## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
##
-5.153.231.21
*.debconf.org
*.spi-inc.org
<%- end -%>
<%- if @is_packagesqamaster -%>
- deny !hosts = +debianhosts : 5.153.231.21
+ deny !hosts = +debianhosts
condition = ${if eq {$acl_m_prf}{PTSMail}}
condition = ${if def:h_X-PTS-Approved:{false}{true}}
message = messages to the PTS require an X-PTS-Approved header
ullmann: {
@ferm::rule { 'dsa-postgres-udd':
description => 'Allow postgress access',
- # quantz, moszumanska, master, coccia
- rule => '&SERVICE_RANGE(tcp, 5452, ( 5.153.231.28/32 5.153.231.21/32 82.195.75.110/32 5.153.231.11/32 ))'
+ # quantz, master, coccia
+ rule => '&SERVICE_RANGE(tcp, 5452, ( 5.153.231.28/32 82.195.75.110/32 5.153.231.11/32 ))'
}
@ferm::rule { 'dsa-postgres-udd6':
domain => '(ip6)',
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5452, ( 2001:41c8:1000:21::21:28/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:11/32 2001:41c8:1000:21::21:21/128 ))'
+ rule => '&SERVICE_RANGE(tcp, 5452, ( 2001:41c8:1000:21::21:28/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:11/32 ))'
}
}
fasolo: {
}
@ferm::rule { 'dsa-postgres-dak':
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5434, ( 5.153.231.11/32 5.153.231.28/32 209.87.16.26/32 5.153.231.21/32 5.153.231.18/32 5.153.231.29/32 128.31.0.69/32 ))'
+ rule => '&SERVICE_RANGE(tcp, 5434, ( 5.153.231.11/32 5.153.231.28/32 209.87.16.26/32 5.153.231.18/32 5.153.231.29/32 128.31.0.69/32 ))'
}
@ferm::rule { 'dsa-postgres-dak6':
domain => 'ip6',
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5434, ( 2001:41c8:1000:21::21:11/128 2001:41c8:1000:21::21:28/128 2607:f8f0:614:1::1274:26/128 2001:41c8:1000:21::21:21/128 2001:41c8:1000:21::21:18/128 2001:41c8:1000:21::21:29/128 ))'
+ rule => '&SERVICE_RANGE(tcp, 5434, ( 2001:41c8:1000:21::21:11/128 2001:41c8:1000:21::21:28/128 2607:f8f0:614:1::1274:26/128 2001:41c8:1000:21::21:18/128 2001:41c8:1000:21::21:29/128 ))'
}
@ferm::rule { 'dsa-postgres-wannabuild':
# wuiet, ullmann
@ferm::rule { '01-dsa-bind-4':
domain => '(ip)',
description => 'Allow nameserver access',
- rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V4 $HOST_NAGIOS_V4 $HOST_RCODE0_V4 $HOST_EASYDNS_V4 $HOST_NETNOD_V4 5.153.231.21 ) )',
+ rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V4 $HOST_NAGIOS_V4 $HOST_RCODE0_V4 $HOST_EASYDNS_V4 $HOST_NETNOD_V4 ) )',
}
@ferm::rule { '01-dsa-bind-6':
domain => '(ip6)',
description => 'Allow nameserver access',
- rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 $HOST_NETNOD_V6 2001:41c8:1000:21::21:21 ) )',
+ rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 $HOST_NETNOD_V6 ) )',
}
} else {
@ferm::rule { '01-dsa-bind':
notify => Exec['update dsa-check-backuppg-manual.conf']
}
file { '/etc/dsa/postgresql-backup/dsa-check-backuppg.conf.d/moszumanska.conf':
- ensure => ($::hostname in [backuphost]) ? {
- true => 'absent',
- default => 'present'
- },
- content => @(EOF),
- ---
- backups:
- moszumanska:
- main:
- | EOF
+ ensure => 'absent',
notify => Exec['update dsa-check-backuppg-manual.conf']
}
File<<| tag == $postgres::backup_server::globals::tag_dsa_check_backupp |>>
fasolo.debian.org 5433 debian-backup dak 9.6
sibelius.debian.org 5433 debian-backup snapshot 9.4
sallinen.debian.org 5473 debian-backup snapshot 9.6
-<%- if @hostname != "backuphost" -%>
-moszumanska.debian.org 5432 debian-backup main 9.1
-<%- end -%>
#
# puppet notice: this is just a partial file. The tail EOF comes
# from a different concat fragment
command="/usr/local/bin/debbackup-ssh-wrap danzi",restrict,from="2607:f8f0:614:1::1274:30,209.87.16.30" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUMgnFZUkYiX8ldYKmiX91Z+CD67dhgyq+3CLW3T2Rn+L8yzsZwT+qU0FCPTOz2RTVI1UUlrAST2u1Zcx9Ys3/8qegQ8LTX/Nu2SEVVVeWOgYAbC2HINfmKELEZh77te1te+wyGoGuXIBlIBiUr5+VtzWPWDY08E6xQf1Y2hCUV4ZOYH6//vM1nKldT588r05hoIgX1um1GKfmGXAVS0z2qcZbRR8mCxrNyIV23pM28urJgF4LgqQFk3chRkyv/Yq7Han4aqnUg32S21bAMsH47B00+wk4zkRoTxyF6TeO6/WsAM1cezx7fMwODd/Ipn6miLtkb1SVgDP/qP1ironZ postgres@danzi (20101211)
command="/usr/local/bin/debbackup-ssh-wrap chopin",restrict,from="2001:8d8:580:400:6564:a62::3,195.20.242.124" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtJ54j48JZRNVRaCeIsRwuw3/gfBgpz9TCR1PUd+NfugscrR9xlYAac+DD7GuGkVb1FZuZLGTkrrg+Ziis5ZOEaib/WxjmdTM0FLLw+3shTaBbPP4snWj+H31wA+SS6b9bqVikaZYq3ZRO3Nt8eScphpoU4sw3BgUGE+lNgjFCx+Y6zasRon/KU+YKHtKYKMg/8Ams551oaCBPP0tXGWAeoiDAHq/PUWaaK4jyu+a2BAP/fQ2OovXsM6t+0pRpdtxCBV1kgKtgJnbV1xEFpFRvpBMQv+BQb8M4eVUJ1DgyOT4Ew3Zl1XYNvCT/YMoYOElOmRio1aD9+dh7CZCfWlYMw== postgres@chopin (20101213)
command="/usr/local/bin/debbackup-ssh-wrap lw07 --read-allow=/srv/backups/pg/sallinen",restrict,from="185.17.185.187,2001:1af8:4020:b030:deb::187" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLZIqnyKrsfoT1sQdbuUsOoqW1t71Sv8hpJj9yLzrSFq/YCnho9G2Q/LJm4sMB4W64uQMUX6oLsqsgIBbOZw71CBRou41zwS/D+7+sjiPy1aVXp+L+fAXqLdemCUYqXAm0bGTLboGmlDSG3/r3v3B2+vqwAoHaC/GwuoNgvHq+sfxZPo/9cDRlTyE0ktyxwdUN+czxyLtDPqz3CucOHX03p8F3lNEwFUCGIVAkP4zxZsiEjD+eCbWam0bVFoWnfXYcmf2GYKEy2PQp0ksXmbsnRIblW5zoKdEXeDjwSStFHtjqkJw2TdPLUGSXljCgy9OCXYVMUrFnXw2Ak88KYpV postgres@lw07 (20140713)
-command="/usr/local/bin/debbackup-ssh-wrap moszumanska",restrict,from="5.153.231.21,2001:41c8:1000:21::21:21" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD7mdgD1lNyehdDE/yBlbMUVWwNWz7Lr77sIaK61ct3UjFaYGwJZ2nMph3yylcJF1svuQUZ1qNOgZxTx2reOGMbNx1dO2q9O42z6GMoAp1QAKF43EEFJWGgQb9LCvjRZRQnK65KdP1Lv5igc+c9tFbF0y/u1sf1uMuGtBYN4r5mFbn8t1toMAxiUQJzljbRxDrLWZbEH+jwtJBxjZfpWLX9zB2dSMgIawVrTalN9r6fkWvkxC9POtqmZXGyFhljbi8vOsdFXKCs0kI3QLUyRSKvSSCN2+WstMg5hPAo6q0AplrJwilTQiyntSutd1o9KF7qQh5dSCi2yxR5d6R7jbw/ postgres@moszumanska (20150321)
+# command="/usr/local/bin/debbackup-ssh-wrap moszumanska",restrict,from="5.153.231.21,2001:41c8:1000:21::21:21" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD7mdgD1lNyehdDE/yBlbMUVWwNWz7Lr77sIaK61ct3UjFaYGwJZ2nMph3yylcJF1svuQUZ1qNOgZxTx2reOGMbNx1dO2q9O42z6GMoAp1QAKF43EEFJWGgQb9LCvjRZRQnK65KdP1Lv5igc+c9tFbF0y/u1sf1uMuGtBYN4r5mFbn8t1toMAxiUQJzljbRxDrLWZbEH+jwtJBxjZfpWLX9zB2dSMgIawVrTalN9r6fkWvkxC9POtqmZXGyFhljbi8vOsdFXKCs0kI3QLUyRSKvSSCN2+WstMg5hPAo6q0AplrJwilTQiyntSutd1o9KF7qQh5dSCi2yxR5d6R7jbw/ postgres@moszumanska (20150321)
