From a0d0b0d1b7a695b32e9078d6f551249861c775b9 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sun, 22 Sep 2019 13:04:43 +0200 Subject: [PATCH] historical_mirror -> hiera role Since there are no onion mirrors right now, remove that code from the role. --- data/common.yaml | 6 --- data/nodes/gretchaninov.debian.org.yaml | 2 + data/nodes/klecker.debian.org.yaml | 3 ++ data/nodes/schmelzer.debian.org.yaml | 2 + data/nodes/sibelius.debian.org.yaml | 2 + modules/roles/manifests/historical_mirror.pp | 40 +++++++------------ .../templates/apache-archive.debian.org.erb | 11 +---- 7 files changed, 24 insertions(+), 42 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index fd6328b35..4c504ae78 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -125,12 +125,6 @@ roles: - '[2a02:16a8:dc41:100::232]:80' fastly-backend: true service-hostname: conova.debian.backend.mirrors.debian.org - historical_mirror: - # XXX used also in ferm me.conf.erb - - gretchaninov.debian.org - - klecker.debian.org - - schmelzer.debian.org - - sibelius.debian.org debug_mirror: # XXX used also in ferm me.conf.erb mirror-accumu.debian.org: diff --git a/data/nodes/gretchaninov.debian.org.yaml b/data/nodes/gretchaninov.debian.org.yaml index 1ce3bde85..38467281a 100644 --- a/data/nodes/gretchaninov.debian.org.yaml +++ b/data/nodes/gretchaninov.debian.org.yaml @@ -1,6 +1,8 @@ --- classes: + - roles::historical_mirror - roles::syncproxy roles::syncproxy::syncproxy_name: syncproxy3.wna.debian.org roles::syncproxy::listen_addr: ['209.87.16.40', '2607:f8f0:614:1::1274:40'] +roles::historical_mirror::listen_addr: ['209.87.16.41', '2607:f8f0:614:1::1274:41'] diff --git a/data/nodes/klecker.debian.org.yaml b/data/nodes/klecker.debian.org.yaml index b800305a7..c6616c470 100644 --- a/data/nodes/klecker.debian.org.yaml +++ b/data/nodes/klecker.debian.org.yaml @@ -1,3 +1,6 @@ --- +classes: + - roles::historical_mirror exim::mail_port: 2025 +roles::historical_mirror::listen_addr: ['130.89.148.13', '2001:67c:2564:a119::148:13'] diff --git a/data/nodes/schmelzer.debian.org.yaml b/data/nodes/schmelzer.debian.org.yaml index a7f099a01..c94a36d8d 100644 --- a/data/nodes/schmelzer.debian.org.yaml +++ b/data/nodes/schmelzer.debian.org.yaml @@ -1,9 +1,11 @@ --- classes: + - roles::historical_mirror - roles::syncproxy roles::syncproxy::syncproxy_name: syncproxy4.eu.debian.org roles::syncproxy::listen_addr: ['217.196.149.237', '2a02:16a8:dc41:100::237'] +roles::historical_mirror::listen_addr: ['217.196.149.234', '2a02:16a8:dc41:100::234'] role_config__mirrors: mirror_basedir_prefix: '/srv/mirrors/public-' diff --git a/data/nodes/sibelius.debian.org.yaml b/data/nodes/sibelius.debian.org.yaml index bf38f67fa..f52675ef4 100644 --- a/data/nodes/sibelius.debian.org.yaml +++ b/data/nodes/sibelius.debian.org.yaml @@ -1,5 +1,7 @@ --- classes: - roles::historical_master + - roles::historical_mirror roles::historical_mirror::sslname: archive-master.debian.org +roles::historical_mirror::listen_addr: ['193.62.202.28', '2001:630:206:4000:1a1a:0:c13e:ca1c'] diff --git a/modules/roles/manifests/historical_mirror.pp b/modules/roles/manifests/historical_mirror.pp index 101ecaef6..6fb428297 100644 --- a/modules/roles/manifests/historical_mirror.pp +++ b/modules/roles/manifests/historical_mirror.pp @@ -1,25 +1,26 @@ # a mirror for archive.debian.org # @param sslname provide rsync via ssl as well +# @param listen_addr IP addresses to have apache listen on class roles::historical_mirror( Optional[String] $sslname = undef, + Array[Stdlib::IP::Address] $listen_addr = [], ){ include roles::archvsync_base - include apache2::expires - $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix') - $archive_root = "${mirror_basedir_prefix}debian-archive" + include apache2 + include apache2::expires - $binds = $::hostname ? { - gretchaninov => ['209.87.16.41' , '[2607:f8f0:614:1::1274:41]' ], - klecker => ['130.89.148.13' , '[2001:67c:2564:a119::148:13]' ], - schmelzer => ['217.196.149.234', '[2a02:16a8:dc41:100::234]' ], - sibelius => ['193.62.202.28' , '[2001:630:206:4000:1a1a:0:c13e:ca1c]'], - default => ['[::]'], + $enclosed_addresses_rsync = empty($listen_addr) ? { + true => ['[::]'], + default => enclose_ipv6($listen_addr), } - - $onion_v4_addr = $::hostname ? { - default => undef, + $_enclosed_addresses = empty($listen_addr) ? { + true => ['*'], + default => enclose_ipv6($listen_addr), } + $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:80" } .join(' ') + $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix') + $archive_root = "${mirror_basedir_prefix}debian-archive" apache2::site { '010-archive.debian.org': site => 'archive.debian.org', @@ -32,24 +33,11 @@ class roles::historical_mirror( tlsaport => [], } } - rsync::site { 'archive': content => template('roles/historical_mirror/rsyncd.conf.erb'), max_clients => 100, sslname => $sslname, - binds => $binds, - } - - if has_role('historical_mirror_onion') { - if ! $onion_v4_addr { - fail("Do not have an onion_v4_addr set for ${::hostname}.") - } - - onion::service { 'archive.debian.org': - port => 80, - target_port => 80, - target_address => $onion_v4_addr, - } + binds => $enclosed_addresses_rsync, } Ferm::Rule::Simple <<| tag == 'ssh::server::from::historical_master' |>> diff --git a/modules/roles/templates/apache-archive.debian.org.erb b/modules/roles/templates/apache-archive.debian.org.erb index 0cf3b0c4e..e8d84409d 100644 --- a/modules/roles/templates/apache-archive.debian.org.erb +++ b/modules/roles/templates/apache-archive.debian.org.erb @@ -3,16 +3,7 @@ ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git ## -<% - if not @binds.kind_of?(Array) - raise Puppet::Error, "binds variable is not an array" - end - - vhost_listen = @binds.map{|x| x+":80" }.join(' ') -%> - - -> +> ServerAdmin debian-admin@debian.org ServerName archive.debian.org <% if scope.function_onion_global_service_hostname(['archive.debian.org']) -%> -- 2.20.1