Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa...

diff --git a/files/etc/puppet/puppet.conf b/files/etc/puppet/puppet.conf
index 732dfffc78e2afbe4ed227e566cbad0c0062980d..1a839469124eb683eca6768b2c8a80e44dee3990 100644 (file)
--- a/files/etc/puppet/puppet.conf
+++ b/files/etc/puppet/puppet.conf
@@ -10,10 +10,20 @@ ssldir=/var/lib/puppet/ssl
 rundir=/var/run/puppet
 factpath=$vardir/facts
 pluginsync=true
+# This is the default environment for all clients
+environment=production 
 
 [puppetmasterd]
 templatedir=/etc/puppet/templates
 libdir=/etc/puppet/lib
+environments = development,testing,production,staging
 
 [puppetd]
 environments = development,testing,production,staging
+
+[staging]
+libdir=/etc/puppet/lib
+manifestdir=/srv/puppet.debian.org/stages/staging/manifests
+templatedir=/srv/puppet.debian.org/stages/staging/templates
+fileserverconfig=/srv/puppet.debian.org/stages/staging/fileserver.conf
+modulepath=/srv/puppet.debian.org/stages/staging/modules

diff --git a/fileserver.conf b/fileserver.conf
index 3b6b7954772d1ddeaf2e843898dc3bb789ccae27..2cd7c25de21936927c5f1782e7efd99df62a203c 100644 (file)
--- a/fileserver.conf
+++ b/fileserver.conf
@@ -1,3 +1,8 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
 # This file consists of arbitrarily named sections/modules
 # defining where files are served from and to whom
 

diff --git a/manifests/site.pp b/manifests/site.pp
index abceb1fb71cbe45a37aae327a1111eaa286f870e..092f3212448d2953d8fbc53c4824cb31b6bb7df9 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -71,7 +71,7 @@ node default {
     }
 
     case $hostname {
-        rietz,raff,klecker,ravel,senfl: { include named::secondary }
+        rietz,klecker,ravel,senfl: { include named::secondary }
     }
 
     case $hostname {
@@ -81,6 +81,6 @@ node default {
         "true":    { include hosts }
     }
     case $hoster {
-        "ubcece", "darmstadt":  { include resolv }
+        "ubcece", "darmstadt", "ftcollins":  { include resolv }
     }
 }

diff --git a/modules/debian-org/misc/hoster.yaml b/modules/debian-org/misc/hoster.yaml
index 60a63c11c5af7c56acc84501868442f4acbed4bc..afe41494aeb13de738e68467102ca844b64e3797 100644 (file)
--- a/modules/debian-org/misc/hoster.yaml
+++ b/modules/debian-org/misc/hoster.yaml
@@ -7,6 +7,7 @@ csail:
   - 128.31.0.0/24
 darmstadt:
   - 82.195.75.64/26
+  - 82.195.75.32/28
   - 2001:41b8:202:deb::/64
 dgi:
   - 93.94.130.128/26

diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml
index e1f4ab1eb6b58d40852efef121c0562035a19344..1425ae26853a9add0d82baa684ee147c5bae1690 100644 (file)
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -107,7 +107,6 @@ host_settings:
     - merkel.debian.org
     - morricone.debian.org
     - powell.debian.org
-    - raff.debian.org
     - ravel.debian.org
     - ries.debian.org
     - rietz.debian.org
@@ -118,6 +117,7 @@ host_settings:
     - gluck.debian.org
     - kassia.debian.org
     - lobos.debian.org
+    - raff.debian.org
     - saens.debian.org
     - schein.debian.org
     - steffani.debian.org
@@ -196,6 +196,7 @@ host_settings:
     piatti.debian.org: mailout.debian.org
     praetorius.debian.org: mailout.debian.org
     puccini.debian.org: mailout.debian.org
+    raff.debian.org: mailout.debian.org
     rem.debian.org: mailout.debian.org
     respighi.debian.org: mailout.debian.org
     rore.debian.org: mailout.debian.org

diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 1d40853b1b05426573b0279eba4e12825e992adb..43dd108df4f6e3302d144f333cb01129a1d5d6f4 100644 (file)
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -144,6 +144,12 @@ class exim {
           group   => Debian-exim,
           mode    => 640
           ;
+        "/var/log/exim4":
+          mode    => 2750,
+          ensure  => directory,
+          owner   => Debian-exim,
+          group   => maillog
+          ;
     }
 
     exec { "exim4 reload":

diff --git a/modules/exim/templates/virtualdomains.erb b/modules/exim/templates/virtualdomains.erb
index eb0301fb48c5fdbc7320690173c39c894b7fb48b..b814bbc4e66fdf19a87f3dcf3cb80b42160c6f9f 100644 (file)
--- a/modules/exim/templates/virtualdomains.erb
+++ b/modules/exim/templates/virtualdomains.erb
@@ -49,9 +49,6 @@ nm.debian.org: user=nm group=nm directory=/org/nm.debian.org/mail/"
 
         when "powell.debian.org" then "packages.debian.org: user=pkg_user group=Debian directory=/org/packages.debian.org/mail/"
 
-        #when "raff.debian.org" then "buildd.debian.org: user=wbadm group=wbadm directory=/srv/buildd.debian.org/mail
-#logs.buildd.debian.org: user=wbadm group=wbadm directory=/srv/logs.buildd.debian.org/mail"
-
         when "ravel.debian.org" then "women.debian.org: user=nobody group=mujeres directory=/org/women.debian.org/mail"
 
         when "ries.debian.org" then "release.debian.org: user=release group=debian-release directory=/org/release.debian.org/mail

diff --git a/modules/munin-node/templates/munin-node.plugin.conf.erb b/modules/munin-node/templates/munin-node.plugin.conf.erb
index fbf153977797765968d3ac237d636f14a273d937..b5012f7dee29ccbaff49a3f1b0ccaa7c92747a0d 100644 (file)
--- a/modules/munin-node/templates/munin-node.plugin.conf.erb
+++ b/modules/munin-node/templates/munin-node.plugin.conf.erb
@@ -88,7 +88,7 @@ group maillog
 [bind*]
 <%=
 out = case hostname
-  when "geo1","geo2","geo3","raff" then "group bind
+  when "geo1","geo2","geo3" then "group bind
 env.logfile /var/log/bind9/geoip-query.log"
   else "group adm"
 end

diff --git a/modules/named/files/common/named.conf.acl b/modules/named/files/common/named.conf.acl
index 42a63495ae89c58e73c8e98d66994d312eae6bb1..8ca867a800e53fb4e411f1b6d0d64d4a0ce4b42f 100644 (file)
--- a/modules/named/files/common/named.conf.acl
+++ b/modules/named/files/common/named.conf.acl
@@ -282,3 +282,8 @@ acl AN {
        country_HM;
        country_TF;
 };
+
+acl undef {
+       country_A1;
+       country_A2;
+};

diff --git a/modules/named/files/common/named.conf.geo b/modules/named/files/common/named.conf.geo
index 41549426bbb0c05066895030559e98ad33469e0b..57fe21996a5d1394e79937ae401caf57107dd42f 100644 (file)
--- a/modules/named/files/common/named.conf.geo
+++ b/modules/named/files/common/named.conf.geo
@@ -422,6 +422,66 @@ view "SA" {
     allow-transfer { };
   };
 
