diff --git a/CHANGELOG.md b/CHANGELOG.md index 3679f7d..0150434 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,21 @@ Changelog of Git Changelog.

No issue

+92e809e1c65f745 Jenkins Server 2017-07-21 16:38:00 +

+

recommit for updates in build 44

+ +

+35150e65ab10a1c Arne Teuke 2017-07-21 16:37:42 +

+

syntax

+ +

+72d8f34299acd31 Arne Teuke 2017-07-21 16:34:48 +

+

adding selinux control

+ +

5d8c5cff034540a Jenkins Server 2017-07-21 16:28:39

recommit for updates in build 42

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index 79c14a1..da7b7d0 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -33,7 +33,7 @@ | `-- top-level-namespace.html |-- manifests | |-- certbot -| | `-- config.pp +| | `-- certs.pp | |-- client | | `-- target.pp | |-- firewall diff --git a/doc/_index.html b/doc/_index.html index 4f9547e..a39bef2 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -74,7 +74,7 @@
  • - cd_nagios::certbot::config + cd_nagios::certbot::certs
    • @@ -186,7 +186,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 45b3003..d54d745 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -304,7 +304,7 @@ environments.

    diff --git a/doc/index.html b/doc/index.html index 33f3710..41991e4 100644 --- a/doc/index.html +++ b/doc/index.html @@ -304,7 +304,7 @@ environments.

    diff --git a/doc/puppet_class_list.html b/doc/puppet_class_list.html index 898b58e..53a29cd 100644 --- a/doc/puppet_class_list.html +++ b/doc/puppet_class_list.html @@ -47,9 +47,9 @@ -
  • +
  • - cd_nagios::certbot::config + cd_nagios::certbot::certs
    • diff --git a/doc/puppet_classes/cd_nagios.html b/doc/puppet_classes/cd_nagios.html index a17e2f3..a2523cf 100644 --- a/doc/puppet_classes/cd_nagios.html +++ b/doc/puppet_classes/cd_nagios.html @@ -139,7 +139,7 @@ class cd_nagios { diff --git a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html new file mode 100644 index 0000000..9acbada --- /dev/null +++ b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html @@ -0,0 +1,300 @@ + + + + + + + Puppet Class: cd_nagios::certbot::certs + + — Documentation by YARD 0.9.9 + + + + + + + + + + + + + + + + + +
    + +
    +
    + +
    + + +

    Puppet Class: cd_nagios::certbot::certs

    +
    + +
    +
    Inherits:
    +
    cd_nagios::params
    +
    + + +
    +
    Defined in:
    +
    + manifests/certbot/certs.pp +
    +
    +
    + +

    Summary

    + Class manages all configuration files required for cd_nagios. + +

    Overview

    +
    +
    + +

    cd_nagios::certbot::certs.pp +Module name: cd_nagios +Author: Arne Teuke +(arne_teuke@ConfDroid.com)

    + +

    License:

    + +

    This file is part of cd_nagios.

    + +

    cd_nagios is used for providing automatic configuration of Nagios + +Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) + This program is +free software: you can redistribute it and/or modify + it under the terms of +the GNU General Public License as published by + the Free Software +Foundation, either version 3 of the License, or + (at your option) any later +version.

    + +

    This program is distributed in the hope that it will be useful, + but +WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License +for more details.

    + +

    You should have received a copy of the GNU General Public License + along +with this program. If not, see www.gnu.org/licenses/.

    + +
    +
    +
    + + +
    + + + + + +
    + 
    +
+
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
    +     		+ 
    # File 'manifests/certbot/certs.pp', line 23
+
+class cd_nagios::certbot::certs (
+
+) inherits cd_nagios::params {
+
+  if $::fqdn == $ng_nagios_server {
+    if $ng_use_https == true {
+      if $ng_enable_certbot == true {
+
+        require cd_certbot
+        require cd_apache
+
+        # ensure there is no forward vhost file
+
+        exec { 'remove_forward_vhost':
+          command   =>  "rm -Rf ${ng_forward_conf}",
+          creates   =>  '/etc/httpd/conf.d/.cert_created',
+        }
+
+        exec { 'remove_nagios_conf':
+          command   =>  "rm -Rf ${ng_nagios_conf}",
+          creates   =>  '/etc/httpd/conf.d/.cert_created',
+          require   =>  Exec['remove_forward_vhost'],
+        }
+
+        exec { 'remove_index_html':
+          command   =>  "rm -Rf ${ng_index_html_file}",
+          creates   =>  '/etc/httpd/conf.d/.cert_created',
+          require   =>  Exec['remove_nagios_conf'],
+          notify    =>  Service[$ae_service],
+        }
+
+        exec { 'disable_selinux_temporarily':
+          command   =>  'setenforce 0',
+          path      =>  ['/usr/sbin'],
+          creates   =>  '/etc/httpd/conf.d/.cert_created',
+          require   =>  Exec['remove_index_html'],
+        }
+
+        # create cert
+
+        exec { 'create_cert':
+          command   =>  template($ng_get_cert_erb),
+          cwd       =>  '/tmp',
+          path      =>  ['/bin','/usr/bin'],
+          provider  =>  'shell',
+          unless    =>  template('cd_nagios/certbot/unless_get_cert.erb'),
+          notify    =>  Service['httpd'],
+          creates   =>  '/etc/httpd/conf.d/.cert_created',
+        }
+
+        exec { 'enable_selinux':
+          command   =>  'setenforce 1',
+          path      =>  ['/usr/sbin'],
+          creates   =>  '/etc/httpd/conf.d/.cert_created',
+          require   =>  Exec['create_cert'],
+        }
+
+        # renew certs
+
+        exec {  'renew_cert':
+          command   =>  'certbot renew',
+          cwd       =>  '/tmp',
+          path      =>  ['/bin','/usr/bin','/opt/'],
+          provider  =>  'shell',
+          notify    =>  Service['httpd'],
+          unless    =>  template($ng_unless_renew_erb),
+        }
+      }
+    }
+
+    else {
+      # do nothing as we are not using https and certbot is not required then
+    }
+  }
+}
    +
    +
    +
    + + + +
    + + \ No newline at end of file diff --git a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html index dbd5992..7ff66c8 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html @@ -368,7 +368,7 @@ class cd_nagios::client::target ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html index e8070f8..d7b66d0 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html @@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html index 4bad3fd..5655755 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html @@ -152,7 +152,11 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

