From: Tom Hughes Date: Tue, 28 Mar 2023 20:09:12 +0000 (+0000) Subject: Include internal addresses in munin allow list X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/511455efa74f41eff350f6799ae44a08498f15fa Include internal addresses in munin allow list --- diff --git a/cookbooks/munin/recipes/default.rb b/cookbooks/munin/recipes/default.rb index a54b38718..9b2c6f294 100644 --- a/cookbooks/munin/recipes/default.rb +++ b/cookbooks/munin/recipes/default.rb @@ -24,9 +24,7 @@ service "munin-node" do supports :status => true, :restart => true, :reload => true end -servers = search(:node, "recipes:munin\\:\\:server").collect do |server| - server.ipaddresses(:role => :external) -end.flatten +servers = search(:node, "recipes:munin\\:\\:server").map(&:ipaddresses).flatten firewall_rule "accept-munin" do action :accept diff --git a/cookbooks/munin/templates/default/munin-node.conf.erb b/cookbooks/munin/templates/default/munin-node.conf.erb index f2e09d7e9..6bd38df19 100644 --- a/cookbooks/munin/templates/default/munin-node.conf.erb +++ b/cookbooks/munin/templates/default/munin-node.conf.erb @@ -31,7 +31,7 @@ port 4949 # List the addresses that are allowed to connect allow ^127\.0\.0\.1$ -<% @servers.each do |server| -%> +<% @servers.sort.each do |server| -%> allow ^<%= Regexp.quote(server) %>$ <% end -%> <% node[:munin][:allow].each do |address| -%>