- paradis.debian.org
piuparts:
- pejacevic.debian.org
+ popcon:
+ - popov.debian.org
pubsub:
- rainier.debian.org
- rapoport.debian.org
static_source:
- master.debian.org
- dillon.debian.org
+ - donizetti.debian.org
- franck.debian.org
- lindsay.debian.org
- philp.debian.org
$memlimit = 512 * 1024 * 1024
} elsif has_role('sso') {
$memlimit = 512 * 1024 * 1024
+ } elsif has_role('popcon') {
+ $memlimit = 512 * 1024 * 1024
+ } elsif has_role('qamaster') {
+ $memlimit = 300 * 1024 * 1024
} else {
$memlimit = 192 * 1024 * 1024
}
# MaxConnectionsPerChild 0
<IfModule mpm_worker_module>
-<% if scope.function_has_role(['bugs_base']) -%>
+<% if scope.function_has_role(['bugs_base']) or
+ scope.function_has_role(['popcon'])
+ -%>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
class autofs {
case $::hostname {
- pejacevic, piu-slave-bm-a, picconi, coccia, couper, dillon, donizetti, ticharich, delfin, quantz, sor, lindsay: {
+ pejacevic, piu-slave-bm-a, picconi, coccia, couper, dillon, donizetti, ticharich, delfin, quantz, sor, lindsay, mekeel: {
include autofs::bytemark
}
lw07,lw08: {
default => 'wheezy'
}
+ $buildd_apt_main_ensure = $::hostname ? {
+ /^(schroeder|sompek|stadler)$/ => 'absent',
+ default => 'present',
+ }
+
site::aptrepo { 'buildd.debian.org':
+ ensure => $buildd_apt_main_ensure,
key => 'puppet:///modules/buildd/buildd.debian.org.gpg',
url => 'https://buildd.debian.org/apt/',
suite => $suite,
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-#
-# LDAP Defaults
-#
-
-# See ldap.conf(5) for details
-# This file should be world readable but not world writable.
-
-#BASE dc=example,dc=com
-#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
-
-#SIZELIMIT 12
-#TIMELIMIT 15
-#DEREF never
-
-URI ldap://db.debian.org
-BASE dc=debian,dc=org
-
-TLS_CACERT /etc/ssl/servicecerts/db.debian.org.crt
-TLS_REQCERT hard
Facter.add(fact) do
confine :kernel => 'GNU/kFreeBSD'
setcode do
- unless defined?(@@lsbdata) and defined?(@@lsbtime) and (Time.now.to_i - @@lsbtime.to_i < 5)
+ unless defined?(lsbdata) and defined?(lsbtime) and (Time.now.to_i - lsbtime.to_i < 5)
type = nil
- @@lsbtime = Time.now
- @@lsbdata = Facter::Util::Resolution.exec('lsb_release -a 2>/dev/null')
+ lsbtime = Time.now
+ lsbdata = Facter::Util::Resolution.exec('lsb_release -a 2>/dev/null')
end
- if pattern.match(@@lsbdata)
+ if pattern.match(lsbdata)
$1
else
nil
source => 'puppet:///modules/debian-org/basic-ssh_known_hosts'
}
+ if ($::lsbmajdistrelease >= 8) {
+ $rubyfs_package = 'ruby-filesystem'
+ } elsif $::lsbmajdistrelease == 7 {
+ $rubyfs_package = 'libfilesystem-ruby1.9'
+ } else {
+ $rubyfs_package = 'libfilesystem-ruby1.8'
+ }
package { [
'apt-utils',
'bash-completion',
'dnsutils',
'less',
'lsb-release',
- 'libfilesystem-ruby1.8',
+ $rubyfs_package,
'mtr-tiny',
'nload',
'pciutils',
ensure => installed,
}
- if $::lsbmajdistrelease == 7 {
- package { 'libfilesystem-ruby1.9.1':
- ensure => installed,
- }
- } elsif $::lsbmajdistrelease >= 8 {
- package { 'ruby-filesystem':
- ensure => installed,
- }
- }
-
munin::check { [
'cpu',
'entropy',
}
file { '/etc/ldap/ldap.conf':
require => Package['debian.org'],
- source => 'puppet:///modules/debian-org/ldap.conf',
+ content => template('debian-org/ldap.conf.erb'),
}
file { '/etc/pam.d/common-session':
require => Package['debian.org'],
onlyif => "test -x /bin/systemctl"
}
+ exec { 'systemd-tmpfiles --create --exclude-prefix=/dev':
+ refreshonly => true,
+ onlyif => "test -x /bin/systemd-tmpfiles"
+ }
+
tidy { '/var/lib/puppet/clientbucket/':
age => '2w',
recurse => 9,
mailly.debian.org: Alphonse Jean Ernest Mailly (November 27th, 1833 - January 10th, 1918)
mayer.debian.org: John Mayer (October 28th, 1930 - March 9th, 2004)
mayr.debian.org: Johann(es) Simon Mayr (June 14th, 1763 - December 2nd, 1845)
- menotti.debian.org: Gian Carlo Menotti (July 7th, 1911 - February 1st,, 2007)
+ menotti.debian.org: Gian Carlo Menotti (July 7th, 1911 - February 1st, 2007)
+ mekeel.debian.org: Joyce Mekeel (July 6th, 1931 - Dec 29th, 1997)
merulo.debian.org: Claudio Merulo (April 8th, 1533 - May 4th, 1604)
milanollo.debian.org: Teresa Milanollo (August 28th, 1827 - October 25th, 1904)
minkus.debian.org: Ludwig Minkus (March 23rd 1826 - December 7th, 1917)
petrova.debian.org: Mara Petrova (May 15th, 1921 - June 7th. 1997)
pettersson.debian.org: Gustav Allan Pettersson (September 19th, 1911 - June 20th, 1980)
picconi.debian.org: Maria Antonietta Picconi (September 23rd, 1869 - 1926)
+ pittar.debian.org: Fanny Krumpholtz Pittar (1785 - 1815)
philp.debian.org: Elizabeth Philp (1827 - November 26th, 1885)
plummer.debian.org: John Plummer (c. 1410 - c. 1483)
popov.debian.org: Gavriil Nikolayevich Popov (Гаврии́л Никола́евич Попо́в) (September 12th, 1904 - February 17th, 1972)
- zani.debian.org
- zemlinsky.debian.org
# Not worth backing up
- - rainier.debian.org
- - rapoport.debian.org
- x86-bm-01.debian.org
broken-rtc:
- abel.debian.org
@hourly root sleep $(( $RANDOM \% 300 )); if [ -x /usr/lib/nagios/plugins/dsa-check-stunnel-sanity ] && [ -e /etc/stunnel/puppet-ekeyd.conf ] && ! /usr/lib/nagios/plugins/dsa-check-stunnel-sanity > /dev/null && grep -q '^client = yes' /etc/stunnel/puppet-ekeyd.conf; then /usr/sbin/service stunnel4 restart > /dev/null; fi
-@daily munin-async [ -d /var/lib/munin-async ] && find /var/lib/munin-async -type f -name '*.gz' -mtime +90 -delete
+@daily munin-async [ -d /var/lib/munin-async ] && find /var/lib/munin-async -type f -mtime +90 -name '*.gz' -delete
+@daily munin-async [ -d /var/lib/munin-async ] && find /var/lib/munin-async -type f -mtime +90 -size 0 -delete
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE dc=example,dc=com
+#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT 12
+#TIMELIMIT 15
+#DEREF never
+
+URI ldap://db.debian.org
