From: Martin Zobel-Helas Date: Mon, 6 Jul 2009 15:34:58 +0000 (+0200) Subject: Merge branch 'master' of git+ssh://zobel@puppet.debian.org/srv/puppet.debian.org... X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=79b064ca9b0e6a77eed810ce41c66a3d594a0996;hp=e1172653a694832e34a73217501d0e2cb1ac2189;p=dsa-puppet.git Merge branch 'master' of git+ssh://zobel@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet Conflicts: modules/debian-org/misc/local.yaml --- diff --git a/facts/hosts.rb b/facts/hosts.rb new file mode 100644 index 00000000..82395ed5 --- /dev/null +++ b/facts/hosts.rb @@ -0,0 +1,19 @@ +Facter.add("brokenhosts") do + confine :kernel => :linux + brokenhosts = "true" + if FileTest.exist?("/etc/hosts") + IO.foreach("/etc/hosts") do |x| + x.split.each do |y| + if y == Facter.value("fqdn") + brokenhosts = "false" + break + end + end + end + end + setcode do + brokenhosts == "true" + end +end + + diff --git a/files/etc/apt/sources.list.d/backports.org.list b/files/etc/apt/sources.list.d/backports.org.list index ffdc6afb..11663c18 100644 --- a/files/etc/apt/sources.list.d/backports.org.list +++ b/files/etc/apt/sources.list.d/backports.org.list @@ -3,4 +3,5 @@ ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git ## -deb http://debian.sil.at/backports.org/ lenny-backports main +#deb http://debian.sil.at/backports.org/ lenny-backports main +deb http://mirror.netcologne.de/debian-backports/ lenny-backports main diff --git a/files/etc/ldap/ldap.conf b/files/etc/ldap/ldap.conf new file mode 100644 index 00000000..9dd5311b --- /dev/null +++ b/files/etc/ldap/ldap.conf @@ -0,0 +1,24 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# +# LDAP Defaults +# + +# See ldap.conf(5) for details +# This file should be world readable but not world writable. + +#BASE dc=example,dc=com +#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 + +#SIZELIMIT 12 +#TIMELIMIT 15 +#DEREF never + +URI ldap://db.debian.org +BASE dc=debian,dc=org + +TLS_CACERT /etc/ssl/certs/spi-cacert-2008.pem +TLS_REQCERT hard diff --git a/files/etc/logrotate.d/syslog-ng b/files/etc/logrotate.d/syslog-ng index 37fcbac5..22047138 100644 --- a/files/etc/logrotate.d/syslog-ng +++ b/files/etc/logrotate.d/syslog-ng @@ -1,3 +1,8 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + /var/log/auth.log { rotate 4 missingok diff --git a/files/etc/pam.d/common-session b/files/etc/pam.d/common-session new file mode 100644 index 00000000..9ae43732 --- /dev/null +++ b/files/etc/pam.d/common-session @@ -0,0 +1,15 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). The default is pam_unix. +# +session required pam_unix.so +session optional pam_mkhomedir.so skel=/etc/skel umask=0022 diff --git a/manifests/site.pp b/manifests/site.pp index 953000e6..a88b7280 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -72,8 +72,8 @@ node default { { include geodns } default: {} } -} - -node penalosa inherits default { - include hosts + case $brokenhosts { + "true": { include hosts } + default: {} + } } diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp index ae9e504c..33672575 100644 --- a/modules/debian-org/manifests/init.pp +++ b/modules/debian-org/manifests/init.pp @@ -67,6 +67,12 @@ class debian-org { source => "puppet:///files/etc/cron.d/dsa-puppet-stuff", require => Package["cron"] ; + "/etc/ldap/ldap.conf": + source => "puppet:///files/etc/ldap/ldap.conf", + ; + "/etc/pam.d/common-session": + source => "puppet:///files/etc/pam.d/common-session", + ; } case $hostname { handel: { diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml index 20658dd0..9f9429b2 100644 --- a/modules/debian-org/misc/local.yaml +++ b/modules/debian-org/misc/local.yaml @@ -12,6 +12,7 @@ nameinfo: brahms.debian.org: Johannes Brahms (May 7, 1833 - April 3, 1897) carver.debian.org: Robert Carver (ca.1485 - ca.1570) chopin.debian.org: Frédéric Chopin (1 March 1810 - 17 October 1849) + cimarosa.debian.org: Domenico Cimarosa (17 December 1749 - 11 January 1801) dijkstra.debian.org: Lowell Dijkstra (b.1952) draghi.debian.org: Antonio Draghi (1635 - 16 January 1700) duarte.debian.org: Leonora Duarte (28 July 1610 - 1678) @@ -93,15 +94,21 @@ host_settings: - klecker.debian.org - powell.debian.org apache2_defaultconfig: + - bellini.debian.org - carver.debian.org - draghi.debian.org - duarte.debian.org + - kaufmann.debian.org + - klecker.debian.org - piatti.debian.org + - raff.debian.org + - ravel.debian.org - rore.debian.org - saens.debian.org - samosa.debian.org - senfl.debian.org - gluck.debian.org + - spohr.debian.org - tartini.debian.org buildd: - ancina.debian.org diff --git a/modules/exim/files/per-host/gluck.debian.org/rcpthosts b/modules/exim/files/per-host/gluck.debian.org/rcpthosts deleted file mode 100644 index 49df0e3b..00000000 --- a/modules/exim/files/per-host/gluck.debian.org/rcpthosts +++ /dev/null @@ -1,10 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -# rcpthosts - recipient hosts or relay domains. This is a list of -# all hosts that we mail exchange for. All domains that list -# this host in their MX records should be listed here. Wildcards -# are permitted. -*.debian.net diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 4646b0bf..552b03a2 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -35,6 +35,7 @@ # us. This is primarily only usefull for emergancy 'queue # flushing' operations, but should be populated with a list # of trusted machines. Wildcards are not permitted +# bsmtp_domains - Domains that we deliver locally via bsmtp <%= out = "" if nodeinfo['mailrelay'] @@ -131,7 +132,9 @@ domainlist virtual_domains = partial-lsearch;/etc/exim4/virtualdomains domainlist submission_domains = ${if exists {/etc/exim4/submission-domains}{/etc/exim4/submission-domains}{}} -domainlist handled_domains = +local_domains : +virtual_domains +domainlist bsmtp_domains = ${if exists {/etc/exim4/bsmtp}{partial-lsearch;/etc/exim4/bsmtp}{}} + +domainlist handled_domains = +local_domains : +virtual_domains : +bsmtp_domains localpartlist local_only_users = lsearch;/etc/exim4/localusers @@ -193,10 +196,16 @@ timeout_frozen_after=14d message_size_limit = 100M message_logs = false -smtp_accept_max = 300 smtp_accept_max_per_host = ${if match_ip {$sender_host_address}{+debianhosts}{0}{7}} +<% if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? %> +smtp_accept_max = 300 smtp_accept_queue = 200 smtp_accept_queue_per_connection = 50 +<% else %> +smtp_accept_max = 30 +smtp_accept_queue = 20 +smtp_accept_queue_per_connection = 10 +<% end %> smtp_accept_reserve = 25 smtp_reserve_hosts = +debianhosts @@ -206,9 +215,15 @@ check_spool_space = 20M delay_warning = +<% if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? %> queue_run_max = 50 deliver_queue_load_max = 50 queue_only_load = 15 +<% else %> +queue_run_max = 5 +deliver_queue_load_max = 10 +queue_only_load = 5 +<% end %> queue_list_requires_admin = false <%= out = "" @@ -312,6 +327,19 @@ end out %> <%= +out = '' +if nodeinfo['packagesmaster'] + out = ' + warn domains = packages.debian.org + set acl_m_rprf = PackagesMail + + accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} +' +end +out +%> +<%= +out = '' if nodeinfo['packagesqamaster'] out=' warn recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org @@ -597,12 +625,22 @@ out=' end out %> - +<%= +out='' +if nodeinfo['packagesmaster'] + out=' + warn condition = ${if eq {$acl_m_prf}{PackagesMail}} + condition = ${if eq {$sender_address}{$local_part@$domain}} + message = X-Packages-FromTo-Same: yes +' +end +out +%> deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}} !verify = sender defer !hosts = +debianhosts - condition = ${if >{${eval:$acl_c_scr}}{0}} + condition = ${if >{${eval:$acl_c_scr+0}}{0}} ratelimit = 10 / 60m / per_rcpt / $sender_host_address message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists) <%= @@ -925,6 +963,23 @@ out !verify = header_sender message = No valid sender found in the From:, Sender: and Reply-to: headers +<%= +out = "" +if nodeinfo['packagesmaster'] + out = ' + deny message = Congratulations, you scored $spam_score points. + log_message = spam: $spam_score points. + condition = ${if eq {$acl_m_prf}{PackagesMail}} + !authenticated = * + !verify = certificate + !hosts = +debianhosts + condition = ${if <{$message_size}{256000}} + spam = pkg_user : true + condition = ${if >{$spam_score_int}{59}} +' +end +out +%> accept @@ -980,7 +1035,7 @@ out bsmtp: debug_print = "R: bsmtp for $local_part@$domain" driver = manualroute - domains = !