From 106e7b4e14b22f849831130fff823e09f3b0fabe Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 30 Jul 2017 13:25:04 +0100 Subject: [PATCH] edited README --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2aee7a7..e5e899b 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,8 @@ There are currently no mandatory parameters, i.e. the module will function right * `$ne_manage_cmds` : Whether to manage check command definitions dynamically through a define, i.e. from other Puppet modules or profiles. Defaults to `true`. * `$ne_incl_fw` : Whether to manage relevant firewall rules through this modules. Defaults to `true`. * `$ne_include_selinux` : Whether to manage selinux exception rules. Defaults to `true`. +* `$ne_enable_ssl` : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details. + ### Managing Check Commands In order to connect a Nagios monitoring server to clients through NRPE, you must define commands and the desired argument strings on the clients. The default NRPE installation comes with a few examples of such commands, which are also included in this module. However, every environment is very different in their requirements and Nagios via Puppet is all about the ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible. @@ -99,13 +101,14 @@ Defining commands is as simple as that: `ne_cmd_argstring` => '-w $ARG1$ -c $ARG2$', } ``` -It is very recommendable to define such commands within Puppet modules controlling services, so any node running the particular service will automatically get the required check commands defined as well. +It is very recommendable to define such commands within Puppet modules controlling services, so any node running the particular service will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. ### SELINUX All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored. ### Known Problems +* SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs. However, at the time of writing this module, this seems to be buggy, as I was unable to start the NRPE service as soon as the `ssl_cert_file` line was uncommented in teh configuration file, despite having valid certs in the right position on the node. This happened when installing manually, not through this Puppet module. For that reason I included the `$ne_enable_ssl` boolean parameter, which is set to `false` by default, hence disabling SSL/TLS options until this has been fixed upstream, or a valid workaround has been found. Setting this option to `true` will include all SSL / TLS settings. ### Support * OS: CentOS 6, 7