* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet: (57 commits)
make plugin-conf.d file match bind_views
add bind_views plugin
and again with the paths
and clean up the paths
some class reshuffling
ignore bind plugin as well
um, use the right syntax
add group statement
add bind munin-node
arg, ruby strings
not node, hostname
not mx, mta
and get the path right
change plugin.conf to template
liszt doesn't have Debian-exim
correct group for mail.log
and the samhain ignores for them
a few more munin plugins, although I dislike the placement of the spamassassin one
add spamd test
and samhain ignore it
...
FileTest.exist?("/usr/sbin/policyd-weight")
end
end
+Facter.add("vsftpd") do
+ setcode do
+ FileTest.exist?("/usr/sbin/vsftpd")
+ end
+end
+Facter.add("spamd") do
+ setcode do
+ FileTest.exist?("/usr/sbin/spamd")
+ end
+end
# maybe wait for rietz to be upgraded to lenny
-# case $hostname {
-# rietz,raff,klecker:
-# { include named-secondary }
-# default: {}
-# }
+ case $hostname {
+ rietz,raff,klecker:
+ { include named::secondary }
+ default: {}
+ }
case $hostname {
geo1,geo2,geo3:
{
- include geodns
+ include named::geodns
include ntp::server
}
default: {
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+<VirtualHost *:80>
+ ServerAdmin debian-admin@debian.org
+
+ ErrorLog /var/log/apache2/error.log
+ CustomLog /var/log/apache2/access.log combined
+
+ DocumentRoot /srv/www/default.debian.org/htdocs
+
+ Alias /debian /org/mirrors/ftp.debian.org/ftp
+ HostnameLookups Off
+ UseCanonicalName Off
+ ServerSignature On
+ <IfModule mod_userdir.c>
+ UserDir disabled
+ </IfModule>
+</VirtualHost>
+# vim:set syn=apache:
-define enable_module($module) {
- exec { "/usr/sbin/a2enmod $module": }
-}
-
class apache2 {
include munin-node::apache
package {
- apache2: ensure => installed;
- logrotate: ensure => installed;
+ "apache2": ensure => installed;
+ "logrotate": ensure => installed;
+ }
+
+ define enable_module($ensure=present) {
+ case $ensure {
+ present: {
+ exec { "/usr/sbin/a2enmod $name":
+ unless => "/bin/sh -c '[ -L /etc/apache2/mods-enabled/${name}.load ]'",
+ notify => Exec["force-reload-apache2"],
+ }
+ }
+ absent: {
+ exec { "/usr/sbin/a2dismod $name":
+ onlyif => "/bin/sh -c '[ -L /etc/apache2/mods-enabled/${name}.load ]'",
+ notify => Exec["force-reload-apache2"],
+ }
+ }
+ default: { err ( "Unknown ensure value: '$ensure'" ) }
+ }
}
enable_module {
- "info": module => info;
- "status": module => status;
+ "info":;
+ "status":;
}
file {
"/etc/apache2/conf.d/ressource-limits":
content => template("apache2/ressource-limits.erb"),
require => Package["apache2"],
- notify => Exec["apache2 reload"];
+ notify => Exec["reload-apache2"];
"/etc/apache2/conf.d/security":
source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/security",
"puppet:///apache2/common/etc/apache2/conf.d/security" ],
require => Package["apache2"],
- notify => Exec["apache2 reload"];
+ notify => Exec["reload-apache2"];
"/etc/apache2/conf.d/local-serverinfo":
source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/local-serverinfo",
"puppet:///apache2/common/etc/apache2/conf.d/local-serverinfo" ],
require => Package["apache2"],
- notify => Exec["apache2 reload"];
+ notify => Exec["reload-apache2"];
"/etc/apache2/conf.d/server-status":
source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/server-status",
"puppet:///apache2/common/etc/apache2/conf.d/server-status" ],
require => Package["apache2"],
- notify => Exec["apache2 reload"];
+ notify => Exec["reload-apache2"];
"/etc/apache2/sites-available/default-debian.org":
source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/default-debian.org",
"puppet:///apache2/common/etc/apache2/sites-available/default-debian.org" ],
require => Package["apache2"],
- notify => Exec["apache2 reload"];
+ notify => Exec["reload-apache2"];
"/etc/logrotate.d/apache2":
source => [ "puppet:///apache2/per-host/$fqdn/etc/logrotate.d/apache2",
# ensure => directory;
}
- exec { "apache2 reload":
- path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
- refreshonly => true,
+ exec { "reload-apache2":
+ command => "/etc/init.d/apache2 reload",
+ refreshonly => true,
+ }
+
+ exec { "force-reload-apache2":
+ command => "/etc/init.d/apache2 force-reload",
+ refreshonly => true,
}
}
source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org",
"puppet:///apache2/common/etc/apache2/sites-available/security.debian.org" ],
require => Package["apache2"],
- notify => Exec["apache2 reload"];
+ notify => Exec["reload-apache2"];
}
class exim {
+ activate_munin_check {
+ "ps_exim4": script => "ps_";
+ "exim_mailqueue":;
+ "exim_mailstats":;
+ "postfix_mailqueue": ensure => absent;
+ "postfix_mailstats": ensure => absent;
+ "postfix_mailvolume": ensure => absent;
+ }
+
package { exim4-daemon-heavy: ensure => installed }
{${lookup{$local_part}lsearch{/etc/exim4/callout_users}{$local_part}{}} : \
${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-callout}{$local_part}{}}}}
!hosts = +debianhosts : WHITELIST
- !verify = sender/callout
+ !verify = sender/callout=90s,maxwait=300s
'
end
out
+++ /dev/null
-#
-# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-#
-from="82.195.75.106,2001:41b8:202:deb:216:36ff:fe40:3906",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2cJCkmggW6TD0UPJP9lelDno8qbYGXPeYE4+QmkqJv8mslcHxmx5tA2TvpJ9qbAUMPOdZf9ihomwPmFzz9UNZH4eDA8F126UUP5DXsh7FC7yVGSBUNdJdYS7m2wtVs8ddhrVdI+8c39D7NVGGjtUCJCWA/3fE65O183Gm+vER65SYR6LfHlEiC2FBROs6qwnjQ0yw194MnU7Jxl/GsTdZ72ArkmcPjuWsVHWtkSTt0hPfgBOyL4vSfBgl2p2eQBXCEPOaPTa1Yr5qfur1+Cj+iwadEmPfRap6rBO3wfIjbXt/KncM2uFrCXuF1TOqQxrs5LSe8dz16vf9Ckf9Ae5wQ== geodnssync@draghi (20090527)
-from="91.103.132.25,2001:4b10:100b::dead:f00d",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApBLc4ZoGTtXDJ1UhgA7NEPdwqibg5BSXZfKPgfM9wn0mZooAlYzVYwNfe08UmDwrGkSjeNphmzpiDFQA27WGLCgAw8SIjunojWKvJwJcDwx2W4OPLByZaVg/wcEivC2h0+xlRc9jFqKL5cOsTnKBuD4nC7r8qnNcWxyeEEJGP4PVb2zgrGhf8UK3bAqYPuQp0pBFo4EPdorxsgThshEWg9eqB94ph7s+YXoccoWh4NlH2TaO9QdjtsWCId6uhfpcrxjhwKRkqdjofKiOhBB3vqHE+Cpe95nKHZAP5JDgqFH/L+pzyOiRqfTeYh2ivaEBl6m5F7C/QlDBOFrOZkEtXQ== geodnssync key for sgran
+++ /dev/null
-//
-// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-//
-
-acl Nagios {
- 192.25.206.33/32;
-};
-
-// Africa
-acl AF {
- country_AO;
- country_BF;
- country_BI;
- country_BJ;
- country_BW;
- country_CD;
- country_CF;
- country_CG;
- country_CI;
- country_CM;
- country_CV;
- country_DJ;
- country_DZ;
- country_EG;
- country_EH;
- country_ER;
- country_ET;
- country_GA;
- country_GH;
- country_GM;
- country_GN;
- country_GQ;
- country_GW;
- country_KE;
- country_KM;
- country_LR;
- country_LS;
- country_LY;
- country_MA;
- country_MG;
- country_ML;
- country_MR;
- country_MU;
- country_MW;
- country_MZ;
- country_NA;
- country_NE;
- country_NG;
- country_RE;
- country_RW;
- country_SC;
- country_SD;
- country_SH;
- country_SL;
- country_SN;
- country_SO;
- country_ST;
- country_SZ;
- country_TD;
- country_TG;
- country_TN;
- country_TZ;
- country_UG;
- country_YT;
- country_ZA;
- country_ZM;
- country_ZW;
-};
-
-// Asia
-acl AS {
- country_AE;
- country_AF;
- country_AM;
- country_AZ;
- country_BD;
- country_BH;
- country_BN;
- country_BT;
- country_CC;
- country_CN;
- country_CX;
- country_CY;
- country_GE;
- country_HK;
- country_ID;
- country_IL;
- country_IN;
- country_IO;
- country_IQ;
- country_IR;
- country_JO;
- country_JP;
- country_KG;
- country_KH;
- country_KP;
- country_KR;
- country_KW;
- country_KZ;
- country_LA;
- country_LB;
- country_LK;
- country_MM;
- country_MN;
- country_MO;
- country_MV;
- country_MY;
- country_NP;
- country_OM;
- country_PH;
- country_PK;
- country_PS;
- country_QA;
- country_SA;
- country_SG;
- country_SY;
- country_TH;
- country_TJ;
- country_TL;
- country_TM;
- country_TW;
- country_UZ;
- country_VN;
- country_YE;
-};
-
-// Europe
-acl EU {
- country_AD;
- country_AL;
- country_AT;
- country_AX;
- country_BA;
- country_BE;
- country_BG;
- country_BY;
- country_CH;
- country_CZ;
- country_DE;
- country_DK;
- country_EE;
- country_ES;
- country_FI;
- country_FO;
- country_FR;
- country_GB;
- country_GG;
- country_GI;
- country_GR;
- country_HR;
