pf-tools/pf-tools: reverse order in sitezone to prevent problems...
parmelan-guest at users.alioth.debian.org
parmelan-guest at users.alioth.debian.org
Mon Jan 5 17:16:37 UTC 2015
details: http://hg.debian.org/hg/pf-tools/pf-tools/rev/f992248df650
changeset: 1428:f992248df650
user: shad
date: Mon Jan 05 18:16:34 2015 +0100
description:
reverse order in sitezone to prevent problems with tcp-wrapper and PARANOID
diffstat:
debian/changelog | 1 +
lib/PFTools/Utils.pm | 7 ++-
t/20.files.t | 118 +++++++++++++++++++++++++-------------------------
3 files changed, 66 insertions(+), 60 deletions(-)
diffs (194 lines):
diff -r b077d59a9dad -r f992248df650 debian/changelog
--- a/debian/changelog Mon Jan 05 16:14:56 2015 +0100
+++ b/debian/changelog Mon Jan 05 18:16:34 2015 +0100
@@ -3,6 +3,7 @@
* update templates, default conf
* pull repository first in case of rspawn
* resolve gateway when using named @route
+ * reverse order in sitezone to prevent problems with tcp-wrapper and PARANOID
-- Stéphane Pontier <shad at sitadelle.com> Wed, 31 Dec 2014 13:10:06 +0100
diff -r b077d59a9dad -r f992248df650 lib/PFTools/Utils.pm
--- a/lib/PFTools/Utils.pm Mon Jan 05 16:14:56 2015 +0100
+++ b/lib/PFTools/Utils.pm Mon Jan 05 18:16:34 2015 +0100
@@ -1770,8 +1770,13 @@
number => $merged_zone_ref->{$server}->{'number'},
};
+ # need to put myserver%% before myserver otherwise, mkrdns only list
+ # myserver for differents ip and then tcp-wrapper blocks connections
+ # when we are trying to connect to a specific myserver%%
my @records = ();
- foreach my $field ( sort keys %{ $merged_zone_ref->{$server} } ) {
+ foreach my $field ( sort { $b cmp $a }
+ keys %{ $merged_zone_ref->{$server} } )
+ {
next if $field eq 'comment';
next if $field eq 'number';
diff -r b077d59a9dad -r f992248df650 t/20.files.t
--- a/t/20.files.t Mon Jan 05 16:14:56 2015 +0100
+++ b/t/20.files.t Mon Jan 05 18:16:34 2015 +0100
@@ -182,102 +182,102 @@
q{; vip-spawn: VIP for spawn services},
q{; number: 1},
q{;----------------------------------------------------------------------------},
+ qq{vip-spawn.vlan-systeme\tIN A\t10.1.1.254},
+ qq{vip-spawn.vlan-pfds-ext\tIN A\t192.168.1.99},
+ qq{vip-spawn\tIN CNAME\tvip-spawn.vlan-systeme},
+ qq{vip-deploy\tIN CNAME\tvip-spawn.vlan-systeme},
+ qq{nsprivate\tIN CNAME\tvip-spawn.vlan-systeme},
+ qq{nscache\tIN CNAME\tvip-spawn.vlan-systeme},
+ qq{mirrors\tIN CNAME\tvip-spawn.vlan-systeme},
+ qq{mf\tIN CNAME\tvip-spawn.vlan-systeme},
qq{cvs\tIN CNAME\tvip-spawn.vlan-systeme},
