X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Finit.pp;h=d2527978ecc1c0ea152248a8fa9eccc4f33ff90f;hb=96cd3ed6d32efe39605dd9b661fa759c4600f6bf;hp=7c9aa8590ce161f4888b000e7f2c0036c05a9435;hpb=a3f77c5f83d6adeea94753360c26da037a83583d;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 7c9aa8590..d2527978e 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -19,7 +19,8 @@ class roles {
 	if has_role('nagiosmaster') {
 	#	include nagios::server
 		ssl::service { 'nagios.debian.org':
-			notify => Service['apache2'],
+			notify  => Exec['service apache2 reload'],
+			key => true,
 		}
 	}
 
@@ -43,14 +44,12 @@ class roles {
 
 	if has_role('bugs_base') {
 		ssl::service { 'bugs.debian.org':
-			notify => Service['apache2'],
+			notify  => Exec['service apache2 reload'],
+			tlsaport => [],
 		}
 	}
 	if has_role('bugs_master') {
-		ssl::service { 'bugs-master.debian.org':
-			notify => Service['apache2'],
-			key => true,
-		}
+		ssl::service { 'bugs-master.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('ftp_master') {
@@ -60,23 +59,19 @@ class roles {
 
 	if has_role('api.ftp-master') {
 		ssl::service { 'api.ftp-master.debian.org':
-			notify => Service['apache2'],
+			notify  => Exec['service apache2 reload'],
+			key => true,
 		}
 	}
 
 	if has_role('manpages') {
-		ssl::service { 'manpages.debian.org':
-			notify => Service['apache2'],
-			key => true,
-		}
+		ssl::service { 'manpages.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
-	# XXX: turn this into a real role
-	if getfromhash($site::nodeinfo, 'apache2_security_mirror') {
+	if has_role('security_mirror') {
 		include roles::security_mirror
 	}
-
-	if has_role('mirror_debug') {
+	if has_role('debug_mirror') {
 		include roles::debug_mirror
 	}
 
@@ -97,9 +92,8 @@ class roles {
 	}
 
 	if has_role('people') {
-		ssl::service { 'people.debian.org':
-			notify => Service['apache2'],
-		}
+		ssl::service { 'people.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+		onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
 	}
 
 	if has_role('security_master') {
@@ -112,10 +106,7 @@ class roles {
 	}
 
 	if has_role('cgi.d.o') {
-		ssl::service { 'cgi.debian.org':
-			notify => Service['apache2'],
-			key => true,
-		}
+		ssl::service { 'cgi.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('keyring') {
@@ -216,10 +207,6 @@ class roles {
 		include roles::nm
 	}
 
-	if has_role('release') {
-		include roles::release
-	}
-
 	if has_role('rtc') {
 		include roles::rtc
 	}
@@ -244,28 +231,19 @@ class roles {
 	}
 
 	if has_role('packages') {
-		ssl::service { 'packages.debian.org':
-			notify => Service['apache2'],
-			key => true,
-		}
+		ssl::service { 'packages.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('qamaster') {
-		ssl::service { 'qa.debian.org':
-			notify => Service['apache2'],
-		}
+		ssl::service { 'qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('packagesqamaster') {
-		ssl::service { 'packages.qa.debian.org':
-			notify => Service['apache2'],
-		}
+		ssl::service { 'packages.qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('gobby_debian_org') {
-		ssl::service { 'gobby.debian.org':
-			notify => Service['apache2'],
-		}
+		ssl::service { 'gobby.debian.org': notify  => Exec['service apache2 reload'], key => true, tlsaport => [443, 6523], }
 	}
 
 	if has_role('search_backend') {
@@ -287,9 +265,10 @@ class roles {
 	}
 
 	if has_role('veyepar.debian.org') {
-		ssl::service { 'veyepar.debian.org':
-			notify => Service['apache2'],
-		}
+		ssl::service { 'veyepar.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	}
+	if has_role('sreview.debian.org') {
+		ssl::service { 'sreview.debian.net': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('httpredir') {
@@ -301,41 +280,37 @@ class roles {
 	}
 
 	if has_role('planet_search') {
-		ssl::service { 'planet-search.debian.org':
-			notify => Service['apache2'],
-			key => true,
-		}
+		ssl::service { 'planet-search.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('i18n.d.o') {
-		ssl::service { 'i18n.debian.org':
-			notify => Service['apache2'],
-			key => true,
-		}
+		ssl::service { 'i18n.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('l10n.d.o') {
-		ssl::service { 'l10n.debian.org':
-			notify => Service['apache2'],
-			key => true,
-		}
+		ssl::service { 'l10n.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('dedup.d.n') {
-		ssl::service { 'dedup.debian.net':
-			notify => Service['apache2'],
-			key => true,
-		}
+		ssl::service { 'dedup.debian.net': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
 	if has_role('pet.d.n') {
-		ssl::service { 'pet.debian.net':
-			notify => Service['apache2'],
-			key => true,
-		}
-		ssl::service { 'pet-devel.debian.net':
-			notify => Service['apache2'],
-			key => true,
-		}
+		ssl::service { 'pet.debian.net': notify  => Exec['service apache2 reload'], key => true, }
+		ssl::service { 'pet-devel.debian.net': notify  => Exec['service apache2 reload'], key => true, }
+	}
+
+	if has_role('ports-master') {
+		include roles::ports-master
+	}
+	if has_role('ports_mirror') {
+		include roles::ports_mirror
+	}
+
+	if $::hostname in [klecker] {
+		onion::service { 'ftp.debian.org': port => 80, target_address => '130.89.148.12', target_port => 81, }
+	}
+	if has_role('onionbalance') {
+		include onion::balance
 	}
 }