confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: confdroid:330bbff810b5a241ab2064727a60718de80fdbf6
Branches Tags
confdroid:master
...
compare: confdroid:master
Branches Tags
confdroid:master

7 Commits
330bbff810 ... master

Author SHA1 Message Date
Jenkins Server
18543aec3d Recommit for updates in build 55 2026-03-15 17:08:15 +01:00
Jenkins Server
ef06b4691b Merge remote-tracking branch 'origin/master' into jenkins-build-55 2026-03-15 17:07:13 +01:00
12ww1160
4a7d06d0ca OP#501 finalize SSL settings 2026-03-15 17:06:52 +01:00
Jenkins Server
3cdb09827d Recommit for updates in build 54 2026-03-15 17:00:32 +01:00
Jenkins Server
fd84c389aa Merge remote-tracking branch 'origin/master' into jenkins-build-54 2026-03-15 16:59:33 +01:00
12ww1160
95d2344f7f OP#501 finalize SSL settings 2026-03-15 16:59:12 +01:00
Jenkins Server
b655cb4c56 Recommit for updates in build 53 2026-03-15 16:44:21 +01:00
6 changed files with 25 additions and 175 deletions
Expand all files Collapse all files

124
Jenkinsfile vendored
View File

@@ -1,124 +0,0 @@
pipeline {
agent any
post {
always {
deleteDir() /* clean up our workspace */
}
success {
updateGitlabCommitStatus state: 'success'
}
failure {
updateGitlabCommitStatus state: 'failed'
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
}
}
options {
gitLabConnection('gitlab.confdroid.com')
}
stages {
stage('pull master') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
# Ensure we're on the development branch (triggered by push)
git checkout development
# Create jenkins branch from development
git checkout -b jenkins-build-$BUILD_NUMBER
# Optionally merge master into jenkins to ensure compatibility
git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
'''
}
}
}
stage('puppet parser') {
steps {
sh '''for file in $(find . -iname \'*.pp\'); do
/opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
done;'''
}
}
stage('check templates') {
steps{
sh '''for file in $(find . -iname \'*.erb\');
do erb -P -x -T "-" $file | ruby -c || exit 1;
done;'''
}
}
stage('puppet-lint') {
steps {
sh '''/usr/local/bin/puppet-lint . \\
--no-variable_scope-check \\
|| { echo "Puppet lint failed"; exit 1; }
'''
}
}
stage('SonarScan') {
steps {
withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
sh '''
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=confdroid_nrpe \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.confdroid.com \
-Dsonar.token=$SONAR_TOKEN
'''
}
}
}
stage('create Puppet documentation') {
steps {
sh '/opt/puppetlabs/bin/puppet strings'
}
}
stage('update repo') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
git push origin HEAD:master
'''
}
}
}
stage('Mirror to Gitea') {
steps {
withCredentials([usernamePassword(
credentialsId: 'Jenkins-gitea',
usernameVariable: 'GITEA_USER',
passwordVariable: 'GITEA_TOKEN')]) {
script {
// Checkout from GitLab (already done implicitly)
sh '''
git checkout master
git pull origin master
git branch -D development
git branch -D jenkins-build-$BUILD_NUMBER
git rm -f Jenkinsfile
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git commit --amend --no-edit --allow-empty
git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_nrpe.git
git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
push master --mirror
'''
}
}
}
}
}
}

22
doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html
View File

@@ -206,8 +206,7 @@
108 108
109 109
110 110
111 111</pre>
112</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span> <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -278,15 +277,14 @@ class confdroid_nrpe::main::files (
notify =&gt; Exec[&#39;create_nrpe_pp&#39;], notify =&gt; Exec[&#39;create_nrpe_pp&#39;],
} }
} }
# file for ssl certificate # file for ssl certificate
if $ne_enable_ssl == true { if $ne_enable_ssl == true {
file { $ne_ssl_cert_file: file { $ne_ssl_cert_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_ssl_cert_file, path =&gt; $ne_ssl_cert_file,
owner =&gt; &#39;root&#39;, owner =&gt; $ne_user,
group =&gt; &#39;root&#39;, group =&gt; $ne_user,
mode =&gt; &#39;0644&#39;, mode =&gt; &#39;0440&#39;,
selrange =&gt; s0, selrange =&gt; s0,
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; cert_t, seltype =&gt; cert_t,
@@ -296,9 +294,9 @@ class confdroid_nrpe::main::files (
file { $ne_ssl_privatekey_file: file { $ne_ssl_privatekey_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_ssl_privatekey_file, path =&gt; $ne_ssl_privatekey_file,
owner =&gt; &#39;root&#39;, owner =&gt; $ne_user,
group =&gt; &#39;root&#39;, group =&gt; $ne_user,
mode =&gt; &#39;0600&#39;, mode =&gt; &#39;0400&#39;,
selrange =&gt; s0, selrange =&gt; s0,
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; cert_t, seltype =&gt; cert_t,
@@ -308,9 +306,9 @@ class confdroid_nrpe::main::files (
file { $ne_ssl_ca_cert_file: file { $ne_ssl_ca_cert_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_ssl_ca_cert_file, path =&gt; $ne_ssl_ca_cert_file,
owner =&gt; &#39;root&#39;, owner =&gt; $ne_user,
group =&gt; &#39;root&#39;, group =&gt; $ne_user,
mode =&gt; &#39;0644&#39;, mode =&gt; &#39;0440&#39;,
selrange =&gt; s0, selrange =&gt; s0,
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; cert_t, seltype =&gt; cert_t,

