From ae65987869f779c8285c6927e55d9ce00b23aae6 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 30 Jul 2017 13:17:19 +0100 Subject: [PATCH 1/6] added comment option --- README.md | 7 +++++-- manifests/commands/definition_rules.pp | 2 ++ manifests/commands/definitions.pp | 3 +++ templates/cmd_rule.erb | 3 +++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0c11d85..2aee7a7 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,9 @@ CONFIGURATION * manage configuration files through parameters: * nrpe.conf * nrpe.cfg - * commands.cfg (optional) -* manage iptables (optionals ) +* manage dynamic NRPE check command definitions +* manage iptables (optional) +* manage selinux rule exceptions (optional) SERVICE * manage NRPE service @@ -89,6 +90,8 @@ There are currently no mandatory parameters, i.e. the module will function right ### Managing Check Commands In order to connect a Nagios monitoring server to clients through NRPE, you must define commands and the desired argument strings on the clients. The default NRPE installation comes with a few examples of such commands, which are also included in this module. However, every environment is very different in their requirements and Nagios via Puppet is all about the ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible. +The commands are created within /etc/nrpe.d/command.cfg , every set of instructions creates a new line. + Defining commands is as simple as that: ``` `cd_nrpe::commands::definitions` { 'check_users': diff --git a/manifests/commands/definition_rules.pp b/manifests/commands/definition_rules.pp index d34dc97..9bdaed1 100644 --- a/manifests/commands/definition_rules.pp +++ b/manifests/commands/definition_rules.pp @@ -23,6 +23,7 @@ # cd_nrpe::commands::definitions { 'check_users': # ne_check_cmd => 'check_users', # ne_cmd_argstring => '-w $ARG1$ -c $ARG2$', +# ne_cmd_comment => 'check the amount of user logged in locally', # } ############################################################################### class cd_nrpe::commands::definition_rules ( @@ -59,6 +60,7 @@ class cd_nrpe::commands::definition_rules ( cd_nrpe::commands::definitions { 'check_users': ne_check_cmd => 'check_users', ne_cmd_argstring => '-w $ARG1$ -c $ARG2$', + ne_cmd_comment => 'check the amount of user logged in locally', } cd_nrpe::commands::definitions { 'check_load': diff --git a/manifests/commands/definitions.pp b/manifests/commands/definitions.pp index 0d5856c..01f5940 100644 --- a/manifests/commands/definitions.pp +++ b/manifests/commands/definitions.pp @@ -27,12 +27,15 @@ # @param ne_cmd_argstring Specify the string of valid argument for the command # , i.e. -w $ARG1$ -c $ARG2$. See the arguments in th eman pages for the # checks. +# @param [string] ne_cmd_comment Specify an optional comment for your command +# definition ############################################################################### define cd_nrpe::commands::definitions ( $ne_check_cmd = undef, $ne_cmd_path = '/usr/lib64/nagios/plugins/', $ne_cmd_argstring = undef, +$ne_cmd_comment = undef, ) { diff --git a/templates/cmd_rule.erb b/templates/cmd_rule.erb index bab311b..0b7d5ea 100644 --- a/templates/cmd_rule.erb +++ b/templates/cmd_rule.erb @@ -1,2 +1,5 @@ +<% unless @ne_cmd_comment.empty? -%> +# <%= @ne_cmd_comment %> +<% end -%> command[<%= @ne_check_cmd %>]=<%= @ne_cmd_path %><%= @ne_check_cmd %> <%= @ne_cmd_argstring %> From 106e7b4e14b22f849831130fff823e09f3b0fabe Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 30 Jul 2017 13:25:04 +0100 Subject: [PATCH 2/6] edited README --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2aee7a7..e5e899b 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,8 @@ There are currently no mandatory parameters, i.e. the module will function right * `$ne_manage_cmds` : Whether to manage check command definitions dynamically through a define, i.e. from other Puppet modules or profiles. Defaults to `true`. * `$ne_incl_fw` : Whether to manage relevant firewall rules through this modules. Defaults to `true`. * `$ne_include_selinux` : Whether to manage selinux exception rules. Defaults to `true`. +* `$ne_enable_ssl` : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details. + ### Managing Check Commands In order to connect a Nagios monitoring server to clients through NRPE, you must define commands and the desired argument strings on the clients. The default NRPE installation comes with a few examples of such