+BASE dc=debian,dc=org
+
+<% if @lsbmajdistrelease.to_i >= 8 -%>
+TLS_CACERT /etc/ssl/ca-debian/ca-certificates.crt
+<% else -%>
+TLS_CACERT /etc/ssl/servicecerts/db.debian.org.crt
+<% end -%>
+TLS_REQCERT hard
<%- if scope.lookupvar('::hostname') == 'handel' -%>
[master]
-environments = development,testing,production,staging
+environments = production,staging
reports = store, http
reporturl = http://puppet-dashboard.debian.org:3000/reports/upload
config_version = cat /etc/puppet/.config-version
+storeconfigs = true
thin_storeconfigs = true
dbadapter=mysql
dbuser=puppet
report = true
configtimeout = 240
+[production]
+manifestdir=/srv/puppet.debian.org/stages/production/manifests
+fileserverconfig=/srv/puppet.debian.org/stages/production/fileserver.conf
+modulepath=/srv/puppet.debian.org/stages/production/modules:/srv/puppet.debian.org/stages/production/3rdparty/modules
+
[staging]
manifestdir=/srv/puppet.debian.org/stages/staging/manifests
fileserverconfig=/srv/puppet.debian.org/stages/staging/fileserver.conf
end
-if scope.lookupvar('::cluster').to_s != 'undefined'
+if scope.lookupvar('::cluster')
purp += "\n This server is a node in ganeti cluster: "
purp += scope.lookupvar('::cluster').to_s + ":\n"
purp += "\t" + scope.lookupvar('::cluster_nodes').split.sort.map{ |x| x.split('.')[0] }.join(", ") + ".\n"
multipaths {
multipath {
- wwid 3600c0ff000d5ad34b41a635401000000
- alias adayevskaya
+ wwid 3600c0ff000d5ad34b41a635401000000
+ alias adayevskaya
}
multipath {
- wwid 3600c0ff000d5ad346d96635401000000
- alias barriere
+ wwid 3600c0ff000d5ad346d96635401000000
+ alias barriere
}
multipath {
- wwid 3600c0ff000d5ad34e88c635401000000
- alias barriere-lvm
+ wwid 3600c0ff000d5ad34e88c635401000000
+ alias barriere-lvm
}
multipath {
- wwid 3600c0ff000d5ad34f559665401000000
- alias binet
+ wwid 3600c0ff000d5ad34f559665401000000
+ alias binet
}
multipath {
- wwid 3600c0ff000d5ad34fb59665401000000
- alias binet-lvm
+ wwid 3600c0ff000d5ad34fb59665401000000
+ alias binet-lvm
}
multipath {
- wwid 3600c0ff000d5ad344455675401000000
- alias bmdb1
+ wwid 3600c0ff000d5ad344455675401000000
+ alias bmdb1
}
multipath {
- wwid 3600c0ff000d83a704c2ed85101000000
- alias bmdb1-srv
+ wwid 3600c0ff000d83a704c2ed85101000000
+ alias bmdb1-srv
}
multipath {
- wwid 3600c0ff000d5ad34f874635401000000
- alias coccia
+ wwid 3600c0ff000d5ad34f874635401000000
+ alias coccia
}
multipath {
- wwid 3600c0ff000d5ad34ac83635401000000
- alias coccia-lvm
+ wwid 3600c0ff000d5ad34ac83635401000000
+ alias coccia-lvm
}
multipath {
- wwid 3600c0ff000d5ad34cd996b5401000000
- alias couper
+ wwid 3600c0ff000d5ad34cd996b5401000000
+ alias couper
}
multipath {
- wwid 3600c0ff000d83a7048ef105201000000
- alias couper-srv
+ wwid 3600c0ff000d83a7048ef105201000000
+ alias couper-srv
}
multipath {
- wwid 3600c0ff000d5ad34389b6b5401000000
- alias delfin
+ wwid 3600c0ff000d5ad34389b6b5401000000
+ alias delfin
}
multipath {
- wwid 3600c0ff000d83a701052235201000000
- alias delfin-srv
+ wwid 3600c0ff000d83a701052235201000000
+ alias delfin-srv
}
multipath {
- wwid 3600c0ff000d5ad347a49665401000000
- alias dillon
+ wwid 3600c0ff000d5ad347a49665401000000
+ alias dillon
}
multipath {
- wwid 3600c0ff000d5ad34fc2e665401000000
- alias dillon-lvm
+ wwid 3600c0ff000d5ad34fc2e665401000000
+ alias dillon-lvm
}
multipath {
- wwid 3600c0ff000d5ad3421c3635401000000
- alias dinis
+ wwid 3600c0ff000d5ad3421c3635401000000
+ alias dinis
}
multipath {
- wwid 3600c0ff000d5ad34dc17115501000000
- alias dinis-lvm
+ wwid 3600c0ff000d5ad34dc17115501000000
+ alias dinis-lvm
}
multipath {
- wwid 3600c0ff000d5ad34f501655401000000
- alias donizetti
+ wwid 3600c0ff000d5ad34f501655401000000
+ alias donizetti
}
multipath {
- wwid 3600c0ff000d5ad346a00655401000000
- alias donizetti-srv
+ wwid 3600c0ff000d5ad346a00655401000000
+ alias donizetti-srv
}
multipath {
wwid 3600c0ff000d5ad34f780675401000000
alias fede-lvm
}
multipath {
- wwid 3600c0ff000d5ad348670635401000000
- alias gideon
+ wwid 3600c0ff000d5ad348670635401000000
+ alias gideon
}
multipath {
- wwid 3600c0ff000d5ad348d70635401000000
- alias gideon-srv
+ wwid 3600c0ff000d5ad348d70635401000000
+ alias gideon-srv
}
multipath {
- wwid 3600c0ff000d5ad34bcd0635401000000
- alias httpredir-bm-01
+ wwid 3600c0ff000d5ad34bcd0635401000000
+ alias httpredir-bm-01
}
multipath {
- wwid 3600c0ff000d5ad34bf77335501000000
- alias jerea
+ wwid 3600c0ff000d5ad34bf77335501000000
+ alias jerea
}
multipath {
- wwid 3600c0ff000d5ad34c877335501000000
- alias jerea-lvm
+ wwid 3600c0ff000d5ad34c877335501000000
+ alias jerea-lvm
}
multipath {
- wwid 3600c0ff000d5ad34c76a635401000000
- alias lindsay
+ wwid 3600c0ff000d5ad34c76a635401000000
+ alias lindsay
}
multipath {
- wwid 3600c0ff000d5ad34e86a635401000000
- alias lindsay-srv
+ wwid 3600c0ff000d5ad34e86a635401000000
+ alias lindsay-srv
}
multipath {
- wwid 3600c0ff000d5ad341ca4655401000000
- alias milanollo
+ wwid 3600c0ff000d5ad34f1f56f5501000000
+ alias mekeel
}
multipath {
- wwid 3600c0ff000d5ad346921635401000000
- alias milanollo-lvm-old
+ wwid 3600c0ff000d5ad341ca4655401000000
+ alias milanollo
}
multipath {
- wwid 3600c0ff000d75b58b9f93d5501000000
- alias milanollo-lvm
+ wwid 3600c0ff000d5ad346921635401000000
+ alias milanollo-lvm-old
}
multipath {
- wwid 3600c0ff000d5ad3454b3655401000000
- alias moszumanska
+ wwid 3600c0ff000d75b58b9f93d5501000000
+ alias milanollo-lvm
}
multipath {
- wwid 3600c0ff000d5ad34951e635401000000
- alias moszumanska-lvm
+ wwid 3600c0ff000d5ad3454b3655401000000
+ alias moszumanska
}
multipath {
- wwid 3600c0ff000d5ad342fca635401000000
- alias oyens
+ wwid 3600c0ff000d5ad34951e635401000000
+ alias moszumanska-lvm
}
multipath {
- wwid 3600c0ff000d5ad3437ca635401000000
- alias oyens-srv
+ wwid 3600c0ff000d5ad342fca635401000000
+ alias oyens
+ }
+ multipath {
+ wwid 3600c0ff000d5ad3437ca635401000000
+ alias oyens-srv
}
multipath {
wwid 3600c0ff000d5ad341356645401000000
alias paradis-lvm
}
multipath {
- wwid 3600c0ff000d5ad341dfb655401000000
- alias pejacevic
+ wwid 3600c0ff000d5ad341dfb655401000000
+ alias pejacevic
+ }
+ multipath {
+ wwid 3600c0ff000d5ad3439b7645401000000
+ alias pejacevic-lvm
+ }
+ multipath {
+ wwid 3600c0ff000d5ad34e7e9645401000000
+ alias petrova
}
multipath {
- wwid 3600c0ff000d5ad3439b7645401000000
- alias pejacevic-lvm
+ wwid 3600c0ff000d5ad34e3b4645401000000
+ alias philp
}
multipath {
- wwid 3600c0ff000d5ad34e7e9645401000000
- alias petrova
+ wwid 3600c0ff000d5ad348f67675401000000
+ alias picconi
}
multipath {
- wwid 3600c0ff000d5ad34e3b4645401000000
- alias philp
+ wwid 3600c0ff000d5ad34de57675401000000
+ alias picconi-lvm
}
multipath {
- wwid 3600c0ff000d5ad348f67675401000000
- alias picconi
+ wwid 3600c0ff000d5ad346501705501000000
+ alias pittar
}
multipath {
- wwid 3600c0ff000d5ad34de57675401000000
- alias picconi-lvm
+ wwid 3600c0ff000d5ad347c01705501000000
+ alias pittar-lvm
}
multipath {
- wwid 3600c0ff000d5ad345cee645401000000
- alias piu-slave-bm-a
+ wwid 3600c0ff000d5ad345cee645401000000
+ alias piu-slave-bm-a
}
multipath {
- wwid 3600c0ff000d5ad3465ee645401000000
- alias piu-slave-bm-a-swap
+ wwid 3600c0ff000d5ad3465ee645401000000
+ alias piu-slave-bm-a-swap
}
multipath {
- wwid 3600c0ff000d5ad34c6ae6b5401000000
- alias portman
+ wwid 3600c0ff000d5ad34c6ae6b5401000000
+ alias portman
}
multipath {
- wwid 3600c0ff000d5ad341e9d6b5401000000
- alias portman-lvm
+ wwid 3600c0ff000d5ad341e9d6b5401000000
+ alias portman-lvm
}
multipath {
- wwid 3600c0ff000d5ad34fa5d6a5401000000
- alias quantz
+ wwid 3600c0ff000d5ad34fa5d6a5401000000
+ alias quantz
}
multipath {
wwid 3600c0ff000d5ad347b7b695401000000
alias quantz-lvm
}
multipath {
- wwid 3600c0ff000d5ad341aa6645401000000
- alias rainier
+ wwid 3600c0ff000d5ad341aa6645401000000
+ alias rainier
}
multipath {
- wwid 3600c0ff000d5ad34efa7645401000000
- alias rapoport
+ wwid 3600c0ff000d5ad34efa7645401000000
+ alias rapoport
}
multipath {
- wwid 3600c0ff000d5ad34b260685401000000
- alias senfter
+ wwid 3600c0ff000d5ad34b260685401000000
+ alias senfter
}
multipath {
- wwid 3600c0ff000d5ad34c3bd675401000000
- alias senfter-lvm
+ wwid 3600c0ff000d5ad34c3bd675401000000
+ alias senfter-lvm
}
multipath {
- wwid 3600c0ff000d75b58894b825401000000
- alias sor
+ wwid 3600c0ff000d75b58894b825401000000
+ alias sor
}
multipath {
- wwid 3600c0ff000d75b58264c825401000000
- alias sor-lvm
+ wwid 3600c0ff000d75b58264c825401000000
+ alias sor-lvm
}
multipath {
- wwid 3600c0ff000d5ad346bc46b5401000000
- alias ticharich
+ wwid 3600c0ff000d5ad346bc46b5401000000
+ alias ticharich
}
multipath {
- wwid 3600c0ff000d5ad34169d6b5401000000
- alias ticharich-lvm
+ wwid 3600c0ff000d5ad34169d6b5401000000
+ alias ticharich-lvm
}
multipath {
- wwid 3600c0ff000d5ad3463e4645401000000
- alias wuiet
+ wwid 3600c0ff000d5ad3463e4645401000000
+ alias wuiet
}
multipath {
- wwid 3600c0ff000d5ad340ad9635401000000
- alias wuiet-lvm
+ wwid 3600c0ff000d5ad340ad9635401000000
+ alias wuiet-lvm
}
multipath {
- wwid 3600c0ff000d5ad3442f4645401000000
- alias x86-bm-01
+ wwid 3600c0ff000d5ad3442f4645401000000
+ alias x86-bm-01
}
multipath {
- wwid 3600c0ff000d5ad344af4645401000000
- alias x86-bm-01-lvm
+ wwid 3600c0ff000d5ad344af4645401000000
+ alias x86-bm-01-lvm
}
}
/linux-image-.*/
/kernel-image-.*/
-buildd
-sbuild
ignore = []
case fqdn
when /draghi.debian.org/ then ignore << %w{userdir-ldap userdir-ldap-cgi libheimdal-kadm5-perl django-ldapdb ud python-cdb python-nameparser}
-when /(zandonai|zelenka).debian.org/ then ignore << %w{samhain zabbix-agent rrdcollect}
-when /zappa.debian.org/ then ignore << %w{samhain}
-when /(mayer|corelli).debian.org/ then ignore << "linux-base"
-when /(alkman|caballero|merulo|mundy|zani).debian.org/ then ignore << "samhain"
-when "franck.debian.org" then ignore << %w{python-apt}
-when /(abel|arnold|antheil).debian.org/ then ignore << %w{flash-kernel linux-firmware-image}
-when /(asachi|arm-linaro-01|arm-linaro-03).debian.org/ then ignore << "flash-kernel"
-when /harris.debian.org/ then ignore << %w{flash-kernel kernel linux-firmware-image}
-when /(hartmann|hasse|henze|hoiby).debian.org/ then ignore << %w{flash-kernel kernel linux-firmware-image}
-when /(parry|partch).debian.org/ then ignore << "yaboot"
when "handel.debian.org" then ignore << %w{puppet-dashboard}
when "reger.debian.org" then ignore << %w{librt-extension-commandbymail-perl}
when /(rainier|rapoport).debian.org/ then ignore << %w{rabbitmq-server}
-when "zemlinsky.debian.org" then ignore << %w{initramfs-tools}
when "sibelius.debian.org" then ignore << %w{tivsm-ba tivsm-api64 gskssl64 gskcrypt64 tivsm-api gskssl gskcrypt}
-when "vogler.debian.org" then ignore << %w{repro libresiprocate-1.9 resiprocate-turn-server}
-when /(mailly|muffat).debian.org/ then ignore << %w{python-dsa-mq}
-when /(csail|grnet)-node(01|02).debian.org/ then ignore << %w{openvswitch-switch openvswitch-common}
-end
-
-case fqdn
-when /geo[123].debian.org/ then ignore << %w{geoip-database}
-end
-
-case fqdn
-when /((csail|grnet)-node(01|02)|powell|bm-bl1).debian.org/ then ignore << %w{ganeti-os-noop}
+when "storace.debian.org" then ignore << %w{postgresql-client-9.1}
+when /(sompek|stadler|schroeder).debian.org/ then ignore << %w{libsbuild-perl buildd sbuild}
end
ignore.flatten.join("\n")
hoster[name] = [] unless hoster[name]
hoster[name] << node
end
+ raise Puppet::ParseError, "entropy_provider: no entropy providers" unless provider.size > 0
# figure out which entropy provider to use
consumer_hoster = nodeinfo['hoster']
parser = Puppet::Parser::Parser.new(environment)
parser.watch_file(yamlfile)
