confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: confdroid:dcdbccc3cbc6caf209804e7736c46e77df5e4615
Branches Tags
confdroid:master
..
compare: confdroid:62208f1f4f5ed2a76c8d8fe44a8ad06b5a31e788
Branches Tags
confdroid:master

1 Commits
dcdbccc3cb ... 62208f1f4f

Author SHA1 Message Date
Jenkins Server
62208f1f4f Recommit for updates in build 41 2026-03-15 14:51:14 +01:00
8 changed files with 16 additions and 85 deletions
Expand all files Collapse all files

4
README.md
View File

@@ -12,7 +12,7 @@
- [Dependencies](#dependencies) - [Dependencies](#dependencies)
- [Deployment](#deployment) - [Deployment](#deployment)
- [Managing Check Commands](#managing-check-commands) - [Managing Check Commands](#managing-check-commands)
- [managing TLS certificates](#managing-tls-certificates) - [managing TLS serts](#managing-tls-serts)
- [SELINUX](#selinux) - [SELINUX](#selinux)
- [Known Problems](#known-problems) - [Known Problems](#known-problems)
- [Troubleshooting](#troubleshooting) - [Troubleshooting](#troubleshooting)
@@ -100,7 +100,7 @@ A: Sometimes the name of the check is different, like this:
It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location. It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.
## managing TLS certificates ## managing TLS serts
## SELINUX ## SELINUX

4
doc/file.README.html
View File

@@ -78,7 +78,7 @@
</li><li> </li><li>
<p><a href="#managing-check-commands">Managing Check Commands</a></p> <p><a href="#managing-check-commands">Managing Check Commands</a></p>
</li><li> </li><li>
<p><a href="#managing-tls-certificates">managing TLS certificates</a></p> <p><a href="#managing-tls-serts">managing TLS serts</a></p>
</li><li> </li><li>
<p><a href="#selinux">SELINUX</a></p> <p><a href="#selinux">SELINUX</a></p>
</li><li> </li><li>
@@ -191,7 +191,7 @@
<p>It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.</p> <p>It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.</p>
<h2 id="label-managing+TLS+certificates">managing TLS certificates</h2> <h2 id="label-managing+TLS+serts">managing TLS serts</h2>
<h2 id="label-SELINUX">SELINUX</h2> <h2 id="label-SELINUX">SELINUX</h2>

4
doc/index.html
View File

@@ -78,7 +78,7 @@
</li><li> </li><li>
<p><a href="#managing-check-commands">Managing Check Commands</a></p> <p><a href="#managing-check-commands">Managing Check Commands</a></p>
</li><li> </li><li>
<p><a href="#managing-tls-certificates">managing TLS certificates</a></p> <p><a href="#managing-tls-serts">managing TLS serts</a></p>
</li><li> </li><li>
<p><a href="#selinux">SELINUX</a></p> <p><a href="#selinux">SELINUX</a></p>
</li><li> </li><li>
@@ -191,7 +191,7 @@
<p>It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.</p> <p>It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.</p>
<h2 id="label-managing+TLS+certificates">managing TLS certificates</h2> <h2 id="label-managing+TLS+serts">managing TLS serts</h2>
<h2 id="label-SELINUX">SELINUX</h2> <h2 id="label-SELINUX">SELINUX</h2>

26
doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html
View File

@@ -196,19 +196,7 @@
98 98
99 99
100 100
101 101</pre>
102
103
104
105
106
107
108
109
110
111
112
113</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span> <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -306,18 +294,6 @@ class confdroid_nrpe::main::files (
seluser =&gt; system_u, seluser =&gt; system_u,
content =&gt; template($ne_ssl_privatekey_erb), content =&gt; template($ne_ssl_privatekey_erb),
} }
file { $ne_ssl_ca_cert_file:
ensure =&gt; file,
path =&gt; $ne_ssl_ca_cert_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0644&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; cert_t,
seluser =&gt; system_u,
content =&gt; template($ne_ssl_ca_cert_erb),
}
} }
} }
}</pre> }</pre>

