reproducible Debian: Retire most armhf nodes with only 2GB of ram.

123dfab8 · Vagrant Cascadian · df0c335e · 123dfab8 · 123dfab8 · 123dfab8
Commit 123dfab8 authored Jul 08, 2021 by Vagrant Cascadian
--- a/README.infrastructure
+++ b/README.infrastructure
@@ -89,7 +89,7 @@ There's a script to trigger the power on/off/cycle if needed, from hbi1 on Vagra
  hbi1$ cd /srv/rb/remote-power ; ./remote-power NAME on|off|ccl
 	# ccl means powercycling…
-There are at least three machines, bbx15, jtk1a, and jtk1b that don't tend to
+There are at least three machines, jtx1a, jtx1b and jtx1c that don't tend to
 come up after power cycling, but sometimes even those work too, so it's
 worth a try.

--- a/bin/common-functions.sh
+++ b/bin/common-functions.sh
@@ -114,7 +114,7 @@ else
 		case $HOSTNAME in
 			jenkins|ionos*|osuosl*)
 				export MIRROR=http://cdn-fastly.deb.debian.org/debian ;;
-			bbx15|cb3*|cbxi4*|wbq0|odxu4*|odu3*|odc*|ff*|ff4*|opi2*|jt?1*|p64*|virt32[a-z]|virt64[a-z])
+			cbxi4*|wbq0|ff4*|jt?1*|virt32[a-z]|virt64[a-z])
 				export MIRROR=http://cdn-fastly.deb.debian.org/debian ;;
 			codethink*)
 				export MIRROR=http://cdn-fastly.deb.debian.org/debian ;;
@@ -137,7 +137,7 @@ else
 			export http_proxy="http://127.0.0.1:3128" ;;
 		codethink*)
 			export http_proxy="http://192.168.101.16:3128" ;;
-		bbx15|cb3*|cbxi4*|wbq0|odxu4*|odu3*|odc*|ff*|ff4*|opi2*|jt?1*|p64*|virt64[a-z]|virt32[a-z])
+		cbxi4*|wbq0|ff4*|jt?1*|virt64[a-z]|virt32[a-z])
 			export http_proxy="http://10.0.0.15:8000/" ;;
 		spectrum)
 			export http_proxy="http://127.0.0.1:3128" ;;
@@ -219,7 +219,7 @@ jenkins_zombie_check() {
 	# and we dont know why and when that happens,
 	# so just report those zombies here.
 	#
-	ZOMBIES="$(ls -1d /var/lib/jenkins/jobs/* | egrep 'strip-nondeterminism|reprotest|reproducible_(builder_(amd64|i386|armhf|arm64)|setup_(pbuilder|schroot)_testing)|chroot-installation_wheezy|aptdpkg|reproducible_*(odc2a|odxu4c|opi2b)|stretch_install_education-thin-client-server|jessie_multiarch_versionskew|dpkg_stretch_find_trigger_cycles|sid_install_education-services|buster_install_education-services|lvc|chroot-installation_stretch_.*_upgrade_to_sid|chroot-installation_buster_.*_upgrade_to_sid|piuparts_.*_jessie|udd_stretch|d-i_pu-build|debsums-tests_stretch|debian-archive-keyring-tests_stretch|chroot-installation_jessie|chroot-installation_.*education-lang-|kirkwoot|rebootstrap_.*_gcc[5-8]($|_)|brcm47xx|rebootstrap_kfreebsd|diffoscope_from_git_|disorderfs_from_git_master|diffoscope_pypi|diffoscope_freebsd|diffoscope_netbsd|diffoscope_macports|diffoscope_archlinux|openwrt-target-ath97|profitbricks|pool_buildinfos_suites|^g-i|reproducible_compare_Debian_sha1sums' || true)"
+	ZOMBIES="$(ls -1d /var/lib/jenkins/jobs/* | egrep 'strip-nondeterminism|reprotest|reproducible_(builder_(amd64|i386|armhf|arm64)|setup_(pbuilder|schroot)_testing)|chroot-installation_wheezy|aptdpkg|stretch_install_education-thin-client-server|jessie_multiarch_versionskew|dpkg_stretch_find_trigger_cycles|sid_install_education-services|buster_install_education-services|lvc|chroot-installation_stretch_.*_upgrade_to_sid|chroot-installation_buster_.*_upgrade_to_sid|piuparts_.*_jessie|udd_stretch|d-i_pu-build|debsums-tests_stretch|debian-archive-keyring-tests_stretch|chroot-installation_jessie|chroot-installation_.*education-lang-|kirkwoot|rebootstrap_.*_gcc[5-8]($|_)|brcm47xx|rebootstrap_kfreebsd|diffoscope_from_git_|disorderfs_from_git_master|diffoscope_pypi|diffoscope_freebsd|diffoscope_netbsd|diffoscope_macports|diffoscope_archlinux|openwrt-target-ath97|profitbricks|pool_buildinfos_suites|^g-i|reproducible_compare_Debian_sha1sums' || true)"
 	if [ ! -z "$ZOMBIES" ] ; then
 		DIRTY=true
 		figlet 'zombies!!!'

--- a/bin/jenkins_node_definitions.sh
+++ b/bin/jenkins_node_definitions.sh
@@ -11,8 +11,7 @@
 #		- bin/reproducible_cleanup_nodes.sh where it would be
 #		  nice to also include ionos9+10, to also cleanup
 #		  jobs there…
-BUILD_NODES="bbx15-armhf-rb.debian.net
+BUILD_NODES="
-cb3a-armhf-rb.debian.net
 cbxi4a-armhf-rb.debian.net
 cbxi4b-armhf-rb.debian.net
 cbxi4pro0-armhf-rb.debian.net
@@ -24,22 +23,11 @@ codethink13-arm64.debian.net
 codethink14-arm64.debian.net
 codethink15-arm64.debian.net
 codethink16-arm64.debian.net
-ff2a-armhf-rb.debian.net
-ff2b-armhf-rb.debian.net
 ff4a-armhf-rb.debian.net
 ff64a-armhf-rb.debian.net
-jtk1a-armhf-rb.debian.net
-jtk1b-armhf-rb.debian.net
 jtx1a-armhf-rb.debian.net
 jtx1b-armhf-rb.debian.net
 jtx1c-armhf-rb.debian.net
-odu3a-armhf-rb.debian.net
-odxu4a-armhf-rb.debian.net
-odxu4b-armhf-rb.debian.net
-opi2a-armhf-rb.debian.net
-opi2c-armhf-rb.debian.net
-p64b-armhf-rb.debian.net
-p64c-armhf-rb.debian.net
 ionos1-amd64.debian.net
 ionos2-i386.debian.net
 ionos5-amd64.debian.net

--- a/hosts/bbx15
+++ b/hosts/bbx15
-bbx15-armhf-rb
\ No newline at end of file
--- a/hosts/bbx15-armhf-rb/etc/munin/munin-node.conf
+++ b/hosts/bbx15-armhf-rb/etc/munin/munin-node.conf
-#
-# Example config-file for munin-node
-#
-log_level 4
-log_file /var/log/munin/munin-node.log
-pid_file /var/run/munin/munin-node.pid
-background 1
-setsid 1
-user root
-group root
-# This is the timeout for the whole transaction.
-# Units are in sec. Default is 15 min
-#
-# global_timeout 900
-# This is the timeout for each plugin.
-# Units are in sec. Default is 1 min
-#
-# timeout 60
-# Regexps for files to ignore
-ignore_file [\#~]$
-ignore_file DEADJOE$
-ignore_file \.bak$
-ignore_file %$
-ignore_file \.dpkg-(tmp|new|old|dist)$
-ignore_file \.rpm(save|new)$
-ignore_file \.pod$
-# Set this if the client doesn't report the correct hostname when
-# telnetting to localhost, port 4949
-#
-#host_name localhost.localdomain
-# A list of addresses that are allowed to connect.  This must be a
-# regular expression, since Net::Server does not understand CIDR-style
-# network notation unless the perl module Net::CIDR is installed.  You
-# may repeat the allow line as many times as you'd like
-allow ^127\.0\.0\.1$
-allow ^::1$
-# If you have installed the Net::CIDR perl module, you can use one or more
-# cidr_allow and cidr_deny address/mask patterns.  A connecting client must
-# match any cidr_allow, and not match any cidr_deny.  Note that a netmask
-# *must* be provided, even if it's /32
-#
-# Example:
-#
-# cidr_allow 127.0.0.1/32
-# cidr_allow 192.0.2.0/24
-# cidr_deny  192.0.2.42/32
-# Which address to bind to;
-host *
-# host 127.0.0.1
-# And which port
-port 4949
-allow ^78\.137\.96\.196
-hostname bbx15-armhf-rb.debian.net
--- a/hosts/bbx15-armhf-rb/etc/postfix/main.cf
+++ b/hosts/bbx15-armhf-rb/etc/postfix/main.cf
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-readme_directory = no
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-myhostname = bbx15-armhf-rb.debian.net
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = bbx15-armhf-rb.debian.net, localhost
-relayhost = mail.holgerlevsen.de 
-#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mynetworks = 127.0.0.0/8
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-mailbox_command = /usr/bin/procmail -a "$EXTENSION"
--- a/hosts/bbx15-armhf-rb/etc/ssh/sshd_config
+++ b/hosts/bbx15-armhf-rb/etc/ssh/sshd_config
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-# What ports, IPs and protocols we listen for
-Port 22
-Port 2242
-#AddressFamily any
-#ListenAddress ::
-#ListenAddress 0.0.0.0
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-# Authentication:
-#LoginGraceTime 2n
-PermitRootLogin prohibit-password
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-PubkeyAuthentication yes
-AuthorizedKeysFile /var/lib/misc/userkeys/%u %h/.ssh/authorized_keys
-#AuthorizedPrincipalsFile none
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-#PermitEmptyPasswords no
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-# Change to no to disable tunnelled clear text passwords
-PasswordAuthentication no
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-# no default banner path
-#Banner none
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-# override default of no subsystems
-Subsystem       sftp    /usr/lib/openssh/sftp-server
--- a/hosts/cb3a
+++ b/hosts/cb3a
-cb3a-armhf-rb
\ No newline at end of file
--- a/hosts/cb3a-armhf-rb/etc/munin/munin-node.conf
+++ b/hosts/cb3a-armhf-rb/etc/munin/munin-node.conf
-#
-# Example config-file for munin-node
-#
-log_level 4
-log_file /var/log/munin/munin-node.log
-pid_file /var/run/munin/munin-node.pid
-background 1
-setsid 1
-user root
-group root
-# This is the timeout for the whole transaction.
-# Units are in sec. Default is 15 min
-#
-# global_timeout 900
-# This is the timeout for each plugin.
-# Units are in sec. Default is 1 min
-#
-# timeout 60
-# Regexps for files to ignore
-ignore_file [\#~]$
-ignore_file DEADJOE$
-ignore_file \.bak$
-ignore_file %$
-ignore_file \.dpkg-(tmp|new|old|dist)$
-ignore_file \.rpm(save|new)$
-ignore_file \.pod$
-# Set this if the client doesn't report the correct hostname when
-# telnetting to localhost, port 4949
-#
-#host_name localhost.localdomain
-# A list of addresses that are allowed to connect.  This must be a
