*/15 * * * * root find /var/lib/icinga/status.dat -mmin +20 | grep -q . && service icinga restart
| EOF
}
+
+ # The nagios server wants to do DNS queries on the primary
+ @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+ tag => 'named::primary::ferm',
+ description => 'Allow nagios master access to the primary for checks',
+ proto => ['udp', 'tcp'],
+ port => 'domain',
+ saddr => $base::public_addresses,
+ }
}
proto => ['udp', 'tcp'],
port => 'domain',
}
+
+ @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+ tag => 'named::primary::ferm',
+ description => 'Allow geo nameserver access to the primary for the (non-geo) zones that we AXFR',
+ proto => ['udp', 'tcp'],
+ port => 'domain',
+ saddr => $base::public_addresses,
+ }
}
description => 'Allow nameserver access',
rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )',
}
+ Ferm::Rule::Simple <<| tag == 'named::primary::ferm' |>>
concat::fragment { 'dsa-named-conf-puppet-misc---local-shared-keys':
target => '/etc/bind/named.conf.puppet-misc',
projects / mirror / dsa-puppet.git / commitdiff