- qq{mf\tIN CNAME\tvip-spawn.vlan-systeme},
- qq{mirrors\tIN CNAME\tvip-spawn.vlan-systeme},
- qq{nscache\tIN CNAME\tvip-spawn.vlan-systeme},
- qq{nsprivate\tIN CNAME\tvip-spawn.vlan-systeme},
- qq{vip-deploy\tIN CNAME\tvip-spawn.vlan-systeme},
- qq{vip-spawn\tIN CNAME\tvip-spawn.vlan-systeme},
- qq{vip-spawn.vlan-pfds-ext\tIN A\t192.168.1.99},
- qq{vip-spawn.vlan-systeme\tIN A\t10.1.1.254},
q{},
q{; cbv4-pfds-filer: NAS for CBV4-PFDS site},
q{; number: 2},
q{;----------------------------------------------------------------------------},
- qq{cbv4-pfds-filer\tIN CNAME\tcbv4-pfds-filer.vlan-systeme},
+ qq{cbv4-pfds-filer01.vlan-systeme\tIN A\t10.1.2.1},
+ qq{cbv4-pfds-filer01\tIN CNAME\tcbv4-pfds-filer01.vlan-systeme},
+ qq{cbv4-pfds-filer00.vlan-systeme\tIN A\t10.1.2.0},
+ qq{cbv4-pfds-filer00\tIN CNAME\tcbv4-pfds-filer00.vlan-systeme},
qq{cbv4-pfds-filer.vlan-systeme\tIN A\t10.1.2.0},
qq{cbv4-pfds-filer.vlan-systeme\tIN A\t10.1.2.1},
- qq{cbv4-pfds-filer00\tIN CNAME\tcbv4-pfds-filer00.vlan-systeme},
- qq{cbv4-pfds-filer00.vlan-systeme\tIN A\t10.1.2.0},
- qq{cbv4-pfds-filer01\tIN CNAME\tcbv4-pfds-filer01.vlan-systeme},
- qq{cbv4-pfds-filer01.vlan-systeme\tIN A\t10.1.2.1},
+ qq{cbv4-pfds-filer\tIN CNAME\tcbv4-pfds-filer.vlan-systeme},
q{},
q{; filer-all: filer with ip common on all site},
q{; number: 2},
q{;----------------------------------------------------------------------------},
- qq{filer-all\tIN CNAME\tfiler-all.vlan-systeme},
+ qq{filer-all01.vlan-systeme\tIN A\t10.1.2.11},
+ qq{filer-all01\tIN CNAME\tfiler-all01.vlan-systeme},
+ qq{filer-all00.vlan-systeme\tIN A\t10.1.2.10},
+ qq{filer-all00\tIN CNAME\tfiler-all00.vlan-systeme},
qq{filer-all.vlan-systeme\tIN A\t10.1.2.10},
qq{filer-all.vlan-systeme\tIN A\t10.1.2.11},
- qq{filer-all00\tIN CNAME\tfiler-all00.vlan-systeme},
- qq{filer-all00.vlan-systeme\tIN A\t10.1.2.10},
- qq{filer-all01\tIN CNAME\tfiler-all01.vlan-systeme},
- qq{filer-all01.vlan-systeme\tIN A\t10.1.2.11},
+ qq{filer-all\tIN CNAME\tfiler-all.vlan-systeme},
q{},
q{; filer-several: filer with ip common on several site},
q{; number: 2},
q{;----------------------------------------------------------------------------},
- qq{filer-several\tIN CNAME\tfiler-several.vlan-systeme},
+ qq{filer-several01.vlan-systeme\tIN A\t10.1.2.21},
+ qq{filer-several01\tIN CNAME\tfiler-several01.vlan-systeme},
+ qq{filer-several00.vlan-systeme\tIN A\t10.1.2.20},
+ qq{filer-several00\tIN CNAME\tfiler-several00.vlan-systeme},
