From 6584717d854b1afdc9e1b7971ee87d5647533ec5 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Wed, 1 Nov 2017 14:41:47 +0100
Subject: [PATCH] Turn off ftp:// on security mirrors

---
 hieradata/common.yaml                      |  6 ------
 modules/roles/manifests/security_mirror.pp | 16 +++-------------
 2 files changed, 3 insertions(+), 19 deletions(-)

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index f9cac901f..3e86810fc 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -139,12 +139,6 @@ roles:
     - mirror-umn.debian.org
     - lobos.debian.org
     - villa.debian.org
-  security_mirror_no_ftp:
-    # hosts that are not part of security.debian.org but
-    # only participiate in the anycast do not need ftp
-    - mirror-accumu.debian.org
-    - mirror-skroutz.debian.org
-    - mirror-bytemark.debian.org
   security_tracker:
     - soriano.debian.org
   security_upload:
diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp
index 603c3c790..f09a92919 100644
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -36,19 +36,9 @@ class roles::security_mirror {
 		content => template('roles/security_mirror/security.debian.org.erb')
 	}
 
-	if has_role('security_mirror_no_ftp') {
-		vsftpd::site { 'security':
-			ensure => absent,
-			root   => '/nonexistent',
-		}
-	} else {
-		vsftpd::site { 'security':
-			banner       => 'security.debian.org FTP server (vsftpd)',
-			logfile      => '/var/log/ftp/vsftpd-security.debian.org.log',
-			max_clients  => 200,
-			root         => '/srv/ftp.root/',
-			binds        => $binds,
-		}
+	vsftpd::site { 'security':
+		ensure => absent,
+		root   => '/nonexistent',
 	}
 
 	rsync::site { 'security':
-- 
2.20.1