From: Martin Zobel-Helas <zobel@debian.org>
Date: Tue, 7 Feb 2012 21:10:22 +0000 (+0100)
Subject: Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa... 
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=7c9af8bba4c3bef111049a5f27bdaa190ee73ac6;hp=408da68167dc0c0f22b83a774af828abca9964c2;p=mirror%2Fdsa-puppet.git

Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  Revert "try two on this"
  try two on this
  Revert "let's test how broken this is"
  Revert "oops"
  oops
  let's test how broken this is
  Or schroot -l
  install fake-hwclock on broken-rtc machines
  no rtc for lucatelli
  samhain ignore /etc/fake-hwclock.data
  resolve ntpservers from names on puppet servers for ntpdate (used on hosts with broken rtc)
  move etc/default/ntpdate to a template
  ancina has a broken RTC
  reboot-lock
---

diff --git a/modules/debian-org/files/molly-guard-acquire-reboot-lock b/modules/debian-org/files/molly-guard-acquire-reboot-lock
new file mode 100755
index 000000000..dd41a4c19
--- /dev/null
+++ b/modules/debian-org/files/molly-guard-acquire-reboot-lock
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Copyright 2012 Peter Palfrader
+
+l=/var/run/reboot-lock
+exec 3> $l
+
+if ! flock --exclusive -w 0  3; then
+	echo 2>&1 "Cannot acquire reboot lock."
+	exit 1
+fi
+echo "Reboot lock acquired."
+
+ppid="$PPID"
+(
+	while kill -0 "$ppid" 2>/dev/null; do
+		sleep 1
+	done
+) &
+disown
+exit 0
diff --git a/modules/debian-org/files/rc.local b/modules/debian-org/files/rc.local
index 4342f8910..d947009b3 100755
--- a/modules/debian-org/files/rc.local
+++ b/modules/debian-org/files/rc.local
@@ -10,3 +10,5 @@ if [ -e /proc/sys/kernel/modules_disabled ]; then
 	  echo 1 > /proc/sys/kernel/modules_disabled || true
 	) & disown
 fi
+
+touch /var/run/reboot-lock
diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp
index 029b34b22..7d4bf5c38 100644
--- a/modules/debian-org/manifests/init.pp
+++ b/modules/debian-org/manifests/init.pp
@@ -50,12 +50,20 @@ class debian-org {
         "less": ensure => installed;
         "lsb-release": ensure => installed;
         "libfilesystem-ruby1.8": ensure => installed;
+        "molly-guard": ensure => installed;
         "mtr-tiny": ensure => installed;
         "nload": ensure => installed;
         "pciutils": ensure => installed;
         "rsyslog": ensure => purged;
         "sysklogd": ensure => purged;
     }
+    case getfromhash($nodeinfo, 'broken-rtc') {
+        true: {
+            package {
+                fake-hwclock: ensure => installed;
+            }
+        }
+    }
     case $debarchitecture {
         "armhf": {}
         default: {
@@ -113,6 +121,11 @@ class debian-org {
             source => "puppet:///modules/debian-org/rc.local",
             notify => Exec["rc.local start"],
             ;
+        "/etc/molly-guard/run.d/15-acquire-reboot-lock":
+            mode   => 0755,
+            source => "puppet:///modules/debian-org/molly-guard-acquire-reboot-lock",
+            require => Package["molly-guard"],
+            ;
 
         "/etc/dsa":
             mode   => 0755,
diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml
index 9db7419ed..098f0fd05 100644
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -214,10 +214,12 @@ host_settings:
     - abel.debian.org
     - alain.debian.org
     - alwyn.debian.org
+    - ancina.debian.org
     - antheil.debian.org
     - arne.debian.org
     - arnold.debian.org
     - ball.debian.org
+    - lucatelli.debian.org
     - rem.debian.org
     - sompek.debian.org
   buildd:
diff --git a/modules/motd/templates/motd.erb b/modules/motd/templates/motd.erb
index 840832523..777ce8fcb 100644
--- a/modules/motd/templates/motd.erb
+++ b/modules/motd/templates/motd.erb
@@ -41,7 +41,7 @@ if (nodeinfo['ldap'].has_key?('purpose'))
     end
     purp += " porterbox\n"
     purp += "\n"
-    purp += "See 'dchroot -l' for a list of available chroots.\n"
+    purp += "See 'dchroot -l' or 'schroot -l' for a list of available chroots.\n"
     if nodeinfo['ldap'].has_key?('admin')
       purp += "Please contact #{nodeinfo['ldap']['admin'][0]} for install requests,\n"
       purp += "following the recommendations in <URL:http://dsa.debian.org/doc/install-req/>.\n"
diff --git a/modules/ntpdate/files/etc-default-ntpdate b/modules/ntpdate/files/etc-default-ntpdate
deleted file mode 100644
index 4607f647e..000000000
--- a/modules/ntpdate/files/etc-default-ntpdate
+++ /dev/null
@@ -1,21 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-##
-
-# The settings in this file are used by the program ntpdate-debian, but not
-# by the upstream program ntpdate.
-
-# Set to "yes" to take the server list from /etc/ntp.conf, from package ntp,
-# so you only have to keep it in one place.
-NTPDATE_USE_NTP_CONF=no
-
-# List of NTP servers to use  (Separate multiple servers with spaces.)
-# Not used if NTPDATE_USE_NTP_CONF is yes.
-# merikanto	86.59.118.147
-# orff		194.177.211.209
-# ravel		206.12.19.5
-# busoni	140.211.15.34
-NTPSERVERS="86.59.118.147 194.177.211.209 206.12.19.5 140.211.15.34"
-
-# Additional options to pass to ntpdate
-NTPOPTIONS=""
diff --git a/modules/ntpdate/manifests/init.pp b/modules/ntpdate/manifests/init.pp
index 006daa5f8..37de5af58 100644
--- a/modules/ntpdate/manifests/init.pp
+++ b/modules/ntpdate/manifests/init.pp
@@ -10,7 +10,7 @@ class ntpdate {
                     owner   => root,
                     group   => root,
                     mode    => 444,
-                    source  => [ "puppet:///modules/ntpdate/etc-default-ntpdate" ],
+                    content => template("ntpdate/etc-default-ntpdate.erb"),
                     ;
             }
         }
diff --git a/modules/ntpdate/templates/etc-default-ntpdate.erb b/modules/ntpdate/templates/etc-default-ntpdate.erb
new file mode 100644
index 000000000..a75d9488a
--- /dev/null
+++ b/modules/ntpdate/templates/etc-default-ntpdate.erb
@@ -0,0 +1,36 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+##
+
+# The settings in this file are used by the program ntpdate-debian, but not
+# by the upstream program ntpdate.
+
+# Set to "yes" to take the server list from /etc/ntp.conf, from package ntp,
+# so you only have to keep it in one place.
+NTPDATE_USE_NTP_CONF=no
+
+# List of NTP servers to use  (Separate multiple servers with spaces.)
+# Not used if NTPDATE_USE_NTP_CONF is yes.
+NTPSERVERS=""
+<%=
+	out = []
+	if fqdn == "ancina.debian.org"
+		ntpservers = %w{ntp.ugent.be}
+	else
+		ntpservers = %w{merikanto.debian.org orff.debian.org ravel.debian.org busoni.debian.org}
+	end
+
+	require 'resolv'
+	ntpservers.each do |n|
+		begin
+			ip = Resolv.getaddress(n)
+			out << "NTPSERVERS=\"$NTPSERVERS #{ip}\" # #{n}"
+		rescue Resolv::ResolvError => e
+			out << "# Failed to resolve #{n}"
+		end
+	end
+	out.join("\n")
+%>
+
+# Additional options to pass to ntpdate
+NTPOPTIONS=""
diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index 440807788..4e10fdab6 100644
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -91,6 +91,7 @@ file=/etc/network/run/ifstate
 file=/var/state/samhain/samhain_file
 file=/etc/bind/zones/db.debian.net
 file=/etc/exim4/bsmtp
+file=/etc/fake-hwclock.data
 <% if classes.include?("named::geodns") -%>
 file=/etc/bind
 file=/etc/bind/named.conf.acl