# Node-OS: xenial # Puppet-Version: !3 node /^grafana\d*\.open.*\.org$/ { $group = "grafana" class { 'openstack_project::server': } class { 'openstack_project::grafana': admin_password => hiera('grafana_admin_password'), admin_user => hiera('grafana_admin_user', 'username'), mysql_host => hiera('grafana_mysql_host', 'localhost'), mysql_name => hiera('grafana_mysql_name'), mysql_password => hiera('grafana_mysql_password'), mysql_user => hiera('grafana_mysql_user', 'username'), project_config_repo => 'https://opendev.org/openstack/project-config', secret_key => hiera('grafana_secret_key'), } } # Node-OS: xenial node /^health\d*\.openstack\.org$/ { $group = "health" class { 'openstack_project::server': } class { 'openstack_project::openstack_health_api': subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'), hostname => 'health.openstack.org', } } # Node-OS: xenial node /^cacti\d+\.open.*\.org$/ { $group = "cacti" # NOTE(ianw) 2020-05 : disabled pending removal, migrated to # ansible. # include openstack_project::ssl_cert_check class { 'openstack_project::cacti': cacti_hosts => hiera_array('cacti_hosts'), vhost_name => 'cacti.openstack.org', } } # Node-OS: xenial node /^graphite\d*\.open.*\.org$/ { class { 'openstack_project::server': } class { '::graphite': graphite_admin_user => hiera('graphite_admin_user', 'username'), graphite_admin_email => hiera('graphite_admin_email', 'email@example.com'), graphite_admin_password => hiera('graphite_admin_password'), # NOTE(ianw): installed on the host via ansible ssl_cert_file => '/etc/letsencrypt-certs/graphite01.opendev.org/graphite01.opendev.org.cer', ssl_key_file => '/etc/letsencrypt-certs/graphite01.opendev.org/graphite01.opendev.org.key', ssl_chain_file => '/etc/letsencrypt-certs/graphite01.opendev.org/ca.cer', } } # Node-OS: xenial node /^lists\d*\.open.*\.org$/ { class { 'openstack_project::server': } class { 'openstack_project::lists': listpassword => hiera('listpassword'), } } # Node-OS: xenial node /^lists\d*\.katacontainers\.io$/ { class { 'openstack_project::server': } class { 'openstack_project::kata_lists': listpassword => hiera('listpassword'), } } # Node-OS: xenial node /^paste\d*\.open.*\.org$/ { $group = "paste" class { 'openstack_project::server': } class { 'openstack_project::paste': db_password => hiera('paste_db_password'), db_host => hiera('paste_db_host'), vhost_name => 'paste.openstack.org', } } # Node-OS: xenial node /planet\d*\.open.*\.org$/ { class { 'openstack_project::planet': } } # Node-OS: xenial node /^ethercalc\d+\.open.*\.org$/ { $group = "ethercalc" class { 'openstack_project::server': } class { 'openstack_project::ethercalc': vhost_name => 'ethercalc.openstack.org', ssl_cert_file_contents => hiera('ssl_cert_file_contents'), ssl_key_file_contents => hiera('ssl_key_file_contents'), ssl_chain_file_contents => hiera('ssl_chain_file_contents'), } } # Node-OS: xenial node /^wiki\d+\.openstack\.org$/ { $group = "wiki" class { 'openstack_project::wiki': bup_user => 'bup-wiki', serveradmin => hiera('infra_apache_serveradmin'), site_hostname => 'wiki.openstack.org', ssl_cert_file_contents => hiera('ssl_cert_file_contents'), ssl_key_file_contents => hiera('ssl_key_file_contents'), ssl_chain_file_contents => hiera('ssl_chain_file_contents'), wg_dbserver => hiera('wg_dbserver'), wg_dbname => 'openstack_wiki', wg_dbuser => 'wikiuser', wg_dbpassword => hiera('wg_dbpassword'), wg_secretkey => hiera('wg_secretkey'), wg_upgradekey => hiera('wg_upgradekey'), wg_recaptchasitekey => hiera('wg_recaptchasitekey'), wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'), wg_googleanalyticsaccount => hiera('wg_googleanalyticsaccount'), } } # Node-OS: xenial node /^wiki-dev\d+\.openstack\.org$/ { $group = "wiki-dev" class { 'openstack_project::wiki': serveradmin => hiera('infra_apache_serveradmin'), site_hostname => 'wiki-dev.openstack.org', wg_dbserver => hiera('wg_dbserver'), wg_dbname => 'openstack_wiki', wg_dbuser => 'wikiuser', wg_dbpassword => hiera('wg_dbpassword'), wg_secretkey => hiera('wg_secretkey'), wg_upgradekey => hiera('wg_upgradekey'), wg_recaptchasitekey => hiera('wg_recaptchasitekey'), wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'), disallow_robots => true, } } # Node-OS: xenial node /^logstash\d*\.open.*\.org$/ { class { 'openstack_project::server': } class { 'openstack_project::logstash': discover_nodes => [ 'elasticsearch03.openstack.org:9200', 'elasticsearch04.openstack.org:9200', 'elasticsearch05.openstack.org:9200', 'elasticsearch06.openstack.org:9200', 'elasticsearch07.openstack.org:9200', 'elasticsearch02.openstack.org:9200', ], subunit2sql_db_host => hiera('subunit2sql_db_host', ''), subunit2sql_db_pass => hiera('subunit2sql_db_password', ''), } } # Node-OS: xenial node /^logstash-worker\d+\.open.*\.org$/ { $group = 'logstash-worker' $elasticsearch_nodes = [ 'elasticsearch02.openstack.org', 'elasticsearch03.openstack.org', 'elasticsearch04.openstack.org', 'elasticsearch05.openstack.org', 'elasticsearch06.openstack.org', 'elasticsearch07.openstack.org', ] class { 'openstack_project::server': } class { 'openstack_project::logstash_worker': discover_node => 'elasticsearch03.openstack.org', enable_mqtt => false, mqtt_password => hiera('mqtt_service_user_password'), mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'), } } # Node-OS: xenial node /^subunit-worker\d+\.open.*\.org$/ { $group = "subunit-worker" class { 'openstack_project::server': } class { 'openstack_project::subunit_worker': subunit2sql_db_host => hiera('subunit2sql_db_host', ''), subunit2sql_db_pass => hiera('subunit2sql_db_password', ''), mqtt_pass => hiera('mqtt_service_user_password'), mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'), } } # Node-OS: xenial node /^elasticsearch\d+\.open.*\.org$/ { $group = "elasticsearch" $elasticsearch_nodes = [ 'elasticsearch02.openstack.org', 'elasticsearch03.openstack.org', 'elasticsearch04.openstack.org', 'elasticsearch05.openstack.org', 'elasticsearch06.openstack.org', 'elasticsearch07.openstack.org', ] class { 'openstack_project::server': } class { 'openstack_project::elasticsearch_node': discover_nodes => $elasticsearch_nodes, } } # Node-OS: xenial node /^firehose\d+\.open.*\.org$/ { class { 'openstack_project::server': } class { 'openstack_project::firehose': gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'), gerrit_public_key => hiera('germqtt_gerrit_ssh_public_key'), gerrit_private_key => hiera('germqtt_gerrit_ssh_private_key'), mqtt_password => hiera('mqtt_service_user_password'), ca_file => hiera('mosquitto_tls_ca_file'), cert_file => hiera('mosquitto_tls_server_cert_file'), key_file => hiera('mosquitto_tls_server_key_file'), imap_hostname => hiera('lpmqtt_imap_server'), imap_username => hiera('lpmqtt_imap_username'), imap_password => hiera('lpmqtt_imap_password'), statsd_host => 'graphite.opendev.org', } } # A machine to drive AFS mirror updates. # Node-OS: xenial node /^mirror-update\d*\.open.*\.org$/ { $group = "afsadmin" class { 'openstack_project::mirror_update': admin_keytab => hiera('afsadmin_keytab'), fedora_keytab => hiera('fedora_keytab'), opensuse_keytab => hiera('opensuse_keytab'), reprepro_keytab => hiera('reprepro_keytab'), gem_keytab => hiera('gem_keytab'), centos_keytab => hiera('centos_keytab'), epel_keytab => hiera('epel_keytab'), yum_puppetlabs_keytab => hiera('yum_puppetlabs_keytab'), } } # Node-OS: trusty # Node-OS: xenial node /^refstack\d*\.open.