projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sso -> hiera role; explicitly include apache2
[mirror/dsa-puppet.git] / hieradata / common.yaml
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index f49384f..cd148b2 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -1,7 +1,14 @@
 ---
-nameservers: []
-searchpaths: []
-resolvoptions: []
+
+lookup_options:
+  # with merge: unique entries in other hiera sources add to the array
+  resolv::searchpaths:
+    merge: unique
+  apt::sources::debian::location:
+    merge: unique
+
+resolv::nameservers: []
+resolv::searchpaths: ['debian.org']
 allow_dns_query: []
 role_config__mirrors:
   mirror_basedir_prefix: '/srv/mirrors/'
@@ -18,24 +25,16 @@ paths:
   letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt'
   auto_certs_dir: '/srv/puppet.debian.org/ca/RESULT/certs'
   auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts'
+apt::sources::debian::location: 'https://deb.debian.org/debian/'
+
+staticsync::user: 'staticsync'
+staticsync::basedir: '/srv/static.debian.org'
+
+# all of these should be retired in favour of including the class role
+# with the host. weasel, 2019-09
 roles:
   bugsmx:
     - buxtehude.debian.org
-  bugs_master:
-    - buxtehude.debian.org
-  bugs_mirror:
-    - beach.debian.org
-  bugs_base:
-    - buxtehude.debian.org
-    - beach.debian.org
-  buildd_master:
-    - wuiet.debian.org
-  contributors:
-    - nono.debian.org
-  dbmaster:
-    - draghi.debian.org
-  debtags:
-    - tate.debian.org
   dns_primary:
     - denis.debian.org
   dns_geo:
@@ -46,80 +45,30 @@ roles:
     - denis.debian.org
   ftp_master:
     - fasolo.debian.org
-  ftp.upload.d.o:
-    - coccia.debian.org
-    - usper.debian.org
-  api.ftp-master:
-    - coccia.debian.org
-  dgit_browse:
-    - cgi-grnet-01.debian.org
-  dgit_git:
-    - cgi-grnet-01.debian.org
-  git_master:
-    - adayevskaya.debian.org
-  historicalpackages:
-    - hier.debian.org
-  jenkins:
-    - jerea.debian.org
-  keyring:
-    - kaufmann.debian.org
-  lists:
-    - bendel.debian.org
   mailrelay:
     - mailly.debian.org
     - muffat.debian.org
-  manpages-dyn:
-    - manziarly.debian.org
-    - cgi-grnet-01.debian.org
   mirrormaster:
     - melartin.debian.org
   muninmaster:
     - menotti.debian.org
   nagiosmaster:
     - tchaikovsky.debian.org
-  nm:
-    - nono.debian.org
-  packages:
-    - picconi.debian.org
-    - pkgmirror-csail.debian.org
   packagesmaster:
     - picconi.debian.org
   packagesqamaster:
     - quantz.debian.org
-  people:
-    - paradis.debian.org
-  piuparts:
-    - pejacevic.debian.org
-  piuparts_slave:
-    - piu-slave-bm-a.debian.org
-    - piu-slave-ubc-01.debian.org
   popcon:
     - pinel.debian.org
-  pubsub:
-    - rainier.debian.org
-    - rapoport.debian.org
-  puppetmaster:
-    - handel.debian.org
   qamaster:
     - quantz.debian.org
   rtmaster:
     - reger.debian.org
-  rtc:
-    - vogler.debian.org
-  search_backend:
-    - wolkenstein.debian.org
-  search_frontend:
-    - cgi-grnet-01.debian.org
-  archvsync_base_additional:
-  # this is usually pulled in by *-mirror or syncproxy roles
-    - dummy
   security_master:
     - seger.debian.org
   security_mirror:
     mirror-anu.debian.org:
       fastly-backend: false
-    mirror-conova.debian.org:
-      fastly-backend: false
     mirror-csail.debian.org:
       fastly-backend: false
     mirror-isc.debian.org:
@@ -154,14 +103,6 @@ roles:
       fastly-backend: true
   security_tracker:
     - soriano.debian.org
-  security_upload:
-    - suchon.debian.org
-  ssh.upload.d.o:
-    - coccia.debian.org
-    - suchon.debian.org
-    - usper.debian.org
-  sso:
-    - diabelli.debian.org
   # single sign on relying party (host) - also required apache2 module enabled on that host via other means
   sso_rp:
     - debussy.debian.org
@@ -172,87 +113,27 @@ roles:
     - tate.debian.org
     - ticharich.debian.org
     - wilder.debian.org
-  static_master:
-    - dillon.debian.org
-    - fasolo.debian.org
-    - porta.debian.org
-    - static-master-grnet-01.debian.org
-  static_mirror:
-    - klecker.debian.org
-    - mirror-anu.debian.org
-    - mirror-csail.debian.org
-    - mirror-isc.debian.org
-    - senfter.debian.org
-    - santoro.debian.org
+    - wuiet.debian.org
   static_mirror_onion:
     - klecker.debian.org
     - mirror-isc.debian.org
     - senfter.debian.org
-  # when adding a new static mirror, allow it to sync etc, but do not push to it and wait for it.  For this, also add it to static_mirror_nopush.
