confdroid/confdroid_nagios
3
0
Fork 0
Code Issues Projects Wiki Activity

Merge branch 'jenkins' into 'master'

Browse Source 
Jenkins

See merge request !21
This commit is contained in:
12ww1160
2017-07-21 18:02:52 +02:00
parent 0b3cd6a427 7fff54ce74
commit fae93a9d02
27 changed files with 212 additions and 503 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@@ -8,6 +8,16 @@ Changelog of Git Changelog.
<h2> No issue </h2>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/10741c6eacd385f">10741c6eacd385f</a> Jenkins Server <i>2017-07-21 15:46:57</i>
<p>
<h3>recommit for updates in build 38</h3>
</p>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/09372f68657c04b">09372f68657c04b</a> Arne Teuke <i>2017-07-21 15:46:40</i>
<p>
<h3>removing all final config files on certbot level</h3>
</p>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/919531809c41d5a">919531809c41d5a</a> Jenkins Server <i>2017-07-21 15:24:59</i>
<p>
<h3>recommit for updates in build 37</h3>

2
REPOSTRUCTURE.md
View File

@@ -54,12 +54,12 @@
| `-- params.pp
|-- templates
| |-- certbot
| | |-- create_tempfile.erb
| | |-- get_cert.erb
| | |-- unless_get_cert.erb
| | `-- unless_renew_cert.erb
| |-- httpd
| | |-- forward_conf.erb
| | |-- index_html.erb
| | |-- nagios_conf.erb
| | `-- welcome_conf.erb
| |-- nagios

2
doc/_index.html
View File

@@ -186,7 +186,7 @@
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:52 2017 by
Generated on Fri Jul 21 18:11:52 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/file.README.html
View File

@@ -304,7 +304,7 @@ environments.</p>
</div></div>
<div id="footer">
Generated on Fri Jul 21 17:46:53 2017 by
Generated on Fri Jul 21 18:11:53 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/index.html
View File

@@ -304,7 +304,7 @@ environments.</p>
</div></div>
<div id="footer">
Generated on Fri Jul 21 17:46:52 2017 by
Generated on Fri Jul 21 18:11:52 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios.html
View File

@@ -139,7 +139,7 @@ class cd_nagios {
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:53 2017 by
Generated on Fri Jul 21 18:11:53 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

78
doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html
View File

@@ -169,44 +169,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100</pre>
63</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/certbot/config.pp', line 23</span>
@@ -221,31 +184,6 @@ class cd_nagios::certbot::config (
require cd_certbot
# ensure there is no forward vhost file
exec { &#39;remove_forward_vhost&#39;:
command =&gt; &quot;rm -Rf ${ng_forward_conf}&quot;,
creates =&gt; &#39;/etc/httpd/conf.d/.cert_created&#39;,
}
exec { &#39;remove_nagios_conf&#39;:
command =&gt; &quot;rm -Rf ${ng_nagios_conf}&quot;,
creates =&gt; &#39;/etc/httpd/conf.d/.cert_created&#39;,
require =&gt; Exec[&#39;remove_forward_vhost&#39;],
}
# create temp vhost file
exec { &#39;create_temp_vhost&#39;:
command =&gt; template(&#39;cd_nagios/certbot/create_tempfile.erb&#39;),
cwd =&gt; &#39;/tmp&#39;,
path =&gt; [&#39;/bin&#39;,&#39;/usr/bin&#39;],
provider =&gt; &#39;shell&#39;,
creates =&gt; &#39;/etc/httpd/conf.d/.created&#39;,
notify =&gt; Service[&#39;httpd&#39;],
require =&gt; Exec[&#39;remove_nagios_conf&#39;],
}
# create cert
exec { &#39;create_cert&#39;:
@@ -259,18 +197,6 @@ class cd_nagios::certbot::config (
require =&gt; Exec[&#39;create_temp_vhost&#39;],
}
# remove temp_vhost
exec { &#39;remove_temp_vhost&#39;:
command =&gt; &quot;rm -Rf ${ng_certbot_temp_file}&quot;,
cwd =&gt; &#39;/tmp&#39;,
path =&gt; [&#39;/bin&#39;,&#39;/usr/bin&#39;],
provider =&gt; &#39;shell&#39;,
notify =&gt; Service[&#39;httpd&#39;],
require =&gt; Exec[&#39;create_cert&#39;],
creates =&gt; &quot;/etc/letsencrypt/live/${ng_nagios_server}/cert.pem&quot;,
}
# renew certs
exec { &#39;renew_cert&#39;:
@@ -296,7 +222,7 @@ class cd_nagios::certbot::config (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:55 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
View File

