projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
rsync::site: remove unused variables, define parameter types
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
templates
/
me.conf.erb
diff --git
a/modules/ferm/templates/me.conf.erb
b/modules/ferm/templates/me.conf.erb
index
21d3548
..
e1a5817
100644
(file)
--- a/
modules/ferm/templates/me.conf.erb
+++ b/
modules/ferm/templates/me.conf.erb
@@
-7,7
+7,7
@@
nodeinfo = scope.lookupvar('site::nodeinfo')
out = []
nodeinfo = scope.lookupvar('site::nodeinfo')
out = []
-restricted_purposes = ['kvm host', 'central syslog server', 'puppet master', 'jumphost', 'buildd', 'static-mirror', 'anycast mirror']
+restricted_purposes = ['kvm host', '
ganeti/kvm host', '
central syslog server', 'puppet master', 'jumphost', 'buildd', 'static-mirror', 'anycast mirror']
restrict_ssh = %w{tchaikovsky draghi adayevskaya}
if (nodeinfo['ldap'].has_key?('purpose')) then
restrict_ssh = %w{tchaikovsky draghi adayevskaya}
if (nodeinfo['ldap'].has_key?('purpose')) then
@@
-29,7
+29,7
@@
should_restrict = restrict_ssh.include?(@hostname)
end
end
-if
restrict_ssh.include?(@hostname)
then
+if
should_restrict
then
ssh4allowed << %w{$DSA_IPS $HOST_NAGIOS_V4 $HOST_MUNIN_V4 $HOST_DB_V4}
ssh6allowed << %w{$DSA_V6_IPS $HOST_NAGIOS_V6 $HOST_MUNIN_V6 $HOST_DB_V6}
ssh4allowed << %w{$DSA_IPS $HOST_NAGIOS_V4 $HOST_MUNIN_V4 $HOST_DB_V4}
ssh6allowed << %w{$DSA_V6_IPS $HOST_NAGIOS_V6 $HOST_MUNIN_V6 $HOST_DB_V6}
@@
-44,12
+44,6
@@
if restrict_ssh.include?(@hostname) then
ssh4allowed << %w{$HOST_DEBIAN_V4}
ssh6allowed << %w{$HOST_DEBIAN_V6}
end
ssh4allowed << %w{$HOST_DEBIAN_V4}
ssh6allowed << %w{$HOST_DEBIAN_V6}
end
- if scope.function_has_role(['dns_primary']) then
- ssh4allowed << "5.153.231.5" # adayevskaya
- ssh6allowed << "2001:41c8:1000:21::21:5" # adayevskaya
- #ssh4allowed << "$HOST_DNS_GEO_V4"
- #ssh6allowed << "$HOST_DNS_GEO_V6"
- end
if scope.function_has_role(['static_master']) then
ssh4allowed << '$HOST_STATIC_V4'
if scope.function_has_role(['static_master']) then
ssh4allowed << '$HOST_STATIC_V4'
@@
-61,6
+55,7
@@
if restrict_ssh.include?(@hostname) then
end
if scope.function_has_role(['debian_mirror']) or
scope.function_has_role(['security_mirror']) or
end
if scope.function_has_role(['debian_mirror']) or
scope.function_has_role(['security_mirror']) or
+ scope.function_has_role(['debug_mirror']) or
scope.function_has_role(['historical_mirror']) or
scope.function_has_role(['syncproxy']) then
ssh4allowed << '$HOST_MIRRORMASTER_V4'
scope.function_has_role(['historical_mirror']) or
scope.function_has_role(['syncproxy']) then
ssh4allowed << '$HOST_MIRRORMASTER_V4'
@@
-86,12
+81,16
@@
if restrict_ssh.include?(@hostname) then
ssh4allowed << '$HOST_PORTSMASTER_V4'
ssh6allowed << '$HOST_PORTSMASTER_V6'
end
ssh4allowed << '$HOST_PORTSMASTER_V4'
ssh6allowed << '$HOST_PORTSMASTER_V6'
end
+ if scope.function_has_role(['debug_mirror']) then
+ ssh4allowed << '$HOST_FTPMASTER_V4'
+ ssh6allowed << '$HOST_FTPMASTER_V6'
+ end
end
ssh4allowed.length == 0 and ssh4allowed << '0.0.0.0/0'
ssh6allowed.length == 0 and ssh6allowed << '::/0'
end
ssh4allowed.length == 0 and ssh4allowed << '0.0.0.0/0'
ssh6allowed.length == 0 and ssh6allowed << '::/0'
-out << "@def $SSH_SOURCES = (#{ssh4allowed.join(' ')});"
-out << "@def $SSH_V6_SOURCES = (#{ssh6allowed.join(' ')});"
+out << "@def $SSH_SOURCES = (
$SSH_SOURCES
#{ssh4allowed.join(' ')});"
+out << "@def $SSH_V6_SOURCES = (
$SSH_V6_SOURCES
#{ssh6allowed.join(' ')});"