merge munin_ip v4 and v6 into one rule

[mirror/dsa-puppet.git] / modules / ferm / templates / interfaces.conf.erb

diff --git a/modules/ferm/templates/interfaces.conf.erb b/modules/ferm/templates/interfaces.conf.erb
index 8092282..f017050 100644 (file)
--- a/modules/ferm/templates/interfaces.conf.erb
+++ b/modules/ferm/templates/interfaces.conf.erb
@@ -1,9 +1,17 @@
-$MUNIN_IFS = (<%=
-ifs = []
-interfaces.split(',').each do |iface|
-  next unless Kernel.local_variables.include?("ipaddress_" + iface)
-  ifs << iface
+def $MUNIN_IPS = (<%=
+begin
+       scope.lookupvar('site::nodeinfo')['misc']['v4addrs'].join(' ')
+rescue
+       ''
+end
+%>);
+def $MUNIN_IPS = ($MUNIN_IPS <%=
+begin
+       scope.lookupvar('site::nodeinfo')['misc']['v6addrs'].join(' ')
+rescue
+       ''
 end
-ifs.join(' ')
 %>);
 
+domain (ip ip6) { chain INPUT  { daddr ($MUNIN_IPS) NOP; } }
+domain (ip ip6) { chain OUTPUT { saddr ($MUNIN_IPS) NOP; } }