- @ferm::rule { 'dsa-munin-v4':
- description => 'Allow munin from munin master',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V4 $HOST_NAGIOS_V4) ACCEPT; }',
- notarule => true,
- }
-
- @ferm::rule { 'dsa-munin-v6':
- description => 'Allow munin from munin master',
- domain => 'ip6',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V6 $HOST_NAGIOS_V6) ACCEPT; }',
- notarule => true,
- }
-
- @@munin::master-per-node {
- $::fqdn:
- ipaddress => $::ipaddress,
- munin_async => $::munin_async,
- ;
- }
-
- #if $::munin_async and str2bool($::munin_async) == true {
- # file { '/etc/ssh/userkeys/munin-async':
- # source => 'puppet:///modules/munin/munin-async-authkeys',
- # }
- #} else {
- # file { '/etc/ssh/userkeys/munin-async':
- # ensure => 'absent',
- # }
- #}
- if $::lsbmajdistrelease == "testing" or $::lsbmajdistrelease >= 7 {
- package { 'munin-async':
- ensure => installed
- }
- file { '/etc/ssh/userkeys/munin-async':
- source => 'puppet:///modules/munin/munin-async-authkeys',
- }
- }
+ package { 'munin-async':
+ ensure => installed
+ }
+ service { 'munin-async':
+ ensure => running,
+ require => Package['munin-async'],
+ }
+ dsa_systemd::override { 'munin-async':
+ content => @("EOF"),
+ [Service]
+ RestartSec=10
+ | EOF
+ }
+ file { '/etc/ssh/userkeys/munin-async':
+ ensure => 'absent',
+ }
+ ssh::authorized_key_collect { 'munin-async-fetcher':
+ target_user => 'munin-async',
+ collect_tag => 'munin::munin-async-fetch',
+ }