[MediaWiki-commits] [Gerrit] operations/puppet[production]: mirrrors: set up push mirroring for Debian

Wed, 02 Nov 2016 11:32:37 -0700 

Faidon Liambotis has submitted this change and it was merged.

Change subject: mirrrors: set up push mirroring for Debian
......................................................................


mirrrors: set up push mirroring for Debian

Allow the Debian syncproxy to trigger ftpsync runs over ssh, with a
forced command. This replaces the previously cron-triggered mirror runs.

Change-Id: Iea47d1a6df5aa46ef586eb35a81de53091e85734
---
A modules/mirrors/files/ssh-debian-archvsync.pub
M modules/mirrors/manifests/debian.pp
M modules/role/manifests/mirrors.pp
3 files changed, 10 insertions(+), 7 deletions(-)

Approvals:
  Faidon Liambotis: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/mirrors/files/ssh-debian-archvsync.pub 
b/modules/mirrors/files/ssh-debian-archvsync.pub
new file mode 100644
index 0000000..19b2a70
--- /dev/null
+++ b/modules/mirrors/files/ssh-debian-archvsync.pub
@@ -0,0 +1 @@
+no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,command="/var/lib/mirror/archvsync/bin/ftpsync"
 ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAABAQDNZoV9j9KFMFssqLLbKF0b35npFAE3USHgtyN3pUsFm8Wsh1i4ZVly+8Nks7LVJrAI8uCrfvZKyQrqdcjAyy7UAGXfz5YrMxj0PZbvz9rHWa7Hxl+wO5mYwtklN8ek7uFgqDCmMOkE+4uIxOlPzDJ95BUBx5SVm8jAaMmaBoX20rxO5BGvguVU4RJ1V9EZKB4B9pGbdScRJOWAGUrg8HSKJGtlNQTF0xIU6P6quF0O+qpjF9CiB2GVzRJZXNpAhlekpVx5/Xg6N+sIN7QxxHViO7xwTQgteUehbrpToNc1N4jf4kciHmP/jdgEus/W61U410QfXVUYKOTDuGzAotl/
 archvs...@syncproxy.cna.debian.org (aka mirror-umn.debian.org; 2015-12-09)
diff --git a/modules/mirrors/manifests/debian.pp 
b/modules/mirrors/manifests/debian.pp
index edcd1f9..f98d1f5 100644
--- a/modules/mirrors/manifests/debian.pp
+++ b/modules/mirrors/manifests/debian.pp
@@ -54,15 +54,12 @@
         content => template('mirrors/ftpsync.conf.erb'),
     }
 
-    cron { 'update-debian-mirror':
-        ensure  => present,
-        command => '/var/lib/mirror/archvsync/bin/ftpsync',
-        user    => 'mirror',
-        hour    => '*/6',
-        minute  => '03',
-        require => File['/var/lib/mirror/archvsync/etc/ftpsync.conf'],
+    # allow the Debian syncproxy to trigger ftpsync runs over ssh
+    ssh::userkey { 'mirror':
+        source => 'puppet:///modules/mirrors/ssh-debian-archvsync.pub',
     }
 
+    # serve via rsync
     rsync::server::module { 'debian':
         path      => '/srv/mirrors/debian/',
         read_only => 'yes',
diff --git a/modules/role/manifests/mirrors.pp 
b/modules/role/manifests/mirrors.pp
index 3a32206..9b48fc6 100644
--- a/modules/role/manifests/mirrors.pp
+++ b/modules/role/manifests/mirrors.pp
@@ -31,4 +31,9 @@
         proto => 'tcp',
         port  => '873',
     }
+    ferm::service { 'mirrors_ssh':
+        proto  => 'tcp',
+        port   => 'ssh',
+        srange => '@resolve(syncproxy.cna.debian.org)',
+    }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/319371
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iea47d1a6df5aa46ef586eb35a81de53091e85734
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to