included control for nagios.conf

2017-07-21 11:43:06 +01:00
parent 5fcf6031fa
commit 49551a3d9a
3 changed files with 115 additions and 20 deletions
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -301,6 +301,9 @@ $ng_ack_no_send       = '0',
 # selinux
 $ng_use_selinux_tools = true,

+# httpd
+
+
 ) {

 # installation section
@@ -316,30 +319,33 @@ $ng_use_selinux_tools = true,
  }

 # service
-$ng_service       = 'nagios'
+$ng_service         = 'nagios'
+$ae_service         = 'httpd'

 # directories
-$ng_main_dir      = '/etc/nagios'
-$ng_conf_d_dir    = "${ng_main_dir}/conf.d"
-$ng_objects_dir   = "${ng_main_dir}/objects"
-$ng_private_dir   = "${ng_main_dir}/private"
-$ng_usr_incl      = '/usr/include/nagios'
-$ng_lib_dir       = '/usr/lib64/nagios'
-$ng_log_dir       = '/var/log/nagios'
-$ng_log_archives  = "${ng_log_dir}/archives"
-$ng_spool_dir     = '/var/spool/nagios'
-$ng_usr_share     = '/usr/share/nagios'
-$ng_share_html    = "${ng_usr_share}/html"
+$ng_main_dir        = '/etc/nagios'
+$ng_conf_d_dir      = "${ng_main_dir}/conf.d"
+$ng_objects_dir     = "${ng_main_dir}/objects"
+$ng_private_dir     = "${ng_main_dir}/private"
+$ng_usr_incl        = '/usr/include/nagios'
+$ng_lib_dir         = '/usr/lib64/nagios'
+$ng_log_dir         = '/var/log/nagios'
+$ng_log_archives    = "${ng_log_dir}/archives"
+$ng_spool_dir       = '/var/spool/nagios'
+$ng_usr_share       = '/usr/share/nagios'
+$ng_share_html      = "${ng_usr_share}/html"

 # files
-$ng_main_config   = "${ng_main_dir}/nagios.cfg"
-$ng_cgi_cfg_file  = "${ng_main_dir}/cgi.cfg"
-$ng_cgi_cfg_erb   = 'cd_nagios/nagios/cgi_cfg.erb'
-$ng_htpasswd_file = "${ng_main_dir}/passwd"
-$ng_htpasswd_head = 'cd_nagios/nagios/htpasswd_head.erb'
-$ng_htpasswd_rule = 'cd_nagios/nagios/htpasswd_rule.erb'
-$ng_taccgi_erb    = 'cd_nagios/selinux/taccgi.erb'
-$ng_statcgi_erb   = 'cd_nagios/selinux/statuscgi.erb'
+$ng_main_config     = "${ng_main_dir}/nagios.cfg"
+$ng_cgi_cfg_file    = "${ng_main_dir}/cgi.cfg"
+$ng_cgi_cfg_erb     = 'cd_nagios/nagios/cgi_cfg.erb'
+$ng_htpasswd_file   = "${ng_main_dir}/passwd"
+$ng_htpasswd_head   = 'cd_nagios/nagios/htpasswd_head.erb'
+$ng_htpasswd_rule   = 'cd_nagios/nagios/htpasswd_rule.erb'
+$ng_taccgi_erb      = 'cd_nagios/selinux/taccgi.erb'
+$ng_statcgi_erb     = 'cd_nagios/selinux/statuscgi.erb'
+$ng_nagios_conf     = '/etc/httpd/conf.d/nagios.conf'
+$ng_nagios_conf_erb = 'cd_nagios/httpd/nagios_conf.erb'

 # includes must be last

--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -46,5 +46,21 @@ class cd_nagios::server::files (
      content   =>  template($ng_cgi_cfg_erb),
      notify    =>  Service[$ng_service],
    }
+
+    # manage nagios.conf for httpd
+
+    file { $ng_nagios_conf:
+      ensure    =>  file,
+      path      =>  $ng_nagios_conf,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0644',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  httpd_config_t,
+      seluser   =>  system_u,
+      content   =>  template($ng_nagios_conf_erb),
+      notify    =>  Service[$ae_service],
+    }
  }
 }
--- a/templates/httpd/nagios_conf.erb
+++ b/templates/httpd/nagios_conf.erb
@@ -0,0 +1,73 @@
+################################################################################
+##########        /etc/httpd/conf.d/nagios.conf created by Puppet    ###########
+##########            manual changes will be overwritten !!!         ###########
+################################################################################
+##########            full reference is available at                 ###########
+##########    https://confdroid.com/2017/07/nagios-nagios-conf/      ###########
+################################################################################
+
+ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
+
+<Directory "/usr/lib64/nagios/cgi-bin/">
+<% if @ng_require_ssl == true -%>
+   SSLRequireSSL
+<% else -%>
+#  SSLRequireSSL
+<% end -%>
+   Options ExecCGI
+   AllowOverride None
+   <IfVersion >= 2.3>
+      <RequireAll>
+         Require all granted
+#        Require host 127.0.0.1
+
+         AuthName "Nagios Access"
+         AuthType Basic
+         AuthUserFile /etc/nagios/passwd
+         Require valid-user
+      </RequireAll>
+   </IfVersion>
+   <IfVersion < 2.3>
+      Order allow,deny
+      Allow from all
+#     Order deny,allow
+#     Deny from all
+#     Allow from 127.0.0.1
+
+      AuthName "Nagios Access"
+      AuthType Basic
+      AuthUserFile /etc/nagios/passwd
+      Require valid-user
+   </IfVersion>
+</Directory>
+
+Alias /nagios "/usr/share/nagios/html"
+
+<Directory "/usr/share/nagios/html">
+#  SSLRequireSSL
+   Options None
+   AllowOverride None
+   <IfVersion >= 2.3>
+      <RequireAll>
+         Require all granted
+#        Require host 127.0.0.1
+
+         AuthName "Nagios Access"
+         AuthType Basic
+         AuthUserFile /etc/nagios/passwd
+         Require valid-user
+      </RequireAll>
+   </IfVersion>
+   <IfVersion < 2.3>
+      Order allow,deny
+      Allow from all
+#     Order deny,allow
+#     Deny from all
+#     Allow from 127.0.0.1
+
+      AuthName "Nagios Access"
+      AuthType Basic
+      AuthUserFile /etc/nagios/passwd
+      Require valid-user
+   </IfVersion>
+</Directory>