confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Recommit for updates in build 43

Browse Source
This commit is contained in:
Jenkins Server
2026-03-15 15:15:13 +01:00
parent 422acc22ca
commit 34c682d3b4
4 changed files with 63 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
doc/file.README.html
View File

@@ -193,14 +193,22 @@
<h2 id="label-managing+TLS+certificates">managing TLS certificates</h2> <h2 id="label-managing+TLS+certificates">managing TLS certificates</h2>
<p>When <code>ne_enable_ssl</code> is enabled (default), the certificates for the ca (root if standalone or intermediate), the nagios server and the key for the nagios server have to be provided through the following values:</p>
<ul><li>
<p><code>ne_ssl_ca_cert_pem</code></p>
</li><li>
<p><code>ne_ssl_cert_pem</code></p>
</li><li>
<p><code>ne_ssl_privatekey_pem</code></p>
</li></ul>
<p>via Hiera (if you use it) or ENC.</p>
<h2 id="label-SELINUX">SELINUX</h2> <h2 id="label-SELINUX">SELINUX</h2>
<p>All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.</p> <p>All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.</p>
<h2 id="label-Known+Problems">Known Problems</h2> <h2 id="label-Known+Problems">Known Problems</h2>
<ul><li>
<p>SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs. However, at the time of writing this module, this seems to be buggy, as I was unable to start the NRPE service as soon as the <code>ssl_cert_file</code> line was uncommented in the configuration file, despite having valid certs in the right position on the node. This happened when installing manually, not through this Puppet module. For that reason I included the <code>$ne_enable_ssl</code> boolean parameter, which is set to <code>false</code> by default, hence disabling SSL/TLS options until this has been fixed upstream, or a valid workaround has been found. Setting this option to <code>true</code> will include all SSL / TLS settings.</p>
</li></ul>
<h2 id="label-Troubleshooting">Troubleshooting</h2> <h2 id="label-Troubleshooting">Troubleshooting</h2>
<ul><li> <ul><li>

14
doc/index.html
View File

@@ -193,14 +193,22 @@
<h2 id="label-managing+TLS+certificates">managing TLS certificates</h2> <h2 id="label-managing+TLS+certificates">managing TLS certificates</h2>
<p>When <code>ne_enable_ssl</code> is enabled (default), the certificates for the ca (root if standalone or intermediate), the nagios server and the key for the nagios server have to be provided through the following values:</p>
<ul><li>
<p><code>ne_ssl_ca_cert_pem</code></p>
</li><li>
<p><code>ne_ssl_cert_pem</code></p>
</li><li>
<p><code>ne_ssl_privatekey_pem</code></p>
</li></ul>
<p>via Hiera (if you use it) or ENC.</p>
<h2 id="label-SELINUX">SELINUX</h2> <h2 id="label-SELINUX">SELINUX</h2>
<p>All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.</p> <p>All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.</p>
<h2 id="label-Known+Problems">Known Problems</h2> <h2 id="label-Known+Problems">Known Problems</h2>
<ul><li>
<p>SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs. However, at the time of writing this module, this seems to be buggy, as I was unable to start the NRPE service as soon as the <code>ssl_cert_file</code> line was uncommented in the configuration file, despite having valid certs in the right position on the node. This happened when installing manually, not through this Puppet module. For that reason I included the <code>$ne_enable_ssl</code> boolean parameter, which is set to <code>false</code> by default, hence disabling SSL/TLS options until this has been fixed upstream, or a valid workaround has been found. Setting this option to <code>true</code> will include all SSL / TLS settings.</p>
</li></ul>
<h2 id="label-Troubleshooting">Troubleshooting</h2> <h2 id="label-Troubleshooting">Troubleshooting</h2>
<ul><li> <ul><li>

80
doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html
View File

@@ -207,8 +207,7 @@
109 109
110 110
111 111
112 112</pre>
113</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span> <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -251,7 +250,6 @@ class confdroid_nrpe::main::files (
} }
if $ne_allow_sudo == true { if $ne_allow_sudo == true {
file { $ne_sudo_file: file { $ne_sudo_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_sudo_file, path =&gt; $ne_sudo_file,
@@ -279,45 +277,45 @@ class confdroid_nrpe::main::files (
content =&gt; template($ne_nrpe_te_erb), content =&gt; template($ne_nrpe_te_erb),
notify =&gt; Exec[&#39;create_nrpe_pp&#39;], notify =&gt; Exec[&#39;create_nrpe_pp&#39;],
} }
}
# file for ssl certificate # file for ssl certificate
if $ne_enable_ssl == true { if $ne_enable_ssl == true {
file { $ne_ssl_cert_file: file { $ne_ssl_cert_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_ssl_cert_file, path =&gt; $ne_ssl_cert_file,
owner =&gt; &#39;root&#39;, owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;, group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;, mode =&gt; &#39;0644&#39;,
selrange =&gt; s0, selrange =&gt; s0,
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; cert_t, seltype =&gt; cert_t,
seluser =&gt; system_u, seluser =&gt; system_u,
content =&gt; template($ne_ssl_cert_erb), content =&gt; template($ne_ssl_cert_erb),
} }
file { $ne_ssl_privatekey_file: file { $ne_ssl_privatekey_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_ssl_privatekey_file, path =&gt; $ne_ssl_privatekey_file,
owner =&gt; &#39;root&#39;, owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;, group =&gt; &#39;root&#39;,
mode =&gt; &#39;0600&#39;, mode =&gt; &#39;0600&#39;,
selrange =&gt; s0, selrange =&gt; s0,
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; cert_t, seltype =&gt; cert_t,
seluser =&gt; system_u, seluser =&gt; system_u,
content =&gt; template($ne_ssl_privatekey_erb), content =&gt; template($ne_ssl_privatekey_erb),
} }
file { $ne_ssl_ca_cert_file: file { $ne_ssl_ca_cert_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_ssl_ca_cert_file, path =&gt; $ne_ssl_ca_cert_file,
owner =&gt; &#39;root&#39;, owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;, group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;, mode =&gt; &#39;0644&#39;,
selrange =&gt; s0, selrange =&gt; s0,
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; cert_t, seltype =&gt; cert_t,
seluser =&gt; system_u, seluser =&gt; system_u,
content =&gt; template($ne_ssl_ca_cert_erb), content =&gt; template($ne_ssl_ca_cert_erb),
}
} }
} }
}</pre> }</pre>

4
doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
View File

@@ -699,7 +699,7 @@ inherited by all classes except defines.
<span class='type'>(<tt>Boolean</tt>)</span> <span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em> <em class="default">(defaults to: <tt>true</tt>)</em>
&mdash; &mdash;
@@ -945,7 +945,7 @@ class confdroid_nrpe::params (
String $ne_command_timeout = &#39;60&#39;, String $ne_command_timeout = &#39;60&#39;,
String $ne_connection_timeout = &#39;300&#39;, String $ne_connection_timeout = &#39;300&#39;,
String $ne_allow_weak_rnd_seed = &#39;1&#39;, String $ne_allow_weak_rnd_seed = &#39;1&#39;,
Boolean $ne_enable_ssl = false, Boolean $ne_enable_ssl = true,
String $ne_ssl_version = &#39;TLSv2+&#39;, String $ne_ssl_version = &#39;TLSv2+&#39;,
String $ne_ssl_use_adh = &#39;1&#39;, String $ne_ssl_use_adh = &#39;1&#39;,
String $ne_ssl_cipher_list = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;, String $ne_ssl_cipher_list = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;,