Attempt to enable melartin(mirrormaster) to ssh to all the mirrors/syncproxies

author Peter Palfrader <peter@palfrader.org>

Sat, 21 Sep 2019 09:58:58 +0000 (11:58 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sat, 21 Sep 2019 09:59:08 +0000 (11:59 +0200)
author Peter Palfrader <peter@palfrader.org>
Sat, 21 Sep 2019 09:58:58 +0000 (11:58 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sat, 21 Sep 2019 09:59:08 +0000 (11:59 +0200)
diff --git a/hieradata/nodes/melartin.debian.org.yaml b/hieradata/nodes/melartin.debian.org.yaml

index 3ccff77..8a22ab9 100644 (file)
--- a/hieradata/nodes/melartin.debian.org.yaml
+++ b/hieradata/nodes/melartin.debian.org.yaml
@@ -1,2 +1,3 @@
  classes:
    - roles::static_source
+  - roles::mirrormaster
diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp

index d84c21b..c61d3fb 100644 (file)
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -18,4 +18,6 @@ class roles::archvsync_base {
      ensure => 'link',
      target => '/home/archvsync/.ssh/authorized_keys',
    }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::allow' |>>
  }
diff --git a/modules/roles/manifests/mirrormaster.pp b/modules/roles/manifests/mirrormaster.pp

new file mode 100644 (file)

index 0000000..2d8d7d1
--- /dev/null
+++ b/modules/roles/manifests/mirrormaster.pp
@@ -0,0 +1,11 @@
+# the mirrormaster needs to be able to ssh to all the syncproxies and mirrors
+# to update their config
+class roles::mirrormaster(
+) {
+  @@ferm::rule::simple { "dsa-ssh-from-mirrormaster-${::fqdn}":
+    tag         => 'ssh::server::allow',
+    description => 'Allow ssh access from the mirrormaster',
+    port        => '22',
+    saddr       => $base::public_addresses,
+  }
+}
author	Peter Palfrader <peter@palfrader.org>
	Sat, 21 Sep 2019 09:58:58 +0000 (11:58 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sat, 21 Sep 2019 09:59:08 +0000 (11:59 +0200)
hieradata/nodes/melartin.debian.org.yaml		patch \| blob \| history
modules/roles/manifests/archvsync_base.pp		patch \| blob \| history
modules/roles/manifests/mirrormaster.pp	[new file with mode: 0644]	patch \| blob