System configuration for OpenStack Infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

594 lines
23 KiB

  1. # Node-OS: xenial
  2. # Puppet-Version: !3
  3. node /^grafana\d*\.open.*\.org$/ {
  4. $group = "grafana"
  5. class { 'openstack_project::server': }
  6. class { 'openstack_project::grafana':
  7. admin_password => hiera('grafana_admin_password'),
  8. admin_user => hiera('grafana_admin_user', 'username'),
  9. mysql_host => hiera('grafana_mysql_host', 'localhost'),
  10. mysql_name => hiera('grafana_mysql_name'),
  11. mysql_password => hiera('grafana_mysql_password'),
  12. mysql_user => hiera('grafana_mysql_user', 'username'),
  13. project_config_repo => 'https://opendev.org/openstack/project-config',
  14. secret_key => hiera('grafana_secret_key'),
  15. }
  16. }
  17. # Node-OS: xenial
  18. node /^health\d*\.openstack\.org$/ {
  19. $group = "health"
  20. class { 'openstack_project::server': }
  21. class { 'openstack_project::openstack_health_api':
  22. subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),
  23. hostname => 'health.openstack.org',
  24. }
  25. }
  26. # Node-OS: xenial
  27. node /^cacti\d+\.open.*\.org$/ {
  28. $group = "cacti"
  29. # NOTE(ianw) 2020-05 : disabled pending removal, migrated to
  30. # ansible.
  31. # include openstack_project::ssl_cert_check
  32. class { 'openstack_project::cacti':
  33. cacti_hosts => hiera_array('cacti_hosts'),
  34. vhost_name => 'cacti.openstack.org',
  35. }
  36. }
  37. # Node-OS: xenial
  38. node /^graphite\d*\.open.*\.org$/ {
  39. class { 'openstack_project::server': }
  40. class { '::graphite':
  41. graphite_admin_user => hiera('graphite_admin_user', 'username'),
  42. graphite_admin_email => hiera('graphite_admin_email', 'email@example.com'),
  43. graphite_admin_password => hiera('graphite_admin_password'),
  44. # NOTE(ianw): installed on the host via ansible
  45. ssl_cert_file => '/etc/letsencrypt-certs/graphite01.opendev.org/graphite01.opendev.org.cer',
  46. ssl_key_file => '/etc/letsencrypt-certs/graphite01.opendev.org/graphite01.opendev.org.key',
  47. ssl_chain_file => '/etc/letsencrypt-certs/graphite01.opendev.org/ca.cer',
  48. }
  49. }
  50. # Node-OS: xenial
  51. node /^lists\d*\.open.*\.org$/ {
  52. class { 'openstack_project::server': }
  53. class { 'openstack_project::lists':
  54. listpassword => hiera('listpassword'),
  55. }
  56. }
  57. # Node-OS: xenial
  58. node /^lists\d*\.katacontainers\.io$/ {
  59. class { 'openstack_project::server': }
  60. class { 'openstack_project::kata_lists':
  61. listpassword => hiera('listpassword'),
  62. }
  63. }
  64. # Node-OS: xenial
  65. node /^paste\d*\.open.*\.org$/ {
  66. $group = "paste"
  67. class { 'openstack_project::server': }
  68. class { 'openstack_project::paste':
  69. db_password => hiera('paste_db_password'),
  70. db_host => hiera('paste_db_host'),
  71. vhost_name => 'paste.openstack.org',
  72. }
  73. }
  74. # Node-OS: xenial
  75. node /planet\d*\.open.*\.org$/ {
  76. class { 'openstack_project::planet':
  77. }
  78. }
  79. # Node-OS: xenial
  80. node /^ethercalc\d+\.open.*\.org$/ {
  81. $group = "ethercalc"
  82. class { 'openstack_project::server': }
  83. class { 'openstack_project::ethercalc':
  84. vhost_name => 'ethercalc.openstack.org',
  85. ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
  86. ssl_key_file_contents => hiera('ssl_key_file_contents'),
  87. ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
  88. }
  89. }
  90. # Node-OS: xenial
  91. node /^wiki\d+\.openstack\.org$/ {
  92. $group = "wiki"
  93. class { 'openstack_project::wiki':
  94. bup_user => 'bup-wiki',
  95. serveradmin => hiera('infra_apache_serveradmin'),
  96. site_hostname => 'wiki.openstack.org',
  97. ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
  98. ssl_key_file_contents => hiera('ssl_key_file_contents'),
  99. ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
  100. wg_dbserver => hiera('wg_dbserver'),
  101. wg_dbname => 'openstack_wiki',
  102. wg_dbuser => 'wikiuser',
  103. wg_dbpassword => hiera('wg_dbpassword'),
  104. wg_secretkey => hiera('wg_secretkey'),
