System configuration for OpenStack Infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

site.pp 46KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128
  1. #
  2. # Top-level variables
  3. #
  4. # There must not be any whitespace between this comment and the variables or
  5. # in between any two variables in order for them to be correctly parsed and
  6. # passed around in test.sh
  7. #
  8. $elasticsearch_nodes = [
  9. 'elasticsearch02.openstack.org',
  10. 'elasticsearch03.openstack.org',
  11. 'elasticsearch04.openstack.org',
  12. 'elasticsearch05.openstack.org',
  13. 'elasticsearch06.openstack.org',
  14. 'elasticsearch07.openstack.org',
  15. ]
  16. $elasticsearch_clients = [
  17. 'logstash.openstack.org',
  18. 'logstash-worker01.openstack.org',
  19. 'logstash-worker02.openstack.org',
  20. 'logstash-worker03.openstack.org',
  21. 'logstash-worker04.openstack.org',
  22. 'logstash-worker05.openstack.org',
  23. 'logstash-worker06.openstack.org',
  24. 'logstash-worker07.openstack.org',
  25. 'logstash-worker08.openstack.org',
  26. 'logstash-worker09.openstack.org',
  27. 'logstash-worker10.openstack.org',
  28. 'logstash-worker11.openstack.org',
  29. 'logstash-worker12.openstack.org',
  30. 'logstash-worker13.openstack.org',
  31. 'logstash-worker14.openstack.org',
  32. 'logstash-worker15.openstack.org',
  33. 'logstash-worker16.openstack.org',
  34. 'logstash-worker17.openstack.org',
  35. 'logstash-worker18.openstack.org',
  36. 'logstash-worker19.openstack.org',
  37. 'logstash-worker20.openstack.org',
  38. 'subunit-worker01.openstack.org',
  39. ]
  40. #
  41. # Default: should at least behave like an openstack server
  42. #
  43. node default {
  44. class { 'openstack_project::server':
  45. sysadmins => hiera('sysadmins', []),
  46. }
  47. }
  48. #
  49. # Long lived servers:
  50. #
  51. # Node-OS: precise
  52. # Node-OS: trusty
  53. node 'review.openstack.org' {
  54. class { 'openstack_project::server':
  55. iptables_public_tcp_ports => [80, 443, 29418],
  56. sysadmins => hiera('sysadmins', []),
  57. }
  58. class { 'openstack_project::review':
  59. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  60. github_oauth_token => hiera('gerrit_github_token'),
  61. github_project_username => hiera('github_project_username', 'username'),
  62. github_project_password => hiera('github_project_password'),
  63. mysql_host => hiera('gerrit_mysql_host', 'localhost'),
  64. mysql_password => hiera('gerrit_mysql_password'),
  65. email_private_key => hiera('gerrit_email_private_key'),
  66. token_private_key => hiera('gerrit_rest_token_private_key'),
  67. gerritbot_password => hiera('gerrit_gerritbot_password'),
  68. gerritbot_ssh_rsa_key_contents => hiera('gerritbot_ssh_rsa_key_contents'),
  69. gerritbot_ssh_rsa_pubkey_contents => hiera('gerritbot_ssh_rsa_pubkey_contents'),
  70. ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'),
  71. ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'),
  72. ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'),
  73. ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'),
  74. ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'),
  75. ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'),
  76. ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'),
  77. ssh_project_rsa_key_contents => hiera('gerrit_project_ssh_rsa_key_contents'),
  78. ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents'),
  79. ssh_welcome_rsa_key_contents => hiera('welcome_message_gerrit_ssh_private_key'),
  80. ssh_welcome_rsa_pubkey_contents => hiera('welcome_message_gerrit_ssh_public_key'),
  81. ssh_replication_rsa_key_contents => hiera('gerrit_replication_ssh_rsa_key_contents'),
  82. ssh_replication_rsa_pubkey_contents => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
  83. lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'),
  84. lp_sync_token => hiera('gerrit_lp_access_token'),
  85. lp_sync_secret => hiera('gerrit_lp_access_secret'),
  86. contactstore_appsec => hiera('gerrit_contactstore_appsec'),
  87. contactstore_pubkey => hiera('gerrit_contactstore_pubkey'),
  88. swift_username => hiera('swift_store_user', 'username'),
  89. swift_password => hiera('swift_store_key'),
  90. }
  91. }
  92. # Node-OS: trusty
  93. node 'review-dev.openstack.org' {
  94. class { 'openstack_project::server':
  95. iptables_public_tcp_ports => [80, 443, 29418],
  96. sysadmins => hiera('sysadmins', []),
  97. afs => true,
  98. }
  99. class { 'openstack_project::review_dev':
  100. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  101. github_oauth_token => hiera('gerrit_dev_github_token'),
  102. github_project_username => hiera('github_dev_project_username', 'username'),
  103. github_project_password => hiera('github_dev_project_password'),
  104. mysql_host => hiera('gerrit_dev_mysql_host', 'localhost'),
  105. mysql_password => hiera('gerrit_dev_mysql_password'),
  106. email_private_key => hiera('gerrit_dev_email_private_key'),
  107. contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'),
  108. contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'),
  109. ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents'),
  110. ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents'),
  111. ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents'),
  112. ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents'),
  113. ssh_project_rsa_key_contents => hiera('gerrit_dev_project_ssh_rsa_key_contents'),
  114. ssh_project_rsa_pubkey_contents => hiera('gerrit_dev_project_ssh_rsa_pubkey_contents'),
  115. ssh_replication_rsa_key_contents => hiera('gerrit_dev_replication_ssh_rsa_key_contents'),
  116. ssh_replication_rsa_pubkey_contents => hiera('gerrit_dev_replication_ssh_rsa_pubkey_contents'),
  117. lp_sync_consumer_key => hiera('gerrit_dev_lp_consumer_key'),
  118. lp_sync_token => hiera('gerrit_dev_lp_access_token'),