28
doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
View File

@@ -349,24 +349,6 @@ inherited by all classes except defines.
</li> </li>
<li>
<span class='name'>ne_ssl_version</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;TLSv2+&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>These directives allow you to specify how to use SSL/TLS.</p>
</div>
</li>
<li> <li>
<span class='name'>ne_ssl_cipher_list</span> <span class='name'>ne_ssl_cipher_list</span>
@@ -781,6 +763,8 @@ inherited by all classes except defines.
<pre class="lines"> <pre class="lines">
82
83
84 84
85 85
86 86
@@ -871,13 +855,10 @@ inherited by all classes except defines.
171 171
172 172
173 173
174 174</pre>
175
176
177</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 84</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 82</span>
class confdroid_nrpe::params ( class confdroid_nrpe::params (
@@ -909,7 +890,6 @@ class confdroid_nrpe::params (
String $ne_connection_timeout = &#39;300&#39;, String $ne_connection_timeout = &#39;300&#39;,
String $ne_allow_weak_rnd_seed = &#39;1&#39;, String $ne_allow_weak_rnd_seed = &#39;1&#39;,
Boolean $ne_enable_ssl = false, Boolean $ne_enable_ssl = false,
String $ne_ssl_version = &#39;TLSv2+&#39;,
String $ne_ssl_cipher_list = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;, String $ne_ssl_cipher_list = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;,
String $ne_ssl_client_certs = &#39;0&#39;, String $ne_ssl_client_certs = &#39;0&#39;,
String $ne_ssl_logging = &#39;0x00&#39;, String $ne_ssl_logging = &#39;0x00&#39;,

18
manifests/main/files.pp
View File

@@ -74,9 +74,9 @@ class confdroid_nrpe::main::files (
file { $ne_ssl_cert_file: file { $ne_ssl_cert_file:
ensure => file, ensure => file,
path => $ne_ssl_cert_file, path => $ne_ssl_cert_file,
owner => 'root', owner => $ne_user,
group => 'root', group => $ne_user,
mode => '0644', mode => '0440',
selrange => s0, selrange => s0,
selrole => object_r, selrole => object_r,
seltype => cert_t, seltype => cert_t,
@@ -86,9 +86,9 @@ class confdroid_nrpe::main::files (
file { $ne_ssl_privatekey_file: file { $ne_ssl_privatekey_file:
ensure => file, ensure => file,
path => $ne_ssl_privatekey_file, path => $ne_ssl_privatekey_file,
owner => 'root', owner => $ne_user,
group => 'root', group => $ne_user,
mode => '0600', mode => '0400',
selrange => s0, selrange => s0,
selrole => object_r, selrole => object_r,
seltype => cert_t, seltype => cert_t,
@@ -98,9 +98,9 @@ class confdroid_nrpe::main::files (
file { $ne_ssl_ca_cert_file: file { $ne_ssl_ca_cert_file:
ensure => file, ensure => file,
path => $ne_ssl_ca_cert_file, path => $ne_ssl_ca_cert_file,
owner => 'root', owner => $ne_user,
group => 'root', group => $ne_user,
mode => '0644', mode => '0440',
selrange => s0, selrange => s0,
selrole => object_r, selrole => object_r,
seltype => cert_t, seltype => cert_t,

5
manifests/params.pp
View File

@@ -30,8 +30,6 @@
# daemon will allow plugins to finish executing before killing them off. # daemon will allow plugins to finish executing before killing them off.
# @param [String] ne_connection_timeout maximum number of seconds that the # @param [String] ne_connection_timeout maximum number of seconds that the
# NRPE daemon will wait for a connection to be established before exiting. # NRPE daemon will wait for a connection to be established before exiting.
# @param [String] ne_ssl_version These directives allow you to specify how to
# use SSL/TLS.
# @param [String] ne_ssl_cipher_list ciphers can be used. For backward # @param [String] ne_ssl_cipher_list ciphers can be used. For backward
# compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in # compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in
# this version but will be changed in a later version of NRPE. # this version but will be changed in a later version of NRPE.
@@ -111,7 +109,6 @@ class confdroid_nrpe::params (
String $ne_connection_timeout = '300', String $ne_connection_timeout = '300',
String $ne_allow_weak_rnd_seed = '1', String $ne_allow_weak_rnd_seed = '1',
Boolean $ne_enable_ssl = false, Boolean $ne_enable_ssl = false,
String $ne_ssl_version = 'TLSv2+',
String $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH', String $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
String $ne_ssl_client_certs = '0', String $ne_ssl_client_certs = '0',
String $ne_ssl_logging = '0x00', String $ne_ssl_logging = '0x00',
@@ -146,7 +143,7 @@ class confdroid_nrpe::params (
# directories # directories
$ne_main_conf_d_dir = '/etc/nrpe.d' $ne_main_conf_d_dir = '/etc/nrpe.d'
$ne_run_dir = '/var/run/nrpe' $ne_run_dir = '/var/run/nrpe'
$ne_servercert_dir = '/etc/ssl/servercerts' $ne_servercert_dir = '/etc/pki/tls/servercerts'
# files # files
$ne_main_conf_file = '/etc/nagios/nrpe.cfg' $ne_main_conf_file = '/etc/nagios/nrpe.cfg'

1
templates/nrpe_cfg.erb
View File

@@ -34,7 +34,6 @@ connection_timeout=<%= @ne_connection_timeout %>
allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %> allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %>
<% if @ne_enable_ssl == true -%> <% if @ne_enable_ssl == true -%>
ssl_version=<%= @ne_ssl_version %>
ssl_cipher_list=<%= @ne_ssl_cipher_list %> ssl_cipher_list=<%= @ne_ssl_cipher_list %>
ssl_cacert_file=<%= @ne_ssl_ca_cert_file %> ssl_cacert_file=<%= @ne_ssl_ca_cert_file %>
ssl_cert_file=<%= @ne_ssl_cert_file %> ssl_cert_file=<%= @ne_ssl_cert_file %>