@@ -368,7 +368,7 @@ class cd_nagios::client::target (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:55 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
View File

@@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:55 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
View File

@@ -187,7 +187,7 @@ class cd_nagios::main::config (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:54 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
View File

@@ -468,7 +468,7 @@ class cd_nagios::main::dirs (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:54 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
View File

@@ -235,7 +235,7 @@ class cd_nagios::main::install (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:54 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
View File

@@ -200,7 +200,7 @@ class cd_nagios::main::user (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:54 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

57
doc/puppet_classes/cd_nagios_3A_3Aparams.html
View File

@@ -1860,27 +1860,6 @@ choose &#39;0.0.0.0/0&#39;</p>
</li>
<li>
<span class='name'>ng_disable_welcome</span>
<span class='type'>(<tt>boolean</tt>)</span>
<em class="default">(defaults to: <tt>true</tt>)</em>
&mdash;
<div class='inline'>
<p>Whether the regular welcome screen should
be disabled. this is required for
the nagios http check on the nagios server
to be successful.</p>
</div>
</li>
<li>
<span class='name'>ng_enable_certbot</span>
@@ -1914,7 +1893,7 @@ certificate management</p>
&mdash;
<div class='inline'>
<p>the path for certbot to place
challenges for teh certification process.</p>
challenges for the certification process.</p>
</div>
</li>
@@ -1935,6 +1914,26 @@ challenges for teh certification process.</p>
<p>email address to receive administrative mail.
used for nagios itself as
well as for certbot.</p>
</div>
</li>
<li>
<span class='name'>ng_enable_index</span>
<span class='type'>(<tt>boolean</tt>)</span>
<em class="default">(defaults to: <tt>true</tt>)</em>
&mdash;
<div class='inline'>
<p>Whether to create an index file to allow
httpd checks with nagios on the
nagios server.</p>
</div>
</li>
@@ -1956,6 +1955,7 @@ well as for certbot.</p>
<pre class="lines">
212
213
214
215
@@ -2127,11 +2127,10 @@ well as for certbot.</p>
381
382
383
384
385</pre>
384</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 213</span>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 212</span>
class cd_nagios::params (
@@ -2243,7 +2242,7 @@ $ng_use_selinux_tools = true,
# httpd
$ng_required_hosts = &#39;&#39;,
$ng_required_ips = &#39;127.0.0.0/8&#39;,
$ng_disable_welcome = true,
$ng_enable_index = true,
# certbot
$ng_enable_certbot = true,
@@ -2298,8 +2297,8 @@ $ng_forward_conf_erb = &#39;cd_nagios/httpd/forward_conf.erb&#39;
$ng_get_cert_erb = &#39;cd_nagios/certbot/get_cert.erb&#39;
$ng_unless_get_cert = &#39;cd_nagios/certbot/unless_get_cert.erb&#39;
$ng_unless_renew_erb = &#39;cd_nagios/certbot/unless_renew_cert.erb&#39;
$ng_create_tempvhost = &#39;cd_nagios/certbot/create_tempfile.erb&#39;
$ng_certbot_temp_file = &#39;/etc/httpd/conf.d/certbot_temp.conf&#39;
$ng_index_html_file = &#39;/var/www/html/index.html&#39;
$ng_index_html_erb = &#39;cd_nagios/httpd/index_html.erb&#39;
# includes must be last
@@ -2313,7 +2312,7 @@ $ng_certbot_temp_file = &#39;/etc/httpd/conf.d/certbot_temp.conf&#39;
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:54 2017 by
Generated on Fri Jul 21 18:11:54 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
View File

