confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

OP#501 adding variables and place holders for certs

Browse Source
This commit is contained in:
Arne Teuke
2026-03-15 15:13:55 +01:00
parent f0edc10d45
commit 7c12f7e0a3
3 changed files with 47 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -102,14 +102,20 @@ It is very recommendable to define such commands directly within Puppet modules
## managing TLS certificates ## managing TLS certificates
When `ne_enable_ssl` is enabled (default), the certificates for the ca (root if standalone or intermediate), the nagios server and the key for the nagios server have to be provided through the following values:
- `ne_ssl_ca_cert_pem`
- `ne_ssl_cert_pem`
- `ne_ssl_privatekey_pem`
via Hiera (if you use it) or ENC.
## SELINUX ## SELINUX
All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored. All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
## Known Problems ## Known Problems
- SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs. However, at the time of writing this module, this seems to be buggy, as I was unable to start the NRPE service as soon as the `ssl_cert_file` line was uncommented in the configuration file, despite having valid certs in the right position on the node. This happened when installing manually, not through this Puppet module. For that reason I included the `$ne_enable_ssl` boolean parameter, which is set to `false` by default, hence disabling SSL/TLS options until this has been fixed upstream, or a valid workaround has been found. Setting this option to `true` will include all SSL / TLS settings.
## Troubleshooting ## Troubleshooting
- `CHECK_NRPE: Unable to read output`: Nagios sudo access also needs Selinux to allow this. Default settings in this module take care for both through `$ne_allow_sudo` and `$ne_include_selinux`. - `CHECK_NRPE: Unable to read output`: Nagios sudo access also needs Selinux to allow this. Default settings in this module take care for both through `$ne_allow_sudo` and `$ne_include_selinux`.

3
manifests/main/files.pp
View File

@@ -41,7 +41,6 @@ class confdroid_nrpe::main::files (
} }
if $ne_allow_sudo == true { if $ne_allow_sudo == true {
file { $ne_sudo_file: file { $ne_sudo_file:
ensure => file, ensure => file,
path => $ne_sudo_file, path => $ne_sudo_file,
@@ -69,6 +68,7 @@ class confdroid_nrpe::main::files (
content => template($ne_nrpe_te_erb), content => template($ne_nrpe_te_erb),
notify => Exec['create_nrpe_pp'], notify => Exec['create_nrpe_pp'],
} }
}
# file for ssl certificate # file for ssl certificate
if $ne_enable_ssl == true { if $ne_enable_ssl == true {
@@ -110,4 +110,3 @@ class confdroid_nrpe::main::files (
} }
} }
} }
}

2
manifests/params.pp
View File

@@ -115,7 +115,7 @@ class confdroid_nrpe::params (
String $ne_command_timeout = '60', String $ne_command_timeout = '60',
String $ne_connection_timeout = '300', String $ne_connection_timeout = '300',
String $ne_allow_weak_rnd_seed = '1', String $ne_allow_weak_rnd_seed = '1',
Boolean $ne_enable_ssl = false, Boolean $ne_enable_ssl = true,
String $ne_ssl_version = 'TLSv2+', String $ne_ssl_version = 'TLSv2+',
String $ne_ssl_use_adh = '1', String $ne_ssl_use_adh = '1',
String $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH', String $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',