  105. wg_upgradekey => hiera('wg_upgradekey'),
  106. wg_recaptchasitekey => hiera('wg_recaptchasitekey'),
  107. wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),
  108. wg_googleanalyticsaccount => hiera('wg_googleanalyticsaccount'),
  109. }
  110. }
  111. # Node-OS: xenial
  112. node /^wiki-dev\d+\.openstack\.org$/ {
  113. $group = "wiki-dev"
  114. class { 'openstack_project::wiki':
  115. serveradmin => hiera('infra_apache_serveradmin'),
  116. site_hostname => 'wiki-dev.openstack.org',
  117. wg_dbserver => hiera('wg_dbserver'),
  118. wg_dbname => 'openstack_wiki',
  119. wg_dbuser => 'wikiuser',
  120. wg_dbpassword => hiera('wg_dbpassword'),
  121. wg_secretkey => hiera('wg_secretkey'),
  122. wg_upgradekey => hiera('wg_upgradekey'),
  123. wg_recaptchasitekey => hiera('wg_recaptchasitekey'),
  124. wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),
  125. disallow_robots => true,
  126. }
  127. }
  128. # Node-OS: xenial
  129. node /^logstash\d*\.open.*\.org$/ {
  130. class { 'openstack_project::server': }
  131. class { 'openstack_project::logstash':
  132. discover_nodes => [
  133. 'elasticsearch03.openstack.org:9200',
  134. 'elasticsearch04.openstack.org:9200',
  135. 'elasticsearch05.openstack.org:9200',
  136. 'elasticsearch06.openstack.org:9200',
  137. 'elasticsearch07.openstack.org:9200',
  138. 'elasticsearch02.openstack.org:9200',
  139. ],
  140. subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
  141. subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
  142. }
  143. }
  144. # Node-OS: xenial
  145. node /^logstash-worker\d+\.open.*\.org$/ {
  146. $group = 'logstash-worker'
  147. $elasticsearch_nodes = [
  148. 'elasticsearch02.openstack.org',
  149. 'elasticsearch03.openstack.org',
  150. 'elasticsearch04.openstack.org',
  151. 'elasticsearch05.openstack.org',
  152. 'elasticsearch06.openstack.org',
  153. 'elasticsearch07.openstack.org',
  154. ]
  155. class { 'openstack_project::server': }
  156. class { 'openstack_project::logstash_worker':
  157. discover_node => 'elasticsearch03.openstack.org',
  158. enable_mqtt => false,
  159. mqtt_password => hiera('mqtt_service_user_password'),
  160. mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
  161. }
  162. }
  163. # Node-OS: xenial
  164. node /^subunit-worker\d+\.open.*\.org$/ {
  165. $group = "subunit-worker"
  166. class { 'openstack_project::server': }
  167. class { 'openstack_project::subunit_worker':
  168. subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
  169. subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
  170. mqtt_pass => hiera('mqtt_service_user_password'),
  171. mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
  172. }
  173. }
  174. # Node-OS: xenial
  175. node /^elasticsearch\d+\.open.*\.org$/ {
  176. $group = "elasticsearch"
  177. $elasticsearch_nodes = [
  178. 'elasticsearch02.openstack.org',
  179. 'elasticsearch03.openstack.org',
  180. 'elasticsearch04.openstack.org',
  181. 'elasticsearch05.openstack.org',
  182. 'elasticsearch06.openstack.org',
  183. 'elasticsearch07.openstack.org',
  184. ]
  185. class { 'openstack_project::server': }
  186. class { 'openstack_project::elasticsearch_node':
  187. discover_nodes => $elasticsearch_nodes,
  188. }
  189. }
  190. # Node-OS: xenial
  191. node /^firehose\d+\.open.*\.org$/ {
  192. class { 'openstack_project::server': }
  193. class { 'openstack_project::firehose':
  194. gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
  195. gerrit_public_key => hiera('germqtt_gerrit_ssh_public_key'),
  196. gerrit_private_key => hiera('germqtt_gerrit_ssh_private_key'),
  197. mqtt_password => hiera('mqtt_service_user_password'),
  198. ca_file => hiera('mosquitto_tls_ca_file'),
  199. cert_file => hiera('mosquitto_tls_server_cert_file'),
  200. key_file => hiera('mosquitto_tls_server_key_file'),
  201. imap_hostname => hiera('lpmqtt_imap_server'),
  202. imap_username => hiera('lpmqtt_imap_username'),
  203. imap_password => hiera('lpmqtt_imap_password'),
  204. statsd_host => 'graphite.opendev.org',
  205. }
  206. }
  207. # A machine to drive AFS mirror updates.
