Remove base.yaml things from openstack_project::server
Now that we've got base server stuff rewritten in ansible, remove the old puppet versions. Depends-On: https://review.openstack.org/588326 Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
This commit is contained in:
parent
3e139891be
commit
bab6fcad3c
@ -131,13 +131,12 @@ To create a new server, do the following:
|
||||
to manually add the private information to hiera.
|
||||
|
||||
* You should be able to install and configure most software only with
|
||||
puppet. Nonetheless, if you need SSH access to the host, add your
|
||||
public key to :cgit_file:`modules/openstack_project/manifests/users.pp` and
|
||||
ansible or puppet. Nonetheless, if you need SSH access to the host,
|
||||
add your public key to :cgit_file:`playbooks/group_vars/all.yaml` and
|
||||
include a stanza like this in your server class::
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['USERNAME'],
|
||||
)
|
||||
extra_users:
|
||||
- your_user_name
|
||||
|
||||
* Add an RST file with documentation about the server in :cgit_file:`doc/source`
|
||||
and add it to the index in that directory.
|
||||
|
@ -12,7 +12,6 @@ $elasticsearch_nodes = hiera_array('elasticsearch_nodes')
|
||||
#
|
||||
node default {
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
}
|
||||
|
||||
@ -27,8 +26,6 @@ node 'review.openstack.org' {
|
||||
iptables_public_tcp_ports => [80, 443, 29418],
|
||||
iptables_rules6 => $iptables_rules,
|
||||
iptables_rules4 => $iptables_rules,
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
extra_aliases => { 'gerrit2' => 'root' },
|
||||
}
|
||||
|
||||
class { 'openstack_project::review':
|
||||
@ -75,8 +72,6 @@ node 'review01.openstack.org' {
|
||||
iptables_public_tcp_ports => [80, 443, 29418],
|
||||
iptables_rules6 => $iptables_rules,
|
||||
iptables_rules4 => $iptables_rules,
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
extra_aliases => { 'gerrit2' => 'root' },
|
||||
}
|
||||
|
||||
class { 'openstack_project::review':
|
||||
@ -123,8 +118,6 @@ node /^review-dev\d*\.openstack\.org$/ {
|
||||
iptables_public_tcp_ports => [80, 443, 29418],
|
||||
iptables_rules6 => $iptables_rules,
|
||||
iptables_rules4 => $iptables_rules,
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
extra_aliases => { 'gerrit2' => 'root' },
|
||||
afs => true,
|
||||
}
|
||||
|
||||
@ -157,7 +150,6 @@ node /^grafana\d*\.openstack\.org$/ {
|
||||
$group = "grafana"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::grafana':
|
||||
admin_password => hiera('grafana_admin_password'),
|
||||
@ -176,7 +168,6 @@ node /^grafana\d*\.openstack\.org$/ {
|
||||
node /^health\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::openstack_health_api':
|
||||
subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),
|
||||
@ -188,7 +179,6 @@ node /^cacti\d+\.openstack\.org$/ {
|
||||
$group = "cacti"
|
||||
include openstack_project::ssl_cert_check
|
||||
class { 'openstack_project::cacti':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
cacti_hosts => hiera_array('cacti_hosts'),
|
||||
vhost_name => 'cacti.openstack.org',
|
||||
}
|
||||
@ -198,7 +188,6 @@ node /^cacti\d+\.openstack\.org$/ {
|
||||
node 'puppetmaster.openstack.org' {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [8140],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
pin_puppet => '3.6.',
|
||||
}
|
||||
class { 'openstack_project::puppetmaster':
|
||||
@ -254,7 +243,6 @@ node /^graphite\d*\.openstack\.org$/ {
|
||||
{protocol => 'udp', port => '8125', hostname => 'ze10.openstack.org'},
|
||||
{protocol => 'udp', port => '8125', hostname => 'ze11.openstack.org'},
|
||||
],
|
||||
sysadmins => hiera('sysadmins', [])
|
||||
}
|
||||
|
||||
class { '::graphite':
|
||||
@ -269,7 +257,6 @@ node /^graphite\d*\.openstack\.org$/ {
|
||||
node /^groups\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::groups':
|
||||
site_admin_password => hiera('groups_site_admin_password'),
|
||||
@ -287,7 +274,6 @@ node /^groups\d*\.openstack\.org$/ {
|
||||
node /^groups-dev\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::groups_dev':
|
||||
site_admin_password => hiera('groups_dev_site_admin_password'),
|
||||
@ -306,12 +292,9 @@ node /^groups-dev\d*\.openstack\.org$/ {
|
||||
node /^lists\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [25, 80, 465],
|
||||
manage_exim => false,
|
||||
purge_apt_sources => false,
|
||||
}
|
||||
|
||||
class { 'openstack_project::lists':
|
||||
listadmins => hiera('listadmins', []),
|
||||
listpassword => hiera('listpassword'),
|
||||
}
|
||||
}
|
||||
@ -320,12 +303,9 @@ node /^lists\d*\.openstack\.org$/ {
|
||||
node /^lists\d*\.katacontainers\.io$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [25, 80, 465],
|
||||
manage_exim => false,
|
||||
purge_apt_sources => false,
|
||||
}
|
||||
|
||||
class { 'openstack_project::kata_lists':
|
||||
listadmins => hiera('listadmins', []),
|
||||
listpassword => hiera('listpassword'),
|
||||
}
|
||||
}
|
||||
@ -336,7 +316,6 @@ node /^paste\d*\.openstack\.org$/ {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::paste':
|
||||
db_password => hiera('paste_db_password'),
|
||||
@ -348,7 +327,6 @@ node /^paste\d*\.openstack\.org$/ {
|
||||
# Node-OS: xenial
|
||||
node /planet\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::planet':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
}
|
||||
|
||||
@ -357,7 +335,6 @@ node /^eavesdrop\d*\.openstack\.org$/ {
|
||||
$group = "eavesdrop"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::eavesdrop':
|
||||
@ -397,7 +374,6 @@ node /^ethercalc\d+\.openstack\.org$/ {
|
||||
$group = "ethercalc"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::ethercalc':
|
||||
@ -413,7 +389,6 @@ node /^ethercalc\d+\.openstack\.org$/ {
|
||||
node /^etherpad\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::etherpad':
|
||||
@ -431,7 +406,6 @@ node /^etherpad\d*\.openstack\.org$/ {
|
||||
node /^etherpad-dev\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::etherpad_dev':
|
||||
@ -445,7 +419,6 @@ node /^etherpad-dev\d*\.openstack\.org$/ {
|
||||
node /^wiki\d+\.openstack\.org$/ {
|
||||
$group = "wiki"
|
||||
class { 'openstack_project::wiki':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
bup_user => 'bup-wiki',
|
||||
serveradmin => hiera('infra_apache_serveradmin'),
|
||||
site_hostname => 'wiki.openstack.org',
|
||||
@ -468,7 +441,6 @@ node /^wiki\d+\.openstack\.org$/ {
|
||||
node /^wiki-dev\d+\.openstack\.org$/ {
|
||||
$group = "wiki-dev"
|
||||
class { 'openstack_project::wiki':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
serveradmin => hiera('infra_apache_serveradmin'),
