projects / mirror / dsa-puppet.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: fb2d1f4)
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa...
authorMartin Zobel-Helas <zobel@debian.org>
Wed, 26 Apr 2017 12:57:43 +0000 (14:57 +0200)
committerMartin Zobel-Helas <zobel@debian.org>
Wed, 26 Apr 2017 12:57:43 +0000 (14:57 +0200)
* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  samhain: ignore /etc/schroot/setup.d/99builddsourceslist
  setup-dchroot: fix SUITE_ARCH detection for jessie kfreebsd chroots
  99porterbox-extra-sources: use jessie-kfreebsd as base for jessie-backports kfreebsd chroots
  99builddsourceslist: add a hack to handle the kfreebsd jessie-backport case
  Always set permissions of apache2 log directory
  Fix previous commit
  Drop outgoing IPv4 multicast traffic at AQL

modules/apache2/manifests/init.pp patch | blob | history
modules/ferm/manifests/aql.pp [new file with mode: 0644] patch | blob
modules/ferm/manifests/per_host.pp patch | blob | history
modules/roles/manifests/weblog_provider.pp patch | blob | history
modules/samhain/templates/samhainrc.erb patch | blob | history
modules/schroot/files/schroot-setup.d/99builddsourceslist patch | blob | history
modules/schroot/files/schroot-setup.d/99porterbox-extra-sources patch | blob | history
modules/schroot/files/setup-dchroot patch | blob | history

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index b0bde41..f279cde 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -132,6 +132,10 @@ class apache2 {
                content => template('apache2/disabled-index.html'),
        }
 
+       file { '/var/log/apache2':
+               ensure => directory,
+               mode   => '0755',
+       }
        file { '/var/log/apache2/.nobackup':
                mode    => '0644',
                content => '',
diff --git a/modules/ferm/manifests/aql.pp b/modules/ferm/manifests/aql.pp
new file mode 100644 (file)
index 0000000..b5578e2
--- /dev/null
+++ b/modules/ferm/manifests/aql.pp
@@ -0,0 +1,10 @@
+class ferm::aql {
+       @ferm::rule { 'dsa-drop-multicast':
+               domain      => 'ip',
+               description => 'drop multicast traffic to avoid triggering protection',
+               table       => 'filter',
+               chain       => 'OUTPUT',
+               rule        => 'destination 224.0.0.0/24 jump log_or_drop'
+       }
+}
+
diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index f736213..952f52a 100644 (file)
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -3,6 +3,10 @@ class ferm::per_host {
                include ferm::zivit
        }
 
+       if (getfromhash($site::nodeinfo, 'hoster', 'name') == "aql") {
+               include ferm::aql
+       }
+
        case $::hostname {
                czerny,clementi: {
                        @ferm::rule { 'dsa-upsmon':
diff --git a/modules/roles/manifests/weblog_provider.pp b/modules/roles/manifests/weblog_provider.pp
index 30c4d5f..df50602 100644 (file)
--- a/modules/roles/manifests/weblog_provider.pp
+++ b/modules/roles/manifests/weblog_provider.pp
@@ -5,10 +5,6 @@ class roles::weblog_provider {
                        onlyif  => '/usr/bin/getent passwd weblogsync > /dev/null && ! [ -e /home/weblogsync/.ssh/id_rsa ]'
                }
        } else {
-               file { '/var/log/apache2':
-                       ensure => directory,
-                       mode   => '0755',
-               }
                file { '/etc/cron.d/puppet-weblog-provider':
                        content => "SHELL=/bin/bash\n\n0 1 * * * weblogsync sleep $((RANDOM \% 1800)); rsync -a --delete-excluded --include 'www.debian.org-access.log-*gz' --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@wolkenstein.debian.org:-weblogs-incoming-\n",
                }
diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index b737307..2889636 100644 (file)
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -435,6 +435,7 @@ file=/etc/cron.d/puppet-nagios-wraps
 file=/etc/cron.weekly/stunnel-ekey-restart
 file=/etc/default/schroot
 file=/etc/schroot/default/nssdatabases
+file=/etc/schroot/setup.d/99builddsourceslist
 file=/etc/schroot/setup.d/99porterbox-extra-sources
 file=/etc/schroot/setup.d/99porterbox-extra-apt-options
 file=/etc/openvswitch/conf.db
diff --git a/modules/schroot/files/schroot-setup.d/99builddsourceslist b/modules/schroot/files/schroot-setup.d/99builddsourceslist
index 427f830..7a61391 100755 (executable)
--- a/modules/schroot/files/schroot-setup.d/99builddsourceslist
+++ b/modules/schroot/files/schroot-setup.d/99builddsourceslist
@@ -141,9 +141,15 @@ if [ "$1" = "setup-start" ] || [ "$1" = "setup-recover" ]; then
             domirror "http://security-master.debian.org/debian-security-buildd buildd-${SUITE_BASE}/updates COMPONENT" ${APT_LIST}
 
