icinga2: Add secret for LDAP syncrepl check

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>

icinga2/icinga2.conf.H_icinga2.in.ffho.net

@@ -15,6 +15,7 @@
  * The constants.conf defines global constants.
  */
 include "constants.conf"
+include "secrets.conf"
 
 /**
  * The zones.conf defines zones for a cluster setup.

icinga2/init.sls

@@ -83,6 +83,15 @@ ffho-plugins:
     - watch_in:
       - service: icinga2
 
+/etc/icinga2/secrets.conf:
+  file.managed:
+    - source: salt://icinga2/secrets.conf.tmpl
+    - template: jinja
+    - mode: 600
+    - require:
+      - pkg: icinga2
+    - watch_in:
+      - service: icinga2
 
 # Connect "master" and client zones
 /etc/icinga2/zones.conf:

icinga2/secrets.conf.tmpl

@@ -0,0 +1,5 @@
+/*
+ * Secrets used for monitoring checks (Salt managed)
+ */
+
+const LdapSyncReplBindPassword = "{{ salt['pillar.get']('monitoring:private:ldap_syncrepl_bindpw') }}"