From: Paul Wise Date: Sat, 10 Jun 2017 03:30:57 +0000 (+0800) Subject: Update the setup for archive.debian.net X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=53787787136a5e947615d5445ad6015074fc2576;p=mirror%2Fdsa-puppet.git Update the setup for archive.debian.net Factor out the config into an apache2 macro. Make the 503 error message more generic so it can be used anywhere. --- diff --git a/modules/apache2/files/disabled-service b/modules/apache2/files/disabled-service new file mode 100644 index 000000000..74fabe8a8 --- /dev/null +++ b/modules/apache2/files/disabled-service @@ -0,0 +1,18 @@ + + + + UserDir disabled + + DocumentRoot /srv/static.debian.org/puppet/disabled-service + + AllowOverride FileInfo Indexes Options=Multiviews + Options Indexes SymLinksIfOwnerMatch + Require all granted + + RedirectMatch 503 ^/(?!503\.html) + ErrorDocument 503 /503.html + + Header always set Retry-After "18000" + + + diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp index f279cde4c..129c9d584 100644 --- a/modules/apache2/manifests/init.pp +++ b/modules/apache2/manifests/init.pp @@ -97,6 +97,10 @@ class apache2 { source => 'puppet:///modules/apache2/headers', } + apache2::config { 'disabled-service': + source => 'puppet:///modules/apache2/disabled-service', + } + apache2::module { 'mpm_event': ensure => absent } if has_role('apache_prefork') { apache2::module { 'mpm_worker': ensure => absent } diff --git a/modules/roles/files/static-htdocs/archive.debian.net/503.html b/modules/roles/files/static-htdocs/archive.debian.net/503.html deleted file mode 100644 index 6cb5cda6b..000000000 --- a/modules/roles/files/static-htdocs/archive.debian.net/503.html +++ /dev/null @@ -1,28 +0,0 @@ - - - - Welcome to archive.debian.net! - - - -

Welcome to archive.debian.net!

- -Unfortunately, this service is not available at this time. It is not -known when its maintainer will be able to provide it again. - -

-This service is not provided by the Debian System Administration team -but instead by an individual member of the Debian project. -

-Please do not contact the DSA team with questions about this service. - -

-(If you are the maintainer of this service, please do contact -the DSA team if you need help restoring the service.) - -

-Debian System Administration team - - - diff --git a/modules/roles/files/static-htdocs/disabled-service/503.html b/modules/roles/files/static-htdocs/disabled-service/503.html new file mode 100644 index 000000000..ee0754d82 --- /dev/null +++ b/modules/roles/files/static-htdocs/disabled-service/503.html @@ -0,0 +1,28 @@ + + + + Service disabled! + + + +

Service disabled!

+ +Unfortunately, this service is not available at this time. It is not +known when its maintainer will be able to provide it again. + +

+This service is not provided by the Debian System Administration team +but instead by an individual member of the Debian project. +

+Please do not contact the DSA team with questions about this service. + +

+(If you are the maintainer of this service, please do contact +the DSA team if you need help restoring the service.) + +

+Debian System Administration team + + + diff --git a/modules/roles/manifests/static_mirror.pp b/modules/roles/manifests/static_mirror.pp index 77a01ee07..53fdf8334 100644 --- a/modules/roles/manifests/static_mirror.pp +++ b/modules/roles/manifests/static_mirror.pp @@ -193,17 +193,24 @@ class roles::static_mirror { onion::service { 'planet.debian.org' : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr } } - ssl::service { 'archive.debian.net': ensure => present, notify => Exec['service apache2 reload'], key => true, } file { '/srv/static.debian.org/puppet': ensure => directory, mode => '02755' } - file { '/srv/static.debian.org/puppet/archive.debian.net': + file { '/srv/static.debian.org/puppet/disabled-service': ensure => directory, mode => '02755' } + file { '/srv/static.debian.org/puppet/disabled-service/503.html': + source => 'puppet:///modules/roles/static-htdocs/disabled-service/503.html', + } + + ssl::service { 'archive.debian.net': ensure => present, notify => Exec['service apache2 reload'], key => true, } + file { '/srv/static.debian.org/puppet/archive.debian.net': + ensure => absent, + } file { '/srv/static.debian.org/puppet/archive.debian.net/503.html': - source => 'puppet:///modules/roles/static-htdocs/archive.debian.net/503.html', + ensure => absent, } } diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb index 4c33fe192..506f95a7a 100644 --- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb +++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb @@ -337,25 +337,9 @@ Use common-dsa-vhost-https-redirect archive.debian.net ServerAdmin debian-admin@debian.org ErrorLog /var/log/apache2/archive.debian.net-error.log CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl - Use common-debian-service-ssl archive.debian.net Use common-ssl-HSTS - - - UserDir disabled - - ServerSignature On - - DocumentRoot /srv/static.debian.org/puppet/archive.debian.net - - AllowOverride FileInfo Indexes Options=Multiviews - Options Indexes SymLinksIfOwnerMatch - Require all granted - - - RedirectMatch 503 ^/(?!503\.html) - ErrorDocument 503 /503.html - Header always set Retry-After "18000" + Use common-disabled-service