  208. # Node-OS: xenial
  209. node /^mirror-update\d*\.open.*\.org$/ {
  210. $group = "afsadmin"
  211. class { 'openstack_project::mirror_update':
  212. admin_keytab => hiera('afsadmin_keytab'),
  213. fedora_keytab => hiera('fedora_keytab'),
  214. opensuse_keytab => hiera('opensuse_keytab'),
  215. reprepro_keytab => hiera('reprepro_keytab'),
  216. gem_keytab => hiera('gem_keytab'),
  217. centos_keytab => hiera('centos_keytab'),
  218. epel_keytab => hiera('epel_keytab'),
  219. yum_puppetlabs_keytab => hiera('yum_puppetlabs_keytab'),
  220. }
  221. }
  222. # Node-OS: trusty
  223. # Node-OS: xenial
  224. node /^refstack\d*\.open.*\.org$/ {
  225. class { 'openstack_project::server': }
  226. class { 'refstack':
  227. mysql_host => hiera('refstack_mysql_host', 'localhost'),
  228. mysql_database => hiera('refstack_mysql_db_name', 'refstack'),
  229. mysql_user => hiera('refstack_mysql_user', 'refstack'),
  230. mysql_user_password => hiera('refstack_mysql_password'),
  231. ssl_cert_content => hiera('refstack_ssl_cert_file_contents'),
  232. ssl_cert => '/etc/ssl/certs/refstack.pem',
  233. ssl_key_content => hiera('refstack_ssl_key_file_contents'),
  234. ssl_key => '/etc/ssl/private/refstack.key',
  235. ssl_ca_content => hiera('refstack_ssl_chain_file_contents'),
  236. ssl_ca => '/etc/ssl/certs/refstack.ca.pem',
  237. protocol => 'https',
  238. }
  239. mysql_backup::backup_remote { 'refstack':
  240. database_host => hiera('refstack_mysql_host', 'localhost'),
  241. database_user => hiera('refstack_mysql_user', 'refstack'),
  242. database_password => hiera('refstack_mysql_password'),
  243. require => Class['::refstack'],
  244. }
  245. }
  246. # A machine to run Storyboard
  247. # Node-OS: xenial
  248. node /^storyboard\d+\.opendev\.org$/ {
  249. $group = "storyboard"
  250. class { 'openstack_project::storyboard':
  251. project_config_repo => 'https://opendev.org/openstack/project-config',
  252. mysql_host => hiera('storyboard_db_host', 'localhost'),
  253. mysql_user => hiera('storyboard_db_user', 'username'),
  254. mysql_password => hiera('storyboard_db_password'),
  255. rabbitmq_user => hiera('storyboard_rabbit_user', 'username'),
  256. rabbitmq_password => hiera('storyboard_rabbit_password'),
  257. ssl_cert => '/etc/ssl/certs/storyboard.openstack.org.pem',
  258. ssl_cert_file_contents => hiera('storyboard_ssl_cert_file_contents'),
  259. ssl_key => '/etc/ssl/private/storyboard.openstack.org.key',
  260. ssl_key_file_contents => hiera('storyboard_ssl_key_file_contents'),
  261. ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents'),
  262. hostname => 'storyboard.openstack.org',
  263. valid_oauth_clients => ['storyboard.openstack.org',],
  264. cors_allowed_origins => ['https://storyboard.openstack.org',],
  265. sender_email_address => 'storyboard@storyboard.openstack.org',
  266. default_url => 'https://storyboard.openstack.org',
  267. }
  268. }
  269. # A machine to run Storyboard devel
  270. # Node-OS: xenial
  271. node /^storyboard-dev\d+\.opendev\.org$/ {
  272. $group = "storyboard-dev"
  273. class { 'openstack_project::storyboard::dev':
  274. project_config_repo => 'https://opendev.org/openstack/project-config',
  275. mysql_host => hiera('storyboard_db_host', 'localhost'),
  276. mysql_user => hiera('storyboard_db_user', 'username'),
  277. mysql_password => hiera('storyboard_db_password'),
  278. rabbitmq_user => hiera('storyboard_rabbit_user', 'username'),
  279. rabbitmq_password => hiera('storyboard_rabbit_password'),
  280. hostname => 'storyboard-dev.openstack.org',
  281. valid_oauth_clients => ['^.*',],
  282. cors_allowed_origins => ['^.*',],
  283. sender_email_address => 'storyboard-dev@storyboard-dev.openstack.org',
  284. default_url => 'https://storyboard-dev.openstack.org',
  285. }
  286. }
  287. # A machine to serve various project status updates.