    43 44 45 -46 +46 +47 +48 +49 +50 
    # File 'manifests/main/config.pp', line 24
@@ -164,14 +168,18 @@ class cd_nagios::main::config (
   # manage server configuration
 
   if $::fqdn == $ng_nagios_server {
-    include cd_nagios::server::service
+#    include cd_nagios::server::service
 
-    if $ng_include_fw == true {
-      include cd_nagios::firewall::iptables
-    }
+#    if $ng_include_fw == true {
+#      include cd_nagios::firewall::iptables
+#    }
 
-    if $ng_use_selinux_tools == true {
-      include cd_nagios::selinux::config
+#    if $ng_use_selinux_tools == true {
+#      include cd_nagios::selinux::config
+#    }
+
+    if $ng_enable_certbot == true {
+      require cd_nagios::certbot::certs
     }
   }
 
@@ -187,7 +195,7 @@ class cd_nagios::main::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
index a67d72e..76a2201 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
@@ -468,7 +468,7 @@ class cd_nagios::main::dirs (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
index ed90bb6..53b933c 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
@@ -235,7 +235,7 @@ class cd_nagios::main::install (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
index 61b8ad7..e28c0fe 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
@@ -200,7 +200,7 @@ class cd_nagios::main::user (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aparams.html b/doc/puppet_classes/cd_nagios_3A_3Aparams.html
index 0320b58..41b91e6 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aparams.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aparams.html
@@ -77,9 +77,9 @@
       
       cd_nagios::server::files
    
       
-      cd_nagios::client::target
    
+      cd_nagios::certbot::certs
    
       
-      cd_nagios::certbot::config
    
+      cd_nagios::client::target
    
       
       cd_nagios::selinux::config
    
       
@@ -1934,6 +1934,30 @@ well as for certbot.
    
 
    Whether to create an index file to allow
 httpd checks with nagios on the
 nagios server.
    
+
+      
+    
+  
+    
  • 
+      
+        ng_webserver_name
+      
+      
+        (string)
+      
+      
+        (defaults to: "nagios.${::domain}")
+      
+      
+        —
+        
    
+
    the name of the web server nagios should
+listen to, i.e.
+'nagios.example.net'. Unlike ng_nagios_server,
+this
+should not be the FQDN of the nagios host, but a web server domain
+name.
+required for certbot and used in the web templates.
    
 
    
       
     
    • 
@@ -1955,10 +1979,6 @@ nagios server.
    
         
     
 
-212
-213
-214
-215
 216
 217
 218
@@ -2127,10 +2147,15 @@ nagios server.
    
 381
 382
 383
-384
    
+384
+385
+386
+387
+388
+389
    - 
    # File 'manifests/params.pp', line 212
+        
    # File 'manifests/params.pp', line 216
 
 class cd_nagios::params (
 
@@ -2247,6 +2272,7 @@ $ng_enable_index      = true,
 # certbot
 $ng_enable_certbot    = true,
 $ng_certbot_cert_path = '/var/www/html',
+$ng_webserver_name    = "nagios.${::domain}",
 
 ) {
 
@@ -2312,7 +2338,7 @@ $ng_index_html_erb    = 'cd_nagios/httpd/index_html.erb'
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
index ab6e44d..7590646 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
index d1cfc0d..5d2427b 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
index ce6f5c5..37dcd28 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
@@ -344,7 +344,7 @@ class cd_nagios::server::files (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
index 0904a2b..6e9a14a 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
@@ -174,7 +174,7 @@ class cd_nagios::server::service (
 
 
       
diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
index ec6c185..7803e5f 100644
--- a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
+++ b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
@@ -220,7 +220,7 @@ $ng_service       = $::cd_nagios::params::ng_service
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 47d404a..de429ee 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@
 
