+
+
+
SERVICE * manage NRPE service
@@ -213,6 +217,9 @@ through this modules. Defaults totrue.
$ne_include_selinux : Whether to manage selinux exception
rules. Defaults to true.
$ne_enable_ssl : Whether to allow SSL settings. See known problems for more details.
The commands are created within /etc/nrpe.d/command.cfg , every set of +instructions creates a new line.
+Defining commands is as simple as that: <code> @@ -240,7 +250,8 @@ $ARG2$', It is very recommendable to define such commands within Puppet modules controlling services, so any node running the particular service will automatically get the required check commands -defined as well.
+defined as well, while nodes not running the service also do not contain +the command check.SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs.
+However, at the time of writing this module, this seems to be buggy, as I
+was unable to start the NRPE service as soon as the
+ssl_cert_file line was uncommented in teh configuration file,
+despite having valid certs in the right position on the node. This happened
+when installing manually, not through this Puppet module. For that reason I
+included the $ne_enable_ssl boolean parameter, which is set to
+false by default, hence disabling SSL/TLS options until this
+has been fixed upstream, or a valid workaround has been found. Setting this
+option to true will include all SSL / TLS settings.
SERVICE * manage NRPE service
@@ -213,6 +217,9 @@ through this modules. Defaults totrue.
$ne_include_selinux : Whether to manage selinux exception
rules. Defaults to true.
$ne_enable_ssl : Whether to allow SSL settings. See known problems for more details.
The commands are created within /etc/nrpe.d/command.cfg , every set of +instructions creates a new line.
+Defining commands is as simple as that: <code> @@ -240,7 +250,8 @@ $ARG2$', It is very recommendable to define such commands within Puppet modules controlling services, so any node running the particular service will automatically get the required check commands -defined as well.
+defined as well, while nodes not running the service also do not contain +the command check.SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs.
+However, at the time of writing this module, this seems to be buggy, as I
+was unable to start the NRPE service as soon as the
+ssl_cert_file line was uncommented in teh configuration file,
+despite having valid certs in the right position on the node. This happened
+when installing manually, not through this Puppet module. For that reason I
+included the $ne_enable_ssl boolean parameter, which is set to
+false by default, hence disabling SSL/TLS options until this
+has been fixed upstream, or a valid workaround has been found. Setting this
+option to true will include all SSL / TLS settings.
cd_nrpe::commands::definitions { 'check_users':
ne_check_cmd => 'check_users',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$',
+ ne_cmd_comment => 'check the amount of user logged in locally',
}-28 29 30 31 @@ -195,10 +195,12 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/. 81 82 83 -84+84 +85 +86
# File 'manifests/commands/definition_rules.pp', line 28 +# File 'manifests/commands/definition_rules.pp', line 29 class cd_nrpe::commands::definition_rules ( @@ -211,8 +213,8 @@ class cd_nrpe::commands::definition_rules ( concat { $ne_cmd_file: ensure => present, path => $ne_cmd_file, - owner => 'root', - group => 'root', + owner => $ne_user, + group => $ne_user, mode => '0640', selrange => s0, selrole => object_r, @@ -234,6 +236,7 @@ class cd_nrpe::commands::definition_rules ( cd_nrpe::commands::definitions { 'check_users': ne_check_cmd => 'check_users', ne_cmd_argstring => '-w $ARG1$ -c $ARG2$', + ne_cmd_comment => 'check the amount of user logged in locally', } cd_nrpe::commands::definitions { 'check_load': @@ -264,7 +267,7 @@ class cd_nrpe::commands::definition_rules ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html index 4f19ccf..ef7ccdd 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html @@ -165,7 +165,7 @@ class cd_nrpe::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html index 6af2ca9..d47dc9f 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html @@ -154,7 +154,7 @@ class cd_nrpe::main::config ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html index fc36c8e..ef965c1 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html @@ -205,7 +205,7 @@ class cd_nrpe::main::dirs ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html index 9dda5ea..31d03c5 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html @@ -166,7 +166,22 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/. 58 59 60 -61+61 +62 +63 +64 +65 +66 +67 +68 +69 +70 +71 +72 +73 +74 +75 +76
# File 'manifests/main/files.pp', line 23
@@ -209,6 +224,21 @@ class cd_nrpe::main::files (
notify => Service[$ne_service],
}
+ if $ne_allow_sudo == true {
+
+ file { $ne_sudo_file:
+ ensure => file,
+ path => $ne_sudo_file,
+ owner => 'root',
+ group => 'root',
+ mode => '0440',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ content => template($ne_sudo_rule_erb),
+ }
+ }
}
path and name of the ssl certificate -authority ( ca) file / chain. must be +authority (ca) file / chain. must be full path.