+local_domains + domains = +bsmtp_domains require_files = /etc/exim4/bsmtp route_list = * ${extract{file}{\ ${lookup{$domain}partial-lsearch{/etc/exim4/bsmtp}\ @@ -1538,7 +1593,6 @@ out begin retry debian.org * F,2h,10m; G,16h,2h,1.5; F,14d,8h -* * senders=: F,2h,10m * rcpt_4xx F,2h,5m; F,4h,10m; F,4d,15m * * F,2h,15m; G,16h,2h,1.5; F,4d,8h diff --git a/modules/exim/templates/virtualdomains.erb b/modules/exim/templates/virtualdomains.erb index 752c9fe5..94569423 100644 --- a/modules/exim/templates/virtualdomains.erb +++ b/modules/exim/templates/virtualdomains.erb @@ -23,10 +23,6 @@ vdoms = case fqdn when "draghi.debian.org" then "db.debian.org: user=mail_db group=nogroup directory=/srv/db.debian.org/mail" - when "gluck.debian.org" then "popcon.debian.org: user=popcon group=popcon directory=/org/popcon.debian.org/mail/ -debian.com: user=nobody group=Debian directory=/org/misc/star.debian.org/ -debian.net: user=nobody group=Debian directory=/org/misc/star.debian.org/" - when "handel.debian.org" then "puppet.debian.org: user=sgran group=Debian directory=/srv/puppet.debian.org/mail" when "klecker.debian.org" then "security.debian.org: user=mail_security group=nogroup directory=/org/security.debian.org/mail/ @@ -35,7 +31,9 @@ www-master.debian.org: user=debwww group=debwww directory=/org/www.debian.org/ma when "master.debian.org" then "vote.debian.org: user=secretary group=debvote directory=/org/vote.debian.org/mail packages.qa.debian.org: user=qa group=qa directory=/org/packages.qa.debian.org/mail -bugs.qa.debian.org: user=cjwatson group=qa directory=/org/bugs.qa.debian.org/mail" +bugs.qa.debian.org: user=cjwatson group=qa directory=/org/bugs.qa.debian.org/mail +debian.com: user=nobody group=Debian directory=/org/star.debian.star/ +debian.net: user=nobody group=Debian directory=/org/star.debian.star/" when "merkel.debian.org" then "qa.debian.org: user=qa group=qa directory=/org/qa.debian.org/mail/ bugs.qa.debian.org: user=nobody group=nogroup directory=/org/bugs.qa.debian.org/mail/ diff --git a/modules/geodns/files/common/GeoIPv6.dat b/modules/geodns/files/common/GeoIPv6.dat new file mode 100644 index 00000000..b425e60e Binary files /dev/null and b/modules/geodns/files/common/GeoIPv6.dat differ diff --git a/modules/geodns/files/common/named.conf.geo b/modules/geodns/files/common/named.conf.geo new file mode 100644 index 00000000..733e06b8 --- /dev/null +++ b/modules/geodns/files/common/named.conf.geo @@ -0,0 +1,208 @@ +view "AF" { + match-clients { + AF; + }; + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AF"; + notify no; + }; + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AF"; + notify no; + }; + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AF"; + notify no; + }; + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AF"; + notify no; + }; +}; + +view "AN" { + match-clients { + AN; + }; + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AN"; + notify no; + }; + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AN"; + notify no; + }; + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AN"; + notify no; + }; + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AN"; + notify no; + }; +}; + +view "AS" { + match-clients { + AS; + }; + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AS"; + notify no; + }; + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AS"; + notify no; + }; + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AS"; + notify no; + }; + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AS"; + notify no; + }; +}; + +view "EU" { + match-clients { + EU; + }; + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.EU"; + notify no; + }; + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.EU"; + notify no; + }; + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.EU"; + notify no; + }; + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.EU"; + notify no; + }; +}; + +view "NA" { + match-clients { + NA; + }; + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.NA"; + notify no; + }; + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.NA"; + notify no; + }; + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.NA"; + notify no; + }; + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.NA"; + notify