From: Stephen Gran Date: Sun, 18 Oct 2009 00:10:12 +0000 (+0100) Subject: some class reshuffling X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=dbd62982af66658f4d50e06ba125cc60545b59a3;p=dsa-puppet.git some class reshuffling Signed-off-by: Stephen Gran --- diff --git a/manifests/site.pp b/manifests/site.pp index d8f1b09c..337f9c57 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -67,16 +67,16 @@ node default { # maybe wait for rietz to be upgraded to lenny -# case $hostname { -# rietz,raff,klecker: -# { include named-secondary } -# default: {} -# } + case $hostname { + rietz,raff,klecker: + { include named::secondary } + default: {} + } case $hostname { geo1,geo2,geo3: { - include geodns + include named::geodns include ntp::server } default: { diff --git a/modules/geodns/files/common/GeoIPv6.dat b/modules/geodns/files/common/GeoIPv6.dat deleted file mode 100644 index b425e60e..00000000 Binary files a/modules/geodns/files/common/GeoIPv6.dat and /dev/null differ diff --git a/modules/geodns/files/common/authorized_keys b/modules/geodns/files/common/authorized_keys deleted file mode 100644 index 646c710d..00000000 --- a/modules/geodns/files/common/authorized_keys +++ /dev/null @@ -1,6 +0,0 @@ -# -# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -# -from="82.195.75.106,2001:41b8:202:deb:216:36ff:fe40:3906",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2cJCkmggW6TD0UPJP9lelDno8qbYGXPeYE4+QmkqJv8mslcHxmx5tA2TvpJ9qbAUMPOdZf9ihomwPmFzz9UNZH4eDA8F126UUP5DXsh7FC7yVGSBUNdJdYS7m2wtVs8ddhrVdI+8c39D7NVGGjtUCJCWA/3fE65O183Gm+vER65SYR6LfHlEiC2FBROs6qwnjQ0yw194MnU7Jxl/GsTdZ72ArkmcPjuWsVHWtkSTt0hPfgBOyL4vSfBgl2p2eQBXCEPOaPTa1Yr5qfur1+Cj+iwadEmPfRap6rBO3wfIjbXt/KncM2uFrCXuF1TOqQxrs5LSe8dz16vf9Ckf9Ae5wQ== geodnssync@draghi (20090527) -from="91.103.132.25,2001:4b10:100b::dead:f00d",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApBLc4ZoGTtXDJ1UhgA7NEPdwqibg5BSXZfKPgfM9wn0mZooAlYzVYwNfe08UmDwrGkSjeNphmzpiDFQA27WGLCgAw8SIjunojWKvJwJcDwx2W4OPLByZaVg/wcEivC2h0+xlRc9jFqKL5cOsTnKBuD4nC7r8qnNcWxyeEEJGP4PVb2zgrGhf8UK3bAqYPuQp0pBFo4EPdorxsgThshEWg9eqB94ph7s+YXoccoWh4NlH2TaO9QdjtsWCId6uhfpcrxjhwKRkqdjofKiOhBB3vqHE+Cpe95nKHZAP5JDgqFH/L+pzyOiRqfTeYh2ivaEBl6m5F7C/QlDBOFrOZkEtXQ== geodnssync key for sgran diff --git a/modules/geodns/files/common/named.conf.acl b/modules/geodns/files/common/named.conf.acl deleted file mode 100644 index f04c9b87..00000000 --- a/modules/geodns/files/common/named.conf.acl +++ /dev/null @@ -1,282 +0,0 @@ -// -// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -// - -acl Nagios { - 192.25.206.33/32; -}; - -// Africa -acl AF { - country_AO; - country_BF; - country_BI; - country_BJ; - country_BW; - country_CD; - country_CF; - country_CG; - country_CI; - country_CM; - country_CV; - country_DJ; - country_DZ; - country_EG; - country_EH; - country_ER; - country_ET; - country_GA; - country_GH; - country_GM; - country_GN; - country_GQ; - country_GW; - country_KE; - country_KM; - country_LR; - country_LS; - country_LY; - country_MA; - country_MG; - country_ML; - country_MR; - country_MU; - country_MW; - country_MZ; - country_NA; - country_NE; - country_NG; - country_RE; - country_RW; - country_SC; - country_SD; - country_SH; - country_SL; - country_SN; - country_SO; - country_ST; - country_SZ; - country_TD; - country_TG; - country_TN; - country_TZ; - country_UG; - country_YT; - country_ZA; - country_ZM; - country_ZW; -}; - -// Asia -acl AS { - country_AE; - country_AF; - country_AM; - country_AZ; - country_BD; - country_BH; - country_BN; - country_BT; - country_CC; - country_CN; - country_CX; - country_CY; - country_GE; - country_HK; - country_ID; - country_IL; - country_IN; - country_IO; - country_IQ; - country_IR; - country_JO; - country_JP; - country_KG; - country_KH; - country_KP; - country_KR; - country_KW; - country_KZ; - country_LA; - country_LB; - country_LK; - country_MM; - country_MN; - country_MO; - country_MV; - country_MY; - country_NP; - country_OM; - country_PH; - country_PK; - country_PS; - country_QA; - country_SA; - country_SG; - country_SY; - country_TH; - country_TJ; - country_TL; - country_TM; - country_TW; - country_UZ; - country_VN; - country_YE; -}; - -// Europe -acl EU { - country_AD; - country_AL; - country_AT; - country_AX; - country_BA; - country_BE; - country_BG; - country_BY; - country_CH; - country_CZ; - country_DE; - country_DK; - country_EE; - country_ES; - country_FI; - country_FO; - country_FR; - country_GB; - country_GG; - country_GI; - country_GR; - country_HR; - country_HU; - country_IE; - country_IM; - country_IS; - country_IT; - country_JE; - country_LI; - country_LT; - country_LU; - country_LV; - country_MC; - country_MD; - country_ME; - country_MK; - country_MT; - country_NL; - country_NO; - country_PL; - country_PT; - country_RO; - country_RS; - country_RU; - country_SE; - country_SI; - country_SJ; - country_SK; - country_SM; - country_TR; - country_UA; - country_VA; -}; - -// North America -acl NA { - country_AG; - country_AI; - country_AN; - country_AW; - country_BB; - country_BL; - country_BM; - country_BS; - country_BZ; - country_CA; - country_CR; - country_CU; - country_DM; - country_DO; - country_GD; - country_GL; - country_GP; - country_GT; - country_HN; - country_HT; - country_JM; - country_KN; - country_KY; - country_LC; - country_MF; - country_MQ; - country_MS; - country_MX; - country_NI; - country_PA; - country_PM; - country_PR; - country_SV; - country_TC; - country_TT; - country_US; - country_VC; - country_VG; - country_VI; -}; - -// South America -acl SA { - country_AR; - country_BO; - country_BR; - country_CL; - country_CO; - country_EC; - country_FK; - country_GF; - country_GY; - country_PE; - country_PY; - country_SR; - country_UY; - country_VE; -}; - -// Oceania -acl OC { - country_AS; - country_AU; - country_CK; - country_FJ; - country_FM; - country_GU; - country_KI; - country_MH; - country_MP; - country_NC; - country_NF; - country_NR; - country_NU; - country_NZ; - country_PF; - country_PG; - country_PN; - country_PW; - country_SB; - country_TK; - country_TO; - country_TV; - country_UM; - country_VU; - country_WF; - country_WS; -}; - -// Antarctica -acl AN { - country_AQ; - country_BV; - country_GS; - country_HM; - country_TF; -}; diff --git a/modules/geodns/files/common/named.conf.geo b/modules/geodns/files/common/named.conf.geo deleted file mode 100644 index 13f6836e..00000000 --- a/modules/geodns/files/common/named.conf.geo +++ /dev/null @@ -1,421 +0,0 @@ -// This file was created by dsa-geodomains/zonebuilder --create-named-conf -// and is distributed to hosts using puppet as -// dsa-puppet/modules/geodns/files/common/named.conf.geo -// you probably do not want to edit it manually wherever you find it - -view "AF" { - match-clients { AF; }; - - zone "security.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.AF"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "security.