confdroid/confdroid_nagios
3
0
Fork 0
Code Issues Projects Wiki Activity

Merge branch 'jenkins' into 'master'

Browse Source 
Jenkins

See merge request !32
This commit is contained in:
12ww1160
2017-07-23 12:49:06 +02:00
parent 66a5f85bac f0067d9e35
commit e82d7af66b
25 changed files with 199 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@@ -8,6 +8,16 @@ Changelog of Git Changelog.
<h2> No issue </h2> <h2> No issue </h2>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/b58dd8426596bdc">b58dd8426596bdc</a> Jenkins Server <i>2017-07-23 10:18:44</i>
<p>
<h3>recommit for updates in build 54</h3>
</p>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/98711530f982aa2">98711530f982aa2</a> Arne Teuke <i>2017-07-23 10:18:25</i>
<p>
<h3>cert creation works</h3>
</p>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/9547dbb7a7e32d0">9547dbb7a7e32d0</a> Jenkins Server <i>2017-07-23 10:08:29</i> <a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/9547dbb7a7e32d0">9547dbb7a7e32d0</a> Jenkins Server <i>2017-07-23 10:08:29</i>
<p> <p>
<h3>recommit for updates in build 53</h3> <h3>recommit for updates in build 53</h3>

8
README.md
View File

@@ -23,6 +23,7 @@ Nagios is a powerful open source software solution for monitoring your IT enviro
* [Optional Parameters](#optional-parameters) * [Optional Parameters](#optional-parameters)
* [PuppetDB] * [PuppetDB]
* [SELINUX](#selinux) * [SELINUX](#selinux)
* [Certbot](#certbot)
* [Known Problems](#known-problems) * [Known Problems](#known-problems)
* [Support](#support) * [Support](#support)
* [Tests](#tests) * [Tests](#tests)
@@ -104,6 +105,13 @@ A working instance of PuppetDBconnected to the Puppet master is required for thi
### SELINUX ### SELINUX
All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored. All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
### Certbot
This module can optionally setup [certbot](https://certbot.eff.org/) TLS certificate management for the frontend GUI. In order to do so, set `ng_enable_certbot` to true (default). Effectively, this will manage the certs before even installing Nagios, so there will be no problems with the Nagios showing up with a self-signed certificate.
Once enabled, the module will go and try to obtain a certificate automatically. For this to work, you need to have proper DNS resolution set up for your domain / nagios server.
### httpd vHost files
by Default, Nagios creates its own nagios.conf file, which is not a vhost file and relies on the main ssd.conf. However, as Nagios might be running on a regular web server with various other web instances (not recommended through), we will not want to manage ssl.conf directly, hence the module creates a vhost for the ssl host.
### Known Problems ### Known Problems
### Support ### Support

3
REPOSTRUCTURE.md
View File

@@ -62,6 +62,7 @@
| | |-- forward_conf.erb | | |-- forward_conf.erb
| | |-- index_html.erb | | |-- index_html.erb
| | |-- nagios_conf.erb | | |-- nagios_conf.erb
| | |-- nagios_ssl_vhost.erb
| | `-- welcome_conf.erb | | `-- welcome_conf.erb
| |-- nagios | |-- nagios
| | |-- cgi_cfg.erb | | |-- cgi_cfg.erb
@@ -79,4 +80,4 @@
|-- README.md |-- README.md
`-- REPOSTRUCTURE.md `-- REPOSTRUCTURE.md
18 directories, 61 files 18 directories, 62 files

2
doc/_index.html
View File

@@ -186,7 +186,7 @@
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:38 2017 by Generated on Sun Jul 23 12:58:32 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

