X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=hieradata%2Fcommon.yaml;h=eb7134dff91a0e34e922af79671bad3a2ee08339;hb=6ecc5aff091790a2d65d2f911215032d76e3a43d;hp=2641a0bc8a82685b5cd263f82d3624eb478e54a3;hpb=d77f5c319076e213f97c892c4a6dd9c3665ea231;p=mirror%2Fdsa-puppet.git

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 2641a0bc8..eb7134dff 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -3,6 +3,21 @@ nameservers: []
 searchpaths: []
 resolvoptions: []
 allow_dns_query: []
+role_config__mirrors:
+  mirror_basedir_prefix: '/srv/mirrors/'
+role_config__syncproxy:
+  mirror_basedir_prefix: '/srv/mirrors/'
+samhain_recipients:
+  - 'debian-archive-debian-samhain-reports@master.debian.org'
+  - 'debian-admin@ftbfs.de'
+  - 'weasel@debian.org'
+  - 'zumbi@oron.es'
+root_mail_alias:
+  - 'debian-admin@debian.org'
+paths:
+  letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt'
+  auto_certs_dir: '/srv/puppet.debian.org/ca/RESULT/certs'
+  auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts'
 roles:
   bugsmx:
     - buxtehude.debian.org
@@ -29,14 +44,10 @@ roles:
     - geo3.debian.org
   extranrpeclient:
     - denis.debian.org
-  ftp.d.o:
-    # also see debian_mirror
-    - klecker.debian.org
   ftp_master:
     - fasolo.debian.org
   ftp.upload.d.o:
     - coccia.debian.org
-    - suchon.debian.org
     - usper.debian.org
   api.ftp-master:
     - coccia.debian.org
@@ -52,19 +63,16 @@ roles:
     - jerea.debian.org
   keyring:
     - kaufmann.debian.org
-  keystone_rabbitmq:
-    - rainier.debian.org
-    - rapoport.debian.org
   lists:
     - bendel.debian.org
-  list_search:
-    - stockhausen.debian.org
   mailrelay:
     - mailly.debian.org
     - muffat.debian.org
   manpages-dyn:
     - manziarly.debian.org
     - cgi-grnet-01.debian.org
+  mirrormaster:
+    - melartin.debian.org
   muninmaster:
     - menotti.debian.org
   nagiosmaster:
@@ -108,33 +116,44 @@ roles:
   security_master:
     - seger.debian.org
   security_mirror:
-    - mirror-anu.debian.org
-    - mirror-bytemark.debian.org
-    - mirror-conova.debian.org
-    - mirror-csail.debian.org
-    - mirror-isc.debian.org
-    - mirror-umn.debian.org
-    - mirror-accumu.debian.org
-    - mirror-skroutz.debian.org
-    - lobos.debian.org
-    - santoro.debian.org
-    - setoguchi.debian.org
-    - sechter.debian.org
-    - villa.debian.org
-    - wieck.debian.org
-  security_mirror_onion:
-    - mirror-isc.debian.org
-    - mirror-umn.debian.org
-    - lobos.debian.org
-    - villa.debian.org
-  security_mirror_no_ftp:
-    # hosts that are not part of security.debian.org but
-    # only participiate in the anycast do not need ftp
-    - mirror-accumu.debian.org
-    - mirror-skroutz.debian.org
-    - mirror-bytemark.debian.org
+    mirror-anu.debian.org:
+      fastly-backend: false
+    mirror-csail.debian.org:
+      fastly-backend: false
+    mirror-isc.debian.org:
+      onion_v4_address: 149.20.4.14
+    mirror-umn.debian.org:
+      onion_v4_address: 128.101.240.215
+    mirror-accumu.debian.org:
+      fastly-backend: false
+    mirror-skroutz.debian.org:
+      fastly-backend: false
+    lobos.debian.org:
+      service-hostname: lobos.security.backend.mirrors.debian.org
+      fastly-backend: false
+      onion_v4_address: 212.211.132.250