|
||||
site_hostname => 'wiki-dev.openstack.org',
|
||||
wg_dbserver => hiera('wg_dbserver'),
|
||||
@ -489,7 +461,6 @@ node /^logstash\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 3306],
|
||||
iptables_allowed_hosts => hiera_array('logstash_iptables_rule_data'),
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::logstash':
|
||||
@ -512,7 +483,6 @@ node /^logstash-worker\d+\.openstack\.org$/ {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::logstash_worker':
|
||||
@ -528,7 +498,6 @@ node /^subunit-worker\d+\.openstack\.org$/ {
|
||||
$group = "subunit-worker"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::subunit_worker':
|
||||
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
|
||||
@ -544,7 +513,6 @@ node /^elasticsearch0[1-7]\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22],
|
||||
iptables_allowed_hosts => hiera_array('elasticsearch_iptables_rule_data'),
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::elasticsearch_node':
|
||||
discover_nodes => $elasticsearch_nodes,
|
||||
@ -558,11 +526,8 @@ node /^firehose\d+\.openstack\.org$/ {
|
||||
# connections seem to crash mosquitto. Once this is fixed we should add
|
||||
# them back
|
||||
iptables_public_tcp_ports => [22, 25, 80, 1883, 8883, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
manage_exim => false,
|
||||
}
|
||||
class { 'openstack_project::firehose':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
|
||||
gerrit_public_key => hiera('germqtt_gerrit_ssh_public_key'),
|
||||
gerrit_private_key => hiera('germqtt_gerrit_ssh_private_key'),
|
||||
@ -582,7 +547,6 @@ node /^firehose\d+\.openstack\.org$/ {
|
||||
node /^git(-fe\d+)?\.openstack\.org$/ {
|
||||
$group = "git-loadbalancer"
|
||||
class { 'openstack_project::git':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
balancer_member_names => [
|
||||
'git01.openstack.org',
|
||||
'git02.openstack.org',
|
||||
@ -614,7 +578,6 @@ node /^git\d+\.openstack\.org$/ {
|
||||
include openstack_project
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [4443, 8080, 29418],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::git_backend':
|
||||
@ -653,7 +616,6 @@ node /^mirror-update\d*\.openstack\.org$/ {
|
||||
centos_keytab => hiera('centos_keytab'),
|
||||
epel_keytab => hiera('epel_keytab'),
|
||||
yum_puppetlabs_keytab => hiera('yum_puppetlabs_keytab'),
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
}
|
||||
|
||||
@ -664,7 +626,6 @@ node /^mirror\d*\..*\.openstack\.org$/ {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 8080, 8081, 8082],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
afs => true,
|
||||
afs_cache_size => 50000000, # 50GB
|
||||
}
|
||||
@ -681,7 +642,6 @@ node /^files\d*\.openstack\.org$/ {
|
||||
$group = "files"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
afs => true,
|
||||
afs_cache_size => 10000000, # 10GB
|
||||
}
|
||||
@ -712,7 +672,6 @@ node /^files\d*\.openstack\.org$/ {
|
||||
node /^refstack\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'refstack':
|
||||
mysql_host => hiera('refstack_mysql_host', 'localhost'),
|
||||
@ -741,7 +700,6 @@ node /^refstack\d*\.openstack\.org$/ {
|
||||
node /^storyboard\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::storyboard':
|
||||
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
mysql_host => hiera('storyboard_db_host', 'localhost'),
|
||||
mysql_user => hiera('storyboard_db_user', 'username'),
|
||||
mysql_password => hiera('storyboard_db_password'),
|
||||
@ -772,7 +730,6 @@ node /^storyboard\d*\.openstack\.org$/ {
|
||||
node /^storyboard-dev\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::storyboard::dev':
|
||||
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
mysql_host => hiera('storyboard_db_host', 'localhost'),
|
||||
mysql_user => hiera('storyboard_db_user', 'username'),
|
||||
mysql_password => hiera('storyboard_db_password'),
|
||||
@ -799,7 +756,6 @@ node /^storyboard-dev\d*\.openstack\.org$/ {
|
||||
node /^static\d*\.openstack\.org$/ {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::static':
|
||||
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
||||
@ -837,7 +793,6 @@ node /^zk\d+\.openstack\.org$/ {
|
||||
{protocol => 'tcp', port => '3888', hostname => 'zk02.openstack.org'},
|
||||
{protocol => 'tcp', port => '3888', hostname => 'zk03.openstack.org'},
|
||||
],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { '::zookeeper':
|
||||
@ -861,7 +816,6 @@ node /^status\d*\.openstack\.org$/ {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::status':
|
||||
@ -881,7 +835,6 @@ node /^survey\d+\.openstack\.org$/ {
|
||||
$group = "survey"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::survey':
|
||||
@ -905,7 +858,6 @@ node /^adns\d+\.openstack\.org$/ {
|
||||
$group = 'adns'
|
||||
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
iptables_allowed_hosts => [
|
||||
{protocol => 'tcp', port => '53', hostname => 'ns1.openstack.org'},
|
||||
{protocol => 'tcp', port => '53', hostname => 'ns2.openstack.org'},
|
||||
@ -925,7 +877,6 @@ node /^ns\d+\.openstack\.org$/ {
|
||||
$group = 'ns'
|
||||
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
iptables_public_udp_ports => [53],
|
||||
iptables_public_tcp_ports => [53],
|
||||
}
|
||||
@ -969,7 +920,6 @@ node 'nodepool.openstack.org' {
|
||||
{protocol => 'tcp', port => '2181', hostname => 'nl04.openstack.org'},
|
||||
{protocol => 'tcp', port => '2181', hostname => 'zuul01.openstack.org'},
|
||||
],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
iptables_public_tcp_ports => [80],
|
||||
}
|
||||
|
||||
@ -1023,7 +973,6 @@ node /^nl\d+\.openstack\.org$/ {
|
||||
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
|
||||
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
iptables_public_tcp_ports => [80],
|
||||
}
|
||||
|
||||
@ -1086,7 +1035,6 @@ node /^nb\d+\.openstack\.org$/ {
|
||||
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
|
||||
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
}
|
||||
|
||||
@ -1142,7 +1090,6 @@ node /^ze\d+\.openstack\.org$/ {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [79, 7900],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
afs => true,
|
||||
}
|
||||
|
||||
@ -1257,7 +1204,6 @@ node /^zuul\d+\.openstack\.org$/ {
|
||||
{protocol => 'tcp', port => '4730', hostname => 'zm07.openstack.org'},
|
||||
{protocol => 'tcp', port => '4730', hostname => 'zm08.openstack.org'},
|
||||
],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { '::project_config':
|
||||
@ -1348,7 +1294,6 @@ node /^zm\d+.openstack\.org$/ {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
