X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Finit.pp;h=cab8edd978da9f7b7fe44d5246ef519e5827ce40;hb=d7dff70424dc48067cd223e3bf92e54bb973afbf;hp=fad6b087a436751f643a1ef183d5263ec6fb78dd;hpb=7e5b0998aa9eebbcf6992944cbdd1af623029ab1;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index fad6b087a..101058d15 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -1,86 +1,374 @@
+# = Class: roles
+#
+# Lookup role and include relevant classes for roles
+#
+# == Sample Usage:
+#
+#   include roles
+#
 class roles {
 
-	if getfromhash($site::nodeinfo, 'puppetmaster') {
+	if has_role('puppetmaster') {
 		include puppetmaster
 	}
 
-	if getfromhash($site::nodeinfo, 'muninmaster') {
+	if has_role('muninmaster') {
 		include munin::master
 	}
 
-	#if getfromhash($site::nodeinfo, 'nagiosmaster') {
+	if has_role('nagiosmaster') {
 	#	include nagios::server
-	#}
+		ssl::service { 'nagios.debian.org':
+			notify  => Exec['service apache2 reload'],
+			key => true,
+		}
+	}
 
+	# XXX: turn this into a real role
 	if getfromhash($site::nodeinfo, 'buildd') {
 		include buildd
 	}
 
+	# XXX: turn this into a real role
 	if getfromhash($site::nodeinfo, 'porterbox') {
 		include porterbox
 	}
 
-	if getfromhash($site::nodeinfo, 'bugs_mirror') {
+	if has_role('bugs_mirror') {
 		include roles::bugs_mirror
 	}
 
-	if getfromhash($site::nodeinfo, 'ftp_master') {
-		include roles::ftp_master
-		include roles::dakmaster
+	if has_role('bugs_base') {
+		ssl::service { 'bugs.debian.org':
+			notify  => Exec['service apache2 reload'],
+			key => true,
+		}
+	}
+	if has_role('bugs_master') {
+		ssl::service { 'bugs-master.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
-	if getfromhash($site::nodeinfo, 'apache2_security_mirror') {
-		include roles::security_mirror
+	if has_role('manpages-dyn') {
+		include roles::manpages_dyn
 	}
 
-	if getfromhash($site::nodeinfo, 'apache2_www_mirror') {
-		include roles::www_mirror
+	if has_role('archvsync_base_additional') {
+		include archvsync_base
 	}
 
-	if getfromhash($site::nodeinfo, 'ftp.d.o') {
-		include roles::ftp
+	# archive.debian.org
+	if has_role('historical_mirror') {
+		include roles::historical_mirror
 	}
 
-	if getfromhash($site::nodeinfo, 'ftp.upload.d.o') {
-		include roles::ftp_upload
+	# debug archive
+	if has_role('debug_mirror') {
+		include roles::debug_mirror
 	}
 
-	if getfromhash($site::nodeinfo, 'security_master') {
+	# ftp.debian.org and its ecosystem
+	if has_role('debian_mirror') {
+		include roles::debian_mirror
+	}
+	if has_role('ftp.d.o') {
+		vsftpd::site { 'ftp':
+			ensure	=> absent,
+			root	=> '/nonexistent',
+		}
+	}
+	if has_role('ftp_master') {
+		include roles::ftp_master
+		include roles::dakmaster
+		include roles::signing
+	}
+	if has_role('ftp.upload.d.o') {
+		include roles::ftp_upload
+	}
+	if has_role('ssh.upload.d.o') {
+		include roles::ssh_upload
+	}
+	if has_role('security_upload') {
+		include roles::security_upload
+	}
+	if has_role('api.ftp-master') {
+		ssl::service { 'api.ftp-master.debian.org':
+			notify  => Exec['service apache2 reload'],
+			key => true,
+		}
+	}
+	#
+	# security.debian.org
+	if has_role('security_master') {
 		include roles::security_master
 		include roles::dakmaster
 	}
+	if has_role('security_mirror') {
+		include roles::security_mirror
+	}
+
+	if has_role('git_master') {
+		include roles::git_master
+	}
+
+	if has_role('people') {
+		ssl::service { 'people.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+		onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
+	}
 
-	if getfromhash($site::nodeinfo, 'www_master') {
+	if has_role('www_master') {
 		include roles::www_master
 	}
 
-	if getfromhash($site::nodeinfo, 'keyring') {
+	if has_role('cgi.d.o') {
+		ssl::service { 'cgi.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('keyring') {
 		include roles::keyring
 	}
 
-	if getfromhash($site::nodeinfo, 'apache2_ftp-upcoming_mirror') {
-		include roles::ftp-upcoming_mirror
+	if has_role('wiki') {
+		include roles::wiki
+	}
+
+	if has_role('syncproxy') {
+		include roles::syncproxy
 	}
 
-	if getfromhash($site::nodeinfo, 'static_master') {
+	if has_role('static_master') {
 		include roles::static_master
 	}
 
-	if getfromhash($site::nodeinfo, 'static_mirror') {
+	if has_role('static_mirror') {
 		include roles::static_mirror
-	} elsif getfromhash($site::nodeinfo, 'static_source') {
+	} elsif has_role('static_source') {
 		include roles::static_source
 	}
 