-  static_mirror_nopush:
-    - dummy
-  static_source:
-    - boott.debian.org
-    - casulana.debian.org
-    - coccia.debian.org
-    - dillon.debian.org
-    - donizetti.debian.org
-    - fasolo.debian.org
-    - lindsay.debian.org
-    - manziarly.debian.org
-    - mekeel.debian.org
-    - melartin.debian.org
-    - porta.debian.org
-    - philp.debian.org
-    - respighi.debian.org
-    - wolkenstein.debian.org
-    - wuiet.debian.org
   syncproxy:
     - gretchaninov.debian.org
     - klecker.debian.org
     - milanollo.debian.org
     - mirror-anu.debian.org
-    - mirror-conova.debian.org
     - mirror-isc.debian.org
     - mirror-umn.debian.org
     - schmelzer.debian.org
-  tracker:
-    - ticharich.debian.org
+    - smit.debian.org
   udd:
     - ullmann.debian.org
-  vote:
-    - vento.debian.org
-  weblog_destination:
-    - wolkenstein.debian.org
-  weblog_provider:
-    - klecker.debian.org
-    - mirror-anu.debian.org
-    - mirror-csail.debian.org
-    - mirror-isc.debian.org
-    - mirror-umn.debian.org
-    - santoro.debian.org
-    - senfter.debian.org
-  wiki:
-    - wilder.debian.org
-  www_master:
-    - wolkenstein.debian.org
-  cgi.d.o:
-    - wolkenstein.debian.org
   postgres_backup_server:
     - backuphost.debian.org
     - storace.debian.org
-  bacula_director:
-    - dinis.debian.org
-  bacula_storage:
-    - storace.debian.org
   dabackup_client:
     - lw03.debian.org
-  gobby_debian_org:
-    - gombert.debian.org
-  veyepar.debian.org:
-    - vittoria.debian.org
-  sreview.debian.org:
-    - vittoria.debian.org
   debian_mirror:
     klecker.debian.org:
       listen-addresses:
@@ -265,71 +146,44 @@ roles:
     mirror-skroutz.debian.org:
       service-hostname: skroutz.debian.backend.mirrors.debian.org
       fastly-backend: true
-    mirror-conova.debian.org:
-      service-hostname: conova.debian.backend.mirrors.debian.org
-      listen-addresses:
-        - '217.196.149.232:80'
-        - '[2a02:16a8:dc41:100::232]:80'
-      fastly-backend: true
     mirror-isc.debian.org:
       listen-addresses:
         - '149.20.4.15:80'
         - '[2001:4f8:1:c::15]:80'
       onion_v4_address: 149.20.4.15
     schmelzer.debian.org:
+      listen-addresses:
+        - '217.196.149.232:80'
+        - '[2a02:16a8:dc41:100::232]:80'
+      fastly-backend: true
       service-hostname: conova.debian.backend.mirrors.debian.org
   historical_master:
     - sibelius.debian.org
   historical_mirror:
     - gretchaninov.debian.org
     - klecker.debian.org
-    - mirror-conova.debian.org
     - schmelzer.debian.org
     - sibelius.debian.org
   debug_mirror:
-    mirror-conova.debian.org:
+    mirror-accumu.debian.org:
+      onion_v4_address: 130.242.6.199
+      service-hostname: accumu.debug.backend.mirrors.debian.org
+    schmelzer.debian.org:
       listen-addresses:
         - '217.196.149.232:80'
         - '[2a02:16a8:dc41:100::232]:80'
       onion_v4_address: 217.196.149.232
       service-hostname: conova.debug.backend.mirrors.debian.org
-    mirror-accumu.debian.org:
-      onion_v4_address: 130.242.6.199
-      service-hostname: accumu.debug.backend.mirrors.debian.org
-    schmezler.debian.org:
-      service-hostname: conova.debug.backend.mirrors.debian.org
   debug_mirror_onion:
     - mirror-accumu.debian.org
-    - mirror-conova.debian.org
     - schmelzer.debian.org
-  ports_mirror:
-    - klecker.debian.org
-    - mirror-isc.debian.org
-  ports_mirror_onion:
-    - klecker.debian.org
-    - mirror-isc.debian.org
-  planet_master:
-    - philp.debian.org
-  planet_search:
-    - philp.debian.org
-  i18n.d.o:
-    - tye.debian.org
-  l10n.d.o:
-    - tye.debian.org
-  dedup.d.n:
-    - delfin.debian.org
-  pet.d.n:
-    - petrova.debian.org
   ports_master:
     - porta.debian.org
   onionbalance:
     - olin.debian.org
   bgp:
-    - mirror-conova.debian.org
     - mirror-accumu.debian.org
     - mirror-skroutz.debian.org
-  cdimage-search:
-    - cgi-grnet-01.debian.org
   apache_prefork:
     # php needs this
     - quantz.debian.org
@@ -341,27 +195,12 @@ roles:
     - buxtehude.debian.org
     - danzi.debian.org
     - fasolo.debian.org
+    - lw07.debian.org
     - melartin.debian.org
     - sallinen.debian.org
     - seger.debian.org
-    - sibelius.debian.org
+    - snapshotdb-manda-01.debian.org
     - vittoria.debian.org
-  salsa.debian.org:
-    - godard.debian.org
-  insecure_ssl:
-    - debussy.debian.org
-    - godard.debian.org
-  debsources:
-    - sor.debian.org
-  ipsec:
-    - fasolo.debian.org
-    - storace.debian.org
-  debconf_wafer:
-    - debussy.debian.org
-  apache_not_public:
-    # Hosts that run apache but where it should not be open to the internet by
-    # default
-    - casulana.debian.org
   apache_ratelimited:
     - beach.debian.org
     - buxtehude.debian.org
@@ -369,12 +208,11 @@ roles:
     - picconi.debian.org
     - pkgmirror-csail.debian.org
     - sallinen.debian.org
-  cdbuilder_local_mirror:
-    - casulana.debian.org
-  alioth_archive:
-    - grabbe.debian.org
   snapshot_web:
     - lw07.debian.org
     - sallinen.debian.org
-  anonscm:
-    - cgi-grnet-01.debian.org
+  snapshot_shell:
+    - lw08.debian.org
+
+classes:
+  - base::includes
Unnamed repository; edit this file 'description' to name the repository.