X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=hieradata%2Fcommon.yaml;h=eae4051c84563633e07a2b153b3a687ed3e7c137;hb=bedd29e6a7b4c3539e37d23c9025898fb1f9311c;hp=84d5d5229393c0ad971941bce11432de0a914f4d;hpb=67db5724b6dd3c1e629dfe0be5db20821ffcc0f7;p=mirror%2Fdsa-puppet.git

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 84d5d5229..eae4051c8 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -3,6 +3,21 @@ nameservers: []
 searchpaths: []
 resolvoptions: []
 allow_dns_query: []
+role_config__mirrors:
+  mirror_basedir_prefix: '/srv/mirrors/'
+role_config__syncproxy:
+  mirror_basedir_prefix: '/srv/mirrors/'
+samhain_recipients:
+  - 'debian-archive-debian-samhain-reports@master.debian.org'
+  - 'debian-admin@ftbfs.de'
+  - 'weasel@debian.org'
+  - 'zumbi@oron.es'
+root_mail_alias:
+  - 'debian-admin@debian.org'
+paths:
+  letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt'
+  auto_certs_dir: '/srv/puppet.debian.org/ca/RESULT/certs'
+  auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts'
 roles:
   bugsmx:
     - buxtehude.debian.org
@@ -29,13 +44,11 @@ roles:
     - geo3.debian.org
   extranrpeclient:
     - denis.debian.org
-  ftp.d.o:
-    - klecker.debian.org
   ftp_master:
-    - franck.debian.org
+    - fasolo.debian.org
   ftp.upload.d.o:
-    - franck.debian.org
     - coccia.debian.org
+    - usper.debian.org
   api.ftp-master:
     - coccia.debian.org
   dgit_browse:
@@ -44,27 +57,22 @@ roles:
     - cgi-grnet-01.debian.org
   git_master:
     - adayevskaya.debian.org
-  httpredir:
-    - httpredir-bm-01.debian.org
-    - httpredir-csail-01.debian.org
+  historicalpackages:
+    - hier.debian.org
   jenkins:
     - jerea.debian.org
   keyring:
     - kaufmann.debian.org
-  keystone:
-    - oyens.debian.org
-  keystone_rabbitmq:
-    - rainier.debian.org
-    - rapoport.debian.org
-  memcached:
-    - oyens.debian.org
   lists:
     - bendel.debian.org
-  list_search:
-    - stockhausen.debian.org
   mailrelay:
     - mailly.debian.org
     - muffat.debian.org
+  manpages-dyn:
+    - manziarly.debian.org
+    - cgi-grnet-01.debian.org
+  mirrormaster:
+    - melartin.debian.org
   muninmaster:
     - menotti.debian.org
   nagiosmaster:
@@ -73,7 +81,7 @@ roles:
     - nono.debian.org
   packages:
     - picconi.debian.org
-    - pkgmirror-1and1.debian.org
+    - pkgmirror-csail.debian.org
   packagesmaster:
     - picconi.debian.org
   packagesqamaster:
@@ -82,6 +90,9 @@ roles:
     - paradis.debian.org
   piuparts:
     - pejacevic.debian.org
+  piuparts_slave:
+    - piu-slave-bm-a.debian.org
+    - piu-slave-ubc-01.debian.org
   popcon:
     - pinel.debian.org
   pubsub:
@@ -91,58 +102,114 @@ roles:
     - handel.debian.org
   qamaster:
     - quantz.debian.org
-  release:
-    - franck.debian.org
   rtmaster:
     - reger.debian.org
-  security_master:
-    - seger.debian.org
-  security_tracker:
-    - soriano.debian.org
   rtc:
     - vogler.debian.org
   search_backend:
     - wolkenstein.debian.org
   search_frontend:
     - cgi-grnet-01.debian.org
+  archvsync_base_additional:
+  # this is usually pulled in by *-mirror or syncproxy roles
+    - dummy
+  security_master:
+    - seger.debian.org
+  security_mirror:
+    mirror-anu.debian.org:
+      fastly-backend: false
+    mirror-bytemark.debian.org:
