3 # Lookup role and include relevant classes for roles
11 if has_role('puppetmaster') {
15 if has_role('muninmaster') {
19 if has_role('nagiosmaster') {
20 include nagios::server
23 # XXX: turn this into a real role
24 if getfromhash($site::nodeinfo, 'buildd') {
28 # XXX: turn this into a real role
29 if getfromhash($site::nodeinfo, 'porterbox') {
33 if has_role('bugs_mirror') {
34 include roles::bugs_mirror
37 if has_role('bugs_base') {
38 ssl::service { 'bugs.debian.org':
39 notify => Exec['service apache2 reload'],
42 @ferm::rule { 'dsa-bugs-abusers':
44 rule => "saddr (220.243.135/24 220.243.136/24) DROP",
47 if has_role('bugs_master') {
48 ssl::service { 'bugs-devel.debian.org': notify => Exec['service apache2 reload'], key => true, }
49 ssl::service { 'bugs-master.debian.org': notify => Exec['service apache2 reload'], key => true, }
52 if has_role('manpages-dyn') {
53 include roles::manpages_dyn
56 if has_role('archvsync_base_additional') {
57 include archvsync_base
61 if has_role('historical_mirror') {
62 include roles::historical_mirror
66 if has_role('debug_mirror') {
67 include roles::debug_mirror
70 # ftp.debian.org and its ecosystem
71 if has_role('debian_mirror') {
72 include roles::debian_mirror
74 if has_role('ftp_master') {
75 include roles::ftp_master
76 include roles::dakmaster
77 include roles::signing
79 if has_role('ftp.upload.d.o') {
80 include roles::ftp_upload
82 if has_role('ssh.upload.d.o') {
83 include roles::ssh_upload
85 if has_role('security_upload') {
86 include roles::security_upload
88 if has_role('api.ftp-master') {
89 ssl::service { 'api.ftp-master.debian.org':
90 notify => Exec['service apache2 reload'],
96 if has_role('security_master') {
97 include roles::security_master
98 include roles::dakmaster
101 if has_role('security_mirror') {
102 include roles::security_mirror
105 if has_role('git_master') {
106 include roles::git_master
109 if has_role('people') {
110 ssl::service { 'people.debian.org': notify => Exec['service apache2 reload'], key => true, }
111 onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
114 if has_role('www_master') {
115 include roles::www_master
118 if has_role('cgi.d.o') {
119 ssl::service { 'cgi.debian.org': notify => Exec['service apache2 reload'], key => true, }
122 if has_role('keyring') {
123 include roles::keyring
126 if has_role('wiki') {
130 if has_role('syncproxy') {
131 include roles::syncproxy
134 if has_role('static_master') {
135 include roles::static_master
138 if has_role('static_mirror') {
139 include roles::static_mirror
140 } elsif has_role('static_source') {
141 include roles::static_source
144 if has_role('weblog_provider') {
145 include roles::weblog_provider
148 if has_role('mailrelay') {
149 include roles::mailrelay
152 if has_role('pubsub') {
153 include roles::pubsub
156 if has_role('dbmaster') {
157 include roles::dbmaster
160 if has_role('dns_primary') {
161 include named::primary
164 if has_role('dns_geo') {
165 include named::geodns
168 if has_role('weblog_destination') {
169 include roles::weblog_destination
172 if has_role('vote') {
176 if has_role('security_tracker') {
177 include roles::security_tracker
180 if has_role('lists') {
184 if has_role('rtmaster') {
185 include roles::rtmaster
196 if has_role('sso_rp') {
197 include roles::sso_rp
200 if has_role('tracker') {
201 include roles::tracker
204 if has_role('buildd_master') {
205 include roles::buildd_master
208 if has_role('piuparts') {
209 include roles::piuparts
211 if has_role('piuparts_slave') {
212 include roles::piuparts_slave
215 if has_role('contributors') {
216 include roles::contributors
227 if has_role('jenkins') {
228 include roles::jenkins
231 if has_role('postgres_backup_server') {
232 include postgres::backup_server
