SUNET/soc-ops
9
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Rolling back some custom things i naemon_monitor

Browse source
This commit is contained in:
Johan Björklund 2024-11-29 15:16:34 +01:00
parent d9294646ce
commit 6e2e16e538
Signed by: bjorklund
GPG key ID: 5E8401339C7F5037
7 changed files with 6 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -63,3 +63,8 @@ monitor-dev.cert.sunet.se:
- bjorklund@sunet.se
default_host_group: sunet::nagios::nrpe
nrpe_group: sunet::nagios::nrpe
naemon_extra_volumes:
- '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'
- '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'
- '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'
- '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'

25
global/overlay/etc/puppet/modules/soc/manifests/naemon_monitor.pp
View file

@ -31,7 +31,6 @@ class soc::naemon_monitor (
Optional[Boolean] $receive_otel = false,
String $otel_retention = '2232h',
String $acme_provider = 'acme-d',
Boolean $custom_shib = true,
) {
include sunet::systemd_reload
@ -99,30 +98,6 @@ class soc::naemon_monitor (
sunet::snippets::secret_file { '/opt/naemon_monitor/shib-certs/sp-key.pem': hiera_key => 'shib_key', mode => '0444' }
# assume cert is in cosmos repo (overlay)
}
if $custom_shib {
file {
'/opt/naemon_monitor/shibboleth2.xml':
ensure => file,
content => template('soc/naemon_monitor/shibboleth2.xml.erb'),
mode => '0444',
;
'/opt/naemon_monitor/frontend.xml':
ensure => file,
content => file('soc/naemon_monitor/frontend.xml'),
mode => '0444',
;
'/opt/naemon_monitor/attribute-map.xml':
ensure => file,
content => file('soc/naemon_monitor/attribute-map.xml'),
mode => '0444',
;
'/opt/naemon_monitor/attribute-policy.xml':
ensure => file,
content => file('soc/naemon_monitor/attribute-policy.xml'),
mode => '0444',
;
}
}
$thruk_admins_string = inline_template('ADMIN_USERS=<%- @thruk_admins.each do |user| -%><%= user %>,<%- end -%>')
$thruk_users_string = inline_template('READONLY_USERS=<%- @thruk_users.each do |user| -%><%= user %>,<%- end -%>')

6
global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/docker-compose.yml.erb
View file

@ -58,12 +58,6 @@ services:
- '/opt/naemon_monitor/shib-certs:/etc/shibboleth/certs'
- '/opt/naemon_monitor/data:/var/lib/thruk'
- '/opt/naemon_monitor/menu_local.conf:/etc/thruk/menu_local.conf'
<%- if @custom_shib -%>
- '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'
- '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'
- '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'
- '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'
<% end -%>
<%- @thruk_extra_volumes.each do |extra_volume| -%>
- "<%= extra_volume %>"
<%- end -%>

0
global/overlay/etc/puppet/modules/soc/files/naemon_monitor/attribute-map.xml → monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/attribute-map.xml
View file

0
global/overlay/etc/puppet/modules/soc/files/naemon_monitor/attribute-policy.xml → monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/attribute-policy.xml
View file

0
global/overlay/etc/puppet/modules/soc/files/naemon_monitor/frontend.xml → monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/frontend.xml
View file

2
global/overlay/etc/puppet/modules/soc/templates/naemon_monitor/shibboleth2.xml.erb → monitor-dev.cert.sunet.se/overlay/opt/naemon_monitor/shibboleth2.xml
View file

@ -11,7 +11,7 @@
-->
<!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
<ApplicationDefaults entityID="https://<%= @domain %>"
<ApplicationDefaults entityID="https://monitor-dev.cert.sunet.se"
REMOTE_USER="eppn subject-id"
metadataAttributePrefix="Meta-">