From 304a25e5646afa3b54814d7bfdd200f5218045ff Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@sevenseas.org>
Date: Wed, 7 Oct 2015 14:48:22 +0200
Subject: [PATCH] library/roles/iptables: do not set ganglia or nagios rules if
 not explicitly told. d4science-ghn-cluster/roles/smartgears: specific tasks
 to manage the egi images
 d4science-ghn-cluster/roles/smartgears/templates/smartgears-setup.sh.j2:
 script to setup the container when the image is first activated.

---
 iptables/defaults/main.yml              | 3 +++
 iptables/templates/iptables-rules.v4.j2 | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/iptables/defaults/main.yml b/iptables/defaults/main.yml
index b569ae84..1adb1863 100644
--- a/iptables/defaults/main.yml
+++ b/iptables/defaults/main.yml
@@ -40,3 +40,6 @@
 
 #iptables_default_policy: REJECT
 iptables_default_policy: ACCEPT
+ganglia_enabled: False
+nagios_enabled: False
+
diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index 9d970de4..477190c5 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -133,6 +133,7 @@
 {% endif %}
 {% endif %}
 
+{% if nagios_enabled %}
 {% if nagios_monitoring_server_ip is defined %}
 {% for ip in nagios_monitoring_server_ip %}
 # Nagios NRPE
@@ -141,6 +142,7 @@
 -A INPUT -s {{ ip }} -p udp -m udp --dport 123 -j ACCEPT
 {% endfor %}
 {% endif %}
+{% endif %}
 
 {% if munin_server is defined and configure_munin is defined and configure_munin %}
 {% for ip in munin_server %}
@@ -149,6 +151,7 @@
 {% endfor %}
 {% endif %}
 
+{% if ganglia_enabled %}
 {% if ganglia_gmond_cluster_port is defined %}
 # Ganglia
 {% if ganglia_gmond_use_jmxtrans is not defined or not ganglia_gmond_use_jmxtrans %}
@@ -160,6 +163,7 @@
 -A INPUT -m state --state NEW -s {{ ganglia_gmetad_host }} -p tcp -m tcp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
 -A INPUT -s {{ ganglia_gmetad_host }} -p udp -m udp --dport {{ ganglia_gmond_cluster_port }}  -j ACCEPT
 {% endif %}
+{% endif %}
 
 {% if postfix_relay_server is defined and postfix_relay_server %}
 #