Allow nagios to ssh to our hosts

diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp
index 4db55d9..a67e17e 100644 (file)
--- a/modules/nagios/manifests/server.pp
+++ b/modules/nagios/manifests/server.pp
@@ -169,4 +169,11 @@ class nagios::server {
     port        => '7', # will be overwritten on collection
     saddr       => $base::public_addresses,
   }
+  # and we want to monitor ssh
+  @@ferm::rule::simple { "dsa-ssh-from-nagios-${::fqdn}":
+    tag         => 'ssh::server::from::nagios',
+    description => 'Allow ssh access from the nagios server',
+    chain       => 'ssh',
+    saddr       => $base::public_addresses,
+  }
 }

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 32442f6..3021e3a 100644 (file)
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -18,6 +18,7 @@ class ssh {
     chain       => 'ssh',
     rule        => 'saddr ($SSH_SOURCES) ACCEPT'
   }
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::nagios' |>>
 
   file { '/etc/ssh/ssh_config':
     content => template('ssh/ssh_config.erb'),