From 12df216f8b140efd052fadb0db74f6c01205d089 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sat, 26 Jun 2010 10:46:59 +0200 Subject: [PATCH] Switch geo configuration distribution from push to trigger/pull --- modules/named/files/common/authorized_keys | 4 +- modules/named/files/common/recvconf | 217 ------------ modules/named/files/common/recvconf.files | 383 --------------------- modules/named/files/common/trigger | 3 + modules/named/manifests/geodns.pp | 17 +- 5 files changed, 10 insertions(+), 614 deletions(-) delete mode 100755 modules/named/files/common/recvconf delete mode 100644 modules/named/files/common/recvconf.files create mode 100755 modules/named/files/common/trigger diff --git a/modules/named/files/common/authorized_keys b/modules/named/files/common/authorized_keys index 646c710d..99271717 100644 --- a/modules/named/files/common/authorized_keys +++ b/modules/named/files/common/authorized_keys @@ -2,5 +2,5 @@ # THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. # USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git # -from="82.195.75.106,2001:41b8:202:deb:216:36ff:fe40:3906",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2cJCkmggW6TD0UPJP9lelDno8qbYGXPeYE4+QmkqJv8mslcHxmx5tA2TvpJ9qbAUMPOdZf9ihomwPmFzz9UNZH4eDA8F126UUP5DXsh7FC7yVGSBUNdJdYS7m2wtVs8ddhrVdI+8c39D7NVGGjtUCJCWA/3fE65O183Gm+vER65SYR6LfHlEiC2FBROs6qwnjQ0yw194MnU7Jxl/GsTdZ72ArkmcPjuWsVHWtkSTt0hPfgBOyL4vSfBgl2p2eQBXCEPOaPTa1Yr5qfur1+Cj+iwadEmPfRap6rBO3wfIjbXt/KncM2uFrCXuF1TOqQxrs5LSe8dz16vf9Ckf9Ae5wQ== geodnssync@draghi (20090527) -from="91.103.132.25,2001:4b10:100b::dead:f00d",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApBLc4ZoGTtXDJ1UhgA7NEPdwqibg5BSXZfKPgfM9wn0mZooAlYzVYwNfe08UmDwrGkSjeNphmzpiDFQA27WGLCgAw8SIjunojWKvJwJcDwx2W4OPLByZaVg/wcEivC2h0+xlRc9jFqKL5cOsTnKBuD4nC7r8qnNcWxyeEEJGP4PVb2zgrGhf8UK3bAqYPuQp0pBFo4EPdorxsgThshEWg9eqB94ph7s+YXoccoWh4NlH2TaO9QdjtsWCId6uhfpcrxjhwKRkqdjofKiOhBB3vqHE+Cpe95nKHZAP5JDgqFH/L+pzyOiRqfTeYh2ivaEBl6m5F7C/QlDBOFrOZkEtXQ== geodnssync key for sgran +from="82.195.75.106,2001:41b8:202:deb:216:36ff:fe40:3906",command="/etc/bind/geodns/trigger",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2cJCkmggW6TD0UPJP9lelDno8qbYGXPeYE4+QmkqJv8mslcHxmx5tA2TvpJ9qbAUMPOdZf9ihomwPmFzz9UNZH4eDA8F126UUP5DXsh7FC7yVGSBUNdJdYS7m2wtVs8ddhrVdI+8c39D7NVGGjtUCJCWA/3fE65O183Gm+vER65SYR6LfHlEiC2FBROs6qwnjQ0yw194MnU7Jxl/GsTdZ72ArkmcPjuWsVHWtkSTt0hPfgBOyL4vSfBgl2p2eQBXCEPOaPTa1Yr5qfur1+Cj+iwadEmPfRap6rBO3wfIjbXt/KncM2uFrCXuF1TOqQxrs5LSe8dz16vf9Ckf9Ae5wQ== geodnssync@draghi (20090527) +#from="91.103.132.25,2001:4b10:100b::dead:f00d",command="/etc/bind/geodns/recvconf /etc/bind/geodns/recvconf.files",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApBLc4ZoGTtXDJ1UhgA7NEPdwqibg5BSXZfKPgfM9wn0mZooAlYzVYwNfe08UmDwrGkSjeNphmzpiDFQA27WGLCgAw8SIjunojWKvJwJcDwx2W4OPLByZaVg/wcEivC2h0+xlRc9jFqKL5cOsTnKBuD4nC7r8qnNcWxyeEEJGP4PVb2zgrGhf8UK3bAqYPuQp0pBFo4EPdorxsgThshEWg9eqB94ph7s+YXoccoWh4NlH2TaO9QdjtsWCId6uhfpcrxjhwKRkqdjofKiOhBB3vqHE+Cpe95nKHZAP5JDgqFH/L+pzyOiRqfTeYh2ivaEBl6m5F7C/QlDBOFrOZkEtXQ== geodnssync key for sgran diff --git a/modules/named/files/common/recvconf b/modules/named/files/common/recvconf deleted file mode 100755 index dd9b5758..00000000 --- a/modules/named/files/common/recvconf +++ /dev/null @@ -1,217 +0,0 @@ -#!/bin/bash - -# -# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -# - -set -e -set -u - -## Copyright (c) 2005 David B. Harris -## Copyright (c) 2005,2009 Peter Palfrader - -## This text is released under the "three-clause BSD license". -## The full text of the license is available at the end of this file. - -if [ "$#" != 1 ]; then - echo "Usage: $0 " >&2 - exit 1 -fi - -FILELIST="$1" - -printf "\nrecvconf on %s processing:\n" "$(hostname -s)" - -umask 077 - -temptar="$(mktemp)" -chmod 0600 "$temptar" - -tempscript="$(mktemp)" -chmod 0600 "$tempscript" - -tempdir="$(mktemp -d)" - -# Read tarball from STDIN -gzip -dc > "$temptar" - -cd "$tempdir" -tar xf "$temptar" - -copy_and_runcommands() { - - local file perms user group precommand postcommand - file="$1"; perms="$2"; user="$3"; group="$4"; precommand="$5"; postcommand="$6" - - if [ -f "$file" ]; then - if [ -h "$file" ]; then # File should NOT be a symlink - printf "\`%s' is a symlink, aborting.