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.AF"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "bugs.debian.org" { - type master; - file "/etc/bind/geodns/db.bugs.debian.org.AF"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.AF"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.AF"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "packages.debian.org" { - type master; - file "/etc/bind/geodns/db.packages.debian.org.AF"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - -}; -view "AN" { - match-clients { AN; }; - - zone "security.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.AN"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "security.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.AN"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "bugs.debian.org" { - type master; - file "/etc/bind/geodns/db.bugs.debian.org.AN"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.AN"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.AN"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "packages.debian.org" { - type master; - file "/etc/bind/geodns/db.packages.debian.org.AN"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - -}; -view "AS" { - match-clients { AS; }; - - zone "security.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.AS"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "security.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.AS"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "bugs.debian.org" { - type master; - file "/etc/bind/geodns/db.bugs.debian.org.AS"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.AS"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.AS"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "packages.debian.org" { - type master; - file "/etc/bind/geodns/db.packages.debian.org.AS"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - -}; -view "EU" { - match-clients { EU; }; - - zone "security.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.EU"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "security.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.EU"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "bugs.debian.org" { - type master; - file "/etc/bind/geodns/db.bugs.debian.org.EU"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.EU"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.EU"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "packages.debian.org" { - type master; - file "/etc/bind/geodns/db.packages.debian.org.EU"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - -}; -view "NA" { - match-clients { NA; }; - - zone "security.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.NA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "security.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.NA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "bugs.debian.org" { - type master; - file "/etc/bind/geodns/db.bugs.debian.org.NA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.NA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.NA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "packages.debian.org" { - type master; - file "/etc/bind/geodns/db.packages.debian.org.NA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - -}; -view "OC" { - match-clients { OC; }; - - zone "security.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.OC"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "security.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.OC"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "bugs.debian.org" { - type master; - file "/etc/bind/geodns/db.bugs.debian.org.OC"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.OC"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.OC"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "packages.debian.org" { - type master; - file "/etc/bind/geodns/db.packages.debian.org.OC"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - -}; -view "SA" { - match-clients { SA; }; - - zone "security.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.SA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "security.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org.SA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "bugs.debian.org" { - type master; - file "/etc/bind/geodns/db.bugs.debian.org.SA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.SA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org.SA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "packages.debian.org" { - type master; - file "/etc/bind/geodns/db.packages.debian.org.SA"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - -}; -view "default" { - match-clients { any; }; - - zone "security.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "security.debian.org" { - type master; - file "/etc/bind/geodns/db.security.debian.org"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "bugs.debian.org" { - type master; - file "/etc/bind/geodns/db.bugs.debian.org"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.geo.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "www.debian.org" { - type master; - file "/etc/bind/geodns/db.www.debian.org"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - - zone "packages.debian.org" { - type master; - file "/etc/bind/geodns/db.packages.debian.org"; - notify no; - allow-query { any; }; - allow-transfer { }; - }; - -}; diff --git a/modules/geodns/files/common/named.conf.local b/modules/geodns/files/common/named.conf.local deleted file mode 100644 index 5397f6d3..00000000 --- a/modules/geodns/files/common/named.conf.local +++ /dev/null @@ -1,7 +0,0 @@ -// -// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -// - -include "/etc/bind/named.conf.acl"; -include "/etc/bind/geodns/named.conf.geo"; diff --git a/modules/geodns/files/common/named.conf.options b/modules/geodns/files/common/named.conf.options deleted file mode 100644 index 1a872001..00000000 --- a/modules/geodns/files/common/named.conf.options +++ /dev/null @@ -1,42 +0,0 @@ -// -// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -// - -options { - directory "/var/cache/bind"; - - // If there is a firewall between you and nameservers you want - // to talk to, you may need to fix the firewall to allow multiple - // ports to talk. See http://www.kb.cert.org/vuls/id/800113 - - // If your ISP provided one or more IP addresses for stable - // nameservers, you probably want to use them as forwarders. - // Uncomment the following block, and insert the addresses replacing - // the all-0's placeholder. - - // forwarders { - // 0.0.0.0; - // }; - - auth-nxdomain no; # conform to RFC1035 - listen-on-v6 { any; }; - allow-query { any; }; - allow-update { none; }; - allow-transfer { none; }; - allow-recursion { Nagios; }; -}; - -logging { - - channel queries { - file "/var/log/bind9/geoip-query.log" versions 4 size 40m; - print-time yes; - print-category yes; - }; - category queries { queries; }; - category lame-servers { null; }; - -}; - - diff --git a/modules/geodns/files/common/recvconf b/modules/geodns/files/common/recvconf deleted file mode 100755 index dd9b5758..00000000 --- a/modules/geodns/files/common/recvconf +++ /dev/null @@ -1,217 +0,0 @@ -#!