Stephen Gran [Sun, 21 Feb 2010 03:19:04 +0000 (03:19 +0000)]
first stab at making puppet figure out info for nagios and munin master
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 21 Feb 2010 02:59:21 +0000 (02:59 +0000)]
add munin and nagios master declarations
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 21 Feb 2010 02:53:55 +0000 (02:53 +0000)]
skip munin on fano, as it keeps dying and holding up the show
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 21 Feb 2010 01:00:30 +0000 (01:00 +0000)]
Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet
Peter Palfrader [Sun, 21 Feb 2010 01:01:17 +0000 (02:01 +0100)]
quick, before anybody notices
Stephen Gran [Sun, 21 Feb 2010 01:00:22 +0000 (01:00 +0000)]
fix typo
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Sun, 21 Feb 2010 00:59:59 +0000 (01:59 +0100)]
Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
cleanup a bit
Peter Palfrader [Sun, 21 Feb 2010 00:59:53 +0000 (01:59 +0100)]
weasel addresses
Stephen Gran [Sun, 21 Feb 2010 00:57:40 +0000 (00:57 +0000)]
cleanup a bit
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Sun, 21 Feb 2010 00:55:04 +0000 (01:55 +0100)]
Extra sources.list entry on alkman
Stephen Gran [Sun, 21 Feb 2010 00:44:23 +0000 (00:44 +0000)]
correct munin/nagios ip addresses
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 21 Feb 2010 00:42:28 +0000 (00:42 +0000)]
how about I add the right ip for weasel?
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 21 Feb 2010 00:39:33 +0000 (00:39 +0000)]
make v6 logging work; add weasel ip; fix brain damage
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 21 Feb 2010 00:14:01 +0000 (00:14 +0000)]
shuffle
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 21 Feb 2010 00:11:45 +0000 (00:11 +0000)]
and name it
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 21 Feb 2010 00:10:46 +0000 (00:10 +0000)]
add log/drop rule
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 21 Feb 2010 00:03:54 +0000 (00:03 +0000)]
shorten up the typing
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 23:14:33 +0000 (23:14 +0000)]
obligatory headers
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 23:07:21 +0000 (23:07 +0000)]
scoping fix
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 22:49:04 +0000 (22:49 +0000)]
Revert "try without a source for the directory"
This reverts commit
a1a623c8c95076d6d2c13c0d8ed81860eae626ee.
Stephen Gran [Sat, 20 Feb 2010 22:39:05 +0000 (22:39 +0000)]
try without a source for the directory
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 22:38:08 +0000 (22:38 +0000)]
this should virtually work
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 22:17:32 +0000 (22:17 +0000)]
dammit. ferm is smarter than me
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 22:13:33 +0000 (22:13 +0000)]
and actually quote correctly
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 22:11:43 +0000 (22:11 +0000)]
add v4 and v6 any rules
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 21:45:36 +0000 (21:45 +0000)]
a few more rules
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 21:35:37 +0000 (21:35 +0000)]
reshuffle things around
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 21:32:33 +0000 (21:32 +0000)]
override the command run as well
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 21:26:52 +0000 (21:26 +0000)]
put my home subnets in, instead of single ips
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 21:25:07 +0000 (21:25 +0000)]
permissions fixup
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 21:21:55 +0000 (21:21 +0000)]
first stab at making the rules appear without doing anything
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 21:09:16 +0000 (21:09 +0000)]
actually inherit from ferm in subclass
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 21:08:36 +0000 (21:08 +0000)]
what can possibly go wrong, take 2
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 21:07:54 +0000 (21:07 +0000)]
what can possibly go wrong
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 20:48:57 +0000 (20:48 +0000)]
and remove random extra keyword
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 20:48:14 +0000 (20:48 +0000)]
apparently this is a known bug only for icmp - make target match all protocols but only after icmp accept
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 20:44:18 +0000 (20:44 +0000)]
a few more rules
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 20:38:36 +0000 (20:38 +0000)]
move INVALID handler after ICMP handler due to ip6tables bug
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 20:27:04 +0000 (20:27 +0000)]
add v6, possibly not brokenly this time
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 20:21:55 +0000 (20:21 +0000)]
might work better
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 20:20:29 +0000 (20:20 +0000)]
how bad can this go
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 20:05:27 +0000 (20:05 +0000)]
fail open
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 20:00:43 +0000 (20:00 +0000)]
try it with several ips
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:58:55 +0000 (19:58 +0000)]
reload ferm on rule change
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:57:49 +0000 (19:57 +0000)]
maybe this is not wrong, take 7
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:54:03 +0000 (19:54 +0000)]
maybe this is not wrong, take 6
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:53:21 +0000 (19:53 +0000)]
maybe this is not wrong, take 5
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:52:03 +0000 (19:52 +0000)]
maybe this is not wrong, take 4
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:49:29 +0000 (19:49 +0000)]
maybe this is not wrong, take 3
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:48:55 +0000 (19:48 +0000)]
maybe this is not wrong, take 2
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:48:18 +0000 (19:48 +0000)]
maybe this is not wrong
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:42:44 +0000 (19:42 +0000)]
fix syntax for ferm now ...
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:40:28 +0000 (19:40 +0000)]
try not to screw up template syntax
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:39:05 +0000 (19:39 +0000)]
get variable right
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 19:38:11 +0000 (19:38 +0000)]
first try at local conf
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 16:23:52 +0000 (16:23 +0000)]
an include that works
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 16:21:48 +0000 (16:21 +0000)]
actually ship ferm.conf
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 16:19:02 +0000 (16:19 +0000)]
oops
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 16:18:19 +0000 (16:18 +0000)]
let's see if this works
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 14:14:53 +0000 (14:14 +0000)]
add ferm to logtest
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 14:08:50 +0000 (14:08 +0000)]
bare start of ferm rules
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 12:49:37 +0000 (12:49 +0000)]
it's $php5, not $php
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 12:45:57 +0000 (12:45 +0000)]
why do you try to hurt me, oh puppet?
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 12:43:01 +0000 (12:43 +0000)]
actually make case statement useful
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 12:41:27 +0000 (12:41 +0000)]
oh, yes, define suhosin package
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Feb 2010 12:39:14 +0000 (12:39 +0000)]
try managing suhosin with puppet
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Fri, 19 Feb 2010 11:14:38 +0000 (12:14 +0100)]
Ignore local libdns-ruby1.8 on draghi
Peter Palfrader [Wed, 17 Feb 2010 11:33:42 +0000 (12:33 +0100)]
Remove 192/27.211.177.194.in-addr.arpa
Peter Palfrader [Wed, 17 Feb 2010 11:25:38 +0000 (12:25 +0100)]
Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
Try making monit on squeeze work
Peter Palfrader [Wed, 17 Feb 2010 11:25:28 +0000 (12:25 +0100)]
Also do secondary for 192-27.211.177.194.in-addr.arpa
We are transitioning from 192/27.211.177.194.in-addr.arpa
to 192-27.211.177.194.in-addr.arpa.
Peter Palfrader [Tue, 16 Feb 2010 02:09:39 +0000 (03:09 +0100)]
Try making monit on squeeze work
Peter Palfrader [Sun, 14 Feb 2010 20:59:45 +0000 (21:59 +0100)]
Ignore local packages libnet-dns-perl, libnet-dns-sec-perl, libnet-dns-zone-parser-perl on draghi
Peter Palfrader [Sun, 14 Feb 2010 19:25:22 +0000 (20:25 +0100)]
Enable DNSsec on our secondaries
Peter Palfrader [Sun, 14 Feb 2010 19:24:55 +0000 (20:24 +0100)]
Revert "Enable DNSsec on our secondaries"
This reverts commit
95667ea99af27b67bce5097c39d135a3155a1a9f.
Peter Palfrader [Sun, 14 Feb 2010 19:19:43 +0000 (20:19 +0100)]
Enable DNSsec on our secondaries
Peter Palfrader [Sun, 14 Feb 2010 16:39:20 +0000 (17:39 +0100)]
rietz will not be secondary nameserver much longer, but orff is
Peter Palfrader [Sat, 13 Feb 2010 17:29:34 +0000 (18:29 +0100)]
Steal sudoers passprompt from aba's setup
Peter Palfrader [Fri, 12 Feb 2010 10:53:57 +0000 (11:53 +0100)]
Update key stuff for beethoven/bartok
Peter Palfrader [Thu, 11 Feb 2010 21:54:52 +0000 (22:54 +0100)]
nagios can run arcconf on beethoven
Peter Palfrader [Thu, 11 Feb 2010 12:36:50 +0000 (13:36 +0100)]
spohr no longer is nagios
Martin Zobel-Helas [Mon, 8 Feb 2010 21:52:04 +0000 (22:52 +0100)]
ball also wants to play with mailout.d.o
Peter Palfrader [Sun, 7 Feb 2010 19:16:03 +0000 (20:16 +0100)]
Ignore deletes of lvm stuff on buildds
Stephen Gran [Sun, 7 Feb 2010 06:11:38 +0000 (06:11 +0000)]
powell has newer e2fstools for ext4
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 7 Feb 2010 05:53:42 +0000 (05:53 +0000)]
new nagios gets same samhainrc as old
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 6 Feb 2010 14:04:15 +0000 (14:04 +0000)]
more tchaikovsky
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 6 Feb 2010 13:37:39 +0000 (13:37 +0000)]
add new nagios server to bind acls
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 6 Feb 2010 13:13:02 +0000 (13:13 +0000)]
add new nagios server
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 6 Feb 2010 12:04:40 +0000 (12:04 +0000)]
add new nagios server
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Fri, 5 Feb 2010 19:26:48 +0000 (19:26 +0000)]
yet another suhosin path
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Fri, 5 Feb 2010 08:57:19 +0000 (08:57 +0000)]
add ZIVITHOSTS for sudo
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Fri, 5 Feb 2010 00:27:21 +0000 (00:27 +0000)]
add suhosin check; fix whitespace
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Fri, 5 Feb 2010 00:17:03 +0000 (00:17 +0000)]
Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet
Stephen Gran [Fri, 5 Feb 2010 00:15:35 +0000 (00:15 +0000)]
add php5 fact
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Wed, 3 Feb 2010 22:46:08 +0000 (23:46 +0100)]
mundy buildd
Peter Palfrader [Wed, 3 Feb 2010 16:52:15 +0000 (17:52 +0100)]
Add caballero to buildd
Peter Palfrader [Wed, 3 Feb 2010 10:44:48 +0000 (11:44 +0100)]
Ignore /etc/lvm on all buildds
Peter Palfrader [Tue, 2 Feb 2010 20:47:58 +0000 (21:47 +0100)]
Add beethoven
Peter Palfrader [Sun, 31 Jan 2010 21:40:33 +0000 (22:40 +0100)]
Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
add aacraid fact
add alkman.debian.org
add purcell to mailout
Peter Palfrader [Sun, 31 Jan 2010 21:40:26 +0000 (22:40 +0100)]
Ignore lvm changes on alkman
Stephen Gran [Sun, 31 Jan 2010 17:04:23 +0000 (17:04 +0000)]
add aacraid fact
Signed-off-by: Stephen Gran <steve@lobefin.net>