diff --git a/Python/etc/munin/munin-node.conf b/Python/etc/munin/munin-node.conf index b6f8263..c2ac746 100644 --- a/Python/etc/munin/munin-node.conf +++ b/Python/etc/munin/munin-node.conf @@ -1,11 +1,17 @@ # -*- coding: utf-8; mode: python -*- +import sys + include("ip") +if '/usr/scripts/' not in sys.path: + sys.path.append('/usr/scripts/') +from gestion import config info["owner"] = "root" info["group"] = "root" # Remplacement du nom d'hôte pour les hôtes particuliers +# (deprecated) munin_hostname = { "canard": "canard.ferme.crans.org", "jouvence": "poulet.ferme.crans.org", @@ -47,10 +53,13 @@ print "host_name %s" % munin_hostname @ if not has("users"): @# On autorise tout adm et localhost - @allow ^10\.231\.136\..*$ @allow ^127\.0\.0\.1$ - @allow ^2a01:240:fe3d:c804:.*$ + @cidr_allow 127.0.0.0/8 + @cidr_allow ::1/128 + + for net in config.NETs['adm'] + config.prefix['adm']: + print "cidr_allow " + net else: @# On autorise seulement le serveur munin - @allow ^10\.231\.136\.81$ - @allow ^2a01:240:fe3d:c804:20f:1fff:fe66:e592$ + for ip in ips_of_metadata(metadata.query.by_profiles(['munin-server'])): + print "cidr_allow %s/%d" % (ip, (128 if ':' in ip else 32)) diff --git a/etc/python/ip.py b/etc/python/ip.py index ab466c4..a9ce799 100644 --- a/etc/python/ip.py +++ b/etc/python/ip.py @@ -28,6 +28,27 @@ def admip(): def wifiip(): return wifiipof(hostname) +def ips_of_metadata(clients, vlan='adm'): + """Renvoie la liste des IPs des machines de la liste ``clients`` + #TODO: sur le vlan ``vlan`` + sur le vlan adm + + Renvoie les Ipv4 et Ipv6. + + ``clients`` est une liste de ClientMetadata, qui peut être obtenue via + metadata.query.by_groups (ou similaire) + """ + out = [] + for client in clients: + host = client.hostname + for res in socket.getaddrinfo(host, None, socket.AF_UNSPEC, socket.SOCK_STREAM): +# if res[0] == socket.AF_INET6: +# suffix = '/128' +# else: +# suffix = '/32' + out.append(res[4][0]) + return out + ip_vlan = { 'sable' : { 'vlan-radin' : '10.42.0.1',