![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-ops] Update some config files in dw-ops repo so we have them Just In Case.
[commit: http://hg.dwscoalition.org/dw-ops/rev/fc8ad434eb48]
Update some config files in dw-ops repo so we have them Just In Case.
Patch by![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png)
mark.
Files modified:
Update some config files in dw-ops repo so we have them Just In Case.
Patch by
mark.Files modified:
- configs/mysql/dfw-db-a01.cnf
- configs/mysql/dfw-db-a02.cnf
- configs/mysql/dfw-db-b01.cnf
- configs/mysql/dfw-db-b02.cnf
- configs/mysql/dfw-db-c01.cnf
- configs/mysql/dfw-db-c02.cnf
- configs/mysql/dfw-db01.cnf
- configs/mysql/dfw-db02.cnf
- configs/mysql/sb-db01.cnf
- configs/mysql/sb-db02.cnf
- configs/postfix/dw/aliases
- configs/postfix/dw/body_checks
- configs/postfix/dw/header_checks
- configs/postfix/dw/mysql.cf
- configs/postfix/dw/virtual
- configs/postfix/main.cf
- puppet/modules/iptables/templates/spamhaus-drop.erb
--------------------------------------------------------------------------------
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/dfw-db-a01.cnf
--- a/configs/mysql/dfw-db-a01.cnf Wed Sep 23 00:26:36 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-[mysqld]
-bind-address = 10.176.71.86
-
-server-id = 3
-log_bin = /var/lib/mysql-binlogs/dfw-db-a01-bin.log
-relay_log = /var/lib/mysql/dfw-db-a01-relay-bin
-max_binlog_size = 1G
-expire_logs_days = 30
-
-log-slave-updates
-
-log_slow_queries = /var/log/mysql/mysql-slow.log
-long_query_time = 2
-#log-queries-not-using-indexes
-
-# general purpose tuning
-max_connections = 1024
-table_cache = 1024
-
-# innodb tuning
-innodb_buffer_pool_size = 1600M
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/dfw-db-a02.cnf
--- a/configs/mysql/dfw-db-a02.cnf Wed Sep 23 00:26:36 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-[mysqld]
-bind-address = 10.176.71.88
-
-server-id = 4
-log_bin = /var/lib/mysql-binlogs/dfw-db-a02-bin.log
-relay_log = /var/lib/mysql/dfw-db-a02-relay-bin
-max_binlog_size = 1G
-expire_logs_days = 30
-
-log-slave-updates
-
-log_slow_queries = /var/log/mysql/mysql-slow.log
-long_query_time = 2
-#log-queries-not-using-indexes
-
-# general purpose tuning
-max_connections = 1024
-table_cache = 1024
-
-# innodb tuning
-innodb_buffer_pool_size = 1600M
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/dfw-db-b01.cnf
--- a/configs/mysql/dfw-db-b01.cnf Wed Sep 23 00:26:36 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-[mysqld]
-bind-address = 10.176.71.89
-
-server-id = 5
-log_bin = /var/lib/mysql-binlogs/dfw-db-b01-bin.log
-relay_log = /var/lib/mysql/dfw-db-b01-relay-bin
-max_binlog_size = 1G
-expire_logs_days = 30
-
-log-slave-updates
-
-log_slow_queries = /var/log/mysql/mysql-slow.log
-long_query_time = 2
-#log-queries-not-using-indexes
-
-# general purpose tuning
-max_connections = 1024
-table_cache = 1024
-
-# innodb tuning
-innodb_buffer_pool_size = 1600M
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/dfw-db-b02.cnf
--- a/configs/mysql/dfw-db-b02.cnf Wed Sep 23 00:26:36 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-[mysqld]
-bind-address = 10.176.71.90
-
-server-id = 6
-log_bin = /var/lib/mysql-binlogs/dfw-db-b02-bin.log
-relay_log = /var/lib/mysql/dfw-db-b02-relay-bin
-max_binlog_size = 1G
-expire_logs_days = 30
