diff --git a/manifests/params.pp b/manifests/params.pp index b33fe0214..bcfd85586 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -135,6 +135,7 @@ $ldap_cacert = undef $ldap_clientcert = undef $ldap_clientkey = undef + $ldap_reqcert = undef $server_api_pass = 'zabbix' $server_api_user = 'Admin' diff --git a/manifests/web.pp b/manifests/web.pp index 98ab6b384..b98bb93d9 100644 --- a/manifests/web.pp +++ b/manifests/web.pp @@ -151,6 +151,9 @@ # [*ldap_clientkey*] # Set location of client key used by LDAP authentication. # +# [*ldap_reqcert *] +# Specifies what checks to perform on a server certificate +# # [*puppetgem*] # Provider for the zabbixapi gem package # @@ -183,50 +186,51 @@ # Copyright 2016 Werner Dijkerman # class zabbix::web ( - $zabbix_url = $zabbix::params::zabbix_url, - $database_type = $zabbix::params::database_type, - $manage_repo = $zabbix::params::manage_repo, - $zabbix_version = $zabbix::params::zabbix_version, - $zabbix_timezone = $zabbix::params::zabbix_timezone, - $zabbix_package_state = $zabbix::params::zabbix_package_state, - $zabbix_template_dir = $zabbix::params::zabbix_template_dir, - $web_config_owner = $zabbix::params::web_config_owner, - $web_config_group = $zabbix::params::web_config_group, - $manage_vhost = $zabbix::params::manage_vhost, - $default_vhost = $zabbix::params::default_vhost, - $manage_resources = $zabbix::params::manage_resources, - $apache_use_ssl = $zabbix::params::apache_use_ssl, - $apache_ssl_cert = $zabbix::params::apache_ssl_cert, - $apache_ssl_key = $zabbix::params::apache_ssl_key, - $apache_ssl_cipher = $zabbix::params::apache_ssl_cipher, - $apache_ssl_chain = $zabbix::params::apache_ssl_chain, - $apache_listen_ip = $zabbix::params::apache_listen_ip, - $apache_listenport = $zabbix::params::apache_listenport, - $apache_listenport_ssl = $zabbix::params::apache_listenport_ssl, - $zabbix_api_user = $zabbix::params::server_api_user, - $zabbix_api_pass = $zabbix::params::server_api_pass, - $database_host = $zabbix::params::server_database_host, - $database_name = $zabbix::params::server_database_name, - $database_schema = $zabbix::params::server_database_schema, - $database_user = $zabbix::params::server_database_user, - $database_password = $zabbix::params::server_database_password, - $database_socket = $zabbix::params::server_database_socket, - $database_port = $zabbix::params::server_database_port, - $zabbix_server = $zabbix::params::zabbix_server, - Optional[String] $zabbix_server_name = $zabbix::params::zabbix_server, - $zabbix_listenport = $zabbix::params::server_listenport, - $apache_php_max_execution_time = $zabbix::params::apache_php_max_execution_time, - $apache_php_memory_limit = $zabbix::params::apache_php_memory_limit, - $apache_php_post_max_size = $zabbix::params::apache_php_post_max_size, - $apache_php_upload_max_filesize = $zabbix::params::apache_php_upload_max_filesize, - $apache_php_max_input_time = $zabbix::params::apache_php_max_input_time, - $apache_php_always_populate_raw_post_data = $zabbix::params::apache_php_always_populate_raw_post_data, - $apache_php_max_input_vars = $zabbix::params::apache_php_max_input_vars, - $ldap_cacert = $zabbix::params::ldap_cacert, - $ldap_clientcert = $zabbix::params::ldap_clientcert, - $ldap_clientkey = $zabbix::params::ldap_clientkey, - $puppetgem = $zabbix::params::puppetgem, - Boolean $manage_selinux = $zabbix::params::manage_selinux, + $zabbix_url = $zabbix::params::zabbix_url, + $database_type = $zabbix::params::database_type, + $manage_repo = $zabbix::params::manage_repo, + $zabbix_version = $zabbix::params::zabbix_version, + $zabbix_timezone = $zabbix::params::zabbix_timezone, + $zabbix_package_state = $zabbix::params::zabbix_package_state, + $zabbix_template_dir = $zabbix::params::zabbix_template_dir, + $web_config_owner = $zabbix::params::web_config_owner, + $web_config_group = $zabbix::params::web_config_group, + $manage_vhost = $zabbix::params::manage_vhost, + $default_vhost = $zabbix::params::default_vhost, + $manage_resources = $zabbix::params::manage_resources, + $apache_use_ssl = $zabbix::params::apache_use_ssl, + $apache_ssl_cert = $zabbix::params::apache_ssl_cert, + $apache_ssl_key = $zabbix::params::apache_ssl_key, + $apache_ssl_cipher = $zabbix::params::apache_ssl_cipher, + $apache_ssl_chain = $zabbix::params::apache_ssl_chain, + $apache_listen_ip = $zabbix::params::apache_listen_ip, + $apache_listenport = $zabbix::params::apache_listenport, + $apache_listenport_ssl = $zabbix::params::apache_listenport_ssl, + $zabbix_api_user = $zabbix::params::server_api_user, + $zabbix_api_pass = $zabbix::params::server_api_pass, + $database_host = $zabbix::params::server_database_host, + $database_name = $zabbix::params::server_database_name, + $database_schema = $zabbix::params::server_database_schema, + $database_user = $zabbix::params::server_database_user, + $database_password = $zabbix::params::server_database_password, + $database_socket = $zabbix::params::server_database_socket, + $database_port = $zabbix::params::server_database_port, + $zabbix_server = $zabbix::params::zabbix_server, + Optional[String] $zabbix_server_name = $zabbix::params::zabbix_server, + $zabbix_listenport = $zabbix::params::server_listenport, + $apache_php_max_execution_time = $zabbix::params::apache_php_max_execution_time, + $apache_php_memory_limit = $zabbix::params::apache_php_memory_limit, + $apache_php_post_max_size = $zabbix::params::apache_php_post_max_size, + $apache_php_upload_max_filesize = $zabbix::params::apache_php_upload_max_filesize, + $apache_php_max_input_time = $zabbix::params::apache_php_max_input_time, + $apache_php_always_populate_raw_post_data = $zabbix::params::apache_php_always_populate_raw_post_data, + $apache_php_max_input_vars = $zabbix::params::apache_php_max_input_vars, + $ldap_cacert = $zabbix::params::ldap_cacert, + $ldap_clientcert = $zabbix::params::ldap_clientcert, + $ldap_clientkey = $zabbix::params::ldap_clientkey, + Optional[Enum['never','allow','try','demand','hard']] $ldap_reqcert = $zabbix::params::ldap_reqcert, + $puppetgem = $zabbix::params::puppetgem, + Boolean $manage_selinux = $zabbix::params::manage_selinux, ) inherits zabbix::params { # check osfamily, Arch is currently not supported for web diff --git a/templates/web/zabbix.conf.php.erb b/templates/web/zabbix.conf.php.erb index 7b89672ff..25546d812 100644 --- a/templates/web/zabbix.conf.php.erb +++ b/templates/web/zabbix.conf.php.erb @@ -33,4 +33,7 @@ putenv("LDAPTLS_CERT=<%= @ldap_clientcrt %>"); <% if @ldap_clientkey %> putenv("LDAPTLS_KEY=<%= @ldap_clientkey %>"); <% end %> +<% if @ldap_reqcert %> +putenv("TLS_REQCERT=<%= @ldap_reqcert %>"); +<% end %> ?>