From: Stephen Gran <steve@lobefin.net>
Date: Sun, 20 May 2012 20:05:31 +0000 (+0100)
Subject: Merge branch 'rsync-shuffle'
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=650335318c9021ace96b0cb6d49a13c1a472271f;hp=6ec71ed47153dca0e1987850db48766d4b4d2271;p=dsa-puppet.git

Merge branch 'rsync-shuffle'
---

diff --git a/modules/clamav/manifests/init.pp b/modules/clamav/manifests/init.pp
index 11576b6d..3484dcae 100644
--- a/modules/clamav/manifests/init.pp
+++ b/modules/clamav/manifests/init.pp
@@ -7,12 +7,36 @@ class clamav {
 			ensure => installed
 	}
 
+	$extra_groups = $::mta ? {
+		'postfix' => 'amavis',
+		default   => 'Debian-exim'
+	}
+
+	user { 'clamav':
+		gid     => clamav,
+		groups  => [$extra_groups],
+		require => Package['clamav-daemon']
+	}
+
+	service { 'clamav-daemon':
+		ensure  => running,
+		require => Package['clamav-daemon']
+	}
+
+	service { 'clamav-freshclam':
+		ensure  => running,
+		require => Package['clamav-freshclam']
+	}
+
 	file { [
 		'/var/lib/clamav/mbl.ndb',
 		'/var/lib/clamav/MSRBL-Images.hdb',
 		'/var/lib/clamav/MSRBL-SPAM.ndb',
+		'/var/lib/clamav/msrbl-images.hdb',
+		'/var/lib/clamav/msrbl-spam.ndb',
 	]:
-		ensure  => absent
+		ensure => absent,
+		notify => Service['clamav-daemon']
 	}
 	file { '/etc/clamav-unofficial-sigs.dsa.conf':
 		require => Package['clamav-unofficial-sigs'],
diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml
index 02c0aede..f6df5968 100644
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -35,10 +35,12 @@ nameinfo:
   elgar.debian.org: Edward Elgar (1857 - 1934)
   englund.debian.org: Sven Einar Englund (June 17th, 1916 - June 27th, 1999)
   eysler.debian.org: Edmund Samuel Eysler (March 12th, 1874 - October 4th, 1949)
+  falla.debian.org: Manuel de Falla y Matheu (November 23rd, 1876 - November 14th, 1946)
   fano.debian.org: Guido Alberto Fano (March 18th, 1875 - August 14th, 1961)
   fasch.debian.org: Johann Friedrich Fasch (1688 - 1758)
   field.debian.org: John Field (1782 - 1837)
   finzi.debian.org: Gerald Raphael Finzi (July 14th, 1901 - September 27th, 1956)
+  fischer.debian.org: Johann Caspar Ferdinand Fischer (September 9th, 1656 - August 27th, 1746)
   franck.debian.org: Melchior Franck (1579 - June 1st, 1639)
   gabrielli.debian.org: Domenico Gabrielli (April 15th, 1651 - July 10th, 1690)
   glinka.debian.org: Mikhail Ivanovich Glinka (1804 - 1857)
diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 82f41478..d43cb869 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -1360,14 +1360,13 @@ rt_otherwise:
   driver = redirect
   domains = rt.debian.org
   require_files = /usr/bin/rt-mailgate : RT_QUEUE_MAP
-  local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}}
+  local_parts = ${lookup{${sg{$local_part}{-(comment|done)}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}}
   local_part_suffix = +*
   local_part_suffix_optional
   pipe_transport = rt_pipe
-  data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
+  data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-(comment|done)}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{${if match{$local_part}{.*-done.*}{correspond-resolve}{correspond}}}}"
   headers_remove = Subject
   headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}"
-
 <%- end -%>
 
 # exim4 fails the router if it can't change to the user/group for delivery
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 70e0e73f..2756e59f 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -180,7 +180,9 @@ REJECT reject-with icmp-admin-prohibited
 				chain           => 'FORWARD',
 				rule            => 'def $ADDRESS_FANO=206.12.19.110;
 def $ADDRESS_FINZI=206.12.19.111;
-def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI);
+def $ADDRESS_FISCHER=206.12.19.112;
+def $ADDRESS_FALLA=206.12.19.117;
+def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI $ADDRESS_FISCHER $ADDRESS_FALLA);
 
 policy ACCEPT;
 mod state state (ESTABLISHED RELATED) ACCEPT;
@@ -188,6 +190,7 @@ interface br0 outerface br0 ACCEPT;
 interface br1 outerface br1 ACCEPT;
 