|
||||
@ -1383,7 +1328,6 @@ node /^zm\d+.openstack\.org$/ {
|
||||
# Node-OS: trusty
|
||||
node 'pbx.openstack.org' {
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
# SIP signaling is either TCP or UDP port 5060.
|
||||
# RTP media (audio/video) uses a range of UDP ports.
|
||||
iptables_public_tcp_ports => [5060],
|
||||
@ -1408,8 +1352,6 @@ node /^backup\d+\..*\.ci\.openstack\.org$/ {
|
||||
$group = "ci-backup"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [],
|
||||
manage_exim => false,
|
||||
purge_apt_sources => false,
|
||||
}
|
||||
include openstack_project::backup_server
|
||||
}
|
||||
@ -1417,7 +1359,6 @@ node /^backup\d+\..*\.ci\.openstack\.org$/ {
|
||||
# Node-OS: trusty
|
||||
node 'openstackid.org' {
|
||||
class { 'openstack_project::openstackid_prod':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
site_admin_password => hiera('openstackid_site_admin_password'),
|
||||
id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'),
|
||||
id_mysql_password => hiera('openstackid_id_mysql_password'),
|
||||
@ -1447,7 +1388,6 @@ node 'openstackid.org' {
|
||||
# Node-OS: trusty
|
||||
node 'openstackid-dev.openstack.org' {
|
||||
class { 'openstack_project::openstackid_dev':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
site_admin_password => hiera('openstackid_dev_site_admin_password'),
|
||||
id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'),
|
||||
id_mysql_password => hiera('openstackid_dev_id_mysql_password'),
|
||||
@ -1484,7 +1424,6 @@ node 'kdc01.openstack.org' {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [88, 464, 749, 754],
|
||||
iptables_public_udp_ports => [88, 464, 749],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::kdc': }
|
||||
@ -1495,7 +1434,6 @@ node 'kdc04.openstack.org' {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [88, 464, 749, 754],
|
||||
iptables_public_udp_ports => [88, 464, 749],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::kdc':
|
||||
@ -1509,9 +1447,7 @@ node 'afsdb01.openstack.org' {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
afs => true,
|
||||
manage_exim => true,
|
||||
}
|
||||
|
||||
include openstack_project::afsdb
|
||||
@ -1524,9 +1460,7 @@ node /^afsdb.*\.openstack\.org$/ {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
afs => true,
|
||||
manage_exim => true,
|
||||
}
|
||||
|
||||
include openstack_project::afsdb
|
||||
@ -1538,9 +1472,7 @@ node /^afs.*\..*\.openstack\.org$/ {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
afs => true,
|
||||
manage_exim => true,
|
||||
}
|
||||
|
||||
include openstack_project::afsfs
|
||||
@ -1551,7 +1483,6 @@ node 'ask.openstack.org' {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::ask':
|
||||
@ -1568,7 +1499,6 @@ node 'ask.openstack.org' {
|
||||
node 'ask-staging.openstack.org' {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::ask_staging':
|
||||
@ -1583,7 +1513,6 @@ node /^translate\d+\.openstack\.org$/ {
|
||||
$group = "translate"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::translate':
|
||||
admin_users => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
|
||||
@ -1612,7 +1541,6 @@ node /^translate\d+\.openstack\.org$/ {
|
||||
node /^translate-dev\d*\.openstack\.org$/ {
|
||||
$group = "translate-dev"
|
||||
class { 'openstack_project::translate_dev':
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
admin_users => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
|
||||
openid_url => 'https://openstackid-dev.openstack.org',
|
||||
listeners => ['ajp'],
|
||||
@ -1633,7 +1561,6 @@ node /^codesearch\d*\.openstack\.org$/ {
|
||||
$group = "codesearch"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
class { 'openstack_project::codesearch':
|
||||
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
|
||||
|
@ -1 +0,0 @@
|
||||
APT::Acquire::Retries "20";
|
@ -1 +0,0 @@
|
||||
Acquire::Languages "none";
|
@ -1 +0,0 @@
|
||||
export HISTTIMEFORMAT="%Y-%m-%dT%T%z "
|
@ -1,6 +0,0 @@
|
||||
[puppetlabs-products]
