opendev
/
system-config
Code Issues Proposed changes
System configuration for OpenStack Infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16321 Commits
1 Branch
42 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
system-config/manifests/site.pp

594 lines
23 KiB
Raw Permalink Blame History 

  1. # Node-OS: xenial

  2. # Puppet-Version: !3

  3. node /^grafana\d*\.open.*\.org$/ {

  4.   $group = "grafana"

  5.   class { 'openstack_project::server': }

  6.   class { 'openstack_project::grafana':

  7.     admin_password      => hiera('grafana_admin_password'),

  8.     admin_user          => hiera('grafana_admin_user', 'username'),

  9.     mysql_host          => hiera('grafana_mysql_host', 'localhost'),

  10.     mysql_name          => hiera('grafana_mysql_name'),

  11.     mysql_password      => hiera('grafana_mysql_password'),

  12.     mysql_user          => hiera('grafana_mysql_user', 'username'),

  13.     project_config_repo => 'https://opendev.org/openstack/project-config',

  14.     secret_key          => hiera('grafana_secret_key'),

  15.   }

  16. }

  17. 

  18. # Node-OS: xenial

  19. node /^health\d*\.openstack\.org$/ {

  20.   $group = "health"

  21.   class { 'openstack_project::server': }

  22.   class { 'openstack_project::openstack_health_api':

  23.     subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),

  24.     hostname            => 'health.openstack.org',

  25.   }

  26. }

  27. 

  28. # Node-OS: xenial

  29. node /^cacti\d+\.open.*\.org$/ {

  30.   $group = "cacti"

  31.   # NOTE(ianw) 2020-05 : disabled pending removal, migrated to

  32.   # ansible.

  33.   #  include openstack_project::ssl_cert_check

  34.   class { 'openstack_project::cacti':

  35.     cacti_hosts => hiera_array('cacti_hosts'),

  36.     vhost_name  => 'cacti.openstack.org',

  37.   }

  38. }

  39. 

  40. # Node-OS: xenial

  41. node /^graphite\d*\.open.*\.org$/ {

  42.   class { 'openstack_project::server': }

  43. 

  44.   class { '::graphite':

  45.     graphite_admin_user     => hiera('graphite_admin_user', 'username'),

  46.     graphite_admin_email    => hiera('graphite_admin_email', 'email@example.com'),

  47.     graphite_admin_password => hiera('graphite_admin_password'),

  48.     # NOTE(ianw): installed on the host via ansible

  49.     ssl_cert_file           => '/etc/letsencrypt-certs/graphite01.opendev.org/graphite01.opendev.org.cer',

  50.     ssl_key_file            => '/etc/letsencrypt-certs/graphite01.opendev.org/graphite01.opendev.org.key',

  51.     ssl_chain_file          => '/etc/letsencrypt-certs/graphite01.opendev.org/ca.cer',

  52.   }

  53. }

  54. 

  55. # Node-OS: xenial

  56. node /^lists\d*\.open.*\.org$/ {

  57.   class { 'openstack_project::server': }

  58. 

  59.   class { 'openstack_project::lists':

  60.     listpassword => hiera('listpassword'),

  61.   }

  62. }

  63. 

  64. # Node-OS: xenial

  65. node /^lists\d*\.katacontainers\.io$/ {

  66.   class { 'openstack_project::server': }

  67. 

  68.   class { 'openstack_project::kata_lists':

  69.     listpassword => hiera('listpassword'),

  70.   }

  71. }

  72. 

  73. # Node-OS: xenial

  74. node /^paste\d*\.open.*\.org$/ {

  75.   $group = "paste"

  76. 

  77.   class { 'openstack_project::server': }

  78.   class { 'openstack_project::paste':

  79.     db_password         => hiera('paste_db_password'),

  80.     db_host             => hiera('paste_db_host'),

  81.     vhost_name          => 'paste.openstack.org',

  82.   }

  83. }

  84. 

  85. # Node-OS: xenial

  86. node /planet\d*\.open.*\.org$/ {

  87.   class { 'openstack_project::planet':

  88.   }

  89. }

  90. 

  91. # Node-OS: xenial

  92. node /^ethercalc\d+\.open.*\.org$/ {

  93.   $group = "ethercalc"

  94.   class { 'openstack_project::server': }

  95. 

