[Git][qa/jenkins.debian.net][master] jenkins nodes: only use fail2ban on nodes not behind NAT

Holger Levsen (@holger) gitlab at salsa.debian.org
Sun Oct 22 09:16:01 BST 2023 


Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
08bf35af by Holger Levsen at 2023-10-22T10:15:31+02:00
jenkins nodes: only use fail2ban on nodes not behind NAT

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


1 changed file:

- update_jdn.sh


Changes:

=====================================
update_jdn.sh
=====================================
@@ -291,7 +291,6 @@ if [ -f /etc/debian_version ] ; then
 			cdebootstrap-
 			debootstrap
 			devscripts
-			fail2ban
 			eatmydata
 			etckeeper
 			ethtool
@@ -368,6 +367,11 @@ if [ -f /etc/debian_version ] ; then
 				systemd-oomd
 				" ;;
 		esac
+		case $DPKG_ARCH in
+			# fail2ban is not useful on all arm64 and armhf nodes as they are behind NAT
+			arm64|armhf)	;;
+			*)		DEBS="$DEBS fail2ban" ;;
+		esac
 		case $HOSTNAME in
 			# needed for rebuilding Debian (using .buildinfo files)
 			osuosl3*) DEBS="$DEBS libdpkg-perl libwww-mechanize-perl sbuild" 
@@ -695,12 +699,15 @@ fi
 
 if ! $UP2DATE || [ $BASEDIR/hosts/$HOSTNAME/etc/munin -nt $STAMP ] ; then
 	cd /etc/munin/plugins
-	# enable some plugins everywhere, currently just fail2ban
-	for i in fail2ban ; do
-		[ -e $i ] || sudo ln -s /usr/share/munin/plugins/$i $i
-	done
+	# enable fail2ban conditionally, all arm64 and armhf nodes are behind NAT
+	case $DPKG_ARCH in
+		arm64|armhf)	rm -f fail2ban ;;
+		*)		i=fail2ban
+				[ -e $i ] || sudo ln -s /usr/share/munin/plugins/$i $i
+				;;
+	esac
 	# delete some everywhere
-	sudo rm -f postfix_* open_inodes interrupts irqstats threads proc_pri vmstat if_err_* exim_* netstat fw_forwarded_local fw_packets fw_conntrack forks open_files users nfs* ntp* df_abs entropy http_loadtime 2>/dev/null
+	sudo rm -f postfix_* open_inodes interrupts irqstats threads proc_pri vmstat if_err_* exim_* netstat fw_forwarded_local fw_packets fw_conntrack forks open_files users nfs* ntp* df_abs entropy http_loadtime
 	case $HOSTNAME in
 			ionos1-a*|ionos10*|codethink04*|osuosl*) [ -L /etc/munin/plugins/squid_cache ] || for i in squid_cache squid_objectsize squid_requests squid_traffic ; do sudo ln -s /usr/share/munin/plugins/$i $i ; done ;;
 			*)	;;



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/08bf35af2888d6c28225032f7817e5d652ad6367

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/08bf35af2888d6c28225032f7817e5d652ad6367
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20231022/41f773ef/attachment-0001.htm>

More information about the Qa-jenkins-scm mailing list