OP#421 update Readme

2026-02-13 16:44:17 +01:00
parent 4c86b77b5d
commit 7ceaaa0d42
4 changed files with 5 additions and 7 deletions
--- a/.puppet-lint.rc
+++ b/.puppet-lint.rc
@@ -0,0 +1 @@
+--no-variable_scope-check
--- a/README.md
+++ b/README.md
@@ -40,11 +40,11 @@ NRPE allows monitoring tools like NAGIOS or ICINGA to connect to clients for mon
  * nrpe.cfg
 * manage sudo role for nagios user on NRPE clients
 * manage dynamic NRPE check command  definitions
-* manage iptables (optional). set `ne_incl_fw`to `true`. Specify a custom value to `ne_nagios_source` for the nagior server IP or range.
+* manage iptables (optional). set `ne_incl_fw`to `true`. 
 * manage selinux rule exceptions (optional)
 * manage NRPE service

-> Note: The value for the `nagios_server` variable is derived from a global paraneter set in Foreman (`nagios_server`), because the paremeter is used across multiple modules. You need to set that manually in Foreman under "Global Parameters".
+> Note: The value for the `nagios_server` variable is derived from a global paraneter set in Foreman (`nagios_server`), because the paremeter is used across multiple modules. You need to set that manually in Foreman under "Global Parameters". Same for `nagios_source`, the value for the firewall source.

 ## Repo Documentation

--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -9,7 +9,7 @@ class confdroid_nrpe::firewall::iptables (
 ) inherits confdroid_nrpe::params {
  if $ne_incl_fw == true {
    firewall { "${ne_fw_order_no}${ne_nrpe_port} port ${ne_nrpe_port}":
-      source => $ne_nagios_source,
+      source => $nagios_source,
      proto  => 'tcp',
      dport  => $ne_nrpe_port,
      jump   => 'accept',
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -74,9 +74,6 @@
 # @param [Array] reqpackages which packages to install
 # @param [Boolean] ne_manage_cmds Whether to manage command rules for NRPE
 #   checks, to allow dynamic check & command rules.
-# @param [String] ne_nagios_source the source address for the firewall rule. 
-#   Adjust to your  environment if needed. Default is '0.0.0.0/0' to allow 
-#   all sources, but it is recommended to specify the nagios server IP or subnet.
 ###############################################################################
 class confdroid_nrpe::params (

@@ -123,7 +120,6 @@ class confdroid_nrpe::params (
 # firewall
  Boolean $ne_incl_fw                = true,
  String $ne_fw_order_no             = '50',
-  String $ne_nagios_source           = '0.0.0.0/0',

 # selinux
  Boolean $ne_include_selinux        = true,
@@ -135,6 +131,7 @@ class confdroid_nrpe::params (
  $os_name                  = $facts['os']['name']
  $os_release               = $facts['os']['release']['major']
  $nagios_server            = $facts['nagios_server']
+  $nagios_source            = $facts['nagios_source']

 # service
  $ne_service                 = 'nrpe'