- $KCODE = 'utf-8'
-
ans = {"name" => "unknown"}
yaml = YAML.load_file(yamlfile)
}
require 'yaml'
- $KCODE = 'utf-8'
yaml = YAML.load_file(yamlfile)
ret = {}
dillon.debian.org blends.debian.org dillon.debian.org /srv/blends.debian.org/www
dillon.debian.org d-i.debian.org dillon.debian.org /srv/d-i.debian.org/www
dillon.debian.org debaday.debian.net dillon.debian.org /srv/debaday.debian.net/htdocs
+dillon.debian.org debdeltas.debian.net donizetti.debian.org /srv/debdelta.debian.org/www/debdeltas
dillon.debian.org dsa.debian.org dillon.debian.org /srv/dsa.debian.org/htdocs
dillon.debian.org lintian.debian.org lindsay.debian.org /srv/lintian.debian.org/www
dillon.debian.org mozilla.debian.net dillon.debian.org /srv/mozilla.debian.net/htdocs
Use common-static-vhost incoming.debian.org
Use common-static-vhost news.debian.net
Use common-static-vhost debaday.debian.net
+Use common-static-vhost debdeltas.debian.net
Use common-static-vhost-with-extra metadata.ftp-master.debian.org "AddDefaultCharset utf-8"
Use common-static-vhost-with-extra d-i.debian.org "ServerAlias d-i-backend.debian.org"
Use common-static-vhost-with-extra network-test.debian.org "ServerAlias network-test-backend.debian.org"
file=/etc/ferm/conf.d/me.conf
file=/etc/ferm/conf.d/defs.conf
file=/etc/ferm/ferm.conf
+file=/etc/ssl/README
dir=2/etc/ssl/debian
dir=1/etc/ssl/certs
dir=1/etc/ssl/ca-debian
%>
<%=
ganetikeys = []
- if scope.lookupvar('::cluster').to_s != 'undefined'
+ if scope.lookupvar('::cluster')
scope.lookupvar('::cluster_nodes').split.sort.each do |node|
if allnodeinfo.has_key?(node)
ganetikeys << "# for ganeti cluster #{scope.lookupvar('::cluster').to_s}: #{allnodeinfo[node]['hostname'][0]}"
--- /dev/null
+/------------------------------------------------------------------------------
+| /etc/ssl/certs
+
+The purpose of this directory is to allow verification of service certificates
+for debian.org services by software that is able to properly verify service
+certificates that are available in the default certificate store.
+
+Please *use it* in preference to other certificate stores when possible.
+
+/------------------------------------------------------------------------------
+| /etc/ssl/ca-debian
+
+This directory contains the certificate(s) for the certificate authorities
+that have signed current service certificates for debian.org services.
+
+The purpose of this directory is to allow verification of service certificates
+for debian.org services by software that is unable to properly verify service
+certificates that are available in the default certificate store.
+
+Please *do not* use it for verification of debian.org service certificates
+unless the software you are using is buggy and there is no other alternative.
+Please *file bugs* on any software that you find that needs to use this
+directory and usertag those bugs using this bts command:
+
+bts user debian-admin@lists.debian.org , usertags 123456 + needed-by-DSA-Team
+
+/------------------------------------------------------------------------------
+| /etc/ssl/ca-global
+
+This directory contains all of the certificates for certificate authorities
+trusted by the ca-certificates Debian package, which is mostly a copy
+of the certificates trusted by the Mozilla certificate store.
+
+The purpose of this directory is to allow verification of certificates from
+a wide variety of external services on the global Internet that could
+change their certificate at any time and could change their certificate
+signing authority at any time.
+
+Please *do not* use it for verification of debian.org service certificates.
+
+Please *do not* use it for verification of certificates when pinning to a
+specific service certificate or certificate authority is a viable option.
+This directory *only* contains the certificate(s) for the current service
+certificates for debian.org services.
+++ /dev/null
-This directory contains the certificate(s) for the certificate authorities
-that have signed current service certificates for debian.org services.
-
-The purpose of this directory is to allow verification of service certificates
-for debian.org services by software that is unable to properly verify service
-certificates that are available in the default certificate store.
-
-Please *do not* use it for verification of debian.org service certificates
-unless the software you are using is buggy and there is no other alternative.
-Please *file bugs* on any software that you find that needs to use this
-directory and usertag those bugs using this bts command:
-
-bts user debian-admin@lists.debian.org , usertags 123456 + needed-by-DSA-Team
+++ /dev/null
-This directory contains all of the certificates for certificate authorities
-trusted by the ca-certificates Debian package, which is mostly a copy
-of the certificates trusted by the Mozilla certificate store.
-
-The purpose of this directory is to allow verification of certificates from
-a wide variety of external services on the global Internet that could
-change their certificate at any time and could change their certificate
-signing authority at any time.
-
-Please *do not* use it for verification of debian.org service certificates.
-
-Please *do not* use it for verification of certificates when pinning to a
-specific service certificate or certificate authority is a viable option.
+++ /dev/null
-This directory *only* contains the certificate(s) for the current service
-certificates for debian.org services.
-
-The purpose of this directory is to allow verification of service certificates
-for debian.org services by software that is able to properly verify service
-certificates that are available in the default certificate store.
-
-Please *use it* in preference to other certificate stores when possible.