\n" "$file" >&2 - return 1 - fi - - if ! [ "$file" -nt "/$file" ]; then - rm -f "$file" - return 0 - fi - - if [ -n "$precommand" ]; then - printf "Running precommand \`%s' for %s\n" "$precommand" "$file" >&2 - eval -- $precommand >&2 - fi - - if [ -n "$perms" ]; then - chmod -- "$perms" "$file" - else - printf "Warning, no perms defined for \`%s', assuming 0640.\n" "$file" >&2 - chmod 0640 "$file" - fi - if [ -n "$user" ]; then - chown -- "$user" "$file" - else - printf "Warning, no user defined for \`%s', assuming root.\n" "$file" >&2 - chown root "$file" - fi - if [ -n "$group" ]; then - chgrp -- "$group" "$file" - else - printf "Warning, no group defined for \`%s', assuming root.\n" "$file" >&2 - chgrp root "$file" - fi - - if [ ! -d "/$(dirname "$file")" ]; then - printf "Directory \`%s' does not exist, aborting.\n" "$(dirname "$file")" >&2 - exit 1 - fi - - cp -a -- "$file" "/$(dirname "$file")" >&2 - ls -l "/$(dirname "$file")/$(basename "$file")" >&2 - - if [ -n "$postcommand" ]; then - if ! grep -F -- "$postcommand" "$tempscript" > /dev/null 2>&1; then - printf "%s\n" "$postcommand" >> "$tempscript" - fi - fi - - rm -f -- "$file" - fi -} - -IN=0 -linenum=0 -file="" -nextfile="" - -clear_vars() { - perms=""; user=""; group=""; precommand=""; postcommand="" -} -clear_vars - -while read line; do - linenum="$(($linenum + 1))" - - if printf "%s\n" "$line" | grep -E '^[[:space:]]*$' > /dev/null 2>&1; then - ## This line is an empty line; skip it - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*#' > /dev/null 2>&1; then - ## This line is a comment; skip it - continue - fi - - ## IN=0, so we're out of a stanza: better get a file declaration next - if [ "$IN" = "0" ] && ! printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then - printf "Error on line %s, file declaration expected. Got\n\t%s\n" "$linenum" "$line" >&2 - exit 1 - elif [ "$IN" = 0 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then - ## Okay, we're just starting out; set $file and move on - file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - IN=1 - continue - elif [ "$IN" = 1 ] && printf "%s" "$line" | grep -E '^[[:space:]]*file[[:space:]]' > /dev/null 2>&1; then - ## Okay, not only are we at a file declaration, but this isn't our first one. Run the commands to process - ## the file, then set a $file to the new value and continue parsing. - [ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand" - file="$(printf "%s" "$line" | sed -e 's/[[:space:]]*file[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - clear_vars - continue - fi - - ## The last two if blocks weren't processed; thus this isn't a comment, a blank line, and we're in the middle of a stanza - if printf "%s" "$line" | grep -E '^[[:space:]]*perms[[:space:]]' > /dev/null 2>&1; then - perms="$(printf "%s" "$line" | sed -e 's/[[:space:]]*perms[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*user[[:space:]]' > /dev/null 2>&1; then - user="$(printf "%s" "$line" | sed -e 's/[[:space:]]*user[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*group[[:space:]]' > /dev/null 2>&1; then - group="$(printf "%s" "$line" | sed -e 's/[[:space:]]*group[[:space:]]\+\([^[:space:]#]*\).