+};
+view "undef" {
+  match-clients { undef; };
+
+  zone "volatile.debian.org" {
+    type master;
+    file "/etc/bind/geodns/db.volatile.debian.org.undef";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "security.geo.debian.org" {
+    type master;
+    file "/etc/bind/geodns/db.security.debian.org.undef";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "security.debian.org" {
+    type master;
+    file "/etc/bind/geodns/db.security.debian.org.undef";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "ftp.debian.org" {
+    type master;
+    file "/etc/bind/geodns/db.ftp.debian.org.undef";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "bugs.debian.org" {
+    type master;
+    file "/etc/bind/geodns/db.bugs.debian.org.undef";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "www.debian.org" {
+    type master;
+    file "/etc/bind/geodns/db.www.debian.org.undef";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "packages.debian.org" {
+    type master;
+    file "/etc/bind/geodns/db.packages.debian.org.undef";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
 };
 view "default" {
   match-clients { any; };

diff --git a/modules/named/files/common/recvconf.files b/modules/named/files/common/recvconf.files
index d6ce82e4b78871f12fccf54731784d2ac0932223..e91238323bb1bff3f5a857f5b9af73fcc183f03b 100644 (file)
--- a/modules/named/files/common/recvconf.files
+++ b/modules/named/files/common/recvconf.files
@@ -27,6 +27,12 @@ file etc/bind/geodns/db.bugs.debian.org.AS
     group geodnssync
     precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AS
     postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.bugs.debian.org.undef
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.undef
+    postcommand sudo /etc/init.d/bind9 reload
 file etc/bind/geodns/db.bugs.debian.org.AF
     perms 0644
     user geodnssync
@@ -51,6 +57,60 @@ file etc/bind/geodns/db.bugs.debian.org.NA
     group geodnssync
     precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.NA
     postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.AN
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AN
+    postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.SA
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.SA
+    postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.OC
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.OC
+    postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.AS
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AS
+    postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.undef
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.undef
+    postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.AF
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AF
+    postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org
+    postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.EU
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.EU
+    postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.NA
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.NA
+    postcommand sudo /etc/init.d/bind9 reload
 file etc/bind/geodns/db.packages.debian.org.AN
     perms 0644
     user geodnssync
@@ -75,6 +135,12 @@ file etc/bind/geodns/db.packages.debian.org.AS
     group geodnssync
     precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AS
     postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org.undef
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.undef
+    postcommand sudo /etc/init.d/bind9 reload
 file etc/bind/geodns/db.packages.debian.org.AF
     perms 0644
     user geodnssync
@@ -123,6 +189,12 @@ file etc/bind/geodns/db.security.debian.org.AS
     group geodnssync
     precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AS
     postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org.undef
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.undef
+    postcommand sudo /etc/init.d/bind9 reload
 file etc/bind/geodns/db.security.debian.org.AF
     perms 0644
     user geodnssync
@@ -171,6 +243,12 @@ file etc/bind/geodns/db.volatile.debian.org.AS
     group geodnssync
     precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.AS
     postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org.undef
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.undef
+    postcommand sudo /etc/init.d/bind9 reload
 file etc/bind/geodns/db.volatile.debian.org.AF
     perms 0644
     user geodnssync
@@ -219,6 +297,12 @@ file etc/bind/geodns/db.www.debian.org.AS
     group geodnssync
     precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AS
     postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org.undef
+    perms 0644
+    user geodnssync
+    group geodnssync
+    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.undef
+    postcommand sudo /etc/init.d/bind9 reload
 file etc/bind/geodns/db.www.debian.org.AF
     perms 0644
     user geodnssync
@@ -243,51 +327,3 @@ file etc/bind/geodns/db.www.debian.org.NA
     group geodnssync
     precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.NA
     postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.ftp.debian.org.AN
-    perms 0644
-    user geodnssync
-    group geodnssync
-    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AN
-    postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.ftp.debian.org.SA
-    perms 0644
-    user geodnssync
-    group geodnssync
-    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.SA
-    postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.ftp.debian.org.OC
-    perms 0644
-    user geodnssync
-    group geodnssync
-    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.OC
-    postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.ftp.debian.org.AS
-    perms 0644
-    user geodnssync
-    group geodnssync
-    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AS
-    postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.ftp.debian.org.AF
-    perms 0644
-    user geodnssync
-    group geodnssync
-    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AF
-    postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.ftp.debian.org
-    perms 0644
-    user geodnssync
-    group geodnssync
-    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org
-    postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.ftp.debian.org.EU
-    perms 0644
-    user geodnssync
-    group geodnssync
-    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.EU
-    postcommand sudo /etc/init.d/bind9 reload
-file etc/bind/geodns/db.ftp.debian.org.NA
-    perms 0644
-    user geodnssync
-    group geodnssync
-    precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.NA
-    postcommand sudo /etc/init.d/bind9 reload

diff --git a/modules/resolv/templates/resolv.conf.erb b/modules/resolv/templates/resolv.conf.erb
index 8fa658de5fa57e6b3c410f5ae601b8e4257662dd..eb59db861f7c98072bdabdc8fe176dd7959aed11 100644 (file)
--- a/modules/resolv/templates/resolv.conf.erb
+++ b/modules/resolv/templates/resolv.conf.erb
@@ -19,6 +19,13 @@ case hoster
     end
     nameservers += ["82.195.75.81", "82.195.66.249", "217.198.242.225"]
     searchpaths << "debprivate-darmstadt.debian.org"
+  when "ftcollins" then
+    case hostname
+      when "spohr", "samosa" then
+        nameservers << "127.0.0.1"
+    end
+    nameservers += ["192.25.206.33", "192.25.206.57"]
+    searchpaths << "debprivate-ftcollins.debian.org"
 end
 
 searchpaths << "debian.org"

diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index 6c35f144bc654cea17ae78110a78ee21ea35f5c5..64ebe22833cccea149a9d2292f281ba7fd31085d 100644 (file)
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -75,7 +75,10 @@
 file=/etc/mtab
 file=/etc/ssh_random_seed
 file=/etc/asound.conf
+<% case hoster when "ubcece", "darmstadt", "ftcollins" then ""
+else -%>
 file=/etc/resolv.conf
+<% end -%>
 file=/etc/localtime
 file=/etc/ioctl.save
 file=/etc/passwd.backup
@@ -205,6 +208,10 @@ file=/var/log/syslog
 ##
 ## This file might be created or removed by the system sometimes.
 ##
+<% case hoster when "ubcece", "darmstadt", "ftcollins" then "" -%>
+file=/etc/resolv.conf
+<% else
+end -%>
 file=/etc/resolv.conf.pcmcia.save
 file=/etc/nologin
 file=/etc/postfix/debian.db
@@ -361,7 +368,7 @@ file=/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg"
 when "handel.debian.org": extrafiles="dir=8/etc/puppet"
 when "dijkstra.debian.org": extrafiles="dir=4/etc/dsa-kvm"
 when /geo[123].debian.org/: extrafiles="dir=1/etc/bind/geodns"
-when /(raff|rietz|klecker).debian.org/: extrafiles="dir=1/etc/bind
+when /(senfl|ravel|rietz|klecker).debian.org/: extrafiles="dir=1/etc/bind
 file=/etc/bind/named.conf.debian-zones"
 end
 extrafiles

diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers
index 380278b3e184129ec3784f0a327a6016faaec672..9ff6f97fc40c7bc7efcdc93289be4e5b2614394a 100644 (file)
--- a/modules/sudo/files/common/sudoers
+++ b/modules/sudo/files/common/sudoers
@@ -104,7 +104,6 @@ pkg_user    powell=(archvsync)      NOPASSWD: /home/archvsync/bin/pushpdo
 # remote power to babylon5 in the same rack:
 joerg          unger=(ALL)             /usr/bin/sispmctl -t 1, /usr/bin/sispmctl -g 1
 # wbadm can update all buildd* users' keys on buildd.d.o
-%wbadm         raff=(root)             /usr/local/bin/update-buildd-sshkeys
 %wbadm         cimarosa=(root)         /usr/local/bin/update-buildd-sshkeys
 wbadm          cimarosa=(postgres)     NOPASSWD: /usr/bin/pg_dumpall --cluster 8.4/wanna-build
 # mirror push