+    santoro.debian.org:
+      fastly-backend: false
+    schmelzer.debian.org:
+      fastly-backend: false
+    schumann.debian.org:
+      service-hostname: schumann.security.backend.mirrors.debian.org
+      fastly-backend: true
+    setoguchi.debian.org:
+      fastly-backend: false
+    sechter.debian.org:
+      fastly-backend: false
+    villa.debian.org:
+      service-hostname: villa.security.backend.mirrors.debian.org
+      fastly-backend: true
+      onion_v4_address: 212.211.132.32
+    wieck.debian.org:
+      service-hostname: wieck.security.backend.mirrors.debian.org
+      fastly-backend: true
   security_tracker:
     - soriano.debian.org
+  security_upload:
+    - suchon.debian.org
   ssh.upload.d.o:
     - coccia.debian.org
     - suchon.debian.org
@@ -143,6 +162,7 @@ roles:
     - diabelli.debian.org
   # single sign on relying party (host) - also required apache2 module enabled on that host via other means
   sso_rp:
+    - debussy.debian.org
     - diabelli.debian.org
     - jerea.debian.org
     - nono.debian.org
@@ -150,10 +170,12 @@ roles:
     - tate.debian.org
     - ticharich.debian.org
     - wilder.debian.org
+    - wuiet.debian.org
   static_master:
     - dillon.debian.org
     - fasolo.debian.org
     - porta.debian.org
+    - static-master-grnet-01.debian.org
   static_mirror:
     - klecker.debian.org
     - mirror-anu.debian.org
@@ -170,10 +192,12 @@ roles:
     - dummy
   static_source:
     - boott.debian.org
+    - casulana.debian.org
     - coccia.debian.org
     - dillon.debian.org
     - donizetti.debian.org
     - fasolo.debian.org
+    - kaufmann.debian.org
     - lindsay.debian.org
     - manziarly.debian.org
     - mekeel.debian.org
@@ -190,6 +214,7 @@ roles:
     - mirror-anu.debian.org
     - mirror-isc.debian.org
     - mirror-umn.debian.org
+    - schmelzer.debian.org
   tracker:
     - ticharich.debian.org
   udd:
@@ -220,7 +245,6 @@ roles:
   bacula_storage:
     - storace.debian.org
   dabackup_client:
-    - moszumanska.debian.org
     - lw03.debian.org
   gobby_debian_org:
     - gombert.debian.org
@@ -229,36 +253,56 @@ roles:
   sreview.debian.org:
     - vittoria.debian.org
   debian_mirror:
-    - klecker.debian.org
-    - mirror-bytemark.debian.org
-    - mirror-accumu.debian.org
-    - mirror-skroutz.debian.org
-    - mirror-conova.debian.org
-    - mirror-isc.debian.org
-  debian_mirror_onion:
-    - klecker.debian.org
-    - mirror-bytemark.debian.org
-    - mirror-isc.debian.org
+    klecker.debian.org:
+      listen-addresses:
+        - '130.89.148.12:80'
+        - '[2001:67c:2564:a119::148:12]:80'
+      onion_v4_address: 130.89.148.12
+    mirror-accumu.debian.org:
+      service-hostname: accumu.debian.backend.mirrors.debian.org
+      fastly-backend: true
+    mirror-skroutz.debian.org:
+      service-hostname: skroutz.debian.backend.mirrors.debian.org
+      fastly-backend: true
+    mirror-isc.debian.org:
+      listen-addresses:
+        - '149.20.4.15:80'
+        - '[2001:4f8:1:c::15]:80'
+      onion_v4_address: 149.20.4.15
+    schmelzer.debian.org:
+      listen-addresses:
+        - '217.196.149.232:80'
+        - '[2a02:16a8:dc41:100::232]:80'
+      fastly-backend: true
+      service-hostname: conova.debian.backend.mirrors.debian.org
   historical_master:
     - sibelius.debian.org
   historical_mirror:
     - gretchaninov.debian.org
     - klecker.debian.org
-    - mirror-conova.debian.org
+    - schmelzer.debian.org
     - sibelius.debian.org
   debug_mirror:
-    - klecker.debian.org
-    - mirror-conova.debian.org
-    - mirror-isc.debian.org
+    mirror-accumu.debian.org:
+      onion_v4_address: 130.242.6.199
+      service-hostname: accumu.debug.backend.mirrors.debian.org
+    schmelzer.debian.org:
+      listen-addresses:
+        - '217.196.149.232:80'
+        - '[2a02:16a8:dc41:100::232]:80'
+      onion_v4_address: 217.196.149.232
+      service-hostname: conova.debug.backend.mirrors.debian.org
   debug_mirror_onion:
-    - klecker.debian.org
-    - mirror-isc.debian.org
+    - mirror-accumu.debian.org
+    - schmelzer.debian.org
   ports_mirror:
     - klecker.debian.org
     - mirror-isc.debian.org
   ports_mirror_onion:
     - klecker.debian.org
     - mirror-isc.debian.org
+  planet_master:
+    - philp.debian.org
   planet_search:
     - philp.debian.org
   i18n.d.o:
@@ -273,30 +317,7 @@ roles:
     - porta.debian.org
   onionbalance:
     - olin.debian.org
-  experimental_apache:
-    - beach.debian.org
-    - cgi-grnet-01.debian.org
-    - coccia.debian.org
-    - draghi.debian.org
-    - klecker.debian.org
-    - manziarly.debian.org
-    - mirror-bytemark.debian.org
-    - mirror-csail.debian.org
-    - mirror-isc.debian.org
-    - mirror-umn.debian.org
-    - pejacevic.debian.org
-    - petrova.debian.org
-    - philp.debian.org
-    - picconi.debian.org
-    - pkgmirror-csail.debian.org
-    - santoro.debian.org
-    - sechter.debian.org
-    - setoguchi.debian.org
-    - ticharich.debian.org
-    - villa.debian.org
   bgp:
-    - mirror-bytemark.debian.org
-    - mirror-conova.debian.org
     - mirror-accumu.debian.org
     - mirror-skroutz.debian.org
   cdimage-search:
@@ -307,11 +328,56 @@ roles:
     - tchaikovsky.debian.org
     - wuiet.debian.org
   postgresql_server:
+    # postgresql instances not managed by puppet otherwise
     - bmdb1.debian.org
     - buxtehude.debian.org
     - danzi.debian.org
     - fasolo.debian.org
+    - lw07.debian.org
     - melartin.debian.org
+    - sallinen.debian.org
     - seger.debian.org
     - sibelius.debian.org
+    - snapshotdb-manda-01.debian.org
     - vittoria.debian.org
+  salsa.debian.org:
+    - godard.debian.org
+  insecure_ssl:
+    - debussy.debian.org
+    - godard.debian.org
+  debsources:
+    - sor.debian.org
+  ipsec:
+    - fasolo.debian.org
+    - storace.debian.org
+  debconf_wafer:
+    - debussy.debian.org
+  apache_not_public:
+    # Hosts that run apache but where it should not be open to the internet by
+    # default
+    - casulana.debian.org
+  apache_ratelimited:
+    - beach.debian.org
+    - buxtehude.debian.org
+    - lw07.debian.org
+    - picconi.debian.org
+    - pkgmirror-csail.debian.org
+    - sallinen.debian.org
+  cdbuilder_local_mirror:
+    - casulana.debian.org
+  alioth_archive:
+    - grabbe.debian.org
+  snapshot_web:
+    - lw07.debian.org
+    - sallinen.debian.org
+  snapshot_shell:
+    - lw08.debian.org
+  anonscm:
+    - cgi-grnet-01.debian.org
+  loghost:
+    - loghost-grnet-01.debian.org
+    - loghost-osuosl-01.debian.org
+    - lotti.debian.org
+
+classes:
+  - base