*\.org$/ { class { 'openstack_project::server': } class { 'refstack': mysql_host => hiera('refstack_mysql_host', 'localhost'), mysql_database => hiera('refstack_mysql_db_name', 'refstack'), mysql_user => hiera('refstack_mysql_user', 'refstack'), mysql_user_password => hiera('refstack_mysql_password'), ssl_cert_content => hiera('refstack_ssl_cert_file_contents'), ssl_cert => '/etc/ssl/certs/refstack.pem', ssl_key_content => hiera('refstack_ssl_key_file_contents'), ssl_key => '/etc/ssl/private/refstack.key', ssl_ca_content => hiera('refstack_ssl_chain_file_contents'), ssl_ca => '/etc/ssl/certs/refstack.ca.pem', protocol => 'https', } mysql_backup::backup_remote { 'refstack': database_host => hiera('refstack_mysql_host', 'localhost'), database_user => hiera('refstack_mysql_user', 'refstack'), database_password => hiera('refstack_mysql_password'), require => Class['::refstack'], } } # A machine to run Storyboard # Node-OS: xenial node /^storyboard\d+\.opendev\.org$/ { $group = "storyboard" class { 'openstack_project::storyboard': project_config_repo => 'https://opendev.org/openstack/project-config', mysql_host => hiera('storyboard_db_host', 'localhost'), mysql_user => hiera('storyboard_db_user', 'username'), mysql_password => hiera('storyboard_db_password'), rabbitmq_user => hiera('storyboard_rabbit_user', 'username'), rabbitmq_password => hiera('storyboard_rabbit_password'), ssl_cert => '/etc/ssl/certs/storyboard.openstack.org.pem', ssl_cert_file_contents => hiera('storyboard_ssl_cert_file_contents'), ssl_key => '/etc/ssl/private/storyboard.openstack.org.key', ssl_key_file_contents => hiera('storyboard_ssl_key_file_contents'), ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents'), hostname => 'storyboard.openstack.org', valid_oauth_clients => ['storyboard.openstack.org',], cors_allowed_origins => ['https://storyboard.openstack.org',], sender_email_address => 'storyboard@storyboard.openstack.org', default_url => 'https://storyboard.openstack.org', } } # A machine to run Storyboard devel # Node-OS: xenial node /^storyboard-dev\d+\.opendev\.org$/ { $group = "storyboard-dev" class { 'openstack_project::storyboard::dev': project_config_repo => 'https://opendev.org/openstack/project-config', mysql_host => hiera('storyboard_db_host', 'localhost'), mysql_user => hiera('storyboard_db_user', 'username'), mysql_password => hiera('storyboard_db_password'), rabbitmq_user => hiera('storyboard_rabbit_user', 'username'), rabbitmq_password => hiera('storyboard_rabbit_password'), hostname => 'storyboard-dev.openstack.org', valid_oauth_clients => ['^.*',], cors_allowed_origins => ['^.*',], sender_email_address => 'storyboard-dev@storyboard-dev.openstack.org', default_url => 'https://storyboard-dev.openstack.org', } } # A machine to serve various project status updates. # Node-OS: xenial node /^status\d*\.open.*\.org$/ { $group = 'status' class { 'openstack_project::server': } class { 'openstack_project::status': gerrit_host => 'review.opendev.org', gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'), reviewday_ssh_public_key => hiera('reviewday_rsa_pubkey_contents'), reviewday_ssh_private_key => hiera('reviewday_rsa_key_contents'), recheck_ssh_public_key => hiera('elastic-recheck_gerrit_ssh_public_key'), recheck_ssh_private_key => hiera('elastic-recheck_gerrit_ssh_private_key'), recheck_bot_nick => 'openstackrecheck', recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'), } } # Node-OS: xenial node /^survey\d+\.open.