From f0067d9e351ad5f02de9c8a5ac7f77d2fe5af373 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Sun, 23 Jul 2017 12:58:37 +0200 Subject: [PATCH] recommit for updates in build 56 --- CHANGELOG.md | 10 ++++ REPOSTRUCTURE.md | 3 +- doc/_index.html | 2 +- doc/file.README.html | 24 +++++++++- doc/index.html | 24 +++++++++- doc/puppet_classes/cd_nagios.html | 2 +- .../cd_nagios_3A_3Acertbot_3A_3Acerts.html | 2 +- .../cd_nagios_3A_3Aclient_3A_3Atarget.html | 2 +- ...cd_nagios_3A_3Afirewall_3A_3Aiptables.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Aconfig.html | 10 ++-- .../cd_nagios_3A_3Amain_3A_3Adirs.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_nagios_3A_3Amain_3A_3Auser.html | 2 +- doc/puppet_classes/cd_nagios_3A_3Aparams.html | 8 +++- .../cd_nagios_3A_3Aselinux_3A_3Aconfig.html | 2 +- ..._nagios_3A_3Aserver_3A_3Aaccess_rules.html | 2 +- .../cd_nagios_3A_3Aserver_3A_3Afiles.html | 46 +++++++++++++++---- .../cd_nagios_3A_3Aserver_3A_3Aservice.html | 2 +- .../cd_nagios_3A_3Aserver_3A_3Aaccess.html | 2 +- doc/top-level-namespace.html | 2 +- 20 files changed, 120 insertions(+), 31 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 10da361..a8f7f5e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+b58dd8426596bdc Jenkins Server 2017-07-23 10:18:44 +

+

recommit for updates in build 54

+ +

+98711530f982aa2 Arne Teuke 2017-07-23 10:18:25 +

+

cert creation works

+ +

9547dbb7a7e32d0 Jenkins Server 2017-07-23 10:08:29

recommit for updates in build 53

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index c945adf..9dd9829 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -62,6 +62,7 @@ | | |-- forward_conf.erb | | |-- index_html.erb | | |-- nagios_conf.erb +| | |-- nagios_ssl_vhost.erb | | `-- welcome_conf.erb | |-- nagios | | |-- cgi_cfg.erb @@ -79,4 +80,4 @@ |-- README.md `-- REPOSTRUCTURE.md -18 directories, 61 files +18 directories, 62 files diff --git a/doc/_index.html b/doc/_index.html index 97ed2bf..ead80f2 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -186,7 +186,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 86cc550..b74e9d0 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -110,6 +110,8 @@ Structure

  • SELINUX

  • +

    Certbot

    +

  • Known Problems

  • Support

    @@ -249,6 +251,26 @@ is available to automate this task for you as well within a few minutes.

    All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.

    +

    Certbot

    + +

    This module can optionally setup certbot TLS certificate management for +the frontend GUI. In order to do so, set ng_enable_certbot to +true (default). Effectively, this will manage the certs before even +installing Nagios, so there will be no problems with the Nagios showing up +with a self-signed certificate. +Once enabled, the module will go and try to +obtain a certificate automatically. For this to work, you need to have +proper DNS resolution set up for your domain / nagios server.

    + +

    httpd vHost files

    + +

    by Default, Nagios creates its own nagios.conf file, which is not a vhost +file and relies on the main ssd.conf. However, as Nagios might be running +on a regular web server with various other web instances (not recommended +through), we will not want to manage ssl.conf directly, hence the module +creates a vhost for the ssl host.

    +

    Known Problems

    Support

    @@ -304,7 +326,7 @@ environments.

    diff --git a/doc/index.html b/doc/index.html index e522fbf..e4b3cfd 100644 --- a/doc/index.html +++ b/doc/index.html @@ -110,6 +110,8 @@ Structure

  • SELINUX

  • +

    Certbot

    +

  • Known Problems

  • Support

    @@ -249,6 +251,26 @@ is available to automate this task for you as well within a few minutes.

    All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.

    +

    Certbot

    + +

    This module can optionally setup certbot TLS certificate management for +the frontend GUI. In order to do so, set ng_enable_certbot to +true (default). Effectively, this will manage the certs before even +installing Nagios, so there will be no problems with the Nagios showing up +with a self-signed certificate. +Once enabled, the module will go and try to +obtain a certificate automatically. For this to work, you need to have +proper DNS resolution set up for your domain / nagios server.

    + +

    httpd vHost files

    + +

    by Default, Nagios creates its own nagios.conf file, which is not a vhost +file and relies on the main ssd.conf. However, as Nagios might be running +on a regular web server with various other web instances (not recommended +through), we will not want to manage ssl.conf directly, hence the module +creates a vhost for the ssl host.

    +

    Known Problems

    Support

    @@ -304,7 +326,7 @@ environments.

    diff --git a/doc/puppet_classes/cd_nagios.html b/doc/puppet_classes/cd_nagios.html index 8a1bb57..f5b1bfc 100644 --- a/doc/puppet_classes/cd_nagios.html +++ b/doc/puppet_classes/cd_nagios.html @@ -139,7 +139,7 @@ class cd_nagios { diff --git a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html index 09347d7..8f1c36d 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html +++ b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html @@ -230,7 +230,7 @@ class cd_nagios::certbot::certs ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html index e36bc26..d25f7b4 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html @@ -368,7 +368,7 @@ class cd_nagios::client::target ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html index a16184a..26b0fe5 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html @@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html index 2b01275..be35fa3 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html @@ -168,15 +168,15 @@ class cd_nagios::main::config ( # manage server configuration if $::fqdn == $ng_nagios_server { -# include cd_nagios::server::service + include cd_nagios::server::service if $ng_include_fw == true { include cd_nagios::firewall::iptables } -# if $ng_use_selinux_tools == true { -# include cd_nagios::selinux::config -# } + if $ng_use_selinux_tools == true { + include cd_nagios::selinux::config + } if $ng_enable_certbot == true { require cd_nagios::certbot::certs @@ -195,7 +195,7 @@ class cd_nagios::main::config ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html index 7a454f9..08762f0 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html @@ -468,7 +468,7 @@ class cd_nagios::main::dirs ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html index bd432bc..a65ded6 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html @@ -235,7 +235,7 @@ class cd_nagios::main::install ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html index ba97395..2a0c1b1 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html @@ -200,7 +200,7 @@ class cd_nagios::main::user ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aparams.html b/doc/puppet_classes/cd_nagios_3A_3Aparams.html index 6e128cd..80f5d10 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aparams.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aparams.html @@ -2169,7 +2169,9 @@ required for certbot and used in the web templates.

    392 393 394 -395 +395 +396 +397 
    # File 'manifests/params.pp', line 216
@@ -2342,6 +2344,8 @@ $ng_unless_get_cert   = 'cd_nagios/certbot/unless_get_cert.erb'
 $ng_unless_renew_erb  = 'cd_nagios/certbot/unless_renew_cert.erb'
 $ng_index_html_file   = '/var/www/html/index.html'
 $ng_index_html_erb    = 'cd_nagios/httpd/index_html.erb'
+$ng_ssl_vhost_file    = '/etc/httpd/conf.d/nagios_ssl.conf'
+$ng_ssl_vhost_erb     = 'cd_nagios/httpd/nagios_ssl_vhost.erb'
 
 # certbot
 $ng_certbot_main_dir  = '/etc/letsencrypt'
@@ -2361,7 +2365,7 @@ $ng_certbot_cert      = "${ng_certbot_archive}/${ng_webserver_name}/cert1.p
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
index c0843da..275144b 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
index 2f6981d..40639cc 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
index d062da9..2afb0f2 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
@@ -230,7 +230,22 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
    
 121
 122
 123
-124
    +124 +125 +126 +127 +128 +129 +130 +131 +132 +133 +134 +135 +136 +137 +138 +139 
    # File 'manifests/server/files.pp', line 23
@@ -300,12 +315,11 @@ class cd_nagios::server::files (
       notify    =>  Service[$ae_service],
     }
 
+    if $ng_use_https == true {
 
-    if $ng_http_https_fw == true {
-
-      file { $ng_forward_conf:
+      file { $ng_ssl_vhost_file:
         ensure    =>  file,
-        path      =>  $ng_forward_conf,
+        path      =>  $ng_ssl_vhost_file,
         owner     =>  'root',
         group     =>  'root',
         mode      =>  '0644',
@@ -313,11 +327,27 @@ class cd_nagios::server::files (
         selrole   =>  object_r,
         seltype   =>  httpd_config_t,
         seluser   =>  system_u,
-        content   =>  template($ng_forward_conf_erb),
+        content   =>  template($ng_ssl_vhost_erb),
         notify    =>  Service[$ae_service],
       }
-    }
 
+      if $ng_http_https_fw == true {
+
+        file { $ng_forward_conf:
+          ensure    =>  file,
+          path      =>  $ng_forward_conf,
+          owner     =>  'root',
+          group     =>  'root',
+          mode      =>  '0644',
+          selrange  =>  s0,
+          selrole   =>  object_r,
+          seltype   =>  httpd_config_t,
+          seluser   =>  system_u,
+          content   =>  template($ng_forward_conf_erb),
+          notify    =>  Service[$ae_service],
+        }
+      }
+    }
 
     if $ng_enable_index == true {
 
@@ -344,7 +374,7 @@ class cd_nagios::server::files (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
index ed9e39c..c19f834 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
@@ -174,7 +174,7 @@ class cd_nagios::server::service (
 
 
       
diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
index eedf5fd..a46c559 100644
--- a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
+++ b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
@@ -220,7 +220,7 @@ $ng_service       = $::cd_nagios::params::ng_service
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 72c7cc5..75810c9 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@