 interface br2 outerface br0 jump from-kfreebsd;
+interface br0 destination ($ADDRESS_FISCHER $ADDRESS_FALLA) proto tcp dport 22 ACCEPT;
 interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
 ULOG ulog-prefix "REJECT FORWARD: ";
 REJECT reject-with icmp-admin-prohibited
diff --git a/modules/munin/manifests/conf.pp b/modules/munin/manifests/conf.pp
new file mode 100644
index 00000000..ad557abe
--- /dev/null
+++ b/modules/munin/manifests/conf.pp
@@ -0,0 +1,34 @@
+define munin::conf (
+	$ensure=present,
+	$content='',
+	$source=''
+) {
+
+	include munin
+
+	case $ensure {
+		present: {
+			if ! ($source or $content) {
+				fail ( "No configuration found for ${name}" )
+			}
+		}
+		absent:  {}
+		default: { fail ( "Unknown ensure value: '$ensure'" ) }
+	}
+
+	if $source {
+		file { "/etc/munin/plugin-conf.d/${name}":
+			ensure  => $ensure,
+			source  => $source,
+			require => Package['munin-node'],
+			notify  => Service['munin-node'],
+		}
+	} elsif $content {
+		file { "/etc/munin/plugin-conf.d/${name}":
+			ensure  => $ensure,
+			content => $content,
+			require => Package['munin-node'],
+			notify  => Service['munin-node'],
+		}
+	}
+}
diff --git a/modules/vsftpd/files/logrotate.conf b/modules/vsftpd/files/logrotate.conf
new file mode 100644
index 00000000..5f1607f7
--- /dev/null
+++ b/modules/vsftpd/files/logrotate.conf
@@ -0,0 +1,10 @@
+/var/log/vsftpd.log /var/log/ftp/*log
+{
+	create 640 root adm
+
+	# ftpd doesn't handle SIGHUP properly
+	missingok
+	notifempty
+	rotate 4
+	weekly
+}
diff --git a/modules/vsftpd/manifests/init.pp b/modules/vsftpd/manifests/init.pp
index 2e099d79..7f0be8fc 100644
--- a/modules/vsftpd/manifests/init.pp
+++ b/modules/vsftpd/manifests/init.pp
@@ -18,7 +18,9 @@ class vsftpd {
 		notify  => Service['vsftpd']
 	}
 
-	munin::check { 'vsftpd': }
+	munin::check { 'vsftpd':
+		ensure => absent
+	}
 	munin::check { 'ps_vsftpd':
 		script => 'ps_'
 	}
@@ -28,4 +30,17 @@ class vsftpd {
 		description => 'Allow ftp access',
 		rule        => '&SERVICE(tcp, 21)',
 	}
+
+	file { '/var/log/ftp':
+		ensure => directory,
+		mode   => '0755'
+	}
+	file { '/etc/logrotate.d/vsftpd':
+		source  => 'puppet:///modules/vsftpd/logrotate.conf',
+		require => [
+			Package['vsftpd'],
+			Package['debian.org']
+		]
+	}
+
 }
diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp
index fc941f3b..f8a71a0f 100644
--- a/modules/vsftpd/manifests/site.pp
+++ b/modules/vsftpd/manifests/site.pp
@@ -16,6 +16,8 @@ define vsftpd::site (
 		default: { fail ( "Invald ensure `$ensure' for $name" ) }
 	}
 
+	$ftpsite = $name
+
 	$fname = "/etc/vsftpd-${name}.conf"
 
 	file { $fname:
@@ -24,8 +26,14 @@ define vsftpd::site (
 	}
 
 	file { "/etc/logrotate.d/vsftpd-${name}":
-		ensure  => $ensure,
-		content => template('vsftpd/logrotate.erb')
+		ensure => absent
+	}
+
+	munin::check { "vsftpd-${name}":
+		script => 'vsftpd'
+	}
+	munin::conf { "vsftpd-${name}":
+		content => template('vsftpd/munin.erb')
 	}
 
 	# We don't need a firewall rule because it's added in vsftp.pp
diff --git a/modules/vsftpd/templates/logrotate.erb b/modules/vsftpd/templates/logrotate.erb
deleted file mode 100644
index 82222378..00000000
--- a/modules/vsftpd/templates/logrotate.erb
+++ /dev/null
@@ -1,10 +0,0 @@
-<%= scope.lookupvar('logfile') %>
-{
-	create 640 root adm
-
-	# ftpd doesn't handle SIGHUP properly
-	missingok
-	notifempty
-	rotate 4
-	weekly
-}
diff --git a/modules/vsftpd/templates/munin.erb b/modules/vsftpd/templates/munin.erb
new file mode 100644
index 00000000..dd980e69
--- /dev/null
+++ b/modules/vsftpd/templates/munin.erb
@@ -0,0 +1,3 @@
+[vsftpd-<%= scope.lookupvar('ftpsite') %>]
+user root
+env.logfile /var/log/ftp/<%= scope.lookupvar('ftpsite') %>.log
diff --git a/modules/vsftpd/templates/vsftpd.conf.erb b/modules/vsftpd/templates/vsftpd.conf.erb
index d3f708bf..f86c89e9 100644
--- a/modules/vsftpd/templates/vsftpd.conf.erb
+++ b/modules/vsftpd/templates/vsftpd.conf.erb
@@ -10,6 +10,7 @@ chown_username=<%= scope.lookupvar('chown_user') %>
 
 xferlog_enable=YES
 xferlog_file=<%= scope.lookupvar('logfile') %>
+vsftpd_log_file=/var/log/ftp/<%= scope.lookupvar('ftpsite') %>.log
 
 ftpd_banner=<%= scope.lookupvar('banner') %>
 secure_chroot_dir=/var/run/vsftpd