- country_HU;
- country_IE;
- country_IM;
- country_IS;
- country_IT;
- country_JE;
- country_LI;
- country_LT;
- country_LU;
- country_LV;
- country_MC;
- country_MD;
- country_ME;
- country_MK;
- country_MT;
- country_NL;
- country_NO;
- country_PL;
- country_PT;
- country_RO;
- country_RS;
- country_RU;
- country_SE;
- country_SI;
- country_SJ;
- country_SK;
- country_SM;
- country_TR;
- country_UA;
- country_VA;
-};
-
-// North America
-acl NA {
- country_AG;
- country_AI;
- country_AN;
- country_AW;
- country_BB;
- country_BL;
- country_BM;
- country_BS;
- country_BZ;
- country_CA;
- country_CR;
- country_CU;
- country_DM;
- country_DO;
- country_GD;
- country_GL;
- country_GP;
- country_GT;
- country_HN;
- country_HT;
- country_JM;
- country_KN;
- country_KY;
- country_LC;
- country_MF;
- country_MQ;
- country_MS;
- country_MX;
- country_NI;
- country_PA;
- country_PM;
- country_PR;
- country_SV;
- country_TC;
- country_TT;
- country_US;
- country_VC;
- country_VG;
- country_VI;
-};
-
-// South America
-acl SA {
- country_AR;
- country_BO;
- country_BR;
- country_CL;
- country_CO;
- country_EC;
- country_FK;
- country_GF;
- country_GY;
- country_PE;
- country_PY;
- country_SR;
- country_UY;
- country_VE;
-};
-
-// Oceania
-acl OC {
- country_AS;
- country_AU;
- country_CK;
- country_FJ;
- country_FM;
- country_GU;
- country_KI;
- country_MH;
- country_MP;
- country_NC;
- country_NF;
- country_NR;
- country_NU;
- country_NZ;
- country_PF;
- country_PG;
- country_PN;
- country_PW;
- country_SB;
- country_TK;
- country_TO;
- country_TV;
- country_UM;
- country_VU;
- country_WF;
- country_WS;
-};
-
-// Antarctica
-acl AN {
- country_AQ;
- country_BV;
- country_GS;
- country_HM;
- country_TF;
-};
+++ /dev/null
-// This file was created by dsa-geodomains/zonebuilder --create-named-conf
-// and is distributed to hosts using puppet as
-// dsa-puppet/modules/geodns/files/common/named.conf.geo
-// you probably do not want to edit it manually wherever you find it
-
-view "AF" {
- match-clients { AF; };
-
- zone "security.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.AF";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "security.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.AF";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "bugs.debian.org" {
- type master;
- file "/etc/bind/geodns/db.bugs.debian.org.AF";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.AF";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.AF";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "packages.debian.org" {
- type master;
- file "/etc/bind/geodns/db.packages.debian.org.AF";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
-};
-view "AN" {
- match-clients { AN; };
-
- zone "security.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.AN";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "security.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.AN";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "bugs.debian.org" {
- type master;
- file "/etc/bind/geodns/db.bugs.debian.org.AN";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.AN";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.AN";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "packages.debian.org" {
- type master;
- file "/etc/bind/geodns/db.packages.debian.org.AN";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
-};
-view "AS" {
- match-clients { AS; };
-
- zone "security.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.AS";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "security.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.AS";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "bugs.debian.org" {
- type master;
- file "/etc/bind/geodns/db.bugs.debian.org.AS";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.AS";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.AS";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "packages.debian.org" {
- type master;
- file "/etc/bind/geodns/db.packages.debian.org.AS";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
-};
-view "EU" {
- match-clients { EU; };
-
- zone "security.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.EU";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "security.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.EU";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "bugs.debian.org" {
- type master;
- file "/etc/bind/geodns/db.bugs.debian.org.EU";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.EU";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.EU";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "packages.debian.org" {
- type master;
- file "/etc/bind/geodns/db.packages.debian.org.EU";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
-};
-view "NA" {
- match-clients { NA; };
-
- zone "security.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.NA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "security.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.NA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "bugs.debian.org" {
- type master;
- file "/etc/bind/geodns/db.bugs.debian.org.NA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.NA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.NA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "packages.debian.org" {
- type master;
- file "/etc/bind/geodns/db.packages.debian.org.NA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
-};
-view "OC" {
- match-clients { OC; };
-
- zone "security.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.OC";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "security.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.OC";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "bugs.debian.org" {
- type master;
- file "/etc/bind/geodns/db.bugs.debian.org.OC";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.OC";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.OC";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "packages.debian.org" {
- type master;
- file "/etc/bind/geodns/db.packages.debian.org.OC";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
-};
-view "SA" {
- match-clients { SA; };
-
- zone "security.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.SA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "security.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org.SA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "bugs.debian.org" {
- type master;
- file "/etc/bind/geodns/db.bugs.debian.org.SA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.SA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org.SA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "packages.debian.org" {
- type master;
- file "/etc/bind/geodns/db.packages.debian.org.SA";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
-};
-view "default" {
- match-clients { any; };
-
- zone "security.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "security.debian.org" {
- type master;
- file "/etc/bind/geodns/db.security.debian.org";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "bugs.debian.org" {
- type master;
- file "/etc/bind/geodns/db.bugs.debian.org";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.geo.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "www.debian.org" {
- type master;
- file "/etc/bind/geodns/db.www.debian.org";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
- zone "packages.debian.org" {
- type master;
- file "/etc/bind/geodns/db.packages.debian.org";
- notify no;
- allow-query { any; };
- allow-transfer { };
- };
-
-};
+++ /dev/null
-//
-// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-//
-
-include "/etc/bind/named.conf.acl";
-include "/etc/bind/geodns/named.conf.geo";
+++ /dev/null
-//
-// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-//
-
-options {
- directory "/var/cache/bind";
-
- // If there is a firewall between you and nameservers you want
- // to talk to, you may need to fix the firewall to allow multiple
- // ports to talk. See http://www.kb.cert.org/vuls/id/800113
-
- // If your ISP provided one or more IP addresses for stable
- // nameservers, you probably want to use them as forwarders.
