From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 2 Jul 2019 09:04:43 +0000 (+0200)
Subject: static component for openpgpkey (re: #RT7828)
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=535db036c2f77823b4b68efe4989bea51dc212d2;p=mirror%2Fdsa-puppet.git

static component for openpgpkey (re: #RT7828)
---

diff --git a/modules/roles/manifests/static_mirror.pp b/modules/roles/manifests/static_mirror.pp
index b113b6b98..0af9fc6e9 100644
--- a/modules/roles/manifests/static_mirror.pp
+++ b/modules/roles/manifests/static_mirror.pp
@@ -116,6 +116,7 @@ class roles::static_mirror {
 	}
 	ssl::service { 'mirror-master.debian.org'      : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true, }
 	ssl::service { 'onion.debian.org'              : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true, }
+	ssl::service { 'openpgpkey.debian.org'         : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true, }
 	ssl::service { 'pkg-ruby-extras.alioth.debian.org' : ensure => "present",  notify  => Exec['service apache2 reload'], key => true, }
 	ssl::service { 'planet-backend.debian.org'     :
 		ensure => has_static_component('planet.debian.org') ? { true => "present", false => "absent" },
@@ -182,6 +183,7 @@ class roles::static_mirror {
 		onion::service { 'manpages.debian.org'           : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
 		onion::service { 'mirror-master.debian.org'      : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
 		onion::service { 'onion.debian.org'              : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
+		onion::service { 'openpgpkey.debian.org'         : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
 		onion::service { 'release.debian.org'            : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
 		onion::service { 'security-team.debian.org'      : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
 		onion::service { 'www.ports.debian.org'          : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
diff --git a/modules/roles/misc/static-components.yaml b/modules/roles/misc/static-components.yaml
index 81a07a192..95f5bebfb 100644
--- a/modules/roles/misc/static-components.yaml
+++ b/modules/roles/misc/static-components.yaml
@@ -96,6 +96,9 @@ components:
   onion.debian.org:
     master: dillon.debian.org
     source: dillon.debian.org:/srv/onion-master.debian.org/htdocs
+  openpgpkey.debian.org:
+    master: dillon.debian.org
+    source: kaufmann.debian.org:/srv/keyring.debian.org/openpgpkey
   cdbuilder-logs.debian.org:
     master: dillon.debian.org
     source: casulana.debian.org:/srv/cdbuilder.debian.org/dst/deb-cd/log
diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 2107a36bd..736cbde73 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -273,6 +273,7 @@ vhost(lines, "dsa.debian.org"                , :ssl => true)
 vhost(lines, "rtc.debian.org"                , :ssl => true)
 vhost(lines, "mirror-master.debian.org"      , :ssl => true)
 vhost(lines, "onion.debian.org"              , :ssl => true)
+vhost(lines, "openpgpkey.debian.org"         , :ssl => true)
 vhost(lines, "manpages.debian.org"           , :ssl => true, :extra => true)
 vhost(lines, "cdbuilder-logs.debian.org"     , :ssl => true)
 
diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index f1c14704a..cdf4cddbd 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -250,6 +250,7 @@ pabs		dillon=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component time
 mini-dak	porta=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component incoming.ports.debian.org
 %manpages	manziarly=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component manpages.debian.org
 %dpl		dillon=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component dpl.debian.org
+%keyring	kaufmann=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component openpgpkey.debian.org
 
 # The piuparts slave needs to handle chroots
 piupartss	PIUPARTS_SLAVE_HOSTS=(ALL)		NOPASSWD: ALL