From 9ddc12c8ee38f0849174116630001547f7d1c836 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 23 Jul 2017 13:28:28 +0100 Subject: [PATCH 1/2] changed logig for http vs https and removed index+ welcome file control --- manifests/server/files.pp | 75 +++++++++----------------- templates/httpd/forward_conf.erb | 80 +++++++++++++++++++++++++++- templates/httpd/nagios_ssl_vhost.erb | 4 +- templates/httpd/welcome_conf.erb | 20 ------- 4 files changed, 106 insertions(+), 73 deletions(-) delete mode 100644 templates/httpd/welcome_conf.erb diff --git a/manifests/server/files.pp b/manifests/server/files.pp index ca4c8cd..c9a31d2 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -53,11 +53,25 @@ class cd_nagios::server::files ( notify => Service[$ng_service], } - # manage nagios.conf for httpd +# # manage nagios.conf for httpd - file { $ng_nagios_conf: +# file { $ng_nagios_conf: +# ensure => file, +# path => $ng_nagios_conf, +# owner => 'root', +# group => 'root', +# mode => '0644', +# selrange => s0, +# selrole => object_r, +# seltype => httpd_config_t, +# seluser => system_u, +# content => template($ng_nagios_conf_erb), +# notify => Service[$ae_service], +# } + + file { $ng_forward_conf: ensure => file, - path => $ng_nagios_conf, + path => $ng_forward_conf, owner => 'root', group => 'root', mode => '0644', @@ -65,28 +79,14 @@ class cd_nagios::server::files ( selrole => object_r, seltype => httpd_config_t, seluser => system_u, - content => template($ng_nagios_conf_erb), - notify => Service[$ae_service], - } - - # manage welcome.conf for nagios web server - - file { $ng_welcome_conf: - ensure => file, - path => $ng_welcome_conf, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => httpd_config_t, - seluser => system_u, - content => template($ng_welcome_conf_erb), + content => template($ng_forward_conf_erb), notify => Service[$ae_service], } if $ng_use_https == true { + # create ssl vhost + file { $ng_ssl_vhost_file: ensure => file, path => $ng_ssl_vhost_file, @@ -100,39 +100,14 @@ class cd_nagios::server::files ( content => template($ng_ssl_vhost_erb), notify => Service[$ae_service], } - - if $ng_http_https_fw == true { - - file { $ng_forward_conf: - ensure => file, - path => $ng_forward_conf, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => httpd_config_t, - seluser => system_u, - content => template($ng_forward_conf_erb), - notify => Service[$ae_service], - } - } } - if $ng_enable_index == true { + if $ng_use_https != true { - file { $ng_index_html_file: - ensure => file, - path => $ng_index_html_file, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => httpd_sys_content_t, - seluser => system_u, - content => template($ng_index_html_erb), - notify => Service[$ae_service], + # remove ssl_vhost + + file { $ng_ssl_vhost_file: + ensure => absent, } } } diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb index c81678a..ffde1a8 100644 --- a/templates/httpd/forward_conf.erb +++ b/templates/httpd/forward_conf.erb @@ -7,7 +7,85 @@ Redirect permanent / https://<%= @ng_webserver_name %>/nagios <% end -%> <% if @ng_use_https != true -%> - Redirect permanent / http://<%= @ng_webserver_name %>/nagios +ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/" + + +<% if @ng_use_https == true -%> + SSLRequireSSL +<% else -%> +# SSLRequireSSL +<% end -%> + Options ExecCGI + AllowOverride None + = 2.3> + + Require all granted +<% unless @ng_required_hosts.empty? -%> + Require host <%= @ng_required_hosts %> +<% end -%> +<% unless @ng_required_ips.empty? -%> + Require ip <%= @ng_required_ips %> +<% end -%> + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios/passwd + Require valid-user + + + + Order allow,deny +<% unless @ng_required_hosts.empty? -%> + Allow from <%= @ng_required_hosts %> +<% end -%> +<% unless @ng_required_ips.empty? -%> + Allow from <%= @ng_required_ips %> +<% end -%> + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios/passwd + Require valid-user + + + +Alias /nagios "/usr/share/nagios/html" + + +<% if @ng_use_https == true -%> + SSLRequireSSL +<% else -%> +# SSLRequireSSL +<% end -%> + Options None + AllowOverride None + = 2.3> + + Require all granted +<% unless @ng_required_hosts.empty? -%> + Require host <%= @ng_required_hosts %> +<% end -%> +<% unless @ng_required_ips.empty? -%> + Require ip <%= @ng_required_ips %> +<% end -%> + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios/passwd + Require valid-user + + + + Order allow,deny +<% unless @ng_required_hosts.empty? -%> + Allow from <%= @ng_required_hosts %> +<% end -%> +<% unless @ng_required_ips.empty? -%> + Allow from <%= @ng_required_ips %> +<% end -%> + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios/passwd + Require valid-user + + <% end -%> AllowOverride All diff --git a/templates/httpd/nagios_ssl_vhost.erb b/templates/httpd/nagios_ssl_vhost.erb index 7bac827..d147661 100644 --- a/templates/httpd/nagios_ssl_vhost.erb +++ b/templates/httpd/nagios_ssl_vhost.erb @@ -2,12 +2,12 @@ ##### virtual_host file created by puppet, changes will be overwritten ###### ############################################################################### - +> ServerAdmin root@localhost DocumentRoot /var/www/html ServerName <%= @ng_webserver_name %> - DirectoryIndex index.html + ServerAlias <%= @ng_webserver_name %> ErrorLog /var/log/httpd/nagios_ssl_error_log # ErrorLog syslog:local1 TransferLog /var/log/httpd/nagios_ssl_transfer_log diff --git a/templates/httpd/welcome_conf.erb b/templates/httpd/welcome_conf.erb deleted file mode 100644 index 2a61ae5..0000000 --- a/templates/httpd/welcome_conf.erb +++ /dev/null @@ -1,20 +0,0 @@ -################################################################################ -########### welcome.conf generated by Puppet ########## -########### manual changes will be overwritten !!! ########## -################################################################################ - - - Options -Indexes - ErrorDocument 403 /.noindex.html - - - - AllowOverride None - Require all granted - - -Alias /.noindex.html /usr/share/httpd/noindex/index.html -Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css -Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css -Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif -Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png From d203cd87815c97920d8aac778d2b2b1280ddecec Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Sun, 23 Jul 2017 14:28:46 +0200 Subject: [PATCH 2/2] recommit for updates in build 62 --- CHANGELOG.md | 10 ++ REPOSTRUCTURE.md | 5 +- doc/_index.html | 2 +- doc/file.README.html | 2 +- doc/index.html | 2 +- doc/puppet_classes/cd_nagios.html | 2 +- .../cd_nagios_3A_3Acertbot_3A_3Acerts.html | 2 +- .../cd_nagios_3A_3Aclient_3A_3Atarget.html | 2 +- ...cd_nagios_3A_3Afirewall_3A_3Aiptables.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Aconfig.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Adirs.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Auser.html | 2 +- doc/puppet_classes/cd_nagios_3A_3Aparams.html | 2 +- .../cd_nagios_3A_3Aselinux_3A_3Aconfig.html | 2 +- ..._nagios_3A_3Aserver_3A_3Aaccess_rules.html | 2 +- .../cd_nagios_3A_3Aserver_3A_3Afiles.html | 104 +++++------------- .../cd_nagios_3A_3Aserver_3A_3Aservice.html | 2 +- .../cd_nagios_3A_3Aserver_3A_3Aaccess.html | 2 +- doc/top-level-namespace.html | 2 +- 20 files changed, 56 insertions(+), 97 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 39e3fb0..5dd4b07 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+f8530f8c1ae8a22 Jenkins Server 2017-07-23 11:49:19 +

