confdroid/confdroid_nagios
3
0
Fork 0
Code Issues Projects Wiki Activity

Merge branch 'jenkins' into 'master'

Browse Source 
Jenkins

See merge request !32
This commit is contained in:
12ww1160
2017-07-23 12:49:06 +02:00
parent 66a5f85bac f0067d9e35
commit e82d7af66b
25 changed files with 199 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@@ -8,6 +8,16 @@ Changelog of Git Changelog.
<h2> No issue </h2>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/b58dd8426596bdc">b58dd8426596bdc</a> Jenkins Server <i>2017-07-23 10:18:44</i>
<p>
<h3>recommit for updates in build 54</h3>
</p>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/98711530f982aa2">98711530f982aa2</a> Arne Teuke <i>2017-07-23 10:18:25</i>
<p>
<h3>cert creation works</h3>
</p>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/9547dbb7a7e32d0">9547dbb7a7e32d0</a> Jenkins Server <i>2017-07-23 10:08:29</i>
<p>
<h3>recommit for updates in build 53</h3>

8
README.md
View File

@@ -23,6 +23,7 @@ Nagios is a powerful open source software solution for monitoring your IT enviro
* [Optional Parameters](#optional-parameters)
* [PuppetDB]
* [SELINUX](#selinux)
* [Certbot](#certbot)
* [Known Problems](#known-problems)
* [Support](#support)
* [Tests](#tests)
@@ -104,6 +105,13 @@ A working instance of PuppetDBconnected to the Puppet master is required for thi
### SELINUX
All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
### Certbot
This module can optionally setup [certbot](https://certbot.eff.org/) TLS certificate management for the frontend GUI. In order to do so, set `ng_enable_certbot` to true (default). Effectively, this will manage the certs before even installing Nagios, so there will be no problems with the Nagios showing up with a self-signed certificate.
Once enabled, the module will go and try to obtain a certificate automatically. For this to work, you need to have proper DNS resolution set up for your domain / nagios server.
### httpd vHost files
by Default, Nagios creates its own nagios.conf file, which is not a vhost file and relies on the main ssd.conf. However, as Nagios might be running on a regular web server with various other web instances (not recommended through), we will not want to manage ssl.conf directly, hence the module creates a vhost for the ssl host.
### Known Problems
### Support

3
REPOSTRUCTURE.md
View File

@@ -62,6 +62,7 @@
| | |-- forward_conf.erb
| | |-- index_html.erb
| | |-- nagios_conf.erb
| | |-- nagios_ssl_vhost.erb
| | `-- welcome_conf.erb
| |-- nagios
| | |-- cgi_cfg.erb
@@ -79,4 +80,4 @@
|-- README.md
`-- REPOSTRUCTURE.md
18 directories, 61 files
18 directories, 62 files

2
doc/_index.html
View File

@@ -186,7 +186,7 @@
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:38 2017 by
Generated on Sun Jul 23 12:58:32 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

24
doc/file.README.html
View File

@@ -110,6 +110,8 @@ Structure</a></p>
</li><li>
<p><a href="#selinux">SELINUX</a></p>
</li><li>
<p><a href="#certbot">Certbot</a></p>
</li><li>
<p><a href="#known-problems">Known Problems</a></p>
</li><li>
<p><a href="#support">Support</a></p>
@@ -249,6 +251,26 @@ is available to automate this task for you as well within a few minutes.</p>
<p>All files and directories are configured with correct selinux context. If
selinux is disabled, these contexts are ignored.</p>
<h3 id="label-Certbot">Certbot</h3>
<p>This module can optionally setup <a
href="https://certbot.eff.org/">certbot</a> TLS certificate management for
the frontend GUI. In order to do so, set <code>ng_enable_certbot</code> to
true (default). Effectively, this will manage the certs before even
installing Nagios, so there will be no problems with the Nagios showing up
with a self-signed certificate.
Once enabled, the module will go and try to
obtain a certificate automatically. For this to work, you need to have
proper DNS resolution set up for your domain / nagios server.</p>
<h3 id="label-httpd+vHost+files">httpd vHost files</h3>
<p>by Default, Nagios creates its own nagios.conf file, which is not a vhost
file and relies on the main ssd.conf. However, as Nagios might be running
on a regular web server with various other web instances (not recommended
through), we will not want to manage ssl.conf directly, hence the module
creates a vhost for the ssl host.</p>
<h3 id="label-Known+Problems">Known Problems</h3>
<h3 id="label-Support">Support</h3>
@@ -304,7 +326,7 @@ environments.</p>
</div></div>
<div id="footer">
Generated on Sun Jul 23 12:18:40 2017 by
Generated on Sun Jul 23 12:58:33 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

