Instead, relying services should include roles::sso_rp.
- quantz.debian.org
popcon:
- pinel.debian.org
- qamaster:
- - quantz.debian.org
rtmaster:
- reger.debian.org
security_master:
fastly-backend: true
security_tracker:
- soriano.debian.org
- # single sign on relying party (host) - also required apache2 module enabled on that host via other means
- sso_rp:
- - debussy.debian.org
- - diabelli.debian.org
- - jerea.debian.org
- - nono.debian.org
- - quantz.debian.org
- - tate.debian.org
- - ticharich.debian.org
- - wilder.debian.org
- - wuiet.debian.org
static_mirror_onion:
- klecker.debian.org
- mirror-isc.debian.org
--- /dev/null
+---
+classes:
+ - roles::qamaster
+
+# qa scripts sometimes needs a lot of memory. raise the limit to 300 MB
+apache2::rlimitmem: 314572800
$memlimit = 512 * 1024 * 1024
} elsif has_role('popcon') {
$memlimit = 512 * 1024 * 1024
- } elsif has_role('qamaster') {
- $memlimit = 300 * 1024 * 1024
} else {
$memlimit = $rlimitmem
}
class roles::buildd_master {
+ include apache2
+ include roles::sso_rp
+
ssl::service { 'buildd.debian.org':
- notify => Exec['service apache2 reload'],
- key => true,
+ notify => Exec['service apache2 reload'],
+ key => true,
}
ssh::authorized_key_collect { 'buildd-master':
class roles::contributors {
include apache2
+ include roles::sso_rp
+
ssl::service { 'contributors.debian.org':
notify => Exec['service apache2 reload'],
key => true,
include apache2::ssl
include apache2::expires
+ include roles::sso_rp
+
package { 'libapache2-mod-wsgi-py3': ensure => installed, }
apache2::module { 'wsgi': require => Package['libapache2-mod-wsgi-py3'] }
class roles::debtags {
include apache2
include apache2::ssl
+ include roles::sso_rp
package { 'libapache2-mod-wsgi-py3': ensure => installed, }
apache2::module { 'wsgi': require => Package['libapache2-mod-wsgi-py3'] }
}
- if has_role('qamaster') {
- ssl::service { 'qa.debian.org': notify => Exec['service apache2 reload'], key => true, }
- }
-
if has_role('packagesqamaster') {
ssl::service { 'packages.qa.debian.org': notify => Exec['service apache2 reload'], key => true, }
}
class roles::jenkins {
+ include apache2
+ include roles::sso_rp
+
include apache2::ssl
apache2::module { 'proxy_http': }
apache2::site { '010-jenkins.debian.org':
- site => 'jenkins.debian.org',
+ site => 'jenkins.debian.org',
source => 'puppet:///modules/roles/jenkins/jenkins.debian.org',
}
ssl::service { 'jenkins.debian.org':
- notify => Exec['service apache2 reload'],
- key => true,
+ notify => Exec['service apache2 reload'],
+ key => true,
}
dsa_systemd::linger { 'jenkins': }
class roles::nm {
include apache2
+ include roles::sso_rp
+
ssl::service { 'nm.debian.org':
notify => Exec['service apache2 reload'],
key => true,
--- /dev/null
+class roles::qamaster {
+ include apache2
+ include roles::sso_rp
+
+ ssl::service { 'qa.debian.org': notify => Exec['service apache2 reload'], key => true, }
+}
class roles::sso {
include apache2
+ include roles::sso_rp
ssl::service { 'sso.debian.org':
notify => Exec['service apache2 reload'],
class roles::tracker {
include apache2
+ include roles::sso_rp
+
package { 'libapache2-mod-wsgi-py3': ensure => installed, }
apache2::module { 'wsgi': require => Package['libapache2-mod-wsgi-py3'] }
ssl::service { 'tracker.debian.org':
class roles::wiki {
include apache2
+ include roles::sso_rp
+
ssl::service { 'wiki.debian.org':
notify => Exec['service apache2 reload'],
key => true,
projects / mirror / dsa-puppet.git / commitdiff