  96.   class { 'openstack_project::ethercalc':

  97.     vhost_name              => 'ethercalc.openstack.org',

  98.     ssl_cert_file_contents  => hiera('ssl_cert_file_contents'),

  99.     ssl_key_file_contents   => hiera('ssl_key_file_contents'),

  100.     ssl_chain_file_contents => hiera('ssl_chain_file_contents'),

  101.   }

  102. }

  103. 

  104. # Node-OS: xenial

  105. node /^wiki\d+\.openstack\.org$/ {

  106.   $group = "wiki"

  107.   class { 'openstack_project::wiki':

  108.     bup_user                  => 'bup-wiki',

  109.     serveradmin               => hiera('infra_apache_serveradmin'),

  110.     site_hostname             => 'wiki.openstack.org',

  111.     ssl_cert_file_contents    => hiera('ssl_cert_file_contents'),

  112.     ssl_key_file_contents     => hiera('ssl_key_file_contents'),

  113.     ssl_chain_file_contents   => hiera('ssl_chain_file_contents'),

  114.     wg_dbserver               => hiera('wg_dbserver'),

  115.     wg_dbname                 => 'openstack_wiki',

  116.     wg_dbuser                 => 'wikiuser',

  117.     wg_dbpassword             => hiera('wg_dbpassword'),

  118.     wg_secretkey              => hiera('wg_secretkey'),

  119.     wg_upgradekey             => hiera('wg_upgradekey'),

  120.     wg_recaptchasitekey       => hiera('wg_recaptchasitekey'),

  121.     wg_recaptchasecretkey     => hiera('wg_recaptchasecretkey'),

  122.     wg_googleanalyticsaccount => hiera('wg_googleanalyticsaccount'),

  123.   }

  124. }

  125. 

  126. # Node-OS: xenial

  127. node /^wiki-dev\d+\.openstack\.org$/ {

  128.   $group = "wiki-dev"

  129.   class { 'openstack_project::wiki':

  130.     serveradmin           => hiera('infra_apache_serveradmin'),

  131.     site_hostname         => 'wiki-dev.openstack.org',

  132.     wg_dbserver           => hiera('wg_dbserver'),

  133.     wg_dbname             => 'openstack_wiki',

  134.     wg_dbuser             => 'wikiuser',

  135.     wg_dbpassword         => hiera('wg_dbpassword'),

  136.     wg_secretkey          => hiera('wg_secretkey'),

  137.     wg_upgradekey         => hiera('wg_upgradekey'),

  138.     wg_recaptchasitekey   => hiera('wg_recaptchasitekey'),

  139.     wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),

  140.     disallow_robots       => true,

  141.   }

  142. }

  143. 

  144. # Node-OS: xenial

  145. node /^logstash\d*\.open.*\.org$/ {

  146.   class { 'openstack_project::server': }

  147. 

  148.   class { 'openstack_project::logstash':

  149.     discover_nodes      => [

  150.       'elasticsearch03.openstack.org:9200',

  151.       'elasticsearch04.openstack.org:9200',

  152.       'elasticsearch05.openstack.org:9200',

  153.       'elasticsearch06.openstack.org:9200',

  154.       'elasticsearch07.openstack.org:9200',

  155.       'elasticsearch02.openstack.org:9200',

  156.     ],

  157.     subunit2sql_db_host => hiera('subunit2sql_db_host', ''),

  158.     subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),

  159.   }

  160. }

  161. 

  162. # Node-OS: xenial

  163. node /^logstash-worker\d+\.open.*\.org$/ {

  164.   $group = 'logstash-worker'

  165. 

  166.   $elasticsearch_nodes = [

  167.     'elasticsearch02.openstack.org',

  168.     'elasticsearch03.openstack.org',

  169.     'elasticsearch04.openstack.org',

  170.     'elasticsearch05.openstack.org',

  171.     'elasticsearch06.openstack.org',

  172.     'elasticsearch07.openstack.org',

  173.   ]

  174. 

  175.   class { 'openstack_project::server': }

  176. 

  177.   class { 'openstack_project::logstash_worker':

  178.     discover_node         => 'elasticsearch03.openstack.org',

  179.     enable_mqtt           => false,

  180.     mqtt_password         => hiera('mqtt_service_user_password'),

  181.     mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),

  182.   }

  183. }

  184. 