commands, which are also included in this module. However, every environment is very different in their requirements and Nagios via Puppet is all about the ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible. @@ -99,13 +101,14 @@ Defining commands is as simple as that: `ne_cmd_argstring` => '-w $ARG1$ -c $ARG2$', } ``` -It is very recommendable to define such commands within Puppet modules controlling services, so any node running the particular service will automatically get the required check commands defined as well. +It is very recommendable to define such commands within Puppet modules controlling services, so any node running the particular service will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. ### SELINUX All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored. ### Known Problems +* SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs. However, at the time of writing this module, this seems to be buggy, as I was unable to start the NRPE service as soon as the `ssl_cert_file` line was uncommented in teh configuration file, despite having valid certs in the right position on the node. This happened when installing manually, not through this Puppet module. For that reason I included the `$ne_enable_ssl` boolean parameter, which is set to `false` by default, hence disabling SSL/TLS options until this has been fixed upstream, or a valid workaround has been found. Setting this option to `true` will include all SSL / TLS settings. ### Support * OS: CentOS 6, 7 From 6ae7e881a960237b24dfd79977a50b51f8eb3a78 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 30 Jul 2017 13:32:50 +0100 Subject: [PATCH 3/6] fixed permissions on command.cfg file --- manifests/commands/definition_rules.pp | 4 ++-- manifests/params.pp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/commands/definition_rules.pp b/manifests/commands/definition_rules.pp index 9bdaed1..a787677 100644 --- a/manifests/commands/definition_rules.pp +++ b/manifests/commands/definition_rules.pp @@ -37,8 +37,8 @@ class cd_nrpe::commands::definition_rules ( concat { $ne_cmd_file: ensure => present, path => $ne_cmd_file, - owner => 'root', - group => 'root', + owner => $ne_user, + group => $ne_user, mode => '0640', selrange => s0, selrole => object_r, diff --git a/manifests/params.pp b/manifests/params.pp index ae5ae94..06d7c29 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -59,7 +59,7 @@ # compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in # this version but will be changed in a later version of NRPE. # @param [string] ne_ssl_cacert_file path and name of the ssl certificate -# authority ( ca) file / chain. must be full path. +# authority (ca) file / chain. must be full path. # @param [string] ne_ssl_cert_file path and name of the server ssl certificate. # must include full path. # @param [string] ne_ssl_privatekey_file path and name of the server ssl @@ -87,7 +87,7 @@ # @param [string] ne_ssl_opts Specify additional SSL options. # @param [string] ne_user the NRPE service user # @param [string] ne_user_comment The comment for the service user /etc/passwd -# @param [string] ne_user_uid the UID for the service user +# @param [string] ne_user_uid the UID for the service user # @param [string] ne_user_home the home for the service user # @param [string] ne_user_shell the shell for the service user. # @param [string] ne_user_groups additional groups for the service user. From 5227b44c620f33a2171c07da379bad64815ba297 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 30 Jul 2017 15:01:52 +0100 Subject: [PATCH 4/6] fixed permissions on command.cfg file --- README.md | 9 ++++----- manifests/main/files.pp | 15 +++++++++++++++ manifests/params.pp | 5 ++++- templates/sudo_rule.erb | 5 +++++ 4 files changed, 28 insertions(+), 6 deletions(-) create mode 100644 templates/sudo_rule.erb diff --git a/README.md b/README.md index e5e899b..fe95115 100644 --- a/README.md +++ b/README.md @@ -83,11 +83,10 @@ There are currently no mandatory parameters, i.e. the module will function right ### Optional Parameters -* `$ne_manage_cmds` : Whether to manage check command definitions dynamically through a define, i.e. from other Puppet modules or profiles. Defaults to `true`. -* `$ne_incl_fw` : Whether to manage relevant firewall rules through this modules. Defaults to `true`. -* `$ne_include_selinux` : Whether to manage selinux exception rules. Defaults to `true`. -* `$ne_enable_ssl` : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details. - +* `$ne_manage_cmds` : Whether to manage check command definitions dynamically through a define, i.e. from other Puppet modules or profiles. Defaults to `true`. +* `$ne_incl_fw` : Whether to manage relevant firewall rules through this modules. Defaults to `true`. +* `$ne_include_selinux` : Whether to manage selinux exception rules. Defaults to `true`. +* `$ne_enable_ssl` : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details. ### Managing Check Commands In order to connect a Nagios monitoring server to clients through NRPE, you must define commands and the desired argument strings on the clients. The default NRPE installation comes with a few examples of such commands, which are also included in this module. However, every environment is very different in their requirements and Nagios via Puppet is all about the ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible. diff --git a/manifests/main/files.pp b/manifests/main/files.pp index 5b3c305..89f3d36 100644 --- a/manifests/main/files.pp +++ b/manifests/main/files.pp @@ -58,4 +58,19 @@ class cd_nrpe::main::files ( notify => Service[$ne_service], } + if $ne_allow_sudo == true { + + file { $ne_sudo_file: + ensure => file, + path => $ne_sudo_file, + owner => 'root', + group => 'root', + mode => '0440', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + content => template($ne_sudo_rule_erb), + } + } } diff --git a/manifests/params.pp b/manifests/params.pp index 06d7c29..b87607e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -104,7 +104,7 @@ $pkg_ensure = 'latest', $ne_manage_cmds = true, -# user settings +# NRPE user settings $ne_user = 'nrpe', $ne_user_comment = 'NRPE service user', $ne_user_uid = '1005', @@ -112,6 +112,7 @@ $ne_user_home = '/var/run/nrpe', $ne_user_groups = undef, $ne_user_shell = '/sbin/nologin', + # nrpe.cfg $ne_log_facility = 'daemon', $ne_log_file = '', @@ -173,6 +174,8 @@ $ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb' $ne_cmd_file = "${ne_main_conf_d_dir}/commands.cfg" $ne_cmd_head_erb = 'cd_nrpe/cmd_head.erb' $ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb' +$ne_sudo_file = '/etc/sudoers.d/nagios_sudo' +$ne_sudo_rule_erb = 'cd_nrpe/sudo_rule.erb' # includes must be last diff --git a/templates/sudo_rule.erb b/templates/sudo_rule.erb new file mode 100644 index 0000000..9e9b2d3 --- /dev/null +++ b/templates/sudo_rule.erb @@ -0,0 +1,5 @@ +################################################################################ +##### sudo_rule managed by Puppet | manual changes will be overwritten ##### +################################################################################ + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ From e82991f7ee64faed9522a80ce3171736a3f538f9 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 30 Jul 2017 15:03:50 +0100 Subject: [PATCH 5/6] edited README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index fe95115..2f48d87 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ CONFIGURATION * manage configuration files through parameters: * nrpe.conf * nrpe.cfg +* manage sudo role for nagios user on NRPE clients * manage dynamic NRPE check command definitions * manage iptables (optional) * manage selinux rule exceptions (optional) From e683f873a393b9a27b3a1d85376a4f2439515a4c Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Sun, 30 Jul 2017 16:03:58 +0200 Subject: [PATCH 6/6] recommit for updates in build 50 --- CHANGELOG.md | 15 ++++++++ REPOSTRUCTURE.md | 5 +-- doc/_index.html | 2 +- doc/file.README.html | 33 +++++++++++++++--- doc/index.html | 33 +++++++++++++++--- doc/puppet_classes/cd_nrpe.html | 2 +- ...e_3A_3Acommands_3A_3Adefinition_rules.html | 15 ++++---- .../cd_nrpe_3A_3Afirewall_3A_3Aiptables.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Aconfig.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Adirs.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Afiles.html | 34 +++++++++++++++++-- .../cd_nrpe_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Aservice.html | 2 +- .../cd_nrpe_3A_3Amain_3A_3Auser.html | 2 +- doc/puppet_classes/cd_nrpe_3A_3Aparams.html | 14 +++++--- ...d_nrpe_3A_3Acommands_3A_3Adefinitions.html | 31 ++++++++++++++--- doc/top-level-namespace.html | 2 +- 17 files changed, 160 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52d21b2..53fb27b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,21 @@ Changelog of Git Changelog.

