2014-06-03 17:28:27 -07:00
|
|
|
#
|
|
|
|
|
# Top-level variables
|
|
|
|
|
#
|
|
|
|
|
# There must not be any whitespace between this comment and the variables or
|
|
|
|
|
# in between any two variables in order for them to be correctly parsed and
|
|
|
|
|
# passed around in test.sh
|
|
|
|
|
#
|
2015-07-28 18:05:08 -07:00
|
|
|
$elasticsearch_nodes = hiera_array('elasticsearch_nodes')
|
|
|
|
|
$elasticsearch_clients = hiera_array('elasticsearch_clients')
|
2014-06-03 17:28:27 -07:00
|
|
|
|
2011-09-08 13:20:21 -07:00
|
|
|
#
|
|
|
|
|
# Default: should at least behave like an openstack server
|
|
|
|
|
#
|
|
|
|
|
node default {
|
2012-09-06 10:32:48 -07:00
|
|
|
class { 'openstack_project::server':
|
2014-06-14 08:09:09 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2012-09-06 10:32:48 -07:00
|
|
|
}
|
2011-09-08 13:20:21 -07:00
|
|
|
}
|
|
|
|
|
|
2011-08-02 12:58:08 -07:00
|
|
|
#
|
|
|
|
|
# Long lived servers:
|
|
|
|
|
#
|
2015-02-04 22:04:31 +00:00
|
|
|
# Node-OS: trusty
|
2012-09-28 10:05:02 -04:00
|
|
|
node 'review.openstack.org' {
|
2015-11-13 16:12:34 -05:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80, 443, 29418],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-26 18:58:35 -05:00
|
|
|
class { 'openstack_project::review':
|
2014-09-19 15:38:45 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2015-10-16 14:02:32 -07:00
|
|
|
github_oauth_token => hiera('gerrit_github_token'),
|
2014-05-16 11:46:59 -04:00
|
|
|
github_project_username => hiera('github_project_username', 'username'),
|
2015-10-16 14:02:32 -07:00
|
|
|
github_project_password => hiera('github_project_password'),
|
2014-05-16 11:46:59 -04:00
|
|
|
mysql_host => hiera('gerrit_mysql_host', 'localhost'),
|
2015-10-16 14:02:32 -07:00
|
|
|
mysql_password => hiera('gerrit_mysql_password'),
|
|
|
|
|
email_private_key => hiera('gerrit_email_private_key'),
|
|
|
|
|
token_private_key => hiera('gerrit_rest_token_private_key'),
|
|
|
|
|
gerritbot_password => hiera('gerrit_gerritbot_password'),
|
|
|
|
|
gerritbot_ssh_rsa_key_contents => hiera('gerritbot_ssh_rsa_key_contents'),
|
|
|
|
|
gerritbot_ssh_rsa_pubkey_contents => hiera('gerritbot_ssh_rsa_pubkey_contents'),
|
|
|
|
|
ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'),
|
|
|
|
|
ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'),
|
|
|
|
|
ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'),
|
|
|
|
|
ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'),
|
|
|
|
|
ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'),
|
|
|
|
|
ssh_project_rsa_key_contents => hiera('gerrit_project_ssh_rsa_key_contents'),
|
|
|
|
|
ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents'),
|
|
|
|
|
ssh_welcome_rsa_key_contents => hiera('welcome_message_gerrit_ssh_private_key'),
|
|
|
|
|
ssh_welcome_rsa_pubkey_contents => hiera('welcome_message_gerrit_ssh_public_key'),
|
|
|
|
|
ssh_replication_rsa_key_contents => hiera('gerrit_replication_ssh_rsa_key_contents'),
|
|
|
|
|
ssh_replication_rsa_pubkey_contents => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
|
2016-08-17 18:29:36 +00:00
|
|
|
lp_access_token => hiera('gerrit_lp_access_token'),
|
|
|
|
|
lp_access_secret => hiera('gerrit_lp_access_secret'),
|
|
|
|
|
lp_consumer_key => hiera('gerrit_lp_consumer_key'),
|
2014-05-16 11:46:59 -04:00
|
|
|
swift_username => hiera('swift_store_user', 'username'),
|
2015-10-16 14:02:32 -07:00
|
|
|
swift_password => hiera('swift_store_key'),
|
2016-06-17 00:17:10 -07:00
|
|
|
storyboard_password => hiera('gerrit_storyboard_token'),
|
2012-07-26 18:58:35 -05:00
|
|
|
}
|
2011-08-05 23:00:46 +00:00
|
|
|
}
|
|
|
|
|
|
2015-01-15 20:36:59 +00:00
|
|
|
# Node-OS: trusty
|
2012-10-11 16:55:07 -07:00
|
|
|
node 'review-dev.openstack.org' {
|
2015-11-13 16:12:34 -05:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80, 443, 29418],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
afs => true,
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-26 18:58:35 -05:00
|
|
|
class { 'openstack_project::review_dev':
|
2015-04-15 15:38:05 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2015-10-16 14:05:35 -07:00
|
|
|
github_oauth_token => hiera('gerrit_dev_github_token'),
|
2015-04-15 15:38:05 -07:00
|
|
|
github_project_username => hiera('github_dev_project_username', 'username'),
|
2015-10-16 14:05:35 -07:00
|
|
|
github_project_password => hiera('github_dev_project_password'),
|
2015-04-15 15:38:05 -07:00
|
|
|
mysql_host => hiera('gerrit_dev_mysql_host', 'localhost'),
|
2015-10-16 14:05:35 -07:00
|
|
|
mysql_password => hiera('gerrit_dev_mysql_password'),
|
|
|
|
|
email_private_key => hiera('gerrit_dev_email_private_key'),
|
|
|
|
|
ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents'),
|
|
|
|
|
ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents'),
|
|
|
|
|
ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents'),
|
|
|
|
|
ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents'),
|
|
|
|
|
ssh_project_rsa_key_contents => hiera('gerrit_dev_project_ssh_rsa_key_contents'),
|
|
|
|
|
ssh_project_rsa_pubkey_contents => hiera('gerrit_dev_project_ssh_rsa_pubkey_contents'),
|
|
|
|
|
ssh_replication_rsa_key_contents => hiera('gerrit_dev_replication_ssh_rsa_key_contents'),
|
|
|
|
|
ssh_replication_rsa_pubkey_contents => hiera('gerrit_dev_replication_ssh_rsa_pubkey_contents'),
|
2016-08-17 18:29:36 +00:00
|
|
|
lp_access_token => hiera('gerrit_dev_lp_access_token'),
|
|
|
|
|
lp_access_secret => hiera('gerrit_dev_lp_access_secret'),
|
|
|
|
|
lp_consumer_key => hiera('gerrit_dev_lp_consumer_key'),
|
2016-06-17 00:17:10 -07:00
|
|
|
storyboard_password => hiera('gerrit_dev_storyboard_token'),
|
|
|
|
|
storyboard_ssl_cert => hiera('gerrit_dev_storyboard_ssl_crt'),
|
2012-07-26 18:58:35 -05:00
|
|
|
}
|
2011-08-02 12:58:08 -07:00
|
|
|
}
|
|
|
|
|
|
2015-04-30 19:09:38 +00:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'grafana.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { 'openstack_project::grafana':
|
2015-10-28 11:31:50 +09:00
|
|
|
admin_password => hiera('grafana_admin_password'),
|
2015-10-09 11:20:50 -04:00
|
|
|
admin_user => hiera('grafana_admin_user', 'username'),
|
|
|
|
|
mysql_host => hiera('grafana_mysql_host', 'localhost'),
|
2015-10-28 11:31:50 +09:00
|
|
|
mysql_name => hiera('grafana_mysql_name'),
|
|
|
|
|
mysql_password => hiera('grafana_mysql_password'),
|
2015-10-09 11:20:50 -04:00
|
|
|
mysql_user => hiera('grafana_mysql_user', 'username'),
|
|
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2015-10-28 11:31:50 +09:00
|
|
|
secret_key => hiera('grafana_secret_key'),
|
2015-04-30 19:09:38 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-14 15:33:20 -04:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'health.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { 'openstack_project::openstack_health_api':
|
|
|
|
|
subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-12 17:09:21 +00:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'stackalytics.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::stackalytics':
|
|
|
|
|
gerrit_ssh_user => hiera('stackalytics_gerrit_ssh_user'),
|
|
|
|
|
stackalytics_ssh_private_key => hiera('stackalytics_ssh_private_key_contents'),
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-10-14 15:33:20 -04:00
|
|
|
|
2016-02-25 12:33:52 -05:00
|
|
|
# Node-OS: trusty
|
2012-10-20 23:53:20 +00:00
|
|
|
node 'cacti.openstack.org' {
|
2013-05-24 12:43:54 -07:00
|
|
|
include openstack_project::ssl_cert_check
|
2012-10-20 23:53:20 +00:00
|
|
|
class { 'openstack_project::cacti':
|
2015-12-30 14:43:25 -08:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2016-02-24 15:28:30 -08:00
|
|
|
cacti_hosts => hiera_array('cacti_hosts'),
|
2016-05-25 12:05:24 -07:00
|
|
|
vhost_name => 'cacti.openstack.org',
|
2012-10-20 23:53:20 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-28 22:50:54 +02:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node /^cacti\d+\.openstack\.org$/ {
|
|
|
|
|
$group = "cacti"
|
|
|
|
|
include openstack_project::ssl_cert_check
|
|
|
|
|
class { 'openstack_project::cacti':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
cacti_hosts => hiera_array('cacti_hosts'),
|
|
|
|
|
vhost_name => 'cacti.openstack.org',
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-28 21:37:14 -05:00
|
|
|
# Node-OS: trusty
|
2014-03-28 00:11:10 -07:00
|
|
|
node 'puppetmaster.openstack.org' {
|
2015-04-10 17:36:44 +02:00
|
|
|
class { 'openstack_project::server':
|
2015-11-28 21:36:38 -05:00
|
|
|
iptables_public_tcp_ports => [8140],
|
2015-04-10 17:36:44 +02:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
pin_puppet => '3.6.',
|
|
|
|
|
}
|
2014-03-28 00:11:10 -07:00
|
|
|
class { 'openstack_project::puppetmaster':
|
2016-02-02 18:22:41 -08:00
|
|
|
root_rsa_key => hiera('puppetmaster_root_rsa_key'),
|
|
|
|
|
puppetmaster_clouds => hiera('puppetmaster_clouds'),
|
2016-10-07 11:11:55 -07:00
|
|
|
puppetdb => false,
|
2017-04-19 17:33:25 -04:00
|
|
|
enable_mqtt => true,
|
|
|
|
|
mqtt_password => hiera('mqtt_service_user_password'),
|
|
|
|
|
mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
|
2014-03-28 00:11:10 -07:00
|
|
|
}
|
2017-08-25 13:26:12 -07:00
|
|
|
file { '/etc/openstack/infracloud_vanilla_cacert.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0444',
|
|
|
|
|
content => hiera('infracloud_vanilla_ssl_cert_file_contents'),
|
|
|
|
|
require => Class['::openstack_project::puppetmaster'],
|
|
|
|
|
}
|
|
|
|
|
file { '/etc/openstack/infracloud_chocolate_cacert.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0444',
|
|
|
|
|
content => hiera('infracloud_chocolate_ssl_cert_file_contents'),
|
|
|
|
|
require => Class['::openstack_project::puppetmaster'],
|
|
|
|
|
}
|
2014-03-28 00:11:10 -07:00
|
|
|
}
|
|
|
|
|
|
2017-02-20 09:52:57 -05:00
|
|
|
# Node-OS: trusty
|
2014-02-15 14:54:03 -08:00
|
|
|
node 'puppetdb.openstack.org' {
|
2015-04-13 12:25:54 +02:00
|
|
|
$open_ports = [8081, 80]
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => $open_ports,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
2014-02-15 14:54:03 -08:00
|
|
|
}
|
2015-04-13 12:25:54 +02:00
|
|
|
include openstack_project::puppetdb
|
2014-02-15 14:54:03 -08:00
|
|
|
}
|
|
|
|
|
|
2016-02-25 13:50:16 -05:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'puppetdb01.openstack.org' {
|
|
|
|
|
$open_ports = [8081, 80]
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => $open_ports,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { 'openstack_project::puppetdb':
|
|
|
|
|
version => '4.0.2-1puppetlabs1',
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-23 13:15:37 -04:00
|
|
|
# Node-OS: trusty
|
2012-11-28 23:12:07 +00:00
|
|
|
node 'graphite.openstack.org' {
|
2015-11-23 13:27:00 -08:00
|
|
|
$statsd_hosts = ['git.openstack.org',
|
2017-04-05 00:21:50 -04:00
|
|
|
'firehose01.openstack.org',
|
2015-11-23 13:27:00 -08:00
|
|
|
'logstash.openstack.org',
|
2015-08-25 14:30:09 +02:00
|
|
|
'nodepool.openstack.org',
|
2017-02-20 11:52:08 -05:00
|
|
|
'nl01.openstack.org',
|
2017-09-04 14:35:13 -04:00
|
|
|
'nl02.openstack.org',
|
2015-08-25 14:30:09 +02:00
|
|
|
'zuul.openstack.org']
|
|
|
|
|
|
|
|
|
|
# Turn a list of hostnames into a list of iptables rules
|
|
|
|
|
$rules = regsubst ($statsd_hosts, '^(.*)$', '-m udp -p udp -s \1 --dport 8125 -j ACCEPT')
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80, 443],
|
|
|
|
|
iptables_rules6 => $rules,
|
|
|
|
|
iptables_rules4 => $rules,
|
|
|
|
|
sysadmins => hiera('sysadmins', [])
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { '::graphite':
|
2014-05-16 11:46:59 -04:00
|
|
|
graphite_admin_user => hiera('graphite_admin_user', 'username'),
|
|
|
|
|
graphite_admin_email => hiera('graphite_admin_email', 'email@example.com'),
|
2015-10-16 14:14:46 -07:00
|
|
|
graphite_admin_password => hiera('graphite_admin_password'),
|
2012-11-28 23:12:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-04 12:15:56 +02:00
|
|
|
# Node-OS: trusty
|
2012-11-08 10:52:37 +01:00
|
|
|
node 'groups.openstack.org' {
|
2015-06-26 12:26:58 +02:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
2012-11-08 10:52:37 +01:00
|
|
|
class { 'openstack_project::groups':
|
2015-10-16 14:16:15 -07:00
|
|
|
site_admin_password => hiera('groups_site_admin_password'),
|
2014-12-01 08:46:10 +01:00
|
|
|
site_mysql_host => hiera('groups_site_mysql_host', 'localhost'),
|
2015-10-16 14:16:15 -07:00
|
|
|
site_mysql_password => hiera('groups_site_mysql_password'),
|
|
|
|
|
conf_cron_key => hiera('groups_conf_cron_key'),
|
2014-12-01 08:46:10 +01:00
|
|
|
site_ssl_cert_file_contents => hiera('groups_site_ssl_cert_file_contents', undef),
|
|
|
|
|
site_ssl_key_file_contents => hiera('groups_site_ssl_key_file_contents', undef),
|
|
|
|
|
site_ssl_chain_file_contents => hiera('groups_site_ssl_chain_file_contents', undef),
|
2012-11-08 10:52:37 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-30 11:22:27 +02:00
|
|
|
# Node-OS: trusty
|
2013-09-17 11:43:00 +02:00
|
|
|
node 'groups-dev.openstack.org' {
|
2015-06-26 12:26:58 +02:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
2013-09-17 11:43:00 +02:00
|
|
|
class { 'openstack_project::groups_dev':
|
2015-10-16 14:16:15 -07:00
|
|
|
site_admin_password => hiera('groups_dev_site_admin_password'),
|
2014-11-19 21:07:37 +01:00
|
|
|
site_mysql_host => hiera('groups_dev_site_mysql_host', 'localhost'),
|
2015-10-16 14:16:15 -07:00
|
|
|
site_mysql_password => hiera('groups_dev_site_mysql_password'),
|
|
|
|
|
conf_cron_key => hiera('groups_dev_conf_cron_key'),
|
2014-11-19 21:07:37 +01:00
|
|
|
site_ssl_cert_file_contents => hiera('groups_dev_site_ssl_cert_file_contents', undef),
|
|
|
|
|
site_ssl_key_file_contents => hiera('groups_dev_site_ssl_key_file_contents', undef),
|
|
|
|
|
site_ssl_cert_file => '/etc/ssl/certs/groups-dev.openstack.org.pem',
