From: Martin Zobel-Helas <zobel@debian.org>
Date: Wed, 19 Apr 2017 07:45:46 +0000 (+0200)
Subject: Merge remote-tracking branch 'waldi/rsync-cleanup'
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=fc98f0be58f40cfae2d854bc7a2b4eeefc1c4146;hp=71a60ee9dcabd1eee84c55092fac7826e4142459;p=mirror%2Fdsa-puppet.git

Merge remote-tracking branch 'waldi/rsync-cleanup'

* waldi/rsync-cleanup:
  Lower client limit for rsync on masters
  Disable reverse lookup in rsyncd
  Drop max connections from rsyncd configs
  Disable the security repository for smetana
---

diff --git a/modules/debian_org/manifests/apt.pp b/modules/debian_org/manifests/apt.pp
index 948f606ea..48b617e6e 100644
--- a/modules/debian_org/manifests/apt.pp
+++ b/modules/debian_org/manifests/apt.pp
@@ -28,10 +28,17 @@ class debian_org::apt {
 		suite      => [ $mungedcodename, "${::lsbdistcodename}-backports", "${::lsbdistcodename}-updates" ],
 		components => ['main','contrib','non-free']
 	}
-	site::aptrepo { 'security':
-		url        => [ 'http://security-cdn.debian.org/', 'http://security.anycast-test.mirrors.debian.org/debian-security/', 'http://security.debian.org/' ],
-		suite      => "${mungedcodename}/updates",
-		components => ['main','contrib','non-free']
+
+	if ($::hostname in [smetana]) {
+		site::aptrepo { 'security':
+			ensure => absent,
+		}
+	} else {
+		site::aptrepo { 'security':
+			url        => [ 'http://security-cdn.debian.org/', 'http://security.anycast-test.mirrors.debian.org/debian-security/', 'http://security.debian.org/' ],
+			suite      => "${mungedcodename}/updates",
+			components => ['main','contrib','non-free']
+		}
 	}
 
 	if has_role('experimental_apache') {
diff --git a/modules/roles/files/bugs_mirror/rsyncd.conf b/modules/roles/files/bugs_mirror/rsyncd.conf
index 008e1b12f..e3ea8e041 100644
--- a/modules/roles/files/bugs_mirror/rsyncd.conf
+++ b/modules/roles/files/bugs_mirror/rsyncd.conf
@@ -1,8 +1,8 @@
 uid = nobody
 gid = nogroup
-max connections = 20
 syslog facility = daemon
 socket options = SO_KEEPALIVE
+reverse lookup = false
 timeout = 7200
 log file = /var/log/rsyncd/rsyncd.log
 
diff --git a/modules/roles/files/dakmaster/rsyncd.conf b/modules/roles/files/dakmaster/rsyncd.conf
index 46d4f60ae..ca7a50783 100644
--- a/modules/roles/files/dakmaster/rsyncd.conf
+++ b/modules/roles/files/dakmaster/rsyncd.conf
@@ -1,8 +1,8 @@
 uid = nobody
 gid = nogroup
-max connections = 25
 syslog facility = daemon
 socket options = SO_KEEPALIVE
+reverse lookup = false
 timeout = 7200
 log file = /var/log/rsyncd/rsyncd.log
 
diff --git a/modules/roles/files/historical_mirror/rsyncd.conf b/modules/roles/files/historical_mirror/rsyncd.conf
index 976bb13c3..48438f1b3 100644
--- a/modules/roles/files/historical_mirror/rsyncd.conf
+++ b/modules/roles/files/historical_mirror/rsyncd.conf
@@ -1,8 +1,8 @@
 uid = nobody
 gid = nogroup
-max connections = 25
 syslog facility = daemon
 socket options = SO_KEEPALIVE
+reverse lookup = false
 timeout = 7200
 log file = /var/log/rsyncd/rsyncd-archive.log
 
diff --git a/modules/roles/files/keyring/rsyncd.conf b/modules/roles/files/keyring/rsyncd.conf
index 782329249..ae1d85ff2 100644
--- a/modules/roles/files/keyring/rsyncd.conf
+++ b/modules/roles/files/keyring/rsyncd.conf
@@ -1,9 +1,9 @@
 uid = nobody
 gid = nogroup
-max connections = 25
 syslog facility = daemon
 log file = /var/log/rsyncd/rsyncd.log
 socket options = SO_KEEPALIVE
+reverse lookup = false
 timeout = 7200
 
