security_upload -> hiera role

author Peter Palfrader <peter@palfrader.org>

Sun, 15 Sep 2019 16:25:06 +0000 (18:25 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sun, 15 Sep 2019 16:25:06 +0000 (18:25 +0200)
author Peter Palfrader <peter@palfrader.org>
Sun, 15 Sep 2019 16:25:06 +0000 (18:25 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sun, 15 Sep 2019 16:25:06 +0000 (18:25 +0200)
diff --git a/hieradata/common.yaml b/hieradata/common.yaml

index 4c39fc1..00b256d 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -105,8 +105,6 @@ roles:
        fastly-backend: true
    security_tracker:
      - soriano.debian.org
-  security_upload:
-    - suchon.debian.org
    sso:
      - diabelli.debian.org
    # single sign on relying party (host) - also required apache2 module enabled on that host via other means
diff --git a/hieradata/nodes/suchon.debian.org.yaml b/hieradata/nodes/suchon.debian.org.yaml

index 49ef5b0..336dd06 100644 (file)
--- a/hieradata/nodes/suchon.debian.org.yaml
+++ b/hieradata/nodes/suchon.debian.org.yaml
@@ -1,3 +1,4 @@
  ---
  classes:
+  - roles::security_upload
    - roles::ssh_upload
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp

index bc752fb..4e4a9a2 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -34,9 +34,6 @@ class roles {
                 include roles::dakmaster
                 include roles::signing
         }
-       if has_role('security_upload') {
-               include roles::security_upload
-       }
         #
         # security.debian.org
         if has_role('security_master') {
diff --git a/modules/roles/manifests/security_upload.pp b/modules/roles/manifests/security_upload.pp

index 3963136..c972d41 100644 (file)
--- a/modules/roles/manifests/security_upload.pp
+++ b/modules/roles/manifests/security_upload.pp
@@ -1,25 +1,25 @@
  class roles::security_upload {
-       file { '/srv/security.upload.debian.org':
-               ensure  => directory,
-               mode    => '2755',
-               owner   => dak,
-               group   => debadmin,
-       }
+  file { '/srv/security.upload.debian.org':
+    ensure => directory,
+    mode   => '2755',
+    owner  => dak,
+    group  => debadmin,
+  }
  
-       file { '/etc/ssh/userkeys/dak':
-               ensure  => present,
-               mode    => '644',
-               owner   => dak,
-               group   => debadmin,
-       }
+  file { '/etc/ssh/userkeys/dak':
+    ensure => present,
+    mode   => '0644',
+    owner  => dak,
+    group  => debadmin,
+  }
  
-       vsftpd::site { 'security-upload':
-               banner     => 'ftp.security.upload.debian.org FTP server',
-               logfile    => '/var/log/ftp/vsftpd-security.upload.debian.org.log',
-               writable   => true,
-               readable   => false,
-               listable   => false,
-               chown_user => dak-unpriv,
-               root       => '/srv/security.upload.debian.org/ftp',
-       }
+  vsftpd::site { 'security-upload':
+    banner     => 'ftp.security.upload.debian.org FTP server',
+    logfile    => '/var/log/ftp/vsftpd-security.upload.debian.org.log',
+    writable   => true,
+    readable   => false,
+    listable   => false,
+    chown_user => dak-unpriv,
+    root       => '/srv/security.upload.debian.org/ftp',
+  }
  }
author	Peter Palfrader <peter@palfrader.org>
	Sun, 15 Sep 2019 16:25:06 +0000 (18:25 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sun, 15 Sep 2019 16:25:06 +0000 (18:25 +0200)
hieradata/common.yaml		patch \| blob \| history
hieradata/nodes/suchon.debian.org.yaml		patch \| blob \| history
modules/roles/manifests/init.pp		patch \| blob \| history
modules/roles/manifests/security_upload.pp		patch \| blob \| history