diff --git a/README.md b/README.md
index 5ddc9ef..188d2c3 100644
--- a/README.md
+++ b/README.md
@@ -30,10 +30,12 @@ NRPE allows monitoring tools like NAGIOS or ICINGA to connect to clients for mon
### Features
INSTALLATION
-* install binaries
+* install nrpe binaries
CONFIGURATION
+* manage NRPE service user properties
* manage directory structure (file system permissions, selinux context)
+*
SERVICE
@@ -44,8 +46,11 @@ Repostructure has moved to REPOSTRUCTURE.md in repo.
All dependencies must be included in the catalogue.
* [cd_resources](https://gitlab.puppetsoft.com/12WW1160/cd_resources) to manage YUM repositories.
+* [cd_stdlib](https://gitlab.puppetsoft.com/12WW1160/cd_stdlib) or [puppetlabs stdlib](https://github.com/puppetlabs/puppetlabs-stdlib) to facilitate concat
+* [cd_concat](https://gitlab.puppetsoft.com/12WW1160/cd_stdlib) or [puppetlabs concat](https://github.com/puppetlabs/puppetlabs-concat) for concatenating files
### Deployment
+`cd_nrpe` does typically not need to be specifically declared. It will be auto-required by `cd_nagios` with default settings. Only if you want to override settings declare it specifically.
##### native Puppet deployment
@@ -57,7 +62,7 @@ node 'example.example.net' {
}
```
#### through Foreman:
-In order to apply parameters through Foreman, **__cd_nrpe::params__** must be added to the host or hostgroup in question.
+In order to apply parameters through Foreman, **__cd_nrpe::params__** must be added to the host or hostgroup in question, unless the defaults are fully acceptable across the estate.
See [more details about class deployment on Confdroid.com](https://confdroid.com/2017/05/deploying-our-puppet-modules/).
diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md
index c51b92c..97a25df 100644
--- a/REPOSTRUCTURE.md
+++ b/REPOSTRUCTURE.md
@@ -11,6 +11,7 @@
| |-- puppet_classes
| | |-- cd_nrpe_3A_3Amain_3A_3Aconfig.html
| | |-- cd_nrpe_3A_3Amain_3A_3Ainstall.html
+| | |-- cd_nrpe_3A_3Amain_3A_3Auser.html
| | |-- cd_nrpe_3A_3Amainn_3A_3Auser.html
| | |-- cd_nrpe_3A_3Aparams.html
| | |-- cd_nrpe_3A_3Auser.html
@@ -22,12 +23,21 @@
| |-- puppet_class_list.html
| `-- top-level-namespace.html
|-- manifests
+| |-- commands
+| | `-- definitions.pp
+| |-- firewall
+| | `-- iptables.pp
| |-- main
| | |-- config.pp
+| | |-- dirs.pp
+| | |-- files.pp
| | |-- install.pp
+| | |-- service.pp
| | `-- user.pp
| |-- init.pp
| `-- params.pp
+|-- templates
+| `-- nrpe_cfg_head.erb
|-- tests
| `-- UTF_Files
|-- CHANGELOG.md
@@ -38,4 +48,4 @@
|-- README.md
`-- REPOSTRUCTURE.md
-7 directories, 31 files
+10 directories, 38 files
diff --git a/doc/_index.html b/doc/_index.html
index 94b4d71..7a60b55 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -73,16 +73,36 @@
+
cd_nrpe does typically not need to be specifically declared.
+It will be auto-required by cd_nagios with default settings.
+Only if you want to override settings declare it specifically.
+
native Puppet deployment
via site.pp or nodes.pp
@@ -155,7 +169,7 @@ to manage YUM repositories.
In order to apply parameters through Foreman,
cd_nrpe::params must be added to the host or hostgroup in
-question.
+question, unless the defaults are fully acceptable across the estate.
cd_nrpe does typically not need to be specifically declared.
+It will be auto-required by cd_nagios with default settings.
+Only if you want to override settings declare it specifically.
+
native Puppet deployment
via site.pp or nodes.pp
@@ -155,7 +169,7 @@ to manage YUM repositories.
In order to apply parameters through Foreman,
cd_nrpe::params must be added to the host or hostgroup in
-question.
+question, unless the defaults are fully acceptable across the estate.
