gobby -> hiera role; explicitly include apache2

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 350d66e..8882e8c 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -160,8 +160,6 @@ roles:
     - storace.debian.org
   dabackup_client:
     - lw03.debian.org
-  gobby_debian_org:
-    - gombert.debian.org
   debian_mirror:
     klecker.debian.org:
       listen-addresses:

diff --git a/hieradata/nodes/gombert.debian.org.yaml b/hieradata/nodes/gombert.debian.org.yaml
new file mode 100644 (file)
index 0000000..44e75f5
--- /dev/null
+++ b/hieradata/nodes/gombert.debian.org.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  - roles::gobby

diff --git a/modules/roles/manifests/gobby.pp b/modules/roles/manifests/gobby.pp
new file mode 100644 (file)
index 0000000..807db0e
--- /dev/null
+++ b/modules/roles/manifests/gobby.pp
@@ -0,0 +1,20 @@
+class roles::gobby {
+  include apache2
+  ssl::service { 'gobby.debian.org':
+    notify   => [ Exec['service apache2 reload'], Exec['reload gobby'] ],
+    key      => true,
+    tlsaport => [443, 6523],
+  }
+  file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
+    ensure  => present,
+    mode    => '0440',
+    group   => 'gobby',
+    content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'),
+    links   => follow,
+    notify  => Exec['reload gobby'],
+  }
+  exec { 'reload gobby':
+    command     => 'pkill -u gobby -HUP -x infinoted',
+    refreshonly => true,
+  }
+}

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 8f1e391..dfe57f0 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -122,26 +122,6 @@ class roles {
                ssl::service { 'packages.qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }
 
-       if has_role('gobby_debian_org') {
-               ssl::service { 'gobby.debian.org':
-                       notify  => [ Exec['service apache2 reload'], Exec['reload gobby'] ],
-                       key => true,
-                       tlsaport => [443, 6523],
-               }
-               file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
-                       ensure => present,
-                       mode => '0440',
-                       group => 'gobby',
-                       content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'),
-                       links => follow,
-                       notify => Exec['reload gobby'],
-               }
-               exec { 'reload gobby':
-                       command => 'pkill -u gobby -HUP -x infinoted',
-                       refreshonly => true,
-               }
-       }
-
        if $::hostname in [lw01, lw02, lw03, lw04, lw09, lw10] {
                include roles::snapshot
        }