Verified Commit f5bccf6c authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

Host debuginfod.archlinux.org on the geo mirrors

This should provide better download speeds outside of Europe and have
plenty of CPU cores for enabling gzip compression of debuginfo files.
parent 4f5c92d9
Pipeline #18761 passed with stage
in 36 seconds
geo_acme_dns_challenge_ns: redirect.archlinux.org
geo_domains:
- geo.mirror.pkgbuild.com
- debuginfod.archlinux.org
geo_health_check_paths:
geo.mirror.pkgbuild.com: /lastupdate
debuginfod.archlinux.org: /packages
......@@ -16,3 +16,4 @@
- { role: fail2ban }
- { role: wireguard }
- { role: geo_dns, when: "'geo_mirrors' in group_names" }
- { role: debuginfod, when: "'geo_mirrors' in group_names" }
......@@ -97,7 +97,7 @@ hosts deny = *
comment = debug packages
exclude = *
include = /*-debug/*** /pool /pool/*-debug/***
hosts allow = {{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | join(' ') }} {{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | join(' ') }} {{ hostvars['debuginfod.archlinux.org']['ipv4_address'] }} {{ hostvars['debuginfod.archlinux.org']['ipv6_address'] }}
hosts allow = {{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | join(' ') }} {{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | join(' ') }}
max connections = 0
# Individual repositories
......
......@@ -7,6 +7,7 @@
name: certificate
vars:
domains: ["{{ debuginfod_domain }}"]
challenge: "{{ 'DNS-01' if 'geo_mirrors' in group_names else 'HTTP-01' }}"
when: debuginfod_domain
- name: configure debuginfod systemd service
......@@ -45,11 +46,5 @@
when: debuginfod_domain
tags: ['nginx']
- name: open debuginfod ipv4 port for monitoring.archlinux.org
ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8002 accept"
tags:
- firewall
- name: start and enable debuginfod
service: name=debuginfod enabled=yes state=started
......@@ -17,6 +17,10 @@ blackbox_targets:
- targets: "{{ groups['geo_mirrors'] }}"
hostname: geo.mirror.pkgbuild.com
secure: true
- targets: "{{ groups['geo_mirrors'] }}"
hostname: debuginfod.archlinux.org
secure: true
path: /metrics
- http://{{ hostvars['monitoring.archlinux.org']['wireguard_address'] }}
- https://accounts.archlinux.org
- https://america.archive.pkgbuild.com
......@@ -77,6 +81,8 @@ blackbox_targets:
- lists.archlinux.org:25
geo_dns_geo.mirror.pkgbuild.com_a: "{{ groups['geo_mirrors'] }}"
geo_dns_geo.mirror.pkgbuild.com_aaaa: "{{ groups['geo_mirrors'] }}"
geo_dns_debuginfod.archlinux.org_a: "{{ groups['geo_mirrors'] }}"
geo_dns_debuginfod.archlinux.org_aaaa: "{{ groups['geo_mirrors'] }}"
matrix_metrics_endpoints:
- homeserver
- appservice
......
......@@ -66,12 +66,6 @@ scrape_configs:
instance: "{{ host }}"
{% endfor %}
- job_name: 'debuginfod'
static_configs:
- targets: ['{{ hostvars['debuginfod.archlinux.org']['wireguard_address'] }}:8002']
labels:
instance: "debuginfod.archlinux.org"
- job_name: 'powerdns'
static_configs:
{% for host in groups['geo_mirrors'] + [geo_acme_dns_challenge_ns] %}
......@@ -158,7 +152,7 @@ scrape_configs:
{% for vhost in blackbox_targets[module] | select('mapping') if module == 'http_prometheus' %}
- targets:
{% for target in vhost.targets %}
- http{{ 's' if vhost.secure }}://{{ target }}
- http{{ 's' if vhost.secure }}://{{ target }}{{ vhost.path | default('') }}
{% endfor %}
labels:
vhost: {{ vhost.hostname }}
......
......@@ -146,7 +146,7 @@ locals {
},
"debuginfod.archlinux.org" = {
server_type = "cx11"
domain = "debuginfod"
domain = "debuginfod-old"
}
"buildbot.pkgbuild.com" = {
server_type = "cx21"
......@@ -371,6 +371,10 @@ locals {
zone_id = hetznerdns_zone.pkgbuild.id
name = "geo.mirror"
}
"debuginfod.archlinux.org" = {
zone_id = hetznerdns_zone.archlinux.id
name = "debuginfod"
}
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment