[bind/db.fake,groups.xml,monit/servises,interfaces,ntp] On met l'ip se routeur dans db.fake, on ajoute la prop vlan-wifi pour routeur et komaz, on vire les route wifi de interfaces quand on est sur le vlan-wifi, on monitor nginx et gunicorn

Ignore-this: 302ff16ce3a4e55f689adbd1ff23772e

darcs-hash:20121117003256-3a55a-8a90008470183dbb0f5e2f96e31af2f99833cccd.gz

Cfg/etc/bind/db.fake/db.fake

@@ -8,7 +8,7 @@ $TTL 10
         1 ; TTL (1s)
         )
 
-@ IN NS 10.51.0.1
+@ IN NS 10.51.0.10
 
-@ IN A 10.51.0.1
+@ IN A 10.51.0.10
-* IN A 10.51.0.1
+* IN A 10.51.0.10

Metadata/groups.xml

@@ -386,6 +386,7 @@
     <Group name="vlan-accueil" />
     <Group name="vlan-isolement"/>
     <Group name="vlan-ens"/>
+    <Group name="vlan-wifi"/>
   </Group>
 
   <Group name="log"
@@ -1242,6 +1243,7 @@
 
  <Group name="router-wifi"
    comment="Le firewall de l'association">
+   <Group name="vlan-wifi"/>
     <!-- rien à implémenter pour le moment -->
  </Group>
 

Python/etc/monit/services

@@ -209,6 +209,21 @@ for i in range(0,dernierecarte):
 @    if timestamp > 15 minutes then alert
 @
 
+if hostname in ['routeur']:
+    @# gunicorn
+    @check process gunicorn with pidfile /var/run/gunicorn/blacklist.pid
+    @    start program = "/etc/init.d/gunicorn start"
+    @    stop program = "/etc/init.d/gunicorn stop"
+    @    if 5 restarts within 5 cycles then timeout
+    @
+if hostname in ['routeur', 'komaz']:
+    @# nginx
+    @check process nginx with pidfile /var/run/nginx.pid
+    @    start program = "/etc/init.d/nginx start"
+    @    stop program = "/etc/init.d/nginx stop"
+    @    if 5 restarts within 5 cycles then timeout
+    @
+
 # on ne monitore pas les disques de canard
 if hostname in ['canard'] :
     done()

Python/etc/network/interfaces

@@ -30,8 +30,9 @@ iface %(interface)s inet static
     broadcast 138.231.143.255
     gateway 138.231.136.4
     dns-nameservers 138.231.136.98 138.231.136.9
-    dns-search crans.org
+    dns-search crans.org""" % { 'interface': interface, 'ip': pubip() }
-    post-up ip r add 138.231.144.0/21 dev %(interface)s via 138.231.136.247 src %(ip)s""" % { 'interface': interface, 'ip': pubip() }
+        if not has('vlan-wifi'):
+            print """    post-up ip r add 138.231.144.0/21 dev %(interface)s via 138.231.136.247 src %(ip)s""" % { 'interface': interface, 'ip': pubip() }
     
         for line in additionnals:
             print "   ", line

Python/etc/ntp.conf

@@ -23,7 +23,21 @@ filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 
 """
-if not has("domu"):
+if has("ntp-server"):
+        print """# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# pick a different set every time it starts up.  Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+server ntp.ovh.net iburst
+server 0.debian.pool.ntp.org iburst
+server 1.debian.pool.ntp.org iburst
+server 2.debian.pool.ntp.org iburst
+server 3.debian.pool.ntp.org iburst
+"""
+elif has("secondary-ntp-server"):
+        print """# You do need to talk to an NTP server or two (or three).
+server ntp.crans.org
+"""
+else:
 	print """# You do need to talk to an NTP server or two (or three).
 server ntp.adm.crans.org
 """
@@ -46,9 +60,12 @@ print """
 # that might be intended to block requests from certain clients could also end
 # up blocking replies from your own upstream servers.
 
-# By default, exchange time with everybody, but don't allow configuration.
+# By default, exchange time with everybody, but don't allow configuration."""
-#restrict -4 default kod notrap nomodify nopeer noquery
+if has("secondary-ntp-server"):
-#restrict -6 default kod notrap nomodify nopeer noquery
+    print """restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery"""
+
+print """
 
 # Local users may interrogate the ntp server more closely.
 restrict 127.0.0.1