From: Stephen Gran Date: Sun, 21 Jun 2015 18:29:51 +0000 (+0100) Subject: Merge branch 'rabbitmq' of ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa... X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=d4fb891a1a7d58fdeff2687e91f5e6faf822a96c;hp=ac78ef004223e7ab0cd9a569e8f5ec370c8bcf3a;p=dsa-puppet.git Merge branch 'rabbitmq' of ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet into rabbitmq --- diff --git a/hieradata/common.yaml b/hieradata/common.yaml index eceb2793..b6ece7c4 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -68,6 +68,8 @@ roles: - paradis.debian.org piuparts: - pejacevic.debian.org + popcon: + - popov.debian.org pubsub: - rainier.debian.org - rapoport.debian.org @@ -106,6 +108,7 @@ roles: static_source: - master.debian.org - dillon.debian.org + - donizetti.debian.org - franck.debian.org - lindsay.debian.org - philp.debian.org diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp index b37d9905..41c1403e 100644 --- a/modules/apache2/manifests/init.pp +++ b/modules/apache2/manifests/init.pp @@ -49,6 +49,10 @@ class apache2 { $memlimit = 512 * 1024 * 1024 } elsif has_role('sso') { $memlimit = 512 * 1024 * 1024 + } elsif has_role('popcon') { + $memlimit = 512 * 1024 * 1024 + } elsif has_role('qamaster') { + $memlimit = 300 * 1024 * 1024 } else { $memlimit = 192 * 1024 * 1024 } diff --git a/modules/apache2/templates/mpm_worker.erb b/modules/apache2/templates/mpm_worker.erb index 9a0a2d3f..95259984 100644 --- a/modules/apache2/templates/mpm_worker.erb +++ b/modules/apache2/templates/mpm_worker.erb @@ -23,7 +23,9 @@ # MaxConnectionsPerChild 0 -<% if scope.function_has_role(['bugs_base']) -%> +<% if scope.function_has_role(['bugs_base']) or + scope.function_has_role(['popcon']) + -%> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 diff --git a/modules/autofs/manifests/init.pp b/modules/autofs/manifests/init.pp index ba47e522..f746671a 100644 --- a/modules/autofs/manifests/init.pp +++ b/modules/autofs/manifests/init.pp @@ -1,6 +1,6 @@ class autofs { case $::hostname { - pejacevic, piu-slave-bm-a, picconi, coccia, couper, dillon, donizetti, ticharich, delfin, quantz, sor, lindsay: { + pejacevic, piu-slave-bm-a, picconi, coccia, couper, dillon, donizetti, ticharich, delfin, quantz, sor, lindsay, mekeel: { include autofs::bytemark } lw07,lw08: { diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp index 41805fe3..e168abc3 100644 --- a/modules/buildd/manifests/init.pp +++ b/modules/buildd/manifests/init.pp @@ -40,7 +40,13 @@ class buildd ($ensure=present) { default => 'wheezy' } + $buildd_apt_main_ensure = $::hostname ? { + /^(schroeder|sompek|stadler)$/ => 'absent', + default => 'present', + } + site::aptrepo { 'buildd.debian.org': + ensure => $buildd_apt_main_ensure, key => 'puppet:///modules/buildd/buildd.debian.org.gpg', url => 'https://buildd.debian.org/apt/', suite => $suite, diff --git a/modules/debian-org/files/ldap.conf b/modules/debian-org/files/ldap.conf deleted file mode 100644 index e60b6a91..00000000 --- a/modules/debian-org/files/ldap.conf +++ /dev/null @@ -1,24 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -# -# LDAP Defaults -# - -# See ldap.conf(5) for details -# This file should be world readable but not world writable. - -#BASE dc=example,dc=com -#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 - -#SIZELIMIT 12 -#TIMELIMIT 15 -#DEREF never - -URI ldap://db.debian.org -BASE dc=debian,dc=org - -TLS_CACERT /etc/ssl/servicecerts/db.debian.org.crt -TLS_REQCERT hard diff --git a/modules/debian-org/lib/facter/lsb-for-bsd.rb b/modules/debian-org/lib/facter/lsb-for-bsd.rb index 09fd3702..c95d7f2e 100644 --- a/modules/debian-org/lib/facter/lsb-for-bsd.rb +++ b/modules/debian-org/lib/facter/lsb-for-bsd.rb @@ -7,13 +7,13 @@ Facter.add(fact) do confine :kernel => 'GNU/kFreeBSD' setcode do - unless defined?(@@lsbdata) and defined?(@@lsbtime) and (Time.now.to_i - @@lsbtime.to_i < 5) + unless defined?(lsbdata) and defined?(lsbtime) and (Time.now.to_i - lsbtime.to_i < 5) type = nil - @@lsbtime = Time.now - @@lsbdata = Facter::Util::Resolution.exec('lsb_release -a 2>/dev/null') + lsbtime = Time.now + lsbdata = Facter::Util::Resolution.exec('lsb_release -a 2>/dev/null') end - if pattern.match(@@lsbdata) + if pattern.match(lsbdata) $1 else nil diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp index 8b0d62b5..7e91207f 100644 --- a/modules/debian-org/manifests/init.pp +++ b/modules/debian-org/manifests/init.pp @@ -61,13 +61,20 @@ class debian-org { source => 'puppet:///modules/debian-org/basic-ssh_known_hosts' } + if ($::lsbmajdistrelease >= 8) { + $rubyfs_package = 'ruby-filesystem' + } elsif $::lsbmajdistrelease == 7 { + $rubyfs_package = 'libfilesystem-ruby1.9' + } else { + $rubyfs_package = 'libfilesystem-ruby1.8' + } package { [ 'apt-utils', 'bash-completion', 'dnsutils', 'less', 'lsb-release', - 'libfilesystem-ruby1.8', + $rubyfs_package, 'mtr-tiny', 'nload', 'pciutils', @@ -75,16 +82,6 @@ class debian-org { ensure => installed, } - if $::lsbmajdistrelease == 7 { - package { 'libfilesystem-ruby1.9.1': - ensure => installed, - } - } elsif $::lsbmajdistrelease >= 8 { - package { 'ruby-filesystem': - ensure => installed, - } - } - munin::check { [ 'cpu', 'entropy', @@ -283,7 +280,7 @@ class debian-org { } file { '/etc/ldap/ldap.conf': require => Package['debian.org'], - source => 'puppet:///modules/debian-org/ldap.conf', + content => template('debian-org/ldap.conf.erb'), } file { '/etc/pam.d/common-session': require => Package['debian.org'], @@ -365,6 +362,11 @@ class debian-org { onlyif => "test -x /bin/systemctl" } + exec { 'systemd-tmpfiles --create --exclude-prefix=/dev': + refreshonly => true, + onlyif => "test -x /bin/systemd-tmpfiles" + } + tidy { '/var/lib/puppet/clientbucket/': age => '2w', recurse => 9, diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml index 416b6e0e..3cb506c5 100644 --- a/modules/debian-org/misc/local.yaml +++ b/modules/debian-org/misc/local.yaml @@ -68,7 +68,8 @@ nameinfo: mailly.debian.org: Alphonse Jean Ernest Mailly (November 27th, 1833 - January 10th, 1918) mayer.debian.org: John Mayer (October 28th, 1930 - March 9th, 2004) mayr.debian.org: Johann(es) Simon Mayr (June 14th, 1763 - December 2nd, 1845) - menotti.debian.org: Gian Carlo Menotti (July 7th, 1911 - February 1st,, 2007) + menotti.debian.org: Gian Carlo