qq{filer-several.vlan-systeme\tIN A\t10.1.2.20},
qq{filer-several.vlan-systeme\tIN A\t10.1.2.21},
- qq{filer-several00\tIN CNAME\tfiler-several00.vlan-systeme},
- qq{filer-several00.vlan-systeme\tIN A\t10.1.2.20},
- qq{filer-several01\tIN CNAME\tfiler-several01.vlan-systeme},
- qq{filer-several01.vlan-systeme\tIN A\t10.1.2.21},
+ qq{filer-several\tIN CNAME\tfiler-several.vlan-systeme},
q{},
q{; cbv4-spawn: Spawning server},
q{; number: 2},
q{;----------------------------------------------------------------------------},
- qq{cbv4-spawn\tIN CNAME\tcbv4-spawn.vlan-systeme},
+ qq{spawn01\tIN CNAME\tcbv4-spawn01.vlan-systeme},
+ qq{spawn00\tIN CNAME\tcbv4-spawn00.vlan-systeme},
+ qq{spawn\tIN CNAME\tcbv4-spawn.vlan-systeme},
+ qq{ntp01\tIN CNAME\tcbv4-spawn01.vlan-systeme},
+ qq{ntp00\tIN CNAME\tcbv4-spawn00.vlan-systeme},
+ qq{ntp\tIN CNAME\tcbv4-spawn.vlan-systeme},
+ qq{cbv4-spawn01.vlan-systeme\tIN A\t10.1.167.1},
+ qq{cbv4-spawn01.vlan-pfds-int\tIN A\t10.2.167.1},
+ qq{cbv4-spawn01.vlan-pfds-ext\tIN A\t192.168.1.98},
+ qq{cbv4-spawn01.vlan-middledsi\tIN A\t10.3.2.42},
+ qq{cbv4-spawn01.vlan-admindsi\tIN A\t10.3.1.1},
+ qq{cbv4-spawn01\tIN CNAME\tcbv4-spawn01.vlan-systeme},
+ qq{cbv4-spawn00.vlan-systeme\tIN A\t10.1.167.0},
+ qq{cbv4-spawn00.vlan-pfds-int\tIN A\t10.2.167.0},
+ qq{cbv4-spawn00.vlan-pfds-ext\tIN A\t192.168.1.97},
+ qq{cbv4-spawn00.vlan-middledsi\tIN A\t10.3.2.41},
+ qq{cbv4-spawn00.vlan-admindsi\tIN A\t10.3.1.0},
+ qq{cbv4-spawn00\tIN CNAME\tcbv4-spawn00.vlan-systeme},
+ qq{cbv4-spawn.vlan-systeme\tIN A\t10.1.167.0},
+ qq{cbv4-spawn.vlan-systeme\tIN A\t10.1.167.1},
+ qq{cbv4-spawn.vlan-pfds-int\tIN A\t10.2.167.0},
+ qq{cbv4-spawn.vlan-pfds-int\tIN A\t10.2.167.1},
+ qq{cbv4-spawn.vlan-pfds-ext\tIN A\t192.168.1.97},
+ qq{cbv4-spawn.vlan-pfds-ext\tIN A\t192.168.1.98},
+ qq{cbv4-spawn.vlan-middledsi\tIN A\t10.3.2.41},
+ qq{cbv4-spawn.vlan-middledsi\tIN A\t10.3.2.42},
qq{cbv4-spawn.vlan-admindsi\tIN A\t10.3.1.0},
qq{cbv4-spawn.vlan-admindsi\tIN A\t10.3.1.1},
- qq{cbv4-spawn.vlan-middledsi\tIN A\t10.3.2.41},
- qq{cbv4-spawn.vlan-middledsi\tIN A\t10.3.2.42},
- qq{cbv4-spawn.vlan-pfds-ext\tIN A\t192.168.1.97},
- qq{cbv4-spawn.vlan-pfds-ext\tIN A\t192.168.1.98},
- qq{cbv4-spawn.vlan-pfds-int\tIN A\t10.2.167.0},
- qq{cbv4-spawn.vlan-pfds-int\tIN A\t10.2.167.1},
- qq{cbv4-spawn.vlan-systeme\tIN A\t10.1.167.0},
- qq{cbv4-spawn.vlan-systeme\tIN A\t10.1.167.1},
- qq{cbv4-spawn00\tIN CNAME\tcbv4-spawn00.vlan-systeme},
