3 files changed, 35 insertions, 29 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
index 6059453b..afc19782 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
@@ -18,7 +18,7 @@
   SSLCACertificatePath /etc/ssl/certs
   SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::commercial_ca_name') %>.crt
   SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.key
-  SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.crt 
+  SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.crt
 
   RequestHeader set X_FORWARDED_PROTO 'https'
 
@@ -49,6 +49,10 @@
  <DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
     PassengerEnabled off
     AllowOverride all
+    # Nagios won't work with setting this option to "DENY",
+    # as set in conf.d/security (#4169). Therefor we allow
+    # it here, only for nagios.
+    Header set X-Frame-Options: "ALLOW"
   </DirectoryMatch>
  <% end -%>
 </VirtualHost>
diff --git a/puppet/modules/site_nagios/manifests/add_host.pp b/puppet/modules/site_nagios/manifests/add_host.pp
index 498552b5..94352de4 100644
--- a/puppet/modules/site_nagios/manifests/add_host.pp
+++ b/puppet/modules/site_nagios/manifests/add_host.pp
@@ -1,31 +1,32 @@
-define site_nagios::add_host {
-  $nagios_host       = $name
-  $nagios_hostname   = $name['domain_internal']
-  $nagios_ip         = $name['ip_address']
-  $nagios_services   = $name['services']
-  $nagios_openvpn_gw = $name['openvpn_gateway_address']
+define site_nagios::add_host (
+  $domain_internal,
+  $ip_address,
+  $services,
+  $openvpn_gateway_address='' ) {
 
-  # Add Nagios host
-  nagios_host { $nagios_hostname:
-    address => $nagios_ip,
-    use     => 'generic-host',
-  }
+    $nagios_hostname = $domain_internal
 
-  # Add Nagios service
+    # Add Nagios host
+    nagios_host { $nagios_hostname:
+      address => $ip_address,
+      use     => 'generic-host',
+    }
 
-  # First, we need to turn the serice array into hash, using a "hash template"
-  # see https://github.com/ashak/puppet-resource-looping
-  $nagios_service_hashpart = {
-    'hostname'    => $nagios_hostname,
-    'ip_address'  => $nagios_ip,
-    'openvpn_gw'  => $nagios_openvpn_gw,
-  }
-  $dynamic_parameters = {
-    'service' => '%s'
-  }
-  $nagios_servicename = "${nagios_hostname}_%s"
+    # Add Nagios service
 
-  $nagios_service_hash = create_resources_hash_from($nagios_servicename, $nagios_services, $nagios_service_hashpart, $dynamic_parameters)
+    # First, we need to turn the serice array into hash, using a "hash template"
+    # see https://github.com/ashak/puppet-resource-looping
+    $nagios_service_hashpart = {
+      'hostname'    => $nagios_hostname,
+      'ip_address'  => $ip_address,
+      'openvpn_gw'  => $openvpn_gateway_address,
+    }
+    $dynamic_parameters = {
+      'service' => '%s'
+    }
+    $nagios_servicename = "${nagios_hostname}_%s"
 
-  create_resources ( site_nagios::add_service, $nagios_service_hash )
+    $nagios_service_hash = create_resources_hash_from($nagios_servicename, $services, $nagios_service_hashpart, $dynamic_parameters)
+
+    create_resources ( site_nagios::add_service, $nagios_service_hash )
 }
diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp
index a088921a..3e1ef7e7 100644
--- a/puppet/modules/site_nagios/manifests/server.pp
+++ b/puppet/modules/site_nagios/manifests/server.pp
@@ -5,9 +5,9 @@ class site_nagios::server inherits nagios::base {
     stage => setup
   }
 
-  $nagios_hiera=hiera('nagios')
+  $nagios_hiera   = hiera('nagios')
   $nagiosadmin_pw = htpasswd_sha1($nagios_hiera['nagiosadmin_pw'])
-  $hosts = $nagios_hiera['hosts']
+  $hosts          = $nagios_hiera['hosts']
 
   include nagios::defaults
   include nagios::base
@@ -35,6 +35,7 @@ class site_nagios::server inherits nagios::base {
     group  => 'nagios',
   }
 
-  site_nagios::add_host {$hosts:}
+  create_resources ( site_nagios::add_host, $hosts )
+
   include site_shorewall::monitor
 }