include apache2
}
- if $::rsyncd {
- include rsyncd-log
- }
-
if $::hostname in [ravel,senfl,orff,draghi,diamond] {
include named::authoritative
} elsif $::hostname in [geo1,geo2,geo3] {
%x{dpkg-query -W -f='${Version}\n' syslog-ng | cut -b1-3}.chomp
end
end
-Facter.add("rsyncd") do
- setcode do
- if FileTest.exist?("/etc/rsyncd.conf")
- true
- else
- ''
- end
- end
-end
Facter.add("unbound") do
unbound=FileTest.exist?("/usr/sbin/unbound") and
FileTest.exist?("/var/lib/unbound/root.key")
bugsmaster:
bugsmx:
- busoni.debian.org
+ bugs_search:
+ - glinka.debian.org
dbmaster:
- draghi.debian.org
ftp_master:
- reger.debian.org
security_master:
- chopin.debian.org
+ www_master:
+ - wolkenstein.debian.org
+ keyring:
+ - kaufmann.debian.org
host_settings:
heavy_exim:
- bellini.debian.org
include ferm::zivit
}
+ if $::hostname in [klecker,merikanto,powell,ravel,rietz,senfl,sibelius,stabile] {
+ ferm::rule { 'dsa-rsync':
+ domain => '(ip ip6)',
+ description => 'Allow rsync access',
+ rule => '&SERVICE(tcp, 873)'
+ }
+ }
+
case $::hostname {
piatti,samosa: {
@ferm::rule { 'dsa-udd-stunnel':
default: {}
}
- if $::rsyncd {
- include ferm::rsync
- }
}
+++ /dev/null
-class ferm::rsync {
- @ferm::rule { 'dsa-rsync':
- domain => '(ip ip6)',
- description => 'Allow rsync access',
- rule => '&SERVICE(tcp, 873)'
- }
-}
-
--- /dev/null
+uid = nobody
+gid = nogroup
+max connections = 20
+syslog facility = daemon
+log file = /var/log/rsyncd/rsyncd.log
+socket options = SO_KEEPALIVE
+timeout = 7200
+
+[debian-backports]
+ path = /srv/backports-master.debian.org/mirror
+ comment = Debian backports archive
+ read only = true
+ auth users = *
+ secrets file = /etc/rsyncd/ftp.secrets
+
+[exports]
+ path = /srv/backports-web.debian.org/export
+ comment = Various metadata exports
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/exports.secrets
--- /dev/null
+uid = nobody
+gid = nogroup
+max connections = 20
+syslog facility = daemon
+socket options = SO_KEEPALIVE
+timeout = 7200
+log file = /var/log/rsyncd/rsyncd.log
+
+[bts-spool-db]
+ comment = [bugs-mirror.debian.org] active bug spool
+ path = /srv/bugs.debian.org/spool/db-h
+ read only = true
+
+[bts-spool-archive]
+ comment = [bugs-mirror.debian.org] archived bug spool
+ path = /srv/bugs.debian.org/spool/archive
+ read only = true
+
+[bts-spool-index]
+ comment = [bugs-mirror.debian.org] bug index files
+ path = /srv/bugs.debian.org/spool
+ exclude = db-h archive
+ read only = true
+
+[bts-versions]
+ comment = [bugs-mirror.debian.org] bts package version information
+ path = /srv/bugs.debian.org/versions
+ exclude = archive cl-data lock queue bin
+ read only = true
--- /dev/null
+uid = nobody
+gid = nogroup
+max connections = 25
+syslog facility = daemon
+socket options = SO_KEEPALIVE
+timeout = 7200
+log file = /var/log/rsyncd/rsyncd.log
+
+[indices]
+ path = /srv/ftp.debian.org/mirror/indices
+ comment = index files
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/indices.secrets
+
+[ftp]
+ path = /srv/ftp.debian.org/rsync/all
+ comment = Full Debian FTP Archive (~450 GB)
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/ftp.secrets
+ list = no
+
+[debian-all]
+ path = /srv/ftp.debian.org/rsync/all
+ comment = Full Debian FTP Archive (~450 GB)
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/ftp.secrets
+ list = no
+
+[debian]
+ path = /srv/ftp.debian.org/rsync/all
+ comment = Full Debian FTP Archive (~450 GB)
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/ftp.secrets
+
+[buildd-unstable]
+ path = /srv/incoming.debian.org/dists/unstable/current/
+ comment = Buildd directory unstable
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/buildd.secrets
+ list = no
+
+[buildd-sid]
+ path = /srv/incoming.debian.org/dists/unstable/current/
+ comment = Buildd directory unstable
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/buildd.secrets
+ list = no
+
+[buildd-experimental]
+ path = /srv/incoming.debian.org/dists/experimental/current/
+ comment = Buildd directory experimental
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/buildd.secrets
+ list = no
+
+[buildd-rc-buggy]
+ path = /srv/incoming.debian.org/dists/experimental/current/
+ comment = Buildd directory experimental
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/buildd.secrets
+ list = no
+
+[exports]
+ path = /srv/ftp.debian.org/rsync/export
+ comment = Various metadata exports
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/exports.secrets
+
+# disabled 20091024 RT#1864
+#[debian]
+# path = /srv/ftp.debian.org/rsync/typical
+# comment = Typical Debian FTP Archive (~150 GB)
+# auth users = *
+# read only = true
+# secrets file = /etc/rsyncd/ftp.secrets
+#
+#[debian-all+typical]
+# path = /srv/ftp.debian.org/rsync/all+typical
+# comment = Debian 'all' and 'typical' FTP Archive (NB: use rsync with -H)
+# auth users = *
+# read only = true
+# secrets file = /etc/rsyncd/ftp.secrets
+
+[buildd-keyrings]
+ path = /srv/ftp-master.debian.org/scripts/builddkeyrings/keyrings
+ comment = buildd keys for archive uploads
+ read only = true
+ list = no
+ hosts allow = 82.195.75.106, 2001:41b8:202:deb:216:36ff:fe40:3906
+
+[buildd-all]
+ path = /srv/incoming.debian.org/dists/
+ comment = buildd tree sync for geodns
+ read only = true
+ list = no
+ auth users = *
+ secrets file = /etc/rsyncd/buildd-all.secrets
--- /dev/null
+uid = nobody
+gid = nogroup
+max connections = 25
+syslog facility = daemon
+log file = /var/log/rsyncd/rsyncd.log
+socket options = SO_KEEPALIVE
+timeout = 7200
+
+[keyrings]
+ path = /org/keyring.debian.org/pub
+ exclude = keyrings-new/incoming/
+ comment = Debian Keyrings
+ read only = true
+
--- /dev/null
+uid = nobody
+gid = nogroup
+max connections = 20
+syslog facility = daemon
+socket options = SO_KEEPALIVE
+timeout = 7200
+log file = /var/log/rsyncd/rsyncd.log
+
+[debian-security]
+ path = /srv/security.debian.org/archive/debian-security/
+ comment = Debian security archive
+ read only = true
+
+[exports]
+ path = /srv/security.debian.org/rsync/export
+ comment = Various metadata exports
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/exports.secrets
+
+[buildd-lenny]
+ path = /srv/security-master.debian.org/buildd/lenny/
+ comment = Buildd directory oldstable security
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/buildd.secrets
+ list = no
+
+[buildd-squeeze]
+ path = /srv/security-master.debian.org/buildd/squeeze/
+ comment = Buildd directory stable security
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/buildd.secrets
+ list = no
+
+[buildd-wheezy]
+ path = /srv/security-master.debian.org/buildd/wheezy/
+ comment = Buildd directory testing security
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/buildd.secrets
+ list = no
--- /dev/null
+uid = nobody
+gid = nogroup
+max connections = 20
+syslog facility = daemon
+socket options = SO_KEEPALIVE
+timeout = 1200
+
+# weasel 2007-11-19
+log file = /var/log/rsyncd/rsyncd.log
+
+[debian-security]
+ path = /org/ftp.root/debian-security
+ comment = Debian security archive
+ read only = true
+
--- /dev/null
+uid = nobody
+gid = nogroup
+max connections = 20
+syslog facility = daemon
+socket options = SO_KEEPALIVE
+timeout = 7200
+log file = /var/log/rsyncd/rsyncd.log
+
+[web.debian.org]
+ path = /srv/www.debian.org/www
+ comment = Debian Web Site
+ auth users = *
+ read only = true
+ secrets file = /etc/rsyncd/www.secrets
chown_user => dak,
root => '/srv/backports-upload',
}
+
+ rsync::site { 'backports_master':
+ source => 'puppet:///modules/roles/backports_master/rsyncd.conf',
+ max_clients => 100,
+ }
}
--- /dev/null
+class roles::bugs_search {
+
+ rsync::site { 'bugs_search':
+ source => 'puppet:///modules/roles/bugs_search/rsyncd.conf',
+ max_clients => 100,
+ }
+}
--- /dev/null
+class roles::ftp_master {
+
+ rsync::site { 'dakmaster':
+ source => 'puppet:///modules/roles/dakmaster/rsyncd.conf',
+ max_clients => 100,
+ }
+}
include buildd
}
+ if getfromhash($site::nodeinfo, 'bugs_search') {
+ include roles::bugs_search
+ }
+
if getfromhash($site::nodeinfo, 'ftp_master') {
+ include roles::ftp_master
include roles::dakmaster
}
include roles::dakmaster
}
+ if getfromhash($site::nodeinfo, 'www_master') {
+ include roles::www_master
+ }
+
+ if getfromhash($site::nodeinfo, 'keyring') {
+ include roles::keyring
+ }
+
if getfromhash($site::nodeinfo, 'apache2_ftp-upcoming_mirror') {
include roles::ftp-upcoming_mirror
}
--- /dev/null
+class roles::keyring {
+ rsync::site { 'keyring':
+ source => 'puppet:///modules/roles/keyring/rsyncd.conf',
+ }
+}
chown_user => dak,
root => '/srv/ftp.root/',
}
+
+ rsync::site { 'security_master':
+ source => 'puppet:///modules/roles/security_master/rsyncd.conf',
+ max_clients => 100,
+ }
}
max_clients => 200,
root => '/srv/ftp.root/',
}
+
+ rsync::site { 'security':
+ source => 'puppet:///modules/roles/security_mirror/rsyncd.conf',
+ max_clients => 100,
+ }
}
--- /dev/null
+class roles::www_master {
+ rsync::site { 'www_master':
+ source => 'puppet:///modules/roles/www_master/rsyncd.conf',
+ }
+
+}
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+/var/log/rsyncd/*.log {
+ daily
+ missingok
+ rotate 56
+ compress
+ delaycompress
+ notifempty
+ create 644 root root
+}
--- /dev/null
+class rsync {
+
+ package { 'rsync':
+ ensure => installed,
+ noop => true,
+ }
+
+ service { 'rsync':
+ ensure => stopped,
+ noop => true,
+ require => Package['rsync'],
+ }
+
+ file { '/etc/logrotate.d/dsa-rsyncd':
+ source => 'puppet:///modules/rsyncd-log/logrotate.d-dsa-rsyncd',
+ noop => true,
+ require => Package['debian.org'],
+ }
+ file { '/var/log/rsyncd':
+ ensure => directory,
+ noop => true,
+ mode => '0755',
+ }
+
+ @ferm::rule { 'dsa-rsync':
+ domain => '(ip ip6)',
+ description => 'Allow rsync access',
+ rule => '&SERVICE(tcp, 873)'
+ }
+
+}
--- /dev/null
+define rsync::site (
+ $bind='',
+ $source='',
+ $content='',
+ $fname='/etc/rsyncd.conf',
+ $max_clients=200,
+ $ensure=present
+){
+
+ include rsync
+
+ case $ensure {
+ present,absent: {}
+ default: { fail ( "Invald ensure `${ensure}' for ${name}" ) }
+ }
+
+ if ($source and $content) {
+ fail ( "Can't define both source and content for ${name}" )
+ }
+
+ if $source {
+ file { $fname:
+ ensure => $ensure,
+ source => $source
+ }
+ } elsif $content {
+ file { $fname:
+ ensure => $ensure,
+ content => $content,
+ }
+ } else {
+ fail ( "Can't find config for ${name}" )
+ }
+
+ xinetd::service { "rsync-${name}":
+ bind => $bind,
+ id => "${name}-rsync",
+ server => '/usr/sbin/rsyncd',
+ port => 'rsync',
+ server_args => $fname,
+ ferm => false,
+ instances => $max_clients,
+ require => File[$fname]
+ }
+
+ Service['rsync']->Service['xinetd']
+}
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-/var/log/rsyncd/*.log {
- daily
- missingok
- rotate 56
- compress
- delaycompress
- notifempty
- create 644 root root
-}
+++ /dev/null
-class rsyncd-log {
- file { '/etc/logrotate.d/dsa-rsyncd':
- source => 'puppet:///modules/rsyncd-log/logrotate.d-dsa-rsyncd',
- require => Package['debian.org'],
- }
- file { '/var/log/rsyncd':
- ensure => directory,
- mode => '0755',
- }
-}
projects / dsa-puppet.git / commitdiff