Puppet Class: cd_nrpe::params

Inherited by:: cd_nrpe::main::dirs
cd_nrpe::main::user
cd_nrpe::main::files
cd_nrpe::main::config
cd_nrpe::main::install
cd_nrpe::main::service
cd_nrpe::firewall::iptables

Defined in:: manifests/params.pp

Summary

Class holds all parameters for the cd_nrpe module and is inherited by all classes except defines.

Overview

cd_nrpe::params.pp Module name: cd_nrpe Author: Arne Teuke (arne_teuke@ConfDroid.com)

License:

This file is part of cd_nrpe.

cd_nrpe is used for providing automatic configuration of NRPE. Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see www.gnu.org/licenses/. be passed to the NRPE daemon.

Parameters:

pkg_ensure (string) (defaults to: 'latest') —

which package type to choose, i.e. latest or present.
ne_log_facility (string) (defaults to: 'daemon') —

the log facility to use.
ne_log_file (string) (defaults to: '') —

If a log file is specified in this option, nrpe will write to that file instead of using syslog. i.e. /var/run/nrpe.log
ne_debug (string) (defaults to: '0') —

Whether debugging messages are logged to the syslog facility.
ne_nrpe_port (string) (defaults to: '5666') —

the NRPE port. used in firewall ( optional) and configuration file.
ne_listen_queue_size (string) (defaults to: '5') —

Listen queue size (backlog) for serving incoming connections.
ne_nagios_server (string) (defaults to: $::nagios_server) —

ipaddress of the nagios server to be allowed to connect to NRPE service. Default is to look up a global parameter from ENC.
ne_dont_blame_nrpe (string) (defaults to: '1') —

whether or not the NRPE daemon will allow clients to specify arguments to commands that are executed.
ne_allow_bash_cmd_subst (string) (defaults to: '1') —

whether or not the NRPE daemon will allow clients to specify arguments that contain bash command substitutions of the form $(...).
ne_allow_sudo (boolean) (defaults to: true) —

Whether to allow sudo access. used in nrpe.cfg as well as for creating a sudo role.
ne_command_prefix (string) (defaults to: '/usr/bin/sudo') —

allows you to prefix all commands with a user-defined string.
ne_incl_fw (string) (defaults to: true) —

Whether to include firewall rules
ne_command_timeout (string) (defaults to: '60') —

maximum number of seconds that the NRPE daemon will allow plugins to finish executing before killing them off.
ne_connection_timeout (string) (defaults to: '300') —

maximum number of seconds that the NRPE daemon will wait for a connection to be established before exiting.
ne_ssl_version (string) (defaults to: 'TLSv1.1+') —

These directives allow you to specify how to use SSL/TLS.
ne_ssl_use_adh (string) (defaults to: '1') —

This is for backward compatibility and is DEPRECATED. Set to 1 to enable ADH or 2 to require ADH. 1 is currently the default but will be changed in a later version.
ne_ssl_cipher_list (string) (defaults to: 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH') —

ciphers can be used. For backward compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but will be changed in a later version of NRPE.
ne_ssl_cacert_file (string) (defaults to: '/etc/pki/tls/certs/ca-chain.crt.pem') —

path and name of the ssl certificate authority ( ca) file / chain. must be full path.
ne_ssl_cert_file (string) (defaults to: "/etc/pki/tls/certs/${::fqdn}.crt.pem") —

path and name of the server ssl certificate. must include full path.
ne_ssl_privatekey_file (string) (defaults to: "/etc/pki/tls/private/${::fqdn}.key.pem") —

path and name of the server ssl private key. Must include full path.
ne_ssl_client_certs (string) (defaults to: '2') —

determines client certificate usage. Values: 0 = Don't ask for or require client certificates 1 = Ask for client certificates 2 = Require client certificates
ne_ssl_logging (string) (defaults to: '0x00') —

determines which SSL messages are send to syslog. OR values together to specify multiple options. Values: 0x00 (0) = No additional logging (default) 0x01 (1) = Log startup SSL/TLS parameters 0x02 (2) = Log remote IP address 0x04 (4) = Log SSL/TLS version of connections 0x08 (8) = Log which cipher is being used for the connection 0x10 (16) = Log if client has a certificate 0x20 (32) = Log details of client's certificate if it has one -1 or 0xff or 0x2f = All of the above
ne_nasty_metachars (string) (defaults to: '"|`&><\'\\[]{};\r\n\"') —

list of characters that cannot
ne_include_file (string) (defaults to: '') —

include definitions from an external config file.
ne_fw_order_no (string) (defaults to: '50') —

ordering prefix for he firewall rules. Adjust to your environment if needed.
ne_ssl_opts (string) (defaults to: '') —

