,7 @@ def generate_cert(domain):
         salt '*' icinga2.generate_cert domain.tld
 
     '''
-    result = _execute(["icinga2", "pki", "new-cert", "--cn", domain, "--key", "/etc/icinga2/pki/{0}.key".format(domain), "--cert", "/etc/icinga2/pki/{0}.crt".format(domain)], ret_code=True)
+    result = execute(["icinga2", "pki", "new-cert", "--cn", domain, "--key", "{0}{1}.key".format(get_certs_path(), domain), "--cert", "{0}{1}.crt".format(get_certs_path(), domain)], ret_code=True)
     return result
 
 
@@ -94,8 +82,8 @@ def save_cert(domain, master):
         salt '*' icinga2.save_cert domain.tld master.domain.tld
 
     '''
-    result = _execute(["icinga2", "pki", "save-cert", "--key", "/etc/icinga2/pki/{0}.key".format(domain), "--cert", "/etc/icinga2/pki/{0}.cert".format(domain), "--trustedcert",
-                       "/etc/icinga2/pki/trusted-master.crt", "--host", master], ret_code=True)
+    result = execute(["icinga2", "pki", "save-cert", "--key", "{0}{1}.key".format(get_certs_path(), domain), "--cert", "{0}{1}.cert".format(get_certs_path(), domain), "--trustedcert",
+                       "{0}trusted-master.crt".format(get_certs_path()), "--host", master], ret_code=True)
     return result
 
 
@@ -114,8 +102,8 @@ def request_cert(domain, master, ticket, port):
         salt '*' icinga2.request_cert domain.tld master.domain.tld TICKET_ID
 
     '''
-    result = _execute(["icinga2", "pki", "request", "--host", master, "--port", port, "--ticket", ticket, "--key", "/etc/icinga2/pki/{0}.key".format(domain), "--cert",
-                       "/etc/icinga2/pki/{0}.crt".format(domain), "--trustedcert", "/etc/icinga2/pki/trusted-master.crt", "--ca", "/etc/icinga2/pki/ca.crt"], ret_code=True)
+    result = execute(["icinga2", "pki", "request", "--host", master, "--port", port, "--ticket", ticket, "--key", "{0}{1}.key".format(get_certs_path(), domain), "--cert",
+                       "{0}{1}.crt".format(get_certs_path(), domain), "--trustedcert", "{0}trusted-master.crt".format{get_certs_path()), "--ca", "{0}ca.crt".format(get_certs_path())], ret_code=True)
     return result
 
 
@@ -134,6 +122,6 @@ def node_setup(domain, master, ticket):
         salt '*' icinga2.node_setup domain.tld master.domain.tld TICKET_ID
 
     '''
-    result = _execute(["icinga2", "node", "setup", "--ticket", ticket, "--endpoint", master, "--zone", domain, "--master_host", master, "--trustedcert", "/etc/icinga2/pki/trusted-master.crt"],
+    result = execute(["icinga2", "node", "setup", "--ticket", ticket, "--endpoint", master, "--zone", domain, "--master_host", master, "--trustedcert", "{0}trusted-master.crt".format(get_certs_path())],
                        ret_code=True)
     return result

salt/states/icinga2.py

@@ -27,6 +27,7 @@
 from salt.ext import six
 import salt.utils.files
 import salt.utils.stringutils
+from salt.utils.icinga2 import get_certs_path
 
 
 def __virtual__():
@@ -140,8 +141,8 @@ def generate_cert(name):
            'changes': {},
            'result': True,
            'comment': ''}
-    cert = "/etc/icinga2/pki/{0}.crt".format(name)
-    key = "/etc/icinga2/pki/{0}.key".format(name)
+    cert = "{0}{1}.crt".format(get_certs_path(), name)
+    key = "{0}{1}.key".format(get_certs_path(), name)
 
     # Checking if execution is needed.
     if os.path.isfile(cert) and os.path.isfile(key):
@@ -175,7 +176,7 @@ def save_cert(name, master):
            'changes': {},
            'result': True,
            'comment': ''}
-    cert = "/etc/icinga2/pki/trusted-master.crt"
+    cert = "{0}trusted-master.crt".format(get_certs_path())
 
     # Checking if execution is needed.
     if os.path.isfile(cert):
@@ -214,7 +215,7 @@ def request_cert(name, master, ticket, port="5665"):
            'changes': {},
            'result': True,
            'comment': ''}
-    cert = "/etc/icinga2/pki/ca.crt"
+    cert = "{0}ca.crt".format(get_certs_path())
 
     # Checking if execution is needed.
     if os.path.isfile(cert):
@@ -254,8 +255,8 @@ def node_setup(name, master, ticket):
            'changes': {},
            'result': True,
            'comment': ''}
-    cert = "/etc/icinga2/pki/{0}.crt.orig".format(name)
-    key = "/etc/icinga2/pki/{0}.key.orig".format(name)
+    cert = "{0}{1}.crt.orig".format(get_certs_path(), name)
+    key = "{0}{1}.key.orig".format(get_certs_path(), name)
 
     # Checking if execution is needed.
     if os.path.isfile(cert) and os.path.isfile(cert):

salt/utils/icinga2.py

@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+'''
+Icinga2 Common Utils
+=================
+
+This module provides common functionality for icinga2 module and state.
+
+.. versionadded:: 2018.8.3
+'''
+
+# Import python libs
+import logging
+import subprocess
+import re
+
+# Import Salt libs
+import salt.utils.path
+
+log = logging.getLogger(__name__)
+
+
+def execute(cmd, ret_code=False):
+    process = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
+    if ret_code:
+        return process.wait()
+    output, error = process.communicate()
+    if output:
+        log.debug(output)
+        return output
+    log.debug(error)
+    return error
+
+
+def get_certs_path():
+    icinga2_output = execute([salt.utils.path.which('icinga2'), "--version"])
+    version = re.search('r\d+\.\d+', icinga2_output).group(0)
+    # Return new certs path for icinga2 >= 2.8
+    if int(version.split('.')[1]) >= 8:
+        return '/var/lib/icinga2/certs/'
+    # Keep backwords compatibility with older icinga2
+    return '/etc/icinga2/pki/'
+