From 8dbe3d8b31ce256e4787a12d26a1c4d4e82f3dcb Mon Sep 17 00:00:00 2001
From: Arne Teuke <arne_teuke@confdroid.com>
Date: Fri, 28 Jul 2017 19:26:27 +0100
Subject: [PATCH] updated template

---
 manifests/params.pp    |  2 +
 templates/nrpe_cfg.erb | 96 +++---------------------------------------
 2 files changed, 9 insertions(+), 89 deletions(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index 99fe1a6..eaf475b 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -94,6 +94,7 @@
 # @param  [string] ne_server_address the network interfaces to listen on
 # @param  [string] ne_allow_weak_rnd_seed Whether to allow weak random seeds
 # @param  [string] ne_include_selinux Whether to manage selinux
+# @param  [boolean] ne_enable_ssl Whether to enable SSL certificates.
 ###############################################################################
 class cd_nrpe::params (
 
@@ -122,6 +123,7 @@ $ne_command_prefix          = '/usr/bin/sudo',
 $ne_command_timeout         = '60',
 $ne_connection_timeout      = '300',
 $ne_allow_weak_rnd_seed     = '1',
+$ne_enable_ssl              = false,
 $ne_ssl_version             = 'TLSv2+',
 $ne_ssl_use_adh             = '1',
 $ne_ssl_cipher_list         = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
diff --git a/templates/nrpe_cfg.erb b/templates/nrpe_cfg.erb
index edb138d..eb33175 100644
--- a/templates/nrpe_cfg.erb
+++ b/templates/nrpe_cfg.erb
@@ -41,103 +41,21 @@ ssl_version=<%= @ne_ssl_version %>
 ssl_use_adh=<%= @ne_ssl_use_adh %>
 ssl_cipher_list=<%= @ne_ssl_cipher_list %>
 
+<% if $ne_enable_ssl == true -%>
 ssl_cacert_file=<%= @ne_ssl_cacert_file %>
 ssl_cert_file=<%= @ne_ssl_cert_file %>
 ssl_privatekey_file=<%= @ne_ssl_privatekey_file %>
-
 ssl_client_certs=<%= @ne_ssl_client_certs %>
 ssl_logging=<%= @ne_ssl_logging %>
+<% end -%>
 
+nasty_metachars=<%= @ne_nasty_metachars  %>
 
+<% unless @ne_include_file.empty? -%>
+include=<%= @ne_include_file %>
+<% end -%>
 
-
-# NASTY METACHARACTERS
-# This option allows you to override the list of characters that cannot
-# be passed to the NRPE daemon.
-
-# nasty_metachars="|`&><'\\[]{};\r\n"
-
-
-# INCLUDE CONFIG FILE
-# This directive allows you to include definitions from an external config file.
-
-#include=<somefile.cfg>
-
-
-# INCLUDE CONFIG DIRECTORY
-# This directive allows you to include definitions from config files (with a
-# .cfg extension) in one or more directories (with recursion).
-
-include_dir=/etc/nrpe.d/
-
-
-# COMMAND DEFINITIONS
-# Command definitions that this daemon will run. Definitions
-# are in the following format:
-#
-# command[<command_name>]=<command_line>
-#
-# When the daemon receives a request to return the results of <command_name>
-# it will execute the command specified by the <command_line> argument.
-#
-# Unlike Nagios, the command line cannot contain macros - it must be
-# typed exactly as it should be executed.
-#
-# Note: Any plugins that are used in the command lines must reside
-# on the machine that this daemon is running on! The examples below
-# assume that you have plugins installed in a /usr/local/nagios/libexec
-# directory. Also note that you will have to modify the definitions below
-# to match the argument format the plugins expect. Remember, these are
-# examples only!
-
-
-# The following examples use hardcoded command arguments...
-
-command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
-command[check_load]=/usr/lib64/nagios/plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20
-command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
-command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
-command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200
-
-
-# The following examples allow user-supplied arguments and can
-# only be used if the NRPE daemon was compiled with support for
-# command arguments *AND* the dont_blame_nrpe directive in this
-# config file is set to '1'. This poses a potential security risk, so
-# make sure you read the SECURITY file before doing this.
-
-#command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
-#command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
-#command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
-#command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
-
-#####################################
-
-
-
-
-
-
-
-
-#ssl_version=<%= @ne_ssl_version %>
-#ssl_use_adh=<%= @ne_ssl_use_adh %>
-#ssl_cipher_list=<%= @ne_ssl_cipher_list %>
-
-#ssl_cacert_file=<%= @ne_ssl_cacert_file %>
-#ssl_cert_file=<%= @ne_ssl_cert_file %>
-#ssl_privatekey_file=<%= @ne_ssl_privatekey_file %>
-
-#ssl_client_certs=<%= @ne_ssl_client_certs %>
-#ssl_logging=<%= @ne_ssl_logging %>
-
-#nasty_metachars=<%= @ne_nasty_metachars  %>
-
-#<% unless @ne_include_file.empty? -%>
-#include=<%= @ne_include_file %>
-#<% end -%>
-
-#include_dir=<%= @ne_main_conf_d_dir  %>
+include_dir=<%= @ne_main_conf_d_dir  %>
 
 ### command definitions have been moved to include_dir for easier external
 #   management