From: Peter Palfrader Date: Fri, 20 Sep 2019 18:44:39 +0000 (+0200) Subject: Switch nrpe allow-config to store/collect X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=978b3d3a80635c75775d7ae42485a8e14478eda3;p=mirror%2Fdsa-puppet.git Switch nrpe allow-config to store/collect --- diff --git a/modules/nagios/manifests/client.pp b/modules/nagios/manifests/client.pp index a2a7c24d8..d792968d0 100644 --- a/modules/nagios/manifests/client.pp +++ b/modules/nagios/manifests/client.pp @@ -41,10 +41,19 @@ class nagios::client inherits nagios { source => 'puppet:///files/empty/', notify => Service['nagios-nrpe-server'], } - file { '/etc/nagios/nrpe.d/debianorg.cfg': + + concat { '/etc/nagios/nrpe.d/debianorg.cfg': + ensure_newline => true, + warn => '# This file is maintained with puppet', + notify => Service['nagios-nrpe-server'], + mode => '0444', + } + concat { 'nrpe-debian-staticchecks': + target => '/etc/nagios/nrpe.d/debianorg.cfg', content => template('nagios/inc-debian.org.erb'), - notify => Service['nagios-nrpe-server'], } + Concat::Fragment <<| tag == 'nagios-nrpe::server::debianorg.cfg' |>> + file { '/etc/nagios/nrpe.d/nrpe_dsa.cfg': source => 'puppet:///modules/nagios/dsa-nagios/generated/nrpe_dsa.cfg', notify => Service['nagios-nrpe-server'], diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp index fc222ae81..06cd0ee12 100644 --- a/modules/nagios/manifests/server.pp +++ b/modules/nagios/manifests/server.pp @@ -153,4 +153,9 @@ class nagios::server { port => '5666', saddr => $base::public_addresses, } + @@concat { "nrpe-debian-allow-${::fqdn}": + tag => 'nagios-nrpe::server::debianorg.cfg', + target => '/etc/nagios/nrpe.d/debianorg.cfg', + content => "allowed_hosts=${ $base::public_addresses.join(', ') }", + } } diff --git a/modules/nagios/templates/inc-debian.org.erb b/modules/nagios/templates/inc-debian.org.erb index 8a0babb50..d641b827b 100644 --- a/modules/nagios/templates/inc-debian.org.erb +++ b/modules/nagios/templates/inc-debian.org.erb @@ -1,23 +1,3 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -<%= -nagii = [] -roles = scope.lookupvar('deprecated::roles') -roles['nagiosmaster'].each do |nag| - nagii << scope.lookupvar('deprecated::allnodeinfo')[nag]['ipHostNumber'] -end -roles['extranrpeclient'].each do |nag| - nagii << scope.lookupvar('deprecated::allnodeinfo')[nag]['ipHostNumber'] -end - -out = "allowed_hosts=" + nagii.flatten.sort.uniq.join(',') -out -%> - - # the string "system-in-shutdown" is used by the remote side to tell # if a system is running shutdown. We do not use check_nrpe's # exit code as that does not reliably tell us if the check could