Menotti (July 7th, 1911 - February 1st, 2007) + mekeel.debian.org: Joyce Mekeel (July 6th, 1931 - Dec 29th, 1997) merulo.debian.org: Claudio Merulo (April 8th, 1533 - May 4th, 1604) milanollo.debian.org: Teresa Milanollo (August 28th, 1827 - October 25th, 1904) minkus.debian.org: Ludwig Minkus (March 23rd 1826 - December 7th, 1917) @@ -84,6 +85,7 @@ nameinfo: petrova.debian.org: Mara Petrova (May 15th, 1921 - June 7th. 1997) pettersson.debian.org: Gustav Allan Pettersson (September 19th, 1911 - June 20th, 1980) picconi.debian.org: Maria Antonietta Picconi (September 23rd, 1869 - 1926) + pittar.debian.org: Fanny Krumpholtz Pittar (1785 - 1815) philp.debian.org: Elizabeth Philp (1827 - November 26th, 1885) plummer.debian.org: John Plummer (c. 1410 - c. 1483) popov.debian.org: Gavriil Nikolayevich Popov (Гаврии́л Никола́евич Попо́в) (September 12th, 1904 - February 17th, 1972) @@ -255,8 +257,6 @@ host_settings: - zani.debian.org - zemlinsky.debian.org # Not worth backing up - - rainier.debian.org - - rapoport.debian.org - x86-bm-01.debian.org broken-rtc: - abel.debian.org diff --git a/modules/debian-org/templates/dsa-puppet-stuff.cron.erb b/modules/debian-org/templates/dsa-puppet-stuff.cron.erb index 08859734..30fcc7de 100644 --- a/modules/debian-org/templates/dsa-puppet-stuff.cron.erb +++ b/modules/debian-org/templates/dsa-puppet-stuff.cron.erb @@ -17,4 +17,5 @@ SHELL=/bin/bash @hourly root sleep $(( $RANDOM \% 300 )); if [ -x /usr/lib/nagios/plugins/dsa-check-stunnel-sanity ] && [ -e /etc/stunnel/puppet-ekeyd.conf ] && ! /usr/lib/nagios/plugins/dsa-check-stunnel-sanity > /dev/null && grep -q '^client = yes' /etc/stunnel/puppet-ekeyd.conf; then /usr/sbin/service stunnel4 restart > /dev/null; fi -@daily munin-async [ -d /var/lib/munin-async ] && find /var/lib/munin-async -type f -name '*.gz' -mtime +90 -delete +@daily munin-async [ -d /var/lib/munin-async ] && find /var/lib/munin-async -type f -mtime +90 -name '*.gz' -delete +@daily munin-async [ -d /var/lib/munin-async ] && find /var/lib/munin-async -type f -mtime +90 -size 0 -delete diff --git a/modules/debian-org/templates/ldap.conf.erb b/modules/debian-org/templates/ldap.conf.erb new file mode 100644 index 00000000..cabf456e --- /dev/null +++ b/modules/debian-org/templates/ldap.conf.erb @@ -0,0 +1,28 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# +# LDAP Defaults +# + +# See ldap.conf(5) for details +# This file should be world readable but not world writable. + +#BASE dc=example,dc=com +#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 + +#SIZELIMIT 12 +#TIMELIMIT 15 +#DEREF never + +URI ldap://db.debian.org +BASE dc=debian,dc=org + +<% if @lsbmajdistrelease.to_i >= 8 -%> +TLS_CACERT /etc/ssl/ca-debian/ca-certificates.crt +<% else -%> +TLS_CACERT /etc/ssl/servicecerts/db.debian.org.crt +<% end -%> +TLS_REQCERT hard diff --git a/modules/debian-org/templates/puppet.conf.erb b/modules/debian-org/templates/puppet.conf.erb index 13fe1372..2c41258e 100644 --- a/modules/debian-org/templates/puppet.conf.erb +++ b/modules/debian-org/templates/puppet.conf.erb @@ -16,10 +16,11 @@ environment=production <%- if scope.lookupvar('::hostname') == 'handel' -%> [master] -environments = development,testing,production,staging +environments = production,staging reports = store, http reporturl = http://puppet-dashboard.debian.org:3000/reports/upload config_version = cat /etc/puppet/.config-version +storeconfigs = true thin_storeconfigs = true dbadapter=mysql dbuser=puppet @@ -32,6 +33,11 @@ environments = development,testing,production,staging report = true configtimeout = 240 +[production] +manifestdir=/srv/puppet.debian.org/stages/production/manifests +fileserverconfig=/srv/puppet.debian.org/stages/production/fileserver.conf +modulepath=/srv/puppet.debian.org/stages/production/modules:/srv/puppet.debian.org/stages/production/3rdparty/modules + [staging] manifestdir=/srv/puppet.debian.org/stages/staging/manifests fileserverconfig=/srv/puppet.debian.org/stages/staging/fileserver.conf diff --git a/modules/motd/templates/motd.erb b/modules/motd/templates/motd.erb index 6b4f640a..56328234 100644 --- a/modules/motd/templates/motd.erb +++ b/modules/motd/templates/motd.erb @@ -107,7 +107,7 @@ unless vms.empty? end -if scope.lookupvar('::cluster').to_s != 'undefined' +if scope.lookupvar('::cluster') purp += "\n This server is a node in ganeti cluster: " purp += scope.lookupvar('::cluster').to_s + ":\n" purp += "\t" + scope.lookupvar('::cluster_nodes').split.sort.map{ |x| x.split('.')[0] }.join(", ") + ".\n" diff --git a/modules/multipath/templates/multipath-bm.conf.erb b/modules/multipath/templates/multipath-bm.conf.erb index f37a22fc..3f39ebb4 100644 --- a/modules/multipath/templates/multipath-bm.conf.erb +++ b/modules/multipath/templates/multipath-bm.conf.erb @@ -13,80 +13,80 @@ blacklist_exceptions { multipaths { multipath { - wwid 3600c0ff000d5ad34b41a635401000000 - alias adayevskaya + wwid 3600c0ff000d5ad34b41a635401000000 + alias adayevskaya } multipath { - wwid 3600c0ff000d5ad346d96635401000000 - alias barriere + wwid 3600c0ff000d5ad346d96635401000000 + alias barriere } multipath { - wwid 3600c0ff000d5ad34e88c635401000000 - alias barriere-lvm + wwid 3600c0ff000d5ad34e88c635401000000 + alias barriere-lvm } multipath { - wwid 3600c0ff000d5ad34f559665401000000 - alias binet + wwid 3600c0ff000d5ad34f559665401000000 + alias binet } multipath { - wwid 3600c0ff000d5ad34fb59665401000000 - alias binet-lvm + wwid 3600c0ff000d5ad34fb59665401000000 + alias binet-lvm } multipath { - wwid 3600c0ff000d5ad344455675401000000 - alias bmdb1 + wwid 3600c0ff000d5ad344455675401000000 + alias bmdb1 } multipath { - wwid 3600c0ff000d83a704c2ed85101000000 - alias bmdb1-srv + wwid 3600c0ff000d83a704c2ed85101000000 + alias bmdb1-srv } multipath { - wwid 3600c0ff000d5ad34f874635401000000 - alias coccia + wwid 3600c0ff000d5ad34f874635401000000 + alias coccia } multipath { - wwid 3600c0ff000d5ad34ac83635401000000 - alias coccia-lvm + wwid 3600c0ff000d5ad34ac83635401000000 + alias coccia-lvm } multipath { - wwid 3600c0ff000d5ad34cd996b5401000000 - alias couper + wwid 3600c0ff000d5ad34cd996b5401000000 + alias couper } multipath { - wwid 3600c0ff000d83a7048ef105201000000 - alias couper-srv + wwid 3600c0ff000d83a7048ef105201000000 + alias couper-srv } multipath { - wwid 3600c0ff000d5ad34389b6b5401000000 - alias delfin + wwid 3600c0ff000d5ad34389b6b5401000000 + alias delfin } multipath { - wwid 3600c0ff000d83a701052235201000000 - alias delfin-srv + wwid 3600c0ff000d83a701052235201000000 + alias delfin-srv } multipath { - wwid 3600c0ff000d5ad347a49665401000000 - alias dillon + wwid 3600c0ff000d5ad347a49665401000000 + alias dillon } multipath { - wwid 3600c0ff000d5ad34fc2e665401000000 - alias dillon-lvm + wwid 3600c0ff000d5ad34fc2e665401000000 + alias dillon-lvm } multipath { - wwid 3600c0ff000d5ad3421c3635401000000 - alias dinis + wwid 3600c0ff000d5ad3421c3635401000000 + alias dinis } multipath { - wwid 3600c0ff000d5ad34dc17115501000000 - alias dinis-lvm + wwid 3600c0ff000d5ad34dc17115501000000 + alias dinis-lvm } multipath { - wwid 3600c0ff000d5ad34f501655401000000 - alias donizetti + wwid 3600c0ff000d5ad34f501655401000000 + alias donizetti } multipath { - wwid 3600c0ff000d5ad346a00655401000000 - alias donizetti-srv + wwid 3600c0ff000d5ad346a00655401000000 + alias donizetti-srv } multipath { wwid 3600c0ff000d5ad34f780675401000000 @@ -97,60 +97,64 @@ multipaths { alias fede-lvm } multipath { - wwid 3600c0ff000d5ad348670635401000000 - alias gideon + wwid 3600c0ff000d5ad348670635401000000 + alias gideon } multipath { - wwid 3600c0ff000d5ad348d70635401000000 - alias gideon-srv + wwid 3600c0ff000d5ad348d70635401000000 + alias gideon-srv } multipath { - wwid 3600c0ff000d5ad34bcd0635401000000 - alias httpredir-bm-01 + wwid 3600c0ff000d5ad34bcd0635401000000 + alias httpredir-bm-01 } multipath { - wwid 3600c0ff000d5ad34bf77335501000000 - alias jerea + wwid 3600c0ff000d5ad34bf77335501000000 + alias jerea } multipath { - wwid 3600c0ff000d5ad34c877335501000000 - alias jerea-lvm + wwid 3600c0ff000d5ad34c877335501000000 + alias jerea-lvm } multipath { - wwid 3600c0ff000d5ad34c76a635401000000 - alias lindsay + wwid 3600c0ff000d5ad34c76a635401000000 + alias lindsay } multipath { - wwid 3600c0ff000d5ad34e86a635401000000 - alias lindsay-srv + wwid 3600c0ff000d5ad34e86a635401000000 + alias lindsay-srv } multipath { - wwid 3600c0ff000d5ad341ca4655401000000 - alias milanollo + wwid 3600c0ff000d5ad34f1f56f5501000000 + alias mekeel } multipath { - wwid 3600c0ff000d5ad346921635401000000 - alias milanollo-lvm-old + wwid 3600c0ff000d5ad341ca4655401000000 + alias milanollo } multipath { - wwid 3600c0ff000d75b58b9f93d5501000000 - alias milanollo-lvm + wwid 3600c0ff000d5ad346921635401000000 + alias milanollo-lvm-old } multipath { - wwid 3600c0ff000d5ad3454b3655401000000 - alias moszumanska + wwid 3600c0ff000d75b58b9f93d5501000000 + alias milanollo-lvm } multipath { - wwid 3600c0ff000d5ad34951e635401000000 - alias moszumanska-lvm + wwid 3600c0ff000d5ad3454b3655401000000 + alias moszumanska } multipath { - wwid 3600c0ff000d5ad342fca635401000000 - alias oyens + wwid 3600c0ff000d5ad34951e635401000000 + alias moszumanska-lvm } multipath { - wwid 3600c0ff000d5ad3437ca635401000000 - alias oyens-srv + wwid 3600c0ff000d5ad342fca635401000000 + alias oyens + } + multipath { + wwid 3600c0ff000d5ad3437ca635401000000 + alias oyens-srv } multipath { wwid 3600c0ff000d5ad341356645401000000 @@ -161,99 +165,107 @@ multipaths { alias paradis-lvm } multipath { - wwid 3600c0ff000d5ad341dfb655401000000 - alias pejacevic + wwid 3600c0ff000d5ad341dfb655401000000 + alias pejacevic + } + multipath { + wwid 3600c0ff000d5ad3439b7645401000000 + alias pejacevic-lvm + } + multipath { + wwid 3600c0ff000d5ad34e7e9645401000000 + alias petrova } multipath { - wwid 3600c0ff000d5ad3439b7645401000000 - alias pejacevic-lvm + wwid 3600c0ff000d5ad34e3b4645401000000 + alias philp } multipath { - wwid 3600c0ff000d5ad34e7e9645401000000 - alias petrova + wwid 3600c0ff000d5ad348f67675401000000 + alias picconi } multipath { - wwid 3600c0ff000d5ad34e3b4645401000000 - alias philp + wwid 3600c0ff000d5ad34de57675401000000 + alias picconi-lvm } multipath { - wwid 3600c0ff000d5ad348f67675401000000 - alias picconi + wwid 3600c0ff000d5ad346501705501000000 + alias pittar } multipath { - wwid 3600c0ff000d5ad34de57675401000000 - alias picconi-lvm + wwid 3600c0ff000d5ad347c01705501000000 + alias pittar-lvm } multipath { - wwid 3600c0ff000d5ad345cee645401000000 - alias piu-slave-bm-a + wwid 3600c0ff000d5ad345cee645401000000 + alias piu-slave-bm-a } multipath { - wwid 3600c0ff000d5ad3465ee645401000000 - alias piu-slave-bm-a-swap + wwid 3600c0ff000d5ad3465ee645401000000 + alias piu-slave-bm-a-swap } multipath { - wwid 3600c0ff000d5ad34c6ae6b5401000000 - alias portman + wwid 3600c0ff000d5ad34c6ae6b5401000000 + alias portman } multipath { - wwid 3600c0ff000d5ad341e9d6b5401000000 - alias portman-lvm + wwid 3600c0ff000d5ad341e9d6b5401000000 + alias portman-lvm } multipath { - wwid 3600c0ff000d5ad34fa5d6a5401000000 - alias quantz + wwid 3600c0ff000d5ad34fa5d6a5401000000 + alias quantz } multipath { wwid 3600c0ff000d5ad347b7b695401000000 alias quantz-lvm } multipath { - wwid 3600c0ff000d5ad341aa6645401000000 - alias rainier + wwid 3600c0ff000d5ad341aa6645401000000 + alias rainier } multipath { - wwid 3600c0ff000d5ad34efa7645401000000 - alias rapoport + wwid 3600c0ff000d5ad34efa7645401000000 + alias rapoport } multipath { - wwid 3600c0ff000d5ad34b260685401000000 - alias senfter + wwid 3600c0ff000d5ad34b260685401000000 + alias senfter } multipath { - wwid 3600c0ff000d5ad34c3bd675401000000 - alias senfter-lvm + wwid 3600c0ff000d5ad34c3bd675401000000 + alias senfter-lvm } multipath { - wwid 3600c0ff000d75b58894b825401000000 - alias sor + wwid 3600c0ff000d75b58894b825401000000 + alias sor } multipath { - wwid 3600c0ff000d75b58264c825401000000 - alias sor-lvm + wwid 3600c0ff000d75b58264c825401000000 + alias sor-lvm } multipath { - wwid 3600c0ff000d5ad346bc46b5401000000 - alias ticharich + wwid 3600c0ff000d5ad346bc46b5401000000 + alias ticharich } multipath { - wwid 3600c0ff000d5ad34169d6b5401000000 - alias ticharich-lvm + wwid 3600c0ff000d5ad34169d6b5401000000 + alias ticharich-lvm } multipath { - wwid 3600c0ff000d5ad3463e4645401000000 - alias wuiet + wwid 3600c0ff000d5ad3463e4645401000000 + alias wuiet } multipath { - wwid 3600c0ff000d5ad340ad9635401000000 - alias wuiet-lvm + wwid 3600c0ff000d5ad340ad9635401000000 + alias wuiet-lvm } multipath { - wwid 3600c0ff000d5ad3442f4645401000000 - alias x86-bm-01 + wwid 3600c0ff000d5ad3442f4645401000000 + alias x86-bm-01 } multipath { - wwid 3600c0ff000d5ad344af4645401000000 - alias x86-bm-01-lvm + wwid 3600c0ff000d5ad344af4645401000000 + alias x86-bm-01-lvm } } diff --git a/modules/nagios/files/common/obsolete-packages-ignore b/modules/nagios/files/common/obsolete-packages-ignore index fb2bdf48..79640800 100644 --- a/modules/nagios/files/common/obsolete-packages-ignore +++ b/modules/nagios/files/common/obsolete-packages-ignore @@ -5,5 +5,3 @@ /linux-image-.