-
-log-slave-updates
-
-log_slow_queries = /var/log/mysql/mysql-slow.log
-long_query_time = 2
-#log-queries-not-using-indexes
-
-# general purpose tuning
-max_connections = 1024
-table_cache = 1024
-
-# innodb tuning
-innodb_buffer_pool_size = 1600M
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/dfw-db-c01.cnf
--- a/configs/mysql/dfw-db-c01.cnf Wed Sep 23 00:26:36 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-[mysqld]
-bind-address = 10.176.74.51
-
-server-id = 7
-log_bin = /var/lib/mysql-binlogs/dfw-db-c01-bin.log
-relay_log = /var/lib/mysql/dfw-db-c01-relay-bin
-max_binlog_size = 1G
-expire_logs_days = 30
-
-log-slave-updates
-
-log_slow_queries = /var/log/mysql/mysql-slow.log
-long_query_time = 2
-#log-queries-not-using-indexes
-
-# general purpose tuning
-max_connections = 1024
-table_cache = 1024
-
-# innodb tuning
-innodb_buffer_pool_size = 1600M
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/dfw-db-c02.cnf
--- a/configs/mysql/dfw-db-c02.cnf Wed Sep 23 00:26:36 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-[mysqld]
-bind-address = 10.176.74.52
-
-server-id = 8
-log_bin = /var/lib/mysql-binlogs/dfw-db-c02-bin.log
-relay_log = /var/lib/mysql/dfw-db-c02-relay-bin
-max_binlog_size = 1G
-expire_logs_days = 30
-
-log-slave-updates
-
-log_slow_queries = /var/log/mysql/mysql-slow.log
-long_query_time = 2
-#log-queries-not-using-indexes
-
-# general purpose tuning
-max_connections = 1024
-table_cache = 1024
-
-# innodb tuning
-innodb_buffer_pool_size = 1600M
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/dfw-db01.cnf
--- a/configs/mysql/dfw-db01.cnf Wed Sep 23 00:26:36 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-[mysqld]
-bind-address = 10.176.64.134
-
-server-id = 1
-log_bin = /var/lib/mysql-binlogs/dfw-db01-bin.log
-relay_log = /var/lib/mysql/dfw-db01-relay-bin
-max_binlog_size = 1G
-expire_logs_days = 30
-
-log-slave-updates
-
-log_slow_queries = /var/log/mysql/mysql-slow.log
-long_query_time = 2
-#log-queries-not-using-indexes
-
-# general purpose tuning
-max_connections = 1024
-table_cache = 1024
-
-# innodb tuning
-innodb_buffer_pool_size = 3200M
-
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/dfw-db02.cnf
--- a/configs/mysql/dfw-db02.cnf Wed Sep 23 00:26:36 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-[mysqld]
-bind-address = 10.176.64.135
-
-server-id = 3
-log_bin = /var/lib/mysql-binlogs/dfw-db02-bin.log
-relay_log = /var/lib/mysql/dfw-db02-relay-bin
-max_binlog_size = 1G
-expire_logs_days = 30
-
-log-slave-updates
-
-log_slow_queries = /var/log/mysql/mysql-slow.log
-long_query_time = 2
-#log-queries-not-using-indexes
-
-# general purpose tuning
-max_connections = 1024
-table_cache = 1024
-
-# innodb tuning
-innodb_buffer_pool_size = 1600M
-
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/sb-db01.cnf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/configs/mysql/sb-db01.cnf Tue Oct 20 18:29:44 2009 +0000
@@ -0,0 +1,27 @@
+[mysqld]
+bind-address = 172.20.6.169
+
+server-id = 101
+log_bin = /var/lib/mysql-binlogs/sb-db01-bin.log
+relay_log = /var/lib/mysql/sb-db01-relay-bin
+max_binlog_size = 1G
+expire_logs_days = 30
+
+# this is required for the master as we're going to be copying data from
+# the DFW databases, but we don't want to copy the MogileFS cloud as that
+# is not a db replicated cloud.