-# regular expression, since Net::Server does not understand CIDR-style
-# network notation unless the perl module Net::CIDR is installed.  You
-# may repeat the allow line as many times as you'd like
-allow ^127\.0\.0\.1$
-allow ^::1$
-# If you have installed the Net::CIDR perl module, you can use one or more
-# cidr_allow and cidr_deny address/mask patterns.  A connecting client must
-# match any cidr_allow, and not match any cidr_deny.  Note that a netmask
-# *must* be provided, even if it's /32
-#
-# Example:
-#
-# cidr_allow 127.0.0.1/32
-# cidr_allow 192.0.2.0/24
-# cidr_deny  192.0.2.42/32
-# Which address to bind to;
-host *
-# host 127.0.0.1
-# And which port
-port 4949
-allow ^78\.137\.96\.196
-hostname cb3a-armhf-rb.debian.net
--- a/hosts/cb3a-armhf-rb/etc/postfix/main.cf
+++ b/hosts/cb3a-armhf-rb/etc/postfix/main.cf
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-readme_directory = no
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-myhostname = cb3a-armhf-rb.debian.net
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = cb3a-armhf-rb.debian.net, localhost
-relayhost = mail.holgerlevsen.de 
-#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mynetworks = 127.0.0.0/8
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-mailbox_command = /usr/bin/procmail -a "$EXTENSION"
--- a/hosts/cb3a-armhf-rb/etc/ssh/sshd_config
+++ b/hosts/cb3a-armhf-rb/etc/ssh/sshd_config
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-# What ports, IPs and protocols we listen for
-Port 22
-Port 2244
-#AddressFamily any
-#ListenAddress ::
-#ListenAddress 0.0.0.0
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-# Authentication:
-#LoginGraceTime 2n
-PermitRootLogin prohibit-password
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-PubkeyAuthentication yes
-AuthorizedKeysFile /var/lib/misc/userkeys/%u %h/.ssh/authorized_keys
-#AuthorizedPrincipalsFile none
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-#PermitEmptyPasswords no
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-# Change to no to disable tunnelled clear text passwords
-PasswordAuthentication no
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-# no default banner path
-#Banner none
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-# override default of no subsystems
-Subsystem       sftp    /usr/lib/openssh/sftp-server
--- a/hosts/ff2a
+++ b/hosts/ff2a
-ff2a-armhf-rb
\ No newline at end of file
--- a/hosts/ff2a-armhf-rb/etc/munin/munin-node.conf
+++ b/hosts/ff2a-armhf-rb/etc/munin/munin-node.conf
-#
-# Example config-file for munin-node
-#
-log_level 4
-log_file /var/log/munin/munin-node.log
-pid_file /var/run/munin/munin-node.pid
-background 1
-setsid 1
-user root
-group root
-# This is the timeout for the whole transaction.
-# Units are in sec. Default is 15 min
-#
-# global_timeout 900
-# This is the timeout for each plugin.
-# Units are in sec. Default is 1 min
-#
-# timeout 60
-# Regexps for files to ignore
-ignore_file [\#~]$
-ignore_file DEADJOE$
-ignore_file \.bak$
-ignore_file %$
-ignore_file \.dpkg-(tmp|new|old|dist)$
-ignore_file \.rpm(save|new)$
-ignore_file \.pod$
-# Set this if the client doesn't report the correct hostname when
-# telnetting to localhost, port 4949
-#
-#host_name localhost.localdomain
-# A list of addresses that are allowed to connect.  This must be a
-# regular expression, since Net::Server does not understand CIDR-style
-# network notation unless the perl module Net::CIDR is installed.  You
-# may repeat the allow line as many times as you'd like
-allow ^127\.0\.0\.1$
-allow ^::1$
-# If you have installed the Net::CIDR perl module, you can use one or more
-# cidr_allow and cidr_deny address/mask patterns.  A connecting client must
-# match any cidr_allow, and not match any cidr_deny.  Note that a netmask
-# *must* be provided, even if it's /32
-#
