From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 15 Sep 2019 07:59:12 +0000 (+0200)
Subject: bugs role cleanup
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=07307bc8fa2416ce3b972d891b6fa53d93992a87;p=mirror%2Fdsa-puppet.git

bugs role cleanup
---

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 8dec0bc0c..f07a22616 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -35,11 +35,6 @@ staticsync::basedir: '/srv/static.debian.org'
 roles:
   bugsmx:
     - buxtehude.debian.org
-  bugs_master:
-    - buxtehude.debian.org
-  bugs_base:
-    - buxtehude.debian.org
-    - beach.debian.org
   contributors:
     - nono.debian.org
   dbmaster:
diff --git a/hieradata/nodes/buxtehude.debian.org.yaml b/hieradata/nodes/buxtehude.debian.org.yaml
index 7e04deb1b..8d9fac3df 100644
--- a/hieradata/nodes/buxtehude.debian.org.yaml
+++ b/hieradata/nodes/buxtehude.debian.org.yaml
@@ -1,4 +1,7 @@
 ---
+classes:
+  - roles::bugs_master
+
 apache2::smaller_number_of_threads: true
 # debbugs cgis like to fork and don't deal well with EAGAIN
 apache2::rlimitnproc: 450
diff --git a/modules/roles/TODO b/modules/roles/TODO
new file mode 100644
index 000000000..88627d873
--- /dev/null
+++ b/modules/roles/TODO
@@ -0,0 +1,3 @@
+- the two bugs web hosts handle /srv/bugs.debian.org/cache/libravatar
+  differently.  Figure out which is best and move the definition to bugs_web.
+
diff --git a/modules/roles/manifests/bugs_master.pp b/modules/roles/manifests/bugs_master.pp
new file mode 100644
index 000000000..faaeecc4d
--- /dev/null
+++ b/modules/roles/manifests/bugs_master.pp
@@ -0,0 +1,6 @@
+class roles::bugs_master {
+  include roles::bugs_web
+
+  ssl::service { 'bugs-devel.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+  ssl::service { 'bugs-master.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+}
diff --git a/modules/roles/manifests/bugs_mirror.pp b/modules/roles/manifests/bugs_mirror.pp
index a30b05c82..4a45d0e1d 100644
--- a/modules/roles/manifests/bugs_mirror.pp
+++ b/modules/roles/manifests/bugs_mirror.pp
@@ -1,21 +1,19 @@
 class roles::bugs_mirror {
-	include apache2
+  include roles::bugs_web
 
-	rsync::site { 'bugs_mirror':
-		source      => 'puppet:///modules/roles/bugs_mirror/rsyncd.conf',
-		max_clients => 100,
-	}
+  rsync::site { 'bugs_mirror':
+    source      => 'puppet:///modules/roles/bugs_mirror/rsyncd.conf',
+    max_clients => 100,
+  }
 
-	if $::apache2 {
-		apache2::site { '009-bugs-mirror.debian.org':
-			site   => 'bugs-mirror.debian.org',
-			source => 'puppet:///modules/roles/bugs_mirror/bugs-mirror.debian.org',
-		}
-	}
+  apache2::site { '009-bugs-mirror.debian.org':
+    site   => 'bugs-mirror.debian.org',
+    source => 'puppet:///modules/roles/bugs_mirror/bugs-mirror.debian.org',
+  }
 
-	file { '/srv/bugs.debian.org/cache/libravatar':
-		ensure => directory,
-		owner  => 'www-data',
-		mode   => '0755',
-	}
+  file { '/srv/bugs.debian.org/cache/libravatar':
+    ensure => directory,
+    owner  => 'www-data',
+    mode   => '0755',
+  }
 }
diff --git a/modules/roles/manifests/bugs_web.pp b/modules/roles/manifests/bugs_web.pp
new file mode 100644
index 000000000..b62fc40b5
--- /dev/null
+++ b/modules/roles/manifests/bugs_web.pp
@@ -0,0 +1,12 @@
+class roles::bugs_web {
+  include apache2
+
+  ssl::service { 'bugs.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
+  ferm::rule { 'dsa-bugs-abusers':
+    prio => '005',
+    rule => 'saddr (220.243.135/24 220.243.136/24) DROP',
+  }
+}
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 69bd62509..1277a9cfd 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -15,21 +15,6 @@ class roles {
 		include nagios::server
 	}
 
-	if has_role('bugs_base') {
-		ssl::service { 'bugs.debian.org':
-			notify  => Exec['service apache2 reload'],
-			key => true,
-		}
-		ferm::rule { 'dsa-bugs-abusers':
-			prio	=> "005",
-			rule	=> "saddr (220.243.135/24 220.243.136/24) DROP",
-		}
-	}
-	if has_role('bugs_master') {
-		ssl::service { 'bugs-devel.debian.org': notify  => Exec['service apache2 reload'], key => true, }
-		ssl::service { 'bugs-master.debian.org': notify  => Exec['service apache2 reload'], key => true, }
-	}
-
 	if has_role('manpages-dyn') {
 		include roles::manpages_dyn
 	}