+replicate-ignore-db = dw_mogile
+
+log-slave-updates
+
+log_slow_queries = /var/log/mysql/mysql-slow.log
+long_query_time = 2
+#log-queries-not-using-indexes
+
+# general purpose tuning
+max_connections = 1024
+table_cache = 1024
+query_cache_size = 0
+
+# innodb tuning
+innodb_buffer_pool_size = 8000M
diff -r 482a589de207 -r fc8ad434eb48 configs/mysql/sb-db02.cnf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/configs/mysql/sb-db02.cnf Tue Oct 20 18:29:44 2009 +0000
@@ -0,0 +1,21 @@
+[mysqld]
+bind-address = 172.20.6.175
+
+server-id = 102
+log_bin = /var/lib/mysql-binlogs/sb-db02-bin.log
+relay_log = /var/lib/mysql/sb-db02-relay-bin
+max_binlog_size = 1G
+expire_logs_days = 30
+
+log-slave-updates
+
+log_slow_queries = /var/log/mysql/mysql-slow.log
+long_query_time = 2
+#log-queries-not-using-indexes
+
+# general purpose tuning
+max_connections = 1024
+table_cache = 1024
+
+# innodb tuning
+innodb_buffer_pool_size = 8000M
diff -r 482a589de207 -r fc8ad434eb48 configs/postfix/dw/aliases
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/configs/postfix/dw/aliases Tue Oct 20 18:29:44 2009 +0000
@@ -0,0 +1,14 @@
+# things we need to be good net citizens
+postmaster: mark@dreamwidth.org
+
+# things that aren't "real" and are discarded
+dw_null: /dev/null
+
+# now things that we need to deliver to the dw user (aka, stuff in this list
+# foo@dreamwidth.org will get shoved into the database and processed)
+abuse: dw
+accounts: dw
+feedback: dw
+support: dw
+webmaster: dw
+privacy: dw
diff -r 482a589de207 -r fc8ad434eb48 configs/postfix/dw/body_checks
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/configs/postfix/dw/body_checks Tue Oct 20 18:29:44 2009 +0000
@@ -0,0 +1,2 @@
+/to stop receiving our daily offers/i DISCARD
+/intent of guaranteeing/i DISCARD
diff -r 482a589de207 -r fc8ad434eb48 configs/postfix/dw/header_checks
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/configs/postfix/dw/header_checks Tue Oct 20 18:29:44 2009 +0000
@@ -0,0 +1,1 @@
+/^Subject:.*Pfizer/i DISCARD
diff -r 482a589de207 -r fc8ad434eb48 configs/postfix/dw/mysql.cf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/configs/postfix/dw/mysql.cf Tue Oct 20 18:29:44 2009 +0000
@@ -0,0 +1,5 @@
+user = email
+password = email
+hosts = 172.20.6.169
+dbname = dw_global
+query = SELECT rcpt FROM email_aliases WHERE alias = '%s@dreamwidth.org'
diff -r 482a589de207 -r fc8ad434eb48 configs/postfix/dw/virtual
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/configs/postfix/dw/virtual Tue Oct 20 18:29:44 2009 +0000
@@ -0,0 +1,2 @@
+# everything goes to the dw user for injection
+@post.dreamwidth.org dw
diff -r 482a589de207 -r fc8ad434eb48 configs/postfix/main.cf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/configs/postfix/main.cf Tue Oct 20 18:29:44 2009 +0000
@@ -0,0 +1,56 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific: Specifying a file name will cause the first
+# line of that file to be used as the name. The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = sb-mail01
+myorigin = /etc/mailname
+relayhost =
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+
+# dreamwidth configuration
+mydestination = dreamwidth.org
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.20.6.0/24
+
+# first, allow us to reject known spam. obviously this is a manual process
+# adding to these files and it's suboptimal, but it's efficient and one way of
+# removing spam that hits the support boards. would be nice to actually use
+# a real anti-spam system but that's not been setup yet.