+

recommit for updates in build 61

+ +

+382b1988f25b19b Arne Teuke 2017-07-23 11:49:04 +

+

added nagios directories

+ +

9920bc9caa7325b Jenkins Server 2017-07-23 11:38:25

recommit for updates in build 60

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index 9dd9829..d728652 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -62,8 +62,7 @@ | | |-- forward_conf.erb | | |-- index_html.erb | | |-- nagios_conf.erb -| | |-- nagios_ssl_vhost.erb -| | `-- welcome_conf.erb +| | `-- nagios_ssl_vhost.erb | |-- nagios | | |-- cgi_cfg.erb | | `-- htpasswd_rule.erb @@ -80,4 +79,4 @@ |-- README.md `-- REPOSTRUCTURE.md -18 directories, 62 files +18 directories, 61 files diff --git a/doc/_index.html b/doc/_index.html index 10a106d..8ae5537 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -186,7 +186,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 24645dd..1f32339 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -326,7 +326,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index a916484..503a36d 100644 --- a/doc/index.html +++ b/doc/index.html @@ -326,7 +326,7 @@ environments.

diff --git a/doc/puppet_classes/cd_nagios.html b/doc/puppet_classes/cd_nagios.html index 42051a7..098e661 100644 --- a/doc/puppet_classes/cd_nagios.html +++ b/doc/puppet_classes/cd_nagios.html @@ -139,7 +139,7 @@ class cd_nagios { diff --git a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html index 9c291c1..2b22f01 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html +++ b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html @@ -230,7 +230,7 @@ class cd_nagios::certbot::certs ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html index 371091e..ffe5ef5 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html @@ -368,7 +368,7 @@ class cd_nagios::client::target ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html index 96f0d94..cc5de4e 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html @@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html index 9e52df1..d08aed3 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html @@ -195,7 +195,7 @@ class cd_nagios::main::config ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html index 49f6cb0..25e4240 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html @@ -468,7 +468,7 @@ class cd_nagios::main::dirs ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html index 0c780d4..ac152c0 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html @@ -235,7 +235,7 @@ class cd_nagios::main::install ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html index dd04c91..6153608 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html @@ -200,7 +200,7 @@ class cd_nagios::main::user ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aparams.html b/doc/puppet_classes/cd_nagios_3A_3Aparams.html index 4a3977c..228d1bc 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aparams.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aparams.html @@ -2356,7 +2356,7 @@ $ng_certbot_live = "${ng_certbot_main_dir}/live" diff --git a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html index 8e64b53..d9ad1a7 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html @@ -249,7 +249,7 @@ class cd_nagios::selinux::config ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html index effaa40..e13d72e 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html @@ -195,7 +195,7 @@ class cd_nagios::server::access_rules ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html index 4c96f5f..df097a7 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html @@ -220,32 +220,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

111 112 113 -114 -115 -116 -117 -118 -119 -120 -121 -122 -123 -124 -125 -126 -127 -128 -129 -130 -131 -132 -133 -134 -135 -136 -137 -138 -139 +114 
# File 'manifests/server/files.pp', line 23
@@ -283,11 +258,25 @@ class cd_nagios::server::files (
       notify    =>  Service[$ng_service],
     }
 
-    # manage nagios.conf for httpd
+#    # manage nagios.conf for httpd
 
-    file { $ng_nagios_conf:
+#    file { $ng_nagios_conf:
+#      ensure    =>  file,
+#      path      =>  $ng_nagios_conf,
+#      owner     =>  'root',
+#      group     =>  'root',
+#      mode      =>  '0644',
+#      selrange  =>  s0,
+#      selrole   =>  object_r,
+#      seltype   =>  httpd_config_t,
+#      seluser   =>  system_u,
+#      content   =>  template($ng_nagios_conf_erb),
+#      notify    =>  Service[$ae_service],
+#    }
+
+    file { $ng_forward_conf:
       ensure    =>  file,
-      path      =>  $ng_nagios_conf,
+      path      =>  $ng_forward_conf,
       owner     =>  'root',
       group     =>  'root',
       mode      =>  '0644',
@@ -295,28 +284,14 @@ class cd_nagios::server::files (
       selrole   =>  object_r,
       seltype   =>  httpd_config_t,
       seluser   =>  system_u,
-      content   =>  template($ng_nagios_conf_erb),
-      notify    =>  Service[$ae_service],
-    }
-
-    # manage welcome.conf for nagios web server
-
-    file { $ng_welcome_conf:
-      ensure    =>  file,
-      path      =>  $ng_welcome_conf,
-      owner     =>  'root',
-      group     =>  'root',
-      mode      =>  '0644',
-      selrange  =>  s0,
-      selrole   =>  object_r,
-      seltype   =>  httpd_config_t,
-      seluser   =>  system_u,
-      content   =>  template($ng_welcome_conf_erb),
+      content   =>  template($ng_forward_conf_erb),
       notify    =>  Service[$ae_service],
     }
 
     if $ng_use_https == true {
 
+      # create ssl vhost
+
       file { $ng_ssl_vhost_file:
         ensure    =>  file,
         path      =>  $ng_ssl_vhost_file,
@@ -330,39 +305,14 @@ class cd_nagios::server::files (
         content   =>  template($ng_ssl_vhost_erb),
         notify    =>  Service[$ae_service],
       }
-
-      if $ng_http_https_fw == true {
-
-        file { $ng_forward_conf:
-          ensure    =>  file,
-          path      =>  $ng_forward_conf,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  httpd_config_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_forward_conf_erb),
-          notify    =>  Service[$ae_service],
-        }
-      }
     }
 
-    if $ng_enable_index == true {
+    if $ng_use_https != true {
 
-      file { $ng_index_html_file:
-        ensure    =>  file,
-        path      =>  $ng_index_html_file,
-        owner     =>  'root',
-        group     =>  'root',
-        mode      =>  '0644',
-        selrange  =>  s0,
-        selrole   =>  object_r,
-        seltype   =>  httpd_sys_content_t,
-        seluser   =>  system_u,
-        content   =>  template($ng_index_html_erb),
-        notify    =>  Service[$ae_service],
+      # remove ssl_vhost
+
+      file { $ng_ssl_vhost_file:
+        ensure  =>   absent,
       }
     }
   }
@@ -374,7 +324,7 @@ class cd_nagios::server::files (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
index ba9c019..4b6cb46 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
@@ -174,7 +174,7 @@ class cd_nagios::server::service (
 
 
       
diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
index 1ff07fc..f6dacf4 100644
--- a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
+++ b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
@@ -220,7 +220,7 @@ $ng_service       = $::cd_nagios::params::ng_service
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 29e2c6b..3e0fcca 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@