-	if getfromhash($site::nodeinfo, 'weblog_provider') {
+	if has_role('weblog_provider') {
 		include roles::weblog_provider
 	}
 
-	if getfromhash($site::nodeinfo, 'mailrelay') {
+	if has_role('mailrelay') {
 		include roles::mailrelay
 	}
 
-	if $::hostname in [ravel] {
+	if has_role('pubsub') {
+		include roles::pubsub
+	}
+
+	if has_role('dbmaster') {
+		include roles::dbmaster
+	}
+
+	if has_role('dns_primary') {
+		include named::primary
+	}
+
+	if has_role('weblog_destination') {
 		include roles::weblog_destination
 	}
+
+	if has_role('vote') {
+		include roles::vote
+	}
+
+	if has_role('security_tracker') {
+		include roles::security_tracker
+	}
+
+	if has_role('lists') {
+		include roles::lists
+	}
+
+	if has_role('rtmaster') {
+		include roles::rtmaster
+	}
+
+	if has_role('udd') {
+		include roles::udd
+	}
+
+	if has_role('sso') {
+		include roles::sso
+	}
+
+	if has_role('sso_rp') {
+		include roles::sso_rp
+	}
+
+	if has_role('tracker') {
+		include roles::tracker
+	}
+
+	if has_role('buildd_master') {
+		include roles::buildd_master
+	}
+
+	if has_role('piuparts') {
+		include roles::piuparts
+	}
+	if has_role('piuparts_slave') {
+		include roles::piuparts_slave
+	}
+
+	if has_role('contributors') {
+		include roles::contributors
+	}
+
+	if has_role('nm') {
+		include roles::nm
+	}
+
+	if has_role('rtc') {
+		include roles::rtc
+	}
+
+	if has_role('jenkins') {
+		include roles::jenkins
+	}
+
+	if has_role('postgres_backup_server') {
+		include postgres::backup_server
+	}
+
+	if has_role('packages') {
+		ssl::service { 'packages.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('historicalpackages') {
+		ssl::service { 'historical.packages.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('qamaster') {
+		ssl::service { 'qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('packagesqamaster') {
+		ssl::service { 'packages.qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('gobby_debian_org') {
+		ssl::service { 'gobby.debian.org':
+			notify  => [ Exec['service apache2 reload'], Exec['reload gobby'] ],
+			key => true,
+			tlsaport => [443, 6523],
+		}
+		file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
+			ensure => present,
+			mode => '0440',
+			group => 'gobby',
+			content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'),
+			links => follow,
+			notify => Exec['reload gobby'],
+		}
+		exec { 'reload gobby':
+			command => 'pkill -u gobby -HUP -x infinoted',
+			refreshonly => true,
+		}
+	}
+
+	if has_role('search_backend') {
+		include roles::search_backend
+	}
+	if has_role('search_frontend') {
+		include roles::search_frontend
+	}
+
+	if has_role('dgit_browse') {
+		include roles::dgit_browse
+	}
+	if has_role('dgit_git') {
+		include roles::dgit_git
+	}
+
+	if $::hostname in [lw01, lw02, lw03, lw04] {
+		include roles::snapshot
+	}
+
+	if has_role('veyepar.debian.org') {
+		ssl::service { 'veyepar.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+	if has_role('sreview.debian.org') {
+		ssl::service { 'sreview.debian.net': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('debtags') {
+		include roles::debtags
+	}
+
+	if has_role('planet_master') {
+		include roles::planet_master
+	}
+	if has_role('planet_search') {
+		ssl::service { 'planet-search.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('i18n.d.o') {
+		ssl::service { 'i18n.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('l10n.d.o') {
+		ssl::service { 'l10n.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('dedup.d.n') {
+		ssl::service { 'dedup.debian.net': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('pet.d.n') {
+		ssl::service { 'pet.debian.net': notify  => Exec['service apache2 reload'], key => true, }
+		ssl::service { 'pet-devel.debian.net': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('ports_master') {
+		include roles::ports_master
+	}
+	if has_role('ports_mirror') {
+		include roles::ports_mirror
+	}
+
+	if has_role('onionbalance') {
+		include onion::balance
+	}
+	if has_role('bgp') {
+		include roles::bgp
+	}
+	if has_role('cdimage-search') {
+		include roles::cdimage_search
+	}
+
+	if has_role('postgresql_server') {
+		include postgres::backup_source
+	}
+
+	if has_role('bacula_director') {
+		include bacula::director
+	} else {
+		package { 'bacula-console': ensure => purged; }
+		file { '/etc/bacula/bconsole.conf': ensure => absent; }
+	}
+	if has_role('bacula_storage') {
+		include bacula::storage
+	}
+
+	if has_role('salsa.debian.org') {
+		include salsa
+	}
+
+	if $::keyring_debian_org_mirror {
+		include roles::keyring_debian_org_mirror
+	}
+
+	if has_role('popcon') {
+		include roles::popcon
+	}
+
+	if has_role('debsources') {
+		include roles::debsources
+	}
+
+	if has_role('ipsec') {
+		include ipsec
+	}
 }