24
doc/file.README.html
View File

@@ -110,6 +110,8 @@ Structure</a></p>
</li><li> </li><li>
<p><a href="#selinux">SELINUX</a></p> <p><a href="#selinux">SELINUX</a></p>
</li><li> </li><li>
<p><a href="#certbot">Certbot</a></p>
</li><li>
<p><a href="#known-problems">Known Problems</a></p> <p><a href="#known-problems">Known Problems</a></p>
</li><li> </li><li>
<p><a href="#support">Support</a></p> <p><a href="#support">Support</a></p>
@@ -249,6 +251,26 @@ is available to automate this task for you as well within a few minutes.</p>
<p>All files and directories are configured with correct selinux context. If <p>All files and directories are configured with correct selinux context. If
selinux is disabled, these contexts are ignored.</p> selinux is disabled, these contexts are ignored.</p>
<h3 id="label-Certbot">Certbot</h3>
<p>This module can optionally setup <a
href="https://certbot.eff.org/">certbot</a> TLS certificate management for
the frontend GUI. In order to do so, set <code>ng_enable_certbot</code> to
true (default). Effectively, this will manage the certs before even
installing Nagios, so there will be no problems with the Nagios showing up
with a self-signed certificate.
Once enabled, the module will go and try to
obtain a certificate automatically. For this to work, you need to have
proper DNS resolution set up for your domain / nagios server.</p>
<h3 id="label-httpd+vHost+files">httpd vHost files</h3>
<p>by Default, Nagios creates its own nagios.conf file, which is not a vhost
file and relies on the main ssd.conf. However, as Nagios might be running
on a regular web server with various other web instances (not recommended
through), we will not want to manage ssl.conf directly, hence the module
creates a vhost for the ssl host.</p>
<h3 id="label-Known+Problems">Known Problems</h3> <h3 id="label-Known+Problems">Known Problems</h3>
<h3 id="label-Support">Support</h3> <h3 id="label-Support">Support</h3>
@@ -304,7 +326,7 @@ environments.</p>
</div></div> </div></div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:40 2017 by Generated on Sun Jul 23 12:58:33 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

24
doc/index.html
View File

@@ -110,6 +110,8 @@ Structure</a></p>
</li><li> </li><li>
<p><a href="#selinux">SELINUX</a></p> <p><a href="#selinux">SELINUX</a></p>
</li><li> </li><li>
<p><a href="#certbot">Certbot</a></p>
</li><li>
<p><a href="#known-problems">Known Problems</a></p> <p><a href="#known-problems">Known Problems</a></p>
</li><li> </li><li>
<p><a href="#support">Support</a></p> <p><a href="#support">Support</a></p>
@@ -249,6 +251,26 @@ is available to automate this task for you as well within a few minutes.</p>
<p>All files and directories are configured with correct selinux context. If <p>All files and directories are configured with correct selinux context. If
selinux is disabled, these contexts are ignored.</p> selinux is disabled, these contexts are ignored.</p>
<h3 id="label-Certbot">Certbot</h3>
<p>This module can optionally setup <a
href="https://certbot.eff.org/">certbot</a> TLS certificate management for
the frontend GUI. In order to do so, set <code>ng_enable_certbot</code> to
true (default). Effectively, this will manage the certs before even
installing Nagios, so there will be no problems with the Nagios showing up
with a self-signed certificate.
Once enabled, the module will go and try to
obtain a certificate automatically. For this to work, you need to have
proper DNS resolution set up for your domain / nagios server.</p>
<h3 id="label-httpd+vHost+files">httpd vHost files</h3>
<p>by Default, Nagios creates its own nagios.conf file, which is not a vhost
file and relies on the main ssd.conf. However, as Nagios might be running
on a regular web server with various other web instances (not recommended
through), we will not want to manage ssl.conf directly, hence the module
creates a vhost for the ssl host.</p>
<h3 id="label-Known+Problems">Known Problems</h3> <h3 id="label-Known+Problems">Known Problems</h3>
<h3 id="label-Support">Support</h3> <h3 id="label-Support">Support</h3>
@@ -304,7 +326,7 @@ environments.</p>
</div></div> </div></div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:39 2017 by Generated on Sun Jul 23 12:58:33 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios.html
View File

@@ -139,7 +139,7 @@ class cd_nagios {
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:40 2017 by Generated on Sun Jul 23 12:58:33 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html
View File

@@ -230,7 +230,7 @@ class cd_nagios::certbot::certs (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
View File

@@ -368,7 +368,7 @@ class cd_nagios::client::target (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
View File

@@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

10
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
View File

@@ -168,15 +168,15 @@ class cd_nagios::main::config (
# manage server configuration # manage server configuration
if $::fqdn == $ng_nagios_server { if $::fqdn == $ng_nagios_server {
# include cd_nagios::server::service include cd_nagios::server::service
if $ng_include_fw == true { if $ng_include_fw == true {
include cd_nagios::firewall::iptables include cd_nagios::firewall::iptables
} }
# if $ng_use_selinux_tools == true { if $ng_use_selinux_tools == true {
# include cd_nagios::selinux::config include cd_nagios::selinux::config
# } }
if $ng_enable_certbot == true { if $ng_enable_certbot == true {
require cd_nagios::certbot::certs require cd_nagios::certbot::certs
@@ -195,7 +195,7 @@ class cd_nagios::main::config (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
View File

@@ -468,7 +468,7 @@ class cd_nagios::main::dirs (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by Generated on Sun Jul 23 12:58:34 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
View File

@@ -235,7 +235,7 @@ class cd_nagios::main::install (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
View File

@@ -200,7 +200,7 @@ class cd_nagios::main::user (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

8
doc/puppet_classes/cd_nagios_3A_3Aparams.html
View File

@@ -2169,7 +2169,9 @@ required for certbot and used in the web templates.</p>
392 392
393 393
394 394
395</pre> 395
396
397</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 216</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 216</span>
@@ -2342,6 +2344,8 @@ $ng_unless_get_cert = &#39;cd_nagios/certbot/unless_get_cert.erb&#39;
$ng_unless_renew_erb = &#39;cd_nagios/certbot/unless_renew_cert.erb&#39; $ng_unless_renew_erb = &#39;cd_nagios/certbot/unless_renew_cert.erb&#39;
$ng_index_html_file = &#39;/var/www/html/index.html&#39; $ng_index_html_file = &#39;/var/www/html/index.html&#39;
$ng_index_html_erb = &#39;cd_nagios/httpd/index_html.erb&#39; $ng_index_html_erb = &#39;cd_nagios/httpd/index_html.erb&#39;
$ng_ssl_vhost_file = &#39;/etc/httpd/conf.d/nagios_ssl.conf&#39;
$ng_ssl_vhost_erb = &#39;cd_nagios/httpd/nagios_ssl_vhost.erb&#39;
# certbot # certbot
$ng_certbot_main_dir = &#39;/etc/letsencrypt&#39; $ng_certbot_main_dir = &#39;/etc/letsencrypt&#39;
@@ -2361,7 +2365,7 @@ $ng_certbot_cert = &quot;${ng_certbot_archive}/${ng_webserver_name}/cert1.p
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by Generated on Sun Jul 23 12:58:34 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
View File

@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
View File

@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

46
doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
View File

@@ -230,7 +230,22 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
121 121
122 122
123 123
124</pre> 124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/server/files.pp', line 23</span> <pre class="code"><span class="info file"># File 'manifests/server/files.pp', line 23</span>
@@ -300,12 +315,11 @@ class cd_nagios::server::files (
notify =&gt; Service[$ae_service], notify =&gt; Service[$ae_service],
} }
if $ng_use_https == true {
if $ng_http_https_fw == true { file { $ng_ssl_vhost_file:
file { $ng_forward_conf:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ng_forward_conf, path =&gt; $ng_ssl_vhost_file,
owner =&gt; &#39;root&#39;, owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;, group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;, mode =&gt; &#39;0644&#39;,
@@ -313,11 +327,27 @@ class cd_nagios::server::files (
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; httpd_config_t, seltype =&gt; httpd_config_t,
seluser =&gt; system_u, seluser =&gt; system_u,
content =&gt; template($ng_forward_conf_erb), content =&gt; template($ng_ssl_vhost_erb),
notify =&gt; Service[$ae_service], notify =&gt; Service[$ae_service],
} }
}
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure =&gt; file,
path =&gt; $ng_forward_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_forward_conf_erb),
notify =&gt; Service[$ae_service],
}
}
}
if $ng_enable_index == true { if $ng_enable_index == true {
@@ -344,7 +374,7 @@ class cd_nagios::server::files (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:41 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
View File