+header_checks = pcre:/etc/postfix/dw/header_checks
+body_checks = pcre:/etc/postfix/dw/body_checks
+
+# post by email gets a virtual setup
+virtual_alias_domains = post.dreamwidth.org
+virtual_alias_maps = hash:/etc/postfix/dw/virtual
+
+# map alias configuration, default to check local first
+alias_maps = hash:/etc/postfix/dw/aliases, mysql:/etc/postfix/dw/mysql.cf
+
+# configure local mail to go through injector
+mailbox_command = env LJHOME=/home/dw/current /usr/bin/perl -I/home/dw/current/cgi-bin /home/dw/current/bin/incoming-mail-inject.pl
diff -r 482a589de207 -r fc8ad434eb48 puppet/modules/iptables/templates/spamhaus-drop.erb
--- a/puppet/modules/iptables/templates/spamhaus-drop.erb Wed Sep 23 00:26:36 2009 +0000
+++ b/puppet/modules/iptables/templates/spamhaus-drop.erb Tue Oct 20 18:29:44 2009 +0000
@@ -13,7 +13,10 @@ 138.252.0.0/16
138.252.0.0/16
138.43.0.0/16
139.167.0.0/16
+140.170.0.0/16
143.49.0.0/16
+148.178.0.0/16
+150.141.0.0/16
150.230.0.0/16
152.147.0.0/16
167.28.0.0/16
@@ -34,12 +37,12 @@ 193.138.172.0/22
193.138.172.0/22
193.142.244.0/24
193.16.100.0/24
-193.169.12.0/23
193.19.120.0/23
193.238.36.0/22
194.110.160.0/22
194.116.146.0/23
194.126.193.0/24
+194.143.130.0/23
194.146.204.0/22
194.165.4.0/23
195.114.8.0/23
@@ -49,6 +52,7 @@ 195.74.88.0/23
195.74.88.0/23
195.88.32.0/23
195.88.80.0/23
+195.95.151.0/24
195.95.161.0/24
196.1.176.0/20
196.32.216.0/21
@@ -68,7 +72,6 @@ 203.19.101.0/24
203.19.101.0/24
203.31.88.0/23
203.34.205.0/24
-203.34.37.0/24
203.34.70.0/23
203.34.71.0/24
204.13.32.0/21
@@ -84,18 +87,15 @@ 206.197.177.0/24
206.197.177.0/24
206.197.28.0/24
206.197.29.0/24
-207.166.112.0/20
208.77.224.0/21
208.81.136.0/21
208.82.136.0/21
208.84.96.0/21
208.87.152.0/21
-208.93.152.0/22
209.145.192.0/18
209.165.224.0/20
209.213.48.0/20
213.181.80.0/20
-216.21.8.0/22
216.243.240.0/20
41.221.112.0/20
58.83.12.0/22
@@ -103,7 +103,6 @@ 62.122.32.0/21
62.122.32.0/21
64.28.176.0/20
66.206.32.0/22
-66.55.160.0/19
67.210.0.0/20
67.213.128.0/20
69.8.176.0/20
@@ -114,7 +113,7 @@ 78.155.220.0/23
78.155.220.0/23
78.157.128.0/19
79.110.160.0/20
-79.135.160.0/19
+79.110.176.0/20
81.29.240.0/20
85.255.112.0/20
86.105.230.0/24
@@ -123,9 +122,9 @@ 91.196.232.0/22
91.196.232.0/22
91.199.112.0/24
91.203.92.0/22
+91.207.116.0/23
91.208.0.0/24
91.208.162.0/24
-91.208.228.0/24
91.209.14.0/24
91.209.184.0/24
91.209.186.0/24
@@ -137,8 +136,9 @@ 91.212.45.0/24
91.212.45.0/24
91.212.65.0/24
91.213.126.0/24
+91.213.29.0/24
91.213.33.0/24
-91.214.44.0/22
+93.113.27.0/24
93.118.128.0/18
93.188.160.0/21
94.154.0.0/18
@@ -147,4 +147,5 @@ 94.247.0.0/21
94.247.0.0/21
95.129.144.0/23
95.129.146.0/24
+95.215.192.0/22
95.215.76.0/22
--------------------------------------------------------------------------------