Update the setup for archive.debian.net
authorPaul Wise <pabs@debian.org>
Sat, 10 Jun 2017 03:30:57 +0000 (11:30 +0800)
committerPaul Wise <pabs@debian.org>
Sat, 10 Jun 2017 03:49:27 +0000 (11:49 +0800)
Factor out the config into an apache2 macro.

Make the 503 error message more generic so it can be used anywhere.

modules/apache2/files/disabled-service [new file with mode: 0644]
modules/apache2/manifests/init.pp
modules/roles/files/static-htdocs/archive.debian.net/503.html [deleted file]
modules/roles/files/static-htdocs/disabled-service/503.html [new file with mode: 0644]
modules/roles/manifests/static_mirror.pp
modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb

diff --git a/modules/apache2/files/disabled-service b/modules/apache2/files/disabled-service
new file mode 100644 (file)
index 0000000..74fabe8
--- /dev/null
@@ -0,0 +1,18 @@
+<IfModule mod_macro.c>
+  <Macro common-disabled-service>
+    <IfModule mod_userdir.c>
+      UserDir disabled
+    </IfModule>
+    DocumentRoot /srv/static.debian.org/puppet/disabled-service
+    <Directory /srv/static.debian.org/puppet/disabled-service>
+      AllowOverride FileInfo Indexes Options=Multiviews
+      Options Indexes SymLinksIfOwnerMatch
+      Require all granted
+    </Directory>
+    RedirectMatch 503 ^/(?!503\.html)
+    ErrorDocument 503 /503.html
+    <IfModule mod_headers.c>
+      Header always set Retry-After "18000"
+    </IfModule>
+  </Macro>
+</IfModule>
index f279cde..129c9d5 100644 (file)
@@ -97,6 +97,10 @@ class apache2 {
                source => 'puppet:///modules/apache2/headers',
        }
 
+       apache2::config { 'disabled-service':
+               source => 'puppet:///modules/apache2/disabled-service',
+       }
+
        apache2::module { 'mpm_event': ensure => absent }
        if has_role('apache_prefork') {
                apache2::module { 'mpm_worker': ensure => absent }
diff --git a/modules/roles/files/static-htdocs/archive.debian.net/503.html b/modules/roles/files/static-htdocs/archive.debian.net/503.html
deleted file mode 100644 (file)
index 6cb5cda..0000000
+++ /dev/null
@@ -1,28 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
-   <TITLE>Welcome to archive.debian.net!</TITLE>
-</HEAD>
-<BODY>
-
-<H1>Welcome to archive.debian.net!</H1>
-
-Unfortunately, this service is not available at this time.  It is not
-known when its maintainer will be able to provide it again.
-
-<p>
-This service is <b>not</b> provided by the Debian System Administration team
-but instead by an individual member of the Debian project.
-<p>
-<i>Please do not contact the DSA team with questions about this service.</i>
-
-<p>
-<font size="-1">(If you are the maintainer of this service, please do contact
-the DSA team if you need help restoring the service.)</font>
-
-<P>
-<HR NOSHADE />
-<FONT size="-1">Debian System Administration team</FONT>
-
-</BODY>
-</HTML>
diff --git a/modules/roles/files/static-htdocs/disabled-service/503.html b/modules/roles/files/static-htdocs/disabled-service/503.html
new file mode 100644 (file)
index 0000000..ee0754d
--- /dev/null
@@ -0,0 +1,28 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+   <TITLE>Service disabled!</TITLE>
+</HEAD>
+<BODY>
+
+<H1>Service disabled!</H1>
+
+Unfortunately, this service is not available at this time.  It is not
+known when its maintainer will be able to provide it again.
+
+<p>
+This service is <b>not</b> provided by the Debian System Administration team
+but instead by an individual member of the Debian project.
+<p>
+<i>Please do not contact the DSA team with questions about this service.</i>
+
+<p>
+<font size="-1">(If you are the maintainer of this service, please do contact
+the DSA team if you need help restoring the service.)</font>
+
+<P>
+<HR NOSHADE />
+<FONT size="-1">Debian System Administration team</FONT>
+
+</BODY>
+</HTML>
index 77a01ee..53fdf83 100644 (file)
@@ -193,17 +193,24 @@ class roles::static_mirror {
                onion::service { 'planet.debian.org'             : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
        }
 
-       ssl::service { 'archive.debian.net': ensure => present, notify  => Exec['service apache2 reload'], key => true, }
        file { '/srv/static.debian.org/puppet':
                ensure => directory,
                mode   => '02755'
        }
-       file { '/srv/static.debian.org/puppet/archive.debian.net':
+       file { '/srv/static.debian.org/puppet/disabled-service':
                ensure => directory,
                mode   => '02755'
        }
+       file { '/srv/static.debian.org/puppet/disabled-service/503.html':
+               source => 'puppet:///modules/roles/static-htdocs/disabled-service/503.html',
+       }
+
+       ssl::service { 'archive.debian.net': ensure => present, notify  => Exec['service apache2 reload'], key => true, }
+       file { '/srv/static.debian.org/puppet/archive.debian.net':
+               ensure => absent,
+       }
        file { '/srv/static.debian.org/puppet/archive.debian.net/503.html':
-               source => 'puppet:///modules/roles/static-htdocs/archive.debian.net/503.html',
+               ensure => absent,
        }
 
 }
index 4c33fe1..506f95a 100644 (file)
@@ -337,25 +337,9 @@ Use common-dsa-vhost-https-redirect archive.debian.net
        ServerAdmin debian-admin@debian.org
        ErrorLog /var/log/apache2/archive.debian.net-error.log
        CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl
-
        Use common-debian-service-ssl archive.debian.net
        Use common-ssl-HSTS
-
-       <IfModule mod_userdir.c>
-               UserDir disabled
-       </IfModule>
-       ServerSignature On
-
-       DocumentRoot /srv/static.debian.org/puppet/archive.debian.net
-       <Directory /srv/static.debian.org/puppet/archive.debian.net>
-               AllowOverride FileInfo Indexes Options=Multiviews
-               Options Indexes SymLinksIfOwnerMatch
-               Require all granted
-       </Directory>
-
-       RedirectMatch 503 ^/(?!503\.html)
-       ErrorDocument 503 /503.html
-       Header always set Retry-After "18000"
+       Use common-disabled-service
 </VirtualHost>