no; + }; +}; + +view "OC" { + match-clients { + OC; + }; + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.OC"; + notify no; + }; + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.OC"; + notify no; + }; + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.OC"; + notify no; + }; + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.OC"; + notify no; + }; +}; + +view "SA" { + match-clients { + SA; + }; + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.SA"; + notify no; + }; + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.SA"; + notify no; + }; + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.SA"; + notify no; + }; + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.SA"; + notify no; + }; +}; + +view "default" { + match-clients { + any; + }; + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org"; + notify no; + }; + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org"; + notify no; + }; + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org"; + notify no; + }; + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org"; + notify no; + }; +}; + diff --git a/modules/geodns/files/common/named.conf.local b/modules/geodns/files/common/named.conf.local index ba4ae0ba..5397f6d3 100644 --- a/modules/geodns/files/common/named.conf.local +++ b/modules/geodns/files/common/named.conf.local @@ -4,4 +4,4 @@ // include "/etc/bind/named.conf.acl"; -include "/etc/bind/geodns/named.conf.geo.security.debian.org"; +include "/etc/bind/geodns/named.conf.geo"; diff --git a/modules/geodns/files/common/recvconf.files b/modules/geodns/files/common/recvconf.files index b80f3353..18db5ff7 100644 --- a/modules/geodns/files/common/recvconf.files +++ b/modules/geodns/files/common/recvconf.files @@ -56,3 +56,56 @@ file etc/bind/geodns/db.security.debian.org.SA group geodnssync precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.SA postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/named.conf.geo.www.debian.org + perms 0644 + user geodnssync + group geodnssync + postcommand /usr/sbin/named-checkconf /etc/bind/named.conf && sudo /usr/sbin/rndc reconfig +file etc/bind/geodns/db.www.debian.org + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.AF + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AF + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.AN + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AN + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.AS + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AS + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.EU + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.EU + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.NA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.NA + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.OC + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.OC + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.SA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.SA + postcommand sudo /etc/init.d/bind9 reload diff --git a/modules/geodns/manifests/init.pp b/modules/geodns/manifests/init.pp index 27d23659..d55d85c0 100644 --- a/modules/geodns/manifests/init.pp +++ b/modules/geodns/manifests/init.pp @@ -40,6 +40,14 @@ class geodns { group => geodnssync, mode => 775, ; + "/etc/bind/geodns/named.conf.geo": + source => [ "puppet:///geodns/per-host/$fqdn/named.conf.geo", + "puppet:///geodns/common/named.conf.geo" ], + require => Package["bind9"], + notify => Exec["bind9 restart"], + owner => root, + group => root, + ; "/etc/bind/geodns/recvconf": source => [ "puppet:///geodns/per-host/$fqdn/recvconf", "puppet:///geodns/common/recvconf" ], @@ -55,6 +63,14 @@ class geodns { mode => 444, ; + "/usr/share/GeoIP/GeoIPv6.dat": + source => [ "puppet:///geodns/per-host/$fqdn/GeoIPv6.dat", + "puppet:///geodns/common/GeoIPv6.dat" ], + owner => root, + group => root, + mode => 444, + ; + "/etc/ssh/userkeys/geodnssync": source => [ "puppet:///geodns/per-host/$fqdn/authorized_keys", "puppet:///geodns/common/authorized_keys" ], diff --git a/modules/hosts/manifests/init.pp b/modules/hosts/manifests/init.pp index 468107dc..279da0f4 100644 --- a/modules/hosts/manifests/init.pp +++ b/modules/hosts/manifests/init.pp @@ -1,7 +1,7 @@ class