*\.org$/ { $group = "survey" class { 'openstack_project::server': } class { 'openstack_project::survey': vhost_name => 'survey.openstack.org', auth_openid => true, ssl_cert_file_contents => hiera('ssl_cert_file_contents'), ssl_key_file_contents => hiera('ssl_key_file_contents'), ssl_chain_file_contents => hiera('ssl_chain_file_contents'), dbpassword => hiera('dbpassword'), dbhost => hiera('dbhost'), adminuser => hiera('adminuser'), adminpass => hiera('adminpass'), adminmail => hiera('adminmail'), } } # Node-OS: xenial node /^nb\d+\.open.*\.org$/ { $group = 'nodepool' class { 'openstack_project::server': } include openstack_project class { '::openstackci::nodepool_builder': nodepool_ssh_public_key => hiera('zuul_worker_ssh_public_key_contents'), vhost_name => $::fqdn, enable_build_log_via_http => true, project_config_repo => 'https://opendev.org/openstack/project-config', statsd_host => 'graphite.opendev.org', upload_workers => '16', revision => 'master', python_version => 3, zuulv3 => true, ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', } cron { 'mirror_gitgc': user => 'nodepool', hour => '20', minute => '0', command => 'find /opt/dib_cache/source-repositories/ -type d -name "*.git" -exec git --git-dir="{}" gc \; >/dev/null', environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin', require => Class['::openstackci::nodepool_builder'], } } # Node-OS: xenial node /^pbx\d*\.open.*\.org$/ { $group = "pbx" class { 'openstack_project::server': } class { 'openstack_project::pbx': sip_providers => [ { provider => 'voipms', hostname => 'dallas.voip.ms', username => hiera('voipms_username', 'username'), password => hiera('voipms_password'), outgoing => false, }, ], } } # Node-OS: xenial # A backup machine. Don't run cron or puppet agent on it. node /^backup\d+\..*\.ci\.open.*\.org$/ { $group = "ci-backup" class { 'openstack_project::server': } include openstack_project::backup_server } # Node-OS: xenial node /^openstackid\d*(\.openstack)?\.org$/ { $group = "openstackid" class { 'openstack_project::openstackid_prod': site_admin_password => hiera('openstackid_site_admin_password'), id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'), id_mysql_password => hiera('openstackid_id_mysql_password'), id_mysql_user => hiera('openstackid_id_mysql_user', 'username'), id_db_name => hiera('openstackid_id_db_name'), redis_password => hiera('openstackid_redis_password'), ssl_cert_file_contents => hiera('openstackid_ssl_cert_file_contents'), ssl_key_file_contents => hiera('openstackid_ssl_key_file_contents'), ssl_chain_file_contents => hiera('openstackid_ssl_chain_file_contents'), id_recaptcha_public_key => hiera('openstackid_recaptcha_public_key'), id_recaptcha_private_key => hiera('openstackid_recaptcha_private_key'), vhost_name => 'openstackid.org', session_cookie_domain => 'openstackid.org', serveradmin => 'webmaster@openstackid.org', canonicalweburl => 'https://openstackid.org/', app_url => 'https://openstackid.org', app_key => hiera('openstackid_app_key'), id_log_error_to_email => 'openstack@tipit.net', id_log_error_from_email => 'noreply@openstack.org', email_driver => 'sendgrid', email_send_grid_api_key => hiera('openstackid_send_grid_api_key'), php_version => 7, mysql_ssl_enabled => true, mysql_ssl_ca_file_contents => hiera('openstackid_mysql_ssl_ca_file_contents'), mysql_ssl_client_key_file_contents => hiera('openstackid_mysql_ssl_client_key_file_contents'), mysql_ssl_client_cert_file_contents => hiera('openstackid_mysql_ssl_client_cert_file_contents'), user_spam_processor_to => hiera('openstackid_user_spam_processor_to'), message_broker_exchange_name => 'message-broker', message_broker_host => hiera('openstackid_message_broker_host'), message_broker_port => 5671, message_broker_vhost => 'databus', message_broker_login => hiera('openstackid_message_broker_login'), message_broker_password => hiera('openstackid_message_broker_password'), message_broker_ssl_enabled => true, message_broker_ssl_ca_file_contents => hiera('openstackid_message_broker_ssl_ca_file_contents'), message_broker_ssl_client_cert_file_contents => hiera('openstackid_message_broker_ssl_client_cert_file_contents'), message_broker_ssl_client_key_file_contents => hiera('openstackid_message_broker_ssl_client_key_file_contents'), message_broker_enabled => true, cloud_storage_base_url => hiera('openstackid_cloud_storage_base_url'), cloud_storage_auth_url => 'https://auth.vexxhost.net/v3', cloud_storage_app_credential_id => hiera('openstackid_cloud_storage_app_credential_id'), cloud_storage_app_credential_secret => hiera('openstackid_cloud_storage_app_credential_secret'), cloud_storage_project_name => hiera('openstackid_cloud_storage_project_name'), cloud_storage_region => 'ca-ymq-1', cloud_storage_container => 'idp-osf', } } # Node-OS: xenial node /^openstackid-dev\d*\.openstack\.org$/ { $group = "openstackid-dev" class { 'openstack_project::openstackid_dev': site_admin_password => hiera('openstackid_dev_site_admin_password'), id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'), id_mysql_password => hiera('openstackid_dev_id_mysql_password'), id_mysql_user => hiera('openstackid_dev_id_mysql_user', 'username'), redis_password => hiera('openstackid_dev_redis_password'), ssl_cert_file_contents => hiera('openstackid_dev_ssl_cert_file_contents'), ssl_key_file_contents => hiera('openstackid_dev_ssl_key_file_contents'), ssl_chain_file_contents => hiera('openstackid_dev_ssl_chain_file_contents'), id_recaptcha_public_key => hiera('openstackid_dev_recaptcha_public_key'), id_recaptcha_private_key => hiera('openstackid_dev_recaptcha_private_key'), vhost_name => 'openstackid-dev.openstack.org', session_cookie_domain => 'openstackid-dev.openstack.org', serveradmin => 'webmaster@openstackid-dev.openstack.org', canonicalweburl => 'https://openstackid-dev.openstack.org/', app_url => 'https://openstackid-dev.openstack.org', app_key => hiera('openstackid_dev_app_key'), id_log_error_to_email => 'openstack@tipit.net', id_log_error_from_email => 'noreply@openstack.org', email_driver => 'sendgrid', email_send_grid_api_key => hiera('openstackid_dev_send_grid_api_key'), php_version => 7, mysql_ssl_enabled => true, mysql_ssl_ca_file_contents => hiera('openstackid_dev_mysql_ssl_ca_file_contents'), mysql_ssl_client_key_file_contents => hiera('openstackid_dev_mysql_ssl_client_key_file_contents'), mysql_ssl_client_cert_file_contents => hiera('openstackid_dev_mysql_ssl_client_cert_file_contents'), user_spam_processor_to => hiera('openstackid_dev_user_spam_processor_to'), message_broker_exchange_name => 'message-broker', message_broker_host => hiera('openstackid_dev_message_broker_host'), message_broker_port => 5671, message_broker_vhost => 'databus', message_broker_login => hiera('openstackid_dev_message_broker_login'), message_broker_password => hiera('openstackid_dev_message_broker_password'), message_broker_ssl_enabled => true, message_broker_ssl_ca_file_contents => hiera('openstackid_dev_message_broker_ssl_ca_file_contents'), message_broker_ssl_client_cert_file_contents => hiera('openstackid_dev_message_broker_ssl_client_cert_file_contents'), message_broker_ssl_client_key_file_contents => hiera('openstackid_dev_message_broker_ssl_client_key_file_contents'), message_broker_enabled => true, cloud_storage_base_url => hiera('openstackid_dev_cloud_storage_base_url'), cloud_storage_auth_url => 'https://auth.vexxhost.net/v3', cloud_storage_app_credential_id => hiera('openstackid_dev_cloud_storage_app_credential_id'), cloud_storage_app_credential_secret => hiera('openstackid_dev_cloud_storage_app_credential_secret'), cloud_storage_project_name => hiera('openstackid_dev_cloud_storage_project_name'), cloud_storage_region => 'ca-ymq-1', cloud_storage_container => 'idp-osf', } } # Node-OS: xenial node /^kdc03\.open.