diff --git a/CHANGELOG.md b/CHANGELOG.md index 0bc8730..88fc7e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+2c6b5f8656e9fef Jenkins Server 2017-07-21 14:51:54 +

+

recommit for updates in build 34

+ +

+3923a4adc5e4443 Arne Teuke 2017-07-21 14:51:28 +

+

changed config to use variables, added parameters

+ +

353e7e99cf92594 Jenkins Server 2017-07-21 14:42:28

recommit for updates in build 33

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index 09b92c5..b258133 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -54,6 +54,7 @@ | `-- params.pp |-- templates | |-- certbot +| | |-- create_tempfile.erb | | |-- get_cert.erb | | |-- unless_get_cert.erb | | `-- unless_renew_cert.erb @@ -77,4 +78,4 @@ |-- README.md `-- REPOSTRUCTURE.md -18 directories, 59 files +18 directories, 60 files diff --git a/doc/_index.html b/doc/_index.html index 3acb26f..d0108e3 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -186,7 +186,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index afa5949..d433ed3 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -304,7 +304,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index dff6c49..189ba57 100644 --- a/doc/index.html +++ b/doc/index.html @@ -304,7 +304,7 @@ environments.

diff --git a/doc/puppet_classes/cd_nagios.html b/doc/puppet_classes/cd_nagios.html index ccb2727..aaa7e24 100644 --- a/doc/puppet_classes/cd_nagios.html +++ b/doc/puppet_classes/cd_nagios.html @@ -139,7 +139,7 @@ class cd_nagios { diff --git a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html index 4dbfa58..0db5903 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html @@ -162,7 +162,37 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

53 54 55 -56 +56 +57 +58 +59 +60 +61 +62 +63 +64 +65 +66 +67 +68 +69 +70 +71 +72 +73 +74 +75 +76 +77 +78 +79 +80 +81 +82 +83 +84 +85 +86 
# File 'manifests/certbot/config.pp', line 23
@@ -176,6 +206,24 @@ class cd_nagios::certbot::config (
 
       require cd_certbot
 
+      # ensure there is no forward vhost file
+
+      exec { 'remove forward vhost':
+        command   =>  "rm -Rf  $ng_forward_conf",
+        creates   =>  '/etc/httpd/conf.d/.cert_created',
+      }
+
+      # create temp vhost file
+
+      exec { 'create_temp_vhost':
+        command   =>  template('cd_nagios/certbot/create_tempfile.erb'),
+        cwd       =>  '/tmp',
+        path      =>  ['/bin','/usr/bin'],
+        provider  =>  'shell',
+        creates   =>  '/etc/httpd/conf.d/.created',
+        notify    =>  Service['httpd'],
+      }
+
       # create cert
 
       exec { 'create_cert':
@@ -188,6 +236,18 @@ class cd_nagios::certbot::config (
         creates   =>  '/etc/httpd/conf.d/.cert_created',
       }
 
+      # remove temp_vhost
+
+      exec { 'remove_temp_vhost':
+        command   =>  "rm -Rf ${ng_certbot_temp_file}",
+        cwd       =>  '/tmp',
+        path      =>  ['/bin','/usr/bin'],
+        provider  =>  'shell',
+        notify    =>  Service['httpd'],
+        require   =>  Exec['create_cert'],
+        creates   =>  "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem",
+      }
+
       # renew certs
 
       exec {  'renew_cert':
@@ -208,7 +268,7 @@ class cd_nagios::certbot::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
index f5ceb15..54a4c3e 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
@@ -368,7 +368,7 @@ class cd_nagios::client::target (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
index 01309fa..8133710 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
@@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
index a6179c4..e3cd2fc 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
@@ -152,12 +152,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

