Merge branch 'jenkins' into 'master'

Jenkins

See merge request !35

CHANGELOG.md

@@ -8,6 +8,16 @@ Changelog of Git Changelog.
 <h2> No issue </h2>
 
 
+<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/aaaa1589020220e">aaaa1589020220e</a> Arne Teuke <i>2017-07-30 15:22:49</i>
+<p>
+<h3>fixed sudo rule</h3>
+
+</p>
+<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/803a084de9e91ee">803a084de9e91ee</a> Jenkins Server <i>2017-07-30 15:22:44</i>
+<p>
+<h3>recommit for updates in build 53</h3>
+
+</p>
 <a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/4ea243c21706dd4">4ea243c21706dd4</a> Arne Teuke <i>2017-07-30 14:55:05</i>
 <p>
 <h3>adding nrpe user to sudo rule</h3>

README.md

@@ -88,6 +88,7 @@ There are currently no mandatory parameters, i.e. the module will function right
 * `$ne_incl_fw`           : Whether to manage relevant firewall rules through this modules. Defaults to `true`.
 * `$ne_include_selinux`   : Whether to manage selinux exception rules. Defaults to `true`.
 * `$ne_enable_ssl`        : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details.
+* `$ne_allow_sudo         : Whether to allow the nagios / nrpe user to use sudo by default. Controls both the setting `command_prefix` and application of a sudo rule. Defaults to `false` as it usually is not required for most of the checks.
 
 ### Managing Check Commands
 In order to connect a Nagios monitoring server to clients through NRPE, you must define commands and the desired argument strings on the clients. The default NRPE installation comes with a few examples of such commands, which are also included in this module.  However, every environment is very different in their requirements and Nagios via Puppet is all about the ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible.

REPOSTRUCTURE.md

@@ -44,6 +44,8 @@
 |   |   |-- install.pp
 |   |   |-- service.pp
 |   |   `-- user.pp
+|   |-- selinux
+|   |   `-- config.pp
 |   |-- init.pp
 |   `-- params.pp
 |-- templates
@@ -62,4 +64,4 @@
 |-- README.md
 `-- REPOSTRUCTURE.md
 
-11 directories, 51 files
+12 directories, 52 files

doc/_index.html

@@ -118,6 +118,11 @@
       
             </li>
     
+            <li>
+      <span class='object_link'><a href="puppet_classes/cd_nrpe_3A_3Aselinux_3A_3Aconfig.html" title="puppet_classes::cd_nrpe::selinux::config (puppet_class)">cd_nrpe::selinux::config</a></span>
+      
+            </li>
+    
       </ul>
     </ul>
   
@@ -171,7 +176,7 @@
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:40 2017 by
+  Generated on Sun Jul 30 18:58:30 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/file.README.html

@@ -220,6 +220,11 @@ rules. Defaults to <code>true</code>.</p>
 </li><li>
 <p><code>$ne_enable_ssl</code> : Whether to allow SSL settings. See <a
 href="#konwn-problems">known problems</a> for more details.</p>
+</li><li>
+<p><code>$ne_allow_sudo         : Whether to allow the nagios / nrpe user to
+use sudo by default. Controls both the
+setting</code>command_prefix<code>and application of a sudo rule. Defaults
+to</code>false` as it usually is not required for most of the checks.</p>
 </li></ul>
 
 <h3 id="label-Managing+Check+Commands">Managing Check Commands</h3>
@@ -325,7 +330,7 @@ environments.</p>
 </div></div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:41 2017 by
+  Generated on Sun Jul 30 18:58:32 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/index.html

@@ -220,6 +220,11 @@ rules. Defaults to <code>true</code>.</p>
 </li><li>
 <p><code>$ne_enable_ssl</code> : Whether to allow SSL settings. See <a
 href="#konwn-problems">known problems</a> for more details.</p>
+</li><li>
+<p><code>$ne_allow_sudo         : Whether to allow the nagios / nrpe user to
+use sudo by default. Controls both the
+setting</code>command_prefix<code>and application of a sudo rule. Defaults
+to</code>false` as it usually is not required for most of the checks.</p>
 </li></ul>
 
