From c3bfc09c6cb084ff66be0a986bf3cf0ca6ccadbf Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Tue, 19 Nov 2013 20:15:35 +0000 Subject: [PATCH] switch to new hostname/ip Signed-off-by: Stephen Gran --- modules/exim/files/common/whitelist | 2 +- modules/exim/templates/eximconf.erb | 2 +- modules/ferm/manifests/per-host.pp | 26 ++++++++++--------- .../templates/named.conf.debian-zones.erb | 2 +- .../static-mirroring/static-components.conf | 2 +- .../staticsync-authorized_keys.erb | 2 +- modules/ssh/templates/authorized_keys.erb | 2 +- 7 files changed, 20 insertions(+), 18 deletions(-) diff --git a/modules/exim/files/common/whitelist b/modules/exim/files/common/whitelist index 7474f1e3..c5158739 100644 --- a/modules/exim/files/common/whitelist +++ b/modules/exim/files/common/whitelist @@ -3,6 +3,6 @@ ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git ## -217.196.43.134 +5.153.231.21 *.debconf.org *.spi-inc.org diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 7f967c4c..bc847a1a 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -908,7 +908,7 @@ check_message: <%- end -%> <%- if scope.lookupvar('site::nodeinfo')['packagesqamaster'] -%> - deny !hosts = +debianhosts : 217.196.43.134 + deny !hosts = +debianhosts : 5.153.231.21 condition = ${if eq {$acl_m_prf}{PTSMail}} condition = ${if def:h_X-PTS-Approved:{false}{true}} message = messages to the PTS require an X-PTS-Approved header diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index ecba8541..df0a320a 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -15,7 +15,7 @@ class ferm::per-host { samosa: { @ferm::rule { 'dsa-udd-stunnel': description => 'port 8080 for udd stunnel', - rule => '&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))' + rule => '&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 5.153.231.21 ))' } } czerny,clementi: { @@ -26,16 +26,16 @@ class ferm::per-host { } bendel: { @ferm::rule { 'listmaster-ontp-in': - description => 'ONTP has a broken mail setup', - table => 'filter', - chain => 'INPUT', - rule => 'source 188.165.23.89/32 proto tcp dport 25 jump DROP', + description => 'ONTP has a broken mail setup', + table => 'filter', + chain => 'INPUT', + rule => 'source 188.165.23.89/32 proto tcp dport 25 jump DROP', } @ferm::rule { 'listmaster-ontp-out': - description => 'ONTP has a broken mail setup', - table => 'filter', - chain => 'OUTPUT', - rule => 'destination 78.8.208.246/32 proto tcp dport 25 jump DROP', + description => 'ONTP has a broken mail setup', + table => 'filter', + chain => 'OUTPUT', + rule => 'destination 78.8.208.246/32 proto tcp dport 25 jump DROP', } } abel,alwyn,rietz,jenkins: { @@ -184,13 +184,13 @@ class ferm::per-host { ullmann: { @ferm::rule { 'dsa-postgres-udd': description => 'Allow postgress access', - # quantz, wagner, master, couper, coccia, franck - rule => '&SERVICE_RANGE(tcp, 5452, ( 206.12.19.122/32 217.196.43.134/32 217.196.43.132/32 82.195.75.110/32 5.153.231.14/32 5.153.231.11/32 138.16.160.12/32 ))' + # quantz, moszumanska, master, couper, coccia, franck + rule => '&SERVICE_RANGE(tcp, 5452, ( 206.12.19.122/32 5.153.231.21/32 82.195.75.110/32 5.153.231.14/32 5.153.231.11/32 138.16.160.12/32 ))' } @ferm::rule { 'dsa-postgres-udd6': domain => '(ip6)', description => 'Allow postgress access', - rule => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:11/32 ))' + rule => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:11/32 2001:41c8:1000:21::21:21/128 ))' } } grieg: { @@ -281,6 +281,7 @@ class ferm::per-host { } } + default: {} } # vpn fu case $::hostname { @@ -309,5 +310,6 @@ REJECT reject-with