3 # Lookup role and include relevant classes for roles
11 if has_role('puppetmaster') {
15 if has_role('muninmaster') {
19 if has_role('nagiosmaster') {
20 include nagios::server
23 # XXX: turn this into a real role
24 if getfromhash($site::nodeinfo, 'buildd') {
28 # XXX: turn this into a real role
29 if getfromhash($site::nodeinfo, 'porterbox') {
33 if has_role('bugs_mirror') {
34 include roles::bugs_mirror
37 if has_role('bugs_base') {
38 ssl::service { 'bugs.debian.org':
39 notify => Exec['service apache2 reload'],
42 @ferm::rule { 'dsa-bugs-abusers':
44 rule => "saddr (220.243.135/24 220.243.136/24) DROP",
47 if has_role('bugs_master') {
48 ssl::service { 'bugs-devel.debian.org': notify => Exec['service apache2 reload'], key => true, }
49 ssl::service { 'bugs-master.debian.org': notify => Exec['service apache2 reload'], key => true, }
52 if has_role('manpages-dyn') {
53 include roles::manpages_dyn
56 if has_role('archvsync_base_additional') {
57 include archvsync_base
61 if has_role('historical_mirror') {
62 include roles::historical_mirror
66 if has_role('debug_mirror') {
67 include roles::debug_mirror
70 # ftp.debian.org and its ecosystem
71 if has_role('debian_mirror') {
72 include roles::debian_mirror
74 if has_role('ftp_master') {
75 include roles::ftp_master
76 include roles::dakmaster
77 include roles::signing
79 if has_role('ftp.upload.d.o') {
80 include roles::ftp_upload
82 if has_role('ssh.upload.d.o') {
83 include roles::ssh_upload
85 if has_role('security_upload') {
86 include roles::security_upload
88 if has_role('api.ftp-master') {
89 ssl::service { 'api.ftp-master.debian.org':
90 notify => Exec['service apache2 reload'],
96 if has_role('security_master') {
97 include roles::security_master
98 include roles::dakmaster
101 if has_role('security_mirror') {
102 include roles::security_mirror
105 if has_role('git_master') {
106 include roles::git_master
109 if has_role('people') {
110 ssl::service { 'people.debian.org': notify => Exec['service apache2 reload'], key => true, }
111 onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
114 if has_role('www_master') {
115 include roles::www_master
118 if has_role('cgi.d.o') {
119 ssl::service { 'cgi.debian.org': notify => Exec['service apache2 reload'], key => true, }
122 if has_role('keyring') {
123 include roles::keyring
126 if has_role('wiki') {
130 if has_role('syncproxy') {
131 include roles::syncproxy
134 if has_role('static_master') {
135 include roles::static_master
138 if has_role('static_mirror') {
139 include roles::static_mirror
140 } elsif has_role('static_source') {
141 include roles::static_source
144 if has_role('weblog_provider') {
145 include roles::weblog_provider
148 if has_role('mailrelay') {
149 include roles::mailrelay
152 if has_role('pubsub') {
153 include roles::pubsub
156 if has_role('dbmaster') {
157 include roles::dbmaster
160 if has_role('dns_primary') {
161 include named::primary
164 if has_role('weblog_destination') {
165 include roles::weblog_destination
168 if has_role('vote') {
172 if has_role('security_tracker') {
173 include roles::security_tracker
176 if has_role('lists') {
180 if has_role('rtmaster') {
181 include roles::rtmaster
192 if has_role('sso_rp') {
193 include roles::sso_rp
196 if has_role('tracker') {
197 include roles::tracker
200 if has_role('buildd_master') {
201 include roles::buildd_master
204 if has_role('piuparts') {
205 include roles::piuparts
207 if has_role('piuparts_slave') {
208 include roles::piuparts_slave
211 if has_role('contributors') {
212 include roles::contributors
223 if has_role('jenkins') {
224 include roles::jenkins
227 if has_role('postgres_backup_server') {
228 include postgres::backup_server
231 if has_role('packages') {
