* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet: (29 commits)
ordering hint
add sonntag
Add buxtehude
Add buxtehude
Add a fi
Try this
More output
Try this
Try to do network right at osuosl
end
Try to make dsa.conf.erb a useful template
ganeti module on byrd
Add quotes
Only do the ferm stuff for cluster ganeti2.d.o
Fix spacing
Say which ganeti cluster we are in
Add byrd
remove vivaldi (RT#3802)
widor is getting hammered
mode is important
...
include roles
include unbound
- if $::hostname in [pasquini,tristano,bertali,boito] {
+ if $::hostname in [pasquini,tristano,bertali,boito,byrd] {
include ganeti2
}
}
}
- if $::hostname in [busoni,duarte,holter,lindberg,master,powell,beach] {
+ if $::hostname in [busoni,duarte,holter,lindberg,master,powell,beach,buxtehude,widor] {
include apache2::dynamic
} else {
@ferm::rule { 'dsa-http':
ensure => absent,
}
- if $::lsbdistcodename in [squeeze,wheezy] {
- $suite = $::lsbdistcodename
- } else {
- $suite = 'wheezy'
+ $suite = $::lsbdistcodename ? {
+ squeeze => $::lsbdistcodename,
+ wheezy => $::lsbdistcodename,
+ undef => 'squeeze',
+ default => 'wheezy'
}
site::aptrepo { 'buildd.debian.org':
boiti.debian.org: Arrigo Boito (February 24th, 1842 - June 10th, 1918)
brahms.debian.org: Johannes Brahms (May 7th, 1833 - April 3rd, 1897)
busoni.debian.org: Ferruccio Dante Michelangiolo Benvenuto Busoni (April 1st, 1866 - July 27th, 1924)
+ buxtehude.debian.org: Dieterich Buxtehude (c. 1637 to 1639 -—May 9th, 1707)
+ byrd.debian.org: William Byrd (1543 - July 4th, 1623)
chopin.debian.org: Frédéric Chopin (March 1st, 1810 - October 17th, 1849)
cilea.debian.org: Francesco Cilèa (July 26th, 1866 - November 20th, 1950)
corelli.debian.org: Arcangelo Corelli (February 17th, 1653 - January 8th, 1713)
fano.debian.org: Guido Alberto Fano (March 18th, 1875 - August 14th, 1961)
fasch.debian.org: Johann Friedrich Fasch (1688 - 1758)
field.debian.org: John Field (1782 - 1837)
+ fils.debian.org: Anton Fils (September 22nd, 1733 (baptized) - March 14th, 1760 (buried))
finzi.debian.org: Gerald Raphael Finzi (July 14th, 1901 - September 27th, 1956)
fischer.debian.org: Johann Caspar Ferdinand Fischer (September 9th, 1656 - August 27th, 1746)
franck.debian.org: Melchior Franck (1579 - June 1st, 1639)
smetana.debian.org: Bedřich Smetana (March 2nd, 1824 - May 12th, 1884)
soler.debian.org: Padre Antonio Soler (December 3rd, 1729 (baptized) - December 20th, 1783)
sompek.debian.org: Ernst Sompek (Juni 11th 1876 - August 2nd 1954)
+ sonntag.debian.org: Brunhilde Sonntag (27 September 1936 - 18 December 2002)
stadler.debian.org: Maximilian Johann Karl Dominik Stadler, Abbé Stadler (August 4th 1748 - November 8th 1833)
sperger.debian.org: Johannes Matthias Sperger (March 23th, 1750 - May 13th, 1812)
spohr.debian.org: Louis Spohr (April 5th, 1784 - October 22nd, 1859)
unger.debian.org: Caroline Unger (October 28th, 1803 - March 23th, 1877)
vento.debian.org: Ivo de Vento (1543/1545 - 1575)
vitry.debian.org: Philippe de Vitry (October 31st, 1291 - June 9th, 1361)
- vivaldi.debian.org: Antonio Lucio Vivaldi (March 4th, 1678 - July 28th, 1741)
widor.debian.org: Charles-Marie Jean Albert Widor (February 21st, 1844 - March 12th, 1937)
wieck.debian.org: Clara Josephine Wieck (September 13th, 1819 - May 20th, 1896)
wolkenstein.debian.org: Oswald von Wolkenstein (1377 - August 2nd, 1445)
bugsmaster:
bugsmx:
- busoni.debian.org
