X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fnagios%2Fmanifests%2Fclient.pp;h=85c471fc9bde87555868f39fcbd79582828f1a1f;hb=fe3c81154c72b3fd5d5911fb3893021ffe6032e0;hp=a49aec527b101dad251080b36c409e1df4d616db;hpb=a7de4760fbf6d2bb39eea6c62c75fe0f2a016367;p=mirror%2Fdsa-puppet.git diff --git a/modules/nagios/manifests/client.pp b/modules/nagios/manifests/client.pp index a49aec527..85c471fc9 100644 --- a/modules/nagios/manifests/client.pp +++ b/modules/nagios/manifests/client.pp @@ -23,8 +23,7 @@ class nagios::client inherits nagios { require => Package["nagios-nrpe-server"], ensure => directory; "/etc/nagios/nrpe.d/debianorg.cfg": - source => [ "puppet:///nagios/per-host/$fqdn/inc-debian.org", - "puppet:///nagios/common/inc-debian.org" ], + content => template("nagios/inc-debian.org.erb"), require => Package["nagios-nrpe-server"], notify => Exec["nagios-nrpe-server restart"]; "/etc/nagios/nrpe.d/nrpe_dsa.cfg": @@ -38,8 +37,7 @@ class nagios::client inherits nagios { require => Package["dsa-nagios-checks"]; "/etc/nagios/obsolete-packages-ignore.d/hostspecific": - source => [ "puppet:///nagios/per-host/$fqdn/obsolete-packages-ignore.d-hostspecific", - "puppet:///nagios/common/obsolete-packages-ignore.d-hostspecific" ], + content => template("nagios/obsolete-packages-ignore.d-hostspecific.erb"), require => Package["dsa-nagios-checks"]; } @@ -47,4 +45,13 @@ class nagios::client inherits nagios { path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", refreshonly => true, } + @ferm::rule { "dsa-nagios-v4": + description => "Allow nrpe from nagios master", + rule => "proto tcp mod state state (NEW) dport (5666) @subchain 'nagios' { saddr (\$HOST_NAGIOS_V4) ACCEPT; }" + } + @ferm::rule { "dsa-nagios-v6": + description => "Allow nrpe from nagios master", + domain => "ip6", + rule => "proto tcp mod state state (NEW) dport (5666) @subchain 'nagios' { saddr (\$HOST_NAGIOS_V6) ACCEPT; }" + } }