+ manage firewall settings through cd_firewall or puppetlabs-firewall
+
+
Overview
+
+
+
+
cd_nrpe::firewall::iptables.pp
+Module name: cd_nrpe
+Author: Arne Teuke
+(arne_teuke@ConfDroid.com)
+
+
License:
+
+
This file is part of cd_nrpe.
+
+
cd_nrpe is used for providing automatic configuration of NRPE.
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
+
+
This program is distributed in the hope that it will be useful,
+ but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License
+for more details.
+
+
You should have received a copy of the GNU General Public License
+ along
+with this program. If not, see www.gnu.org/licenses/.
+
+
\ No newline at end of file
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html
index 0b225d5..acd0656 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html
@@ -93,18 +93,16 @@ Author: Arne Teuke
This file is part of cd_nrpe.
-
cd_nrpe is used for providing automatic configuration of
- <service /
-purpose>
- Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
- This
-program is free software: you can redistribute it and/or modify
- it under
-the terms of the GNU General Public License as published by
- the Free
-Software Foundation, either version 3 of the License, or
- (at your option)
-any later version.
+
cd_nrpe is used for providing automatic configuration of NRPE.
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
This program is distributed in the hope that it will be useful,
but
@@ -131,22 +129,22 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
+24
25
26
27
28
29
-30
-31
+30
-
# File 'manifests/main/config.pp', line 25
+
# File 'manifests/main/config.pp', line 24
class cd_nrpe::main::config (
) inherits cd_nrpe::params {
- include cd_nrpe::main::user
+ include cd_nrpe::main::service
}
+ Class manages all directories required for cd_nrpe.
+
+
Overview
+
+
+
+
cd_nrpe::main::dirs.pp
+Module name: cd_nrpe
+Author: Arne Teuke
+(arne_teuke@ConfDroid.com)
+
+
License:
+
+
This file is part of cd_nrpe.
+
+
cd_nrpe is used for providing automatic configuration of NRPE.
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
+
+
This program is distributed in the hope that it will be useful,
+ but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License
+for more details.
+
+
You should have received a copy of the GNU General Public License
+ along
+with this program. If not, see www.gnu.org/licenses/.
+ Class manages all configuration files required for cd_nrpe.
+
+
Overview
+
+
+
+
cd_nrpe::main::files.pp
+Module name: cd_nrpe
+Author: Arne Teuke
+(arne_teuke@ConfDroid.com)
+
+
License:
+
+
This file is part of cd_nrpe.
+
+
cd_nrpe is used for providing automatic configuration of NRPE.
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
+
+
This program is distributed in the hope that it will be useful,
+ but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License
+for more details.
+
+
You should have received a copy of the GNU General Public License
+ along
+with this program. If not, see www.gnu.org/licenses/.
+
+
\ No newline at end of file
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html
index c8c6cdd..a632bcb 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html
@@ -93,18 +93,16 @@ Author: Arne Teuke
This file is part of cd_nrpe.
-
cd_nrpe is used for providing automatic configuration of
- <service /
-purpose>
- Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
- This
-program is free software: you can redistribute it and/or modify
- it under
-the terms of the GNU General Public License as published by
- the Free
-Software Foundation, either version 3 of the License, or
- (at your option)
-any later version.
+
cd_nrpe is used for providing automatic configuration of NRPE.
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
This program is distributed in the hope that it will be useful,
but
@@ -131,6 +129,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
cd_nrpe::main::service.pp
+Module name: cd_nrpe
+Author: Arne Teuke
+(arne_teuke@ConfDroid.com)
+
+
License:
+
+
This file is part of cd_nrpe.
+
+
cd_nrpe is used for providing automatic configuration of NRPE.
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
+
+
This program is distributed in the hope that it will be useful,
+ but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License
+for more details.
+
+
You should have received a copy of the GNU General Public License
+ along
+with this program. If not, see www.gnu.org/licenses/.
+
+
\ No newline at end of file
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html
index 8a5741c..518fd1f 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html
@@ -92,18 +92,16 @@ Author: Arne Teuke
This file is part of cd_nrpe.
-
cd_nrpe is used for providing automatic configuration of
- <service /
-purpose>
- Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
- This
-program is free software: you can redistribute it and/or modify
- it under
-the terms of the GNU General Public License as published by
- the Free
-Software Foundation, either version 3 of the License, or
- (at your option)
-any later version.
+
cd_nrpe is used for providing automatic configuration of NRPE.
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
This program is distributed in the hope that it will be useful,
but
@@ -130,6 +128,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
cd_nrpe is used for providing automatic configuration of
- <service /
-purpose>
- Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
- This
-program is free software: you can redistribute it and/or modify
- it under
-the terms of the GNU General Public License as published by
- the Free
-Software Foundation, either version 3 of the License, or
- (at your option)
-any later version.
+
cd_nrpe is used for providing automatic configuration of NRPE.
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
This program is distributed in the hope that it will be useful,
but
@@ -125,7 +131,9 @@ for more details.
You should have received a copy of the GNU General Public License
along
with this program. If not, see www.gnu.org/licenses/.
+href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
+be passed to
+the NRPE daemon.
@@ -153,6 +161,501 @@ to choose, i.e. latest or present.
+
This is for backward compatibility and is
+DEPRECATED. Set to 1 to enable
+ADH or 2 to require ADH. 1 is currently the
+default but will be changed in
+a later version.
ciphers can be used. For backward
+compatibility, this defaults to
+'ssl_cipher_list=ALL:!MD5:@STRENGTH' in
+this version but will be
+changed in a later version of NRPE.
determines which SSL messages are send to
+syslog. OR values together to
+specify multiple options.
+Values: 0x00 (0) = No additional logging
+(default)
+0x01 (1) = Log startup SSL/TLS parameters
+0x02 (2) = Log remote
+IP address
+0x04 (4) = Log SSL/TLS version of connections
+0x08 (8) = Log
+which cipher is being used for the connection
+0x10 (16) = Log if client has
+a certificate
+0x20 (32) = Log details of client's certificate if it has
+one
+-1 or 0xff or 0x2f = All of the above
+ manage firewall settings through cd_firewall or puppetlabs-firewall
+
+
Overview
+
+
+
+
cd_nrpe::commands::definitions.pp
+Module name: cd_nrpe
+Author: Arne Teuke
+(arne_teuke@ConfDroid.com)
+
+
License:
+
+
This file is part of cd_nrpe.
+
+
cd_nrpe is used for providing automatic configuration of NRPE.
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
+
+
This program is distributed in the hope that it will be useful,
+ but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License
+for more details.
+
+
You should have received a copy of the GNU General Public License
+ along
+with this program. If not, see www.gnu.org/licenses/.
+
+
\ No newline at end of file
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index b7da8ce..ba084e7 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@
diff --git a/manifests/commands/definitions.pp b/manifests/commands/definitions.pp
new file mode 100644
index 0000000..a34327b
--- /dev/null
+++ b/manifests/commands/definitions.pp
@@ -0,0 +1,30 @@
+## cd_nrpe::commands::definitions.pp
+# Module name: cd_nrpe
+# Author: Arne Teuke (arne_teuke@ConfDroid.com)
+# # License:
+# This file is part of cd_nrpe.
+#
+# cd_nrpe is used for providing automatic configuration of NRPE.
+# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+# @summary manage firewall settings through cd_firewall or puppetlabs-firewall
+###############################################################################
+define cd_nrpe::commands::definitions (
+
+
+) {
+
+
+
+}
diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
new file mode 100644
index 0000000..7341a94
--- /dev/null
+++ b/manifests/firewall/iptables.pp
@@ -0,0 +1,35 @@
+## cd_nrpe::firewall::iptables.pp
+# Module name: cd_nrpe
+# Author: Arne Teuke (arne_teuke@ConfDroid.com)
+# # License:
+# This file is part of cd_nrpe.
+#
+# cd_nrpe is used for providing automatic configuration of NRPE.
+# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+# @summary manage firewall settings through cd_firewall or puppetlabs-firewall
+###############################################################################
+class cd_nrpe::firewall::iptables (
+
+) inherits cd_nrpe::params {
+
+ if $ne_incl_fw == true {
+
+ firewall { "${ne_fw_order_no}${ne_nrpe_port} tcp ${ne_nrpe_port}":
+ proto => ['tcp','udp'],
+ dport => $ne_nrpe_port,
+ action => 'accept',
+ }
+ }
+}
diff --git a/manifests/main/config.pp b/manifests/main/config.pp
index 10a358b..c703487 100644
--- a/manifests/main/config.pp
+++ b/manifests/main/config.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -26,6 +25,6 @@ class cd_nrpe::main::config (
) inherits cd_nrpe::params {
- include cd_nrpe::main::user
+ include cd_nrpe::main::service
}
diff --git a/manifests/main/dirs.pp b/manifests/main/dirs.pp
new file mode 100644
index 0000000..5e7ef09
--- /dev/null
+++ b/manifests/main/dirs.pp
@@ -0,0 +1,55 @@
+## cd_nrpe::main::dirs.pp
+# Module name: cd_nrpe
+# Author: Arne Teuke (arne_teuke@ConfDroid.com)
+# # License:
+# This file is part of cd_nrpe.
+#
+# cd_nrpe is used for providing automatic configuration of NRPE.
+# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+# @summary Class manages all directories required for cd_nrpe.
+###############################################################################
+class cd_nrpe::main::dirs (
+
+) inherits cd_nrpe::params {
+
+ require cd_nrpe::main::user
+
+ # manage main conf_d_dir
+
+ file { $ne_main_conf_d_dir:
+ ensure => directory,
+ path => $ne_main_conf_d_dir,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+
+ file { $ne_run_dir:
+ ensure => directory,
+ path => $ne_run_dir,
+ owner => $ne_user,
+ group => $ne_user,
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => var_run_t,
+ seluser => system_u,
+ }
+
+}
diff --git a/manifests/main/files.pp b/manifests/main/files.pp
new file mode 100644
index 0000000..19b999d
--- /dev/null
+++ b/manifests/main/files.pp
@@ -0,0 +1,43 @@
+## cd_nrpe::main::files.pp
+# Module name: cd_nrpe
+# Author: Arne Teuke (arne_teuke@ConfDroid.com)
+# # License:
+# This file is part of cd_nrpe.
+#
+# cd_nrpe is used for providing automatic configuration of NRPE.
+# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+# @summary Class manages all configuration files required for cd_nrpe.
+##############################################################################
+class cd_nrpe::main::files (
+
+) inherits cd_nrpe::params {
+
+ require cd_nrpe::main::dirs
+
+ file { $ne_main_conf_file:
+ ensure => file,
+ path => ne_main_conf_file,
+ owner => 'root',
+ group => 'root',
+ mode => '0640',
+ selrange => s0,
+ selrole => object_r,
+ seltype => nrpe_etc_t,
+ seluser => system_u,
+ content => template($ne_main_conf_file),
+ notify => Service[$ne_service],
+ }
+
+}
diff --git a/manifests/main/install.pp b/manifests/main/install.pp
index 9c912c6..1fd4d68 100644
--- a/manifests/main/install.pp
+++ b/manifests/main/install.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/manifests/main/service.pp b/manifests/main/service.pp
new file mode 100644
index 0000000..dcfcc70
--- /dev/null
+++ b/manifests/main/service.pp
@@ -0,0 +1,40 @@
+## cd_nrpe::main::service.pp
+# Module name: cd_nrpe
+# Author: Arne Teuke (arne_teuke@ConfDroid.com)
+# # License:
+# This file is part of cd_nrpe.
+#
+# cd_nrpe is used for providing automatic configuration of NRPE.
+# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+# @summary Class manages the service(s) for cd_nrpe.
+#############################################################################
+class cd_nrpe::main::service (
+
+) inherits cd_nrpe::params {
+
+ if $ne_incl_fw == true {
+ require cd_nrpe::firewall::iptables
+ }
+
+ require cd_nrpe::main::files
+
+ service { $ne_service:
+ ensure => running,
+ hasstatus => true,
+ hasrestart => true,
+ enable => true,
+ }
+
+}
diff --git a/manifests/main/user.pp b/manifests/main/user.pp
index dc8e409..0544328 100644
--- a/manifests/main/user.pp
+++ b/manifests/main/user.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/manifests/params.pp b/manifests/params.pp
index 35343cf..8537cdc 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -4,8 +4,7 @@
# # License:
# This file is part of cd_nrpe.
#
-# cd_nrpe is used for providing automatic configuration of
-#
+# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -24,7 +23,68 @@
# @param [string] pkg_ensure
# which [package type](https://confdroid.com/2017/05/puppet-type-package/)
# to choose, i.e. `latest` or `present`.
-##############################################################################
+# @param [string] ne_log_facility the log facility to use.