 43
 44
 45
-46
-47
-48
-49
-50
-51
+46 
# File 'manifests/main/config.pp', line 24
@@ -178,11 +173,6 @@ class cd_nagios::main::config (
     if $ng_use_selinux_tools == true {
       include cd_nagios::selinux::config
     }
-
-    if $ng_enable_certbot == true {
-      include cd_nagios::certbot::config
-    }
-
   }
 
   if $::fqdn != $ng_nagios_server {
@@ -197,7 +187,7 @@ class cd_nagios::main::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
index 63e1d00..7d90536 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
@@ -468,7 +468,7 @@ class cd_nagios::main::dirs (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
index b850153..454b52b 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
@@ -235,7 +235,7 @@ class cd_nagios::main::install (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
index 1c7f136..2483cec 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
@@ -200,7 +200,7 @@ class cd_nagios::main::user (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aparams.html b/doc/puppet_classes/cd_nagios_3A_3Aparams.html
index 38826e2..acd537f 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aparams.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aparams.html
@@ -2126,7 +2126,9 @@ well as for certbot.

 380
 381
 382
-383
+383 +384 +385 
# File 'manifests/params.pp', line 213
@@ -2295,7 +2297,9 @@ $ng_forward_conf      = '/etc/httpd/conf.d/nagios_forward.conf'
 $ng_forward_conf_erb  = 'cd_nagios/httpd/forward_conf.erb'
 $ng_get_cert_erb      = 'cd_nagios/certbot/get_cert.erb'
 $ng_unless_get_cert   = 'cd_nagios/certbot/unless_get_cert.erb'
-$ng_unless_renew_erb  =  'cd_nagios/certbot/unless_renew_cert.erb'
+$ng_unless_renew_erb  = 'cd_nagios/certbot/unless_renew_cert.erb'
+$ng_create_tempvhost  = 'cd_nagios/certbot/create_tempfile.erb'
+$ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf'
 
 # includes must be last
 
@@ -2309,7 +2313,7 @@ $ng_unless_renew_erb  =  'cd_nagios/certbot/unless_renew_cert.erb'
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
index b114d14..958c178 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
index d440991..622252f 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
index 2307339..0687719 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
@@ -208,7 +208,83 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

 99
 100
 101
-102
+102 +103 +104 +105 +106 +107 +108 +109 +110 +111 +112 +113 +114 +115 +116 +117 +118 +119 +120 +121 +122 +123 +124 +125 +126 +127 +128 +129 +130 +131 +132 +133 +134 +135 +136 +137 +138 +139 +140 +141 +142 +143 +144 +145 +146 +147 +148 +149 +150 +151 +152 +153 +154 +155 +156 +157 +158 +159 +160 +161 +162 +163 +164 +165 +166 +167 +168 +169 +170 +171 +172 +173 +174 +175 +176 +177 +178 
# File 'manifests/server/files.pp', line 23
@@ -218,49 +294,34 @@ class cd_nagios::server::files (
 ) inherits cd_nagios::params {
 
   if $::fqdn == $ng_nagios_server {
+    if $ng_enable_certbot == true {
+      require cd_nagios::certbot::config
+      require cd_nagios::main::dirs
 
-  require cd_nagios::main::dirs
-
-    # manage nagios.cfg
+      # manage nagios.cfg
 