command="/usr/local/bin/debbackup-ssh-wrap seger",restrict,from="82.195.75.93,2001:41b8:202:deb::311:93" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuLyOZP0eJvTEVXoI0K5xJw2OLZkaJ3yl7Gko/YfhhBebxEB9R0xu97zkiKqitmWm61BZSapdIqlUeMd+t/UgjcqpffXkGz0nx99YZgY0lq3WA4MLZiRrZGnfSzjSvcdSFXDlmv20+txEuf05h26BJUAsjQaugNd0641WPWoLK3+sHc4ZXga7//M6bia8b7n3iYCeVc8UHyjWsSPq/+QyTa49+ZXYLIraGOpZbQG276ywLm4eDc8VWalw7mB0cWJTIM9NGTSVQPEP8bvY9MqzvmmnltjyQ4Mk+PQHobMzlb99HXMNGZpM8fpHZgLjcnCurHtFGYiMBt3MlDJzA9Egp postgres@seger
command="/usr/local/bin/debbackup-ssh-wrap fasolo",restrict,from="138.16.160.17" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9c7cUVy40BibIwNN0cE2PMPqnU+iSLUj6SE5+2DJiDYuCoB3blFkCkQk2IjvTCAorWwDJGumH4Zu2CVtXOzwVXcxaZQCMnkOos0pTA6IaFX8FQdYTo8O9sOp/i2EWgHCD7jjzLGqXpNX7B5+kbFzQ/KX+2FgLjVob95YGid/b70XgBAeBj9RZKb4A6BmOPh9rB7a/wg/446aQlxf4+1C0kKA3Cs36yj8lNl17k+ClPcj2j0SX3vA8LjzL5sTUOco4PNg1pkOUq3rVz58UruK/4E/1Gb8r6iVjxPQvSPvKC/wlpSUNqVRJXMgxrAE+D8AXiEoMXm61eM4gcm1Mad1L postgres@fasolo (20161022)
command="/usr/local/bin/debbackup-ssh-wrap sallinen",restrict,from="193.62.202.26,2001:630:206:4000:1a1a:0:c13e:ca1a" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+kslXxLI6dGRSJoHKnKpWMcTdvlMM4KbrPPDzhijemmxo2lpMRSuvzc98UE2zy4fDSWFbid1drf8XC/BwwNRLnJGFcMjJ42JcDBz9zALQfgmhFzgxFRJFsHgXxq/GJNqvq9i2Mk1dV8wpQgJNToYU5XHJjkLCT2ucV9jUZ1ZRFaLxrnM7uMXPH8HJ1vqTRHMrq/YghUMJHDBLK8ukChs2uEOYJxODJkYdbSFUC//KVScFnDC0WhhDtjCuIn4USY3KNJ9GrxhNSFc/O0XWKFAc2ntzk0d7WDH6O+9izkesXugq/ICFmDIGu4OXCnQYWdQQVsaAlFkD5lgbcw+7wG77 postgres@sallinen (2018-01-04)
end
end
-callers << { 'node' => 'moszumanska.debian.org', 'addr' => allnodeinfo['moszumanska.debian.org']['ipHostNumber'], 'key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXHFIkIhOC5iDa0d0IN5w6tUUL2T2iXCYcS2+dandE9f550OpKQ/evUZhw4EERNYDA3G7GV3jJzQR0j/KZWJUtDCichmqS94xJqXURmZVNeLXWY9x/N7CB1iG1Iblu6sgyTUrs7N6Wb0fUab3AXAi9KIXdwNLY622reR9T//bRULPVIl5VFpYtGBPT9n3wR7fLQ4ndEcUmEGcM4jRbpLmye4QGgJotuzeBWUpX+U648Yly6U7NlAJIWPUt7hEzMz2AC81SLhGCwTk6sb19n2dO6WN2ndynp8PLG1emtgd1/DaeaRyPcitoWgSoDNgKNk3zLIDtCdSYvFI8xXrm6cK3 staticsync@wagner'}
+# callers << { 'node' => 'moszumanska.debian.org', 'addr' => allnodeinfo['moszumanska.debian.org']['ipHostNumber'], 'key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXHFIkIhOC5iDa0d0IN5w6tUUL2T2iXCYcS2+dandE9f550OpKQ/evUZhw4EERNYDA3G7GV3jJzQR0j/KZWJUtDCichmqS94xJqXURmZVNeLXWY9x/N7CB1iG1Iblu6sgyTUrs7N6Wb0fUab3AXAi9KIXdwNLY622reR9T//bRULPVIl5VFpYtGBPT9n3wR7fLQ4ndEcUmEGcM4jRbpLmye4QGgJotuzeBWUpX+U648Yly6U7NlAJIWPUt7hEzMz2AC81SLhGCwTk6sb19n2dO6WN2ndynp8PLG1emtgd1/DaeaRyPcitoWgSoDNgKNk3zLIDtCdSYvFI8xXrm6cK3 staticsync@wagner'}
lines = []
for m in callers do
projects / mirror / dsa-puppet.git / commitdiff