-GANDI-CA
\ No newline at end of file
+GANDI-2-CA
\ No newline at end of file
-GANDI-CA
\ No newline at end of file
+GANDI-2-CA
\ No newline at end of file
Data:
Version: 3 (0x2)
Serial Number:
- 9a:59:d4:db:94:4c:0c:e6:25:3a:2a:e4:a3:a6:9a:a0
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA
+ d6:f4:0b:9a:d4:5f:ae:35:d3:c2:d1:c2:38:f6:79:61
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
Validity
- Not Before: Jul 2 00:00:00 2014 GMT
- Not After : Jul 2 23:59:59 2015 GMT
+ Not Before: Jun 20 00:00:00 2015 GMT
+ Not After : Jul 2 23:59:59 2016 GMT
Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=packages.qa.debian.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
- keyid:B6:A8:FF:A2:A8:2F:D0:A6:CD:4B:B1:68:F3:E7:50:10:31:A7:79:21
+ keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
X509v3 Subject Key Identifier:
82:3E:DF:28:FD:38:4F:4B:08:58:31:28:9C:17:DF:01:FA:99:B8:D4
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.26
- CPS: http://www.gandi.net/contracts/fr/ssl/cps/pdf/
+ CPS: https://cps.usertrust.com
Policy: 2.23.140.1.2.1
X509v3 CRL Distribution Points:
Full Name:
- URI:http://crl.gandi.net/GandiStandardSSLCA.crl
+ URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
Authority Information Access:
- CA Issuers - URI:http://crt.gandi.net/GandiStandardSSLCA.crt
- OCSP - URI:http://ocsp.gandi.net
+ CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
+ OCSP - URI:http://ocsp.usertrust.com
X509v3 Subject Alternative Name:
DNS:packages.qa.debian.org, DNS:www.packages.qa.debian.org
- Signature Algorithm: sha1WithRSAEncryption
- 29:21:ec:a3:34:68:6d:a4:22:07:a7:c8:ef:d2:cf:4d:25:6f:
- 1a:b3:c1:1b:37:1f:ef:41:48:b0:6e:c2:01:f8:f6:b0:eb:19:
- fb:c0:f8:a9:45:61:f0:45:b4:db:8c:d6:80:4b:6d:cb:17:10:
- bb:e6:ff:47:d5:02:95:cf:95:f5:ea:91:9c:e9:b5:d4:93:e3:
- 53:0c:d8:1b:54:cb:36:a7:60:3b:e9:78:8e:5e:29:68:f8:be:
- fd:04:28:93:87:b5:f5:37:69:60:2b:97:28:1a:83:6f:1a:cc:
- 2e:12:34:7b:12:99:73:81:53:a9:1d:0d:01:6e:a3:a4:cb:d0:
- ee:d6:88:a3:32:c3:4f:b9:c3:45:71:db:b4:90:55:af:d2:4c:
- 9e:c3:a5:28:38:aa:3d:8a:86:07:80:e0:8d:81:a1:c4:cf:05:
- 3b:53:f9:7c:7a:b1:b5:f1:65:1f:89:86:6a:05:e1:04:1e:53:
- 93:92:67:c5:8a:af:69:46:f8:03:22:55:dd:53:ad:f6:d2:41:
- e0:23:e0:23:be:55:5c:21:9a:8b:16:93:a9:63:f1:92:6b:46:
- 3e:5c:05:04:fe:f0:55:5c:55:77:cc:7a:7e:ae:23:d2:36:d3:
- 62:d0:4b:5f:cb:0b:a7:c2:46:56:2a:03:a9:4f:02:ce:94:30:
- 43:53:58:3f
+ Signature Algorithm: sha256WithRSAEncryption
+ 7f:8f:da:55:d2:dc:63:a5:90:d6:60:e2:2e:22:ff:f7:eb:4e:
+ be:5b:f1:4f:0c:8f:28:9d:cf:5e:be:25:5c:80:20:52:13:5e:
+ 6d:fd:a9:35:89:94:11:af:69:f4:49:5d:f1:ac:6c:23:1c:81:
+ a4:8f:b2:75:11:c2:7d:e5:6b:2c:ed:04:be:4c:fb:c8:a5:f5:
+ eb:f1:9d:b2:86:8b:55:ff:69:68:a1:5b:c1:92:28:3a:01:33:
+ ef:5f:f8:a9:1d:71:6b:b1:d0:28:53:a9:48:86:fc:12:1b:80:
+ 92:5f:b7:10:e8:22:4c:2f:d0:4d:a3:42:d3:4f:32:96:df:5d:
+ d5:79:db:7d:a6:36:96:9c:f6:f3:ef:49:6a:99:50:50:af:a8:
+ 16:52:bd:6a:52:82:c8:ab:43:fb:69:ac:4d:e9:73:68:5c:3c:
+ 75:3c:61:65:70:82:18:a6:29:67:db:02:2b:79:4b:f9:e4:d4:
+ 1b:c0:c7:33:f5:a6:57:5d:59:77:e1:d2:56:fe:bb:11:ee:f6:
+ c2:13:7b:97:bb:be:6a:0a:04:e9:63:ef:51:7c:f1:8b:ed:dd:
+ 4b:6b:d3:3d:70:10:37:b8:59:ad:84:68:dc:97:f3:84:6a:52:
+ b0:9b:31:7f:45:c3:14:a3:08:54:16:f1:45:83:e6:45:d0:81:
+ c5:1a:06:17
-----BEGIN CERTIFICATE-----
-MIIFezCCBGOgAwIBAgIRAJpZ1NuUTAzmJToq5KOmmqAwDQYJKoZIhvcNAQEFBQAw
-QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu
-ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTE0MDcwMjAwMDAwMFoXDTE1MDcwMjIzNTk1
-OVowYTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL
-ExJHYW5kaSBTdGFuZGFyZCBTU0wxHzAdBgNVBAMTFnBhY2thZ2VzLnFhLmRlYmlh
-bi5vcmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDFXVIMBIramNN1
-1ue09nxcuMwQOiTbl98b/oqtgGB8oKtgypsLjl74ikWJ69jn8Q83abx9KJgKlgbo
-vnYgvOoMF0PSJC92EpE5RYdnlNhEVP+qkybmQIxTegownqrCQd65JBHCG5Lf79DG
-M0GPCULWKwntWY210yX0SkBk1D/L6uTMDgf8ozyWQHwseItXLdvKYWQZyH2Eob4J
-7XTKTJKqRE+DFa86xmj17UTYV2VineTdQ2mfYA8Rfes9QcSdxwxXwVQZ+nf7p1Ax
-VaU6Djs9TuYbxmNS/L2coGQzp5UdO5HAGLYRqhyCgn8wxqQ/5J2g9mpFbIeZ1VQm
-6TFxLTl1Uz7xg/YgOszneqbaL557jrq5UY/j5HMa4gbm4bQ13JN1cFiZ17oVsqUP
-gwx28O+3EvkOqb+/fhmVGhhil1B3xLI+MSmpwGeVqCn3h6Qg9zTDDdnD5VZt0g3M
-W2KO4uyAdiCvoLU9aghiIRQqBtWdPJWQHTGDjrQhxRfrVliLPYMCAwEAAaOCAcww
-ggHIMB8GA1UdIwQYMBaAFLao/6KoL9CmzUuxaPPnUBAxp3khMB0GA1UdDgQWBBSC
-Pt8o/ThPSwhYMSicF98B+pm41DAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
-ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYAYDVR0gBFkwVzBLBgsr
-BgEEAbIxAQICGjA8MDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmdhbmRpLm5ldC9j
-b250cmFjdHMvZnIvc3NsL2Nwcy9wZGYvMAgGBmeBDAECATA8BgNVHR8ENTAzMDGg
-L6AthitodHRwOi8vY3JsLmdhbmRpLm5ldC9HYW5kaVN0YW5kYXJkU1NMQ0EuY3Js
-MGoGCCsGAQUFBwEBBF4wXDA3BggrBgEFBQcwAoYraHR0cDovL2NydC5nYW5kaS5u
-ZXQvR2FuZGlTdGFuZGFyZFNTTENBLmNydDAhBggrBgEFBQcwAYYVaHR0cDovL29j
-c3AuZ2FuZGkubmV0MD0GA1UdEQQ2MDSCFnBhY2thZ2VzLnFhLmRlYmlhbi5vcmeC
-Gnd3dy5wYWNrYWdlcy5xYS5kZWJpYW4ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAp
-IeyjNGhtpCIHp8jv0s9NJW8as8EbNx/vQUiwbsIB+Paw6xn7wPipRWHwRbTbjNaA
-S23LFxC75v9H1QKVz5X16pGc6bXUk+NTDNgbVMs2p2A76XiOXilo+L79BCiTh7X1
-N2lgK5coGoNvGswuEjR7EplzgVOpHQ0BbqOky9Du1oijMsNPucNFcdu0kFWv0kye
-w6UoOKo9ioYHgOCNgaHEzwU7U/l8erG18WUfiYZqBeEEHlOTkmfFiq9pRvgDIlXd
-U6320kHgI+AjvlVcIZqLFpOpY/GSa0Y+XAUE/vBVXFV3zHp+riPSNtNi0Etfywun
-wkZWKgOpTwLOlDBDU1g/
+MIIFkjCCBHqgAwIBAgIRANb0C5rUX64108LRwjj2eWEwDQYJKoZIhvcNAQELBQAw
+XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
+MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
+MB4XDTE1MDYyMDAwMDAwMFoXDTE2MDcwMjIzNTk1OVowYTEhMB8GA1UECxMYRG9t
+YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT
+U0wxHzAdBgNVBAMTFnBhY2thZ2VzLnFhLmRlYmlhbi5vcmcwggGiMA0GCSqGSIb3
+DQEBAQUAA4IBjwAwggGKAoIBgQDFXVIMBIramNN11ue09nxcuMwQOiTbl98b/oqt
+gGB8oKtgypsLjl74ikWJ69jn8Q83abx9KJgKlgbovnYgvOoMF0PSJC92EpE5RYdn
+lNhEVP+qkybmQIxTegownqrCQd65JBHCG5Lf79DGM0GPCULWKwntWY210yX0SkBk
+1D/L6uTMDgf8ozyWQHwseItXLdvKYWQZyH2Eob4J7XTKTJKqRE+DFa86xmj17UTY
+V2VineTdQ2mfYA8Rfes9QcSdxwxXwVQZ+nf7p1AxVaU6Djs9TuYbxmNS/L2coGQz
+p5UdO5HAGLYRqhyCgn8wxqQ/5J2g9mpFbIeZ1VQm6TFxLTl1Uz7xg/YgOszneqba
+L557jrq5UY/j5HMa4gbm4bQ13JN1cFiZ17oVsqUPgwx28O+3EvkOqb+/fhmVGhhi
+l1B3xLI+MSmpwGeVqCn3h6Qg9zTDDdnD5VZt0g3MW2KO4uyAdiCvoLU9aghiIRQq
+BtWdPJWQHTGDjrQhxRfrVliLPYMCAwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFLOQ
+p9jJr07NYTyffK1df0H9aTDqMB0GA1UdDgQWBBSCPt8o/ThPSwhYMSicF98B+pm4
+1DAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
+BQcDAQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsG
+AQUFBwIBFhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNV
+HR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFu
+ZGFyZFNTTENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRw
+Oi8vY3J0LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYI
+KwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wPQYDVR0RBDYwNIIW
+cGFja2FnZXMucWEuZGViaWFuLm9yZ4Iad3d3LnBhY2thZ2VzLnFhLmRlYmlhbi5v
+cmcwDQYJKoZIhvcNAQELBQADggEBAH+P2lXS3GOlkNZg4i4i//frTr5b8U8Mjyid
+z16+JVyAIFITXm39qTWJlBGvafRJXfGsbCMcgaSPsnURwn3layztBL5M+8il9evx
+nbKGi1X/aWihW8GSKDoBM+9f+KkdcWux0ChTqUiG/BIbgJJftxDoIkwv0E2jQtNP
+MpbfXdV5232mNpac9vPvSWqZUFCvqBZSvWpSgsirQ/tprE3pc2hcPHU8YWVwghim
+KWfbAit5S/nk1BvAxzP1plddWXfh0lb+uxHu9sITe5e7vmoKBOlj71F88Yvt3Utr
+0z1wEDe4Wa2EaNyX84RqUrCbMX9FwxSjCFQW8UWD5kXQgcUaBhc=
-----END CERTIFICATE-----
Data:
Version: 3 (0x2)
Serial Number:
- d1:df:a0:62:f1:d4:59:fe:78:05:eb:d9:69:ff:75:2d
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA
+ 44:db:31:b8:fa:4b:3d:3f:09:aa:20:bd:f5:1d:c7:ab
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
Validity
- Not Before: Jun 27 00:00:00 2014 GMT
- Not After : Jun 27 23:59:59 2015 GMT
+ Not Before: Jun 20 00:00:00 2015 GMT
+ Not After : Jun 27 23:59:59 2016 GMT
Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=tracker.debian.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
- 00:c8:7a:d0:ed:05:94:a7:d3:24:c4:71:76:f9:c4:
- e6:32:11:33:0e:2a:85:24:62:21:c0:ef:1f:91:27:
- 81:ba:96:9a:ff:52:76:df:45:4e:f9:75:b1:3a:36:
- 6f:bf:2f:be:aa:da:93:4c:70:56:a1:65:2b:61:21:
- 7d:6c:f3:b3:78:80:c7:b9:76:fb:c2:cc:eb:e3:3f:
- 90:3b:8d:d2:a6:7e:ca:f0:ef:c9:f2:8a:55:b2:05:
- a3:e7:77:8a:5b:03:ee:e3:92:f2:7b:8e:35:d9:66:
- 08:18:a8:b4:ee:c6:6e:ca:dc:4a:9d:d2:d9:a6:d7:
- 4e:51:09:be:6a:11:21:89:64:23:56:3e:73:22:80:
- 00:5d:9c:8b:4e:d3:e6:fc:9e:ae:11:3c:b5:8c:a0:
- 54:1d:70:2a:b9:03:b8:7e:04:06:da:10:91:1e:17:
- 3a:ed:b4:d8:66:42:fe:b5:d7:fc:68:71:6f:dc:e8:
- 71:07:d4:78:cc:53:56:c5:d5:b8:88:a1:eb:1a:9a:
- 20:ff:43:f6:d4:54:7e:b2:0c:91:e4:e7:06:01:ae:
- e7:b1:05:6f:e6:04:b8:d4:1f:3d:69:a3:d2:03:36:
- c0:94:a1:6c:8c:39:66:39:51:18:b0:48:c7:a1:3e:
- 21:fe:8a:60:b1:35:36:80:06:ea:a6:3f:b8:ac:f0:
- 3a:17
+ 00:bc:a7:26:cb:d9:5b:5a:59:13:87:42:a0:1f:aa:
+ cb:97:a7:b1:41:ca:1a:e0:88:2f:9b:55:21:79:c1:
+ 9f:db:93:28:f1:2a:a2:15:c4:73:d8:aa:79:a7:73:
+ 75:7e:34:8b:09:83:13:6a:de:2b:21:71:a4:ba:bd:
+ f9:0f:fe:72:f2:5c:08:45:64:a7:0e:dc:a4:c7:f8:
+ 0c:d4:6c:b3:be:40:7e:e8:11:61:aa:e2:31:b4:c8:
+ 62:e6:c1:e3:53:83:fb:b7:3f:ea:8b:dc:2b:26:37:
+ 85:a9:00:87:7b:d3:b7:6d:ee:92:9d:c8:2c:30:a2:
+ d4:5a:c0:48:0e:4f:5d:f0:90:00:78:94:b2:e5:a1:
+ df:32:9c:ed:f2:08:89:af:f6:30:4a:85:e2:c3:83:
+ c9:ae:3d:5c:e4:46:14:ae:01:ef:7f:f8:7d:be:33:
+ 2d:2b:a9:c4:f7:25:1a:86:bb:77:03:7c:39:51:77:
+ b6:6c:33:c3:e7:b0:69:ad:09:d6:32:e1:97:c2:01:
+ 58:4b:9d:21:4b:50:25:f8:79:ef:1f:b0:40:11:1d:
+ 10:5a:19:f7:44:3d:24:7b:f2:27:8a:12:74:88:cf:
+ 53:df:82:d7:97:37:6d:51:51:7f:8f:4b:40:29:2e:
+ d3:4e:9d:6a:06:28:2d:7e:0b:86:56:53:fb:61:4b:
+ 91:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
- keyid:B6:A8:FF:A2:A8:2F:D0:A6:CD:4B:B1:68:F3:E7:50:10:31:A7:79:21
+ keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
X509v3 Subject Key Identifier:
- FF:B9:2F:8F:30:CA:EC:50:0D:22:35:BD:50:46:02:68:55:79:61:3E
+ BA:25:20:3A:D9:13:AE:CE:FB:E6:31:E9:74:AD:58:6F:7E:86:2F:D7
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.26
- CPS: http://www.gandi.net/contracts/fr/ssl/cps/pdf/
+ CPS: https://cps.usertrust.com
Policy: 2.23.140.1.2.1
X509v3 CRL Distribution Points:
Full Name:
- URI:http://crl.gandi.net/GandiStandardSSLCA.crl
+ URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
Authority Information Access:
- CA Issuers - URI:http://crt.gandi.net/GandiStandardSSLCA.crt
- OCSP - URI:http://ocsp.gandi.net
+ CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
+ OCSP - URI:http://ocsp.usertrust.com
X509v3 Subject Alternative Name:
DNS:tracker.debian.org, DNS:www.tracker.debian.org
- Signature Algorithm: sha1WithRSAEncryption
- 55:c9:ac:88:28:25:a0:0a:df:fc:e8:99:4e:63:5b:bb:1c:8a:
- 83:ad:fa:4d:f5:f3:1b:0b:a0:f3:6c:7c:27:07:5e:52:92:f9:
- a6:3c:49:fe:fc:5a:f4:b9:b2:fb:c5:54:58:05:90:fc:6c:ce:
- 5b:b6:17:d7:ab:88:d0:25:8a:2e:c7:6e:e1:43:b9:fa:85:57:
- f5:77:0e:ec:c9:6e:7c:8e:db:d0:00:85:0e:fc:55:f7:47:41:
- 9e:e0:5c:4d:21:e6:ed:3c:fd:ea:f5:e7:9e:90:2e:66:68:2c:
- 6c:e9:45:ba:62:5f:d8:a6:d5:bf:9e:46:27:bd:82:d6:1a:a7:
- e0:28:62:35:78:45:b4:90:e8:7d:15:94:43:e7:4e:ed:c7:53:
- eb:b2:4e:d1:12:e3:89:1f:7c:c5:43:71:6f:7c:1f:a6:d2:7e:
- c3:02:c2:b7:a8:0c:32:dd:57:74:32:e7:66:aa:f8:f8:b5:7e:
- 80:e3:42:2c:12:d2:6e:25:04:35:6b:31:38:c9:6b:c6:c8:92:
- 55:f9:d1:5b:e6:03:31:49:0a:21:51:a3:95:d1:00:72:bd:58:
- a3:10:72:4a:ff:f8:1d:9e:b9:4f:ad:f3:84:d6:ed:51:be:94:
- a6:54:77:e4:f9:f8:ef:bc:f4:9f:71:b7:69:d2:38:d9:0b:db:
- bb:db:b3:70
+ Signature Algorithm: sha256WithRSAEncryption
+ 5b:10:bb:97:97:03:5e:7f:e0:c6:00:e0:be:0f:48:fb:7f:d9:
+ d7:59:0f:4d:5c:ab:0d:7d:3f:7c:5c:11:4b:4a:20:4f:cf:c5:
+ bf:34:64:90:0d:78:8e:0a:26:7a:0d:04:3e:94:69:dc:01:37:
+ a5:7c:3f:94:b3:76:cd:46:fb:b2:4d:55:b3:ed:51:cb:03:58:
+ a8:e5:fe:59:d7:a9:24:c6:56:a8:27:e8:01:88:1c:4c:60:b1:
+ c3:e8:26:0d:9f:c3:e2:6e:a5:e6:23:03:3d:a5:6a:70:c8:cd:
+ 50:3b:75:ec:f1:5b:bf:86:69:b7:f9:56:9b:76:ae:10:89:a0:
+ 37:17:72:b7:34:b2:16:40:e4:90:91:f0:bc:8b:92:af:1f:69:
+ f3:85:fe:8a:f6:f7:d1:50:9b:ab:f6:31:6c:e8:cd:23:4c:68:
+ 51:5e:d2:52:44:84:a4:fa:6b:30:83:c3:ae:d0:33:09:73:80:
+ c8:b7:f0:ce:21:2f:ee:ad:ad:56:85:34:b6:d2:1c:35:76:67:
+ 83:a8:37:9d:13:43:d1:84:8b:c1:15:8a:c2:5b:f3:65:5f:2e:
+ 00:88:da:7f:6e:2d:04:c1:11:58:02:2c:25:70:c4:19:2a:fb:
+ 69:5f:00:c0:93:4a:89:16:00:e6:06:c5:60:42:bf:6a:f8:b9:
+ aa:c5:78:c3
-----BEGIN CERTIFICATE-----
-MIIE7zCCA9egAwIBAgIRANHfoGLx1Fn+eAXr2Wn/dS0wDQYJKoZIhvcNAQEFBQAw
-QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu
-ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTE0MDYyNzAwMDAwMFoXDTE1MDYyNzIzNTk1
-OVowXTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL
-ExJHYW5kaSBTdGFuZGFyZCBTU0wxGzAZBgNVBAMTEnRyYWNrZXIuZGViaWFuLm9y
-ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMh60O0FlKfTJMRxdvnE
-5jIRMw4qhSRiIcDvH5EngbqWmv9Sdt9FTvl1sTo2b78vvqrak0xwVqFlK2EhfWzz
-s3iAx7l2+8LM6+M/kDuN0qZ+yvDvyfKKVbIFo+d3ilsD7uOS8nuONdlmCBiotO7G
-bsrcSp3S2abXTlEJvmoRIYlkI1Y+cyKAAF2ci07T5vyerhE8tYygVB1wKrkDuH4E
-BtoQkR4XOu202GZC/rXX/Ghxb9zocQfUeMxTVsXVuIih6xqaIP9D9tRUfrIMkeTn
-BgGu57EFb+YEuNQfPWmj0gM2wJShbIw5ZjlRGLBIx6E+If6KYLE1NoAG6qY/uKzw
-OhcCAwEAAaOCAcQwggHAMB8GA1UdIwQYMBaAFLao/6KoL9CmzUuxaPPnUBAxp3kh
-MB0GA1UdDgQWBBT/uS+PMMrsUA0iNb1QRgJoVXlhPjAOBgNVHQ8BAf8EBAMCBaAw
-DAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYAYD
-VR0gBFkwVzBLBgsrBgEEAbIxAQICGjA8MDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3
-LmdhbmRpLm5ldC9jb250cmFjdHMvZnIvc3NsL2Nwcy9wZGYvMAgGBmeBDAECATA8
-BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmdhbmRpLm5ldC9HYW5kaVN0YW5k
