From b357c850f3122c4e3bd79a4f509012b2288f9c98 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 12 Sep 2017 08:39:10 +0000
Subject: [PATCH] Make syncproxy mirror basedir configurable in hiera, and use
 it in all templates.  Also make the syncproxy rsync template a loop and fix
 debian-ports list check in the process

---
 hieradata/common.yaml                         |  4 +
 hieradata/nodes/mirror-conova.debian.org.yaml |  3 +
 modules/debian_org/lib/facter/paths.rb        |  4 +
 modules/puppetmaster/files/hiera.yaml         |  1 +
 modules/roles/manifests/syncproxy.pp          |  4 +
 .../roles/templates/syncproxy/rsyncd.conf.erb | 73 +++++++++----------
 .../syncproxy/syncproxy.debian.org-apache.erb |  6 +-
 .../syncproxy.debian.org-index.html.erb       |  2 +-
 8 files changed, 56 insertions(+), 41 deletions(-)
 create mode 100644 hieradata/nodes/mirror-conova.debian.org.yaml

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index d15c91d9a..b0cbf208f 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -3,6 +3,9 @@ nameservers: []
 searchpaths: []
 resolvoptions: []
 allow_dns_query: []
+role_config:
+  syncproxy:
+    mirror_basedir_prefix: '/srv/mirrors/'
 roles:
   bugsmx:
     - buxtehude.debian.org
@@ -184,6 +187,7 @@ roles:
     - klecker.debian.org
     - milanollo.debian.org
     - mirror-anu.debian.org
+    - mirror-conova.debian.org
     - mirror-isc.debian.org
     - mirror-umn.debian.org
   tracker:
diff --git a/hieradata/nodes/mirror-conova.debian.org.yaml b/hieradata/nodes/mirror-conova.debian.org.yaml
new file mode 100644
index 000000000..9dfe28ffa
--- /dev/null
+++ b/hieradata/nodes/mirror-conova.debian.org.yaml
@@ -0,0 +1,3 @@
+role_config:
+  syncproxy:
+    mirror_basedir_prefix: '/srv/mirrors/syncproxy-'
diff --git a/modules/debian_org/lib/facter/paths.rb b/modules/debian_org/lib/facter/paths.rb
index ccc4588d8..ad4e9841a 100644
--- a/modules/debian_org/lib/facter/paths.rb
+++ b/modules/debian_org/lib/facter/paths.rb
@@ -6,6 +6,10 @@
    /srv/mirrors/debian-debug
    /srv/mirrors/debian-ports
    /srv/mirrors/debian-security
+   /srv/mirrors/syncproxy-debian
+   /srv/mirrors/syncproxy-debian-debug
+   /srv/mirrors/syncproxy-debian-ports
+   /srv/mirrors/syncproxy-debian-security
    /dev/hwrng
 }.each do |path|
 	Facter.add("has" + path.gsub(/[\/-]/,'_')) do
diff --git a/modules/puppetmaster/files/hiera.yaml b/modules/puppetmaster/files/hiera.yaml
index 216f65fc0..b7a09f86b 100644
--- a/modules/puppetmaster/files/hiera.yaml
+++ b/modules/puppetmaster/files/hiera.yaml
@@ -1,5 +1,6 @@
 ---
 :hierarchy:
+  - 'nodes/%{trusted.certname}'
   - '%{hoster}'
   - 'clusters/%{cluster}'
   - 'common'
diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp
index 0c1d99378..3b4816d6a 100644
--- a/modules/roles/manifests/syncproxy.pp
+++ b/modules/roles/manifests/syncproxy.pp
@@ -1,9 +1,12 @@
 class roles::syncproxy {
 	include roles::archvsync_base
 
+	$mirror_basedir_prefix = hiera('role_config.syncproxy.mirror_basedir_prefix')
+
 	$binds = $::hostname ? {
 		'milanollo'    => [ '5.153.231.9', '[2001:41c8:1000:21::21:9]' ],
 		'mirror-anu'   => [ '150.203.164.60', '[2001:388:1034:2900::3c]' ],
+		'mirror-conova' => [ '217.196.149.237', '[2a02:16a8:dc41:100::237]' ],
 		'mirror-isc'   => [ '149.20.4.16', '[2001:4f8:1:c::16]' ],
 		'mirror-umn'   => [ '128.101.240.216', '[2607:ea00:101:3c0b::1deb:216]' ],
 		'klecker'      => [ '130.89.148.10', '[2001:610:1908:b000::148:10]',
@@ -14,6 +17,7 @@ class roles::syncproxy {
 	$syncproxy_name = $::hostname ? {
 		'milanollo' => 'syncproxy3.eu.debian.org',
 		'mirror-anu' => 'syncproxy.au.debian.org',
+		'mirror-conova' => 'syncproxy4.eu.debian.org',
 		'mirror-isc' => 'syncproxy2.wna.debian.org',
 		'mirror-umn' => 'syncproxy.cna.debian.org',
 		'klecker' => 'syncproxy2.eu.debian.org',
diff --git a/modules/roles/templates/syncproxy/rsyncd.conf.erb b/modules/roles/templates/syncproxy/rsyncd.conf.erb
index 14a6d0718..37c8f7f51 100644
--- a/modules/roles/templates/syncproxy/rsyncd.conf.erb
+++ b/modules/roles/templates/syncproxy/rsyncd.conf.erb
@@ -12,44 +12,43 @@ read only = true
 ignore nonreadable = true
 strict modes = false
 
