adding variables and place holders for certs

2026-03-15 14:46:33 +01:00
parent ae76b3ab10
commit 80dcda911b
5 changed files with 82 additions and 36 deletions
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -74,55 +74,65 @@
 # @param [Array] reqpackages which packages to install
 # @param [Boolean] ne_manage_cmds Whether to manage command rules for NRPE
 #   checks, to allow dynamic check & command rules.
+# @param [String] ne_ssl_cert_pem Optional parameter to specify the content of 
+#   the nagios server ssl certificate. This is used for the nagios server 
+#   certificate and has to be provided via Hiera or ENC. Must be specified if 
+#   SSL is enabled.
+# @param [String] ne_ssl_privatekey_pem Optional parameter to specify the content of 
+#   the nagios server ssl private key. This is used for the nagios server 
+#   private key and has to be provided via Hiera or ENC. Must be specified if 
+#   SSL is enabled.
 ###############################################################################
 class confdroid_nrpe::params (

-  String $pkg_ensure                 = 'present',
-  Array $reqpackages                 = ['nrpe','nrpe-selinux','selinux-policy-devel'],
+  String $pkg_ensure                      = 'present',
+  Array $reqpackages                      = ['nrpe','nrpe-selinux','selinux-policy-devel'],

-  Boolean $ne_manage_cmds            = true,
+  Boolean $ne_manage_cmds                 = true,

 # NRPE user settings
-  String $ne_user                    = 'nrpe',
-  String $ne_user_comment            = 'NRPE service user',
-  String $ne_user_uid                = '1005',
-  String $ne_user_home               = '/var/run/nrpe',
-  Optional[String] $ne_user_groups   = undef,
-  String $ne_user_shell              = '/sbin/nologin',
+  String $ne_user                         = 'nrpe',
+  String $ne_user_comment                 = 'NRPE service user',
+  String $ne_user_uid                     = '1005',
+  String $ne_user_home                    = '/var/run/nrpe',
+  Optional[String] $ne_user_groups        = undef,
+  String $ne_user_shell                   = '/sbin/nologin',

 # nrpe.cfg
-  String $ne_log_facility            = 'daemon',
-  String $ne_log_file                = '',
-  String $ne_debug                   = '0',
-  String $ne_nrpe_port               = '5666',
-  String $ne_server_address          = '0.0.0.0',
-  String $ne_listen_queue_size       = '5',
-  String $ne_dont_blame_nrpe         = '1',
-  String $ne_allow_bash_cmd_subst    = '1',
-  Boolean $ne_allow_sudo             = true,
-  String $ne_command_prefix          = '/usr/bin/sudo',
-  String $ne_command_timeout         = '60',
-  String $ne_connection_timeout      = '300',
-  String $ne_allow_weak_rnd_seed     = '1',
-  Boolean $ne_enable_ssl             = false,
-  String $ne_ssl_version             = 'TLSv2+',
-  String $ne_ssl_use_adh             = '1',
-  String $ne_ssl_cipher_list         = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
-  String $ne_ssl_cacert_file         = '/etc/pki/tls/certs/ca-chain.crt.pem',
-  String $ne_ssl_client_certs        = '2',
-  String $ne_ssl_logging             = '0x00',
-  Array $ne_nasty_metachars          = ["|`&><'\\[]{};\r\n"],
-  String $ne_include_file            = '',
+  String $ne_log_facility                 = 'daemon',
+  String $ne_log_file                     = '',
+  String $ne_debug                        = '0',
+  String $ne_nrpe_port                    = '5666',
+  String $ne_server_address               = '0.0.0.0',
+  String $ne_listen_queue_size            = '5',
+  String $ne_dont_blame_nrpe              = '1',
+  String $ne_allow_bash_cmd_subst         = '1',
+  Boolean $ne_allow_sudo                  = true,
+  String $ne_command_prefix               = '/usr/bin/sudo',
+  String $ne_command_timeout              = '60',
+  String $ne_connection_timeout           = '300',
+  String $ne_allow_weak_rnd_seed          = '1',
+  Boolean $ne_enable_ssl                  = false,
+  String $ne_ssl_version                  = 'TLSv2+',
+  String $ne_ssl_use_adh                  = '1',
+  String $ne_ssl_cipher_list              = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
+  String $ne_ssl_cacert_file              = '/etc/pki/tls/certs/ca-chain.crt.pem',
+  String $ne_ssl_client_certs             = '2',
+  String $ne_ssl_logging                  = '0x00',
+  Array $ne_nasty_metachars               = ["|`&><'\\[]{};\r\n"],
+  String $ne_include_file                 = '',
+  Optional[String] $ne_ssl_cert_pem       = undef,
+  Optional[String] $ne_ssl_privatekey_pem = undef,

 # nrpe.conf
-  String $ne_ssl_opts                = '',
+  String $ne_ssl_opts                     = '',

 # firewall
-  Boolean $ne_incl_fw                = true,
-  String $ne_fw_order_no             = '50',
+  Boolean $ne_incl_fw                     = true,
+  String $ne_fw_order_no                  = '50',

 # selinux
-  Boolean $ne_include_selinux        = true,
+  Boolean $ne_include_selinux             = true,

 ) {
 # Default facts
@@ -158,7 +168,9 @@ class confdroid_nrpe::params (
  $ne_nrpe_pp_file            = "${ne_main_conf_d_dir}/nrpe.pp"
  $ne_semodule_erb            =  'confdroid_nrpe/semodule_nrpe.erb'
  $ne_ssl_cert_file           = "/etc/pki/tls/certs/${fqdn}.crt.pem"
+  $ne_ssl_cert_erb            = 'confdroid_nrpe/ssl_cert.erb'
  $ne_ssl_privatekey_file     = "/etc/pki/tls/private/${fqdn}.key.pem"
+  $ne_ssl_privatekey_erb      = 'confdroid_nrpe/ssl_privatekey.erb'

 # includes must be last
  include confdroid_nrpe::main::config