/bin/bash - -# -# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -# - -set -e -set -u - -## Copyright (c) 2005 David B. Harris -## Copyright (c) 2005,2009 Peter Palfrader - -## This text is released under the "three-clause BSD license". -## The full text of the license is available at the end of this file. - -if [ "$#" != 1 ]; then - echo "Usage: $0 " >&2 - exit 1 -fi - -FILELIST="$1" - -printf "\nrecvconf on %s processing:\n" "$(hostname -s)" - -umask 077 - -temptar="$(mktemp)" -chmod 0600 "$temptar" - -tempscript="$(mktemp)" -chmod 0600 "$tempscript" - -tempdir="$(mktemp -d)" - -# Read tarball from STDIN -gzip -dc > "$temptar" - -cd "$tempdir" -tar xf "$temptar" - -copy_and_runcommands() { - - local file perms user group precommand postcommand - file="$1"; perms="$2"; user="$3"; group="$4"; precommand="$5"; postcommand="$6" - - if [ -f "$file" ]; then - if [ -h "$file" ]; then # File should NOT be a symlink - printf "\`%s' is a symlink, aborting.\n" "$file" >&2 - return 1 - fi - - if ! [ "$file" -nt "/$file" ]; then - rm -f "$file" - return 0 - fi - - if [ -n "$precommand" ]; then - printf "Running precommand \`%s' for %s\n" "$precommand" "$file" >&2 - eval -- $precommand >&2 - fi - - if [ -n "$perms" ]; then - chmod -- "$perms" "$file" - else - printf "Warning, no perms defined for \`%s', assuming 0640.\n" "$file" >&2 - chmod 0640 "$file" - fi - if [ -n "$user" ]; then - chown -- "$user" "$file" - else - printf "Warning, no user defined for \`%s', assuming root.\n" "$file" >&2 - chown root "$file" - fi - if [ -n "$group" ]; then - chgrp -- "$group" "$file" - else - printf "Warning, no group defined for \`%s', assuming root.\n" "$file" >&2 - chgrp root "$file" - fi - - if [ ! -d "/$(dirname "$file")" ]; then - printf "Directory \`%s' does not exist, aborting.\n" "$(dirname "$file")" >&2 - exit 1 - fi - - cp -a -- "$file" "/$(dirname "$file")" >&2 - ls -l "/$(dirname "$file")/$(basename "$file")" >&2 - - if [ -n "$postcommand" ]; then - if ! grep -F -- "$postcommand" "$tempscript" > /dev/null 2>&1; then - printf "%s\n" "$postcommand" >> "$tempscript" - fi - fi - - rm -f -- "$file" - fi -} - -IN=0 -linenum=0 -file="" -nextfile="" - -clear_vars() { - perms=""; user=""; group=""; precommand=""; postcommand="" -} -clear_vars - -while read line; do - linenum="$(($linenum + 1))" - - if printf "%s\n" "$line" | grep -E '^[[:space:]]*$' > /dev/null 2>&1; then - ## This line is an empty line; skip it - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*#' > /dev/null 2>&1; then - ## This line is a comment; skip it - continue - fi - - ## IN=0, so we're out of a stanza: better get a file declaration next - if [ "$IN" = "0" ] && ! printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then - printf "Error on line %s, file declaration expected. Got\n\t%s\n" "$linenum" "$line" >&2 - exit 1 - elif [ "$IN" = 0 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then - ## Okay, we're just starting out; set $file and move on - file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - IN=1 - continue - elif [ "$IN" = 1 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then - ## Okay, not only are we at a file declaration, but this isn't our first one. Run the commands to process - ## the file, then set a $file to the new value and continue parsing. - [ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand" - file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - clear_vars - continue - fi - - ## The last two if blocks weren't processed; thus this isn't a comment, a blank line, and we're in the middle of a stanza - if printf "%s" "$line" | grep -E '^[[:space:]]*perms[[:space:]]' > /dev/null 2>&1; then - perms="$(printf "%s" "$line" | sed -e 's/[[:space:]]*perms[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*user[[:space:]]' > /dev/null 2>&1; then - user="$(printf "%s" "$line" | sed -e 's/[[:space:]]*user[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*group[[:space:]]' > /dev/null 2>&1; then - group="$(printf "%s" "$line" | sed -e 's/[[:space:]]*group[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*precommand[[:space:]]' > /dev/null 2>&1; then - precommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*precommand[[:space:]]\+\([^[:space:]#]*\)/\1/')" - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*postcommand[[:space:]]' > /dev/null 2>&1; then - postcommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*postcommand[[:space:]]\+\([^[:space:]#]*\)/\1/')" - continue - else - printf "Unknown token at line %s:\n\t%s\n" "$linenum" "$line" - fi - -done < "$FILELIST" - -## This is the last stanza and the above loop has set the variables, but hasn't yet processed the file -[ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand" - -if [ -s "$tempscript" ]; then - tempoutput="$(mktemp)" - ## Post-copying commands to be run, run them here. Only display output if they exit with $? > 0 - while read command; do - printf "Running postcommand \`%s' on %s.\n" "$command" "$(hostname -s)" >&2 - if ! eval -- "(cd / && env -i $command)" > "$tempoutput" 2>&1; then - printf "Error, postcommand \`%s' on %s failed. Output follows:\n" "$command" "$(hostname -s)" >&2 - cat -- "$tempoutput" >&2 - exit 1 - fi - done < "$tempscript" - rm -f -- "$tempoutput" -fi - -# Check for any leftover files here; if there are any, exit with an error and print the list -if [ ! -z "$(find . -type f)" ]; then - printf "The following files were not listed in $FILELIST:\n%s\n" "$(find . -type f)" >&2 - exit 1 -fi - -rm -f -- "$temptar" -rm -f -- "$tempscript" -cd -rm -rf -- "$tempdir" - -printf "recvconf on %s finished.\n" "$(hostname -s)" - -## Redistribution and use in source and binary forms, with or without -## modification, are permitted provided that the following conditions are -## met: -## -## * Redistributions of source code must retain the above copyright -## notice, this list of conditions and the following disclaimer. -## -## * Redistributions in binary form must reproduce the above -## copyright notice, this list of conditions and the following disclaimer -## in the documentation and/or other materials provided with the -## distribution. -## -## * Neither the names of the copyright owners nor the names of its -## contributors may be used to endorse or promote products derived from -## this software without specific prior written permission. -## -## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -## A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -## OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -## DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -## THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -## OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/modules/geodns/files/common/recvconf.files b/modules/geodns/files/common/recvconf.files deleted file mode 100644 index 9c6667b6..00000000 --- a/modules/geodns/files/common/recvconf.files +++ /dev/null @@ -1,197 +0,0 @@ -# This file was created by dsa-geodomains/zonebuilder --create-recvconf-conf -# and is distributed to hosts using puppet as -# dsa-puppet/modules/geodns/files/common/recvconf.files -# you probably do not want to edit it manually wherever you find it - -file etc/bind/geodns/db.bugs.