  185. # Node-OS: xenial

  186. node /^subunit-worker\d+\.open.*\.org$/ {

  187.   $group = "subunit-worker"

  188.   class { 'openstack_project::server': }

  189.   class { 'openstack_project::subunit_worker':

  190.     subunit2sql_db_host   => hiera('subunit2sql_db_host', ''),

  191.     subunit2sql_db_pass   => hiera('subunit2sql_db_password', ''),

  192.     mqtt_pass             => hiera('mqtt_service_user_password'),

  193.     mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),

  194.   }

  195. }

  196. 

  197. # Node-OS: xenial

  198. node /^elasticsearch\d+\.open.*\.org$/ {

  199.   $group = "elasticsearch"

  200. 

  201.   $elasticsearch_nodes = [

  202.     'elasticsearch02.openstack.org',

  203.     'elasticsearch03.openstack.org',

  204.     'elasticsearch04.openstack.org',

  205.     'elasticsearch05.openstack.org',

  206.     'elasticsearch06.openstack.org',

  207.     'elasticsearch07.openstack.org',

  208.   ]

  209. 

  210.   class { 'openstack_project::server': }

  211.   class { 'openstack_project::elasticsearch_node':

  212.     discover_nodes => $elasticsearch_nodes,

  213.   }

  214. }

  215. 

  216. # Node-OS: xenial

  217. node /^firehose\d+\.open.*\.org$/ {

  218.   class { 'openstack_project::server': }

  219.   class { 'openstack_project::firehose':

  220.     gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),

  221.     gerrit_public_key   => hiera('germqtt_gerrit_ssh_public_key'),

  222.     gerrit_private_key  => hiera('germqtt_gerrit_ssh_private_key'),

  223.     mqtt_password       => hiera('mqtt_service_user_password'),

  224.     ca_file             => hiera('mosquitto_tls_ca_file'),

  225.     cert_file           => hiera('mosquitto_tls_server_cert_file'),

  226.     key_file            => hiera('mosquitto_tls_server_key_file'),

  227.     imap_hostname       => hiera('lpmqtt_imap_server'),

  228.     imap_username       => hiera('lpmqtt_imap_username'),

  229.     imap_password       => hiera('lpmqtt_imap_password'),

  230.     statsd_host         => 'graphite.opendev.org',

  231.   }

  232. }

  233. 

  234. # A machine to drive AFS mirror updates.

  235. # Node-OS: xenial

  236. node /^mirror-update\d*\.open.*\.org$/ {

  237.   $group = "afsadmin"

  238. 

  239.   class { 'openstack_project::mirror_update':

  240.     admin_keytab          => hiera('afsadmin_keytab'),

  241.     fedora_keytab         => hiera('fedora_keytab'),

  242.     opensuse_keytab       => hiera('opensuse_keytab'),

  243.     reprepro_keytab       => hiera('reprepro_keytab'),

  244.     gem_keytab            => hiera('gem_keytab'),

  245.     centos_keytab         => hiera('centos_keytab'),

  246.     epel_keytab           => hiera('epel_keytab'),

  247.     yum_puppetlabs_keytab => hiera('yum_puppetlabs_keytab'),

  248.   }

  249. }

  250. 

  251. # Node-OS: trusty

  252. # Node-OS: xenial

  253. node /^refstack\d*\.open.*\.org$/ {

  254.   class { 'openstack_project::server': }

  255.   class { 'refstack':

  256.     mysql_host          => hiera('refstack_mysql_host', 'localhost'),

  257.     mysql_database      => hiera('refstack_mysql_db_name', 'refstack'),

  258.     mysql_user          => hiera('refstack_mysql_user', 'refstack'),

  259.     mysql_user_password => hiera('refstack_mysql_password'),

  260.     ssl_cert_content    => hiera('refstack_ssl_cert_file_contents'),

  261.     ssl_cert            => '/etc/ssl/certs/refstack.pem',

  262.     ssl_key_content     => hiera('refstack_ssl_key_file_contents'),

  263.     ssl_key             => '/etc/ssl/private/refstack.key',

  264.     ssl_ca_content      => hiera('refstack_ssl_chain_file_contents'),

  265.     ssl_ca              => '/etc/ssl/certs/refstack.ca.pem',

  266.     protocol            => 'https',

  267.   }

  268.   mysql_backup::backup_remote { 'refstack':

  269.     database_host     => hiera('refstack_mysql_host', 'localhost'),

  270.     database_user     => hiera('refstack_mysql_user', 'refstack'),

  271.     database_password => hiera('refstack_mysql_password'),

  272.     require           => Class['::refstack'],

  273.   }

  274. }

  275. 

