From: Julien Cristau <jcristau@debian.org>
Date: Sun, 6 Aug 2017 19:16:27 +0000 (-0400)
Subject: Keep a list of fastly IPs
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=8446320393d891e105b790352ae0c7f17514c204;hp=e2768b13344b149e62d256f7efbcee923e4e6e3d;p=mirror%2Fdsa-puppet.git

Keep a list of fastly IPs
---

diff --git a/modules/puppetmaster/files/update-fastly-ips.cron b/modules/puppetmaster/files/update-fastly-ips.cron
new file mode 100644
index 000000000..21bfb4542
--- /dev/null
+++ b/modules/puppetmaster/files/update-fastly-ips.cron
@@ -0,0 +1,2 @@
+MAILTO=root
+@daily	puppet update-fastly-ips /srv/puppet.debian.org/puppet-facts/fastly_ranges.yaml
diff --git a/modules/puppetmaster/files/update-fastly-ips.sh b/modules/puppetmaster/files/update-fastly-ips.sh
new file mode 100644
index 000000000..ab0871ccb
--- /dev/null
+++ b/modules/puppetmaster/files/update-fastly-ips.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+dest="$1"
+tmp=$(mktemp -d)
+
+cd $tmp
+if [ -d /etc/ssl/ca-global ]; then
+	wgetopts=--ca-directory=/etc/ssl/ca-global
+fi
+wget $wgetopts -q https://api.fastly.com/public-ip-list
+if cmp public-ip-list "$dest" >/dev/null; then
+	exit 0
+fi
+chmod --reference="$dest" public-ip-list
+mv public-ip-list "$dest"
diff --git a/modules/puppetmaster/manifests/init.pp b/modules/puppetmaster/manifests/init.pp
index 99684ba75..a5faeba59 100644
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -26,4 +26,12 @@ class puppetmaster {
 	concat { '/srv/puppet.debian.org/puppet-facts/onionbalance-services.yaml':
 	}
 	Concat::Fragment <<| tag == "onionbalance-services.yaml" |>>
+
+	file { '/etc/cron.d/update-fastly-ips':
+		source => 'puppet:///modules/puppetmaster/update-fastly-ips.cron'
+	}
+	file { '/usr/local/bin/update-fastly-ips':
+		source => 'puppet:///modules/puppetmaster/update-fastly-ips.sh',
+		mode   => '0555',
+	}
 }