howto/static-mirroring: add onion service

[mirror/dsa-wiki.git] / input / howto / static-mirroring.creole

diff --git a/input/howto/static-mirroring.creole b/input/howto/static-mirroring.creole
index 302be35..b2c9dc0 100644 (file)
--- a/input/howto/static-mirroring.creole
+++ b/input/howto/static-mirroring.creole
@@ -13,15 +13,16 @@ Using already configured source and master hosts.
 
 * Pick a component name, e.g., {{{debaday.debian.net}}}
 
-* Pick/Learn source host, pick a master, and add to {{{dsa-puppet/modules/roles/files/static-mirroring/static-components.conf}}}:
+* Pick/Learn source host, pick a master, and add to {{{dsa-puppet/modules/roles/misc/static-components.yaml}}}:
 {{{
-       # <master>              <service>                       <source host>                   <directory>                             <extra push hosts, comma separated>
-       dillon.debian.org       debaday.debian.net              dillon.debian.org               /srv/debaday.debian.net/htdocs
+       debaday.debian.net:
+         master: static-master-manda-01.debian.org
+         source: dillon.debian.org:/srv/debaday.debian.net/htdocs
 }}}
 
 * Give sudo to run the right {{{static-update-component}}} to the appropriate group:
 {{{
-       /usr/sbin/visudo -f dsa-puppet/modules/sudo/files/sudoer
+       /usr/sbin/visudo -f dsa-puppet/modules/sudo/files/sudoers
 }}}
 and add something like
 {{{
@@ -29,17 +30,27 @@ and add something like
 }}}
 
 * Add the vhost config on mirrors:
+** vi {{{dsa-puppet/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb}}}
+and add
+<pre>
+  vhost(lines, "debaday.debian.net"            , :ssl => true
+</pre>
+and
+<pre>
+  onion::service { 'debaday.debian.net'            : ensure => 'ifstatic', port => 80, target_port => 80, target_address => $onion_addr }
+</pre>
+** In {{{dsa-puppet/modules/roles/manifests/static_mirror_web.pp}}}, add:
 {{{
-       vi dsa-puppet/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+       ssl::service { 'debaday.debian.net'            : ensure => 'ifstatic', notify  => Exec['service apache2 reload'], key => true, }
 }}}
 
-* run puppet on the master, the source, and all the mirrors.  Check {{{dsa-puppet/hieradata/common.yaml}}}.
+* run puppet on the master, the source, and all the mirrors.  Check {{{dsa-puppet/data/nodes/*.yaml}}}.
 
 == Adding a mirror
 
 Note:  This might temporarily break apache on the new mirror host.
 
-* Add host to {{{static_mirror}}} and {{{static_mirror_nopush}}} in {{{hieradata/common.yaml}}}.
+* Add {{{roles::static_mirror}}} and {{{roles::static_mirror_nopush}}} to the {{{classes}}} stanza in {{{data/nodes/$HOSTNAME.yaml}}}.
 * Add {{{staticsync}}} group to host's {{{allowedGroups}}} attribute in ldap.
 * Run puppet twice on new static mirror once staticsync exists.
 * Run puppet on static masters.