From: Martin Zobel-Helas Date: Sun, 15 Jul 2012 10:27:10 +0000 (+0200) Subject: Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa... X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=23b4b5adae9a75e3fcb27261b559b2fb497f85c3;hp=adce2ab022b6b71cc3b592a4eb3e65f6a92bcd02 Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet * 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet: (29 commits) ordering hint add sonntag Add buxtehude Add buxtehude Add a fi Try this More output Try this Try to do network right at osuosl end Try to make dsa.conf.erb a useful template ganeti module on byrd Add quotes Only do the ferm stuff for cluster ganeti2.d.o Fix spacing Say which ganeti cluster we are in Add byrd remove vivaldi (RT#3802) widor is getting hammered mode is important ... --- diff --git a/manifests/site.pp b/manifests/site.pp index f75f0f87..564986b0 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -36,7 +36,7 @@ node default { include roles include unbound - if $::hostname in [pasquini,tristano,bertali,boito] { + if $::hostname in [pasquini,tristano,bertali,boito,byrd] { include ganeti2 } diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp index 0c15379c..b89bafe1 100644 --- a/modules/apache2/manifests/init.pp +++ b/modules/apache2/manifests/init.pp @@ -77,7 +77,7 @@ class apache2 { } } - if $::hostname in [busoni,duarte,holter,lindberg,master,powell,beach] { + if $::hostname in [busoni,duarte,holter,lindberg,master,powell,beach,buxtehude,widor] { include apache2::dynamic } else { @ferm::rule { 'dsa-http': diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp index c1709632..335da3f0 100644 --- a/modules/buildd/manifests/init.pp +++ b/modules/buildd/manifests/init.pp @@ -28,10 +28,11 @@ class buildd { ensure => absent, } - if $::lsbdistcodename in [squeeze,wheezy] { - $suite = $::lsbdistcodename - } else { - $suite = 'wheezy' + $suite = $::lsbdistcodename ? { + squeeze => $::lsbdistcodename, + wheezy => $::lsbdistcodename, + undef => 'squeeze', + default => 'wheezy' } site::aptrepo { 'buildd.debian.org': diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml index 6aab0391..557430de 100644 --- a/modules/debian-org/misc/local.yaml +++ b/modules/debian-org/misc/local.yaml @@ -24,6 +24,8 @@ nameinfo: boiti.debian.org: Arrigo Boito (February 24th, 1842 - June 10th, 1918) brahms.debian.org: Johannes Brahms (May 7th, 1833 - April 3rd, 1897) busoni.debian.org: Ferruccio Dante Michelangiolo Benvenuto Busoni (April 1st, 1866 - July 27th, 1924) + buxtehude.debian.org: Dieterich Buxtehude (c. 1637 to 1639 -—May 9th, 1707) + byrd.debian.org: William Byrd (1543 - July 4th, 1623) chopin.debian.org: Frédéric Chopin (March 1st, 1810 - October 17th, 1849) cilea.debian.org: Francesco Cilèa (July 26th, 1866 - November 20th, 1950) corelli.debian.org: Arcangelo Corelli (February 17th, 1653 - January 8th, 1713) @@ -42,6 +44,7 @@ nameinfo: fano.debian.org: Guido Alberto Fano (March 18th, 1875 - August 14th, 1961) fasch.debian.org: Johann Friedrich Fasch (1688 - 1758) field.debian.org: John Field (1782 - 1837) + fils.debian.org: Anton Fils (September 22nd, 1733 (baptized) - March 14th, 1760 (buried)) finzi.debian.org: Gerald Raphael Finzi (July 14th, 1901 - September 27th, 1956) fischer.debian.org: Johann Caspar Ferdinand Fischer (September 9th, 1656 - August 27th, 1746) franck.debian.org: Melchior Franck (1579 - June 1st, 1639) @@ -119,6 +122,7 @@ nameinfo: smetana.debian.org: Bedřich Smetana (March 2nd, 1824 - May 12th, 1884) soler.debian.org: Padre Antonio Soler (December 3rd, 1729 (baptized) - December 20th, 1783) sompek.debian.org: Ernst Sompek (Juni 11th 1876 - August 2nd 1954) + sonntag.debian.org: Brunhilde Sonntag (27 September 1936 - 18 December 2002) stadler.debian.org: Maximilian Johann Karl Dominik Stadler, Abbé Stadler (August 4th 1748 - November 8th 1833) sperger.debian.org: Johannes Matthias Sperger (March 23th, 1750 - May 13th, 1812) spohr.debian.org: Louis Spohr (April 5th, 1784 - October 22nd, 1859) @@ -134,7 +138,6 @@ nameinfo: unger.debian.org: Caroline Unger (October 28th, 1803 - March 23th, 1877) vento.debian.org: Ivo de Vento (1543/1545 - 1575) vitry.debian.org: Philippe de Vitry (October 31st, 1291 - June 9th, 1361) - vivaldi.debian.org: Antonio Lucio Vivaldi (March 4th, 1678 - July 28th, 1741) widor.debian.org: Charles-Marie Jean Albert Widor (February 21st, 1844 - March 12th, 1937) wieck.debian.org: Clara Josephine Wieck (September 13th, 1819 - May 20th, 1896) wolkenstein.debian.org: Oswald von Wolkenstein (1377 - August 2nd, 1445) @@ -153,6 +156,7 @@ services: bugsmaster: bugsmx: - busoni.debian.org + - buxtehude.debian.org bugs_mirror: - beach.debian.org dbmaster: @@ -190,6 +194,7 @@ host_settings: - bellini.debian.org - bizet.debian.org - busoni.debian.org + - buxtehude.debian.org - chopin.debian.org - draghi.debian.org - franck.debian.org diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index abe02370..a9529ca1 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -10,6 +10,8 @@ class exim { package { 'exim4-daemon-heavy': ensure => installed } + Package['exim4-daemon-heavy']->Mailalias<| |> + service { 'exim4': ensure => running, require => [ diff --git a/modules/exim/templates/submission-domains.erb b/modules/exim/templates/submission-domains.erb index 0254419b..bfbe0430 100644 --- a/modules/exim/templates/submission-domains.erb +++ b/modules/exim/templates/submission-domains.erb @@ -3,6 +3,6 @@ ### USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git ### -<% if scope.lookupvar('::hostname') == 'busoni' %> +<% if %w{busoni buxtehude}.include?( scope.lookupvar('::hostname') ) %> bugs.debian.org <% end %> diff --git a/modules/exim/templates/virtualdomains.erb b/modules/exim/templates/virtualdomains.erb index 82c20a62..5f3dc4f0 100644 --- a/modules/exim/templates/virtualdomains.erb +++ b/modules/exim/templates/virtualdomains.erb @@ -22,6 +22,7 @@ vdoms = case scope.lookupvar('::fqdn') when "bellini.debian.org" then "popcon.debian.org: user=popcon group=popcon directory=/org/popcon.debian.org/mail/" when "busoni.debian.org" then "bugs.debian.org: user=debbugs group=debbugs directory=/srv/bugs.debian.org/mail" + when "buxtehude.debian.org" then "bugs.debian.org: user=debbugs group=debbugs directory=/srv/bugs.debian.org/mail" when "chopin.debian.org" then "security.debian.org: user=mail_security group=nogroup directory=/srv/security-master.debian.org/mail/" diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index f6fe718f..0f0ca175 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -18,6 +18,19 @@ class ferm::per-host { rule => '&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))' } } + ullmann: { + @ferm::rule { 'dsa-postgres-udd': + description => 'Allow postgress access', + # quantz, wagner + rule => '&SERVICE_RANGE(tcp, 5452, ( 206.12.19.122/32 217.196.43.134/32 217.196.43.132/32 ))' + } + @ferm::rule { 'dsa-postgres-udd6': + domain => '(ip6)', + description => 'Allow postgress access', + # quantz + rule => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 ))' + } + } grieg: { @ferm::rule { 'dsa-postgres-ullmann': description => 'Allow postgress access', @@ -146,7 +159,7 @@ class ferm::per-host { default: {} } - if $::hostname in [rautavaara,luchesi] { + if $::hostname in [rautavaara,luchesi,czerny] { @ferm::rule { 'dsa-to-kfreebsd': description => 'Traffic routed to kfreebsd hosts', chain => 'to-kfreebsd', @@ -209,6 +222,25 @@ interface br0 destination ($ADDRESS_FISCHER $ADDRESS_FALLA) proto tcp dport 22 A interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd; ULOG ulog-prefix "REJECT FORWARD: "; REJECT reject-with icmp-admin-prohibited +' + } + } + czerny: { + @ferm::rule { 'dsa-routing': + description => 'forward chain', + chain => 'FORWARD', + rule => 'def $ADDRESS_FILS=82.195.75.89; +def $FREEBSD_HOSTS=($ADDRESS_FILS); + +policy ACCEPT; +mod state state (ESTABLISHED RELATED) ACCEPT; +interface br0 outerface br0 ACCEPT; +interface br1 outerface br1 ACCEPT; + +interface br2 outerface br0 jump from-kfreebsd; +interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd; +ULOG ulog-prefix "REJECT FORWARD: "; +REJECT reject-with icmp-admin-prohibited ' } } diff --git a/modules/ganeti2/manifests/init.pp b/modules/ganeti2/manifests/init.pp index 4838bac3..4cbd7d5e 100644 --- a/modules/ganeti2/manifests/init.pp +++ b/modules/ganeti2/manifests/init.pp @@ -4,10 +4,6 @@ class ganeti2 { ensure => installed } - package { 'drbd8-utils': - ensure => installed - } - package { 'ganeti-instance-debootstrap': ensure => installed } @@ -16,40 +12,48 @@ class ganeti2 { ensure => installed } - @ferm::rule { 'dsa-ganeti-noded-v4': - description => 'allow ganeti-noded communication', - rule => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti-noded\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }', - notarule => true, - } + case $::cluster { + 'ganeti2.debian.org': { + package { 'drbd8-utils': + ensure => installed + } - @ferm::rule { 'dsa-ganeti-confd-v4': - description => 'allow ganeti-confd communication', - rule => 'proto udp mod state state (NEW) dport (1814) @subchain \'ganeti-confd\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }', - notarule => true, - } + @ferm::rule { 'dsa-ganeti-noded-v4': + description => 'allow ganeti-noded communication', + rule => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti-noded\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }', + notarule => true, + } - @ferm::rule { 'dsa-ganeti-rapi-v4': - description => 'allow ganeti-rapi communication', - rule => 'proto tcp mod state state (NEW) dport (5080) @subchain \'ganeti-rapi\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }', - notarule => true, - } + @ferm::rule { 'dsa-ganeti-confd-v4': + description => 'allow ganeti-confd communication', + rule => 'proto udp mod state state (NEW) dport (1814) @subchain \'ganeti-confd\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }', + notarule => true, + } - @ferm::rule { 'dsa-ganeti-drbd-v4': - description => 'allow ganeti drbd communication', - rule => 'proto tcp mod state state (NEW) dport (11000:11999) @subchain \'ganeti-drbd\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }', - notarule => true, - } + @ferm::rule { 'dsa-ganeti-rapi-v4': + description => 'allow ganeti-rapi communication', + rule => 'proto tcp mod state state (NEW) dport (5080) @subchain \'ganeti-rapi\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }', + notarule => true, + } - @ferm::rule { 'dsa-ganeti-kvm-migration-v4': - description => 'allow ganeti kvm migration ', - rule => 'proto tcp dport 8102 @subchain \'ganeti-kvm-migration\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }', - notarule => true, - } + @ferm::rule { 'dsa-ganeti-drbd-v4': + description => 'allow ganeti drbd communication', + rule => 'proto tcp mod state state (NEW) dport (11000:11999) @subchain \'ganeti-drbd\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }', + notarule => true, + } + + @ferm::rule { 'dsa-ganeti-kvm-migration-v4': + description => 'allow ganeti kvm migration ', + rule => 'proto tcp dport 8102 @subchain \'ganeti-kvm-migration\' { saddr ($HOST_GANETI_BACKEND_V4) daddr ($HOST_GANETI_BACKEND_V4) ACCEPT; }', + notarule => true, + } - @ferm::rule { 'dsa-ganeti-ssh-v4': - description => 'allow ganeti to ssh around', - rule => 'proto tcp dport ssh @subchain \'ganeti-ssh\' { saddr ( $HOST_GANETI_V4 $HOST_GANETI_BACKEND_V4) ACCEPT; }', - notarule => true, + @ferm::rule { 'dsa-ganeti-ssh-v4': + description => 'allow ganeti to ssh around', + rule => 'proto tcp dport ssh @subchain \'ganeti-ssh\' { saddr ( $HOST_GANETI_V4 $HOST_GANETI_BACKEND_V4) ACCEPT; }', + notarule => true, + } + } } file { diff --git a/modules/ganeti2/templates/instance-debootstrap/hooks/00-dsa-configure-networking.erb b/modules/ganeti2/templates/instance-debootstrap/hooks/00-dsa-configure-networking.erb index 214edb4d..ec79eafe 100755 --- a/modules/ganeti2/templates/instance-debootstrap/hooks/00-dsa-configure-networking.erb +++ b/modules/ganeti2/templates/instance-debootstrap/hooks/00-dsa-configure-networking.erb @@ -22,6 +22,12 @@ rm -f $TARGET/etc/udev/rules.d/70-persistent-net.rules touch $TARGET/etc/udev/rules.d/75-cd-aliases-generator.rules touch $TARGET/etc/udev/rules.d/75-persistent-net-generator.rules + +########################################### +fqdn=$(cat $TARGET/etc/hostname) +echo ${fqdn%%.*} > $TARGET/etc/hostname + +########################################### if [ "$NIC_COUNT" -ge 1 ]; then cat > $TARGET/etc/network/interfaces << EOF # /etc/network/interfaces @@ -29,6 +35,17 @@ if [ "$NIC_COUNT" -ge 1 ]; then auto lo iface lo inet loopback +EOF +fi + + +########################################### +########################################### +<% if scope.lookupvar('::cluster').to_s == 'ganeti2.debian.org' -%> + +########################################### +if [ "$NIC_COUNT" -ge 1 ]; then + cat >> $TARGET/etc/network/interfaces << EOF auto eth0 iface eth0 inet static address ${NIC_0_IP} @@ -44,6 +61,51 @@ EOF fi +########################################### +cat > $TARGET/etc/resolv.conf < +# +########################################### +if [ "$NIC_COUNT" -ge 1 ]; then + cat >> $TARGET/etc/network/interfaces << EOF +auto eth0 +iface eth0 inet static + address ${NIC_0_IP} + netmask 255.255.255.128 + gateway 140.211.166.1 + + pre-up /sbin/sysctl -w net.ipv6.conf.\$IFACE.accept_ra=0 || true +EOF + +fi + +########################################### +cat > $TARGET/etc/resolv.conf < + +# No config for cluster <%= scope.lookupvar('::cluster').to_s %> +cp /etc/resolv.conf $TARGET/etc/resolv.conf + +<% end -%> + + + + +########################################### if [ "$NIC_COUNT" -ge 2 ]; then cat >> $TARGET/etc/network/interfaces << EOF @@ -55,16 +117,7 @@ EOF fi -fqdn=$(cat $TARGET/etc/hostname) -echo ${fqdn%%.*} > $TARGET/etc/hostname - -cat > $TARGET/etc/resolv.conf < $TARGET/etc/hosts << EOF 127.0.0.1 localhost diff --git a/modules/ganeti2/templates/instance-debootstrap/variants/dsa.conf.erb b/modules/ganeti2/templates/instance-debootstrap/variants/dsa.conf.erb index 10141649..bea25676 100644 --- a/modules/ganeti2/templates/instance-debootstrap/variants/dsa.conf.erb +++ b/modules/ganeti2/templates/instance-debootstrap/variants/dsa.conf.erb @@ -1,3 +1,9 @@ -MIRROR="http://mirror-ubc.debian.org/debian" +<%= +case scope.lookupvar('::cluster') + when "ganeti2.debian.org" then 'MIRROR="http://mirror-ubc.debian.org/debian"' + when "ganeti-osuosl.debian.org" then 'MIRROR="http://debian.osuosl.org/debian"' + else 'MIRROR="http://http.debian.net/debian"' +end +%> ARCH="amd64" SUITE="squeeze" diff --git a/modules/munin/manifests/init.pp b/modules/munin/manifests/init.pp index 2ae64298..62805de2 100644 --- a/modules/munin/manifests/init.pp +++ b/modules/munin/manifests/init.pp @@ -11,12 +11,14 @@ class munin { $owner = $::lsbdistcodename ? { squeeze => munin, - wheezy => root + wheezy => root, + undef => munin, } $gid = $::lsbdistcodename ? { squeeze => adm, wheezy => 'www-data', + undef => adm, } file { '/var/log/munin': diff --git a/modules/nagios/files/nagios3.init b/modules/nagios/files/nagios3.init new file mode 100755 index 00000000..e6508397 --- /dev/null +++ b/modules/nagios/files/nagios3.init @@ -0,0 +1,249 @@ +#! /bin/sh +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux +# by Ian Murdock . +# Clamav version by Magnus Ekdahl +# Nagios version by Sean Finney and probably others +# nagios2 version by Marc Haber +# nagios3 version by Alexander Wirt + +### BEGIN INIT INFO +# Provides: nagios3 +# Required-Start: $local_fs $remote_fs $syslog $named $network $time +# Required-Stop: $local_fs $remote_fs $syslog $named $network +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: nagios host/service/network monitoring and management system +# Description: nagios is a monitoring and management system for hosts, services and networks. +### END INIT INFO + +set -e + +. /lib/lsb/init-functions + +DAEMON=/usr/sbin/nagios3 +NAME="nagios3" +DESC="nagios3 monitoring daemon" +NAGIOSCFG="/etc/nagios3/nagios.cfg" +CGICFG="/etc/nagios3/cgi.cfg" +NICENESS=5 + +[ -x "$DAEMON" ] || exit 0 +[ -r /etc/default/nagios3 ] && . /etc/default/nagios3 + + +# this is from madduck on IRC, 2006-07-06 +# There should be a better possibility to give daemon error messages +# and/or to log things +log() +{ + case "$1" in + [[:digit:]]*) success=$1; shift;; + *) :;; + esac + log_action_begin_msg "$1"; shift + log_action_end_msg ${success:-0} "$*" +} + +check_started () { + #nagios3-core can be installed without -cgi + if [ -e $CGICFG ]; + then + check_cmd=$(get_config nagios_check_command $CGICFG) + if [ ! "$check_cmd" ]; then + log 6 "unable to determine nagios_check_command from $CGICFG!" + return 6 + fi + else + #use hardcoded default version + check_cmd="/usr/lib/nagios/plugins/check_nagios /var/cache/nagios3/status.dat 5 '/usr/sbin/nagios3'" + fi + + eval $check_cmd >/dev/null + + if [ -f "$THEPIDFILE" ]; then + pid="$(cat $THEPIDFILE)" + if [ "$pid" ] && kill -0 $pid >/dev/null 2>/dev/null; then + return 0 # Is started + fi + fi + return 1 # Isn't started +} + +# +# get_config() +# +# grab a config option from nagios.cfg (or possibly another nagios config +# file if specified). everything after the '=' is echo'd out, making +# this a nice generalized way to get requested settings. +# +get_config () { + if [ "$2" ]; then + set -- `grep ^$1 $2 | sed 's@=@ @'` + else + set -- `grep ^$1 $NAGIOSCFG | sed 's@=@ @'` + fi + shift + echo $* +} + +check_config () { + if $DAEMON -v $NAGIOSCFG >/dev/null 2>&1 ; then + # First get the user/group etc Nagios is running as + nagios_user="$(get_config nagios_user)" + nagios_group="$(get_config nagios_group)" + log_file="$(get_config log_file)" + log_dir="$(dirname $log_file)" + + return 0 # Config is ok + else + # config is not okay, so let's barf the error to the user + $DAEMON -v $NAGIOSCFG + fi +} + +check_named_pipe () { + nagiospipe="$(get_config command_file)" + if [ -p "$nagiospipe" ]; then + return 1 # a named pipe exists + elif [ -e "$nagiospipe" ];then + return 1 + else + return 0 # no named pipe exists + fi +} + +if [ ! -f "$NAGIOSCFG" ]; then + log_failure_msg "There is no configuration file for Nagios 3." + exit 6 +fi + +THEPIDFILE=$(get_config "lock_file") +[ -n "$THEPIDFILE" ] || THEPIDFILE='/var/run/nagios3/nagios.pid' + +start () { + DIRECTORY=$(dirname $THEPIDFILE) + [ ! -d $DIRECTORY ] && mkdir -p $DIRECTORY + chown nagios:nagios $DIRECTORY + + if ! check_started; then + if ! check_named_pipe; then + log_action_msg "named pipe exists - removing" + rm -f $nagiospipe + fi + if check_config; then + start_daemon -n $NICENESS -p $THEPIDFILE $DAEMON -d $NAGIOSCFG + ret=$? + else + log_failure_msg "errors in config!" + log_end_msg 1 + exit 1 + fi + else + log_warning_msg "already running!" + fi + return $ret +} + +stop () { + killproc -p $THEPIDFILE + ret=$? + if [ `pidof nagios3 | wc -l ` -gt 0 ]; then + echo -n "Waiting for $NAME daemon to die.." + cnt=0 + while [ `pidof nagios3 | wc -l ` -gt 0 ]; do + cnt=`expr "$cnt" + 1` + if [ "$cnt" -gt 15 ]; then + kill -9 `pidof nagios3` + break + fi + sleep 1 + echo -n "." + done + fi + echo + if ! check_named_pipe; then + rm -f $nagiospipe + fi + if [ -n "$ret" ]; then + return $ret + else + return $? + fi +} + +status() +{ + log_action_begin_msg "checking $DAEMON" + if check_started; then + log_action_end_msg 0 "running" + else + if [ -e "$THEPIDFILE" ]; then + log_action_end_msg 1 "$DAEMON failed" + exit 1 + else + log_action_end_msg 1 "not running" + exit 3 + fi + fi +} + + +reload () { + # Check first + if check_config; then + if check_started; then + killproc -p $THEPIDFILE $DAEMON 1 + else + log_warning_msg "Not running." + fi + else + log_failure_msg "errors in config!" + log_end_msg 6 + exit 6 + fi +} + +check () { + $DAEMON -v $NAGIOSCFG +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + start + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + stop + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + stop + if [ -z "$?" -o "$?" = "0" ]; then + start + fi + log_end_msg $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC configuration files" "$NAME" + reload + log_end_msg $? + ;; + status) + status + ;; + check) + check + ;; + *) + log_failure_msg "Usage: $0 {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp index e91f7f21..1bbd5769 100644 --- a/modules/nagios/manifests/server.pp +++ b/modules/nagios/manifests/server.pp @@ -9,8 +9,16 @@ class nagios::server { ensure => installed } + file { '/etc/init.d/nagios3': + source => 'puppet:///modules/nagios/nagios3.init', + mode => '0755', + require => Package['nagios3'], + before => Service['nagios3'], + } + service { 'nagios3': - ensure => running, + ensure => running, + require => Package['nagios3'], } file { '/etc/nagios-plugins/config': diff --git a/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb b/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb index 47251c0a..d77d65c8 100644 --- a/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb +++ b/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb @@ -25,7 +25,7 @@ module Puppet::Parser::Functions fqdn = lookupvar('::fqdn') if fqdn and fqdn == host v4ips = lookupvar('::v4ips') - if v4ips + if v4ips and v4ips.to_s != "" and v4ips.to_s != 'undefined' nodeinfo['misc']['v4addrs'] = v4ips.split(',') # find out if we are behind nat diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb index 1d688647..25083be0 100644 --- a/modules/ssh/templates/authorized_keys.erb +++ b/modules/ssh/templates/authorized_keys.erb @@ -25,7 +25,7 @@ localkeys if scope.lookupvar('::cluster').to_s != 'undefined' scope.lookupvar('::cluster_nodes').to_s.split.sort.each do |node| if allnodeinfo.has_key?(node) - ganetikeys << "# for ganeti: #{allnodeinfo[node]['hostname'].to_s}" + ganetikeys << "# for ganeti cluster #{scope.lookupvar('::cluster').to_s}: #{allnodeinfo[node]['hostname'].to_s}" ganetikeys << "from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\" #{allnodeinfo[node]['sshRSAHostKey'].to_s}" else ganetikeys << "# host #{node} not found in allnodeinfo" diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index cc1d555c..a1eb9722 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -27,7 +27,7 @@ Host_Alias WEBHOSTS = wolkenstein Host_Alias SECHOSTS = chopin Host_Alias FTPHOSTS = franck, morricone, bizet Host_Alias ZIVITHOSTS = zelenka, zandonai -Host_Alias AACRAIDHOSTS = bellini, morricone, paganini, respighi, vivaldi, beethoven, pettersson +Host_Alias AACRAIDHOSTS = bellini, morricone, paganini, respighi, beethoven, pettersson Host_Alias MEGARAIDHOSTS = grieg, rautavaara, sibelius Host_Alias MPTRAIDHOSTS = master, fasch, holter, barber, biber, cilea, vitry, krenek, scelsi, orff, field Host_Alias MEGACTLHOSTS = lindberg, englund, nielsen @@ -166,9 +166,6 @@ debwww WEBHOSTS=(archvsync) NOPASSWD: /home/archvsync/webmirrors/runmirrors # geodns may reload bind geodnssync geo1,geo2,geo3=(root) NOPASSWD: /etc/init.d/bind9 reload geodnssync geo1,geo2,geo3=(root) NOPASSWD: /usr/sbin/rndc reconfig -# fossology -%fossy vivaldi=(root) /etc/init.d/fossology -%fossy vivaldi=(fossy) ALL # Porter work %porter-armel abel,agricola=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot