System configuration for OpenStack Infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

581 lines
25 KiB

  1. # Node-OS: xenial
  2. node /^health\d*\.openstack\.org$/ {
  3. $group = "health"
  4. class { 'openstack_project::server': }
  5. class { 'openstack_project::openstack_health_api':
  6. subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),
  7. hostname => 'health.openstack.org',
  8. }
  9. }
  10. # Node-OS: xenial
  11. node /^cacti\d+\.open.*\.org$/ {
  12. $group = "cacti"
  13. # NOTE(ianw) 2020-05 : disabled pending removal, migrated to
  14. # ansible.
  15. # include openstack_project::ssl_cert_check
  16. class { 'openstack_project::cacti':
  17. cacti_hosts => hiera_array('cacti_hosts'),
  18. vhost_name => 'cacti.openstack.org',
  19. }
  20. }
  21. # Node-OS: xenial
  22. node /^lists\d*\.open.*\.org$/ {
  23. class { 'openstack_project::server': }
  24. class { 'openstack_project::lists':
  25. listpassword => hiera('listpassword'),
  26. }
  27. }
  28. # Node-OS: xenial
  29. node /^lists\d*\.katacontainers\.io$/ {
  30. class { 'openstack_project::server': }
  31. class { 'openstack_project::kata_lists':
  32. listpassword => hiera('listpassword'),
  33. }
  34. }
  35. # Node-OS: xenial
  36. node /^paste\d*\.open.*\.org$/ {
  37. $group = "paste"
  38. class { 'openstack_project::server': }
  39. class { 'openstack_project::paste':
  40. db_password => hiera('paste_db_password'),
  41. db_host => hiera('paste_db_host'),
  42. vhost_name => 'paste.openstack.org',
  43. }
  44. }
  45. # Node-OS: xenial
  46. node /planet\d*\.open.*\.org$/ {
  47. class { 'openstack_project::planet':
  48. }
  49. }
  50. # Node-OS: xenial
  51. node /^ethercalc\d+\.open.*\.org$/ {
  52. $group = "ethercalc"
  53. class { 'openstack_project::server': }
  54. class { 'openstack_project::ethercalc':
  55. vhost_name => 'ethercalc.openstack.org',
  56. ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
  57. ssl_key_file_contents => hiera('ssl_key_file_contents'),
  58. ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
  59. }
  60. }
  61. # Node-OS: xenial
  62. node /^wiki\d+\.openstack\.org$/ {
  63. $group = "wiki"
  64. class { 'openstack_project::wiki':
  65. bup_user => 'bup-wiki',
  66. serveradmin => hiera('infra_apache_serveradmin'),
  67. site_hostname => 'wiki.openstack.org',
  68. ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
  69. ssl_key_file_contents => hiera('ssl_key_file_contents'),
  70. ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
  71. wg_dbserver => hiera('wg_dbserver'),
  72. wg_dbname => 'openstack_wiki',
  73. wg_dbuser => 'wikiuser',
  74. wg_dbpassword => hiera('wg_dbpassword'),
  75. wg_secretkey => hiera('wg_secretkey'),
  76. wg_upgradekey => hiera('wg_upgradekey'),
  77. wg_recaptchasitekey => hiera('wg_recaptchasitekey'),
  78. wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),
  79. wg_googleanalyticsaccount => hiera('wg_googleanalyticsaccount'),
  80. }
  81. }
  82. # Node-OS: xenial
  83. node /^wiki-dev\d+\.openstack\.org$/ {
  84. $group = "wiki-dev"
  85. class { 'openstack_project::wiki':
  86. serveradmin => hiera('infra_apache_serveradmin'),
  87. site_hostname => 'wiki-dev.openstack.org',
  88. wg_dbserver => hiera('wg_dbserver'),
  89. wg_dbname => 'openstack_wiki',
  90. wg_dbuser => 'wikiuser',
  91. wg_dbpassword => hiera('wg_dbpassword'),
  92. wg_secretkey => hiera('wg_secretkey'),
  93. wg_upgradekey => hiera('wg_upgradekey'),
  94. wg_recaptchasitekey => hiera('wg_recaptchasitekey'),
  95. wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),
  96. disallow_robots => true,
  97. }
  98. }
  99. # Node-OS: xenial
  100. node /^logstash\d*\.open.*\.org$/ {
  101. class { 'openstack_project::server': }
  102. class { 'openstack_project::logstash':
  103. discover_nodes => [
  104. 'elasticsearch03.openstack.org:9200',
  105. 'elasticsearch04.openstack.org:9200',
  106. 'elasticsearch05.openstack.org:9200',
  107. 'elasticsearch06.openstack.org:9200',
  108. 'elasticsearch07.openstack.org:9200',
  109. 'elasticsearch02.openstack.org:9200',
  110. ],
  111. subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
  112. subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
  113. }
  114. }
  115. # Node-OS: xenial
  116. node /^logstash-worker\d+\.open.*\.org$/ {
  117. $group = 'logstash-worker'