- qq{cbv4-spawn00.vlan-admindsi\tIN A\t10.3.1.0},
- qq{cbv4-spawn00.vlan-middledsi\tIN A\t10.3.2.41},
- qq{cbv4-spawn00.vlan-pfds-ext\tIN A\t192.168.1.97},
- qq{cbv4-spawn00.vlan-pfds-int\tIN A\t10.2.167.0},
- qq{cbv4-spawn00.vlan-systeme\tIN A\t10.1.167.0},
- qq{cbv4-spawn01\tIN CNAME\tcbv4-spawn01.vlan-systeme},
- qq{cbv4-spawn01.vlan-admindsi\tIN A\t10.3.1.1},
- qq{cbv4-spawn01.vlan-middledsi\tIN A\t10.3.2.42},
- qq{cbv4-spawn01.vlan-pfds-ext\tIN A\t192.168.1.98},
- qq{cbv4-spawn01.vlan-pfds-int\tIN A\t10.2.167.1},
- qq{cbv4-spawn01.vlan-systeme\tIN A\t10.1.167.1},
- qq{ntp\tIN CNAME\tcbv4-spawn.vlan-systeme},
- qq{ntp00\tIN CNAME\tcbv4-spawn00.vlan-systeme},
- qq{ntp01\tIN CNAME\tcbv4-spawn01.vlan-systeme},
- qq{spawn\tIN CNAME\tcbv4-spawn.vlan-systeme},
- qq{spawn00\tIN CNAME\tcbv4-spawn00.vlan-systeme},
- qq{spawn01\tIN CNAME\tcbv4-spawn01.vlan-systeme},
+ qq{cbv4-spawn\tIN CNAME\tcbv4-spawn.vlan-systeme},
q{},
q{; filer-other: filer with ip public on other site},
q{; number: 2},
q{;----------------------------------------------------------------------------},
- qq{filer-other\tIN CNAME\tfiler-other.vlan-public2},
+ qq{filer-other01.vlan-public2\tIN A\t80.125.164.31},
+ qq{filer-other01\tIN CNAME\tfiler-other01.vlan-public2},
+ qq{filer-other00.vlan-public2\tIN A\t80.125.164.30},
+ qq{filer-other00\tIN CNAME\tfiler-other00.vlan-public2},
qq{filer-other.vlan-public2\tIN A\t80.125.164.30},
qq{filer-other.vlan-public2\tIN A\t80.125.164.31},
- qq{filer-other00\tIN CNAME\tfiler-other00.vlan-public2},
- qq{filer-other00.vlan-public2\tIN A\t80.125.164.30},
- qq{filer-other01\tIN CNAME\tfiler-other01.vlan-public2},
- qq{filer-other01.vlan-public2\tIN A\t80.125.164.31},
+ qq{filer-other\tIN CNAME\tfiler-other.vlan-public2},
q{},
q{; cbv4-rdeploy: Rdeploy server},
q{; number: 2},
q{;----------------------------------------------------------------------------},
+ qq{cbv4-rdeploy01.vlan-public\tIN A\t80.125.163.43},
+ qq{cbv4-rdeploy00.vlan-public2\tIN A\t80.125.164.44},
+ qq{cbv4-rdeploy00.vlan-public\tIN A\t80.125.163.42},
+ qq{cbv4-rdeploy.vlan-public2\tIN A\t80.125.164.44},
qq{cbv4-rdeploy.vlan-public\tIN A\t80.125.163.42},
qq{cbv4-rdeploy.vlan-public\tIN A\t80.125.163.43},
- qq{cbv4-rdeploy.vlan-public2\tIN A\t80.125.164.44},
- qq{cbv4-rdeploy00.vlan-public\tIN A\t80.125.163.42},
- qq{cbv4-rdeploy00.vlan-public2\tIN A\t80.125.164.44},
- qq{cbv4-rdeploy01.vlan-public\tIN A\t80.125.163.43},
q{},
q{},
];
More information about the pf-tools-commits
mailing list