notify => Service['munin-node'],
}
- ferm::rule { 'dsa-munin-v4':
- description => 'Allow munin from munin master',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V4 $HOST_NAGIOS_V4) ACCEPT; }',
- notarule => true,
- }
-
- ferm::rule { 'dsa-munin-v6':
- description => 'Allow munin from munin master',
- domain => 'ip6',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V6 $HOST_NAGIOS_V6) ACCEPT; }',
- notarule => true,
- }
-
@@munin::master_per_node { $::fqdn: }
package { 'munin-async':
| EOF
}
file { '/etc/ssh/userkeys/munin-async':
- source => 'puppet:///modules/munin/munin-async-authkeys',
+ ensure => 'absent',
+ }
+ ssh::authorized_key_collect { 'munin-async-fetcher':
+ target_user => 'munin-async',
+ collect_tag => 'munin::munin-async-fetch',
}
}