From: Peter Palfrader Date: Sun, 22 Sep 2019 11:19:47 +0000 (+0200) Subject: debug_mirror -> hiera role, first step X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;ds=sidebyside;h=dd84bd005d2b8ac910d4d239054eda5e29c633dc;p=mirror%2Fdsa-puppet.git debug_mirror -> hiera role, first step --- diff --git a/data/common.yaml b/data/common.yaml index 4c504ae78..a13f29586 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -126,15 +126,10 @@ roles: fastly-backend: true service-hostname: conova.debian.backend.mirrors.debian.org debug_mirror: - # XXX used also in ferm me.conf.erb + # XXX still used by the mirror health stuff mirror-accumu.debian.org: - onion_v4_address: 130.242.6.199 service-hostname: accumu.debug.backend.mirrors.debian.org schmelzer.debian.org: - listen-addresses: - - '217.196.149.232:80' - - '[2a02:16a8:dc41:100::232]:80' - onion_v4_address: 217.196.149.232 service-hostname: conova.debug.backend.mirrors.debian.org debug_mirror_onion: - mirror-accumu.debian.org diff --git a/data/nodes/mirror-accumu.debian.org.yaml b/data/nodes/mirror-accumu.debian.org.yaml new file mode 100644 index 000000000..2f885b964 --- /dev/null +++ b/data/nodes/mirror-accumu.debian.org.yaml @@ -0,0 +1,5 @@ +--- +classes: + - roles::debug_mirror + +roles::debug_mirror::onion_service: true diff --git a/data/nodes/schmelzer.debian.org.yaml b/data/nodes/schmelzer.debian.org.yaml index c94a36d8d..bfff68935 100644 --- a/data/nodes/schmelzer.debian.org.yaml +++ b/data/nodes/schmelzer.debian.org.yaml @@ -1,8 +1,11 @@ --- classes: + - roles::debug_mirror - roles::historical_mirror - roles::syncproxy +roles::debug_mirror::listen_addr: ['217.196.149.232', '2a02:16a8:dc41:100::232'] +roles::debug_mirror::onion_service: true roles::syncproxy::syncproxy_name: syncproxy4.eu.debian.org roles::syncproxy::listen_addr: ['217.196.149.237', '2a02:16a8:dc41:100::237'] roles::historical_mirror::listen_addr: ['217.196.149.234', '2a02:16a8:dc41:100::234'] diff --git a/modules/roles/manifests/debug_mirror.pp b/modules/roles/manifests/debug_mirror.pp index dc69cff88..0b361d8c8 100644 --- a/modules/roles/manifests/debug_mirror.pp +++ b/modules/roles/manifests/debug_mirror.pp @@ -1,35 +1,46 @@ -class roles::debug_mirror { +# a mirror for debug.debian.org +# +# @param listen_addr IP addresses to have apache listen on +# @param onion_service provide the onion service from this host +class roles::debug_mirror( + Array[Stdlib::IP::Address] $listen_addr = [], + Boolean $onion_service = false, +) { include roles::archvsync_base + include apache2 + + $_enclosed_addresses = empty($listen_addr) ? { + true => ['*'], + default => enclose_ipv6($listen_addr), + } + $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:80" } .join(' ') $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix') $archive_root = "${mirror_basedir_prefix}debian-debug" - $listen_addresses = hiera('roles.debug_mirror') - .dig($::fqdn, 'listen-addresses') - .then |$a| { $a + [ '127.0.0.1:80', '[::1]:80' ] } - .lest || { ['*:80'] } - - $vhost_listen = join($listen_addresses, ' ') - $onion_v4_addr = hiera('roles.debug_mirror', {}) - .dig($::fqdn, 'onion_v4_address') - apache2::site { '010-debug.mirrors.debian.org': site => 'debug.mirrors.debian.org', content => template('roles/apache-debug.mirrors.debian.org.erb'), } - if has_role('debug_mirror_onion') { - if ! $onion_v4_addr { - fail("Do not have an onion_v4_addr set for ${::hostname}.") + if $onion_service { + $onion_addr = empty($listen_addr) ? { + true => $base::public_address, + default => filter_ipv4($listen_addr)[0] + } + if ! $onion_addr { + fail("Do not have a useable address for the onionservice on ${::hostname}. Is \$listen_addr empty or does it not have an IPv4 address?.") } onion::service { 'debug.mirrors.debian.org': port => 80, target_port => 80, - target_address => $onion_v4_addr, + target_address => $onion_addr, } } + Ferm::Rule::Simple <<| tag == 'ssh::server::from::ftp_master' |>> + $hosts_to_check = hiera('roles.debug_mirror', {}) .map |$h| { $h[1]['service-hostname'] } roles::mirror_health { 'debug': @@ -38,6 +49,4 @@ class roles::debug_mirror { url => 'http://debug.backend.mirrors.debian.org/debian-debug/dists/sid-debug/Release', health_url => 'http://debug.backend.mirrors.debian.org/_health', } - - Ferm::Rule::Simple <<| tag == 'ssh::server::from::ftp_master' |>> } diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index 3232d5079..f94ebd2c7 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -15,11 +15,6 @@ class roles { include nagios::server } - # debug archive - if has_role('debug_mirror') { - include roles::debug_mirror - } - # ftp.debian.org and its ecosystem if has_role('debian_mirror') { include roles::debian_mirror