*/\1/')" - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*precommand[[:space:]]' > /dev/null 2>&1; then - precommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*precommand[[:space:]]\+\([^[:space:]#]*\)/\1/')" - continue - elif printf "%s" "$line" | grep -E '^[[:space:]]*postcommand[[:space:]]' > /dev/null 2>&1; then - postcommand="$(printf "%s" "$line" | sed -e 's/[[:space:]]*postcommand[[:space:]]\+\([^[:space:]#]*\)/\1/')" - continue - else - printf "Unknown token at line %s:\n\t%s\n" "$linenum" "$line" - fi - -done < "$FILELIST" - -## This is the last stanza and the above loop has set the variables, but hasn't yet processed the file -[ -n "$file" ] && copy_and_runcommands "$file" "$perms" "$user" "$group" "$precommand" "$postcommand" - -if [ -s "$tempscript" ]; then - tempoutput="$(mktemp)" - ## Post-copying commands to be run, run them here. Only display output if they exit with $? > 0 - while read command; do - printf "Running postcommand \`%s' on %s.\n" "$command" "$(hostname -s)" >&2 - if ! eval -- "(cd / && env -i $command)" > "$tempoutput" 2>&1; then - printf "Error, postcommand \`%s' on %s failed. Output follows:\n" "$command" "$(hostname -s)" >&2 - cat -- "$tempoutput" >&2 - exit 1 - fi - done < "$tempscript" - rm -f -- "$tempoutput" -fi - -# Check for any leftover files here; if there are any, exit with an error and print the list -if [ ! -z "$(find . -type f)" ]; then - printf "The following files were not listed in $FILELIST:\n%s\n" "$(find . -type f)" >&2 - exit 1 -fi - -rm -f -- "$temptar" -rm -f -- "$tempscript" -cd -rm -rf -- "$tempdir" - -printf "recvconf on %s finished.\n" "$(hostname -s)" - -## Redistribution and use in source and binary forms, with or without -## modification, are permitted provided that the following conditions are -## met: -## -## * Redistributions of source code must retain the above copyright -## notice, this list of conditions and the following disclaimer. -## -## * Redistributions in binary form must reproduce the above -## copyright notice, this list of conditions and the following disclaimer -## in the documentation and/or other materials provided with the -## distribution. -## -## * Neither the names of the copyright owners nor the names of its -## contributors may be used to endorse or promote products derived from -## this software without specific prior written permission. -## -## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -## A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -## OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -## DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -## THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -## OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/modules/named/files/common/recvconf.files b/modules/named/files/common/recvconf.files deleted file mode 100644 index 72842fd5..00000000 --- a/modules/named/files/common/recvconf.files +++ /dev/null @@ -1,383 +0,0 @@ -# This file was created by dsa-geodomains/zonebuilder --create-recvconf-conf -# and is distributed to hosts using puppet as -# dsa-puppet/modules/geodns/files/common/recvconf.files -# you probably do not want to edit it manually wherever you find it - -file etc/bind/geodns/db.bugs.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.undef - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.undef - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.bugs.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.undef - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.undef - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.undef - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.undef - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.packages.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.undef - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.undef - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.security.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.snapshot.