Recommit for updates in build 55

Merge remote-tracking branch 'origin/master' into jenkins-build-55
OP#501 finalize SSL settings
2026-03-15 17:08:15 +01:00 · 2026-03-15 17:07:13 +01:00 · 2026-03-15 17:06:52 +01:00 · 2026-03-15 17:00:32 +01:00 · 2026-03-15 16:59:33 +01:00 · 2026-03-15 16:59:12 +01:00
6 changed files with 26 additions and 177 deletions
--- a/124
+++ b/124
@@ -1,124 +0,0 @@
 pipeline {
    agent any
    post {
        always {
            deleteDir() /* clean up our workspace */
        }
        success {
            updateGitlabCommitStatus state: 'success'
        }
        failure {
            updateGitlabCommitStatus state: 'failed'
            step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
        }
    }
    options {
          gitLabConnection('gitlab.confdroid.com')
    }
    stages {
      stage('pull master') {
        steps {
          sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
            sh '''
                git config user.name "Jenkins Server"
                git config user.email jenkins@confdroid.com
                # Ensure we're on the development branch (triggered by push)
                git checkout development
                # Create jenkins branch from development
                git checkout -b jenkins-build-$BUILD_NUMBER
                # Optionally merge master into jenkins to ensure compatibility
                git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
            '''
        }
      }
    }
      stage('puppet parser') {
        steps {
          sh '''for file in $(find . -iname \'*.pp\'); do
            /opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
            done;'''
          }
        }
      stage('check templates') {
        steps{
          sh '''for file in $(find . -iname \'*.erb\');
            do erb -P -x -T "-" $file | ruby -c || exit 1;
            done;'''
        }
      }
      stage('puppet-lint') {
        steps {
          sh '''/usr/local/bin/puppet-lint . \\
                --no-variable_scope-check \\
                || { echo "Puppet lint failed"; exit 1; }
            '''
          }
        }
      stage('SonarScan') {
         steps {
            withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
              sh '''
              /opt/sonar-scanner/bin/sonar-scanner \
                -Dsonar.projectKey=confdroid_nrpe \
                -Dsonar.sources=. \
                -Dsonar.host.url=https://sonarqube.confdroid.com \
                -Dsonar.token=$SONAR_TOKEN
                '''
              }
            }
          }
      stage('create Puppet documentation') {
        steps {
          sh '/opt/puppetlabs/bin/puppet strings'
        }
      }
      stage('update repo') {
        steps {
          sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
            sh '''
                git config user.name "Jenkins Server"
                git config user.email jenkins@confdroid.com
                git rm -r --cached .vscode || echo "No .vscode to remove from git"
                git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
                git push origin HEAD:master
            '''
        }
      }
    }
      stage('Mirror to Gitea') {
        steps {
          withCredentials([usernamePassword(
            credentialsId: 'Jenkins-gitea',
            usernameVariable: 'GITEA_USER',
            passwordVariable: 'GITEA_TOKEN')]) {
            script {
              // Checkout from GitLab (already done implicitly)
                sh '''
                  git checkout master
                  git pull origin master
                  git branch -D development
                  git branch -D jenkins-build-$BUILD_NUMBER
                  git rm -f Jenkinsfile
                  git rm -r --cached .vscode || echo "No .vscode to remove from git"
                  git commit --amend --no-edit --allow-empty
                  git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_nrpe.git
                  git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
                  push master --mirror
                  '''
          }
        }
      }
    }
  }
 }
--- a/doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html
@@ -206,8 +206,7 @@
 108
 109
 110
-111
+111</pre>
 112</pre>
      </td>
      <td>
        <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -278,15 +277,14 @@ class confdroid_nrpe::main::files (
      notify   =&gt; Exec[&#39;create_nrpe_pp&#39;],
    }
  }
  # file for ssl certificate
  if $ne_enable_ssl == true {
    file { $ne_ssl_cert_file:
      ensure   =&gt; file,
      path     =&gt; $ne_ssl_cert_file,
-      owner    =&gt; &#39;root&#39;,
+      owner    =&gt; $ne_user,
-      group    =&gt; &#39;root&#39;,
+      group    =&gt; $ne_user,
-      mode     =&gt; &#39;0644&#39;,
+      mode     =&gt; &#39;0440&#39;,
      selrange =&gt; s0,
      selrole  =&gt; object_r,
      seltype  =&gt; cert_t,
@@ -296,9 +294,9 @@ class confdroid_nrpe::main::files (
    file { $ne_ssl_privatekey_file:
      ensure   =&gt; file,
      path     =&gt; $ne_ssl_privatekey_file,
-      owner    =&gt; &#39;root&#39;,
+      owner    =&gt; $ne_user,
-      group    =&gt; &#39;root&#39;,
+      group    =&gt; $ne_user,
-      mode     =&gt; &#39;0600&#39;,
+      mode     =&gt; &#39;0400&#39;,
      selrange =&gt; s0,
      selrole  =&gt; object_r,
      seltype  =&gt; cert_t,
@@ -308,9 +306,9 @@ class confdroid_nrpe::main::files (
    file { $ne_ssl_ca_cert_file:
      ensure   =&gt; file,
      path     =&gt; $ne_ssl_ca_cert_file,
-      owner    =&gt; &#39;root&#39;,
+      owner    =&gt; $ne_user,
-      group    =&gt; &#39;root&#39;,
+      group    =&gt; $ne_user,
-      mode     =&gt; &#39;0644&#39;,
+      mode     =&gt; &#39;0440&#39;,
      selrange =&gt; s0,
      selrole  =&gt; object_r,
      seltype  =&gt; cert_t,
--- a/doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
@@ -349,24 +349,6 @@ inherited by all classes except defines.
    </li>
    <li>
        <span class='name'>ne_ssl_version</span>
        <span class='type'>(<tt>String</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;TLSv2+&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>These directives allow you to specify how to use SSL/TLS.</p>
 </div>
    </li>
    <li>
        <span class='name'>ne_ssl_cipher_list</span>
@@ -781,6 +763,8 @@ inherited by all classes except defines.
        <pre class="lines">
 82
 83
 84
 85
 86
@@ -871,13 +855,10 @@ inherited by all classes except defines.
 171
 172
 173
-174
+174</pre>
 175
 176
 177</pre>
      </td>
      <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 84</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 82</span>
 class confdroid_nrpe::params (
@@ -909,7 +890,6 @@ class confdroid_nrpe::params (
  String $ne_connection_timeout           = &#39;300&#39;,
  String $ne_allow_weak_rnd_seed          = &#39;1&#39;,
  Boolean $ne_enable_ssl                  = false,
  String $ne_ssl_version                  = &#39;TLSv2+&#39;,
  String $ne_ssl_cipher_list              = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;,
  String $ne_ssl_client_certs             = &#39;0&#39;,
  String $ne_ssl_logging                  = &#39;0x00&#39;,
@@ -963,7 +943,7 @@ class confdroid_nrpe::params (
  $ne_checkmodule_nrpe_erb    = &#39;confdroid_nrpe/checkmodule_nrpe.erb&#39;
  $ne_nrpe_pp_file            = &quot;${ne_main_conf_d_dir}/nrpe.pp&quot;
  $ne_semodule_erb            =  &#39;confdroid_nrpe/semodule_nrpe.erb&#39;
-  $ne_ssl_cert_file           = &quot;${ne_servercert_dir}/nagios-crt.pem&quot;
+  $ne_ssl_cert_file           = &quot;${ne_servercert_dir}/nagios-cert.pem&quot;
  $ne_ssl_cert_erb            = &#39;confdroid_nrpe/ssl_cert.erb&#39;
  $ne_ssl_privatekey_file     = &quot;${ne_servercert_dir}/nagios-key.pem&quot;
  $ne_ssl_privatekey_erb      = &#39;confdroid_nrpe/ssl_privatekey.erb&#39;
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -69,15 +69,14 @@ class confdroid_nrpe::main::files (
      notify   => Exec['create_nrpe_pp'],
    }
  }
  # file for ssl certificate
  if $ne_enable_ssl == true {
    file { $ne_ssl_cert_file:
      ensure   => file,
      path     => $ne_ssl_cert_file,
-      owner    => 'root',
+      owner    => $ne_user,
-      group    => 'root',
+      group    => $ne_user,
-      mode     => '0644',
+      mode     => '0440',
      selrange => s0,
      selrole  => object_r,
      seltype  => cert_t,
@@ -87,9 +86,9 @@ class confdroid_nrpe::main::files (
    file { $ne_ssl_privatekey_file:
      ensure   => file,
      path     => $ne_ssl_privatekey_file,
-      owner    => 'root',
+      owner    => $ne_user,
-      group    => 'root',
+      group    => $ne_user,
-      mode     => '0600',
+      mode     => '0400',
      selrange => s0,
      selrole  => object_r,
      seltype  => cert_t,
@@ -99,9 +98,9 @@ class confdroid_nrpe::main::files (
    file { $ne_ssl_ca_cert_file:
      ensure   => file,
      path     => $ne_ssl_ca_cert_file,
-      owner    => 'root',
+      owner    => $ne_user,
-      group    => 'root',
+      group    => $ne_user,
-      mode     => '0644',
+      mode     => '0440',
      selrange => s0,
      selrole  => object_r,
      seltype  => cert_t,
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -30,8 +30,6 @@
 #   daemon will allow plugins to finish executing before killing them off.
 # @param [String] ne_connection_timeout maximum number of seconds that the
 #   NRPE daemon will wait for a connection to be established before exiting.
 # @param [String] ne_ssl_version These directives allow you to specify how to
 #   use SSL/TLS.
 # @param [String] ne_ssl_cipher_list ciphers can be used. For backward
 #   compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in
 #   this version but will be changed in a later version of NRPE.
@@ -111,7 +109,6 @@ class confdroid_nrpe::params (
  String $ne_connection_timeout           = '300',
  String $ne_allow_weak_rnd_seed          = '1',
  Boolean $ne_enable_ssl                  = false,
  String $ne_ssl_version                  = 'TLSv2+',
  String $ne_ssl_cipher_list              = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
  String $ne_ssl_client_certs             = '0',
  String $ne_ssl_logging                  = '0x00',
--- a/templates/nrpe_cfg.erb
+++ b/templates/nrpe_cfg.erb
@@ -34,7 +34,6 @@ connection_timeout=<%= @ne_connection_timeout %>
 allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %>
 <% if @ne_enable_ssl == true -%>
 ssl_version=<%= @ne_ssl_version %>
 ssl_cipher_list=<%= @ne_ssl_cipher_list %>
 ssl_cacert_file=<%= @ne_ssl_ca_cert_file %>
 ssl_cert_file=<%= @ne_ssl_cert_file %>
Author	SHA1	Message	Date
Jenkins Server	18543aec3d	Recommit for updates in build 55	2026-03-15 17:08:15 +01:00
Jenkins Server	ef06b4691b	Merge remote-tracking branch 'origin/master' into jenkins-build-55	2026-03-15 17:07:13 +01:00
12ww1160	4a7d06d0ca	OP#501 finalize SSL settings	2026-03-15 17:06:52 +01:00
Jenkins Server	3cdb09827d	Recommit for updates in build 54	2026-03-15 17:00:32 +01:00
Jenkins Server	fd84c389aa	Merge remote-tracking branch 'origin/master' into jenkins-build-54	2026-03-15 16:59:33 +01:00
12ww1160	95d2344f7f	OP#501 finalize SSL settings	2026-03-15 16:59:12 +01:00
Jenkins Server	b655cb4c56	Recommit for updates in build 53	2026-03-15 16:44:21 +01:00
Jenkins Server	f928537e34	Merge remote-tracking branch 'origin/master' into jenkins-build-53	2026-03-15 16:43:23 +01:00
12ww1160	b7036ae8e7	OP#501 fix parameter	2026-03-15 16:43:07 +01:00
Jenkins Server	ae13e6fde5	Recommit for updates in build 52	2026-03-15 16:36:25 +01:00