wieck.debian.org:
service-hostname: wieck.security.backend.mirrors.debian.org
fastly-backend: true
- syncproxy:
- # XXX - used by ferm templates/defs.conf.erb
- - gretchaninov.debian.org
- - klecker.debian.org
- - milanollo.debian.org
- - mirror-anu.debian.org
- - mirror-isc.debian.org
- - mirror-umn.debian.org
- - schmelzer.debian.org
- - smit.debian.org
postgres_backup_server:
# XXX - used by ferm templates/defs.conf.erb
- backuphost.debian.org
allnodeinfo = scope.lookupvar('deprecated::allnodeinfo')
roles = scope.lookupvar('deprecated::roles')
- %w{mailrelay nagiosmaster muninmaster postgres_backup_server syncproxy security_master ftp_master historical_master ports_master}.each do |role|
+ %w{mailrelay nagiosmaster muninmaster postgres_backup_server}.each do |role|
rolehost[role] = []
roles[role].each do |node|
next unless allnodeinfo.has_key?(node) and allnodeinfo[node].has_key?('ipHostNumber')
@def $HOST_PGBACKUPHOST_V6 = (<%= scope.function_filter_ipv6([rolehost['postgres_backup_server']]).uniq.join(' ') %>);
@def $HOST_PGBACKUPHOST = ( $HOST_PGBACKUPHOST_V4 $HOST_PGBACKUPHOST_V6 );
-@def $HOST_FTPMASTER_V4 = (<%= scope.function_filter_ipv4([rolehost['ftp_master']]).uniq.join(' ') %>);
-@def $HOST_FTPMASTER_V6 = (<%= scope.function_filter_ipv6([rolehost['ftp_master']]).uniq.join(' ') %>);
-@def $HOST_SECMASTER_V4 = (<%= scope.function_filter_ipv4([rolehost['security_master']]).uniq.join(' ') %>);
-@def $HOST_SECMASTER_V6 = (<%= scope.function_filter_ipv6([rolehost['security_master']]).uniq.join(' ') %>);
-@def $HOST_PORTSMASTER_V4 = (<%= scope.function_filter_ipv4([rolehost['ports_master']]).uniq.join(' ') %>);
-@def $HOST_PORTSMASTER_V6 = (<%= scope.function_filter_ipv6([rolehost['ports_master']]).uniq.join(' ') %>);
-@def $HOST_ARCHIVEMASTER_V4 = (<%= scope.function_filter_ipv4([rolehost['historical_master']]).uniq.join(' ') %>);
-@def $HOST_ARCHIVEMASTER_V6 = (<%= scope.function_filter_ipv6([rolehost['historical_master']]).uniq.join(' ') %>);
-@def $HOST_SYNCPROXY_V4 = (<%= scope.function_filter_ipv4([rolehost['syncproxy']]).uniq.join(' ') %>);
-@def $HOST_SYNCPROXY_V6 = (<%= scope.function_filter_ipv6([rolehost['syncproxy']]).uniq.join(' ') %>);
-# syncproxy.au syncproxy2.eu syncproxy3.eu syncproxy4.eu
-@def $HOST_SYNCPROXY_V4 = ($HOST_SYNCPROXY_V4 150.203.164.60 130.89.148.10 5.153.231.9 217.196.149.237);
-@def $HOST_SYNCPROXY_V6 = ($HOST_SYNCPROXY_V6 2001:388:1034:2900::3c 2001:67c:2564:a119::148:10 2001:41c8:1000:21::21:9 2a02:16a8:dc41:100::237);
-# syncproxy.cna syncproxy.na syncproxy2.wna syncproxy3.wna
-@def $HOST_SYNCPROXY_V4 = ($HOST_SYNCPROXY_V4 128.101.240.216 128.31.0.64 149.20.4.16 209.87.16.40);
-@def $HOST_SYNCPROXY_V6 = ($HOST_SYNCPROXY_V6 2607:ea00:101:3c0b::1deb:216 2603:400a:ffff:bb8::801f:40 2001:4f8:1:c::16 2607:f8f0:614:1::1274:40);
-
<%
def getfastlyranges()
ssh4allowed << %w{$HOST_DEBIAN_V4}
ssh6allowed << %w{$HOST_DEBIAN_V6}
end
-
- if scope.function_has_role(['debian_mirror']) or
- scope.function_has_role(['syncproxy']) then
- ssh4allowed << '$HOST_SYNCPROXY_V4'
- ssh6allowed << '$HOST_SYNCPROXY_V6'
- end
- if scope.function_has_role(['security_mirror']) or
- scope.function_has_role(['syncproxy']) then
- ssh4allowed << '$HOST_SECMASTER_V4'
- ssh6allowed << '$HOST_SECMASTER_V6'
- end
- if scope.function_has_role(['historical_mirror']) then
- ssh4allowed << '$HOST_ARCHIVEMASTER_V4'
- ssh6allowed << '$HOST_ARCHIVEMASTER_V6'
- end
- if scope.function_has_role(['syncproxy']) then
- ssh4allowed << '$HOST_FTPMASTER_V4'
- ssh6allowed << '$HOST_FTPMASTER_V6'
- ssh4allowed << '$HOST_PORTSMASTER_V4'
- ssh6allowed << '$HOST_PORTSMASTER_V6'
- end
- if scope.function_has_role(['debug_mirror']) then
- ssh4allowed << '$HOST_FTPMASTER_V4'
- ssh6allowed << '$HOST_FTPMASTER_V6'
- end
end
ssh4allowed.length == 0 and ssh4allowed << '0.0.0.0/0'
ssh6allowed.length == 0 and ssh6allowed << '::/0'