--- /dev/null
+---
+classes:
+ - roles::munin_master
allnodeinfo = scope.lookupvar('deprecated::allnodeinfo')
roles = scope.lookupvar('deprecated::roles')
- %w{nagiosmaster muninmaster postgres_backup_server}.each do |role|
+ %w{nagiosmaster postgres_backup_server}.each do |role|
rolehost[role] = []
roles[role].each do |node|
next unless allnodeinfo.has_key?(node) and allnodeinfo[node].has_key?('ipHostNumber')
@def $HOST_NAGIOS_V6 = (<%= scope.function_filter_ipv6([rolehost['nagiosmaster']]).uniq.join(' ') %>);
@def $HOST_NAGIOS = ( $HOST_NAGIOS_V4 $HOST_NAGIOS_V6 );
-@def $HOST_MUNIN_V4 = (<%= scope.function_filter_ipv4([rolehost['muninmaster']]).uniq.join(' ') %>);
-@def $HOST_MUNIN_V6 = (<%= scope.function_filter_ipv6([rolehost['muninmaster']]).uniq.join(' ') %>);
-@def $HOST_MUNIN = ( $HOST_MUNIN_V4 $HOST_MUNIN_V6 );
-
@def $HOST_PGBACKUPHOST_V4 = (<%= scope.function_filter_ipv4([rolehost['postgres_backup_server']]).uniq.join(' ') %>);
@def $HOST_PGBACKUPHOST_V6 = (<%= scope.function_filter_ipv6([rolehost['postgres_backup_server']]).uniq.join(' ') %>);
@def $HOST_PGBACKUPHOST = ( $HOST_PGBACKUPHOST_V4 $HOST_PGBACKUPHOST_V6 );
if should_restrict then
# draghi makes for a nice jumphost
- ssh4allowed << %w{$DSA_IPS $HOST_NAGIOS_V4 $HOST_MUNIN_V4 82.195.75.106}
- ssh6allowed << %w{$DSA_V6_IPS $HOST_NAGIOS_V6 $HOST_MUNIN_V6 2001:41b8:202:deb:1a1a:0:52c3:4b6a}
+ ssh4allowed << %w{$DSA_IPS $HOST_NAGIOS_V4 82.195.75.106}
+ ssh6allowed << %w{$DSA_V6_IPS $HOST_NAGIOS_V6 2001:41b8:202:deb:1a1a:0:52c3:4b6a}
if %w{draghi}.include?(@hostname) then
ssh4allowed << '$HOST_DEBIAN_V4'
+++ /dev/null
-command="/usr/share/munin/munin-async --spoolfetch",from="209.87.16.29,2607:f8f0:614:1::1274:29",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDABeQNPz9HqeTgDxA7SnVHn/km+0stmAPCT2fXJxtraK0tsULiBmnNznDpVmI6zdIjX6PQGhE4QZUaCj+5GGVmrfUE/txXPpVA4ViFqZitbTcg+6j30G4kJck+Z1mlOJ0pTEKGOXzdbsci7c9WatKq/iLiXmcJzlrcBo7jaaeartsFIVaKqEwR0cxASCh0QCs8jbuM1viJHHMPAIeWqbkLpCGe0BDktW8+Rfp6lwk0aoii6IosnllfRIyVxw21V5wob3DmsY/iSFKkGaia3X1FBdJo60FQWfPFlBI1YQZZanc1NR93ncYh22PUtndPeJYM52gDGQXblzNf1D6QfwzT munin@menotti (2013-05-31)
notify => Service['munin-node'],
}
- ferm::rule { 'dsa-munin-v4':
- description => 'Allow munin from munin master',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V4 $HOST_NAGIOS_V4) ACCEPT; }',
- notarule => true,
- }
-
- ferm::rule { 'dsa-munin-v6':
- description => 'Allow munin from munin master',
- domain => 'ip6',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V6 $HOST_NAGIOS_V6) ACCEPT; }',
- notarule => true,
- }
-
@@munin::master_per_node { $::fqdn: }
package { 'munin-async':
| EOF
}
file { '/etc/ssh/userkeys/munin-async':
- source => 'puppet:///modules/munin/munin-async-authkeys',
+ ensure => 'absent',
+ }
+ ssh::authorized_key_collect { 'munin-async-fetcher':
+ target_user => 'munin-async',
+ collect_tag => 'munin::munin-async-fetch',
}
}
ensure => installed
}
+ ssh::keygen { 'munin' : }
+ ssh::authorized_key_add { 'munin-async-fetcher':
+ target_user => 'munin-async',
+ key => dig($facts, 'ssh_keys_users', 'munin', 'id_rsa.pub', 'line'),
+ command => '/usr/share/munin/munin-async --spoolfetch',
+ from => $base::public_addresses,
+ collect_tag => 'munin::munin-async-fetch'
+ }
+
file { '/etc/munin/munin.conf':
content => template('munin/munin.conf.erb'),
require => Package['munin'];
# include roles
#
class roles {
- if has_role('muninmaster') {
- include munin::master
- }
-
if has_role('nagiosmaster') {
include nagios::server
}
--- /dev/null
+class roles::munin_master {
+ include munin::master
+}
file=/etc/nagios3/puppetconf.d/auto-servicegroups.cfg
file=/etc/nagios3/puppetconf.d/contacts.cfg
<% end -%>
-<% if scope.function_has_role(['muninmaster']) -%>
+<% if classes.include?('roles::munin_master') -%>
file=/etc/munin/munin.conf
<% end -%>
<% if classes.include?('roles::puppetmaster') -%>