}
file { "/etc/cron.d/puppet-bacula-stuff": ensure => absent, }
- concat::fragment { 'dsa-puppet-stuff--bacula-director':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--bacula-director':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
@daily root chronic /etc/bacula/scripts/volume-purge-action -v
@daily root chronic /etc/bacula/scripts/volumes-delete-old -v
mode => '0555',
}
file { "/etc/cron.d/puppet-bacula-storage-stuff": ensure => absent, }
- concat::fragment { 'dsa-puppet-stuff--bacula-storage':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--bacula-storage':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
@daily bacula chronic /usr/local/bin/bacula-unlink-removed-volumes -v
| EOF
mode => '0555',
}
- concat::fragment { 'dsa-puppet-stuff--buildd-aptitude-killer':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--buildd-aptitude-killer':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
*/5 * * * * root /usr/local/sbin/buildd-schroot-aptitude-kill
| EOF
require => Package['buildd'],
}
- concat::fragment { 'dsa-puppet-stuff--buildd':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--buildd':
+ target => '/etc/cron.d/puppet-crontab',
source => 'puppet:///modules/buildd/cron.d-dsa-buildd',
require => Package['debian.org']
}
owner => buildd,
}
# work around https://salsa.debian.org/wb-team/pybuildd/issues/11
- concat::fragment { 'dsa-puppet-stuff--pybuildd-expire-logs':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--pybuildd-expire-logs':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
@daily buildd [ -d ~buildd/logs ] && find ~buildd/logs -type f -mtime +90 -delete
| EOF
require => Package['sbuild'],
}
if $has_srv_buildd {
- concat::fragment { 'dsa-puppet-stuff--buildd-update-schroots':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--buildd-update-schroots':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
13 22 * * 0,3 root PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin setup-all-dchroots buildd
| EOF
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-# this is a list of patterns, one per line, of things that puppet's
-# cron output shouldn't mail to us.
-
-^v6: error fetching interface information: Device not found$
-^pcilib: Cannot open /proc/bus/pci$
-^lspci: Cannot find any working access method\.$
-^can't open /proc/dma at /usr/bin/lsdev line 32\.$
-^/usr/lib/ruby/1.9.1/rubygems/custom_require\.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead\.$
-^/usr/lib/ruby/vendor_ruby/puppet/provider/service/freebsd\.rb:[8910]*: warning: class variable access from toplevel$
-^/usr/lib/ruby/vendor_ruby/puppet/provider/service/bsd\.rb:12: warning: class variable access from toplevel$
-^/usr/lib/ruby/vendor_ruby/puppet/type/tidy\.rb:1[0-9][0-9]: warning: class variable access from toplevel$
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+# this is a list of patterns, one per line, of things that puppet's
+# cron output shouldn't mail to us.
+
+^v6: error fetching interface information: Device not found$
+^pcilib: Cannot open /proc/bus/pci$
+^lspci: Cannot find any working access method\.$
+^can't open /proc/dma at /usr/bin/lsdev line 32\.$
+^/usr/lib/ruby/1.9.1/rubygems/custom_require\.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead\.$
+^/usr/lib/ruby/vendor_ruby/puppet/provider/service/freebsd\.rb:[8910]*: warning: class variable access from toplevel$
+^/usr/lib/ruby/vendor_ruby/puppet/provider/service/bsd\.rb:12: warning: class variable access from toplevel$
+^/usr/lib/ruby/vendor_ruby/puppet/type/tidy\.rb:1[0-9][0-9]: warning: class variable access from toplevel$
notify => Exec['systemctl daemon-reload'],
}
- concat { '/etc/cron.d/dsa-puppet-stuff': }
- concat::fragment { 'dsa-puppet-stuff---header':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ file { '/etc/cron.d/dsa-puppet-stuff':
+ ensure => 'absent',
+ }
+ file { '/etc/dsa/cron.ignore.dsa-puppet-stuff':
+ ensure => 'absent',
+ }
+
+ concat { '/etc/cron.d/puppet-crontab': }
+ concat::fragment { 'puppet-crontab---header':
+ target => '/etc/cron.d/puppet-crontab',
order => '000',
content => @(EOF)
## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/nagios/plugins
| EOF
}
- concat::fragment { 'dsa-puppet-stuff---all':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab---all':
+ target => '/etc/cron.d/puppet-crontab',
order => '010',
- content => template('debian_org/dsa-puppet-stuff.cron.erb'),
+ content => template('debian_org/puppet-crontab.cron.erb'),
require => Package['debian.org'],
}
file { '/etc/ldap/ldap.conf':
ensure => directory,
mode => '0755',
}
- file { '/etc/dsa/cron.ignore.dsa-puppet-stuff':
- source => 'puppet:///modules/debian_org/dsa-puppet-stuff.cron.ignore',
+ file { '/etc/dsa/cron.ignore.puppet-crontab':
+ source => 'puppet:///modules/debian_org/puppet-crontab.cron.ignore',
require => Package['debian.org']
}
file { '/etc/nsswitch.conf':
+++ /dev/null
-
-@hourly root [ ! -d /var/cache/dsa ] || touch /var/cache/dsa/cron.alive
-
-# run every 90 minutes
-34 */3 * * * root if [ -x /usr/bin/puppet ]; then sleep $(( $RANDOM \% 2200 )); if [ -x /usr/bin/timeout ]; then TO="timeout --kill-after=900 2000"; else TO=""; fi; tmp="$(tempfile)"; egrep -v '^(#|$)' /etc/dsa/cron.ignore.dsa-puppet-stuff > "$tmp" && $TO /usr/bin/puppet agent --onetime --no-daemonize 2>&1 | egrep --text -v -f "$tmp"; rm -f "$tmp"; fi
-4 1-23/3 * * * root if [ -x /usr/bin/puppet ]; then sleep $(( $RANDOM \% 2200 )); if [ -x /usr/bin/timeout ]; then TO="timeout --kill-after=900 2000"; else TO=""; fi; tmp="$(tempfile)"; egrep -v '^(#|$)' /etc/dsa/cron.ignore.dsa-puppet-stuff > "$tmp" && $TO /usr/bin/puppet agent --onetime --no-daemonize 2>&1 | egrep --text -v -f "$tmp"; rm -f "$tmp"; fi
-
-@hourly root sleep $(( $RANDOM \% 300 )); if [ -x /usr/lib/nagios/plugins/dsa-check-stunnel-sanity ] && [ -e /etc/stunnel/puppet-ekeyd.conf ] && ! /usr/lib/nagios/plugins/dsa-check-stunnel-sanity > /dev/null && grep -q '^client = yes' /etc/stunnel/puppet-ekeyd.conf; then /usr/sbin/service stunnel4 restart > /dev/null; fi
-
-@daily munin-async [ -d /var/lib/munin-async ] && find /var/lib/munin-async -maxdepth 1 -type f -mtime +30 -delete
-
-@daily root [ -d /var/lib/puppet/clientbucket ] && find /var/lib/puppet/clientbucket -type f -mtime +60 -delete && find /var/lib/puppet/clientbucket -type d -empty -delete
-
-@hourly root ! [ -x /usr/local/sbin/ntp-restart-if-required ] || /usr/local/sbin/ntp-restart-if-required
-
-# Nagios related entries
-@hourly root [ -x /usr/sbin/dsa-update-apt-status ] && sleep $(( $RANDOM \% 1800 )) && /usr/sbin/dsa-update-apt-status 2>&1 | logger -t dsa-update-apt-status
-13 */8 * * * root [ -x /usr/sbin/dsa-update-samhain-status ] && sleep $(( $RANDOM \% 27000 )) && /usr/sbin/dsa-update-samhain-status
-40 12 25 * * root [ -x /usr/sbin/dsa-update-unowned-file-status ] && sleep $(( $RANDOM \% 86400 )) && /usr/sbin/dsa-update-unowned-file-status
--- /dev/null
+
+@hourly root [ ! -d /var/cache/dsa ] || touch /var/cache/dsa/cron.alive
+
+# run every 90 minutes
+34 */3 * * * root if [ -x /usr/bin/puppet ]; then sleep $(( $RANDOM \% 2200 )); if [ -x /usr/bin/timeout ]; then TO="timeout --kill-after=900 2000"; else TO=""; fi; tmp="$(tempfile)"; egrep -v '^(#|$)' /etc/dsa/cron.ignore.puppet-crontab > "$tmp" && $TO /usr/bin/puppet agent --onetime --no-daemonize 2>&1 | egrep --text -v -f "$tmp"; rm -f "$tmp"; fi
+4 1-23/3 * * * root if [ -x /usr/bin/puppet ]; then sleep $(( $RANDOM \% 2200 )); if [ -x /usr/bin/timeout ]; then TO="timeout --kill-after=900 2000"; else TO=""; fi; tmp="$(tempfile)"; egrep -v '^(#|$)' /etc/dsa/cron.ignore.puppet-crontab > "$tmp" && $TO /usr/bin/puppet agent --onetime --no-daemonize 2>&1 | egrep --text -v -f "$tmp"; rm -f "$tmp"; fi
+
+@hourly root sleep $(( $RANDOM \% 300 )); if [ -x /usr/lib/nagios/plugins/dsa-check-stunnel-sanity ] && [ -e /etc/stunnel/puppet-ekeyd.conf ] && ! /usr/lib/nagios/plugins/dsa-check-stunnel-sanity > /dev/null && grep -q '^client = yes' /etc/stunnel/puppet-ekeyd.conf; then /usr/sbin/service stunnel4 restart > /dev/null; fi
+
+@daily munin-async [ -d /var/lib/munin-async ] && find /var/lib/munin-async -maxdepth 1 -type f -mtime +30 -delete
+
+@daily root [ -d /var/lib/puppet/clientbucket ] && find /var/lib/puppet/clientbucket -type f -mtime +60 -delete && find /var/lib/puppet/clientbucket -type d -empty -delete
+
+@hourly root ! [ -x /usr/local/sbin/ntp-restart-if-required ] || /usr/local/sbin/ntp-restart-if-required
+
+# Nagios related entries
+@hourly root [ -x /usr/sbin/dsa-update-apt-status ] && sleep $(( $RANDOM \% 1800 )) && /usr/sbin/dsa-update-apt-status 2>&1 | logger -t dsa-update-apt-status
+13 */8 * * * root [ -x /usr/sbin/dsa-update-samhain-status ] && sleep $(( $RANDOM \% 27000 )) && /usr/sbin/dsa-update-samhain-status
+40 12 25 * * root [ -x /usr/sbin/dsa-update-unowned-file-status ] && sleep $(( $RANDOM \% 86400 )) && /usr/sbin/dsa-update-unowned-file-status
source => 'puppet:///modules/dsa_systemd/systemd-cleanup-failed',
mode => '0555',
}
- concat::fragment { 'dsa-puppet-stuff--systemd-cleanup-failed':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--systemd-cleanup-failed':
+ target => '/etc/cron.d/puppet-crontab',
content => @("EOF"),
*/10 * * * * root /usr/local/sbin/systemd-cleanup-failed
| EOF
}
if has_role('mailrelay') {
- concat::fragment { 'dsa-puppet-stuff--email-virtualdomains':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--email-virtualdomains':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
@hourly root if [ ! -d /etc/exim4/email-virtualdomains ]; then cd /etc/exim4 && git clone mail-git:email-virtualdomains ; fi && cd /etc/exim4/email-virtualdomains && git pull --quiet --ff-only
| EOF
}
# XXX Maybe this will be automatically done in buster, it is certainly needed in stretch. So maybe: versioncmp($::lsbmajdistrelease, '9') <= 0
- concat::fragment { 'dsa-puppet-stuff--fail2ban-cleanup':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--fail2ban-cleanup':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
17 * * * * root chronic python3 -c "import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.INFO); from fail2ban.server.database import Fail2BanDb; db = Fail2BanDb('/var/lib/fail2ban/fail2ban.sqlite3'); db.purge(); db._db.cursor().execute('VACUUM')"
| EOF
mode => '0555',
}
file { '/etc/cron.d/puppet-crazy-multipath-restart': ensure => absent, }
- concat::fragment { 'dsa-puppet-stuff--multipath-restart':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--multipath-restart':
+ target => '/etc/cron.d/puppet-crontab',
content => @("EOF"),
*/15 * * * * root /usr/local/sbin/crazy-multipath-restart
| EOF
class hardware::fixes {
case $::hostname {
bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14,lobos,villa: {
- concat::fragment { 'dsa-puppet-stuff--hp-health':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--hp-health':
+ target => '/etc/cron.d/puppet-crontab',
#order => '100',
content => @(EOF)
@hourly root (for i in `seq 1 5`; do timeout 25 hpasmcli -s help && break; sleep 5; service hp-health stop; sleep 5; service hp-health start; sleep 10; done) > /dev/null 2>/dev/null
default => 'dsa-check-hpssacli'
}
- concat::fragment { 'dsa-puppet-stuff--nagios--dsa-check-hpssacli':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--nagios--dsa-check-hpssacli':
+ target => '/etc/cron.d/puppet-crontab',
order => '020',
content => @("EOF")
27 */2 * * * root sleep $(( RANDOM \% 900 )); dsa-wrap-nagios-check ${cmd}
file { '/etc/cron.d/puppet-munin-cleanup': ensure => absent; }
- concat::fragment { 'dsa-puppet-stuff--munin-master':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--munin-master':
+ target => '/etc/cron.d/puppet-crontab',
source => 'puppet:///modules/munin/master-cleanup-cron',
}
}
}
file { '/etc/cron.d/puppet-nagios-wraps': ensure => absent, }
- concat::fragment { 'dsa-puppet-stuff--nagios--dsa-check-puppet-agent':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--nagios--dsa-check-puppet-agent':
+ target => '/etc/cron.d/puppet-crontab',
order => '010',
content => @(EOF)
47 * * * * root dsa-wrap-nagios-check -s puppet-agent dsa-check-puppet_agent -d0 -c 28800 -w 18000
group => 'nagiosadm',
}
- concat::fragment { 'dsa-puppet-stuff--nagios--restart-stale-icinga':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--nagios--restart-stale-icinga':
+ target => '/etc/cron.d/puppet-crontab',
order => '010',
content => @(EOF)
*/15 * * * * root find /var/lib/icinga/status.dat -mmin +20 | grep -q . && service icinga restart
source => 'puppet:///modules/named/common/trigger',
}
file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; }
- concat::fragment { 'dsa-puppet-stuff--geodns-boot':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--geodns-boot':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
@reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null
| EOF
| EOF
}
- concat::fragment { 'dsa-puppet-stuff--nsec3':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--nsec3':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
13 19 4 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.net
29 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.org
source => 'puppet:///modules/porterbox/schroot-list-sessions',
}
file { '/etc/cron.d/puppet-update-dchroots': ensure => absent; }
- concat::fragment { 'dsa-puppet-stuff--porterbox-chroot-update':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--porterbox-chroot-update':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
0 15 * * 0 root PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin setup-all-dchroots
| EOF
owner => 'debbackup',
mode => '0755',
}
- concat::fragment { 'dsa-puppet-stuff--postgres-make_base_backups':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--postgres-make_base_backups':
+ target => '/etc/cron.d/puppet-crontab',
content => @("EOF")
*/30 * * * * debbackup sleep $(( RANDOM \% 1200 )); chronic ${$postgres::backup_server::globals::make_base_backups}
| EOF
file { '/etc/cron.d/puppet-update-fastly-ips': ensure => absent, }
file { '/etc/cron.d/update-fastly-ips': ensure => absent, }
- concat::fragment { 'dsa-puppet-stuff---fastly-ips':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab---fastly-ips':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
@daily root /usr/local/bin/update-fastly-ips /srv/puppet.debian.org/puppet-facts/fastly_ranges.yaml
| EOF
}
file { '/etc/cron.d/puppet-static-mirror': ensure => absent, }
- concat::fragment { 'dsa-puppet-stuff--static-mirror':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--static-mirror':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
@reboot staticsync sleep 60; chronic static-mirror-run-all
| EOF
}
file { '/etc/cron.d/puppet-weblog-provider': ensure => absent, }
- concat::fragment { 'dsa-puppet-stuff--weblog-provider':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--weblog-provider':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
0 1 * * * weblogsync sleep $((RANDOM \% 1800)); rsync -a --delete-excluded --include 'www.debian.org-access.log-*gz' --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@wolkenstein.debian.org:-weblogs-incoming-
| EOF
dir=3/etc/exim4/email-virtualdomains
file=/etc/ssh/ssh_config
file=/etc/ssh/sshd_config
-file=/etc/dsa/cron.ignore.dsa-puppet-stuff
+file=/etc/dsa/cron.ignore.puppet-crontab
file=/etc/vsftpd.conf
file=/etc/aliases
file=/etc/multipath.conf
file=/etc/monit/monitrc
file=/etc/monit/monit.d/01puppet
file=/etc/monit/monit.d/00debian.org
-file=/etc/cron.d/dsa-puppet-stuff
+file=/etc/cron.d/puppet-crontab
file=/etc/cron.weekly/stunnel-ekey-restart
file=/etc/default/schroot
file=/etc/schroot/default/nssdatabases
include webserver::defaultpage
file { '/etc/cron.d/puppet-export-scheduled-shutdown': ensure => absent, }
- concat::fragment { 'dsa-puppet-stuff--webserver-export-shutdown':
- target => '/etc/cron.d/dsa-puppet-stuff',
+ concat::fragment { 'puppet-crontab--webserver-export-shutdown':
+ target => '/etc/cron.d/puppet-crontab',
content => @(EOF)
*/2 * * * * root mkdir -p /run/dsa/shutdown-marker; if dsa-is-shutdown-scheduled; then echo 'system-in-shutdown' > /run/dsa/shutdown-marker/shutdown-in-progress; else rm -f /run/dsa/shutdown-marker/shutdown-in-progress; fi
| EOF