projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
[mirror/dsa-puppet.git] / modules / nagios / manifests / server.pp
diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp
index 06cd0ee..a67e17e 100644 (file)
--- a/modules/nagios/manifests/server.pp
+++ b/modules/nagios/manifests/server.pp
@@ -1,3 +1,7 @@
+# our nagios server class
+#
+# it includes stored ferm configs for all the things it needs to access
+# which are then collected by the monitored services
 class nagios::server {
   include apache2
   include apache2::ssl
@@ -153,9 +157,23 @@ class nagios::server {
     port        => '5666',
     saddr       => $base::public_addresses,
   }
-  @@concat { "nrpe-debian-allow-${::fqdn}":
+  @@concat::fragment { "nrpe-debian-allow-${::fqdn}":
     tag     => 'nagios-nrpe::server::debianorg.cfg',
     target  => '/etc/nagios/nrpe.d/debianorg.cfg',
     content => "allowed_hosts=${ $base::public_addresses.join(', ') }",
   }
+  # and we want to monitor smtp servers
+  @@ferm::rule::simple { "dsa-smtp-from-nagios-${::fqdn}":
+    tag         => 'smtp::server::to::mail-satellite',
+    description => 'Allow smtp access from the nagios server',
+    port        => '7', # will be overwritten on collection
+    saddr       => $base::public_addresses,
+  }
+  # and we want to monitor ssh
+  @@ferm::rule::simple { "dsa-ssh-from-nagios-${::fqdn}":
+    tag         => 'ssh::server::from::nagios',
+    description => 'Allow ssh access from the nagios server',
+    chain       => 'ssh',
+    saddr       => $base::public_addresses,
+  }
 }
Unnamed repository; edit this file 'description' to name the repository.