 
       
diff --git a/manifests/certbot/config.pp b/manifests/certbot/certs.pp
similarity index 97%
rename from manifests/certbot/config.pp
rename to manifests/certbot/certs.pp
index aab638c..fd80273 100644
--- a/manifests/certbot/config.pp
+++ b/manifests/certbot/certs.pp
@@ -1,4 +1,4 @@
-## cd_nagios::certbot::config.pp
+## cd_nagios::certbot::certs.pp
 # Module name: cd_nagios
 # Author: Arne Teuke (arne_teuke@ConfDroid.com)
 # # License:
@@ -20,7 +20,7 @@
 #    along with this program.  If not, see .
 # @summary  Class manages all configuration files required for cd_nagios.
 ##############################################################################
-class cd_nagios::certbot::config (
+class cd_nagios::certbot::certs (
 
 ) inherits cd_nagios::params {
 
@@ -29,6 +29,7 @@ class cd_nagios::certbot::config (
       if $ng_enable_certbot == true {
 
         require cd_certbot
+        require cd_apache
 
         # ensure there is no forward vhost file
 
diff --git a/manifests/main/config.pp b/manifests/main/config.pp
index 25adb6d..a4dc910 100644
--- a/manifests/main/config.pp
+++ b/manifests/main/config.pp
@@ -28,14 +28,18 @@ class cd_nagios::main::config (
   # manage server configuration
 
   if $::fqdn == $ng_nagios_server {
-    include cd_nagios::server::service
+#    include cd_nagios::server::service
 
-    if $ng_include_fw == true {
-      include cd_nagios::firewall::iptables
-    }
+#    if $ng_include_fw == true {
+#      include cd_nagios::firewall::iptables
+#    }
 
-    if $ng_use_selinux_tools == true {
-      include cd_nagios::selinux::config
+#    if $ng_use_selinux_tools == true {
+#      include cd_nagios::selinux::config
+#    }
+
+    if $ng_enable_certbot == true {
+      require cd_nagios::certbot::certs
     }
   }
 
diff --git a/manifests/params.pp b/manifests/params.pp
index 9a5a6c1..0d2a440 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -208,6 +208,10 @@
 #   used for nagios itself as well as for certbot.
 # @param  [boolean] ng_enable_index Whether to create an index file to allow
 #   httpd checks with nagios on the nagios server.
+# @param  [string] ng_webserver_name the name of the web server nagios should
+#   listen to, i.e. 'nagios.example.net'. Unlike `ng_nagios_server`, this
+#   should not be the FQDN of the nagios host, but a web server domain name.
+#   required for certbot and used in the web templates.
 ###############################################################################
 class cd_nagios::params (
 
@@ -324,6 +328,7 @@ $ng_enable_index      = true,
 # certbot
 $ng_enable_certbot    = true,
 $ng_certbot_cert_path = '/var/www/html',
+$ng_webserver_name    = "nagios.${::domain}",
 
 ) {
 
diff --git a/templates/certbot/get_cert.erb b/templates/certbot/get_cert.erb
index 87f47d9..0883a39 100644
--- a/templates/certbot/get_cert.erb
+++ b/templates/certbot/get_cert.erb
@@ -1,2 +1,2 @@
-certbot certonly -t -n --agree-tos --webroot -w <%= @ng_certbot_cert_path %>/ -d <%= @ng_nagios_server %> --email <%= @ng_mail_user %>
+certbot certonly -t -n --agree-tos --webroot -w <%= @ng_certbot_cert_path %>/ -d www.<%= @ng_webserver_name %> -d <%= @ng_webserver_name %> --email <%= @ng_mail_user %>
 touch /etc/httpd/conf.d/.cert_created
diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb
index 0f92a41..c81678a 100644
--- a/templates/httpd/forward_conf.erb
+++ b/templates/httpd/forward_conf.erb
@@ -1,17 +1,17 @@
 >
     ServerAdmin root@localhost
     DocumentRoot /var/www/html
-    ServerName www.<%= @ng_nagios_server %>
-    ServerAlias <%= @ng_nagios_server %>
+    ServerName www.<%= @ng_webserver_name %>
+    ServerAlias <%= @ng_webserver_name %>
 <% if @ng_use_https == true -%>
-    Redirect permanent / https://<%= @ng_nagios_server %>/nagios
+    Redirect permanent / https://<%= @ng_webserver_name %>/nagios
 <% end -%>
 <% if @ng_use_https != true -%>
-    Redirect permanent / http://<%= @ng_nagios_server %>/nagios
+    Redirect permanent / http://<%= @ng_webserver_name %>/nagios
 <% end -%>
     
     AllowOverride All
     
-    ErrorLog /var/log/httpd/<%= @ng_nagios_server %>-error_log
-    CustomLog /var/log/httpd/<%= @ng_nagios_server %>-access_log common
+    ErrorLog /var/log/httpd/<%= @ng_webserver_name %>-error_log
+    CustomLog /var/log/httpd/<%= @ng_webserver_name %>-access_log common