From d9863d874f0b88f57c84209c8da2787a1af7f4c9 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Fri, 21 Jul 2017 14:43:07 +0100 Subject: [PATCH 1/2] added control for forward.conf --- README.md | 1 + manifests/params.pp | 9 ++++++++- manifests/server/files.pp | 19 ++++++++++++++++++- templates/httpd/forward_conf.erb | 12 ++++++++++++ templates/httpd/nagios_conf.erb | 4 ++-- 5 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 templates/httpd/forward_conf.erb diff --git a/README.md b/README.md index b35d51f..9b394ac 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ Configuration * configure NRPE on clients (optional) * configure firewall (optional) * configure selinux policies (optional) +* configure forwarding http to https including accesing the /nagios url directly (optional) Service * manage Nagios service on server diff --git a/manifests/params.pp b/manifests/params.pp index 669ed5c..38bd54f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -199,6 +199,9 @@ # 'host1.example.com host2.example.com' # @param [string] ng_required_ips string of **__Ip addresses __** for hosts which # should be allowed/reqired. Requires format 'ipaddress ip address range' +# @param [boolean] ng_disable_welcome Whether the regular welcome screen should +# be disabled. this is required for the nagios http check on the nagios server +# to be successful. ############################################################################### class cd_nagios::params ( @@ -310,6 +313,7 @@ $ng_use_selinux_tools = true, $ng_required_hosts = '', $ng_required_ips = '127.0.0.0/8', $ng_disable_welcome = true, + ) { # installation section @@ -352,8 +356,11 @@ $ng_taccgi_erb = 'cd_nagios/selinux/taccgi.erb' $ng_statcgi_erb = 'cd_nagios/selinux/statuscgi.erb' $ng_nagios_conf = '/etc/httpd/conf.d/nagios.conf' $ng_nagios_conf_erb = 'cd_nagios/httpd/nagios_conf.erb' -$ng_welcome_conf ='/etc/httpd/conf.d/welcome.conf' +$ng_welcome_conf = '/etc/httpd/conf.d/welcome.conf' $ng_welcome_conf_erb = 'cd_nagios/httpd/welcome_conf.erb' +$ng_forward_conf = '/etc/httpd/conf.d/nagios_forward.conf' +$ng_forward_conf_erb = 'cd_nagios/httpd/forward_conf.erb' + # includes must be last diff --git a/manifests/server/files.pp b/manifests/server/files.pp index 552fdd3..9a8c0ce 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -63,7 +63,24 @@ class cd_nagios::server::files ( notify => Service[$ae_service], } - # manage index.gtml for nagios web server + if $ng_http_https_fw == true { + + file { $ng_forward_conf: + ensure => file, + path => $ng_forward_conf, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ng_forward_conf_erb), + notify => Service[$ae_service], + } + } + + # manage welcome.conf for nagios web server if $ng_disable_welcome == true { diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb new file mode 100644 index 0000000..b682fd5 --- /dev/null +++ b/templates/httpd/forward_conf.erb @@ -0,0 +1,12 @@ + + ServerAdmin root@localhost + DocumentRoot /var/www/html + ServerName www.<%= @ng_nagios_server %> + ServerAlias <%= @ng_nagios_server %> + Redirect permanent / https://<%= @ng_nagios_server %>/nagios + + AllowOverride All + + ErrorLog /var/log/httpd/<%= @ng_nagios_server %>-error_log + CustomLog /var/log/httpd/<%= @ng_nagios_server %>-access_log common + diff --git a/templates/httpd/nagios_conf.erb b/templates/httpd/nagios_conf.erb index 2e84105..1884734 100644 --- a/templates/httpd/nagios_conf.erb +++ b/templates/httpd/nagios_conf.erb @@ -23,7 +23,7 @@ ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/" Require host <%= @ng_required_hosts %> <% end -%> <% unless @ng_required_ips.empty? -%> - Require ip <%= required_ips %> + Require ip <%= @ng_required_ip %> <% end -%> AuthName "Nagios Access" AuthType Basic @@ -58,7 +58,7 @@ Alias /nagios "/usr/share/nagios/html" Require host <%= @ng_required_hosts %> <% end -%> <% unless @ng_required_ips.empty? -%> - Require ip <%= required_ips %> + Require ip <%= @ng_required_ip %> <% end -%> AuthName "Nagios Access" AuthType Basic From 1fc9ffeacdebd206226fb373206d8ca925944b04 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Fri, 21 Jul 2017 15:43:26 +0200 Subject: [PATCH 2/2] recommit for updates in build 26 --- CHANGELOG.md | 10 +++++ REPOSTRUCTURE.md | 3 +- doc/_index.html | 2 +- doc/file.README.html | 6 ++- doc/index.html | 6 ++- doc/puppet_classes/cd_nagios.html | 2 +- .../cd_nagios_3A_3Aclient_3A_3Atarget.html | 2 +- ...cd_nagios_3A_3Afirewall_3A_3Aiptables.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Aconfig.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Adirs.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Auser.html | 2 +- doc/puppet_classes/cd_nagios_3A_3Aparams.html | 32 +++++++++++---- .../cd_nagios_3A_3Aselinux_3A_3Aconfig.html | 2 +- ..._nagios_3A_3Aserver_3A_3Aaccess_rules.html | 2 +- .../cd_nagios_3A_3Aserver_3A_3Afiles.html | 40 +++++++++++++++++-- .../cd_nagios_3A_3Aserver_3A_3Aservice.html | 2 +- .../cd_nagios_3A_3Aserver_3A_3Aaccess.html | 2 +- doc/top-level-namespace.html | 2 +- 19 files changed, 94 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e12ad15..a3bd59c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+00ef7138b378bf5 Jenkins Server 2017-07-21 13:06:15 +