  288. # Node-OS: xenial
  289. node /^status\d*\.open.*\.org$/ {
  290. $group = 'status'
  291. class { 'openstack_project::server': }
  292. class { 'openstack_project::status':
  293. gerrit_host => 'review.opendev.org',
  294. gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
  295. reviewday_ssh_public_key => hiera('reviewday_rsa_pubkey_contents'),
  296. reviewday_ssh_private_key => hiera('reviewday_rsa_key_contents'),
  297. recheck_ssh_public_key => hiera('elastic-recheck_gerrit_ssh_public_key'),
  298. recheck_ssh_private_key => hiera('elastic-recheck_gerrit_ssh_private_key'),
  299. recheck_bot_nick => 'openstackrecheck',
  300. recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'),
  301. }
  302. }
  303. # Node-OS: xenial
  304. node /^survey\d+\.open.*\.org$/ {
  305. $group = "survey"
  306. class { 'openstack_project::server': }
  307. class { 'openstack_project::survey':
  308. vhost_name => 'survey.openstack.org',
  309. auth_openid => true,
  310. ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
  311. ssl_key_file_contents => hiera('ssl_key_file_contents'),
  312. ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
  313. dbpassword => hiera('dbpassword'),
  314. dbhost => hiera('dbhost'),
  315. adminuser => hiera('adminuser'),
  316. adminpass => hiera('adminpass'),
  317. adminmail => hiera('adminmail'),
  318. }
  319. }
  320. # Node-OS: xenial
  321. node /^nb\d+\.open.*\.org$/ {
  322. $group = 'nodepool'
  323. class { 'openstack_project::server': }
  324. include openstack_project
  325. class { '::openstackci::nodepool_builder':
  326. nodepool_ssh_public_key => hiera('zuul_worker_ssh_public_key_contents'),
  327. vhost_name => $::fqdn,
  328. enable_build_log_via_http => true,
  329. project_config_repo => 'https://opendev.org/openstack/project-config',
  330. statsd_host => 'graphite.opendev.org',
  331. upload_workers => '16',
  332. revision => 'master',
  333. python_version => 3,
  334. zuulv3 => true,
  335. ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
  336. ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
  337. }
  338. cron { 'mirror_gitgc':
  339. user => 'nodepool',
  340. hour => '20',
  341. minute => '0',
  342. command => 'find /opt/dib_cache/source-repositories/ -type d -name "*.git" -exec git --git-dir="{}" gc \; >/dev/null',
  343. environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
  344. require => Class['::openstackci::nodepool_builder'],
  345. }
  346. }
  347. # Node-OS: xenial
  348. node /^pbx\d*\.open.*\.org$/ {
  349. $group = "pbx"
  350. class { 'openstack_project::server': }
  351. class { 'openstack_project::pbx':
  352. sip_providers => [
  353. {
  354. provider => 'voipms',
  355. hostname => 'dallas.voip.ms',
  356. username => hiera('voipms_username', 'username'),
  357. password => hiera('voipms_password'),
  358. outgoing => false,
  359. },
  360. ],
  361. }
  362. }
  363. # Node-OS: xenial
  364. # A backup machine. Don't run cron or puppet agent on it.