|
||||
name=Puppet Labs Products El 7 - $basearch
|
||||
baseurl=http://yum.puppetlabs.com/el/7/products/$basearch
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
|
||||
enabled=1
|
||||
gpgcheck=1
|
@ -1,4 +0,0 @@
|
||||
# Original 1024
|
||||
* soft nofile 4096
|
||||
# Original 4096
|
||||
* hard nofile 8192
|
@ -1,69 +0,0 @@
|
||||
# Default rules for rsyslog.
|
||||
#
|
||||
# For more information see rsyslog.conf(5) and /etc/rsyslog.conf
|
||||
|
||||
#
|
||||
# First some standard log files. Log by facility.
|
||||
#
|
||||
auth,authpriv.* /var/log/auth.log
|
||||
*.*;auth,authpriv.none -/var/log/syslog
|
||||
#cron.* /var/log/cron.log
|
||||
#daemon.* -/var/log/daemon.log
|
||||
kern.* -/var/log/kern.log
|
||||
#lpr.* -/var/log/lpr.log
|
||||
mail.* -/var/log/mail.log
|
||||
#user.* -/var/log/user.log
|
||||
|
||||
#
|
||||
# Logging for the mail system. Split it up so that
|
||||
# it is easy to write scripts to parse these files.
|
||||
#
|
||||
#mail.info -/var/log/mail.info
|
||||
#mail.warn -/var/log/mail.warn
|
||||
mail.err /var/log/mail.err
|
||||
|
||||
#
|
||||
# Logging for INN news system.
|
||||
#
|
||||
news.crit /var/log/news/news.crit
|
||||
news.err /var/log/news/news.err
|
||||
news.notice -/var/log/news/news.notice
|
||||
|
||||
#
|
||||
# Some "catch-all" log files.
|
||||
#
|
||||
#*.=debug;\
|
||||
# auth,authpriv.none;\
|
||||
# news.none;mail.none -/var/log/debug
|
||||
#*.=info;*.=notice;*.=warn;\
|
||||
# auth,authpriv.none;\
|
||||
# cron,daemon.none;\
|
||||
# mail,news.none -/var/log/messages
|
||||
|
||||
#
|
||||
# Emergencies are sent to everybody logged in.
|
||||
#
|
||||
*.emerg :omusrmsg:*
|
||||
|
||||
#
|
||||
# I like to have messages displayed on the console, but only on a virtual
|
||||
# console I usually leave idle.
|
||||
#
|
||||
#daemon,mail.*;\
|
||||
# news.=crit;news.=err;news.=notice;\
|
||||
# *.=debug;*.=info;\
|
||||
# *.=notice;*.=warn /dev/tty8
|
||||
|
||||
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
|
||||
# you must invoke `xconsole' with the `-file' option:
|
||||
#
|
||||
# $ xconsole -file /dev/xconsole [...]
|
||||
#
|
||||
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
|
||||
# busy site..
|
||||
#
|
||||
# Commenting out since we don't install xconsoles on headless servers.
|
||||
#daemon.*;mail.*;\
|
||||
# news.err;\
|
||||
# *.=debug;*.=info;\
|
||||
# *.=notice;*.=warn |/dev/xconsole
|
@ -1,13 +0,0 @@
|
||||
# This file is kept updated by puppet, adapted from
|
||||
# http://ubuntuguide.org/wiki/Ubuntu_Trusty_Packages_and_Repositories
|
||||
|
||||
deb http://us.archive.ubuntu.com/ubuntu trusty main restricted
|
||||
deb http://us.archive.ubuntu.com/ubuntu trusty-updates main restricted
|
||||
deb http://us.archive.ubuntu.com/ubuntu trusty universe
|
||||
deb http://us.archive.ubuntu.com/ubuntu trusty-updates universe
|
||||
deb http://us.archive.ubuntu.com/ubuntu trusty multiverse
|
||||
deb http://us.archive.ubuntu.com/ubuntu trusty-updates multiverse
|
||||
deb http://us.archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse
|
||||
deb http://security.ubuntu.com/ubuntu trusty-security main restricted
|
||||
deb http://security.ubuntu.com/ubuntu trusty-security universe
|
||||
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
|
@ -1,35 +0,0 @@
|
||||
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
|
||||
# newer versions of the distribution.
|
||||
|
||||
deb http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted multiverse
|
||||
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted multiverse
|
||||
|
||||
## Major bug fix updates produced after the final release of the
|
||||
## distribution.
|
||||
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted multiverse
|
||||
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted multiverse
|
||||
|
||||
## Uncomment the following two lines to add software from the 'universe'
|
||||
## repository.
|
||||
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
|
||||
## team. Also, please note that software in universe WILL NOT receive any
|
||||
## review or updates from the Ubuntu security team.
|
||||
deb http://ports.ubuntu.com/ubuntu-ports/ xenial universe
|
||||
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial universe
|
||||
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates universe
|
||||
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates universe
|
||||
|
||||
## N.B. software from this repository may not have been tested as
|
||||
## extensively as that contained in the main release, although it includes
|
||||
## newer versions of some applications which may provide useful features.
|
||||
## Also, please note that software in backports WILL NOT receive any review
|
||||
## or updates from the Ubuntu security team.
|
||||
# deb http://ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted
|
||||
# deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted
|
||||
|
||||
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security main restricted multiverse
|
||||
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security main restricted multiverse
|
||||
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security universe
|
||||
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security universe
|
||||
# deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security multiverse
|
||||
# deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security multiverse
|
@ -1,13 +0,0 @@
|
||||
# This file is kept updated by puppet, adapted from
|
||||
# https://help.ubuntu.com/lts/serverguide/configuration.html
|
||||
|
||||
deb http://us.archive.ubuntu.com/ubuntu xenial main restricted
|
||||
deb http://us.archive.ubuntu.com/ubuntu xenial-updates main restricted
|
||||
deb http://us.archive.ubuntu.com/ubuntu xenial universe
|
||||
deb http://us.archive.ubuntu.com/ubuntu xenial-updates universe
|
||||
deb http://us.archive.ubuntu.com/ubuntu xenial multiverse
|
||||
deb http://us.archive.ubuntu.com/ubuntu xenial-updates multiverse
|
||||
deb http://us.archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse
|
||||
deb http://security.ubuntu.com/ubuntu xenial-security main restricted
|
||||
deb http://security.ubuntu.com/ubuntu xenial-security universe
|
||||
deb http://security.ubuntu.com/ubuntu xenial-security multiverse
|
@ -1,81 +0,0 @@
|
||||
[commands]
|
||||
# What kind of update to use:
|
||||
# default = yum upgrade
|
||||
# security = yum --security upgrade
|
||||
# security-severity:Critical = yum --sec-severity=Critical upgrade
|
||||
# minimal = yum --bugfix update-minimal
|
||||
# minimal-security = yum --security update-minimal
|
||||
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
|
||||
update_cmd = default
|
||||
|
||||
# Whether a message should be emitted when updates are available,
|
||||
# were downloaded, or applied.
|
||||
update_messages = yes
|
||||
|
||||
# Whether updates should be downloaded when they are available.
|
||||
download_updates = yes
|
||||
|
||||
# Whether updates should be applied when they are available. Note
|
||||
# that download_updates must also be yes for the update to be applied.
|
||||
apply_updates = yes
|
||||
|
||||
# Maximum amout of time to randomly sleep, in minutes. The program
|
||||
# will sleep for a random amount of time between 0 and random_sleep
|
||||
# minutes before running. This is useful for e.g. staggering the
|
||||
# times that multiple systems will access update servers. If
|
||||
# random_sleep is 0 or negative, the program will run immediately.
|
||||
# 6*60 = 360
|
||||
random_sleep = 360
|
||||
|
||||
|
||||
[emitters]
|
||||
# Name to use for this system in messages that are emitted. If
|
||||
# system_name is None, the hostname will be used.
|
||||
system_name = None
|
||||
|
||||
# How to send messages. Valid options are stdio and email. If
|
||||
# emit_via includes stdio, messages will be sent to stdout; this is useful
|
||||
# to have cron send the messages. If emit_via includes email, this
|
||||
# program will send email itself according to the configured options.
|
||||
# If emit_via is None or left blank, no messages will be sent.
|
||||
emit_via = stdio
|
||||
|
||||
# The width, in characters, that messages that are emitted should be
|
||||
# formatted to.
|
||||
output_width = 80
|
||||
|
||||
|
||||
[email]
|
||||
# The address to send email messages from.
|
||||
# NOTE: 'localhost' will be replaced with the value of system_name.
|
||||
email_from = root@localhost
|
||||
|
||||
# List of addresses to send messages to.
|
||||
email_to = root
|
||||
|
||||
# Name of the host to connect to to send email messages.
|
||||
email_host = localhost
|
||||
|
||||
|
||||
[groups]
|
||||
# NOTE: This only works when group_command != objects, which is now the default
|
||||
# List of groups to update
|
||||
group_list = None
|
||||
|
||||
# The types of group packages to install
|
||||
group_package_types = mandatory, default
|
||||
|
||||
[base]
|
||||
# This section overrides yum.conf
|
||||
|
||||
# Use this to filter Yum core messages
|
||||
# -4: critical
|
||||
# -3: critical+errors
|
||||
# -2: critical+errors+warnings (default)
|
||||
debuglevel = -2
|
||||
|
||||
# skip_broken = True
|
||||
mdpolicy = group:main
|
||||
|
||||
# Uncomment to auto-import new gpg keys (dangerous)
|
||||
# assumeyes = True
|
@ -17,10 +17,6 @@ class openstack_project::ask (
|
||||
$askbot_revision = '87086ebcefc5be29e80d3228e465e6bec4523fcf'
|
||||
) {
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['mkiss'],
|
||||
)
|
||||
|
||||
file { '/srv/dist':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
|
@ -13,10 +13,6 @@ class openstack_project::ask_staging (
|
||||
$solr_version = '4.10.4'
|
||||
) {
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['mkiss'],
|
||||
)
