opendev
/
system-config
Code Issues Proposed changes
System configuration for OpenStack Infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15645 Commits
1 Branch
42MB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
system-config/manifests/site.pp

1074 lines
41KB
Raw Permalink Blame History 

  1. #

  2. # Top-level variables

  3. #

  4. # There must not be any whitespace between this comment and the variables or

  5. # in between any two variables in order for them to be correctly parsed and

  6. # passed around in test.sh

  7. #

  8. # Note we do not do a hiera lookup here as we set $group on a per node basis

  9. # and that must be set before we can do hiera lookups. Doing a hiera lookup

  10. # here would fail to find any group specific info.

  11. $elasticsearch_nodes = [

  12.   "elasticsearch02.openstack.org",

  13.   "elasticsearch03.openstack.org",

  14.   "elasticsearch04.openstack.org",

  15.   "elasticsearch05.openstack.org",

  16.   "elasticsearch06.openstack.org",

  17.   "elasticsearch07.openstack.org",

  18. ]

  19. 

  20. #

  21. # Default: should at least behave like an openstack server

  22. #

  23. node default {

  24.   class { 'openstack_project::server':

  25.   }

  26. }

  27. 

  28. 

  29. # Node-OS: xenial

  30. # Puppet-Version: !3

  31. node /^grafana\d*\.open.*\.org$/ {

  32.   $group = "grafana"

  33.   class { 'openstack_project::server': }

  34.   class { 'openstack_project::grafana':

  35.     admin_password      => hiera('grafana_admin_password'),

  36.     admin_user          => hiera('grafana_admin_user', 'username'),

  37.     mysql_host          => hiera('grafana_mysql_host', 'localhost'),

  38.     mysql_name          => hiera('grafana_mysql_name'),

  39.     mysql_password      => hiera('grafana_mysql_password'),

  40.     mysql_user          => hiera('grafana_mysql_user', 'username'),

  41.     project_config_repo => 'https://opendev.org/openstack/project-config',

  42.     secret_key          => hiera('grafana_secret_key'),

  43.   }

  44. }

  45. 

  46. # Node-OS: xenial

  47. node /^health\d*\.openstack\.org$/ {

  48.   $group = "health"

  49.   class { 'openstack_project::server': }

  50.   class { 'openstack_project::openstack_health_api':

  51.     subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),

  52.     hostname            => 'health.openstack.org',

  53.   }

  54. }

  55. 

  56. # Node-OS: xenial

  57. node /^cacti\d+\.open.*\.org$/ {

  58.   $group = "cacti"

  59.   include openstack_project::ssl_cert_check

  60.   class { 'openstack_project::cacti':

  61.     cacti_hosts => hiera_array('cacti_hosts'),

  62.     vhost_name  => 'cacti.openstack.org',

  63.   }

  64. }

  65. 

  66. # Node-OS: xenial

  67. node /^graphite\d*\.open.*\.org$/ {

  68.   class { 'openstack_project::server': }

  69. 

  70.   class { '::graphite':

  71.     graphite_admin_user     => hiera('graphite_admin_user', 'username'),

  72.     graphite_admin_email    => hiera('graphite_admin_email', 'email@example.com'),

  73.     graphite_admin_password => hiera('graphite_admin_password'),

  74.     # NOTE(ianw): installed on the host via ansible

  75.     ssl_cert_file           => '/etc/letsencrypt-certs/graphite01.opendev.org/graphite01.opendev.org.cer',

  76.     ssl_key_file            => '/etc/letsencrypt-certs/graphite01.opendev.org/graphite01.opendev.org.key',

  77.     ssl_chain_file          => '/etc/letsencrypt-certs/graphite01.opendev.org/ca.cer',

  78.   }

  79. }

  80. 

  81. # Node-OS: xenial

  82. node /^lists\d*\.open.*\.org$/ {

  83.   class { 'openstack_project::server': }

  84. 

  85.   class { 'openstack_project::lists':

  86.     listpassword => hiera('listpassword'),

  87.   }

  88. }

  89. 

  90. # Node-OS: xenial

  91. node /^lists\d*\.katacontainers\.io$/ {

  92.   class { 'openstack_project::server': }

  93. 

  94.   class { 'openstack_project::kata_lists':

  95.     listpassword => hiera('listpassword'),

  96.   }

  97. }

  98. 

  99. # Node-OS: xenial

  100. node /^paste\d*\.open.*\.org$/ {

  101.   $group = "paste"

  102. 

  103.   class { 'openstack_project::server': }

  104.   class { 'openstack_project::paste':

  105.     db_password         => hiera('paste_db_password'),

  106.     db_host             => hiera('paste_db_host'),

  107.     vhost_name          => 'paste.openstack.org',

  108.   }

  109. }

  110. 

  111. # Node-OS: xenial

  112. node /planet\d*\.open.*\.org$/ {

  113.   class { 'openstack_project::planet':

  114.   }

  115. }

  116. 

  117. # Node-OS: xenial

  118. node /^eavesdrop\d*\.open.*\.org$/ {

  119.   $group = "eavesdrop"

  120.   class { 'openstack_project::server': }

  121. 

  122.   class { 'openstack_project::eavesdrop':

  123.     project_config_repo     => 'https://opendev.org/openstack/project-config',

  124.     nickpass                => hiera('openstack_meetbot_password'),

  125.     statusbot_nick          => hiera('statusbot_nick', 'username'),

  126.     statusbot_password      => hiera('statusbot_nick_password'),

  127.     statusbot_server        => 'chat.freenode.net',

  128.     statusbot_channels      => hiera_array('statusbot_channels', ['openstack_infra']),

  129.     statusbot_auth_nicks    => hiera_array('statusbot_auth_nicks'),

  130.     statusbot_wiki_user     => hiera('statusbot_wiki_username', 'username'),

  131.     statusbot_wiki_password => hiera('statusbot_wiki_password'),

  132.     statusbot_wiki_url      => 'https://wiki.openstack.org/w/api.php',

  133.     # https://wiki.openstack.org/wiki/Infrastructure_Status

  134.     statusbot_wiki_pageid   => '1781',

  135.     statusbot_wiki_successpageid => '7717',

  136.     statusbot_wiki_successpageurl => 'https://wiki.openstack.org/wiki/Successes',

  137.     statusbot_wiki_thankspageid => '37700',

  138.     statusbot_wiki_thankspageurl => 'https://wiki.openstack.org/wiki/Thanks',

  139.     statusbot_irclogs_url   => 'http://eavesdrop.openstack.org/irclogs/%(chan)s/%(chan)s.%(date)s.log.html',

  140.     statusbot_twitter                 => true,

  141.     statusbot_twitter_key             => hiera('statusbot_twitter_key'),

  142.     statusbot_twitter_secret          => hiera('statusbot_twitter_secret'),

  143.     statusbot_twitter_token_key       => hiera('statusbot_twitter_token_key'),

  144.     statusbot_twitter_token_secret    => hiera('statusbot_twitter_token_secret'),

  145.     accessbot_nick          => hiera('accessbot_nick', 'username'),

  146.     accessbot_password      => hiera('accessbot_nick_password'),

  147.     meetbot_channels        => hiera('meetbot_channels', ['openstack-infra']),

  148.     ptgbot_nick             => hiera('ptgbot_nick', 'username'),

  149.     ptgbot_password         => hiera('ptgbot_password'),

  150.   }

  151. }

  152. 