+

recommit for updates in build 25

+ +

+46d3b02f7625b15 Arne Teuke 2017-07-21 13:05:55 +

+

added control for welcome.conf

+ +

4ec7633f976a225 Jenkins Server 2017-07-21 12:51:33

recommit for updates in build 24

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index e7117de..c4685b9 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -51,6 +51,7 @@ | `-- params.pp |-- templates | |-- httpd +| | |-- forward_conf.erb | | |-- nagios_conf.erb | | `-- welcome_conf.erb | |-- nagios @@ -69,4 +70,4 @@ |-- README.md `-- REPOSTRUCTURE.md -16 directories, 53 files +16 directories, 54 files diff --git a/doc/_index.html b/doc/_index.html index 31ec137..08c7a90 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -181,7 +181,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index ecd2a0d..561169e 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -143,7 +143,9 @@ parameters configure NRPE on clients (optional) * configure firewall (optional) * -configure selinux policies (optional)

+configure selinux policies (optional) +* configure forwarding http to https +including accesing the /nagios url directly (optional)

Service * manage Nagios service on server @@ -297,7 +299,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index 4825303..1e22a2e 100644 --- a/doc/index.html +++ b/doc/index.html @@ -143,7 +143,9 @@ parameters configure NRPE on clients (optional) * configure firewall (optional) * -configure selinux policies (optional)

+configure selinux policies (optional) +* configure forwarding http to https +including accesing the /nagios url directly (optional)

Service * manage Nagios service on server @@ -297,7 +299,7 @@ environments.

diff --git a/doc/puppet_classes/cd_nagios.html b/doc/puppet_classes/cd_nagios.html index b3f96c4..acfd758 100644 --- a/doc/puppet_classes/cd_nagios.html +++ b/doc/puppet_classes/cd_nagios.html @@ -139,7 +139,7 @@ class cd_nagios { diff --git a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html index de0ceec..cecd710 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html @@ -368,7 +368,7 @@ class cd_nagios::client::target ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html index 927e452..2b088a8 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html @@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html index 695a577..da0da73 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html @@ -187,7 +187,7 @@ class cd_nagios::main::config ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html index c31c362..790d7e9 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html @@ -468,7 +468,7 @@ class cd_nagios::main::dirs ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html index eb6807c..0b36fc6 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html @@ -235,7 +235,7 @@ class cd_nagios::main::install ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html index ab47287..8ad6401 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html @@ -200,7 +200,7 @@ class cd_nagios::main::user ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aparams.html b/doc/puppet_classes/cd_nagios_3A_3Aparams.html index 9c1f3e2..9495efb 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aparams.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aparams.html @@ -1859,12 +1859,20 @@ Requires format 'ipaddress ip address range'

