X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=hieradata%2Fcommon.yaml;h=e3afd7966f19f090e779b485a20fdf30d6d8792e;hb=7f82f7567d9685920a00a2ac0e888e891b966b7b;hp=2e4b0e6102af6ada5f3768a88ab461fd6303181d;hpb=05d85da88ba1a535370935ef64ada618185f2bbd;p=mirror%2Fdsa-puppet.git

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 2e4b0e610..e3afd7966 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -7,8 +7,29 @@ lookup_options:
   apt::sources::debian::location:
     merge: unique
 
+# class parameters
 resolv::nameservers: []
 resolv::searchpaths: ['debian.org']
+staticsync::user: 'staticsync'
+staticsync::basedir: '/srv/static.debian.org'
+
+roles::dns_primary::allow_access:
+  # easydns
+  - '64.68.200.91'
+  - '205.210.42.80'
+  # rcode0
+  - '83.136.34.0/27'
+  - '2a02:850:8::/47'
+  # netnod
+  - '192.71.80.0/24'
+  - '192.36.144.222'
+  - '192.36.144.218'
+  - '194.146.105.24'
+  - '194.146.105.25'
+  - '2a01:3f0:0:27::24'
+  - '2a01:3f0:0:28::25'
+
+# other variables
 allow_dns_query: []
 role_config__mirrors:
   mirror_basedir_prefix: '/srv/mirrors/'
@@ -27,53 +48,34 @@ paths:
   auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts'
 apt::sources::debian::location: 'https://deb.debian.org/debian/'
 
-staticsync::user: 'staticsync'
-staticsync::basedir: '/srv/static.debian.org'
 
 # all of these should be retired in favour of including the class role
 # with the host. weasel, 2019-09
 roles:
-  bugsmx:
-    - buxtehude.debian.org
-  dns_primary:
-    - denis.debian.org
-  dns_geo:
-    - geo1.debian.org
-    - geo2.debian.org
-    - geo3.debian.org
   extranrpeclient:
+    # XXX - used by ferm templates/defs.conf.erb
     - denis.debian.org
   ftp_master:
+    # XXX - used by ferm templates/defs.conf.erb
     - fasolo.debian.org
-  git_master:
-    - adayevskaya.debian.org
-  historicalpackages:
-    - hier.debian.org
   mailrelay:
+    # XXX - ONLY used by ferm templates/defs.conf.erb
     - mailly.debian.org
     - muffat.debian.org
   mirrormaster:
+    # XXX - used by ferm templates/defs.conf.erb
     - melartin.debian.org
   muninmaster:
+    # XXX - used by ferm templates/defs.conf.erb
     - menotti.debian.org
   nagiosmaster:
+    # XXX - used by ferm templates/defs.conf.erb
     - tchaikovsky.debian.org
-  packages:
-    - picconi.debian.org
-    - pkgmirror-csail.debian.org
-  packagesmaster:
-    - picconi.debian.org
-  packagesqamaster:
-    - quantz.debian.org
-  popcon:
-    - pinel.debian.org
-  qamaster:
-    - quantz.debian.org
-  rtmaster:
-    - reger.debian.org
   security_master:
+    # XXX - used by ferm templates/defs.conf.erb
     - seger.debian.org
   security_mirror:
+    # XXX used also in ferm me.conf.erb
     mirror-anu.debian.org:
       fastly-backend: false
     mirror-csail.debian.org:
@@ -108,32 +110,8 @@ roles:
     wieck.debian.org:
       service-hostname: wieck.security.backend.mirrors.debian.org
       fastly-backend: true
-  security_tracker:
-    - soriano.debian.org
-  security_upload:
-    - suchon.debian.org
-  ssh.upload.d.o:
-    - coccia.debian.org
-    - suchon.debian.org
-    - usper.debian.org
-  sso:
-    - diabelli.debian.org
-  # single sign on relying party (host) - also required apache2 module enabled on that host via other means
-  sso_rp:
-    - debussy.debian.org
-    - diabelli.debian.org
-    - jerea.debian.org
-    - nono.debian.org
-    - quantz.debian.org
-    - tate.debian.org
-    - ticharich.debian.org
-    - wilder.debian.org
-    - wuiet.debian.org
-  static_mirror_onion:
-    - klecker.debian.org
-    - mirror-isc.debian.org
-    - senfter.debian.org
   syncproxy:
+    # XXX - used by ferm templates/defs.conf.erb
     - gretchaninov.debian.org
     - klecker.debian.org
     - milanollo.debian.org
@@ -142,18 +120,14 @@ roles:
     - mirror-umn.debian.org
     - schmelzer.debian.org
     - smit.debian.org
-  udd:
-    - ullmann.debian.org
-  wiki:
-    - wilder.debian.org
-  www_master:
-    - wolkenstein.debian.org
   postgres_backup_server:
+    # XXX - used by ferm templates/defs.conf.erb
     - backuphost.debian.org
     - storace.debian.org
   dabackup_client:
     - lw03.debian.org
   debian_mirror:
+    # XXX used also in ferm me.conf.erb
     klecker.debian.org:
       listen-addresses:
         - '130.89.148.12:80'
@@ -177,13 +151,16 @@ roles:
       fastly-backend: true
       service-hostname: conova.debian.backend.mirrors.debian.org
   historical_master:
+    # XXX - used by ferm templates/defs.conf.erb
     - sibelius.debian.org
   historical_mirror:
+    # XXX used also in ferm me.conf.erb
     - gretchaninov.debian.org
     - klecker.debian.org
     - schmelzer.debian.org
     - sibelius.debian.org
   debug_mirror:
+    # XXX used also in ferm me.conf.erb
     mirror-accumu.debian.org:
       onion_v4_address: 130.242.6.199
       service-hostname: accumu.debug.backend.mirrors.debian.org
@@ -196,26 +173,14 @@ roles:
   debug_mirror_onion:
     - mirror-accumu.debian.org
     - schmelzer.debian.org
-  planet_master:
-    - philp.debian.org
-  planet_search:
-    - philp.debian.org
-  i18n.d.o:
-    - tye.debian.org
-  l10n.d.o:
-    - tye.debian.org
   ports_master:
+    # XXX - used by ferm templates/defs.conf.erb
     - porta.debian.org
   onionbalance:
     - olin.debian.org
   bgp:
     - mirror-accumu.debian.org
     - mirror-skroutz.debian.org
-  apache_prefork:
-    # php needs this
-    - quantz.debian.org
-    - tchaikovsky.debian.org
-    - wuiet.debian.org
   postgresql_server:
     # postgresql instances not managed by puppet otherwise
     - bmdb1.debian.org
@@ -228,18 +193,6 @@ roles:
     - seger.debian.org
     - snapshotdb-manda-01.debian.org
     - vittoria.debian.org
-  apache_ratelimited:
-    - beach.debian.org
-    - buxtehude.debian.org
-    - lw07.debian.org
-    - picconi.debian.org
-    - pkgmirror-csail.debian.org
-    - sallinen.debian.org
-  snapshot_web:
-    - lw07.debian.org
-    - sallinen.debian.org
-  snapshot_shell:
-    - lw08.debian.org
 
 classes:
   - base::includes