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload diff --git a/modules/geodns/manifests/init.pp b/modules/geodns/manifests/init.pp deleted file mode 100644 index 9df37135..00000000 --- a/modules/geodns/manifests/init.pp +++ /dev/null @@ -1,98 +0,0 @@ -class geodns { - include munin-node::bind - - package { - bind9: ensure => installed; - } - - file { - "/etc/apt/sources.list.d/geoip.list": - content => template("debian-org/etc/apt/sources.list.d/geoip.list.erb"), - notify => Exec["apt-get update"], - ; - "/etc/bind/named.conf.local": - source => [ "puppet:///geodns/per-host/$fqdn/named.conf.local", - "puppet:///geodns/common/named.conf.local" ], - require => Package["bind9"], - notify => Exec["bind9 restart"], - owner => root, - group => root, - ; - "/etc/bind/named.conf.acl": - source => [ "puppet:///geodns/per-host/$fqdn/named.conf.acl", - "puppet:///geodns/common/named.conf.acl" ], - require => Package["bind9"], - notify => Exec["bind9 restart"], - owner => root, - group => root, - ; - "/etc/bind/named.conf.options": - source => [ "puppet:///geodns/per-host/$fqdn/named.conf.options", - "puppet:///geodns/common/named.conf.options" ], - require => Package["bind9"], - notify => Exec["bind9 restart"], - owner => root, - group => root, - ; - - "/etc/bind/geodns": - ensure => directory, - owner => root, - group => geodnssync, - mode => 775, - ; - "/etc/bind/geodns/named.conf.geo": - source => [ "puppet:///geodns/per-host/$fqdn/named.conf.geo", - "puppet:///geodns/common/named.conf.geo" ], - require => Package["bind9"], - notify => Exec["bind9 restart"], - owner => root, - group => root, - ; - "/etc/bind/geodns/recvconf": - source => [ "puppet:///geodns/per-host/$fqdn/recvconf", - "puppet:///geodns/common/recvconf" ], - owner => root, - group => root, - mode => 555, - ; - "/etc/bind/geodns/recvconf.files": - source => [ "puppet:///geodns/per-host/$fqdn/recvconf.files", - "puppet:///geodns/common/recvconf.files" ], - owner => root, - group => root, - mode => 444, - ; - - "/usr/share/GeoIP/GeoIPv6.dat": - source => [ "puppet:///geodns/per-host/$fqdn/GeoIPv6.dat", - "puppet:///geodns/common/GeoIPv6.dat" ], - owner => root, - group => root, - mode => 444, - ; - - "/etc/ssh/userkeys/geodnssync": - source => [ "puppet:///geodns/per-host/$fqdn/authorized_keys", - "puppet:///geodns/common/authorized_keys" ], - owner => root, - group => geodnssync, - mode => 440, - ; - "/var/log/bind9": - ensure => directory, - owner => bind, - group => bind, - mode => 775, - ; - } - - exec { - "bind9 restart": - path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", - refreshonly => true, - ; - } -} - -# vim: set fdm=marker ts=8 sw=8 et: diff --git a/modules/named-secondary/files/common/named.conf.debian-zones b/modules/named-secondary/files/common/named.conf.debian-zones deleted file mode 100644 index a7874dd3..00000000 --- a/modules/named-secondary/files/common/named.conf.debian-zones +++ /dev/null @@ -1,168 +0,0 @@ -// -// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -// - -// Slave domains, includ in bind.conf - -// NOT USED YET - SYNC UP WITH dsa-misc/config/bind/ before enabling finally - -zone "debian.org" { - type slave; - notify no; - file "db.debian.org"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; - -zone "debian.net" { - type slave; - notify no; - file "db.debian.net"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; - -zone "mirror.debian.net" { - type slave; - notify no; - file "db.mirror.debian.net"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; - -zone "rbl.debian.net" { - type slave; - notify no; - file "db.rbl.debian.net"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; - -zone "debian.com" { - type slave; - notify no; - file "db.debian.com"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; - -zone "alioth.debian.org" { - type slave; - notify no; - file "db.alioth.debian.org"; - masters { - 217.196.43.134; - }; - allow-query { any; }; - allow-transfer { }; -}; - - -// debian rack with sil.at -zone "144-28.118.59.86.in-addr.arpa" { - type slave; - notify no; - file "db.86.59.118.144"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; -zone "2.0.0.0.2.0.0.0.8.5.8.0.1.0.0.2.ip6.arpa" { - type slave; - notify no; - file "db.2001:0858:0002:0002"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; - -// ipv6 at 1&1 - powell: 2001:08d8:0081:1520::/60 -zone "2.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa" { - type slave; - notify no; - file "db.2001:08d8:0081:1520"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; -// ipv6 at 1&1 - puccini 2001:08d8:0081:15a0::/60 -zone "a.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa" { - type slave; - notify no; - file "db.2001:08d8:0081:15a0"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; -// ipv6 at 1&1 - wieck and schumann -zone "2.6.a.0.4.6.5.6.1.0.0.0.2.0.0.0.8.d.8.0.1.0.0.2.ip6.arpa" { - type slave; - notify no; - file "db.2001:8d8:2:1:6564:0a62"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; - -// ipv6 at xs4all - klecker 2001:888:2000:12::/64 -zone "2.1.0.0.0.0.0.2.8.8.8.0.1.0.0.2.ip6.arpa" { - type slave; - notify no; - file "db.2001:888:2000:12"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; - -// 19.12.206.in-addr.arpa zone - reverse zone for 206.12.19/24 - debian at UBC/ECE -zone "19.12.206.in-addr.arpa" { - type slave; - notify no; - file "db.206.12.19"; - masters { - 82.195.75.106; // draghi - 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi - }; - allow-query { any; }; - allow-transfer { }; -}; -// vim:set syn=named: diff --git a/modules/named-secondary/manifests/init.pp b/modules/named-secondary/manifests/init.pp deleted file mode 100644 index 8c61c506..00000000 --- a/modules/named-secondary/manifests/init.pp +++ /dev/null @@ -1,13 +0,0 @@ -class named-secondary { - file { "/etc/bind/named.conf.debian-zones": - source => [ "puppet:///named-secondary/per-host/$fqdn/named.conf.debian-zones", - "puppet:///named-secondary/common/named.conf.debian-zones" ], - notify => Exec["bind9 reload"], - } - - exec { "bind9 reload": - path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", - refreshonly => true, - } -} - diff --git a/modules/named/files/common/GeoIPv6.dat b/modules/named/files/common/GeoIPv6.dat new file mode 100644 index 00000000..b425e60e Binary files /dev/null and b/modules/named/files/common/GeoIPv6.dat differ diff --git a/modules/named/files/common/authorized_keys b/modules/named/files/common/authorized_keys new file mode 100644 index 00000000..646c710d --- /dev/null +++ b/modules/named/files/common/authorized_keys @@ -0,0 +1,6 @@ +# +# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +# +from="82.195.75.106,2001:41b8:202:deb:216:36ff:fe40:3906",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2cJCkmggW6TD0UPJP9lelDno8qbYGXPeYE4+QmkqJv8mslcHxmx5tA2TvpJ9qbAUMPOdZf9ihomwPmFzz9UNZH4eDA8F126UUP5DXsh7FC7yVGSBUNdJdYS7m2wtVs8ddhrVdI+8c39D7NVGGjtUCJCWA/3fE65O183Gm+vER65SYR6LfHlEiC2FBROs6qwnjQ0yw194MnU7Jxl/GsTdZ72ArkmcPjuWsVHWtkSTt0hPfgBOyL4vSfBgl2p2eQBXCEPOaPTa1Yr5qfur1+Cj+iwadEmPfRap6rBO3wfIjbXt/KncM2uFrCXuF1TOqQxrs5LSe8dz16vf9Ckf9Ae5wQ== geodnssync@draghi (20090527) +from="91.103.132.25,2001:4b10:100b::dead:f00d",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApBLc4ZoGTtXDJ1UhgA7NEPdwqibg5BSXZfKPgfM9wn0mZooAlYzVYwNfe08UmDwrGkSjeNphmzpiDFQA27WGLCgAw8SIjunojWKvJwJcDwx2W4OPLByZaVg/wcEivC2h0+xlRc9jFqKL5cOsTnKBuD4nC7r8qnNcWxyeEEJGP4PVb2zgrGhf8UK3bAqYPuQp0pBFo4EPdorxsgThshEWg9eqB94ph7s+YXoccoWh4NlH2TaO9QdjtsWCId6uhfpcrxjhwKRkqdjofKiOhBB3vqHE+Cpe95nKHZAP5JDgqFH/L+pzyOiRqfTeYh2ivaEBl6m5F7C/QlDBOFrOZkEtXQ== geodnssync key for sgran diff --git a/modules/named/files/common/named.conf.acl b/modules/named/files/common/named.conf.acl new file mode 100644 index 00000000..f04c9b87 --- /dev/null +++ b/modules/named/files/common/named.conf.acl @@ -0,0 +1,282 @@ +// +// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +// + +acl Nagios { + 192.25.206.33/32; +}; + +// Africa +acl AF { + country_AO; + country_BF; + country_BI; + country_BJ; + country_BW; + country_CD; + country_CF; + country_CG; + country_CI; + country_CM; + country_CV; + country_DJ; + country_DZ; + country_EG; + country_EH; + country_ER; + country_ET; + country_GA; + country_GH; + country_GM; + country_GN; + country_GQ; + country_GW; + country_KE; + country_KM; + country_LR; + country_LS; + country_LY; + country_MA; + country_MG; + country_ML; + country_MR; + country_MU; + country_MW; + country_MZ; + country_NA; + country_NE; + country_NG; + country_RE; + country_RW; + country_SC; + country_SD; + country_SH; + country_SL; + country_SN; + country_SO; + country_ST; + country_SZ; + country_TD; + country_TG; + country_TN; + country_TZ; + country_UG; + country_YT; + country_ZA; + country_ZM; + country_ZW; +}; + +// Asia +acl AS { + country_AE; + country_AF; + country_AM; + country_AZ; + country_BD; + country_BH; + country_BN; + country_BT; + country_CC; + country_CN; + country_CX; + country_CY; + country_GE; + country_HK; + country_ID; + country_IL; + country_IN; + country_IO; + country_IQ; + country_IR; + country_JO; + country_JP; + country_KG; + country_KH; + country_KP; + country_KR; + country_KW; + country_KZ; + country_LA; + country_LB; + country_LK; + country_MM; + country_MN; + country_MO; + country_MV; + country_MY; + country_NP; + country_OM; + country_PH; + country_PK; + country_PS; + country_QA; + country_SA; + country_SG; + country_SY; + country_TH; + country_TJ; + country_TL; + country_TM; + country_TW; + country_UZ; + country_VN; + country_YE; +}; + +// Europe +acl EU { + country_AD; + country_AL; + country_AT; + country_AX; + country_BA; + country_BE; + country_BG; + country_BY; + country_CH; + country_CZ; + country_DE; + country_DK; + country_EE; + country_ES; + country_FI; + country_FO; + country_FR; + country_GB; + country_GG; + country_GI; + country_GR; + country_HR; + country_HU; + country_IE; + country_IM; + country_IS; + country_IT; + country_JE; + country_LI; + country_LT; + country_LU; + country_LV; + country_MC; + country_MD; + country_ME; + country_MK; + country_MT; + country_NL; + country_NO; + country_PL; + country_PT; + country_RO; + country_RS; + country_RU; + country_SE; + country_SI; + country_SJ; + country_SK; + country_SM; + country_TR; + country_UA; + country_VA; +}; + +// North America +acl NA { + country_AG; + country_AI; + country_AN; + country_AW; + country_BB; + country_BL; + country_BM; + country_BS; + country_BZ; + country_CA; + country_CR; + country_CU; + country_DM; + country_DO; + country_GD; + country_GL; + country_GP; + country_GT; + country_HN; + country_HT; + country_JM; + country_KN; + country_KY; + country_LC; + country_MF; + country_MQ; + country_MS; + country_MX; + country_NI; + country_PA; + country_PM; + country_PR; + country_SV; + country_TC; + country_TT; + country_US; + country_VC; + country_VG; + country_VI; +}; + +// South America +acl SA { + country_AR; + country_BO; + country_BR; + country_CL; + country_CO; + country_EC; + country_FK; + country_GF; + country_GY; + country_PE; + country_PY; + country_SR; + country_UY; + country_VE; +}; + +// Oceania +acl OC { + country_AS; + country_AU; + country_CK; + country_FJ; + country_FM; + country_GU; + country_KI; + country_MH; + country_MP; + country_NC; + country_NF; + country_NR; + country_NU; + country_NZ; + country_PF; + country_PG; + country_PN; + country_PW; + country_SB; + country_TK; + country_TO; + country_TV; + country_UM; + country_VU; + country_WF; + country_WS; +}; + +// Antarctica +acl AN { + country_AQ; + country_BV; + country_GS; + country_HM; + country_TF; +}; diff --git a/modules/named/files/common/named.conf.debian-zones b/modules/named/files/common/named.conf.debian-zones new file mode 100644 index 00000000..a7874dd3 --- /dev/null +++ b/modules/named/files/common/named.conf.debian-zones @@ -0,0 +1,168 @@ +// +// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +// + +// Slave domains, includ in bind.conf + +// NOT USED YET - SYNC UP WITH dsa-misc/config/bind/ before enabling finally + +zone "debian.org" { + type slave; + notify no; + file "db.debian.org"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; + +zone "debian.net" { + type slave; + notify no; + file "db.debian.net"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; + +zone "mirror.debian.net" { + type slave; + notify no; + file "db.mirror.debian.net"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; + +zone "rbl.debian.net" { + type slave; + notify no; + file "db.rbl.debian.net"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; + +zone "debian.com" { + type slave; + notify no; + file "db.debian.com"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; + +zone "alioth.debian.org" { + type slave; + notify no; + file "db.alioth.debian.org"; + masters { + 217.196.43.134; + }; + allow-query { any; }; + allow-transfer { }; +}; + + +// debian rack with sil.at +zone "144-28.118.59.86.in-addr.arpa" { + type slave; + notify no; + file "db.86.59.118.144"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; +zone "2.0.0.0.2.0.0.0.8.5.8.0.1.0.0.2.ip6.arpa" { + type slave; + notify no; + file "db.2001:0858:0002:0002"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; + +// ipv6 at 1&1 - powell: 2001:08d8:0081:1520::/60 +zone "2.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa" { + type slave; + notify no; + file "db.2001:08d8:0081:1520"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; +// ipv6 at 1&1 - puccini 2001:08d8:0081:15a0::/60 +zone "a.