|
19 | 19 | # Copyright 2013 Computer Action Team, unless otherwise noted. |
20 | 20 | # |
21 | 21 | class nrpe ( |
22 | | - Array[String] $allowed_hosts = ['127.0.0.1'], |
23 | | - String $server_address = '0.0.0.0', |
24 | | - Integer $command_timeout = 60, |
25 | | - String $config = $nrpe::params::nrpe_config, |
26 | | - String $include_dir = $nrpe::params::nrpe_include_dir, |
27 | | - Variant[String, Array[String]] $package_name = $nrpe::params::nrpe_packages, |
28 | | - Optional[String] $provider = $nrpe::params::nrpe_provider, |
29 | | - Boolean $manage_package = true, |
30 | | - Optional[Boolean] $purge = undef, |
31 | | - Optional[Boolean] $recurse = undef, |
32 | | - String $service_name = $nrpe::params::nrpe_service, |
33 | | - Integer $dont_blame_nrpe = $nrpe::params::dont_blame_nrpe, |
34 | | - String $log_facility = $nrpe::params::log_facility, |
35 | | - Integer $server_port = $nrpe::params::server_port, |
36 | | - Optional[String] $command_prefix = $nrpe::params::command_prefix, |
37 | | - Integer $debug = $nrpe::params::debug, |
38 | | - Integer $connection_timeout = $nrpe::params::connection_timeout, |
39 | | - Optional[Integer]$allow_bash_command_substitution = $nrpe::params::allow_bash_command_substitution, |
40 | | - String $nrpe_user = $nrpe::params::nrpe_user, |
41 | | - String $nrpe_group = $nrpe::params::nrpe_group, |
42 | | - String $nrpe_pid_file = $nrpe::params::nrpe_pid_file, |
43 | | - String $nrpe_ssl_dir = $nrpe::params::nrpe_ssl_dir, |
44 | | - Optional[String] $ssl_cert_file_content = undef, |
45 | | - Optional[String] $ssl_privatekey_file_content = undef, |
46 | | - Optional[String] $ssl_cacert_file_content = undef, |
47 | | - String $ssl_version = $nrpe::params::ssl_version, |
48 | | - Array[String] $ssl_ciphers = $nrpe::params::ssl_ciphers, |
49 | | - Integer $ssl_client_certs = $nrpe::params::ssl_client_certs, |
50 | | - Boolean $ssl_log_startup_params = false, |
51 | | - Boolean $ssl_log_remote_ip = false, |
52 | | - Boolean $ssl_log_protocol_version = false, |
53 | | - Boolean $ssl_log_cipher = false, |
54 | | - Boolean $ssl_log_client_cert = false, |
55 | | - Boolean $ssl_log_client_cert_details = false, |
56 | | - String $command_file_default_mode = '0644', |
| 22 | + Array[Stdlib::Host] $allowed_hosts = ['127.0.0.1'], |
| 23 | + Stdlib::IP::Address $server_address = '0.0.0.0', |
| 24 | + Integer[0] $command_timeout = 60, |
| 25 | + Stdlib::Absolutepath $config = $nrpe::params::nrpe_config, |
| 26 | + Stdlib::Absolutepath $include_dir = $nrpe::params::nrpe_include_dir, |
| 27 | + Variant[String[1], Array[String[1]]] $package_name = $nrpe::params::nrpe_packages, |
| 28 | + Optional[String[1]] $provider = $nrpe::params::nrpe_provider, |
| 29 | + Boolean $manage_package = true, |
| 30 | + Optional[Boolean] $purge = undef, |
| 31 | + Optional[Boolean] $recurse = undef, |
| 32 | + String[1] $service_name = $nrpe::params::nrpe_service, |
| 33 | + Boolean $dont_blame_nrpe = $nrpe::params::dont_blame_nrpe, |
| 34 | + Nrpe::Syslogfacility $log_facility = $nrpe::params::log_facility, |
| 35 | + Stdlib::Port $server_port = $nrpe::params::server_port, |
| 36 | + Optional[Stdlib::Absolutepath] $command_prefix = $nrpe::params::command_prefix, |
| 37 | + Boolean $debug = $nrpe::params::debug, |
| 38 | + Integer[0] $connection_timeout = $nrpe::params::connection_timeout, |
| 39 | + Optional[Boolean] $allow_bash_command_substitution = $nrpe::params::allow_bash_command_substitution, |
| 40 | + String[1] $nrpe_user = $nrpe::params::nrpe_user, |
| 41 | + String[1] $nrpe_group = $nrpe::params::nrpe_group, |
| 42 | + Stdlib::Absolutepath $nrpe_pid_file = $nrpe::params::nrpe_pid_file, |
| 43 | + Stdlib::Absolutepath $nrpe_ssl_dir = $nrpe::params::nrpe_ssl_dir, |
| 44 | + Optional[String[1]] $ssl_cert_file_content = undef, |
| 45 | + Optional[String[1]] $ssl_privatekey_file_content = undef, |
| 46 | + Optional[String[1]] $ssl_cacert_file_content = undef, |
| 47 | + Nrpe::Sslversion $ssl_version = $nrpe::params::ssl_version, |
| 48 | + Array[String[1]] $ssl_ciphers = $nrpe::params::ssl_ciphers, |
| 49 | + Enum['no','ask','require'] $ssl_client_certs = $nrpe::params::ssl_client_certs, |
| 50 | + Boolean $ssl_log_startup_params = false, |
| 51 | + Boolean $ssl_log_remote_ip = false, |
| 52 | + Boolean $ssl_log_protocol_version = false, |
| 53 | + Boolean $ssl_log_cipher = false, |
| 54 | + Boolean $ssl_log_client_cert = false, |
| 55 | + Boolean $ssl_log_client_cert_details = false, |
| 56 | + Stdlib::Filemode $command_file_default_mode = '0644', |
57 | 57 | ) inherits nrpe::params { |
58 | 58 |
|
59 | 59 | if $manage_package { |
|
79 | 79 | ensure => present, |
80 | 80 | } |
81 | 81 |
|
| 82 | + $_allow_bash_command_substitution = $allow_bash_command_substitution ? { |
| 83 | + undef => undef, |
| 84 | + default => bool2str($allow_bash_command_substitution, '1', '0'), |
| 85 | + } |
| 86 | + |
82 | 87 | concat::fragment { 'nrpe main config': |
83 | 88 | target => $config, |
84 | 89 | content => epp( |
|
91 | 96 | 'nrpe_user' => $nrpe_user, |
92 | 97 | 'nrpe_group' => $nrpe_group, |
93 | 98 | 'allowed_hosts' => $allowed_hosts, |
94 | | - 'dont_blame_nrpe' => "${dont_blame_nrpe}", |
95 | | - 'allow_bash_command_substitution' => $allow_bash_command_substitution, |
| 99 | + 'dont_blame_nrpe' => bool2str($dont_blame_nrpe, '1', '0'), |
| 100 | + 'allow_bash_command_substitution' => $_allow_bash_command_substitution, |
96 | 101 | 'libdir' => $nrpe::params::libdir, |
97 | 102 | 'command_prefix' => $command_prefix, |
98 | | - 'debug' => "${debug}", |
99 | | - 'command_timeout' => $command_timeout + 0, |
100 | | - 'connection_timeout' => $connection_timeout + 0, |
| 103 | + 'debug' => bool2str($debug, '1', '0'), |
| 104 | + 'command_timeout' => $command_timeout, |
| 105 | + 'connection_timeout' => $connection_timeout, |
101 | 106 | } |
102 | 107 | ), |
103 | 108 | order => '01', |
104 | 109 | } |
105 | 110 |
|
106 | 111 | if $ssl_cert_file_content { |
| 112 | + |
| 113 | + $_ssl_client_certs = $ssl_client_certs ? { |
| 114 | + 'ask' => '1', |
| 115 | + 'require' => '2', |
| 116 | + default => '0', # $ssl_client_certs = 'no' |
| 117 | + } |
| 118 | + |
107 | 119 | concat::fragment { 'nrpe ssl fragment': |
108 | | - target => $config, |
109 | | - content => epp( |
110 | | - 'nrpe/nrpe.cfg-ssl.epp', |
111 | | - { |
112 | | - 'ssl_version' => $ssl_version, |
113 | | - 'ssl_ciphers' => $ssl_ciphers, |
114 | | - 'nrpe_ssl_dir' => $nrpe_ssl_dir, |
115 | | - 'ssl_client_certs' => "${ssl_client_certs}", |
116 | | - 'ssl_logging' => nrpe::ssl_logging( |
117 | | - $ssl_log_startup_params, |
118 | | - $ssl_log_remote_ip, |
119 | | - $ssl_log_protocol_version, |
120 | | - $ssl_log_cipher, |
121 | | - $ssl_log_client_cert, |
122 | | - $ssl_log_client_cert_details |
123 | | - ) |
124 | | - } |
125 | | - ), |
126 | | - order => '02', |
| 120 | + target => $config, |
| 121 | + content => epp( |
| 122 | + 'nrpe/nrpe.cfg-ssl.epp', |
| 123 | + { |
| 124 | + 'ssl_version' => $ssl_version, |
| 125 | + 'ssl_ciphers' => $ssl_ciphers, |
| 126 | + 'nrpe_ssl_dir' => $nrpe_ssl_dir, |
| 127 | + 'ssl_client_certs' => $_ssl_client_certs, |
| 128 | + 'ssl_logging' => nrpe::ssl_logging( |
| 129 | + $ssl_log_startup_params, |
| 130 | + $ssl_log_remote_ip, |
| 131 | + $ssl_log_protocol_version, |
| 132 | + $ssl_log_cipher, |
| 133 | + $ssl_log_client_cert, |
| 134 | + $ssl_log_client_cert_details |
| 135 | + ) |
| 136 | + } |
| 137 | + ), |
| 138 | + order => '02', |
127 | 139 | } |
128 | 140 |
|
129 | 141 | file { $nrpe_ssl_dir: |
|
0 commit comments