Whitelist the nagios server for denyhosts to prevent it from stupidly blocking Nagios SSH checks
Fixes #49
This commit is contained in:
parent
8c12e26655
commit
79dc1e6cfc
|
@ -1,3 +1,4 @@
|
|||
modules/mysql/spec
|
||||
modules/firewall/spec
|
||||
modules/stdlib/spec
|
||||
*.deb
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
Feature: Secure hosts
|
||||
|
||||
|
||||
Scenario: Ensure the Nagios host is never blocked
|
||||
|
||||
On OSUOSL managed hosts the "denyhosts" package is installed and sometimes
|
||||
the Nagios host (140.211.15.121) can be accidentally blacklisted by the
|
||||
program.
|
||||
|
||||
Given I have an empty Linux machine
|
||||
And I have included the Jenkins base module
|
||||
When I provision the host
|
||||
Then the Nagios server should be whitelisted for denyhosts
|
|
@ -0,0 +1,7 @@
|
|||
Then /^the Nagios server should be whitelisted for denyhosts$/ do
|
||||
whitelist_exists = vm.ssh_into('test -f /var/lib/denyhosts/allowed-hosts')
|
||||
expect(whitelist_exists).to be(true)
|
||||
|
||||
server_whitelisted = vm.ssh_into('grep "140.211.15.121" /var/lib/denyhosts/allowed-hosts')
|
||||
expect(server_whitelisted).to be(true)
|
||||
end
|
|
@ -0,0 +1,15 @@
|
|||
#
|
||||
# Ensure consistent denyhosts settings across all machines
|
||||
#
|
||||
|
||||
class base::denyhosts {
|
||||
file {
|
||||
'/var/lib/denyhosts' :
|
||||
ensure => directory;
|
||||
|
||||
'/var/lib/denyhosts/allowed-hosts' :
|
||||
ensure => present,
|
||||
require => File['/var/lib/denyhosts'],
|
||||
content => "140.211.15.121";
|
||||
}
|
||||
}
|
|
@ -6,13 +6,6 @@
|
|||
# not be loaded on every machine, then it should go elsewhere
|
||||
|
||||
class base {
|
||||
include autoupdate
|
||||
include jenkins-dns
|
||||
include sshd
|
||||
include sudo
|
||||
include stdlib
|
||||
include users-core
|
||||
|
||||
# Unfortunately this module only supports Ubuntu
|
||||
if ($operatingsystem == 'Ubuntu') {
|
||||
include nagios::client
|
||||
|
@ -33,11 +26,18 @@ class base {
|
|||
'base::post' :
|
||||
stage => 'post';
|
||||
|
||||
'packages::git' : ;
|
||||
'packages::wget': ;
|
||||
'packages::ruby': ;
|
||||
'packages::hiera': ;
|
||||
'packages::puppet': ;
|
||||
['autoupdate',
|
||||
'base::denyhosts',
|
||||
'jenkins-dns',
|
||||
'sshd',
|
||||
'sudo',
|
||||
'stdlib',
|
||||
'users-core',
|
||||
'packages::git',
|
||||
'packages::wget',
|
||||
'packages::hiera',
|
||||
'packages::ruby',
|
||||
'packages::puppet'] : ;
|
||||
|
||||
'ntp' :
|
||||
ensure => running,
|
||||
|
|
Loading…
Reference in New Issue