+ - buxtehude.debian.org
bugs_mirror:
- beach.debian.org
dbmaster:
- bellini.debian.org
- bizet.debian.org
- busoni.debian.org
+ - buxtehude.debian.org
- chopin.debian.org
- draghi.debian.org
- franck.debian.org
package { 'exim4-daemon-heavy': ensure => installed }
+ Package['exim4-daemon-heavy']->Mailalias<| |>
+
service { 'exim4':
ensure => running,
require => [
### USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
###
-<% if scope.lookupvar('::hostname') == 'busoni' %>
+<% if %w{busoni buxtehude}.include?( scope.lookupvar('::hostname') ) %>
bugs.debian.org
<% end %>
when "bellini.debian.org" then "popcon.debian.org: user=popcon group=popcon directory=/org/popcon.debian.org/mail/"
when "busoni.debian.org" then "bugs.debian.org: user=debbugs group=debbugs directory=/srv/bugs.debian.org/mail"
+ when "buxtehude.debian.org" then "bugs.debian.org: user=debbugs group=debbugs directory=/srv/bugs.debian.org/mail"
when "chopin.debian.org" then "security.debian.org: user=mail_security group=nogroup directory=/srv/security-master.debian.org/mail/"
rule => '&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))'
}
}
+ ullmann: {
+ @ferm::rule { 'dsa-postgres-udd':
+ description => 'Allow postgress access',
+ # quantz, wagner
+ rule => '&SERVICE_RANGE(tcp, 5452, ( 206.12.19.122/32 217.196.43.134/32 217.196.43.132/32 ))'
+ }
+ @ferm::rule { 'dsa-postgres-udd6':
+ domain => '(ip6)',
+ description => 'Allow postgress access',
+ # quantz
+ rule => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 ))'
+ }
+ }
grieg: {
@ferm::rule { 'dsa-postgres-ullmann':
description => 'Allow postgress access',
default: {}
}
- if $::hostname in [rautavaara,luchesi] {
+ if $::hostname in [rautavaara,luchesi,czerny] {
@ferm::rule { 'dsa-to-kfreebsd':
description => 'Traffic routed to kfreebsd hosts',
chain => 'to-kfreebsd',
interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
ULOG ulog-prefix "REJECT FORWARD: ";
REJECT reject-with icmp-admin-prohibited
+'
+ }
+ }
+ czerny: {
+ @ferm::rule { 'dsa-routing':
+ description => 'forward chain',
+ chain => 'FORWARD',
+ rule => 'def $ADDRESS_FILS=82.195.75.89;
+def $FREEBSD_HOSTS=($ADDRESS_FILS);
+
+policy ACCEPT;
+mod state state (ESTABLISHED RELATED) ACCEPT;
+interface br0 outerface br0 ACCEPT;
+interface br1 outerface br1 ACCEPT;
+
+interface br2 outerface br0 jump from-kfreebsd;
+interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
+ULOG ulog-prefix "REJECT FORWARD: ";
+REJECT reject-with icmp-admin-prohibited
'
}
}
ensure => installed
}
- package { 'drbd8-utils':
- ensure => installed
- }
-
package { 'ganeti-instance-debootstrap':
ensure => installed
}
ensure => installed
}
- @ferm::rule { 'dsa-ganeti-noded-v4':
- description => 'allow ganeti-noded communication',
- rule => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti-noded\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
- notarule => true,
- }
+ case $::cluster {
+ 'ganeti2.debian.org': {
+ package { 'drbd8-utils':
+ ensure => installed
+ }
- @ferm::rule { 'dsa-ganeti-confd-v4':
- description => 'allow ganeti-confd communication',
- rule => 'proto udp mod state state (NEW) dport (1814) @subchain \'ganeti-confd\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
- notarule => true,
- }
+ @ferm::rule { 'dsa-ganeti-noded-v4':
+ description => 'allow ganeti-noded communication',
+ rule => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti-noded\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
+ notarule => true,
+ }
- @ferm::rule { 'dsa-ganeti-rapi-v4':
- description => 'allow ganeti-rapi communication',
- rule => 'proto tcp mod state state (NEW) dport (5080) @subchain \'ganeti-rapi\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
- notarule => true,
- }
+ @ferm::rule { 'dsa-ganeti-confd-v4':
+ description => 'allow ganeti-confd communication',
+ rule => 'proto udp mod state state (NEW) dport (1814) @subchain \'ganeti-confd\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
+ notarule => true,
+ }
- @ferm::rule { 'dsa-ganeti-drbd-v4':
- description => 'allow ganeti drbd communication',
- rule => 'proto tcp mod state state (NEW) dport (11000:11999) @subchain \'ganeti-drbd\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }',
- notarule => true,
- }
+ @ferm::rule { 'dsa-ganeti-rapi-v4':
+ description => 'allow ganeti-rapi communication',
+ rule => 'proto tcp mod state state (NEW) dport (5080) @subchain \'ganeti-rapi\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
+ notarule => true,
+ }
- @ferm::rule { 'dsa-ganeti-kvm-migration-v4':
- description => 'allow ganeti kvm migration ',
- rule => 'proto tcp dport 8102 @subchain \'ganeti-kvm-migration\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }',
- notarule => true,
- }
+ @ferm::rule { 'dsa-ganeti-drbd-v4':
+ description => 'allow ganeti drbd communication',
+ rule => 'proto tcp mod state state (NEW) dport (11000:11999) @subchain \'ganeti-drbd\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }',
+ notarule => true,
+ }
+
+ @ferm::rule { 'dsa-ganeti-kvm-migration-v4':
+ description => 'allow ganeti kvm migration ',
+ rule => 'proto tcp dport 8102 @subchain \'ganeti-kvm-migration\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }',
+ notarule => true,
+ }
- @ferm::rule { 'dsa-ganeti-ssh-v4':
- description => 'allow ganeti to ssh around',
- rule => 'proto tcp dport ssh @subchain \'ganeti-ssh\' { saddr ( $HOST_GANETI_V4 $HOST_GANETI_BACKEND_V4) ACCEPT; }',
- notarule => true,
+ @ferm::rule { 'dsa-ganeti-ssh-v4':
+ description => 'allow ganeti to ssh around',
+ rule => 'proto tcp dport ssh @subchain \'ganeti-ssh\' { saddr ( $HOST_GANETI_V4 $HOST_GANETI_BACKEND_V4) ACCEPT; }',
+ notarule => true,
+ }
+ }
}
file {
touch $TARGET/etc/udev/rules.d/75-cd-aliases-generator.rules
touch $TARGET/etc/udev/rules.d/75-persistent-net-generator.rules
+
+###########################################
+fqdn=$(cat $TARGET/etc/hostname)
+echo ${fqdn%%.*} > $TARGET/etc/hostname
+
+###########################################
if [ "$NIC_COUNT" -ge 1 ]; then
cat > $TARGET/etc/network/interfaces << EOF
# /etc/network/interfaces
auto lo
iface lo inet loopback
+EOF
+fi
+
+
+###########################################
+###########################################
+<% if scope.lookupvar('::cluster').to_s == 'ganeti2.debian.org' -%>
+
+###########################################
+if [ "$NIC_COUNT" -ge 1 ]; then
+ cat >> $TARGET/etc/network/interfaces << EOF
auto eth0
iface eth0 inet static
address ${NIC_0_IP}
fi
+###########################################
+cat > $TARGET/etc/resolv.conf <<EOF
+# /etc/resolv.conf
+search debprivate-ubc.debian.org debian.org
+nameserver 206.12.19.20
+nameserver 206.12.19.21
+EOF
+
+###########################################
+###########################################
