Add planet_master role and planet-master.d.o vhost

Access to the vhost is restricted to d.o hosts, the idea being it is
only to be used for testing.

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index e59a088..826dd24 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -269,6 +269,8 @@ roles:
   ports_mirror_onion:
     - klecker.debian.org
     - mirror-isc.debian.org
+  planet_master:
+    - philp.debian.org
   planet_search:
     - philp.debian.org
   i18n.d.o:

diff --git a/modules/roles/files/planet_master/planet-master.debian.org b/modules/roles/files/planet_master/planet-master.debian.org
new file mode 100644 (file)
index 0000000..a58f07c
--- /dev/null
+++ b/modules/roles/files/planet_master/planet-master.debian.org
@@ -0,0 +1,20 @@
+Use common-debian-service-https-redirect * planet-master.debian.org
+<VirtualHost *:443>
+       ServerName planet-master.debian.org
+       ServerAdmin debian-admin@lists.debian.org
+
+       Use common-debian-service-ssl planet-master.debian.org
+       Use common-ssl-HSTS
+
+       <IfModule mod_userdir.c>
+               UserDir disabled
+       </IfModule>
+       ErrorLog ${APACHE_LOG_DIR}/planet-master.debian.org-error.log
+       CustomLog ${APACHE_LOG_DIR}/planet-master.debian.org-access.log privacy
+       ServerSignature On
+
+       DocumentRoot /srv/planet.debian.org/www
+       <Directory /srv/planet.debian.org/www>
+               Use DebianHostList
+       </Directory>
+</VirtualHost>

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index ffd054b..2a2bb49 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -297,6 +297,9 @@ class roles {
                include roles::debtags
        }
 
+       if has_role('planet_master') {
+               include roles::planet_master
+       }
        if has_role('planet_search') {
                ssl::service { 'planet-search.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }

diff --git a/modules/roles/manifests/planet_master.pp b/modules/roles/manifests/planet_master.pp
new file mode 100644 (file)
index 0000000..5114ece
--- /dev/null
+++ b/modules/roles/manifests/planet_master.pp
@@ -0,0 +1,13 @@
+class roles::planet_master {
+       include apache2::ssl
+       apache2::config { 'puppet-debianhosts':
+               content => template('roles/conf-debianhostlist.erb'),
+       }
+       apache2::site { 'planet-master.debian.org':
+               source => 'puppet:///modules/roles/planet_master/planet-master.debian.org',
+       }
+       ssl::service { 'planet-master.debian.org':
+               notify => Exec['service apache2 reload'],
+               key => true,
+       }
+}

diff --git a/modules/roles/templates/conf-debianhostlist.erb b/modules/roles/templates/conf-debianhostlist.erb
new file mode 100644 (file)
index 0000000..e3056c6
--- /dev/null
+++ b/modules/roles/templates/conf-debianhostlist.erb
@@ -0,0 +1,22 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+<Macro DebianHostList>
+
+<%=
+  lines = []
+
+  scope.lookupvar('site::allnodeinfo').keys.sort.each do |node|
+    lines << "  # #{scope.lookupvar('site::allnodeinfo')[node]['hostname'][0]}"
+    scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr|
+      lines << "  Require ip #{addr}"
+    end
+  end
+  lines.join("\n")
+# vim:set et:
+# vim:set sts=2 ts=2:
+# vim:set shiftwidth=2:
+%>
+</Macro>