X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsecurity_mirror.pp;h=472a1458edbf324e49a8767b52622e17f0646b53;hb=da4d916ea39b5fa0115af28af54d379e7f859059;hp=2b1baf6117fa0d45ee793e9d7188dfe551588339;hpb=107a00c9b97e8ba32c823c510bbbe8b747290963;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp
index 2b1baf611..472a1458e 100644
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -1,32 +1,83 @@
 class roles::security_mirror {
+	include roles::archvsync_base
 
-	apache2::site { '010-security.debian.org':
-		site   => 'security.debian.org',
-		config => 'puppet:///modules/roles/security_mirror/security.debian.org'
+	$binds = $::hostname ? {
+		mirror-anu      => [ '150.203.164.61', '[2001:388:1034:2900::3d]' ],
+		mirror-bytemark => [ '5.153.231.46', '[2001:41c8:1000:21::21:46]' ],
+		mirror-conova   => [ '217.196.149.233', '[2a02:16a8:dc41:100::233]' ],
+		mirror-isc      => [ '149.20.4.14', '[2001:4f8:1:c::14]' ],
+		mirror-umn      => [ '128.101.240.215', '[2607:ea00:101:3c0b::1deb:215]' ],
+		default         => [ '[::]' ],
 	}
 
-	$bind = $::hostname ? {
-		default => '',
+	file { '/srv/mirrors/debian-security':
+		ensure => link,
+		target => '../ftp.root/debian-security',
+	}
+	file { '/srv/ftp.root':
+		ensure  => directory,
+	}
+	file { '/srv/ftp.root/.nobackup':
+		ensure  => present,
+		content => '',
 	}
+	file { '/srv/ftp.root/debian-security':
+		ensure => directory,
+		owner  => 1176, # archvsync
+		group  => 1176, # archvsync
+		mode   => '0755',
+	}
+
+	include apache2::expires
+	include apache2::rewrite
 
-	$bind6 = $::hostname ? {
-		default => '',
+	apache2::site { '010-security.debian.org':
+		site   => 'security.debian.org',
+		content => template('roles/security_mirror/security.debian.org.erb')
 	}
 
-	$logfile = '/var/log/ftp/vsftpd-security.debian.org.log'
+        # roles is a list of hashes, which needs to be unpacked into a regular hash
+        $mirrors = hiera('roles.security_mirror', [])
+        # unpack $mirrors and construct a hash
+        $m2 = Hash($mirrors.map |$h| { $h.map |$k, $v| { [$k, $v] }[0]})
+        $fastly_mirrors = $m2.filter |$h| { $h[1]['fastly-backend'] }
+        $hosts_to_check = $fastly_mirrors.map |$h| { $h[1]['service-hostname'] }
+
+        roles::mirror_health { 'security':
+		check_hosts   => $hosts_to_check,
+		check_service => 'security',
+		url           => 'http://security.backend.mirrors.debian.org/debian/dists/sid/Release',
+		health_url    => 'http://security.backend.mirrors.debian.org/_health',
+        }
 
 	vsftpd::site { 'security':
-		source  => template('roles/security_mirror/vsftpd.conf.erb'),
-		logfile => $logfile,
-		bind    => $bind,
+		ensure => absent,
+		root   => '/nonexistent',
 	}
 
-	if $bind6 {
-		vsftpd::site { 'security-v6':
-			source  => template('roles/security_mirror/vsftpd.conf.erb'),
-			logfile => $logfile,
-			bind    => $bind6,
-		}
+	rsync::site { 'security':
+		source      => 'puppet:///modules/roles/security_mirror/rsyncd.conf',
+		max_clients => 100,
+		binds       => $binds,
 	}
 
+	$onion_v4_addr = $::hostname ? {
+		mirror-anu => '150.203.164.61',
+		mirror-isc => '149.20.4.14',
+		mirror-umn => '128.101.240.215',
+		villa      => '212.211.132.32',
+		lobos      => '212.211.132.250',
+		default   => undef,
+	}
+	if has_role('security_mirror_onion') {
+		if ! $onion_v4_addr {
+			fail("Do not have an onion_v4_addr set for $::hostname.")
+		}
+
+		onion::service { 'security.debian.org':
+			port => 80,
+			target_port => 80,
+			target_address => $onion_v4_addr,
+		}
+	}
 }