historical_mirror -> hiera role

Since there are no onion mirrors right now, remove that code from the
role.

diff --git a/data/common.yaml b/data/common.yaml
index fd6328b..4c504ae 100644 (file)
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -125,12 +125,6 @@ roles:
         - '[2a02:16a8:dc41:100::232]:80'
       fastly-backend: true
       service-hostname: conova.debian.backend.mirrors.debian.org
-  historical_mirror:
-    # XXX used also in ferm me.conf.erb
-    - gretchaninov.debian.org
-    - klecker.debian.org
-    - schmelzer.debian.org
-    - sibelius.debian.org
   debug_mirror:
     # XXX used also in ferm me.conf.erb
     mirror-accumu.debian.org:

diff --git a/data/nodes/gretchaninov.debian.org.yaml b/data/nodes/gretchaninov.debian.org.yaml
index 1ce3bde..3846728 100644 (file)
--- a/data/nodes/gretchaninov.debian.org.yaml
+++ b/data/nodes/gretchaninov.debian.org.yaml
@@ -1,6 +1,8 @@
 ---
 classes:
+  - roles::historical_mirror
   - roles::syncproxy
 
 roles::syncproxy::syncproxy_name: syncproxy3.wna.debian.org
 roles::syncproxy::listen_addr: ['209.87.16.40', '2607:f8f0:614:1::1274:40']
+roles::historical_mirror::listen_addr: ['209.87.16.41', '2607:f8f0:614:1::1274:41']

diff --git a/data/nodes/klecker.debian.org.yaml b/data/nodes/klecker.debian.org.yaml
index b800305..c6616c4 100644 (file)
--- a/data/nodes/klecker.debian.org.yaml
+++ b/data/nodes/klecker.debian.org.yaml
@@ -1,3 +1,6 @@
 ---
+classes:
+  - roles::historical_mirror
 
 exim::mail_port: 2025
+roles::historical_mirror::listen_addr: ['130.89.148.13', '2001:67c:2564:a119::148:13']

diff --git a/data/nodes/schmelzer.debian.org.yaml b/data/nodes/schmelzer.debian.org.yaml
index a7f099a..c94a36d 100644 (file)
--- a/data/nodes/schmelzer.debian.org.yaml
+++ b/data/nodes/schmelzer.debian.org.yaml
@@ -1,9 +1,11 @@
 ---
 classes:
+  - roles::historical_mirror
   - roles::syncproxy
 
 roles::syncproxy::syncproxy_name: syncproxy4.eu.debian.org
 roles::syncproxy::listen_addr: ['217.196.149.237', '2a02:16a8:dc41:100::237']
+roles::historical_mirror::listen_addr: ['217.196.149.234', '2a02:16a8:dc41:100::234']
 
 role_config__mirrors:
   mirror_basedir_prefix: '/srv/mirrors/public-'

diff --git a/data/nodes/sibelius.debian.org.yaml b/data/nodes/sibelius.debian.org.yaml
index bf38f67..f52675e 100644 (file)
--- a/data/nodes/sibelius.debian.org.yaml
+++ b/data/nodes/sibelius.debian.org.yaml
@@ -1,5 +1,7 @@
 ---
 classes:
   - roles::historical_master
+  - roles::historical_mirror
 
 roles::historical_mirror::sslname: archive-master.debian.org
+roles::historical_mirror::listen_addr: ['193.62.202.28', '2001:630:206:4000:1a1a:0:c13e:ca1c']

diff --git a/modules/roles/manifests/historical_mirror.pp b/modules/roles/manifests/historical_mirror.pp
index 101ecae..6fb4282 100644 (file)
--- a/modules/roles/manifests/historical_mirror.pp
+++ b/modules/roles/manifests/historical_mirror.pp
@@ -1,25 +1,26 @@
 # a mirror for archive.debian.org
 # @param sslname provide rsync via ssl as well
+# @param listen_addr IP addresses to have apache listen on
 class roles::historical_mirror(
   Optional[String] $sslname = undef,
+  Array[Stdlib::IP::Address] $listen_addr = [],
 ){
   include roles::archvsync_base
-  include apache2::expires
 
-  $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
-  $archive_root = "${mirror_basedir_prefix}debian-archive"
+  include apache2
+  include apache2::expires
 
-  $binds = $::hostname ? {
-    gretchaninov => ['209.87.16.41'   , '[2607:f8f0:614:1::1274:41]'          ],
-    klecker      => ['130.89.148.13'  , '[2001:67c:2564:a119::148:13]'        ],
-    schmelzer    => ['217.196.149.234', '[2a02:16a8:dc41:100::234]'           ],
-    sibelius     => ['193.62.202.28'  , '[2001:630:206:4000:1a1a:0:c13e:ca1c]'],
-    default      => ['[::]'],
+  $enclosed_addresses_rsync = empty($listen_addr) ? {
+    true    => ['[::]'],
+    default => enclose_ipv6($listen_addr),
   }
-
-  $onion_v4_addr = $::hostname ? {
-    default => undef,
+  $_enclosed_addresses = empty($listen_addr) ? {
+    true    => ['*'],
+    default => enclose_ipv6($listen_addr),
   }
+  $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:80" } .join(' ')
+  $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
+  $archive_root = "${mirror_basedir_prefix}debian-archive"
 
   apache2::site { '010-archive.debian.org':
     site    => 'archive.debian.org',
@@ -32,24 +33,11 @@ class roles::historical_mirror(
       tlsaport => [],
     }
   }
-
   rsync::site { 'archive':
     content     => template('roles/historical_mirror/rsyncd.conf.erb'),
     max_clients => 100,
     sslname     => $sslname,
-    binds       => $binds,
-  }
-
-  if has_role('historical_mirror_onion') {
-    if ! $onion_v4_addr {
-      fail("Do not have an onion_v4_addr set for ${::hostname}.")
-    }
-
-    onion::service { 'archive.debian.org':
-      port           => 80,
-      target_port    => 80,
-      target_address => $onion_v4_addr,
-    }
+    binds       => $enclosed_addresses_rsync,
   }
 
   Ferm::Rule::Simple <<| tag == 'ssh::server::from::historical_master' |>>

diff --git a/modules/roles/templates/apache-archive.debian.org.erb b/modules/roles/templates/apache-archive.debian.org.erb
index 0cf3b0c..e8d8440 100644 (file)
--- a/modules/roles/templates/apache-archive.debian.org.erb
+++ b/modules/roles/templates/apache-archive.debian.org.erb
@@ -3,16 +3,7 @@
 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
 ##
 
-<%
-  if not @binds.kind_of?(Array)
-    raise Puppet::Error, "binds variable is not an array"
-  end
-
-  vhost_listen = @binds.map{|x| x+":80" }.join(' ')
-%>
-
-
-<VirtualHost <%= vhost_listen %>>
+<VirtualHost <%= @vhost_listen %>>
        ServerAdmin debian-admin@debian.org
        ServerName archive.debian.org
        <% if scope.function_onion_global_service_hostname(['archive.debian.org']) -%>