From: Stephen Gran Date: Wed, 27 Jul 2011 18:53:08 +0000 (+0100) Subject: Merge branch 'master' of ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=bd99267c6cb1f4802806809562a9b1cfb31b882a;hp=174cdccc1b9449585317f8c89e38d627640212f4;p=mirror%2Fdsa-puppet.git Merge branch 'master' of ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet --- diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml index e7bcec6c5..cdeebd267 100644 --- a/modules/debian-org/misc/local.yaml +++ b/modules/debian-org/misc/local.yaml @@ -36,6 +36,7 @@ nameinfo: gabrielli.debian.org: Domenico Gabrielli (April 15th, 1651 - July 10th, 1690) glinka.debian.org: Mikhail Ivanovich Glinka (1804 - 1857) gluck.debian.org: Christoph Willibald Ritter von Gluck (July 2nd, 1714 - November 15th, 1787) + dukas.debian.org: Paul Dukas (1865 - 1935) goedel.debian.org: Kurt Gödel (April 28th, 1906 - January 14th, 1978) goetz.debian.org: Hermann Gustav Goetz (December 7th, 1840 - December 3rd, 1876) grieg.debian.org: Edvard Hagerup Grieg (June 15th, 1843 - September 4th, 1907) @@ -108,6 +109,7 @@ nameinfo: tartini.debian.org: Giuseppe Tartini (April 8th, 1692 - February 26th, 1770) tchaikovsky.debian.org: Pyotr Ilyich Tchaikovsky (Пётр Ильич Чайковский) (May 7th, 1840 - November 6th, 1893) traetta.debian.org: Tommaso Michele Francesco Saverio Traetta (March 30th, 1727 - April 6th, 1779) + tye.debian.org: Christopher Tye (c.1505 - 1573) unger.debian.org: Caroline Unger (October 28th, 1803 - March 23th, 1877) valente.debian.org: Vincenzo Valente (February 21st, 1855 - September 6th, 1921) vitry.debian.org: Philippe de Vitry (October 31st, 1291 - June 9th, 1361) @@ -246,6 +248,7 @@ host_settings: - dijkstra.debian.org - draghi.debian.org - duarte.debian.org + - dukas.debian.org - englund.debian.org - fano.debian.org - fasch.debian.org @@ -317,6 +320,7 @@ host_settings: - steffani.debian.org - tchaikovsky.debian.org - traetta.debian.org + - tye.debian.org - unger.debian.org - villa.debian.org - vitry.debian.org @@ -353,6 +357,7 @@ host_settings: diamond.debian.org: mailout.debian.org dijkstra.debian.org: mailout.debian.org duarte.debian.org: mailout.debian.org + dukas.debian.org: mailout.debian.org englund.debian.org: mailout.debian.org escher.debian.org: mailout.debian.org fano.debian.org: mailout.debian.org @@ -428,6 +433,7 @@ host_settings: steffani.debian.org: mailout.debian.org tchaikovsky.debian.org: mailout.debian.org traetta.debian.org: mailout.debian.org + tye.debian.org: mailout.debian.org unger.debian.org: mailout.debian.org villa.debian.org: mailout.debian.org vitry.debian.org: mailout.debian.org diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index aa20cbd63..a1715dc09 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -128,6 +128,13 @@ class ferm::per-host { rule => "&TCP_UDP_SERVICE(5080)" } } + scelsi: { + @ferm::rule { "dc11-icecast": + domain => "(ip ip6)", + description => "Allow icecast access", + rule => "&SERVICE(tcp, 8000)" + } + } } case $hostname { rautavaara,luchesi: { @@ -150,6 +157,7 @@ class ferm::per-host { proto udp dport (53 123) ACCEPT; proto tcp dport 8140 daddr 82.195.75.104 ACCEPT; # puppethost proto tcp dport 5140 daddr (82.195.75.98 206.12.19.121) ACCEPT; # loghost + proto tcp dport 11371 daddr 82.195.75.107 ACCEPT; # keyring host proto tcp dport (25 submission) daddr ($HOST_MAILRELAY_V4) ACCEPT ' } diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb index 78a200fd2..ddcf0d3ca 100644 --- a/modules/ferm/templates/defs.conf.erb +++ b/modules/ferm/templates/defs.conf.erb @@ -199,6 +199,11 @@ @def $USER_aurel32 = (); @def $USER_aurel32 = ($USER_aurel32 88.191.126.93); # hall.aurel32.net @def $USER_aurel32 = ($USER_aurel32 82.232.2.251); # farad.aurel32.net + +@def $BUILDD_SSH_ACCESS = (); +@def $BUILDD_SSH_ACCESS = ($BUILDD_SSH_ACCESS 194.177.211.200); # grieg +@def $BUILDD_SSH_ACCESS = ($BUILDD_SSH_ACCESS 70.103.162.29); # master +@def $BUILDD_SSH_ACCESS = ($BUILDD_SSH_ACCESS 206.12.19.5); # ravel @def $FREEBSD_SSH_ACCESS = (); -@def $FREEBSD_SSH_ACCESS = ($FREEBSD_SSH_ACCESS $DSA_IPS $USER_christoph $USER_aurel32); -@def $FREEBSD_SSH_ACCESS = ($FREEBSD_SSH_ACCESS 194.177.211.200); # grieg +@def $FREEBSD_SSH_ACCESS = ($FREEBSD_SSH_ACCESS $DSA_IPS $BUILDD_SSH_ACCESS); +@def $FREEBSD_SSH_ACCESS = ($FREEBSD_SSH_ACCESS $USER_christoph $USER_aurel32); # buildd admins diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb index 1637b3b87..d60ff069b 100644 --- a/modules/ferm/templates/me.conf.erb +++ b/modules/ferm/templates/me.conf.erb @@ -18,8 +18,7 @@ end if %w{lebrun schroeder}.include?(hostname) then out << '@def $CARNET = ( 193.198.184.8/29 161.53.160.133 161.53.160.90 161.53.11.222 161.53.12.134 161.53.12.142 161.53.12.143 );' ssh4allowed << '$CARNET' - ssh4allowed << '70.103.162.29' # master - ssh4allowed << '82.195.75.84' # nott.ayous.org, HE (builddadm) + ssh4allowed << '$BUILDD_SSH_ACCESS' end if %w{beethoven}.include?(hostname) then ssh4allowed << '$HOST_DEBIAN_V4' diff --git a/modules/portforwarder/misc/config.yaml b/modules/portforwarder/misc/config.yaml index b75ad2f39..1d723c9b7 100644 --- a/modules/portforwarder/misc/config.yaml +++ b/modules/portforwarder/misc/config.yaml @@ -38,7 +38,7 @@ quantz.debian.org: nono.debian.org: # nm->projectb mirror - source_bind_port: 5433 - target_host: merkel.debian.org + target_host: ries.debian.org target_port: 5433 stabile.debian.org: diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers index 6ab2f9b2b..7ad14b8f1 100644 --- a/modules/sudo/files/common/sudoers +++ b/modules/sudo/files/common/sudoers @@ -72,10 +72,12 @@ nagios beethoven=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backup %buildd ALL=(buildd) ALL %d-i ALL=(d-i) ALL %dde ALL=(dde) ALL +%ddtp ALL=(ddtp) ALL %debadmin ALL=(dak) ALL %debbugs ALL=(debbugs) ALL %debbugs ALL=(debbugs-mirror) ALL %debian-cd ALL=(debian-cd) ALL +%debian-i18n ALL=(debian-i18n) ALL %debian-release ALL=(release) ALL %debvoip cilea=(freeswitch) ALL %debwww ALL=(debwww) ALL