*\.org$/ { class { 'openstack_project::server': } class { 'openstack_project::kdc': } } # Node-OS: xenial node /^kdc04\.open.*\.org$/ { class { 'openstack_project::server': } class { 'openstack_project::kdc': slave => true, } } # Node-OS: xenial node /^afsdb01\.open.*\.org$/ { $group = "afsdb" class { 'openstack_project::server': } include openstack_project::afsdb } # Node-OS: xenial node /^afsdb.*\.open.*\.org$/ { $group = "afsdb" class { 'openstack_project::server': } include openstack_project::afsdb } # Node-OS: xenial node /^afs.*\..*\.open.*\.org$/ { $group = "afs" class { 'openstack_project::server': } include openstack_project::afsfs } # Node-OS: xenial node /^ask\d*\.open.*\.org$/ { class { 'openstack_project::server': } class { 'openstack_project::ask': db_user => hiera('ask_db_user', 'ask'), db_password => hiera('ask_db_password'), redis_password => hiera('ask_redis_password'), site_ssl_cert_file_contents => hiera('ask_site_ssl_cert_file_contents', undef), site_ssl_key_file_contents => hiera('ask_site_ssl_key_file_contents', undef), site_ssl_chain_file_contents => hiera('ask_site_ssl_chain_file_contents', undef), } } # Node-OS: xenial node /^ask-staging\d*\.open.*\.org$/ { class { 'openstack_project::server': } class { 'openstack_project::ask_staging': db_password => hiera('ask_staging_db_password'), redis_password => hiera('ask_staging_redis_password'), } } # Node-OS: xenial node /^translate\d+\.open.*\.org$/ { $group = "translate" class { 'openstack_project::server': } class { 'openstack_project::translate': admin_users => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk', openid_url => 'https://openstackid.org', listeners => ['ajp'], from_address => 'noreply@openstack.org', mysql_host => hiera('translate_mysql_host', 'localhost'), mysql_password => hiera('translate_mysql_password'), zanata_server_user => hiera('proposal_zanata_user'), zanata_server_api_key => hiera('proposal_zanata_api_key'), zanata_wildfly_version => '10.1.0', zanata_wildfly_install_url => 'https://repo1.maven.org/maven2/org/wildfly/wildfly-dist/10.1.0.Final/wildfly-dist-10.1.0.Final.tar.gz', zanata_main_version => 4, zanata_url => 'https://github.com/zanata/zanata-platform/releases/download/platform-4.3.3/zanata-4.3.3-wildfly.zip', zanata_checksum => 'eaf8bd07401dade758b677007d2358f173193d17', project_config_repo => 'https://opendev.org/openstack/project-config', ssl_cert_file_contents => hiera('translate_ssl_cert_file_contents'), ssl_key_file_contents => hiera('translate_ssl_key_file_contents'), ssl_chain_file_contents => hiera('translate_ssl_chain_file_contents'), vhost_name => 'translate.openstack.org', } } # Node-OS: xenial node /^translate-dev\d*\.open.*\.org$/ { $group = "translate-dev" class { 'openstack_project::translate_dev': admin_users => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk', openid_url => 'https://openstackid-dev.openstack.org', listeners => ['ajp'], from_address => 'noreply@openstack.org', mysql_host => hiera('translate_dev_mysql_host', 'localhost'), mysql_password => hiera('translate_dev_mysql_password'), zanata_server_user => hiera('proposal_zanata_user'), zanata_server_api_key => hiera('proposal_zanata_api_key'), project_config_repo => 'https://opendev.org/openstack/project-config', vhost_name => 'translate-dev.openstack.org', } } # vim:sw=2:ts=2:expandtab:textwidth=79