|
|
|
|
|
site_ssl_key_file => '/etc/ssl/private/groups-dev.openstack.org.key',
|
2013-09-17 11:43:00 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-25 15:39:08 -05:00
|
|
|
# Node-OS: trusty
|
2012-09-28 10:05:02 -04:00
|
|
|
node 'lists.openstack.org' {
|
2017-03-25 14:55:29 +01:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [25, 80, 465],
|
|
|
|
|
manage_exim => false,
|
|
|
|
|
purge_apt_sources => false,
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-26 18:58:35 -05:00
|
|
|
class { 'openstack_project::lists':
|
2014-06-14 08:09:09 -07:00
|
|
|
listadmins => hiera('listadmins', []),
|
2015-10-16 14:17:05 -07:00
|
|
|
listpassword => hiera('listpassword'),
|
2012-07-26 18:58:35 -05:00
|
|
|
}
|
2011-08-02 12:58:08 -07:00
|
|
|
}
|
|
|
|
|
|
2016-07-28 11:27:18 -04:00
|
|
|
# Node-OS: trusty
|
2012-09-28 10:05:02 -04:00
|
|
|
node 'paste.openstack.org' {
|
2015-03-09 17:50:01 -07:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
2012-09-06 10:32:48 -07:00
|
|
|
class { 'openstack_project::paste':
|
2015-10-16 14:18:22 -07:00
|
|
|
db_password => hiera('paste_db_password'),
|
2015-12-29 20:34:43 +00:00
|
|
|
db_host => hiera('paste_db_host'),
|
2012-09-06 10:32:48 -07:00
|
|
|
}
|
2012-01-30 13:57:37 +00:00
|
|
|
}
|
|
|
|
|
|
2016-05-02 10:45:14 -07:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node /^paste\d+\.openstack\.org$/ {
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { 'openstack_project::paste':
|
|
|
|
|
db_password => hiera('paste_db_password'),
|
|
|
|
|
db_host => hiera('paste_db_host'),
|
|
|
|
|
vhost_name => 'paste.openstack.org',
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-23 09:27:29 -07:00
|
|
|
# Node-OS: trusty
|
2017-03-28 13:57:31 +11:00
|
|
|
# Node-OS: xenial
|
2017-03-31 18:14:23 +00:00
|
|
|
node /planet\d*\.openstack\.org$/ {
|
2012-09-06 10:32:48 -07:00
|
|
|
class { 'openstack_project::planet':
|
2014-06-14 08:09:09 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2012-09-06 10:32:48 -07:00
|
|
|
}
|
2012-02-03 14:37:54 +00:00
|
|
|
}
|
|
|
|
|
|
2016-05-23 13:21:06 -04:00
|
|
|
# Node-OS: trusty
|
2012-09-28 10:05:02 -04:00
|
|
|
node 'eavesdrop.openstack.org' {
|
2015-05-19 14:16:18 -04:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-26 18:58:35 -05:00
|
|
|
class { 'openstack_project::eavesdrop':
|
2014-09-19 18:13:26 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2015-10-16 14:19:34 -07:00
|
|
|
nickpass => hiera('openstack_meetbot_password'),
|
2014-05-16 11:46:59 -04:00
|
|
|
statusbot_nick => hiera('statusbot_nick', 'username'),
|
2015-10-16 14:19:34 -07:00
|
|
|
statusbot_password => hiera('statusbot_nick_password'),
|
2013-03-29 13:47:38 -07:00
|
|
|
statusbot_server => 'chat.freenode.net',
|
2015-07-28 18:05:08 -07:00
|
|
|
statusbot_channels => hiera_array('statusbot_channels', ['openstack_infra']),
|
2016-01-29 13:34:24 -08:00
|
|
|
statusbot_auth_nicks => hiera_array('statusbot_auth_nicks'),
|
2014-05-16 11:46:59 -04:00
|
|
|
statusbot_wiki_user => hiera('statusbot_wiki_username', 'username'),
|
2015-10-16 14:19:34 -07:00
|
|
|
statusbot_wiki_password => hiera('statusbot_wiki_password'),
|
2013-03-29 13:47:38 -07:00
|
|
|
statusbot_wiki_url => 'https://wiki.openstack.org/w/api.php',
|
2015-09-17 16:43:37 +02:00
|
|
|
# https://wiki.openstack.org/wiki/Infrastructure_Status
|
2013-03-29 13:47:38 -07:00
|
|
|
statusbot_wiki_pageid => '1781',
|
2015-09-17 16:43:37 +02:00
|
|
|
# https://wiki.openstack.org/wiki/Successes
|
|
|
|
|
statusbot_wiki_successpageid => '7717',
|
|
|
|
|
statusbot_irclogs_url => 'http://eavesdrop.openstack.org/irclogs/%(chan)s/%(chan)s.%(date)s.log.html',
|
2016-09-09 14:43:51 -07:00
|
|
|
statusbot_twitter => true,
|
|
|
|
|
statusbot_twitter_key => hiera('statusbot_twitter_key'),
|
|
|
|
|
statusbot_twitter_secret => hiera('statusbot_twitter_secret'),
|
|
|
|
|
statusbot_twitter_token_key => hiera('statusbot_twitter_token_key'),
|
|
|
|
|
statusbot_twitter_token_secret => hiera('statusbot_twitter_token_secret'),
|
2016-12-14 14:04:28 -08:00
|
|
|
accessbot_nick => hiera('accessbot_nick', 'username'),
|
2015-10-16 14:19:34 -07:00
|
|
|
accessbot_password => hiera('accessbot_nick_password'),
|
2015-12-04 16:43:57 -08:00
|
|
|
meetbot_channels => hiera('meetbot_channels', ['openstack-infra']),
|
2017-07-06 19:41:03 +00:00
|
|
|
ptgbot_nick => hiera('ptgbot_nick', 'username'),
|
|
|
|
|
ptgbot_password => hiera('ptgbot_password'),
|
2012-07-26 18:58:35 -05:00
|
|
|
}
|
2012-04-15 16:06:41 +01:00
|
|
|
}
|
|
|
|
|
|
2017-01-24 11:00:31 -08:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node /^ethercalc\d+\.openstack\.org$/ {
|
|
|
|
|
$group = "ethercalc"
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::ethercalc':
|
|
|
|
|
vhost_name => 'ethercalc.openstack.org',
|
|
|
|
|
ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-20 17:10:29 +00:00
|
|
|
# Node-OS: trusty
|
2012-06-06 20:27:31 +00:00
|
|
|
node 'etherpad.openstack.org' {
|
2015-05-20 10:00:28 -04:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-26 18:58:35 -05:00
|
|
|
class { 'openstack_project::etherpad':
|
2015-10-16 14:20:37 -07:00
|
|
|
ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'),
|
2014-05-16 11:46:59 -04:00
|
|
|
mysql_host => hiera('etherpad_db_host', 'localhost'),
|
|
|
|
|
mysql_user => hiera('etherpad_db_user', 'username'),
|
2015-10-16 14:20:37 -07:00
|
|
|
mysql_password => hiera('etherpad_db_password'),
|
2012-07-26 18:58:35 -05:00
|
|
|
}
|
2012-05-31 23:16:57 +00:00
|
|
|
}
|
|
|
|
|
|
2015-08-20 17:00:54 +00:00
|
|
|
# Node-OS: trusty
|
2012-10-25 16:09:13 -07:00
|
|
|
node 'etherpad-dev.openstack.org' {
|
2015-05-20 10:00:28 -04:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-25 16:09:13 -07:00
|
|
|
class { 'openstack_project::etherpad_dev':
|
2014-05-16 11:46:59 -04:00
|
|
|
mysql_host => hiera('etherpad-dev_db_host', 'localhost'),
|
|
|
|
|
mysql_user => hiera('etherpad-dev_db_user', 'username'),
|
2015-10-16 14:20:37 -07:00
|
|
|
mysql_password => hiera('etherpad-dev_db_password'),
|
2012-10-25 16:09:13 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-19 02:00:30 +00:00
|
|
|
# Node-OS: trusty
|
2016-08-29 19:49:45 +00:00
|
|
|
node /^wiki\d+\.openstack\.org$/ {
|
|
|
|
|
$group = "wiki"
|
2012-07-30 00:23:41 -07:00
|
|
|
class { 'openstack_project::wiki':
|
2016-08-20 15:05:58 +00:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2016-08-20 15:22:46 +00:00
|
|
|
bup_user => 'bup-wiki',
|
2016-08-22 19:45:12 +00:00
|
|
|
serveradmin => hiera('infra_apache_serveradmin'),
|
2016-08-29 19:49:45 +00:00
|
|
|
site_hostname => 'wiki.openstack.org',
|
2016-08-20 15:05:58 +00:00
|
|
|
ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
|
|
|
|
|
wg_dbserver => hiera('wg_dbserver'),
|
|
|
|
|
wg_dbname => 'openstack_wiki',
|
|
|
|
|
wg_dbuser => 'wikiuser',
|
|
|
|
|
wg_dbpassword => hiera('wg_dbpassword'),
|
|
|
|
|
wg_secretkey => hiera('wg_secretkey'),
|
|
|
|
|
wg_upgradekey => hiera('wg_upgradekey'),
|
|
|
|
|
wg_recaptchasitekey => hiera('wg_recaptchasitekey'),
|
|
|
|
|
wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),
|
|
|
|
|
wg_googleanalyticsaccount => hiera('wg_googleanalyticsaccount'),
|
2012-07-30 00:23:41 -07:00
|
|
|
}
|
2012-07-16 15:29:28 -07:00
|
|
|
}
|
|
|
|
|
|
2016-08-20 15:22:46 +00:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node /^wiki-dev\d+\.openstack\.org$/ {
|
|
|
|
|
$group = "wiki-dev"
|
|
|
|
|
class { 'openstack_project::wiki':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
serveradmin => hiera('infra_apache_serveradmin'),
|
|
|
|
|
site_hostname => 'wiki-dev.openstack.org',
|
|
|
|
|
wg_dbserver => hiera('wg_dbserver'),
|
|
|
|
|
wg_dbname => 'openstack_wiki',
|
|
|
|
|
wg_dbuser => 'wikiuser',
|
|
|
|
|
wg_dbpassword => hiera('wg_dbpassword'),
|
|
|
|
|
wg_secretkey => hiera('wg_secretkey'),
|
|
|
|
|
wg_upgradekey => hiera('wg_upgradekey'),
|
|
|
|
|
wg_recaptchasitekey => hiera('wg_recaptchasitekey'),
|
|
|
|
|
wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),
|
2016-09-07 20:47:27 +00:00
|
|
|
disallow_robots => true,
|
2016-08-20 15:22:46 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-25 14:44:34 -07:00
|
|
|
# Node-OS: trusty
|
2013-01-16 15:01:25 -08:00
|
|
|
node 'logstash.openstack.org' {
|
2015-05-22 11:41:31 -04:00
|
|
|
$iptables_es_rule = regsubst($elasticsearch_nodes,
|
|
|
|
|
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
|
|
|
|
|
$iptables_gm_rule = regsubst($elasticsearch_clients,
|
|
|
|
|
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
|
|
|
|
$logstash_iptables_rule = flatten([$iptables_es_rule, $iptables_gm_rule])
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 3306],
|
|
|
|
|
iptables_rules6 => $logstash_iptables_rule,
|
|
|
|
|
iptables_rules4 => $logstash_iptables_rule,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-16 15:01:25 -08:00
|
|
|
class { 'openstack_project::logstash':
|
2015-05-22 11:41:31 -04:00
|
|
|
discover_nodes => [
|
2014-02-25 00:07:17 +00:00
|
|
|
'elasticsearch02.openstack.org:9200',
|
|
|
|
|
'elasticsearch03.openstack.org:9200',
|
|
|
|
|
'elasticsearch04.openstack.org:9200',
|
|
|
|
|
'elasticsearch05.openstack.org:9200',
|
|
|
|
|
'elasticsearch06.openstack.org:9200',
|
2014-06-13 11:19:34 -07:00
|
|
|
'elasticsearch07.openstack.org:9200',
|
2013-08-06 10:46:00 -07:00
|
|
|
],
|
2015-05-22 11:41:31 -04:00
|
|
|
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
|
|
|
|
|
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
|
2013-05-26 16:08:46 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-24 15:53:35 -04:00
|
|
|
# Node-OS: trusty
|
2013-05-26 16:08:46 -07:00
|
|
|
node /^logstash-worker\d+\.openstack\.org$/ {
|
2015-05-22 11:41:31 -04:00
|
|
|
$logstash_worker_iptables_rule = regsubst(flatten([$elasticsearch_nodes, $elasticsearch_clients]),
|
|
|
|
|
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
|
|
|
|
|
$group = 'logstash-worker'
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22],
|
|
|
|
|
iptables_rules6 => $logstash_worker_iptables_rule,
|
|
|
|
|
iptables_rules4 => $logstash_worker_iptables_rule,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-26 16:08:46 -07:00
|
|
|
class { 'openstack_project::logstash_worker':
|
2014-08-06 17:56:16 -07:00
|
|
|
discover_node => 'elasticsearch02.openstack.org',
|
2016-09-30 17:43:38 -04:00
|
|
|
enable_mqtt => false,
|
2016-09-13 12:42:47 -04:00
|
|
|
mqtt_password => hiera('mqtt_service_user_password'),
|
|
|
|
|
mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
|
2013-01-16 15:01:25 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-17 09:48:55 -05:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node /^subunit-worker\d+\.openstack\.org$/ {
|
2015-03-16 12:47:42 -07:00
|
|
|
$group = "subunit-worker"
|
2015-07-09 14:40:01 -05:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
2014-11-17 09:48:55 -05:00
|
|
|
class { 'openstack_project::subunit_worker':
|
2017-04-25 17:14:03 -04:00
|
|
|
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
|
|
|
|
|
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
|
|
|
|
|
mqtt_pass => hiera('mqtt_service_user_password'),
|
|
|
|
|
mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
|
2014-11-17 09:48:55 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-24 16:04:57 -04:00
|
|
|
# Node-OS: trusty
|
2014-06-13 11:19:34 -07:00
|
|
|
node /^elasticsearch0[1-7]\.openstack\.org$/ {
|
2015-03-16 12:47:42 -07:00
|
|
|
$group = "elasticsearch"
|
2015-07-09 14:41:43 -05:00
|
|
|
$iptables_nodes_rule = regsubst ($elasticsearch_nodes,
|
|
|
|
|
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
|
|
|
|
|
$iptables_clients_rule = regsubst ($elasticsearch_clients,
|
|
|
|
|
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
|
|
|
|
|
$iptables_rule = flatten([$iptables_nodes_rule, $iptables_clients_rule])
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22],
|
|
|
|
|
iptables_rules6 => $iptables_rule,
|
|
|
|
|
iptables_rules4 => $iptables_rule,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
2014-02-25 00:07:17 +00:00
|
|
|
class { 'openstack_project::elasticsearch_node':
|
|
|
|
|
discover_nodes => $elasticsearch_nodes,
|
2013-05-23 14:08:58 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-26 19:03:55 -04:00
|
|
|
# Node-OS: xenial
|
|
|
|
|
node /^firehose\d+\.openstack\.org$/ {
|
|
|
|
|
class { 'openstack_project::server':
|
2016-09-27 18:04:23 -04:00
|
|
|
# NOTE(mtreinish) Port 80 and 8080 are disabled because websocket
|
|
|
|
|
# connections seem to crash mosquitto. Once this is fixed we should add
|
|
|
|
|
# them back
|
|
|
|
|
iptables_public_tcp_ports => [22, 25, 1883, 8883],
|
2016-07-26 19:03:55 -04:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2016-09-13 16:15:56 -04:00
|
|
|
manage_exim => false,
|
2016-07-26 19:03:55 -04:00
|
|
|
}
|
|
|
|
|
class { 'openstack_project::firehose':
|
2016-09-13 16:15:56 -04:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2016-07-26 19:03:55 -04:00
|
|
|
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
|
2016-08-02 09:45:10 +02:00
|
|
|
gerrit_public_key => hiera('germqtt_gerrit_ssh_public_key'),
|
2016-07-26 19:03:55 -04:00
|
|
|
gerrit_private_key => hiera('germqtt_gerrit_ssh_private_key'),
|
|
|
|
|
mqtt_password => hiera('mqtt_service_user_password'),
|
2016-08-08 11:03:11 -04:00
|
|
|
ca_file => hiera('mosquitto_tls_ca_file'),
|
|
|
|
|
cert_file => hiera('mosquitto_tls_server_cert_file'),
|
|
|
|
|
key_file => hiera('mosquitto_tls_server_key_file'),
|
2016-08-30 18:26:43 -04:00
|
|
|
imap_hostname => hiera('lpmqtt_imap_server'),
|
|
|
|
|
imap_username => hiera('lpmqtt_imap_username'),
|
|
|
|
|
imap_password => hiera('lpmqtt_imap_password'),
|
2017-04-05 00:21:50 -04:00
|
|
|
statsd_host => 'graphite.openstack.org',
|
2016-07-26 19:03:55 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-09 13:17:57 -08:00