-# Example:
-#
-# cidr_allow 127.0.0.1/32
-# cidr_allow 192.0.2.0/24
-# cidr_deny  192.0.2.42/32
-# Which address to bind to;
-host *
-# host 127.0.0.1
-# And which port
-port 4949
-allow ^78\.137\.96\.196
-hostname ff2a-armhf-rb.debian.net
--- a/hosts/ff2a-armhf-rb/etc/postfix/main.cf
+++ b/hosts/ff2a-armhf-rb/etc/postfix/main.cf
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-readme_directory = no
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-myhostname = ff2a-armhf-rb.debian.net
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = ff2a-armhf-rb.debian.net, localhost
-relayhost = mail.holgerlevsen.de 
-#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mynetworks = 127.0.0.0/8
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-mailbox_command = /usr/bin/procmail -a "$EXTENSION"
--- a/hosts/ff2a-armhf-rb/etc/ssh/sshd_config
+++ b/hosts/ff2a-armhf-rb/etc/ssh/sshd_config
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-# What ports, IPs and protocols we listen for
-Port 22
-Port 2234
-#AddressFamily any
-#ListenAddress ::
-#ListenAddress 0.0.0.0
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-# Authentication:
-#LoginGraceTime 2n
-PermitRootLogin prohibit-password
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-PubkeyAuthentication yes
-AuthorizedKeysFile /var/lib/misc/userkeys/%u %h/.ssh/authorized_keys
-#AuthorizedPrincipalsFile none
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-#PermitEmptyPasswords no
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-# Change to no to disable tunnelled clear text passwords
-PasswordAuthentication no
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-# no default banner path
-#Banner none
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-# override default of no subsystems
-Subsystem       sftp    /usr/lib/openssh/sftp-server
--- a/hosts/ff2b
+++ b/hosts/ff2b
-ff2b-armhf-rb/
\ No newline at end of file
--- a/hosts/ff2b-armhf-rb/etc/munin/munin-node.conf
+++ b/hosts/ff2b-armhf-rb/etc/munin/munin-node.conf
-#
-# Example config-file for munin-node
-#
-log_level 4
-log_file /var/log/munin/munin-node.log
-pid_file /var/run/munin/munin-node.pid
-background 1
-setsid 1
-user root
-group root
-# This is the timeout for the whole transaction.
-# Units are in sec. Default is 15 min
-#
-# global_timeout 900
-# This is the timeout for each plugin.
-# Units are in sec. Default is 1 min
-#
-# timeout 60
-# Regexps for files to ignore
-ignore_file [\#~]$
-ignore_file DEADJOE$
-ignore_file \.bak$
-ignore_file %$
-ignore_file \.dpkg-(tmp|new|old|dist)$
-ignore_file \.rpm(save|new)$
-ignore_file \.pod$
-# Set this if the client doesn't report the correct hostname when
-# telnetting to localhost, port 4949
-#
-#host_name localhost.localdomain
-# A list of addresses that are allowed to connect.  This must be a
-# regular expression, since Net::Server does not understand CIDR-style
-# network notation unless the perl module Net::CIDR is installed.  You
-# may repeat the allow line as many times as you'd like
-allow ^127\.0\.0\.1$
-allow ^::1$
-# If you have installed the Net::CIDR perl module, you can use one or more
-# cidr_allow and cidr_deny address/mask patterns.  A connecting client must
-# match any cidr_allow, and not match any cidr_deny.  Note that a netmask
-# *must* be provided, even if it's /32
-#
-# Example:
-#
-# cidr_allow 127.0.0.1/32
-# cidr_allow 192.0.2.0/24
-# cidr_deny  192.0.2.42/32
-# Which address to bind to;
-host *
-# host 127.0.0.1
-# And which port
-port 4949
-allow ^78\.137\.96\.196
-hostname ff2b-armhf-rb.debian.net
--- a/hosts/ff2b-armhf-rb/etc/postfix/main.cf
+++ b/hosts/ff2b-armhf-rb/etc/postfix/main.cf
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-readme_directory = no
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-myhostname = ff2b-armhf-rb.debian.net
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = ff2b-armhf-rb.debian.net, localhost
-relayhost = mail.holgerlevsen.de 
-#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mynetworks = 127.0.0.0/8
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-mailbox_command = /usr/bin/procmail -a "$EXTENSION"
--- a/hosts/ff2b-armhf-rb/etc/ssh/sshd_config
+++ b/hosts/ff2b-armhf-rb/etc/ssh/sshd_config
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-# What ports, IPs and protocols we listen for
-Port 22
-Port 2237
-#AddressFamily any
-#ListenAddress ::
-#ListenAddress 0.0.0.0
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-# Authentication:
-#LoginGraceTime 2n
-PermitRootLogin prohibit-password
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-PubkeyAuthentication yes
-AuthorizedKeysFile /var/lib/misc/userkeys/%u %h/.ssh/authorized_keys
-#AuthorizedPrincipalsFile none
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-#PermitEmptyPasswords no
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-# Change to no to disable tunnelled clear text passwords
-PasswordAuthentication no
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-# no default banner path
-#Banner none
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-# override default of no subsystems
-Subsystem       sftp    /usr/lib/openssh/sftp-server
--- a/hosts/jenkins/etc/munin/munin.conf
+++ b/hosts/jenkins/etc/munin/munin.conf
@@ -380,16 +380,6 @@ contact.me.command mail -s "Munin notification ${var:host}" root
    diskstats_utilization.graph no
    diskstats_iops.graph no
-[bbx15-armhf-rb.debian.net]
-    address ssh://jenkins@bbx15-armhf-rb.debian.net:2242/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
 [wbq0-armhf-rb.debian.net]
    address ssh://jenkins@wbq0-armhf-rb.debian.net:2225/bin/nc localhost 4949
    use_node_name yes
@@ -430,46 +420,6 @@ contact.me.command mail -s "Munin notification ${var:host}" root
    diskstats_utilization.graph no
    diskstats_iops.graph no
-[odxu4a-armhf-rb.debian.net]
-    address ssh://jenkins@odxu4a-armhf-rb.debian.net:2229/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
-[odxu4b-armhf-rb.debian.net]
-    address ssh://jenkins@odxu4b-armhf-rb.debian.net:2232/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
-[jtk1a-armhf-rb.debian.net]
-    address ssh://jenkins@jtk1a-armhf-rb.debian.net:2246/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
-[jtk1b-armhf-rb.debian.net]
-    address ssh://jenkins@jtk1b-armhf-rb.debian.net:2252/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
 [jtx1a-armhf-rb.debian.net]
    address ssh://jenkins@jtx1a-armhf-rb.debian.net:2249/bin/nc localhost 4949
    use_node_name yes
@@ -500,36 +450,6 @@ contact.me.command mail -s "Munin notification ${var:host}" root
    diskstats_utilization.graph no
    diskstats_iops.graph no
-[opi2a-armhf-rb.debian.net]
-    address ssh://jenkins@opi2a-armhf-rb.debian.net:2236/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
-[ff2a-armhf-rb.debian.net]
-    address ssh://jenkins@ff2a-armhf-rb.debian.net:2234/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
-[ff2b-armhf-rb.debian.net]
-    address ssh://jenkins@ff2b-armhf-rb.debian.net:2237/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
 [ff4a-armhf-rb.debian.net]
    address ssh://jenkins@ff4a-armhf-rb.debian.net:2241/bin/nc localhost 4949
    use_node_name yes
@@ -550,57 +470,6 @@ contact.me.command mail -s "Munin notification ${var:host}" root
    diskstats_utilization.graph no
    diskstats_iops.graph no
-[odu3a-armhf-rb.debian.net]
-    address ssh://jenkins@odu3a-armhf-rb.debian.net:2243/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
-[cb3a-armhf-rb.debian.net]
-    address ssh://jenkins@cb3a-armhf-rb.debian.net:2244/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
