Revert "Revert "ssh_upload -> hiera role""

author Peter Palfrader <peter@palfrader.org>

Sun, 15 Sep 2019 15:09:29 +0000 (17:09 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sun, 15 Sep 2019 15:10:56 +0000 (17:10 +0200)
author Peter Palfrader <peter@palfrader.org>
Sun, 15 Sep 2019 15:09:29 +0000 (17:09 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sun, 15 Sep 2019 15:10:56 +0000 (17:10 +0200)
diff --git a/hieradata/common.yaml b/hieradata/common.yaml

index 2e4b0e6..c63ec9a 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -112,10 +112,6 @@ roles:
      - soriano.debian.org
    security_upload:
      - suchon.debian.org
-  ssh.upload.d.o:
-    - coccia.debian.org
-    - suchon.debian.org
-    - usper.debian.org
    sso:
      - diabelli.debian.org
    # single sign on relying party (host) - also required apache2 module enabled on that host via other means
diff --git a/hieradata/nodes/coccia.debian.org.yaml b/hieradata/nodes/coccia.debian.org.yaml

index dfa719b..17868ed 100644 (file)
--- a/hieradata/nodes/coccia.debian.org.yaml
+++ b/hieradata/nodes/coccia.debian.org.yaml
@@ -2,4 +2,5 @@
  classes:
    - roles::api_ftp_master
    - roles::ftp_upload
+  - roles::ssh_upload
    - roles::static_source
diff --git a/hieradata/nodes/suchon.debian.org.yaml b/hieradata/nodes/suchon.debian.org.yaml

new file mode 100644 (file)

index 0000000..49ef5b0
--- /dev/null
+++ b/hieradata/nodes/suchon.debian.org.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  - roles::ssh_upload
diff --git a/hieradata/nodes/usper.debian.org.yaml b/hieradata/nodes/usper.debian.org.yaml

index 7d70f59..3883d97 100644 (file)
--- a/hieradata/nodes/usper.debian.org.yaml
+++ b/hieradata/nodes/usper.debian.org.yaml
@@ -1,3 +1,4 @@
  ---
  classes:
    - roles::ftp_upload
+  - roles::ssh_upload
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp

index f1e24a7..83ddc6c 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -34,9 +34,6 @@ class roles {
                 include roles::dakmaster
                 include roles::signing
         }
-       if has_role('ssh.upload.d.o') {
-               include roles::ssh_upload
-       }
         if has_role('security_upload') {
                 include roles::security_upload
         }
diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb

index 870f16f..84e7502 100644 (file)
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -21,7 +21,7 @@ HostKey /etc/ssh/ssh_host_rsa_key
  <%- if has_variable?("has_etc_ssh_ssh_host_ed25519_key") && @has_etc_ssh_ssh_host_ed25519_key -%>
  HostKey /etc/ssh/ssh_host_ed25519_key
  <% end %>
-<% if scope.function_has_role(['ssh.upload.d.o']) -%>
+<% if classes.include?("roles::ssh_upload") -%>
  # On ssh upload hosts we have many clients doing ssh connections to us.
  # sshd has - by default - a limit of 10 on the number of currently
  # unauthenticated (or not yet authenticated) connections.  Raise that limit.
author	Peter Palfrader <peter@palfrader.org>
	Sun, 15 Sep 2019 15:09:29 +0000 (17:09 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sun, 15 Sep 2019 15:10:56 +0000 (17:10 +0200)
hieradata/common.yaml		patch \| blob \| history
hieradata/nodes/coccia.debian.org.yaml		patch \| blob \| history
hieradata/nodes/suchon.debian.org.yaml	[new file with mode: 0644]	patch \| blob
hieradata/nodes/usper.debian.org.yaml		patch \| blob \| history
modules/roles/manifests/init.pp		patch \| blob \| history
modules/ssh/templates/sshd_config.erb		patch \| blob \| history