|
|
|
# CentOS machines to load balance git access.
|
2015-11-20 12:13:42 -08:00
|
|
|
# Node-OS: centos7
|
2014-12-09 13:40:24 -08:00
|
|
|
node /^git(-fe\d+)?\.openstack\.org$/ {
|
2015-03-16 12:47:42 -07:00
|
|
|
$group = "git-loadbalancer"
|
2013-07-11 11:21:02 -07:00
|
|
|
class { 'openstack_project::git':
|
2014-06-14 08:09:09 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2013-08-19 17:10:13 -07:00
|
|
|
balancer_member_names => [
|
|
|
|
|
'git01.openstack.org',
|
|
|
|
|
'git02.openstack.org',
|
|
|
|
|
'git03.openstack.org',
|
|
|
|
|
'git04.openstack.org',
|
2014-02-26 20:40:29 +00:00
|
|
|
'git05.openstack.org',
|
2015-06-28 08:10:45 -07:00
|
|
|
'git06.openstack.org',
|
|
|
|
|
'git07.openstack.org',
|
|
|
|
|
'git08.openstack.org',
|
2013-08-19 17:10:13 -07:00
|
|
|
],
|
|
|
|
|
balancer_member_ips => [
|
2015-09-03 15:57:15 -07:00
|
|
|
'104.130.243.237',
|
|
|
|
|
'104.130.243.109',
|
2015-09-03 11:29:57 -07:00
|
|
|
'67.192.247.197',
|
|
|
|
|
'67.192.247.180',
|
2015-09-02 14:50:49 -07:00
|
|
|
'23.253.69.135',
|
|
|
|
|
'104.239.132.223',
|
2015-09-01 12:48:20 -07:00
|
|
|
'23.253.94.84',
|
2015-08-28 15:40:41 -07:00
|
|
|
'104.239.146.131',
|
2013-08-19 17:10:13 -07:00
|
|
|
],
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# CentOS machines to run cgit and git daemon. Will be
|
|
|
|
|
# load balanced by git.openstack.org.
|
2015-09-04 15:12:16 -07:00
|
|
|
# Node-OS: centos7
|
2013-08-19 17:10:13 -07:00
|
|
|
node /^git\d+\.openstack\.org$/ {
|
2015-03-16 12:47:42 -07:00
|
|
|
$group = "git-server"
|
2014-01-08 16:50:59 +08:00
|
|
|
include openstack_project
|
2015-04-30 15:22:34 +02:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [4443, 8080, 29418],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-26 10:38:35 -07:00
|
|
|
class { 'openstack_project::git_backend':
|
2014-09-25 13:11:54 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2013-08-19 17:10:13 -07:00
|
|
|
vhost_name => 'git.openstack.org',
|
2015-10-16 14:22:11 -07:00
|
|
|
git_gerrit_ssh_key => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
|
|
|
|
|
ssl_cert_file_contents => hiera('git_ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('git_ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'),
|
2013-08-19 17:10:13 -07:00
|
|
|
behind_proxy => true,
|
2015-09-10 13:32:29 -05:00
|
|
|
selinux_mode => 'enforcing'
|
2013-07-11 11:21:02 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-20 15:11:24 -08:00
|
|
|
# A machine to drive AFS mirror updates.
|
|
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'mirror-update.openstack.org' {
|
2016-02-04 08:58:30 -08:00
|
|
|
$group = "afsadmin"
|
|
|
|
|
|
2016-01-20 15:11:24 -08:00
|
|
|
class { 'openstack_project::mirror_update':
|
|
|
|
|
bandersnatch_keytab => hiera('bandersnatch_keytab'),
|
|
|
|
|
admin_keytab => hiera('afsadmin_keytab'),
|
2016-12-28 15:54:16 -05:00
|
|
|
fedora_keytab => hiera('fedora_keytab'),
|
2017-02-22 20:43:49 +01:00
|
|
|
opensuse_keytab => hiera('opensuse_keytab'),
|
2016-01-26 10:19:53 -05:00
|
|
|
reprepro_keytab => hiera('reprepro_keytab'),
|
2015-12-04 12:09:51 -05:00
|
|
|
gem_keytab => hiera('gem_keytab'),
|
2016-04-08 15:39:06 -07:00
|
|
|
npm_keytab => hiera('npm_keytab'),
|
2016-03-07 13:59:56 -05:00
|
|
|
centos_keytab => hiera('centos_keytab'),
|
2016-05-12 11:01:43 -04:00
|
|
|
epel_keytab => hiera('epel_keytab'),
|
2016-01-20 15:11:24 -08:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-20 15:11:24 -08:00
|
|
|
# Machines in each region to serve AFS mirrors.
|
|
|
|
|
# Node-OS: trusty
|
2017-08-16 10:11:19 +10:00
|
|
|
# Node-OS: xenial
|
|
|
|
|
node /^mirror\d*\..*\.openstack\.org$/ {
|
2016-01-20 15:11:24 -08:00
|
|
|
$group = "mirror"
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
2017-04-05 13:58:58 -04:00
|
|
|
iptables_public_tcp_ports => [22, 80, 8080, 8081],
|
2016-01-20 15:11:24 -08:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
afs => true,
|
2016-01-23 19:45:59 -08:00
|
|
|
afs_cache_size => 50000000, # 50GB
|
2016-01-20 15:11:24 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::mirror':
|
|
|
|
|
vhost_name => $::fqdn,
|
|
|
|
|
require => Class['Openstack_project::Server'],
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-06 15:10:13 +01:00
|
|
|
# A machine to run ODSREG in preparation for summits.
|
2015-04-02 13:48:18 +00:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'design-summit-prep.openstack.org' {
|
2013-02-07 13:56:07 +00:00
|
|
|
class { 'openstack_project::summit':
|
2014-06-14 08:09:09 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2013-02-06 15:10:13 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-15 09:35:03 -07:00
|
|
|
# Serve static AFS content for docs and other sites.
|
|
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'files01.openstack.org' {
|
2017-01-24 22:54:32 +00:00
|
|
|
$group = "files"
|
2016-09-15 09:35:03 -07:00
|
|
|
class { 'openstack_project::server':
|
2017-01-26 11:48:22 -08:00
|
|
|
iptables_public_tcp_ports => [80, 443],
|
2016-09-15 09:35:03 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
afs => true,
|
|
|
|
|
afs_cache_size => 10000000, # 10GB
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::files':
|
2017-01-24 22:54:32 +00:00
|
|
|
vhost_name => 'files.openstack.org',
|
2017-01-26 21:00:55 +00:00
|
|
|
developer_cert_file_contents => hiera('developer_cert_file_contents'),
|
|
|
|
|
developer_key_file_contents => hiera('developer_key_file_contents'),
|
|
|
|
|
developer_chain_file_contents => hiera('developer_chain_file_contents'),
|
|
|
|
|
docs_cert_file_contents => hiera('docs_cert_file_contents'),
|
|
|
|
|
docs_key_file_contents => hiera('docs_key_file_contents'),
|
|
|
|
|
docs_chain_file_contents => hiera('docs_chain_file_contents'),
|
2017-01-24 22:54:32 +00:00
|
|
|
require => Class['Openstack_project::Server'],
|
2016-09-15 09:35:03 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-06 19:39:00 +00:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'refstack.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { 'refstack':
|
|
|
|
|
mysql_host => hiera('refstack_mysql_host', 'localhost'),
|
|
|
|
|
mysql_database => hiera('refstack_mysql_db_name', 'refstack'),
|
|
|
|
|
mysql_user => hiera('refstack_mysql_user', 'refstack'),
|
2015-10-16 14:22:54 -07:00
|
|
|
mysql_user_password => hiera('refstack_mysql_password'),
|
|
|
|
|
ssl_cert_content => hiera('refstack_ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_content => hiera('refstack_ssl_key_file_contents'),
|
|
|
|
|
ssl_ca_content => hiera('refstack_ssl_chain_file_contents'),
|
2015-07-06 19:39:00 +00:00
|
|
|
protocol => 'https',
|
|
|
|
|
}
|
2015-12-07 22:44:39 +00:00
|
|
|
mysql_backup::backup_remote { 'refstack':
|
|
|
|
|
database_host => hiera('refstack_mysql_host', 'localhost'),
|
|
|
|
|
database_user => hiera('refstack_mysql_user', 'refstack'),
|
|
|
|
|
database_password => hiera('refstack_mysql_password'),
|
|
|
|
|
require => Class['::refstack'],
|
|
|
|
|
}
|
2015-07-06 19:39:00 +00:00
|
|
|
}
|
|
|
|
|
|
2014-01-06 06:33:45 +04:00
|
|
|
# A machine to run Storyboard
|
2016-05-03 08:37:42 -07:00
|
|
|
# Node-OS: trusty
|
2014-01-06 06:33:45 +04:00
|
|
|
node 'storyboard.openstack.org' {
|
|
|
|
|
class { 'openstack_project::storyboard':
|
2014-09-25 13:11:54 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2014-06-14 08:09:09 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2014-05-16 11:46:59 -04:00
|
|
|
mysql_host => hiera('storyboard_db_host', 'localhost'),
|
|
|
|
|
mysql_user => hiera('storyboard_db_user', 'username'),
|
2015-10-16 14:24:54 -07:00
|
|
|
mysql_password => hiera('storyboard_db_password'),
|
2014-08-13 14:48:11 -07:00
|
|
|
rabbitmq_user => hiera('storyboard_rabbit_user', 'username'),
|
2015-10-16 14:24:54 -07:00
|
|
|
rabbitmq_password => hiera('storyboard_rabbit_password'),
|
2016-05-18 15:28:14 +00:00
|
|
|
ssl_cert => '/etc/ssl/certs/storyboard.openstack.org.pem',
|
2015-10-16 14:24:54 -07:00
|
|
|
ssl_cert_file_contents => hiera('storyboard_ssl_cert_file_contents'),
|
2016-05-18 15:28:14 +00:00
|
|
|
ssl_key => '/etc/ssl/private/storyboard.openstack.org.key',
|
2015-10-16 14:24:54 -07:00
|
|
|
ssl_key_file_contents => hiera('storyboard_ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents'),
|
2015-02-23 13:08:51 -08:00
|
|
|
hostname => $::fqdn,
|
2015-02-23 12:27:02 -08:00
|
|
|
valid_oauth_clients => [
|
|
|
|
|
$::fqdn,
|
|
|
|
|
'docs-draft.openstack.org',
|
|
|
|
|
],
|
2015-02-23 13:08:51 -08:00
|
|
|
cors_allowed_origins => [
|
|
|
|
|
"https://${::fqdn}",
|
|
|
|
|
'http://docs-draft.openstack.org',
|
|
|
|
|
],
|
2016-03-16 10:48:23 +00:00
|
|
|
sender_email_address => 'storyboard@storyboard.openstack.org',
|
2014-01-06 06:33:45 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-03 08:37:42 -07:00
|
|
|
# A machine to run Storyboard devel
|
|
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'storyboard-dev.openstack.org' {
|
2016-05-12 14:09:49 -04:00
|
|
|
class { 'openstack_project::storyboard::dev':
|
2016-05-03 08:37:42 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
mysql_host => hiera('storyboard_db_host', 'localhost'),
|
|
|
|
|
mysql_user => hiera('storyboard_db_user', 'username'),
|
|
|
|
|
mysql_password => hiera('storyboard_db_password'),
|
|
|
|
|
rabbitmq_user => hiera('storyboard_rabbit_user', 'username'),
|
|
|
|
|
rabbitmq_password => hiera('storyboard_rabbit_password'),
|
|
|
|
|
hostname => $::fqdn,
|
|
|
|
|
valid_oauth_clients => [
|
|
|
|
|
$::fqdn,
|
|
|
|
|
'docs-draft.openstack.org',
|
|
|
|
|
],
|
|
|
|
|
cors_allowed_origins => [
|
|
|
|
|
"https://${::fqdn}",
|
|
|
|
|
'http://docs-draft.openstack.org',
|
|
|
|
|
],
|
|
|
|
|
sender_email_address => 'storyboard-dev@storyboard-dev.openstack.org',
|
|
|
|
|
}
|
2016-05-12 14:09:49 -04:00
|
|
|
|
2016-05-03 08:37:42 -07:00
|
|
|
}
|
|
|
|
|
|
2012-08-10 15:38:08 -07:00
|
|
|
# A machine to serve static content.
|
2016-07-28 11:27:18 -04:00
|
|
|
# Node-OS: trusty
|
2012-08-10 15:38:08 -07:00
|
|
|
node 'static.openstack.org' {
|
2015-06-24 17:57:10 +00:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
2012-09-06 10:32:48 -07:00
|
|
|
class { 'openstack_project::static':
|
2017-06-30 20:30:54 +00:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/',
|
|
|
|
|
swift_user => 'infra-files-ro',
|
|
|
|
|
swift_key => hiera('infra_files_ro_password'),
|
|
|
|
|
swift_tenant_name => hiera('infra_files_tenant_name', 'tenantname'),
|
|
|
|
|
swift_region_name => 'DFW',
|
|
|
|
|
swift_default_container => 'infra-files',
|
|
|
|
|
ssl_cert_file_contents => hiera('static_ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('static_ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('static_ssl_chain_file_contents'),
|
2013-12-11 12:01:13 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-19 14:57:02 -08:00
