confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: confdroid:bdee6e9aaab4c9dbcf55b662e102de7bc5062a89
Branches Tags
confdroid:master
...
compare: confdroid:6156b81469c04a4ecd0b23b01ce72ab193b9ceac
Branches Tags
confdroid:master

4 Commits
bdee6e9aaa ... 6156b81469

Author SHA1 Message Date
Jenkins Server
6156b81469 Recommit for updates in build 51 2026-03-15 16:30:57 +01:00
Jenkins Server
e60e0ea9b9 Merge remote-tracking branch 'origin/master' into jenkins-build-51 2026-03-15 16:29:53 +01:00
12ww1160
9c891f058b OP#501 update template 2026-03-15 16:29:32 +01:00
Jenkins Server
e69d85103f Recommit for updates in build 50 2026-03-15 16:02:49 +01:00
6 changed files with 61 additions and 185 deletions
Expand all files Collapse all files

124
Jenkinsfile vendored
View File

@@ -1,124 +0,0 @@
pipeline {
agent any
post {
always {
deleteDir() /* clean up our workspace */
}
success {
updateGitlabCommitStatus state: 'success'
}
failure {
updateGitlabCommitStatus state: 'failed'
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
}
}
options {
gitLabConnection('gitlab.confdroid.com')
}
stages {
stage('pull master') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
# Ensure we're on the development branch (triggered by push)
git checkout development
# Create jenkins branch from development
git checkout -b jenkins-build-$BUILD_NUMBER
# Optionally merge master into jenkins to ensure compatibility
git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
'''
}
}
}
stage('puppet parser') {
steps {
sh '''for file in $(find . -iname \'*.pp\'); do
/opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
done;'''
}
}
stage('check templates') {
steps{
sh '''for file in $(find . -iname \'*.erb\');
do erb -P -x -T "-" $file | ruby -c || exit 1;
done;'''
}
}
stage('puppet-lint') {
steps {
sh '''/usr/local/bin/puppet-lint . \\
--no-variable_scope-check \\
|| { echo "Puppet lint failed"; exit 1; }
'''
}
}
stage('SonarScan') {
steps {
withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
sh '''
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=confdroid_nrpe \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.confdroid.com \
-Dsonar.token=$SONAR_TOKEN
'''
}
}
}
stage('create Puppet documentation') {
steps {
sh '/opt/puppetlabs/bin/puppet strings'
}
}
stage('update repo') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
git push origin HEAD:master
'''
}
}
}
stage('Mirror to Gitea') {
steps {
withCredentials([usernamePassword(
credentialsId: 'Jenkins-gitea',
usernameVariable: 'GITEA_USER',
passwordVariable: 'GITEA_TOKEN')]) {
script {
// Checkout from GitLab (already done implicitly)
sh '''
git checkout master
git pull origin master
git branch -D development
git branch -D jenkins-build-$BUILD_NUMBER
git rm -f Jenkinsfile
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git commit --amend --no-edit --allow-empty
git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_nrpe.git
git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
push master --mirror
'''
}
}
}
}
}
}

30
doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Adirs.html
View File

@@ -131,7 +131,21 @@
33
34
35
36</pre>
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/main/dirs.pp', line 6</span>
@@ -166,6 +180,20 @@ class confdroid_nrpe::main::dirs (
seltype =&gt; var_run_t,
seluser =&gt; system_u,
}
if $ne_enable_ssl {
file { $ne_servercert_dir:
ensure =&gt; directory,
path =&gt; $ne_servercert_dir,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0755&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; cert_t,
seluser =&gt; system_u,
}
}
}</pre>
</td>
</tr>