- // Uncomment the following block, and insert the addresses replacing
- // the all-0's placeholder.
-
- // forwarders {
- // 0.0.0.0;
- // };
-
- auth-nxdomain no; # conform to RFC1035
- listen-on-v6 { any; };
- allow-query { any; };
- allow-update { none; };
- allow-transfer { none; };
- allow-recursion { Nagios; };
-};
-
-logging {
-
- channel queries {
- file "/var/log/bind9/geoip-query.log" versions 4 size 40m;
- print-time yes;
- print-category yes;
- };
- category queries { queries; };
- category lame-servers { null; };
-
-};
-
-
+++ /dev/null
-#!/bin/bash
-
-#
-# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-#
-
-set -e
-set -u
-
-## Copyright (c) 2005 David B. Harris <dbharris@eelf.ddts.net>
-## Copyright (c) 2005,2009 Peter Palfrader <peter@palfrader.org>
-
-## This text is released under the "three-clause BSD license".
-## The full text of the license is available at the end of this file.
-
-if [ "$#" != 1 ]; then
- echo "Usage: $0 <recvconf.files>" >&2
- exit 1
-fi
-
-FILELIST="$1"
-
-printf "\nrecvconf on %s processing:\n" "$(hostname -s)"
-
-umask 077
-
-temptar="$(mktemp)"
-chmod 0600 "$temptar"
-
-tempscript="$(mktemp)"
-chmod 0600 "$tempscript"
-
-tempdir="$(mktemp -d)"
-
-# Read tarball from STDIN
-gzip -dc > "$temptar"
-
-cd "$tempdir"
-tar xf "$temptar"
-
-copy_and_runcommands() {
-
- local file perms user group precommand postcommand
- file="$1"; perms="$2"; user="$3"; group="$4"; precommand="$5"; postcommand="$6"
-
- if [ -f "$file" ]; then
- if [ -h "$file" ]; then # File should NOT be a symlink
- printf "\`%s' is a symlink, aborting.\n" "$file" >&2
- return 1
- fi
-
- if ! [ "$file" -nt "/$file" ]; then
- rm -f "$file"
- return 0
- fi
-
- if [ -n "$precommand" ]; then
- printf "Running precommand \`%s' for %s\n" "$precommand" "$file" >&2
- eval -- $precommand >&2
- fi
-
- if [ -n "$perms" ]; then
- chmod -- "$perms" "$file"
- else
- printf "Warning, no perms defined for \`%s', assuming 0640.\n" "$file" >&2
- chmod 0640 "$file"
- fi
- if [ -n "$user" ]; then
- chown -- "$user" "$file"
- else
- printf "Warning, no user defined for \`%s', assuming root.\n" "$file" >&2
- chown root "$file"
- fi
- if [ -n "$group" ]; then
- chgrp -- "$group" "$file"
- else
- printf "Warning, no group defined for \`%s', assuming root.\n" "$file" >&2
- chgrp root "$file"
- fi
-
- if [ ! -d "/$(dirname "$file")" ]; then
- printf "Directory \`%s' does not exist, aborting.\n" "$(dirname "$file")" >&2
- exit 1
- fi
-
- cp -a -- "$file" "/$(dirname "$file")" >&2
- ls -l "/$(dirname "$file")/$(basename "$file")" >&2
-
- if [ -n "$postcommand" ]; then
- if ! grep -F -- "$postcommand" "$tempscript" > /dev/null 2>&1; then
- printf "%s\n" "$postcommand" >> "$tempscript"
- fi
- fi
-
- rm -f -- "$file"
- fi
-}
-
-IN=0
-linenum=0
-file=""
-nextfile=""
-
-clear_vars() {
- perms=""; user=""; group=""; precommand=""; postcommand=""
-}
-clear_vars
-
-while read line; do
- linenum="$(($linenum + 1))"
-
- if printf "%s\n" "$line" | grep -E '^[[:space:]]*$' > /dev/null 2>&1; then
- ## This line is an empty line; skip it
- continue
- elif printf "%s" "$line" | grep -E '^[[:space:]]*#' > /dev/null 2>&1; then
- ## This line is a comment; skip it
- continue
- fi
-
- ## IN=0, so we're out of a stanza: better get a file declaration next
- if [ "$IN" = "0" ] && ! printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then
- printf "Error on line %s, file declaration expected. Got\n\t%s\n" "$linenum" "$line" >&2
- exit 1
- elif [ "$IN" = 0 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then
- ## Okay, we're just starting out; set $file and move on
- file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
- IN=1
- continue
- elif [ "$IN" = 1 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then
- ## Okay, not only are we at a file declaration, but this isn't our first one. Run the commands to process
- ## the file, then set a $file to the new value and continue parsing.
- [ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand"
- file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
- clear_vars
- continue
- fi
-
- ## The last two if blocks weren't processed; thus this isn't a comment, a blank line, and we're in the middle of a stanza
- if printf "%s" "$line" | grep -E '^[[:space:]]*perms[[:space:]]' > /dev/null 2>&1; then
- perms="$(printf "%s" "$line" | sed -e 's/[[:space:]]*perms[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
- continue
- elif printf "%s" "$line" | grep -E '^[[:space:]]*user[[:space:]]' > /dev/null 2>&1; then
- user="$(printf "%s" "$line" | sed -e 's/[[:space:]]*user[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
- continue
- elif printf "%s" "$line" | grep -E '^[[:space:]]*group[[:space:]]' > /dev/null 2>&1; then
- group="$(printf "%s" "$line" | sed -e 's/[[:space:]]*group[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
- continue
- elif printf "%s" "$line" | grep -E '^[[:space:]]*precommand[[:space:]]' > /dev/null 2>&1; then
- precommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*precommand[[:space:]]\+\([^[:space:]#]*\)/\1/')"
- continue
- elif printf "%s" "$line" | grep -E '^[[:space:]]*postcommand[[:space:]]' > /dev/null 2>&1; then
- postcommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*postcommand[[:space:]]\+\([^[:space:]#]*\)/\1/')"
- continue
- else
- printf "Unknown token at line %s:\n\t%s\n" "$linenum" "$line"
- fi
-
-done < "$FILELIST"
-
-## This is the last stanza and the above loop has set the variables, but hasn't yet processed the file
-[ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand"
-
-if [ -s "$tempscript" ]; then
- tempoutput="$(mktemp)"
- ## Post-copying commands to be run, run them here. Only display output if they exit with $? > 0
- while read command; do
- printf "Running postcommand \`%s' on %s.\n" "$command" "$(hostname -s)" >&2
- if ! eval -- "(cd / && env -i $command)" > "$tempoutput" 2>&1; then
- printf "Error, postcommand \`%s' on %s failed. Output follows:\n" "$command" "$(hostname -s)" >&2
- cat -- "$tempoutput" >&2
- exit 1
- fi
- done < "$tempscript"
- rm -f -- "$tempoutput"
-fi
-
-# Check for any leftover files here; if there are any, exit with an error and print the list
-if [ ! -z "$(find . -type f)" ]; then
- printf "The following files were not listed in $FILELIST:\n%s\n" "$(find . -type f)" >&2
- exit 1
-fi
-
-rm -f -- "$temptar"
-rm -f -- "$tempscript"
-cd
-rm -rf -- "$tempdir"
-
-printf "recvconf on %s finished.\n" "$(hostname -s)"
-
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions are
-## met:
-##
-## * Redistributions of source code must retain the above copyright
-## notice, this list of conditions and the following disclaimer.
-##
-## * Redistributions in binary form must reproduce the above
-## copyright notice, this list of conditions and the following disclaimer
-## in the documentation and/or other materials provided with the
-## distribution.
-##
-## * Neither the names of the copyright owners nor the names of its
-## contributors may be used to endorse or promote products derived from
-## this software without specific prior written permission.