  365. node /^backup\d+\..*\.ci\.open.*\.org$/ {
  366. $group = "ci-backup"
  367. class { 'openstack_project::server': }
  368. include openstack_project::backup_server
  369. }
  370. # Node-OS: xenial
  371. node /^openstackid\d*(\.openstack)?\.org$/ {
  372. $group = "openstackid"
  373. class { 'openstack_project::openstackid_prod':
  374. site_admin_password => hiera('openstackid_site_admin_password'),
  375. id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'),
  376. id_mysql_password => hiera('openstackid_id_mysql_password'),
  377. id_mysql_user => hiera('openstackid_id_mysql_user', 'username'),
  378. id_db_name => hiera('openstackid_id_db_name'),
  379. redis_password => hiera('openstackid_redis_password'),
  380. ssl_cert_file_contents => hiera('openstackid_ssl_cert_file_contents'),
  381. ssl_key_file_contents => hiera('openstackid_ssl_key_file_contents'),
  382. ssl_chain_file_contents => hiera('openstackid_ssl_chain_file_contents'),
  383. id_recaptcha_public_key => hiera('openstackid_recaptcha_public_key'),
  384. id_recaptcha_private_key => hiera('openstackid_recaptcha_private_key'),
  385. vhost_name => 'openstackid.org',
  386. session_cookie_domain => 'openstackid.org',
  387. serveradmin => 'webmaster@openstackid.org',
  388. canonicalweburl => 'https://openstackid.org/',
  389. app_url => 'https://openstackid.org',
  390. app_key => hiera('openstackid_app_key'),
  391. id_log_error_to_email => 'openstack@tipit.net',
  392. id_log_error_from_email => 'noreply@openstack.org',
  393. email_driver => 'sendgrid',
  394. email_send_grid_api_key => hiera('openstackid_send_grid_api_key'),
  395. php_version => 7,
  396. mysql_ssl_enabled => true,
  397. mysql_ssl_ca_file_contents => hiera('openstackid_mysql_ssl_ca_file_contents'),
  398. mysql_ssl_client_key_file_contents => hiera('openstackid_mysql_ssl_client_key_file_contents'),
  399. mysql_ssl_client_cert_file_contents => hiera('openstackid_mysql_ssl_client_cert_file_contents'),
  400. user_spam_processor_to => hiera('openstackid_user_spam_processor_to'),
  401. }
  402. }
  403. # Node-OS: xenial
  404. node /^openstackid-dev\d*\.openstack\.org$/ {
  405. $group = "openstackid-dev"
  406. class { 'openstack_project::openstackid_dev':
  407. site_admin_password => hiera('openstackid_dev_site_admin_password'),
  408. id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'),
  409. id_mysql_password => hiera('openstackid_dev_id_mysql_password'),
  410. id_mysql_user => hiera('openstackid_dev_id_mysql_user', 'username'),
  411. redis_password => hiera('openstackid_dev_redis_password'),
  412. ssl_cert_file_contents => hiera('openstackid_dev_ssl_cert_file_contents'),
  413. ssl_key_file_contents => hiera('openstackid_dev_ssl_key_file_contents'),
  414. ssl_chain_file_contents => hiera('openstackid_dev_ssl_chain_file_contents'),
  415. id_recaptcha_public_key => hiera('openstackid_dev_recaptcha_public_key'),
  416. id_recaptcha_private_key => hiera('openstackid_dev_recaptcha_private_key'),
  417. vhost_name => 'openstackid-dev.openstack.org',
  418. session_cookie_domain => 'openstackid-dev.openstack.org',
  419. serveradmin => 'webmaster@openstackid-dev.openstack.org',
  420. canonicalweburl => 'https://openstackid-dev.openstack.org/',
  421. app_url => 'https://openstackid-dev.openstack.org',
  422. app_key => hiera('openstackid_dev_app_key'),
  423. id_log_error_to_email => 'openstack@tipit.net',
  424. id_log_error_from_email => 'noreply@openstack.org',
  425. email_driver => 'sendgrid',
  426. email_send_grid_api_key => hiera('openstackid_dev_send_grid_api_key'),
  427. php_version => 7,
  428. mysql_ssl_enabled => true,
  429. mysql_ssl_ca_file_contents => hiera('openstackid_dev_mysql_ssl_ca_file_contents'),
  430. mysql_ssl_client_key_file_contents => hiera('openstackid_dev_mysql_ssl_client_key_file_contents'),
  431. mysql_ssl_client_cert_file_contents => hiera('openstackid_dev_mysql_ssl_client_cert_file_contents'),
  432. user_spam_processor_to => hiera('openstackid_dev_user_spam_processor_to'),