icmp-admin-prohibited rule => 'outerface !tun+ mod mark mark 1 MASQUERADE', } } + default: {} } } diff --git a/modules/named/templates/named.conf.debian-zones.erb b/modules/named/templates/named.conf.debian-zones.erb index 754acd0c..27023148 100644 --- a/modules/named/templates/named.conf.debian-zones.erb +++ b/modules/named/templates/named.conf.debian-zones.erb @@ -83,7 +83,7 @@ zone "alioth.debian.org" { notify no; file "db.alioth.debian.org"; masters { - 217.196.43.132; + 5.153.231.21; }; allow-query { any; }; allow-transfer { }; diff --git a/modules/roles/files/static-mirroring/static-components.conf b/modules/roles/files/static-mirroring/static-components.conf index 8a086d4e..621215cb 100644 --- a/modules/roles/files/static-mirroring/static-components.conf +++ b/modules/roles/files/static-mirroring/static-components.conf @@ -1,7 +1,7 @@ # puppetd maintained # -bizet.debian.org mozilla.debian.net wagner.debian.org /srv/home/groups/pkg-mozilla/htdocs +bizet.debian.org mozilla.debian.net moszumanska.debian.org /srv/home/groups/pkg-mozilla/htdocs bizet.debian.org planet.debian.org philp.debian.org /srv/planet.debian.org/www bizet.debian.org www.debian.org wolkenstein.debian.org /srv/www.debian.org/www bizet.debian.org bits.debian.org master.debian.org /srv/bits-master.debian.org/htdocs diff --git a/modules/roles/templates/static-mirroring/staticsync-authorized_keys.erb b/modules/roles/templates/static-mirroring/staticsync-authorized_keys.erb index fa188acb..03e91b06 100644 --- a/modules/roles/templates/static-mirroring/staticsync-authorized_keys.erb +++ b/modules/roles/templates/static-mirroring/staticsync-authorized_keys.erb @@ -24,7 +24,7 @@ localinfo.keys.sort.each do |node| end end -callers << { 'node' => 'wagner.debian.org', 'addr' => allnodeinfo['wagner.debian.org']['ipHostNumber'], 'key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXHFIkIhOC5iDa0d0IN5w6tUUL2T2iXCYcS2+dandE9f550OpKQ/evUZhw4EERNYDA3G7GV3jJzQR0j/KZWJUtDCichmqS94xJqXURmZVNeLXWY9x/N7CB1iG1Iblu6sgyTUrs7N6Wb0fUab3AXAi9KIXdwNLY622reR9T//bRULPVIl5VFpYtGBPT9n3wR7fLQ4ndEcUmEGcM4jRbpLmye4QGgJotuzeBWUpX+U648Yly6U7NlAJIWPUt7hEzMz2AC81SLhGCwTk6sb19n2dO6WN2ndynp8PLG1emtgd1/DaeaRyPcitoWgSoDNgKNk3zLIDtCdSYvFI8xXrm6cK3 staticsync@wagner'} +callers << { 'node' => 'moszumanska.debian.org', 'addr' => allnodeinfo['moszumanska.debian.org']['ipHostNumber'], 'key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXHFIkIhOC5iDa0d0IN5w6tUUL2T2iXCYcS2+dandE9f550OpKQ/evUZhw4EERNYDA3G7GV3jJzQR0j/KZWJUtDCichmqS94xJqXURmZVNeLXWY9x/N7CB1iG1Iblu6sgyTUrs7N6Wb0fUab3AXAi9KIXdwNLY622reR9T//bRULPVIl5VFpYtGBPT9n3wR7fLQ4ndEcUmEGcM4jRbpLmye4QGgJotuzeBWUpX+U648Yly6U7NlAJIWPUt7hEzMz2AC81SLhGCwTk6sb19n2dO6WN2ndynp8PLG1emtgd1/DaeaRyPcitoWgSoDNgKNk3zLIDtCdSYvFI8xXrm6cK3 staticsync@wagner'} lines = [] for m in callers do diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb index 6767e3fe..459a0f25 100644 --- a/modules/ssh/templates/authorized_keys.erb +++ b/modules/ssh/templates/authorized_keys.erb @@ -51,7 +51,7 @@ command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnod when "backuphost.debian.org" then out = '' scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| - if %w{vasks.debian.org wagner.debian.org stabile.debian.org}.include?(node) then + if %w{moszumanska.debian.org stabile.debian.org}.include?(node) then out += '# ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + ' command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="' + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].join(',') + '" ' + scope.lookupvar('site::allnodeinfo')[node]['sshRSAHostKey'][0] + ' -- 2.39.2