+# @param [string] ne_log_file If a log file is specified in this option,
+# nrpe will write to that file instead of using syslog. i.e. /var/run/nrpe.log
+# @param [string] ne_debug Whether debugging messages are logged to the
+# syslog facility.
+# @param [string] ne_nrpe_port the NRPE port. used in firewall ( optional)
+# and configuration file.
+# @param [string] ne_listen_queue_size Listen queue size (backlog) for
+# serving incoming connections.
+# @param [string] ne_nagios_server ipaddress of the nagios server to be allowed
+# to connect to NRPE service. Default is to look up a global parameter from
+# ENC.
+# @param [string] ne_dont_blame_nrpe whether or not the NRPE daemon will
+# allow clients to specify arguments to commands that are executed.
+# @param [string] ne_allow_bash_cmd_subst whether or not the NRPE daemon will
+# allow clients to specify arguments that contain bash command substitutions
+# of the form $(...).
+# @param [boolean] ne_allow_sudo Whether to allow sudo access. used in nrpe.cfg
+# as well as for creating a sudo role.
+# @param [string] command_prefix allows you to prefix all commands with a
+# user-defined string.
+# @param [string] ne_incl_fw Whether to include firewall rules
+# @param [string] ne_command_timeout maximum number of seconds that the NRPE
+# daemon will allow plugins to finish executing before killing them off.
+# @param [string] ne_connection_timeout maximum number of seconds that the
+# NRPE daemon will wait for a connection to be established before exiting.
+# @param [string] ne_ssl_version These directives allow you to specify how to
+# use SSL/TLS.
+# @param [string] ne_ssl_use_adh This is for backward compatibility and is
+# DEPRECATED. Set to 1 to enable ADH or 2 to require ADH. 1 is currently the
+# default but will be changed in a later version.
+# @param [string] ne_ssl_cipher_list ciphers can be used. For backward
+# compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in
+# this version but will be changed in a later version of NRPE.
+# @param [string] ne_ssl_cacert_file path and name of the ssl certificate
+# authority ( ca) file / chain. must be full path.
+# @param [string] ne_ssl_cert_file path and name of the server ssl certificate.
+# must include full path.
+# @param [string] ne_ssl_privatekey_filepath and name of the server ssl
+# private key. Must include full path.
+# @param [string] ne_ssl_client_certs determines client certificate usage.
+# Values: 0 = Don't ask for or require client certificates
+# 1 = Ask for client certificates
+# 2 = Require client certificates
+# @param [string] ne_ssl_logging determines which SSL messages are send to
+# syslog. OR values together to specify multiple options.
+# Values: 0x00 (0) = No additional logging (default)
+# 0x01 (1) = Log startup SSL/TLS parameters
+# 0x02 (2) = Log remote IP address
+# 0x04 (4) = Log SSL/TLS version of connections
+# 0x08 (8) = Log which cipher is being used for the connection
+# 0x10 (16) = Log if client has a certificate
+# 0x20 (32) = Log details of client's certificate if it has one
+# -1 or 0xff or 0x2f = All of the above
+# @param [string] ne_nasty_metachars list of characters that cannot
+# be passed to the NRPE daemon.
+# @param [string] ne_include_file include definitions from an external
+# config file.
+# @param [string] ne_include_dir
+# @param [string] ne_fw_order_no ordering prefix for he firewall rules. Adjust
+# to yoru environment if needed.