  118. $elasticsearch_nodes = [
  119. 'elasticsearch02.openstack.org',
  120. 'elasticsearch03.openstack.org',
  121. 'elasticsearch04.openstack.org',
  122. 'elasticsearch05.openstack.org',
  123. 'elasticsearch06.openstack.org',
  124. 'elasticsearch07.openstack.org',
  125. ]
  126. class { 'openstack_project::server': }
  127. class { 'openstack_project::logstash_worker':
  128. discover_node => 'elasticsearch03.openstack.org',
  129. enable_mqtt => false,
  130. mqtt_password => hiera('mqtt_service_user_password'),
  131. mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
  132. }
  133. }
  134. # Node-OS: xenial
  135. node /^subunit-worker\d+\.open.*\.org$/ {
  136. $group = "subunit-worker"
  137. class { 'openstack_project::server': }
  138. class { 'openstack_project::subunit_worker':
  139. subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
  140. subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
  141. mqtt_pass => hiera('mqtt_service_user_password'),
  142. mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
  143. }
  144. }
  145. # Node-OS: xenial
  146. node /^elasticsearch\d+\.open.*\.org$/ {
  147. $group = "elasticsearch"
  148. $elasticsearch_nodes = [
  149. 'elasticsearch02.openstack.org',
  150. 'elasticsearch03.openstack.org',
  151. 'elasticsearch04.openstack.org',
  152. 'elasticsearch05.openstack.org',
  153. 'elasticsearch06.openstack.org',
  154. 'elasticsearch07.openstack.org',
  155. ]
  156. class { 'openstack_project::server': }
  157. class { 'openstack_project::elasticsearch_node':
  158. discover_nodes => $elasticsearch_nodes,
  159. }
  160. }
  161. # Node-OS: xenial
  162. node /^firehose\d+\.open.*\.org$/ {
  163. class { 'openstack_project::server': }
  164. class { 'openstack_project::firehose':
  165. gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
  166. gerrit_public_key => hiera('germqtt_gerrit_ssh_public_key'),
  167. gerrit_private_key => hiera('germqtt_gerrit_ssh_private_key'),
  168. mqtt_password => hiera('mqtt_service_user_password'),
  169. ca_file => hiera('mosquitto_tls_ca_file'),
  170. cert_file => hiera('mosquitto_tls_server_cert_file'),
  171. key_file => hiera('mosquitto_tls_server_key_file'),
  172. imap_hostname => hiera('lpmqtt_imap_server'),
  173. imap_username => hiera('lpmqtt_imap_username'),
  174. imap_password => hiera('lpmqtt_imap_password'),
  175. statsd_host => 'graphite.opendev.org',
  176. }
  177. }
  178. # Node-OS: trusty
  179. # Node-OS: xenial
  180. node /^refstack\d*\.open.*\.org$/ {
  181. class { 'openstack_project::server': }
  182. class { 'refstack':
  183. mysql_host => hiera('refstack_mysql_host', 'localhost'),
  184. mysql_database => hiera('refstack_mysql_db_name', 'refstack'),
  185. mysql_user => hiera('refstack_mysql_user', 'refstack'),
  186. mysql_user_password => hiera('refstack_mysql_password'),
  187. ssl_cert_content => hiera('refstack_ssl_cert_file_contents'),
  188. ssl_cert => '/etc/ssl/certs/refstack.pem',
  189. ssl_key_content => hiera('refstack_ssl_key_file_contents'),
  190. ssl_key => '/etc/ssl/private/refstack.key',
  191. ssl_ca_content => hiera('refstack_ssl_chain_file_contents'),
  192. ssl_ca => '/etc/ssl/certs/refstack.ca.pem',
  193. protocol => 'https',
  194. }
  195. mysql_backup::backup_remote { 'refstack':
  196. database_host => hiera('refstack_mysql_host', 'localhost'),
  197. database_user => hiera('refstack_mysql_user', 'refstack'),
  198. database_password => hiera('refstack_mysql_password'),
  199. require => Class['::refstack'],
  200. }
  201. }
  202. # A machine to run Storyboard
  203. # Node-OS: xenial
  204. node /^storyboard\d+\.opendev\.org$/ {
  205. $group = "storyboard"
  206. class { 'openstack_project::storyboard':
  207. project_config_repo => 'https://opendev.org/openstack/project-config',
  208. mysql_host => hiera('storyboard_db_host', 'localhost'),
  209. mysql_user => hiera('storyboard_db_user', 'username'),
  210. mysql_password => hiera('storyboard_db_password'),
  211. rabbitmq_user => hiera('storyboard_rabbit_user', 'username'),
  212. rabbitmq_password => hiera('storyboard_rabbit_password'),
  213. ssl_cert => '/etc/ssl/certs/storyboard.openstack.org.pem',
  214. ssl_cert_file_contents => hiera('storyboard_ssl_cert_file_contents'),
  215. ssl_key => '/etc/ssl/private/storyboard.openstack.org.key',
  216. ssl_key_file_contents => hiera('storyboard_ssl_key_file_contents'),
