[ntp.conf,name.conf.local,...] On inhibe ntp sur les domU et on l'install sur les dom0, on sert la zone dns crans pour le vlan accueil.

Ignore-this: d7747fad95b2c749df6eefc3cf66d2bc darcs-hash:20121111172314-3a55a-7cbac4fd65fc9743ded93e2645c9db08814d5025.gz
2012-11-11 18:23:14 +01:00 · 2012-11-11 18:23:14 +01:00 · 7b654ac8dc
commit 7b654ac8dc
parent 8b84936241
7 changed files with 31 additions and 120 deletions
--- a/Cfg/etc/bind/named.conf.local/named.conf.local
+++ b/Cfg/etc/bind/named.conf.local/named.conf.local
@ -8,14 +8,14 @@ include "/etc/bind/zones.rfc1918";
 include "/etc/bind/generated/zones_crans"; 
 // anti SPAM
-// Rajout pour générer le forward vers ariane pour la zone rbl-plus.mail-abuse.org --Nico 21/04/02
+// Rajout pour generer le forward vers ariane pour la zone rbl-plus.mail-abuse.org --Nico 21/04/02
 zone "rbl-plus.mail-abuse.org" {
    type forward;
    forward only;
    forwarders { 138.231.176.4 ; };
 };
-// la télé
+// la tele
 zone "tv.crans.org" {
    type slave;
    file "/etc/bind/generated/db.tv.crans.org";
--- a/Cfg/etc/bind/named.conf.local/named.conf.local.G99_vlan-radin
+++ b/Cfg/etc/bind/named.conf.local/named.conf.local.G99_vlan-radin
@ -6,7 +6,10 @@
 view "accueilview" {
    match-clients { "accueil"; };
-    // Zones RFC 1918
+   // zones crans
    include "/etc/bind/generated/zones_crans";
   // Zones RFC 1918
    include "/etc/bind/zones.rfc1918";
    recursion no;
@ -29,14 +32,14 @@ view "others" {
 	recursion yes;
    // anti SPAM
-    // Rajout pour générer le forward vers ariane pour la zone rbl-plus.mail-abuse.org --Nico 21/04/02
+    // Rajout pour generer le forward vers ariane pour la zone rbl-plus.mail-abuse.org --Nico 21/04/02
    zone "rbl-plus.mail-abuse.org" {
        type forward;
        forward only;
        forwarders { 138.231.176.4; };
    };
-    // la télé
+    // la tele
    zone "tv.crans.org" {
        type slave;
        file "/etc/bind/generated/db.tv.crans.org";
--- a/Cfg/etc/ntp.conf/info.xml
+++ b/Cfg/etc/ntp.conf/info.xml
@ -1,3 +0,0 @@
 <FileInfo>
    <Info owner='root' group='root' perms='0644'/>
 </FileInfo>
--- a/Cfg/etc/ntp.conf/ntp.conf.G50_secondary-ntp-server
+++ b/Cfg/etc/ntp.conf/ntp.conf.G50_secondary-ntp-server
@ -1,55 +0,0 @@
 # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
 driftfile /var/lib/ntp/ntp.drift
 # Enable this if you want statistics to be logged.
 #statsdir /var/log/ntpstats/
 statistics loopstats peerstats clockstats
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 # You do need to talk to an NTP server or two (or three).
 server ntp.crans.org
 # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
 # pick a different set every time it starts up.  Please consider joining the
 # pool: <http://www.pool.ntp.org/join.html>
 #server 0.debian.pool.ntp.org iburst
 #server 1.debian.pool.ntp.org iburst
 #server 2.debian.pool.ntp.org iburst
 #server 3.debian.pool.ntp.org iburst
 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
 # details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
 # might also be helpful.
 #
 # Note that "restrict" applies to both servers and clients, so a configuration
 # that might be intended to block requests from certain clients could also end
 # up blocking replies from your own upstream servers.
 # By default, exchange time with everybody, but don't allow configuration.
 restrict -4 default kod notrap nomodify nopeer noquery
 restrict -6 default kod notrap nomodify nopeer noquery
 # Local users may interrogate the ntp server more closely.
 restrict 127.0.0.1
 restrict ::1
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.