@@ -174,7 +174,7 @@ class cd_nagios::server::service (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
View File

@@ -220,7 +220,7 @@ $ng_service = $::cd_nagios::params::ng_service
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:42 2017 by Generated on Sun Jul 23 12:58:35 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/top-level-namespace.html
View File

@@ -90,7 +90,7 @@
</div> </div>
<div id="footer"> <div id="footer">
Generated on Sun Jul 23 12:18:40 2017 by Generated on Sun Jul 23 12:58:33 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

8
manifests/main/config.pp
View File

@@ -28,15 +28,15 @@ class cd_nagios::main::config (
# manage server configuration # manage server configuration
if $::fqdn == $ng_nagios_server { if $::fqdn == $ng_nagios_server {
# include cd_nagios::server::service include cd_nagios::server::service
if $ng_include_fw == true { if $ng_include_fw == true {
include cd_nagios::firewall::iptables include cd_nagios::firewall::iptables
} }
# if $ng_use_selinux_tools == true { if $ng_use_selinux_tools == true {
# include cd_nagios::selinux::config include cd_nagios::selinux::config
# } }
if $ng_enable_certbot == true { if $ng_enable_certbot == true {
require cd_nagios::certbot::certs require cd_nagios::certbot::certs

2
manifests/params.pp
View File

@@ -381,6 +381,8 @@ $ng_unless_get_cert = 'cd_nagios/certbot/unless_get_cert.erb'
$ng_unless_renew_erb = 'cd_nagios/certbot/unless_renew_cert.erb' $ng_unless_renew_erb = 'cd_nagios/certbot/unless_renew_cert.erb'
$ng_index_html_file = '/var/www/html/index.html' $ng_index_html_file = '/var/www/html/index.html'
$ng_index_html_erb = 'cd_nagios/httpd/index_html.erb' $ng_index_html_erb = 'cd_nagios/httpd/index_html.erb'
$ng_ssl_vhost_file = '/etc/httpd/conf.d/nagios_ssl.conf'
$ng_ssl_vhost_erb = 'cd_nagios/httpd/nagios_ssl_vhost.erb'
# certbot # certbot
$ng_certbot_main_dir = '/etc/letsencrypt' $ng_certbot_main_dir = '/etc/letsencrypt'

27
manifests/server/files.pp
View File

@@ -85,12 +85,11 @@ class cd_nagios::server::files (
notify => Service[$ae_service], notify => Service[$ae_service],
} }
if $ng_use_https == true {
if $ng_http_https_fw == true { file { $ng_ssl_vhost_file:
file { $ng_forward_conf:
ensure => file, ensure => file,
path => $ng_forward_conf, path => $ng_ssl_vhost_file,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
@@ -98,11 +97,27 @@ class cd_nagios::server::files (
selrole => object_r, selrole => object_r,
seltype => httpd_config_t, seltype => httpd_config_t,
seluser => system_u, seluser => system_u,
content => template($ng_forward_conf_erb), content => template($ng_ssl_vhost_erb),
notify => Service[$ae_service], notify => Service[$ae_service],
} }
}
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure => file,
path => $ng_forward_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_forward_conf_erb),
notify => Service[$ae_service],
}
}
}
if $ng_enable_index == true { if $ng_enable_index == true {

44
templates/httpd/nagios_ssl_vhost.erb Normal file
View File

@@ -0,0 +1,44 @@
###############################################################################
##### virtual_host file created by puppet, changes will be overwritten ######
###############################################################################
<VirtualHost *:443>
ServerAdmin root@localhost
DocumentRoot /var/www/html
ServerName <%= @ng_webserver_name %>
DirectoryIndex index.html
ErrorLog /var/log/httpd/nagios_ssl_error_log
# ErrorLog syslog:local1
TransferLog /var/log/httpd/nagios_ssl_transfer_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
<% if @js_use_certbot == true -%>
SSLCertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/cert.pem
SSLCertificateKeyFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/privkey.pem
SSLCACertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/fullchain.pem
<% elsif @js_use_certbot != true -%>
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
<% end -%>
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>