  153. # Node-OS: xenial

  154. node /^ethercalc\d+\.open.*\.org$/ {

  155.   $group = "ethercalc"

  156.   class { 'openstack_project::server': }

  157. 

  158.   class { 'openstack_project::ethercalc':

  159.     vhost_name              => 'ethercalc.openstack.org',

  160.     ssl_cert_file_contents  => hiera('ssl_cert_file_contents'),

  161.     ssl_key_file_contents   => hiera('ssl_key_file_contents'),

  162.     ssl_chain_file_contents => hiera('ssl_chain_file_contents'),

  163.   }

  164. }

  165. 

  166. # Node-OS: xenial

  167. node /^etherpad\d*\.open.*\.org$/ {

  168.   $group = "etherpad"

  169.   class { 'openstack_project::server': }

  170. 

  171.   class { 'openstack_project::etherpad':

  172.     vhost_name              => 'etherpad.openstack.org',

  173.     ssl_cert_file_contents  => hiera('etherpad_ssl_cert_file_contents'),

  174.     ssl_key_file_contents   => hiera('etherpad_ssl_key_file_contents'),

  175.     ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'),

  176.     mysql_host              => hiera('etherpad_db_host', 'localhost'),

  177.     mysql_user              => hiera('etherpad_db_user', 'username'),

  178.     mysql_password          => hiera('etherpad_db_password'),

  179.   }

  180. }

  181. 

  182. # Node-OS: xenial

  183. node /^etherpad-dev\d*\.open.*\.org$/ {

  184.   $group = "etherpad-dev"

  185.   class { 'openstack_project::server': }

  186. 

  187.   class { 'openstack_project::etherpad_dev':

  188.     vhost_name     => 'etherpad-dev.openstack.org',

  189.     mysql_host     => hiera('etherpad-dev_db_host', 'localhost'),

  190.     mysql_user     => hiera('etherpad-dev_db_user', 'username'),

  191.     mysql_password => hiera('etherpad-dev_db_password'),

  192.   }

  193. }

  194. 

  195. # Node-OS: xenial

  196. node /^wiki\d+\.openstack\.org$/ {

  197.   $group = "wiki"

  198.   class { 'openstack_project::wiki':

  199.     bup_user                  => 'bup-wiki',

  200.     serveradmin               => hiera('infra_apache_serveradmin'),

  201.     site_hostname             => 'wiki.openstack.org',

  202.     ssl_cert_file_contents    => hiera('ssl_cert_file_contents'),

  203.     ssl_key_file_contents     => hiera('ssl_key_file_contents'),

  204.     ssl_chain_file_contents   => hiera('ssl_chain_file_contents'),

  205.     wg_dbserver               => hiera('wg_dbserver'),

  206.     wg_dbname                 => 'openstack_wiki',

  207.     wg_dbuser                 => 'wikiuser',

  208.     wg_dbpassword             => hiera('wg_dbpassword'),

  209.     wg_secretkey              => hiera('wg_secretkey'),

  210.     wg_upgradekey             => hiera('wg_upgradekey'),

  211.     wg_recaptchasitekey       => hiera('wg_recaptchasitekey'),

  212.     wg_recaptchasecretkey     => hiera('wg_recaptchasecretkey'),

  213.     wg_googleanalyticsaccount => hiera('wg_googleanalyticsaccount'),

  214.   }

  215. }

  216. 

  217. # Node-OS: xenial

  218. node /^wiki-dev\d+\.openstack\.org$/ {

  219.   $group = "wiki-dev"

  220.   class { 'openstack_project::wiki':

  221.     serveradmin           => hiera('infra_apache_serveradmin'),

  222.     site_hostname         => 'wiki-dev.openstack.org',

  223.     wg_dbserver           => hiera('wg_dbserver'),

  224.     wg_dbname             => 'openstack_wiki',

  225.     wg_dbuser             => 'wikiuser',

  226.     wg_dbpassword         => hiera('wg_dbpassword'),

  227.     wg_secretkey          => hiera('wg_secretkey'),

  228.     wg_upgradekey         => hiera('wg_upgradekey'),

  229.     wg_recaptchasitekey   => hiera('wg_recaptchasitekey'),

  230.     wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),

  231.     disallow_robots       => true,

  232.   }

  233. }

  234. 

  235. # Node-OS: xenial

  236. node /^logstash\d*\.open.*\.org$/ {

  237.   class { 'openstack_project::server': }

  238. 

  239.   class { 'openstack_project::logstash':

  240.     discover_nodes      => [

  241.       'elasticsearch03.openstack.org:9200',

  242.       'elasticsearch04.openstack.org:9200',

  243.       'elasticsearch05.openstack.org:9200',

  244.       'elasticsearch06.openstack.org:9200',

  245.       'elasticsearch07.openstack.org:9200',

  246.       'elasticsearch02.openstack.org:9200',

  247.     ],

  248.     subunit2sql_db_host => hiera('subunit2sql_db_host', ''),

  249.     subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),

  250.   }

  251. }

  252. 

  253. # Node-OS: xenial

  254. node /^logstash-worker\d+\.open.*\.org$/ {

  255.   $group = 'logstash-worker'

  256. 

  257.   class { 'openstack_project::server': }

  258. 

  259.   class { 'openstack_project::logstash_worker':

  260.     discover_node         => 'elasticsearch03.openstack.org',

  261.     enable_mqtt           => false,

  262.     mqtt_password         => hiera('mqtt_service_user_password'),

  263.     mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),

  264.   }

  265. }

  266. 

  267. # Node-OS: xenial

  268. node /^subunit-worker\d+\.open.*\.org$/ {

  269.   $group = "subunit-worker"

  270.   class { 'openstack_project::server': }

  271.   class { 'openstack_project::subunit_worker':

  272.     subunit2sql_db_host   => hiera('subunit2sql_db_host', ''),

  273.     subunit2sql_db_pass   => hiera('subunit2sql_db_password', ''),

  274.     mqtt_pass             => hiera('mqtt_service_user_password'),

  275.     mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),

  276.   }

  277. }

  278. 

  279. # Node-OS: xenial

  280. node /^elasticsearch\d+\.open.*\.org$/ {

  281.   $group = "elasticsearch"

  282.   class { 'openstack_project::server': }

  283.   class { 'openstack_project::elasticsearch_node':

  284.     discover_nodes => $elasticsearch_nodes,

  285.   }

  286. }

  287. 

  288. # Node-OS: xenial

  289. node /^firehose\d+\.open.*\.org$/ {

  290.   class { 'openstack_project::server': }

  291.   class { 'openstack_project::firehose':

  292.     gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),

  293.     gerrit_public_key   => hiera('germqtt_gerrit_ssh_public_key'),

  294.     gerrit_private_key  => hiera('germqtt_gerrit_ssh_private_key'),

  295.     mqtt_password       => hiera('mqtt_service_user_password'),

  296.     ca_file             => hiera('mosquitto_tls_ca_file'),

  297.     cert_file           => hiera('mosquitto_tls_server_cert_file'),

  298.     key_file            => hiera('mosquitto_tls_server_key_file'),

  299.     imap_hostname       => hiera('lpmqtt_imap_server'),

  300.     imap_username       => hiera('lpmqtt_imap_username'),

  301.     imap_password       => hiera('lpmqtt_imap_password'),

  302.     statsd_host         => 'graphite.opendev.org',

  303.   }

  304. }

  305. 

  306. # A machine to drive AFS mirror updates.

  307. # Node-OS: xenial

  308. node /^mirror-update\d*\.open.*\.org$/ {

  309.   $group = "afsadmin"

  310. 

  311.   class { 'openstack_project::mirror_update':

  312.     admin_keytab          => hiera('afsadmin_keytab'),

  313.     fedora_keytab         => hiera('fedora_keytab'),

  314.     opensuse_keytab       => hiera('opensuse_keytab'),

  315.     reprepro_keytab       => hiera('reprepro_keytab'),

  316.     gem_keytab            => hiera('gem_keytab'),

  317.     centos_keytab         => hiera('centos_keytab'),

  318.     epel_keytab           => hiera('epel_keytab'),

  319.     yum_puppetlabs_keytab => hiera('yum_puppetlabs_keytab'),

  320.   }

  321. }

  322. 

  323. # Machines in each region to serve AFS mirrors.

  324. # Node-OS: xenial

  325. node /^mirror\d*\..*\.open.*\.org$/ {

  326.   $group = "mirror"

  327. 

  328.   class { 'openstack_project::server':

  329.     afs                       => true,

  330.     afs_cache_size            => 50000000,  # 50GB

  331.   }

  332. 

  333.   class { 'openstack_project::mirror':

  334.     vhost_name => $::fqdn,

  335.     require    => Class['Openstack_project::Server'],

  336.   }

  337. }

  338. 

  339. # Node-OS: trusty

  340. # Node-OS: xenial

  341. node /^refstack\d*\.open.*\.org$/ {

  342.   class { 'openstack_project::server': }

  343.   class { 'refstack':

  344.     mysql_host          => hiera('refstack_mysql_host', 'localhost'),

  345.     mysql_database      => hiera('refstack_mysql_db_name', 'refstack'),

  346.     mysql_user          => hiera('refstack_mysql_user', 'refstack'),

  347.     mysql_user_password => hiera('refstack_mysql_password'),

  348.     ssl_cert_content    => hiera('refstack_ssl_cert_file_contents'),

  349.     ssl_cert            => '/etc/ssl/certs/refstack.pem',

  350.     ssl_key_content     => hiera('refstack_ssl_key_file_contents'),

  351.     ssl_key             => '/etc/ssl/private/refstack.key',

  352.     ssl_ca_content      => hiera('refstack_ssl_chain_file_contents'),

  353.     ssl_ca              => '/etc/ssl/certs/refstack.ca.pem',

  354.     protocol            => 'https',

  355.   }

  356.   mysql_backup::backup_remote { 'refstack':

  357.     database_host     => hiera('refstack_mysql_host', 'localhost'),

  358.     database_user     => hiera('refstack_mysql_user', 'refstack'),

  359.     database_password => hiera('refstack_mysql_password'),

  360.     require           => Class['::refstack'],

  361.   }

  362. }

  363. 

  364. # A machine to run Storyboard

  365. # Node-OS: xenial

  366. node /^storyboard\d+\.opendev\.org$/ {

  367.   $group = "storyboard"

  368.   class { 'openstack_project::storyboard':

  369.     project_config_repo     => 'https://opendev.org/openstack/project-config',

  370.     mysql_host              => hiera('storyboard_db_host', 'localhost'),

  371.     mysql_user              => hiera('storyboard_db_user', 'username'),

  372.     mysql_password          => hiera('storyboard_db_password'),

  373.     rabbitmq_user           => hiera('storyboard_rabbit_user', 'username'),

  374.     rabbitmq_password       => hiera('storyboard_rabbit_password'),

  375.     ssl_cert                => '/etc/ssl/certs/storyboard.openstack.org.pem',

  376.     ssl_cert_file_contents  => hiera('storyboard_ssl_cert_file_contents'),

  377.     ssl_key                 => '/etc/ssl/private/storyboard.openstack.org.key',

  378.     ssl_key_file_contents   => hiera('storyboard_ssl_key_file_contents'),

  379.     ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents'),

  380.     hostname                => 'storyboard.openstack.org',

  381.     valid_oauth_clients     => ['storyboard.openstack.org',],

  382.     cors_allowed_origins    => ['https://storyboard.openstack.org',],

  383.     sender_email_address    => 'storyboard@storyboard.openstack.org',

  384.     default_url             => 'https://storyboard.openstack.org',

  385.   }

  386. }

  387. 

  388. # A machine to run Storyboard devel

  389. # Node-OS: xenial

  390. node /^storyboard-dev\d+\.opendev\.org$/ {

  391.   $group = "storyboard-dev"

  392.   class { 'openstack_project::storyboard::dev':

  393.     project_config_repo     => 'https://opendev.org/openstack/project-config',

  394.     mysql_host              => hiera('storyboard_db_host', 'localhost'),

  395.     mysql_user              => hiera('storyboard_db_user', 'username'),

  396.     mysql_password          => hiera('storyboard_db_password'),

  397.     rabbitmq_user           => hiera('storyboard_rabbit_user', 'username'),

  398.     rabbitmq_password       => hiera('storyboard_rabbit_password'),

  399.     hostname                => 'storyboard-dev.openstack.org',

  400.     valid_oauth_clients     => ['^.*',],

  401.     cors_allowed_origins    => ['^.*',],

  402.     sender_email_address    => 'storyboard-dev@storyboard-dev.openstack.org',

  403.     default_url             => 'https://storyboard-dev.openstack.org',

  404.   }

  405. 

  406. }

  407. 

  408. # Node-OS: xenial

  409. node /^zk\d+\.open.*\.org$/ {

  410.   # We use IP addresses here so that zk listens on the public facing addresses

  411.   # allowing cluster members to talk to each other. Without this they listen

  412.   # on 127.0.1.1 because that is what we have in /etc/hosts for

  413.   # zk0X.openstack.org.

  414.   $zk_cluster_members = [

  415.     '23.253.236.126', # zk01

  416.     '172.99.117.32',  # zk02

  417.     '23.253.90.246',  # zk03

  418.   ]

  419.   class { 'openstack_project::server': }

  420. 

  421.   class { '::zookeeper':

  422.     # ID needs to be numeric, so we use regex to extra numbers from fqdn.

  423.     id             => regsubst($::fqdn, '^zk(\d+)\.open.*\.org$', '\1'),

  424.     # The frequency in hours to look for and purge old snapshots,

  425.     # defaults to 0 (disabled). The number of retained snapshots can

  426.     # be separately controlled through snap_retain_count and

  427.     # defaults to the minimum value of 3. This will quickly fill the

  428.     # disk in production if not enabled. Works on ZK >=3.4.

  429.     purge_interval => 6,

  430.     servers        => $zk_cluster_members,

  431.   }

  432. }

  433. 

  434. # A machine to serve various project status updates.

  435. # Node-OS: xenial

  436. node /^status\d*\.open.*\.org$/ {

  437.   $group = 'status'

  438. 

  439.   class { 'openstack_project::server': }

  440. 

  441.   class { 'openstack_project::status':

  442.     gerrit_host                   => 'review.opendev.org',

  443.     gerrit_ssh_host_key           => hiera('gerrit_ssh_rsa_pubkey_contents'),

  444.     reviewday_ssh_public_key      => hiera('reviewday_rsa_pubkey_contents'),

  445.     reviewday_ssh_private_key     => hiera('reviewday_rsa_key_contents'),

  446.     recheck_ssh_public_key        => hiera('elastic-recheck_gerrit_ssh_public_key'),

  447.     recheck_ssh_private_key       => hiera('elastic-recheck_gerrit_ssh_private_key'),

  448.     recheck_bot_nick              => 'openstackrecheck',

  449.     recheck_bot_passwd            => hiera('elastic-recheck_ircbot_password'),

  450.   }

  451. }

  452. 

  453. # Node-OS: xenial

  454. node /^survey\d+\.open.*\.org$/ {

  455.   $group = "survey"

  456.   class { 'openstack_project::server': }

  457. 

  458.   class { 'openstack_project::survey':

  459.     vhost_name              => 'survey.openstack.org',

  460.     auth_openid             => true,

  461.     ssl_cert_file_contents  => hiera('ssl_cert_file_contents'),

  462.     ssl_key_file_contents   => hiera('ssl_key_file_contents'),

  463.     ssl_chain_file_contents => hiera('ssl_chain_file_contents'),

  464.     dbpassword              => hiera('dbpassword'),

  465.     dbhost                  => hiera('dbhost'),

  466.     adminuser               => hiera('adminuser'),

  467.     adminpass               => hiera('adminpass'),

  468.     adminmail               => hiera('adminmail'),

  469.   }

  470. }

  471. 

  472. # Node-OS: xenial

  473. node /^nl\d+\.open.*\.org$/ {

  474.   $group = 'nodepool'

  475. 

  476.   # NOTE(ianw) From 09-2018 (https://review.opendev.org/#/c/598329/)

  477.   # the cloud credentials are deployed with ansible via the

  478.   # configure-openstacksdk role and are no longer configured here

  479. 

  480.   class { 'openstack_project::server': }

  481. 

  482.   include openstack_project

  483. 

  484.   class { '::openstackci::nodepool_launcher':

  485.     nodepool_ssh_private_key => hiera('zuul_worker_ssh_private_key_contents'),

  486.     project_config_repo      => 'https://opendev.org/openstack/project-config',

  487.     statsd_host              => 'graphite.opendev.org',

  488.     revision                 => 'master',

  489.     python_version           => 3,

  490.     enable_webapp            => true,

  491.   }

  492. }

  493. 

  494. # Node-OS: xenial

  495. node /^nb\d+\.open.*\.org$/ {

  496.   $group = 'nodepool'

  497. 

  498.   class { 'openstack_project::server': }

  499. 

  500.   include openstack_project

  501. 

  502.   class { '::openstackci::nodepool_builder':

  503.     nodepool_ssh_public_key       => hiera('zuul_worker_ssh_public_key_contents'),

  504.     vhost_name                    => $::fqdn,

  505.     enable_build_log_via_http     => true,

  506.     project_config_repo           => 'https://opendev.org/openstack/project-config',

  507.     statsd_host                   => 'graphite.opendev.org',

  508.     upload_workers                => '16',

  509.     revision                      => 'master',

  510.     python_version                => 3,

  511.     zuulv3                        => true,

  512.     ssl_cert_file                 => '/etc/ssl/certs/ssl-cert-snakeoil.pem',

  513.     ssl_key_file                  => '/etc/ssl/private/ssl-cert-snakeoil.key',

  514.   }

  515. 

  516.   cron { 'mirror_gitgc':

  517.     user        => 'nodepool',

  518.     hour        => '20',

  519.     minute      => '0',

  520.     command     => 'find /opt/dib_cache/source-repositories/ -type d -name "*.git" -exec git --git-dir="{}" gc \; >/dev/null',

  521.     environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',

  522.     require     => Class['::openstackci::nodepool_builder'],

  523.   }

  524. }

  525. 

  526. # Node-OS: xenial

  527. node /^ze\d+\.open.*\.org$/ {

  528.   $group = "zuul-executor"

  529. 

  530.   $gerrit_server           = 'review.opendev.org'

  531.   $gerrit_user             = 'zuul'

  532.   $gerrit_ssh_host_key     = hiera('gerrit_ssh_rsa_pubkey_contents')

  533.   $gerrit_ssh_private_key  = hiera('gerrit_ssh_private_key_contents')

  534.   $zuul_ssh_private_key    = hiera('zuul_ssh_private_key_contents')

  535.   $zuul_static_private_key = hiera('jenkins_ssh_private_key_contents')

  536.   $git_email               = 'zuul@openstack.org'

  537.   $git_name                = 'OpenStack Zuul'

  538.   $revision                = 'master'

  539. 

  540.   class { 'openstack_project::server':

  541.     afs                       => true,

  542.   }

  543. 

  544.   class { '::project_config':

  545.     url => 'https://opendev.org/openstack/project-config',

  546.   }

  547. 

  548.   # We use later HWE kernels for better memory managment, requiring an

  549.   # updated AFS version which we install from our custom ppa.

  550.   include ::apt

  551.   apt::ppa { 'ppa:openstack-ci-core/openafs-amd64-hwe': }

  552.   package { 'linux-generic-hwe-16.04':

  553.     ensure  => present,

  554.     require => [

  555.       Apt::Ppa['ppa:openstack-ci-core/openafs-amd64-hwe'],

  556.       Class['apt::update'],

  557.     ],

  558.   }

  559. 

  560.   # Skopeo is required for pushing/pulling from the intermediate

  561.   # registry, and is available in the projectatomic ppa.

  562. 

  563.   apt::ppa { 'ppa:projectatomic/ppa': }

  564.   package { 'skopeo':

  565.     ensure  => present,

  566.     require => [

  567.       Apt::Ppa['ppa:projectatomic/ppa'],

  568.       Class['apt::update'],

  569.     ],

  570.   }

  571. 

  572.   # Socat is also required for pushing/pulling images

  573.   package { 'socat':

  574.     ensure  => present,

  575.     require => [

  576.       Class['apt::update'],

  577.     ],

  578.   }

  579. 

  580.   # NOTE(pabelanger): We call ::zuul directly, so we can override all in one

  581.   # settings.

  582.   class { '::zuul':

  583.     gearman_server           => 'zuul01.openstack.org',

  584.     gerrit_server            => $gerrit_server,

  585.     gerrit_user              => $gerrit_user,

  586.     zuul_ssh_private_key     => $gerrit_ssh_private_key,

  587.     git_email                => $git_email,

  588.     git_name                 => $git_name,

  589.     worker_private_key_file  => '/var/lib/zuul/ssh/nodepool_id_rsa',

  590.     revision                 => $revision,

  591.     python_version           => 3,

  592.     zookeeper_hosts          => 'zk01.openstack.org:2181,zk02.openstack.org:2181,zk03.openstack.org:2181',

  593.     zuulv3                   => true,

  594.     connections              => hiera('zuul_connections', []),

  595.     connection_secrets      => hiera('zuul_connection_secrets', []),

  596.     gearman_client_ssl_cert  => hiera('gearman_client_ssl_cert'),

  597.     gearman_client_ssl_key   => hiera('gearman_client_ssl_key'),

  598.     gearman_ssl_ca           => hiera('gearman_ssl_ca'),

  599.     #TODO(pabelanger): Add openafs role for zuul-jobs to setup /etc/openafs

  600.     # properly. We need to revisting this post Queens PTG.

  601.     trusted_ro_paths         => ['/etc/openafs', '/etc/ssl/certs', '/var/lib/zuul/ssh'],

  602.     trusted_rw_paths         => ['/afs'],

  603.     untrusted_ro_paths       => ['/etc/ssl/certs'],

  604.     disk_limit_per_job       => 5000,  # Megabytes

  605.     site_variables_yaml_file => $::project_config::zuul_site_variables_yaml,

  606.     require                  => $::project_config::config_dir,

  607.     statsd_host              => 'graphite.opendev.org',

  608.   }

  609. 

  610.   class { '::zuul::executor': }

  611. 

  612.   # This is used by the log job submission playbook which runs under

  613.   # python2

  614.   package { 'gear':

  615.     ensure   => latest,

  616.     provider => openstack_pip,

  617.     require  => Class['pip'],

  618.   }

  619. 

  620.   file { '/var/lib/zuul/ssh/nodepool_id_rsa':

  621.     owner   => 'zuul',

  622.     group   => 'zuul',

  623.     mode    => '0400',

  624.     require => File['/var/lib/zuul/ssh'],

  625.     content => $zuul_ssh_private_key,

  626.   }

  627. 

  628.   file { '/var/lib/zuul/ssh/static_id_rsa':

  629.     owner   => 'zuul',

  630.     group   => 'zuul',

  631.     mode    => '0400',

  632.     require => File['/var/lib/zuul/ssh'],

  633.     content => $zuul_static_private_key,

  634.   }

  635. 

  636.   class { '::zuul::known_hosts':

  637.     known_hosts_content => "[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ${gerrit_ssh_host_key}\n[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==\n",

  638.   }

  639. }

  640. 

  641. # Node-OS: xenial

  642. node /^zuul\d+\.open.*\.org$/ {

  643.   $group = "zuul-scheduler"

  644.   $gerrit_server        = 'review.opendev.org'

  645.   $gerrit_user          = 'zuul'

  646.   $gerrit_ssh_host_key  = hiera('gerrit_zuul_user_ssh_key_contents')

  647.   $zuul_ssh_private_key = hiera('zuul_ssh_private_key_contents')

  648.   $zuul_url             = "http://zuul.openstack.org/p"

  649.   $git_email            = 'zuul@openstack.org'

  650.   $git_name             = 'OpenStack Zuul'

  651.   $revision             = 'master'

  652. 

  653.   class { 'openstack_project::server': }

  654. 

  655.   class { '::project_config':

  656.     url => 'https://opendev.org/openstack/project-config',

  657.   }

  658. 

  659.   # NOTE(pabelanger): We call ::zuul directly, so we can override all in one

  660.   # settings.

  661.   class { '::zuul':

  662.     gerrit_server                 => $gerrit_server,

  663.     gerrit_user                   => $gerrit_user,

  664.     zuul_ssh_private_key          => $zuul_ssh_private_key,

  665.     git_email                     => $git_email,

  666.     git_name                      => $git_name,

  667.     revision                      => $revision,

  668.     python_version                => 3,

  669.     zookeeper_hosts               => 'zk01.openstack.org:2181,zk02.openstack.org:2181,zk03.openstack.org:2181',

  670.     zookeeper_session_timeout     => 40,

  671.     zuulv3                        => true,

  672.     connections                   => hiera('zuul_connections', []),

  673.     connection_secrets            => hiera('zuul_connection_secrets', []),

  674.     vhost_name                    => 'zuul.openstack.org',

  675.     zuul_status_url               => 'http://127.0.0.1:8001/openstack',

  676.     zuul_web_url                  => 'http://127.0.0.1:9000',

  677.     zuul_tenant_name              => 'openstack',

  678.     gearman_client_ssl_cert       => hiera('gearman_client_ssl_cert'),

  679.     gearman_client_ssl_key        => hiera('gearman_client_ssl_key'),

  680.     gearman_server_ssl_cert       => hiera('gearman_server_ssl_cert'),

  681.     gearman_server_ssl_key        => hiera('gearman_server_ssl_key'),

  682.     gearman_ssl_ca                => hiera('gearman_ssl_ca'),

  683.     proxy_ssl_cert_file_contents  => hiera('zuul_ssl_cert_file_contents'),

  684.     proxy_ssl_chain_file_contents => hiera('zuul_ssl_chain_file_contents'),

  685.     proxy_ssl_key_file_contents   => hiera('zuul_ssl_key_file_contents'),

  686.     statsd_host                   => 'graphite.opendev.org',

  687.     status_url                    => 'https://zuul.openstack.org',

  688.     relative_priority             => true,

  689.     web_root                      => 'https://zuul.opendev.org',

  690.   }

  691. 

  692.   file { "/etc/zuul/github.key":

  693.     ensure  => present,

  694.     owner   => 'zuul',

  695.     group   => 'zuul',

  696.     mode    => '0600',

  697.     content => hiera('zuul_github_app_key'),

  698.     require => File['/etc/zuul'],

  699.   }

  700. 

  701.   class { '::zuul::scheduler':

  702.     layout_dir     => $::project_config::zuul_layout_dir,

  703.     require        => $::project_config::config_dir,

  704.     python_version => 3,

  705.     use_mysql      => true,

  706.   }

  707. 

  708.   class { '::zuul::web':

  709.     # We manage backups below

  710.     enable_status_backups => false,

  711.     vhosts => {

  712.       'zuul.openstack.org' => {

  713.         port       => 443,

  714.         docroot    => '/opt/zuul-web/content',

  715.         priority   => '50',

  716.         ssl        => true,

  717.         template   => 'zuul/zuulv3.vhost.erb',

  718.         vhost_name => 'zuul.openstack.org',

  719.       },

  720.       'zuul.opendev.org' => {

  721.         port       => 443,

  722.         docroot    => '/opt/zuul-web/content',

  723.         priority   => '40',

  724.         ssl        => true,

  725.         template   => 'zuul/zuulv3.vhost.erb',

  726.         vhost_name => 'zuul.opendev.org',

  727.       },

  728.       'zuul.openstack.org-http' => {

  729.         port       => 80,

  730.         docroot    => '/opt/zuul-web/content',

  731.         priority   => '50',

  732.         ssl        => false,

  733.         template   => 'zuul/zuulv3.vhost.erb',

  734.         vhost_name => 'zuul.openstack.org',

  735.       },

  736.       'zuul.opendev.org-http' => {

  737.         port       => 80,

  738.         docroot    => '/opt/zuul-web/content',

  739.         priority   => '40',

  740.         ssl        => false,

  741.         template   => 'zuul/zuulv3.vhost.erb',

  742.         vhost_name => 'zuul.opendev.org',

  743.       },

  744.     },

  745.     vhosts_flags => {

  746.       'zuul.openstack.org' => {

  747.         tenant_name => 'openstack',

  748.         ssl         => true,

  749.         use_le      => false,

  750.       },

  751.       'zuul.opendev.org' => {

  752.         tenant_name => '',

  753.         ssl         => true,

  754.         use_le      => true,

  755.       },

  756.       'zuul.openstack.org-http' => {

  757.         tenant_name => 'openstack',

  758.         ssl         => false,

  759.         use_le      => false,

  760.       },

  761.       'zuul.opendev.org-http' => {

  762.         tenant_name => '',

  763.         ssl         => false,

  764.         use_le      => false,

  765.       },

  766.     },

  767.     vhosts_ssl => {

  768.       'zuul.openstack.org' => {

  769.         ssl_cert_file_contents  => hiera('zuul_ssl_cert_file_contents'),

  770.         ssl_chain_file_contents => hiera('zuul_ssl_chain_file_contents'),

  771.         ssl_key_file_contents   => hiera('zuul_ssl_key_file_contents'),

  772.       },

  773.     },

  774.   }

  775. 

  776.   zuul::status_backups { 'openstack-zuul-tenant':

  777.     tenant_name => 'openstack',

  778.     ssl         => true,

  779.     status_uri  => 'https://zuul.opendev.org/api/tenant/openstack/status',

  780.   }

  781. 

  782.   zuul::status_backups { 'kata-zuul-tenant':

  783.     tenant_name => 'kata-containers',

  784.     ssl         => true,

  785.     status_uri  => 'https://zuul.opendev.org/api/tenant/kata-containers/status',

  786.   }

  787. 

  788.   class { '::zuul::fingergw': }

  789. 

  790.   class { '::zuul::known_hosts':

  791.     known_hosts_content => "[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ${gerrit_ssh_host_key}\n[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==\n",

  792.   }

  793. 

  794.   include bup

  795.   bup::site { 'rax.ord':

  796.     backup_user   => 'bup-zuulv3',

  797.     backup_server => 'backup01.ord.rax.ci.openstack.org',

  798.   }

  799. 

  800. }

  801. 

  802. # Node-OS: xenial

  803. node /^zm\d+.open.*\.org$/ {

  804.   $group = "zuul-merger"

  805. 

  806.   $gerrit_server        = 'review.opendev.org'

  807.   $gerrit_user          = 'zuul'

  808.   $gerrit_ssh_host_key  = hiera('gerrit_ssh_rsa_pubkey_contents')

  809.   $zuul_ssh_private_key = hiera('zuulv3_ssh_private_key_contents')

  810.   $zuul_url             = "http://${::fqdn}/p"

  811.   $git_email            = 'zuul@openstack.org'

  812.   $git_name             = 'OpenStack Zuul'

  813.   $revision             = 'master'

  814. 

  815.   class { 'openstack_project::server': }

  816. 

  817.   # NOTE(pabelanger): We call ::zuul directly, so we can override all in one

  818.   # settings.

  819.   class { '::zuul':

  820.     gearman_server          => 'zuul01.openstack.org',

  821.     gerrit_server           => $gerrit_server,

  822.     gerrit_user             => $gerrit_user,

  823.     zuul_ssh_private_key    => $zuul_ssh_private_key,

  824.     git_email               => $git_email,

  825.     git_name                => $git_name,

  826.     revision                => $revision,

  827.     python_version          => 3,

  828.     zookeeper_hosts         => 'zk01.openstack.org:2181,zk02.openstack.org:2181,zk03.openstack.org:2181',

  829.     zuulv3                  => true,

  830.     connections             => hiera('zuul_connections', []),

  831.     connection_secrets      => hiera('zuul_connection_secrets', []),

  832.     gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),

  833.     gearman_client_ssl_key  => hiera('gearman_client_ssl_key'),

  834.     gearman_ssl_ca          => hiera('gearman_ssl_ca'),

  835.     statsd_host             => 'graphite.opendev.org',

  836.   }

  837. 

  838.   class { 'openstack_project::zuul_merger':

  839.     gerrit_server        => $gerrit_server,

  840.     gerrit_user          => $gerrit_user,

  841.     gerrit_ssh_host_key  => $gerrit_ssh_host_key,

  842.     zuul_ssh_private_key => $zuul_ssh_private_key,

  843.     manage_common_zuul   => false,

  844.   }

  845. }

  846. 

  847. # Node-OS: xenial

  848. node /^pbx\d*\.open.*\.org$/ {

  849.   $group = "pbx"

  850.   class { 'openstack_project::server': }

  851.   class { 'openstack_project::pbx':

  852.     sip_providers => [

  853.       {

  854.         provider => 'voipms',

  855.         hostname => 'dallas.voip.ms',

  856.         username => hiera('voipms_username', 'username'),

  857.         password => hiera('voipms_password'),

  858.         outgoing => false,

  859.       },

  860.     ],

  861.   }

  862. }

  863. 

  864. # Node-OS: xenial

  865. # A backup machine.  Don't run cron or puppet agent on it.

  866. node /^backup\d+\..*\.ci\.open.*\.org$/ {

  867.   $group = "ci-backup"

  868.   class { 'openstack_project::server': }

  869.   include openstack_project::backup_server

  870. }

  871. 

  872. # Node-OS: xenial

  873. node /^openstackid\d*(\.openstack)?\.org$/ {

  874.   $group = "openstackid"

  875.   class { 'openstack_project::openstackid_prod':

  876.     site_admin_password                 => hiera('openstackid_site_admin_password'),

  877.     id_mysql_host                       => hiera('openstackid_id_mysql_host', 'localhost'),

  878.     id_mysql_password                   => hiera('openstackid_id_mysql_password'),

  879.     id_mysql_user                       => hiera('openstackid_id_mysql_user', 'username'),

  880.     id_db_name                          => hiera('openstackid_id_db_name'),

  881.     redis_password                      => hiera('openstackid_redis_password'),

  882.     ssl_cert_file_contents              => hiera('openstackid_ssl_cert_file_contents'),

  883.     ssl_key_file_contents               => hiera('openstackid_ssl_key_file_contents'),

  884.     ssl_chain_file_contents             => hiera('openstackid_ssl_chain_file_contents'),

  885.     id_recaptcha_public_key             => hiera('openstackid_recaptcha_public_key'),

  886.     id_recaptcha_private_key            => hiera('openstackid_recaptcha_private_key'),

  887.     vhost_name                          => 'openstackid.org',

  888.     session_cookie_domain               => 'openstackid.org',

  889.     serveradmin                         => 'webmaster@openstackid.org',

  890.     canonicalweburl                     => 'https://openstackid.org/',

  891.     app_url                             => 'https://openstackid.org',

  892.     app_key                             => hiera('openstackid_app_key'),

  893.     id_log_error_to_email               => 'openstack@tipit.net',

  894.     id_log_error_from_email             => 'noreply@openstack.org',

  895.     email_driver                        => 'sendgrid',

  896.     email_send_grid_api_key             => hiera('openstackid_send_grid_api_key'),

  897.     php_version                         => 7,

  898.     mysql_ssl_enabled                   => true,

  899.     mysql_ssl_ca_file_contents          => hiera('openstackid_mysql_ssl_ca_file_contents'),

  900.     mysql_ssl_client_key_file_contents  => hiera('openstackid_mysql_ssl_client_key_file_contents'),

  901.     mysql_ssl_client_cert_file_contents => hiera('openstackid_mysql_ssl_client_cert_file_contents'),

  902.     user_spam_processor_to              => hiera('openstackid_user_spam_processor_to'),

  903.   }

  904. }

  905. 

  906. # Node-OS: xenial

  907. node /^openstackid-dev\d*\.openstack\.org$/ {

  908.   $group = "openstackid-dev"

  909.   class { 'openstack_project::openstackid_dev':

  910.     site_admin_password                 => hiera('openstackid_dev_site_admin_password'),

  911.     id_mysql_host                       => hiera('openstackid_dev_id_mysql_host', 'localhost'),

  912.     id_mysql_password                   => hiera('openstackid_dev_id_mysql_password'),

  913.     id_mysql_user                       => hiera('openstackid_dev_id_mysql_user', 'username'),

  914.     redis_password                      => hiera('openstackid_dev_redis_password'),

  915.     ssl_cert_file_contents              => hiera('openstackid_dev_ssl_cert_file_contents'),

  916.     ssl_key_file_contents               => hiera('openstackid_dev_ssl_key_file_contents'),

  917.     ssl_chain_file_contents             => hiera('openstackid_dev_ssl_chain_file_contents'),

  918.     id_recaptcha_public_key             => hiera('openstackid_dev_recaptcha_public_key'),

  919.     id_recaptcha_private_key            => hiera('openstackid_dev_recaptcha_private_key'),

  920.     vhost_name                          => 'openstackid-dev.openstack.org',

  921.     session_cookie_domain               => 'openstackid-dev.openstack.org',

  922.     serveradmin                         => 'webmaster@openstackid-dev.openstack.org',

  923.     canonicalweburl                     => 'https://openstackid-dev.openstack.org/',

  924.     app_url                             => 'https://openstackid-dev.openstack.org',

  925.     app_key                             => hiera('openstackid_dev_app_key'),

  926.     id_log_error_to_email               => 'openstack@tipit.net',

  927.     id_log_error_from_email             => 'noreply@openstack.org',

  928.     email_driver                        => 'sendgrid',

  929.     email_send_grid_api_key             => hiera('openstackid_dev_send_grid_api_key'),

  930.     php_version                         => 7,

  931.     mysql_ssl_enabled                   => true,

  932.     mysql_ssl_ca_file_contents          => hiera('openstackid_dev_mysql_ssl_ca_file_contents'),

  933.     mysql_ssl_client_key_file_contents  => hiera('openstackid_dev_mysql_ssl_client_key_file_contents'),

  934.     mysql_ssl_client_cert_file_contents => hiera('openstackid_dev_mysql_ssl_client_cert_file_contents'),

  935.     user_spam_processor_to              => hiera('openstackid_dev_user_spam_processor_to'),

  936.   }

  937. }

  938. 