  217. ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents'),
  218. hostname => 'storyboard.openstack.org',
  219. valid_oauth_clients => ['storyboard.openstack.org',],
  220. cors_allowed_origins => ['https://storyboard.openstack.org',],
  221. sender_email_address => 'storyboard@storyboard.openstack.org',
  222. default_url => 'https://storyboard.openstack.org',
  223. }
  224. }
  225. # A machine to run Storyboard devel
  226. # Node-OS: xenial
  227. node /^storyboard-dev\d+\.opendev\.org$/ {
  228. $group = "storyboard-dev"
  229. class { 'openstack_project::storyboard::dev':
  230. project_config_repo => 'https://opendev.org/openstack/project-config',
  231. mysql_host => hiera('storyboard_db_host', 'localhost'),
  232. mysql_user => hiera('storyboard_db_user', 'username'),
  233. mysql_password => hiera('storyboard_db_password'),
  234. rabbitmq_user => hiera('storyboard_rabbit_user', 'username'),
  235. rabbitmq_password => hiera('storyboard_rabbit_password'),
  236. hostname => 'storyboard-dev.openstack.org',
  237. valid_oauth_clients => ['^.*',],
  238. cors_allowed_origins => ['^.*',],
  239. sender_email_address => 'storyboard-dev@storyboard-dev.openstack.org',
  240. default_url => 'https://storyboard-dev.openstack.org',
  241. }
  242. }
  243. # A machine to serve various project status updates.
  244. # Node-OS: xenial
  245. node /^status\d*\.open.*\.org$/ {
  246. $group = 'status'
  247. class { 'openstack_project::server': }
  248. class { 'openstack_project::status':
  249. gerrit_host => 'review.opendev.org',
  250. gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
  251. reviewday_ssh_public_key => hiera('reviewday_rsa_pubkey_contents'),
  252. reviewday_ssh_private_key => hiera('reviewday_rsa_key_contents'),
  253. recheck_ssh_public_key => hiera('elastic-recheck_gerrit_ssh_public_key'),
  254. recheck_ssh_private_key => hiera('elastic-recheck_gerrit_ssh_private_key'),
  255. recheck_bot_nick => 'openstackrecheck',
  256. recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'),
  257. }
  258. }
  259. # Node-OS: xenial
  260. node /^survey\d+\.open.*\.org$/ {
  261. $group = "survey"
  262. class { 'openstack_project::server': }
  263. class { 'openstack_project::survey':
  264. vhost_name => 'survey.openstack.org',
  265. auth_openid => true,
  266. ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
  267. ssl_key_file_contents => hiera('ssl_key_file_contents'),
  268. ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
  269. dbpassword => hiera('dbpassword'),
  270. dbhost => hiera('dbhost'),
  271. adminuser => hiera('adminuser'),
  272. adminpass => hiera('adminpass'),
  273. adminmail => hiera('adminmail'),
  274. }
  275. }
  276. # Node-OS: xenial
  277. node /^nb\d+\.open.*\.org$/ {
  278. $group = 'nodepool'
  279. class { 'openstack_project::server': }
  280. include openstack_project
  281. class { '::openstackci::nodepool_builder':
  282. nodepool_ssh_public_key => hiera('zuul_worker_ssh_public_key_contents'),
  283. vhost_name => $::fqdn,
  284. enable_build_log_via_http => true,
  285. project_config_repo => 'https://opendev.org/openstack/project-config',
  286. statsd_host => 'graphite.opendev.org',
  287. upload_workers => '16',
  288. revision => 'master',
  289. python_version => 3,
  290. zuulv3 => true,
  291. ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
  292. ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
  293. }
  294. cron { 'mirror_gitgc':
  295. user => 'nodepool',
  296. hour => '20',
  297. minute => '0',
  298. command => 'find /opt/dib_cache/source-repositories/ -type d -name "*.git" -exec git --git-dir="{}" gc \; >/dev/null',
  299. environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
  300. require => Class['::openstackci::nodepool_builder'],
  301. }
  302. }
  303. # Node-OS: xenial
  304. node /^pbx\d*\.open.*\.org$/ {
  305. $group = "pbx"
  306. class { 'openstack_project::server': }
  307. class { 'openstack_project::pbx':
  308. sip_providers => [
  309. {
  310. provider => 'voipms',
  311. hostname => 'dallas.voip.ms',
  312. username => hiera('voipms_username', 'username'),
  313. password => hiera('voipms_password'),
  314. outgoing => false,
  315. },
  316. ],
  317. }
  318. }
  319. # Node-OS: xenial
  320. # A backup machine. Don't run cron or puppet agent on it.
  321. node /^backup\d+\..*\.ci\.open.*\.org$/ {
  322. $group = "ci-backup"
  323. class { 'openstack_project::server': }
  324. include openstack_project::backup_server
  325. }
  326. # Node-OS: xenial
  327. node /^openstackid\d*(\.openstack)?\.org$/ {
  328. $group = "openstackid"
  329. class { 'openstack_project::openstackid_prod':
  330. site_admin_password => hiera('openstackid_site_admin_password'),
  331. id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'),
  332. id_mysql_password => hiera('openstackid_id_mysql_password'),
  333. id_mysql_user => hiera('openstackid_id_mysql_user', 'username'),
  334. id_db_name => hiera('openstackid_id_db_name'),
  335. redis_password => hiera('openstackid_redis_password'),
  336. ssl_cert_file_contents => hiera('openstackid_ssl_cert_file_contents'),
  337. ssl_key_file_contents => hiera('openstackid_ssl_key_file_contents'),
  338. ssl_chain_file_contents => hiera('openstackid_ssl_chain_file_contents'),
  339. id_recaptcha_public_key => hiera('openstackid_recaptcha_public_key'),
  340. id_recaptcha_private_key => hiera('openstackid_recaptcha_private_key'),
  341. vhost_name => 'openstackid.org',
  342. session_cookie_domain => 'openstackid.org',
  343. serveradmin => 'webmaster@openstackid.org',
  344. canonicalweburl => 'https://openstackid.org/',
  345. app_url => 'https://openstackid.org',
  346. app_key => hiera('openstackid_app_key'),
  347. id_log_error_to_email => 'openstack@tipit.net',
  348. id_log_error_from_email => 'noreply@openstack.org',
  349. email_driver => 'sendgrid',
  350. email_send_grid_api_key => hiera('openstackid_send_grid_api_key'),
  351. php_version => 7,
  352. mysql_ssl_enabled => true,
  353. mysql_ssl_ca_file_contents => hiera('openstackid_mysql_ssl_ca_file_contents'),
  354. mysql_ssl_client_key_file_contents => hiera('openstackid_mysql_ssl_client_key_file_contents'),
  355. mysql_ssl_client_cert_file_contents => hiera('openstackid_mysql_ssl_client_cert_file_contents'),
  356. user_spam_processor_to => hiera('openstackid_user_spam_processor_to'),
  357. message_broker_exchange_name => 'message-broker',
  358. message_broker_host => hiera('openstackid_message_broker_host'),
  359. message_broker_port => 5671,
  360. message_broker_vhost => 'databus',
  361. message_broker_login => hiera('openstackid_message_broker_login'),
  362. message_broker_password => hiera('openstackid_message_broker_password'),
  363. message_broker_ssl_enabled => true,
  364. message_broker_ssl_ca_file_contents => hiera('openstackid_message_broker_ssl_ca_file_contents'),
  365. message_broker_ssl_client_cert_file_contents => hiera('openstackid_message_broker_ssl_client_cert_file_contents'),
  366. message_broker_ssl_client_key_file_contents => hiera('openstackid_message_broker_ssl_client_key_file_contents'),
  367. message_broker_enabled => true,
  368. cloud_storage_base_url => hiera('openstackid_cloud_storage_base_url'),
  369. cloud_storage_auth_url => 'https://auth.vexxhost.net/v3',
  370. cloud_storage_app_credential_id => hiera('openstackid_cloud_storage_app_credential_id'),
  371. cloud_storage_app_credential_secret => hiera('openstackid_cloud_storage_app_credential_secret'),
  372. cloud_storage_project_name => hiera('openstackid_cloud_storage_project_name'),
  373. cloud_storage_region => 'ca-ymq-1',
  374. cloud_storage_container => 'idp-osf',
  375. }
  376. }
  377. # Node-OS: xenial
  378. node /^openstackid-dev\d*\.openstack\.org$/ {
  379. $group = "openstackid-dev"
  380. class { 'openstack_project::openstackid_dev':
  381. site_admin_password => hiera('openstackid_dev_site_admin_password'),
  382. id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'),
  383. id_mysql_password => hiera('openstackid_dev_id_mysql_password'),
  384. id_mysql_user => hiera('openstackid_dev_id_mysql_user', 'username'),
  385. redis_password => hiera('openstackid_dev_redis_password'),
  386. ssl_cert_file_contents => hiera('openstackid_dev_ssl_cert_file_contents'),
  387. ssl_key_file_contents => hiera('openstackid_dev_ssl_key_file_contents'),
  388. ssl_chain_file_contents => hiera('openstackid_dev_ssl_chain_file_contents'),
  389. id_recaptcha_public_key => hiera('openstackid_dev_recaptcha_public_key'),
  390. id_recaptcha_private_key => hiera('openstackid_dev_recaptcha_private_key'),
  391. vhost_name => 'openstackid-dev.openstack.org',
  392. session_cookie_domain => 'openstackid-dev.openstack.org',
  393. serveradmin => 'webmaster@openstackid-dev.openstack.org',
  394. canonicalweburl => 'https://openstackid-dev.openstack.org/',
  395. app_url => 'https://openstackid-dev.openstack.org',
  396. app_key => hiera('openstackid_dev_app_key'),
  397. id_log_error_to_email => 'openstack@tipit.net',
  398. id_log_error_from_email => 'noreply@openstack.org',
  399. email_driver => 'sendgrid',
  400. email_send_grid_api_key => hiera('openstackid_dev_send_grid_api_key'),
  401. php_version => 7,
  402. mysql_ssl_enabled => true,
  403. mysql_ssl_ca_file_contents => hiera('openstackid_dev_mysql_ssl_ca_file_contents'),
  404. mysql_ssl_client_key_file_contents => hiera('openstackid_dev_mysql_ssl_client_key_file_contents'),
  405. mysql_ssl_client_cert_file_contents => hiera('openstackid_dev_mysql_ssl_client_cert_file_contents'),
  406. user_spam_processor_to => hiera('openstackid_dev_user_spam_processor_to'),
  407. message_broker_exchange_name => 'message-broker',
  408. message_broker_host => hiera('openstackid_dev_message_broker_host'),
  409. message_broker_port => 5671,
  410. message_broker_vhost => 'databus',
  411. message_broker_login => hiera('openstackid_dev_message_broker_login'),
  412. message_broker_password => hiera('openstackid_dev_message_broker_password'),
  413. message_broker_ssl_enabled => true,
  414. message_broker_ssl_ca_file_contents => hiera('openstackid_dev_message_broker_ssl_ca_file_contents'),
  415. message_broker_ssl_client_cert_file_contents => hiera('openstackid_dev_message_broker_ssl_client_cert_file_contents'),
  416. message_broker_ssl_client_key_file_contents => hiera('openstackid_dev_message_broker_ssl_client_key_file_contents'),
  417. message_broker_enabled => true,
  418. cloud_storage_base_url => hiera('openstackid_dev_cloud_storage_base_url'),
  419. cloud_storage_auth_url => 'https://auth.vexxhost.net/v3',
  420. cloud_storage_app_credential_id => hiera('openstackid_dev_cloud_storage_app_credential_id'),
  421. cloud_storage_app_credential_secret => hiera('openstackid_dev_cloud_storage_app_credential_secret'),
  422. cloud_storage_project_name => hiera('openstackid_dev_cloud_storage_project_name'),
  423. cloud_storage_region => 'ca-ymq-1',
  424. cloud_storage_container => 'idp-osf',
  425. }
  426. }
  427. # Node-OS: xenial
  428. node /^kdc03\.open.*\.org$/ {
  429. class { 'openstack_project::server': }
  430. class { 'openstack_project::kdc': }
  431. }
  432. # Node-OS: xenial
  433. node /^kdc04\.open.*\.org$/ {
  434. class { 'openstack_project::server': }
  435. class { 'openstack_project::kdc':
  436. slave => true,
  437. }
  438. }
  439. # Node-OS: xenial
  440. node /^afsdb01\.open.*\.org$/ {
  441. $group = "afsdb"
  442. class { 'openstack_project::server': }
  443. include openstack_project::afsdb
  444. }
  445. # Node-OS: xenial
  446. node /^afsdb.*\.open.*\.org$/ {
  447. $group = "afsdb"
  448. class { 'openstack_project::server': }
  449. include openstack_project::afsdb
  450. }
  451. # Node-OS: xenial
  452. node /^afs.*\..*\.open.*\.org$/ {
  453. $group = "afs"
  454. class { 'openstack_project::server': }
  455. include openstack_project::afsfs
  456. }
  457. # Node-OS: xenial
  458. node /^ask\d*\.open.*\.org$/ {
  459. class { 'openstack_project::server': }
  460. class { 'openstack_project::ask':
  461. db_user => hiera('ask_db_user', 'ask'),
  462. db_password => hiera('ask_db_password'),
  463. redis_password => hiera('ask_redis_password'),
  464. site_ssl_cert_file_contents => hiera('ask_site_ssl_cert_file_contents', undef),
  465. site_ssl_key_file_contents => hiera('ask_site_ssl_key_file_contents', undef),
  466. site_ssl_chain_file_contents => hiera('ask_site_ssl_chain_file_contents', undef),
  467. }
  468. }
  469. # Node-OS: xenial
  470. node /^ask-staging\d*\.open.*\.org$/ {
  471. class { 'openstack_project::server': }
  472. class { 'openstack_project::ask_staging':
  473. db_password => hiera('ask_staging_db_password'),
  474. redis_password => hiera('ask_staging_redis_password'),
  475. }
  476. }
  477. # Node-OS: xenial
  478. node /^translate\d+\.open.*\.org$/ {
  479. $group = "translate"
  480. class { 'openstack_project::server': }
  481. class { 'openstack_project::translate':
  482. admin_users => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
  483. openid_url => 'https://openstackid.org',
  484. listeners => ['ajp'],
  485. from_address => 'noreply@openstack.org',
  486. mysql_host => hiera('translate_mysql_host', 'localhost'),
  487. mysql_password => hiera('translate_mysql_password'),
  488. zanata_server_user => hiera('proposal_zanata_user'),
  489. zanata_server_api_key => hiera('proposal_zanata_api_key'),
  490. zanata_wildfly_version => '10.1.0',
  491. zanata_wildfly_install_url => 'https://repo1.maven.org/maven2/org/wildfly/wildfly-dist/10.1.0.Final/wildfly-dist-10.1.0.Final.tar.gz',
  492. zanata_main_version => 4,
  493. zanata_url => 'https://github.com/zanata/zanata-platform/releases/download/platform-4.3.3/zanata-4.3.3-wildfly.zip',
  494. zanata_checksum => 'eaf8bd07401dade758b677007d2358f173193d17',
  495. project_config_repo => 'https://opendev.org/openstack/project-config',
  496. ssl_cert_file_contents => hiera('translate_ssl_cert_file_contents'),
  497. ssl_key_file_contents => hiera('translate_ssl_key_file_contents'),
  498. ssl_chain_file_contents => hiera('translate_ssl_chain_file_contents'),
  499. vhost_name => 'translate.openstack.org',
  500. }
  501. }
  502. # Node-OS: xenial
  503. node /^translate-dev\d*\.open.*\.org$/ {
  504. $group = "translate-dev"
  505. class { 'openstack_project::translate_dev':
  506. admin_users => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
  507. openid_url => 'https://openstackid-dev.openstack.org',
  508. listeners => ['ajp'],
  509. from_address => 'noreply@openstack.org',
  510. mysql_host => hiera('translate_dev_mysql_host', 'localhost'),
  511. mysql_password => hiera('translate_dev_mysql_password'),
  512. zanata_server_user => hiera('proposal_zanata_user'),
  513. zanata_server_api_key => hiera('proposal_zanata_api_key'),
  514. project_config_repo => 'https://opendev.org/openstack/project-config',
  515. vhost_name => 'translate-dev.openstack.org',
  516. }
  517. }
  518. # vim:sw=2:ts=2:expandtab:textwidth=79