make dns primary export and keyring host collect firewall rules for the openpgpkey...

[mirror/dsa-puppet.git] / modules / nagios / manifests / server.pp

diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp
index c40c1b9..afe6c99 100644 (file)
--- a/modules/nagios/manifests/server.pp
+++ b/modules/nagios/manifests/server.pp
@@ -133,4 +133,16 @@ class nagios::server {
       */15 * * * * root find /var/lib/icinga/status.dat -mmin +20 | grep -q . && service icinga restart
       | EOF
   }
+
+  # The nagios server wants to do DNS queries on the primaries
+  @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+    tag         => [
+                    'named::primary::ferm',
+                    'named::keyring::ferm',
+                   ],
+    description => 'Allow nagios master access to the primary for checks',
+    proto       => ['udp', 'tcp'],
+    port        => 'domain',
+    saddr       => $base::public_addresses,
+  }
 }