Keep a list of fastly IPs

diff --git a/modules/puppetmaster/files/update-fastly-ips.cron b/modules/puppetmaster/files/update-fastly-ips.cron
new file mode 100644 (file)
index 0000000..21bfb45
--- /dev/null
+++ b/modules/puppetmaster/files/update-fastly-ips.cron
@@ -0,0 +1,2 @@
+MAILTO=root
+@daily puppet update-fastly-ips /srv/puppet.debian.org/puppet-facts/fastly_ranges.yaml

diff --git a/modules/puppetmaster/files/update-fastly-ips.sh b/modules/puppetmaster/files/update-fastly-ips.sh
new file mode 100644 (file)
index 0000000..ab0871c
--- /dev/null
+++ b/modules/puppetmaster/files/update-fastly-ips.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+dest="$1"
+tmp=$(mktemp -d)
+
+cd $tmp
+if [ -d /etc/ssl/ca-global ]; then
+       wgetopts=--ca-directory=/etc/ssl/ca-global
+fi
+wget $wgetopts -q https://api.fastly.com/public-ip-list
+if cmp public-ip-list "$dest" >/dev/null; then
+       exit 0
+fi
+chmod --reference="$dest" public-ip-list
+mv public-ip-list "$dest"

diff --git a/modules/puppetmaster/manifests/init.pp b/modules/puppetmaster/manifests/init.pp
index 99684ba..a5faeba 100644 (file)
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -26,4 +26,12 @@ class puppetmaster {
        concat { '/srv/puppet.debian.org/puppet-facts/onionbalance-services.yaml':
        }
        Concat::Fragment <<| tag == "onionbalance-services.yaml" |>>
+
+       file { '/etc/cron.d/update-fastly-ips':
+               source => 'puppet:///modules/puppetmaster/update-fastly-ips.cron'
+       }
+       file { '/usr/local/bin/update-fastly-ips':
+               source => 'puppet:///modules/puppetmaster/update-fastly-ips.sh',
+               mode   => '0555',
+       }
 }