Get rid of security_mirror_onion role in favour of just keying off the ip address...

author Tollef Fog Heen <tfheen@err.no>

Fri, 2 Feb 2018 09:41:28 +0000 (10:41 +0100)

committer Tollef Fog Heen <tfheen@err.no>

Fri, 2 Feb 2018 09:41:32 +0000 (10:41 +0100)
author Tollef Fog Heen <tfheen@err.no>
Fri, 2 Feb 2018 09:41:28 +0000 (10:41 +0100)
committer Tollef Fog Heen <tfheen@err.no>
Fri, 2 Feb 2018 09:41:32 +0000 (10:41 +0100)
diff --git a/hieradata/common.yaml b/hieradata/common.yaml

index 2fd6700..cc796a3 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -121,41 +121,38 @@ roles:
      - seger.debian.org
    security_mirror:
      mirror-anu.debian.org:
-        fastly-backend: false
+      onion_v4_address: 150.203.164.61
      mirror-bytemark.debian.org:
-        fastly-backend: false
+      fastly-backend: false
      mirror-conova.debian.org:
-        fastly-backend: false
+      fastly-backend: false
      mirror-csail.debian.org:
-        fastly-backend: false
+      fastly-backend: false
      mirror-isc.debian.org:
-        fastly-backend: false
+      onion_v4_address: 149.20.4.14
      mirror-umn.debian.org:
-        fastly-backend: false
+      onion_v4_address: 128.101.240.215
      mirror-accumu.debian.org:
-        fastly-backend: false
+      fastly-backend: false
      mirror-skroutz.debian.org:
-        fastly-backend: false
+      fastly-backend: false
      lobos.debian.org:
-        service-hostname: lobos.security.backend.mirrors.debian.org
-        fastly-backend: true
+      service-hostname: lobos.security.backend.mirrors.debian.org
+      fastly-backend: true
+      onion_v4_address: 212.211.132.250
      santoro.debian.org:
-        fastly-backend: false
+      fastly-backend: false
      setoguchi.debian.org:
-        fastly-backend: false
+      fastly-backend: false
      sechter.debian.org:
-        fastly-backend: false
+      fastly-backend: false
      villa.debian.org:
-        service-hostname: villa.security.backend.mirrors.debian.org
-        fastly-backend: true
+      service-hostname: villa.security.backend.mirrors.debian.org
+      fastly-backend: true
+      onion_v4_address: 212.211.132.32
      wieck.debian.org:
-        service-hostname: wieck.security.backend.mirrors.debian.org
-        fastly-backend: true
-  security_mirror_onion:
-    - mirror-isc.debian.org
-    - mirror-umn.debian.org
-    - lobos.debian.org
-    - villa.debian.org
+      service-hostname: wieck.security.backend.mirrors.debian.org
+      fastly-backend: true
    security_tracker:
      - soriano.debian.org
    security_upload:
diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp

index c7afdeb..02dd5ee 100644 (file)
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -58,19 +58,8 @@ class roles::security_mirror {
                 binds       => $binds,
         }
  
-       $onion_v4_addr = $::hostname ? {
-               mirror-anu => '150.203.164.61',
-               mirror-isc => '149.20.4.14',
-               mirror-umn => '128.101.240.215',
-               villa      => '212.211.132.32',
-               lobos      => '212.211.132.250',
-               default   => undef,
-       }
-       if has_role('security_mirror_onion') {
-               if ! $onion_v4_addr {
-                       fail("Do not have an onion_v4_addr set for $::hostname.")
-               }
-
+       $onion_v4_addr = hiera("roles.security_mirror.${::fqdn}.onion_v4_address", undef)
+       if $onion_v4_addr {
                 onion::service { 'security.debian.org':
                         port => 80,
                         target_port => 80,
author	Tollef Fog Heen <tfheen@err.no>
	Fri, 2 Feb 2018 09:41:28 +0000 (10:41 +0100)
committer	Tollef Fog Heen <tfheen@err.no>
	Fri, 2 Feb 2018 09:41:32 +0000 (10:41 +0100)
hieradata/common.yaml		patch \| blob \| history
modules/roles/manifests/security_mirror.pp		patch \| blob \| history