-##
-## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-## A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-## OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-## DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-## THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-## OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+++ /dev/null
-# This file was created by dsa-geodomains/zonebuilder --create-recvconf-conf
-# and is distributed to hosts using puppet as
-# dsa-puppet/modules/geodns/files/common/recvconf.files
-# you probably do not want to edit it manually wherever you find it
-
-file etc/bind/geodns/db.bugs.debian.org.AN
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AN
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.bugs.debian.org.SA
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.SA
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.bugs.debian.org.OC
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.OC
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.bugs.debian.org.AS
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AS
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.bugs.debian.org.AF
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AF
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.bugs.debian.org
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.bugs.debian.org.EU
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.EU
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.bugs.debian.org.NA
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.NA
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.packages.debian.org.AN
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AN
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.packages.debian.org.SA
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.SA
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.packages.debian.org.OC
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.OC
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.packages.debian.org.AS
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AS
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.packages.debian.org.AF
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AF
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.packages.debian.org
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.packages.debian.org.EU
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.EU
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.packages.debian.org.NA
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.NA
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.security.debian.org.AN
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AN
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.security.debian.org.SA
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.SA
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.security.debian.org.OC
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.OC
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.security.debian.org.AS
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AS
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.security.debian.org.AF
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AF
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.security.debian.org
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.security.debian.org.EU
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.EU
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.security.debian.org.NA
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.NA
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.www.debian.org.AN
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AN
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.www.debian.org.SA
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.SA
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.www.debian.org.OC
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.OC
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.www.debian.org.AS
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AS
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.www.debian.org.AF
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AF
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.www.debian.org
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.www.debian.org.EU
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.EU
- postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.www.debian.org.NA
- perms 0644
- user geodnssync
- group geodnssync
- precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.NA
- postcommand sudo /etc/init.d/bind9 reload
+++ /dev/null
-class geodns {
-
- package {
- bind9: ensure => installed;
- }
-
- file {
- "/etc/apt/sources.list.d/geoip.list":
- content => template("debian-org/etc/apt/sources.list.d/geoip.list.erb"),
- notify => Exec["apt-get update"],
- ;
- "/etc/bind/named.conf.local":
- source => [ "puppet:///geodns/per-host/$fqdn/named.conf.local",
- "puppet:///geodns/common/named.conf.local" ],
- require => Package["bind9"],
- notify => Exec["bind9 restart"],
- owner => root,
- group => root,
- ;
- "/etc/bind/named.conf.acl":
- source => [ "puppet:///geodns/per-host/$fqdn/named.conf.acl",
- "puppet:///geodns/common/named.conf.acl" ],
- require => Package["bind9"],
- notify => Exec["bind9 restart"],
- owner => root,
- group => root,
- ;
- "/etc/bind/named.conf.options":
- source => [ "puppet:///geodns/per-host/$fqdn/named.conf.options",
- "puppet:///geodns/common/named.conf.options" ],
- require => Package["bind9"],
- notify => Exec["bind9 restart"],
- owner => root,
- group => root,
- ;
-
- "/etc/bind/geodns":
- ensure => directory,
- owner => root,
- group => geodnssync,
- mode => 775,
- ;
- "/etc/bind/geodns/named.conf.geo":
- source => [ "puppet:///geodns/per-host/$fqdn/named.conf.geo",
- "puppet:///geodns/common/named.conf.geo" ],
- require => Package["bind9"],
- notify => Exec["bind9 restart"],
- owner => root,
- group => root,
- ;
- "/etc/bind/geodns/recvconf":
- source => [ "puppet:///geodns/per-host/$fqdn/recvconf",
- "puppet:///geodns/common/recvconf" ],
- owner => root,
- group => root,
- mode => 555,
- ;
- "/etc/bind/geodns/recvconf.files":
- source => [ "puppet:///geodns/per-host/$fqdn/recvconf.files",
- "puppet:///geodns/common/recvconf.files" ],
- owner => root,
- group => root,
- mode => 444,
- ;
-
- "/usr/share/GeoIP/GeoIPv6.dat":
- source => [ "puppet:///geodns/per-host/$fqdn/GeoIPv6.dat",
- "puppet:///geodns/common/GeoIPv6.dat" ],
- owner => root,
- group => root,
- mode => 444,
- ;
-
- "/etc/ssh/userkeys/geodnssync":
- source => [ "puppet:///geodns/per-host/$fqdn/authorized_keys",
- "puppet:///geodns/common/authorized_keys" ],
- owner => root,
- group => geodnssync,
- mode => 440,
- ;
- "/var/log/bind9":
- ensure => directory,
- owner => bind,
- group => bind,
- mode => 775,
- ;
- }
-
- exec {
- "bind9 restart":
- path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
- refreshonly => true,
- ;
- }
-}
-
-# vim: set fdm=marker ts=8 sw=8 et:
class munin-node::apache inherits munin-node {
- activate_munin_check { "apache_accesses" }
- activate_munin_check { "apache_processes" }
- activate_munin_check { "apache_volume" }
+ activate_munin_check {
+ "apache_accesses":;
+ "apache_processes":;
+ "apache_volume":;
+ "apache_servers":;
+ "ps_apache2": script => "ps_";
+ }
}
--- /dev/null
+class munin-node::bind inherits munin-node {
+ activate_munin_check {
+ "bind":;
+ }
+}
+
-define activate_munin_check($script) {
- file { "/etc/munin/plugins/$script":
- ensure => "/usr/share/munin/plugins/$script",
- notify => Exec["munin-node restart"];
+define activate_munin_check($ensure=present, script=$name) {
+ case $script {
+ "": { $base = $name }
+ default: { $base = $script }
+ }
+
+ case $ensure {
+ present: {
+ file { "/etc/munin/plugins/$name":
+ ensure => "/usr/share/munin/plugins/$base",
+ notify => Exec["munin-node restart"];
+ }
+ }
+ default: {
+ file { "/etc/munin/plugins/$name":
+ ensure => $ensure,
+ notify => Exec["munin-node restart"];
+ }
}
+ }
}
class munin-node {
package { munin-node: ensure => installed }
