confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: confdroid:84c1004feaf9c8fb66cdd8c3616a2068f1b7ff0a
Branches Tags
confdroid:master
...
compare: confdroid:master
Branches Tags
confdroid:master

24 Commits
84c1004fea ... master

Author SHA1 Message Date
Jenkins Server
18543aec3d Recommit for updates in build 55 2026-03-15 17:08:15 +01:00
Jenkins Server
ef06b4691b Merge remote-tracking branch 'origin/master' into jenkins-build-55 2026-03-15 17:07:13 +01:00
12ww1160
4a7d06d0ca OP#501 finalize SSL settings 2026-03-15 17:06:52 +01:00
Jenkins Server
3cdb09827d Recommit for updates in build 54 2026-03-15 17:00:32 +01:00
Jenkins Server
fd84c389aa Merge remote-tracking branch 'origin/master' into jenkins-build-54 2026-03-15 16:59:33 +01:00
12ww1160
95d2344f7f OP#501 finalize SSL settings 2026-03-15 16:59:12 +01:00
Jenkins Server
b655cb4c56 Recommit for updates in build 53 2026-03-15 16:44:21 +01:00
Jenkins Server
f928537e34 Merge remote-tracking branch 'origin/master' into jenkins-build-53 2026-03-15 16:43:23 +01:00
12ww1160
b7036ae8e7 OP#501 fix parameter 2026-03-15 16:43:07 +01:00
Jenkins Server
ae13e6fde5 Recommit for updates in build 52 2026-03-15 16:36:25 +01:00
Jenkins Server
25b4221bea Merge remote-tracking branch 'origin/master' into jenkins-build-52 2026-03-15 16:35:28 +01:00
12ww1160
7313416419 OP#501 fix parameter 2026-03-15 16:35:08 +01:00
Jenkins Server
0de9773a43 Recommit for updates in build 51 2026-03-15 16:30:53 +01:00
Jenkins Server
e60e0ea9b9 Merge remote-tracking branch 'origin/master' into jenkins-build-51 2026-03-15 16:29:53 +01:00
12ww1160
9c891f058b OP#501 update template 2026-03-15 16:29:32 +01:00
Jenkins Server
e69d85103f Recommit for updates in build 50 2026-03-15 16:02:49 +01:00
Jenkins Server
adec28aaba Merge remote-tracking branch 'origin/master' into jenkins-build-50 2026-03-15 16:01:48 +01:00
12ww1160
474ef8af50 OP#501 update template 2026-03-15 16:01:32 +01:00
Jenkins Server
ba76a55819 Merge remote-tracking branch 'origin/master' into jenkins-build-49 2026-03-15 15:54:33 +01:00
12ww1160
1bd00403fc OP#501 update template 2026-03-15 15:54:13 +01:00
Jenkins Server
6d7de77573 Recommit for updates in build 48 2026-03-15 15:47:02 +01:00
Jenkins Server
9559afd271 Merge remote-tracking branch 'origin/master' into jenkins-build-48 2026-03-15 15:46:02 +01:00
12ww1160
cd1f12713b OP#501 update Readme 2026-03-15 15:45:45 +01:00
Jenkins Server
b072b05d47 Recommit for updates in build 47 2026-03-15 15:44:22 +01:00
11 changed files with 96 additions and 244 deletions
Expand all files Collapse all files

