Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ListenIP to accept $::fqdn as a value #212

Open
pvl7 opened this issue May 2, 2016 · 5 comments
Open

ListenIP to accept $::fqdn as a value #212

pvl7 opened this issue May 2, 2016 · 5 comments

Comments

@pvl7
Copy link

pvl7 commented May 2, 2016

Hello

I have multitenant systems where Zabbix agent binds to the wrong interfaces. Using '*' isn't a solution because, for example, on DMZ systems it may create a security hole. Can't rely on interface naming either as it is not consistent across systems and might not pick up the right nic with default module parameters.

The easy solution that works is to pass the $::fqdn or other fully qualified name to the listenip parameter for agent but the Puppet module must translate it to the IP address as Zabbix agent doesn't accept fdqn as a value. I've done that change to my local fork and it works perfectly. Wondering if you ok to merge it to the original repo? :)

[11:14]:git diff manifests/agent.pp
diff --git a/manifests/agent.pp b/manifests/agent.pp
index 701dd15..b501021 100644
--- a/manifests/agent.pp
+++ b/manifests/agent.pp
@@ -263,12 +263,19 @@ class zabbix::agent (
   # to network name. If more than 1 interfaces are available, we
   # can find the ipaddress of this specific interface if listenip
   # is set to for example "eth1" or "bond0.73".
+  #
+  # On multitenant systems sometimes useful to feed listenip
+  # with the host's FQDN record to bind on the proper interface.
+  #
   if ($listenip != undef) {
     if ($listenip =~ /^(eth|bond|lxc|eno|tap|tun).*/) {
       $int_name  = "ipaddress_${listenip}"
       $listen_ip = inline_template('<%= scope.lookupvar(int_name) %>')
     } elsif is_ip_address($listenip) or $listenip == '*' {
       $listen_ip = $listenip
+    } elsif is_domain_name($listenip) {
+      $domain_name = $listenip
+      $listen_ip = inline_template('<%= Resolv.getaddress(domain_name) %>')
     } else {
       $listen_ip = $::ipaddress
     }

Thanks,
Pavel
@bastelfreak
Copy link
Member

Hi,

are you interested to turn the block into a function including your changes? We discussed that in #217 (comment)

@bastelfreak bastelfreak mentioned this issue May 12, 2016
Merged
@pvl7
Copy link
Author

pvl7 commented May 15, 2016

Hi

yes, I thought about it as there are too many inline templates in the block.

@bastelfreak
Copy link
Member

That would be cool. Please use our master branch as a base. I removed the inline templates already.

@jyaworski
Copy link
Member

There's not a better way to do dns resolution? That's hideous that we need to call inline_template like that. Would it be better to do the resolution in the template itself rather than in the DSL?

@bastelfreak
Copy link
Member

I played a bit with https://forge.puppet.com/dalen/dnsquery which works really great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bastelfreak @jyaworski @pvl7