Compare commits
4 Commits
7c647658f0
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
abe628d214 | ||
|
|
5de81ac91c | ||
| f7087950c3 | |||
|
|
337f2bc30a |
@@ -50,7 +50,6 @@ At this stage, the module is being redeveloped and being built to the latest sta
|
||||
- configures the main nagios configuration file and sets values as (pre)configured per values in params, which can be overwritten.
|
||||
- if `ng_include_nrpe`is set to `true`, the confdroid_nrpe module is automatically applied on clients ([confdroid_nrpe](https://sourcecode.confdroid.com/confdroid/confdroid_nrpe) must be in the catalogue then)
|
||||
- if `ng_enable_fail2ban`is set to `true`, a fail2ban jail and filter will be added for the Nagios service (requires confdroid_fail2ban).
|
||||
- manage remoteIP logging if running behind a Loadbalancer like HAproxy: if `ng_use_lb` is set to `true`, a configuration file `etc/httpd/conf.d/loadbalancer-remoteip.conf`is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set `ng_trusted_proxy`to the proper IP or range for the loadbalancer!
|
||||
|
||||
## Repo Documentation
|
||||
|
||||
|
||||
@@ -143,8 +143,6 @@
|
||||
<p>if <code>ng_include_nrpe</code>is set to <code>true</code>, the confdroid_nrpe module is automatically applied on clients (<a href="https://sourcecode.confdroid.com/confdroid/confdroid_nrpe">confdroid_nrpe</a> must be in the catalogue then)</p>
|
||||
</li><li>
|
||||
<p>if <code>ng_enable_fail2ban</code>is set to <code>true</code>, a fail2ban jail and filter will be added for the Nagios service (requires confdroid_fail2ban).</p>
|
||||
</li><li>
|
||||
<p>manage remoteIP logging if running behind a Loadbalancer like HAproxy: if <code>ng_use_lb</code> is set to <code>true</code>, a configuration file <code>etc/httpd/conf.d/loadbalancer-remoteip.conf</code>is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set <code>ng_trusted_proxy</code>to the proper IP or range for the loadbalancer!</p>
|
||||
</li></ul>
|
||||
|
||||
<h2 id="label-Repo+Documentation">Repo Documentation</h2>
|
||||
|
||||
@@ -143,8 +143,6 @@
|
||||
<p>if <code>ng_include_nrpe</code>is set to <code>true</code>, the confdroid_nrpe module is automatically applied on clients (<a href="https://sourcecode.confdroid.com/confdroid/confdroid_nrpe">confdroid_nrpe</a> must be in the catalogue then)</p>
|
||||
</li><li>
|
||||
<p>if <code>ng_enable_fail2ban</code>is set to <code>true</code>, a fail2ban jail and filter will be added for the Nagios service (requires confdroid_fail2ban).</p>
|
||||
</li><li>
|
||||
<p>manage remoteIP logging if running behind a Loadbalancer like HAproxy: if <code>ng_use_lb</code> is set to <code>true</code>, a configuration file <code>etc/httpd/conf.d/loadbalancer-remoteip.conf</code>is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set <code>ng_trusted_proxy</code>to the proper IP or range for the loadbalancer!</p>
|
||||
</li></ul>
|
||||
|
||||
<h2 id="label-Repo+Documentation">Repo Documentation</h2>
|
||||
|
||||
@@ -4075,42 +4075,6 @@ inherited by all classes except defines.
|
||||
|
||||
</li>
|
||||
|
||||
<li>
|
||||
|
||||
<span class='name'>ng_use_lb</span>
|
||||
|
||||
|
||||
<span class='type'>(<tt>Boolean</tt>)</span>
|
||||
|
||||
|
||||
<em class="default">(defaults to: <tt>false</tt>)</em>
|
||||
|
||||
|
||||
—
|
||||
<div class='inline'>
|
||||
<p>Whether to use load balancing for the Nagios server. Default is false.</p>
|
||||
</div>
|
||||
|
||||
</li>
|
||||
|
||||
<li>
|
||||
|
||||
<span class='name'>ng_trusted_proxy</span>
|
||||
|
||||
|
||||
<span class='type'>(<tt>String</tt>)</span>
|
||||
|
||||
|
||||
<em class="default">(defaults to: <tt>'10.0.0.10'</tt>)</em>
|
||||
|
||||
|
||||
—
|
||||
<div class='inline'>
|
||||
<p>The IP address of the trusted proxy to access the Nagios server. Default is ‘10.0.0.10’.</p>
|
||||
</div>
|
||||
|
||||
</li>
|
||||
|
||||
<li>
|
||||
|
||||
<span class='name'>ng_use_ssl_auth</span>
|
||||
@@ -4135,6 +4099,10 @@ inherited by all classes except defines.
|
||||
<pre class="lines">
|
||||
|
||||
|
||||
445
|
||||
446
|
||||
447
|
||||
448
|
||||
449
|
||||
450
|
||||
451
|
||||
@@ -4475,17 +4443,10 @@ inherited by all classes except defines.