  119. lp_sync_secret => hiera('gerrit_dev_lp_access_secret'),
  120. }
  121. }
  122. # Node-OS: trusty
  123. node 'grafana.openstack.org' {
  124. class { 'openstack_project::server':
  125. iptables_public_tcp_ports => [80],
  126. sysadmins => hiera('sysadmins', []),
  127. }
  128. class { 'openstack_project::grafana':
  129. admin_password => hiera('grafana_admin_password'),
  130. admin_user => hiera('grafana_admin_user', 'username'),
  131. mysql_host => hiera('grafana_mysql_host', 'localhost'),
  132. mysql_name => hiera('grafana_mysql_name'),
  133. mysql_password => hiera('grafana_mysql_password'),
  134. mysql_user => hiera('grafana_mysql_user', 'username'),
  135. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  136. secret_key => hiera('grafana_secret_key'),
  137. }
  138. }
  139. # Node-OS: trusty
  140. node 'health.openstack.org' {
  141. class { 'openstack_project::server':
  142. iptables_public_tcp_ports => [80, 443],
  143. sysadmins => hiera('sysadmins', []),
  144. }
  145. class { 'openstack_project::openstack_health_api':
  146. subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),
  147. }
  148. }
  149. # Node-OS: trusty
  150. node 'stackalytics.openstack.org' {
  151. class { 'openstack_project::server':
  152. iptables_public_tcp_ports => [80],
  153. sysadmins => hiera('sysadmins', []),
  154. }
  155. class { 'openstack_project::stackalytics':
  156. gerrit_ssh_user => hiera('stackalytics_gerrit_ssh_user'),
  157. stackalytics_ssh_private_key => hiera('stackalytics_ssh_private_key_contents'),
  158. }
  159. }
  160. # Node-OS: precise
  161. node 'jenkins.openstack.org' {
  162. $group = "jenkins"
  163. $zmq_event_receivers = ['logstash.openstack.org',
  164. 'nodepool.openstack.org']
  165. $iptables_rule = regsubst ($zmq_event_receivers,
  166. '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 8888 -s \1 -j ACCEPT')
  167. class { 'openstack_project::server':
  168. iptables_public_tcp_ports => [80, 443],
  169. iptables_rules6 => $iptables_rule,
  170. iptables_rules4 => $iptables_rule,
  171. sysadmins => hiera('sysadmins', []),
  172. puppetmaster_server => 'puppetmaster.openstack.org',
  173. }
  174. class { 'openstack_project::jenkins':
  175. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  176. jenkins_password => hiera('jenkins_jobs_password'),
  177. jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
  178. ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
  179. ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
  180. ssl_chain_file => '',
  181. }
  182. }
  183. # Node-OS: precise
  184. node /^jenkins\d+\.openstack\.org$/ {
  185. $group = "jenkins"
  186. $zmq_event_receivers = ['logstash.openstack.org',
  187. 'nodepool.openstack.org']
  188. $iptables_rule = regsubst ($zmq_event_receivers,
  189. '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 8888 -s \1 -j ACCEPT')
  190. class { 'openstack_project::server':
  191. iptables_public_tcp_ports => [80, 443],
  192. iptables_rules6 => $iptables_rule,
  193. iptables_rules4 => $iptables_rule,
  194. sysadmins => hiera('sysadmins', []),
  195. puppetmaster_server => 'puppetmaster.openstack.org',
  196. }
  197. class { 'openstack_project::jenkins':
  198. jenkins_password => hiera('jenkins_jobs_password'),
  199. jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
  200. ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
  201. ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
  202. ssl_chain_file => '',
  203. }
  204. }
  205. # Node-OS: precise
  206. node 'jenkins-dev.openstack.org' {
  207. class { 'openstack_project::server':
  208. iptables_public_tcp_ports => [80, 443],
  209. sysadmins => hiera('sysadmins', []),
  210. puppetmaster_server => 'puppetmaster.openstack.org',
  211. }
  212. class { 'openstack_project::jenkins_dev':
  213. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  214. jenkins_ssh_private_key => hiera('jenkins_dev_ssh_private_key_contents'),
  215. mysql_password => hiera('nodepool_dev_mysql_password'),
  216. mysql_root_password => hiera('nodepool_dev_mysql_root_password'),
  217. nodepool_ssh_private_key => hiera('jenkins_dev_ssh_private_key_contents'),
  218. jenkins_api_user => hiera('jenkins_dev_api_user', 'username'),
  219. jenkins_api_key => hiera('jenkins_dev_api_key'),
  220. jenkins_credentials_id => hiera('jenkins_dev_credentials_id'),
  221. hpcloud_username => hiera('nodepool_hpcloud_username', 'username'),
  222. hpcloud_password => hiera('nodepool_hpcloud_password'),
  223. hpcloud_project => hiera('nodepool_hpcloud_project'),
  224. }
  225. }
  226. # Node-OS: precise
  227. node 'cacti.openstack.org' {
  228. include openstack_project::ssl_cert_check
  229. class { 'openstack_project::cacti':
  230. sysadmins => hiera('sysadmins', []),
  231. }
  232. }
  233. # Node-OS: trusty
  234. node 'puppetmaster.openstack.org' {
  235. class { 'openstack_project::server':
  236. iptables_public_tcp_ports => [8140],
  237. sysadmins => hiera('sysadmins', []),
  238. pin_puppet => '3.6.',
  239. }
  240. class { 'openstack_project::puppetmaster':
  241. root_rsa_key => hiera('puppetmaster_root_rsa_key'),
  242. jenkins_api_user => hiera('jenkins_api_user', 'username'),
  243. jenkins_api_key => hiera('jenkins_api_key'),
  244. puppetmaster_clouds => hiera('puppetmaster_clouds'),
  245. }
  246. }
  247. # Node-OS: precise
  248. node 'puppetdb.openstack.org' {
  249. class { 'openstack_project::puppetdb':
  250. sysadmins => hiera('sysadmins', []),
  251. }
  252. }
  253. # Node-OS: precise
  254. node 'graphite.openstack.org' {
  255. $statsd_hosts = ['git.openstack.org',
  256. 'logstash.openstack.org',
  257. 'nodepool.openstack.org',
  258. 'zuul.openstack.org']
  259. # Turn a list of hostnames into a list of iptables rules
  260. $rules = regsubst ($statsd_hosts, '^(.*)$', '-m udp -p udp -s \1 --dport 8125 -j ACCEPT')