+<% elsif scope.lookupvar('::cluster').to_s == 'ganeti-osuosl.debian.org' -%>
+#
+###########################################
+if [ "$NIC_COUNT" -ge 1 ]; then
+ cat >> $TARGET/etc/network/interfaces << EOF
+auto eth0
+iface eth0 inet static
+ address ${NIC_0_IP}
+ netmask 255.255.255.128
+ gateway 140.211.166.1
+
+ pre-up /sbin/sysctl -w net.ipv6.conf.\$IFACE.accept_ra=0 || true
+EOF
+
+fi
+
+###########################################
+cat > $TARGET/etc/resolv.conf <<EOF
+# /etc/resolv.conf
+search debian.org
+nameserver 140.211.166.130
+nameserver 140.211.166.131
+EOF
+
+<% else -%>
+
+# No config for cluster <%= scope.lookupvar('::cluster').to_s %>
+cp /etc/resolv.conf $TARGET/etc/resolv.conf
+
+<% end -%>
+
+
+
+
+###########################################
if [ "$NIC_COUNT" -ge 2 ]; then
cat >> $TARGET/etc/network/interfaces << EOF
fi
-fqdn=$(cat $TARGET/etc/hostname)
-echo ${fqdn%%.*} > $TARGET/etc/hostname
-
-cat > $TARGET/etc/resolv.conf <<EOF
-# /etc/resolv.conf
-search debprivate-ubc.debian.org debian.org
-nameserver 206.12.19.20
-nameserver 206.12.19.21
-EOF
-
+###########################################
# clean up etc/hosts
cat > $TARGET/etc/hosts << EOF
127.0.0.1 localhost
-MIRROR="http://mirror-ubc.debian.org/debian"
+<%=
+case scope.lookupvar('::cluster')
+ when "ganeti2.debian.org" then 'MIRROR="http://mirror-ubc.debian.org/debian"'
+ when "ganeti-osuosl.debian.org" then 'MIRROR="http://debian.osuosl.org/debian"'
+ else 'MIRROR="http://http.debian.net/debian"'
+end
+%>
ARCH="amd64"
SUITE="squeeze"
$owner = $::lsbdistcodename ? {
squeeze => munin,
- wheezy => root
+ wheezy => root,
+ undef => munin,
}
$gid = $::lsbdistcodename ? {
squeeze => adm,
wheezy => 'www-data',
+ undef => adm,
}
file { '/var/log/munin':
--- /dev/null
+#! /bin/sh
+# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
+# Modified for Debian GNU/Linux
+# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+# Clamav version by Magnus Ekdahl <magnus@debian.org>
+# Nagios version by Sean Finney <seanius@debian.org> and probably others
+# nagios2 version by Marc Haber <mh+debian-packages@zugschlus.de>
+# nagios3 version by Alexander Wirt <formorer@debian.org>
+
+### BEGIN INIT INFO
+# Provides: nagios3
+# Required-Start: $local_fs $remote_fs $syslog $named $network $time
+# Required-Stop: $local_fs $remote_fs $syslog $named $network
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: nagios host/service/network monitoring and management system
+# Description: nagios is a monitoring and management system for hosts, services and networks.
+### END INIT INFO
+
+set -e
+
+. /lib/lsb/init-functions
+
+DAEMON=/usr/sbin/nagios3
+NAME="nagios3"
+DESC="nagios3 monitoring daemon"
+NAGIOSCFG="/etc/nagios3/nagios.cfg"
+CGICFG="/etc/nagios3/cgi.cfg"
+NICENESS=5
+
+[ -x "$DAEMON" ] || exit 0
+[ -r /etc/default/nagios3 ] && . /etc/default/nagios3
+
+
+# this is from madduck on IRC, 2006-07-06
+# There should be a better possibility to give daemon error messages
+# and/or to log things
+log()
+{
+ case "$1" in
+ [[:digit:]]*) success=$1; shift;;
+ *) :;;
+ esac
+ log_action_begin_msg "$1"; shift
+ log_action_end_msg ${success:-0} "$*"
+}
+
+check_started () {
+ #nagios3-core can be installed without -cgi
+ if [ -e $CGICFG ];
+ then
+ check_cmd=$(get_config nagios_check_command $CGICFG)
+ if [ ! "$check_cmd" ]; then
+ log 6 "unable to determine nagios_check_command from $CGICFG!"
+ return 6
+ fi
+ else
+ #use hardcoded default version
+ check_cmd="/usr/lib/nagios/plugins/check_nagios /var/cache/nagios3/status.dat 5 '/usr/sbin/nagios3'"
+ fi
+
+ eval $check_cmd >/dev/null
+
+ if [ -f "$THEPIDFILE" ]; then
+ pid="$(cat $THEPIDFILE)"
+ if [ "$pid" ] && kill -0 $pid >/dev/null 2>/dev/null; then
+ return 0 # Is started
+ fi
+ fi
+ return 1 # Isn't started
+}
+
+#
+# get_config()
+#
+# grab a config option from nagios.cfg (or possibly another nagios config
+# file if specified). everything after the '=' is echo'd out, making
+# this a nice generalized way to get requested settings.
+#
+get_config () {
+ if [ "$2" ]; then
+ set -- `grep ^$1 $2 | sed 's@=@ @'`
+ else
+ set -- `grep ^$1 $NAGIOSCFG | sed 's@=@ @'`
+ fi
+ shift
+ echo $*
+}
+
+check_config () {
+ if $DAEMON -v $NAGIOSCFG >/dev/null 2>&1 ; then
+ # First get the user/group etc Nagios is running as
+ nagios_user="$(get_config nagios_user)"
+ nagios_group="$(get_config nagios_group)"
+ log_file="$(get_config log_file)"
+ log_dir="$(dirname $log_file)"
+
+ return 0 # Config is ok
+ else
+ # config is not okay, so let's barf the error to the user
+ $DAEMON -v $NAGIOSCFG
+ fi
+}
+
+check_named_pipe () {
+ nagiospipe="$(get_config command_file)"
+ if [ -p "$nagiospipe" ]; then
+ return 1 # a named pipe exists
+ elif [ -e "$nagiospipe" ];then
+ return 1
+ else
+ return 0 # no named pipe exists
+ fi
+}
+
+if [ ! -f "$NAGIOSCFG" ]; then
+ log_failure_msg "There is no configuration file for Nagios 3."
+ exit 6
+fi
+
+THEPIDFILE=$(get_config "lock_file")
+[ -n "$THEPIDFILE" ] || THEPIDFILE='/var/run/nagios3/nagios.pid'
+
+start () {
+ DIRECTORY=$(dirname $THEPIDFILE)
+ [ ! -d $DIRECTORY ] && mkdir -p $DIRECTORY
+ chown nagios:nagios $DIRECTORY
+
+ if ! check_started; then
+ if ! check_named_pipe; then
+ log_action_msg "named pipe exists - removing"
+ rm -f $nagiospipe
+ fi
+ if check_config; then
+ start_daemon -n $NICENESS -p $THEPIDFILE $DAEMON -d $NAGIOSCFG
+ ret=$?
+ else
+ log_failure_msg "errors in config!"
+ log_end_msg 1
+ exit 1
+ fi
+ else
+ log_warning_msg "already running!"
+ fi
+ return $ret
+}
+
+stop () {
+ killproc -p $THEPIDFILE
+ ret=$?
+ if [ `pidof nagios3 | wc -l ` -gt 0 ]; then
+ echo -n "Waiting for $NAME daemon to die.."
+ cnt=0
+ while [ `pidof nagios3 | wc -l ` -gt 0 ]; do
+ cnt=`expr "$cnt" + 1`
+ if [ "$cnt" -gt 15 ]; then
+ kill -9 `pidof nagios3`
+ break
+ fi
+ sleep 1
+ echo -n "."
+ done
+ fi
+ echo
+ if ! check_named_pipe; then
+ rm -f $nagiospipe
+ fi
+ if [ -n "$ret" ]; then
+ return $ret
+ else
+ return $?
+ fi
+}
+
+status()
+{
+ log_action_begin_msg "checking $DAEMON"
+ if check_started; then
+ log_action_end_msg 0 "running"
+ else
+ if [ -e "$THEPIDFILE" ]; then
+ log_action_end_msg 1 "$DAEMON failed"
+ exit 1
+ else
+ log_action_end_msg 1 "not running"
+ exit 3
+ fi
+ fi
+}
+
+
+reload () {
+ # Check first
+ if check_config; then
+ if check_started; then
+ killproc -p $THEPIDFILE $DAEMON 1
+ else
+ log_warning_msg "Not running."
+ fi
+ else
+ log_failure_msg "errors in config!"
+ log_end_msg 6
+ exit 6
+ fi
+}
+
+check () {
+ $DAEMON -v $NAGIOSCFG
+}
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ start
+ log_end_msg $?
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ stop
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ stop
+ if [ -z "$?" -o "$?" = "0" ]; then
+ start
+ fi
+ log_end_msg $?
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC configuration files" "$NAME"
+ reload
+ log_end_msg $?
+ ;;
+ status)
+ status
+ ;;
+ check)
+ check
+ ;;
+ *)
+ log_failure_msg "Usage: $0 {start|stop|restart|reload|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
ensure => installed
}
+ file { '/etc/init.d/nagios3':
+ source => 'puppet:///modules/nagios/nagios3.init',
+ mode => '0755',
+ require => Package['nagios3'],
+ before => Service['nagios3'],
+ }
+
service { 'nagios3':
- ensure => running,
+ ensure => running,
+ require => Package['nagios3'],
}
file { '/etc/nagios-plugins/config':
fqdn = lookupvar('::fqdn')
if fqdn and fqdn == host
v4ips = lookupvar('::v4ips')
- if v4ips
+ if v4ips and v4ips.to_s != "" and v4ips.to_s != 'undefined'
nodeinfo['misc']['v4addrs'] = v4ips.split(',')
# find out if we are behind nat
if scope.lookupvar('::cluster').to_s != 'undefined'
scope.lookupvar('::cluster_nodes').to_s.split.sort.each do |node|
if allnodeinfo.has_key?(node)
- ganetikeys << "# for ganeti: #{allnodeinfo[node]['hostname'].to_s}"
+ ganetikeys << "# for ganeti cluster #{scope.lookupvar('::cluster').to_s}: #{allnodeinfo[node]['hostname'].to_s}"
ganetikeys << "from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\" #{allnodeinfo[node]['sshRSAHostKey'].to_s}"
else
ganetikeys << "# host #{node} not found in allnodeinfo"
Host_Alias SECHOSTS = chopin
Host_Alias FTPHOSTS = franck, morricone, bizet
Host_Alias ZIVITHOSTS = zelenka, zandonai
-Host_Alias AACRAIDHOSTS = bellini, morricone, paganini, respighi, vivaldi, beethoven, pettersson
+Host_Alias AACRAIDHOSTS = bellini, morricone, paganini, respighi, beethoven, pettersson
Host_Alias MEGARAIDHOSTS = grieg, rautavaara, sibelius
Host_Alias MPTRAIDHOSTS = master, fasch, holter, barber, biber, cilea, vitry, krenek, scelsi, orff, field
Host_Alias MEGACTLHOSTS = lindberg, englund, nielsen
# geodns may reload bind
geodnssync geo1,geo2,geo3=(root) NOPASSWD: /etc/init.d/bind9 reload
geodnssync geo1,geo2,geo3=(root) NOPASSWD: /usr/sbin/rndc reconfig
-# fossology
-%fossy vivaldi=(root) /etc/init.d/fossology
-%fossy vivaldi=(fossy) ALL
# Porter work
%porter-armel abel,agricola=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot