From 387dbef4074648d702a1d6c600585d85e4316f2f Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Thu, 23 Feb 2017 20:00:54 +0100 Subject: [PATCH] make bytemark a security mirror (for anycast) --- hieradata/common.yaml | 5 ++++ modules/roles/manifests/debian_mirror.pp | 3 ++- modules/roles/manifests/security_mirror.pp | 30 +++++++++++++--------- 3 files changed, 25 insertions(+), 13 deletions(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 491792773..f3f39e5dd 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -106,6 +106,7 @@ roles: - seger.debian.org security_mirror: - mirror-anu.debian.org + - mirror-bytemark.debian.org - mirror-conova.debian.org - mirror-csail.debian.org - mirror-isc.debian.org @@ -121,6 +122,10 @@ roles: - mirror-umn.debian.org - lobos.debian.org - villa.debian.org + security_mirror_no_ftp: + # hosts that are not part of security.debian.org but + # only participiate in the anycast do not need ftp + - mirror-bytemark.debian.org security_tracker: - soriano.debian.org ssh.upload.d.o: diff --git a/modules/roles/manifests/debian_mirror.pp b/modules/roles/manifests/debian_mirror.pp index 6273a57ba..14ae35406 100644 --- a/modules/roles/manifests/debian_mirror.pp +++ b/modules/roles/manifests/debian_mirror.pp @@ -4,6 +4,7 @@ class roles::debian_mirror { $vhost_listen = join([ $::hostname ? { klecker => '130.89.148.12:80 [2001:610:1908:b000::148:12]:80', + mirror-bytemark => '5.153.231.45:80 [2001:41c8:1000:21::21:45]:80', mirror-isc => '149.20.4.15:80 [2001:4f8:1:c::15]:80', mirror-conova => '217.196.149.232:80 [2a02:16a8:dc41:100::232]:80', default => '*:80', @@ -13,7 +14,7 @@ class roles::debian_mirror { default => '', }], ' ') $onion_v4_addr = $::hostname ? { - mirror-bytemark => '5.153.231.37', + mirror-bytemark => '5.153.231.45', klecker => '130.89.148.12', mirror-isc => '149.20.4.15', default => undef, diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp index 924ec12d6..1cda924c6 100644 --- a/modules/roles/manifests/security_mirror.pp +++ b/modules/roles/manifests/security_mirror.pp @@ -3,6 +3,7 @@ class roles::security_mirror { $rsync_bind = $::hostname ? { mirror-anu => '150.203.164.61', + mirror-bytemark => '5.153.231.46', mirror-conova => '217.196.149.233', mirror-isc => '149.20.4.14', mirror-umn => '128.101.240.215', @@ -10,6 +11,7 @@ class roles::security_mirror { } $rsync_bind6 = $::hostname ? { mirror-anu => '2001:388:1034:2900::3d', + mirror-bytemark => '2001:41c8:1000:21::21:46', mirror-conova => '2a02:16a8:dc41:100::233', mirror-isc => '2001:4f8:1:c::14', mirror-umn => '2607:ea00:101:3c0b::1deb:215', @@ -35,21 +37,25 @@ class roles::security_mirror { content => template('roles/security_mirror/security.debian.org.erb') } - include ferm::ftp_conntrack - vsftpd::site { 'security': - banner => 'security.debian.org FTP server (vsftpd)', - logfile => '/var/log/ftp/vsftpd-security.debian.org.log', - max_clients => 200, - root => '/srv/ftp.root/', - bind => $ftp_bind, - } - if ($ftp_bind6) { - vsftpd::site { 'security6': + if has_role('security_mirror_no_ftp') { + # nop + } else { + include ferm::ftp_conntrack + vsftpd::site { 'security': banner => 'security.debian.org FTP server (vsftpd)', - logfile => '/var/log/ftp/vsftpd-security6.debian.org.log', + logfile => '/var/log/ftp/vsftpd-security.debian.org.log', max_clients => 200, root => '/srv/ftp.root/', - bind => $ftp_bind6, + bind => $ftp_bind, + } + if ($ftp_bind6) { + vsftpd::site { 'security6': + banner => 'security.debian.org FTP server (vsftpd)', + logfile => '/var/log/ftp/vsftpd-security6.debian.org.log', + max_clients => 200, + root => '/srv/ftp.root/', + bind => $ftp_bind6, + } } } -- 2.20.1