 <h3 id="label-Managing+Check+Commands">Managing Check Commands</h3>
@@ -325,7 +330,7 @@ environments.</p>
 </div></div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:40 2017 by
+  Generated on Sun Jul 30 18:58:31 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_class_list.html

@@ -110,6 +110,13 @@
     </li>
     
 
+    <li id="object_puppet_classes::cd_nrpe::selinux::config" class="odd">
+      <div class="item">
+        <span class='object_link'><a href="puppet_classes/cd_nrpe_3A_3Aselinux_3A_3Aconfig.html" title="puppet_classes::cd_nrpe::selinux::config (puppet_class)">cd_nrpe::selinux::config</a></span>
+      </div>
+    </li>
+    
+
 
       </ul>
     </div>

doc/puppet_classes/cd_nrpe.html

@@ -140,7 +140,7 @@ class cd_nrpe {
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:41 2017 by
+  Generated on Sun Jul 30 18:58:32 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html

@@ -267,7 +267,7 @@ class cd_nrpe::commands::definition_rules (
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:42 2017 by
+  Generated on Sun Jul 30 18:58:33 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html

@@ -165,7 +165,7 @@ class cd_nrpe::firewall::iptables (
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:42 2017 by
+  Generated on Sun Jul 30 18:58:33 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html

@@ -154,7 +154,7 @@ class cd_nrpe::main::config (
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:42 2017 by
+  Generated on Sun Jul 30 18:58:33 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html

@@ -205,7 +205,7 @@ class cd_nrpe::main::dirs (
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:42 2017 by
+  Generated on Sun Jul 30 18:58:33 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html

@@ -247,7 +247,7 @@ class cd_nrpe::main::files (
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:42 2017 by
+  Generated on Sun Jul 30 18:58:33 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html

@@ -160,7 +160,7 @@ class cd_nrpe::main::install (
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:42 2017 by
+  Generated on Sun Jul 30 18:58:33 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html

@@ -149,7 +149,11 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
 41
 42
 43
-44</pre>
+44
+45
+46
+47
+48</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/main/service.pp', line 23</span>
@@ -168,6 +172,10 @@ class cd_nrpe::main::service (
     require cd_nrpe::commands::definition_rules
   }
 
+  if $ne_include_selinux == true {
+    require cd_nrpe::selinux::config
+  }
+
   service { $ne_service:
     ensure      =&gt; running,
     hasstatus   =&gt; true,
@@ -183,7 +191,7 @@ class cd_nrpe::main::service (
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:42 2017 by
+  Generated on Sun Jul 30 18:58:33 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html

@@ -193,7 +193,7 @@ class cd_nrpe::main::user (
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:42 2017 by
+  Generated on Sun Jul 30 18:58:33 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Aparams.html

@@ -79,6 +79,8 @@
       
       <span class='object_link'><a href="cd_nrpe_3A_3Amain_3A_3Aservice.html" title="puppet_classes::cd_nrpe::main::service (puppet_class)">cd_nrpe::main::service</a></span><br/>
       
+      <span class='object_link'><a href="cd_nrpe_3A_3Aselinux_3A_3Aconfig.html" title="puppet_classes::cd_nrpe::selinux::config (puppet_class)">cd_nrpe::selinux::config</a></span><br/>
+      
       <span class='object_link'><a href="cd_nrpe_3A_3Afirewall_3A_3Aiptables.html" title="puppet_classes::cd_nrpe::firewall::iptables (puppet_class)">cd_nrpe::firewall::iptables</a></span><br/>
       
       <span class='object_link'><a href="cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html" title="puppet_classes::cd_nrpe::commands::definition_rules (puppet_class)">cd_nrpe::commands::definition_rules</a></span><br/>
@@ -328,7 +330,7 @@ of the form $(...).</p>
         <span class='type'>(<tt>boolean</tt>)</span>
       
