From: Tollef Fog Heen <tfheen@err.no>
Date: Fri, 2 Feb 2018 09:41:28 +0000 (+0100)
Subject: Get rid of security_mirror_onion role in favour of just keying off the ip address... 
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=0904c69751f7d6b4b0a7611e132edb901f213164;p=mirror%2Fdsa-puppet.git

Get rid of security_mirror_onion role in favour of just keying off the ip address in hiera
---

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 2fd6700c6..cc796a3c8 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -121,41 +121,38 @@ roles:
     - seger.debian.org
   security_mirror:
     mirror-anu.debian.org:
-        fastly-backend: false
+      onion_v4_address: 150.203.164.61
     mirror-bytemark.debian.org:
-        fastly-backend: false
+      fastly-backend: false
     mirror-conova.debian.org:
-        fastly-backend: false
+      fastly-backend: false
     mirror-csail.debian.org:
-        fastly-backend: false
+      fastly-backend: false
     mirror-isc.debian.org:
-        fastly-backend: false
+      onion_v4_address: 149.20.4.14
     mirror-umn.debian.org:
-        fastly-backend: false
+      onion_v4_address: 128.101.240.215
     mirror-accumu.debian.org:
-        fastly-backend: false
+      fastly-backend: false
     mirror-skroutz.debian.org:
-        fastly-backend: false
+      fastly-backend: false
     lobos.debian.org:
-        service-hostname: lobos.security.backend.mirrors.debian.org
-        fastly-backend: true
+      service-hostname: lobos.security.backend.mirrors.debian.org
+      fastly-backend: true
+      onion_v4_address: 212.211.132.250
     santoro.debian.org:
-        fastly-backend: false
+      fastly-backend: false
     setoguchi.debian.org:
-        fastly-backend: false
+      fastly-backend: false
     sechter.debian.org:
-        fastly-backend: false
+      fastly-backend: false
     villa.debian.org:
-        service-hostname: villa.security.backend.mirrors.debian.org
-        fastly-backend: true
+      service-hostname: villa.security.backend.mirrors.debian.org
+      fastly-backend: true
+      onion_v4_address: 212.211.132.32
     wieck.debian.org:
-        service-hostname: wieck.security.backend.mirrors.debian.org
-        fastly-backend: true
-  security_mirror_onion:
-    - mirror-isc.debian.org
-    - mirror-umn.debian.org
-    - lobos.debian.org
-    - villa.debian.org
+      service-hostname: wieck.security.backend.mirrors.debian.org
+      fastly-backend: true
   security_tracker:
     - soriano.debian.org
   security_upload:
diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp
index c7afdeb7c..02dd5eeec 100644
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -58,19 +58,8 @@ class roles::security_mirror {
 		binds       => $binds,
 	}
 
-	$onion_v4_addr = $::hostname ? {
-		mirror-anu => '150.203.164.61',
-		mirror-isc => '149.20.4.14',
-		mirror-umn => '128.101.240.215',
-		villa      => '212.211.132.32',
-		lobos      => '212.211.132.250',
-		default   => undef,
-	}
-	if has_role('security_mirror_onion') {
-		if ! $onion_v4_addr {
-			fail("Do not have an onion_v4_addr set for $::hostname.")
-		}
-
+	$onion_v4_addr = hiera("roles.security_mirror.${::fqdn}.onion_v4_address", undef)
+	if $onion_v4_addr {
 		onion::service { 'security.debian.org':
 			port => 80,
 			target_port => 80,