No issue

+c0a5382d2c4cd88 Arne Teuke 2017-07-30 12:07:53 +

+

added basic command examples

+ +

+2e89f817d99fb64 Jenkins Server 2017-07-30 12:07:49 +

+

recommit for updates in build 43

+ +

+5f91d2a4715fe48 Arne Teuke 2017-07-30 12:06:19 +

+

added basic command examples

+ +

5c0374245dc1e72 Arne Teuke 2017-07-30 11:50:55

added test command

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index 75fc289..2c32000 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -50,7 +50,8 @@ | |-- cmd_head.erb | |-- cmd_rule.erb | |-- nrpe_cfg.erb -| `-- nrpe_conf.erb +| |-- nrpe_conf.erb +| `-- sudo_rule.erb |-- tests | `-- UTF_Files |-- CHANGELOG.md @@ -61,4 +62,4 @@ |-- README.md `-- REPOSTRUCTURE.md -11 directories, 50 files +11 directories, 51 files diff --git a/doc/_index.html b/doc/_index.html index 26d55f9..9457811 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -171,7 +171,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 0ec7a80..ecfad14 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -132,9 +132,13 @@ structure (file system permissions, selinux context) through parameters manage configuration files through parameters: * nrpe.conf * nrpe.cfg - * -commands.cfg (optional) -* manage iptables (optionals )

+* +manage sudo role for nagios user on NRPE clients +* manage dynamic NRPE +check command definitions +* manage iptables (optional) +* manage selinux +rule exceptions (optional)

SERVICE * manage NRPE service

@@ -213,6 +217,9 @@ through this modules. Defaults to true.

  • $ne_include_selinux : Whether to manage selinux exception rules. Defaults to true.

    +
  • +

    $ne_enable_ssl : Whether to allow SSL settings. See known problems for more details.

    • Managing Check Commands

    @@ -226,6 +233,9 @@ ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible.

    +

    The commands are created within /etc/nrpe.d/command.cfg , every set of +instructions creates a new line.

    +

    Defining commands is as simple as that: <code> @@ -240,7 +250,8 @@ $ARG2$', It is very recommendable to define such commands within Puppet modules controlling services, so any node running the particular service will automatically get the required check commands -defined as well.

    +defined as well, while nodes not running the service also do not contain +the command check.

    SELINUX

    @@ -248,6 +259,18 @@ defined as well.

    selinux is disabled, these contexts are ignored.

    Known Problems

    +
    • +

      SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs. +However, at the time of writing this module, this seems to be buggy, as I +was unable to start the NRPE service as soon as the +ssl_cert_file line was uncommented in teh configuration file, +despite having valid certs in the right position on the node. This happened +when installing manually, not through this Puppet module. For that reason I +included the $ne_enable_ssl boolean parameter, which is set to +false by default, hence disabling SSL/TLS options until this +has been fixed upstream, or a valid workaround has been found. Setting this +option to true will include all SSL / TLS settings.

      +

    Support

    • @@ -302,7 +325,7 @@ environments.

      diff --git a/doc/index.html b/doc/index.html index 0607b51..f4c585e 100644 --- a/doc/index.html +++ b/doc/index.html @@ -132,9 +132,13 @@ structure (file system permissions, selinux context) through parameters manage configuration files through parameters: * nrpe.conf * nrpe.cfg - * -commands.cfg (optional) -* manage iptables (optionals )

      +* +manage sudo role for nagios user on NRPE clients +* manage dynamic NRPE +check command definitions +* manage iptables (optional) +* manage selinux +rule exceptions (optional)

      SERVICE * manage NRPE service

      @@ -213,6 +217,9 @@ through this modules. Defaults to true.