       
-        <em class="default">(defaults to: <tt>true</tt>)</em>
+        <em class="default">(defaults to: <tt>false</tt>)</em>
       
       
         &mdash;
@@ -999,7 +1001,7 @@ $ne_listen_queue_size       = &#39;5&#39;,
 $ne_nagios_server           = $::nagios_server,
 $ne_dont_blame_nrpe         = &#39;1&#39;,
 $ne_allow_bash_cmd_subst    = &#39;1&#39;,
-$ne_allow_sudo              = true,
+$ne_allow_sudo              = false,
 $ne_command_prefix          = &#39;/usr/bin/sudo&#39;,
 $ne_command_timeout         = &#39;60&#39;,
 $ne_connection_timeout      = &#39;300&#39;,
@@ -1065,7 +1067,7 @@ $ne_sudo_rule_erb           = &#39;cd_nrpe/sudo_rule.erb&#39;
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:42 2017 by
+  Generated on Sun Jul 30 18:58:32 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_nrpe_3A_3Aselinux_3A_3Aconfig.html

@@ -0,0 +1,180 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>
+  Puppet Class: cd_nrpe::selinux::config
+  
+    &mdash; Documentation by YARD 0.9.9
+  
+</title>
+
+  <link rel="stylesheet" href="../css/style.css" type="text/css" charset="utf-8" />
+
+  <link rel="stylesheet" href="../css/common.css" type="text/css" charset="utf-8" />
+
+<script type="text/javascript" charset="utf-8">
+  pathId = "puppet_classes::cd_nrpe::selinux::config";
+  relpath = '../';
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="../js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="../js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div class="nav_wrap">
+      <iframe id="nav" src="../puppet_class_list.html?1"></iframe>
+      <div id="resizer"></div>
+    </div>
+
+    <div id="main" tabindex="-1">
+      <div id="header">
+        <div id="menu">
+  
+    <a href="../_index.html">Index (c)</a> &raquo;
+    <span class='title'><span class='object_link'>Puppet Classes</span></span>
+     &raquo; 
+    <span class="title">cd_nrpe::selinux::config</span>
+  
+</div>
+
+        <div id="search">
+  
+    <a class="full_list_link" id="puppet_class_list_link"
+        href="../puppet_class_list.html">
+
+        <svg width="24" height="24">
+          <rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
+        </svg>
+    </a>
+  
+</div>
+        <div class="clear"></div>
+      </div>
+
+      <div id="content"><h1>Puppet Class: cd_nrpe::selinux::config</h1>
+<div class="box_info">
+  
+  <dl>
+    <dt>Inherits:</dt>
+    <dd><span class='object_link'><a href="cd_nrpe_3A_3Aparams.html" title="puppet_classes::cd_nrpe::params (puppet_class)">cd_nrpe::params</a></span></dd>
+  </dl>
+  
+  
+  <dl>
+    <dt>Defined in:</dt>
+    <dd>
+      manifests/selinux/config.pp
+    </dd>
+  </dl>
+</div>
+
+  <h2>Summary</h2>
+  Class manages all aspects of configuring selinux for NRPE.
+
+<h2>Overview</h2>
+<div class="docstring">
+  <div class="discussion">
+    
+<p>cd_nrpe::selinux::config.pp # Module name: cd_nrpe
+Author: Arne Teuke
+(arne_teuke@ConfDroid.com)</p>
+
+<h1 id="label-License%3A">License:</h1>
+
+<p>This file is part of cd_nrpe.</p>
+
+<p>cd_nrpe is used for providing automatic configuration of NRPE
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.</p>
+
+<p>This program is distributed in the hope that it will be useful,
+ but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License
+for more details.</p>
+
+<p>You should have received a copy of the GNU General Public License
+ along
+with this program. If not, see <a
+href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
+
+  </div>
+</div>
+<div class="tags">
+  
+
+</div><div class="method_details_list">
+  <table class="source_code">
+    <tr>
+      <td>
+        <pre class="lines">
+
+
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37</pre>
+      </td>
+      <td>
+        <pre class="code"><span class="info file"># File 'manifests/selinux/config.pp', line 22</span>
+
+class cd_nrpe::selinux::config (
+
+) inherits cd_nrpe::params {
+
+  if $ne_include_selinux == true {
+
+    #  manage allow nagios sudo
+
+    exec { &#39;nagios_run_sudo&#39;:
+      command =&gt;  &#39;setsebool -P nagios_run_sudo 1&#39;,
+      path    =&gt;  [&#39;/usr/bin&#39;,&#39;/usr/sbin&#39;],
+      cwd     =&gt;  &#39;/tmp&#39;,
+      unless  =&gt;  &#39;getsebool nagios_run_sudo | awk \&#39;{print$3}\&#39; | grep -ic &quot;on&quot;&#39;
+    }
+  }
+}</pre>
+      </td>
+    </tr>
+  </table>
+</div>
+</div>
+
+      <div id="footer">
+  Generated on Sun Jul 30 18:58:33 2017 by
+  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.9.9 (ruby-2.0.0).
+</div>
+
+    </div>
+  </body>
+</html>

doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html

@@ -259,7 +259,7 @@ $ne_manage_cmds   = $::cd_nrpe::params::ne_manage_cmds
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:43 2017 by
+  Generated on Sun Jul 30 18:58:33 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/top-level-namespace.html

@@ -90,7 +90,7 @@
 </div>
 
       <div id="footer">
-  Generated on Sun Jul 30 17:22:41 2017 by
+  Generated on Sun Jul 30 18:58:32 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

manifests/main/service.pp

@@ -34,6 +34,10 @@ class cd_nrpe::main::service (
     require cd_nrpe::commands::definition_rules
   }
 
+  if $ne_include_selinux == true {
+    require cd_nrpe::selinux::config
+  }
+
   service { $ne_service:
     ensure      => running,
     hasstatus   => true,

manifests/params.pp

@@ -123,7 +123,7 @@ $ne_listen_queue_size       = '5',
 $ne_nagios_server           = $::nagios_server,
 $ne_dont_blame_nrpe         = '1',
 $ne_allow_bash_cmd_subst    = '1',
-$ne_allow_sudo              = true,
+$ne_allow_sudo              = false,
 $ne_command_prefix          = '/usr/bin/sudo',
 $ne_command_timeout         = '60',
 $ne_connection_timeout      = '300',

manifests/selinux/config.pp

@@ -0,0 +1,37 @@
+## cd_nrpe::selinux::config.pp # Module name: cd_nrpe
+# Author: Arne Teuke (arne_teuke@ConfDroid.com)
+# # License:
+#    This file is part of cd_nrpe.
+#
+#    cd_nrpe is used for providing automatic configuration of NRPE
+#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+# @summary  Class manages all aspects of configuring selinux for NRPE.
+##############################################################################
+class cd_nrpe::selinux::config (
+
+) inherits cd_nrpe::params {
+
+  if $ne_include_selinux == true {
+
+    #  manage allow nagios sudo
+
+    exec { 'nagios_run_sudo':
+      command =>  'setsebool -P nagios_run_sudo 1',
+      path    =>  ['/usr/bin','/usr/sbin'],
+      cwd     =>  '/tmp',
+      unless  =>  'getsebool nagios_run_sudo | awk \'{print$3}\' | grep -ic "on"'
+    }
+  }
+}

templates/sudo_rule.erb

@@ -2,5 +2,8 @@
 #####   sudo_rule managed by Puppet | manual changes will be overwritten   #####
 ################################################################################
 
+Defaults:nrpe !requiretty
+Defaults:nagios !requiretty
+
 nagios          ALL=(ALL) NOPASSWD: /usr/lib64/nagios/plugins/
 nrpe            ALL=(ALL) NOPASSWD: /usr/lib64/nagios/plugins/