232 ssl::service { 'packages.debian.org': notify => Exec['service apache2 reload'], key => true, }
235 if has_role('historicalpackages') {
236 ssl::service { 'historical.packages.debian.org': notify => Exec['service apache2 reload'], key => true, }
239 if has_role('qamaster') {
240 ssl::service { 'qa.debian.org': notify => Exec['service apache2 reload'], key => true, }
243 if has_role('packagesqamaster') {
244 ssl::service { 'packages.qa.debian.org': notify => Exec['service apache2 reload'], key => true, }
247 if has_role('gobby_debian_org') {
248 ssl::service { 'gobby.debian.org':
249 notify => [ Exec['service apache2 reload'], Exec['reload gobby'] ],
251 tlsaport => [443, 6523],
253 file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
257 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'),
259 notify => Exec['reload gobby'],
261 exec { 'reload gobby':
262 command => 'pkill -u gobby -HUP -x infinoted',
267 if has_role('search_backend') {
268 include roles::search_backend
270 if has_role('search_frontend') {
271 include roles::search_frontend
274 if has_role('dgit_browse') {
275 include roles::dgit_browse
277 if has_role('dgit_git') {
278 include roles::dgit_git
281 if $::hostname in [lw01, lw02, lw03, lw04, lw09, lw10] {
282 include roles::snapshot
285 if has_role('snapshot_web') {
286 include roles::snapshot_web
289 if has_role('snapshot_shell') {
290 include roles::snapshot_shell
293 if has_role('veyepar.debian.org') {
294 ssl::service { 'veyepar.debian.org': notify => Exec['service apache2 reload'], key => true, }
296 if has_role('sreview.debian.org') {
297 ssl::service { 'sreview.debian.net': notify => Exec['service apache2 reload'], key => true, }
300 if has_role('debtags') {
301 include roles::debtags
304 if has_role('planet_master') {
305 include roles::planet_master
307 if has_role('planet_search') {
308 ssl::service { 'planet-search.debian.org': notify => Exec['service apache2 reload'], key => true, }
311 if has_role('i18n.d.o') {
312 ssl::service { 'i18n.debian.org': notify => Exec['service apache2 reload'], key => true, }
315 if has_role('l10n.d.o') {
316 ssl::service { 'l10n.debian.org': notify => Exec['service apache2 reload'], key => true, }
319 if has_role('dedup.d.n') {
320 ssl::service { 'dedup.debian.net': notify => Exec['service apache2 reload'], key => true, }
323 if has_role('pet.d.n') {
324 ssl::service { 'pet.debian.net': notify => Exec['service apache2 reload'], key => true, }
325 ssl::service { 'pet-devel.debian.net': notify => Exec['service apache2 reload'], key => true, }
328 if has_role('ports_master') {
329 include roles::ports_master
331 if has_role('ports_mirror') {
332 include roles::ports_mirror
335 if has_role('onionbalance') {
336 include onion::balance
341 if has_role('cdimage-search') {
342 include roles::cdimage_search
345 if has_role('postgresql_server') {
346 include postgres::backup_source
349 if has_role('bacula_director') {
350 include bacula::director
352 package { 'bacula-console': ensure => purged; }
353 file { '/etc/bacula/bconsole.conf': ensure => absent; }
355 if has_role('bacula_storage') {
356 include bacula::storage
359 if has_role('salsa.debian.org') {
363 if $::keyring_debian_org_mirror {
364 include roles::keyring_debian_org_mirror
367 if has_role('popcon') {
368 include roles::popcon
371 if has_role('debsources') {
372 include roles::debsources
375 if has_role('ipsec') {
379 if has_role('debconf_wafer') {
380 include roles::debconf_wafer
383 if has_role('cdbuilder_local_mirror') {
384 include roles::cdbuilder_local_mirror
387 if has_role('alioth_archive') {
388 include roles::alioth_archive
390 if has_role('anonscm') {
391 include roles::anonscm
projects / mirror / dsa-puppet.git / blob