-[debian]
-  path = /srv/mirrors/debian/
-<%- unless has_variable?("has_srv_mirrors_debian") && @has_srv_mirrors_debian -%>
-  list = no
-<%- end -%>
-  comment = Debian archive (contact mirrors@debian.org for access; see https://www.debian.org/mirror/size for size)
-  auth users = *
-  secrets file = /home/archvsync/rsyncd/debian.secrets
+<%=
+ repositories = [
+  { name: 'debian',
+    comment: 'Debian archive (contact mirrors@debian.org for access; see https://www.debian.org/mirror/size for size)'
+  },
+  { name: 'debian-debug',
+    comment: 'Debug packages for Debian archive (contact mirrors@debian.org for access)'
+  },
+  { name: 'debian-ports',
+    comment: 'Debian ports archive (contact mirrors@debian.org for access)'
+  },
+  { name: 'debian-security',
+    comment: 'Debian security archive'
+  },
+  { name: 'debian-security-buildd-pool',
+    list: false
+  },
+  ]
 
-[debian-debug]
-  path = /srv/mirrors/debian-debug/
-<%- unless has_variable?("has_srv_mirrors_debian_debug") && @has_srv_mirrors_debian_debug -%>
-  list = no
-<%- end -%>
-  comment = Debug packages for Debian archive (contact mirrors@debian.org for access)
-  auth users = *
-  secrets file = /home/archvsync/rsyncd/debian-debug.secrets
+  lines = []
 
-[debian-ports]
-  path = /srv/mirrors/debian-ports/
-<%- unless has_variable?("has_srv_mirrors_debian_debug") && @has_srv_mirrors_debian_debug -%>
-  list = no
-<%- end -%>
-  comment = Debian ports archive (contact mirrors@debian.org for access)
-  auth users = *
-  secrets file = /home/archvsync/rsyncd/debian-ports.secrets
+  repositories.each do |repo|
+    varname = ('has' + @mirror_basedir_prefix + repo[:name]).gsub(/[\/-]/,'_')
+    next unless has_variable?(varname) and (eval("@"+varname))
 
-[debian-security]
-  path = /srv/mirrors/debian-security/
-<%- unless has_variable?("has_srv_mirrors_debian_security") && @has_srv_mirrors_debian_security -%>
-  list = no
-<%- end -%>
-  comment = Debian security archive (contact mirrors@debian.org for access)
-  auth users = *
-  secrets file = /home/archvsync/rsyncd/debian-security.secrets
+    lines << "[#{ repo[:name] }]"
+    lines << "  path = #{ @mirror_basedir_prefix }#{ repo[:name] }/"
+    if (repo.include?(:list) and not repo[:list])
+      lines << "  list = no"
+    end
+    if repo.include?(:comment)
+      lines << "  comment = #{ repo[:comment] }"
+    end
+    lines << "  auth users = *"
+    lines << "  secrets file = /home/archvsync/rsyncd/#{ repo[:name] }.secrets"
+    lines << ""
+  end
 
-[debian-security-buildd-pool]
-  path = /srv/mirrors/debian-security-buildd/pool/
-  list = no
-  auth users = *
-  secrets file = /home/archvsync/rsyncd/debian-security-buildd-pool.secrets
+  lines.join("\n")
+%>
diff --git a/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb b/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
index eb59b0c8c..ab4ca5987 100644
--- a/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
+++ b/modules/roles/templates/syncproxy/syncproxy.debian.org-apache.erb
@@ -25,10 +25,10 @@
 <%=
 lines = []
 %w{debian debian-debug debian-ports debian-security}.each do |archive|
-  varname = 'has_srv_mirrors_' + archive.gsub(/[\/-]/,'_')
+  varname = ('has' + @mirror_basedir_prefix + archive).gsub(/[\/-]/,'_')
   if has_variable?(varname) and (eval("@"+varname))
-    lines << "  Alias /#{archive}/project/trace/ /srv/mirrors/#{archive}/project/trace/"
-    lines << "  <Directory /srv/mirrors/#{archive}/project/trace/>"
+    lines << "  Alias /#{archive}/project/trace/ #{@mirror_basedir_prefix}#{archive}/project/trace/"
+    lines << "  <Directory #{@mirror_basedir_prefix}#{archive}/project/trace/>"
     lines << "    Require all granted"
     lines << "    Options +Indexes"
     lines << "  </Directory>"
diff --git a/modules/roles/templates/syncproxy/syncproxy.debian.org-index.html.erb b/modules/roles/templates/syncproxy/syncproxy.debian.org-index.html.erb
index ef9fdfcd5..4d16f1bde 100644
--- a/modules/roles/templates/syncproxy/syncproxy.debian.org-index.html.erb
+++ b/modules/roles/templates/syncproxy/syncproxy.debian.org-index.html.erb
@@ -19,7 +19,7 @@ This syncproxy contains copies of the following archives.
 <%=
 lines = []
 %w{debian debian-debug debian-ports debian-security}.each do |archive|
-  varname = 'has_srv_mirrors_' + archive.gsub(/[\/-]/,'_')
+  varname = ('has' + @mirror_basedir_prefix + archive).gsub(/[\/-]/,'_')
   if has_variable?(varname) and (eval("@"+varname))
     lines << "<li>#{archive} [<a href=\"/#{archive}/project/trace/\">trace directory</a>]</li>"
   end
-- 
2.20.1