235 if has_role('packages') {
236 ssl::service { 'packages.debian.org': notify => Exec['service apache2 reload'], key => true, }
239 if has_role('historicalpackages') {
240 ssl::service { 'historical.packages.debian.org': notify => Exec['service apache2 reload'], key => true, }
243 if has_role('qamaster') {
244 ssl::service { 'qa.debian.org': notify => Exec['service apache2 reload'], key => true, }
247 if has_role('packagesqamaster') {
248 ssl::service { 'packages.qa.debian.org': notify => Exec['service apache2 reload'], key => true, }
251 if has_role('gobby_debian_org') {
252 ssl::service { 'gobby.debian.org':
253 notify => [ Exec['service apache2 reload'], Exec['reload gobby'] ],
255 tlsaport => [443, 6523],
257 file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
261 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'),
263 notify => Exec['reload gobby'],
265 exec { 'reload gobby':
266 command => 'pkill -u gobby -HUP -x infinoted',
271 if has_role('search_backend') {
272 include roles::search_backend
274 if has_role('search_frontend') {
275 include roles::search_frontend
278 if has_role('dgit_browse') {
279 include roles::dgit_browse
281 if has_role('dgit_git') {
282 include roles::dgit_git
285 if $::hostname in [lw01, lw02, lw03, lw04, lw09, lw10] {
286 include roles::snapshot
289 if has_role('snapshot_web') {
290 include roles::snapshot_web
293 if has_role('snapshot_shell') {
294 include roles::snapshot_shell
297 if has_role('veyepar.debian.org') {
298 ssl::service { 'veyepar.debian.org': notify => Exec['service apache2 reload'], key => true, }
300 if has_role('sreview.debian.org') {
301 ssl::service { 'sreview.debian.net': notify => Exec['service apache2 reload'], key => true, }
304 if has_role('debtags') {
305 include roles::debtags
308 if has_role('planet_master') {
309 include roles::planet_master
311 if has_role('planet_search') {
312 ssl::service { 'planet-search.debian.org': notify => Exec['service apache2 reload'], key => true, }
315 if has_role('i18n.d.o') {
316 ssl::service { 'i18n.debian.org': notify => Exec['service apache2 reload'], key => true, }
319 if has_role('l10n.d.o') {
320 ssl::service { 'l10n.debian.org': notify => Exec['service apache2 reload'], key => true, }
323 if has_role('dedup.d.n') {
324 ssl::service { 'dedup.debian.net': notify => Exec['service apache2 reload'], key => true, }
327 if has_role('pet.d.n') {
328 ssl::service { 'pet.debian.net': notify => Exec['service apache2 reload'], key => true, }
329 ssl::service { 'pet-devel.debian.net': notify => Exec['service apache2 reload'], key => true, }
332 if has_role('ports_master') {
333 include roles::ports_master
335 if has_role('ports_mirror') {
336 include roles::ports_mirror
339 if has_role('onionbalance') {
340 include onion::balance
345 if has_role('cdimage-search') {
346 include roles::cdimage_search
349 if has_role('postgresql_server') {
350 include postgres::backup_source
353 if has_role('bacula_director') {
354 include bacula::director
356 package { 'bacula-console': ensure => purged; }
357 file { '/etc/bacula/bconsole.conf': ensure => absent; }
359 if has_role('bacula_storage') {
360 include bacula::storage
363 if has_role('salsa.debian.org') {
367 if $::keyring_debian_org_mirror {
368 include roles::keyring_debian_org_mirror
371 if has_role('popcon') {
372 include roles::popcon
375 if has_role('debsources') {
376 include roles::debsources
379 if has_role('ipsec') {
383 if has_role('debconf_wafer') {
384 include roles::debconf_wafer
387 if has_role('cdbuilder_local_mirror') {
388 include roles::cdbuilder_local_mirror
391 if has_role('alioth_archive') {
392 include roles::alioth_archive
394 if has_role('anonscm') {
395 include roles::anonscm
projects / mirror / dsa-puppet.git / blob