diff options
author | Nicolas Vigier <boklm@mageia.org> | 2013-05-23 15:05:56 +0000 |
---|---|---|
committer | Nicolas Vigier <boklm@mageia.org> | 2013-05-23 15:05:56 +0000 |
commit | 255c868d79be6b2725570a70c51ce9e54e9313bd (patch) | |
tree | b9816e304b8d54bb6dcb701721dc38a67425b9b7 | |
parent | 283e0a113727d6af901537a3b481683b3379112b (diff) | |
download | puppet-255c868d79be6b2725570a70c51ce9e54e9313bd.tar puppet-255c868d79be6b2725570a70c51ce9e54e9313bd.tar.gz puppet-255c868d79be6b2725570a70c51ce9e54e9313bd.tar.bz2 puppet-255c868d79be6b2725570a70c51ce9e54e9313bd.tar.xz puppet-255c868d79be6b2725570a70c51ce9e54e9313bd.zip |
buildsystem: don't hardcode distros in vhost_repository.conf
Use buildsystem::var::distros settings in vhost_repository.conf
template.
The URLs for the infra_1 and infra_2 repositories have been changed, and
will need to be updated in urpmi configuration on servers using those
repositories.
The old URLs were :
- http://repository.mageia.org/distrib/infra_1/
- http://repository.mageia.org/distrib/infra_2/
The new URLs are now :
- http://repository.mageia.org/bootstrap/infra_1/
- http://repository.mageia.org/bootstrap/infra_2/
-rw-r--r-- | deployment/mga_buildsystem/manifests/config.pp | 11 | ||||
-rw-r--r-- | modules/buildsystem/manifests/var/distros.pp | 6 | ||||
-rw-r--r-- | modules/buildsystem/templates/vhost_repository.conf | 55 |
3 files changed, 46 insertions, 26 deletions
diff --git a/deployment/mga_buildsystem/manifests/config.pp b/deployment/mga_buildsystem/manifests/config.pp index f3e9ad7c..a9b82b2a 100644 --- a/deployment/mga_buildsystem/manifests/config.pp +++ b/deployment/mga_buildsystem/manifests/config.pp @@ -91,6 +91,14 @@ class mga_buildsystem::config { 'vendor' => 'Mageia.Org', '_real_vendor' => 'mageia', } + $repo_allow_from = [ + '2a02:2178:2:7::3/64', # valstar + '2a02:2178:2:7::4/64', # ecosse + '2a02:2178:2:7::5/64', # jonund + ".${::domain}", + '10.42.0', + '212.85.158.152', #rabbit + ] class { 'buildsystem::var::distros': default_distro => 'cauldron', distros => { @@ -102,6 +110,7 @@ class mga_buildsystem::config { 'version' => '3', 'submit_allowed' => "${svn_root_packages}/cauldron", 'macros' => $std_macros, + 'repo_allow_from' => $repo_allow_from, }, '1' => { @@ -112,6 +121,7 @@ class mga_buildsystem::config { 'version' => '1', 'submit_allowed' => "${svn_root_packages}/updates/1", 'macros' => $std_macros, + 'repo_allow_from' => $repo_allow_from, }, '2' => { @@ -122,6 +132,7 @@ class mga_buildsystem::config { 'version' => '2', 'submit_allowed' => "${svn_root_packages}/updates/2", 'macros' => $std_macros, + 'repo_allow_from' => $repo_allow_from, }, 'infra_1' => { diff --git a/modules/buildsystem/manifests/var/distros.pp b/modules/buildsystem/manifests/var/distros.pp index 87f78e19..ddd8ffc1 100644 --- a/modules/buildsystem/manifests/var/distros.pp +++ b/modules/buildsystem/manifests/var/distros.pp @@ -39,7 +39,11 @@ # 'distsuffix' => '.mga', # 'distribution' => 'Mageia', # 'vendor' => 'Mageia.Org', -# } +# }, +# # list of IP or hostnames allowed to access this distro on the +# # repository. If you don't want to filter allowed IPs, don't set +# # this value +# 'repo_allow_from' => [ '127.0.0.1', '10.0.0.1', '.mageia.org' ], # }, # } class buildsystem::var::distros( diff --git a/modules/buildsystem/templates/vhost_repository.conf b/modules/buildsystem/templates/vhost_repository.conf index cc0e437a..167c026e 100644 --- a/modules/buildsystem/templates/vhost_repository.conf +++ b/modules/buildsystem/templates/vhost_repository.conf @@ -1,40 +1,45 @@ -<% -# FIXME: add a reverse lookup for IPv6 adresses -# allowed hosts are: valstar, ecosse, jonund -# Which ip is 2a02:2178:2:7::5/64 ? -buildsystem_nodes = "2a02:2178:2:7::3/64 2a02:2178:2:7::4/64 2a02:2178:2:7::5/64 fe80::230:48ff:fecf:101c/64" +<%- mirror_root = scope.lookupvar('buildsystem::var::repository::mirror_root') -%> - +mirror_reporoot = scope.lookupvar('buildsystem::var::repository::mirror_reporoot') +bootstrap_reporoot = scope.lookupvar('buildsystem::var::repository::bootstrap_reporoot') +distros = scope.lookupvar('buildsystem::var::distros::distros') +-%> <VirtualHost *:80> ServerName <%= scope.lookupvar('buildsystem::var::repository::hostname') %> DocumentRoot <%= mirror_root %> - Alias /distrib/infra_1/ "/distrib/bootstrap/distrib/infra_1/" - Alias /distrib/infra_2/ "/distrib/bootstrap/distrib/infra_2/" - - <Directory <%= mirror_root %>> - Order deny,allow - Deny from all - Allow from localhost, 127.0.0.1 - Allow from <%= buildsystem_nodes %> - Allow from .<%= @domain %> - Allow from 10.42.0 - # FIXME: add a reverse lookup for rabbit - Allow from 212.85.158.152 212.85.158.149 - Options Indexes FollowSymLinks - </Directory> +<%- + distros.each{|distroname,distro| + allow_from = distro['repo_allow_from'] != nil ? distro['repo_allow_from'] : [ 'all' ] +%> + Alias /bootstrap/<%= distroname %>/ "<%= bootstrap_reporoot %>/<%= distroname %>/" - <Directory /distrib/bootstrap/distrib/infra_1> + <Directory <%= bootstrap_reporoot %>/<%= distroname %>> Header append Cache-Control "public, must-revalidate" Order deny,allow - Allow from all +<%- + for allow in allow_from do +-%> + Allow from <%= allow %> +<%- + end +-%> Options Indexes FollowSymLinks </Directory> - <Directory /distrib/bootstrap/distrib/infra_2> + <Directory <%= mirror_reporoot %>/<%= distroname %>> Header append Cache-Control "public, must-revalidate" Order deny,allow - Allow from all + Deny from all +<%- + for allow in allow_from do +-%> + Allow from <%= allow %> +<%- + end +-%> Options Indexes FollowSymLinks </Directory> +<%- + } +-%> </VirtualHost> |