    • $ne_include_selinux : Whether to manage selinux exception rules. Defaults to true.

      +
    • +

      $ne_enable_ssl : Whether to allow SSL settings. See known problems for more details.

    Managing Check Commands

    @@ -226,6 +233,9 @@ ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible.

    +

    The commands are created within /etc/nrpe.d/command.cfg , every set of +instructions creates a new line.

    +

    Defining commands is as simple as that: <code> @@ -240,7 +250,8 @@ $ARG2$', It is very recommendable to define such commands within Puppet modules controlling services, so any node running the particular service will automatically get the required check commands -defined as well.

    +defined as well, while nodes not running the service also do not contain +the command check.

    SELINUX

    @@ -248,6 +259,18 @@ defined as well.

    selinux is disabled, these contexts are ignored.

    Known Problems

    +
    • +

      SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs. +However, at the time of writing this module, this seems to be buggy, as I +was unable to start the NRPE service as soon as the +ssl_cert_file line was uncommented in teh configuration file, +despite having valid certs in the right position on the node. This happened +when installing manually, not through this Puppet module. For that reason I +included the $ne_enable_ssl boolean parameter, which is set to +false by default, hence disabling SSL/TLS options until this +has been fixed upstream, or a valid workaround has been found. Setting this +option to true will include all SSL / TLS settings.

      +

    Support

    • @@ -302,7 +325,7 @@ environments.

      diff --git a/doc/puppet_classes/cd_nrpe.html b/doc/puppet_classes/cd_nrpe.html index d312bff..9f436a5 100644 --- a/doc/puppet_classes/cd_nrpe.html +++ b/doc/puppet_classes/cd_nrpe.html @@ -140,7 +140,7 @@ class cd_nrpe { diff --git a/doc/puppet_classes/cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html b/doc/puppet_classes/cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html index 1d950bf..fdda762 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html @@ -127,6 +127,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

      cd_nrpe::commands::definitions { 'check_users':
   ne_check_cmd      =>  'check_users',
   ne_cmd_argstring  =>  '-w $ARG1$ -c $ARG2$',
+  ne_cmd_comment    =>  'check the amount of user logged in locally',
 }
      @@ -139,7 +140,6 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

       
 
-28
 29
 30
 31
@@ -195,10 +195,12 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
      
 81
 82
 83
-84
      +84 +85 +86 - 
      # File 'manifests/commands/definition_rules.pp', line 28
+        
      # File 'manifests/commands/definition_rules.pp', line 29
 
 class cd_nrpe::commands::definition_rules (
 
@@ -211,8 +213,8 @@ class cd_nrpe::commands::definition_rules (
     concat { $ne_cmd_file:
       ensure    =>  present,
       path      =>  $ne_cmd_file,
-      owner     =>  'root',
-      group     =>  'root',
+      owner     =>  $ne_user,
+      group     =>  $ne_user,
       mode      =>  '0640',
       selrange  =>  s0,
       selrole   =>  object_r,
@@ -234,6 +236,7 @@ class cd_nrpe::commands::definition_rules (
     cd_nrpe::commands::definitions { 'check_users':
       ne_check_cmd      =>  'check_users',
       ne_cmd_argstring  =>  '-w $ARG1$ -c $ARG2$',
+      ne_cmd_comment    =>  'check the amount of user logged in locally',
     }
 
     cd_nrpe::commands::definitions { 'check_load':
@@ -264,7 +267,7 @@ class cd_nrpe::commands::definition_rules (
 
 
       
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html
index 4f19ccf..ef7ccdd 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html
@@ -165,7 +165,7 @@ class cd_nrpe::firewall::iptables (
 
 
       
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html
index 6af2ca9..d47dc9f 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html
@@ -154,7 +154,7 @@ class cd_nrpe::main::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html
index fc36c8e..ef965c1 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html
@@ -205,7 +205,7 @@ class cd_nrpe::main::dirs (
 
 
       
