From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 15 Sep 2019 08:09:45 +0000 (+0200)
Subject: cdbuilder_local_mirror role cleanup
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f29271d22a9f346a558cd70d2e6deb97c7900016;p=mirror%2Fdsa-puppet.git

cdbuilder_local_mirror role cleanup
---

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index f07a22616..fb057a563 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -290,10 +290,6 @@ roles:
     - sor.debian.org
   debconf_wafer:
     - debussy.debian.org
-  apache_not_public:
-    # Hosts that run apache but where it should not be open to the internet by
-    # default
-    - casulana.debian.org
   apache_ratelimited:
     - beach.debian.org
     - buxtehude.debian.org
@@ -301,8 +297,6 @@ roles:
     - picconi.debian.org
     - pkgmirror-csail.debian.org
     - sallinen.debian.org
-  cdbuilder_local_mirror:
-    - casulana.debian.org
   snapshot_web:
     - lw07.debian.org
     - sallinen.debian.org
diff --git a/hieradata/nodes/casulana.debian.org.yaml b/hieradata/nodes/casulana.debian.org.yaml
index 3ccff770b..24b6e0e9a 100644
--- a/hieradata/nodes/casulana.debian.org.yaml
+++ b/hieradata/nodes/casulana.debian.org.yaml
@@ -1,2 +1,5 @@
 classes:
   - roles::static_source
+  - roles::cdbuilder_local_mirror
+
+roles::cdbuilder_local_mirror::listen_address: 172.29.103.1
diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index dc1995872..283ce50e9 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -11,9 +11,12 @@
 #                                  script heavy (say the bug tracking system), set this
 #                                  to reduce the number of worker threads.
 # @param rlimitnproc A resource limit for number of processes.  The default is usually fine.
+# @param public Whether this host's apache should be accessible from the public internet.
+#               Sets appropriate firewall rules and optionally rate limits.
 class apache2(
   Boolean $smaller_number_of_threads = false,
   Integer $rlimitnproc = 256,
+  Boolean $public = true,
 ) {
   include webserver
 
@@ -140,7 +143,7 @@ class apache2(
     ensure => installed,
   }
 
-  if (! has_role('apache_not_public')) {
+  if $public {
     if has_role('apache_ratelimited') {
       include apache2::dynamic
     } else {
diff --git a/modules/roles/manifests/cdbuilder_local_mirror.pp b/modules/roles/manifests/cdbuilder_local_mirror.pp
index 565a49594..4b056a72b 100644
--- a/modules/roles/manifests/cdbuilder_local_mirror.pp
+++ b/modules/roles/manifests/cdbuilder_local_mirror.pp
@@ -1,8 +1,9 @@
-class roles::cdbuilder_local_mirror {
+class roles::cdbuilder_local_mirror (
+  Stdlib::IP::Address $listen_address
+) {
   include apache2
 
-  $apache_addr = '172.29.103.1'
-  $vhost_listen = "${apache_addr}:80"
+  $vhost_listen = "${listen_address}:80"
 
   apache2::site { '010-local-mirror.cdbuilder.debian.org':
     site    => 'local-mirror.cdbuilder.debian.org',
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 1277a9cfd..6b9af9b93 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -292,8 +292,4 @@ class roles {
 	if has_role('debconf_wafer') {
 		include roles::debconf_wafer
 	}
-
-	if has_role('cdbuilder_local_mirror') {
-		include roles::cdbuilder_local_mirror
-	}
 }