Recommit for updates in build 55

doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html

@@ -206,8 +206,7 @@
 108
 109
 110
-111
-112</pre>
+111</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -278,15 +277,14 @@ class confdroid_nrpe::main::files (
       notify   =&gt; Exec[&#39;create_nrpe_pp&#39;],
     }
   }
-
   # file for ssl certificate
   if $ne_enable_ssl == true {
     file { $ne_ssl_cert_file:
       ensure   =&gt; file,
       path     =&gt; $ne_ssl_cert_file,
-      owner    =&gt; &#39;root&#39;,
-      group    =&gt; &#39;root&#39;,
-      mode     =&gt; &#39;0644&#39;,
+      owner    =&gt; $ne_user,
+      group    =&gt; $ne_user,
+      mode     =&gt; &#39;0440&#39;,
       selrange =&gt; s0,
       selrole  =&gt; object_r,
       seltype  =&gt; cert_t,
@@ -296,9 +294,9 @@ class confdroid_nrpe::main::files (
     file { $ne_ssl_privatekey_file:
       ensure   =&gt; file,
       path     =&gt; $ne_ssl_privatekey_file,
-      owner    =&gt; &#39;root&#39;,
-      group    =&gt; &#39;root&#39;,
-      mode     =&gt; &#39;0600&#39;,
+      owner    =&gt; $ne_user,
+      group    =&gt; $ne_user,
+      mode     =&gt; &#39;0400&#39;,
       selrange =&gt; s0,
       selrole  =&gt; object_r,
       seltype  =&gt; cert_t,
@@ -308,9 +306,9 @@ class confdroid_nrpe::main::files (
     file { $ne_ssl_ca_cert_file:
       ensure   =&gt; file,
       path     =&gt; $ne_ssl_ca_cert_file,
-      owner    =&gt; &#39;root&#39;,
-      group    =&gt; &#39;root&#39;,
-      mode     =&gt; &#39;0644&#39;,
+      owner    =&gt; $ne_user,
+      group    =&gt; $ne_user,
+      mode     =&gt; &#39;0440&#39;,
       selrange =&gt; s0,
       selrole  =&gt; object_r,
       seltype  =&gt; cert_t,

doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html

@@ -349,24 +349,6 @@ inherited by all classes except defines.
       
     </li>
   
-    <li>
-      
-        <span class='name'>ne_ssl_version</span>
-      
-      
-        <span class='type'>(<tt>String</tt>)</span>
-      
-      
-        <em class="default">(defaults to: <tt>&#39;TLSv2+&#39;</tt>)</em>
-      
-      
-        &mdash;
-        <div class='inline'>
-<p>These directives allow you to specify how to use SSL/TLS.</p>
-</div>
-      
-    </li>
-  
     <li>
       
         <span class='name'>ne_ssl_cipher_list</span>
@@ -781,6 +763,8 @@ inherited by all classes except defines.
         <pre class="lines">
 
 
+82
+83
 84
 85
 86
@@ -871,13 +855,10 @@ inherited by all classes except defines.
 171
 172
 173
-174
-175
-176
-177</pre>
+174</pre>
       </td>
       <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 84</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 82</span>
 
 class confdroid_nrpe::params (
 
@@ -909,7 +890,6 @@ class confdroid_nrpe::params (
   String $ne_connection_timeout           = &#39;300&#39;,
   String $ne_allow_weak_rnd_seed          = &#39;1&#39;,
   Boolean $ne_enable_ssl                  = false,
-  String $ne_ssl_version                  = &#39;TLSv2+&#39;,
   String $ne_ssl_cipher_list              = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;,
   String $ne_ssl_client_certs             = &#39;0&#39;,
   String $ne_ssl_logging                  = &#39;0x00&#39;,
@@ -944,7 +924,7 @@ class confdroid_nrpe::params (
 # directories
   $ne_main_conf_d_dir         = &#39;/etc/nrpe.d&#39;
   $ne_run_dir                 = &#39;/var/run/nrpe&#39;
-  $ne_servercert_dir           = &#39;/etc/pki/tls/servercerts&#39;
+  $ne_servercert_dir          = &#39;/etc/pki/tls/servercerts&#39;
 
 # files
   $ne_main_conf_file          = &#39;/etc/nagios/nrpe.cfg&#39;

manifests/main/files.pp

@@ -69,15 +69,14 @@ class confdroid_nrpe::main::files (
       notify   => Exec['create_nrpe_pp'],
     }
   }
-
   # file for ssl certificate
   if $ne_enable_ssl == true {
     file { $ne_ssl_cert_file:
       ensure   => file,
       path     => $ne_ssl_cert_file,
-      owner    => 'root',
-      group    => 'root',
-      mode     => '0644',
+      owner    => $ne_user,
+      group    => $ne_user,
+      mode     => '0440',
       selrange => s0,
       selrole  => object_r,
       seltype  => cert_t,
@@ -87,9 +86,9 @@ class confdroid_nrpe::main::files (
     file { $ne_ssl_privatekey_file:
       ensure   => file,
       path     => $ne_ssl_privatekey_file,
-      owner    => 'root',
-      group    => 'root',
-      mode     => '0600',
+      owner    => $ne_user,
+      group    => $ne_user,
+      mode     => '0400',
       selrange => s0,
       selrole  => object_r,
       seltype  => cert_t,
@@ -99,9 +98,9 @@ class confdroid_nrpe::main::files (
     file { $ne_ssl_ca_cert_file:
       ensure   => file,
       path     => $ne_ssl_ca_cert_file,
-      owner    => 'root',
-      group    => 'root',
-      mode     => '0644',
+      owner    => $ne_user,
+      group    => $ne_user,
+      mode     => '0440',
       selrange => s0,
       selrole  => object_r,
       seltype  => cert_t,

manifests/params.pp

@@ -30,8 +30,6 @@
 #   daemon will allow plugins to finish executing before killing them off.
 # @param [String] ne_connection_timeout maximum number of seconds that the
 #   NRPE daemon will wait for a connection to be established before exiting.
-# @param [String] ne_ssl_version These directives allow you to specify how to
-#   use SSL/TLS.
 # @param [String] ne_ssl_cipher_list ciphers can be used. For backward
 #   compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in
 #   this version but will be changed in a later version of NRPE.
@@ -111,7 +109,6 @@ class confdroid_nrpe::params (
   String $ne_connection_timeout           = '300',
   String $ne_allow_weak_rnd_seed          = '1',
   Boolean $ne_enable_ssl                  = false,
-  String $ne_ssl_version                  = 'TLSv2+',
   String $ne_ssl_cipher_list              = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
   String $ne_ssl_client_certs             = '0',
   String $ne_ssl_logging                  = '0x00',
@@ -146,7 +143,7 @@ class confdroid_nrpe::params (
 # directories
   $ne_main_conf_d_dir         = '/etc/nrpe.d'
   $ne_run_dir                 = '/var/run/nrpe'
-  $ne_servercert_dir           = '/etc/pki/tls/servercerts'
+  $ne_servercert_dir          = '/etc/pki/tls/servercerts'
 
 # files
   $ne_main_conf_file          = '/etc/nagios/nrpe.cfg'

templates/nrpe_cfg.erb

@@ -34,7 +34,6 @@ connection_timeout=<%= @ne_connection_timeout %>
 allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %>
 
 <% if @ne_enable_ssl == true -%>
-ssl_version=<%= @ne_ssl_version %>
 ssl_cipher_list=<%= @ne_ssl_cipher_list %>
 ssl_cacert_file=<%= @ne_ssl_ca_cert_file %>
 ssl_cert_file=<%= @ne_ssl_cert_file %>