 #restrict 192.168.123.0 mask 255.255.255.0 notrust
 # If you want to provide time to your local subnet, change the next line.
 # (Again, the address is an example only.)
 #broadcast 192.168.123.255
 # If you want to listen to time broadcasts on your local subnet, de-comment the
 # next lines.  Please do this only if you trust everybody on the network!
 #disable auth
 #broadcastclient
--- a/Cfg/etc/ntp.conf/ntp.conf.G99_ntp-server
+++ b/Cfg/etc/ntp.conf/ntp.conf.G99_ntp-server
@ -1,55 +0,0 @@
 # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
 driftfile /var/lib/ntp/ntp.drift
 # Enable this if you want statistics to be logged.
 #statsdir /var/log/ntpstats/
 statistics loopstats peerstats clockstats
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 # You do need to talk to an NTP server or two (or three).
 #server ntp.crans.org
 # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
 # pick a different set every time it starts up.  Please consider joining the
 # pool: <http://www.pool.ntp.org/join.html>
 server 0.debian.pool.ntp.org iburst
 server 1.debian.pool.ntp.org iburst
 server 2.debian.pool.ntp.org iburst
 server 3.debian.pool.ntp.org iburst
 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
 # details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
 # might also be helpful.
 #
 # Note that "restrict" applies to both servers and clients, so a configuration
 # that might be intended to block requests from certain clients could also end
 # up blocking replies from your own upstream servers.
 # By default, exchange time with everybody, but don't allow configuration.
 restrict -4 default kod notrap nomodify nopeer noquery
 restrict -6 default kod notrap nomodify nopeer noquery
 # Local users may interrogate the ntp server more closely.
 restrict 127.0.0.1
 restrict ::1
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.
 #restrict 192.168.123.0 mask 255.255.255.0 notrust
 # If you want to provide time to your local subnet, change the next line.
 # (Again, the address is an example only.)
 #broadcast 192.168.123.255
 # If you want to listen to time broadcasts on your local subnet, de-comment the
 # next lines.  Please do this only if you trust everybody on the network!
 #disable auth
 #broadcastclient
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@ -127,6 +127,7 @@
    <Group name="db-main"/>
 <!-- <Group name="ups-server"/> -->
    <Group name="adm-only"/>
    <Group name="domu"/>
  </Group>
  <Group name="pegase"
@ -399,9 +400,12 @@
        profile="true">
    <Group name="crans-squeeze"/>
    <Group name="domu"/>
    <Group name="vlan-radin"/>
    <Group name="vlan-accueil" />
    <Group name="vlan-isolement"/>
    <Group name="vlan-ens"/>
    <Group name="dns-secondary"/>
    <Group name="dnssec-validation"/>
  </Group>
  <!-- profile de test -->
@ -500,6 +504,7 @@
    <Group name="rsyslog-client"/>
    <Group name="squeeze"/>
    <Group name="ntp"/>
    <Group name="mail"/>
    <Group name="apt"/>
    <Group name="secrets"/>
--- a/Cfg/etc/ntp.conf/ntp.conf
+++ b/Cfg/etc/ntp.conf/ntp.conf
@ -1,3 +1,14 @@
 # -*- mode: python; encoding: utf-8 -*-
 info["owner"] = "root"
 info["group"] = "root"
 info["perms"] = 0644
 comment_start = "#"
 header("Conf de ntpd")
 print """
 # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
 driftfile /var/lib/ntp/ntp.drift
@ -11,10 +22,13 @@ filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
-
+"""
-# You do need to talk to an NTP server or two (or three).
+if not has("domu"):
 	print """# You do need to talk to an NTP server or two (or three).
 server ntp.adm.crans.org
 """
 print """
 # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
 # pick a different set every time it starts up.  Please consider joining the
 # pool: <http://www.pool.ntp.org/join.html>
@ -53,3 +67,5 @@ restrict ::1
 # next lines.  Please do this only if you trust everybody on the network!
 #disable auth
 #broadcastclient
 """