Recommit for updates in build 41

2026-03-15 14:51:14 +01:00
8 changed files with 16 additions and 85 deletions
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@
  - [Dependencies](#dependencies)
  - [Deployment](#deployment)
  - [Managing Check Commands](#managing-check-commands)
-  - [managing TLS certificates](#managing-tls-certificates)
+  - [managing TLS serts](#managing-tls-serts)
  - [SELINUX](#selinux)
  - [Known Problems](#known-problems)
  - [Troubleshooting](#troubleshooting)
@@ -100,7 +100,7 @@ A: Sometimes the name of the check is different, like this:

 It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.

-## managing TLS certificates
+## managing TLS serts

 ## SELINUX

--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -78,7 +78,7 @@
 </li><li>
 <p><a href="#managing-check-commands">Managing Check Commands</a></p>
 </li><li>
-<p><a href="#managing-tls-certificates">managing TLS certificates</a></p>
+<p><a href="#managing-tls-serts">managing TLS serts</a></p>
 </li><li>
 <p><a href="#selinux">SELINUX</a></p>
 </li><li>
@@ -191,7 +191,7 @@

 <p>It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.</p>

-<h2 id="label-managing+TLS+certificates">managing TLS certificates</h2>
+<h2 id="label-managing+TLS+serts">managing TLS serts</h2>

 <h2 id="label-SELINUX">SELINUX</h2>

--- a/doc/index.html
+++ b/doc/index.html
@@ -78,7 +78,7 @@
 </li><li>
 <p><a href="#managing-check-commands">Managing Check Commands</a></p>
 </li><li>
-<p><a href="#managing-tls-certificates">managing TLS certificates</a></p>
+<p><a href="#managing-tls-serts">managing TLS serts</a></p>
 </li><li>
 <p><a href="#selinux">SELINUX</a></p>
 </li><li>
@@ -191,7 +191,7 @@

 <p>It is very recommendable to define such commands directly within Puppet modules or profiles, so any node running the particular service controlled by the module will automatically get the required check commands defined as well, while nodes not running the service also do not contain the command check. The same then is true for Nagios checks, so you would have both the NRPE command definition and the Nagios check contained in Puppet modules or profiles to have it in one location.</p>

-<h2 id="label-managing+TLS+certificates">managing TLS certificates</h2>
+<h2 id="label-managing+TLS+serts">managing TLS serts</h2>

 <h2 id="label-SELINUX">SELINUX</h2>

--- a/doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/confdroid_nrpe_3A_3Amain_3A_3Afiles.html
@@ -196,19 +196,7 @@
 98
 99
 100
-101
-102
-103
-104
-105
-106
-107
-108
-109
-110
-111
-112
-113</pre>
+101</pre>
      </td>
      <td>
        <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -306,18 +294,6 @@ class confdroid_nrpe::main::files (
        seluser  =&gt; system_u,
        content  =&gt; template($ne_ssl_privatekey_erb),
      }
-      file { $ne_ssl_ca_cert_file:
-        ensure   =&gt; file,
-        path     =&gt; $ne_ssl_ca_cert_file,
-        owner    =&gt; &#39;root&#39;,
-        group    =&gt; &#39;root&#39;,
-        mode     =&gt; &#39;0644&#39;,
-        selrange =&gt; s0,
-        selrole  =&gt; object_r,
-        seltype  =&gt; cert_t,
-        seluser  =&gt; system_u,
-        content  =&gt; template($ne_ssl_ca_cert_erb),
-      }
    }
  }
 }</pre>
--- a/doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_nrpe_3A_3Aparams.html
@@ -777,24 +777,6 @@ inherited by all classes except defines.
        &mdash;
        <div class='inline'>
 <p>Optional parameter to specify the content of the nagios server ssl private key. This is used for the nagios server private key and has to be provided via Hiera or ENC. Must be specified if SSL is enabled.</p>
-</div>
-      
-    </li>
-  
-    <li>
-      
-        <span class='name'>ne_ssl_ca_cert_pem</span>
-      
-      
-        <span class='type'>(<tt>Optional[String]</tt>)</span>
-      
-      
-        <em class="default">(defaults to: <tt>undef</tt>)</em>
-      
-      
-        &mdash;
-        <div class='inline'>
-<p>Optional parameter to specify the content of the CA certificate. This is used for the CA certificate and has to be provided via Hiera or ENC. Must be specified if SSL is enabled.</p>
 </div>
      
    </li>
@@ -817,6 +799,9 @@ inherited by all classes except defines.
        <pre class="lines">


