diff --git a/inventory/group_vars/value b/inventory/group_vars/value index d6595f580f..ddff304f08 100644 --- a/inventory/group_vars/value +++ b/inventory/group_vars/value @@ -18,6 +18,7 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5050 -j ACCEPT', # batcave01 also needs access to announce commits. '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT', diff --git a/inventory/group_vars/value-stg b/inventory/group_vars/value-stg index 8a57c88bdf..7f76b5047f 100644 --- a/inventory/group_vars/value-stg +++ b/inventory/group_vars/value-stg @@ -16,8 +16,10 @@ custom_rules: [ # Neeed for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here + # Needed to let nagios on noc01 and noc02 (nagios01/noc01.stg) pipe alerts to zodbot here '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.2 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT', # batcave01 also needs access to announce commits. '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT', diff --git a/inventory/host_vars/db-fas01.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.phx2.fedoraproject.org index 3f88fa4729..b257a1bc79 100644 --- a/inventory/host_vars/db-fas01.phx2.fedoraproject.org +++ b/inventory/host_vars/db-fas01.phx2.fedoraproject.org @@ -40,8 +40,9 @@ custom_rules: [ # basset01 '-A INPUT -p tcp -m tcp -s 10.5.126.194 --dport 5432 -j ACCEPT', - # sundries02... + # sundries ??? but this is noc01? '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5432 -j ACCEPT', # hosted03 and hosted04 (over the vpn) '-A INPUT -p tcp -m tcp -s 192.168.1.16 --dport 5432 -j ACCEPT', diff --git a/inventory/host_vars/db-koji01.phx2.fedoraproject.org b/inventory/host_vars/db-koji01.phx2.fedoraproject.org index 7c550ff6f0..137366ad80 100644 --- a/inventory/host_vars/db-koji01.phx2.fedoraproject.org +++ b/inventory/host_vars/db-koji01.phx2.fedoraproject.org @@ -30,7 +30,13 @@ kernel_shmmax: 68719476736 # # Only allow postgresql access from the frontend node. # -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.125.59 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.125.60 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.125.61 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.125.62 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT' ] +custom_rules: [ +'-A INPUT -p tcp -m tcp -s 10.5.125.59 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.125.60 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.125.61 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.125.62 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT', +] # # Large updates pushes cause lots of db threads doing the tag moves, so up this from default. diff --git a/playbooks/groups/nagios-new.yml b/playbooks/groups/nagios-new.yml index becd77e290..81b170cb5a 100644 --- a/playbooks/groups/nagios-new.yml +++ b/playbooks/groups/nagios-new.yml @@ -22,6 +22,8 @@ - fas_client - collectd/base - sudo + - { role: openvpn/client, + when: env != "staging" } - mod_wsgi - role: keytab/service owner_user: apache @@ -37,7 +39,7 @@ - include: "{{ handlers }}/restart_services.yml" - name: deploy nagios service config - hosts: nagios-stg + hosts: nagios-new-stg:nagios-new user: gather_facts: True diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index 494e990b1f..2f6ee5fda5 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -722,5 +722,8 @@ shell: "oc import-image fedora --all" when: env == "production" and hostvars[groups["osbs-masters"][0]]["docker_pull_fedora"]|changed - - name: enable nrpe for monitoring + - name: enable nrpe for monitoring (noc01) iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT + + - name: enable nrpe for monitoring (nagios01) + iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.241 state=present jump=ACCEPT diff --git a/roles/base/templates/iptables/iptables b/roles/base/templates/iptables/iptables index f3ebf69651..21342a2665 100644 --- a/roles/base/templates/iptables/iptables +++ b/roles/base/templates/iptables/iptables @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.download-phx2 b/roles/base/templates/iptables/iptables.download-phx2 index 9047ba1af1..638ea692b4 100644 --- a/roles/base/templates/iptables/iptables.download-phx2 +++ b/roles/base/templates/iptables/iptables.download-phx2 @@ -19,10 +19,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org b/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org index 30f7b56a4e..4be1c8ae56 100644 --- a/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org +++ b/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org @@ -42,10 +42,12 @@ COMMIT # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org index a81b468148..c8e4f05216 100644 --- a/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org index a81b468148..c8e4f05216 100644 --- a/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.openqa-tap-workers b/roles/base/templates/iptables/iptables.openqa-tap-workers index 5e775453b5..bf4618d299 100644 --- a/roles/base/templates/iptables/iptables.openqa-tap-workers +++ b/roles/base/templates/iptables/iptables.openqa-tap-workers @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/base/templates/iptables/iptables.openstack-compute b/roles/base/templates/iptables/iptables.openstack-compute index f8b1049cfa..9280ed5f60 100644 --- a/roles/base/templates/iptables/iptables.openstack-compute +++ b/roles/base/templates/iptables/iptables.openstack-compute @@ -33,10 +33,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT # if the host/group defines incoming tcp_ports - allow them {% if tcp_ports is defined %} diff --git a/roles/base/templates/iptables/iptables.osuosl b/roles/base/templates/iptables/iptables.osuosl index 44ddbad10d..d27dc9751e 100644 --- a/roles/base/templates/iptables/iptables.osuosl +++ b/roles/base/templates/iptables/iptables.osuosl @@ -31,10 +31,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT # if the host/group defines incoming tcp_ports - allow them {% if tcp_ports is defined %} diff --git a/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org index b8eeebd5ce..2eeecf4a20 100644 --- a/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.pgbdr01.stg.phx2.fedoraproject.org @@ -38,10 +38,12 @@ COMMIT # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.2 -j ACCEPT # if the host declares a fedmsg-enabled wsgi app, open ports for it diff --git a/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org index b8eeebd5ce..2eeecf4a20 100644 --- a/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.pgbdr02.stg.phx2.fedoraproject.org @@ -38,10 +38,12 @@ COMMIT # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.2 -j ACCEPT # if the host declares a fedmsg-enabled wsgi app, open ports for it diff --git a/roles/base/templates/iptables/iptables.releng b/roles/base/templates/iptables/iptables.releng index 7a26944be7..56528bd223 100644 --- a/roles/base/templates/iptables/iptables.releng +++ b/roles/base/templates/iptables/iptables.releng @@ -29,10 +29,12 @@ COMMIT # Overwrite any global rules # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp -s 192.168.1.10 --dport 5666 -j ACCEPT +-A INPUT -p tcp -m tcp -s 192.168.1.166 --dport 5666 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp -s 209.132.181.102 --dport 5666 -j ACCEPT -A INPUT -p tcp -m tcp -s 209.132.181.35 --dport 5666 -j ACCEPT -A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5666 -j ACCEPT +-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5666 -j ACCEPT # if the blocked_ips is defined - drop them {% if blocked_ips is defined %} diff --git a/roles/base/templates/iptables/iptables.staging b/roles/base/templates/iptables/iptables.staging index a97f260d92..cd192e96d0 100644 --- a/roles/base/templates/iptables/iptables.staging +++ b/roles/base/templates/iptables/iptables.staging @@ -40,10 +40,12 @@ COMMIT # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.2 -j ACCEPT # if the host declares a fedmsg-enabled wsgi app, open ports for it diff --git a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org index 7609fa0953..e870b58509 100644 --- a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org @@ -26,10 +26,12 @@ # for nrpe - allow it from nocs -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.166 -j ACCEPT # FIXME - this is the global nat-ip and we need the noc01-specific ip -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.241 -j ACCEPT {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # diff --git a/roles/nagios/client/templates/nrpe.cfg.j2 b/roles/nagios/client/templates/nrpe.cfg.j2 index 9d582bbc73..3d7effbf4f 100644 --- a/roles/nagios/client/templates/nrpe.cfg.j2 +++ b/roles/nagios/client/templates/nrpe.cfg.j2 @@ -80,9 +80,9 @@ nrpe_group=nrpe {% if env == "staging" %} -allowed_hosts=10.5.126.2,10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166 {% else %} -allowed_hosts=10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35,10.5.126.241,192.168.1.166 {% endif %} diff --git a/roles/nagios/server/files/nrpe.cfg b/roles/nagios/server/files/nrpe.cfg index 3a3c2edd00..2da4df95de 100644 --- a/roles/nagios/server/files/nrpe.cfg +++ b/roles/nagios/server/files/nrpe.cfg @@ -70,7 +70,7 @@ nrpe_group=nrpe # NOTE: This option is ignored if NRPE is running under either inetd or xinetd #allowed_hosts=127.0.0.1,192.168.0.2 -allowed_hosts=10.5.126.41,127.0.0.1,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.41,10.5.126.241,127.0.0.1,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166 diff --git a/roles/nagios_client/templates/nrpe.cfg.j2 b/roles/nagios_client/templates/nrpe.cfg.j2 index e16e915e3c..29b16af5c9 100644 --- a/roles/nagios_client/templates/nrpe.cfg.j2 +++ b/roles/nagios_client/templates/nrpe.cfg.j2 @@ -79,9 +79,9 @@ nrpe_group=nrpe # NOTE: This option is ignored if NRPE is running under either inetd or xinetd {% if env == "staging" %} -allowed_hosts=10.5.126.2,10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166 {% else %} -allowed_hosts=10.5.126.41,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.41,10.5.126.241,192.168.1.10,192.168.1.20,209.132.181.35,192.168.1.166 {% endif %} diff --git a/roles/nagios_server/files/nrpe/nrpe.cfg b/roles/nagios_server/files/nrpe/nrpe.cfg index 41087d92ec..e4e8b915c4 100644 --- a/roles/nagios_server/files/nrpe/nrpe.cfg +++ b/roles/nagios_server/files/nrpe/nrpe.cfg @@ -96,7 +96,7 @@ nrpe_group=nrpe # NOTE: This option is ignored if NRPE is running under either inetd or xinetd #allowed_hosts=127.0.0.1,192.168.0.2 -allowed_hosts=10.5.126.2,10.5.126.41,127.0.0.1,192.168.1.10,192.168.1.20,209.132.181.35 +allowed_hosts=10.5.126.2,10.5.126.41,10.5.126.241,127.0.0.1,192.168.1.10,192.168.1.20,192.168.1.166,209.132.181.35