projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add re-al-i.com upon Gannefs request
[mirror/dsa-puppet.git]
/
modules
/
munin
/
manifests
/
init.pp
diff --git
a/modules/munin/manifests/init.pp
b/modules/munin/manifests/init.pp
index
aa7dbdb
..
2ae6429
100644
(file)
--- a/
modules/munin/manifests/init.pp
+++ b/
modules/munin/manifests/init.pp
@@
-9,6
+9,23
@@
class munin {
require => Package['munin-node'],
}
require => Package['munin-node'],
}
+ $owner = $::lsbdistcodename ? {
+ squeeze => munin,
+ wheezy => root
+ }
+
+ $gid = $::lsbdistcodename ? {
+ squeeze => adm,
+ wheezy => 'www-data',
+ }
+
+ file { '/var/log/munin':
+ ensure => directory,
+ owner => $owner,
+ group => $gid,
+ mode => '0755',
+ }
+
file { '/etc/munin/munin-node.conf':
content => template('munin/munin-node.conf.erb'),
require => Package['munin-node'],
file { '/etc/munin/munin-node.conf':
content => template('munin/munin-node.conf.erb'),
require => Package['munin-node'],
@@
-30,14
+47,14
@@
class munin {
@ferm::rule { 'dsa-munin-v4':
description => 'Allow munin from munin master',
@ferm::rule { 'dsa-munin-v4':
description => 'Allow munin from munin master',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain
'munin' { saddr (\$HOST_MUNIN_V4 \
$HOST_NAGIOS_V4) ACCEPT; }',
+ rule => 'proto tcp mod state state (NEW) dport (munin) @subchain
\'munin\' { saddr ($HOST_MUNIN_V4
$HOST_NAGIOS_V4) ACCEPT; }',
notarule => true,
}
@ferm::rule { 'dsa-munin-v6':
description => 'Allow munin from munin master',
domain => 'ip6',
notarule => true,
}
@ferm::rule { 'dsa-munin-v6':
description => 'Allow munin from munin master',
domain => 'ip6',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain
'munin' { saddr (\$HOST_MUNIN_V6 \
$HOST_NAGIOS_V6) ACCEPT; }',
+ rule => 'proto tcp mod state state (NEW) dport (munin) @subchain
\'munin\' { saddr ($HOST_MUNIN_V6
$HOST_NAGIOS_V6) ACCEPT; }',
notarule => true,
}
}
notarule => true,
}
}