+86
+87
+88
 89
 90
 91
@@ -905,16 +890,10 @@ inherited by all classes except defines.
 174
 175
 176
-177
-178
-179
-180
-181
-182
-183</pre>
+177</pre>
      </td>
      <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 89</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 86</span>

 class confdroid_nrpe::params (

@@ -956,7 +935,6 @@ class confdroid_nrpe::params (
  String $ne_include_file                 = &#39;&#39;,
  Optional[String] $ne_ssl_cert_pem       = undef,
  Optional[String] $ne_ssl_privatekey_pem = undef,
-  Optional[String] $ne_ssl_ca_cert_pem    = undef,

 # nrpe.conf
  String $ne_ssl_opts                     = &#39;&#39;,
@@ -1005,8 +983,6 @@ class confdroid_nrpe::params (
  $ne_ssl_cert_erb            = &#39;confdroid_nrpe/ssl_cert.erb&#39;
  $ne_ssl_privatekey_file     = &quot;/etc/pki/tls/private/${fqdn}.key.pem&quot;
  $ne_ssl_privatekey_erb      = &#39;confdroid_nrpe/ssl_privatekey.erb&#39;
-  $ne_ssl_ca_cert_file        = &quot;/etc/pki/tls/certs/${fqdn}-ca-chain.crt.pem&quot;
-  $ne_ssl_ca_cert_erb         = &#39;confdroid_nrpe/ssl_ca_cert.erb&#39;

 # includes must be last
  include confdroid_nrpe::main::config
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -96,18 +96,6 @@ class confdroid_nrpe::main::files (
        seluser  => system_u,
        content  => template($ne_ssl_privatekey_erb),
      }
-      file { $ne_ssl_ca_cert_file:
-        ensure   => file,
-        path     => $ne_ssl_ca_cert_file,
-        owner    => 'root',
-        group    => 'root',
-        mode     => '0644',
-        selrange => s0,
-        selrole  => object_r,
-        seltype  => cert_t,
-        seluser  => system_u,
-        content  => template($ne_ssl_ca_cert_erb),
-      }
    }
  }
 }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -78,13 +78,10 @@
 #   the nagios server ssl certificate. This is used for the nagios server 
 #   certificate and has to be provided via Hiera or ENC. Must be specified if 
 #   SSL is enabled.
-# @param [String] ne_ssl_privatekey_pem Optional parameter to specify the 
-#   content of the nagios server ssl private key. This is used for the nagios 
-#   server private key and has to be provided via Hiera or ENC. Must be specified 
-#   if SSL is enabled. 
-# @param [String] ne_ssl_ca_cert_pem Optional parameter to specify the content of 
-#   the CA certificate. This is used for the CA certificate and has to be 
-#   provided  via Hiera or ENC. Must be specified if SSL is enabled.
+# @param [String] ne_ssl_privatekey_pem Optional parameter to specify the content of 
+#   the nagios server ssl private key. This is used for the nagios server 
+#   private key and has to be provided via Hiera or ENC. Must be specified if 
+#   SSL is enabled.
 ###############################################################################
 class confdroid_nrpe::params (

@@ -126,7 +123,6 @@ class confdroid_nrpe::params (
  String $ne_include_file                 = '',
  Optional[String] $ne_ssl_cert_pem       = undef,
  Optional[String] $ne_ssl_privatekey_pem = undef,
-  Optional[String] $ne_ssl_ca_cert_pem    = undef,

 # nrpe.conf
  String $ne_ssl_opts                     = '',
@@ -175,8 +171,6 @@ class confdroid_nrpe::params (
  $ne_ssl_cert_erb            = 'confdroid_nrpe/ssl_cert.erb'
  $ne_ssl_privatekey_file     = "/etc/pki/tls/private/${fqdn}.key.pem"
  $ne_ssl_privatekey_erb      = 'confdroid_nrpe/ssl_privatekey.erb'
-  $ne_ssl_ca_cert_file        = "/etc/pki/tls/certs/${fqdn}-ca-chain.crt.pem"
-  $ne_ssl_ca_cert_erb         = 'confdroid_nrpe/ssl_ca_cert.erb'

 # includes must be last
  include confdroid_nrpe::main::config
--- a/templates/ssl_ca_cert.erb
+++ b/templates/ssl_ca_cert.erb
@@ -1,3 +0,0 @@
-<% unless @ne_ssl_ca_cert_pem.nil -%>
-<%= @ne_ssl_ca_cert_pem %>
-<% end -%>