  276. # A machine to run Storyboard

  277. # Node-OS: xenial

  278. node /^storyboard\d+\.opendev\.org$/ {

  279.   $group = "storyboard"

  280.   class { 'openstack_project::storyboard':

  281.     project_config_repo     => 'https://opendev.org/openstack/project-config',

  282.     mysql_host              => hiera('storyboard_db_host', 'localhost'),

  283.     mysql_user              => hiera('storyboard_db_user', 'username'),

  284.     mysql_password          => hiera('storyboard_db_password'),

  285.     rabbitmq_user           => hiera('storyboard_rabbit_user', 'username'),

  286.     rabbitmq_password       => hiera('storyboard_rabbit_password'),

  287.     ssl_cert                => '/etc/ssl/certs/storyboard.openstack.org.pem',

  288.     ssl_cert_file_contents  => hiera('storyboard_ssl_cert_file_contents'),

  289.     ssl_key                 => '/etc/ssl/private/storyboard.openstack.org.key',

  290.     ssl_key_file_contents   => hiera('storyboard_ssl_key_file_contents'),

  291.     ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents'),

  292.     hostname                => 'storyboard.openstack.org',

  293.     valid_oauth_clients     => ['storyboard.openstack.org',],

  294.     cors_allowed_origins    => ['https://storyboard.openstack.org',],

  295.     sender_email_address    => 'storyboard@storyboard.openstack.org',

  296.     default_url             => 'https://storyboard.openstack.org',

  297.   }

  298. }

  299. 

  300. # A machine to run Storyboard devel

  301. # Node-OS: xenial

  302. node /^storyboard-dev\d+\.opendev\.org$/ {

  303.   $group = "storyboard-dev"

  304.   class { 'openstack_project::storyboard::dev':

  305.     project_config_repo     => 'https://opendev.org/openstack/project-config',

  306.     mysql_host              => hiera('storyboard_db_host', 'localhost'),

  307.     mysql_user              => hiera('storyboard_db_user', 'username'),

  308.     mysql_password          => hiera('storyboard_db_password'),

  309.     rabbitmq_user           => hiera('storyboard_rabbit_user', 'username'),

  310.     rabbitmq_password       => hiera('storyboard_rabbit_password'),

  311.     hostname                => 'storyboard-dev.openstack.org',

  312.     valid_oauth_clients     => ['^.*',],

  313.     cors_allowed_origins    => ['^.*',],

  314.     sender_email_address    => 'storyboard-dev@storyboard-dev.openstack.org',

  315.     default_url             => 'https://storyboard-dev.openstack.org',

  316.   }

  317. 

  318. }

  319. 

  320. # A machine to serve various project status updates.

  321. # Node-OS: xenial

  322. node /^status\d*\.open.*\.org$/ {

  323.   $group = 'status'

  324. 

  325.   class { 'openstack_project::server': }

  326. 

  327.   class { 'openstack_project::status':

  328.     gerrit_host                   => 'review.opendev.org',

  329.     gerrit_ssh_host_key           => hiera('gerrit_ssh_rsa_pubkey_contents'),

  330.     reviewday_ssh_public_key      => hiera('reviewday_rsa_pubkey_contents'),

  331.     reviewday_ssh_private_key     => hiera('reviewday_rsa_key_contents'),

  332.     recheck_ssh_public_key        => hiera('elastic-recheck_gerrit_ssh_public_key'),

  333.     recheck_ssh_private_key       => hiera('elastic-recheck_gerrit_ssh_private_key'),

  334.     recheck_bot_nick              => 'openstackrecheck',

  335.     recheck_bot_passwd            => hiera('elastic-recheck_ircbot_password'),

  336.   }

  337. }

  338. 

  339. # Node-OS: xenial

  340. node /^survey\d+\.open.*\.org$/ {

  341.   $group = "survey"

  342.   class { 'openstack_project::server': }

  343. 