124
Jenkinsfile vendored
View File

@@ -1,124 +0,0 @@
pipeline {
agent any
post {
always {
deleteDir() /* clean up our workspace */
}
success {
updateGitlabCommitStatus state: 'success'
}
failure {
updateGitlabCommitStatus state: 'failed'
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
}
}
options {
gitLabConnection('gitlab.confdroid.com')
}
stages {
stage('pull master') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
# Ensure we're on the development branch (triggered by push)
git checkout development
# Create jenkins branch from development
git checkout -b jenkins-build-$BUILD_NUMBER
# Optionally merge master into jenkins to ensure compatibility
git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
'''
}
}
}
stage('puppet parser') {
steps {
sh '''for file in $(find . -iname \'*.pp\'); do
/opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
done;'''
}
}
stage('check templates') {
steps{
sh '''for file in $(find . -iname \'*.erb\');
do erb -P -x -T "-" $file | ruby -c || exit 1;
done;'''
}
}
stage('puppet-lint') {
steps {
sh '''/usr/local/bin/puppet-lint . \\
--no-variable_scope-check \\
|| { echo "Puppet lint failed"; exit 1; }
'''
}
}
stage('SonarScan') {
steps {
withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
sh '''
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=confdroid_nrpe \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.confdroid.com \
-Dsonar.token=$SONAR_TOKEN
'''
}
}
}
stage('create Puppet documentation') {
steps {
sh '/opt/puppetlabs/bin/puppet strings'
}
}
stage('update repo') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
git push origin HEAD:master
'''
}
}
}
stage('Mirror to Gitea') {
steps {
withCredentials([usernamePassword(
credentialsId: 'Jenkins-gitea',
usernameVariable: 'GITEA_USER',
passwordVariable: 'GITEA_TOKEN')]) {
script {
// Checkout from GitLab (already done implicitly)
sh '''
git checkout master
git pull origin master
git branch -D development
git branch -D jenkins-build-$BUILD_NUMBER
git rm -f Jenkinsfile
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git commit --amend --no-edit --allow-empty
git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_nrpe.git
git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
push master --mirror
'''
}
}
}
}
}
}

2
README.md
View File

@@ -110,6 +110,8 @@ When `ne_enable_ssl` is enabled, the certificates for the ca (root if standalone
via Hiera (if you use it) or ENC. At the ENC need to add confdroid_nrpe::params and set those values. via Hiera (if you use it) or ENC. At the ENC need to add confdroid_nrpe::params and set those values.
If you don't need TLS encryption, leave `ne_enable_ssl` to the default value of `false`.
## SELINUX ## SELINUX
All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored. All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.

6
doc/file.README.html
View File

@@ -193,7 +193,7 @@
<h2 id="label-managing+TLS+certificates">managing TLS certificates</h2> <h2 id="label-managing+TLS+certificates">managing TLS certificates</h2>
<p>When <code>ne_enable_ssl</code> is enabled (default), the certificates for the ca (root if standalone or intermediate), the nagios server and the key for the nagios server have to be provided through the following values:</p> <p>When <code>ne_enable_ssl</code> is enabled, the certificates for the ca (root if standalone or intermediate), the nagios server and the key for the nagios server have to be provided through the following values:</p>
<ul><li> <ul><li>
<p><code>ne_ssl_ca_cert_pem</code></p> <p><code>ne_ssl_ca_cert_pem</code></p>
</li><li> </li><li>
@@ -202,7 +202,9 @@
<p><code>ne_ssl_privatekey_pem</code></p> <p><code>ne_ssl_privatekey_pem</code></p>
</li></ul> </li></ul>
<p>via Hiera (if you use it) or ENC.</p> <p>via Hiera (if you use it) or ENC. At the ENC need to add confdroid_nrpe::params and set those values.</p>
<p>If you dont need TLS encryption, leave <code>ne_enable_ssl</code> to the default value of <code>false</code>.</p>
<h2 id="label-SELINUX">SELINUX</h2> <h2 id="label-SELINUX">SELINUX</h2>

6
doc/index.html
View File

@@ -193,7 +193,7 @@
<h2 id="label-managing+TLS+certificates">managing TLS certificates</h2> <h2 id="label-managing+TLS+certificates">managing TLS certificates</h2>
<p>When <code>ne_enable_ssl</code> is enabled (default), the certificates for the ca (root if standalone or intermediate), the nagios server and the key for the nagios server have to be provided through the following values:</p> <p>When <code>ne_enable_ssl</code> is enabled, the certificates for the ca (root if standalone or intermediate), the nagios server and the key for the nagios server have to be provided through the following values:</p>
<ul><li> <ul><li>
<p><code>ne_ssl_ca_cert_pem</code></p> <p><code>ne_ssl_ca_cert_pem</code></p>
</li><li> </li><li>
@@ -202,7 +202,9 @@
<p><code>ne_ssl_privatekey_pem</code></p> <p><code>ne_ssl_privatekey_pem</code></p>
</li></ul> </li></ul>
<p>via Hiera (if you use it) or ENC.</p> <p>via Hiera (if you use it) or ENC. At the ENC need to add confdroid_nrpe::params and set those values.</p>
<p>If you dont need TLS encryption, leave <code>ne_enable_ssl</code> to the default value of <code>false</code>.</p>
<h2 id="label-SELINUX">SELINUX</h2> <h2 id="label-SELINUX">SELINUX</h2>