|
||||
|
||||
file { '/srv/dist':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
|
@ -1,6 +1,5 @@
|
||||
# Class to configure cacti on a node.
|
||||
class openstack_project::cacti (
|
||||
$sysadmins = [],
|
||||
$cacti_hosts = [],
|
||||
$vhost_name = '',
|
||||
) {
|
||||
@ -11,7 +10,6 @@ class openstack_project::cacti (
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => $sysadmins,
|
||||
}
|
||||
|
||||
class { '::apache':
|
||||
|
@ -15,7 +15,6 @@
|
||||
# firehose glue class.
|
||||
#
|
||||
class openstack_project::firehose (
|
||||
$sysadmins = [],
|
||||
$gerrit_username = 'germqtt',
|
||||
$gerrit_public_key,
|
||||
$gerrit_private_key,
|
||||
@ -69,36 +68,6 @@ class openstack_project::firehose (
|
||||
ensure => running,
|
||||
}
|
||||
|
||||
class {'::exim':
|
||||
sysadmins => $sysadmins,
|
||||
local_domains => "@:firehose.openstack.org",
|
||||
default_localuser_router => false,
|
||||
routers => [
|
||||
{'cyrus' => {
|
||||
'driver' => 'accept',
|
||||
'domains' => '+local_domains',
|
||||
'local_part_suffix' => '+*',
|
||||
'local_part_suffix_optional' => true,
|
||||
'transport' => 'cyrus',
|
||||
}},
|
||||
{'localuser' => {
|
||||
'driver' => 'accept',
|
||||
'check_local_user' => true,
|
||||
'transport' => 'local_delivery',
|
||||
'cannot_route_message' => 'Unknown user',
|
||||
}}
|
||||
],
|
||||
transports => [
|
||||
{'cyrus' => {
|
||||
'driver' => 'lmtp',
|
||||
'socket' => '/var/run/cyrus/socket/lmtp',
|
||||
'user' => 'cyrus',
|
||||
'batch_max' => '35',
|
||||
}}
|
||||
],
|
||||
require => Package['cyrus-imapd'],
|
||||
}
|
||||
|
||||
include lpmqtt
|
||||
class {'lpmqtt::server':
|
||||
mqtt_username => $mqtt_username,
|
||||
|
@ -16,14 +16,12 @@
|
||||
#
|
||||
# == Class: openstack_project::git
|
||||
class openstack_project::git (
|
||||
$sysadmins = [],
|
||||
$balancer_member_names = [],
|
||||
$balancer_member_ips = [],
|
||||
$selinux_mode = 'enforcing'
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443, 9418],
|
||||
sysadmins => $sysadmins,
|
||||
}
|
||||
|
||||
if ($::osfamily == 'RedHat') {
|
||||
@ -148,6 +146,13 @@ class openstack_project::git (
|
||||
notify => Service['rsyslog'],
|
||||
}
|
||||
|
||||
# TODO(mordred) We should get this haproxy stuff ported to ansible ASAP.
|
||||
# Ansible is the one installing rsyslog.
|
||||
service { 'rsyslog':
|
||||
ensure => running,
|
||||
enable => true,
|
||||
hasrestart => true,
|
||||
}
|
||||
|
||||
# haproxy statsd
|
||||
|
||||
|
@ -28,10 +28,6 @@ class openstack_project::groups (
|
||||
$site_ssl_chain_file = '/etc/ssl/certs/groups.openstack.org_ca.pem',
|
||||
) {
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['mkiss'],
|
||||
)
|
||||
|
||||
vcsrepo { '/srv/groups-static-pages':
|
||||
ensure => latest,
|
||||
provider => git,
|
||||
|
@ -25,10 +25,6 @@ class openstack_project::groups_dev (
|
||||
$site_ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
|
||||
) {
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['mkiss'],
|
||||
)
|
||||
|
||||
# include drupal
|
||||
|
||||
vcsrepo { '/srv/groups-static-pages':
|
||||
|
@ -35,8 +35,4 @@ class openstack_project::infracloud::baremetal (
|
||||
ipv4_subnet_mask => $ipv4_subnet_mask,
|
||||
}
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['colleen'],
|
||||
)
|
||||
|
||||
}
|
||||
|
@ -50,9 +50,4 @@ class openstack_project::infracloud::controller (
|
||||
neutron_subnet_allocation_pools => $neutron_subnet_allocation_pools,
|
||||
mysql_max_connections => $mysql_max_connections,
|
||||
}
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['colleen'],
|
||||
)
|
||||
|
||||
}
|
||||
|
@ -1,28 +1,13 @@
|
||||
# == Class: openstack_project::kata_lists
|
||||
#
|
||||
class openstack_project::kata_lists(
|
||||
$listadmins,
|
||||
$listpassword = ''
|
||||
) {
|
||||
$listdomain = 'lists.katacontainers.io'
|
||||
|
||||
class { 'exim':
|
||||
sysadmins => $listadmins,
|
||||
queue_interval => '1m',
|
||||
queue_run_max => '50',
|
||||
mailman_domains => [$listdomain],
|
||||
smtp_accept_max => '100',
|
||||
smtp_accept_max_per_host => '10',
|
||||
}
|
||||
|
||||
class { 'mailman':
|
||||
vhost_name => $listdomain,
|
||||
vhost_name => 'lists.katacontainers.io'
|
||||
}
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['jbryce'],
|
||||
)
|
||||
|
||||
Maillist {
|
||||
provider => 'noaliasmailman',
|
||||
}
|
||||
|
@ -1,113 +1,13 @@
|
||||
# == Class: openstack_project::lists
|
||||
#
|
||||
class openstack_project::lists(
|
||||
$listadmins,
|
||||
$listpassword = ''
|
||||
) {
|
||||
|
||||
$mm_domains='lists.openstack.org:lists.zuul-ci.org:lists.airshipit.org:lists.starlingx.io'
|
||||
|
||||
class { 'mailman':
|
||||
multihost => true,
|
||||
}
|
||||
|
||||
class { 'exim':
|
||||
sysadmins => $listadmins,
|
||||
queue_interval => '1m',
|
||||
queue_run_max => '50',
|
||||
smtp_accept_max => '100',
|
||||
smtp_accept_max_per_host => '10',
|
||||
extra_aliases => {
|
||||
'ambassadors-owner' => 'spam',
|
||||
'community-owner' => 'spam',
|
||||
'foundation-board-confidential-owner' => 'spam',
|
||||
'foundation-board-owner' => 'spam',
|
||||
'foundation-owner' => 'spam',
|
||||
'legal-discuss-owner' => 'spam',
|
||||
'mailman-owner' => 'spam',
|
||||
'marketing-owner' => 'spam',
|
||||
'openstack-announce-owner' => 'spam',
|
||||
'openstack-dev-owner' => 'spam',
|
||||
'openstack-docs-owner' => 'spam',
|
||||
'openstack-fr-owner' => 'spam',
|
||||
'openstack-i18n-owner' => 'spam',
|
||||
'openstack-infra-owner' => 'spam',
|
||||
'openstack-operators-owner' => 'spam',
|
||||
'openstack-owner' => 'spam',
|
||||
'openstack-qa-owner' => 'spam',
|
||||
'openstack-security-owner' => 'spam',
|
||||
'openstack-tc-owner' => 'spam',
|
||||
'openstack-vi-owner' => 'spam',
|
||||
'product-wg-owner' => 'spam',
|
||||
'superuser-owner' => 'spam',
|
||||
'user-committee-owner' => 'spam',
|
||||
'women-of-openstack-owner' => 'spam',
|
||||
'spam' => ':fail: delivery temporarily disabled due to ongoing spam flood',
|
||||
},
|
||||
local_domains => "@:$mm_domains",
|
||||
routers => [
|
||||
{'mailman_verp_router' => {
|
||||
'driver' => 'dnslookup',
|
||||
# we only consider messages sent in through loopback
|
||||
'condition' => '${if or{{eq{$sender_host_address}{127.0.0.1}}\
|
||||
{eq{$sender_host_address}{::1}}}{yes}{no}}',
|
||||
# we do not do this for traffic going to the local machine
|
||||
'domains' => '!+local_domains',
|
||||
'ignore_target_hosts' => '<; 0.0.0.0; \
|
||||
64.94.110.11; \
|
||||
127.0.0.0/8; \
|
||||
::1/128;fe80::/10;fe \
|
||||
c0::/10;ff00::/8',
|
||||
# only the un-VERPed bounce addresses are handled
|
||||
'senders' => '"*-bounces@*"',
|
||||
'transport' => 'mailman_verp_smtp',
|
||||
}
|
||||
},
|
||||
{'mailman_router' => {
|
||||
'driver' => 'accept',
|
||||
'domains' => "$mm_domains",
|
||||
'require_files' => '${lookup{${lc::$domain}}lsearch{/etc/mailman/sites}}/lists/${lc::$local_part}/config.pck',
|
||||
'local_part_suffix_optional' => true,
|
||||
'local_part_suffix' => '-admin : \
|
||||
-bounces : -bounces+* : \
|
||||
-confirm : -confirm+* : \
|
||||
-join : -leave : \
|
||||
-owner : -request : \
|
||||
-subscribe : -unsubscribe',
|
||||
'transport' => 'mailman_transport',
|
||||
}
|
||||
},
|
||||
],
|
||||
transports => [
|
||||
{'mailman_transport' => {
|
||||
'driver' => 'pipe',
|
||||
'environment' => 'MAILMAN_SITE_DIR=${lookup{${lc:$domain}}lsearch{/etc/mailman/sites}}',
|
||||
'command' => '/var/lib/mailman/mail/mailman \
|
||||
\'${if def:local_part_suffix \
|
||||
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
|
||||
{post}}\' \
|
||||
$local_part',
|
||||
'current_directory' => '/var/lib/mailman',
|
||||
'home_directory' => '/var/lib/mailman',
|
||||
'user' => 'list',
|
||||
'group' => 'list',
|
||||
}
|
||||
},
|
||||
{'mailman_verp_smtp' => {
|
||||
'driver' => 'smtp',
|
||||
'return_path' => '${local_part:$return_path}+$local_part=$domain@${domain:$return_path}',
|
||||
'max_rcpt' => '1',
|
||||
'headers_remove' => 'Errors-To',
|
||||
'headers_add' => 'Errors-To: ${return_path}',
|
||||
}
|
||||
},
|
||||
]
|
||||
}
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['smaffulli'],
|
||||
)
|
||||
|
||||
# Disable inactive admins
|
||||
user::virtual::disable { 'oubiwann': }
|
||||
user::virtual::disable { 'rockstar': }
|
||||
|
@ -1,7 +1,6 @@
|
||||
# == Class: openstack_project::mirror_update
|
||||
#
|
||||
class openstack_project::mirror_update (
|
||||
$sysadmins = [],
|
||||
$bandersnatch_keytab = '',
|
||||
$reprepro_keytab = '',
|
||||
$admin_keytab = '',
|
||||
@ -16,7 +15,6 @@ class openstack_project::mirror_update (
|
||||
include ::openstack_project::reprepro_mirror
|
||||
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => $sysadmins,
|
||||
afs => true,
|
||||
}
|
||||
|
||||
|
@ -15,7 +15,6 @@
|
||||
# openstackid idp(sso-openid) dev server
|
||||
#
|
||||
class openstack_project::openstackid_dev (
|
||||
$sysadmins = [],
|
||||
$site_admin_password = '',
|
||||
$id_mysql_host = '',
|
||||
$id_mysql_user = '',
|
||||
@ -62,14 +61,8 @@ class openstack_project::openstackid_dev (
|
||||
$session_cookie_secure = false,
|
||||
) {
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['smarcet'],
|
||||
User::Virtual::Localuser['mkiss'],
|
||||
)
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => $sysadmins,
|
||||
}
|
||||
|
||||
class { 'openstackid':
|
||||
|
@ -15,7 +15,6 @@
|
||||
# openstackid idp(sso-openid) server
|
||||
#
|
||||
class openstack_project::openstackid_prod (
|
||||
$sysadmins = [],
|
||||
$site_admin_password = '',
|
||||
$id_mysql_host = '',
|
||||
$id_mysql_user = '',
|
||||
@ -63,14 +62,8 @@ class openstack_project::openstackid_prod (
|
||||
$session_cookie_secure = false,
|
||||
) {
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['smarcet'],
|
||||
User::Virtual::Localuser['maxwell'],
|
||||
)
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => $sysadmins,
|
||||
}
|
||||
|
||||
class { 'openstackid':
|
||||
|
@ -1,39 +0,0 @@
|
||||
# Class: openstack_project::params
|
||||
#
|
||||
# This class holds parameters that need to be
|
||||
# accessed by other classes.
|
||||
class openstack_project::params {
|
||||
$cross_platform_packages = [
|
||||
'at',
|
||||
'git',
|
||||
'lvm2',
|
||||
'parted',
|
||||
'rsync',
|
||||
'strace',
|
||||
'tcpdump',
|
||||
'wget',
|
||||
]
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
$packages = concat($cross_platform_packages, ['iputils', 'bind-utils'])
|
||||
$user_packages = ['emacs-nox', 'vim-enhanced']
|
||||
$login_defs = 'puppet:///modules/openstack_project/login.defs.redhat'
|
||||
}
|
||||
'Debian': {
|
||||
$packages = concat($cross_platform_packages, ['iputils-ping', 'dnsutils'])
|
||||
case $::operatingsystemrelease {
|
||||
/^(12|14)\.(04|10)$/: {
|
||||
$user_packages = ['emacs23-nox', 'vim-nox', 'iftop',
|
||||
'sysstat', 'iotop']
|
||||
}
|
||||
default: {
|
||||
$user_packages = ['emacs-nox', 'vim-nox']
|
||||
}
|
||||
}
|
||||
$login_defs = 'puppet:///modules/openstack_project/login.defs.debian'
|
||||
}
|
||||
default: {
|
||||
fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).")