  344.   class { 'openstack_project::survey':

  345.     vhost_name              => 'survey.openstack.org',

  346.     auth_openid             => true,

  347.     ssl_cert_file_contents  => hiera('ssl_cert_file_contents'),

  348.     ssl_key_file_contents   => hiera('ssl_key_file_contents'),

  349.     ssl_chain_file_contents => hiera('ssl_chain_file_contents'),

  350.     dbpassword              => hiera('dbpassword'),

  351.     dbhost                  => hiera('dbhost'),

  352.     adminuser               => hiera('adminuser'),

  353.     adminpass               => hiera('adminpass'),

  354.     adminmail               => hiera('adminmail'),

  355.   }

  356. }

  357. 

  358. # Node-OS: xenial

  359. node /^nb\d+\.open.*\.org$/ {

  360.   $group = 'nodepool'

  361. 

  362.   class { 'openstack_project::server': }

  363. 

  364.   include openstack_project

  365. 

  366.   class { '::openstackci::nodepool_builder':

  367.     nodepool_ssh_public_key       => hiera('zuul_worker_ssh_public_key_contents'),

  368.     vhost_name                    => $::fqdn,

  369.     enable_build_log_via_http     => true,

  370.     project_config_repo           => 'https://opendev.org/openstack/project-config',

  371.     statsd_host                   => 'graphite.opendev.org',

  372.     upload_workers                => '16',

  373.     revision                      => 'master',

  374.     python_version                => 3,

  375.     zuulv3                        => true,

  376.     ssl_cert_file                 => '/etc/ssl/certs/ssl-cert-snakeoil.pem',

  377.     ssl_key_file                  => '/etc/ssl/private/ssl-cert-snakeoil.key',

  378.   }

  379. 

  380.   cron { 'mirror_gitgc':

  381.     user        => 'nodepool',

  382.     hour        => '20',

  383.     minute      => '0',

  384.     command     => 'find /opt/dib_cache/source-repositories/ -type d -name "*.git" -exec git --git-dir="{}" gc \; >/dev/null',

  385.     environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',

  386.     require     => Class['::openstackci::nodepool_builder'],

  387.   }

  388. }

  389. 

  390. # Node-OS: xenial

  391. node /^pbx\d*\.open.*\.org$/ {

  392.   $group = "pbx"

  393.   class { 'openstack_project::server': }

  394.   class { 'openstack_project::pbx':

  395.     sip_providers => [

  396.       {

  397.         provider => 'voipms',

  398.         hostname => 'dallas.voip.ms',

  399.         username => hiera('voipms_username', 'username'),

  400.         password => hiera('voipms_password'),

  401.         outgoing => false,

  402.       },

  403.     ],

  404.   }

  405. }

  406. 

  407. # Node-OS: xenial

  408. # A backup machine.  Don't run cron or puppet agent on it.

  409. node /^backup\d+\..*\.ci\.open.*\.org$/ {

  410.   $group = "ci-backup"

  411.   class { 'openstack_project::server': }

  412.   include openstack_project::backup_server

  413. }

  414. 

  415. # Node-OS: xenial

  416. node /^openstackid\d*(\.openstack)?\.org$/ {

  417.   $group = "openstackid"

  418.   class { 'openstack_project::openstackid_prod':

  419.     site_admin_password                 => hiera('openstackid_site_admin_password'),

  420.     id_mysql_host                       => hiera('openstackid_id_mysql_host', 'localhost'),

  421.     id_mysql_password                   => hiera('openstackid_id_mysql_password'),

  422.     id_mysql_user                       => hiera('openstackid_id_mysql_user', 'username'),

  423.     id_db_name                          => hiera('openstackid_id_db_name'),

  424.     redis_password                      => hiera('openstackid_redis_password'),

  425.     ssl_cert_file_contents              => hiera('openstackid_ssl_cert_file_contents'),

  426.     ssl_key_file_contents               => hiera('openstackid_ssl_key_file_contents'),

  427.     ssl_chain_file_contents             => hiera('openstackid_ssl_chain_file_contents'),

  428.     id_recaptcha_public_key             => hiera('openstackid_recaptcha_public_key'),

  429.     id_recaptcha_private_key            => hiera('openstackid_recaptcha_private_key'),