ng_disable_welcome - (Any) + (boolean) (defaults to: true) + — +
+

Whether the regular welcome screen should +be disabled. this is required for +the nagios http check on the nagios server + to be successful.

+
+ @@ -1884,9 +1892,6 @@ Requires format 'ipaddress ip address range'

 
 
-203
-204
-205
 206
 207
 208
@@ -2043,10 +2048,17 @@ Requires format 'ipaddress ip address range'

 359
 360
 361
-362
+362 +363 +364 +365 +366 +367 +368 +369 - 
# File 'manifests/params.pp', line 203
+        
# File 'manifests/params.pp', line 206
 
 class cd_nagios::params (
 
@@ -2158,6 +2170,7 @@ $ng_use_selinux_tools = true,
 $ng_required_hosts    = '',
 $ng_required_ips      = '127.0.0.0/8',
 $ng_disable_welcome   = true,
+
 ) {
 
 # installation section
@@ -2200,8 +2213,11 @@ $ng_taccgi_erb        = 'cd_nagios/selinux/taccgi.erb'
 $ng_statcgi_erb       = 'cd_nagios/selinux/statuscgi.erb'
 $ng_nagios_conf       = '/etc/httpd/conf.d/nagios.conf'
 $ng_nagios_conf_erb   = 'cd_nagios/httpd/nagios_conf.erb'
-$ng_welcome_conf      ='/etc/httpd/conf.d/welcome.conf'
+$ng_welcome_conf      = '/etc/httpd/conf.d/welcome.conf'
 $ng_welcome_conf_erb  = 'cd_nagios/httpd/welcome_conf.erb'
+$ng_forward_conf      = '/etc/httpd/conf.d/nagios_forward.conf'
+$ng_forward_conf_erb  = 'cd_nagios/httpd/forward_conf.erb'
+
 
 # includes must be last
 
@@ -2215,7 +2231,7 @@ $ng_welcome_conf_erb  = 'cd_nagios/httpd/welcome_conf.erb'
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
index 83dbfd3..f39281b 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
index f11c02f..98c7558 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
index 5cc4475..50feeb4 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
@@ -191,7 +191,24 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

 82
 83
 84
-85

+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+100
+101
+102
# File 'manifests/server/files.pp', line 23
@@ -239,7 +256,24 @@ class cd_nagios::server::files (
       notify    =>  Service[$ae_service],
     }
 
-    # manage index.gtml for nagios web server
+    if $ng_http_https_fw == true {
+
+      file { $ng_forward_conf:
+        ensure    =>  file,
+        path      =>  $ng_forward_conf,
+        owner     =>  'root',
+        group     =>  'root',
+        mode      =>  '0644',
+        selrange  =>  s0,
+        selrole   =>  object_r,
+        seltype   =>  httpd_config_t,
+        seluser   =>  system_u,
+        content   =>  template($ng_forward_conf_erb),
+        notify    =>  Service[$ae_service],
+      }
+    }
+
+    # manage welcome.conf for nagios web server
 
     if $ng_disable_welcome == true {
 
@@ -266,7 +300,7 @@ class cd_nagios::server::files (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
index 0b6ca03..2812d6f 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
@@ -174,7 +174,7 @@ class cd_nagios::server::service (
 
 
       
diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
index af0a928..825f6f0 100644
--- a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
+++ b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
@@ -220,7 +220,7 @@ $ng_service       = $::cd_nagios::params::ng_service
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 77f1e8d..e293fa7 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@