- file { "/etc/munin/munin-node.conf":
- source => [ "puppet:///munin-node/per-host/$fqdn/munin-node.conf",
- "puppet:///munin-node/common/munin-node.conf" ],
- require => Package["munin-node"],
- notify => Exec["munin-node restart"],
+ activate_munin_check {
+ "cpu":;
+ "df":;
+ "df_abs":;
+ "df_inode":;
+ "entropy":;
+ "forks":;
+ "interrupts":;
+ "iostat":;
+ "irqstats":;
+ "load":;
+ "memory":;
+ "ntp_offset":;
+ "ntp_states":;
+ "open_files":;
+ "open_inodes":;
+ "processes":;
+ "swap":;
+ "uptime":;
+ "vmstat":;
+ }
+
+ case $spamd {
+ "true": {
+ activate_munin_check { "spamassassin":; }
+ }
+ }
+
+ file {
+ "/etc/munin/munin-node.conf":
+ source => [ "puppet:///munin-node/per-host/$fqdn/munin-node.conf",
+ "puppet:///munin-node/common/munin-node.conf" ],
+ require => Package["munin-node"],
+ notify => Exec["munin-node restart"];
+
+ "/etc/munin/plugin-conf.d/munin-node":
+ content => template("munin-node/munin-node.plugin.conf.erb"),
+ require => Package["munin-node"],
+ notify => Exec["munin-node restart"];
}
exec { "munin-node restart":
--- /dev/null
+class munin-node::vsftpd inherits munin-node {
+ activate_munin_check {
+ "vsftpd":;
+ "ps_vsftpd": script => "ps_";
+ }
+}
+
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+[apt]
+user root
+
+[courier_mta_mailqueue]
+group daemon
+
+[courier_mta_mailstats]
+group adm, maillog
+
+[courier_mta_mailvolume]
+group adm, maillog
+
+[cps*]
+user root
+<%=
+out = ""
+if mta == "exim4"
+ out="
+[exim_mail*]
+user Debian-exim
+group maillog"
+end
+out
+%>
+
+[fw_conntrack]
+user root
+
+[fw_forwarded_local]
+user root
+
+[hddtemp_smartctl]
+user root
+
+[if_*]
+user root
+
+[if_err_*]
+user nobody
+
+[ip_*]
+user root
+
+[mysql*]
+user root
+env.mysqlopts --defaults-extra-file=/etc/mysql/debian.cnf
+
+<%=
+out = ""
+if mta == "postfix"
+ out="
+[postfix_mailqueue]
+user postfix
+
+[postfix_mailstats]
+group adm, maillog
+
+[postfix_mailvolume]
+group adm, maillog
+env.logfile mail.log"
+end
+out
+%>
+
+[smart_*]
+user root
+
+[vlan*]
+user root
+
+[spamassassin]
+group maillog
+
+[bind*]
+<%=
+out = case hostname
+ when "geo1","geo2","geo3" then "group bind
+env.logfile /var/log/bind9/geoip-query.log"
+ else "group adm"
+end
+out
+%>
+++ /dev/null
-//
-// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-//
-
-// Slave domains, includ in bind.conf
-
-// NOT USED YET - SYNC UP WITH dsa-misc/config/bind/ before enabling finally
-
-zone "debian.org" {
- type slave;
- notify no;
- file "db.debian.org";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-
-zone "debian.net" {
- type slave;
- notify no;
- file "db.debian.net";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-
-zone "mirror.debian.net" {
- type slave;
- notify no;
- file "db.mirror.debian.net";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-
-zone "rbl.debian.net" {
- type slave;
- notify no;
- file "db.rbl.debian.net";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-
-zone "debian.com" {
- type slave;
- notify no;
- file "db.debian.com";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-
-zone "alioth.debian.org" {
- type slave;
- notify no;
- file "db.alioth.debian.org";
- masters {
- 217.196.43.134;
- };
- allow-query { any; };
- allow-transfer { };
-};
-
-
-// debian rack with sil.at
-zone "144-28.118.59.86.in-addr.arpa" {
- type slave;
- notify no;
- file "db.86.59.118.144";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-zone "2.0.0.0.2.0.0.0.8.5.8.0.1.0.0.2.ip6.arpa" {
- type slave;
- notify no;
- file "db.2001:0858:0002:0002";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-
-// ipv6 at 1&1 - powell: 2001:08d8:0081:1520::/60
-zone "2.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa" {
- type slave;
- notify no;
- file "db.2001:08d8:0081:1520";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-// ipv6 at 1&1 - puccini 2001:08d8:0081:15a0::/60
-zone "a.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa" {
- type slave;
- notify no;
- file "db.2001:08d8:0081:15a0";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-// ipv6 at 1&1 - wieck and schumann
-zone "2.6.a.0.4.6.5.6.1.0.0.0.2.0.0.0.8.d.8.0.1.0.0.2.ip6.arpa" {
- type slave;
- notify no;
- file "db.2001:8d8:2:1:6564:0a62";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-
-// ipv6 at xs4all - klecker 2001:888:2000:12::/64
-zone "2.1.0.0.0.0.0.2.8.8.8.0.1.0.0.2.ip6.arpa" {
- type slave;
- notify no;
- file "db.2001:888:2000:12";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-
-// 19.12.206.in-addr.arpa zone - reverse zone for 206.12.19/24 - debian at UBC/ECE
-zone "19.12.206.in-addr.arpa" {
- type slave;
- notify no;
- file "db.206.12.19";
- masters {
- 82.195.75.106; // draghi
- 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
- };
- allow-query { any; };
- allow-transfer { };
-};
-// vim:set syn=named:
+++ /dev/null
-class named-secondary {
- file { "/etc/bind/named.conf.debian-zones":
- source => [ "puppet:///named-secondary/per-host/$fqdn/named.conf.debian-zones",
- "puppet:///named-secondary/common/named.conf.debian-zones" ],
- notify => Exec["bind9 reload"],
- }
-
- exec { "bind9 reload":
- path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
- refreshonly => true,
- }
-}
-
--- /dev/null
+#
+# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+#
+from="82.195.75.106,2001:41b8:202:deb:216:36ff:fe40:3906",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2cJCkmggW6TD0UPJP9lelDno8qbYGXPeYE4+QmkqJv8mslcHxmx5tA2TvpJ9qbAUMPOdZf9ihomwPmFzz9UNZH4eDA8F126UUP5DXsh7FC7yVGSBUNdJdYS7m2wtVs8ddhrVdI+8c39D7NVGGjtUCJCWA/3fE65O183Gm+vER65SYR6LfHlEiC2FBROs6qwnjQ0yw194MnU7Jxl/GsTdZ72ArkmcPjuWsVHWtkSTt0hPfgBOyL4vSfBgl2p2eQBXCEPOaPTa1Yr5qfur1+Cj+iwadEmPfRap6rBO3wfIjbXt/KncM2uFrCXuF1TOqQxrs5LSe8dz16vf9Ckf9Ae5wQ== geodnssync@draghi (20090527)
+from="91.103.132.25,2001:4b10:100b::dead:f00d",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApBLc4ZoGTtXDJ1UhgA7NEPdwqibg5BSXZfKPgfM9wn0mZooAlYzVYwNfe08UmDwrGkSjeNphmzpiDFQA27WGLCgAw8SIjunojWKvJwJcDwx2W4OPLByZaVg/wcEivC2h0+xlRc9jFqKL5cOsTnKBuD4nC7r8qnNcWxyeEEJGP4PVb2zgrGhf8UK3bAqYPuQp0pBFo4EPdorxsgThshEWg9eqB94ph7s+YXoccoWh4NlH2TaO9QdjtsWCId6uhfpcrxjhwKRkqdjofKiOhBB3vqHE+Cpe95nKHZAP5JDgqFH/L+pzyOiRqfTeYh2ivaEBl6m5F7C/QlDBOFrOZkEtXQ== geodnssync key for sgran
--- /dev/null
+//
+// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+//
+
+acl Nagios {
+ 192.25.206.33/32;
+};
+
+// Africa
+acl AF {
+ country_AO;
+ country_BF;
+ country_BI;
+ country_BJ;
+ country_BW;
+ country_CD;
+ country_CF;
+ country_CG;
+ country_CI;
+ country_CM;
+ country_CV;
+ country_DJ;
+ country_DZ;
+ country_EG;
+ country_EH;
+ country_ER;
+ country_ET;
+ country_GA;
+ country_GH;
+ country_GM;
+ country_GN;
+ country_GQ;
+ country_GW;
+ country_KE;
+ country_KM;
+ country_LR;
+ country_LS;
+ country_LY;
+ country_MA;
+ country_MG;
+ country_ML;
+ country_MR;
+ country_MU;
+ country_MW;
+ country_MZ;
+ country_NA;
+ country_NE;
+ country_NG;
+ country_RE;
+ country_RW;
+ country_SC;
+ country_SD;
+ country_SH;
+ country_SL;
+ country_SN;
+ country_SO;
+ country_ST;
+ country_SZ;
+ country_TD;
+ country_TG;
+ country_TN;
+ country_TZ;
+ country_UG;
+ country_YT;
+ country_ZA;
+ country_ZM;
+ country_ZW;
+};
+
+// Asia
+acl AS {
+ country_AE;
+ country_AF;
+ country_AM;
+ country_AZ;
+ country_BD;
+ country_BH;
+ country_BN;
+ country_BT;
+ country_CC;
+ country_CN;
+ country_CX;
+ country_CY;
+ country_GE;
+ country_HK;
+ country_ID;
+ country_IL;
+ country_IN;
+ country_IO;
+ country_IQ;
+ country_IR;
+ country_JO;
+ country_JP;
+ country_KG;
+ country_KH;
+ country_KP;
+ country_KR;
+ country_KW;
+ country_KZ;
+ country_LA;
+ country_LB;
+ country_LK;
+ country_MM;
+ country_MN;
+ country_MO;
+ country_MV;
+ country_MY;
+ country_NP;
+ country_OM;
+ country_PH;
+ country_PK;
+ country_PS;
+ country_QA;
+ country_SA;
+ country_SG;
+ country_SY;
+ country_TH;
+ country_TJ;
+ country_TL;
+ country_TM;
+ country_TW;
+ country_UZ;
+ country_VN;
+ country_YE;
+};
+
+// Europe
+acl EU {
+ country_AD;
+ country_AL;
+ country_AT;
+ country_AX;
+ country_BA;
+ country_BE;
+ country_BG;
+ country_BY;
+ country_CH;
+ country_CZ;
+ country_DE;
+ country_DK;
+ country_EE;
+ country_ES;
