From 286859e3957f1c64ec583d274903b1ca2a47ea67 Mon Sep 17 00:00:00 2001 From: Simon Josi Date: Thu, 4 Feb 2010 11:04:13 +0100 Subject: syntax --- manifests/plugin.pp | 2 -- 1 file changed, 2 deletions(-) (limited to 'manifests/plugin.pp') diff --git a/manifests/plugin.pp b/manifests/plugin.pp index 1fa4651..e688a39 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -3,8 +3,6 @@ # See LICENSE for the full license granted to you. # adapted and improved by admin(at)immerda.ch -### defines - define munin::plugin ( $ensure = "present", $script_path_in = '', -- cgit v1.2.3 From d459255da087bda68627dc5c228056b6ebf7036b Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 15 Feb 2012 18:17:14 +0100 Subject: manage selinux if enabled of plugins we manage --- manifests/plugin.pp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'manifests/plugin.pp') diff --git a/manifests/plugin.pp b/manifests/plugin.pp index 69b7322..b76a5da 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -21,7 +21,7 @@ define munin::plugin ( file { $plugin: ensure => absent, } } default: { - case $kernel { + case $::kernel { openbsd: { $basic_require = File['/var/run/munin'] } default: { $basic_require = Package['munin-node'] } } @@ -35,7 +35,11 @@ define munin::plugin ( require => $real_require, notify => Service['munin-node']; } - + if $::selinux == 'true' { + File[$plugin]{ + setype => 'munin_services_plugin_exec_t', + } + } } } case $config { -- cgit v1.2.3 From 71d458239f7e8f175c3180d95f0b7770aea91ff0 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 15 Feb 2012 18:25:11 +0100 Subject: correct param --- manifests/plugin.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/plugin.pp') diff --git a/manifests/plugin.pp b/manifests/plugin.pp index b76a5da..30139ea 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -37,7 +37,7 @@ define munin::plugin ( } if $::selinux == 'true' { File[$plugin]{ - setype => 'munin_services_plugin_exec_t', + seltype => 'munin_services_plugin_exec_t', } } } -- cgit v1.2.3 From df6d136c29b035616ba5bbf5efd9b16f3a22338e Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 16 Feb 2012 15:57:22 +0100 Subject: set correct labels for munin plugins --- manifests/plugin.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/plugin.pp') diff --git a/manifests/plugin.pp b/manifests/plugin.pp index 30139ea..c1f488b 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -37,7 +37,7 @@ define munin::plugin ( } if $::selinux == 'true' { File[$plugin]{ - seltype => 'munin_services_plugin_exec_t', + seltype => 'munin_etc_t', } } } -- cgit v1.2.3 From f2a0d2623b36e6105f31e51d99cbd349adaa30d7 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 25 Feb 2012 13:54:48 +0100 Subject: CentOS 5 does not yet have a munin policy --- manifests/plugin.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/plugin.pp') diff --git a/manifests/plugin.pp b/manifests/plugin.pp index c1f488b..9f799aa 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -35,7 +35,7 @@ define munin::plugin ( require => $real_require, notify => Service['munin-node']; } - if $::selinux == 'true' { + if ($::selinux == 'true') and (($::operatingsystem != 'CentOS') or ($::operatingsystem == 'CentOS' and $::lsbmajdistrelease != '5')){ File[$plugin]{ seltype => 'munin_etc_t', } -- cgit v1.2.3 From 9fd1de5acd9064a0d67ca9d2c13a829a3f628f39 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 5 Jun 2012 19:39:49 -0300 Subject: new style for 2.7 --- manifests/plugin.pp | 104 ++++++++++++++++++++++++++-------------------------- 1 file changed, 52 insertions(+), 52 deletions(-) (limited to 'manifests/plugin.pp') diff --git a/manifests/plugin.pp b/manifests/plugin.pp index 9f799aa..fec7b6b 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -4,65 +4,65 @@ # adapted and improved by admin(at)immerda.ch define munin::plugin ( - $ensure = "present", - $script_path_in = '', - $config = '') -{ - include munin::plugin::scriptpaths - $real_script_path = $script_path_in ? { '' => $munin::plugin::scriptpaths::script_path, default => $script_path_in } + $ensure = "present", + $script_path_in = '', + $config = '' +) { + include munin::plugin::scriptpaths + $real_script_path = $script_path_in ? { '' => $munin::plugin::scriptpaths::script_path, default => $script_path_in } - $plugin_src = $ensure ? { "present" => $name, default => $ensure } - $plugin = "/etc/munin/plugins/$name" - $plugin_conf = "/etc/munin/plugin-conf.d/$name.conf" + $plugin_src = $ensure ? { "present" => $name, default => $ensure } + $plugin = "/etc/munin/plugins/${name}" + $plugin_conf = "/etc/munin/plugin-conf.d/${name}.conf" - include munin::plugins::setup - case $ensure { - "absent": { - file { $plugin: ensure => absent, } - } - default: { - case $::kernel { - openbsd: { $basic_require = File['/var/run/munin'] } - default: { $basic_require = Package['munin-node'] } - } - if $require { - $real_require = [ $require, $basic_require ] - } else { - $real_require = $basic_require - } - file { $plugin: - ensure => "${real_script_path}/${plugin_src}", - require => $real_require, - notify => Service['munin-node']; - } - if ($::selinux == 'true') and (($::operatingsystem != 'CentOS') or ($::operatingsystem == 'CentOS' and $::lsbmajdistrelease != '5')){ - File[$plugin]{ - seltype => 'munin_etc_t', - } - } + include munin::plugins::setup + case $ensure { + "absent": { + file { $plugin: ensure => absent, } + } + default: { + case $::kernel { + openbsd: { $basic_require = File['/var/run/munin'] } + default: { $basic_require = Package['munin-node'] } + } + if $require { + $real_require = [ $require, $basic_require ] + } else { + $real_require = $basic_require + } + file { $plugin: + ensure => "${real_script_path}/${plugin_src}", + require => $real_require, + notify => Service['munin-node']; + } + if ($::selinux == 'true') and (($::operatingsystem != 'CentOS') or ($::operatingsystem == 'CentOS' and $::lsbmajdistrelease != '5')){ + File[$plugin]{ + seltype => 'munin_etc_t', } + } + } + } + case $config { + '': { + file { $plugin_conf: ensure => absent } } - case $config { - '': { - file { $plugin_conf: ensure => absent } + default: { + case $ensure { + absent: { + file { $plugin_conf: ensure => absent } } default: { - case $ensure { - absent: { - file { $plugin_conf: ensure => absent } - } - default: { - file { $plugin_conf: - content => "[${name}]\n$config\n", - mode => 0644, owner => root, group => 0, - } - if $require { - File[$plugin_conf]{ - require +> $require, - } - } - } + file { $plugin_conf: + content => "[${name}]\n$config\n", + mode => 0644, owner => root, group => 0, + } + if $require { + File[$plugin_conf]{ + require +> $require, } + } } + } } + } } -- cgit v1.2.3 From b7228e65b66b72709f59709618a7c7be1ce795ef Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 8 Jun 2012 13:03:50 -0300 Subject: refactor things for >2.7 --- manifests/plugin.pp | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) (limited to 'manifests/plugin.pp') diff --git a/manifests/plugin.pp b/manifests/plugin.pp index fec7b6b..af8b44a 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -21,18 +21,12 @@ define munin::plugin ( file { $plugin: ensure => absent, } } default: { - case $::kernel { - openbsd: { $basic_require = File['/var/run/munin'] } - default: { $basic_require = Package['munin-node'] } - } - if $require { - $real_require = [ $require, $basic_require ] - } else { - $real_require = $basic_require - } file { $plugin: ensure => "${real_script_path}/${plugin_src}", - require => $real_require, + require => $::kernel ? { + OpenBSD => File['/var/run/munin'], + default => Package['munin-node'] + }, notify => Service['munin-node']; } if ($::selinux == 'true') and (($::operatingsystem != 'CentOS') or ($::operatingsystem == 'CentOS' and $::lsbmajdistrelease != '5')){ @@ -56,11 +50,6 @@ define munin::plugin ( content => "[${name}]\n$config\n", mode => 0644, owner => root, group => 0, } - if $require { - File[$plugin_conf]{ - require +> $require, - } - } } } } -- cgit v1.2.3 From d3dae3c834c37f689af3d1b08bc0c1fd4762bd91 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 28 Feb 2013 19:14:56 +0100 Subject: linting --- manifests/plugin.pp | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) (limited to 'manifests/plugin.pp') diff --git a/manifests/plugin.pp b/manifests/plugin.pp index af8b44a..e9e5dba 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -1,33 +1,30 @@ -# plugin.pp - configure a specific munin plugin -# Copyright (C) 2007 David Schmitt -# See LICENSE for the full license granted to you. -# adapted and improved by admin(at)immerda.ch - +# configure a specific munin plugin define munin::plugin ( - $ensure = "present", + $ensure = 'present', $script_path_in = '', - $config = '' + $config = '' ) { include munin::plugin::scriptpaths $real_script_path = $script_path_in ? { '' => $munin::plugin::scriptpaths::script_path, default => $script_path_in } - $plugin_src = $ensure ? { "present" => $name, default => $ensure } + $plugin_src = $ensure ? { 'present' => $name, default => $ensure } $plugin = "/etc/munin/plugins/${name}" $plugin_conf = "/etc/munin/plugin-conf.d/${name}.conf" include munin::plugins::setup case $ensure { - "absent": { + 'absent': { file { $plugin: ensure => absent, } } default: { + $dep = $::kernel ? { + OpenBSD => File['/var/run/munin'], + default => Package['munin-node'] + } file { $plugin: - ensure => "${real_script_path}/${plugin_src}", - require => $::kernel ? { - OpenBSD => File['/var/run/munin'], - default => Package['munin-node'] - }, - notify => Service['munin-node']; + ensure => "${real_script_path}/${plugin_src}", + require => $dep, + notify => Service['munin-node']; } if ($::selinux == 'true') and (($::operatingsystem != 'CentOS') or ($::operatingsystem == 'CentOS' and $::lsbmajdistrelease != '5')){ File[$plugin]{ @@ -47,8 +44,10 @@ define munin::plugin ( } default: { file { $plugin_conf: - content => "[${name}]\n$config\n", - mode => 0644, owner => root, group => 0, + content => "[${name}]\n${config}\n", + owner => root, + group => 0, + mode => '0644', } } } -- cgit v1.2.3 From e822d6140b1ffea7d85546062376a7e464a3cb61 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 20 Mar 2013 12:01:14 +0100 Subject: Security: plugin-config should not me world readable as it might contain passwords --- manifests/plugin.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/plugin.pp') diff --git a/manifests/plugin.pp b/manifests/plugin.pp index e9e5dba..36fc81b 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -47,7 +47,7 @@ define munin::plugin ( content => "[${name}]\n${config}\n", owner => root, group => 0, - mode => '0644', + mode => '0640', } } } -- cgit v1.2.3