@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:55 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
View File

@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:55 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

252
doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
View File

@@ -230,64 +230,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181</pre>
124</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/server/files.pp', line 23</span>
@@ -301,107 +244,68 @@ class cd_nagios::server::files (
if $ng_enable_certbot == true {
require cd_nagios::certbot::config
require cd_nagios::main::dirs
# manage nagios.cfg
# manage cgi.cfg
file { $ng_cgi_cfg_file:
ensure =&gt; file,
path =&gt; $ng_cgi_cfg_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; nagios_etc_t,
seluser =&gt; system_u,
content =&gt; template($ng_cgi_cfg_erb),
notify =&gt; Service[$ng_service],
}
# manage nagios.conf for httpd
file { $ng_nagios_conf:
ensure =&gt; file,
path =&gt; $ng_nagios_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_nagios_conf_erb),
notify =&gt; Service[$ae_service],
}
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure =&gt; file,
path =&gt; $ng_forward_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_forward_conf_erb),
notify =&gt; Service[$ae_service],
}
}
# manage welcome.conf for nagios web server
if $ng_disable_welcome == true {
file { $ng_welcome_conf:
ensure =&gt; file,
path =&gt; $ng_welcome_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_welcome_conf_erb),
notify =&gt; Service[$ae_service],
}
}
}
}
else {
require cd_nagios::main::dirs
# manage nagios.cfg
# manage nagios.cfg
# manage cgi.cfg
file { $ng_cgi_cfg_file:
ensure =&gt; file,
path =&gt; $ng_cgi_cfg_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; nagios_etc_t,
seluser =&gt; system_u,
content =&gt; template($ng_cgi_cfg_erb),
notify =&gt; Service[$ng_service],
}
# manage nagios.conf for httpd
file { $ng_nagios_conf:
ensure =&gt; file,
path =&gt; $ng_nagios_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_nagios_conf_erb),
notify =&gt; Service[$ae_service],
}
# manage welcome.conf for nagios web server
file { $ng_welcome_conf:
ensure =&gt; file,
path =&gt; $ng_welcome_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_welcome_conf_erb),
notify =&gt; Service[$ae_service],
}
# manage cgi.cfg
if $ng_http_https_fw == true {
file { $ng_cgi_cfg_file:
file { $ng_forward_conf:
ensure =&gt; file,
path =&gt; $ng_cgi_cfg_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; nagios_etc_t,
seluser =&gt; system_u,
content =&gt; template($ng_cgi_cfg_erb),
notify =&gt; Service[$ng_service],
}
# manage nagios.conf for httpd
file { $ng_nagios_conf:
ensure =&gt; file,
path =&gt; $ng_nagios_conf,
path =&gt; $ng_forward_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
@@ -409,44 +313,26 @@ class cd_nagios::server::files (
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_nagios_conf_erb),
content =&gt; template($ng_forward_conf_erb),
notify =&gt; Service[$ae_service],
}
}
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure =&gt; file,
path =&gt; $ng_forward_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_forward_conf_erb),
notify =&gt; Service[$ae_service],
}
}
if $ng_enable_index == true {
# manage welcome.conf for nagios web server
if $ng_disable_welcome == true {
file { $ng_welcome_conf:
ensure =&gt; file,
path =&gt; $ng_welcome_conf,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_welcome_conf_erb),
notify =&gt; Service[$ae_service],
}
file { $ng_index_html_file:
ensure =&gt; file,
path =&gt; $ng_index_html_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; httpd_config_t,
seluser =&gt; system_u,
content =&gt; template($ng_index_html_erb),
notify =&gt; Service[$ae_service],
}
}
}
@@ -458,7 +344,7 @@ class cd_nagios::server::files (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:55 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
View File

@@ -174,7 +174,7 @@ class cd_nagios::server::service (
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:55 2017 by
Generated on Fri Jul 21 18:11:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
View File

@@ -220,7 +220,7 @@ $ng_service = $::cd_nagios::params::ng_service
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:55 2017 by
Generated on Fri Jul 21 18:11:56 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