+ country_FI;
+ country_FO;
+ country_FR;
+ country_GB;
+ country_GG;
+ country_GI;
+ country_GR;
+ country_HR;
+ country_HU;
+ country_IE;
+ country_IM;
+ country_IS;
+ country_IT;
+ country_JE;
+ country_LI;
+ country_LT;
+ country_LU;
+ country_LV;
+ country_MC;
+ country_MD;
+ country_ME;
+ country_MK;
+ country_MT;
+ country_NL;
+ country_NO;
+ country_PL;
+ country_PT;
+ country_RO;
+ country_RS;
+ country_RU;
+ country_SE;
+ country_SI;
+ country_SJ;
+ country_SK;
+ country_SM;
+ country_TR;
+ country_UA;
+ country_VA;
+};
+
+// North America
+acl NA {
+ country_AG;
+ country_AI;
+ country_AN;
+ country_AW;
+ country_BB;
+ country_BL;
+ country_BM;
+ country_BS;
+ country_BZ;
+ country_CA;
+ country_CR;
+ country_CU;
+ country_DM;
+ country_DO;
+ country_GD;
+ country_GL;
+ country_GP;
+ country_GT;
+ country_HN;
+ country_HT;
+ country_JM;
+ country_KN;
+ country_KY;
+ country_LC;
+ country_MF;
+ country_MQ;
+ country_MS;
+ country_MX;
+ country_NI;
+ country_PA;
+ country_PM;
+ country_PR;
+ country_SV;
+ country_TC;
+ country_TT;
+ country_US;
+ country_VC;
+ country_VG;
+ country_VI;
+};
+
+// South America
+acl SA {
+ country_AR;
+ country_BO;
+ country_BR;
+ country_CL;
+ country_CO;
+ country_EC;
+ country_FK;
+ country_GF;
+ country_GY;
+ country_PE;
+ country_PY;
+ country_SR;
+ country_UY;
+ country_VE;
+};
+
+// Oceania
+acl OC {
+ country_AS;
+ country_AU;
+ country_CK;
+ country_FJ;
+ country_FM;
+ country_GU;
+ country_KI;
+ country_MH;
+ country_MP;
+ country_NC;
+ country_NF;
+ country_NR;
+ country_NU;
+ country_NZ;
+ country_PF;
+ country_PG;
+ country_PN;
+ country_PW;
+ country_SB;
+ country_TK;
+ country_TO;
+ country_TV;
+ country_UM;
+ country_VU;
+ country_WF;
+ country_WS;
+};
+
+// Antarctica
+acl AN {
+ country_AQ;
+ country_BV;
+ country_GS;
+ country_HM;
+ country_TF;
+};
--- /dev/null
+//
+// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+//
+
+// Slave domains, includ in bind.conf
+
+// NOT USED YET - SYNC UP WITH dsa-misc/config/bind/ before enabling finally
+
+zone "debian.org" {
+ type slave;
+ notify no;
+ file "db.debian.org";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+zone "debian.net" {
+ type slave;
+ notify no;
+ file "db.debian.net";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+zone "mirror.debian.net" {
+ type slave;
+ notify no;
+ file "db.mirror.debian.net";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+zone "rbl.debian.net" {
+ type slave;
+ notify no;
+ file "db.rbl.debian.net";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+zone "debian.com" {
+ type slave;
+ notify no;
+ file "db.debian.com";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+zone "alioth.debian.org" {
+ type slave;
+ notify no;
+ file "db.alioth.debian.org";
+ masters {
+ 217.196.43.134;
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+
+// debian rack with sil.at
+zone "144-28.118.59.86.in-addr.arpa" {
+ type slave;
+ notify no;
+ file "db.86.59.118.144";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+zone "2.0.0.0.2.0.0.0.8.5.8.0.1.0.0.2.ip6.arpa" {
+ type slave;
+ notify no;
+ file "db.2001:0858:0002:0002";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+// ipv6 at 1&1 - powell: 2001:08d8:0081:1520::/60
+zone "2.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa" {
+ type slave;
+ notify no;
+ file "db.2001:08d8:0081:1520";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+// ipv6 at 1&1 - puccini 2001:08d8:0081:15a0::/60
+zone "a.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa" {
+ type slave;
+ notify no;
+ file "db.2001:08d8:0081:15a0";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+// ipv6 at 1&1 - wieck and schumann
+zone "2.6.a.0.4.6.5.6.1.0.0.0.2.0.0.0.8.d.8.0.1.0.0.2.ip6.arpa" {
+ type slave;
+ notify no;
+ file "db.2001:8d8:2:1:6564:0a62";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+// ipv6 at xs4all - klecker 2001:888:2000:12::/64
+zone "2.1.0.0.0.0.0.2.8.8.8.0.1.0.0.2.ip6.arpa" {
+ type slave;
+ notify no;
+ file "db.2001:888:2000:12";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+// 19.12.206.in-addr.arpa zone - reverse zone for 206.12.19/24 - debian at UBC/ECE
+zone "19.12.206.in-addr.arpa" {
+ type slave;
+ notify no;
+ file "db.206.12.19";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+// vim:set syn=named:
--- /dev/null
+// This file was created by dsa-geodomains/zonebuilder --create-named-conf
+// and is distributed to hosts using puppet as
+// dsa-puppet/modules/geodns/files/common/named.conf.geo
+// you probably do not want to edit it manually wherever you find it
+
+view "AF" {
+ match-clients { AF; };
+
+ zone "security.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "bugs.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.bugs.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "packages.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.packages.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+};
+view "AN" {
+ match-clients { AN; };
+
+ zone "security.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "bugs.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.bugs.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "packages.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.packages.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+};
+view "AS" {
+ match-clients { AS; };
+
+ zone "security.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "bugs.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.bugs.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "packages.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.packages.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+};
+view "EU" {
+ match-clients { EU; };
+
+ zone "security.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "bugs.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.bugs.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "packages.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.packages.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+};
+view "NA" {
+ match-clients { NA; };
+
+ zone "security.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "bugs.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.bugs.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "packages.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.packages.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+};
+view "OC" {
+ match-clients { OC; };
+
+ zone "security.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "bugs.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.bugs.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "packages.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.packages.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+};
+view "SA" {
+ match-clients { SA; };
+
+ zone "security.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "bugs.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.bugs.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "packages.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.packages.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+};
+view "default" {
+ match-clients { any; };
+
+ zone "security.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "bugs.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.bugs.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "packages.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.packages.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+};
--- /dev/null
+//
+// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+//
+
+include "/etc/bind/named.conf.acl";
+include "/etc/bind/geodns/named.conf.geo";
--- /dev/null
+//
+// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+//
+
+options {
+ directory "/var/cache/bind";
+
+ // If there is a firewall between you and nameservers you want
+ // to talk to, you may need to fix the firewall to allow multiple
+ // ports to talk. See http://www.kb.cert.org/vuls/id/800113
+
+ // If your ISP provided one or more IP addresses for stable
+ // nameservers, you probably want to use them as forwarders.
+ // Uncomment the following block, and insert the addresses replacing
+ // the all-0's placeholder.