  433. }
  434. }
  435. # Node-OS: xenial
  436. node /^kdc03\.open.*\.org$/ {
  437. class { 'openstack_project::server': }
  438. class { 'openstack_project::kdc': }
  439. }
  440. # Node-OS: xenial
  441. node /^kdc04\.open.*\.org$/ {
  442. class { 'openstack_project::server': }
  443. class { 'openstack_project::kdc':
  444. slave => true,
  445. }
  446. }
  447. # Node-OS: xenial
  448. node /^afsdb01\.open.*\.org$/ {
  449. $group = "afsdb"
  450. class { 'openstack_project::server': }
  451. include openstack_project::afsdb
  452. }
  453. # Node-OS: xenial
  454. node /^afsdb.*\.open.*\.org$/ {
  455. $group = "afsdb"
  456. class { 'openstack_project::server': }
  457. include openstack_project::afsdb
  458. }
  459. # Node-OS: xenial
  460. node /^afs.*\..*\.open.*\.org$/ {
  461. $group = "afs"
  462. class { 'openstack_project::server': }
  463. include openstack_project::afsfs
  464. }
  465. # Node-OS: xenial
  466. node /^ask\d*\.open.*\.org$/ {
  467. class { 'openstack_project::server': }
  468. class { 'openstack_project::ask':
  469. db_user => hiera('ask_db_user', 'ask'),
  470. db_password => hiera('ask_db_password'),
  471. redis_password => hiera('ask_redis_password'),
  472. site_ssl_cert_file_contents => hiera('ask_site_ssl_cert_file_contents', undef),
  473. site_ssl_key_file_contents => hiera('ask_site_ssl_key_file_contents', undef),
  474. site_ssl_chain_file_contents => hiera('ask_site_ssl_chain_file_contents', undef),
  475. }
  476. }
  477. # Node-OS: xenial
  478. node /^ask-staging\d*\.open.*\.org$/ {
  479. class { 'openstack_project::server': }
  480. class { 'openstack_project::ask_staging':
  481. db_password => hiera('ask_staging_db_password'),
  482. redis_password => hiera('ask_staging_redis_password'),
  483. }
  484. }
  485. # Node-OS: xenial
  486. node /^translate\d+\.open.*\.org$/ {
  487. $group = "translate"
  488. class { 'openstack_project::server': }
  489. class { 'openstack_project::translate':
  490. admin_users => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
  491. openid_url => 'https://openstackid.org',
  492. listeners => ['ajp'],
  493. from_address => 'noreply@openstack.org',
  494. mysql_host => hiera('translate_mysql_host', 'localhost'),
  495. mysql_password => hiera('translate_mysql_password'),
  496. zanata_server_user => hiera('proposal_zanata_user'),
  497. zanata_server_api_key => hiera('proposal_zanata_api_key'),
  498. zanata_wildfly_version => '10.1.0',
  499. zanata_wildfly_install_url => 'https://repo1.maven.org/maven2/org/wildfly/wildfly-dist/10.1.0.Final/wildfly-dist-10.1.0.Final.tar.gz',
  500. zanata_main_version => 4,
  501. zanata_url => 'https://github.com/zanata/zanata-platform/releases/download/platform-4.3.3/zanata-4.3.3-wildfly.zip',
  502. zanata_checksum => 'eaf8bd07401dade758b677007d2358f173193d17',
  503. project_config_repo => 'https://opendev.org/openstack/project-config',
  504. ssl_cert_file_contents => hiera('translate_ssl_cert_file_contents'),
  505. ssl_key_file_contents => hiera('translate_ssl_key_file_contents'),
  506. ssl_chain_file_contents => hiera('translate_ssl_chain_file_contents'),
  507. vhost_name => 'translate.openstack.org',
  508. }
  509. }
  510. # Node-OS: xenial
  511. node /^translate-dev\d*\.open.*\.org$/ {
  512. $group = "translate-dev"
  513. class { 'openstack_project::translate_dev':
  514. admin_users => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
  515. openid_url => 'https://openstackid-dev.openstack.org',
  516. listeners => ['ajp'],
  517. from_address => 'noreply@openstack.org',
  518. mysql_host => hiera('translate_dev_mysql_host', 'localhost'),
  519. mysql_password => hiera('translate_dev_mysql_password'),
  520. zanata_server_user => hiera('proposal_zanata_user'),
  521. zanata_server_api_key => hiera('proposal_zanata_api_key'),
  522. project_config_repo => 'https://opendev.org/openstack/project-config',
  523. vhost_name => 'translate-dev.openstack.org',
  524. }
  525. }
  526. # vim:sw=2:ts=2:expandtab:textwidth=79