From 1a4056c33fac8412d3f7fdabcc6922878de1a717 Mon Sep 17 00:00:00 2001 From: Martin Zobel-Helas Date: Sun, 12 Sep 2010 19:11:09 +0200 Subject: [PATCH] lotti for president^Wloghost Signed-off-by: Martin Zobel-Helas --- modules/ferm/manifests/per-host.pp | 2 +- modules/ferm/templates/me.conf.erb | 2 +- templates/syslog-ng.conf.erb | 17 +++++++++++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index 379161fa..f00dc4f3 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -60,7 +60,7 @@ class ferm::per-host { rule => "&SERVICE_RANGE(tcp, rsync, ( 195.20.242.90 192.25.206.33 82.195.75.106 206.12.19.118 ))" } } - heininen: { + heininen,lotti: { @ferm::rule { "dsa-syslog": description => "Allow syslog access", rule => "&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V4)" diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb index f1f9ad15..a817428f 100644 --- a/modules/ferm/templates/me.conf.erb +++ b/modules/ferm/templates/me.conf.erb @@ -6,7 +6,7 @@ <%= out = [] -restrict_ssh = %w{lebrun logtest01 geo1 geo2 geo3 bartok beethoven tchaikovsky schroeder heininen handel} +restrict_ssh = %w{lebrun logtest01 geo1 geo2 geo3 bartok beethoven tchaikovsky schroeder heininen handel lotti} ssh4allowed = [] ssh6allowed = [] diff --git a/templates/syslog-ng.conf.erb b/templates/syslog-ng.conf.erb index f60820d0..f8b1b3cb 100644 --- a/templates/syslog-ng.conf.erb +++ b/templates/syslog-ng.conf.erb @@ -82,7 +82,7 @@ options { # is not a real hostname. bad_hostname("^gconfd$"); -<%- if hostname == "heininen" -%> +<%- if (hostname == "heininen") || (hostname == "lotti") -%> # we trust our mutual authenticated syslog clients keep_hostname(yes); <%- end -%> @@ -125,7 +125,7 @@ source s_local { <%- end -%> }; -<%- if hostname == "heininen" -%> +<%- if (hostname == "heininen") || (hostname == "lotti") -%> source s_network { tcp6(port(5140) max-connections(200) tls( key_file("/etc/exim4/ssl/thishost.key") @@ -403,7 +403,7 @@ log { <%- end -%> -<%- if hostname != "heininen" -%> +<%- if (hostname != "heininen") || (hostname != "lotti") -%> <%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%> destination loghost-heininen { tcp("heininen.debian.org" port (5140) @@ -413,18 +413,27 @@ destination loghost-heininen { ) ); }; +destination loghost-lotti { + tcp("lotti.debian.org" port (5140) + tls( key_file("/etc/ssl/debian/keys/thishost.key") + cert_file("/etc/ssl/debian/certs/thishost.crt") + ca_dir("/etc/ssl/debian/certs/") + ) + ); +}; log { source(s_local); destination(loghost-heininen); + destination(loghost-lotti); }; <%- end -%> <%- end -%> -<%- if hostname == "heininen" -%> +<%- if (hostname == "heininen") || (hostname == "lotti") -%> ############################################################################### ########## ON LOG HOST ######################################################## ############################################################################### -- 2.39.2