From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 30 Dec 2013 22:56:00 +0000 (+0100)
Subject: do not run an authority on draghi
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=f66bb1737890b64acd529dfc23e8fd8e5b7d59bf

do not run an authority on draghi
---

diff --git a/manifests/site.pp b/manifests/site.pp
index 24f330a3..ab6fd7dc 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -86,7 +86,7 @@ node default {
 		include apache2
 	}
 
-	if $::hostname in [ravel,senfl,orff,draghi,diamond,rietz,denis] {
+	if $::hostname in [ravel,senfl,orff,diamond,rietz,denis] {
 		include named::authoritative
 	} elsif $::hostname in [geo1,geo2,geo3] {
 		include named::geodns
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 2a489087..818c2aaa 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -74,11 +74,6 @@ class ferm::per-host {
 			}
 		}
 		draghi: {
-			#@ferm::rule { 'dsa-bind':
-			#    domain          => '(ip ip6)',
-			#    description     => 'Allow nameserver access',
-			#    rule            => '&TCP_UDP_SERVICE(53)'
-			#}
 			@ferm::rule { 'dsa-finger':
 				domain          => '(ip ip6)',
 				description     => 'Allow finger access',
diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 18eea460..71b72452 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -155,10 +155,9 @@ debwww		wolkenstein=(staticsync)	NOPASSWD: /usr/local/bin/static-update-componen
 piupartss	PIUPARTS_SLAVE_HOSTS=(ALL)		NOPASSWD: ALL
 # trigger of mirror run for packages
 #pkg_user	powell=(archvsync)	NOPASSWD: /home/archvsync/bin/pushpdo
-# on draghi, the domains git thing will run bind9 reload afterwards
 dnsadm		denis=(root)			NOPASSWD: /usr/sbin/service bind9 reload
-%dnsadm		draghi,orff=(root)		NOPASSWD: /etc/init.d/bind9 reload
-%dnsadm		draghi,orff=(geodnssync)	NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
+%dnsadm		orff=(root)		NOPASSWD: /etc/init.d/bind9 reload
+%dnsadm		orff=(geodnssync)	NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
 %adm		draghi=(puppet)			NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
 # wbadm can update all buildd* users' keys on buildd.d.o
 %wbadm		BUILDD_MASTER=(wb-buildd)	ALL