+
+ // forwarders {
+ // 0.0.0.0;
+ // };
+
+ auth-nxdomain no; # conform to RFC1035
+ listen-on-v6 { any; };
+ allow-query { any; };
+ allow-update { none; };
+ allow-transfer { none; };
+ allow-recursion { Nagios; };
+};
+
+logging {
+
+ channel queries {
+ file "/var/log/bind9/geoip-query.log" versions 4 size 40m;
+ print-time yes;
+ print-category yes;
+ };
+ category queries { queries; };
+ category lame-servers { null; };
+
+};
+
+
--- /dev/null
+#!/bin/bash
+
+#
+# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+#
+
+set -e
+set -u
+
+## Copyright (c) 2005 David B. Harris <dbharris@eelf.ddts.net>
+## Copyright (c) 2005,2009 Peter Palfrader <peter@palfrader.org>
+
+## This text is released under the "three-clause BSD license".
+## The full text of the license is available at the end of this file.
+
+if [ "$#" != 1 ]; then
+ echo "Usage: $0 <recvconf.files>" >&2
+ exit 1
+fi
+
+FILELIST="$1"
+
+printf "\nrecvconf on %s processing:\n" "$(hostname -s)"
+
+umask 077
+
+temptar="$(mktemp)"
+chmod 0600 "$temptar"
+
+tempscript="$(mktemp)"
+chmod 0600 "$tempscript"
+
+tempdir="$(mktemp -d)"
+
+# Read tarball from STDIN
+gzip -dc > "$temptar"
+
+cd "$tempdir"
+tar xf "$temptar"
+
+copy_and_runcommands() {
+
+ local file perms user group precommand postcommand
+ file="$1"; perms="$2"; user="$3"; group="$4"; precommand="$5"; postcommand="$6"
+
+ if [ -f "$file" ]; then
+ if [ -h "$file" ]; then # File should NOT be a symlink
+ printf "\`%s' is a symlink, aborting.\n" "$file" >&2
+ return 1
+ fi
+
+ if ! [ "$file" -nt "/$file" ]; then
+ rm -f "$file"
+ return 0
+ fi
+
+ if [ -n "$precommand" ]; then
+ printf "Running precommand \`%s' for %s\n" "$precommand" "$file" >&2
+ eval -- $precommand >&2
+ fi
+
+ if [ -n "$perms" ]; then
+ chmod -- "$perms" "$file"
+ else
+ printf "Warning, no perms defined for \`%s', assuming 0640.\n" "$file" >&2
+ chmod 0640 "$file"
+ fi
+ if [ -n "$user" ]; then
+ chown -- "$user" "$file"
+ else
+ printf "Warning, no user defined for \`%s', assuming root.\n" "$file" >&2
+ chown root "$file"
+ fi
+ if [ -n "$group" ]; then
+ chgrp -- "$group" "$file"
+ else
+ printf "Warning, no group defined for \`%s', assuming root.\n" "$file" >&2
+ chgrp root "$file"
+ fi
+
+ if [ ! -d "/$(dirname "$file")" ]; then
+ printf "Directory \`%s' does not exist, aborting.\n" "$(dirname "$file")" >&2
+ exit 1
+ fi
+
+ cp -a -- "$file" "/$(dirname "$file")" >&2
+ ls -l "/$(dirname "$file")/$(basename "$file")" >&2
+
+ if [ -n "$postcommand" ]; then
+ if ! grep -F -- "$postcommand" "$tempscript" > /dev/null 2>&1; then
+ printf "%s\n" "$postcommand" >> "$tempscript"
+ fi
+ fi
+
+ rm -f -- "$file"
+ fi
+}
+
+IN=0
+linenum=0
+file=""
+nextfile=""
+
+clear_vars() {
+ perms=""; user=""; group=""; precommand=""; postcommand=""
+}
+clear_vars
+
+while read line; do
+ linenum="$(($linenum + 1))"
+
+ if printf "%s\n" "$line" | grep -E '^[[:space:]]*$' > /dev/null 2>&1; then
+ ## This line is an empty line; skip it
+ continue
+ elif printf "%s" "$line" | grep -E '^[[:space:]]*#' > /dev/null 2>&1; then
+ ## This line is a comment; skip it
+ continue
+ fi
+
+ ## IN=0, so we're out of a stanza: better get a file declaration next
+ if [ "$IN" = "0" ] && ! printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then
+ printf "Error on line %s, file declaration expected. Got\n\t%s\n" "$linenum" "$line" >&2
+ exit 1
+ elif [ "$IN" = 0 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then
+ ## Okay, we're just starting out; set $file and move on
+ file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
+ IN=1
+ continue
+ elif [ "$IN" = 1 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then
+ ## Okay, not only are we at a file declaration, but this isn't our first one. Run the commands to process
+ ## the file, then set a $file to the new value and continue parsing.
+ [ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand"
+ file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
+ clear_vars
+ continue
+ fi
+
+ ## The last two if blocks weren't processed; thus this isn't a comment, a blank line, and we're in the middle of a stanza
+ if printf "%s" "$line" | grep -E '^[[:space:]]*perms[[:space:]]' > /dev/null 2>&1; then
+ perms="$(printf "%s" "$line" | sed -e 's/[[:space:]]*perms[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
+ continue
+ elif printf "%s" "$line" | grep -E '^[[:space:]]*user[[:space:]]' > /dev/null 2>&1; then
+ user="$(printf "%s" "$line" | sed -e 's/[[:space:]]*user[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
+ continue
+ elif printf "%s" "$line" | grep -E '^[[:space:]]*group[[:space:]]' > /dev/null 2>&1; then
+ group="$(printf "%s" "$line" | sed -e 's/[[:space:]]*group[[:space:]]\+\([^[:space:]#]*\).*/\1/')"
+ continue
+ elif printf "%s" "$line" | grep -E '^[[:space:]]*precommand[[:space:]]' > /dev/null 2>&1; then
+ precommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*precommand[[:space:]]\+\([^[:space:]#]*\)/\1/')"
+ continue
+ elif printf "%s" "$line" | grep -E '^[[:space:]]*postcommand[[:space:]]' > /dev/null 2>&1; then
+ postcommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*postcommand[[:space:]]\+\([^[:space:]#]*\)/\1/')"
+ continue
+ else
+ printf "Unknown token at line %s:\n\t%s\n" "$linenum" "$line"
+ fi
+
+done < "$FILELIST"
+
+## This is the last stanza and the above loop has set the variables, but hasn't yet processed the file
+[ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand"
+
+if [ -s "$tempscript" ]; then
+ tempoutput="$(mktemp)"
+ ## Post-copying commands to be run, run them here. Only display output if they exit with $? > 0
+ while read command; do
+ printf "Running postcommand \`%s' on %s.\n" "$command" "$(hostname -s)" >&2
+ if ! eval -- "(cd / && env -i $command)" > "$tempoutput" 2>&1; then
+ printf "Error, postcommand \`%s' on %s failed. Output follows:\n" "$command" "$(hostname -s)" >&2
+ cat -- "$tempoutput" >&2
+ exit 1
+ fi
+ done < "$tempscript"
+ rm -f -- "$tempoutput"
+fi
+
+# Check for any leftover files here; if there are any, exit with an error and print the list
+if [ ! -z "$(find . -type f)" ]; then
+ printf "The following files were not listed in $FILELIST:\n%s\n" "$(find . -type f)" >&2
+ exit 1
+fi
+
+rm -f -- "$temptar"
+rm -f -- "$tempscript"
+cd
+rm -rf -- "$tempdir"
+
+printf "recvconf on %s finished.\n" "$(hostname -s)"
+
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions are
+## met:
+##
+## * Redistributions of source code must retain the above copyright
+## notice, this list of conditions and the following disclaimer.
+##
+## * Redistributions in binary form must reproduce the above
+## copyright notice, this list of conditions and the following disclaimer
+## in the documentation and/or other materials provided with the
+## distribution.
+##
+## * Neither the names of the copyright owners nor the names of its
+## contributors may be used to endorse or promote products derived from
+## this software without specific prior written permission.
+##
+## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+## A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+## OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+## DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+## THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+## OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- /dev/null
+# This file was created by dsa-geodomains/zonebuilder --create-recvconf-conf
+# and is distributed to hosts using puppet as
+# dsa-puppet/modules/geodns/files/common/recvconf.files
+# you probably do not want to edit it manually wherever you find it
+
+file etc/bind/geodns/db.bugs.debian.org.AN
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AN
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.bugs.debian.org.SA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.SA
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.bugs.debian.org.OC
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.OC
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.bugs.debian.org.AS
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AS
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.bugs.debian.org.AF
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AF
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.bugs.debian.org
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.bugs.debian.org.EU
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.EU
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.bugs.debian.org.NA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.NA
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org.AN
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AN
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org.SA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.SA
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org.OC
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.OC
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org.AS
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AS
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org.AF
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AF
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org.EU
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.EU
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org.NA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.NA
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org.AN
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AN
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org.SA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.SA
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org.OC
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.OC
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org.AS
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AS
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org.AF
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AF
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org.EU
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.EU
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org.NA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.NA
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org.AN
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AN
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org.SA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.SA
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org.OC
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.OC
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org.AS
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AS
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org.AF
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AF
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org.EU
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.EU
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org.NA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.NA
+ postcommand sudo /etc/init.d/bind9 reload
--- /dev/null
+class named::geodns inherits named {
+ activate_munin_check {
+ "bind_views": script => bind;
+ }
+
+ file {
+ "/etc/apt/sources.list.d/geoip.list":
+ content => template("debian-org/etc/apt/sources.list.d/geoip.list.erb"),
+ notify => Exec["apt-get update"],
+ ;
+ "/etc/bind/named.conf.local":
+ source => [ "puppet:///named/per-host/$fqdn/named.conf.local",
+ "puppet:///named/common/named.conf.local" ],
+ require => Package["bind9"],
+ notify => Exec["bind9 restart"],
+ owner => root,
+ group => root,
+ ;
+ "/etc/bind/named.conf.acl":
+ source => [ "puppet:///named/per-host/$fqdn/named.conf.acl",
+ "puppet:///named/common/named.conf.acl" ],
+ require => Package["bind9"],
+ notify => Exec["bind9 restart"],
+ owner => root,
+ group => root,
+ ;
+ "/etc/bind/named.conf.options":
+ source => [ "puppet:///named/per-host/$fqdn/named.conf.options",
+ "puppet:///named/common/named.conf.options" ],
+ require => Package["bind9"],
+ notify => Exec["bind9 restart"],
+ owner => root,
+ group => root,
+ ;
+
+ "/etc/bind/geodns":
+ ensure => directory,
+ owner => root,
+ group => geodnssync,
+ mode => 775,
+ ;
+ "/etc/bind/geodns/named.conf.geo":
+ source => [ "puppet:///named/per-host/$fqdn/named.conf.geo",
+ "puppet:///named/common/named.conf.geo" ],
+ require => Package["bind9"],
+ notify => Exec["bind9 restart"],
+ owner => root,
+ group => root,
+ ;
+ "/etc/bind/geodns/recvconf":
+ source => [ "puppet:///named/per-host/$fqdn/recvconf",
+ "puppet:///named/common/recvconf" ],
+ owner => root,
+ group => root,
+ mode => 555,
+ ;
+ "/etc/bind/geodns/recvconf.files":
+ source => [ "puppet:///named/per-host/$fqdn/recvconf.files",
+ "puppet:///named/common/recvconf.files" ],
+ owner => root,
+ group => root,
+ mode => 444,
+ ;
+
+ "/usr/share/GeoIP/GeoIPv6.dat":
+ source => [ "puppet:///named/per-host/$fqdn/GeoIPv6.dat",
+ "puppet:///named/common/GeoIPv6.dat" ],
+ owner => root,
+ group => root,
+ mode => 444,
+ ;
+
+ "/etc/ssh/userkeys/geodnssync":
+ source => [ "puppet:///named/per-host/$fqdn/authorized_keys",
+ "puppet:///named/common/authorized_keys" ],
+ owner => root,
+ group => geodnssync,
+ mode => 440,
+ ;
+ "/var/log/bind9":
+ ensure => directory,
+ owner => bind,
+ group => bind,
+ mode => 775,
+ ;
+ }
+}
+
+# vim: set fdm=marker ts=8 sw=8 et:
--- /dev/null
+class named {
+ include munin-node::bind
+
+ package {
+ bind9: ensure => installed;
+ }
+
+ exec {
+ "bind9 restart":
+ path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+ refreshonly => true,
+ ;
+ }
+ exec {
+ "bind9 reload":
+ path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+ refreshonly => true,
+ ;
+ }
+}
+
+# vim: set fdm=marker ts=8 sw=8 et:
--- /dev/null
+class named::secondary inherits named {
+# file { "/etc/bind/named.conf.debian-zones":
+# source => [ "puppet:///named/per-host/$fqdn/named.conf.debian-zones",
+# "puppet:///named/common/named.conf.debian-zones" ],
+# notify => Exec["bind9 reload"],
+# }
+}
+
# These are the directories for the files we handle with puppet
file=/etc/apache2/conf.d
+files=/etc/apache2/mods-enabled
file=/etc/samhain
file=/etc/munin
+file=/etc/munin/plugins
+file=/etc/munin/plugin-conf.d
file=/etc/exim4
file=/etc/exim4/ssl
file=/etc/apt
file=/etc/ntp.conf
file=/etc/samhain/samhainrc
file=/etc/munin/munin-node.conf
+file=/etc/munin/plugin-conf.d/munin-node
file=/etc/userdir-ldap.confc
file=/etc/exim4/blacklist
file=/etc/exim4/host_blacklist
end
out
%>
+file=/etc/munin/plugins/bind
+file=/etc/munin/plugins/bind_views
+file=/etc/munin/plugins/cpu
+file=/etc/munin/plugins/df
+file=/etc/munin/plugins/df_abs
+file=/etc/munin/plugins/df_inode
+file=/etc/munin/plugins/entropy
+file=/etc/munin/plugins/forks
+file=/etc/munin/plugins/interrupts
+file=/etc/munin/plugins/iostat
+file=/etc/munin/plugins/irqstats
+file=/etc/munin/plugins/load
+file=/etc/munin/plugins/memory
+file=/etc/munin/plugins/ntp_offset
+file=/etc/munin/plugins/ntp_states
+file=/etc/munin/plugins/open_files
+file=/etc/munin/plugins/open_inodes
+file=/etc/munin/plugins/processes
+file=/etc/munin/plugins/ps_apache2
+file=/etc/munin/plugins/ps_exim4
+file=/etc/munin/plugins/ps_vsftpd
+file=/etc/munin/plugins/spamassassin
+file=/etc/munin/plugins/swap
+file=/etc/munin/plugins/uptime
+file=/etc/munin/plugins/vmstat
+file=/etc/munin/plugins/vfstpd
+file=/etc/munin/plugins/apache_accesses
+file=/etc/munin/plugins/apache_processes
+file=/etc/munin/plugins/apache_volume
+file=/etc/munin/plugins/apache_servers
+file=/etc/munin/plugins/exim_mailqueue
+file=/etc/munin/plugins/exim_mailstats
+file=/etc/munin/plugins/postfix_mailqueue
+file=/etc/munin/plugins/postfix_mailvolume
file=/etc/apache2/conf.d/ressource-limits
+file=/etc/apache2/mods-enabled/info.conf
+file=/etc/apache2/mods-enabled/info.load
+file=/etc/apache2/mods-enabled/server.conf
+file=/etc/apache2/mods-enabled/server.load
+file=/etc/apache2/conf.d/server-status
+file=/etc/apache2/conf.d/local-serverinfo
file=/etc/apt/preferences
file=/etc/apt/sources.list.d/volatile.list
file=/etc/apt/sources.list.d/security.list