hosts { file { - "/etc/hosts": content => template("etc-hosts.erb"); + "/etc/hosts": content => template("hosts/etc-hosts.erb"); } } diff --git a/modules/hosts/templates/etc-hosts.erb b/modules/hosts/templates/etc-hosts.erb new file mode 100644 index 00000000..1105ac3e --- /dev/null +++ b/modules/hosts/templates/etc-hosts.erb @@ -0,0 +1,15 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +127.0.0.1 localhost +<%= ipaddress %> <%= fqdn %> <%= hostname %> + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts diff --git a/modules/monit/files/puppet b/modules/monit/files/puppet index bed0a14b..d1f5085c 100644 --- a/modules/monit/files/puppet +++ b/modules/monit/files/puppet @@ -14,12 +14,7 @@ check file puppetstate if timestamp > 90 minutes for 9 cycles then exec "/etc/init.d/puppet stop" depends on puppetd -check process cron with pidfile /var/run/crond.pid - start program = "/etc/init.d/cron start" - stop program = "/etc/init.d/cron stop" - if 5 restarts within 5 cycles then timeout - check file cronalive with path /var/cache/dsa/cron.alive - if timestamp > 120 minutes for 5 cycles then exec "/etc/init.d/cron stop" - depends on cron + # a cycle is 5 minutes, 24 cycles is thus 2 hours + if timestamp > 120 minutes for 24 cycles then exec "/etc/init.d/cron restart" diff --git a/modules/nagios/files/per-host/samosa.debian.org/obsolete-packages-ignore.d-hostspecific b/modules/nagios/files/per-host/samosa.debian.org/obsolete-packages-ignore.d-hostspecific deleted file mode 100644 index 13d91f66..00000000 --- a/modules/nagios/files/per-host/samosa.debian.org/obsolete-packages-ignore.d-hostspecific +++ /dev/null @@ -1,13 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -postgresql-client-common -postgresql-client-8.4 -postgresql-server-dev-8.4 -postgresql-8.4 -libpq5 -postgresql-common -libpq-dev -postgresql-8.4-debversion diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb index c3f4be59..c20f9bff 100644 --- a/modules/samhain/templates/samhainrc.erb +++ b/modules/samhain/templates/samhainrc.erb @@ -92,8 +92,17 @@ file=/etc/exim4/bsmtp <% if hostname == "geo1" || hostname == "geo2" || hostname == "geo3" -%> file=/etc/bind/named.conf.acl file=/etc/bind/named.conf.options -file=/etc/bind/geodns/named.conf.geo.security.debian.org +file=/etc/bind/named.conf.local +file=/etc/bind/geodns/named.conf.geo file=/etc/bind/geodns/recvconf.files +file=/etc/bind/geodns/db.www.debian.org.SA +file=/etc/bind/geodns/db.www.debian.org.OC +file=/etc/bind/geodns/db.www.debian.org.NA +file=/etc/bind/geodns/db.www.debian.org.EU +file=/etc/bind/geodns/db.www.debian.org.AS +file=/etc/bind/geodns/db.www.debian.org.AN +file=/etc/bind/geodns/db.www.debian.org.AF +file=/etc/bind/geodns/db.www.debian.org file=/etc/bind/geodns/db.security.debian.org.SA file=/etc/bind/geodns/db.security.debian.org.OC file=/etc/bind/geodns/db.security.debian.org.NA diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers index 5debc1e3..40a785e7 100644 --- a/modules/sudo/files/common/sudoers +++ b/modules/sudo/files/common/sudoers @@ -50,6 +50,7 @@ nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[02] show status nagios master=(ALL) NOPASSWD: /usr/sbin/mpt-status -s nagios powell=(ALL) NOPASSWD: /usr/local/sbin/areca-cli vsf info nagios puccini=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status +nagios bellini,cimarosa=(ALL) NOPASSWD: /usr/local/bin/arcconf GETCONFIG 1 LD, /usr/local/bin/arcconf GETCONFIG 1 AD # groups and their role accounts %buildd ALL=(buildd) ALL @@ -118,3 +119,5 @@ debwww klecker=(archvsync) NOPASSWD: /home/archvsync/webmirrors/runmirrors # geodns may reload bind geodnssync geo1,geo2,geo3=(root) NOPASSWD: /etc/init.d/bind9 reload geodnssync geo1,geo2,geo3=(root) NOPASSWD: /usr/sbin/rndc reconfig +# archvsync triggers snapshot +archvsync stabile=(snapshot) NOPASSWD: /srv/snapshot.debian.org/bin/update-trigger diff --git a/templates/etc-hosts.erb b/templates/etc-hosts.erb deleted file mode 100644 index 1105ac3e..00000000 --- a/templates/etc-hosts.erb +++ /dev/null @@ -1,15 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -127.0.0.1 localhost -<%= ipaddress %> <%= fqdn %> <%= hostname %> - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -ff02::3 ip6-allhosts