64
doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
View File

@@ -367,24 +367,6 @@ inherited by all classes except defines.
</li>
<li>
<span class='name'>ne_ssl_use_adh</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;1&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>This is for backward compatibility and is DEPRECATED. Set to 1 to enable ADH or 2 to require ADH. 1 is currently the default but will be changed in a later version.</p>
</div>
</li>
<li>
<span class='name'>ne_ssl_cipher_list</span>
@@ -403,24 +385,6 @@ inherited by all classes except defines.
</li>
<li>
<span class='name'>ne_ssl_cacert_file</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;/etc/pki/tls/certs/ca-chain.crt.pem&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>path and name of the ssl certificate authority (ca) file / chain. must be full path.</p>
</div>
</li>
<li>
<span class='name'>ne_ssl_client_certs</span>
@@ -429,7 +393,7 @@ inherited by all classes except defines.
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;2&#39;</tt>)</em>
<em class="default">(defaults to: <tt>&#39;0&#39;</tt>)</em>
&mdash;
@@ -817,6 +781,11 @@ inherited by all classes except defines.
<pre class="lines">
84
85
86
87
88
89
90
91
@@ -905,16 +874,10 @@ inherited by all classes except defines.
174
175
176
177
178
179
180
181
182
183</pre>
177</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 89</span>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 84</span>
class confdroid_nrpe::params (
@@ -947,10 +910,8 @@ class confdroid_nrpe::params (
String $ne_allow_weak_rnd_seed = &#39;1&#39;,
Boolean $ne_enable_ssl = false,
String $ne_ssl_version = &#39;TLSv2+&#39;,
String $ne_ssl_use_adh = &#39;1&#39;,
String $ne_ssl_cipher_list = &#39;ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH&#39;,
String $ne_ssl_cacert_file = &#39;/etc/pki/tls/certs/ca-chain.crt.pem&#39;,
String $ne_ssl_client_certs = &#39;2&#39;,
String $ne_ssl_client_certs = &#39;0&#39;,
String $ne_ssl_logging = &#39;0x00&#39;,
Array $ne_nasty_metachars = [&quot;|`&amp;&gt;&lt;&#39;\\[]{};\r\n&quot;],
String $ne_include_file = &#39;&#39;,
@@ -983,6 +944,7 @@ class confdroid_nrpe::params (
# directories
$ne_main_conf_d_dir = &#39;/etc/nrpe.d&#39;
$ne_run_dir = &#39;/var/run/nrpe&#39;
$ne_servercert_dir = &#39;/etc/pki/tls/servercerts&#39;
# files
$ne_main_conf_file = &#39;/etc/nagios/nrpe.cfg&#39;
@@ -1001,11 +963,11 @@ class confdroid_nrpe::params (
$ne_checkmodule_nrpe_erb = &#39;confdroid_nrpe/checkmodule_nrpe.erb&#39;
$ne_nrpe_pp_file = &quot;${ne_main_conf_d_dir}/nrpe.pp&quot;
$ne_semodule_erb = &#39;confdroid_nrpe/semodule_nrpe.erb&#39;
$ne_ssl_cert_file = &#39;/etc/pki/tls/certs/nagios.crt.pem&#39;
$ne_ssl_cert_file = &quot;${ne_servercert_dir}/nagios-crt.pem&quot;
$ne_ssl_cert_erb = &#39;confdroid_nrpe/ssl_cert.erb&#39;
$ne_ssl_privatekey_file = &#39;/etc/pki/tls/private/nagios.key.pem&#39;
$ne_ssl_privatekey_file = &quot;${ne_servercert_dir}/nagios-key.pem&quot;
$ne_ssl_privatekey_erb = &#39;confdroid_nrpe/ssl_privatekey.erb&#39;
$ne_ssl_ca_cert_file = &#39;/etc/pki/tls/certs/ca-chain.crt.pem&#39;
$ne_ssl_ca_cert_file = &quot;${ne_servercert_dir}/ca-cert.pem&quot;
$ne_ssl_ca_cert_erb = &#39;confdroid_nrpe/ssl_ca_cert.erb&#39;
# includes must be last

14
manifests/main/dirs.pp
View File

@@ -33,4 +33,18 @@ class confdroid_nrpe::main::dirs (
seltype => var_run_t,
seluser => system_u,
}
if $ne_enable_ssl {
file { $ne_servercert_dir:
ensure => directory,
path => $ne_servercert_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => cert_t,
seluser => system_u,
}
}
}

13
manifests/params.pp
View File

@@ -32,9 +32,6 @@
# NRPE daemon will wait for a connection to be established before exiting.
# @param [String] ne_ssl_version These directives allow you to specify how to
# use SSL/TLS.
# @param [String] ne_ssl_use_adh This is for backward compatibility and is
# DEPRECATED. Set to 1 to enable ADH or 2 to require ADH. 1 is currently the
# default but will be changed in a later version.
# @param [String] ne_ssl_cipher_list ciphers can be used. For backward
# compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in
# this version but will be changed in a later version of NRPE.
@@ -115,9 +112,8 @@ class confdroid_nrpe::params (
String $ne_allow_weak_rnd_seed = '1',
Boolean $ne_enable_ssl = false,
String $ne_ssl_version = 'TLSv2+',
String $ne_ssl_use_adh = '1',
String $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
String $ne_ssl_client_certs = '2',
String $ne_ssl_client_certs = '0',
String $ne_ssl_logging = '0x00',
Array $ne_nasty_metachars = ["|`&><'\\[]{};\r\n"],
String $ne_include_file = '',
@@ -150,6 +146,7 @@ class confdroid_nrpe::params (
# directories
$ne_main_conf_d_dir = '/etc/nrpe.d'
$ne_run_dir = '/var/run/nrpe'
$ne_servercert_dir = '/etc/pki/tls/servercerts'
# files
$ne_main_conf_file = '/etc/nagios/nrpe.cfg'
@@ -168,11 +165,11 @@ class confdroid_nrpe::params (
$ne_checkmodule_nrpe_erb = 'confdroid_nrpe/checkmodule_nrpe.erb'
$ne_nrpe_pp_file = "${ne_main_conf_d_dir}/nrpe.pp"
$ne_semodule_erb = 'confdroid_nrpe/semodule_nrpe.erb'
$ne_ssl_cert_file = '/etc/pki/tls/certs/nagios.crt.pem'
$ne_ssl_cert_file = "${ne_servercert_dir}/nagios-crt.pem"
$ne_ssl_cert_erb = 'confdroid_nrpe/ssl_cert.erb'
$ne_ssl_privatekey_file = '/etc/pki/tls/private/nagios.key.pem'
$ne_ssl_privatekey_file = "${ne_servercert_dir}/nagios-key.pem"
$ne_ssl_privatekey_erb = 'confdroid_nrpe/ssl_privatekey.erb'
$ne_ssl_ca_cert_file = '/etc/pki/tls/certs/ca-chain.crt.pem'
$ne_ssl_ca_cert_file = "${ne_servercert_dir}/ca-cert.pem"
$ne_ssl_ca_cert_erb = 'confdroid_nrpe/ssl_ca_cert.erb'
# includes must be last

1
templates/nrpe_cfg.erb
View File

@@ -35,7 +35,6 @@ allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %>
<% if @ne_enable_ssl == true -%>
ssl_version=<%= @ne_ssl_version %>
ssl_use_adh=<%= @ne_ssl_use_adh %>
ssl_cipher_list=<%= @ne_ssl_cipher_list %>
ssl_cacert_file=<%= @ne_ssl_ca_cert_file %>
ssl_cert_file=<%= @ne_ssl_cert_file %>