X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fmunin%2Fmanifests%2Finit.pp;h=9684a2944424c25ab09ebcf5734217c0e0cf1a73;hb=a1a4b4db849c65d480f3ee70533b5c2f51445832;hp=aa7dbdbf30f715c95b2cb9ca42704c61adb6a270;hpb=98084fe27d72ced18fbf86d63be56d91d59d8852;p=mirror%2Fdsa-puppet.git

diff --git a/modules/munin/manifests/init.pp b/modules/munin/manifests/init.pp
index aa7dbdbf3..9684a2944 100644
--- a/modules/munin/manifests/init.pp
+++ b/modules/munin/manifests/init.pp
@@ -9,6 +9,25 @@ class munin {
 		require => Package['munin-node'],
 	}
 
+	$owner = $::lsbdistcodename ? {
+		squeeze => munin,
+		wheezy  => root,
+		undef => munin,
+	}
+
+	$gid = $::lsbdistcodename ? {
+		squeeze => adm,
+		wheezy  => 'www-data',
+		undef => adm,
+	}
+
+	file { '/var/log/munin':
+		ensure => directory,
+		owner  => $owner,
+		group  => $gid,
+		mode   => '0755',
+	}
+
 	file { '/etc/munin/munin-node.conf':
 		content => template('munin/munin-node.conf.erb'),
 		require => Package['munin-node'],
@@ -30,14 +49,31 @@ class munin {
 
 	@ferm::rule { 'dsa-munin-v4':
 		description     => 'Allow munin from munin master',
-		rule            => 'proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN_V4 \$HOST_NAGIOS_V4) ACCEPT; }',
+		rule            => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V4 $HOST_NAGIOS_V4) ACCEPT; }',
 		notarule        => true,
 	}
 
 	@ferm::rule { 'dsa-munin-v6':
 		description     => 'Allow munin from munin master',
 		domain          => 'ip6',
-		rule            => 'proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN_V6 \$HOST_NAGIOS_V6) ACCEPT; }',
+		rule            => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V6 $HOST_NAGIOS_V6) ACCEPT; }',
 		notarule        => true,
 	}
+
+	@@munin::master-per-node {
+		$::fqdn:
+			ipaddress   => $::ipaddress,
+			munin_async => $::munin_async,
+			;
+	}
+
+	if $::munin_async and str2bool($::munin_async) == true {
+		file { '/etc/ssh/userkeys/munin-async':
+			source => 'puppet:///modules/munin/munin-async-authkeys',
+		}
+	} else {
+		file { '/etc/ssh/userkeys/munin-async':
+			ensure => 'absent',
+		}
+	}
 }