30
doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Adirs.html
View File

@@ -131,7 +131,21 @@
33 33
34 34
35 35
36</pre> 36
37
38
39
40
41
42
43
44
45
46
47
48
49
50</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/dirs.pp', line 6</span> <pre class="code"><span class="info file"># File 'manifests/main/dirs.pp', line 6</span>
@@ -166,6 +180,20 @@ class confdroid_nrpe::main::dirs (
seltype =&gt; var_run_t, seltype =&gt; var_run_t,
seluser =&gt; system_u, seluser =&gt; system_u,
} }
if $ne_enable_ssl {
file { $ne_servercert_dir:
ensure =&gt; directory,
path =&gt; $ne_servercert_dir,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0755&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; cert_t,
seluser =&gt; system_u,
}
}
}</pre> }</pre>
</td> </td>
</tr> </tr>

22
doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html
View File

@@ -206,8 +206,7 @@
108 108
109 109
110 110
111 111</pre>
112</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span> <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -278,15 +277,14 @@ class confdroid_nrpe::main::files (
notify =&gt; Exec[&#39;create_nrpe_pp&#39;], notify =&gt; Exec[&#39;create_nrpe_pp&#39;],
} }
} }
# file for ssl certificate # file for ssl certificate
if $ne_enable_ssl == true { if $ne_enable_ssl == true {
file { $ne_ssl_cert_file: file { $ne_ssl_cert_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_ssl_cert_file, path =&gt; $ne_ssl_cert_file,
owner =&gt; &#39;root&#39;, owner =&gt; $ne_user,
group =&gt; &#39;root&#39;, group =&gt; $ne_user,
mode =&gt; &#39;0644&#39;, mode =&gt; &#39;0440&#39;,
selrange =&gt; s0, selrange =&gt; s0,
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; cert_t, seltype =&gt; cert_t,
@@ -296,9 +294,9 @@ class confdroid_nrpe::main::files (
file { $ne_ssl_privatekey_file: file { $ne_ssl_privatekey_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_ssl_privatekey_file, path =&gt; $ne_ssl_privatekey_file,
owner =&gt; &#39;root&#39;, owner =&gt; $ne_user,
group =&gt; &#39;root&#39;, group =&gt; $ne_user,
mode =&gt; &#39;0600&#39;, mode =&gt; &#39;0400&#39;,
selrange =&gt; s0, selrange =&gt; s0,
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; cert_t, seltype =&gt; cert_t,
@@ -308,9 +306,9 @@ class confdroid_nrpe::main::files (
file { $ne_ssl_ca_cert_file: file { $ne_ssl_ca_cert_file:
ensure =&gt; file, ensure =&gt; file,
path =&gt; $ne_ssl_ca_cert_file, path =&gt; $ne_ssl_ca_cert_file,
owner =&gt; &#39;root&#39;, owner =&gt; $ne_user,
group =&gt; &#39;root&#39;, group =&gt; $ne_user,
mode =&gt; &#39;0644&#39;, mode =&gt; &#39;0440&#39;,
selrange =&gt; s0, selrange =&gt; s0,
selrole =&gt; object_r, selrole =&gt; object_r,
seltype =&gt; cert_t, seltype =&gt; cert_t,

92
doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
View File

@@ -349,42 +349,6 @@ inherited by all classes except defines.
</li> </li>
<li>
<span class='name'>ne_ssl_version</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;TLSv2+&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>These directives allow you to specify how to use SSL/TLS.</p>
</div>
</li>
<li>
<span class='name'>ne_ssl_use_adh</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;1&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>This is for backward compatibility and is DEPRECATED. Set to 1 to enable ADH or 2 to require ADH. 1 is currently the default but will be changed in a later version.</p>
</div>
</li>
<li> <li>
<span class='name'>ne_ssl_cipher_list</span> <span class='name'>ne_ssl_cipher_list</span>
@@ -403,24 +367,6 @@ inherited by all classes except defines.
</li> </li>
<li>
<span class='name'>ne_ssl_cacert_file</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;/etc/pki/tls/certs/ca-chain.crt.pem&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>path and name of the ssl certificate authority (ca) file / chain. must be full path.</p>
</div>
</li>
<li> <li>
<span class='name'>ne_ssl_client_certs</span> <span class='name'>ne_ssl_client_certs</span>
@@ -429,7 +375,7 @@ inherited by all classes except defines.
<span class='type'>(<tt>String</tt>)</span> <span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;2&#39;</tt>)</em> <em class="default">(defaults to: <tt>&#39;0&#39;</tt>)</em>
&mdash; &mdash;
@@ -699,7 +645,7 @@ inherited by all classes except defines.
<span class='type'>(<tt>Boolean</tt>)</span> <span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>true</tt>)</em> <em class="default">(defaults to: <tt>false</tt>)</em>
&mdash; &mdash;
@@ -817,6 +763,13 @@ inherited by all classes except defines.
<pre class="lines"> <pre class="lines">
82
83
84
85
86
87
88
89 89
90 90
91 91
@@ -902,19 +855,10 @@ inherited by all classes except defines.
171 171
172 172
173 173
174 174</pre>
175
176
177
178
179
180
181
182
183</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 89</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 82</span>
class confdroid_nrpe::params ( class confdroid_nrpe::params (
@@ -945,12 +889,9 @@ class confdroid_nrpe::params (
String $ne_command_timeout = &#39;60&#39;, String $ne_command_timeout = &#39;60&#39;,
String $ne_connection_timeout = &#39;300&#39;, String $ne_connection_timeout = &#39;300&#39;,
String $ne_allow_weak_rnd_seed = &#39;1&#39;, String $ne_allow_weak_rnd_seed = &#39;1&#39;,
Boolean $ne_enable_ssl = true, Boolean $ne_enable_ssl = false,
String $ne_ssl_version = &#39;TLSv2+&#39;,
String $ne_ssl_use_adh = &#39;1&#39;,
String $ne_ssl_cipher_list = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;, String $ne_ssl_cipher_list = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;,
String $ne_ssl_cacert_file = &#39;/etc/pki/tls/certs/ca-chain.crt.pem&#39;, String $ne_ssl_client_certs = &#39;0&#39;,
String $ne_ssl_client_certs = &#39;2&#39;,
String $ne_ssl_logging = &#39;0x00&#39;, String $ne_ssl_logging = &#39;0x00&#39;,
Array $ne_nasty_metachars = [&quot;|`&amp;&gt;&lt;&#39;\\[]{};\r\n&quot;], Array $ne_nasty_metachars = [&quot;|`&amp;&gt;&lt;&#39;\\[]{};\r\n&quot;],
String $ne_include_file = &#39;&#39;, String $ne_include_file = &#39;&#39;,
@@ -983,6 +924,7 @@ class confdroid_nrpe::params (
# directories # directories
$ne_main_conf_d_dir = &#39;/etc/nrpe.d&#39; $ne_main_conf_d_dir = &#39;/etc/nrpe.d&#39;
$ne_run_dir = &#39;/var/run/nrpe&#39; $ne_run_dir = &#39;/var/run/nrpe&#39;
$ne_servercert_dir = &#39;/etc/pki/tls/servercerts&#39;
# files # files
$ne_main_conf_file = &#39;/etc/nagios/nrpe.cfg&#39; $ne_main_conf_file = &#39;/etc/nagios/nrpe.cfg&#39;
@@ -1001,11 +943,11 @@ class confdroid_nrpe::params (
$ne_checkmodule_nrpe_erb = &#39;confdroid_nrpe/checkmodule_nrpe.erb&#39; $ne_checkmodule_nrpe_erb = &#39;confdroid_nrpe/checkmodule_nrpe.erb&#39;
$ne_nrpe_pp_file = &quot;${ne_main_conf_d_dir}/nrpe.pp&quot; $ne_nrpe_pp_file = &quot;${ne_main_conf_d_dir}/nrpe.pp&quot;
$ne_semodule_erb = &#39;confdroid_nrpe/semodule_nrpe.erb&#39; $ne_semodule_erb = &#39;confdroid_nrpe/semodule_nrpe.erb&#39;
$ne_ssl_cert_file = &#39;/etc/pki/tls/certs/nagios.crt.pem&#39; $ne_ssl_cert_file = &quot;${ne_servercert_dir}/nagios-cert.pem&quot;
$ne_ssl_cert_erb = &#39;confdroid_nrpe/ssl_cert.erb&#39; $ne_ssl_cert_erb = &#39;confdroid_nrpe/ssl_cert.erb&#39;
$ne_ssl_privatekey_file = &#39;/etc/pki/tls/private/nagios.key.pem&#39; $ne_ssl_privatekey_file = &quot;${ne_servercert_dir}/nagios-key.pem&quot;
$ne_ssl_privatekey_erb = &#39;confdroid_nrpe/ssl_privatekey.erb&#39; $ne_ssl_privatekey_erb = &#39;confdroid_nrpe/ssl_privatekey.erb&#39;
$ne_ssl_ca_cert_file = &#39;/etc/pki/tls/certs/ca-chain.crt.pem&#39; $ne_ssl_ca_cert_file = &quot;${ne_servercert_dir}/ca-cert.pem&quot;
$ne_ssl_ca_cert_erb = &#39;confdroid_nrpe/ssl_ca_cert.erb&#39; $ne_ssl_ca_cert_erb = &#39;confdroid_nrpe/ssl_ca_cert.erb&#39;
# includes must be last # includes must be last

14
manifests/main/dirs.pp
View File

@@ -33,4 +33,18 @@ class confdroid_nrpe::main::dirs (
seltype => var_run_t, seltype => var_run_t,
seluser => system_u, seluser => system_u,
} }
if $ne_enable_ssl {
file { $ne_servercert_dir:
ensure => directory,
path => $ne_servercert_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => cert_t,
seluser => system_u,
}
}
} }

19
manifests/main/files.pp
View File

@@ -69,15 +69,14 @@ class confdroid_nrpe::main::files (
notify => Exec['create_nrpe_pp'], notify => Exec['create_nrpe_pp'],
} }
} }
# file for ssl certificate # file for ssl certificate
if $ne_enable_ssl == true { if $ne_enable_ssl == true {
file { $ne_ssl_cert_file: file { $ne_ssl_cert_file:
ensure => file, ensure => file,
path => $ne_ssl_cert_file, path => $ne_ssl_cert_file,
owner => 'root', owner => $ne_user,
group => 'root', group => $ne_user,
mode => '0644', mode => '0440',
selrange => s0, selrange => s0,
selrole => object_r, selrole => object_r,
seltype => cert_t, seltype => cert_t,
@@ -87,9 +86,9 @@ class confdroid_nrpe::main::files (
file { $ne_ssl_privatekey_file: file { $ne_ssl_privatekey_file:
ensure => file, ensure => file,
path => $ne_ssl_privatekey_file, path => $ne_ssl_privatekey_file,
owner => 'root', owner => $ne_user,
group => 'root', group => $ne_user,
mode => '0600', mode => '0400',
selrange => s0, selrange => s0,
selrole => object_r, selrole => object_r,
seltype => cert_t, seltype => cert_t,
@@ -99,9 +98,9 @@ class confdroid_nrpe::main::files (
file { $ne_ssl_ca_cert_file: file { $ne_ssl_ca_cert_file:
ensure => file, ensure => file,
path => $ne_ssl_ca_cert_file, path => $ne_ssl_ca_cert_file,
owner => 'root', owner => $ne_user,
group => 'root', group => $ne_user,
mode => '0644', mode => '0440',
selrange => s0, selrange => s0,
selrole => object_r, selrole => object_r,
seltype => cert_t, seltype => cert_t,

