X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fnagios%2Fmanifests%2Fserver.pp;h=2e7b1eba0ed8a202fb108bf65605817716f26e3a;hb=368e147f10b8e748f7e171a15568a94d79599039;hp=afe6c9948e50920bf9a4b94a52d40e21d8bf95b1;hpb=232800fd5f673cbcb6b750716e0dbc1a6324f729;p=mirror%2Fdsa-puppet.git

diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp
index afe6c9948..2e7b1eba0 100644
--- a/modules/nagios/manifests/server.pp
+++ b/modules/nagios/manifests/server.pp
@@ -1,3 +1,7 @@
+# our nagios server class
+#
+# it includes stored ferm configs for all the things it needs to access
+# which are then collected by the monitored services
 class nagios::server {
   include apache2
   include apache2::ssl
@@ -139,10 +143,23 @@ class nagios::server {
     tag         => [
                     'named::primary::ferm',
                     'named::keyring::ferm',
-                   ],
+    ],
     description => 'Allow nagios master access to the primary for checks',
     proto       => ['udp', 'tcp'],
     port        => 'domain',
     saddr       => $base::public_addresses,
   }
+
+  # The nagios server wants to connect to the NRPE server on all the hosts
+  @@ferm::rule::simple { "dsa-nrpe-from-${::fqdn}":
+    tag         => 'nagios-nrpe::server',
+    description => 'Allow nagios master access to the nrpe daemon',
+    port        => '5666',
+    saddr       => $base::public_addresses,
+  }
+  @@concat::fragment { "nrpe-debian-allow-${::fqdn}":
+    tag     => 'nagios-nrpe::server::debianorg.cfg',
+    target  => '/etc/nagios/nrpe.d/debianorg.cfg',
+    content => "allowed_hosts=${ $base::public_addresses.join(', ') }",
+  }
 }