 
-    # manage cgi.cfg
+      # manage cgi.cfg
 
-    file { $ng_cgi_cfg_file:
-      ensure    =>  file,
-      path      =>  $ng_cgi_cfg_file,
-      owner     =>  'root',
-      group     =>  'root',
-      mode      =>  '0644',
-      selrange  =>  s0,
-      selrole   =>  object_r,
-      seltype   =>  nagios_etc_t,
-      seluser   =>  system_u,
-      content   =>  template($ng_cgi_cfg_erb),
-      notify    =>  Service[$ng_service],
-    }
-
-    # manage nagios.conf for httpd
-
-    file { $ng_nagios_conf:
-      ensure    =>  file,
-      path      =>  $ng_nagios_conf,
-      owner     =>  'root',
-      group     =>  'root',
-      mode      =>  '0644',
-      selrange  =>  s0,
-      selrole   =>  object_r,
-      seltype   =>  httpd_config_t,
-      seluser   =>  system_u,
-      content   =>  template($ng_nagios_conf_erb),
-      notify    =>  Service[$ae_service],
-    }
-
-    if $ng_http_https_fw == true {
-
-      file { $ng_forward_conf:
+      file { $ng_cgi_cfg_file:
         ensure    =>  file,
-        path      =>  $ng_forward_conf,
+        path      =>  $ng_cgi_cfg_file,
+        owner     =>  'root',
+        group     =>  'root',
+        mode      =>  '0644',
+        selrange  =>  s0,
+        selrole   =>  object_r,
+        seltype   =>  nagios_etc_t,
+        seluser   =>  system_u,
+        content   =>  template($ng_cgi_cfg_erb),
+        notify    =>  Service[$ng_service],
+      }
+
+      # manage nagios.conf for httpd
+
+      file { $ng_nagios_conf:
+        ensure    =>  file,
+        path      =>  $ng_nagios_conf,
         owner     =>  'root',
         group     =>  'root',
         mode      =>  '0644',
@@ -268,18 +329,73 @@ class cd_nagios::server::files (
         selrole   =>  object_r,
         seltype   =>  httpd_config_t,
         seluser   =>  system_u,
-        content   =>  template($ng_forward_conf_erb),
+        content   =>  template($ng_nagios_conf_erb),
         notify    =>  Service[$ae_service],
       }
+
+      if $ng_http_https_fw == true {
+        file { $ng_forward_conf:
+          ensure    =>  file,
+          path      =>  $ng_forward_conf,
+          owner     =>  'root',
+          group     =>  'root',
+          mode      =>  '0644',
+          selrange  =>  s0,
+          selrole   =>  object_r,
+          seltype   =>  httpd_config_t,
+          seluser   =>  system_u,
+          content   =>  template($ng_forward_conf_erb),
+          notify    =>  Service[$ae_service],
+        }
+      }
+
+      # manage welcome.conf for nagios web server
+
+      if $ng_disable_welcome == true {
+        file { $ng_welcome_conf:
+          ensure    =>  file,
+          path      =>  $ng_welcome_conf,
+          owner     =>  'root',
+          group     =>  'root',
+          mode      =>  '0644',
+          selrange  =>  s0,
+          selrole   =>  object_r,
+          seltype   =>  httpd_config_t,
+          seluser   =>  system_u,
+          content   =>  template($ng_welcome_conf_erb),
+          notify    =>  Service[$ae_service],
+        }
+      }
     }
 