# File 'manifests/params.pp', line 101 @@ -977,7 +980,7 @@ $pkg_ensure = 'latest', $ne_manage_cmds = true, -# user settings +# NRPE user settings $ne_user = 'nrpe', $ne_user_comment = 'NRPE service user', $ne_user_uid = '1005', @@ -985,6 +988,7 @@ $ne_user_home = '/var/run/nrpe', $ne_user_groups = undef, $ne_user_shell = '/sbin/nologin', + # nrpe.cfg $ne_log_facility = 'daemon', $ne_log_file = '', @@ -1046,6 +1050,8 @@ $ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb' $ne_cmd_file = "${ne_main_conf_d_dir}/commands.cfg" $ne_cmd_head_erb = 'cd_nrpe/cmd_head.erb' $ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb' +$ne_sudo_file = '/etc/sudoers.d/nagios_sudo' +$ne_sudo_rule_erb = 'cd_nrpe/sudo_rule.erb' # includes must be last @@ -1059,7 +1065,7 @@ $ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb' diff --git a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html index dfa3e06..b4ca191 100644 --- a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html +++ b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html @@ -173,6 +173,25 @@ the custom location , i.e. -w $ARG1$ -c $ARG2$. See the arguments in th eman pages for the checks. + + + + +
Specify an optional comment for your command +definition
-31 -32 33 34 35 @@ -206,16 +223,20 @@ checks. 47 48 49 -50+50 +51 +52 +53
# File 'manifests/commands/definitions.pp', line 31 +# File 'manifests/commands/definitions.pp', line 33 define cd_nrpe::commands::definitions ( $ne_check_cmd = undef, $ne_cmd_path = '/usr/lib64/nagios/plugins/', $ne_cmd_argstring = undef, +$ne_cmd_comment = undef, ) { @@ -238,7 +259,7 @@ $ne_manage_cmds = $::cd_nrpe::params::ne_manage_cmds diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index 0edab9c..15181d0 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -90,7 +90,7 @@ diff --git a/manifests/commands/definition_rules.pp b/manifests/commands/definition_rules.pp index d34dc97..a787677 100644 --- a/manifests/commands/definition_rules.pp +++ b/manifests/commands/definition_rules.pp @@ -23,6 +23,7 @@ # cd_nrpe::commands::definitions { 'check_users': # ne_check_cmd => 'check_users', # ne_cmd_argstring => '-w $ARG1$ -c $ARG2$', +# ne_cmd_comment => 'check the amount of user logged in locally', # } ############################################################################### class cd_nrpe::commands::definition_rules ( @@ -36,8 +37,8 @@ class cd_nrpe::commands::definition_rules ( concat { $ne_cmd_file: ensure => present, path => $ne_cmd_file, - owner => 'root', - group => 'root', + owner => $ne_user, + group => $ne_user, mode => '0640', selrange => s0, selrole => object_r, @@ -59,6 +60,7 @@ class cd_nrpe::commands::definition_rules ( cd_nrpe::commands::definitions { 'check_users': ne_check_cmd => 'check_users', ne_cmd_argstring => '-w $ARG1$ -c $ARG2$', + ne_cmd_comment => 'check the amount of user logged in locally', } cd_nrpe::commands::definitions { 'check_load': diff --git a/manifests/commands/definitions.pp b/manifests/commands/definitions.pp index 0d5856c..01f5940 100644 --- a/manifests/commands/definitions.pp +++ b/manifests/commands/definitions.pp @@ -27,12 +27,15 @@ # @param ne_cmd_argstring Specify the string of valid argument for the command # , i.e. -w $ARG1$ -c $ARG2$. See the arguments in th eman pages for the # checks. +# @param [string] ne_cmd_comment Specify an optional comment for your command +# definition ############################################################################### define cd_nrpe::commands::definitions ( $ne_check_cmd = undef, $ne_cmd_path = '/usr/lib64/nagios/plugins/', $ne_cmd_argstring = undef, +$ne_cmd_comment = undef, ) { diff --git a/manifests/main/files.pp b/manifests/main/files.pp index 5b3c305..89f3d36 100644 --- a/manifests/main/files.pp +++ b/manifests/main/files.pp @@ -58,4 +58,19 @@ class cd_nrpe::main::files ( notify => Service[$ne_service], } + if $ne_allow_sudo == true { + + file { $ne_sudo_file: + ensure => file, + path => $ne_sudo_file, + owner => 'root', + group => 'root', + mode => '0440', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + content => template($ne_sudo_rule_erb), + } + } } diff --git a/manifests/params.pp b/manifests/params.pp index ae5ae94..b87607e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -59,7 +59,7 @@ # compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in # this version but will be changed in a later version of NRPE. # @param [string] ne_ssl_cacert_file path and name of the ssl certificate -# authority ( ca) file / chain. must be full path. +# authority (ca) file / chain. must be full path. # @param [string] ne_ssl_cert_file path and name of the server ssl certificate. # must include full path. # @param [string] ne_ssl_privatekey_file path and name of the server ssl @@ -87,7 +87,7 @@ # @param [string] ne_ssl_opts Specify additional SSL options. # @param [string] ne_user the NRPE service user # @param [string] ne_user_comment The comment for the service user /etc/passwd -# @param [string] ne_user_uid the UID for the service user +# @param [string] ne_user_uid the UID for the service user # @param [string] ne_user_home the home for the service user # @param [string] ne_user_shell the shell for the service user. # @param [string] ne_user_groups additional groups for the service user. @@ -104,7 +104,7 @@ $pkg_ensure = 'latest', $ne_manage_cmds = true, -# user settings +# NRPE user settings $ne_user = 'nrpe', $ne_user_comment = 'NRPE service user', $ne_user_uid = '1005', @@ -112,6 +112,7 @@ $ne_user_home = '/var/run/nrpe', $ne_user_groups = undef, $ne_user_shell = '/sbin/nologin', + # nrpe.cfg $ne_log_facility = 'daemon', $ne_log_file = '', @@ -173,6 +174,8 @@ $ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb' $ne_cmd_file = "${ne_main_conf_d_dir}/commands.cfg" $ne_cmd_head_erb = 'cd_nrpe/cmd_head.erb' $ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb' +$ne_sudo_file = '/etc/sudoers.d/nagios_sudo' +$ne_sudo_rule_erb = 'cd_nrpe/sudo_rule.erb' # includes must be last diff --git a/templates/cmd_rule.erb b/templates/cmd_rule.erb index bab311b..0b7d5ea 100644 --- a/templates/cmd_rule.erb +++ b/templates/cmd_rule.erb @@ -1,2 +1,5 @@ +<% unless @ne_cmd_comment.empty? -%> +# <%= @ne_cmd_comment %> +<% end -%> command[<%= @ne_check_cmd %>]=<%= @ne_cmd_path %><%= @ne_check_cmd %> <%= @ne_cmd_argstring %> diff --git a/templates/sudo_rule.erb b/templates/sudo_rule.erb new file mode 100644 index 0000000..9e9b2d3 --- /dev/null +++ b/templates/sudo_rule.erb @@ -0,0 +1,5 @@ +################################################################################ +##### sudo_rule managed by Puppet | manual changes will be overwritten ##### +################################################################################ + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/