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa" { + type slave; + notify no; + file "db.2001:08d8:0081:15a0"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; +// ipv6 at 1&1 - wieck and schumann +zone "2.6.a.0.4.6.5.6.1.0.0.0.2.0.0.0.8.d.8.0.1.0.0.2.ip6.arpa" { + type slave; + notify no; + file "db.2001:8d8:2:1:6564:0a62"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; + +// ipv6 at xs4all - klecker 2001:888:2000:12::/64 +zone "2.1.0.0.0.0.0.2.8.8.8.0.1.0.0.2.ip6.arpa" { + type slave; + notify no; + file "db.2001:888:2000:12"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; + +// 19.12.206.in-addr.arpa zone - reverse zone for 206.12.19/24 - debian at UBC/ECE +zone "19.12.206.in-addr.arpa" { + type slave; + notify no; + file "db.206.12.19"; + masters { + 82.195.75.106; // draghi + 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi + }; + allow-query { any; }; + allow-transfer { }; +}; +// vim:set syn=named: diff --git a/modules/named/files/common/named.conf.geo b/modules/named/files/common/named.conf.geo new file mode 100644 index 00000000..13f6836e --- /dev/null +++ b/modules/named/files/common/named.conf.geo @@ -0,0 +1,421 @@ +// This file was created by dsa-geodomains/zonebuilder --create-named-conf +// and is distributed to hosts using puppet as +// dsa-puppet/modules/geodns/files/common/named.conf.geo +// you probably do not want to edit it manually wherever you find it + +view "AF" { + match-clients { AF; }; + + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AF"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AF"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "bugs.debian.org" { + type master; + file "/etc/bind/geodns/db.bugs.debian.org.AF"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AF"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AF"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "packages.debian.org" { + type master; + file "/etc/bind/geodns/db.packages.debian.org.AF"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + +}; +view "AN" { + match-clients { AN; }; + + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AN"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AN"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "bugs.debian.org" { + type master; + file "/etc/bind/geodns/db.bugs.debian.org.AN"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AN"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AN"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "packages.debian.org" { + type master; + file "/etc/bind/geodns/db.packages.debian.org.AN"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + +}; +view "AS" { + match-clients { AS; }; + + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AS"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.AS"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "bugs.debian.org" { + type master; + file "/etc/bind/geodns/db.bugs.debian.org.AS"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AS"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.AS"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "packages.debian.org" { + type master; + file "/etc/bind/geodns/db.packages.debian.org.AS"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + +}; +view "EU" { + match-clients { EU; }; + + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.EU"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.EU"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "bugs.debian.org" { + type master; + file "/etc/bind/geodns/db.bugs.debian.org.EU"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.EU"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.EU"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "packages.debian.org" { + type master; + file "/etc/bind/geodns/db.packages.debian.org.EU"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + +}; +view "NA" { + match-clients { NA; }; + + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.NA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.NA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "bugs.debian.org" { + type master; + file "/etc/bind/geodns/db.bugs.debian.org.NA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.NA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.NA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "packages.debian.org" { + type master; + file "/etc/bind/geodns/db.packages.debian.org.NA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + +}; +view "OC" { + match-clients { OC; }; + + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.OC"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.OC"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "bugs.debian.org" { + type master; + file "/etc/bind/geodns/db.bugs.debian.org.OC"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.OC"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.OC"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "packages.debian.org" { + type master; + file "/etc/bind/geodns/db.packages.debian.org.OC"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + +}; +view "SA" { + match-clients { SA; }; + + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.SA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.SA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "bugs.debian.org" { + type master; + file "/etc/bind/geodns/db.bugs.debian.org.SA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.SA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.SA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "packages.debian.org" { + type master; + file "/etc/bind/geodns/db.packages.debian.org.SA"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + +}; +view "default" { + match-clients { any; }; + + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "bugs.debian.org" { + type master; + file "/etc/bind/geodns/db.bugs.debian.org"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "packages.debian.org" { + type master; + file "/etc/bind/geodns/db.packages.debian.org"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + +}; diff --git a/modules/named/files/common/named.conf.local b/modules/named/files/common/named.conf.local new file mode 100644 index 00000000..5397f6d3 --- /dev/null +++ b/modules/named/files/common/named.conf.local @@ -0,0 +1,7 @@ +// +// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +// + +include "/etc/bind/named.conf.acl"; +include "/etc/bind/geodns/named.conf.geo"; diff --git a/modules/named/files/common/named.conf.options b/modules/named/files/common/named.conf.options new file mode 100644 index 00000000..1a872001 --- /dev/null +++ b/modules/named/files/common/named.conf.options @@ -0,0 +1,42 @@ +// +// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +// + +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + // forwarders { + // 0.0.0.0; + // }; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; + allow-query { any; }; + allow-update { none; }; + allow-transfer { none; }; + allow-recursion { Nagios; }; +}; + +logging { + + channel queries { + file "/var/log/bind9/geoip-query.log" versions 4 size 40m; + print-time yes; + print-category yes; + }; + category queries { queries; }; + category lame-servers { null; }; + +}; + + diff --git a/modules/named/files/common/recvconf b/modules/named/files/common/recvconf new file mode 100755 index 00000000..dd9b5758 --- /dev/null +++ b/modules/named/files/common/recvconf @@ -0,0 +1,217 @@ +#!