manifests/plugins/gpg.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

# check_gpg from
# https://github.com/lelutin/nagios-plugins/blob/master/check_gpg
class nagios::plugins::gpg(
  $keyserver = 'hkp://keys.mayfirst.org',
) {
  require ::gpg
  nagios::plugin{'check_gpg':
    source => 'nagios/plugins/check_gpg',
  }

  $gpg_home = '/var/local/nagios_gpg_homedir'
  file{
    $gpg_home:
      ensure  => 'directory',
      owner   => nagios,
      group   => nagios,
      mode    => '0600',
      require => Nagios::Plugin['check_gpg'];
    '/etc/cron.daily/update_nagios_gpgkeys':
      content => "#!/bin/bash
function gpg() {
  cmd=\$1
  outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}')
  if [ \$? -gt 0 ]; then
   echo \$output
   exit 1
  fi
}

su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --with-fingerprint --list-keys --with-colons | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do
  gpg \"--keyserver ${keyserver} --recv-keys \${key}\"
done
",
      owner   => root,
      group   => 0,
      mode    => '0700',
      require => File[$gpg_home];
  }
  nagios_command {
    'check_gpg':
      command_line => "\$USER1\$/check_gpg --gnupg-homedir ${gpg_home} -w \$ARG1\$ \$ARG2\$",
      require      => Nagios::Plugin['check_gpg'],
  }
}