24
doc/index.html
View File

@@ -110,6 +110,8 @@ Structure</a></p>
</li><li>
<p><a href="#selinux">SELINUX</a></p>
</li><li>
<p><a href="#certbot">Certbot</a></p>
</li><li>
<p><a href="#known-problems">Known Problems</a></p>
</li><li>
<p><a href="#support">Support</a></p>
@@ -249,6 +251,26 @@ is available to automate this task for you as well within a few minutes.</p>
<p>All files and directories are configured with correct selinux context. If
selinux is disabled, these contexts are ignored.</p>
<h3 id="label-Certbot">Certbot</h3>
<p>This module can optionally setup <a
href="https://certbot.eff.org/">certbot</a> TLS certificate management for
the frontend GUI. In order to do so, set <code>ng_enable_certbot</code> to
true (default). Effectively, this will manage the certs before even
installing Nagios, so there will be no problems with the Nagios showing up
with a self-signed certificate.
Once enabled, the module will go and try to
obtain a certificate automatically. For this to work, you need to have
proper DNS resolution set up for your domain / nagios server.</p>
<h3 id="label-httpd+vHost+files">httpd vHost files</h3>
<p>by Default, Nagios creates its own nagios.conf file, which is not a vhost
file and relies on the main ssd.conf. However, as Nagios might be running
on a regular web server with various other web instances (not recommended
through), we will not want to manage ssl.conf directly, hence the module
creates a vhost for the ssl host.</p>
<h3 id="label-Known+Problems">Known Problems</h3>
<h3 id="label-Support">Support</h3>
@@ -304,7 +326,7 @@ environments.</p>
</div></div>
<div id="footer">
Generated on Sun Jul 23 12:18:39 2017 by
Generated on Sun Jul 23 12:58:33 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios.html
View File

@@ -139,7 +139,7 @@ class cd_nagios {
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:40 2017 by
Generated on Sun Jul 23 12:58:33 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html
View File

@@ -230,7 +230,7 @@ class cd_nagios::certbot::certs (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
View File

@@ -368,7 +368,7 @@ class cd_nagios::client::target (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
View File

@@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

10
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
View File

@@ -168,15 +168,15 @@ class cd_nagios::main::config (
# manage server configuration
if $::fqdn == $ng_nagios_server {
# include cd_nagios::server::service
include cd_nagios::server::service
if $ng_include_fw == true {
include cd_nagios::firewall::iptables
}
# if $ng_use_selinux_tools == true {
# include cd_nagios::selinux::config
# }
if $ng_use_selinux_tools == true {
include cd_nagios::selinux::config
}
if $ng_enable_certbot == true {
require cd_nagios::certbot::certs
@@ -195,7 +195,7 @@ class cd_nagios::main::config (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
View File

@@ -468,7 +468,7 @@ class cd_nagios::main::dirs (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by
Generated on Sun Jul 23 12:58:34 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
View File

@@ -235,7 +235,7 @@ class cd_nagios::main::install (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
View File

@@ -200,7 +200,7 @@ class cd_nagios::main::user (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

8
doc/puppet_classes/cd_nagios_3A_3Aparams.html
View File

@@ -2169,7 +2169,9 @@ required for certbot and used in the web templates.</p>
392
393
394
395</pre>
395
396
397</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 216</span>
@@ -2342,6 +2344,8 @@ $ng_unless_get_cert = &#39;cd_nagios/certbot/unless_get_cert.erb&#39;
$ng_unless_renew_erb = &#39;cd_nagios/certbot/unless_renew_cert.erb&#39;
$ng_index_html_file = &#39;/var/www/html/index.html&#39;
$ng_index_html_erb = &#39;cd_nagios/httpd/index_html.erb&#39;
$ng_ssl_vhost_file = &#39;/etc/httpd/conf.d/nagios_ssl.conf&#39;
$ng_ssl_vhost_erb = &#39;cd_nagios/httpd/nagios_ssl_vhost.erb&#39;
# certbot
$ng_certbot_main_dir = &#39;/etc/letsencrypt&#39;
@@ -2361,7 +2365,7 @@ $ng_certbot_cert = &quot;${ng_certbot_archive}/${ng_webserver_name}/cert1.p
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by
Generated on Sun Jul 23 12:58:34 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
View File