*/ /kernel-image-.*/ -buildd -sbuild diff --git a/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb b/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb index 912d39f2..30574756 100644 --- a/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb +++ b/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb @@ -7,32 +7,12 @@ ignore = [] case fqdn when /draghi.debian.org/ then ignore << %w{userdir-ldap userdir-ldap-cgi libheimdal-kadm5-perl django-ldapdb ud python-cdb python-nameparser} -when /(zandonai|zelenka).debian.org/ then ignore << %w{samhain zabbix-agent rrdcollect} -when /zappa.debian.org/ then ignore << %w{samhain} -when /(mayer|corelli).debian.org/ then ignore << "linux-base" -when /(alkman|caballero|merulo|mundy|zani).debian.org/ then ignore << "samhain" -when "franck.debian.org" then ignore << %w{python-apt} -when /(abel|arnold|antheil).debian.org/ then ignore << %w{flash-kernel linux-firmware-image} -when /(asachi|arm-linaro-01|arm-linaro-03).debian.org/ then ignore << "flash-kernel" -when /harris.debian.org/ then ignore << %w{flash-kernel kernel linux-firmware-image} -when /(hartmann|hasse|henze|hoiby).debian.org/ then ignore << %w{flash-kernel kernel linux-firmware-image} -when /(parry|partch).debian.org/ then ignore << "yaboot" when "handel.debian.org" then ignore << %w{puppet-dashboard} when "reger.debian.org" then ignore << %w{librt-extension-commandbymail-perl} when /(rainier|rapoport).debian.org/ then ignore << %w{rabbitmq-server} -when "zemlinsky.debian.org" then ignore << %w{initramfs-tools} when "sibelius.debian.org" then ignore << %w{tivsm-ba tivsm-api64 gskssl64 gskcrypt64 tivsm-api gskssl gskcrypt} -when "vogler.debian.org" then ignore << %w{repro libresiprocate-1.9 resiprocate-turn-server} -when /(mailly|muffat).debian.org/ then ignore << %w{python-dsa-mq} -when /(csail|grnet)-node(01|02).debian.org/ then ignore << %w{openvswitch-switch openvswitch-common} -end - -case fqdn -when /geo[123].debian.org/ then ignore << %w{geoip-database} -end - -case fqdn -when /((csail|grnet)-node(01|02)|powell|bm-bl1).debian.org/ then ignore << %w{ganeti-os-noop} +when "storace.debian.org" then ignore << %w{postgresql-client-9.1} +when /(sompek|stadler|schroeder).debian.org/ then ignore << %w{libsbuild-perl buildd sbuild} end ignore.flatten.join("\n") diff --git a/modules/puppetmaster/lib/puppet/parser/functions/entropy_provider.rb b/modules/puppetmaster/lib/puppet/parser/functions/entropy_provider.rb index 85b8bf1d..e16290ce 100644 --- a/modules/puppetmaster/lib/puppet/parser/functions/entropy_provider.rb +++ b/modules/puppetmaster/lib/puppet/parser/functions/entropy_provider.rb @@ -30,6 +30,7 @@ module Puppet::Parser::Functions hoster[name] = [] unless hoster[name] hoster[name] << node end + raise Puppet::ParseError, "entropy_provider: no entropy providers" unless provider.size > 0 # figure out which entropy provider to use consumer_hoster = nodeinfo['hoster'] diff --git a/modules/puppetmaster/lib/puppet/parser/functions/whohosts.rb b/modules/puppetmaster/lib/puppet/parser/functions/whohosts.rb index b55204ac..ca0d2957 100644 --- a/modules/puppetmaster/lib/puppet/parser/functions/whohosts.rb +++ b/modules/puppetmaster/lib/puppet/parser/functions/whohosts.rb @@ -8,8 +8,6 @@ module Puppet::Parser::Functions parser = Puppet::Parser::Parser.new(environment) parser.watch_file(yamlfile) - $KCODE = 'utf-8' - ans = {"name" => "unknown"} yaml = YAML.load_file(yamlfile) diff --git a/modules/puppetmaster/lib/puppet/parser/functions/yamlinfo.rb b/modules/puppetmaster/lib/puppet/parser/functions/yamlinfo.rb index b38f5d56..f53014de 100644 --- a/modules/puppetmaster/lib/puppet/parser/functions/yamlinfo.rb +++ b/modules/puppetmaster/lib/puppet/parser/functions/yamlinfo.rb @@ -42,7 +42,6 @@ module Puppet::Parser::Functions } require 'yaml' - $KCODE = 'utf-8' yaml = YAML.load_file(yamlfile) ret = {} diff --git a/modules/roles/files/static-mirroring/static-components.conf b/modules/roles/files/static-mirroring/static-components.conf index f0584f5e..691d39cf 100644 --- a/modules/roles/files/static-mirroring/static-components.conf +++ b/modules/roles/files/static-mirroring/static-components.conf @@ -8,6 +8,7 @@ bizet.debian.org www.debian.org wolkenstein.debian.org /srv/www.debian.org/ww dillon.debian.org blends.debian.org dillon.debian.org /srv/blends.debian.org/www dillon.debian.org d-i.debian.org dillon.debian.org /srv/d-i.debian.org/www dillon.debian.org debaday.debian.net dillon.debian.org /srv/debaday.debian.net/htdocs +dillon.debian.org debdeltas.debian.net donizetti.debian.org /srv/debdelta.debian.org/www/debdeltas dillon.debian.org dsa.debian.org dillon.debian.org /srv/dsa.debian.org/htdocs dillon.debian.org lintian.debian.org lindsay.debian.org /srv/lintian.debian.org/www dillon.debian.org mozilla.debian.net dillon.debian.org /srv/mozilla.debian.net/htdocs diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb index b6dec113..959ca519 100644 --- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb +++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb @@ -5,6 +5,7 @@ Use common-static-vhost backports.debian.org Use common-static-vhost incoming.debian.org Use common-static-vhost news.debian.net Use common-static-vhost debaday.debian.net +Use common-static-vhost debdeltas.debian.net Use common-static-vhost-with-extra metadata.ftp-master.debian.org "AddDefaultCharset utf-8" Use common-static-vhost-with-extra d-i.debian.org "ServerAlias d-i-backend.debian.org" Use common-static-vhost-with-extra network-test.debian.org "ServerAlias network-test-backend.debian.org" diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb index 09903f65..514c2679 100644 --- a/modules/samhain/templates/samhainrc.erb +++ b/modules/samhain/templates/samhainrc.erb @@ -455,6 +455,7 @@ dir=3/etc/facter file=/etc/ferm/conf.d/me.conf file=/etc/ferm/conf.d/defs.conf file=/etc/ferm/ferm.conf +file=/etc/ssl/README dir=2/etc/ssl/debian dir=1/etc/ssl/certs dir=1/etc/ssl/ca-debian diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb index 2a567106..9963270f 100644 --- a/modules/ssh/templates/authorized_keys.erb +++ b/modules/ssh/templates/authorized_keys.erb @@ -11,7 +11,7 @@ localkeys %> <%= ganetikeys = [] - if scope.lookupvar('::cluster').to_s != 'undefined' + if scope.lookupvar('::cluster') scope.lookupvar('::cluster_nodes').split.sort.each do |node| if allnodeinfo.has_key?(node) ganetikeys << "# for ganeti cluster #{scope.lookupvar('::cluster').to_s}: #{allnodeinfo[node]['hostname'][0]}" diff --git a/modules/ssl/files/README b/modules/ssl/files/README new file mode 100644 index 00000000..b87d282f --- /dev/null +++ b/modules/ssl/files/README @@ -0,0 +1,44 @@ +/------------------------------------------------------------------------------ +| /etc/ssl/certs + +The purpose of this directory is to allow verification of service certificates +for debian.org services by software that is able to properly verify service +certificates that are available in the default certificate store. + +Please *use it* in preference to other certificate stores when possible. + +/------------------------------------------------------------------------------ +| /etc/ssl/ca-debian + +This directory contains the certificate(s) for the certificate authorities +that have signed current service certificates for debian.org services. + +The purpose of this directory is to allow verification of service certificates +for debian.org services by software that is unable to properly verify service +certificates that are available in the default certificate store. + +Please *do not* use it for verification of debian.org service certificates +unless the software you are using is buggy and there is no other alternative. +Please *file bugs* on any software that you find that needs to use this +directory and usertag those bugs using this bts command: + +bts user debian-admin@lists.debian.org , usertags 123456 + needed-by-DSA-Team + +/------------------------------------------------------------------------------ +| /etc/ssl/ca-global + +This directory contains all of the certificates for certificate authorities +trusted by the ca-certificates Debian package, which is mostly a copy +of the certificates trusted by the Mozilla certificate store. + +The purpose of this directory is to allow verification of certificates from +a wide variety of external services on the global Internet that could +change their certificate at any time and could change their certificate +signing authority at any time. + +Please *do not* use it for verification of debian.org service certificates. + +Please *do not* use it for verification of certificates when pinning to a +specific service certificate or certificate authority is a viable option. +This directory *only* contains the certificate(s) for the current service +certificates for debian.org services. diff --git a/modules/ssl/files/README.ca-debian b/modules/ssl/files/README.ca-debian deleted file mode 100644 index 316bd8d3..00000000 --- a/modules/ssl/files/README.ca-debian +++ /dev/null @@ -1,13 +0,0 @@ -This directory contains the certificate(s) for the certificate authorities -that have signed current service certificates for debian.org services. - -The purpose of this directory is to allow verification of service certificates -for debian.org services by software that is unable to properly verify service -certificates that are available in the default certificate store. - -Please *do not* use it for verification of debian.org service certificates -unless the software you are using is buggy and there is no other alternative. -Please *file bugs* on any software that you find that needs to use this -directory and usertag those bugs using this bts command: - -bts user debian-admin@lists.debian.org , usertags 123456 + needed-by-DSA-Team diff --git a/modules/ssl/files/README.ca-global b/modules/ssl/files/README.ca-global deleted file mode 100644 index 5fb1778f..00000000 --- a/modules/ssl/files/README.ca-global +++ /dev/null @@ -1,13 +0,0 @@ -This directory contains all of the certificates for certificate authorities -trusted by the ca-certificates Debian package, which is mostly a copy -of the certificates trusted by the Mozilla certificate store. - -The purpose of this directory is to allow verification of certificates from -a wide variety of external services on the global Internet that could -change their certificate at any time and could change their certificate -signing authority at any time. - -Please *do not* use it for verification of debian.org service certificates. - -Please *do not* use it for verification of certificates when pinning to a -specific service certificate or certificate authority is a viable option. diff --git a/modules/ssl/files/README.certs b/modules/ssl/files/README.certs deleted file mode 100644 index edf4cc67..00000000 --- a/modules/ssl/files/README.certs +++ /dev/null @@ -1,8 +0,0 @@ -This directory *only* contains the certificate(s) for the current service -certificates for debian.org services. - -The purpose of this directory is to allow verification of service certificates -for debian.org services by software that is able to properly verify service -certificates that are available in the default certificate store. - -Please *use it* in preference to other certificate stores when possible. diff --git a/modules/ssl/files/chains/packages.qa.debian.org.crt b/modules/ssl/files/chains/packages.qa.debian.org.crt index 6aaa9147..50d224a8 120000 --- a/modules/ssl/files/chains/packages.qa.debian.org.crt +++ b/modules/ssl/files/chains/packages.qa.debian.org.crt @@ -1 +1 @@ -GANDI-CA \ No newline at end of file +GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/chains/tracker.debian.org.crt b/modules/ssl/files/chains/tracker.debian.org.crt index 6aaa9147..50d224a8 120000 --- a/modules/ssl/files/chains/tracker.debian.org.crt +++ b/modules/ssl/files/chains/tracker.debian.org.crt @@ -1 +1 @@ -GANDI-CA \ No newline at end of file +GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/packages.qa.debian.org.crt b/modules/ssl/files/servicecerts/packages.qa.debian.org.crt index b3bfc29f..8a6de898 100644 --- a/modules/ssl/files/servicecerts/packages.qa.debian.org.crt +++ b/modules/ssl/files/servicecerts/packages.qa.debian.org.crt @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 9a:59:d4:db:94:4c:0c:e6:25:3a:2a:e4:a3:a6:9a:a0 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA + d6:f4:0b:9a:d4:5f:ae:35:d3:c2:d1:c2:38:f6:79:61 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 Validity - Not Before: Jul 2 00:00:00 2014 GMT - Not After : Jul 2 23:59:59 2015 GMT + Not Before: Jun 20 00:00:00 2015 GMT + Not After : Jul 2 23:59:59 2016 GMT Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=packages.qa.debian.org Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -42,7 +42,7 @@ Certificate: Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: - keyid:B6:A8:FF:A2:A8:2F:D0:A6:CD:4B:B1:68:F3:E7:50:10:31:A7:79:21 + keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA X509v3 Subject Key Identifier: 82:3E:DF:28:FD:38:4F:4B:08:58:31:28:9C:17:DF:01:FA:99:B8:D4 @@ -54,65 +54,65 @@ Certificate: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: http://www.gandi.net/contracts/fr/ssl/cps/pdf/ + CPS: https://cps.usertrust.com Policy: 2.23.140.1.2.1 X509v3 CRL Distribution Points: Full Name: - URI:http://crl.gandi.net/GandiStandardSSLCA.crl + URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl Authority Information Access: - CA Issuers - URI:http://crt.gandi.net/GandiStandardSSLCA.crt - OCSP - URI:http://ocsp.gandi.net + CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt + OCSP - URI:http://ocsp.usertrust.com X509v3 Subject Alternative Name: DNS:packages.qa.debian.org, DNS:www.packages.qa.debian.org - Signature Algorithm: sha1WithRSAEncryption - 29:21:ec:a3:34:68:6d:a4:22:07:a7:c8:ef:d2:cf:4d:25:6f: - 1a:b3:c1:1b:37:1f:ef:41:48:b0:6e:c2:01:f8:f6:b0:eb:19: - fb:c0:f8:a9:45:61:f0:45:b4:db:8c:d6:80:4b:6d:cb:17:10: - bb:e6:ff:47:d5:02:95:cf:95:f5:ea:91:9c:e9:b5:d4:93:e3: - 53:0c:d8:1b:54:cb:36:a7:60:3b:e9:78:8e:5e:29:68:f8:be: - fd:04:28:93:87:b5:f5:37:69:60:2b:97:28:1a:83:6f:1a:cc: - 2e:12:34:7b:12:99:73:81:53:a9:1d:0d:01:6e:a3:a4:cb:d0: - ee:d6:88:a3:32:c3:4f:b9:c3:45:71:db:b4:90:55:af:d2:4c: - 9e:c3:a5:28:38:aa:3d:8a:86:07:80:e0:8d:81:a1:c4:cf:05: - 3b:53:f9:7c:7a:b1:b5:f1:65:1f:89:86:6a:05:e1:04:1e:53: - 93:92:67:c5:8a:af:69:46:f8:03:22:55:dd:53:ad:f6:d2:41: - e0:23:e0:23:be:55:5c:21:9a:8b:16:93:a9:63:f1:92:6b:46: - 3e:5c:05:04:fe:f0:55:5c:55:77:cc:7a:7e:ae:23:d2:36:d3: - 62:d0:4b:5f:cb:0b:a7:c2:46:56:2a:03:a9:4f:02:ce:94:30: - 43:53:58:3f + Signature Algorithm: sha256WithRSAEncryption + 7f:8f:da:55:d2:dc:63:a5:90:d6:60:e2:2e:22:ff:f7:eb:4e: + be:5b:f1:4f:0c:8f:28:9d:cf:5e:be:25:5c:80:20:52:13:5e: + 6d:fd:a9:35:89:94:11:af:69:f4:49:5d:f1:ac:6c:23:1c:81: + a4:8f:b2:75:11:c2:7d:e5:6b:2c:ed:04:be:4c:fb:c8:a5:f5: + eb:f1:9d:b2:86:8b:55:ff:69:68:a1:5b:c1:92:28:3a:01:33: + ef:5f:f8:a9:1d:71:6b:b1:d0:28:53:a9:48:86:fc:12:1b:80: + 92:5f:b7:10:e8:22:4c:2f:d0:4d:a3:42:d3:4f:32:96:df:5d: + d5:79:db:7d:a6:36:96:9c:f6:f3:ef:49:6a:99:50:50:af:a8: + 16:52:bd:6a:52:82:c8:ab:43:fb:69:ac:4d:e9:73:68:5c:3c: + 75:3c:61:65:70:82:18:a6:29:67:db:02:2b:79:4b:f9:e4:d4: + 1b:c0:c7:33:f5:a6:57:5d:59:77:e1:d2:56:fe:bb:11:ee:f6: + c2:13:7b:97:bb:be:6a:0a:04:e9:63:ef:51:7c:f1:8b:ed:dd: + 4b:6b:d3:3d:70:10:37:b8:59:ad:84:68:dc:97:f3:84:6a:52: + b0:9b:31:7f:45:c3:14:a3:08:54:16:f1:45:83:e6:45:d0:81: + c5:1a:06:17 -----BEGIN CERTIFICATE----- -MIIFezCCBGOgAwIBAgIRAJpZ1NuUTAzmJToq5KOmmqAwDQYJKoZIhvcNAQEFBQAw -QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu -ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTE0MDcwMjAwMDAwMFoXDTE1MDcwMjIzNTk1 -OVowYTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL -ExJHYW5kaSBTdGFuZGFyZCBTU0wxHzAdBgNVBAMTFnBhY2thZ2VzLnFhLmRlYmlh -bi5vcmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDFXVIMBIramNN1 -1ue09nxcuMwQOiTbl98b/oqtgGB8oKtgypsLjl74ikWJ69jn8Q83abx9KJgKlgbo -vnYgvOoMF0PSJC92EpE5RYdnlNhEVP+qkybmQIxTegownqrCQd65JBHCG5Lf79DG -M0GPCULWKwntWY210yX0SkBk1D/L6uTMDgf8ozyWQHwseItXLdvKYWQZyH2Eob4J -7XTKTJKqRE+DFa86xmj17UTYV2VineTdQ2mfYA8Rfes9QcSdxwxXwVQZ+nf7p1Ax -VaU6Djs9TuYbxmNS/L2coGQzp5UdO5HAGLYRqhyCgn8wxqQ/5J2g9mpFbIeZ1VQm -6TFxLTl1Uz7xg/YgOszneqbaL557jrq5UY/j5HMa4gbm4bQ13JN1cFiZ17oVsqUP -gwx28O+3EvkOqb+/fhmVGhhil1B3xLI+MSmpwGeVqCn3h6Qg9zTDDdnD5VZt0g3M -W2KO4uyAdiCvoLU9aghiIRQqBtWdPJWQHTGDjrQhxRfrVliLPYMCAwEAAaOCAcww -ggHIMB8GA1UdIwQYMBaAFLao/6KoL9CmzUuxaPPnUBAxp3khMB0GA1UdDgQWBBSC -Pt8o/ThPSwhYMSicF98B+pm41DAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw -ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYAYDVR0gBFkwVzBLBgsr -BgEEAbIxAQICGjA8MDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmdhbmRpLm5ldC9j -b250cmFjdHMvZnIvc3NsL2Nwcy9wZGYvMAgGBmeBDAECATA8BgNVHR8ENTAzMDGg -L6AthitodHRwOi8vY3JsLmdhbmRpLm5ldC9HYW5kaVN0YW5kYXJkU1NMQ0EuY3Js -MGoGCCsGAQUFBwEBBF4wXDA3BggrBgEFBQcwAoYraHR0cDovL2NydC5nYW5kaS5u -ZXQvR2FuZGlTdGFuZGFyZFNTTENBLmNydDAhBggrBgEFBQcwAYYVaHR0cDovL29j -c3AuZ2FuZGkubmV0MD0GA1UdEQQ2MDSCFnBhY2thZ2VzLnFhLmRlYmlhbi5vcmeC -Gnd3dy5wYWNrYWdlcy5xYS5kZWJpYW4ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAp -IeyjNGhtpCIHp8jv0s9NJW8as8EbNx/vQUiwbsIB+Paw6xn7wPipRWHwRbTbjNaA -S23LFxC75v9H1QKVz5X16pGc6bXUk+NTDNgbVMs2p2A76XiOXilo+L79BCiTh7X1 -N2lgK5coGoNvGswuEjR7EplzgVOpHQ0BbqOky9Du1oijMsNPucNFcdu0kFWv0kye -w6UoOKo9ioYHgOCNgaHEzwU7U/l8erG18WUfiYZqBeEEHlOTkmfFiq9pRvgDIlXd -U6320kHgI+AjvlVcIZqLFpOpY/GSa0Y+XAUE/vBVXFV3zHp+riPSNtNi0Etfywun -wkZWKgOpTwLOlDBDU1g/ +MIIFkjCCBHqgAwIBAgIRANb0C5rUX64108LRwjj2eWEwDQYJKoZIhvcNAQELBQAw +XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO +MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy +MB4XDTE1MDYyMDAwMDAwMFoXDTE2MDcwMjIzNTk1OVowYTEhMB8GA1UECxMYRG9t +YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT +U0wxHzAdBgNVBAMTFnBhY2thZ2VzLnFhLmRlYmlhbi5vcmcwggGiMA0GCSqGSIb3 +DQEBAQUAA4IBjwAwggGKAoIBgQDFXVIMBIramNN11ue09nxcuMwQOiTbl98b/oqt +gGB8oKtgypsLjl74ikWJ69jn8Q83abx9KJgKlgbovnYgvOoMF0PSJC92EpE5RYdn +lNhEVP+qkybmQIxTegownqrCQd65JBHCG5Lf79DGM0GPCULWKwntWY210yX0SkBk +1D/L6uTMDgf8ozyWQHwseItXLdvKYWQZyH2Eob4J7XTKTJKqRE+DFa86xmj17UTY +V2VineTdQ2mfYA8Rfes9QcSdxwxXwVQZ+nf7p1AxVaU6Djs9TuYbxmNS/L2coGQz +p5UdO5HAGLYRqhyCgn8wxqQ/5J2g9mpFbIeZ1VQm6TFxLTl1Uz7xg/YgOszneqba +L557jrq5UY/j5HMa4gbm4bQ13JN1cFiZ17oVsqUPgwx28O+3EvkOqb+/fhmVGhhi +l1B3xLI+MSmpwGeVqCn3h6Qg9zTDDdnD5VZt0g3MW2KO4uyAdiCvoLU9aghiIRQq +BtWdPJWQHTGDjrQhxRfrVliLPYMCAwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFLOQ +p9jJr07NYTyffK1df0H9aTDqMB0GA1UdDgQWBBSCPt8o/ThPSwhYMSicF98B+pm4 +1DAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsG +AQUFBwIBFhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNV +HR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFu +ZGFyZFNTTENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRw +Oi8vY3J0LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYI +KwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wPQYDVR0RBDYwNIIW +cGFja2FnZXMucWEuZGViaWFuLm9yZ4Iad3d3LnBhY2thZ2VzLnFhLmRlYmlhbi5v +cmcwDQYJKoZIhvcNAQELBQADggEBAH+P2lXS3GOlkNZg4i4i//frTr5b8U8Mjyid +z16+JVyAIFITXm39qTWJlBGvafRJXfGsbCMcgaSPsnURwn3layztBL5M+8il9evx +nbKGi1X/aWihW8GSKDoBM+9f+KkdcWux0ChTqUiG/BIbgJJftxDoIkwv0E2jQtNP +MpbfXdV5232mNpac9vPvSWqZUFCvqBZSvWpSgsirQ/tprE3pc2hcPHU8YWVwghim +KWfbAit5S/nk1BvAxzP1plddWXfh0lb+uxHu9sITe5e7vmoKBOlj71F88Yvt3Utr +0z1wEDe4Wa2EaNyX84RqUrCbMX9FwxSjCFQW8UWD5kXQgcUaBhc= -----END CERTIFICATE----- diff --git a/modules/ssl/files/servicecerts/tracker.debian.org.crt b/modules/ssl/files/servicecerts/tracker.debian.org.crt index b86047a2..4d6e1928 100644 --- a/modules/ssl/files/servicecerts/tracker.debian.org.crt +++ b/modules/ssl/files/servicecerts/tracker.debian.org.crt @@ -2,42 +2,42 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - d1:df:a0:62:f1:d4:59:fe:78:05:eb:d9:69:ff:75:2d - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA + 44:db:31:b8:fa:4b:3d:3f:09:aa:20:bd:f5:1d:c7:ab + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 Validity - Not Before: Jun 27 00:00:00 2014 GMT - Not After : Jun 27 23:59:59 2015 GMT + Not Before: Jun 20 00:00:00 2015 GMT + Not After : Jun 27 23:59:59 2016 GMT Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=tracker.debian.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c8:7a:d0:ed:05:94:a7:d3:24:c4:71:76:f9:c4: - e6:32:11:33:0e:2a:85:24:62:21:c0:ef:1f:91:27: - 81:ba:96:9a:ff:52:76:df:45:4e:f9:75:b1:3a:36: - 6f:bf:2f:be:aa:da:93:4c:70:56:a1:65:2b:61:21: - 7d:6c:f3:b3:78:80:c7:b9:76:fb:c2:cc:eb:e3:3f: - 90:3b:8d:d2:a6:7e:ca:f0:ef:c9:f2:8a:55:b2:05: - a3:e7:77:8a:5b:03:ee:e3:92:f2:7b:8e:35:d9:66: - 08:18:a8:b4:ee:c6:6e:ca:dc:4a:9d:d2:d9:a6:d7: - 4e:51:09:be:6a:11:21:89:64:23:56:3e:73:22:80: - 00:5d:9c:8b:4e:d3:e6:fc:9e:ae:11:3c:b5:8c:a0: - 54:1d:70:2a:b9:03:b8:7e:04:06:da:10:91:1e:17: - 3a:ed:b4:d8:66:42:fe:b5:d7:fc:68:71:6f:dc:e8: - 71:07:d4:78:cc:53:56:c5:d5:b8:88:a1:eb:1a:9a: - 20:ff:43:f6:d4:54:7e:b2:0c:91:e4:e7:06:01:ae: - e7:b1:05:6f:e6:04:b8:d4:1f:3d:69:a3:d2:03:36: - c0:94:a1:6c:8c:39:66:39:51:18:b0:48:c7:a1:3e: - 21:fe:8a:60:b1:35:36:80:06:ea:a6:3f:b8:ac:f0: - 3a:17 + 00:bc:a7:26:cb:d9:5b:5a:59:13:87:42:a0:1f:aa: + cb:97:a7:b1:41:ca:1a:e0:88:2f:9b:55:21:79:c1: + 9f:db:93:28:f1:2a:a2:15:c4:73:d8:aa:79:a7:73: + 75:7e:34:8b:09:83:13:6a:de:2b:21:71:a4:ba:bd: + f9:0f:fe:72:f2:5c:08:45:64:a7:0e:dc:a4:c7:f8: + 0c:d4:6c:b3:be:40:7e:e8:11:61:aa:e2:31:b4:c8: + 62:e6:c1:e3:53:83:fb:b7:3f:ea:8b:dc:2b:26:37: + 85:a9:00:87:7b:d3:b7:6d:ee:92:9d:c8:2c:30:a2: + d4:5a:c0:48:0e:4f:5d:f0:90:00:78:94:b2:e5:a1: + df:32:9c:ed:f2:08:89:af:f6:30:4a:85:e2:c3:83: + c9:ae:3d:5c:e4:46:14:ae:01:ef:7f:f8:7d:be:33: + 2d:2b:a9:c4:f7:25:1a:86:bb:77:03:7c:39:51:77: + b6:6c:33:c3:e7:b0:69:ad:09:d6:32:e1:97:c2:01: + 58:4b:9d:21:4b:50:25:f8:79:ef:1f:b0:40:11:1d: + 10:5a:19:f7:44:3d:24:7b:f2:27:8a:12:74:88:cf: + 53:df:82:d7:97:37:6d:51:51:7f:8f:4b:40:29:2e: + d3:4e:9d:6a:06:28:2d:7e:0b:86:56:53:fb:61:4b: + 91:71 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: - keyid:B6:A8:FF:A2:A8:2F:D0:A6:CD:4B:B1:68:F3:E7:50:10:31:A7:79:21 + keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA X509v3 Subject Key Identifier: - FF:B9:2F:8F:30:CA:EC:50:0D:22:35:BD:50:46:02:68:55:79:61:3E + BA:25:20:3A:D9:13:AE:CE:FB:E6:31:E9:74:AD:58:6F:7E:86:2F:D7 X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Basic Constraints: critical @@ -46,62 +46,62 @@ Certificate: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: http://www.gandi.net/contracts/fr/ssl/cps/pdf/ + CPS: https://cps.usertrust.com Policy: 2.23.140.1.2.1 X509v3 CRL Distribution Points: Full Name: - URI:http://crl.gandi.net/GandiStandardSSLCA.crl + URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl Authority Information Access: - CA Issuers - URI:http://crt.gandi.net/GandiStandardSSLCA.crt - OCSP - URI:http://ocsp.gandi.net + CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt + OCSP - URI:http://ocsp.usertrust.com X509v3 Subject Alternative Name: DNS:tracker.debian.org, DNS:www.tracker.debian.org - Signature Algorithm: sha1WithRSAEncryption - 55:c9:ac:88:28:25:a0:0a:df:fc:e8:99:4e:63:5b:bb:1c:8a: - 83:ad:fa:4d:f5:f3:1b:0b:a0:f3:6c:7c:27:07:5e:52:92:f9: - a6:3c:49:fe:fc:5a:f4:b9:b2:fb:c5:54:58:05:90:fc:6c:ce: - 5b:b6:17:d7:ab:88:d0:25:8a:2e:c7:6e:e1:43:b9:fa:85:57: - f5:77:0e:ec:c9:6e:7c:8e:db:d0:00:85:0e:fc:55:f7:47:41: - 9e:e0:5c:4d:21:e6:ed:3c:fd:ea:f5:e7:9e:90:2e:66:68:2c: - 6c:e9:45:ba:62:5f:d8:a6:d5:bf:9e:46:27:bd:82:d6:1a:a7: - e0:28:62:35:78:45:b4:90:e8:7d:15:94:43:e7:4e:ed:c7:53: - eb:b2:4e:d1:12:e3:89:1f:7c:c5:43:71:6f:7c:1f:a6:d2:7e: - c3:02:c2:b7:a8:0c:32:dd:57:74:32:e7:66:aa:f8:f8:b5:7e: - 80:e3:42:2c:12:d2:6e:25:04:35:6b:31:38:c9:6b:c6:c8:92: - 55:f9:d1:5b:e6:03:31:49:0a:21:51:a3:95:d1:00:72:bd:58: - a3:10:72:4a:ff:f8:1d:9e:b9:4f:ad:f3:84:d6:ed:51:be:94: - a6:54:77:e4:f9:f8:ef:bc:f4:9f:71:b7:69:d2:38:d9:0b:db: - bb:db:b3:70 + Signature Algorithm: sha256WithRSAEncryption + 5b:10:bb:97:97:03:5e:7f:e0:c6:00:e0:be:0f:48:fb:7f:d9: + d7:59:0f:4d:5c:ab:0d:7d:3f:7c:5c:11:4b:4a:20:4f:cf:c5: + bf:34:64:90:0d:78:8e:0a:26:7a:0d:04:3e:94:69:dc:01:37: + a5:7c:3f:94:b3:76:cd:46:fb:b2:4d:55:b3:ed:51:cb:03:58: + a8:e5:fe:59:d7:a9:24:c6:56:a8:27:e8:01:88:1c:4c:60:b1: + c3:e8:26:0d:9f:c3:e2:6e:a5:e6:23:03:3d:a5:6a:70:c8:cd: + 50:3b:75:ec:f1:5b:bf:86:69:b7:f9:56:9b:76:ae:10:89:a0: + 37:17:72:b7:34:b2:16:40:e4:90:91:f0:bc:8b:92:af:1f:69: + f3:85:fe:8a:f6:f7:d1:50:9b:ab:f6:31:6c:e8:cd:23:4c:68: + 51:5e:d2:52:44:84:a4:fa:6b:30:83:c3:ae:d0:33:09:73:80: + c8:b7:f0:ce:21:2f:ee:ad:ad:56:85:34:b6:d2:1c:35:76:67: + 83:a8:37:9d:13:43:d1:84:8b:c1:15:8a:c2:5b:f3:65:5f:2e: + 00:88:da:7f:6e:2d:04:c1:11:58:02:2c:25:70:c4:19:2a:fb: + 69:5f:00:c0:93:4a:89:16:00:e6:06:c5:60:42:bf:6a:f8:b9: + aa:c5:78:c3 -----BEGIN CERTIFICATE----- -MIIE7zCCA9egAwIBAgIRANHfoGLx1Fn+eAXr2Wn/dS0wDQYJKoZIhvcNAQEFBQAw -QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu -ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTE0MDYyNzAwMDAwMFoXDTE1MDYyNzIzNTk1 -OVowXTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL -ExJHYW5kaSBTdGFuZGFyZCBTU0wxGzAZBgNVBAMTEnRyYWNrZXIuZGViaWFuLm9y -ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMh60O0FlKfTJMRxdvnE -5jIRMw4qhSRiIcDvH5EngbqWmv9Sdt9FTvl1sTo2b78vvqrak0xwVqFlK2EhfWzz -s3iAx7l2+8LM6+M/kDuN0qZ+yvDvyfKKVbIFo+d3ilsD7uOS8nuONdlmCBiotO7G -bsrcSp3S2abXTlEJvmoRIYlkI1Y+cyKAAF2ci07T5vyerhE8tYygVB1wKrkDuH4E -BtoQkR4XOu202GZC/rXX/Ghxb9zocQfUeMxTVsXVuIih6xqaIP9D9tRUfrIMkeTn -BgGu57EFb+YEuNQfPWmj0gM2wJShbIw5ZjlRGLBIx6E+If6KYLE1NoAG6qY/uKzw -OhcCAwEAAaOCAcQwggHAMB8GA1UdIwQYMBaAFLao/6KoL9CmzUuxaPPnUBAxp3kh -MB0GA1UdDgQWBBT/uS+PMMrsUA0iNb1QRgJoVXlhPjAOBgNVHQ8BAf8EBAMCBaAw -DAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYAYD -VR0gBFkwVzBLBgsrBgEEAbIxAQICGjA8MDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3 -LmdhbmRpLm5ldC9jb250cmFjdHMvZnIvc3NsL2Nwcy9wZGYvMAgGBmeBDAECATA8 -BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmdhbmRpLm5ldC9HYW5kaVN0YW5k -YXJkU1NMQ0EuY3JsMGoGCCsGAQUFBwEBBF4wXDA3BggrBgEFBQcwAoYraHR0cDov -L2NydC5nYW5kaS5uZXQvR2FuZGlTdGFuZGFyZFNTTENBLmNydDAhBggrBgEFBQcw -AYYVaHR0cDovL29jc3AuZ2FuZGkubmV0MDUGA1UdEQQuMCyCEnRyYWNrZXIuZGVi -aWFuLm9yZ4IWd3d3LnRyYWNrZXIuZGViaWFuLm9yZzANBgkqhkiG9w0BAQUFAAOC -AQEAVcmsiCgloArf/OiZTmNbuxyKg636TfXzGwug82x8JwdeUpL5pjxJ/vxa9Lmy -+8VUWAWQ/GzOW7YX16uI0CWKLsdu4UO5+oVX9XcO7MlufI7b0ACFDvxV90dBnuBc -TSHm7Tz96vXnnpAuZmgsbOlFumJf2KbVv55GJ72C1hqn4ChiNXhFtJDofRWUQ+dO -7cdT67JO0RLjiR98xUNxb3wfptJ+wwLCt6gMMt1XdDLnZqr4+LV+gONCLBLSbiUE -NWsxOMlrxsiSVfnRW+YDMUkKIVGjldEAcr1YoxBySv/4HZ65T63zhNbtUb6UplR3 -5Pn477z0n3G3adI42Qvbu9uzcA== +MIIFBTCCA+2gAwIBAgIQRNsxuPpLPT8JqiC99R3HqzANBgkqhkiG9w0BAQsFADBf +MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w +DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw +HhcNMTUwNjIwMDAwMDAwWhcNMTYwNjI3MjM1OTU5WjBdMSEwHwYDVQQLExhEb21h +aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT +TDEbMBkGA1UEAxMSdHJhY2tlci5kZWJpYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAvKcmy9lbWlkTh0KgH6rLl6exQcoa4Igvm1UhecGf25Mo +8SqiFcRz2Kp5p3N1fjSLCYMTat4rIXGkur35D/5y8lwIRWSnDtykx/gM1GyzvkB+ +6BFhquIxtMhi5sHjU4P7tz/qi9wrJjeFqQCHe9O3be6SncgsMKLUWsBIDk9d8JAA +eJSy5aHfMpzt8giJr/YwSoXiw4PJrj1c5EYUrgHvf/h9vjMtK6nE9yUahrt3A3w5 +UXe2bDPD57BprQnWMuGXwgFYS50hS1Al+HnvH7BAER0QWhn3RD0ke/InihJ0iM9T +34LXlzdtUVF/j0tAKS7TTp1qBigtfguGVlP7YUuRcQIDAQABo4IBvTCCAbkwHwYD +VR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFLolIDrZE67O +++Yx6XStWG9+hi/XMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEB +AgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYG +Z4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNv +bS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYB +BQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NM +Q0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA1 +BgNVHREELjAsghJ0cmFja2VyLmRlYmlhbi5vcmeCFnd3dy50cmFja2VyLmRlYmlh +bi5vcmcwDQYJKoZIhvcNAQELBQADggEBAFsQu5eXA15/4MYA4L4PSPt/2ddZD01c +qw19P3xcEUtKIE/Pxb80ZJANeI4KJnoNBD6UadwBN6V8P5Szds1G+7JNVbPtUcsD +WKjl/lnXqSTGVqgn6AGIHExgscPoJg2fw+JupeYjAz2lanDIzVA7dezxW7+Gabf5 +Vpt2rhCJoDcXcrc0shZA5JCR8LyLkq8fafOF/or299FQm6v2MWzozSNMaFFe0lJE +hKT6azCDw67QMwlzgMi38M4hL+6trVaFNLbSHDV2Z4OoN50TQ9GEi8EVisJb82Vf +LgCI2n9uLQTBEVgCLCVwxBkq+2lfAMCTSokWAOYGxWBCv2r4uarFeMM= -----END CERTIFICATE----- diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp index 17d02850..5aedfbc9 100644 --- a/modules/ssl/manifests/init.pp +++ b/modules/ssl/manifests/init.pp @@ -11,6 +11,10 @@ class ssl { ensure => installed, } + file { '/etc/ssl/README': + mode => '0444', + source => 'puppet:///modules/ssl/README', + } file { '/etc/ca-certificates.conf': source => 'puppet:///modules/ssl/ca-certificates.conf', notify => Exec['refresh_normal_hashes'], @@ -56,24 +60,21 @@ class ssl { notify => Exec['refresh_normal_hashes'], } file { '/etc/ssl/certs/README': - mode => '0444', - source => 'puppet:///modules/ssl/README.certs', + ensure => absent, } file { '/etc/ssl/ca-debian': ensure => directory, mode => '0755', } file { '/etc/ssl/ca-debian/README': - mode => '0444', - source => 'puppet:///modules/ssl/README.ca-debian', + ensure => absent, } file { '/etc/ssl/ca-global': ensure => directory, mode => '0755', } file { '/etc/ssl/ca-global/README': - mode => '0444', - source => 'puppet:///modules/ssl/README.ca-global', + ensure => absent, } file { '/etc/ssl/debian': ensure => directory, diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index e78eec15..7b7f3e64 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -163,6 +163,7 @@ dsa dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dsa.d dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component metadata.ftp-master.debian.org %debbits master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bits.debian.org +%debdelta donizetti=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debdeltas.debian.net %webwml master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component network-test.debian.org planet philp=(staticsync) NOPASSWD: /usr/local/bin/static-update-component planet.debian.org debwww wolkenstein=(staticsync) NOPASSWD: /usr/local/bin/static-update-component www.debian.org diff --git a/modules/syslog-ng/files/syslog-ng.service b/modules/syslog-ng/files/syslog-ng.service index 7c276cd4..0598277b 100644 --- a/modules/syslog-ng/files/syslog-ng.service +++ b/modules/syslog-ng/files/syslog-ng.service @@ -10,6 +10,7 @@ ExecReload=/bin/kill -HUP $MAINPID StandardOutput=journal StandardError=journal Restart=always +RestartSec=5 [Install] WantedBy=multi-user.target diff --git a/modules/vsftpd/manifests/init.pp b/modules/vsftpd/manifests/init.pp index 7f0be8fc..9806604f 100644 --- a/modules/vsftpd/manifests/init.pp +++ b/modules/vsftpd/manifests/init.pp @@ -18,6 +18,19 @@ class vsftpd { notify => Service['vsftpd'] } + # Mask the vsftpd service as we are using xinetd + file { '/etc/systemd/system/vsftpd.service': + ensure => 'link', + target => '/dev/null', + notify => Exec['systemctl daemon-reload'], + } + + # Ensure the empty dir is present, workaround for #789127 + file { '/etc/tmpfiles.d/vsftpd.conf': + content => 'd /var/run/vsftpd/empty 0755 root root -', + notify => Exec['systemd-tmpfiles --create --exclude-prefix=/dev'], + } + munin::check { 'vsftpd': ensure => absent } @@ -42,5 +55,4 @@ class vsftpd { Package['debian.org'] ] } - }