Akosiaris has submitted this change and it was merged.
Change subject: add ferm rule to only allow nrpe/5666 from intern
..
add ferm rule to only allow nrpe/5666 from intern
RT #6342
PS2: i had it in role/gitblit
PS3: decided it should be in nrpe itself,
then you can include nrpe in the gitblit role
Change-Id: I84658abc260664df4be29a72749518d780329855
---
M manifests/role/gitblit.pp
M modules/nrpe/manifests/init.pp
2 files changed, 7 insertions(+), 0 deletions(-)
Approvals:
Akosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/gitblit.pp b/manifests/role/gitblit.pp
index 4cb84f1..e7a098a 100644
--- a/manifests/role/gitblit.pp
+++ b/manifests/role/gitblit.pp
@@ -16,4 +16,6 @@
ferm::rule { 'gitblit_8080':
rule = 'proto tcp dport 8080 { saddr $INTERNAL ACCEPT; DROP; }'
}
+# NRPE for monitoring
+include nrpe
}
diff --git a/modules/nrpe/manifests/init.pp b/modules/nrpe/manifests/init.pp
index 8138bc3..5cedff3 100644
--- a/modules/nrpe/manifests/init.pp
+++ b/modules/nrpe/manifests/init.pp
@@ -71,6 +71,11 @@
require = Package['nagios-nrpe-server'],
}
+# firewall nrpe-server, only accept nrpe/5666 from internal
+ferm::rule { 'nrpe_5666':
+rule = 'proto tcp dport 5666 { saddr $INTERNAL ACCEPT; DROP; }'
+}
+
#Collect virtual nrpe checks
File | tag == 'nrpe::check' | {
require = Package['nagios-nrpe-server'],
--
To view, visit https://gerrit.wikimedia.org/r/96177
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I84658abc260664df4be29a72749518d780329855
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn dz...@wikimedia.org
Gerrit-Reviewer: Akosiaris akosia...@wikimedia.org
Gerrit-Reviewer: Chad ch...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Hashar has...@free.fr
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