|
|
|
# A machine to serve various project status updates.
|
2016-05-24 16:30:22 -04:00
|
|
|
# Node-OS: trusty
|
2013-12-11 12:01:13 -08:00
|
|
|
node 'status.openstack.org' {
|
2015-05-27 14:55:10 -04:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-11 12:01:13 -08:00
|
|
|
class { 'openstack_project::status':
|
2013-12-31 11:11:55 -08:00
|
|
|
gerrit_host => 'review.openstack.org',
|
2015-10-16 14:26:49 -07:00
|
|
|
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
|
|
|
|
|
reviewday_ssh_public_key => hiera('reviewday_rsa_pubkey_contents'),
|
|
|
|
|
reviewday_ssh_private_key => hiera('reviewday_rsa_key_contents'),
|
|
|
|
|
recheck_ssh_public_key => hiera('elastic-recheck_gerrit_ssh_public_key'),
|
|
|
|
|
recheck_ssh_private_key => hiera('elastic-recheck_gerrit_ssh_private_key'),
|
2013-12-31 11:11:55 -08:00
|
|
|
recheck_bot_nick => 'openstackrecheck',
|
2015-10-16 14:26:49 -07:00
|
|
|
recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'),
|
2012-09-06 10:32:48 -07:00
|
|
|
}
|
2012-08-10 15:38:08 -07:00
|
|
|
}
|
|
|
|
|
|
2015-01-15 22:06:20 +00:00
|
|
|
# Node-OS: trusty
|
2013-08-15 17:52:52 +00:00
|
|
|
node 'nodepool.openstack.org' {
|
2016-11-23 11:27:16 -08:00
|
|
|
$group = 'nodepool'
|
2016-10-15 09:48:10 -04:00
|
|
|
# TODO(pabelanger): Move all of this back into nodepool manifest, it has
|
|
|
|
|
# grown too big.
|
2016-02-02 19:21:44 -08:00
|
|
|
$rackspace_username = hiera('nodepool_rackspace_username', 'username')
|
|
|
|
|
$rackspace_password = hiera('nodepool_rackspace_password')
|
|
|
|
|
$rackspace_project = hiera('nodepool_rackspace_project', 'project')
|
|
|
|
|
$hpcloud_username = hiera('nodepool_hpcloud_username', 'username')
|
|
|
|
|
$hpcloud_password = hiera('nodepool_hpcloud_password')
|
|
|
|
|
$hpcloud_project = hiera('nodepool_hpcloud_project', 'project')
|
|
|
|
|
$internap_username = hiera('nodepool_internap_username', 'username')
|
|
|
|
|
$internap_password = hiera('nodepool_internap_password')
|
|
|
|
|
$internap_project = hiera('nodepool_internap_project', 'project')
|
|
|
|
|
$ovh_username = hiera('nodepool_ovh_username', 'username')
|
|
|
|
|
$ovh_password = hiera('nodepool_ovh_password')
|
|
|
|
|
$ovh_project = hiera('nodepool_ovh_project', 'project')
|
|
|
|
|
$tripleo_username = hiera('nodepool_tripleo_username', 'username')
|
|
|
|
|
$tripleo_password = hiera('nodepool_tripleo_password')
|
|
|
|
|
$tripleo_project = hiera('nodepool_tripleo_project', 'project')
|
2016-09-28 14:03:12 +02:00
|
|
|
$infracloud_vanilla_username = hiera('nodepool_infracloud_vanilla_username', 'username')
|
|
|
|
|
$infracloud_vanilla_password = hiera('nodepool_infracloud_vanilla_password')
|
|
|
|
|
$infracloud_vanilla_project = hiera('nodepool_infracloud_vanilla_project', 'project')
|
|
|
|
|
$infracloud_chocolate_username = hiera('nodepool_infracloud_chocolate_username', 'username')
|
|
|
|
|
$infracloud_chocolate_password = hiera('nodepool_infracloud_chocolate_password')
|
|
|
|
|
$infracloud_chocolate_project = hiera('nodepool_infracloud_chocolate_project', 'project')
|
2016-03-01 15:36:35 -08:00
|
|
|
$vexxhost_username = hiera('nodepool_vexxhost_username', 'username')
|
|
|
|
|
$vexxhost_password = hiera('nodepool_vexxhost_password')
|
|
|
|
|
$vexxhost_project = hiera('nodepool_vexxhost_project', 'project')
|
2016-10-12 15:27:08 -07:00
|
|
|
$citycloud_username = hiera('nodepool_citycloud_username', 'username')
|
|
|
|
|
$citycloud_password = hiera('nodepool_citycloud_password')
|
2016-02-02 19:21:44 -08:00
|
|
|
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
|
2016-11-28 21:47:10 -05:00
|
|
|
|
2017-02-15 18:00:17 -05:00
|
|
|
$zk_receivers = [
|
|
|
|
|
'nb01.openstack.org',
|
|
|
|
|
'nb02.openstack.org',
|
2017-05-23 10:33:58 -04:00
|
|
|
'nb03.openstack.org',
|
2017-05-24 11:28:47 -04:00
|
|
|
'nb04.openstack.org',
|
2017-02-20 14:58:38 -05:00
|
|
|
'nl01.openstack.org',
|
2017-09-04 14:35:13 -04:00
|
|
|
'nl02.openstack.org',
|
2017-02-20 14:58:38 -05:00
|
|
|
'zuulv3-dev.openstack.org',
|
2017-06-02 11:34:13 -04:00
|
|
|
'zuulv3.openstack.org',
|
2017-02-15 18:00:17 -05:00
|
|
|
]
|
2016-11-28 21:47:10 -05:00
|
|
|
$zk_iptables_rule = regsubst($zk_receivers,
|
|
|
|
|
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 2181 -s \1 -j ACCEPT')
|
|
|
|
|
$iptables_rule = flatten([$zk_iptables_rule])
|
2015-05-20 13:39:09 -04:00
|
|
|
class { 'openstack_project::server':
|
2016-11-28 21:47:10 -05:00
|
|
|
iptables_rules6 => $iptables_rule,
|
|
|
|
|
iptables_rules4 => $iptables_rule,
|
2015-05-20 13:39:09 -04:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-01 13:36:27 -04:00
|
|
|
class { '::zookeeper': }
|
|
|
|
|
|
2016-05-26 16:51:37 -04:00
|
|
|
include openstack_project
|
|
|
|
|
|
2015-10-29 03:21:16 -07:00
|
|
|
class { '::openstackci::nodepool':
|
2016-01-28 16:13:54 -08:00
|
|
|
vhost_name => 'nodepool.openstack.org',
|
|
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
mysql_password => hiera('nodepool_mysql_password'),
|
|
|
|
|
mysql_root_password => hiera('nodepool_mysql_root_password'),
|
2016-05-31 14:46:34 -04:00
|
|
|
nodepool_ssh_public_key => hiera('zuul_worker_ssh_public_key_contents'),
|
|
|
|
|
# TODO(pabelanger): Switch out private key with zuul_worker once we are
|
|
|
|
|
# ready.
|
2016-01-28 16:13:54 -08:00
|
|
|
nodepool_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
|
|
|
|
|
oscc_file_contents => $clouds_yaml,
|
|
|
|
|
image_log_document_root => '/var/log/nodepool/image',
|
|
|
|
|
statsd_host => 'graphite.openstack.org',
|
|
|
|
|
logging_conf_template => 'openstack_project/nodepool/nodepool.logging.conf.erb',
|
|
|
|
|
builder_logging_conf_template => 'openstack_project/nodepool/nodepool-builder.logging.conf.erb',
|
2016-05-12 15:18:49 -04:00
|
|
|
upload_workers => '16',
|
2016-06-16 13:30:16 -07:00
|
|
|
jenkins_masters => [],
|
2016-10-05 17:28:33 -04:00
|
|
|
split_daemon => true,
|
2013-08-15 17:52:52 +00:00
|
|
|
}
|
2016-08-24 12:38:45 +02:00
|
|
|
file { '/home/nodepool/.config/openstack/infracloud_vanilla_cacert.pem':
|
2016-02-23 13:02:49 -08:00
|
|
|
ensure => present,
|
|
|
|
|
owner => 'nodepool',
|
|
|
|
|
group => 'nodepool',
|
|
|
|
|
mode => '0600',
|
2016-08-23 12:36:18 +02:00
|
|
|
content => hiera('infracloud_vanilla_ssl_cert_file_contents'),
|
2016-02-23 13:02:49 -08:00
|
|
|
require => Class['::openstackci::nodepool'],
|
|
|
|
|
}
|
2016-09-28 14:03:12 +02:00
|
|
|
file { '/home/nodepool/.config/openstack/infracloud_chocolate_cacert.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'nodepool',
|
|
|
|
|
group => 'nodepool',
|
|
|
|
|
mode => '0600',
|
|
|
|
|
content => hiera('infracloud_chocolate_ssl_cert_file_contents'),
|
|
|
|
|
require => Class['::openstackci::nodepool'],
|
|
|
|
|
}
|
2016-10-15 09:48:10 -04:00
|
|
|
|
|
|
|
|
cron { 'mirror_gitgc':
|
|
|
|
|
user => 'nodepool',
|
|
|
|
|
hour => '20',
|
|
|
|
|
minute => '0',
|
2017-04-12 09:20:39 +10:00
|
|
|
command => 'find /opt/dib_cache/source-repositories/ -maxdepth 1 -type d -name "*.git" -exec git --git-dir="{}" gc \; >/dev/null',
|
2016-10-15 09:48:10 -04:00
|
|
|
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
|
|
|
|
|
require => Class['::openstackci::nodepool'],
|
2016-09-28 14:03:12 +02:00
|
|
|
}
|
2013-08-15 17:52:52 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-07 10:48:57 -05:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
# Node-OS: xenial
|
|
|
|
|
node /^nl\d+\.openstack\.org$/ {
|
|
|
|
|
$group = 'nodepool'
|
|
|
|
|
# TODO(pabelanger): Move all of this back into nodepool manifest, it has
|
|
|
|
|
# grown too big.
|
|
|
|
|
$rackspace_username = hiera('nodepool_rackspace_username', 'username')
|
|
|
|
|
$rackspace_password = hiera('nodepool_rackspace_password')
|
|
|
|
|
$rackspace_project = hiera('nodepool_rackspace_project', 'project')
|
|
|
|
|
$hpcloud_username = hiera('nodepool_hpcloud_username', 'username')
|
|
|
|
|
$hpcloud_password = hiera('nodepool_hpcloud_password')
|
|
|
|
|
$hpcloud_project = hiera('nodepool_hpcloud_project', 'project')
|
|
|
|
|
$internap_username = hiera('nodepool_internap_username', 'username')
|
|
|
|
|
$internap_password = hiera('nodepool_internap_password')
|
|
|
|
|
$internap_project = hiera('nodepool_internap_project', 'project')
|
|
|
|
|
$ovh_username = hiera('nodepool_ovh_username', 'username')
|
|
|
|
|
$ovh_password = hiera('nodepool_ovh_password')
|
|
|
|
|
$ovh_project = hiera('nodepool_ovh_project', 'project')
|
|
|
|
|
$tripleo_username = hiera('nodepool_tripleo_username', 'username')
|
|
|
|
|
$tripleo_password = hiera('nodepool_tripleo_password')
|
|
|
|
|
$tripleo_project = hiera('nodepool_tripleo_project', 'project')
|
|
|
|
|
$infracloud_vanilla_username = hiera('nodepool_infracloud_vanilla_username', 'username')
|
|
|
|
|
$infracloud_vanilla_password = hiera('nodepool_infracloud_vanilla_password')
|
|
|
|
|
$infracloud_vanilla_project = hiera('nodepool_infracloud_vanilla_project', 'project')
|
|
|
|
|
$infracloud_chocolate_username = hiera('nodepool_infracloud_chocolate_username', 'username')
|
|
|
|
|
$infracloud_chocolate_password = hiera('nodepool_infracloud_chocolate_password')
|
|
|
|
|
$infracloud_chocolate_project = hiera('nodepool_infracloud_chocolate_project', 'project')
|
|
|
|
|
$vexxhost_username = hiera('nodepool_vexxhost_username', 'username')
|
|
|
|
|
$vexxhost_password = hiera('nodepool_vexxhost_password')
|
|
|
|
|
$vexxhost_project = hiera('nodepool_vexxhost_project', 'project')
|
|
|
|
|
$citycloud_username = hiera('nodepool_citycloud_username', 'username')
|
|
|
|
|
$citycloud_password = hiera('nodepool_citycloud_password')
|
|
|
|
|
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
include openstack_project
|
|
|
|
|
|
|
|
|
|
class { '::openstackci::nodepool_launcher':
|
2017-02-20 13:46:36 -05:00
|
|
|
nodepool_ssh_private_key => hiera('zuul_worker_ssh_private_key_contents'),
|
|
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
oscc_file_contents => $clouds_yaml,
|
|
|
|
|
statsd_host => 'graphite.openstack.org',
|
2017-03-10 10:53:55 -05:00
|
|
|
statsd_prefix => 'zuulv3-dev',
|
2017-02-20 13:46:36 -05:00
|
|
|
revision => 'feature/zuulv3',
|
2017-07-19 11:21:35 -04:00
|
|
|
python_version => 3,
|
2017-02-07 10:48:57 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/home/nodepool/.config/openstack/infracloud_vanilla_cacert.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'nodepool',
|
|
|
|
|
group => 'nodepool',
|
|
|
|
|
mode => '0600',
|
|
|
|
|
content => hiera('infracloud_vanilla_ssl_cert_file_contents'),
|
|
|
|
|
require => Class['::openstackci::nodepool_launcher'],
|
|
|
|
|
}
|
|
|
|
|
file { '/home/nodepool/.config/openstack/infracloud_chocolate_cacert.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'nodepool',
|
|
|
|
|
group => 'nodepool',
|
|
|
|
|
mode => '0600',
|
|
|
|
|
content => hiera('infracloud_chocolate_ssl_cert_file_contents'),
|
|
|
|
|
require => Class['::openstackci::nodepool_launcher'],
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-07 15:01:07 -04:00
|
|
|
# Node-OS: xenial
|
|
|
|
|
node /^nb0[12].openstack\.org$/ {
|
|
|
|
|
$group = 'nodepool'
|
|
|
|
|
# TODO(pabelanger): Move all of this back into nodepool manifest, it has
|
|
|
|
|
# grown too big.
|
|
|
|
|
$rackspace_username = hiera('nodepool_rackspace_username', 'username')
|
|
|
|
|
$rackspace_password = hiera('nodepool_rackspace_password')
|
|
|
|
|
$rackspace_project = hiera('nodepool_rackspace_project', 'project')
|
|
|
|
|
$hpcloud_username = hiera('nodepool_hpcloud_username', 'username')
|
|
|
|
|
$hpcloud_password = hiera('nodepool_hpcloud_password')
|
|
|
|
|
$hpcloud_project = hiera('nodepool_hpcloud_project', 'project')
|
|
|
|
|
$internap_username = hiera('nodepool_internap_username', 'username')
|
|
|
|
|
$internap_password = hiera('nodepool_internap_password')
|
|
|
|
|
$internap_project = hiera('nodepool_internap_project', 'project')
|
|
|
|
|
$ovh_username = hiera('nodepool_ovh_username', 'username')
|
|
|
|
|
$ovh_password = hiera('nodepool_ovh_password')
|
|
|
|
|
$ovh_project = hiera('nodepool_ovh_project', 'project')
|
|
|
|
|
$tripleo_username = hiera('nodepool_tripleo_username', 'username')
|
|
|
|
|
$tripleo_password = hiera('nodepool_tripleo_password')
|
|
|
|
|
$tripleo_project = hiera('nodepool_tripleo_project', 'project')
|
|
|
|
|
$infracloud_vanilla_username = hiera('nodepool_infracloud_vanilla_username', 'username')
|
|
|
|
|
$infracloud_vanilla_password = hiera('nodepool_infracloud_vanilla_password')
|
|
|
|
|
$infracloud_vanilla_project = hiera('nodepool_infracloud_vanilla_project', 'project')
|
|
|
|
|
$infracloud_chocolate_username = hiera('nodepool_infracloud_chocolate_username', 'username')
|
|
|
|
|
$infracloud_chocolate_password = hiera('nodepool_infracloud_chocolate_password')
|
|
|
|
|
$infracloud_chocolate_project = hiera('nodepool_infracloud_chocolate_project', 'project')
|
|
|
|
|
$vexxhost_username = hiera('nodepool_vexxhost_username', 'username')
|
|
|
|
|
$vexxhost_password = hiera('nodepool_vexxhost_password')
|
|
|
|
|
$vexxhost_project = hiera('nodepool_vexxhost_project', 'project')
|
|
|
|
|
$citycloud_username = hiera('nodepool_citycloud_username', 'username')
|
|
|
|
|
$citycloud_password = hiera('nodepool_citycloud_password')
|
|
|
|
|
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
include openstack_project
|
|
|
|
|
|
|
|
|
|
class { '::openstackci::nodepool_builder':
|
|
|
|
|
nodepool_ssh_public_key => hiera('zuul_worker_ssh_public_key_contents'),
|
|
|
|
|
vhost_name => $::fqdn,
|
|
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
oscc_file_contents => $clouds_yaml,
|
|
|
|
|
image_log_document_root => '/var/log/nodepool/image',
|
|
|
|
|
statsd_host => 'graphite.openstack.org',
|
|
|
|
|
builder_logging_conf_template => 'openstack_project/nodepool/nodepool-builder.logging.conf.erb',
|
|
|
|
|
upload_workers => '16',
|
|
|
|
|
revision => 'feature/zuulv3',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/home/nodepool/.config/openstack/infracloud_vanilla_cacert.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'nodepool',
|
|
|
|
|
group => 'nodepool',
|
|
|
|
|
mode => '0600',
|
|
|
|
|
content => hiera('infracloud_vanilla_ssl_cert_file_contents'),
|
|
|
|
|
require => Class['::openstackci::nodepool_builder'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/home/nodepool/.config/openstack/infracloud_chocolate_cacert.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'nodepool',
|
|
|
|
|
group => 'nodepool',
|
|
|
|
|
mode => '0600',
|
|
|
|
|
content => hiera('infracloud_chocolate_ssl_cert_file_contents'),
|
|
|
|
|
require => Class['::openstackci::nodepool_builder'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cron { 'mirror_gitgc':
|
|
|
|
|
user => 'nodepool',
|
|
|
|
|
hour => '20',
|
|
|
|
|
minute => '0',
|
|
|
|
|
command => 'find /opt/dib_cache/source-repositories/ -type d -name "*.git" -exec git --git-dir="{}" gc \; >/dev/null',
|
|
|
|
|
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
|
|
|
|
|
require => Class['::openstackci::nodepool_builder'],
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-22 15:11:32 -08:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
# Node-OS: xenial
|
2017-09-07 14:58:42 -04:00
|
|
|
node /^nb0[34].openstack\.org$/ {
|
2016-11-23 11:27:16 -08:00
|
|
|
$group = 'nodepool'
|
2016-11-22 15:11:32 -08:00
|
|
|
# TODO(pabelanger): Move all of this back into nodepool manifest, it has
|
|
|
|
|
# grown too big.
|
|
|
|
|
$rackspace_username = hiera('nodepool_rackspace_username', 'username')
|
|
|
|
|
$rackspace_password = hiera('nodepool_rackspace_password')
|
|
|
|
|
$rackspace_project = hiera('nodepool_rackspace_project', 'project')
|
|
|
|
|
$hpcloud_username = hiera('nodepool_hpcloud_username', 'username')
|
|
|
|
|
$hpcloud_password = hiera('nodepool_hpcloud_password')
|
|
|
|
|
$hpcloud_project = hiera('nodepool_hpcloud_project', 'project')
|
|
|
|
|
$internap_username = hiera('nodepool_internap_username', 'username')
|
|
|
|
|
$internap_password = hiera('nodepool_internap_password')
|
|
|
|
|
$internap_project = hiera('nodepool_internap_project', 'project')
|
|
|
|
|
$ovh_username = hiera('nodepool_ovh_username', 'username')
|
|
|
|
|
$ovh_password = hiera('nodepool_ovh_password')
|
|
|
|
|
$ovh_project = hiera('nodepool_ovh_project', 'project')
|
|
|
|
|
$tripleo_username = hiera('nodepool_tripleo_username', 'username')
|
|
|
|
|
$tripleo_password = hiera('nodepool_tripleo_password')
|
|
|
|
|
$tripleo_project = hiera('nodepool_tripleo_project', 'project')
|
|
|
|
|
$infracloud_vanilla_username = hiera('nodepool_infracloud_vanilla_username', 'username')
|
|
|
|
|
$infracloud_vanilla_password = hiera('nodepool_infracloud_vanilla_password')
|
|
|
|
|
$infracloud_vanilla_project = hiera('nodepool_infracloud_vanilla_project', 'project')
|
|
|
|
|
$infracloud_chocolate_username = hiera('nodepool_infracloud_chocolate_username', 'username')
|
|
|
|
|
$infracloud_chocolate_password = hiera('nodepool_infracloud_chocolate_password')
|
|
|
|
|
$infracloud_chocolate_project = hiera('nodepool_infracloud_chocolate_project', 'project')
|
|
|
|
|
$vexxhost_username = hiera('nodepool_vexxhost_username', 'username')
|
|
|
|
|
$vexxhost_password = hiera('nodepool_vexxhost_password')
|
|
|
|
|
$vexxhost_project = hiera('nodepool_vexxhost_project', 'project')
|
|
|
|
|
$citycloud_username = hiera('nodepool_citycloud_username', 'username')
|
|
|
|
|
$citycloud_password = hiera('nodepool_citycloud_password')
|
|
|
|
|
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
include openstack_project
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class { '::openstackci::nodepool_builder':
|
2016-11-29 11:19:26 -05:00
|
|
|
nodepool_ssh_public_key => hiera('zuul_worker_ssh_public_key_contents'),
|
2016-11-22 15:11:32 -08:00
|
|
|
vhost_name => $::fqdn,
|
|
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
oscc_file_contents => $clouds_yaml,
|
|
|
|
|
image_log_document_root => '/var/log/nodepool/image',
|
|
|
|
|
statsd_host => 'graphite.openstack.org',
|
|
|
|
|
builder_logging_conf_template => 'openstack_project/nodepool/nodepool-builder.logging.conf.erb',
|
|
|
|
|
upload_workers => '16',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/home/nodepool/.config/openstack/infracloud_vanilla_cacert.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'nodepool',
|
|
|
|
|
group => 'nodepool',
|
|
|
|
|
mode => '0600',
|
|
|
|
|
content => hiera('infracloud_vanilla_ssl_cert_file_contents'),
|
|
|
|
|
require => Class['::openstackci::nodepool_builder'],
|
|
|
|
|
}
|
|
|
|
|
file { '/home/nodepool/.config/openstack/infracloud_chocolate_cacert.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'nodepool',
|
|
|
|
|
group => 'nodepool',
|
|
|
|
|
mode => '0600',
|
|
|
|
|
content => hiera('infracloud_chocolate_ssl_cert_file_contents'),
|
|
|
|
|
require => Class['::openstackci::nodepool_builder'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cron { 'mirror_gitgc':
|
|
|
|
|
user => 'nodepool',
|
|
|
|
|
hour => '20',
|
|
|
|
|
minute => '0',
|
|
|
|
|
command => 'find /opt/dib_cache/source-repositories/ -type d -name "*.git" -exec git --git-dir="{}" gc \; >/dev/null',
|
|
|
|
|
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
|
|
|
|
|
require => Class['::openstackci::nodepool_builder'],
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-01 16:06:22 -04:00
|
|
|
# Node-OS: xenial
|
|
|
|
|
node /^ze\d+\.openstack\.org$/ {
|
2017-06-06 12:36:44 -04:00
|
|
|
$group = "zuul-executor"
|
|
|
|
|
|
2017-06-27 13:36:16 -07:00
|
|
|
$gerrit_server = 'review.openstack.org'
|
|
|
|
|
$gerrit_user = 'zuul'
|
|
|
|
|
$gerrit_ssh_host_key = hiera('gerrit_ssh_rsa_pubkey_contents')
|
|
|
|
|
$gerrit_ssh_private_key = hiera('gerrit_ssh_private_key_contents')
|
|
|
|
|
$zuul_ssh_private_key = hiera('zuul_ssh_private_key_contents')
|
|
|
|
|
$zuul_static_private_key = hiera('jenkins_ssh_private_key_contents')
|
|
|
|
|
$git_email = 'zuul@openstack.org'
|
|
|
|
|
$git_name = 'OpenStack Zuul'
|
|
|
|
|
$revision = 'feature/zuulv3'
|
2017-06-01 16:06:22 -04:00
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [79],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
2017-08-30 19:57:12 -05:00
|
|
|
afs => true,
|
2017-06-01 16:06:22 -04:00
|
|
|
}
|
|
|
|
|
|
2017-08-03 21:05:14 -04:00
|
|
|
class { '::project_config':
|
|
|
|
|
url => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-01 16:06:22 -04:00
|
|
|
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
|
|
|
|
|
# settings.
|
|
|
|
|
class { '::zuul':
|
2017-08-03 21:05:14 -04:00
|
|
|
gearman_server => 'zuulv3.openstack.org',
|
|
|
|
|
gerrit_server => $gerrit_server,
|
|
|
|
|
gerrit_user => $gerrit_user,
|
|
|
|
|
zuul_ssh_private_key => $gerrit_ssh_private_key,
|
|
|
|
|
git_email => $git_email,
|
|
|
|
|
git_name => $git_name,
|
|
|
|
|
worker_private_key_file => '/var/lib/zuul/ssh/nodepool_id_rsa',
|
|
|
|
|
revision => $revision,
|
|
|
|
|
python_version => 3,
|
|
|
|
|
zookeeper_hosts => 'nodepool.openstack.org:2181',
|
|
|
|
|
zuulv3 => true,
|
|
|
|
|
connections => hiera('zuul_connections', []),
|
|
|
|
|
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
|
|
|
|
|
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
|
|
|
|
|
gearman_ssl_ca => hiera('gearman_ssl_ca'),
|
2017-08-31 12:44:03 -04:00
|
|
|
#TODO(pabelanger): Add openafs role for zuul-jobs to setup /etc/openafs
|
|
|
|
|
# properly. We need to revisting this post Queens PTG.
|
|
|
|
|
trusted_ro_paths => ['/etc/openafs', '/var/lib/zuul/ssh'],
|
2017-08-31 19:08:23 -04:00
|
|
|
trusted_rw_paths => ['/afs'],
|
2017-09-22 15:13:06 -05:00
|
|
|
disk_limit_per_job => 5000, # Megabytes
|
2017-08-03 21:05:14 -04:00
|
|
|
site_variables_yaml_file => $::project_config::zuul_site_variables_yaml,
|
|
|
|
|
require => $::project_config::config_dir,
|
2017-06-01 16:06:22 -04:00
|
|
|
}
|
|
|
|
|
|
2017-08-03 21:01:44 -04:00
|
|
|
class { '::zuul::executor': }
|
2017-06-07 14:07:52 -04:00
|
|
|
|
2017-09-11 12:20:17 -06:00
|
|
|
# This is used by the log job submission playbook which runs under
|
|
|
|
|
# python2
|
|
|
|
|
package { 'gear':
|
|
|
|
|
ensure => latest,
|
|
|
|
|
provider => openstack_pip,
|
|
|
|
|
require => Class['pip'],
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-07 14:07:52 -04:00
|
|
|
file { '/var/lib/zuul/ssh/nodepool_id_rsa':
|
|
|
|
|
owner => 'zuul',
|
|
|
|
|
group => 'zuul',
|
|
|
|
|
mode => '0400',
|
|
|
|
|
require => File['/var/lib/zuul/ssh'],
|
|
|
|
|
content => $zuul_ssh_private_key,
|
|
|
|
|
}
|
2017-06-08 17:59:26 -04:00
|
|
|
|
2017-06-27 13:36:16 -07:00
|
|
|
file { '/var/lib/zuul/ssh/static_id_rsa':
|
|
|
|
|
owner => 'zuul',
|
|
|
|
|
group => 'zuul',
|
|
|
|
|
mode => '0400',
|
|
|
|
|
require => File['/var/lib/zuul/ssh'],
|
|
|
|
|
content => $zuul_static_private_key,
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-08 17:59:26 -04:00
|
|
|
class { '::zuul::known_hosts':
|
2017-06-09 12:57:58 -04:00
|
|
|
known_hosts_content => "review.openstack.org,104.130.246.91,2001:4800:7819:103:be76:4eff:fe05:8525 ${gerrit_ssh_host_key}",
|
2017-06-08 17:59:26 -04:00
|
|
|
}
|
2017-06-01 16:06:22 -04:00
|
|
|
}
|
|
|
|
|
|
2017-02-16 15:33:32 -05:00
|
|
|
# Node-OS: trusty
|
2017-02-07 14:32:26 -05:00
|
|
|
node 'zuulv3-dev.openstack.org' {
|
2017-02-16 15:33:32 -05:00
|
|
|
$gerrit_server = 'review.openstack.org'
|
|
|
|
|
$gerrit_user = 'zuul'
|
2017-02-20 16:24:29 -05:00
|
|
|
$gerrit_ssh_host_key = hiera('gerrit_zuul_user_ssh_key_contents')
|
2017-02-16 15:33:32 -05:00
|
|
|
$zuul_ssh_private_key = hiera('zuul_ssh_private_key_contents')
|
|
|
|
|
$zuul_url = "http://${::fqdn}/p"
|
|
|
|
|
$git_email = 'zuul@openstack.org'
|
|
|
|
|
$git_name = 'OpenStack Zuul'
|
|
|
|
|
$revision = 'feature/zuulv3'
|
2017-02-07 14:32:26 -05:00
|
|
|
|
|
|
|
|
$gearman_workers = []
|
|
|
|
|
$iptables_rules = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
iptables_rules6 => $iptables_rules,
|
|
|
|
|
iptables_rules4 => $iptables_rules,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
|
|
|
|
|
# settings.
|
|
|
|
|
class { '::zuul':
|
|
|
|
|
gerrit_server => $gerrit_server,
|
|
|
|
|
gerrit_user => $gerrit_user,
|
|
|
|
|
zuul_ssh_private_key => $zuul_ssh_private_key,
|
|
|
|
|
git_email => $git_email,
|
|
|
|
|
git_name => $git_name,
|
|
|
|
|
revision => $revision,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::zuul_merger':
|
2017-02-16 15:33:32 -05:00
|
|
|
gerrit_server => $gerrit_server,
|
2017-02-07 14:32:26 -05:00
|
|
|
gerrit_user => $gerrit_user,
|
|
|
|
|
gerrit_ssh_host_key => $gerrit_ssh_host_key,
|
|
|
|
|
zuul_ssh_private_key => $zuul_ssh_private_key,
|
|
|
|
|
revision => $revision,
|
|
|
|
|
manage_common_zuul => false,
|
|
|
|
|
}
|
|
|
|
|
# TODO(pabelanger): Add zuul_scheduler support
|
|
|
|
|
# TODO(pabelanger): Add zuul_launcher support
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-31 14:08:50 -07:00
|
|
|
# Node-OS: xenial
|
|
|
|
|
node 'zuulv3.openstack.org' {
|
|
|
|
|
$gerrit_server = 'review.openstack.org'
|
|
|
|
|
$gerrit_user = 'zuul'
|
|
|
|
|
$gerrit_ssh_host_key = hiera('gerrit_zuul_user_ssh_key_contents')
|
|
|
|
|
$zuul_ssh_private_key = hiera('zuul_ssh_private_key_contents')
|
|
|
|
|
$zuul_url = "http://${::fqdn}/p"
|
|
|
|
|
$git_email = 'zuul@openstack.org'
|
|
|
|
|
$git_name = 'OpenStack Zuul'
|
|
|
|
|
$revision = 'feature/zuulv3'
|
|
|
|
|
|
2017-06-06 15:29:37 -04:00
|
|
|
$gearman_workers = [
|
|
|
|
|
'ze01.openstack.org',
|
2017-08-16 08:59:10 -07:00
|
|
|
'ze02.openstack.org',
|
|
|
|
|
'ze03.openstack.org',
|
|
|
|
|
'ze04.openstack.org',
|
2017-09-11 19:03:41 -04:00
|
|
|
'ze05.openstack.org',
|
|
|
|
|
'ze06.openstack.org',
|
|
|
|
|
'ze07.openstack.org',
|
|
|
|
|
'ze08.openstack.org',
|
2017-09-11 14:18:28 -04:00
|
|
|
'zm05.openstack.org',
|
|
|
|
|
'zm06.openstack.org',
|
|
|
|
|
'zm07.openstack.org',
|
|
|
|
|
'zm08.openstack.org',
|
2017-06-06 15:29:37 -04:00
|
|
|
]
|
|
|
|
|
$iptables_rules = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
|
|
|
|
|
2017-05-31 14:08:50 -07:00
|
|
|
class { 'openstack_project::server':
|
2017-07-28 15:04:00 -04:00
|
|
|
iptables_public_tcp_ports => [80, 443],
|
2017-06-06 15:29:37 -04:00
|
|
|
iptables_rules6 => $iptables_rules,
|
|
|
|
|
iptables_rules4 => $iptables_rules,
|
2017-05-31 14:08:50 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { '::project_config':