  261. class { 'openstack_project::server':
  262. iptables_public_tcp_ports => [80, 443],
  263. iptables_rules6 => $rules,
  264. iptables_rules4 => $rules,
  265. sysadmins => hiera('sysadmins', [])
  266. }
  267. class { '::graphite':
  268. graphite_admin_user => hiera('graphite_admin_user', 'username'),
  269. graphite_admin_email => hiera('graphite_admin_email', 'email@example.com'),
  270. graphite_admin_password => hiera('graphite_admin_password'),
  271. }
  272. }
  273. # Node-OS: precise
  274. node 'groups.openstack.org' {
  275. class { 'openstack_project::server':
  276. iptables_public_tcp_ports => [22, 80, 443],
  277. sysadmins => hiera('sysadmins', []),
  278. }
  279. class { 'openstack_project::groups':
  280. site_admin_password => hiera('groups_site_admin_password'),
  281. site_mysql_host => hiera('groups_site_mysql_host', 'localhost'),
  282. site_mysql_password => hiera('groups_site_mysql_password'),
  283. conf_cron_key => hiera('groups_conf_cron_key'),
  284. site_ssl_cert_file_contents => hiera('groups_site_ssl_cert_file_contents', undef),
  285. site_ssl_key_file_contents => hiera('groups_site_ssl_key_file_contents', undef),
  286. site_ssl_chain_file_contents => hiera('groups_site_ssl_chain_file_contents', undef),
  287. }
  288. }
  289. # Node-OS: precise
  290. node 'groups-dev.openstack.org' {
  291. class { 'openstack_project::server':
  292. iptables_public_tcp_ports => [22, 80, 443],
  293. sysadmins => hiera('sysadmins', []),
  294. }
  295. class { 'openstack_project::groups_dev':
  296. site_admin_password => hiera('groups_dev_site_admin_password'),
  297. site_mysql_host => hiera('groups_dev_site_mysql_host', 'localhost'),
  298. site_mysql_password => hiera('groups_dev_site_mysql_password'),
  299. conf_cron_key => hiera('groups_dev_conf_cron_key'),
  300. site_ssl_cert_file_contents => hiera('groups_dev_site_ssl_cert_file_contents', undef),
  301. site_ssl_key_file_contents => hiera('groups_dev_site_ssl_key_file_contents', undef),
  302. site_ssl_cert_file => '/etc/ssl/certs/groups-dev.openstack.org.pem',
  303. site_ssl_key_file => '/etc/ssl/private/groups-dev.openstack.org.key',
  304. }
  305. }
  306. # Node-OS: precise
  307. node 'lists.openstack.org' {
  308. class { 'openstack_project::lists':
  309. listadmins => hiera('listadmins', []),
  310. listpassword => hiera('listpassword'),
  311. }
  312. }
  313. # Node-OS: precise
  314. node 'paste.openstack.org' {
  315. class { 'openstack_project::server':
  316. iptables_public_tcp_ports => [80],
  317. sysadmins => hiera('sysadmins', []),
  318. }
  319. class { 'openstack_project::paste':
  320. db_password => hiera('paste_db_password'),
  321. mysql_root_password => hiera('paste_mysql_root_password'),
  322. }
  323. }
  324. # Node-OS: precise
  325. node 'planet.openstack.org' {
  326. class { 'openstack_project::planet':
  327. sysadmins => hiera('sysadmins', []),
  328. }
  329. }
  330. # Node-OS: precise
  331. node 'eavesdrop.openstack.org' {
  332. class { 'openstack_project::server':
  333. iptables_public_tcp_ports => [80],
  334. sysadmins => hiera('sysadmins', []),
  335. }
  336. class { 'openstack_project::eavesdrop':
  337. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  338. nickpass => hiera('openstack_meetbot_password'),
  339. statusbot_nick => hiera('statusbot_nick', 'username'),
  340. statusbot_password => hiera('statusbot_nick_password'),
  341. statusbot_server => 'chat.freenode.net',
  342. statusbot_channels => 'edeploy, fuel-dev, heat, kolla, murano, openstack, openstack-101, openstack-ansible, openstack-anvil, openstack-bacon, openstack-barbican, openstack-blazar, openstack-board, openstack-ceilometer, openstack-chef, openstack-cinder, openstack-cloudkeep, openstack-community, openstack-containers, openstack-defcore, openstack-dev, openstack-dns, openstack-doc, openstack-entropy, openstack-foundation, openstack-gantt, openstack-gate, openstack-glance, openstack-heat-translator, openstack-horizon, openstack-hyper-v, openstack-i18n, openstack-infra, openstack-infra-incident, openstack-ironic, openstack-keystone, openstack-manila, openstack-meeting, openstack-meeting-3, openstack-meeting-4, openstack-meeting-alt, openstack-meniscus, openstack-merges, openstack-metering, openstack-monasca, openstack-neutron, openstack-neutron-ovn, openstack-nova, openstack-opw, openstack-oslo, openstack-qa, openstack-raksha, openstack-rally, openstack-rating, openstack-release, openstack-sahara, openstack-sdks, openstack-sprint, openstack-stable, openstack-state-management, openstack-swauth, openstack-swift, openstack-trove, openstack-zaqar, packstack-dev, puppet-openstack, refstack, senlin, storyboard, syscompass, tripleo',
  343. statusbot_auth_nicks => 'jeblair, ttx, fungi, mordred, clarkb, sdague, SergeyLukjanov, jhesketh, lifeless, pleia2',
  344. statusbot_wiki_user => hiera('statusbot_wiki_username', 'username'),
  345. statusbot_wiki_password => hiera('statusbot_wiki_password'),
  346. statusbot_wiki_url => 'https://wiki.openstack.org/w/api.php',
  347. # https://wiki.openstack.org/wiki/Infrastructure_Status
  348. statusbot_wiki_pageid => '1781',
  349. # https://wiki.openstack.org/wiki/Successes
  350. statusbot_wiki_successpageid => '7717',
  351. statusbot_irclogs_url => 'http://eavesdrop.openstack.org/irclogs/%(chan)s/%(chan)s.%(date)s.log.html',
  352. accessbot_nick => hiera('accessbot_nick', 'username'),
  353. accessbot_password => hiera('accessbot_nick_password'),
  354. }
  355. }
  356. # Node-OS: trusty
  357. node 'etherpad.openstack.org' {
  358. class { 'openstack_project::server':
  359. iptables_public_tcp_ports => [22, 80, 443],
  360. sysadmins => hiera('sysadmins', []),
  361. }
  362. class { 'openstack_project::etherpad':
  363. ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents'),
  364. ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents'),
  365. ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'),
  366. mysql_host => hiera('etherpad_db_host', 'localhost'),
  367. mysql_user => hiera('etherpad_db_user', 'username'),
  368. mysql_password => hiera('etherpad_db_password'),
  369. }
  370. }
  371. # Node-OS: trusty
  372. node 'etherpad-dev.openstack.org' {
  373. class { 'openstack_project::server':
  374. iptables_public_tcp_ports => [22, 80, 443],
  375. sysadmins => hiera('sysadmins', []),
  376. }
  377. class { 'openstack_project::etherpad_dev':
  378. mysql_host => hiera('etherpad-dev_db_host', 'localhost'),
  379. mysql_user => hiera('etherpad-dev_db_user', 'username'),
  380. mysql_password => hiera('etherpad-dev_db_password'),
  381. }
  382. }
  383. # Node-OS: precise
  384. node 'wiki.openstack.org' {
  385. class { 'openstack_project::wiki':
  386. mysql_root_password => hiera('wiki_db_password'),
  387. sysadmins => hiera('sysadmins', []),
  388. ssl_cert_file_contents => hiera('wiki_ssl_cert_file_contents'),
  389. ssl_key_file_contents => hiera('wiki_ssl_key_file_contents'),
  390. ssl_chain_file_contents => hiera('wiki_ssl_chain_file_contents'),
  391. }
  392. }
  393. # Node-OS: precise
  394. node 'logstash.openstack.org' {
  395. $iptables_es_rule = regsubst($elasticsearch_nodes,
  396. '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
  397. $iptables_gm_rule = regsubst($elasticsearch_clients,
  398. '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
  399. $logstash_iptables_rule = flatten([$iptables_es_rule, $iptables_gm_rule])
  400. class { 'openstack_project::server':
  401. iptables_public_tcp_ports => [22, 80, 3306],
  402. iptables_rules6 => $logstash_iptables_rule,
  403. iptables_rules4 => $logstash_iptables_rule,
  404. sysadmins => hiera('sysadmins', []),
  405. }
  406. class { 'openstack_project::logstash':
  407. discover_nodes => [
  408. 'elasticsearch02.openstack.org:9200',
  409. 'elasticsearch03.openstack.org:9200',
  410. 'elasticsearch04.openstack.org:9200',
  411. 'elasticsearch05.openstack.org:9200',
  412. 'elasticsearch06.openstack.org:9200',
  413. 'elasticsearch07.openstack.org:9200',
  414. ],
  415. subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
  416. subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
  417. }
  418. }
  419. # Node-OS: precise
  420. node /^logstash-worker\d+\.openstack\.org$/ {
  421. $logstash_worker_iptables_rule = regsubst(flatten([$elasticsearch_nodes, $elasticsearch_clients]),
  422. '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
  423. $group = 'logstash-worker'
  424. class { 'openstack_project::server':
  425. iptables_public_tcp_ports => [22],
  426. iptables_rules6 => $logstash_worker_iptables_rule,
  427. iptables_rules4 => $logstash_worker_iptables_rule,
  428. sysadmins => hiera('sysadmins', []),
  429. }
  430. class { 'openstack_project::logstash_worker':
  431. discover_node => 'elasticsearch02.openstack.org',
  432. }
  433. }
  434. # Node-OS: trusty
  435. node /^subunit-worker\d+\.openstack\.org$/ {
  436. $group = "subunit-worker"
  437. class { 'openstack_project::server':
  438. iptables_public_tcp_ports => [22],
  439. sysadmins => hiera('sysadmins', []),
  440. }
  441. class { 'openstack_project::subunit_worker':
  442. subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
  443. subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
  444. }
  445. }
  446. # Node-OS: precise
  447. node /^elasticsearch0[1-7]\.openstack\.org$/ {
  448. $group = "elasticsearch"
  449. $iptables_nodes_rule = regsubst ($elasticsearch_nodes,
  450. '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
  451. $iptables_clients_rule = regsubst ($elasticsearch_clients,
  452. '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
  453. $iptables_rule = flatten([$iptables_nodes_rule, $iptables_clients_rule])
  454. class { 'openstack_project::server':
  455. iptables_public_tcp_ports => [22],
  456. iptables_rules6 => $iptables_rule,
  457. iptables_rules4 => $iptables_rule,
  458. sysadmins => hiera('sysadmins', []),
  459. }
  460. class { 'openstack_project::elasticsearch_node':
  461. discover_nodes => $elasticsearch_nodes,
  462. }
  463. }
  464. # CentOS machines to load balance git access.
  465. # Node-OS: centos7
  466. node /^git(-fe\d+)?\.openstack\.org$/ {
  467. $group = "git-loadbalancer"
  468. class { 'openstack_project::git':
  469. sysadmins => hiera('sysadmins', []),
  470. balancer_member_names => [
  471. 'git01.openstack.org',
  472. 'git02.openstack.org',
  473. 'git03.openstack.org',
  474. 'git04.openstack.org',
  475. 'git05.openstack.org',
  476. 'git06.openstack.org',
  477. 'git07.openstack.org',
  478. 'git08.openstack.org',
  479. ],
  480. balancer_member_ips => [
  481. '104.130.243.237',
  482. '104.130.243.109',
  483. '67.192.247.197',
  484. '67.192.247.180',
  485. '23.253.69.135',
  486. '104.239.132.223',
  487. '23.253.94.84',
  488. '104.239.146.131',
  489. ],
  490. }
  491. }
  492. # CentOS machines to run cgit and git daemon. Will be
  493. # load balanced by git.openstack.org.
  494. # Node-OS: centos7
  495. node /^git\d+\.openstack\.org$/ {
  496. $group = "git-server"
  497. include openstack_project
  498. class { 'openstack_project::server':
  499. iptables_public_tcp_ports => [4443, 8080, 29418],
  500. sysadmins => hiera('sysadmins', []),
  501. }
  502. class { 'openstack_project::git_backend':
  503. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  504. vhost_name => 'git.openstack.org',
  505. git_gerrit_ssh_key => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
  506. ssl_cert_file_contents => hiera('git_ssl_cert_file_contents'),
  507. ssl_key_file_contents => hiera('git_ssl_key_file_contents'),
  508. ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'),
  509. behind_proxy => true,
  510. selinux_mode => 'enforcing'
  511. }
  512. }
  513. # Machines in each region to run PyPI mirrors.
