From 52933eba54eaa5684108bf2f9aeaf63c2b7a0690 Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Fri, 1 Dec 2017 21:53:05 +0100 Subject: [PATCH] Add planet_master role and planet-master.d.o vhost Access to the vhost is restricted to d.o hosts, the idea being it is only to be used for testing. --- hieradata/common.yaml | 2 ++ .../planet_master/planet-master.debian.org | 20 +++++++++++++++++ modules/roles/manifests/init.pp | 3 +++ modules/roles/manifests/planet_master.pp | 13 +++++++++++ .../roles/templates/conf-debianhostlist.erb | 22 +++++++++++++++++++ 5 files changed, 60 insertions(+) create mode 100644 modules/roles/files/planet_master/planet-master.debian.org create mode 100644 modules/roles/manifests/planet_master.pp create mode 100644 modules/roles/templates/conf-debianhostlist.erb diff --git a/hieradata/common.yaml b/hieradata/common.yaml index e59a088dd..826dd2441 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -269,6 +269,8 @@ roles: ports_mirror_onion: - klecker.debian.org - mirror-isc.debian.org + planet_master: + - philp.debian.org planet_search: - philp.debian.org i18n.d.o: diff --git a/modules/roles/files/planet_master/planet-master.debian.org b/modules/roles/files/planet_master/planet-master.debian.org new file mode 100644 index 000000000..a58f07c6e --- /dev/null +++ b/modules/roles/files/planet_master/planet-master.debian.org @@ -0,0 +1,20 @@ +Use common-debian-service-https-redirect * planet-master.debian.org + + ServerName planet-master.debian.org + ServerAdmin debian-admin@lists.debian.org + + Use common-debian-service-ssl planet-master.debian.org + Use common-ssl-HSTS + + + UserDir disabled + + ErrorLog ${APACHE_LOG_DIR}/planet-master.debian.org-error.log + CustomLog ${APACHE_LOG_DIR}/planet-master.debian.org-access.log privacy + ServerSignature On + + DocumentRoot /srv/planet.debian.org/www + + Use DebianHostList + + diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index ffd054b80..2a2bb4932 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -297,6 +297,9 @@ class roles { include roles::debtags } + if has_role('planet_master') { + include roles::planet_master + } if has_role('planet_search') { ssl::service { 'planet-search.debian.org': notify => Exec['service apache2 reload'], key => true, } } diff --git a/modules/roles/manifests/planet_master.pp b/modules/roles/manifests/planet_master.pp new file mode 100644 index 000000000..5114ece75 --- /dev/null +++ b/modules/roles/manifests/planet_master.pp @@ -0,0 +1,13 @@ +class roles::planet_master { + include apache2::ssl + apache2::config { 'puppet-debianhosts': + content => template('roles/conf-debianhostlist.erb'), + } + apache2::site { 'planet-master.debian.org': + source => 'puppet:///modules/roles/planet_master/planet-master.debian.org', + } + ssl::service { 'planet-master.debian.org': + notify => Exec['service apache2 reload'], + key => true, + } +} diff --git a/modules/roles/templates/conf-debianhostlist.erb b/modules/roles/templates/conf-debianhostlist.erb new file mode 100644 index 000000000..e3056c655 --- /dev/null +++ b/modules/roles/templates/conf-debianhostlist.erb @@ -0,0 +1,22 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + + + +<%= + lines = [] + + scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| + lines << " # #{scope.lookupvar('site::allnodeinfo')[node]['hostname'][0]}" + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr| + lines << " Require ip #{addr}" + end + end + lines.join("\n") +# vim:set et: +# vim:set sts=2 ts=2: +# vim:set shiftwidth=2: +%> + -- 2.20.1