diff options
| author | Stephen Smoogen <smooge@redhat.com> | 2017-04-06 23:50:44 +0000 |
|---|---|---|
| committer | Stephen Smoogen <smooge@redhat.com> | 2017-04-06 23:50:44 +0000 |
| commit | dfd088ab5edb465a1690bc0bdf53875d20e460ac (patch) | |
| tree | 0eb46345feddd2ca8d41a3bed5ed46eac0670e20 | |
| parent | 8cd3f46eb2e6e0e52e8ef95d022a9e701a242b60 (diff) | |
| download | ansible-dfd088ab5edb465a1690bc0bdf53875d20e460ac.tar.gz ansible-dfd088ab5edb465a1690bc0bdf53875d20e460ac.tar.xz ansible-dfd088ab5edb465a1690bc0bdf53875d20e460ac.zip | |
put in many changes for new nagios server
23 files changed, 52 insertions, 11 deletions
diff --git a/inventory/group_vars/value b/inventory/group_vars/value index d6595f580..ddff304f0 100644 --- a/inventory/group_vars/value +++ b/inventory/group_vars/value @@ -18,6 +18,7 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5050 -j ACCEPT', # batcave01 also needs access to announce commits. '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT', diff --git a/inventory/group_vars/value-stg b/inventory/group_vars/value-stg index 8a57c88bd..7f76b5047 100644 --- a/inventory/group_vars/value-stg +++ b/inventory/group_vars/value-stg @@ -16,8 +16,10 @@ custom_rules: [ # Neeed for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here + # Needed to let nagios on noc01 and noc02 (nagios01/noc01.stg) pipe alerts to zodbot here '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.2 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT', # batcave01 also needs access to announce commits. '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT', diff --git a/inventory/host_vars/db-fas01.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.phx2.fedoraproject.org index 3f88fa472..b257a1bc7 100644 --- a/inventory/host_vars/db-fas01.phx2.fedoraproject.org +++ b/inventory/host_vars/db-fas01.phx2.fedoraproject.org @@ -40,8 +40,9 @@ custom_rules: [ # basset01 '-A INPUT -p tcp -m tcp -s 10.5.126.194 --dport 5432 -j ACCEPT', - # sundries02... + # sundries ??? but this is noc01? '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5432 -j ACCEPT', # hosted03 and hosted04 (over the vpn) '-A INPUT -p tcp -m tcp -s 192.168.1.16 --dport 5432 -j ACCEPT', diff --git a/inventory/host_vars/db-koji01.phx2.fedoraproject.org b/inventory/host_vars/db-koji01.phx2.fedoraproject.org index 7c550ff6f..137366ad8 100644 --- a/inventory/host_vars/db-koji01.phx2.fedoraproject.org +++ b/inventory/host_vars/db-koji01.phx2.fedoraproject.org @@ -30,7 +30,13 @@ kernel_shmmax: 68719476736 # # Only allow postgresql access from the frontend node. # -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.125.59 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.125.60 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.125.61 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.125.62 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT' ] +custom_rules: [ +'-A INPUT -p tcp -m tcp -s 10.5.125.59 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.125.60 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.125.61 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.125.62 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT', +] # # Large updates pushes cause lots of db threads doing the tag moves, so up this from default. diff --git a/playbooks/groups/nagios-new.yml b/playbooks/groups/nagios-new.yml index becd77e29..81b170cb5 100644 --- a/playbooks/groups/nagios-new.yml +++ b/playbooks/groups/nagios-new.yml @@ -22,6 +22,8 @@ - fas_client - collectd/base - sudo + - { role: openvpn/client, + when: env != "staging" } - mod_wsgi - role: keytab/service owner_user: apache @@ -37,7 +39,7 @@ - include: "{{ handlers }}/restart_services.yml" - name: deploy nagios service config - hosts: nagios-stg + hosts: nagios-new-stg:nagios-new user: gather_facts: True diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index 494e990b1..2f6ee5fda 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -722,5 +722,8 @@ shell: "oc import-image fedora --all" when: env == "production" and hostvars[groups["osbs-masters"][0]]["docker_pull_fedora"]|changed - - name: enable nrpe for monitoring + - name: enable nrpe for monitoring (noc01) iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT + + - name: enable nrpe for monitoring (nagios01) + iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.241 state=present jump=ACCEPT diff --git a/roles/base/templates/iptables/iptables b/roles/base/templates/iptables/iptables index f3ebf6965..21342a266 100644 --- a/roles/base/templates/iptables/iptables +++ b/roles/base/templates/iptables/iptables @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.download-phx2 b/roles/base/templates/iptables/iptables.download-phx2 index 9047ba1af..638ea692b 100644 --- a/roles/base/templates/iptables/iptables.download-phx2 +++ b/roles/base/templates/iptables/iptables.download-phx2 @@ -19,10 +19,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org b/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org index 30f7b56a4..4be1c8ae5 100644 --- a/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org +++ b/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org @@ -42,10 +42,12 @@ COMMIT # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org index a81b46814..c8e4f0521 100644 --- a/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org index a81b46814..c8e4f0521 100644 --- a/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.openqa-tap-workers b/roles/base/templates/iptables/iptables.openqa-tap-workers index 5e775453b..bf4618d29 100644 --- a/roles/base/templates/iptables/iptables.openqa-tap-workers +++ b/roles/base/templates/iptables/iptables.openqa-tap-workers @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.openstack-compute b/roles/base/templates/iptables/iptables.openstack-compute index f8b1049cf..9280ed5f6 100644 --- a/roles/base/templates/iptables/iptables.openstack-compute +++ b/roles/base/templates/iptables/iptables.openstack-compute @@ -33,10 +33,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT # if the host/group defines incoming tcp_ports - allow them {% if tcp_ports is defined %} diff --git a/roles/base/templates/iptables/iptables.osuosl b/roles/base/templates/iptables/iptables.osuosl index 44ddbad10..d27dc9751 100644 --- a/roles/base/templates/iptables/iptables.osuosl +++ b/roles/base/templates/iptables/iptables.osuosl @@ -31,10 +31,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT # if the host/group defines incoming tcp_ports - allow them {% if tcp_ports is defined %} diff --git a/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org index b8eeebd5c..2eeecf4a2 100644 --- a/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org @@ -38,10 +38,12 @@ COMMIT # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.2 -j ACCEPT # if the host declares a fedmsg-enabled wsgi app, open ports for it diff --git a/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org index b8eeebd5c..2eeecf4a2 100644 --- a/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org @@ -38,10 +38,12 @@ COMMIT # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.2 -j ACCEPT # if the host declares a fedmsg-enabled wsgi app, open ports for it diff --git a/roles/base/templates/iptables/iptables.releng b/roles/base/templates/iptables/iptables.releng index 7a26944be..56528bd22 100644 --- a/roles/base/templates/iptables/iptables.releng +++ b/roles/base/templates/iptables/iptables.releng @@ -29,10 +29,12 @@ COMMIT # Overwrite any global rules # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp -s 192.168.1.10 --dport 5666 -j ACCEPT +-A INPUT -p tcp -m tcp -s 192.168.1.166 --dport 5666 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp -s 209.132.181.102 --dport 5666 -j ACCEPT -A INPUT -p tcp -m tcp -s 209.132.181.35 --dport 5666 -j ACCEPT -A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5666 -j ACCEPT +-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5666 -j ACCEPT # if the blocked_ips is defined - drop them {% if blocked_ips is defined %} diff --git a/roles/base/templates/iptables/iptables.staging b/roles/base/templates/iptables/iptables.staging index a97f260d9..cd192e96d 100644 --- a/roles/base/templates/iptables/iptables.staging +++ b/roles/base/templates/iptables/iptables.staging @@ -40,10 +40,12 @@ COMMIT # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.2 -j ACCEPT # if the host declares a fedmsg-enabled wsgi app, open ports for it diff --git a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org index 7609fa095..e870b5850 100644 --- a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/nagios/client/templates/nrpe.cfg.j2 b/roles/nagios/client/templates/nrpe.cfg.j2 index 9d582bbc7..3d7effbf4 100644 --- a/roles/nagios/client/templates/nrpe.cfg.j2 +++ b/roles/nagios/client/templates/nrpe.cfg.j2 @@ -80,9 +80,9 @@ nrpe_group=nrpe {% if env == "staging" %} -allowed_hosts=10.5.126.2,10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166 {% else %} -allowed_hosts=10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35,10.5.126.241,192.168.1.166 {% endif %} diff --git a/roles/nagios/server/files/nrpe.cfg b/roles/nagios/server/files/nrpe.cfg index 3a3c2edd0..2da4df95d 100644 --- a/roles/nagios/server/files/nrpe.cfg +++ b/roles/nagios/server/files/nrpe.cfg @@ -70,7 +70,7 @@ nrpe_group=nrpe # NOTE: This option is ignored if NRPE is running under either inetd or xinetd #allowed_hosts=127.0.0.1,192.168.0.2 -allowed_hosts=10.5.126.41,127.0.0.1,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.41,10.5.126.241,127.0.0.1,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166 diff --git a/roles/nagios_client/templates/nrpe.cfg.j2 b/roles/nagios_client/templates/nrpe.cfg.j2 index e16e915e3..29b16af5c 100644 --- a/roles/nagios_client/templates/nrpe.cfg.j2 +++ b/roles/nagios_client/templates/nrpe.cfg.j2 @@ -79,9 +79,9 @@ nrpe_group=nrpe # NOTE: This option is ignored if NRPE is running under either inetd or xinetd {% if env == "staging" %} -allowed_hosts=10.5.126.2,10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166 {% else %} -allowed_hosts=10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.41,10.5.126.241,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166 {% endif %} diff --git a/roles/nagios_server/files/nrpe/nrpe.cfg b/roles/nagios_server/files/nrpe/nrpe.cfg index 41087d92e..e4e8b915c 100644 --- a/roles/nagios_server/files/nrpe/nrpe.cfg +++ b/roles/nagios_server/files/nrpe/nrpe.cfg @@ -96,7 +96,7 @@ nrpe_group=nrpe # NOTE: This option is ignored if NRPE is running under either inetd or xinetd #allowed_hosts=127.0.0.1,192.168.0.2 -allowed_hosts=10.5.126.2,10.5.126.41,127.0.0.1,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,127.0.0.1,192.168.1.10,192.168.1.20,192.168.1.166,209.132.181.35 |