X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Finit.pp;h=51f9be53d03a0857c420438e09b5fab419fae895;hb=e4818dbab72dc4aaeb120b3dbae082f99f8b83d7;hp=835f156812c751bd5c2406c5e8dd0ec89b5e579f;hpb=142d7dd48ee282fc7cab2c036327dca1f4d87b07;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index 835f15681..51f9be53d 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -17,11 +17,7 @@ class roles { } if has_role('nagiosmaster') { - # include nagios::server - ssl::service { 'nagios.debian.org': - notify => Exec['service apache2 reload'], - key => true, - } + include nagios::server } # XXX: turn this into a real role @@ -34,10 +30,6 @@ class roles { include porterbox } - if has_role('archive_master') { - include archive_master - } - if has_role('bugs_mirror') { include roles::bugs_mirror } @@ -47,45 +39,68 @@ class roles { notify => Exec['service apache2 reload'], key => true, } + @ferm::rule { 'dsa-bugs-abusers': + prio => "005", + rule => "saddr (220.243.135/24 220.243.136/24) DROP", + } } if has_role('bugs_master') { + ssl::service { 'bugs-devel.debian.org': notify => Exec['service apache2 reload'], key => true, } ssl::service { 'bugs-master.debian.org': notify => Exec['service apache2 reload'], key => true, } } - if has_role('ftp_master') { - include roles::ftp_master - include roles::dakmaster + if has_role('manpages-dyn') { + include roles::manpages_dyn } - if has_role('api.ftp-master') { - ssl::service { 'api.ftp-master.debian.org': - notify => Exec['service apache2 reload'], - key => true, - } + if has_role('archvsync_base_additional') { + include archvsync_base } - if has_role('manpages-dyn') { - include roles::manpages_dyn + # archive.debian.org + if has_role('historical_mirror') { + include roles::historical_mirror } - if has_role('security_mirror') { - include roles::security_mirror - } + # debug archive if has_role('debug_mirror') { include roles::debug_mirror } - if has_role('ftp.d.o') { - include roles::ftp + # ftp.debian.org and its ecosystem + if has_role('debian_mirror') { + include roles::debian_mirror + } + if has_role('ftp_master') { + include roles::ftp_master + include roles::dakmaster + include roles::signing } - if has_role('ftp.upload.d.o') { include roles::ftp_upload } - if has_role('ssh.upload.d.o') { include roles::ssh_upload } + if has_role('security_upload') { + include roles::security_upload + } + if has_role('api.ftp-master') { + ssl::service { 'api.ftp-master.debian.org': + notify => Exec['service apache2 reload'], + key => true, + } + } + # + # security.debian.org + if has_role('security_master') { + include roles::security_master + include roles::dakmaster + } + + if has_role('security_mirror') { + include roles::security_mirror + } if has_role('git_master') { include roles::git_master @@ -96,11 +111,6 @@ class roles { onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true } } - if has_role('security_master') { - include roles::security_master - include roles::dakmaster - } - if has_role('www_master') { include roles::www_master } @@ -151,6 +161,10 @@ class roles { include named::primary } + if has_role('dns_geo') { + include named::geodns + } + if has_role('weblog_destination') { include roles::weblog_destination } @@ -167,10 +181,6 @@ class roles { include roles::lists } - if has_role('list_search') { - include roles::listsearch - } - if has_role('rtmaster') { include roles::rtmaster } @@ -198,6 +208,9 @@ class roles { if has_role('piuparts') { include roles::piuparts } + if has_role('piuparts_slave') { + include roles::piuparts_slave + } if has_role('contributors') { include roles::contributors @@ -215,17 +228,6 @@ class roles { include roles::jenkins } - if has_role('keystone') { - include roles::keystone - } - if has_role('keystone_rabbitmq') { - include roles::keystone::rabbitmq - } - - if has_role('memcached') { - include roles::memcached - } - if has_role('postgres_backup_server') { include postgres::backup_server } @@ -234,6 +236,10 @@ class roles { ssl::service { 'packages.debian.org': notify => Exec['service apache2 reload'], key => true, } } + if has_role('historicalpackages') { + ssl::service { 'historical.packages.debian.org': notify => Exec['service apache2 reload'], key => true, } + } + if has_role('qamaster') { ssl::service { 'qa.debian.org': notify => Exec['service apache2 reload'], key => true, } } @@ -243,25 +249,49 @@ class roles { } if has_role('gobby_debian_org') { - ssl::service { 'gobby.debian.org': notify => Exec['service apache2 reload'], key => true, tlsaport => [443, 6523], } + ssl::service { 'gobby.debian.org': + notify => [ Exec['service apache2 reload'], Exec['reload gobby'] ], + key => true, + tlsaport => [443, 6523], + } + file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key': + ensure => present, + mode => '0440', + group => 'gobby', + content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'), + links => follow, + notify => Exec['reload gobby'], + } + exec { 'reload gobby': + command => 'pkill -u gobby -HUP -x infinoted', + refreshonly => true, + } } if has_role('search_backend') { - include search_backend + include roles::search_backend } if has_role('search_frontend') { - include search_frontend + include roles::search_frontend } if has_role('dgit_browse') { - include dgit_browse + include roles::dgit_browse } if has_role('dgit_git') { - include dgit_git + include roles::dgit_git + } + + if $::hostname in [lw01, lw02, lw03, lw04, lw09, lw10] { + include roles::snapshot + } + + if has_role('snapshot_web') { + include roles::snapshot_web } - if $::hostname in [lw01, lw02, lw03, lw04] { - include snapshot + if has_role('snapshot_shell') { + include roles::snapshot_shell } if has_role('veyepar.debian.org') { @@ -271,14 +301,13 @@ class roles { ssl::service { 'sreview.debian.net': notify => Exec['service apache2 reload'], key => true, } } - if has_role('httpredir') { - include roles::httpredir - } - if has_role('debtags') { include roles::debtags } + if has_role('planet_master') { + include roles::planet_master + } if has_role('planet_search') { ssl::service { 'planet-search.debian.org': notify => Exec['service apache2 reload'], key => true, } } @@ -300,17 +329,70 @@ class roles { ssl::service { 'pet-devel.debian.net': notify => Exec['service apache2 reload'], key => true, } } - if has_role('ports-master') { - include roles::ports-master + if has_role('ports_master') { + include roles::ports_master } if has_role('ports_mirror') { include roles::ports_mirror } - if $::hostname in [klecker] { - onion::service { 'ftp.debian.org': port => 80, target_address => '130.89.148.12', target_port => 81, } - } if has_role('onionbalance') { include onion::balance } + if has_role('bgp') { + include roles::bgp + } + if has_role('cdimage-search') { + include roles::cdimage_search + } + + if has_role('postgresql_server') { + include postgres::backup_source + } + + if has_role('bacula_director') { + include bacula::director + } else { + package { 'bacula-console': ensure => purged; } + file { '/etc/bacula/bconsole.conf': ensure => absent; } + } + if has_role('bacula_storage') { + include bacula::storage + } + + if has_role('salsa.debian.org') { + include salsa + } + + if $::keyring_debian_org_mirror { + include roles::keyring_debian_org_mirror + } + + if has_role('popcon') { + include roles::popcon + } + + if has_role('debsources') { + include roles::debsources + } + + if has_role('ipsec') { + include ipsec + } + + if has_role('debconf_wafer') { + include roles::debconf_wafer + } + + if has_role('cdbuilder_local_mirror') { + include roles::cdbuilder_local_mirror + } + + if has_role('alioth_archive') { + include roles::alioth_archive + } + if has_role('anonscm') { + include roles::anonscm + } + }