  430.     vhost_name                          => 'openstackid.org',

  431.     session_cookie_domain               => 'openstackid.org',

  432.     serveradmin                         => 'webmaster@openstackid.org',

  433.     canonicalweburl                     => 'https://openstackid.org/',

  434.     app_url                             => 'https://openstackid.org',

  435.     app_key                             => hiera('openstackid_app_key'),

  436.     id_log_error_to_email               => 'openstack@tipit.net',

  437.     id_log_error_from_email             => 'noreply@openstack.org',

  438.     email_driver                        => 'sendgrid',

  439.     email_send_grid_api_key             => hiera('openstackid_send_grid_api_key'),

  440.     php_version                         => 7,

  441.     mysql_ssl_enabled                   => true,

  442.     mysql_ssl_ca_file_contents          => hiera('openstackid_mysql_ssl_ca_file_contents'),

  443.     mysql_ssl_client_key_file_contents  => hiera('openstackid_mysql_ssl_client_key_file_contents'),

  444.     mysql_ssl_client_cert_file_contents => hiera('openstackid_mysql_ssl_client_cert_file_contents'),

  445.     user_spam_processor_to              => hiera('openstackid_user_spam_processor_to'),

  446.   }

  447. }

  448. 

  449. # Node-OS: xenial

  450. node /^openstackid-dev\d*\.openstack\.org$/ {

  451.   $group = "openstackid-dev"

  452.   class { 'openstack_project::openstackid_dev':

  453.     site_admin_password                 => hiera('openstackid_dev_site_admin_password'),

  454.     id_mysql_host                       => hiera('openstackid_dev_id_mysql_host', 'localhost'),

  455.     id_mysql_password                   => hiera('openstackid_dev_id_mysql_password'),

  456.     id_mysql_user                       => hiera('openstackid_dev_id_mysql_user', 'username'),

  457.     redis_password                      => hiera('openstackid_dev_redis_password'),

  458.     ssl_cert_file_contents              => hiera('openstackid_dev_ssl_cert_file_contents'),

  459.     ssl_key_file_contents               => hiera('openstackid_dev_ssl_key_file_contents'),

  460.     ssl_chain_file_contents             => hiera('openstackid_dev_ssl_chain_file_contents'),

  461.     id_recaptcha_public_key             => hiera('openstackid_dev_recaptcha_public_key'),

  462.     id_recaptcha_private_key            => hiera('openstackid_dev_recaptcha_private_key'),

  463.     vhost_name                          => 'openstackid-dev.openstack.org',

  464.     session_cookie_domain               => 'openstackid-dev.openstack.org',

  465.     serveradmin                         => 'webmaster@openstackid-dev.openstack.org',

  466.     canonicalweburl                     => 'https://openstackid-dev.openstack.org/',

  467.     app_url                             => 'https://openstackid-dev.openstack.org',

  468.     app_key                             => hiera('openstackid_dev_app_key'),

  469.     id_log_error_to_email               => 'openstack@tipit.net',

  470.     id_log_error_from_email             => 'noreply@openstack.org',

  471.     email_driver                        => 'sendgrid',

  472.     email_send_grid_api_key             => hiera('openstackid_dev_send_grid_api_key'),

  473.     php_version                         => 7,

  474.     mysql_ssl_enabled                   => true,

  475.     mysql_ssl_ca_file_contents          => hiera('openstackid_dev_mysql_ssl_ca_file_contents'),

  476.     mysql_ssl_client_key_file_contents  => hiera('openstackid_dev_mysql_ssl_client_key_file_contents'),

  477.     mysql_ssl_client_cert_file_contents => hiera('openstackid_dev_mysql_ssl_client_cert_file_contents'),

  478.     user_spam_processor_to              => hiera('openstackid_dev_user_spam_processor_to'),

  479.   }

  480. }

  481. 

  482. # Node-OS: xenial

  483. node /^kdc03\.open.*\.org$/ {

  484.   class { 'openstack_project::server': }

  485. 

  486.   class { 'openstack_project::kdc': }

  487. }

  488. 

  489. # Node-OS: xenial

  490. node /^kdc04\.open.*\.org$/ {

  491.   class { 'openstack_project::server': }

  492. 

  493.   class { 'openstack_project::kdc':

  494.     slave => true,

  495.   }

  496. }

  497. 

  498. # Node-OS: xenial

  499. node /^afsdb01\.open.*\.org$/ {

  500.   $group = "afsdb"

  501. 

  502.   class { 'openstack_project::server': }

  503. 

  504.   include openstack_project::afsdb

  505. }

  506. 

