do not run an authority on draghi

diff --git a/manifests/site.pp b/manifests/site.pp
index 24f330a3bf8cb1f8b5ed566c18e35387432d7367..ab6fd7dc66a8265d5a0c54883a4fd1e6a073161a 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -86,7 +86,7 @@ node default {
                include apache2
        }
 
                include apache2
        }
 

-       if $::hostname in [ravel,senfl,orff,draghi,diamond,rietz,denis] {
+       if $::hostname in [ravel,senfl,orff,diamond,rietz,denis] {

                include named::authoritative
        } elsif $::hostname in [geo1,geo2,geo3] {
                include named::geodns
                include named::authoritative
        } elsif $::hostname in [geo1,geo2,geo3] {
                include named::geodns

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 2a48908746c57673d3f38fb8804d8717b95f49fa..818c2aaa5233a0c661ae123362d6c54718f19441 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -74,11 +74,6 @@ class ferm::per-host {
                        }
                }
                draghi: {
                        }
                }
                draghi: {

-                       #@ferm::rule { 'dsa-bind':
-                       #    domain          => '(ip ip6)',
-                       #    description     => 'Allow nameserver access',
-                       #    rule            => '&TCP_UDP_SERVICE(53)'
-                       #}

                        @ferm::rule { 'dsa-finger':
                                domain          => '(ip ip6)',
                                description     => 'Allow finger access',
                        @ferm::rule { 'dsa-finger':
                                domain          => '(ip ip6)',
                                description     => 'Allow finger access',

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 18eea460d48b7c92aa0b960b69286a68b0187def..71b72452af9296d888c2bfc5e64fdef55ec65434 100644 (file)
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -155,10 +155,9 @@ debwww             wolkenstein=(staticsync)        NOPASSWD: /usr/local/bin/static-update-componen
 piupartss      PIUPARTS_SLAVE_HOSTS=(ALL)              NOPASSWD: ALL
 # trigger of mirror run for packages
 #pkg_user      powell=(archvsync)      NOPASSWD: /home/archvsync/bin/pushpdo
 piupartss      PIUPARTS_SLAVE_HOSTS=(ALL)              NOPASSWD: ALL
 # trigger of mirror run for packages
 #pkg_user      powell=(archvsync)      NOPASSWD: /home/archvsync/bin/pushpdo

-# on draghi, the domains git thing will run bind9 reload afterwards

 dnsadm         denis=(root)                    NOPASSWD: /usr/sbin/service bind9 reload
 dnsadm         denis=(root)                    NOPASSWD: /usr/sbin/service bind9 reload

-%dnsadm                draghi,orff=(root)              NOPASSWD: /etc/init.d/bind9 reload
-%dnsadm                draghi,orff=(geodnssync)        NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
+%dnsadm                orff=(root)             NOPASSWD: /etc/init.d/bind9 reload
+%dnsadm                orff=(geodnssync)       NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo

 %adm           draghi=(puppet)                 NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
 # wbadm can update all buildd* users' keys on buildd.d.o
 %wbadm         BUILDD_MASTER=(wb-buildd)       ALL
 %adm           draghi=(puppet)                 NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
 # wbadm can update all buildd* users' keys on buildd.d.o
 %wbadm         BUILDD_MASTER=(wb-buildd)       ALL