2
doc/top-level-namespace.html
View File

@@ -90,7 +90,7 @@
</div>
<div id="footer">
Generated on Fri Jul 21 17:46:53 2017 by
Generated on Fri Jul 21 18:11:53 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>

37
manifests/certbot/config.pp
View File

@@ -30,31 +30,6 @@ class cd_nagios::certbot::config (
require cd_certbot
# ensure there is no forward vhost file
exec { 'remove_forward_vhost':
command => "rm -Rf ${ng_forward_conf}",
creates => '/etc/httpd/conf.d/.cert_created',
}
exec { 'remove_nagios_conf':
command => "rm -Rf ${ng_nagios_conf}",
creates => '/etc/httpd/conf.d/.cert_created',
require => Exec['remove_forward_vhost'],
}
# create temp vhost file
exec { 'create_temp_vhost':
command => template('cd_nagios/certbot/create_tempfile.erb'),
cwd => '/tmp',
path => ['/bin','/usr/bin'],
provider => 'shell',
creates => '/etc/httpd/conf.d/.created',
notify => Service['httpd'],
require => Exec['remove_nagios_conf'],
}
# create cert
exec { 'create_cert':
@@ -68,18 +43,6 @@ class cd_nagios::certbot::config (
require => Exec['create_temp_vhost'],
}
# remove temp_vhost
exec { 'remove_temp_vhost':
command => "rm -Rf ${ng_certbot_temp_file}",
cwd => '/tmp',
path => ['/bin','/usr/bin'],
provider => 'shell',
notify => Service['httpd'],
require => Exec['create_cert'],
creates => "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem",
}
# renew certs
exec { 'renew_cert':

13
manifests/params.pp
View File

@@ -200,15 +200,14 @@
# @param [string] ng_required_ips string of **__Ip addresses __** for hosts which
# should be allowed/reqired. Requires format 'ipaddress ip address range'.
# If you want no restriction, choose '0.0.0.0/0'
# @param [boolean] ng_disable_welcome Whether the regular welcome screen should
# be disabled. this is required for the nagios http check on the nagios server
# to be successful.
# @param [boolean] ng_enable_certbot Whether to use certbot for automated TLS
# certificate management
# @param [string] ng_certbot_cert_path the path for certbot to place
# challenges for teh certification process.
# challenges for the certification process.
# @param [string] ng_mail_user email address to receive administrative mail.
# used for nagios itself as well as for certbot.
# @param [boolean] ng_enable_index Whether to create an index file to allow
# httpd checks with nagios on the nagios server.
###############################################################################
class cd_nagios::params (
@@ -320,7 +319,7 @@ $ng_use_selinux_tools = true,
# httpd
$ng_required_hosts = '',
$ng_required_ips = '127.0.0.0/8',
$ng_disable_welcome = true,
$ng_enable_index = true,
# certbot
$ng_enable_certbot = true,
@@ -375,8 +374,8 @@ $ng_forward_conf_erb = 'cd_nagios/httpd/forward_conf.erb'
$ng_get_cert_erb = 'cd_nagios/certbot/get_cert.erb'
$ng_unless_get_cert = 'cd_nagios/certbot/unless_get_cert.erb'
$ng_unless_renew_erb = 'cd_nagios/certbot/unless_renew_cert.erb'
$ng_create_tempvhost = 'cd_nagios/certbot/create_tempfile.erb'
$ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf'
$ng_index_html_file = '/var/www/html/index.html'
$ng_index_html_erb = 'cd_nagios/httpd/index_html.erb'
# includes must be last

191
manifests/server/files.pp
View File

@@ -29,107 +29,68 @@ class cd_nagios::server::files (
if $ng_enable_certbot == true {
require cd_nagios::certbot::config
require cd_nagios::main::dirs
# manage nagios.cfg
# manage cgi.cfg
file { $ng_cgi_cfg_file:
ensure => file,
path => $ng_cgi_cfg_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
content => template($ng_cgi_cfg_erb),
notify => Service[$ng_service],
}
# manage nagios.conf for httpd
file { $ng_nagios_conf:
ensure => file,
path => $ng_nagios_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_nagios_conf_erb),
notify => Service[$ae_service],
}
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure => file,
path => $ng_forward_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_forward_conf_erb),
notify => Service[$ae_service],
}
}
# manage welcome.conf for nagios web server
if $ng_disable_welcome == true {
file { $ng_welcome_conf:
ensure => file,
path => $ng_welcome_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_welcome_conf_erb),
notify => Service[$ae_service],
}
}
}
}
else {
require cd_nagios::main::dirs
# manage nagios.cfg
# manage nagios.cfg
# manage cgi.cfg
file { $ng_cgi_cfg_file:
ensure => file,
path => $ng_cgi_cfg_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
content => template($ng_cgi_cfg_erb),
notify => Service[$ng_service],
}
# manage nagios.conf for httpd
file { $ng_nagios_conf:
ensure => file,
path => $ng_nagios_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_nagios_conf_erb),
notify => Service[$ae_service],
}
# manage welcome.conf for nagios web server
file { $ng_welcome_conf:
ensure => file,
path => $ng_welcome_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_welcome_conf_erb),
notify => Service[$ae_service],
}
# manage cgi.cfg
if $ng_http_https_fw == true {
file { $ng_cgi_cfg_file:
file { $ng_forward_conf:
ensure => file,
path => $ng_cgi_cfg_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
content => template($ng_cgi_cfg_erb),
notify => Service[$ng_service],
}
# manage nagios.conf for httpd
file { $ng_nagios_conf:
ensure => file,
path => $ng_nagios_conf,
path => $ng_forward_conf,
owner => 'root',
group => 'root',
mode => '0644',
@@ -137,44 +98,26 @@ class cd_nagios::server::files (
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_nagios_conf_erb),
content => template($ng_forward_conf_erb),
notify => Service[$ae_service],
}
}
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure => file,
path => $ng_forward_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_forward_conf_erb),
notify => Service[$ae_service],
}
}
if $ng_enable_index == true {
# manage welcome.conf for nagios web server
if $ng_disable_welcome == true {
file { $ng_welcome_conf:
ensure => file,
path => $ng_welcome_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_welcome_conf_erb),
notify => Service[$ae_service],
}
file { $ng_index_html_file:
ensure => file,
path => $ng_index_html_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_index_html_erb),
notify => Service[$ae_service],
}
}
}

11
templates/certbot/create_tempfile.erb
View File

@@ -1,11 +0,0 @@
echo "# temporary vhost file
<VirtualHost *:80>
ServerAdmin root@localhost
DocumentRoot /var/www/html
ServerName <%= @ng_nagios_server %>
<Directory />
AllowOverride All
</Directory>
</VirtualHost>
" > <%= @ng_certbot_temp_file %>
touch /etc/httpd/conf.d/.created

0
templates/httpd/index_html.erb Normal file
View File

33
templates/httpd/welcome_conf.erb
View File

@@ -3,25 +3,18 @@
########### manual changes will be overwritten !!! ##########
################################################################################
#
# This configuration file enables the default "Welcome" page if there
# is no default index page present for the root URL. To disable the
# Welcome page, comment out all the lines below.
#
# NOTE: if this file is removed, it will be restored on upgrades.
#
#<LocationMatch "^/+$">
# Options -Indexes
# ErrorDocument 403 /.noindex.html
#</LocationMatch>
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /.noindex.html
</LocationMatch>
#<Directory /usr/share/httpd/noindex>
# AllowOverride None
# Require all granted
#</Directory>
<Directory /usr/share/httpd/noindex>
AllowOverride None
Require all granted
</Directory>
#Alias /.noindex.html /usr/share/httpd/noindex/index.html
#Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
#Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
#Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
#Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
Alias /.noindex.html /usr/share/httpd/noindex/index.html
Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png

1
tests/UTF_Files
View File

@@ -4,3 +4,4 @@
./.yardoc/objects/root.dat: data
./doc/css/style.css: HTML document, UTF-8 Unicode text, with very long lines
./doc/js/jquery.js: HTML document, UTF-8 Unicode text, with very long lines
./templates/httpd/index_html.erb: empty