+      fastly-backend: false
+    mirror-conova.debian.org:
+      fastly-backend: false
+    mirror-csail.debian.org:
+      fastly-backend: false
+    mirror-isc.debian.org:
+      onion_v4_address: 149.20.4.14
+    mirror-umn.debian.org:
+      onion_v4_address: 128.101.240.215
+    mirror-accumu.debian.org:
+      fastly-backend: false
+    mirror-skroutz.debian.org:
+      fastly-backend: false
+    lobos.debian.org:
+      service-hostname: lobos.security.backend.mirrors.debian.org
+      fastly-backend: true
+      onion_v4_address: 212.211.132.250
+    santoro.debian.org:
+      fastly-backend: false
+    setoguchi.debian.org:
+      fastly-backend: false
+    sechter.debian.org:
+      fastly-backend: false
+    villa.debian.org:
+      service-hostname: villa.security.backend.mirrors.debian.org
+      fastly-backend: true
+      onion_v4_address: 212.211.132.32
+    wieck.debian.org:
+      service-hostname: wieck.security.backend.mirrors.debian.org
+      fastly-backend: true
+  security_tracker:
+    - soriano.debian.org
+  security_upload:
+    - suchon.debian.org
   ssh.upload.d.o:
     - coccia.debian.org
+    - suchon.debian.org
+    - usper.debian.org
   sso:
     - diabelli.debian.org
   # single sign on relying party (host) - also required apache2 module enabled on that host via other means
   sso_rp:
+    - debussy.debian.org
     - diabelli.debian.org
     - jerea.debian.org
     - nono.debian.org
+    - quantz.debian.org
     - tate.debian.org
     - ticharich.debian.org
+    - wilder.debian.org
   static_master:
     - dillon.debian.org
-    - franck.debian.org
+    - fasolo.debian.org
+    - porta.debian.org
+    - static-master-grnet-01.debian.org
   static_mirror:
-    - busoni.debian.org
     - klecker.debian.org
     - mirror-anu.debian.org
     - mirror-csail.debian.org
     - mirror-isc.debian.org
     - senfter.debian.org
     - santoro.debian.org
+  static_mirror_onion:
+    - klecker.debian.org
+    - mirror-isc.debian.org
+    - senfter.debian.org
   # when adding a new static mirror, allow it to sync etc, but do not push to it and wait for it.  For this, also add it to static_mirror_nopush.
   static_mirror_nopush:
     - dummy
   static_source:
+    - boott.debian.org
+    - casulana.debian.org
+    - coccia.debian.org
     - dillon.debian.org
     - donizetti.debian.org
-    - franck.debian.org
+    - fasolo.debian.org
     - lindsay.debian.org
-    - master.debian.org
+    - manziarly.debian.org
     - mekeel.debian.org
+    - melartin.debian.org
+    - porta.debian.org
     - philp.debian.org
+    - respighi.debian.org
     - wolkenstein.debian.org
+    - wuiet.debian.org
   syncproxy:
+    - gretchaninov.debian.org
     - klecker.debian.org
     - milanollo.debian.org
     - mirror-anu.debian.org
+    - mirror-conova.debian.org
     - mirror-isc.debian.org
     - mirror-umn.debian.org
   tracker:
@@ -154,8 +221,6 @@ roles:
   weblog_destination:
     - wolkenstein.debian.org
   weblog_provider:
-    - busoni.debian.org
-    - gluck.debian.org
     - klecker.debian.org
     - mirror-anu.debian.org
     - mirror-csail.debian.org
@@ -172,6 +237,10 @@ roles:
   postgres_backup_server:
     - backuphost.debian.org
     - storace.debian.org
+  bacula_director:
+    - dinis.debian.org
+  bacula_storage:
+    - storace.debian.org
   dabackup_client:
     - moszumanska.debian.org
     - lw03.debian.org
@@ -179,8 +248,113 @@ roles:
     - gombert.debian.org
   veyepar.debian.org:
     - vittoria.debian.org
-  mirror_debug:
+  sreview.debian.org:
+    - vittoria.debian.org
+  debian_mirror:
+    klecker.debian.org:
+      listen-addresses:
+        - '130.89.148.12:80'
+        - '[2001:610:1908:b000::148:12]:80'
+        - '[2001:67c:2564:a119::148:12]:80'
+      onion_v4_address: 130.89.148.12
+    mirror-bytemark.debian.org:
+      service-hostname: bytemark.debian.backend.mirrors.debian.org
+      listen-addresses:
+        - '5.153.231.45:80'
+        - '[2001:41c8:1000:21::21:45]:80'
+      fastly-backend: true
+      onion_v4_address: 5.153.231.45
+    mirror-accumu.debian.org:
+      service-hostname: accumu.debian.backend.mirrors.debian.org
+      fastly-backend: true
+    mirror-skroutz.debian.org:
+      service-hostname: skroutz.debian.backend.mirrors.debian.org
+      fastly-backend: true
+    mirror-conova.debian.org:
+      service-hostname: conova.debian.backend.mirrors.debian.org
+      listen-addresses:
+        - '217.196.149.232:80'
+        - '[2a02:16a8:dc41:100::232]:80'
+      fastly-backend: true
+    mirror-isc.debian.org:
+      listen-addresses:
+        - '149.20.4.15:80'
+        - '[2001:4f8:1:c::15]:80'
+      onion_v4_address: 149.20.4.15
+  historical_master:
+    - sibelius.debian.org
+  historical_mirror:
+    - gretchaninov.debian.org
+    - klecker.debian.org
+    - mirror-conova.debian.org
+    - sibelius.debian.org
+  debug_mirror:
+    - klecker.debian.org
+    - mirror-conova.debian.org
+    - mirror-isc.debian.org
+  debug_mirror_onion:
+    - klecker.debian.org
+    - mirror-isc.debian.org
+  ports_mirror:
+    - klecker.debian.org
+    - mirror-isc.debian.org
+  ports_mirror_onion:
     - klecker.debian.org
     - mirror-isc.debian.org
+  planet_master:
+    - philp.debian.org
   planet_search:
     - philp.debian.org
+  i18n.d.o:
+    - tye.debian.org
+  l10n.d.o:
+    - tye.debian.org
+  dedup.d.n:
+    - delfin.debian.org
+  pet.d.n:
+    - petrova.debian.org
+  ports_master:
+    - porta.debian.org
+  onionbalance:
+    - olin.debian.org
+  bgp:
+    - mirror-bytemark.debian.org
+    - mirror-conova.debian.org
+    - mirror-accumu.debian.org
+    - mirror-skroutz.debian.org
+  cdimage-search:
+    - cgi-grnet-01.debian.org
+  apache_prefork:
+    # php needs this
+    - quantz.debian.org
+    - tchaikovsky.debian.org
+    - wuiet.debian.org
+  postgresql_server:
+    # postgresql instances not managed by puppet otherwise
+    - bmdb1.debian.org
+    - buxtehude.debian.org
+    - danzi.debian.org
+    - fasolo.debian.org
+    - melartin.debian.org
+    - sallinen.debian.org
+    - seger.debian.org
+    - sibelius.debian.org
+    - vittoria.debian.org
+  salsa.debian.org:
+    - godard.debian.org
+  insecure_ssl:
+    - debussy.debian.org
+    - godard.debian.org
+  debsources:
+    - sor.debian.org
+  ipsec:
+    - fasolo.debian.org
+    - storace.debian.org
+  debconf_wafer:
+    - debussy.debian.org
+  apache_not_public:
+    # Hosts that run apache but where it should not be open to the internet by
+    # default
+    - casulana.debian.org
+  cdbuilder_local_mirror:
+    - casulana.debian.org