nrpe: Installs and configures NRPE
nrpe::config: Configures NRPEnrpe::config::ssl: Configures SSL for NRPEnrpe::install: Installs required NRPE packagesnrpe::params: Sets defaults based on OSnrpe::service: Manages the NRPE service
nrpe::command: Installs NRPE commandsnrpe::plugin: Installs additional plugins for NRPE
nrpe::ssl_logging: A function that outputs a string suitable for the nrpe.confssl_loggingparameter. The nrpe.conf documentation has the following to say...
Installs and configures NRPE
- See also
class { 'nrpe':
allowed_hosts => [
'127.0.0.1',
'nagios.example.org',
],
}class { 'nrpe':
allowed_hosts => 'nagios.example.org',
ssl_cert_file_content => file('profile/ssl/nagios.example.org.crt'),
ssl_privatekey_file_content => file('profile/ssl/nagios.example.org.key'),
ssl_cacert_file_content => file('profile/ssl/GeoTrust_RSA_CA_2018.crt'),
ssl_client_certs => 'require',
}The following parameters are available in the nrpe class:
allowed_hostsserver_addresscommandspluginscommand_timeoutpackage_namemanage_packagepurgedont_blame_nrpelog_facilityserver_portcommand_prefixdebugconnection_timeoutallow_weak_random_seedallow_bash_command_substitutionnrpe_usernrpe_groupnrpe_pid_filecommand_file_default_modesupplementary_groupsnrpe_ssl_dirssl_cert_file_contentssl_privatekey_file_contentssl_cacert_file_contentssl_versionssl_ciphersssl_client_certsssl_log_startup_paramsssl_log_remote_ipssl_log_protocol_versionssl_log_cipherssl_log_client_certssl_log_client_cert_detailsmanage_pid_dirmanage_groupmanage_useruser_commentuser_home_diruser_shellconfiginclude_dirproviderservice_namelisten_queue_size
Data type: Array[Variant[Stdlib::Fqdn,Stdlib::IP::Address]]
Specifies the hosts that NRPE will accept connections from.
Default value: ['127.0.0.1']
Data type: Stdlib::IP::Address
Specifies the IP address of the inteface that NRPE should bind to. Useful when the system has more than one interface.
Default value: '0.0.0.0'
Data type: Hash
A Hash of nrpe::command resources you want to create. Recommended when you want to define nrpe::commands in hiera data.
Default value: {}
Data type: Hash
A Hash of nrpe::plugin resources you want to create. Recommended when you want to define nrpe::plugins in hiera data.
Default value: {}
Data type: Integer[0]
Specifies the maximum number of seconds that the NRPE daemon will allow plugins to finish executing before killing them off.
Default value: 60
Data type: Variant[String[1], Array[String[1]]]
The package name or array of package names that will be installed. The default is often fine, but you may wish to set this to install extra packages like nrpe-selinux.
Default value: $nrpe::params::nrpe_packages
Data type: Boolean
By default, set to true and the nrpe class will manage the OS package(s).
Default value: true
Data type: Boolean
When set to true, the module will purge any unmanaged commands from the NRPE includedir.
Default value: false
Data type: Boolean
Determines whether or not the NRPE daemon will allow clients to specify arguments to commands that are executed. ENABLING THIS OPTION IS A SECURITY RISK!
Default value: $nrpe::params::dont_blame_nrpe
Data type: Nrpe::Syslogfacility
The syslog facility that should be used for logging purposes.
Default value: $nrpe::params::log_facility
Data type: Stdlib::Port::Unprivileged
The port that NRPE should listen for connections on.
Default value: $nrpe::params::server_port
Data type: Optional[Stdlib::Absolutepath]
This option allows you to prefix all commands with a user-defined string. Although often used to run all commands with sudo, nrpe::command has dedicated sudo parameters for this.
Default value: $nrpe::params::command_prefix
Data type: Boolean
This option determines whether or not debugging messages are logged to the syslog facility.
Default value: $nrpe::params::debug
Data type: Integer[0]
Specifies the maximum number of seconds that the NRPE daemon will wait for a connection to be established before exiting.
Default value: $nrpe::params::connection_timeout
Data type: Boolean
Determines whether or not the NRPE daemon will use weak sources of randomness
Default value: $nrpe::params::allow_weak_random_seed
Data type: Optional[Boolean]
Determines whether or not the NRPE daemon will allow clients to specify arguments that contain bash command substitutions of the form $(...). ** ENABLING THIS OPTION IS A HIGH SECURITY RISK! **
Default value: $nrpe::params::allow_bash_command_substitution
Data type: String[1]
Determines the effective user that the NRPE daemon should run as.
Default value: $nrpe::params::nrpe_user
Data type: String[1]
Determines the effective group that the NRPE daemon should run as.
Default value: $nrpe::params::nrpe_group
Data type: Stdlib::Absolutepath
The name of the file in which the NRPE daemon should write it's process ID number.
Default value: $nrpe::params::nrpe_pid_file
Data type: Stdlib::Filemode
The default file mode to use when creating NRPE command files in the includedir.
Default value: '0644'
Data type: Array[String[1]]
If set, the nrpe_user will be added to these supplementary groups.
Default value: []
Data type: Stdlib::Absolutepath
The directory that SSL certificates and keys will be created in.
Default value: $nrpe::params::nrpe_ssl_dir
Data type: Optional[String[1]]
A string containing the SSL Certificate.
Default value: undef
Data type: Optional[String[1]]
A string containing the SSL private KEY. It is recommended to source this parameter from hiera and use EYAML or similar to encrypt the data.
Default value: undef
Data type: Optional[String[1]]
A string containing the SSL CA Cert file contents.
Default value: undef
Data type: Nrpe::Sslversion
The SSL Version to use. The default of TLSv1.2+ is the most secure option available at time of writing. Avoid having to set it to a lower value if possible.
Default value: $nrpe::params::ssl_version
Data type: Array[String[1]]
An array of ciphers that should be allowed by NRPE. The defaults are for RSA keys and were taken from https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices.
Default value: $nrpe::params::ssl_ciphers
Data type: Enum['no','ask','require']
This options determines client certificate usage.
Default value: $nrpe::params::ssl_client_certs
Data type: Boolean
Whether to log startup SSL/TLS parameters.
Default value: false
Data type: Boolean
Whether to log remote IP address of SSL client.
Default value: false
Data type: Boolean
Whether to log SSL/TLS version of connections.
Default value: false
Data type: Boolean
Whether to log which encryption cipher is being used for SSL connections.
Default value: false
Data type: Boolean
Whether to log if an SSL client has presented a certificate.
Default value: false
Data type: Boolean
Whether to log details of client SSL certificates.
Default value: false
Data type: Boolean
Whether to manage the directory where the PID file should exist.
Default value: false
Data type: Boolean
Whether to manage the group nrpe uses.
Default value: false
Data type: Boolean
Whether to manage the user nrpe uses.
Default value: false
Data type: Optional[String]
An optional string to use for the user's GECOS field.
Default value: undef
Data type: Stdlib::Absolutepath
The absolute path to the home directory to use for the user.
Default value: $nrpe::params::user_home_dir
Data type: Stdlib::Absolutepath
The absolute path to the shell to use for the user.
Default value: $nrpe::params::user_shell
Data type: Stdlib::Absolutepath
Private You should not need to override this parameter.
Default value: $nrpe::params::nrpe_config
Data type: Stdlib::Absolutepath
Private You should not need to override this parameter.
Default value: $nrpe::params::nrpe_include_dir
Data type: Optional[String[1]]
Private You should not need to override this parameter.
Default value: $nrpe::params::nrpe_provider
Data type: String[1]
Private You should not need to override this parameter.
Default value: $nrpe::params::nrpe_service
Data type: Integer[0]
Listen queue size (backlog) for serving incoming connections. You may want to increase this value under high load.
Default value: $nrpe::params::listen_queue_size
Installs NRPE commands
nrpe::command { 'check_users':
ensure => present,
command => 'check_users -w 5 -c 10',
}The following parameters are available in the nrpe::command defined type:
The name of the command.
Data type: String[1]
The command plugin to run and its arguments.
Data type: Enum['present', 'absent']
Whether to install or remove the command.
Default value: present
Data type: Optional[Stdlib::Filemode]
The mode to use for the command file. By default, this parameter is undef, and the command file will use $nrpe::command_file_default_mode.
Default value: undef
Data type: Boolean
Whether the command should use sudo.
Default value: false
Data type: String[1]
The user to run the command as when using sudo.
Default value: 'root'
Installs additional plugins for NRPE
nrpe::plugin { 'check_mem':
ensure => present,
source => 'puppet:///modules/site/nrpe/check_mem',
}The following parameters are available in the nrpe::plugin defined type:
The name of the plugin.
Data type: Enum['present', 'absent']
Whether to install or remove the plugin.
Default value: present
Data type: Optional[String[1]]
Defines the actual content of the plugin file. Should not be used in conjunction with source.
Default value: undef
Data type: Optional[Stdlib::Filesource]
Defines the source of the plugin file. Should not be used in conjunction with content.
Default value: undef
The Nrpe::Sslversion data type.
Alias of Enum['SSLv2', 'SSLv2+', 'SSLv3', 'SSLv3+', 'TLSv1', 'TLSv1+', 'TLSv1.1', 'TLSv1.1+', 'TLSv1.2', 'TLSv1.2+']
The Nrpe::Syslogfacility data type.
Alias of Enum['user', 'mail', 'daemon', 'auth', 'syslog', 'lpr', 'news', 'uucp', 'cron', 'authpriv', 'ftp', 'ntp', 'security', 'console', 'solaris-cron', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7']