Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make user nagios managed #41

Closed
rweigle opened this issue Oct 11, 2021 · 3 comments
Closed

Make user nagios managed #41

rweigle opened this issue Oct 11, 2021 · 3 comments
Labels
skip-changelog

Comments

@rweigle
Copy link

rweigle commented Oct 11, 2021

It would be useful if the creation of the nagios user ist optional. In our enviroment due to check_by_ssh with forced_commands the user nagios must be managed separately (by the accounts module). This is in conflict with the icinga module.
A working diff (for Debian):

--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -39,7 +39,6 @@
 #
 class icinga(
   Boolean                              $ca,
-  Boolean                              $manage_user,
   String                               $this_zone,
   Hash[String, Hash]                   $zones,
   Enum['dsa','ecdsa','ed25519','rsa']  $ssh_key_type    = 'rsa',
@@ -135,12 +134,10 @@ class icinga(
             before => User['nagios'],
           }

-          if $manage_user==true {
-            user { 'nagios':
-              ensure => present,
-              shell  => $icinga_shell,
-              before => Class['icinga2'],
-            }
+          user { 'nagios':
+            ensure => present,
+            shell  => $icinga_shell,
+            before => Class['icinga2'],
           }
         } # Debian
@lbetz
Copy link
Contributor

lbetz commented Oct 11, 2021

Hi,

thx for your issue and for using this module.

The module is an easy to use (like profiles) offer and prepared to use in a monitoring environment, also for check_by_ssh. If you need flexible classes, please use icinga/icinga2.

Bye
Lennart

@rweigle
Copy link
Author

rweigle commented Oct 13, 2021

Hi Lennart,

We like the easy usage of the module to set up our icinga environment. We are aware that check_by_ssh is possible but in our case check_by_ssh is used with forced commands:

command="/usr/local/sbin/nagios_wrapper.sh",from="xxx.xxx.xxx.xxx",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa A...."

Therefore we need white spaces in the ssh key which are only supported in the puppetlabs-accounts Module but not with the build in puppet user resouce.
As other parameters of the module (e.g. repos) are already manageable it would be a nice enhancment (for us) if the user is manageable as well.

Thanks Rainer

@lbetz lbetz added this to the v2.6.0 milestone Dec 1, 2021
@lbetz lbetz added enhancement New feature or request and removed enhancement New feature or request labels Dec 1, 2021
@lbetz lbetz removed this from the v2.6.0 milestone Dec 1, 2021
@lbetz
Copy link
Contributor

lbetz commented May 30, 2022

Sorry for the long wait. Currently I would not specify a pubkey, then no authorized_keys will be generated. The file must then be managed separately itself.
For the future I would plan to remove the pubkey part from this class and provide a separate class, since a scenario for ssh without agent is more likely anyway.

@lbetz lbetz mentioned this issue Feb 25, 2024
Merged
@lbetz lbetz closed this as completed Feb 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
skip-changelog
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bastelfreak @lbetz @rweigle