make bytemark a security mirror (for anycast)

author Peter Palfrader <peter@palfrader.org>

Thu, 23 Feb 2017 19:00:54 +0000 (20:00 +0100)

committer Peter Palfrader <peter@palfrader.org>

Thu, 23 Feb 2017 19:00:54 +0000 (20:00 +0100)
author Peter Palfrader <peter@palfrader.org>
Thu, 23 Feb 2017 19:00:54 +0000 (20:00 +0100)
committer Peter Palfrader <peter@palfrader.org>
Thu, 23 Feb 2017 19:00:54 +0000 (20:00 +0100)
diff --git a/hieradata/common.yaml b/hieradata/common.yaml

index 4917927..f3f39e5 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -106,6 +106,7 @@ roles:
      - seger.debian.org
    security_mirror:
      - mirror-anu.debian.org
+    - mirror-bytemark.debian.org
      - mirror-conova.debian.org
      - mirror-csail.debian.org
      - mirror-isc.debian.org
@@ -121,6 +122,10 @@ roles:
      - mirror-umn.debian.org
      - lobos.debian.org
      - villa.debian.org
+  security_mirror_no_ftp:
+    # hosts that are not part of security.debian.org but
+    # only participiate in the anycast do not need ftp
+    - mirror-bytemark.debian.org
    security_tracker:
      - soriano.debian.org
    ssh.upload.d.o:
diff --git a/modules/roles/manifests/debian_mirror.pp b/modules/roles/manifests/debian_mirror.pp

index 6273a57..14ae354 100644 (file)
--- a/modules/roles/manifests/debian_mirror.pp
+++ b/modules/roles/manifests/debian_mirror.pp
@@ -4,6 +4,7 @@ class roles::debian_mirror {
         $vhost_listen = join([
                 $::hostname ? {
                         klecker    => '130.89.148.12:80 [2001:610:1908:b000::148:12]:80',
+                       mirror-bytemark => '5.153.231.45:80 [2001:41c8:1000:21::21:45]:80',
                         mirror-isc => '149.20.4.15:80 [2001:4f8:1:c::15]:80',
                         mirror-conova => '217.196.149.232:80 [2a02:16a8:dc41:100::232]:80',
                         default => '*:80',
@@ -13,7 +14,7 @@ class roles::debian_mirror {
                         default => '',
                 }], ' ')
         $onion_v4_addr = $::hostname ? {
-               mirror-bytemark => '5.153.231.37',
+               mirror-bytemark => '5.153.231.45',
                 klecker    => '130.89.148.12',
                 mirror-isc => '149.20.4.15',
                 default    => undef,
diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp

index 924ec12..1cda924 100644 (file)
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -3,6 +3,7 @@ class roles::security_mirror {
  
         $rsync_bind = $::hostname ? {
                 mirror-anu => '150.203.164.61',
+               mirror-bytemark => '5.153.231.46',
                 mirror-conova => '217.196.149.233',
                 mirror-isc => '149.20.4.14',
                 mirror-umn => '128.101.240.215',
@@ -10,6 +11,7 @@ class roles::security_mirror {
         }
         $rsync_bind6 = $::hostname ? {
                 mirror-anu => '2001:388:1034:2900::3d',
+               mirror-bytemark => '2001:41c8:1000:21::21:46',
                 mirror-conova => '2a02:16a8:dc41:100::233',
                 mirror-isc => '2001:4f8:1:c::14',
                 mirror-umn => '2607:ea00:101:3c0b::1deb:215',
@@ -35,21 +37,25 @@ class roles::security_mirror {
                 content => template('roles/security_mirror/security.debian.org.erb')
         }
  
-       include ferm::ftp_conntrack
-       vsftpd::site { 'security':
-               banner       => 'security.debian.org FTP server (vsftpd)',
-               logfile      => '/var/log/ftp/vsftpd-security.debian.org.log',
-               max_clients  => 200,
-               root         => '/srv/ftp.root/',
-               bind         => $ftp_bind,
-       }
-       if ($ftp_bind6) {
-               vsftpd::site { 'security6':
+       if has_role('security_mirror_no_ftp') {
+        # nop
+       } else {
+               include ferm::ftp_conntrack
+               vsftpd::site { 'security':
                         banner       => 'security.debian.org FTP server (vsftpd)',
-                       logfile      => '/var/log/ftp/vsftpd-security6.debian.org.log',
+                       logfile      => '/var/log/ftp/vsftpd-security.debian.org.log',
                         max_clients  => 200,
                         root         => '/srv/ftp.root/',
-                       bind         => $ftp_bind6,
+                       bind         => $ftp_bind,
+               }
+               if ($ftp_bind6) {
+                       vsftpd::site { 'security6':
+                               banner       => 'security.debian.org FTP server (vsftpd)',
+                               logfile      => '/var/log/ftp/vsftpd-security6.debian.org.log',
+                               max_clients  => 200,
+                               root         => '/srv/ftp.root/',
+                               bind         => $ftp_bind6,
+                       }
                 }
         }
author	Peter Palfrader <peter@palfrader.org>
	Thu, 23 Feb 2017 19:00:54 +0000 (20:00 +0100)
committer	Peter Palfrader <peter@palfrader.org>
	Thu, 23 Feb 2017 19:00:54 +0000 (20:00 +0100)
hieradata/common.yaml		patch \| blob \| history
modules/roles/manifests/debian_mirror.pp		patch \| blob \| history
modules/roles/manifests/security_mirror.pp		patch \| blob \| history