|
|
|
|
|
url => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
|
|
|
|
|
# settings.
|
|
|
|
|
class { '::zuul':
|
2017-07-28 15:04:00 -04:00
|
|
|
gerrit_server => $gerrit_server,
|
|
|
|
|
gerrit_user => $gerrit_user,
|
|
|
|
|
zuul_ssh_private_key => $zuul_ssh_private_key,
|
|
|
|
|
git_email => $git_email,
|
|
|
|
|
git_name => $git_name,
|
|
|
|
|
revision => $revision,
|
|
|
|
|
python_version => 3,
|
|
|
|
|
zookeeper_hosts => 'nodepool.openstack.org:2181',
|
|
|
|
|
zuulv3 => true,
|
|
|
|
|
connections => hiera('zuul_connections', []),
|
|
|
|
|
connection_secrets => hiera('zuul_connection_secrets', []),
|
|
|
|
|
zuul_status_url => 'http://127.0.0.1:8001/openstack',
|
|
|
|
|
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
|
|
|
|
|
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
|
|
|
|
|
gearman_server_ssl_cert => hiera('gearman_server_ssl_cert'),
|
|
|
|
|
gearman_server_ssl_key => hiera('gearman_server_ssl_key'),
|
|
|
|
|
gearman_ssl_ca => hiera('gearman_ssl_ca'),
|
|
|
|
|
proxy_ssl_cert_file_contents => hiera('zuul_ssl_cert_file_contents'),
|
|
|
|
|
proxy_ssl_key_file_contents => hiera('zuul_ssl_key_file_contents'),
|
2017-05-31 14:08:50 -07:00
|
|
|
}
|
|
|
|
|
|
2017-07-28 03:20:41 -05:00
|
|
|
file { "/etc/zuul/github.key":
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'zuul',
|
|
|
|
|
group => 'zuul',
|
|
|
|
|
mode => '0600',
|
|
|
|
|
content => hiera('zuul_github_app_key'),
|
|
|
|
|
require => File['/etc/zuul'],
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-31 14:08:50 -07:00
|
|
|
class { '::zuul::scheduler':
|
2017-07-27 13:55:15 -05:00
|
|
|
layout_dir => $::project_config::zuul_layout_dir,
|
|
|
|
|
require => $::project_config::config_dir,
|
|
|
|
|
python_version => 3,
|
|
|
|
|
use_mysql => true,
|
2017-05-31 14:08:50 -07:00
|
|
|
}
|
2017-07-12 05:19:36 -05:00
|
|
|
|
|
|
|
|
class { '::zuul::web': }
|
2017-05-31 14:08:50 -07:00
|
|
|
}
|
|
|
|
|
|
2015-02-13 15:35:48 -08:00
|
|
|
# Node-OS: trusty
|
2012-11-29 13:43:20 -08:00
|
|
|
node 'zuul.openstack.org' {
|
2017-02-07 15:05:42 -05:00
|
|
|
$gearman_workers = [
|
|
|
|
|
'nodepool.openstack.org',
|
|
|
|
|
'zlstatic01.openstack.org',
|
|
|
|
|
'zl01.openstack.org',
|
|
|
|
|
'zl02.openstack.org',
|
|
|
|
|
'zl03.openstack.org',
|
|
|
|
|
'zl04.openstack.org',
|
|
|
|
|
'zl05.openstack.org',
|
|
|
|
|
'zl06.openstack.org',
|
|
|
|
|
'zm01.openstack.org',
|
|
|
|
|
'zm02.openstack.org',
|
|
|
|
|
'zm03.openstack.org',
|
|
|
|
|
'zm04.openstack.org',
|
|
|
|
|
]
|
|
|
|
|
$iptables_rules = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80, 443],
|
|
|
|
|
iptables_rules6 => $iptables_rules,
|
|
|
|
|
iptables_rules4 => $iptables_rules,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-13 14:59:15 -07:00
|
|
|
class { 'openstack_project::zuul_prod':
|
2014-09-18 13:05:06 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2014-04-05 15:58:12 +11:00
|
|
|
gerrit_server => 'review.openstack.org',
|
|
|
|
|
gerrit_user => 'jenkins',
|
2015-10-16 14:29:17 -07:00
|
|
|
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
|
|
|
|
|
zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
|
2014-04-05 15:58:12 +11:00
|
|
|
url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
|
2015-10-16 14:29:17 -07:00
|
|
|
proxy_ssl_cert_file_contents => hiera('zuul_ssl_cert_file_contents'),
|
|
|
|
|
proxy_ssl_key_file_contents => hiera('zuul_ssl_key_file_contents'),
|
|
|
|
|
proxy_ssl_chain_file_contents => hiera('zuul_ssl_chain_file_contents'),
|
2014-04-05 15:58:12 +11:00
|
|
|
zuul_url => 'http://zuul.openstack.org/p',
|
|
|
|
|
statsd_host => 'graphite.openstack.org',
|
2014-01-08 16:12:39 +08:00
|
|
|
}
|
2013-05-09 16:06:21 -07:00
|
|
|
}
|
|
|
|
|
|
2016-05-12 14:39:46 -07:00
|
|
|
# Node-OS: trusty
|
2016-05-26 08:28:30 -07:00
|
|
|
node /^zlstatic\d+\.openstack\.org$/ {
|
2016-05-12 14:39:46 -07:00
|
|
|
$group = "zuul-merger"
|
|
|
|
|
$zmq_event_receivers = ['logstash.openstack.org',
|
|
|
|
|
'nodepool.openstack.org']
|
|
|
|
|
$zmq_iptables_rule = regsubst($zmq_event_receivers,
|
|
|
|
|
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 8888 -s \1 -j ACCEPT')
|
|
|
|
|
$iptables_rule = flatten([$zmq_iptables_rule])
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_rules6 => $iptables_rule,
|
|
|
|
|
iptables_rules4 => $iptables_rule,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
2016-09-29 16:17:53 -07:00
|
|
|
afs => true,
|
2016-05-12 14:39:46 -07:00
|
|
|
}
|
|
|
|
|
class { 'openstack_project::zuul_launcher':
|
|
|
|
|
gearman_server => 'zuul.openstack.org',
|
|
|
|
|
gerrit_server => 'review.openstack.org',
|
|
|
|
|
gerrit_user => 'jenkins',
|
|
|
|
|
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
|
2016-05-16 17:05:11 -07:00
|
|
|
zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
|
2016-05-16 15:30:04 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2016-05-12 14:39:46 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
2016-05-26 08:29:40 -07:00
|
|
|
sites => hiera('zuul_sites', []),
|
|
|
|
|
nodes => hiera('zuul_nodes', []),
|
2016-06-08 14:26:20 -07:00
|
|
|
accept_nodes => false,
|
2016-05-12 14:39:46 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-26 08:28:30 -07:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node /^zl\d+\.openstack\.org$/ {
|
|
|
|
|
$group = "zuul-merger"
|
|
|
|
|
$zmq_event_receivers = ['logstash.openstack.org',
|
|
|
|
|
'nodepool.openstack.org']
|
|
|
|
|
$zmq_iptables_rule = regsubst($zmq_event_receivers,
|
|
|
|
|
'^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 8888 -s \1 -j ACCEPT')
|
|
|
|
|
$iptables_rule = flatten([$zmq_iptables_rule])
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_rules6 => $iptables_rule,
|
|
|
|
|
iptables_rules4 => $iptables_rule,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
2016-09-29 16:17:53 -07:00
|
|
|
afs => true,
|
2016-05-26 08:28:30 -07:00
|
|
|
}
|
|
|
|
|
class { 'openstack_project::zuul_launcher':
|
|
|
|
|
gearman_server => 'zuul.openstack.org',
|
|
|
|
|
gerrit_server => 'review.openstack.org',
|
|
|
|
|
gerrit_user => 'jenkins',
|
|
|
|
|
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
|
|
|
|
|
zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
|
|
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
2016-05-26 08:29:40 -07:00
|
|
|
sites => hiera('zuul_sites', []),
|
2016-09-16 18:05:56 -04:00
|
|
|
zuul_launcher_keytab => hiera('zuul_launcher_keytab'),
|
2016-05-26 08:28:30 -07:00
|
|
|
}
|
|
|
|
|
}
|
2016-05-12 14:39:46 -07:00
|
|
|
|
2015-02-13 15:35:48 -08:00
|
|
|
# Node-OS: trusty
|
2017-09-10 13:16:16 -04:00
|
|
|
node /^zm0[1234].openstack\.org$/ {
|
2015-03-16 12:47:42 -07:00
|
|
|
$group = "zuul-merger"
|
2017-02-07 14:22:32 -05:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-29 16:15:32 -07:00
|
|
|
class { 'openstack_project::zuul_merger':
|
2014-02-17 17:20:35 -08:00
|
|
|
gearman_server => 'zuul.openstack.org',
|
2014-02-17 08:47:04 -08:00
|
|
|
gerrit_server => 'review.openstack.org',
|
|
|
|
|
gerrit_user => 'jenkins',
|
2015-10-16 14:30:21 -07:00
|
|
|
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
|
|
|
|
|
zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
|
2014-02-17 08:47:04 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-10 13:57:57 -04:00
|
|
|
# Node-OS: xenial
|
|
|
|
|
node /^zm0[5678].openstack\.org$/ {
|
|
|
|
|
$group = "zuul-merger"
|
|
|
|
|
|
|
|
|
|
$gerrit_server = 'review.openstack.org'
|
|
|
|
|
$gerrit_user = 'zuul'
|
2017-09-12 12:58:13 -04:00
|
|
|
$gerrit_ssh_host_key = hiera('gerrit_ssh_rsa_pubkey_contents')
|
2017-09-11 15:45:39 -04:00
|
|
|
$zuul_ssh_private_key = hiera('zuulv3_ssh_private_key_contents')
|
2017-09-10 13:57:57 -04:00
|
|
|
$zuul_url = "http://${::fqdn}/p"
|
|
|
|
|
$git_email = 'zuul@openstack.org'
|
|
|
|
|
$git_name = 'OpenStack Zuul'
|
|
|
|
|
$revision = 'feature/zuulv3'
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
|
|
|
|
|
# settings.
|
|
|
|
|
class { '::zuul':
|
|
|
|
|
gearman_server => 'zuulv3.openstack.org',
|
|
|
|
|
gerrit_server => $gerrit_server,
|
|
|
|
|
gerrit_user => $gerrit_user,
|
|
|
|
|
zuul_ssh_private_key => $zuul_ssh_private_key,
|
|
|
|
|
git_email => $git_email,
|
|
|
|
|
git_name => $git_name,
|
|
|
|
|
revision => $revision,
|
|
|
|
|
python_version => 3,
|
|
|
|
|
zookeeper_hosts => 'nodepool.openstack.org:2181',
|
|
|
|
|
zuulv3 => true,
|
|
|
|
|
connections => hiera('zuul_connections', []),
|
|
|
|
|
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
|
|
|
|
|
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
|
|
|
|
|
gearman_ssl_ca => hiera('gearman_ssl_ca'),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::zuul_merger':
|
|
|
|
|
gerrit_server => $gerrit_server,
|
|
|
|
|
gerrit_user => $gerrit_user,
|
|
|
|
|
gerrit_ssh_host_key => $gerrit_ssh_host_key,
|
|
|
|
|
zuul_ssh_private_key => $zuul_ssh_private_key,
|
|
|
|
|
manage_common_zuul => false,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-13 15:35:48 -08:00
|
|
|
# Node-OS: trusty
|
2013-05-09 16:06:21 -07:00
|
|
|
node 'zuul-dev.openstack.org' {
|
2017-02-07 14:41:18 -05:00
|
|
|
$gearman_workers = []
|
|
|
|
|
$iptables_rules = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
iptables_rules6 => $iptables_rules,
|
|
|
|
|
iptables_rules4 => $iptables_rules,
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-09 16:06:21 -07:00
|
|
|
class { 'openstack_project::zuul_dev':
|
2014-09-18 13:05:06 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2014-01-21 13:47:24 -08:00
|
|
|
gerrit_server => 'review-dev.openstack.org',
|
2015-02-06 11:26:07 -08:00
|
|
|
gerrit_user => 'jenkins',
|
2015-10-16 14:31:14 -07:00
|
|
|
gerrit_ssh_host_key => hiera('gerrit_dev_ssh_rsa_pubkey_contents'),
|
|
|
|
|
zuul_ssh_private_key => hiera('zuul_dev_ssh_private_key_contents'),
|
2013-07-29 10:46:53 -07:00
|
|
|
url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
|
2013-11-27 09:58:47 -02:00
|
|
|
zuul_url => 'http://zuul-dev.openstack.org/p',
|
2013-05-09 16:06:21 -07:00
|
|
|
statsd_host => 'graphite.openstack.org',
|
2012-11-29 13:43:20 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-02 16:29:44 -05:00
|
|
|
# Node-OS: trusty
|
2013-07-16 17:03:58 -04:00
|
|
|
node 'pbx.openstack.org' {
|
2015-12-02 17:35:36 -05:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
# SIP signaling is either TCP or UDP port 5060.
|
|
|
|
|
# RTP media (audio/video) uses a range of UDP ports.
|
|
|
|
|
iptables_public_tcp_ports => [5060],
|
|
|
|
|
iptables_public_udp_ports => [5060],
|
|
|
|
|
iptables_rules4 => ['-m udp -p udp --dport 10000:20000 -j ACCEPT'],
|
|
|
|
|
iptables_rules6 => ['-m udp -p udp --dport 10000:20000 -j ACCEPT'],
|
|
|
|
|
}
|
2013-07-16 17:03:58 -04:00
|
|
|
class { 'openstack_project::pbx':
|
2013-07-18 13:36:21 -07:00
|
|
|
sip_providers => [
|
|
|
|
|
{
|
|
|
|
|
provider => 'voipms',
|
|
|
|
|
hostname => 'dallas.voip.ms',
|
2014-05-16 11:46:59 -04:00
|
|
|
username => hiera('voipms_username', 'username'),
|
2015-10-16 14:32:03 -07:00
|
|
|
password => hiera('voipms_password'),
|
2013-07-18 13:36:21 -07:00
|
|
|
outgoing => false,
|
|
|
|
|
},
|
|
|
|
|
],
|
2013-07-16 17:03:58 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-20 09:52:57 -05:00
|
|
|
# Node-OS: trusty
|
2012-06-15 22:40:12 +00:00
|
|
|
# A backup machine. Don't run cron or puppet agent on it.
|
|
|
|
|
node /^ci-backup-.*\.openstack\.org$/ {
|
2015-03-16 12:47:42 -07:00
|
|
|
$group = "ci-backup"
|
2017-03-25 14:55:29 +01:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [],
|
|
|
|
|
manage_exim => false,
|
|
|
|
|
purge_apt_sources => false,
|
|
|
|
|
}
|
2012-07-20 19:38:57 -07:00
|
|
|
include openstack_project::backup_server
|
2012-06-15 22:40:12 +00:00
|
|
|
}
|
|
|
|
|
|
2015-06-29 17:00:47 +00:00
|
|
|
# Node-OS: trusty
|
2013-08-02 11:06:29 -07:00
|
|
|
node 'proposal.slave.openstack.org' {
|
2013-06-03 16:05:57 -07:00
|
|
|
include openstack_project
|
2013-08-02 11:06:29 -07:00
|
|
|
class { 'openstack_project::proposal_slave':
|
2014-04-11 13:49:31 -07:00
|
|
|
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
|
2015-10-16 14:33:37 -07:00
|
|
|
proposal_ssh_public_key => hiera('proposal_ssh_public_key_contents'),
|
|
|
|
|
proposal_ssh_private_key => hiera('proposal_ssh_private_key_contents'),
|
2015-08-28 18:38:50 -07:00
|
|
|
zanata_server_url => 'https://translate.openstack.org/',
|
2015-10-16 14:33:37 -07:00
|
|
|
zanata_server_user => hiera('proposal_zanata_user'),
|
|
|
|
|
zanata_server_api_key => hiera('proposal_zanata_api_key'),
|
2012-08-14 12:47:01 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-03 18:16:39 +00:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'release.slave.openstack.org' {
|
2016-02-04 08:58:30 -08:00
|
|
|
$group = "afsadmin"
|
|
|
|
|
|
2015-07-03 18:16:39 +00:00
|
|
|
include openstack_project
|
|
|
|
|
class { 'openstack_project::release_slave':
|
|
|
|
|
pypi_username => 'openstackci',
|
2015-10-28 11:31:50 +09:00
|
|
|
pypi_password => hiera('pypi_password'),
|
2013-06-01 19:40:07 -07:00
|
|
|
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
|
2014-05-16 11:46:59 -04:00
|
|
|
jenkinsci_username => hiera('jenkins_ci_org_user', 'username'),
|
2015-10-28 11:31:50 +09:00
|
|
|
jenkinsci_password => hiera('jenkins_ci_org_password'),
|
2014-05-16 11:46:59 -04:00
|
|
|
mavencentral_username => hiera('mavencentral_org_user', 'username'),
|
2015-10-28 11:31:50 +09:00
|
|
|
mavencentral_password => hiera('mavencentral_org_password'),
|
2014-11-16 19:32:44 +00:00
|
|
|
puppet_forge_username => hiera('puppet_forge_username', 'username'),
|
2015-10-28 11:31:50 +09:00
|
|
|
puppet_forge_password => hiera('puppet_forge_password'),
|
2015-07-02 15:43:32 -07:00
|
|
|
npm_username => 'openstackci',
|
2015-10-28 11:31:50 +09:00
|
|
|
npm_userpassword => hiera('npm_user_password'),
|
2015-07-02 15:43:32 -07:00
|
|
|
npm_userurl => 'https://openstack.org',
|
2016-01-28 05:33:36 -08:00
|
|
|
admin_keytab => hiera('afsadmin_keytab'),
|
2016-07-11 10:20:31 -04:00
|
|
|
packaging_keytab => hiera('packaging_keytab'),
|
2012-11-16 13:16:26 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-22 23:29:17 +00:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node /^signing\d+\.ci\.openstack\.org$/ {
|
2016-07-06 21:37:13 +00:00
|
|
|
$group = "signing"
|
2016-06-22 23:29:17 +00:00
|
|
|
include openstack_project
|
|
|
|
|
class { 'openstack_project::signing_node':
|
|
|
|
|
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
|
2016-07-18 09:36:21 -04:00
|
|
|
packaging_keytab => hiera('packaging_keytab'),
|
2016-06-22 23:29:17 +00:00
|
|
|
pubring => hiera('pubring'),
|
|
|
|
|
secring => hiera('secring'),
|
2016-07-15 13:48:08 +00:00
|
|
|
gerritkey => hiera('gerritkey'),
|
2016-08-17 18:32:33 +00:00
|
|
|
lp_access_token => hiera('lp_access_token'),
|
|
|
|
|
lp_access_secret => hiera('lp_access_secret'),
|
|
|
|
|
lp_consumer_key => hiera('lp_consumer_key'),
|
2016-06-22 23:29:17 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-08 17:53:11 +00:00
|
|
|
# Node-OS: trusty
|
2014-09-05 14:47:47 +02:00
|
|
|
node 'openstackid.org' {
|
|
|
|
|
class { 'openstack_project::openstackid_prod':
|
2016-03-16 08:22:04 -03:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
site_admin_password => hiera('openstackid_site_admin_password'),
|
|
|
|
|
id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'),
|
|
|
|
|
id_mysql_password => hiera('openstackid_id_mysql_password'),
|
|
|
|
|
id_mysql_user => hiera('openstackid_id_mysql_user', 'username'),
|
|
|
|
|
id_db_name => hiera('openstackid_id_db_name'),
|
|
|
|
|
ss_mysql_host => hiera('openstackid_ss_mysql_host', 'localhost'),
|
|
|
|
|
ss_mysql_password => hiera('openstackid_ss_mysql_password'),
|
|
|
|
|
ss_mysql_user => hiera('openstackid_ss_mysql_user', 'username'),
|
|
|
|
|
ss_db_name => hiera('openstackid_ss_db_name', 'username'),
|
|
|
|
|
redis_password => hiera('openstackid_redis_password'),
|
|
|
|
|
ssl_cert_file_contents => hiera('openstackid_ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('openstackid_ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('openstackid_ssl_chain_file_contents'),
|
|
|
|
|
id_recaptcha_public_key => hiera('openstackid_recaptcha_public_key'),
|
|
|
|
|
id_recaptcha_private_key => hiera('openstackid_recaptcha_private_key'),
|
|
|
|
|
app_url => 'https://openstackid.org',
|
|
|
|
|
app_key => hiera('openstackid_app_key'),
|
|
|
|
|
id_log_error_to_email => 'openstack@tipit.net',
|
|
|
|
|
id_log_error_from_email => 'noreply@openstack.org',
|
|
|
|
|
email_driver => 'smtp',
|
|
|
|
|
email_smtp_server => 'smtp.sendgrid.net',
|
|
|
|
|
email_smtp_server_user => hiera('openstackid_smtp_user'),
|
|
|
|
|
email_smtp_server_password => hiera('openstackid_smtp_password'),
|
2014-09-05 14:47:47 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-08 17:53:11 +00:00
|
|
|
# Node-OS: trusty
|
2013-10-24 11:18:24 -03:00
|
|
|
node 'openstackid-dev.openstack.org' {
|
2013-12-20 04:59:12 +00:00
|
|
|
class { 'openstack_project::openstackid_dev':
|
2016-03-16 08:22:04 -03:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
site_admin_password => hiera('openstackid_dev_site_admin_password'),
|
|
|
|
|
id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'),
|
|
|
|
|
id_mysql_password => hiera('openstackid_dev_id_mysql_password'),
|
|
|
|
|
id_mysql_user => hiera('openstackid_dev_id_mysql_user', 'username'),
|
|
|
|
|
ss_mysql_host => hiera('openstackid_dev_ss_mysql_host', 'localhost'),
|
|
|
|
|
ss_mysql_password => hiera('openstackid_dev_ss_mysql_password'),
|
|
|
|
|
ss_mysql_user => hiera('openstackid_dev_ss_mysql_user', 'username'),
|
|
|
|
|
ss_db_name => hiera('openstackid_dev_ss_db_name', 'username'),
|
|
|
|
|
redis_password => hiera('openstackid_dev_redis_password'),
|
|
|
|
|
ssl_cert_file_contents => hiera('openstackid_dev_ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('openstackid_dev_ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('openstackid_dev_ssl_chain_file_contents'),
|
|
|
|
|
id_recaptcha_public_key => hiera('openstackid_dev_recaptcha_public_key'),
|
|
|
|
|
id_recaptcha_private_key => hiera('openstackid_dev_recaptcha_private_key'),
|
|
|
|
|
app_url => 'https://openstackid-dev.openstack.org',
|
|
|
|
|
app_key => hiera('openstackid_dev_app_key'),
|
|
|
|
|
id_log_error_to_email => 'openstack@tipit.net',
|
|
|
|
|
id_log_error_from_email => 'noreply@openstack.org',
|
|
|
|
|
email_driver => 'smtp',
|
|
|
|
|
email_smtp_server => 'smtp.sendgrid.net',
|
|
|
|
|
email_smtp_server_user => hiera('openstackid_dev_smtp_user'),
|
|
|
|
|
email_smtp_server_password => hiera('openstackid_dev_smtp_password'),
|
2013-10-24 11:18:24 -03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-15 17:12:46 -08:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
# Used for testing all-in-one deployments
|
|
|
|
|
node 'single-node-ci.test.only' {
|
|
|
|
|
include ::openstackci::single_node_ci
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-18 14:56:00 -07:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'kdc01.openstack.org' {
|
|
|
|
|
class { 'openstack_project::kdc':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'kdc02.openstack.org' {
|
|
|
|
|
class { 'openstack_project::kdc':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
slave => true,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-22 09:31:05 -08:00
|
|
|
# Node-OS: trusty
|
2017-01-06 15:18:02 -08:00
|
|
|
node 'afsdb01.openstack.org' {
|
2016-11-22 09:31:05 -08:00
|
|
|
$group = "afsdb"
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
afs => true,
|
|
|
|
|
manage_exim => true,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
include openstack_project::afsdb
|
|
|
|
|
include openstack_project::afsrelease
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-18 16:22:52 -07:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node /^afsdb.*\.openstack\.org$/ {
|
2015-03-16 12:47:42 -07:00
|
|
|
$group = "afsdb"
|
2015-04-07 13:55:42 -07:00
|
|
|
|
2016-01-20 00:13:50 +00:00
|
|
|
class { 'openstack_project::server':
|
2015-04-07 13:55:42 -07:00
|
|
|
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
afs => true,
|
2015-05-06 15:43:27 -07:00
|
|
|
manage_exim => true,
|
2014-10-18 16:22:52 -07:00
|
|
|
}
|
2015-04-07 13:55:42 -07:00
|
|
|
|
|
|
|
|
include openstack_project::afsdb
|
2014-10-18 16:22:52 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Node-OS: trusty
|
|
|
|
|
node /^afs.*\..*\.openstack\.org$/ {
|
2015-03-16 12:47:42 -07:00
|
|
|
$group = "afs"
|
2015-04-07 13:55:42 -07:00
|
|
|
|
2016-01-20 00:13:50 +00:00
|
|
|
class { 'openstack_project::server':
|
2015-04-07 13:55:42 -07:00
|
|
|
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
afs => true,
|
2015-05-06 15:43:27 -07:00
|
|
|
manage_exim => true,
|
2014-10-18 16:22:52 -07:00
|
|
|
}
|
2015-04-07 13:55:42 -07:00
|
|
|
|
|
|
|
|
include openstack_project::afsfs
|
2014-10-18 16:22:52 -07:00
|
|
|
}
|
|
|
|
|
|
2015-08-05 15:56:08 +00:00
|
|
|
# Node-OS: trusty
|
2014-12-08 16:58:38 +01:00
|
|
|
node 'ask.openstack.org' {
|
2015-05-15 16:53:38 -04:00
|
|
|
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-08 16:58:38 +01:00
|
|
|
class { 'openstack_project::ask':
|
|
|
|
|
db_user => hiera('ask_db_user', 'ask'),
|
2015-10-16 14:36:04 -07:00
|
|
|
db_password => hiera('ask_db_password'),
|
|
|
|
|
redis_password => hiera('ask_redis_password'),
|
2014-12-08 16:58:38 +01:00
|
|
|
site_ssl_cert_file_contents => hiera('ask_site_ssl_cert_file_contents', undef),
|
|
|
|
|
site_ssl_key_file_contents => hiera('ask_site_ssl_key_file_contents', undef),
|
|
|
|
|
site_ssl_chain_file_contents => hiera('ask_site_ssl_chain_file_contents', undef),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-13 13:07:23 +02:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'ask-staging.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [22, 80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { 'openstack_project::ask_staging':
|
2015-10-16 14:36:04 -07:00
|
|
|
db_password => hiera('ask_staging_db_password'),
|
|
|
|
|
redis_password => hiera('ask_staging_redis_password'),
|
2015-04-13 13:07:23 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-27 09:27:03 -07:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'translate.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { 'openstack_project::translate':
|
2015-11-05 15:35:51 +11:00
|
|
|
admin_users => 'aeng,camunoz,cboylan,daisyycguo,infra,jaegerandi,lyz,mordred,stevenk',
|
2015-08-27 09:27:03 -07:00
|
|
|
openid_url => 'https://openstackid.org',
|
|
|
|
|
listeners => ['ajp'],
|
|
|
|
|
from_address => 'noreply@openstack.org',
|
|
|
|
|
mysql_host => hiera('translate_mysql_host', 'localhost'),
|
2015-10-16 14:52:02 -07:00
|
|
|
mysql_password => hiera('translate_mysql_password'),
|
|
|
|
|
zanata_server_user => hiera('proposal_zanata_user'),
|
|
|
|
|
zanata_server_api_key => hiera('proposal_zanata_api_key'),
|
2015-08-27 09:27:03 -07:00
|
|
|
zanata_wildfly_version => '9.0.1',
|
2015-10-30 11:31:25 +09:00
|
|
|
zanata_url => 'https://sourceforge.net/projects/zanata/files/webapp/zanata-war-3.7.3.war',
|
|
|
|
|
zanata_checksum => '59f1ac35cce46ba4e46b06a239cd7ab4e10b5528',
|
2015-08-27 09:27:03 -07:00
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
2015-10-16 14:52:02 -07:00
|
|
|
ssl_cert_file_contents => hiera('translate_ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('translate_ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('translate_ssl_chain_file_contents'),
|
2015-08-27 09:27:03 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-27 09:09:48 -08:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
# Node-OS: xenial
|
|
|
|
|
node /^translate\d+\.openstack\.org$/ {
|
2017-02-27 11:03:27 -08:00
|
|
|
$group = "translate"
|
2017-02-27 09:09:48 -08:00
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80, 443],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { 'openstack_project::translate':
|
|
|
|
|
admin_users => 'aeng,camunoz,cboylan,daisyycguo,infra,jaegerandi,lyz,mordred,stevenk',
|
|
|
|
|
openid_url => 'https://openstackid.org',
|
|
|
|
|
listeners => ['ajp'],
|
|
|
|
|
from_address => 'noreply@openstack.org',
|
2017-02-27 15:35:07 -08:00
|
|
|
mysql_host => hiera('translate_mysql_host', 'localhost'),
|
|
|
|
|
mysql_password => hiera('translate_mysql_password'),
|
2017-02-27 09:09:48 -08:00
|
|
|
zanata_server_user => hiera('proposal_zanata_user'),
|
|
|
|
|
zanata_server_api_key => hiera('proposal_zanata_api_key'),
|
|
|
|
|
zanata_wildfly_version => '10.1.0',