34
doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
View File

@@ -777,24 +777,6 @@ inherited by all classes except defines.
&mdash; &mdash;
<div class='inline'> <div class='inline'>
<p>Optional parameter to specify the content of the nagios server ssl private key. This is used for the nagios server private key and has to be provided via Hiera or ENC. Must be specified if SSL is enabled.</p> <p>Optional parameter to specify the content of the nagios server ssl private key. This is used for the nagios server private key and has to be provided via Hiera or ENC. Must be specified if SSL is enabled.</p>
</div>
</li>
<li>
<span class='name'>ne_ssl_ca_cert_pem</span>
<span class='type'>(<tt>Optional[String]</tt>)</span>
<em class="default">(defaults to: <tt>undef</tt>)</em>
&mdash;
<div class='inline'>
<p>Optional parameter to specify the content of the CA certificate. This is used for the CA certificate and has to be provided via Hiera or ENC. Must be specified if SSL is enabled.</p>
</div> </div>
</li> </li>
@@ -817,6 +799,9 @@ inherited by all classes except defines.
<pre class="lines"> <pre class="lines">
86
87
88
89 89
90 90
91 91
@@ -905,16 +890,10 @@ inherited by all classes except defines.
174 174
175 175
176 176
177 177</pre>
178
179
180
181
182
183</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 89</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 86</span>
class confdroid_nrpe::params ( class confdroid_nrpe::params (
@@ -956,7 +935,6 @@ class confdroid_nrpe::params (
String $ne_include_file = &#39;&#39;, String $ne_include_file = &#39;&#39;,
Optional[String] $ne_ssl_cert_pem = undef, Optional[String] $ne_ssl_cert_pem = undef,
Optional[String] $ne_ssl_privatekey_pem = undef, Optional[String] $ne_ssl_privatekey_pem = undef,
Optional[String] $ne_ssl_ca_cert_pem = undef,
# nrpe.conf # nrpe.conf
String $ne_ssl_opts = &#39;&#39;, String $ne_ssl_opts = &#39;&#39;,
@@ -1005,8 +983,6 @@ class confdroid_nrpe::params (
$ne_ssl_cert_erb = &#39;confdroid_nrpe/ssl_cert.erb&#39; $ne_ssl_cert_erb = &#39;confdroid_nrpe/ssl_cert.erb&#39;
$ne_ssl_privatekey_file = &quot;/etc/pki/tls/private/${fqdn}.key.pem&quot; $ne_ssl_privatekey_file = &quot;/etc/pki/tls/private/${fqdn}.key.pem&quot;
$ne_ssl_privatekey_erb = &#39;confdroid_nrpe/ssl_privatekey.erb&#39; $ne_ssl_privatekey_erb = &#39;confdroid_nrpe/ssl_privatekey.erb&#39;
$ne_ssl_ca_cert_file = &quot;/etc/pki/tls/certs/${fqdn}-ca-chain.crt.pem&quot;
$ne_ssl_ca_cert_erb = &#39;confdroid_nrpe/ssl_ca_cert.erb&#39;
# includes must be last # includes must be last
include confdroid_nrpe::main::config include confdroid_nrpe::main::config

12
manifests/main/files.pp
View File

@@ -96,18 +96,6 @@ class confdroid_nrpe::main::files (
seluser => system_u, seluser => system_u,
content => template($ne_ssl_privatekey_erb), content => template($ne_ssl_privatekey_erb),
} }
file { $ne_ssl_ca_cert_file:
ensure => file,
path => $ne_ssl_ca_cert_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => cert_t,
seluser => system_u,
content => template($ne_ssl_ca_cert_erb),
}
} }
} }
} }

14
manifests/params.pp
View File

@@ -78,13 +78,10 @@
# the nagios server ssl certificate. This is used for the nagios server # the nagios server ssl certificate. This is used for the nagios server
# certificate and has to be provided via Hiera or ENC. Must be specified if # certificate and has to be provided via Hiera or ENC. Must be specified if
# SSL is enabled. # SSL is enabled.
# @param [String] ne_ssl_privatekey_pem Optional parameter to specify the # @param [String] ne_ssl_privatekey_pem Optional parameter to specify the content of
# content of the nagios server ssl private key. This is used for the nagios # the nagios server ssl private key. This is used for the nagios server
# server private key and has to be provided via Hiera or ENC. Must be specified # private key and has to be provided via Hiera or ENC. Must be specified if
# if SSL is enabled. # SSL is enabled.
# @param [String] ne_ssl_ca_cert_pem Optional parameter to specify the content of
# the CA certificate. This is used for the CA certificate and has to be
# provided via Hiera or ENC. Must be specified if SSL is enabled.
############################################################################### ###############################################################################
class confdroid_nrpe::params ( class confdroid_nrpe::params (
@@ -126,7 +123,6 @@ class confdroid_nrpe::params (
String $ne_include_file = '', String $ne_include_file = '',
Optional[String] $ne_ssl_cert_pem = undef, Optional[String] $ne_ssl_cert_pem = undef,
Optional[String] $ne_ssl_privatekey_pem = undef, Optional[String] $ne_ssl_privatekey_pem = undef,
Optional[String] $ne_ssl_ca_cert_pem = undef,
# nrpe.conf # nrpe.conf
String $ne_ssl_opts = '', String $ne_ssl_opts = '',
@@ -175,8 +171,6 @@ class confdroid_nrpe::params (
$ne_ssl_cert_erb = 'confdroid_nrpe/ssl_cert.erb' $ne_ssl_cert_erb = 'confdroid_nrpe/ssl_cert.erb'
$ne_ssl_privatekey_file = "/etc/pki/tls/private/${fqdn}.key.pem" $ne_ssl_privatekey_file = "/etc/pki/tls/private/${fqdn}.key.pem"
$ne_ssl_privatekey_erb = 'confdroid_nrpe/ssl_privatekey.erb' $ne_ssl_privatekey_erb = 'confdroid_nrpe/ssl_privatekey.erb'
$ne_ssl_ca_cert_file = "/etc/pki/tls/certs/${fqdn}-ca-chain.crt.pem"
$ne_ssl_ca_cert_erb = 'confdroid_nrpe/ssl_ca_cert.erb'
# includes must be last # includes must be last
include confdroid_nrpe::main::config include confdroid_nrpe::main::config

3
templates/ssl_ca_cert.erb
View File

@@ -1,3 +0,0 @@
<% unless @ne_ssl_ca_cert_pem.nil -%>
<%= @ne_ssl_ca_cert_pem %>
<% end -%>