X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Finit.pp;h=65c23bc358e900816d56af842159034daaaa659a;hb=29cbe59430d1e7d7d5575579b48513c56227e2f7;hp=7a733e63fb03018f0ea495733e639639d7029b1f;hpb=32ea1e350d8b71c35b3147aa437a6f7ac1b3d650;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index 7a733e63f..65c23bc35 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -7,21 +7,12 @@ # include roles # class roles { - - if has_role('puppetmaster') { - include puppetmaster - } - if has_role('muninmaster') { include munin::master } if has_role('nagiosmaster') { - # include nagios::server - ssl::service { 'nagios.debian.org': - notify => Exec['service apache2 reload'], - key => true, - } + include nagios::server } # XXX: turn this into a real role @@ -43,8 +34,13 @@ class roles { notify => Exec['service apache2 reload'], key => true, } + ferm::rule { 'dsa-bugs-abusers': + prio => "005", + rule => "saddr (220.243.135/24 220.243.136/24) DROP", + } } if has_role('bugs_master') { + ssl::service { 'bugs-devel.debian.org': notify => Exec['service apache2 reload'], key => true, } ssl::service { 'bugs-master.debian.org': notify => Exec['service apache2 reload'], key => true, } } @@ -70,12 +66,10 @@ class roles { if has_role('debian_mirror') { include roles::debian_mirror } - if has_role('ftp.d.o') { - include roles::ftp - } if has_role('ftp_master') { include roles::ftp_master include roles::dakmaster + include roles::signing } if has_role('ftp.upload.d.o') { include roles::ftp_upload @@ -83,6 +77,9 @@ class roles { if has_role('ssh.upload.d.o') { include roles::ssh_upload } + if has_role('security_upload') { + include roles::security_upload + } if has_role('api.ftp-master') { ssl::service { 'api.ftp-master.debian.org': notify => Exec['service apache2 reload'], @@ -95,6 +92,7 @@ class roles { include roles::security_master include roles::dakmaster } + if has_role('security_mirror') { include roles::security_mirror } @@ -155,7 +153,11 @@ class roles { } if has_role('dns_primary') { - include named::primary + include roles::dns_primary + } + + if has_role('dns_geo') { + include roles::dns_geodns } if has_role('weblog_destination') { @@ -174,10 +176,6 @@ class roles { include roles::lists } - if has_role('list_search') { - include roles::listsearch - } - if has_role('rtmaster') { include roles::rtmaster } @@ -198,10 +196,6 @@ class roles { include roles::tracker } - if has_role('buildd_master') { - include roles::buildd_master - } - if has_role('piuparts') { include roles::piuparts } @@ -225,17 +219,6 @@ class roles { include roles::jenkins } - if has_role('keystone') { - include roles::keystone - } - if has_role('keystone_rabbitmq') { - include roles::keystone::rabbitmq - } - - if has_role('memcached') { - include roles::memcached - } - if has_role('postgres_backup_server') { include postgres::backup_server } @@ -244,6 +227,10 @@ class roles { ssl::service { 'packages.debian.org': notify => Exec['service apache2 reload'], key => true, } } + if has_role('historicalpackages') { + ssl::service { 'historical.packages.debian.org': notify => Exec['service apache2 reload'], key => true, } + } + if has_role('qamaster') { ssl::service { 'qa.debian.org': notify => Exec['service apache2 reload'], key => true, } } @@ -253,7 +240,23 @@ class roles { } if has_role('gobby_debian_org') { - ssl::service { 'gobby.debian.org': notify => Exec['service apache2 reload'], key => true, tlsaport => [443, 6523], } + ssl::service { 'gobby.debian.org': + notify => [ Exec['service apache2 reload'], Exec['reload gobby'] ], + key => true, + tlsaport => [443, 6523], + } + file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key': + ensure => present, + mode => '0440', + group => 'gobby', + content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'), + links => follow, + notify => Exec['reload gobby'], + } + exec { 'reload gobby': + command => 'pkill -u gobby -HUP -x infinoted', + refreshonly => true, + } } if has_role('search_backend') { @@ -270,25 +273,32 @@ class roles { include roles::dgit_git } - if $::hostname in [lw01, lw02, lw03, lw04] { + if $::hostname in [lw01, lw02, lw03, lw04, lw09, lw10] { include roles::snapshot } - if has_role('veyepar.debian.org') { - ssl::service { 'veyepar.debian.org': notify => Exec['service apache2 reload'], key => true, } + if has_role('snapshot_web') { + include roles::snapshot_web } - if has_role('sreview.debian.org') { - ssl::service { 'sreview.debian.net': notify => Exec['service apache2 reload'], key => true, } + + if has_role('snapshot_shell') { + include roles::snapshot_shell } - if has_role('httpredir') { - include roles::httpredir + if has_role('veyepar.debian.org') { + include roles::veyepar + } + if has_role('sreview.debian.org') { + include roles::sreview } if has_role('debtags') { include roles::debtags } + if has_role('planet_master') { + include roles::planet_master + } if has_role('planet_search') { ssl::service { 'planet-search.debian.org': notify => Exec['service apache2 reload'], key => true, } } @@ -328,6 +338,51 @@ class roles { } if has_role('postgresql_server') { - include roles::postgresql_server + include postgres::backup_source + } + + if has_role('bacula_director') { + include bacula::director + } else { + package { 'bacula-console': ensure => purged; } + file { '/etc/bacula/bconsole.conf': ensure => absent; } + } + if has_role('bacula_storage') { + include bacula::storage + } + + if has_role('salsa.debian.org') { + include salsa + } + + if $::keyring_debian_org_mirror { + include roles::keyring_debian_org_mirror + } + + if has_role('popcon') { + include roles::popcon + } + + if has_role('debsources') { + include roles::debsources + } + + if has_role('ipsec') { + include ipsec + } + + if has_role('debconf_wafer') { + include roles::debconf_wafer + } + + if has_role('cdbuilder_local_mirror') { + include roles::cdbuilder_local_mirror + } + + if has_role('alioth_archive') { + include roles::alioth_archive + } + if has_role('anonscm') { + include roles::anonscm } }