  514. # Node-OS: precise
  515. node /^pypi\..*\.openstack\.org$/ {
  516. $group = "pypi"
  517. class { 'openstack_project::pypi':
  518. sysadmins => hiera('sysadmins', []),
  519. }
  520. }
  521. # A machine to run ODSREG in preparation for summits.
  522. # Node-OS: trusty
  523. node 'design-summit-prep.openstack.org' {
  524. class { 'openstack_project::summit':
  525. sysadmins => hiera('sysadmins', []),
  526. }
  527. }
  528. # Node-OS: trusty
  529. node 'refstack.openstack.org' {
  530. class { 'openstack_project::server':
  531. iptables_public_tcp_ports => [80, 443],
  532. sysadmins => hiera('sysadmins', []),
  533. }
  534. class { 'refstack':
  535. mysql_host => hiera('refstack_mysql_host', 'localhost'),
  536. mysql_database => hiera('refstack_mysql_db_name', 'refstack'),
  537. mysql_user => hiera('refstack_mysql_user', 'refstack'),
  538. mysql_user_password => hiera('refstack_mysql_password'),
  539. ssl_cert_content => hiera('refstack_ssl_cert_file_contents'),
  540. ssl_key_content => hiera('refstack_ssl_key_file_contents'),
  541. ssl_ca_content => hiera('refstack_ssl_chain_file_contents'),
  542. protocol => 'https',
  543. }
  544. }
  545. # A machine to run Storyboard
  546. # Node-OS: precise
  547. node 'storyboard.openstack.org' {
  548. class { 'openstack_project::storyboard':
  549. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  550. sysadmins => hiera('sysadmins', []),
  551. mysql_host => hiera('storyboard_db_host', 'localhost'),
  552. mysql_user => hiera('storyboard_db_user', 'username'),
  553. mysql_password => hiera('storyboard_db_password'),
  554. rabbitmq_user => hiera('storyboard_rabbit_user', 'username'),
  555. rabbitmq_password => hiera('storyboard_rabbit_password'),
  556. ssl_cert_file_contents => hiera('storyboard_ssl_cert_file_contents'),
  557. ssl_key_file_contents => hiera('storyboard_ssl_key_file_contents'),
  558. ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents'),
  559. hostname => $::fqdn,
  560. valid_oauth_clients => [
  561. $::fqdn,
  562. 'docs-draft.openstack.org',
  563. ],
  564. cors_allowed_origins => [
  565. "https://${::fqdn}",
  566. 'http://docs-draft.openstack.org',
  567. ],
  568. }
  569. }
  570. # A machine to serve static content.
  571. # Node-OS: precise
  572. node 'static.openstack.org' {
  573. class { 'openstack_project::server':
  574. iptables_public_tcp_ports => [22, 80, 443],
  575. sysadmins => hiera('sysadmins', []),
  576. }
  577. class { 'openstack_project::static':
  578. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  579. swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/',
  580. swift_user => 'infra-files-ro',
  581. swift_key => hiera('infra_files_ro_password'),
  582. swift_tenant_name => hiera('infra_files_tenant_name', 'tenantname'),
  583. swift_region_name => 'DFW',
  584. swift_default_container => 'infra-files',
  585. ssl_cert_file_contents => hiera('static_ssl_cert_file_contents'),
  586. ssl_key_file_contents => hiera('static_ssl_key_file_contents'),
  587. ssl_chain_file_contents => hiera('static_ssl_chain_file_contents'),
  588. }
  589. }
  590. # A machine to serve various project status updates.
  591. # Node-OS: precise
  592. node 'status.openstack.org' {
  593. class { 'openstack_project::server':
  594. iptables_public_tcp_ports => [22, 80, 443],
  595. sysadmins => hiera('sysadmins', []),
  596. }
  597. class { 'openstack_project::status':
  598. gerrit_host => 'review.openstack.org',
  599. gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
  600. reviewday_ssh_public_key => hiera('reviewday_rsa_pubkey_contents'),
  601. reviewday_ssh_private_key => hiera('reviewday_rsa_key_contents'),
  602. releasestatus_ssh_public_key => hiera('releasestatus_rsa_pubkey_contents'),
  603. releasestatus_ssh_private_key => hiera('releasestatus_rsa_key_contents'),
  604. recheck_ssh_public_key => hiera('elastic-recheck_gerrit_ssh_public_key'),
  605. recheck_ssh_private_key => hiera('elastic-recheck_gerrit_ssh_private_key'),
  606. recheck_bot_nick => 'openstackrecheck',
  607. recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'),
  608. }
  609. }
  610. # Node-OS: trusty
  611. node 'nodepool.openstack.org' {
  612. $bluebox_username = hiera('nodepool_bluebox_username', 'username')
  613. $bluebox_password = hiera('nodepool_bluebox_password')
  614. $bluebox_project = hiera('nodepool_bluebox_project', 'project')
  615. $rackspace_username = hiera('nodepool_rackspace_username', 'username')
  616. $rackspace_password = hiera('nodepool_rackspace_password')
  617. $rackspace_project = hiera('nodepool_rackspace_project', 'project')
  618. $hpcloud_username = hiera('nodepool_hpcloud_username', 'username')
  619. $hpcloud_password = hiera('nodepool_hpcloud_password')
  620. $hpcloud_project = hiera('nodepool_hpcloud_project', 'project')
  621. $internap_username = hiera('nodepool_internap_username', 'username')
  622. $internap_password = hiera('nodepool_internap_password')
  623. $internap_project = hiera('nodepool_internap_project', 'project')
  624. $ovh_username = hiera('nodepool_ovh_username', 'username')
  625. $ovh_password = hiera('nodepool_ovh_password')
  626. $ovh_project = hiera('nodepool_ovh_project', 'project')
  627. $tripleo_username = hiera('nodepool_tripleo_username', 'username')
  628. $tripleo_password = hiera('nodepool_tripleo_password')
  629. $tripleo_project = hiera('nodepool_tripleo_project', 'project')
  630. $clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
  631. class { 'openstack_project::server':
  632. sysadmins => hiera('sysadmins', []),
  633. iptables_public_tcp_ports => [80],
  634. }
  635. class { '::openstackci::nodepool':
  636. vhost_name => 'nodepool.openstack.org',