  939. # Node-OS: xenial

  940. # Used for testing all-in-one deployments

  941. node 'single-node-ci.test.only' {

  942.   include ::openstackci::single_node_ci

  943. }

  944. 

  945. # Node-OS: xenial

  946. node /^kdc03\.open.*\.org$/ {

  947.   class { 'openstack_project::server': }

  948. 

  949.   class { 'openstack_project::kdc': }

  950. }

  951. 

  952. # Node-OS: xenial

  953. node /^kdc04\.open.*\.org$/ {

  954.   class { 'openstack_project::server': }

  955. 

  956.   class { 'openstack_project::kdc':

  957.     slave => true,

  958.   }

  959. }

  960. 

  961. # Node-OS: xenial

  962. node /^afsdb01\.open.*\.org$/ {

  963.   $group = "afsdb"

  964. 

  965.   class { 'openstack_project::server':

  966.     afs                       => true,

  967.   }

  968. 

  969.   include openstack_project::afsdb

  970.   include openstack_project::afsrelease

  971. }

  972. 

  973. # Node-OS: xenial

  974. node /^afsdb.*\.open.*\.org$/ {

  975.   $group = "afsdb"

  976. 

  977.   class { 'openstack_project::server':

  978.     afs                       => true,

  979.   }

  980. 

  981.   include openstack_project::afsdb

  982. }

  983. 

  984. # Node-OS: xenial

  985. node /^afs.*\..*\.open.*\.org$/ {

  986.   $group = "afs"

  987. 

  988.   class { 'openstack_project::server':

  989.     afs                       => true,

  990.   }

  991. 

  992.   include openstack_project::afsfs

  993. }

  994. 

  995. # Node-OS: xenial

  996. node /^ask\d*\.open.*\.org$/ {

  997. 

  998.   class { 'openstack_project::server': }

  999. 

  1000.   class { 'openstack_project::ask':

  1001.     db_user                      => hiera('ask_db_user', 'ask'),

  1002.     db_password                  => hiera('ask_db_password'),

  1003.     redis_password               => hiera('ask_redis_password'),

  1004.     site_ssl_cert_file_contents  => hiera('ask_site_ssl_cert_file_contents', undef),

  1005.     site_ssl_key_file_contents   => hiera('ask_site_ssl_key_file_contents', undef),

  1006.     site_ssl_chain_file_contents => hiera('ask_site_ssl_chain_file_contents', undef),

  1007.   }

  1008. }

  1009. 

  1010. # Node-OS: xenial

  1011. node /^ask-staging\d*\.open.*\.org$/ {

  1012.   class { 'openstack_project::server': }

  1013. 

  1014.   class { 'openstack_project::ask_staging':

  1015.     db_password                  => hiera('ask_staging_db_password'),

  1016.     redis_password               => hiera('ask_staging_redis_password'),

  1017.   }

  1018. }

  1019. 

  1020. # Node-OS: xenial

  1021. node /^translate\d+\.open.*\.org$/ {

  1022.   $group = "translate"

  1023.   class { 'openstack_project::server': }

  1024.   class { 'openstack_project::translate':

  1025.     admin_users                => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',

  1026.     openid_url                 => 'https://openstackid.org',

  1027.     listeners                  => ['ajp'],

  1028.     from_address               => 'noreply@openstack.org',

  1029.     mysql_host                 => hiera('translate_mysql_host', 'localhost'),

  1030.     mysql_password             => hiera('translate_mysql_password'),

  1031.     zanata_server_user         => hiera('proposal_zanata_user'),

  1032.     zanata_server_api_key      => hiera('proposal_zanata_api_key'),

  1033.     zanata_wildfly_version     => '10.1.0',

  1034.     zanata_wildfly_install_url => 'https://repo1.maven.org/maven2/org/wildfly/wildfly-dist/10.1.0.Final/wildfly-dist-10.1.0.Final.tar.gz',

  1035.     zanata_main_version        => 4,

  1036.     zanata_url                 => 'https://github.com/zanata/zanata-platform/releases/download/platform-4.3.3/zanata-4.3.3-wildfly.zip',

  1037.     zanata_checksum            => 'eaf8bd07401dade758b677007d2358f173193d17',

  1038.     project_config_repo        => 'https://opendev.org/openstack/project-config',

  1039.     ssl_cert_file_contents     => hiera('translate_ssl_cert_file_contents'),

  1040.     ssl_key_file_contents      => hiera('translate_ssl_key_file_contents'),

  1041.     ssl_chain_file_contents    => hiera('translate_ssl_chain_file_contents'),

  1042.     vhost_name                 => 'translate.openstack.org',

  1043.   }

  1044. }

  1045. 

  1046. # Node-OS: xenial

  1047. node /^translate-dev\d*\.open.*\.org$/ {

  1048.   $group = "translate-dev"

  1049.   class { 'openstack_project::translate_dev':

  1050.     admin_users           => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',

  1051.     openid_url            => 'https://openstackid-dev.openstack.org',

  1052.     listeners             => ['ajp'],

  1053.     from_address          => 'noreply@openstack.org',

  1054.     mysql_host            => hiera('translate_dev_mysql_host', 'localhost'),

  1055.     mysql_password        => hiera('translate_dev_mysql_password'),

  1056.     zanata_server_user    => hiera('proposal_zanata_user'),

  1057.     zanata_server_api_key => hiera('proposal_zanata_api_key'),

  1058.     project_config_repo   => 'https://opendev.org/openstack/project-config',

  1059.     vhost_name            => 'translate-dev.openstack.org',

  1060.   }

  1061. }

  1062. 

  1063. 

  1064. # Node-OS: xenial

  1065. node /^codesearch\d*\.open.*\.org$/ {

  1066.   $group = "codesearch"

  1067.   class { 'openstack_project::server': }

  1068.   class { 'openstack_project::codesearch':

  1069.     project_config_repo => 'https://opendev.org/openstack/project-config',

  1070.   }

  1071. }

  1072. 

  1073. # vim:sw=2:ts=2:expandtab:textwidth=79