@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
View File

@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

46
doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
View File

@@ -230,7 +230,22 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
121
122
123
124</pre>
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/server/files.pp', line 23</span>
@@ -300,12 +315,11 @@ class cd_nagios::server::files (
notify =&gt; Service[$ae_service],
}
if $ng_use_https == true {
if $ng_http_https_fw == true {
file { $ng_forward_conf:
file { $ng_ssl_vhost_file:
ensure =&gt; file,
path =&gt; $ng_forward_conf,
path =&gt; $ng_ssl_vhost_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
@@ -313,11 +327,27 @@ class cd_nagios::server::files (
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_forward_conf_erb),
content =&gt; template($ng_ssl_vhost_erb),
notify =&gt; Service[$ae_service],
}
}
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure =&gt; file,
path =&gt; $ng_forward_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_forward_conf_erb),
notify =&gt; Service[$ae_service],
}
}
}
if $ng_enable_index == true {
@@ -344,7 +374,7 @@ class cd_nagios::server::files (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
View File

@@ -174,7 +174,7 @@ class cd_nagios::server::service (
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
View File

@@ -220,7 +220,7 @@ $ng_service = $::cd_nagios::params::ng_service
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by
Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/top-level-namespace.html
View File

@@ -90,7 +90,7 @@
</div>
<div id="footer">
Generated on Sun Jul 23 12:18:40 2017 by
Generated on Sun Jul 23 12:58:33 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

8
manifests/main/config.pp
View File

@@ -28,15 +28,15 @@ class cd_nagios::main::config (
# manage server configuration
if $::fqdn == $ng_nagios_server {
# include cd_nagios::server::service
include cd_nagios::server::service
if $ng_include_fw == true {
include cd_nagios::firewall::iptables
}
# if $ng_use_selinux_tools == true {
# include cd_nagios::selinux::config
# }
if $ng_use_selinux_tools == true {
include cd_nagios::selinux::config
}
if $ng_enable_certbot == true {
require cd_nagios::certbot::certs

2
manifests/params.pp
View File

@@ -381,6 +381,8 @@ $ng_unless_get_cert = 'cd_nagios/certbot/unless_get_cert.erb'
$ng_unless_renew_erb = 'cd_nagios/certbot/unless_renew_cert.erb'
$ng_index_html_file = '/var/www/html/index.html'
$ng_index_html_erb = 'cd_nagios/httpd/index_html.erb'
$ng_ssl_vhost_file = '/etc/httpd/conf.d/nagios_ssl.conf'
$ng_ssl_vhost_erb = 'cd_nagios/httpd/nagios_ssl_vhost.erb'
# certbot
$ng_certbot_main_dir = '/etc/letsencrypt'

27
manifests/server/files.pp
View File

@@ -85,12 +85,11 @@ class cd_nagios::server::files (
notify => Service[$ae_service],
}
if $ng_use_https == true {
if $ng_http_https_fw == true {
file { $ng_forward_conf:
file { $ng_ssl_vhost_file:
ensure => file,
path => $ng_forward_conf,
path => $ng_ssl_vhost_file,
owner => 'root',
group => 'root',
mode => '0644',
@@ -98,11 +97,27 @@ class cd_nagios::server::files (
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_forward_conf_erb),
content => template($ng_ssl_vhost_erb),
notify => Service[$ae_service],
}
}
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure => file,
path => $ng_forward_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_forward_conf_erb),
notify => Service[$ae_service],
}
}
}
if $ng_enable_index == true {

44
templates/httpd/nagios_ssl_vhost.erb Normal file
View File

@@ -0,0 +1,44 @@
###############################################################################
##### virtual_host file created by puppet, changes will be overwritten ######
###############################################################################
<VirtualHost *:443>
ServerAdmin root@localhost
DocumentRoot /var/www/html
ServerName <%= @ng_webserver_name %>
DirectoryIndex index.html
ErrorLog /var/log/httpd/nagios_ssl_error_log
# ErrorLog syslog:local1
TransferLog /var/log/httpd/nagios_ssl_transfer_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
<% if @js_use_certbot == true -%>
SSLCertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/cert.pem
SSLCertificateKeyFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/privkey.pem
SSLCACertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/fullchain.pem
<% elsif @js_use_certbot != true -%>
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
<% end -%>
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>