Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa...

* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  no more afs stuff
  antheil → squeeze
  agricola, abel → squeeze
  arcadelt → squeeze
  Hard code merikanto and orff's IPs for NAT-ed hosts
  Add virt_aliases_regex router
  Strip [] out of the RT tag too

diff --git a/manifests/site.pp b/manifests/site.pp
index be89e07..6c9ecc0 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -143,17 +143,9 @@ node default {
     include samhain
 
     case $hostname {
-        byrd,schuetz,tchaikovsky: {
+        byrd,schuetz,tchaikovsky,draghi,quantz,lamb,locke,rautavaara,rietz: {
             include krb
         }
-        draghi,quantz: {
-            include krb
-            include afs
-        }
-        lamb,locke,rautavaara,rietz: {
-            include krb
-            include afs::server
-        }
     }
 
     case $hostname {

diff --git a/modules/afs/files/CellServDB b/modules/afs/files/CellServDB
deleted file mode 100644 (file)
index fbbb394..0000000
--- a/modules/afs/files/CellServDB
+++ /dev/null
@@ -1,4 +0,0 @@
->debian.org
-82.195.75.101                   #lamb.debian.org
-194.177.211.199                 #rautavaara.debian.org
-206.12.19.120                   #locke.debian.org

diff --git a/modules/afs/files/ThisCell b/modules/afs/files/ThisCell
deleted file mode 100644 (file)
index 9973f0c..0000000
--- a/modules/afs/files/ThisCell
+++ /dev/null
@@ -1 +0,0 @@
-debian.org

diff --git a/modules/afs/files/afs.conf.client b/modules/afs/files/afs.conf.client
deleted file mode 100644 (file)
index 9f57054..0000000
--- a/modules/afs/files/afs.conf.client
+++ /dev/null
@@ -1,5 +0,0 @@
-AFS_CLIENT=true
-AFS_AFSDB=true
-AFS_CRYPT=true
-AFS_DYNROOT=true
-AFS_FAKESTAT=true

diff --git a/modules/afs/manifests/init.pp b/modules/afs/manifests/init.pp
deleted file mode 100644 (file)
index e879d5c..0000000
--- a/modules/afs/manifests/init.pp
+++ /dev/null
@@ -1,41 +0,0 @@
-class afs {
-    package {
-        "openafs-client":
-            ensure => installed,
-            require => File['/etc/openafs/CellServDB',
-                            '/etc/openafs/ThisCell',
-                            '/etc/openafs/afs.conf.client'],
-            ;
-        "openafs-krb5":
-            ensure => installed,
-            ;
-    }
-    file {
-        "/etc/openafs":
-            ensure  => directory,
-            mode    => 755,
-            ;
-        "/etc/openafs/CellServDB":
-            source  => "puppet:///modules/afs/CellServDB",
-            # notify  => # something to call fs newcell maybe?
-            mode    => 444
-            ;
-        "/etc/openafs/ThisCell":
-            source  => "puppet:///modules/afs/ThisCell",
-            mode    => 444
-            ;
-        "/etc/openafs/afs.conf.client":
-            source  => "puppet:///modules/afs/afs.conf.client",
-            mode    => 444
-            ;
-    }
-
-    @ferm::rule { "dsa-afs callback":
-        domain          => "(ip ip6)",
-        description  => "afs callback",
-        rule         => "&SERVICE(udp, afs3-callback)"
-    }
-}
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4:

diff --git a/modules/afs/manifests/server.pp b/modules/afs/manifests/server.pp
deleted file mode 100644 (file)
index 9e663d2..0000000
--- a/modules/afs/manifests/server.pp
+++ /dev/null
@@ -1,35 +0,0 @@
-class afs::server inherits afs {
-    @ferm::rule { "dsa-afs fileserver":
-        domain       => "(ip ip6)",
-        description  => "afs callback",
-        rule         => "&SERVICE(udp, afs3-fileserver)"
-    }
-    @ferm::rule { "dsa-afs prserver":
-        domain       => "(ip ip6)",
-        description  => "afs callback",
-        rule         => "&SERVICE(udp, afs3-prserver)"
-    }
-    @ferm::rule { "dsa-afs vlserver":
-        domain       => "(ip ip6)",
-        description  => "afs callback",
-        rule         => "&SERVICE(udp, afs3-vlserver)"
-    }
-    @ferm::rule { "dsa-afs kaserver":
-        domain       => "(ip ip6)",
-        description  => "afs callback",
-        rule         => "&SERVICE(udp, afs3-kaserver)"
-    }
-    @ferm::rule { "dsa-afs volser":
-        domain       => "(ip ip6)",
-        description  => "afs callback",
-        rule         => "&SERVICE(udp, afs3-volser)"
-    }
-    #@ferm::rule { "dsa-afs bos":
-    #    domain       => "(ip ip6)",
-    #    description  => "afs callback",
-    #    rule         => "&SERVICE(udp, afs3-bos)"
-    #}
-}
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4:

diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml
index fb76a6a..60a2945 100644 (file)
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -233,9 +233,13 @@ host_settings:
     - zandonai.debian.org
     - zee.debian.org
   squeeze:
+    - abel.debian.org
+    - agricola.debian.org
     - alain.debian.org
     - alkman.debian.org
     - alwyn.debian.org
+    - antheil.debian.org
+    - arcadelt.debian.org
     - arne.debian.org
     - ball.debian.org
     - barber.debian.org

