From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 16 Oct 2018 09:09:51 +0000 (+0200)
Subject: allow ssh from ftpmaster to debug_mirrors
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4df2812d192f01e12d2b74312ee659bf19c6ac8a;hp=7158bff30f083360d959933a4ef38ea02d2e390a;p=mirror%2Fdsa-puppet.git

allow ssh from ftpmaster to debug_mirrors
---

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 87b7d0037..1dfbe96a7 100644
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -65,6 +65,7 @@ if restrict_ssh.include?(@hostname) then
 	end
 	if scope.function_has_role(['debian_mirror']) or
 	   scope.function_has_role(['security_mirror']) or
+	   scope.function_has_role(['debug_mirror']) or
 	   scope.function_has_role(['historical_mirror']) or
 	   scope.function_has_role(['syncproxy']) then
 		ssh4allowed << '$HOST_MIRRORMASTER_V4'
@@ -90,6 +91,10 @@ if restrict_ssh.include?(@hostname) then
 		ssh4allowed << '$HOST_PORTSMASTER_V4'
 		ssh6allowed << '$HOST_PORTSMASTER_V6'
 	end
+	if scope.function_has_role(['debug_mirror']) then
+		ssh4allowed << '$HOST_FTPMASTER_V4'
+		ssh6allowed << '$HOST_FTPMASTER_V6'
+	end
 end
 ssh4allowed.length == 0 and ssh4allowed << '0.0.0.0/0'
 ssh6allowed.length == 0 and ssh6allowed << '::/0'