From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 22 Sep 2019 16:47:44 +0000 (+0200)
Subject: Allow nagios to ssh to our hosts
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=6605aa629b31ed231c2dbf29c8b2f4c8585e2de7;p=mirror%2Fdsa-puppet.git

Allow nagios to ssh to our hosts
---

diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp
index 4db55d98b..a67e17edd 100644
--- a/modules/nagios/manifests/server.pp
+++ b/modules/nagios/manifests/server.pp
@@ -169,4 +169,11 @@ class nagios::server {
     port        => '7', # will be overwritten on collection
     saddr       => $base::public_addresses,
   }
+  # and we want to monitor ssh
+  @@ferm::rule::simple { "dsa-ssh-from-nagios-${::fqdn}":
+    tag         => 'ssh::server::from::nagios',
+    description => 'Allow ssh access from the nagios server',
+    chain       => 'ssh',
+    saddr       => $base::public_addresses,
+  }
 }
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 32442f6f5..3021e3a0e 100644
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -18,6 +18,7 @@ class ssh {
     chain       => 'ssh',
     rule        => 'saddr ($SSH_SOURCES) ACCEPT'
   }
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::nagios' |>>
 
   file { '/etc/ssh/ssh_config':
     content => template('ssh/ssh_config.erb'),