From cecd788e63d6911eb80a1c247597aeff1840c80e Mon Sep 17 00:00:00 2001
From: Karol Babioch <kbabioch@suse.de>
Date: Nov 14 2019 15:35:46 +0000
Subject: Create a monitoring service and use it within the heroes zone


Specifying ports directly does not work, so we have to do an indirection
by specifying a custom service for monitoring.

---

diff --git a/pillar/id/slimhat_infra_opensuse_org.sls b/pillar/id/slimhat_infra_opensuse_org.sls
index ee91935..20fd2cb 100644
--- a/pillar/id/slimhat_infra_opensuse_org.sls
+++ b/pillar/id/slimhat_infra_opensuse_org.sls
@@ -25,6 +25,16 @@ firewalld:
   LogDenied: 'off'
   default_zone: public
 
+  services:
+    monitoring:
+      short: monitoring
+      description: >-
+        These ports are required for monitoring based on check_mk & NRPE.
+      ports:
+        tcp:
+          - 5665
+          - 6556
+
   zones:
     heroes-internal:
       short: heroes-internal
@@ -34,10 +44,7 @@ firewalld:
         - tun0
       services:
         - ssh
-      ports:
-        tcp:
-          - 5666
-          - 6556
+        - monitoring
     heroes-external:
       short: heroes-external
       description: >-