X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Ftemplates%2Fme.conf.erb;h=1bf1279ad3b9665854925e3368b12cb330493f20;hb=d7606746f1a0945f439a6bf1c180719a6779a798;hp=87b7d00372ce3a0a0acd6d4425add604126e20f7;hpb=2da9347e3403929ef8fa36f76cce777d9701c082;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 87b7d0037..1bf1279ad 100644
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -7,7 +7,7 @@
 nodeinfo = scope.lookupvar('site::nodeinfo')
 out = []
 
-restricted_purposes = ['kvm host', 'central syslog server', 'puppet master', 'jumphost', 'buildd', 'static-mirror', 'anycast mirror']
+restricted_purposes = ['kvm host', 'ganeti/kvm host', 'central syslog server', 'puppet master', 'jumphost', 'buildd', 'static-mirror', 'anycast mirror']
 restrict_ssh = %w{tchaikovsky draghi adayevskaya}
 
 if (nodeinfo['ldap'].has_key?('purpose')) then
@@ -65,6 +65,7 @@ if restrict_ssh.include?(@hostname) then
 	end
 	if scope.function_has_role(['debian_mirror']) or
 	   scope.function_has_role(['security_mirror']) or
+	   scope.function_has_role(['debug_mirror']) or
 	   scope.function_has_role(['historical_mirror']) or
 	   scope.function_has_role(['syncproxy']) then
 		ssh4allowed << '$HOST_MIRRORMASTER_V4'
@@ -90,6 +91,10 @@ if restrict_ssh.include?(@hostname) then
 		ssh4allowed << '$HOST_PORTSMASTER_V4'
 		ssh6allowed << '$HOST_PORTSMASTER_V6'
 	end
+	if scope.function_has_role(['debug_mirror']) then
+		ssh4allowed << '$HOST_FTPMASTER_V4'
+		ssh6allowed << '$HOST_FTPMASTER_V6'
+	end
 end
 ssh4allowed.length == 0 and ssh4allowed << '0.0.0.0/0'
 ssh6allowed.length == 0 and ssh6allowed << '::/0'