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail snapshot.debian.org etc/bind/geodns/db.snapshot.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.snapshot.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail snapshot.debian.org etc/bind/geodns/db.snapshot.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.snapshot.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail snapshot.debian.org etc/bind/geodns/db.snapshot.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.snapshot.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail snapshot.debian.org etc/bind/geodns/db.snapshot.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.snapshot.debian.org.undef - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail snapshot.debian.org etc/bind/geodns/db.snapshot.debian.org.undef - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.snapshot.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail snapshot.debian.org etc/bind/geodns/db.snapshot.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.snapshot.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail snapshot.debian.org etc/bind/geodns/db.snapshot.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.snapshot.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail snapshot.debian.org etc/bind/geodns/db.snapshot.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.snapshot.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail snapshot.debian.org etc/bind/geodns/db.snapshot.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.volatile.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.volatile.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.volatile.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.volatile.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.volatile.debian.org.undef - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.undef - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.volatile.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.volatile.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.volatile.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.volatile.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.undef - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.undef - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.www.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload diff --git a/modules/named/files/common/trigger b/modules/named/files/common/trigger new file mode 100755 index 00000000..1f779f0e --- /dev/null +++ b/modules/named/files/common/trigger @@ -0,0 +1,3 @@ +#!/bin/sh +rsync -az --delete draghi.debian.org:zonefiles/ /etc/bind/geodns/zonefiles/ +sudo /etc/init.d/bind9 reload diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp index 09c10663..3a41b94d 100644 --- a/modules/named/manifests/geodns.pp +++ b/modules/named/manifests/geodns.pp @@ -30,8 +30,8 @@ class named::geodns inherits named { "/etc/bind/geodns": ensure => directory, owner => root, - group => geodnssync, - mode => 775, + group => root, + mode => 755, ; "/etc/bind/geodns/zonefiles": ensure => directory, @@ -47,20 +47,13 @@ class named::geodns inherits named { owner => root, group => root, ; - "/etc/bind/geodns/recvconf": - source => [ "puppet:///named/per-host/$fqdn/recvconf", - "puppet:///named/common/recvconf" ], + "/etc/bind/geodns/trigger": + source => [ "puppet:///named/per-host/$fqdn/trigger", + "puppet:///named/common/trigger" ], owner => root, group => root, mode => 555, ; - "/etc/bind/geodns/recvconf.files": - source => [ "puppet:///named/per-host/$fqdn/recvconf.files", - "puppet:///named/common/recvconf.files" ], - owner => root, - group => root, - mode => 444, - ; "/etc/ssh/userkeys/geodnssync": source => [ "puppet:///named/per-host/$fqdn/authorized_keys", "puppet:///named/common/authorized_keys" ], -- 2.39.2