-YXJkU1NMQ0EuY3JsMGoGCCsGAQUFBwEBBF4wXDA3BggrBgEFBQcwAoYraHR0cDov
-L2NydC5nYW5kaS5uZXQvR2FuZGlTdGFuZGFyZFNTTENBLmNydDAhBggrBgEFBQcw
-AYYVaHR0cDovL29jc3AuZ2FuZGkubmV0MDUGA1UdEQQuMCyCEnRyYWNrZXIuZGVi
-aWFuLm9yZ4IWd3d3LnRyYWNrZXIuZGViaWFuLm9yZzANBgkqhkiG9w0BAQUFAAOC
-AQEAVcmsiCgloArf/OiZTmNbuxyKg636TfXzGwug82x8JwdeUpL5pjxJ/vxa9Lmy
-+8VUWAWQ/GzOW7YX16uI0CWKLsdu4UO5+oVX9XcO7MlufI7b0ACFDvxV90dBnuBc
-TSHm7Tz96vXnnpAuZmgsbOlFumJf2KbVv55GJ72C1hqn4ChiNXhFtJDofRWUQ+dO
-7cdT67JO0RLjiR98xUNxb3wfptJ+wwLCt6gMMt1XdDLnZqr4+LV+gONCLBLSbiUE
-NWsxOMlrxsiSVfnRW+YDMUkKIVGjldEAcr1YoxBySv/4HZ65T63zhNbtUb6UplR3
-5Pn477z0n3G3adI42Qvbu9uzcA==
+MIIFBTCCA+2gAwIBAgIQRNsxuPpLPT8JqiC99R3HqzANBgkqhkiG9w0BAQsFADBf
+MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
+DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
+HhcNMTUwNjIwMDAwMDAwWhcNMTYwNjI3MjM1OTU5WjBdMSEwHwYDVQQLExhEb21h
+aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT
+TDEbMBkGA1UEAxMSdHJhY2tlci5kZWJpYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAvKcmy9lbWlkTh0KgH6rLl6exQcoa4Igvm1UhecGf25Mo
+8SqiFcRz2Kp5p3N1fjSLCYMTat4rIXGkur35D/5y8lwIRWSnDtykx/gM1GyzvkB+
+6BFhquIxtMhi5sHjU4P7tz/qi9wrJjeFqQCHe9O3be6SncgsMKLUWsBIDk9d8JAA
+eJSy5aHfMpzt8giJr/YwSoXiw4PJrj1c5EYUrgHvf/h9vjMtK6nE9yUahrt3A3w5
+UXe2bDPD57BprQnWMuGXwgFYS50hS1Al+HnvH7BAER0QWhn3RD0ke/InihJ0iM9T
+34LXlzdtUVF/j0tAKS7TTp1qBigtfguGVlP7YUuRcQIDAQABo4IBvTCCAbkwHwYD
+VR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFLolIDrZE67O
+++Yx6XStWG9+hi/XMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEB
+AgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYG
+Z4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNv
+bS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYB
+BQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NM
+Q0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA1
+BgNVHREELjAsghJ0cmFja2VyLmRlYmlhbi5vcmeCFnd3dy50cmFja2VyLmRlYmlh
+bi5vcmcwDQYJKoZIhvcNAQELBQADggEBAFsQu5eXA15/4MYA4L4PSPt/2ddZD01c
+qw19P3xcEUtKIE/Pxb80ZJANeI4KJnoNBD6UadwBN6V8P5Szds1G+7JNVbPtUcsD
+WKjl/lnXqSTGVqgn6AGIHExgscPoJg2fw+JupeYjAz2lanDIzVA7dezxW7+Gabf5
+Vpt2rhCJoDcXcrc0shZA5JCR8LyLkq8fafOF/or299FQm6v2MWzozSNMaFFe0lJE
+hKT6azCDw67QMwlzgMi38M4hL+6trVaFNLbSHDV2Z4OoN50TQ9GEi8EVisJb82Vf
+LgCI2n9uLQTBEVgCLCVwxBkq+2lfAMCTSokWAOYGxWBCv2r4uarFeMM=
-----END CERTIFICATE-----
ensure => installed,
}
+ file { '/etc/ssl/README':
+ mode => '0444',
+ source => 'puppet:///modules/ssl/README',
+ }
file { '/etc/ca-certificates.conf':
source => 'puppet:///modules/ssl/ca-certificates.conf',
notify => Exec['refresh_normal_hashes'],
notify => Exec['refresh_normal_hashes'],
}
file { '/etc/ssl/certs/README':
- mode => '0444',
- source => 'puppet:///modules/ssl/README.certs',
+ ensure => absent,
}
file { '/etc/ssl/ca-debian':
ensure => directory,
mode => '0755',
}
file { '/etc/ssl/ca-debian/README':
- mode => '0444',
- source => 'puppet:///modules/ssl/README.ca-debian',
+ ensure => absent,
}
file { '/etc/ssl/ca-global':
ensure => directory,
mode => '0755',
}
file { '/etc/ssl/ca-global/README':
- mode => '0444',
- source => 'puppet:///modules/ssl/README.ca-global',
+ ensure => absent,
}
file { '/etc/ssl/debian':
ensure => directory,
dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org
dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component metadata.ftp-master.debian.org
%debbits master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bits.debian.org
+%debdelta donizetti=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debdeltas.debian.net
%webwml master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component network-test.debian.org
planet philp=(staticsync) NOPASSWD: /usr/local/bin/static-update-component planet.debian.org
debwww wolkenstein=(staticsync) NOPASSWD: /usr/local/bin/static-update-component www.debian.org
StandardOutput=journal
StandardError=journal
Restart=always
+RestartSec=5
[Install]
WantedBy=multi-user.target
notify => Service['vsftpd']
}
+ # Mask the vsftpd service as we are using xinetd
+ file { '/etc/systemd/system/vsftpd.service':
+ ensure => 'link',
+ target => '/dev/null',
+ notify => Exec['systemctl daemon-reload'],
+ }
+
+ # Ensure the empty dir is present, workaround for #789127
+ file { '/etc/tmpfiles.d/vsftpd.conf':
+ content => 'd /var/run/vsftpd/empty 0755 root root -',
+ notify => Exec['systemd-tmpfiles --create --exclude-prefix=/dev'],
+ }
+
munin::check { 'vsftpd':
ensure => absent
}
Package['debian.org']
]
}
-
}