diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 17655d3..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,124 +0,0 @@ -pipeline { - agent any - - post { - always { - deleteDir() /* clean up our workspace */ - } - success { - updateGitlabCommitStatus state: 'success' - } - failure { - updateGitlabCommitStatus state: 'failed' - step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true]) - } - } - - options { - gitLabConnection('gitlab.confdroid.com') - } - - stages { - - stage('pull master') { - steps { - sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) { - sh ''' - git config user.name "Jenkins Server" - git config user.email jenkins@confdroid.com - # Ensure we're on the development branch (triggered by push) - git checkout development - # Create jenkins branch from development - git checkout -b jenkins-build-$BUILD_NUMBER - # Optionally merge master into jenkins to ensure compatibility - git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; } - ''' - } - } - } - - stage('puppet parser') { - steps { - sh '''for file in $(find . -iname \'*.pp\'); do - /opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1; - done;''' - } - } - - stage('check templates') { - steps{ - sh '''for file in $(find . -iname \'*.erb\'); - do erb -P -x -T "-" $file | ruby -c || exit 1; - done;''' - } - } - - stage('puppet-lint') { - steps { - sh '''/usr/local/bin/puppet-lint . \\ - --no-variable_scope-check \\ - || { echo "Puppet lint failed"; exit 1; } - ''' - } - } - - stage('SonarScan') { - steps { - withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { - sh ''' - /opt/sonar-scanner/bin/sonar-scanner \ - -Dsonar.projectKey=confdroid_nrpe \ - -Dsonar.sources=. \ - -Dsonar.host.url=https://sonarqube.confdroid.com \ - -Dsonar.token=$SONAR_TOKEN - ''' - } - } - } - - stage('create Puppet documentation') { - steps { - sh '/opt/puppetlabs/bin/puppet strings' - } - } - - stage('update repo') { - steps { - sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) { - sh ''' - git config user.name "Jenkins Server" - git config user.email jenkins@confdroid.com - git rm -r --cached .vscode || echo "No .vscode to remove from git" - git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit" - git push origin HEAD:master - ''' - } - } - } - - stage('Mirror to Gitea') { - steps { - withCredentials([usernamePassword( - credentialsId: 'Jenkins-gitea', - usernameVariable: 'GITEA_USER', - passwordVariable: 'GITEA_TOKEN')]) { - script { - // Checkout from GitLab (already done implicitly) - sh ''' - git checkout master - git pull origin master - git branch -D development - git branch -D jenkins-build-$BUILD_NUMBER - git rm -f Jenkinsfile - git rm -r --cached .vscode || echo "No .vscode to remove from git" - git commit --amend --no-edit --allow-empty - git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_nrpe.git - git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \ - push master --mirror - ''' - } - } - } - } - } -} \ No newline at end of file diff --git a/doc/file.README.html b/doc/file.README.html index d6ed910..43c5656 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -78,7 +78,7 @@

  • Managing Check Commands

  • -

    managing TLS serts

    +

    managing TLS certificates

  • SELINUX

  • @@ -191,7 +191,7 @@

    It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.

    -

    managing TLS serts

    +

    managing TLS certificates

    SELINUX

    diff --git a/doc/index.html b/doc/index.html index 61f9ed0..1545482 100644 --- a/doc/index.html +++ b/doc/index.html @@ -78,7 +78,7 @@

  • Managing Check Commands

  • -

    managing TLS serts

    +

    managing TLS certificates

  • SELINUX

  • @@ -191,7 +191,7 @@

    It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.

    -

    managing TLS serts

    +

    managing TLS certificates

    SELINUX

    diff --git a/doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html index dd9f2bd..f96d40b 100644 --- a/doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html @@ -196,7 +196,19 @@ 98 99 100 -101 +101 +102 +103 +104 +105 +106 +107 +108 +109 +110 +111 +112 +113 
    # File 'manifests/main/files.pp', line 6
@@ -294,6 +306,18 @@ class confdroid_nrpe::main::files (
         seluser  => system_u,
         content  => template($ne_ssl_privatekey_erb),
       }
+      file { $ne_ssl_ca_cert_file:
+        ensure   => file,
+        path     => $ne_ssl_ca_cert_file,
+        owner    => 'root',
+        group    => 'root',
+        mode     => '0644',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => cert_t,
+        seluser  => system_u,
+        content  => template($ne_ssl_ca_cert_erb),
+      }
     }
   }
 }
    diff --git a/doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html b/doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html index 632eb73..5d42b30 100644 --- a/doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html +++ b/doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html @@ -777,6 +777,24 @@ inherited by all classes except defines. —

    Optional parameter to specify the content of the nagios server ssl private key. This is used for the nagios server private key and has to be provided via Hiera or ENC. Must be specified if SSL is enabled.

    +
    + +
    • + +
  • + + ne_ssl_ca_cert_pem + + + (Optional[String]) + + + (defaults to: undef) + + + — +
    +

    Optional parameter to specify the content of the CA certificate. This is used for the CA certificate and has to be provided via Hiera or ENC. Must be specified if SSL is enabled.

    • @@ -799,9 +817,6 @@ inherited by all classes except defines. 
     
 
-86
-87
-88
 89
 90
 91
@@ -890,10 +905,16 @@ inherited by all classes except defines.
 174
 175
 176
-177
    +177 +178 +179 +180 +181 +182 +183 - 
    # File 'manifests/params.pp', line 86
+        
    # File 'manifests/params.pp', line 89
 
 class confdroid_nrpe::params (
 
@@ -935,6 +956,7 @@ class confdroid_nrpe::params (
   String $ne_include_file                 = '',
   Optional[String] $ne_ssl_cert_pem       = undef,
   Optional[String] $ne_ssl_privatekey_pem = undef,
+  Optional[String] $ne_ssl_ca_cert_pem    = undef,
 
 # nrpe.conf
   String $ne_ssl_opts                     = '',
@@ -983,6 +1005,8 @@ class confdroid_nrpe::params (
   $ne_ssl_cert_erb            = 'confdroid_nrpe/ssl_cert.erb'
   $ne_ssl_privatekey_file     = "/etc/pki/tls/private/${fqdn}.key.pem"
   $ne_ssl_privatekey_erb      = 'confdroid_nrpe/ssl_privatekey.erb'
+  $ne_ssl_ca_cert_file        = "/etc/pki/tls/certs/${fqdn}-ca-chain.crt.pem"
+  $ne_ssl_ca_cert_erb         = 'confdroid_nrpe/ssl_ca_cert.erb'
 
 # includes must be last
   include confdroid_nrpe::main::config