|
|
|
|
|
zanata_wildfly_install_url => 'https://repo1.maven.org/maven2/org/wildfly/wildfly-dist/10.1.0.Final/wildfly-dist-10.1.0.Final.tar.gz',
|
|
|
|
|
zanata_url => 'https://github.com/zanata/zanata-server/releases/download/server-3.9.6/zanata-3.9.6-wildfly.zip',
|
|
|
|
|
zanata_checksum => 'cb7a477f46a118a337b59b9f4004ef7e6c77a1a8',
|
|
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
ssl_cert_file_contents => hiera('translate_ssl_cert_file_contents'),
|
|
|
|
|
ssl_key_file_contents => hiera('translate_ssl_key_file_contents'),
|
|
|
|
|
ssl_chain_file_contents => hiera('translate_ssl_chain_file_contents'),
|
2017-02-27 11:05:10 -08:00
|
|
|
vhost_name => 'translate.openstack.org',
|
2017-02-27 09:09:48 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-30 12:13:59 -07:00
|
|
|
# Node-OS: trusty
|
2016-11-18 14:35:38 -08:00
|
|
|
# Node-OS: xenial
|
|
|
|
|
node /^translate-dev\d*\.openstack\.org$/ {
|
|
|
|
|
$group = "translate-dev"
|
2015-03-30 12:13:59 -07:00
|
|
|
class { 'openstack_project::translate_dev':
|
2016-11-18 14:35:38 -08:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
admin_users => 'aeng,camunoz,cboylan,daisyycguo,infra,jaegerandi,lyz,mordred,stevenk',
|
2017-01-12 22:03:58 +00:00
|
|
|
openid_url => 'https://openstackid-dev.openstack.org',
|
2016-11-18 14:35:38 -08:00
|
|
|
listeners => ['ajp'],
|
|
|
|
|
from_address => 'noreply@openstack.org',
|
|
|
|
|
mysql_host => hiera('translate_dev_mysql_host', 'localhost'),
|
|
|
|
|
mysql_password => hiera('translate_dev_mysql_password'),
|
|
|
|
|
zanata_server_user => hiera('proposal_zanata_user'),
|
|
|
|
|
zanata_server_api_key => hiera('proposal_zanata_api_key'),
|
|
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
vhost_name => 'translate-dev.openstack.org',
|
2015-03-30 12:13:59 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-02 22:29:27 -07:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'apps.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
2015-10-01 11:55:39 -07:00
|
|
|
iptables_public_tcp_ports => [80, 443],
|
2015-06-02 22:29:27 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { '::apps_site':
|
2015-10-01 11:55:39 -07:00
|
|
|
ssl_cert_file => '/etc/ssl/certs/apps.openstack.org.pem',
|
2015-10-16 14:53:32 -07:00
|
|
|
ssl_cert_file_contents => hiera('apps_ssl_cert_file_contents'),
|
2015-10-01 11:55:39 -07:00
|
|
|
ssl_key_file => '/etc/ssl/private/apps.openstack.org.key',
|
2015-10-16 14:53:32 -07:00
|
|
|
ssl_key_file_contents => hiera('apps_ssl_key_file_contents'),
|
2015-10-01 11:55:39 -07:00
|
|
|
ssl_chain_file => '/etc/ssl/certs/apps.openstack.org_intermediate.pem',
|
2015-10-16 14:53:32 -07:00
|
|
|
ssl_chain_file_contents => hiera('apps_ssl_chain_file_contents'),
|
2015-06-02 22:29:27 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-06 16:58:56 +03:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'apps-dev.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
2016-11-21 19:01:49 +03:00
|
|
|
iptables_public_tcp_ports => [80],
|
2016-10-06 16:58:56 +03:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { '::apps_site':
|
2016-11-21 19:01:49 +03:00
|
|
|
without_glare => false,
|
|
|
|
|
}
|
|
|
|
|
class { '::apps_site::plugins::glare':
|
|
|
|
|
use_ssl => false,
|
|
|
|
|
memcache_server => '127.0.0.1:11211',
|
|
|
|
|
vhost_name => $::fqdn,
|
2016-10-06 16:58:56 +03:00
|
|
|
}
|
2016-11-21 19:01:49 +03:00
|
|
|
class { '::apps_site::wsgi::apache':
|
|
|
|
|
use_ssl => false,
|
|
|
|
|
servername => $::fqdn,
|
|
|
|
|
}
|
|
|
|
|
class { '::apps_site::catalog':
|
|
|
|
|
import_assets => true,
|
|
|
|
|
domain => $::fqdn,
|
|
|
|
|
glare_url => "http://${::fqdn}:9494",
|
|
|
|
|
memcache_server => '127.0.0.1:11211',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Class['::apps_site'] ->
|
|
|
|
|
Class['::apps_site::plugins::glare'] ->
|
|
|
|
|
Class['::apps_site::wsgi::apache'] ->
|
|
|
|
|
Class['::apps_site::catalog']
|
2016-10-06 16:58:56 +03:00
|
|
|
}
|
|
|
|
|
|
2015-09-15 16:40:52 -07:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'odsreg.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
realize (
|
|
|
|
|
User::Virtual::Localuser['ttx'],
|
|
|
|
|
)
|
|
|
|
|
class { '::odsreg':
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-24 23:23:06 -07:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'codesearch.openstack.org' {
|
|
|
|
|
class { 'openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
}
|
|
|
|
|
class { 'openstack_project::codesearch':
|
|
|
|
|
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-17 22:37:49 +00:00
|
|
|
# Node-OS: trusty
|
2016-03-09 08:37:45 +11:00
|
|
|
# Node-OS: centos7
|
2016-04-12 12:43:52 -04:00
|
|
|
# Node-OS: xenial
|
2015-03-17 22:37:49 +00:00
|
|
|
node /.*wheel-mirror-.*\.openstack\.org/ {
|
2016-01-20 21:37:08 +00:00
|
|
|
$group = 'wheel-mirror'
|
2015-03-17 22:37:49 +00:00
|
|
|
include openstack_project
|
2016-01-27 11:31:36 -08:00
|
|
|
|
2015-03-17 22:37:49 +00:00
|
|
|
class { 'openstack_project::wheel_mirror_slave':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
|
2016-01-27 11:31:36 -08:00
|
|
|
wheel_keytab => hiera("wheel_keytab"),
|
2015-03-17 22:37:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-05 16:06:43 -07:00
|
|
|
# Node-OS: trusty
|
2016-08-23 09:14:25 +02:00
|
|
|
node 'controller00.vanilla.ic.openstack.org' {
|
2015-08-05 16:06:43 -07:00
|
|
|
$group = 'infracloud'
|
|
|
|
|
class { '::openstack_project::server':
|
2016-02-26 11:58:22 -05:00
|
|
|
iptables_public_tcp_ports => [80,5000,5671,8774,9292,9696,35357], # logs,keystone,rabbit,nova,glance,neutron,keystone
|
2015-08-05 16:06:43 -07:00
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
enable_unbound => false,
|
2016-02-24 10:50:08 -08:00
|
|
|
purge_apt_sources => false,
|
2015-08-05 16:06:43 -07:00
|
|
|
}
|
|
|
|
|
class { '::openstack_project::infracloud::controller':
|
2016-02-10 17:13:38 +01:00
|
|
|
keystone_rabbit_password => hiera('keystone_rabbit_password'),
|
2015-08-05 16:06:43 -07:00
|
|
|
neutron_rabbit_password => hiera('neutron_rabbit_password'),
|
|
|
|
|
nova_rabbit_password => hiera('nova_rabbit_password'),
|
|
|
|
|
root_mysql_password => hiera('infracloud_mysql_password'),
|
|
|
|
|
keystone_mysql_password => hiera('keystone_mysql_password'),
|
|
|
|
|
glance_mysql_password => hiera('glance_mysql_password'),
|
|
|
|
|
neutron_mysql_password => hiera('neutron_mysql_password'),
|
|
|
|
|
nova_mysql_password => hiera('nova_mysql_password'),
|
|
|
|
|
keystone_admin_password => hiera('keystone_admin_password'),
|
|
|
|
|
glance_admin_password => hiera('glance_admin_password'),
|
|
|
|
|
neutron_admin_password => hiera('neutron_admin_password'),
|
|
|
|
|
nova_admin_password => hiera('nova_admin_password'),
|
|
|
|
|
keystone_admin_token => hiera('keystone_admin_token'),
|
2016-02-11 20:15:07 -08:00
|
|
|
ssl_key_file_contents => hiera('ssl_key_file_contents'),
|
2016-08-23 12:36:18 +02:00
|
|
|
ssl_cert_file_contents => hiera('infracloud_vanilla_ssl_cert_file_contents'),
|
2016-09-12 12:35:42 +02:00
|
|
|
br_name => hiera('bridge_name'),
|
2015-08-05 16:06:43 -07:00
|
|
|
controller_public_address => $::fqdn,
|
2016-08-23 11:08:53 +02:00
|
|
|
neutron_subnet_cidr => '15.184.64.0/19',
|
|
|
|
|
neutron_subnet_gateway => '15.184.64.1',
|
2016-02-24 23:52:38 +01:00
|
|
|
neutron_subnet_allocation_pools => [
|
2016-08-23 11:08:53 +02:00
|
|
|
'start=15.184.65.2,end=15.184.65.254',
|
|
|
|
|
'start=15.184.66.2,end=15.184.66.254',
|
|
|
|
|
'start=15.184.67.2,end=15.184.67.254'
|
2016-10-17 10:15:06 +02:00
|
|
|
],
|
|
|
|
|
mysql_max_connections => hiera('mysql_max_connections'),
|
2015-08-05 16:06:43 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-23 09:14:25 +02:00
|
|
|
node /^compute\d{3}\.vanilla\.ic\.openstack\.org$/ {
|
2015-10-06 16:00:18 -07:00
|
|
|
$group = 'infracloud'
|
|
|
|
|
class { '::openstack_project::server':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
enable_unbound => false,
|
2016-02-24 10:50:08 -08:00
|
|
|
purge_apt_sources => false,
|
2015-10-06 16:00:18 -07:00
|
|
|
}
|
|
|
|
|
class { '::openstack_project::infracloud::compute':
|
|
|
|
|
nova_rabbit_password => hiera('nova_rabbit_password'),
|
|
|
|
|
neutron_rabbit_password => hiera('neutron_rabbit_password'),
|
|
|
|
|
neutron_admin_password => hiera('neutron_admin_password'),
|
2016-08-23 15:49:39 +02:00
|
|
|
ssl_key_file_contents => hiera('ssl_key_file_contents'),
|
2016-08-23 12:36:18 +02:00
|
|
|
ssl_cert_file_contents => hiera('infracloud_vanilla_ssl_cert_file_contents'),
|
2016-09-12 12:35:42 +02:00
|
|
|
br_name => hiera('bridge_name'),
|
2016-08-23 09:14:25 +02:00
|
|
|
controller_public_address => 'controller00.vanilla.ic.openstack.org',
|
2015-10-06 16:00:18 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-13 13:08:13 +02:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
node 'controller00.chocolate.ic.openstack.org' {
|
|
|
|
|
$group = 'infracloud'
|
|
|
|
|
class { '::openstack_project::server':
|
|
|
|
|
iptables_public_tcp_ports => [80,5000,5671,8774,9292,9696,35357], # logs,keystone,rabbit,nova,glance,neutron,keystone
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
enable_unbound => false,
|
|
|
|
|
purge_apt_sources => false,
|
|
|
|
|
}
|
|
|
|
|
class { '::openstack_project::infracloud::controller':
|
|
|
|
|
keystone_rabbit_password => hiera('keystone_rabbit_password'),
|
|
|
|
|
neutron_rabbit_password => hiera('neutron_rabbit_password'),
|
|
|
|
|
nova_rabbit_password => hiera('nova_rabbit_password'),
|
|
|
|
|
root_mysql_password => hiera('infracloud_mysql_password'),
|
|
|
|
|
keystone_mysql_password => hiera('keystone_mysql_password'),
|
|
|
|
|
glance_mysql_password => hiera('glance_mysql_password'),
|
|
|
|
|
neutron_mysql_password => hiera('neutron_mysql_password'),
|
|
|
|
|
nova_mysql_password => hiera('nova_mysql_password'),
|
|
|
|
|
keystone_admin_password => hiera('keystone_admin_password'),
|
|
|
|
|
glance_admin_password => hiera('glance_admin_password'),
|
|
|
|
|
neutron_admin_password => hiera('neutron_admin_password'),
|
|
|
|
|
nova_admin_password => hiera('nova_admin_password'),
|
|
|
|
|
keystone_admin_token => hiera('keystone_admin_token'),
|
|
|
|
|
ssl_key_file_contents => hiera('infracloud_chocolate_ssl_key_file_contents'),
|
|
|
|
|
ssl_cert_file_contents => hiera('infracloud_chocolate_ssl_cert_file_contents'),
|
|
|
|
|
br_name => 'br-vlan2551',
|
|
|
|
|
controller_public_address => $::fqdn,
|
|
|
|
|
neutron_subnet_cidr => '15.184.64.0/19',
|
|
|
|
|
neutron_subnet_gateway => '15.184.64.1',
|
|
|
|
|
neutron_subnet_allocation_pools => [
|
|
|
|
|
'start=15.184.68.2,end=15.184.68.254',
|
|
|
|
|
'start=15.184.69.2,end=15.184.69.254',
|
|
|
|
|
'start=15.184.70.2,end=15.184.70.254'
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-13 13:20:27 +02:00
|
|
|
node /^compute\d{3}\.chocolate\.ic\.openstack\.org$/ {
|
|
|
|
|
$group = 'infracloud'
|
|
|
|
|
class { '::openstack_project::server':
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
enable_unbound => false,
|
|
|
|
|
purge_apt_sources => false,
|
|
|
|
|
}
|
|
|
|
|
class { '::openstack_project::infracloud::compute':
|
|
|
|
|
nova_rabbit_password => hiera('nova_rabbit_password'),
|
|
|
|
|
neutron_rabbit_password => hiera('neutron_rabbit_password'),
|
|
|
|
|
neutron_admin_password => hiera('neutron_admin_password'),
|
|
|
|
|
ssl_key_file_contents => hiera('infracloud_chocolate_ssl_key_file_contents'),
|
|
|
|
|
ssl_cert_file_contents => hiera('infracloud_chocolate_ssl_cert_file_contents'),
|
|
|
|
|
br_name => 'br-vlan2551',
|
|
|
|
|
controller_public_address => 'controller00.chocolate.ic.openstack.org',
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-05 11:04:13 -07:00
|
|
|
# Node-OS: trusty
|
|
|
|
|
# Upgrade-Modules
|
2016-06-08 16:09:08 -04:00
|
|
|
node /^baremetal\d{2}\.vanilla\.ic\.openstack\.org$/ {
|
2015-08-05 11:04:13 -07:00
|
|
|
$group = 'infracloud'
|
|
|
|
|
class { '::openstack_project::server':
|
|
|
|
|
iptables_public_udp_ports => [67,69],
|
|
|
|
|
sysadmins => hiera('sysadmins', []),
|
|
|
|
|
enable_unbound => false,
|
2016-02-24 10:50:08 -08:00
|
|
|
purge_apt_sources => false,
|
2015-08-05 11:04:13 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class { '::openstack_project::infracloud::baremetal':
|
2016-09-16 17:00:33 +02:00
|
|
|
ironic_inventory => hiera('ironic_inventory', {}),
|
|
|
|
|
ironic_db_password => hiera('ironic_db_password'),
|
|
|
|
|
mysql_password => hiera('bifrost_mysql_password'),
|
|
|
|
|
ipmi_passwords => hiera('ipmi_passwords'),
|
|
|
|
|
ssh_private_key => hiera('bifrost_vanilla_ssh_private_key'),
|
|
|
|
|
ssh_public_key => hiera('bifrost_vanilla_ssh_public_key'),
|
|
|
|
|
bridge_name => hiera('bridge_name'),
|
|
|
|
|
vlan => hiera('vlan'),
|
|
|
|
|
gateway_ip => hiera('gateway_ip'),
|
|
|
|
|
default_network_interface => hiera('default_network_interface'),
|
|
|
|
|
dhcp_pool_start => hiera('dhcp_pool_start'),
|
|
|
|
|
dhcp_pool_end => hiera('dhcp_pool_end'),
|
|
|
|
|
network_interface => hiera('network_interface'),
|
|
|
|
|
ipv4_nameserver => hiera('ipv4_nameserver'),
|
|
|
|
|
ipv4_subnet_mask => hiera('ipv4_subnet_mask'),
|
2015-08-05 11:04:13 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-28 10:05:02 -04:00
|
|
|
# vim:sw=2:ts=2:expandtab:textwidth=79
|