         elif [ "${SUITE_VARIANT%%-sloppy}" = 'backports' ]; then
-            SUITES="${SUITE_BASE}"
+            # Hack: for kfreebsd-* the base suite for jessie-backports and jessie-backports-sloppy is jessie-kfreebsd (and not jessie)
+            if echo "${CHROOT_ALIAS}" | grep -q 'kfreebsd-\w\+-sbuild$' ; then
+                SUITES="${SUITE_BASE}-kfreebsd"
+            else
+                SUITES="${SUITE_BASE}"
+            fi
             [ -n "${debian_mirror}" ] && domirror "${debian_mirror} SUITE COMPONENT" ${APT_LIST}
             domirror "http://ftp.debian.org/debian SUITE COMPONENT" ${APT_LIST}
+            SUITES="${SUITE_BASE}"
             [ -n "${debian_mirror}" ] && domirror "${debian_mirror} SUITE-backports COMPONENT" ${APT_LIST}
             domirror "http://ftp.debian.org/debian SUITE-backports COMPONENT" ${APT_LIST}
             if [ "${debian_incoming}" != 'no' ]; then
diff --git a/modules/schroot/files/schroot-setup.d/99porterbox-extra-sources b/modules/schroot/files/schroot-setup.d/99porterbox-extra-sources
index 299ce5c..e6e0f08 100755 (executable)
--- a/modules/schroot/files/schroot-setup.d/99porterbox-extra-sources
+++ b/modules/schroot/files/schroot-setup.d/99porterbox-extra-sources
@@ -92,8 +92,8 @@ if [ "$1" = "setup-start" ] || [ "$1" = "setup-recover" ]; then
 
       case "${SUITE_VARIANT:-}" in
         backports)
-          echo "deb     $mirror ${suite_alias}-${SUITE_VARIANT} main" >> "$SRCL"
-          echo "deb-src $mirror ${suite_alias}-${SUITE_VARIANT} main" >> "$SRCL"
+          echo "deb     $mirror ${SUITE_BASE}-${SUITE_VARIANT} main" >> "$SRCL"
+          echo "deb-src $mirror ${SUITE_BASE}-${SUITE_VARIANT} main" >> "$SRCL"
           ;;
       esac
       ;;
diff --git a/modules/schroot/files/setup-dchroot b/modules/schroot/files/setup-dchroot
index e63d723..e727138 100755 (executable)
--- a/modules/schroot/files/setup-dchroot
+++ b/modules/schroot/files/setup-dchroot
@@ -89,6 +89,7 @@ genschrootconf() {
         local name="${suite}_${arch}-dchroot"
     fi
 
+    local fullname="$name"
     case "$arch" in
         kfreebsd-*)
             aliases="$name"
@@ -101,7 +102,7 @@ genschrootconf() {
 
 cat << EOF
 [${name}]
-description=[${name}] Debian $suite chroot for $arch
+description=[${fullname}] Debian $suite chroot for $arch
 type=file
 file=$target
 EOF
Unnamed repository; edit this file 'description' to name the repository.