 [keyrings]
diff --git a/modules/roles/files/ports_master/rsyncd.conf b/modules/roles/files/ports_master/rsyncd.conf
index 292250f2e..b9a5ef7d0 100644
--- a/modules/roles/files/ports_master/rsyncd.conf
+++ b/modules/roles/files/ports_master/rsyncd.conf
@@ -1,6 +1,5 @@
 uid = nobody
 gid = nogroup
-max connections = 25
 syslog facility = daemon
 socket options = SO_KEEPALIVE
 reverse lookup = false
diff --git a/modules/roles/files/security_master/rsyncd.conf b/modules/roles/files/security_master/rsyncd.conf
index c944fd185..e426a8c8b 100644
--- a/modules/roles/files/security_master/rsyncd.conf
+++ b/modules/roles/files/security_master/rsyncd.conf
@@ -1,8 +1,8 @@
 uid = nobody
 gid = nogroup
-max connections = 20
 syslog facility = daemon
 socket options = SO_KEEPALIVE
+reverse lookup = false
 timeout = 7200
 log file = /var/log/rsyncd/rsyncd.log
 
diff --git a/modules/roles/files/security_mirror/rsyncd.conf b/modules/roles/files/security_mirror/rsyncd.conf
index 47f1f1c11..f94ab03ee 100644
--- a/modules/roles/files/security_mirror/rsyncd.conf
+++ b/modules/roles/files/security_mirror/rsyncd.conf
@@ -1,8 +1,8 @@
 uid = nobody
 gid = nogroup
-max connections = 20
 syslog facility = daemon
 socket options = SO_KEEPALIVE
+reverse lookup = false
 timeout = 1200
 
 # weasel 2007-11-19
diff --git a/modules/roles/files/wiki/rsyncd.conf b/modules/roles/files/wiki/rsyncd.conf
index 8b65a7165..f81095c78 100644
--- a/modules/roles/files/wiki/rsyncd.conf
+++ b/modules/roles/files/wiki/rsyncd.conf
@@ -1,9 +1,9 @@
 uid = nobody
 gid = nogroup
-max connections = 25
 syslog facility = daemon
 log file = /var/log/rsyncd/rsyncd.log
 socket options = SO_KEEPALIVE
+reverse lookup = false
 timeout = 7200
 
 [wiki.debian.org-dump]
diff --git a/modules/roles/manifests/ftp_master.pp b/modules/roles/manifests/ftp_master.pp
index 987bc8080..11cee8c81 100644
--- a/modules/roles/manifests/ftp_master.pp
+++ b/modules/roles/manifests/ftp_master.pp
@@ -1,7 +1,8 @@
 class roles::ftp_master {
 	rsync::site { 'dakmaster':
 		source      => 'puppet:///modules/roles/dakmaster/rsyncd.conf',
-		max_clients => 100,
+		# Needs to be at least number of direct mirrors plus some spare
+		max_clients => 50,
 		sslname     => 'ftp-master.debian.org',
 	}
 
diff --git a/modules/roles/manifests/ports_master.pp b/modules/roles/manifests/ports_master.pp
index c0f71e686..1f5911fa3 100644
--- a/modules/roles/manifests/ports_master.pp
+++ b/modules/roles/manifests/ports_master.pp
@@ -1,7 +1,8 @@
 class roles::ports_master {
 	rsync::site { 'ports-master':
 		source      => 'puppet:///modules/roles/ports_master/rsyncd.conf',
-		max_clients => 100,
+		# Needs to be at least number of direct mirrors plus some spare
+		max_clients => 50,
 		sslname     => 'ports-master.debian.org',
 	}
 
diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp
index aa92103c6..6b463a52d 100644
--- a/modules/roles/manifests/security_master.pp
+++ b/modules/roles/manifests/security_master.pp
@@ -15,7 +15,8 @@ class roles::security_master {
 
 	rsync::site { 'security_master':
 		source      => 'puppet:///modules/roles/security_master/rsyncd.conf',
-		max_clients => 100,
+		# Needs to be at least twice the number of direct mirrors (currently 15) plus some spare
+		max_clients => 50,
 		sslname     => 'security-master.debian.org',
 	}
 }
diff --git a/modules/roles/templates/snapshot/rsyncd.conf.erb b/modules/roles/templates/snapshot/rsyncd.conf.erb
index 4f809f6ec..97501eb56 100644
--- a/modules/roles/templates/snapshot/rsyncd.conf.erb
+++ b/modules/roles/templates/snapshot/rsyncd.conf.erb
@@ -1,8 +1,8 @@
 uid = nobody
 gid = nogroup
-max connections = 20
 syslog facility = daemon
 socket options = SO_KEEPALIVE
+reverse lookup = false
 timeout = 7200
 log file = /var/log/rsyncd/rsyncd.log
 
diff --git a/modules/roles/templates/syncproxy/rsyncd.conf.erb b/modules/roles/templates/syncproxy/rsyncd.conf.erb
index a04eeae7a..14a6d0718 100644
--- a/modules/roles/templates/syncproxy/rsyncd.conf.erb
+++ b/modules/roles/templates/syncproxy/rsyncd.conf.erb
@@ -1,8 +1,8 @@
 uid = nobody
 gid = nogroup
-max connections = 30
 syslog facility = daemon
 socket options = SO_KEEPALIVE
+reverse lookup = false
 timeout = 7200
 
 # weasel 2007-11-19