/bin/bash + +# +# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +# + +set -e +set -u + +## Copyright (c) 2005 David B. Harris +## Copyright (c) 2005,2009 Peter Palfrader + +## This text is released under the "three-clause BSD license". +## The full text of the license is available at the end of this file. + +if [ "$#" != 1 ]; then + echo "Usage: $0 " >&2 + exit 1 +fi + +FILELIST="$1" + +printf "\nrecvconf on %s processing:\n" "$(hostname -s)" + +umask 077 + +temptar="$(mktemp)" +chmod 0600 "$temptar" + +tempscript="$(mktemp)" +chmod 0600 "$tempscript" + +tempdir="$(mktemp -d)" + +# Read tarball from STDIN +gzip -dc > "$temptar" + +cd "$tempdir" +tar xf "$temptar" + +copy_and_runcommands() { + + local file perms user group precommand postcommand + file="$1"; perms="$2"; user="$3"; group="$4"; precommand="$5"; postcommand="$6" + + if [ -f "$file" ]; then + if [ -h "$file" ]; then # File should NOT be a symlink + printf "\`%s' is a symlink, aborting.\n" "$file" >&2 + return 1 + fi + + if ! [ "$file" -nt "/$file" ]; then + rm -f "$file" + return 0 + fi + + if [ -n "$precommand" ]; then + printf "Running precommand \`%s' for %s\n" "$precommand" "$file" >&2 + eval -- $precommand >&2 + fi + + if [ -n "$perms" ]; then + chmod -- "$perms" "$file" + else + printf "Warning, no perms defined for \`%s', assuming 0640.\n" "$file" >&2 + chmod 0640 "$file" + fi + if [ -n "$user" ]; then + chown -- "$user" "$file" + else + printf "Warning, no user defined for \`%s', assuming root.\n" "$file" >&2 + chown root "$file" + fi + if [ -n "$group" ]; then + chgrp -- "$group" "$file" + else + printf "Warning, no group defined for \`%s', assuming root.\n" "$file" >&2 + chgrp root "$file" + fi + + if [ ! -d "/$(dirname "$file")" ]; then + printf "Directory \`%s' does not exist, aborting.\n" "$(dirname "$file")" >&2 + exit 1 + fi + + cp -a -- "$file" "/$(dirname "$file")" >&2 + ls -l "/$(dirname "$file")/$(basename "$file")" >&2 + + if [ -n "$postcommand" ]; then + if ! grep -F -- "$postcommand" "$tempscript" > /dev/null 2>&1; then + printf "%s\n" "$postcommand" >> "$tempscript" + fi + fi + + rm -f -- "$file" + fi +} + +IN=0 +linenum=0 +file="" +nextfile="" + +clear_vars() { + perms=""; user=""; group=""; precommand=""; postcommand="" +} +clear_vars + +while read line; do + linenum="$(($linenum + 1))" + + if printf "%s\n" "$line" | grep -E '^[[:space:]]*$' > /dev/null 2>&1; then + ## This line is an empty line; skip it + continue + elif printf "%s" "$line" | grep -E '^[[:space:]]*#' > /dev/null 2>&1; then + ## This line is a comment; skip it + continue + fi + + ## IN=0, so we're out of a stanza: better get a file declaration next + if [ "$IN" = "0" ] && ! printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then + printf "Error on line %s, file declaration expected. Got\n\t%s\n" "$linenum" "$line" >&2 + exit 1 + elif [ "$IN" = 0 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then + ## Okay, we're just starting out; set $file and move on + file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')" + IN=1 + continue + elif [ "$IN" = 1 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then + ## Okay, not only are we at a file declaration, but this isn't our first one. Run the commands to process + ## the file, then set a $file to the new value and continue parsing. + [ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand" + file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')" + clear_vars + continue + fi + + ## The last two if blocks weren't processed; thus this isn't a comment, a blank line, and we're in the middle of a stanza + if printf "%s" "$line" | grep -E '^[[:space:]]*perms[[:space:]]' > /dev/null 2>&1; then + perms="$(printf "%s" "$line" | sed -e 's/[[:space:]]*perms[[:space:]]\+\([^[:space:]#]*\).*/\1/')" + continue + elif printf "%s" "$line" | grep -E '^[[:space:]]*user[[:space:]]' > /dev/null 2>&1; then + user="$(printf "%s" "$line" | sed -e 's/[[:space:]]*user[[:space:]]\+\([^[:space:]#]*\).*/\1/')" + continue + elif printf "%s" "$line" | grep -E '^[[:space:]]*group[[:space:]]' > /dev/null 2>&1; then + group="$(printf "%s" "$line" | sed -e 's/[[:space:]]*group[[:space:]]\+\([^[:space:]#]*\).*/\1/')" + continue + elif printf "%s" "$line" | grep -E '^[[:space:]]*precommand[[:space:]]' > /dev/null 2>&1; then + precommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*precommand[[:space:]]\+\([^[:space:]#]*\)/\1/')" + continue + elif printf "%s" "$line" | grep -E '^[[:space:]]*postcommand[[:space:]]' > /dev/null 2>&1; then + postcommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*postcommand[[:space:]]\+\([^[:space:]#]*\)/\1/')" + continue + else + printf "Unknown token at line %s:\n\t%s\n" "$linenum" "$line" + fi + +done < "$FILELIST" + +## This is the last stanza and the above loop has set the variables, but hasn't yet processed the file +[ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand" + +if [ -s "$tempscript" ]; then + tempoutput="$(mktemp)" + ## Post-copying commands to be run, run them here. Only display output if they exit with $? > 0 + while read command; do + printf "Running postcommand \`%s' on %s.\n" "$command" "$(hostname -s)" >&2 + if ! eval -- "(cd / && env -i $command)" > "$tempoutput" 2>&1; then + printf "Error, postcommand \`%s' on %s failed. Output follows:\n" "$command" "$(hostname -s)" >&2 + cat -- "$tempoutput" >&2 + exit 1 + fi + done < "$tempscript" + rm -f -- "$tempoutput" +fi + +# Check for any leftover files here; if there are any, exit with an error and print the list +if [ ! -z "$(find . -type f)" ]; then + printf "The following files were not listed in $FILELIST:\n%s\n" "$(find . -type f)" >&2 + exit 1 +fi + +rm -f -- "$temptar" +rm -f -- "$tempscript" +cd +rm -rf -- "$tempdir" + +printf "recvconf on %s finished.\n" "$(hostname -s)" + +## Redistribution and use in source and binary forms, with or without +## modification, are permitted provided that the following conditions are +## met: +## +## * Redistributions of source code must retain the above copyright +## notice, this list of conditions and the following disclaimer. +## +## * Redistributions in binary form must reproduce the above +## copyright notice, this list of conditions and the following disclaimer +## in the documentation and/or other materials provided with the +## distribution. +## +## * Neither the names of the copyright owners nor the names of its +## contributors may be used to endorse or promote products derived from +## this software without specific prior written permission. +## +## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +## A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +## OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +## DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +## THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +## OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/modules/named/files/common/recvconf.files b/modules/named/files/common/recvconf.files new file mode 100644 index 00000000..9c6667b6 --- /dev/null +++ b/modules/named/files/common/recvconf.files @@ -0,0 +1,197 @@ +# This file was created by dsa-geodomains/zonebuilder --create-recvconf-conf +# and is distributed to hosts using puppet as +# dsa-puppet/modules/geodns/files/common/recvconf.files +# you probably do not want to edit it manually wherever you find it + +file etc/bind/geodns/db.bugs.debian.org.AN + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AN + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.bugs.debian.org.SA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.SA + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.bugs.debian.org.OC + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.OC + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.bugs.debian.org.AS + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AS + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.bugs.debian.org.AF + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AF + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.bugs.debian.org + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.bugs.debian.org.EU + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.EU + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.bugs.debian.org.NA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.NA + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.packages.debian.org.AN + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AN + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.packages.debian.org.SA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.SA + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.packages.debian.org.OC + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.OC + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.packages.debian.org.AS + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AS + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.packages.debian.org.AF + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AF + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.packages.debian.org + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.packages.debian.org.EU + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.EU + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.packages.debian.org.NA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.NA + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.security.debian.org.AN + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AN + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.security.debian.org.SA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.SA + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.security.debian.org.OC + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.OC + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.security.debian.org.AS + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AS + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.security.debian.org.AF + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AF + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.security.debian.org + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.security.debian.org.EU + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.EU + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.security.debian.org.NA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.NA + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.AN + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AN + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.SA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.SA + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.OC + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.OC + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.AS + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AS + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.AF + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AF + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.EU + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.EU + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.NA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.NA + postcommand sudo /etc/init.d/bind9 reload diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp new file mode 100644 index 00000000..e9ef8efd --- /dev/null +++ b/modules/named/manifests/geodns.pp @@ -0,0 +1,85 @@ +class named::geodns inherits named { + file { + "/etc/apt/sources.list.d/geoip.list": + content => template("debian-org/etc/apt/sources.list.d/geoip.list.erb"), + notify => Exec["apt-get update"], + ; + "/etc/bind/named.conf.local": + source => [ "puppet:///geodns/per-host/$fqdn/named.conf.local", + "puppet:///geodns/common/named.conf.local" ], + require => Package["bind9"], + notify => Exec["bind9 restart"], + owner => root, + group => root, + ; + "/etc/bind/named.conf.acl": + source => [ "puppet:///geodns/per-host/$fqdn/named.conf.acl", + "puppet:///geodns/common/named.conf.acl" ], + require => Package["bind9"], + notify => Exec["bind9 restart"], + owner => root, + group => root, + ; + "/etc/bind/named.conf.options": + source => [ "puppet:///geodns/per-host/$fqdn/named.conf.options", + "puppet:///geodns/common/named.conf.options" ], + require => Package["bind9"], + notify => Exec["bind9 restart"], + owner => root, + group => root, + ; + + "/etc/bind/geodns": + ensure => directory, + owner => root, + group => geodnssync, + mode => 775, + ; + "/etc/bind/geodns/named.conf.geo": + source => [ "puppet:///geodns/per-host/$fqdn/named.conf.geo", + "puppet:///geodns/common/named.conf.geo" ], + require => Package["bind9"], + notify => Exec["bind9 restart"], + owner => root, + group => root, + ; + "/etc/bind/geodns/recvconf": + source => [ "puppet:///geodns/per-host/$fqdn/recvconf", + "puppet:///geodns/common/recvconf" ], + owner => root, + group => root, + mode => 555, + ; + "/etc/bind/geodns/recvconf.files": + source => [ "puppet:///geodns/per-host/$fqdn/recvconf.files", + "puppet:///geodns/common/recvconf.files" ], + owner => root, + group => root, + mode => 444, + ; + + "/usr/share/GeoIP/GeoIPv6.dat": + source => [ "puppet:///geodns/per-host/$fqdn/GeoIPv6.dat", + "puppet:///geodns/common/GeoIPv6.dat" ], + owner => root, + group => root, + mode => 444, + ; + + "/etc/ssh/userkeys/geodnssync": + source => [ "puppet:///geodns/per-host/$fqdn/authorized_keys", + "puppet:///geodns/common/authorized_keys" ], + owner => root, + group => geodnssync, + mode => 440, + ; + "/var/log/bind9": + ensure => directory, + owner => bind, + group => bind, + mode => 775, + ; + } +} + +# vim: set fdm=marker ts=8 sw=8 et: diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp new file mode 100644 index 00000000..0c75aebf --- /dev/null +++ b/modules/named/manifests/init.pp @@ -0,0 +1,22 @@ +class named { + include munin-node::bind + + package { + bind9: ensure => installed; + } + + exec { + "bind9 restart": + path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true, + ; + } + exec { + "bind9 reload": + path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true, + ; + } +} + +# vim: set fdm=marker ts=8 sw=8 et: diff --git a/modules/named/manifests/secondary.pp b/modules/named/manifests/secondary.pp new file mode 100644 index 00000000..9209aa7e --- /dev/null +++ b/modules/named/manifests/secondary.pp @@ -0,0 +1,8 @@ +class named::secondary inherits named { +# file { "/etc/bind/named.conf.debian-zones": +# source => [ "puppet:///named-secondary/per-host/$fqdn/named.conf.debian-zones", +# "puppet:///named-secondary/common/named.conf.debian-zones" ], +# notify => Exec["bind9 reload"], +# } +} +