Host debuginfod.archlinux.org on the geo mirrors

This should provide better download speeds outside of Europe and have plenty of CPU cores for enabling gzip compression of debuginfo files.

Host debuginfod.archlinux.org on the geo mirrors
f5bccf6c · Evangelos Foutras · 4f5c92d9 · f5bccf6c · f5bccf6c · f5bccf6c
Verified Commit f5bccf6c authored 2 years ago by Evangelos Foutras
--- a/group_vars/all/geo.yml
+++ b/group_vars/all/geo.yml
 geo_acme_dns_challenge_ns: redirect.archlinux.org
 geo_domains:
  - geo.mirror.pkgbuild.com
+  - debuginfod.archlinux.org
 geo_health_check_paths:
  geo.mirror.pkgbuild.com: /lastupdate
+  debuginfod.archlinux.org: /packages
--- a/playbooks/mirrors.yml
+++ b/playbooks/mirrors.yml
@@ -16,3 +16,4 @@
    - { role: fail2ban }
    - { role: wireguard }
    - { role: geo_dns, when: "'geo_mirrors' in group_names" }
+    - { role: debuginfod, when: "'geo_mirrors' in group_names" }
--- a/roles/dbscripts/templates/rsyncd.conf.proto.j2
+++ b/roles/dbscripts/templates/rsyncd.conf.proto.j2
@@ -97,7 +97,7 @@ hosts deny = *
 	comment =  debug packages
 	exclude = *
 	include = /*-debug/*** /pool /pool/*-debug/***
-	hosts allow = {{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | join(' ') }} {{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | join(' ') }} {{ hostvars['debuginfod.archlinux.org']['ipv4_address'] }} {{ hostvars['debuginfod.archlinux.org']['ipv6_address'] }}
+	hosts allow = {{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | join(' ') }} {{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | join(' ') }}
 	max connections = 0

 # Individual repositories

--- a/roles/debuginfod/tasks/main.yml
+++ b/roles/debuginfod/tasks/main.yml
@@ -7,6 +7,7 @@
    name: certificate
  vars:
    domains: ["{{ debuginfod_domain }}"]
+    challenge: "{{ 'DNS-01' if 'geo_mirrors' in group_names else 'HTTP-01' }}"
  when: debuginfod_domain

 - name: configure debuginfod systemd service
@@ -45,11 +46,5 @@
  when: debuginfod_domain
  tags: ['nginx']

- name: open debuginfod ipv4 port for monitoring.archlinux.org
-  ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
-    rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8002 accept"
-  tags:
-    - firewall
-
 - name: start and enable debuginfod
  service: name=debuginfod enabled=yes state=started
--- a/roles/prometheus/defaults/main.yml
+++ b/roles/prometheus/defaults/main.yml
@@ -17,6 +17,10 @@ blackbox_targets:
    - targets: "{{ groups['geo_mirrors'] }}"
      hostname: geo.mirror.pkgbuild.com
      secure: true
+    - targets: "{{ groups['geo_mirrors'] }}"
+      hostname: debuginfod.archlinux.org
+      secure: true
+      path: /metrics
    - http://{{ hostvars['monitoring.archlinux.org']['wireguard_address'] }}
    - https://accounts.archlinux.org
    - https://america.archive.pkgbuild.com
@@ -77,6 +81,8 @@ blackbox_targets:
    - lists.archlinux.org:25
  geo_dns_geo.mirror.pkgbuild.com_a: "{{ groups['geo_mirrors'] }}"
  geo_dns_geo.mirror.pkgbuild.com_aaaa: "{{ groups['geo_mirrors'] }}"
+  geo_dns_debuginfod.archlinux.org_a: "{{ groups['geo_mirrors'] }}"
+  geo_dns_debuginfod.archlinux.org_aaaa: "{{ groups['geo_mirrors'] }}"
 matrix_metrics_endpoints:
  - homeserver
  - appservice

--- a/roles/prometheus/templates/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus.yml.j2
@@ -66,12 +66,6 @@ scrape_configs:
          instance: "{{ host }}"
      {% endfor %}

-  - job_name: 'debuginfod'
-    static_configs:
-      - targets: ['{{ hostvars['debuginfod.archlinux.org']['wireguard_address'] }}:8002']
-        labels:
-          instance: "debuginfod.archlinux.org"
-
  - job_name: 'powerdns'
    static_configs:
      {% for host in groups['geo_mirrors'] + [geo_acme_dns_challenge_ns] %}
@@ -158,7 +152,7 @@ scrape_configs:
      {% for vhost in blackbox_targets[module] | select('mapping') if module == 'http_prometheus' %}
      - targets:
          {% for target in vhost.targets %}
-          - http{{ 's' if vhost.secure }}://{{ target }}
+          - http{{ 's' if vhost.secure }}://{{ target }}{{ vhost.path | default('') }}
          {% endfor %}
        labels:
          vhost: {{ vhost.hostname }}

--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -146,7 +146,7 @@ locals {
    },
    "debuginfod.archlinux.org" = {
      server_type = "cx11"
-      domain      = "debuginfod"
+      domain      = "debuginfod-old"
    }
    "buildbot.pkgbuild.com" = {
      server_type = "cx21"
@@ -371,6 +371,10 @@ locals {
      zone_id = hetznerdns_zone.pkgbuild.id
      name    = "geo.mirror"
    }
+    "debuginfod.archlinux.org" = {
+      zone_id = hetznerdns_zone.archlinux.id
+      name    = "debuginfod"
+    }
  }
 }