Specify additional SSL options.
ne_user (string) (defaults to: 'nrpe') —

the NRPE service user
ne_user_comment (string) (defaults to: 'NRPE service user') —

The comment for the service user /etc/passwd
ne_user_uid (string) (defaults to: '1005') —

the UID for the service user
ne_user_home (string) (defaults to: '/var/run/nrpe') —

the home for the service user
ne_user_shell (string) (defaults to: '/sbin/nologin') —

the shell for the service user.
ne_user_groups (string) (defaults to: undef) —

additional groups for the service user.
ne_server_address (string) (defaults to: '127.0.0.1') —

the network interfaces to listen on
ne_allow_weak_rnd_seed (string) (defaults to: '1') —

Whether to allow weak random seeds
ne_include_selinux (string) (defaults to: true) —

Whether to manage selinux

See Also:

https://www.nagios.org/documentation/

# File 'manifests/params.pp', line 98

class cd_nrpe::params (

$pkg_ensure                 = 'latest',

# user settings
$ne_user                    = 'nrpe',
$ne_user_comment            = 'NRPE service user',
$ne_user_uid                = '1005',
$ne_user_home               = '/var/run/nrpe',
$ne_user_groups             = undef,
$ne_user_shell              = '/sbin/nologin',

# nrpe.cfg
$ne_log_facility            = 'daemon',
$ne_log_file                = '',
$ne_debug                   = '0',
$ne_nrpe_port               = '5666',
$ne_server_address          = '127.0.0.1',
$ne_listen_queue_size       = '5',
$ne_nagios_server           = $::nagios_server,
$ne_dont_blame_nrpe         = '1',
$ne_allow_bash_cmd_subst    = '1',
$ne_allow_sudo              = true,
$ne_command_prefix          = '/usr/bin/sudo',
$ne_command_timeout         = '60',
$ne_connection_timeout      = '300',
$ne_allow_weak_rnd_seed     = '1',
$ne_ssl_version             = 'TLSv1.1+',
$ne_ssl_use_adh             = '1',
$ne_ssl_cipher_list         = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
$ne_ssl_cacert_file         = '/etc/pki/tls/certs/ca-chain.crt.pem',
$ne_ssl_cert_file           = "/etc/pki/tls/certs/${::fqdn}.crt.pem",
$ne_ssl_privatekey_file     = "/etc/pki/tls/private/${::fqdn}.key.pem",
$ne_ssl_client_certs        = '2',
$ne_ssl_logging             = '0x00',
$ne_nasty_metachars         = '"|`&><\'\\[]{};\r\n\"',
$ne_include_file            = '',

# nrpe.conf
$ne_ssl_opts                = '',

# firewall
$ne_incl_fw                 = true,
$ne_fw_order_no             = '50',

# selinux
$ne_include_selinux         = true,


) {

# installation section
$reqpackages  = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => ['nrpe','nrpe-selinux'],
  }

# service
$ne_service                 = 'nrpe'

# directories
$ne_main_conf_d_dir         = '/etc/nrpe.d'
$ne_run_dir                 = '/var/run/nrpe'

# files
$ne_main_conf_file          = '/etc/nagios/nrpe.cfg'
$ne_main_conf_erb           = 'cd_nrpe/nrpe_cfg.erb'
$ne_nrpe_pid_file           = "${ne_run_dir}/nrpe.pid"
$ne_nrpe_conf_file          = '/etc/sysconfig/nrpe'
$ne_nrpe_conf_erb           = 'cd_nrpe/nrpe_conf.erb'

# includes must be last

  include cd_nrpe::main::config

}