* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet: (31 commits)
Drop handling of [debian rt], just strip the debian rt tag
Make sure to fix up subject headers for all RT addresses, not just one
Avoid testing first_delivery as it appears it is not set for a router
Strip out "debian rt" from subjects going into RT
line terminators, bah
ranges for Mithrandir
and also in the mime acl
mundy -> squeeze
dak -> dak-unpriv
turns out we want -v as well
and we want the restricted list
add megactl package, and sudo for nagios
and ignore the new file
if we declare a dependency on schroot, it needs to be a resource
kassia and merikanto to ftp-upcoming
ftp-upcoming.debian.org dns
ftp-upcoming
ftp-upcoming
fix username vs. groupname
accounting sudo
...
case $mptraid {
"true": { include "raidmpt" }
}
+ case $productname {
+ "PowerEdge 2850": { include megactl }
+ }
case $mta {
"exim4": {
case getfromhash($nodeinfo, 'apache2_backports_mirror') {
true: { include apache2::backports_mirror }
}
+ case getfromhash($nodeinfo, 'apache2_ftp-upcoming_mirror') {
+ true: { include apache2::ftp-upcoming_mirror }
+ }
include apache2
}
}
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+<VirtualHost *:80>
+ ServerAdmin ftpmaster@debian.org
+ DocumentRoot /srv/mirrors/buildd-all
+ ServerName ftp-upcoming.debian.org
+
+ ErrorLog /var/log/apache2/ftp-upcoming.debian.org-error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/ftp-upcoming.debian.org-access.log combined
+
+ IndexOptions FancyIndexing NameWidth=*
+</VirtualHost>
--- /dev/null
+class apache2::ftp-upcoming_mirror inherits apache2 {
+ file {
+ "/etc/apache2/sites-available/ftp-upcoming.debian.org":
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/sites-available/ftp-upcoming.debian.org",
+ "puppet:///modules/apache2/common/etc/apache2/sites-available/ftp-upcoming.debian.org" ];
+
+ }
+
+ activate_apache_site {
+ "010-ftp-upcoming.debian.org": site => "ftp-upcoming.debian.org";
+ }
+
+}
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+# This is a configuration file for /etc/init.d/schroot; it allows you
+# to perform common modifications to the behavior of schroot
+# initialization without editing the init script (and thus getting
+# prompted by dpkg on upgrades). Note that the defaults defined here
+# are not used when invoking the schroot command; to configure schroot
+# behaviour have a look at /etc/schroot/* and the schroot manual page
+# ("man schroot").
+
+# What do we want to do with "orphan" sessions when starting or
+# restarting? Recover them (leave empty or set to "recover") or just
+# end them (set to "end")?
+SESSIONS_RECOVER="end"
class buildd {
package {
+ "schroot": ensure => installed;
"sbuild": ensure => installed;
"buildd": ensure => installed;
"buildd-builder-meta": ensure => installed;
source => "puppet:///modules/buildd/dupload.conf",
require => Package["dupload"]
;
+ "/etc/default/schroot":
+ source => "puppet:///modules/buildd/default-schroot",
+ require => Package["schroot"]
+ ;
}
case $kernel {
dijkstra.debian.org: Lowell Dijkstra (b.1952)
draghi.debian.org: Antonio Draghi (1635 - January 16th, 1700)
duarte.debian.org: Leonora Duarte (July 28th, 1610 - 1678)
+ elgar.debian.org: Edward Elgar (1857 - 1934)
englund.debian.org: Sven Einar Englund (June 17th, 1916 - June 27th, 1999)
fano.debian.org: Guido Alberto Fano (March 18th, 1875 - August 14th, 1961)
fasch.debian.org: Johann Friedrich Fasch (1688 - 1758)
gabrielli.debian.org: Domenico Gabrielli (April 15th, 1651 - July 10th, 1690)
glinka.debian.org: Mikhail Ivanovich Glinka (1804 - 1857)
gluck.debian.org: Christoph Willibald Ritter von Gluck (July 2nd, 1714 - November 15th, 1787)
+ dukas.debian.org: Paul Dukas (1865 - 1935)
goedel.debian.org: Kurt Gödel (April 28th, 1906 - January 14th, 1978)
goetz.debian.org: Hermann Gustav Goetz (December 7th, 1840 - December 3rd, 1876)
grieg.debian.org: Edvard Hagerup Grieg (June 15th, 1843 - September 4th, 1907)
tartini.debian.org: Giuseppe Tartini (April 8th, 1692 - February 26th, 1770)
tchaikovsky.debian.org: Pyotr Ilyich Tchaikovsky (Пётр Ильич Чайковский) (May 7th, 1840 - November 6th, 1893)
traetta.debian.org: Tommaso Michele Francesco Saverio Traetta (March 30th, 1727 - April 6th, 1779)
+ tye.debian.org: Christopher Tye (c.1505 - 1573)
unger.debian.org: Caroline Unger (October 28th, 1803 - March 23th, 1877)
valente.debian.org: Vincenzo Valente (February 21st, 1855 - September 6th, 1921)
vitry.debian.org: Philippe de Vitry (October 31st, 1291 - June 9th, 1361)
- kokkonen.debian.org
- senfl.debian.org
- santoro.debian.org
- # www-master is handled differently.
- # - wolkenstein.debian.org
+ 'apache2_ftp-upcoming_mirror':
+ - rietz.debian.org
+ - kassia.debian.org
+ - merikanto.debian.org
apache2_backports_mirror:
- englund.debian.org
- morricone.debian.org
- dijkstra.debian.org
- draghi.debian.org
- duarte.debian.org
+ - dukas.debian.org
+ - elgar.debian.org
- englund.debian.org
- fano.debian.org
- fasch.debian.org
- master.debian.org
- merikanto.debian.org
- morricone.debian.org
+ - mundy.debian.org
- murphy.debian.org
- nono.debian.org
- orff.debian.org
- steffani.debian.org
- tchaikovsky.debian.org
- traetta.debian.org
+ - tye.debian.org
- unger.debian.org
- villa.debian.org
- vitry.debian.org
diamond.debian.org: mailout.debian.org
dijkstra.debian.org: mailout.debian.org
duarte.debian.org: mailout.debian.org
+ elgar.debian.org: mailout.debian.org
englund.debian.org: mailout.debian.org
escher.debian.org: mailout.debian.org
fano.debian.org: mailout.debian.org
<%- if nodeinfo.has_key?('heavy_exim') and nodeinfo['heavy_exim'] -%>
acl_check_mime:
+ accept verify = certificate
+ accept hosts = +debianhosts
+
discard condition = ${if <{$message_size}{256000}}
condition = ${if eq {$acl_m_prf}{blackhole}}
set acl_m_srb = ${perl{surblspamcheck}}
}
message = Mail to this address needs to be PGP-signed
- accept verify = certificate
+ accept verify = certificate
+ accept hosts = +debianhosts
deny condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
!verify = header_syntax
local_part_suffix = +new
pipe_transport = rt_pipe
data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
- headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+ headers_remove = Subject
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)debian rt\\s*(.*)}}} {$1$2}{$h_subject:}}"
# FIXME: figure out how to generalize this approach so that all of the following would work
# - rt+NNNN@rt.debian.org : attach correspondence to ticket (verbose)
local_part_suffix = +new-quiesce
pipe_transport = rt_pipe
data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
- headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce"
+ headers_remove = Subject
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)debian rt\\s*(.*)}}} {$1$2}{$h_subject:}}"
rt_otherwise:
debug_print = "R: rt for $local_part@$domain"
local_part_suffix_optional
pipe_transport = rt_pipe
data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
- headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+ headers_remove = Subject
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)debian rt\\s*(.*)}}} {$1$2}{$h_subject:}}"
<%- end -%>
when "draghi.debian.org" then "db.debian.org: user=mail_db group=nogroup directory=/srv/db.debian.org/mail"
+ when "dukas.debian.org" then "ddtp.debian.org: user=ddtp group=ddtp directory=/srv/ddtp.debian.org/mail/"
+
when "franck.debian.org" then "release.debian.org: user=release group=debian-release directory=/org/release.debian.org/mail
ftp-master.debian.org: user=dak group=debadmin directory=/srv/ftp-master.debian.org/mail group_writable=true"
when "tartini.debian.org" then "forums.debian.net: user=forums group=forums directory=/srv/forums.debian.net/mail"
+ when "tye.debian.org" then "i18n.debian.org: user=debian-i18n group=debian-i18n directory=/srv/i18n.debian.org/mail"
+
when "valente.debian.org" then "volatile.debian.org: user=volatile group=volatile directory=/srv/volatile-master.debian.org/mail"
when "wolkenstein.debian.org" then "www-master.debian.org: user=debwww group=debwww directory=/srv/www.debian.org/mail/"
@def $zobel = ($zobel 87.193.134.192/27); # credativ qsc
@def $zobel = ($zobel 78.47.2.104/29); # baldur, bragi, saga
@def $luca = (64.71.152.109);
-@def $DSA_IPS = ($sgran $weasel $zobel $luca);
+@def $paravoid = (83.212.9.72); # faidon.noc.grnet.gr
+@def $tfheen = (87.238.43.224/27);
+@def $DSA_IPS = ($sgran $weasel $zobel $luca $paravoid $tfheen);
@def $sgran6 = (2001:4b10:100b::/48);
@def $sgran6 = ($sgran6 2001:4b10:0000:810b::/64);
@def $zobel6 = ($zobel6 2a01:198:549::/48); # WGS20
@def $zobel6 = ($zobel6 2a01:198:6b2::/48); # AdS20
@def $luca6 = ();
-@def $DSA_V6_IPS = ($sgran6 $weasel6 $zobel6 $luca6);
+@def $paravoid6 = (2001:648:2340:1:225:64ff:fea4:8590); # faidon.noc.grnet.gr
+@def $tfheen6 = (2a02:c0:1013:1::/64);
+@def $DSA_V6_IPS = ($sgran6 $weasel6 $zobel6 $luca6 $paravoid6 $tfheen6);
@def $USER_christoph = ();
@def $USER_christoph = ($USER_christoph 212.114.250.148/31);
--- /dev/null
+class megactl {
+ package {
+ megactl: ensure => installed;
+ }
+ file {
+ "/etc/apt/sources.list.d/debian.restricted.list":
+ content => template("debian-org/etc/apt/sources.list.d/debian.restricted.list.erb"),
+ notify => Exec["apt-get update"];
+ }
+}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
allow-transfer { };
};
+ zone "ftp-upcoming.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.ftp-upcoming.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "ftp.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.ftp.debian.org.AF";
allow-transfer { };
};
+ zone "ftp-upcoming.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.ftp-upcoming.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "ftp.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.ftp.debian.org.AN";
allow-transfer { };
};
+ zone "ftp-upcoming.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.ftp-upcoming.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "ftp.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.ftp.debian.org.AS";
allow-transfer { };
};
+ zone "ftp-upcoming.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.ftp-upcoming.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "ftp.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.ftp.debian.org.EU";
allow-transfer { };
};
+ zone "ftp-upcoming.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.ftp-upcoming.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "ftp.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.ftp.debian.org.NA";
allow-transfer { };
};
+ zone "ftp-upcoming.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.ftp-upcoming.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "ftp.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.ftp.debian.org.OC";
allow-transfer { };
};
+ zone "ftp-upcoming.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.ftp-upcoming.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "ftp.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.ftp.debian.org.SA";
allow-transfer { };
};
+ zone "ftp-upcoming.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.ftp-upcoming.debian.org.undef";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "ftp.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.ftp.debian.org.undef";
allow-transfer { };
};
+ zone "ftp-upcoming.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.ftp-upcoming.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "ftp.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.ftp.debian.org";
file=/etc/puppet/puppet.conf
file=/etc/default/puppet
file=/etc/default/postgrey
+file=/etc/default/schroot
file=/etc/default/syslog-ng
file=/etc/logrotate.d/exim4-paniclog
file=/etc/logrotate.d/exim4-base
Host_Alias AACRAIDHOSTS = bellini, morricone, paganini, respighi, vivaldi, beethoven, pettersson
Host_Alias MEGARAIDHOSTS = grieg, rautavaara, sibelius
Host_Alias MPTRAIDHOSTS = master, fasch, holter, barber, biber, cilea, vitry, krenek, scelsi, orff, field
+Host_Alias MEGACTLHOSTS = lindberg, englund, heininen
# Cmnd alias specification
nagios MPTRAIDHOSTS=(ALL) NOPASSWD: /usr/sbin/mpt-status -s
nagios AACRAIDHOSTS=(ALL) NOPASSWD: /usr/local/bin/arcconf GETCONFIG 1 LD, /usr/local/bin/arcconf GETCONFIG 1 AD
nagios MEGARAIDHOSTS=(ALL) NOPASSWD: /usr/local/bin/megarc -AllAdpInfo -nolog, /usr/local/bin/megarc -dispCfg -a0 -nolog
+nagios MEGACTLHOSTS=(ALL) NOPASSWD: /usr/sbin/megactl -Hv
# other nagios things
nagios beethoven=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
# groups and their role accounts
+%auditor ALL=(accounting) ALL
%backports ALL=(backports) ALL
%buildd ALL=(buildd) ALL
%d-i ALL=(d-i) ALL
%dde ALL=(dde) ALL
+%ddtp ALL=(ddtp) ALL
%debadmin ALL=(dak) ALL
%debbugs ALL=(debbugs) ALL
%debbugs ALL=(debbugs-mirror) ALL
%debian-cd ALL=(debian-cd) ALL
+%debian-i18n ALL=(debian-i18n) ALL
%debian-release ALL=(release) ALL
%debvoip cilea=(freeswitch) ALL
%debwww ALL=(debwww) ALL
%wikiadm ALL=(wiki) ALL
%qa-core QAHOSTS=(qa) ALL
+# the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
+dak ALL=(dak-unpriv) NOPASSWD: ALL
+
# some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update