|
||||
}
|
||||
}
|
||||
}
|
@ -18,9 +18,6 @@
|
||||
class openstack_project::pbx (
|
||||
$sip_providers = [],
|
||||
) {
|
||||
realize (
|
||||
User::Virtual::Localuser['rbryant'],
|
||||
)
|
||||
|
||||
class { 'asterisk':
|
||||
modules_conf_source => 'puppet:///modules/openstack_project/pbx/asterisk/modules.conf',
|
||||
|
@ -1,11 +1,9 @@
|
||||
# == Class: openstack_project::planet
|
||||
#
|
||||
class openstack_project::planet (
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => $sysadmins,
|
||||
}
|
||||
include ::planet
|
||||
|
||||
|
@ -43,10 +43,6 @@ class openstack_project::review_dev (
|
||||
}
|
||||
}
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['zaro'],
|
||||
)
|
||||
|
||||
class { 'project_config':
|
||||
url => $project_config_repo,
|
||||
base => 'dev/',
|
||||
|
@ -7,116 +7,21 @@ class openstack_project::server (
|
||||
$iptables_rules4 = [],
|
||||
$iptables_rules6 = [],
|
||||
$iptables_allowed_hosts = [],
|
||||
$sysadmins = [],
|
||||
$extra_aliases = {},
|
||||
$pin_puppet = '3.',
|
||||
$ca_server = undef,
|
||||
$enable_unbound = true,
|
||||
$afs = false,
|
||||
$afs_cache_size = 500000,
|
||||
$manage_exim = true,
|
||||
$pypi_index_url = 'https://pypi.python.org/simple',
|
||||
$purge_apt_sources = true,
|
||||
) {
|
||||
include sudoers
|
||||
include openstack_project::params
|
||||
include openstack_project::users
|
||||
|
||||
class { 'openstack_project::users_install':
|
||||
install_users => true,
|
||||
}
|
||||
|
||||
class { 'timezone':
|
||||
timezone => 'Etc/UTC',
|
||||
}
|
||||
|
||||
package { 'rsyslog':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
service { 'rsyslog':
|
||||
ensure => running,
|
||||
enable => true,
|
||||
hasrestart => true,
|
||||
require => Package['rsyslog'],
|
||||
}
|
||||
|
||||
# Increase syslog message size in order to capture
|
||||
# python tracebacks with syslog.
|
||||
file { '/etc/rsyslog.d/99-maxsize.conf':
|
||||
ensure => present,
|
||||
# Note MaxMessageSize is not a puppet variable.
|
||||
content => '$MaxMessageSize 6k',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
notify => Service['rsyslog'],
|
||||
require => Package['rsyslog'],
|
||||
}
|
||||
|
||||
if $::osfamily == 'Debian' {
|
||||
file { '/etc/security/limits.d/60-nofile-limit.conf':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/openstack_project/debian_limits.conf',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/80retry':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/80retry',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/90no-translations':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/90no-translations',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
# Custom rsyslog config to disable /dev/xconsole noise on Debuntu servers
|
||||
file { '/etc/rsyslog.d/50-default.conf':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source =>
|
||||
'puppet:///modules/openstack_project/rsyslog.d_50-default.conf',
|
||||
replace => true,
|
||||
notify => Service['rsyslog'],
|
||||
require => Package['rsyslog'],
|
||||
}
|
||||
|
||||
# Purge and augment existing /etc/apt/sources.list if requested, and make
|
||||
# sure apt-get update is run before any packages are installed
|
||||
class { '::apt':
|
||||
purge => { 'sources.list' => $purge_apt_sources }
|
||||
}
|
||||
if $purge_apt_sources == true {
|
||||
file { '/etc/apt/sources.list.d/openstack-infra.list':
|
||||
ensure => present,
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
owner => 'root',
|
||||
source => "puppet:///modules/openstack_project/sources.list.${::lsbdistcodename}.${::architecture}",
|
||||
}
|
||||
exec { 'update-apt':
|
||||
command => 'apt-get update',
|
||||
refreshonly => true,
|
||||
path => '/bin:/usr/bin',
|
||||
subscribe => File['/etc/apt/sources.list.d/openstack-infra.list'],
|
||||
}
|
||||
Exec['update-apt'] -> Package <| |>
|
||||
}
|
||||
}
|
||||
|
||||
package { $::openstack_project::params::packages:
|
||||
ensure => present
|
||||
# Include ::apt while we work on the puppet->ansible transition
|
||||
if ($::osfamily == 'Debian') {
|
||||
include ::apt
|
||||
}
|
||||
|
||||
###########################################################
|
||||
@ -124,45 +29,6 @@ class openstack_project::server (
|
||||
|
||||
include '::ntp'
|
||||
|
||||
if ($::osfamily == "RedHat") {
|
||||
# Utils in ntp-perl are included in Debian's ntp package; we
|
||||
# add it here for consistency. See also
|
||||
# https://tickets.puppetlabs.com/browse/MODULES-3660
|
||||
package { 'ntp-perl':
