From 5e92209e5b284e0f0d99c30e555cc498a39c396e Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:23:44 +0200 Subject: introduce gpg checks --- manifests/plugins/gpg.pp | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 manifests/plugins/gpg.pp (limited to 'manifests/plugins/gpg.pp') diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp new file mode 100644 index 0000000..d8c1d40 --- /dev/null +++ b/manifests/plugins/gpg.pp @@ -0,0 +1,43 @@ +# check_gpg from +# https://github.com/lelutin/nagios-plugins/blob/master/check_gpg +class nagios::plugins::gpg { + require ::gnupg + nagios::plugin{'check_gpg': + source => 'nagios/plugins/check_gpg', + } + + $gpg_home = '/var/local/nagios_gpg_homedir' + file{ + $gpg_home: + ensure => 'directory', + owner => nagios, + group => nagios, + mode => '0600', + require => Nagios::Plugin['check_gpg']; + '/etc/cron.daily/update_nagios_gpgkeys': + content => "!#/bin/bash +function exec() { + cmd=\$1 + outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}') + if [ \$? -gt 0 ]; then + echo \$output + exit 1 + fi +} + +gpg('--with-fingerprint --list-keys --with-colons') | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do + gpg(\"--recv-keys \${key}\") +done +", + owner => root, + group => 0, + mode => '0700', + require => File[$gpg_home]; + } + nagios_command { + 'check_gnupg': + command_line => "\$USER1\$/check_gpg --gnupg-homedir ${gpg_home} -w \$ARG1\$ \$ARG2\$", + require => Nagios::Plugin['check_gpg'], + } +} + -- cgit v1.2.3 From c754ec94b331828588b6a3c2423ef9f21c849e18 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:32:28 +0200 Subject: the module is called gpg --- manifests/plugins/gpg.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/plugins/gpg.pp') diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index d8c1d40..3493ff8 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -1,7 +1,7 @@ # check_gpg from # https://github.com/lelutin/nagios-plugins/blob/master/check_gpg class nagios::plugins::gpg { - require ::gnupg + require ::gpg nagios::plugin{'check_gpg': source => 'nagios/plugins/check_gpg', } -- cgit v1.2.3 From e0b08c71a7aaa721481a5662dc3c4eef143f32e4 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:52:12 +0200 Subject: make it possible to define the keyserver to fetch from --- manifests/plugins/gpg.pp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'manifests/plugins/gpg.pp') diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index 3493ff8..198f5ab 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -1,6 +1,8 @@ # check_gpg from # https://github.com/lelutin/nagios-plugins/blob/master/check_gpg -class nagios::plugins::gpg { +class nagios::plugins::gpg( + $keyserver = 'hkp://keys.mayfirst.org', +) { require ::gpg nagios::plugin{'check_gpg': source => 'nagios/plugins/check_gpg', @@ -15,8 +17,8 @@ class nagios::plugins::gpg { mode => '0600', require => Nagios::Plugin['check_gpg']; '/etc/cron.daily/update_nagios_gpgkeys': - content => "!#/bin/bash -function exec() { + content => "#!/bin/bash +function gpg() { cmd=\$1 outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}') if [ \$? -gt 0 ]; then @@ -25,8 +27,8 @@ function exec() { fi } -gpg('--with-fingerprint --list-keys --with-colons') | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do - gpg(\"--recv-keys \${key}\") +su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --with-fingerprint --list-keys --with-colons | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do + gpg \"--keyserver ${keyserver} --recv-keys \${key}\" done ", owner => root, -- cgit v1.2.3 From 41cf7666abb78020c7ea3a331bd65f709e73fbf8 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:01:11 +0200 Subject: correct naming --- manifests/plugins/gpg.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/plugins/gpg.pp') diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index 198f5ab..632ad1f 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -37,7 +37,7 @@ done require => File[$gpg_home]; } nagios_command { - 'check_gnupg': + 'check_gpg': command_line => "\$USER1\$/check_gpg --gnupg-homedir ${gpg_home} -w \$ARG1\$ \$ARG2\$", require => Nagios::Plugin['check_gpg'], } -- cgit v1.2.3 From 3a39c6e693a835d98ed382bdc3ce72eac31ea664 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 16 Oct 2015 15:38:20 +0200 Subject: fetch things over hkps and on every check --- manifests/plugins/gpg.pp | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) (limited to 'manifests/plugins/gpg.pp') diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index 632ad1f..a09736a 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -1,8 +1,6 @@ # check_gpg from # https://github.com/lelutin/nagios-plugins/blob/master/check_gpg -class nagios::plugins::gpg( - $keyserver = 'hkp://keys.mayfirst.org', -) { +class nagios::plugins::gpg { require ::gpg nagios::plugin{'check_gpg': source => 'nagios/plugins/check_gpg', @@ -16,25 +14,12 @@ class nagios::plugins::gpg( group => nagios, mode => '0600', require => Nagios::Plugin['check_gpg']; - '/etc/cron.daily/update_nagios_gpgkeys': - content => "#!/bin/bash -function gpg() { - cmd=\$1 - outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}') - if [ \$? -gt 0 ]; then - echo \$output - exit 1 - fi -} - -su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --with-fingerprint --list-keys --with-colons | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do - gpg \"--keyserver ${keyserver} --recv-keys \${key}\" -done -", - owner => root, + "${gpg_home}/sks-keyservers.netCA.pem": + source => 'puppet:///modules/nagios/plugin_data/sks-keyservers.netCA.pem', + owner => nagios, group => 0, - mode => '0700', - require => File[$gpg_home]; + mode => '0400', + before => Nagios_command['check_gpg']; } nagios_command { 'check_gpg': -- cgit v1.2.3