confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Recommit for updates in build 41

Browse Source
This commit is contained in:
Jenkins Server
2026-03-15 14:51:10 +01:00
parent 31a122baec
commit 62208f1f4f
5 changed files with 160 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
doc/file.README.html
View File

@@ -78,6 +78,8 @@
</li><li>
<p><a href="#managing-check-commands">Managing Check Commands</a></p>
</li><li>
<p><a href="#managing-tls-serts">managing TLS serts</a></p>
</li><li>
<p><a href="#selinux">SELINUX</a></p>
</li><li>
<p><a href="#known-problems">Known Problems</a></p>
@@ -101,7 +103,9 @@
<h2 id="label-WARNING">WARNING</h2>
<p><strong><em>Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and what would have been configured, hence previous configurations outside the scope of this module may be overwritten! Automated configurations require a test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production</em></strong></p>
<blockquote>
<p><strong>Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and what would have been configured, hence previous configurations outside the scope of this module may be overwritten! Automated configurations require a test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production</strong></p>
</blockquote>
<h2 id="label-Features">Features</h2>
<ul><li>
@@ -187,6 +191,8 @@
<p>It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.</p>
<h2 id="label-managing+TLS+serts">managing TLS serts</h2>
<h2 id="label-SELINUX">SELINUX</h2>
<p>All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.</p>

8
doc/index.html
View File

@@ -78,6 +78,8 @@
</li><li>
<p><a href="#managing-check-commands">Managing Check Commands</a></p>
</li><li>
<p><a href="#managing-tls-serts">managing TLS serts</a></p>
</li><li>
<p><a href="#selinux">SELINUX</a></p>
</li><li>
<p><a href="#known-problems">Known Problems</a></p>
@@ -101,7 +103,9 @@
<h2 id="label-WARNING">WARNING</h2>
<p><strong><em>Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and what would have been configured, hence previous configurations outside the scope of this module may be overwritten! Automated configurations require a test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production</em></strong></p>
<blockquote>
<p><strong>Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and what would have been configured, hence previous configurations outside the scope of this module may be overwritten! Automated configurations require a test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production</strong></p>
</blockquote>
<h2 id="label-Features">Features</h2>
<ul><li>
@@ -187,6 +191,8 @@
<p>It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.</p>
<h2 id="label-managing+TLS+serts">managing TLS serts</h2>
<h2 id="label-SELINUX">SELINUX</h2>
<p>All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.</p>

58
doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html
View File

@@ -168,7 +168,35 @@
70
71
72
73</pre>
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -239,6 +267,34 @@ class confdroid_nrpe::main::files (
content =&gt; template($ne_nrpe_te_erb),
notify =&gt; Exec[&#39;create_nrpe_pp&#39;],
}
# file for ssl certificate
if $ne_enable_ssl == true {
file { $ne_ssl_cert_file:
ensure =&gt; file,
path =&gt; $ne_ssl_cert_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; cert_t,
seluser =&gt; system_u,
content =&gt; template($ne_ssl_cert_erb),
}
file { $ne_ssl_privatekey_file:
ensure =&gt; file,
path =&gt; $ne_ssl_privatekey_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0600&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; cert_t,
seluser =&gt; system_u,
content =&gt; template($ne_ssl_privatekey_erb),
}
}
}
}</pre>
</td>

134
doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
View File

@@ -741,6 +741,42 @@ inherited by all classes except defines.
&mdash;
<div class='inline'>
<p>Whether to manage command rules for NRPE checks, to allow dynamic check &amp; command rules.</p>
</div>
</li>
<li>
<span class='name'>ne_ssl_cert_pem</span>
<span class='type'>(<tt>Optional[String]</tt>)</span>
<em class="default">(defaults to: <tt>undef</tt>)</em>
&mdash;
<div class='inline'>
<p>Optional parameter to specify the content of the nagios server ssl certificate. This is used for the nagios server certificate and has to be provided via Hiera or ENC. Must be specified if SSL is enabled.</p>
</div>
</li>
<li>
<span class='name'>ne_ssl_privatekey_pem</span>
<span class='type'>(<tt>Optional[String]</tt>)</span>
<em class="default">(defaults to: <tt>undef</tt>)</em>
&mdash;
<div class='inline'>
<p>Optional parameter to specify the content of the nagios server ssl private key. This is used for the nagios server private key and has to be provided via Hiera or ENC. Must be specified if SSL is enabled.</p>
</div>
</li>
@@ -763,14 +799,6 @@ inherited by all classes except defines.
<pre class="lines">
78
79
80
81
82
83
84
85
86
87
88
@@ -850,59 +878,73 @@ inherited by all classes except defines.
162
163
164
165</pre>
165
166
167
168
169
170
171
172
173
174
175
176
177</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 78</span>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 86</span>
class confdroid_nrpe::params (
String $pkg_ensure = &#39;present&#39;,
Array $reqpackages = [&#39;nrpe&#39;,&#39;nrpe-selinux&#39;,&#39;selinux-policy-devel&#39;],
String $pkg_ensure = &#39;present&#39;,
Array $reqpackages = [&#39;nrpe&#39;,&#39;nrpe-selinux&#39;,&#39;selinux-policy-devel&#39;],
Boolean $ne_manage_cmds = true,
Boolean $ne_manage_cmds = true,
# NRPE user settings
String $ne_user = &#39;nrpe&#39;,
String $ne_user_comment = &#39;NRPE service user&#39;,
String $ne_user_uid = &#39;1005&#39;,
String $ne_user_home = &#39;/var/run/nrpe&#39;,
Optional[String] $ne_user_groups = undef,
String $ne_user_shell = &#39;/sbin/nologin&#39;,
String $ne_user = &#39;nrpe&#39;,
String $ne_user_comment = &#39;NRPE service user&#39;,
String $ne_user_uid = &#39;1005&#39;,
String $ne_user_home = &#39;/var/run/nrpe&#39;,
Optional[String] $ne_user_groups = undef,
String $ne_user_shell = &#39;/sbin/nologin&#39;,
# nrpe.cfg
String $ne_log_facility = &#39;daemon&#39;,
String $ne_log_file = &#39;&#39;,
String $ne_debug = &#39;0&#39;,
String $ne_nrpe_port = &#39;5666&#39;,
String $ne_server_address = &#39;0.0.0.0&#39;,
String $ne_listen_queue_size = &#39;5&#39;,
String $ne_dont_blame_nrpe = &#39;1&#39;,
String $ne_allow_bash_cmd_subst = &#39;1&#39;,
Boolean $ne_allow_sudo = true,
String $ne_command_prefix = &#39;/usr/bin/sudo&#39;,
String $ne_command_timeout = &#39;60&#39;,
String $ne_connection_timeout = &#39;300&#39;,
String $ne_allow_weak_rnd_seed = &#39;1&#39;,
Boolean $ne_enable_ssl = false,
String $ne_ssl_version = &#39;TLSv2+&#39;,
String $ne_ssl_use_adh = &#39;1&#39;,
String $ne_ssl_cipher_list = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;,
String $ne_ssl_cacert_file = &#39;/etc/pki/tls/certs/ca-chain.crt.pem&#39;,
String $ne_ssl_client_certs = &#39;2&#39;,
String $ne_ssl_logging = &#39;0x00&#39;,
Array $ne_nasty_metachars = [&quot;|`&amp;&gt;&lt;&#39;\\[]{};\r\n&quot;],
String $ne_include_file = &#39;&#39;,
String $ne_log_facility = &#39;daemon&#39;,
String $ne_log_file = &#39;&#39;,
String $ne_debug = &#39;0&#39;,
String $ne_nrpe_port = &#39;5666&#39;,
String $ne_server_address = &#39;0.0.0.0&#39;,
String $ne_listen_queue_size = &#39;5&#39;,
String $ne_dont_blame_nrpe = &#39;1&#39;,
String $ne_allow_bash_cmd_subst = &#39;1&#39;,
Boolean $ne_allow_sudo = true,
String $ne_command_prefix = &#39;/usr/bin/sudo&#39;,
String $ne_command_timeout = &#39;60&#39;,
String $ne_connection_timeout = &#39;300&#39;,
String $ne_allow_weak_rnd_seed = &#39;1&#39;,
Boolean $ne_enable_ssl = false,
String $ne_ssl_version = &#39;TLSv2+&#39;,
String $ne_ssl_use_adh = &#39;1&#39;,
String $ne_ssl_cipher_list = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;,
String $ne_ssl_cacert_file = &#39;/etc/pki/tls/certs/ca-chain.crt.pem&#39;,
String $ne_ssl_client_certs = &#39;2&#39;,
String $ne_ssl_logging = &#39;0x00&#39;,
Array $ne_nasty_metachars = [&quot;|`&amp;&gt;&lt;&#39;\\[]{};\r\n&quot;],
String $ne_include_file = &#39;&#39;,
Optional[String] $ne_ssl_cert_pem = undef,
Optional[String] $ne_ssl_privatekey_pem = undef,
# nrpe.conf
String $ne_ssl_opts = &#39;&#39;,
String $ne_ssl_opts = &#39;&#39;,
# firewall
Boolean $ne_incl_fw = true,
String $ne_fw_order_no = &#39;50&#39;,
Boolean $ne_incl_fw = true,
String $ne_fw_order_no = &#39;50&#39;,
# selinux
Boolean $ne_include_selinux = true,
Boolean $ne_include_selinux = true,
) {
# Default facts
@@ -938,7 +980,9 @@ class confdroid_nrpe::params (
$ne_nrpe_pp_file = &quot;${ne_main_conf_d_dir}/nrpe.pp&quot;
$ne_semodule_erb = &#39;confdroid_nrpe/semodule_nrpe.erb&#39;
$ne_ssl_cert_file = &quot;/etc/pki/tls/certs/${fqdn}.crt.pem&quot;
$ne_ssl_cert_erb = &#39;confdroid_nrpe/ssl_cert.erb&#39;
$ne_ssl_privatekey_file = &quot;/etc/pki/tls/private/${fqdn}.key.pem&quot;
$ne_ssl_privatekey_erb = &#39;confdroid_nrpe/ssl_privatekey.erb&#39;
# includes must be last
include confdroid_nrpe::main::config