projects / mirror / dsa-puppet.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 885b139) | patch
Attempt to partition staticsync ssh setup
authorPeter Palfrader <peter@palfrader.org>
Sun, 8 Sep 2019 07:17:15 +0000 (09:17 +0200)
committerPeter Palfrader <peter@palfrader.org>
Sun, 8 Sep 2019 07:17:16 +0000 (09:17 +0200)
commit712cd877cbd2f5edfd6448384253d2c7c591220a
tree5561ef7f5aabcb2c8c487b512c177afac9942df3tree | snapshot
parent885b1390848612043dfe4656dd447989ac7555fecommit | diff
Attempt to partition staticsync ssh setup

In the old setup, every host that is involved with staticsync can ssh to
every other host.

In this new setup:
 - sources can only reach masters (not mirrors),
 - mirrors can only reach masters (not sources), and
 - masters still can talk to all other sources and mirrors
   (but not other masters).
modules/roles/manifests/static/base.pp diff | blob | history
modules/roles/manifests/static/ssh.pp [new file with mode: 0644] blob
modules/roles/manifests/static_master.pp diff | blob | history
modules/roles/manifests/static_mirror.pp diff | blob | history
modules/roles/manifests/static_source.pp diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.