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html
index 9dda5ea..31d03c5 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html
@@ -166,7 +166,22 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
      
 58
 59
 60
-61
      
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
      # File 'manifests/main/files.pp', line 23
@@ -209,6 +224,21 @@ class cd_nrpe::main::files (
     notify    =>  Service[$ne_service],
   }
 
+  if $ne_allow_sudo == true {
+
+    file { $ne_sudo_file:
+      ensure    =>  file,
+      path      =>  $ne_sudo_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0440',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  etc_t,
+      seluser   =>  system_u,
+      content   =>  template($ne_sudo_rule_erb),
+    }
+  }
 }
      @@ -217,7 +247,7 @@ class cd_nrpe::main::files ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html index acc08e8..4ba5626 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html @@ -160,7 +160,7 @@ class cd_nrpe::main::install ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html index f659d1b..e0c4901 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html @@ -183,7 +183,7 @@ class cd_nrpe::main::service ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html index 1f16080..374e110 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html @@ -193,7 +193,7 @@ class cd_nrpe::main::user ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html index 2eb2c37..1c356c4 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html @@ -494,7 +494,7 @@ changed in a later version of NRPE.

      path and name of the ssl certificate -authority ( ca) file / chain. must be +authority (ca) file / chain. must be full path.

      @@ -966,7 +966,10 @@ checks, to allow dynamic check 178 179 180 -181 +181 +182 +183 +184 
      # File 'manifests/params.pp', line 101
@@ -977,7 +980,7 @@ $pkg_ensure                 = 'latest',
 
 $ne_manage_cmds             = true,
 
-# user settings
+# NRPE user settings
 $ne_user                    = 'nrpe',
 $ne_user_comment            = 'NRPE service user',
 $ne_user_uid                = '1005',
@@ -985,6 +988,7 @@ $ne_user_home               = '/var/run/nrpe',
 $ne_user_groups             = undef,
 $ne_user_shell              = '/sbin/nologin',
 
+
 # nrpe.cfg
 $ne_log_facility            = 'daemon',
 $ne_log_file                = '',
@@ -1046,6 +1050,8 @@ $ne_nrpe_conf_erb           = 'cd_nrpe/nrpe_conf.erb'
 $ne_cmd_file                = "${ne_main_conf_d_dir}/commands.cfg"
 $ne_cmd_head_erb            = 'cd_nrpe/cmd_head.erb'
 $ne_cmd_rule_erb            = 'cd_nrpe/cmd_rule.erb'
+$ne_sudo_file               = '/etc/sudoers.d/nagios_sudo'
+$ne_sudo_rule_erb           = 'cd_nrpe/sudo_rule.erb'
 
 # includes must be last
 
@@ -1059,7 +1065,7 @@ $ne_cmd_rule_erb            = 'cd_nrpe/cmd_rule.erb'
 
 
       
diff --git a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html
index dfa3e06..b4ca191 100644
--- a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html
+++ b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html
@@ -173,6 +173,25 @@ the custom location
 , i.e. -w $ARG1$ -c
 $ARG2$. See the arguments in th eman pages for the
 checks.
      
+
+      
+
      • + +
    • + + ne_cmd_comment + + + (string) + + + (defaults to: undef) + + + — +
      +

      Specify an optional comment for your command +definition

      • @@ -187,8 +206,6 @@ checks.

       
 
-31
-32
 33
 34
 35
@@ -206,16 +223,20 @@ checks.
      
 47
 48
 49
-50
      +50 +51 +52 +53 - 
      # File 'manifests/commands/definitions.pp', line 31
+        
      # File 'manifests/commands/definitions.pp', line 33
 
 define cd_nrpe::commands::definitions (
 
 $ne_check_cmd     = undef,
 $ne_cmd_path      = '/usr/lib64/nagios/plugins/',
 $ne_cmd_argstring = undef,
+$ne_cmd_comment   = undef,
 
 ) {
 
@@ -238,7 +259,7 @@ $ne_manage_cmds   = $::cd_nrpe::params::ne_manage_cmds
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 0edab9c..15181d0 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@