summaryrefslogtreecommitdiff
path: root/puppet/modules/nagios/manifests/service/gpgkey.pp
blob: df13ca88d5a84f6f1973bb7a2b3501ac163c5c4f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# define a gpgkey to be watched
define nagios::service::gpgkey(
  $ensure         = 'present',
  $warning        = '14',
  $key_info       = undef,
  $check_interval = 60,
){
  validate_slength($name,40,40)
  require ::nagios::plugins::gpg
  $gpg_home = $nagios::plugins::gpg::gpg_home
  $gpg_cmd  = "gpg --homedir ${gpg_home}"

  exec{"manage_key_${name}":
    user  => nagios,
    group => nagios,
  }
  nagios::service{
    "check_gpg_${name}":
      ensure => $ensure;
  }

  if $ensure == 'present' {
    Exec["manage_key_${name}"]{
      command => "${gpg_cmd} --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=${gpg_home}/sks-keyservers.netCA.pem --recv-keys ${name}",
      unless  => "${gpg_cmd} --list-keys ${name}",
      before  => Nagios::Service["check_gpg_${name}"],
    }

    Nagios::Service["check_gpg_${name}"]{
      check_command  => "check_gpg!${warning}!${name}",
      check_interval => $check_interval,
    }
    if $key_info {
      Nagios::Service["check_gpg_${name}"]{
        service_description => "Keyfingerprint: ${name} - Info: ${key_info}",
      }
    } else {
      Nagios::Service["check_gpg_${name}"]{
        service_description => "Keyfingerprint: ${name}",
      }
    }
  } else {
    Exec["manage_key_${name}"]{
      command => "${gpg_cmd} --batch --delete-key ${name}",
      onlyif  => "${gpg_cmd} --list-keys ${name}",
      require => Nagios::Service["check_gpg_${name}"],
    }
  }
}