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index d774c75..ef32460 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -1184,6 +1184,31 @@ virt_aliases:
   transport_home_directory = ${extract{directory}{VDOMAINDATA}}
   user = ${extract{user}{VDOMAINDATA}}
   
+# No direct match, so try doing a regex match if there's an
+# aliases.regex
+virt_aliases_regex:
+  debug_print = "R: virt_aliases_regex for $local_part$local_part_suffix@$domain"
+  driver = redirect
+  allow_defer
+  allow_fail
+  data = ${if exists{\
+           ${extract{directory}{VDOMAINDATA}{${value}/aliases.regex}}}\
+          {${lookup{$local_part}nwildlsearch*{\
+              ${extract{directory}{VDOMAINDATA}{$value/aliases.regex}}\
+          }}}}
+  directory_transport = address_directory
+  domains = +virtual_domains
+  file_transport = ${if eq {${extract{group_writable}{VDOMAINDATA}}}{true}{address_file_group}{address_file}}
+  cannot_route_message = Unknown user
+  group = ${extract{group}{VDOMAINDATA}}
+  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+  pipe_transport = address_pipe
+  qualify_preserve_domain
+  retry_use_local_part
+  transport_current_directory = ${extract{directory}{VDOMAINDATA}}
+  transport_home_directory = ${extract{directory}{VDOMAINDATA}}
+  user = ${extract{user}{VDOMAINDATA}}
+
 userforward:
   debug_print = "R: userforward for $local_part${local_part_suffix}@$domain"
   driver = redirect
@@ -1301,7 +1326,7 @@ rt_force_new_verbose:
   pipe_transport = rt_pipe
   data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
   headers_remove = Subject
-  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)debian rt\\s*(.*)}}} {$1$2}{$h_subject:}}"
+  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?\\s*(.*)}}} {$1$2}{$h_subject:}}"
 
 # FIXME: figure out how to generalize this approach so that all of the following would work
 # - rt+NNNN@rt.debian.org          : attach correspondence to ticket (verbose)
@@ -1318,7 +1343,7 @@ rt_force_new_quiesce:
   pipe_transport = rt_pipe
   data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
   headers_remove = Subject
-  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)debian rt\\s*(.*)}}} {$1$2}{$h_subject:}}"
+  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?\\s*(.*)}}} {$1$2}{$h_subject:}}"
 
 rt_otherwise:
   debug_print = "R: rt for $local_part@$domain"
@@ -1331,7 +1356,7 @@ rt_otherwise:
   pipe_transport = rt_pipe
   data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
   headers_remove = Subject
-  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)debian rt\\s*(.*)}}} {$1$2}{$h_subject:}}"
+  headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?\\s*(.*)}}} {$1$2}{$h_subject:}}"
 
 <%- end -%>
 

diff --git a/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb b/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb
index 25cdc23..7f5318c 100644 (file)
--- a/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb
+++ b/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb
@@ -27,6 +27,5 @@ end
 #when /(draghi|orff|ravel|klecker|geo[123]).debian.org/: ignore << %w{libdns69 libdns66 libdns64 bind9 libbind9-60 liblwres60 bind9-host libisccfg62 libisccfg60 libisc62 libisc60 dnsutils bind9utils libisccc60}
 #end
 
-ignore << '/openafs-modules-.*/'
 ignore.flatten.join("\n")
 %>

diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf
index 549f023..c0a89c8 100644 (file)
--- a/modules/ntp/templates/ntp.conf
+++ b/modules/ntp/templates/ntp.conf
@@ -26,6 +26,13 @@ server ntp.grnet.gr iburst
 server ntp.ugent.be iburst dynamic
 <% elsif nodeinfo['misc']['natted'] -%>
 # autokey doesn't work behind nat
+
+# merikanto's and orff's ipv4 IP, hard coded for the benefit of hosts
+# that do not have RTC's (since they won't be able to do DNS until
+# they have a reasonable clock).
+server 86.59.118.147        iburst
+server 194.177.211.209      iburst
+
 server merikanto.debian.org iburst
 server orff.debian.org      iburst
 server ravel.debian.org     iburst