  637. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  638. mysql_password => hiera('nodepool_mysql_password'),
  639. mysql_root_password => hiera('nodepool_mysql_root_password'),
  640. nodepool_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
  641. oscc_file_contents => $clouds_yaml,
  642. image_log_document_root => '/var/log/nodepool/image',
  643. statsd_host => 'graphite.openstack.org',
  644. logging_conf_template => 'openstack_project/nodepool/nodepool.logging.conf.erb',
  645. jenkins_masters => [
  646. {
  647. name => 'jenkins01',
  648. url => 'https://jenkins01.openstack.org/',
  649. user => hiera('jenkins_api_user', 'username'),
  650. apikey => hiera('jenkins_api_key'),
  651. credentials => hiera('jenkins_credentials_id'),
  652. },
  653. {
  654. name => 'jenkins02',
  655. url => 'https://jenkins02.openstack.org/',
  656. user => hiera('jenkins_api_user', 'username'),
  657. apikey => hiera('jenkins_api_key'),
  658. credentials => hiera('jenkins_credentials_id'),
  659. },
  660. {
  661. name => 'jenkins03',
  662. url => 'https://jenkins03.openstack.org/',
  663. user => hiera('jenkins_api_user', 'username'),
  664. apikey => hiera('jenkins_api_key'),
  665. credentials => hiera('jenkins_credentials_id'),
  666. },
  667. {
  668. name => 'jenkins04',
  669. url => 'https://jenkins04.openstack.org/',
  670. user => hiera('jenkins_api_user', 'username'),
  671. apikey => hiera('jenkins_api_key'),
  672. credentials => hiera('jenkins_credentials_id'),
  673. },
  674. {
  675. name => 'jenkins05',
  676. url => 'https://jenkins05.openstack.org/',
  677. user => hiera('jenkins_api_user', 'username'),
  678. apikey => hiera('jenkins_api_key'),
  679. credentials => hiera('jenkins_credentials_id'),
  680. },
  681. {
  682. name => 'jenkins06',
  683. url => 'https://jenkins06.openstack.org/',
  684. user => hiera('jenkins_api_user', 'username'),
  685. apikey => hiera('jenkins_api_key'),
  686. credentials => hiera('jenkins_credentials_id'),
  687. },
  688. {
  689. name => 'jenkins07',
  690. url => 'https://jenkins07.openstack.org/',
  691. user => hiera('jenkins_api_user', 'username'),
  692. apikey => hiera('jenkins_api_key'),
  693. credentials => hiera('jenkins_credentials_id'),
  694. },
  695. ],
  696. }
  697. }
  698. # Node-OS: precise
  699. # Node-OS: trusty
  700. node 'zuul.openstack.org' {
  701. class { 'openstack_project::zuul_prod':
  702. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  703. gerrit_server => 'review.openstack.org',
  704. gerrit_user => 'jenkins',
  705. gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
  706. zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
  707. url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
  708. swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/',
  709. swift_user => 'infra-files-rw',
  710. swift_key => hiera('infra_files_rw_password'),
  711. swift_tenant_name => hiera('infra_files_tenant_name', 'tenantname'),
  712. swift_region_name => 'DFW',
  713. swift_default_container => 'infra-files',
  714. swift_default_logserver_prefix => 'http://logs.openstack.org/',
  715. swift_default_expiry => 14400,
  716. proxy_ssl_cert_file_contents => hiera('zuul_ssl_cert_file_contents'),
  717. proxy_ssl_key_file_contents => hiera('zuul_ssl_key_file_contents'),
  718. proxy_ssl_chain_file_contents => hiera('zuul_ssl_chain_file_contents'),
  719. zuul_url => 'http://zuul.openstack.org/p',
  720. sysadmins => hiera('sysadmins', []),
  721. statsd_host => 'graphite.openstack.org',
  722. gearman_workers => [
  723. 'nodepool.openstack.org',
  724. 'jenkins.openstack.org',
  725. 'jenkins01.openstack.org',
  726. 'jenkins02.openstack.org',
  727. 'jenkins03.openstack.org',
  728. 'jenkins04.openstack.org',
  729. 'jenkins05.openstack.org',
  730. 'jenkins06.openstack.org',
  731. 'jenkins07.openstack.org',
  732. 'jenkins-dev.openstack.org',
  733. 'zm01.openstack.org',
  734. 'zm02.openstack.org',
  735. 'zm03.openstack.org',
  736. 'zm04.openstack.org',
  737. 'zm05.openstack.org',
  738. 'zm06.openstack.org',
  739. 'zm07.openstack.org',
  740. 'zm08.openstack.org',
  741. ],
  742. }
  743. }
  744. # Node-OS: precise
  745. # Node-OS: trusty
  746. node /^zm\d+\.openstack\.org$/ {
  747. $group = "zuul-merger"
  748. class { 'openstack_project::zuul_merger':
  749. gearman_server => 'zuul.openstack.org',
  750. gerrit_server => 'review.openstack.org',
  751. gerrit_user => 'jenkins',
  752. gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
  753. zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
  754. sysadmins => hiera('sysadmins', []),
  755. }
  756. }
  757. # Node-OS: precise
  758. # Node-OS: trusty
  759. node 'zuul-dev.openstack.org' {
  760. class { 'openstack_project::zuul_dev':
  761. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  762. gerrit_server => 'review-dev.openstack.org',
  763. gerrit_user => 'jenkins',
  764. gerrit_ssh_host_key => hiera('gerrit_dev_ssh_rsa_pubkey_contents'),
  765. zuul_ssh_private_key => hiera('zuul_dev_ssh_private_key_contents'),
  766. url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
  767. zuul_url => 'http://zuul-dev.openstack.org/p',
  768. sysadmins => hiera('sysadmins', []),
  769. statsd_host => 'graphite.openstack.org',
  770. gearman_workers => [
  771. 'jenkins.openstack.org',
  772. 'jenkins01.openstack.org',
  773. 'jenkins02.openstack.org',
  774. 'jenkins03.openstack.org',
  775. 'jenkins04.openstack.org',
  776. 'jenkins05.openstack.org',
  777. 'jenkins06.openstack.org',
  778. 'jenkins07.openstack.org',
  779. 'jenkins-dev.openstack.org',
  780. ],
  781. }
  782. }
  783. # Node-OS: trusty
  784. node 'pbx.openstack.org' {
  785. class { 'openstack_project::server':
  786. sysadmins => hiera('sysadmins', []),
  787. # SIP signaling is either TCP or UDP port 5060.
  788. # RTP media (audio/video) uses a range of UDP ports.
  789. iptables_public_tcp_ports => [5060],
  790. iptables_public_udp_ports => [5060],
  791. iptables_rules4 => ['-m udp -p udp --dport 10000:20000 -j ACCEPT'],
  792. iptables_rules6 => ['-m udp -p udp --dport 10000:20000 -j ACCEPT'],
  793. }
  794. class { 'openstack_project::pbx':
  795. sip_providers => [
  796. {
  797. provider => 'voipms',
  798. hostname => 'dallas.voip.ms',
  799. username => hiera('voipms_username', 'username'),
  800. password => hiera('voipms_password'),
  801. outgoing => false,
  802. },
  803. ],
  804. }
  805. }
  806. # Node-OS: precise
  807. # A backup machine. Don't run cron or puppet agent on it.
  808. node /^ci-backup-.*\.openstack\.org$/ {
  809. $group = "ci-backup"
  810. include openstack_project::backup_server
  811. }
  812. # Node-OS: precise
  813. # Node-OS: trusty
  814. node 'proposal.slave.openstack.org' {
  815. include openstack_project
  816. class { 'openstack_project::proposal_slave':
  817. jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
  818. proposal_ssh_public_key => hiera('proposal_ssh_public_key_contents'),
  819. proposal_ssh_private_key => hiera('proposal_ssh_private_key_contents'),
  820. zanata_server_url => 'https://translate.openstack.org/',
  821. zanata_server_user => hiera('proposal_zanata_user'),
  822. zanata_server_api_key => hiera('proposal_zanata_api_key'),
  823. }
  824. }
  825. # Node-OS: trusty
  826. node 'release.slave.openstack.org' {
  827. include openstack_project
  828. class { 'openstack_project::release_slave':
  829. pypi_username => 'openstackci',
  830. pypi_password => hiera('pypi_password'),
  831. jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
  832. jenkinsci_username => hiera('jenkins_ci_org_user', 'username'),
  833. jenkinsci_password => hiera('jenkins_ci_org_password'),
  834. mavencentral_username => hiera('mavencentral_org_user', 'username'),
  835. mavencentral_password => hiera('mavencentral_org_password'),
  836. puppet_forge_username => hiera('puppet_forge_username', 'username'),
  837. puppet_forge_password => hiera('puppet_forge_password'),
  838. npm_username => 'openstackci',
  839. npm_userpassword => hiera('npm_user_password'),
  840. npm_userurl => 'https://openstack.org',
  841. }
  842. }
  843. # Node-OS: precise
  844. # Node-OS: trusty
  845. node 'openstackid.org' {
  846. class { 'openstack_project::openstackid_prod':
  847. sysadmins => hiera('sysadmins', []),
  848. site_admin_password => hiera('openstackid_site_admin_password'),
  849. id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'),
  850. id_mysql_password => hiera('openstackid_id_mysql_password'),
  851. id_mysql_user => hiera('openstackid_id_mysql_user', 'username'),
  852. id_db_name => hiera('openstackid_id_db_name'),
  853. ss_mysql_host => hiera('openstackid_ss_mysql_host', 'localhost'),
  854. ss_mysql_password => hiera('openstackid_ss_mysql_password'),
  855. ss_mysql_user => hiera('openstackid_ss_mysql_user', 'username'),
  856. ss_db_name => hiera('openstackid_ss_db_name', 'username'),
  857. redis_password => hiera('openstackid_redis_password'),
  858. ssl_cert_file_contents => hiera('openstackid_ssl_cert_file_contents'),
  859. ssl_key_file_contents => hiera('openstackid_ssl_key_file_contents'),
  860. ssl_chain_file_contents => hiera('openstackid_ssl_chain_file_contents'),
  861. }
  862. }
  863. # Node-OS: precise
  864. # Node-OS: trusty
  865. node 'openstackid-dev.openstack.org' {
  866. class { 'openstack_project::openstackid_dev':
  867. sysadmins => hiera('sysadmins', []),
  868. site_admin_password => hiera('openstackid_dev_site_admin_password'),
  869. id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'),
  870. id_mysql_password => hiera('openstackid_dev_id_mysql_password'),
  871. id_mysql_user => hiera('openstackid_dev_id_mysql_user', 'username'),
  872. ss_mysql_host => hiera('openstackid_dev_ss_mysql_host', 'localhost'),
  873. ss_mysql_password => hiera('openstackid_dev_ss_mysql_password'),
  874. ss_mysql_user => hiera('openstackid_dev_ss_mysql_user', 'username'),
  875. ss_db_name => hiera('openstackid_dev_ss_db_name', 'username'),
  876. redis_password => hiera('openstackid_dev_redis_password'),
  877. ssl_cert_file_contents => hiera('openstackid_dev_ssl_cert_file_contents'),
  878. ssl_key_file_contents => hiera('openstackid_dev_ssl_key_file_contents'),
  879. ssl_chain_file_contents => hiera('openstackid_dev_ssl_chain_file_contents'),
  880. }
  881. }
  882. # Node-OS: precise
  883. # Node-OS: trusty
  884. # This is not meant to be an actual node that connects to the master.
  885. # This is a dummy node definition to trigger a test of the code path used by
  886. # nodepool's prepare_node scripts in the apply tests
  887. # NOTE(pabelanger): These are the settings we currently use for bare-* nodes.
  888. # It includes thick_slave.pp.
  889. node 'single-use-slave-bare' {
  890. class { 'openstack_project::single_use_slave':
  891. # Test non-default values from prepare_node_bare.sh
  892. sudo => true,
  893. thin => false,
  894. }
  895. }
  896. # Node-OS: centos7
  897. # Node-OS: fedora21
  898. # Node-OS: precise
  899. # Node-OS: trusty
  900. # This is not meant to be an actual node that connects to the master.
  901. # This is a dummy node definition to trigger a test of the code path used by
  902. # nodepool's prepare_node scripts in the apply tests
  903. # NOTE(pabelanger): These are the current settings we use for devstack-* nodes.