  507. # Node-OS: xenial

  508. node /^afsdb.*\.open.*\.org$/ {

  509.   $group = "afsdb"

  510. 

  511.   class { 'openstack_project::server': }

  512. 

  513.   include openstack_project::afsdb

  514. }

  515. 

  516. # Node-OS: xenial

  517. node /^afs.*\..*\.open.*\.org$/ {

  518.   $group = "afs"

  519. 

  520.   class { 'openstack_project::server': }

  521. 

  522.   include openstack_project::afsfs

  523. }

  524. 

  525. # Node-OS: xenial

  526. node /^ask\d*\.open.*\.org$/ {

  527. 

  528.   class { 'openstack_project::server': }

  529. 

  530.   class { 'openstack_project::ask':

  531.     db_user                      => hiera('ask_db_user', 'ask'),

  532.     db_password                  => hiera('ask_db_password'),

  533.     redis_password               => hiera('ask_redis_password'),

  534.     site_ssl_cert_file_contents  => hiera('ask_site_ssl_cert_file_contents', undef),

  535.     site_ssl_key_file_contents   => hiera('ask_site_ssl_key_file_contents', undef),

  536.     site_ssl_chain_file_contents => hiera('ask_site_ssl_chain_file_contents', undef),

  537.   }

  538. }

  539. 

  540. # Node-OS: xenial

  541. node /^ask-staging\d*\.open.*\.org$/ {

  542.   class { 'openstack_project::server': }

  543. 

  544.   class { 'openstack_project::ask_staging':

  545.     db_password                  => hiera('ask_staging_db_password'),

  546.     redis_password               => hiera('ask_staging_redis_password'),

  547.   }

  548. }

  549. 

  550. # Node-OS: xenial

  551. node /^translate\d+\.open.*\.org$/ {

  552.   $group = "translate"

  553.   class { 'openstack_project::server': }

  554.   class { 'openstack_project::translate':

  555.     admin_users                => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',

  556.     openid_url                 => 'https://openstackid.org',

  557.     listeners                  => ['ajp'],

  558.     from_address               => 'noreply@openstack.org',

  559.     mysql_host                 => hiera('translate_mysql_host', 'localhost'),

  560.     mysql_password             => hiera('translate_mysql_password'),

  561.     zanata_server_user         => hiera('proposal_zanata_user'),

  562.     zanata_server_api_key      => hiera('proposal_zanata_api_key'),

  563.     zanata_wildfly_version     => '10.1.0',

  564.     zanata_wildfly_install_url => 'https://repo1.maven.org/maven2/org/wildfly/wildfly-dist/10.1.0.Final/wildfly-dist-10.1.0.Final.tar.gz',

  565.     zanata_main_version        => 4,

  566.     zanata_url                 => 'https://github.com/zanata/zanata-platform/releases/download/platform-4.3.3/zanata-4.3.3-wildfly.zip',

  567.     zanata_checksum            => 'eaf8bd07401dade758b677007d2358f173193d17',

  568.     project_config_repo        => 'https://opendev.org/openstack/project-config',

  569.     ssl_cert_file_contents     => hiera('translate_ssl_cert_file_contents'),

  570.     ssl_key_file_contents      => hiera('translate_ssl_key_file_contents'),

  571.     ssl_chain_file_contents    => hiera('translate_ssl_chain_file_contents'),

  572.     vhost_name                 => 'translate.openstack.org',

  573.   }

  574. }

  575. 

  576. # Node-OS: xenial

  577. node /^translate-dev\d*\.open.*\.org$/ {

  578.   $group = "translate-dev"

  579.   class { 'openstack_project::translate_dev':

  580.     admin_users           => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',

  581.     openid_url            => 'https://openstackid-dev.openstack.org',

  582.     listeners             => ['ajp'],

  583.     from_address          => 'noreply@openstack.org',

  584.     mysql_host            => hiera('translate_dev_mysql_host', 'localhost'),

  585.     mysql_password        => hiera('translate_dev_mysql_password'),

  586.     zanata_server_user    => hiera('proposal_zanata_user'),

  587.     zanata_server_api_key => hiera('proposal_zanata_api_key'),

  588.     project_config_repo   => 'https://opendev.org/openstack/project-config',

  589.     vhost_name            => 'translate-dev.openstack.org',

  590.   }

  591. }

  592. 

  593. # vim:sw=2:ts=2:expandtab:textwidth=79