19
manifests/params.pp
View File

@@ -30,16 +30,9 @@
# daemon will allow plugins to finish executing before killing them off. # daemon will allow plugins to finish executing before killing them off.
# @param [String] ne_connection_timeout maximum number of seconds that the # @param [String] ne_connection_timeout maximum number of seconds that the
# NRPE daemon will wait for a connection to be established before exiting. # NRPE daemon will wait for a connection to be established before exiting.
# @param [String] ne_ssl_version These directives allow you to specify how to
# use SSL/TLS.
# @param [String] ne_ssl_use_adh This is for backward compatibility and is
# DEPRECATED. Set to 1 to enable ADH or 2 to require ADH. 1 is currently the
# default but will be changed in a later version.
# @param [String] ne_ssl_cipher_list ciphers can be used. For backward # @param [String] ne_ssl_cipher_list ciphers can be used. For backward
# compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in # compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in
# this version but will be changed in a later version of NRPE. # this version but will be changed in a later version of NRPE.
# @param [String] ne_ssl_cacert_file path and name of the ssl certificate
# authority (ca) file / chain. must be full path.
# @param [String] ne_ssl_client_certs determines client certificate usage. # @param [String] ne_ssl_client_certs determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates # Values: 0 = Don't ask for or require client certificates
# 1 = Ask for client certificates # 1 = Ask for client certificates
@@ -116,11 +109,8 @@ class confdroid_nrpe::params (
String $ne_connection_timeout = '300', String $ne_connection_timeout = '300',
String $ne_allow_weak_rnd_seed = '1', String $ne_allow_weak_rnd_seed = '1',
Boolean $ne_enable_ssl = false, Boolean $ne_enable_ssl = false,
String $ne_ssl_version = 'TLSv2+',
String $ne_ssl_use_adh = '1',
String $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH', String $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
String $ne_ssl_cacert_file = '/etc/pki/tls/certs/ca-chain.crt.pem', String $ne_ssl_client_certs = '0',
String $ne_ssl_client_certs = '2',
String $ne_ssl_logging = '0x00', String $ne_ssl_logging = '0x00',
Array $ne_nasty_metachars = ["|`&><'\\[]{};\r\n"], Array $ne_nasty_metachars = ["|`&><'\\[]{};\r\n"],
String $ne_include_file = '', String $ne_include_file = '',
@@ -153,6 +143,7 @@ class confdroid_nrpe::params (
# directories # directories
$ne_main_conf_d_dir = '/etc/nrpe.d' $ne_main_conf_d_dir = '/etc/nrpe.d'
$ne_run_dir = '/var/run/nrpe' $ne_run_dir = '/var/run/nrpe'
$ne_servercert_dir = '/etc/pki/tls/servercerts'
# files # files
$ne_main_conf_file = '/etc/nagios/nrpe.cfg' $ne_main_conf_file = '/etc/nagios/nrpe.cfg'
@@ -171,11 +162,11 @@ class confdroid_nrpe::params (
$ne_checkmodule_nrpe_erb = 'confdroid_nrpe/checkmodule_nrpe.erb' $ne_checkmodule_nrpe_erb = 'confdroid_nrpe/checkmodule_nrpe.erb'
$ne_nrpe_pp_file = "${ne_main_conf_d_dir}/nrpe.pp" $ne_nrpe_pp_file = "${ne_main_conf_d_dir}/nrpe.pp"
$ne_semodule_erb = 'confdroid_nrpe/semodule_nrpe.erb' $ne_semodule_erb = 'confdroid_nrpe/semodule_nrpe.erb'
$ne_ssl_cert_file = '/etc/pki/tls/certs/nagios.crt.pem' $ne_ssl_cert_file = "${ne_servercert_dir}/nagios-cert.pem"
$ne_ssl_cert_erb = 'confdroid_nrpe/ssl_cert.erb' $ne_ssl_cert_erb = 'confdroid_nrpe/ssl_cert.erb'
$ne_ssl_privatekey_file = '/etc/pki/tls/private/nagios.key.pem' $ne_ssl_privatekey_file = "${ne_servercert_dir}/nagios-key.pem"
$ne_ssl_privatekey_erb = 'confdroid_nrpe/ssl_privatekey.erb' $ne_ssl_privatekey_erb = 'confdroid_nrpe/ssl_privatekey.erb'
$ne_ssl_ca_cert_file = '/etc/pki/tls/certs/ca-chain.crt.pem' $ne_ssl_ca_cert_file = "${ne_servercert_dir}/ca-cert.pem"
$ne_ssl_ca_cert_erb = 'confdroid_nrpe/ssl_ca_cert.erb' $ne_ssl_ca_cert_erb = 'confdroid_nrpe/ssl_ca_cert.erb'
# includes must be last # includes must be last

6
templates/nrpe_cfg.erb
View File

@@ -33,11 +33,9 @@ connection_timeout=<%= @ne_connection_timeout %>
allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %> allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %>
<% if $ne_enable_ssl == true -%> <% if @ne_enable_ssl == true -%>
ssl_version=<%= @ne_ssl_version %>
ssl_use_adh=<%= @ne_ssl_use_adh %>
ssl_cipher_list=<%= @ne_ssl_cipher_list %> ssl_cipher_list=<%= @ne_ssl_cipher_list %>
ssl_cacert_file=<%= @ne_ssl_cacert_file %> ssl_cacert_file=<%= @ne_ssl_ca_cert_file %>
ssl_cert_file=<%= @ne_ssl_cert_file %> ssl_cert_file=<%= @ne_ssl_cert_file %>
ssl_privatekey_file=<%= @ne_ssl_privatekey_file %> ssl_privatekey_file=<%= @ne_ssl_privatekey_file %>
ssl_client_certs=<%= @ne_ssl_client_certs %> ssl_client_certs=<%= @ne_ssl_client_certs %>