|
||||
786
|
||||
787
|
||||
788
|
||||
789
|
||||
790
|
||||
791
|
||||
792
|
||||
793
|
||||
794
|
||||
795
|
||||
796</pre>
|
||||
789</pre>
|
||||
</td>
|
||||
<td>
|
||||
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 449</span>
|
||||
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 445</span>
|
||||
|
||||
class confdroid_nagios::params (
|
||||
|
||||
@@ -4503,8 +4464,6 @@ class confdroid_nagios::params (
|
||||
String $ng_user = 'nagios',
|
||||
Boolean $ng_enable_target = true,
|
||||
Boolean $ng_purge_target = true,
|
||||
Boolean $ng_use_lb = false,
|
||||
String $ng_trusted_proxy = '10.0.0.10',
|
||||
|
||||
# contact groups
|
||||
String $ng_contactgroup_name = 'admins',
|
||||
@@ -4775,7 +4734,6 @@ class confdroid_nagios::params (
|
||||
$ng_nagios_cfg_erb = 'confdroid_nagios/nagios/nagios_cfg.erb'
|
||||
$ng_cgi_cfg_file = "${ng_main_dir}/cgi.cfg"
|
||||
$ng_cgi_cfg_erb = 'confdroid_nagios/nagios/cgi_cfg.erb'
|
||||
$ng_remoteip_file = '/etc/httpd/conf.d/loadbalancer-remoteip.conf'
|
||||
|
||||
# nagios
|
||||
$ng_target_templates = "${ng_conf_d_dir}/nagios_templates.cfg"
|
||||
|
||||
@@ -143,22 +143,7 @@
|
||||
45
|
||||
46
|
||||
47
|
||||
48
|
||||
49
|
||||
50
|
||||
51
|
||||
52
|
||||
53
|
||||
54
|
||||
55
|
||||
56
|
||||
57
|
||||
58
|
||||
59
|
||||
60
|
||||
61
|
||||
62
|
||||
63</pre>
|
||||
48</pre>
|
||||
</td>
|
||||
<td>
|
||||
<pre class="code"><span class="info file"># File 'manifests/server/files.pp', line 6</span>
|
||||
@@ -204,21 +189,6 @@ class confdroid_nagios::server::files (
|
||||
seltype => nagios_var_run_t,
|
||||
seluser => system_u,
|
||||
}
|
||||
|
||||
if $ng_use_lb == true {
|
||||
file { $ng_remoteip_file:
|
||||
ensure => file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
selrange => s0,
|
||||
selrole => object_r,
|
||||
seltype => httpd_conf_t,
|
||||
seluser => system_u,
|
||||
content => template('confdroid_nagios/loadbalancer/remoteip.conf.erb'),
|
||||
notify => Service['httpd'],
|
||||
}
|
||||
}
|
||||
}
|
||||
}</pre>
|
||||
</td>
|
||||
|
||||
@@ -441,10 +441,6 @@
|
||||
# in fail2ban. Default is '3600'.
|
||||
# @param [String] ng_fail2ban_ignoreip A comma-separated list of IP addresses
|
||||
# to ignore in fail2ban. Default is '127.0.0.1/8 ::1 192.168.1.0/24'.
|
||||
# @param [Boolean] ng_use_lb Whether to use load balancing for the Nagios server.
|
||||
# Default is false.
|
||||
# @param [String] ng_trusted_proxy The IP address of the trusted proxy to access
|
||||
# the Nagios server. Default is '10.0.0.10'.
|
||||
###############################################################################
|
||||
class confdroid_nagios::params (
|
||||
|
||||
@@ -462,8 +458,6 @@ class confdroid_nagios::params (
|
||||
String $ng_user = 'nagios',
|
||||
Boolean $ng_enable_target = true,
|
||||
Boolean $ng_purge_target = true,
|
||||
Boolean $ng_use_lb = false,
|
||||
String $ng_trusted_proxy = '10.0.0.10',
|
||||
|
||||
# contact groups
|
||||
String $ng_contactgroup_name = 'admins',
|
||||
@@ -734,7 +728,6 @@ class confdroid_nagios::params (
|
||||
$ng_nagios_cfg_erb = 'confdroid_nagios/nagios/nagios_cfg.erb'
|
||||
$ng_cgi_cfg_file = "${ng_main_dir}/cgi.cfg"
|
||||
$ng_cgi_cfg_erb = 'confdroid_nagios/nagios/cgi_cfg.erb'
|
||||
$ng_remoteip_file = '/etc/httpd/conf.d/loadbalancer-remoteip.conf'
|
||||
|
||||
# nagios
|
||||
$ng_target_templates = "${ng_conf_d_dir}/nagios_templates.cfg"
|
||||
|
||||
@@ -44,20 +44,5 @@ class confdroid_nagios::server::files (
|
||||
seltype => nagios_var_run_t,
|
||||
seluser => system_u,
|
||||
}
|
||||
|
||||
if $ng_use_lb == true {
|
||||
file { $ng_remoteip_file:
|
||||
ensure => file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
selrange => s0,
|
||||
selrole => object_r,
|
||||
seltype => httpd_conf_t,
|
||||
seluser => system_u,
|
||||
content => template('confdroid_nagios/loadbalancer/remoteip.conf.erb'),
|
||||
notify => Service['httpd'],
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
###############################################################################
|
||||
########## parameterized remoteip config created by Puppet ##########
|
||||
########## manual changes will be overwritten !!! ##########
|
||||
###############################################################################
|
||||
|
||||
RemoteIPHeader X-Forwarded-For
|
||||
RemoteIPTrustedProxy <%= @ng_trusted_proxy %>
|
||||
RemoteIPInternalProxy <%= @ng_trusted_proxy %>
|
||||
|
||||
# mod_remoteip rewrites client address for %a; use it in common/combined logs.
|
||||
LogFormat "%a %l %u %t \"%r\" %>s %b" common
|
||||
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
|
||||
Reference in New Issue
Block a user