X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fnagios%2Fmanifests%2Fclient.pp;h=b72f002b1774953cae344719f6618e2fe0d84338;hb=cf99c8402a73124f195ef1a5c9e1024148bfe999;hp=fca1fb23a4c4378be2bb11ba39efb55f4889d7e5;hpb=5e7c21b2071856d90305439ca7377c50a2017049;p=mirror%2Fdsa-puppet.git

diff --git a/modules/nagios/manifests/client.pp b/modules/nagios/manifests/client.pp
index fca1fb23a..b72f002b1 100644
--- a/modules/nagios/manifests/client.pp
+++ b/modules/nagios/manifests/client.pp
@@ -1,49 +1,64 @@
 class nagios::client inherits nagios {
-	package {
-		dsa-nagios-nrpe-config: ensure => purged;
-		dsa-nagios-checks: ensure => installed;
-	}
 
-	file {
-		"/etc/default/nagios-nrpe-server":
-			source  => [ "puppet:///nagios/per-host/$fqdn/default",
-			             "puppet:///nagios/common/default" ],
-			require => Package["nagios-nrpe-server"],
-			notify  => Exec["nagios-nrpe-server restart"];
-		"/etc/default/nagios-nrpe":
-			ensure  => absent,
-			notify  => Exec["nagios-nrpe-server restart"];
-		"/etc/nagios/nrpe.cfg":
-			source  => [ "puppet:///nagios/per-host/$fqdn/nrpe.cfg",
-			             "puppet:///nagios/common/nrpe.cfg" ],
-			require => Package["nagios-nrpe-server"],
-			notify  => Exec["nagios-nrpe-server restart"];
-		"/etc/nagios/nrpe.d":
-			mode    => 755,
-			ensure  => directory;
-		"/etc/nagios/nrpe.d/debianorg.cfg":
-			source  => [ "puppet:///nagios/per-host/$fqdn/inc-debian.org",
-			             "puppet:///nagios/common/inc-debian.org" ],
-			require => Package["nagios-nrpe-server"],
-			notify  => Exec["nagios-nrpe-server restart"];
-		"/etc/nagios/nrpe.d/nrpe_dsa.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/generated/nrpe_dsa.cfg" ],
-			require => Package["dsa-nagios-checks"],
-			notify  => Exec["nagios-nrpe-server restart"];
+	package { 'dsa-nagios-nrpe-config':
+		ensure => purged
+	}
+	package { 'dsa-nagios-checks':
+		ensure => installed
+	}
 
-		"/etc/nagios/obsolete-packages-ignore":
-			source  => [ "puppet:///nagios/per-host/$fqdn/obsolete-packages-ignore",
-			             "puppet:///nagios/common/obsolete-packages-ignore" ],
-			require => Package["dsa-nagios-checks"];
+	service { 'nagios-nrpe-server':
+		ensure    => running,
+		hasstatus => false,
+		pattern   => 'nrpe',
+	}
 
-		"/etc/nagios/obsolete-packages-ignore.d/hostspecific":
-			source  => [ "puppet:///nagios/per-host/$fqdn/obsolete-packages-ignore.d-hostspecific",
-			             "puppet:///nagios/common/obsolete-packages-ignore.d-hostspecific" ],
-			require => Package["dsa-nagios-checks"];
+	@ferm::rule { 'dsa-nagios-v4':
+		description => 'Allow nrpe from nagios master',
+		rule        => 'proto tcp mod state state (NEW) dport (5666) @subchain 'nagios' { saddr (\$HOST_NAGIOS_V4) ACCEPT; }',
+		notarule    => true,
+	}
+	@ferm::rule { 'dsa-nagios-v6':
+		description => 'Allow nrpe from nagios master',
+		domain      => 'ip6',
+		rule        => 'proto tcp mod state state (NEW) dport (5666) @subchain 'nagios' { saddr (\$HOST_NAGIOS_V6) ACCEPT; }',
+		notarule    => true,
 	}
 
-	exec { "nagios-nrpe-server restart":
-		path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-		refreshonly => true,
+	file { '/etc/default/nagios-nrpe-server':
+		source  => 'puppet:///modules/nagios/common/default',
+		require => Package['nagios-nrpe-server'],
+		notify  => Service['nagios-nrpe-server'],
+	}
+	file { '/etc/default/nagios-nrpe':
+		ensure  => absent,
+		notify  => Service['nagios-nrpe-server'],
+	}
+	file { '/etc/nagios/':
+		ensure  => directory,
+		require => Package['nagios-nrpe-server'],
+		notify  => Service['nagios-nrpe-server'],
 	}
+	file { '/etc/nagios/nrpe.cfg':
+		content => template('nagios/nrpe.cfg.erb'),
+	}
+	file { '/etc/nagios/nrpe.d':
+		ensure  => directory,
+		mode    => '0755',
+	}
+	file { '/etc/nagios/nrpe.d/debianorg.cfg':
+		content => template('nagios/inc-debian.org.erb'),
+	}
+	file { '/etc/nagios/nrpe.d/nrpe_dsa.cfg':
+		source  => 'puppet:///modules/nagios/dsa-nagios/generated/nrpe_dsa.cfg',
+	}
+	file { '/etc/nagios/obsolete-packages-ignore':
+		source  => 'puppet:///modules/nagios/common/obsolete-packages-ignore',
+		require => Package['dsa-nagios-checks'],
+	}
+	file { '/etc/nagios/obsolete-packages-ignore.d/hostspecific':
+		content => template('nagios/obsolete-packages-ignore.d-hostspecific.erb'),
+		require => Package['dsa-nagios-checks'],
+	}
+
 }