  904. node 'single-use-slave-devstack' {
  905. class { 'openstack_project::single_use_slave':
  906. sudo => true,
  907. thin => true,
  908. }
  909. }
  910. # Node-OS: trusty
  911. node 'kdc01.openstack.org' {
  912. class { 'openstack_project::kdc':
  913. sysadmins => hiera('sysadmins', []),
  914. }
  915. }
  916. # Node-OS: trusty
  917. node 'kdc02.openstack.org' {
  918. class { 'openstack_project::kdc':
  919. sysadmins => hiera('sysadmins', []),
  920. slave => true,
  921. }
  922. }
  923. # Node-OS: trusty
  924. node /^afsdb.*\.openstack\.org$/ {
  925. $group = "afsdb"
  926. class { 'openstack_project::template':
  927. iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
  928. sysadmins => hiera('sysadmins', []),
  929. afs => true,
  930. manage_exim => true,
  931. }
  932. include openstack_project::afsdb
  933. }
  934. # Node-OS: trusty
  935. node /^afs.*\..*\.openstack\.org$/ {
  936. $group = "afs"
  937. class { 'openstack_project::template':
  938. iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
  939. sysadmins => hiera('sysadmins', []),
  940. afs => true,
  941. manage_exim => true,
  942. }
  943. include openstack_project::afsfs
  944. }
  945. # Node-OS: trusty
  946. node 'ask.openstack.org' {
  947. class { 'openstack_project::server':
  948. iptables_public_tcp_ports => [22, 80, 443],
  949. sysadmins => hiera('sysadmins', []),
  950. }
  951. class { 'openstack_project::ask':
  952. db_user => hiera('ask_db_user', 'ask'),
  953. db_password => hiera('ask_db_password'),
  954. redis_password => hiera('ask_redis_password'),
  955. site_ssl_cert_file_contents => hiera('ask_site_ssl_cert_file_contents', undef),
  956. site_ssl_key_file_contents => hiera('ask_site_ssl_key_file_contents', undef),
  957. site_ssl_chain_file_contents => hiera('ask_site_ssl_chain_file_contents', undef),
  958. }
  959. }
  960. # Node-OS: trusty
  961. node 'ask-staging.openstack.org' {
  962. class { 'openstack_project::server':
  963. iptables_public_tcp_ports => [22, 80, 443],
  964. sysadmins => hiera('sysadmins', []),
  965. }
  966. class { 'openstack_project::ask_staging':
  967. db_password => hiera('ask_staging_db_password'),
  968. redis_password => hiera('ask_staging_redis_password'),
  969. }
  970. }
  971. # Node-OS: trusty
  972. node 'translate.openstack.org' {
  973. class { 'openstack_project::server':
  974. iptables_public_tcp_ports => [80, 443],
  975. sysadmins => hiera('sysadmins', []),
  976. }
  977. class { 'openstack_project::translate':
  978. admin_users => 'aeng,camunoz,cboylan,daisyycguo,infra,jaegerandi,lyz,mordred,stevenk',
  979. openid_url => 'https://openstackid.org',
  980. listeners => ['ajp'],
  981. from_address => 'noreply@openstack.org',
  982. mysql_host => hiera('translate_mysql_host', 'localhost'),
  983. mysql_password => hiera('translate_mysql_password'),
  984. zanata_server_user => hiera('proposal_zanata_user'),
  985. zanata_server_api_key => hiera('proposal_zanata_api_key'),
  986. zanata_wildfly_version => '9.0.1',
  987. zanata_url => 'https://sourceforge.net/projects/zanata/files/webapp/zanata-war-3.7.3.war',
  988. zanata_checksum => '59f1ac35cce46ba4e46b06a239cd7ab4e10b5528',
  989. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  990. ssl_cert_file_contents => hiera('translate_ssl_cert_file_contents'),
  991. ssl_key_file_contents => hiera('translate_ssl_key_file_contents'),
  992. ssl_chain_file_contents => hiera('translate_ssl_chain_file_contents'),
  993. }
  994. }
  995. # Node-OS: trusty
  996. node 'translate-dev.openstack.org' {
  997. class { 'openstack_project::translate_dev':
  998. sysadmins => hiera('sysadmins', []),
  999. admin_users => 'aeng,camunoz,cboylan,daisyycguo,infra,jaegerandi,lyz,mordred,stevenk',
  1000. openid_url => 'https://openstackid.org',
  1001. listeners => ['ajp'],
  1002. from_address => 'noreply@openstack.org',
  1003. mysql_host => hiera('translate_dev_mysql_host', 'localhost'),
  1004. mysql_password => hiera('translate_dev_mysql_password'),
  1005. zanata_server_user => hiera('proposal_zanata_user'),
  1006. zanata_server_api_key => hiera('proposal_zanata_api_key'),
  1007. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  1008. }
  1009. }
  1010. # Node-OS: trusty
  1011. node 'apps.openstack.org' {
  1012. class { 'openstack_project::server':
  1013. iptables_public_tcp_ports => [80, 443],
  1014. sysadmins => hiera('sysadmins', []),
  1015. }
  1016. class { '::apps_site':
  1017. ssl_cert_file => '/etc/ssl/certs/apps.openstack.org.pem',
  1018. ssl_cert_file_contents => hiera('apps_ssl_cert_file_contents'),
  1019. ssl_key_file => '/etc/ssl/private/apps.openstack.org.key',
  1020. ssl_key_file_contents => hiera('apps_ssl_key_file_contents'),
  1021. ssl_chain_file => '/etc/ssl/certs/apps.openstack.org_intermediate.pem',
  1022. ssl_chain_file_contents => hiera('apps_ssl_chain_file_contents'),
  1023. }
  1024. }
  1025. # Node-OS: trusty
  1026. node 'odsreg.openstack.org' {
  1027. class { 'openstack_project::server':
  1028. iptables_public_tcp_ports => [80],
  1029. sysadmins => hiera('sysadmins', []),
  1030. }
  1031. realize (
  1032. User::Virtual::Localuser['ttx'],
  1033. )
  1034. class { '::odsreg':
  1035. }
  1036. }
  1037. # Node-OS: trusty
  1038. node 'codesearch.openstack.org' {
  1039. class { 'openstack_project::server':
  1040. iptables_public_tcp_ports => [80],
  1041. sysadmins => hiera('sysadmins', []),
  1042. }
  1043. class { 'openstack_project::codesearch':
  1044. project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
  1045. }
  1046. }
  1047. # vim:sw=2:ts=2:expandtab:textwidth=79