From: Martin Zobel-Helas Date: Fri, 1 Jan 2010 14:57:27 +0000 (+0100) Subject: Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa... X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=fcbf04aea39b64665b78d2e48b7a38b5f6579514;hp=f4702fedb73ca0c0d70cc2054a64c4523d26c781 Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet into staging --- diff --git a/files/etc/puppet/puppet.conf b/files/etc/puppet/puppet.conf index 732dfffc..1a839469 100644 --- a/files/etc/puppet/puppet.conf +++ b/files/etc/puppet/puppet.conf @@ -10,10 +10,20 @@ ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/facts pluginsync=true +# This is the default environment for all clients +environment=production [puppetmasterd] templatedir=/etc/puppet/templates libdir=/etc/puppet/lib +environments = development,testing,production,staging [puppetd] environments = development,testing,production,staging + +[staging] +libdir=/etc/puppet/lib +manifestdir=/srv/puppet.debian.org/stages/staging/manifests +templatedir=/srv/puppet.debian.org/stages/staging/templates +fileserverconfig=/srv/puppet.debian.org/stages/staging/fileserver.conf +modulepath=/srv/puppet.debian.org/stages/staging/modules diff --git a/fileserver.conf b/fileserver.conf index 3b6b7954..2cd7c25d 100644 --- a/fileserver.conf +++ b/fileserver.conf @@ -1,3 +1,8 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + # This file consists of arbitrarily named sections/modules # defining where files are served from and to whom diff --git a/manifests/site.pp b/manifests/site.pp index abceb1fb..092f3212 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -71,7 +71,7 @@ node default { } case $hostname { - rietz,raff,klecker,ravel,senfl: { include named::secondary } + rietz,klecker,ravel,senfl: { include named::secondary } } case $hostname { @@ -81,6 +81,6 @@ node default { "true": { include hosts } } case $hoster { - "ubcece", "darmstadt": { include resolv } + "ubcece", "darmstadt", "ftcollins": { include resolv } } } diff --git a/modules/debian-org/misc/hoster.yaml b/modules/debian-org/misc/hoster.yaml index 60a63c11..afe41494 100644 --- a/modules/debian-org/misc/hoster.yaml +++ b/modules/debian-org/misc/hoster.yaml @@ -7,6 +7,7 @@ csail: - 128.31.0.0/24 darmstadt: - 82.195.75.64/26 + - 82.195.75.32/28 - 2001:41b8:202:deb::/64 dgi: - 93.94.130.128/26 diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml index e1f4ab1e..1425ae26 100644 --- a/modules/debian-org/misc/local.yaml +++ b/modules/debian-org/misc/local.yaml @@ -107,7 +107,6 @@ host_settings: - merkel.debian.org - morricone.debian.org - powell.debian.org - - raff.debian.org - ravel.debian.org - ries.debian.org - rietz.debian.org @@ -118,6 +117,7 @@ host_settings: - gluck.debian.org - kassia.debian.org - lobos.debian.org + - raff.debian.org - saens.debian.org - schein.debian.org - steffani.debian.org @@ -196,6 +196,7 @@ host_settings: piatti.debian.org: mailout.debian.org praetorius.debian.org: mailout.debian.org puccini.debian.org: mailout.debian.org + raff.debian.org: mailout.debian.org rem.debian.org: mailout.debian.org respighi.debian.org: mailout.debian.org rore.debian.org: mailout.debian.org diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index 1d40853b..43dd108d 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -144,6 +144,12 @@ class exim { group => Debian-exim, mode => 640 ; + "/var/log/exim4": + mode => 2750, + ensure => directory, + owner => Debian-exim, + group => maillog + ; } exec { "exim4 reload": diff --git a/modules/exim/templates/virtualdomains.erb b/modules/exim/templates/virtualdomains.erb index eb0301fb..b814bbc4 100644 --- a/modules/exim/templates/virtualdomains.erb +++ b/modules/exim/templates/virtualdomains.erb @@ -49,9 +49,6 @@ nm.debian.org: user=nm group=nm directory=/org/nm.debian.org/mail/" when "powell.debian.org" then "packages.debian.org: user=pkg_user group=Debian directory=/org/packages.debian.org/mail/" - #when "raff.debian.org" then "buildd.debian.org: user=wbadm group=wbadm directory=/srv/buildd.debian.org/mail -#logs.buildd.debian.org: user=wbadm group=wbadm directory=/srv/logs.buildd.debian.org/mail" - when "ravel.debian.org" then "women.debian.org: user=nobody group=mujeres directory=/org/women.debian.org/mail" when "ries.debian.org" then "release.debian.org: user=release group=debian-release directory=/org/release.debian.org/mail diff --git a/modules/munin-node/templates/munin-node.plugin.conf.erb b/modules/munin-node/templates/munin-node.plugin.conf.erb index fbf15397..b5012f7d 100644 --- a/modules/munin-node/templates/munin-node.plugin.conf.erb +++ b/modules/munin-node/templates/munin-node.plugin.conf.erb @@ -88,7 +88,7 @@ group maillog [bind*] <%= out = case hostname - when "geo1","geo2","geo3","raff" then "group bind + when "geo1","geo2","geo3" then "group bind env.logfile /var/log/bind9/geoip-query.log" else "group adm" end diff --git a/modules/named/files/common/named.conf.acl b/modules/named/files/common/named.conf.acl index 42a63495..8ca867a8 100644 --- a/modules/named/files/common/named.conf.acl +++ b/modules/named/files/common/named.conf.acl @@ -282,3 +282,8 @@ acl AN { country_HM; country_TF; }; + +acl undef { + country_A1; + country_A2; +}; diff --git a/modules/named/files/common/named.conf.geo b/modules/named/files/common/named.conf.geo index 41549426..57fe2199 100644 --- a/modules/named/files/common/named.conf.geo +++ b/modules/named/files/common/named.conf.geo @@ -422,6 +422,66 @@ view "SA" { allow-transfer { }; }; +}; +view "undef" { + match-clients { undef; }; + + zone "volatile.debian.org" { + type master; + file "/etc/bind/geodns/db.volatile.debian.org.undef"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.geo.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.undef"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "security.debian.org" { + type master; + file "/etc/bind/geodns/db.security.debian.org.undef"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "ftp.debian.org" { + type master; + file "/etc/bind/geodns/db.ftp.debian.org.undef"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "bugs.debian.org" { + type master; + file "/etc/bind/geodns/db.bugs.debian.org.undef"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "www.debian.org" { + type master; + file "/etc/bind/geodns/db.www.debian.org.undef"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + + zone "packages.debian.org" { + type master; + file "/etc/bind/geodns/db.packages.debian.org.undef"; + notify no; + allow-query { any; }; + allow-transfer { }; + }; + }; view "default" { match-clients { any; }; diff --git a/modules/named/files/common/recvconf.files b/modules/named/files/common/recvconf.files index d6ce82e4..e9123832 100644 --- a/modules/named/files/common/recvconf.files +++ b/modules/named/files/common/recvconf.files @@ -27,6 +27,12 @@ file etc/bind/geodns/db.bugs.debian.org.AS group geodnssync precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AS postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.bugs.debian.org.undef + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.undef + postcommand sudo /etc/init.d/bind9 reload file etc/bind/geodns/db.bugs.debian.org.AF perms 0644 user geodnssync @@ -51,6 +57,60 @@ file etc/bind/geodns/db.bugs.debian.org.NA group geodnssync precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.NA postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.ftp.debian.org.AN + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AN + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.ftp.debian.org.SA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.SA + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.ftp.debian.org.OC + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.OC + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.ftp.debian.org.AS + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AS + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.ftp.debian.org.undef + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.undef + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.ftp.debian.org.AF + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AF + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.ftp.debian.org + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.ftp.debian.org.EU + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.EU + postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.ftp.debian.org.NA + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.NA + postcommand sudo /etc/init.d/bind9 reload file etc/bind/geodns/db.packages.debian.org.AN perms 0644 user geodnssync @@ -75,6 +135,12 @@ file etc/bind/geodns/db.packages.debian.org.AS group geodnssync precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AS postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.packages.debian.org.undef + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.undef + postcommand sudo /etc/init.d/bind9 reload file etc/bind/geodns/db.packages.debian.org.AF perms 0644 user geodnssync @@ -123,6 +189,12 @@ file etc/bind/geodns/db.security.debian.org.AS group geodnssync precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AS postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.security.debian.org.undef + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.undef + postcommand sudo /etc/init.d/bind9 reload file etc/bind/geodns/db.security.debian.org.AF perms 0644 user geodnssync @@ -171,6 +243,12 @@ file etc/bind/geodns/db.volatile.debian.org.AS group geodnssync precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.AS postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.volatile.debian.org.undef + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.undef + postcommand sudo /etc/init.d/bind9 reload file etc/bind/geodns/db.volatile.debian.org.AF perms 0644 user geodnssync @@ -219,6 +297,12 @@ file etc/bind/geodns/db.www.debian.org.AS group geodnssync precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AS postcommand sudo /etc/init.d/bind9 reload +file etc/bind/geodns/db.www.debian.org.undef + perms 0644 + user geodnssync + group geodnssync + precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.undef + postcommand sudo /etc/init.d/bind9 reload file etc/bind/geodns/db.www.debian.org.AF perms 0644 user geodnssync @@ -243,51 +327,3 @@ file etc/bind/geodns/db.www.debian.org.NA group geodnssync precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.NA postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.AN - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AN - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.SA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.SA - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.OC - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.OC - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.AS - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AS - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.AF - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AF - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.EU - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.EU - postcommand sudo /etc/init.d/bind9 reload -file etc/bind/geodns/db.ftp.debian.org.NA - perms 0644 - user geodnssync - group geodnssync - precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.NA - postcommand sudo /etc/init.d/bind9 reload diff --git a/modules/resolv/templates/resolv.conf.erb b/modules/resolv/templates/resolv.conf.erb index 8fa658de..eb59db86 100644 --- a/modules/resolv/templates/resolv.conf.erb +++ b/modules/resolv/templates/resolv.conf.erb @@ -19,6 +19,13 @@ case hoster end nameservers += ["82.195.75.81", "82.195.66.249", "217.198.242.225"] searchpaths << "debprivate-darmstadt.debian.org" + when "ftcollins" then + case hostname + when "spohr", "samosa" then + nameservers << "127.0.0.1" + end + nameservers += ["192.25.206.33", "192.25.206.57"] + searchpaths << "debprivate-ftcollins.debian.org" end searchpaths << "debian.org" diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb index 6c35f144..64ebe228 100644 --- a/modules/samhain/templates/samhainrc.erb +++ b/modules/samhain/templates/samhainrc.erb @@ -75,7 +75,10 @@ file=/etc/mtab file=/etc/ssh_random_seed file=/etc/asound.conf +<% case hoster when "ubcece", "darmstadt", "ftcollins" then "" +else -%> file=/etc/resolv.conf +<% end -%> file=/etc/localtime file=/etc/ioctl.save file=/etc/passwd.backup @@ -205,6 +208,10 @@ file=/var/log/syslog ## ## This file might be created or removed by the system sometimes. ## +<% case hoster when "ubcece", "darmstadt", "ftcollins" then "" -%> +file=/etc/resolv.conf +<% else +end -%> file=/etc/resolv.conf.pcmcia.save file=/etc/nologin file=/etc/postfix/debian.db @@ -361,7 +368,7 @@ file=/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg" when "handel.debian.org": extrafiles="dir=8/etc/puppet" when "dijkstra.debian.org": extrafiles="dir=4/etc/dsa-kvm" when /geo[123].debian.org/: extrafiles="dir=1/etc/bind/geodns" -when /(raff|rietz|klecker).debian.org/: extrafiles="dir=1/etc/bind +when /(senfl|ravel|rietz|klecker).debian.org/: extrafiles="dir=1/etc/bind file=/etc/bind/named.conf.debian-zones" end extrafiles diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers index 380278b3..9ff6f97f 100644 --- a/modules/sudo/files/common/sudoers +++ b/modules/sudo/files/common/sudoers @@ -104,7 +104,6 @@ pkg_user powell=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo # remote power to babylon5 in the same rack: joerg unger=(ALL) /usr/bin/sispmctl -t 1, /usr/bin/sispmctl -g 1 # wbadm can update all buildd* users' keys on buildd.d.o -%wbadm raff=(root) /usr/local/bin/update-buildd-sshkeys %wbadm cimarosa=(root) /usr/local/bin/update-buildd-sshkeys wbadm cimarosa=(postgres) NOPASSWD: /usr/bin/pg_dumpall --cluster 8.4/wanna-build # mirror push