switch to new hostname/ip

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/exim/files/common/whitelist b/modules/exim/files/common/whitelist
index 7474f1e..c515873 100644 (file)
--- a/modules/exim/files/common/whitelist
+++ b/modules/exim/files/common/whitelist
@@ -3,6 +3,6 @@
 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
 ##
 
-217.196.43.134
+5.153.231.21
 *.debconf.org
 *.spi-inc.org

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 7f967c4..bc847a1 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -908,7 +908,7 @@ check_message:
 
 <%- end -%>
 <%- if scope.lookupvar('site::nodeinfo')['packagesqamaster'] -%>
-  deny    !hosts  = +debianhosts : 217.196.43.134
+  deny    !hosts  = +debianhosts : 5.153.231.21
           condition = ${if eq {$acl_m_prf}{PTSMail}}
           condition = ${if def:h_X-PTS-Approved:{false}{true}}
           message   = messages to the PTS require an X-PTS-Approved header

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index ecba854..df0a320 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -15,7 +15,7 @@ class ferm::per-host {
                samosa: {
                        @ferm::rule { 'dsa-udd-stunnel':
                                description  => 'port 8080 for udd stunnel',
-                               rule         => '&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))'
+                               rule         => '&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 5.153.231.21 ))'
                        }
                }
                czerny,clementi: {
@@ -26,16 +26,16 @@ class ferm::per-host {
                }
                bendel: {
                        @ferm::rule { 'listmaster-ontp-in':
-                               description     => 'ONTP has a broken mail setup',
-                               table           => 'filter',
-                               chain           => 'INPUT',
-                               rule            => 'source 188.165.23.89/32 proto tcp dport 25 jump DROP',
+                               description => 'ONTP has a broken mail setup',
+                               table       => 'filter',
+                               chain       => 'INPUT',
+                               rule        => 'source 188.165.23.89/32 proto tcp dport 25 jump DROP',
                        }
                        @ferm::rule { 'listmaster-ontp-out':
-                               description     => 'ONTP has a broken mail setup',
-                               table           => 'filter',
-                               chain           => 'OUTPUT',
-                               rule            => 'destination 78.8.208.246/32 proto tcp dport 25 jump DROP',
+                               description => 'ONTP has a broken mail setup',
+                               table       => 'filter',
+                               chain       => 'OUTPUT',
+                               rule        => 'destination 78.8.208.246/32 proto tcp dport 25 jump DROP',
                        }
                }
                abel,alwyn,rietz,jenkins: {
@@ -184,13 +184,13 @@ class ferm::per-host {
                ullmann: {
                        @ferm::rule { 'dsa-postgres-udd':
                                description     => 'Allow postgress access',
-                               # quantz, wagner, master, couper, coccia, franck
-                               rule            => '&SERVICE_RANGE(tcp, 5452, ( 206.12.19.122/32 217.196.43.134/32 217.196.43.132/32 82.195.75.110/32 5.153.231.14/32 5.153.231.11/32 138.16.160.12/32 ))'
+                               # quantz, moszumanska, master, couper, coccia, franck
+                               rule            => '&SERVICE_RANGE(tcp, 5452, ( 206.12.19.122/32 5.153.231.21/32 82.195.75.110/32 5.153.231.14/32 5.153.231.11/32 138.16.160.12/32 ))'
                        }
                        @ferm::rule { 'dsa-postgres-udd6':
                                domain          => '(ip6)',
                                description     => 'Allow postgress access',
-                               rule            => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:11/32 ))'
+                               rule            => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:11/32 2001:41c8:1000:21::21:21/128 ))'
                        }
                }
                grieg: {
@@ -281,6 +281,7 @@ class ferm::per-host {
                        }
 
                }
+               default: {}
        }
        # vpn fu
        case $::hostname {
@@ -309,5 +310,6 @@ REJECT reject-with icmp-admin-prohibited
                                rule            => 'outerface !tun+ mod mark mark 1 MASQUERADE',
                        }
                }
+               default: {}
        }
 }

diff --git a/modules/named/templates/named.conf.debian-zones.erb b/modules/named/templates/named.conf.debian-zones.erb
index 754acd0..2702314 100644 (file)
--- a/modules/named/templates/named.conf.debian-zones.erb
+++ b/modules/named/templates/named.conf.debian-zones.erb
@@ -83,7 +83,7 @@ zone "alioth.debian.org" {
        notify no;
        file "db.alioth.debian.org";
        masters {
-               217.196.43.132;
+               5.153.231.21;
        };
        allow-query { any; };
        allow-transfer { };

diff --git a/modules/roles/files/static-mirroring/static-components.conf b/modules/roles/files/static-mirroring/static-components.conf
index 8a086d4..621215c 100644 (file)
--- a/modules/roles/files/static-mirroring/static-components.conf
+++ b/modules/roles/files/static-mirroring/static-components.conf
@@ -1,7 +1,7 @@
 # puppetd maintained
 # <master> <service> <source host> <directory> <extra push hosts, comma separated>
 
