From cfecfa5c7026df1806a0725f2fb45b5ed992d4cc Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 28 Dec 2012 22:49:47 +0000
Subject: [PATCH] distorted.lisp, hosts.lisp: Move Kerberos, and use anycast.

Move the Kerberos master server to radius, and set up slave servers,
for performance and reliability, using anycast addresses.
---
 distorted.lisp | 34 ++++++++++++++++++++++++----------
 hosts.lisp     |  2 ++
 2 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/distorted.lisp b/distorted.lisp
index 883076c..a3672cf 100644
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -29,13 +29,6 @@
    :mx mail
    :srv ((:smtp mail)))
 
-  ;; Kerberos.
-  (_kerberos :txt "DISTORTED.ORG.UK")
-  :srv (((:kerberos :protocol :udp) krb)
-	((:kerberos-master :protocol :udp :port 88) krb)
-	(:kerberos-adm krb)
-	((:kpasswd :protocol :udp) krb))
-
   ;; Anycast services.
   (dns0 (any :a dns0.any)
 	(jump :svc precision.jump)
@@ -47,6 +40,8 @@
 	(dmz :svc vampire.dmz)
 	(unsafe :svc vampire.unsafe)
 	(colo :svc telecaster.colo))
+  (dns :cname dns0)
+
   (ntp0 (any :a ntp0.any)
 	(jump :svc fender.jump)
 	(dmz :svc ibanez.dmz)
@@ -55,15 +50,34 @@
   (ntp1 (any :a ntp1.any)
 	(dmz :svc vampire.dmz)
 	(unsafe :svc vampire.unsafe))
+  (ntp :cname ntp0)
+
   (www-cache (any :a www-cache.any)
 	     (jump :svc telecaster.jump)
 	     (dmz :svc roadstar.dmz)
 	     (unsafe :svc roadstar.unsafe)
 	     (colo :svc telecaster.colo))
-  (dns :cname dns0)
-  (ntp :cname ntp0)
   (wpad :cname www-cache)
 
+  (_kerberos :txt "DISTORTED.ORG.UK")
+  (krb0 (any :a krb0.any)
+	(jump :svc precision.jump)
+	(dmz :svc radius.dmz)
+	(unsafe :svc radius.unsafe)
+	(colo :svc precision.colo))
+  (krb1 (any :a krb1.any)
+	(dmz :svc vampire.dmz)
+	(unsafe :svc vampire.unsafe))
+  (krb-master (unsafe :svc radius.unsafe)
+	      (dmz :svc radius.dmz))
+  :srv (((:kerberos :protocol :udp)
+	 krb0
+	 (krb1 :prio 100))
+	((:kerberos-master :protocol :udp :port 88) krb-master)
+	(:kerberos-adm krb-master)
+	((:kpasswd :protocol :udp) krb-master))
+  (krb :cname krb0)
+
   ;; Other services.
   :srv ((:http www)
 	(:ftp ftp))
@@ -87,7 +101,7 @@
 
   ;; Local services.
   ((rawk) :svc artist)
-  ((@ www krb ftp rsync wiki git bugs mail db i2p vox) :svc vampire)
+  ((@ www ftp rsync wiki git bugs mail db i2p vox) :svc vampire)
 
   ;; Internal services.
   #+view/inside ((news lpr) :svc vampire.unsafe)
diff --git a/hosts.lisp b/hosts.lisp
index 26249f1..ce50f3d 100644
--- a/hosts.lisp
+++ b/hosts.lisp
@@ -103,6 +103,8 @@
 (defhost ntp0.any (any 2))
 (defhost ntp1.any (any 3))
 (defhost www-cache.any (any 4))
+(defhost krb0.any (any 5))
+(defhost krb1.any (any 6))
 
 ;;;--------------------------------------------------------------------------
 ;;; Host switch.
-- 
2.11.0