Remove TLSA record for remaining gandi certificates

[mirror/dsa-puppet.git] / modules / roles / manifests / init.pp

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index a6e0965..d252797 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -20,6 +20,7 @@ class roles {
        #       include nagios::server
                ssl::service { 'nagios.debian.org':
                        notify  => Exec['service apache2 reload'],
+                       key => true,
                }
        }
 
@@ -44,6 +45,7 @@ class roles {
        if has_role('bugs_base') {
                ssl::service { 'bugs.debian.org':
                        notify  => Exec['service apache2 reload'],
+                       tlsaport => [],
                }
        }
        if has_role('bugs_master') {
@@ -58,7 +60,7 @@ class roles {
        if has_role('api.ftp-master') {
                ssl::service { 'api.ftp-master.debian.org':
                        notify  => Exec['service apache2 reload'],
-                       tlsaport => 0,
+                       key => true,
                }
        }
 
@@ -205,10 +207,6 @@ class roles {
                include roles::nm
        }
 
-       if has_role('release') {
-               include roles::release
-       }
-
        if has_role('rtc') {
                include roles::rtc
        }
@@ -269,6 +267,9 @@ class roles {
        if has_role('veyepar.debian.org') {
                ssl::service { 'veyepar.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }
+       if has_role('sreview.debian.org') {
+               ssl::service { 'sreview.debian.net': notify  => Exec['service apache2 reload'], key => true, }
+       }
 
        if has_role('httpredir') {
                include roles::httpredir