+###############################################################################
class cd_nrpe::params (
$pkg_ensure = 'latest',
@@ -33,10 +93,44 @@ $pkg_ensure = 'latest',
$ne_user = 'nrpe',
$ne_user_comment = 'NRPE service user',
$ne_user_uid = '1005',
-$ne_user_home = '/var/run/nagios',
+$ne_user_home = '/var/run/nrpe',
$ne_user_groups = undef,
$ne_user_shell = '/sbin/nologin',
+# nrpe.cfg
+$ne_log_facility = 'daemon',
+$ne_log_file = '',
+$ne_debug = '0',
+$ne_nrpe_port = '5666',
+$ne_server_address = '127.0.0.1',
+$ne_listen_queue_size = '5',
+$ne_nagios_server = $::nagios_server,
+$ne_dont_blame_nrpe = '1',
+$ne_allow_bash_cmd_subst = '1',
+$ne_allow_sudo = true,
+$ne_command_prefix = '/usr/bin/sudo',
+$ne_command_timeout = '60',
+$ne_connection_timeout = '300',
+$ne_allow_weak_rnd_seed = '1',
+$ne_ssl_version = 'TLSv1.1+',
+$ne_ssl_use_adh = '1',
+$ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
+$ne_ssl_cacert_file = '/etc/pki/tls/certs/ca-chain.crt.pem',
+$ne_ssl_cert_file = "/etc/pki/tls/certs/${::fqdn}.crt.pem",
+$ne_ssl_privatekey_file = "/etc/pki/tls/private/${::fqdn}.key.pem",
+$ne_ssl_client_certs = '2',
+$ne_ssl_logging = '0x00',
+$ne_nasty_metachars = '\"|`&><\'\\[]{};\r\n\"',
+$ne_include_file = '',
+
+# firewall
+$ne_incl_fw = true,
+$ne_fw_order_no = '50',
+
+# selinux
+$ne_include_selinux = true,
+
+
) {
# installation section
@@ -44,6 +138,18 @@ $reqpackages = $::operatingsystem ? {
/(?i-mx:centos|fedora|redhat)/ => ['nrpe'],
}
+# service
+$ne_service = 'nrpe'
+
+# directories
+$ne_main_conf_d_dir = '/etc/nrpe.d'
+$ne_run_dir = '/var/run/nrpe'
+
+# files
+$ne_main_conf_file = '/etc/nagios/nrpe.cfg'
+$ne_nrpe_conf_head_erb = 'cd_nrpe/nrpe_cfg_head.erb'
+$ne_nrpe_pid_file = "${ne_run_dir}/nrpe.pid"
+
# includes must be last
include cd_nrpe::main::config
diff --git a/templates/nrpe_cfg_head.erb b/templates/nrpe_cfg_head.erb
new file mode 100644
index 0000000..c3a931d
--- /dev/null
+++ b/templates/nrpe_cfg_head.erb
@@ -0,0 +1,59 @@
+################################################################################
+########## nrpe.cfg managed by Puppet ##########
+########## manual changes will be overwritten !!! ##########
+################################################################################
+########## full reference is available at ##########
+########## https://confdroid.com/2017/07/nrpe-nrpe-cfg/ ##########
+################################################################################
+
+log_facility=<%= @ne_log_facility %>
+
+<% unless @ne_log_file.empty? -%>
+log_file=<%= @ne_log_file %>
+<% end -%>
+
+debug=<%= @ne_debug %>
+
+pid_file=<% @ne_nrpe_pid_file %>
+server_port=<%= @ne_nrpe_port %>
+
+server_address=<%= @ne_server_address %>
+listen_queue_size=<%= @ne_listen_queue_size %>
+
+nrpe_user=<%= @ne_user %>
+nrpe_group=<%= @ne_user %>
+
+allowed_hosts=127.0.0.1,::1,<%= @ne_nagios_server %>
+dont_blame_nrpe=<%= @ne_dont_blame_nrpe %>
+allow_bash_command_substitution=<%= @ne_allow_bash_cmd_subst %>
+
+<% if @ne_allow_sudo == true -%>
+command_prefix=<%= @ne_command_prefix %>
+<% end -%>
+
+command_timeout=<%= @ne_command_timeout %>
+connection_timeout=<%= @ne_connection_timeout %>
+
+allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %>
+
+ssl_version=<%= @ne_ssl_version %>
+ssl_use_adh=<%= @ne_ssl_use_adh %>
+ssl_cipher_list=<%= @ne_ssl_cipher_list %>
+
+ssl_cacert_file=<%= @ne_ssl_cacert_file %>
+ssl_cert_file=<%= @ne_ssl_cert_file %>
+ssl_privatekey_file=<%= @ne_ssl_privatekey_file %>
+
+ssl_client_certs=<%= @ne_ssl_client_certs %>
+ssl_logging=<%= @ne_ssl_logging %>
+
+nasty_metachars=<$= @ne_nasty_metachars %>
+
+<% unless @ne_include_file.empty? -%>
+include=<%= @ne_include_file %>
+<% end -%>
+
+include_dir=<%= @ne_main_conf_d_dir %>
+
+### command definitions have been moved to include_dir for easier external
+# management