-[p64b-armhf-rb.debian.net]
-    address ssh://jenkins@p64b-armhf-rb.debian.net:2247/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
-[p64c-armhf-rb.debian.net]
-    address ssh://jenkins@p64c-armhf-rb.debian.net:2248/bin/nc localhost 4949
-    use_node_name yes
-    # slow usb disk
-    diskstats_latency.sda.avgwrwait.warning 0:100
-    diskstats_latency.sda.avgrdwait.warning 0:77
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
-[opi2c-armhf-rb.debian.net]
-    address ssh://jenkins@opi2c-armhf-rb.debian.net:2245/bin/nc localhost 4949
-    use_node_name yes
-    diskstats_latency.sda.avgwrwait.warning 0:20
-    diskstats_latency.sda.avgrdwait.warning 0:10
-    diskstats_latency.graph no
-    diskstats_throughput.graph no
-    diskstats_utilization.graph no
-    diskstats_iops.graph no
 [virt32a-armhf-rb.debian.net]
    address ssh://jenkins@virt32a-armhf-rb.debian.net:2273/bin/nc localhost 4949
    use_node_name yes
@@ -789,5 +658,5 @@ contact.me.command mail -s "Munin notification ${var:host}" root
 #       node_order Totals fii.foo.com fay.foo.com
 #
 [debian.net;]
-	node_order jenkins.debian.net ionos1-amd64.debian.net ionos2-i386.debian.net ionos3-amd64.debian.net ionos5-amd64.debian.net ionos6-i386.debian.net ionos7-amd64.debian.net ionos9-amd64.debian.net ionos10-amd64.debian.net ionos11-amd64.debian.net ionos12-i386.debian.net ionos15-amd64.debian.net ionos16-i386.debian.net osuosl167-amd64.debian.net osuosl168-amd64.debian.net osuosl169-amd64.debian.net osuosl170-amd64.debian.net osuosl171-amd64.debian.net osuosl172-amd64.debian.net osuosl173-amd64.debian.net osuosl174-amd64.debian.net codethink9-arm64.debian.net codethink10-arm64.debian.net codethink11-arm64.debian.net codethink12-arm64.debian.net codethink13-arm64.debian.net codethink14-arm64.debian.net codethink15-arm64.debian.net codethink16-arm64.debian.net bbx15-armhf-rb.debian.net cbxi4a-armhf-rb.debian.net cbxi4b-armhf-rb.debian.net cbxi4pro0-armhf-rb.debian.net cb3a-armhf-rb.debian.net ff2a-armhf-rb.debian.net ff2b-armhf-rb.debian.net ff4a-armhf-rb.debian.net ff64a-armhf-rb.debian.net odxu4a-armhf-rb.debian.net odxu4b-armhf-rb.debian.net odu3a-armhf-rb.debian.net jtk1a-armhf-rb.debian.net jtk1b-armhf-rb.debian.net jtx1a-armhf-rb.debian.net jtx1b-armhf-rb.debian.net jtx1c-armhf-rb.debian.net opi2a-armhf-rb.debian.net opi2c-armhf-rb.debian.net p64b-armhf-rb.debian.net p64c-armhf-rb.debian.net virt32a-armhf-rb.debian.net virt32b-armhf-rb.debian.net virt32c-armhf-rb.debian.net virt64a-armhf-rb.debian.net virt64b-armhf-rb.debian.net virt64c-armhf-rb.debian.net wbq0-armhf-rb.debian.net freebsd-jenkins.debian.net
+	node_order jenkins.debian.net ionos1-amd64.debian.net ionos2-i386.debian.net ionos3-amd64.debian.net ionos5-amd64.debian.net ionos6-i386.debian.net ionos7-amd64.debian.net ionos9-amd64.debian.net ionos10-amd64.debian.net ionos11-amd64.debian.net ionos12-i386.debian.net ionos15-amd64.debian.net ionos16-i386.debian.net osuosl167-amd64.debian.net osuosl168-amd64.debian.net osuosl169-amd64.debian.net osuosl170-amd64.debian.net osuosl171-amd64.debian.net osuosl172-amd64.debian.net osuosl173-amd64.debian.net osuosl174-amd64.debian.net codethink9-arm64.debian.net codethink10-arm64.debian.net codethink11-arm64.debian.net codethink12-arm64.debian.net codethink13-arm64.debian.net codethink14-arm64.debian.net codethink15-arm64.debian.net codethink16-arm64.debian.net cbxi4a-armhf-rb.debian.net cbxi4b-armhf-rb.debian.net cbxi4pro0-armhf-rb.debian.net ff4a-armhf-rb.debian.net ff64a-armhf-rb.debian.net jtx1a-armhf-rb.debian.net jtx1b-armhf-rb.debian.net jtx1c-armhf-rb.debian.net virt32a-armhf-rb.debian.net virt32b-armhf-rb.debian.net virt32c-armhf-rb.debian.net virt64a-armhf-rb.debian.net virt64b-armhf-rb.debian.net virt64c-armhf-rb.debian.net wbq0-armhf-rb.debian.net freebsd-jenkins.debian.net