+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
SERVICE * manage NRPE service
@@ -213,16 +217,60 @@ through this modules. Defaults totrue.
$ne_include_selinux : Whether to manage selinux exception
rules. Defaults to true.
$ne_enable_ssl : Whether to allow SSL settings. See known problems for more details.
In order to connect a Nagios monitoring server to clients through NRPE, you +must define commands and the desired argument strings on the clients. The +default NRPE installation comes with a few examples of such commands, which +are also included in this module. However, every environment is very +different in their requirements and Nagios via Puppet is all about the +ability to dynamicically set command arguments based on default variables / +overrides. For that reason no hard-coded commands are included, but instead +all commands are set via argument strings, where possible.
+ +The commands are created within /etc/nrpe.d/command.cfg , every set of +instructions creates a new line.
+ +Defining commands is as simple as +that: +<code> +`cd_nrpe::commands::definitions` { +'check_users': + `ne_check_cmd` => +'check_users', + `ne_cmd_argstring` => '-w $ARG1$ -c +$ARG2$', + } +</code> +It is very recommendable to define such +commands within Puppet modules controlling services, so any node running +the particular service will automatically get the required check commands +defined as well, while nodes not running the service also do not contain +the command check.
+All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs.
+However, at the time of writing this module, this seems to be buggy, as I
+was unable to start the NRPE service as soon as the
+ssl_cert_file line was uncommented in teh configuration file,
+despite having valid certs in the right position on the node. This happened
+when installing manually, not through this Puppet module. For that reason I
+included the $ne_enable_ssl boolean parameter, which is set to
+false by default, hence disabling SSL/TLS options until this
+has been fixed upstream, or a valid workaround has been found. Setting this
+option to true will include all SSL / TLS settings.
SERVICE * manage NRPE service
@@ -213,16 +217,60 @@ through this modules. Defaults totrue.
$ne_include_selinux : Whether to manage selinux exception
rules. Defaults to true.
$ne_enable_ssl : Whether to allow SSL settings. See known problems for more details.
In order to connect a Nagios monitoring server to clients through NRPE, you +must define commands and the desired argument strings on the clients. The +default NRPE installation comes with a few examples of such commands, which +are also included in this module. However, every environment is very +different in their requirements and Nagios via Puppet is all about the +ability to dynamicically set command arguments based on default variables / +overrides. For that reason no hard-coded commands are included, but instead +all commands are set via argument strings, where possible.
+ +The commands are created within /etc/nrpe.d/command.cfg , every set of +instructions creates a new line.
+ +Defining commands is as simple as +that: +<code> +`cd_nrpe::commands::definitions` { +'check_users': + `ne_check_cmd` => +'check_users', + `ne_cmd_argstring` => '-w $ARG1$ -c +$ARG2$', + } +</code> +It is very recommendable to define such +commands within Puppet modules controlling services, so any node running +the particular service will automatically get the required check commands +defined as well, while nodes not running the service also do not contain +the command check.
+All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs.
+However, at the time of writing this module, this seems to be buggy, as I
+was unable to start the NRPE service as soon as the
+ssl_cert_file line was uncommented in teh configuration file,
+despite having valid certs in the right position on the node. This happened
+when installing manually, not through this Puppet module. For that reason I
+included the $ne_enable_ssl boolean parameter, which is set to
+false by default, hence disabling SSL/TLS options until this
+has been fixed upstream, or a valid workaround has been found. Setting this
+option to true will include all SSL / TLS settings.
- # File 'manifests/commands/definition_rules.pp', line 23
+ |
@@ -207,7 +267,7 @@ class cd_nrpe::commands::definition_rules (
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html
index c5c3e0f..30e2d6c 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html
@@ -165,7 +165,7 @@ class cd_nrpe::firewall::iptables (
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html
index b1eb0c0..a8326dd 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html
@@ -154,7 +154,7 @@ class cd_nrpe::main::config (
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html
index 742c5e0..12d95ab 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html
@@ -205,7 +205,7 @@ class cd_nrpe::main::dirs (
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html
index 28e6a2b..6125780 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html
@@ -166,7 +166,22 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
58
59
60
-61
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
# File 'manifests/main/files.pp', line 23
@@ -209,6 +224,21 @@ class cd_nrpe::main::files (
notify => Service[$ne_service],
}
+ if $ne_allow_sudo == true {
+
+ file { $ne_sudo_file:
+ ensure => file,
+ path => $ne_sudo_file,
+ owner => 'root',
+ group => 'root',
+ mode => '0440',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ content => template($ne_sudo_rule_erb),
+ }
+ }
}
|
@@ -217,7 +247,7 @@ class cd_nrpe::main::files (
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html
index 05205f0..6eac1d5 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html
@@ -160,7 +160,7 @@ class cd_nrpe::main::install (
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html
index 9a58c18..9b698b7 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html
@@ -183,7 +183,7 @@ class cd_nrpe::main::service (
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html
index 61b4987..9d48101 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html
@@ -193,7 +193,7 @@ class cd_nrpe::main::user (
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html
index cd82ecb..4074e9c 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html
@@ -494,7 +494,7 @@ changed in a later version of NRPE.
—
# File 'manifests/params.pp', line 101 @@ -977,7 +980,7 @@ $pkg_ensure = 'latest', $ne_manage_cmds = true, -# user settings +# NRPE user settings $ne_user = 'nrpe', $ne_user_comment = 'NRPE service user', $ne_user_uid = '1005', @@ -985,6 +988,7 @@ $ne_user_home = '/var/run/nrpe', $ne_user_groups = undef, $ne_user_shell = '/sbin/nologin', + # nrpe.cfg $ne_log_facility = 'daemon', $ne_log_file = '', @@ -1046,6 +1050,8 @@ $ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb' $ne_cmd_file = "${ne_main_conf_d_dir}/commands.cfg" $ne_cmd_head_erb = 'cd_nrpe/cmd_head.erb' $ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb' +$ne_sudo_file = '/etc/sudoers.d/nagios_sudo' +$ne_sudo_rule_erb = 'cd_nrpe/sudo_rule.erb' # includes must be last @@ -1059,7 +1065,7 @@ $ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb' diff --git a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html index 78443bd..1d5391e 100644 --- a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html +++ b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html @@ -173,6 +173,25 @@ the custom location , i.e. -w $ARG1$ -c $ARG2$. See the arguments in th eman pages for the checks. + + + + +
+
Specify an optional comment for your command +definition -31 -32 33 34 35 @@ -206,16 +223,20 @@ checks. 47 48 49 -50+50 +51 +52 +53 |
- # File 'manifests/commands/definitions.pp', line 31 +# File 'manifests/commands/definitions.pp', line 33 define cd_nrpe::commands::definitions ( $ne_check_cmd = undef, $ne_cmd_path = '/usr/lib64/nagios/plugins/', $ne_cmd_argstring = undef, +$ne_cmd_comment = '', ) { @@ -238,7 +259,7 @@ $ne_manage_cmds = $::cd_nrpe::params::ne_manage_cmds diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index b8e97c8..b3d393c 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -90,7 +90,7 @@ |