-bizet.debian.org       mozilla.debian.net              wagner.debian.org       /srv/home/groups/pkg-mozilla/htdocs
+bizet.debian.org       mozilla.debian.net              moszumanska.debian.org  /srv/home/groups/pkg-mozilla/htdocs
 bizet.debian.org       planet.debian.org               philp.debian.org        /srv/planet.debian.org/www
 bizet.debian.org       www.debian.org                  wolkenstein.debian.org  /srv/www.debian.org/www
 bizet.debian.org       bits.debian.org                 master.debian.org       /srv/bits-master.debian.org/htdocs

diff --git a/modules/roles/templates/static-mirroring/staticsync-authorized_keys.erb b/modules/roles/templates/static-mirroring/staticsync-authorized_keys.erb
index fa188ac..03e91b0 100644 (file)
--- a/modules/roles/templates/static-mirroring/staticsync-authorized_keys.erb
+++ b/modules/roles/templates/static-mirroring/staticsync-authorized_keys.erb
@@ -24,7 +24,7 @@ localinfo.keys.sort.each do |node|
     end
 end
 
-callers << { 'node' => 'wagner.debian.org', 'addr' => allnodeinfo['wagner.debian.org']['ipHostNumber'], 'key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXHFIkIhOC5iDa0d0IN5w6tUUL2T2iXCYcS2+dandE9f550OpKQ/evUZhw4EERNYDA3G7GV3jJzQR0j/KZWJUtDCichmqS94xJqXURmZVNeLXWY9x/N7CB1iG1Iblu6sgyTUrs7N6Wb0fUab3AXAi9KIXdwNLY622reR9T//bRULPVIl5VFpYtGBPT9n3wR7fLQ4ndEcUmEGcM4jRbpLmye4QGgJotuzeBWUpX+U648Yly6U7NlAJIWPUt7hEzMz2AC81SLhGCwTk6sb19n2dO6WN2ndynp8PLG1emtgd1/DaeaRyPcitoWgSoDNgKNk3zLIDtCdSYvFI8xXrm6cK3 staticsync@wagner'}
+callers << { 'node' => 'moszumanska.debian.org', 'addr' => allnodeinfo['moszumanska.debian.org']['ipHostNumber'], 'key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXHFIkIhOC5iDa0d0IN5w6tUUL2T2iXCYcS2+dandE9f550OpKQ/evUZhw4EERNYDA3G7GV3jJzQR0j/KZWJUtDCichmqS94xJqXURmZVNeLXWY9x/N7CB1iG1Iblu6sgyTUrs7N6Wb0fUab3AXAi9KIXdwNLY622reR9T//bRULPVIl5VFpYtGBPT9n3wR7fLQ4ndEcUmEGcM4jRbpLmye4QGgJotuzeBWUpX+U648Yly6U7NlAJIWPUt7hEzMz2AC81SLhGCwTk6sb19n2dO6WN2ndynp8PLG1emtgd1/DaeaRyPcitoWgSoDNgKNk3zLIDtCdSYvFI8xXrm6cK3 staticsync@wagner'}
 
 lines = []
 for m in callers do

diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb
index 6767e3f..459a0f2 100644 (file)
--- a/modules/ssh/templates/authorized_keys.erb
+++ b/modules/ssh/templates/authorized_keys.erb
@@ -51,7 +51,7 @@ command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnod
    when "backuphost.debian.org" then
      out = ''
      scope.lookupvar('site::allnodeinfo').keys.sort.each do |node|
-       if %w{vasks.debian.org wagner.debian.org stabile.debian.org}.include?(node) then
+       if %w{moszumanska.debian.org stabile.debian.org}.include?(node) then
          out += '# ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '
 command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="' + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].join(',') + '" ' + scope.lookupvar('site::allnodeinfo')[node]['sshRSAHostKey'][0] + '