-    # manage welcome.conf for nagios web server
+  else {
 
-    if $ng_disable_welcome == true {
+    require cd_nagios::main::dirs
 
-      file { $ng_welcome_conf:
+      # manage nagios.cfg
+
+
+      # manage cgi.cfg
+
+      file { $ng_cgi_cfg_file:
         ensure    =>  file,
-        path      =>  $ng_welcome_conf,
+        path      =>  $ng_cgi_cfg_file,
+        owner     =>  'root',
+        group     =>  'root',
+        mode      =>  '0644',
+        selrange  =>  s0,
+        selrole   =>  object_r,
+        seltype   =>  nagios_etc_t,
+        seluser   =>  system_u,
+        content   =>  template($ng_cgi_cfg_erb),
+        notify    =>  Service[$ng_service],
+      }
+
+      # manage nagios.conf for httpd
+
+      file { $ng_nagios_conf:
+        ensure    =>  file,
+        path      =>  $ng_nagios_conf,
         owner     =>  'root',
         group     =>  'root',
         mode      =>  '0644',
@@ -287,9 +403,45 @@ class cd_nagios::server::files (
         selrole   =>  object_r,
         seltype   =>  httpd_config_t,
         seluser   =>  system_u,
-        content   =>  template($ng_welcome_conf_erb),
+        content   =>  template($ng_nagios_conf_erb),
         notify    =>  Service[$ae_service],
       }
+
+      if $ng_http_https_fw == true {
+
+        file { $ng_forward_conf:
+          ensure    =>  file,
+          path      =>  $ng_forward_conf,
+          owner     =>  'root',
+          group     =>  'root',
+          mode      =>  '0644',
+          selrange  =>  s0,
+          selrole   =>  object_r,
+          seltype   =>  httpd_config_t,
+          seluser   =>  system_u,
+          content   =>  template($ng_forward_conf_erb),
+          notify    =>  Service[$ae_service],
+        }
+      }
+
+      # manage welcome.conf for nagios web server
+
+      if $ng_disable_welcome == true {
+
+        file { $ng_welcome_conf:
+          ensure    =>  file,
+          path      =>  $ng_welcome_conf,
+          owner     =>  'root',
+          group     =>  'root',
+          mode      =>  '0644',
+          selrange  =>  s0,
+          selrole   =>  object_r,
+          seltype   =>  httpd_config_t,
+          seluser   =>  system_u,
+          content   =>  template($ng_welcome_conf_erb),
+          notify    =>  Service[$ae_service],
+        }
+      }
     }
   }
 }
@@ -300,7 +452,7 @@ class cd_nagios::server::files ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html index bf2038b..b436392 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html @@ -174,7 +174,7 @@ class cd_nagios::server::service ( diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html index dabcfee..a1e4efe 100644 --- a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html +++ b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html @@ -220,7 +220,7 @@ $ng_service = $::cd_nagios::params::ng_service diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index a3baa7c..cc03c40 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -90,7 +90,7 @@ diff --git a/manifests/certbot/config.pp b/manifests/certbot/config.pp index 9da5900..af635ae 100644 --- a/manifests/certbot/config.pp +++ b/manifests/certbot/config.pp @@ -29,6 +29,24 @@ class cd_nagios::certbot::config ( require cd_certbot + # ensure there is no forward vhost file + + exec { 'remove forward vhost': + command => "rm -Rf $ng_forward_conf", + creates => '/etc/httpd/conf.d/.cert_created', + } + + # create temp vhost file + + exec { 'create_temp_vhost': + command => template('cd_nagios/certbot/create_tempfile.erb'), + cwd => '/tmp', + path => ['/bin','/usr/bin'], + provider => 'shell', + creates => '/etc/httpd/conf.d/.created', + notify => Service['httpd'], + } + # create cert exec { 'create_cert': @@ -41,6 +59,18 @@ class cd_nagios::certbot::config ( creates => '/etc/httpd/conf.d/.cert_created', } + # remove temp_vhost + + exec { 'remove_temp_vhost': + command => "rm -Rf ${ng_certbot_temp_file}", + cwd => '/tmp', + path => ['/bin','/usr/bin'], + provider => 'shell', + notify => Service['httpd'], + require => Exec['create_cert'], + creates => "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem", + } + # renew certs exec { 'renew_cert': diff --git a/manifests/main/config.pp b/manifests/main/config.pp index 63f5c2b..25adb6d 100644 --- a/manifests/main/config.pp +++ b/manifests/main/config.pp @@ -37,11 +37,6 @@ class cd_nagios::main::config ( if $ng_use_selinux_tools == true { include cd_nagios::selinux::config } - - if $ng_enable_certbot == true { - include cd_nagios::certbot::config - } - } if $::fqdn != $ng_nagios_server { diff --git a/manifests/params.pp b/manifests/params.pp index 98fcd38..20c01f2 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -374,7 +374,9 @@ $ng_forward_conf = '/etc/httpd/conf.d/nagios_forward.conf' $ng_forward_conf_erb = 'cd_nagios/httpd/forward_conf.erb' $ng_get_cert_erb = 'cd_nagios/certbot/get_cert.erb' $ng_unless_get_cert = 'cd_nagios/certbot/unless_get_cert.erb' -$ng_unless_renew_erb = 'cd_nagios/certbot/unless_renew_cert.erb' +$ng_unless_renew_erb = 'cd_nagios/certbot/unless_renew_cert.erb' +$ng_create_tempvhost = 'cd_nagios/certbot/create_tempfile.erb' +$ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf' # includes must be last diff --git a/manifests/server/files.pp b/manifests/server/files.pp index 9a8c0ce..42de5e0 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -25,49 +25,34 @@ class cd_nagios::server::files ( ) inherits cd_nagios::params { if $::fqdn == $ng_nagios_server { + if $ng_enable_certbot == true { + require cd_nagios::certbot::config + require cd_nagios::main::dirs - require cd_nagios::main::dirs - - # manage nagios.cfg + # manage nagios.cfg - # manage cgi.cfg + # manage cgi.cfg - file { $ng_cgi_cfg_file: - ensure => file, - path => $ng_cgi_cfg_file, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => nagios_etc_t, - seluser => system_u, - content => template($ng_cgi_cfg_erb), - notify => Service[$ng_service], - } - - # manage nagios.conf for httpd - - file { $ng_nagios_conf: - ensure => file, - path => $ng_nagios_conf, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => httpd_config_t, - seluser => system_u, - content => template($ng_nagios_conf_erb), - notify => Service[$ae_service], - } - - if $ng_http_https_fw == true { - - file { $ng_forward_conf: + file { $ng_cgi_cfg_file: ensure => file, - path => $ng_forward_conf, + path => $ng_cgi_cfg_file, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => nagios_etc_t, + seluser => system_u, + content => template($ng_cgi_cfg_erb), + notify => Service[$ng_service], + } + + # manage nagios.conf for httpd + + file { $ng_nagios_conf: + ensure => file, + path => $ng_nagios_conf, owner => 'root', group => 'root', mode => '0644', @@ -75,18 +60,73 @@ class cd_nagios::server::files ( selrole => object_r, seltype => httpd_config_t, seluser => system_u, - content => template($ng_forward_conf_erb), + content => template($ng_nagios_conf_erb), notify => Service[$ae_service], } + + if $ng_http_https_fw == true { + file { $ng_forward_conf: + ensure => file, + path => $ng_forward_conf, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ng_forward_conf_erb), + notify => Service[$ae_service], + } + } + + # manage welcome.conf for nagios web server + + if $ng_disable_welcome == true { + file { $ng_welcome_conf: + ensure => file, + path => $ng_welcome_conf, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ng_welcome_conf_erb), + notify => Service[$ae_service], + } + } } - # manage welcome.conf for nagios web server + else { - if $ng_disable_welcome == true { + require cd_nagios::main::dirs - file { $ng_welcome_conf: + # manage nagios.cfg + + + # manage cgi.cfg + + file { $ng_cgi_cfg_file: ensure => file, - path => $ng_welcome_conf, + path => $ng_cgi_cfg_file, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => nagios_etc_t, + seluser => system_u, + content => template($ng_cgi_cfg_erb), + notify => Service[$ng_service], + } + + # manage nagios.conf for httpd + + file { $ng_nagios_conf: + ensure => file, + path => $ng_nagios_conf, owner => 'root', group => 'root', mode => '0644', @@ -94,9 +134,45 @@ class cd_nagios::server::files ( selrole => object_r, seltype => httpd_config_t, seluser => system_u, - content => template($ng_welcome_conf_erb), + content => template($ng_nagios_conf_erb), notify => Service[$ae_service], } + + if $ng_http_https_fw == true { + + file { $ng_forward_conf: + ensure => file, + path => $ng_forward_conf, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ng_forward_conf_erb), + notify => Service[$ae_service], + } + } + + # manage welcome.conf for nagios web server + + if $ng_disable_welcome == true { + + file { $ng_welcome_conf: + ensure => file, + path => $ng_welcome_conf, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ng_welcome_conf_erb), + notify => Service[$ae_service], + } + } } } } diff --git a/templates/certbot/create_tempfile.erb b/templates/certbot/create_tempfile.erb new file mode 100644 index 0000000..e7f4de6 --- /dev/null +++ b/templates/certbot/create_tempfile.erb @@ -0,0 +1,11 @@ +echo "# temporary vhost file + + ServerAdmin root@localhost + DocumentRoot /var/www/html + ServerName <%= @ng_nagios_server %> + + AllowOverride All + + + " > <%= @ng_certbot_temp_file %> +touch /etc/httpd/conf.d/.created