|
||||
ensure => present
|
||||
}
|
||||
# NOTE(pabelanger): We need to ensure ntpdate service starts on boot for
|
||||
# centos-7. Currently, ntpd explicitly require ntpdate to be running before
|
||||
# the sync process can happen in ntpd. As a result, if ntpdate is not
|
||||
# running, ntpd will start but fail to sync because of DNS is not properly
|
||||
# setup.
|
||||
package { 'ntpdate':
|
||||
ensure => present,
|
||||
}
|
||||
service { 'ntpdate':
|
||||
enable => true,
|
||||
require => Package['ntpdate'],
|
||||
}
|
||||
package { 'yum-cron':
|
||||
ensure => present,
|
||||
}
|
||||
file { '/etc/yum/yum-cron.conf':
|
||||
ensure => present,
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/openstack_project/yum/yum-cron.conf',
|
||||
replace => true,
|
||||
require => Package['yum-cron'],
|
||||
notify => Service['yum-cron'],
|
||||
}
|
||||
service { 'yum-cron':
|
||||
enable => true,
|
||||
ensure => running,
|
||||
require => Package['yum-cron'],
|
||||
}
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Manage Root ssh
|
||||
|
||||
@ -171,24 +37,6 @@ class openstack_project::server (
|
||||
trusted_ssh_source => '23.253.245.198,2001:4800:7818:101:3c21:a454:23ed:4072,23.253.234.219,2001:4800:7817:103:be76:4eff:fe04:5a1d',
|
||||
}
|
||||
|
||||
if ! defined(File['/root/.ssh']) {
|
||||
file { '/root/.ssh':
|
||||
ensure => directory,
|
||||
mode => '0700',
|
||||
}
|
||||
}
|
||||
|
||||
ssh_authorized_key { 'puppet-remote-2014-09-15':
|
||||
ensure => present,
|
||||
user => 'root',
|
||||
type => 'ssh-rsa',
|
||||
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp',
|
||||
options => [
|
||||
'from="23.253.245.198,2001:4800:7818:101:3c21:a454:23ed:4072,23.253.234.219,2001:4800:7817:103:be76:4eff:fe04:5a1d,localhost"',
|
||||
],
|
||||
require => File['/root/.ssh'],
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Process if ( $high_level_directive ) blocks
|
||||
|
||||
@ -198,13 +46,6 @@ class openstack_project::server (
|
||||
}
|
||||
}
|
||||
|
||||
if $manage_exim {
|
||||
class { 'exim':
|
||||
sysadmins => $sysadmins,
|
||||
extra_aliases => $extra_aliases,
|
||||
}
|
||||
}
|
||||
|
||||
if $afs {
|
||||
class { 'openafs::client':
|
||||
cell => 'openstack.org',
|
||||
@ -244,117 +85,4 @@ class openstack_project::server (
|
||||
allowed_hosts => $iptables_allowed_hosts,
|
||||
}
|
||||
|
||||
# We don't like byobu
|
||||
file { '/etc/profile.d/Z98-byobu.sh':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
# Setup RFC3339 bash history timestamps
|
||||
file { '/etc/profile.d/bash-history.sh':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/openstack_project/bash-history.sh',
|
||||
}
|
||||
|
||||
if $::osfamily == 'Debian' {
|
||||
# Ubuntu installs their whoopsie package by default, but it eats through
|
||||
# memory and we don't need it on servers
|
||||
package { 'whoopsie':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
package { 'popularity-contest':
|
||||
ensure => absent,
|
||||
}
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Manage python/pip
|
||||
|
||||
$desired_virtualenv = '15.1.0'
|
||||
class { '::pip':
|
||||
index_url => $pypi_index_url,
|
||||
optional_settings => {
|
||||
'extra-index-url' => '',
|
||||
},
|
||||
manage_pip_conf => true,
|
||||
}
|
||||
|
||||
if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) {
|
||||
$virtualenv_ensure = $desired_virtualenv
|
||||
} else {
|
||||
$virtualenv_ensure = present
|
||||
}
|
||||
package { 'virtualenv':
|
||||
ensure => $virtualenv_ensure,
|
||||
provider => openstack_pip,
|
||||
require => Class['pip'],
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Turn off puppet service
|
||||
|
||||
service { 'puppet':
|
||||
ensure => stopped,
|
||||
enable => false,
|
||||
}
|
||||
|
||||
if $::osfamily == 'Debian' {
|
||||
file { '/etc/default/puppet':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/puppet.default',
|
||||
replace => true,
|
||||
}
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Set up puppet repos
|
||||
|
||||
if ($::osfamily == 'Debian') {
|
||||
# NOTE(pabelanger): Puppetlabs only support Ubuntu Trusty and below,
|
||||
# anything greater will use the OS version of puppet.
|
||||
if ($::operatingsystemrelease < '15.04') {
|
||||
include ::apt
|
||||
apt::source { 'puppetlabs':
|
||||
location => 'http://apt.puppetlabs.com',
|
||||
repos => 'main',
|
||||
key => {
|
||||
'id' =>'47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
|
||||
'server' => 'pgp.mit.edu',
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($::operatingsystem == 'CentOS') {
|
||||
file { '/etc/yum.repos.d/puppetlabs.repo':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/centos7-puppetlabs.repo',
|
||||
replace => true,
|
||||
}
|
||||
}
|
||||
|
||||
# Disable cloud-init
|
||||
file { '/etc/cloud':
|
||||
ensure => directory,
|
||||
}
|
||||
file { '/etc/cloud/cloud-init.disabled':
|
||||
ensure => file,
|
||||
require => File['/etc/cloud'],
|
||||
}
|
||||
|
||||
if ($::lsbdistcodename == 'xenial' and $::architecture == 'aarch64') {
|
||||
# Make sure we install the HWE kernel for arm64; it's 4.13 v 4.3
|
||||
# and works much better on linaro cloud
|
||||
ensure_packages(['linux-generic-hwe-16.04'])
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -6,7 +6,6 @@ class openstack_project::storyboard(
|
||||
$mysql_user = '',
|
||||
$rabbitmq_user = 'storyboard',
|
||||
$rabbitmq_password,
|
||||
$sysadmins = [],
|
||||
$superusers =
|
||||
'puppet:///modules/openstack_project/storyboard/superusers.yaml',
|
||||
$ssl_cert = undef,
|
||||
@ -28,47 +27,9 @@ class openstack_project::storyboard(
|
||||
}
|
||||
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => $sysadmins,
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
manage_exim => false,
|
||||
}
|
||||
|
||||
class { '::exim':
|
||||
sysadmins => $sysadmins,
|
||||
routers => [
|
||||
{'storyboard_verp_router' => {
|
||||
'driver' => 'dnslookup',
|
||||
# we only consider messages sent in through loopback
|
||||
'condition' => '${if or{{eq{$sender_host_address}{127.0.0.1}}\
|
||||
{eq{$sender_host_address}{::1}}}{yes}{no}}',
|
||||
# we do not do this for traffic going to the local machine
|
||||
'domains' => '!+local_domains',
|
||||
'ignore_target_hosts' => '<; 0.0.0.0; 64.94.110.11; 127.0.0.0/8; \
|
||||
::1/128;fe80::/10;fec0::/10;ff00::/8',
|
||||
# only the un-VERPed bounce addresses are handled
|
||||
'senders' => '"*-bounces@*"',
|
||||
'transport' => 'storyboard_verp_smtp',
|
||||
}},
|
||||
# Send bounces to /dev/null until storyboard supports them.
|
||||
{'storyboard' => {
|
||||
'driver' => 'redirect',
|
||||
'local_parts' => 'storyboard',
|
||||
'local_part_suffix_optional' => true,
|
||||
'local_part_suffix' => '-bounces : -bounces+*',
|
||||
'data' => ':blackhole:',
|
||||
}}
|
||||
],
|
||||
transports => [
|
||||
{'storyboard_verp_smtp' => {
|
||||
'driver' => 'smtp',
|
||||
'return_path' => '${local_part:$return_path}+$local_part\
|
||||
=$domain@${domain:$return_path}',
|
||||
'max_rcpt' => '1',
|
||||
'headers_remove' => 'Errors-To',
|
||||
'headers_add' => 'Errors-To: ${return_path}',
|
||||
}}
|
||||
],
|
||||
}
|
||||
|
||||
mysql_backup::backup_remote { 'storyboard':
|
||||
database_host => $mysql_host,
|
||||
|
@ -6,7 +6,6 @@ class openstack_project::storyboard::dev(
|
||||
$mysql_user = '',
|
||||
$rabbitmq_user = 'storyboard',
|
||||
$rabbitmq_password,
|
||||
$sysadmins = [],
|
||||
$ssl_cert_file_contents = undef,
|
||||
$ssl_key_file_contents = undef,
|
||||
$ssl_chain_file_contents = undef,
|
||||
@ -21,7 +20,6 @@ class openstack_project::storyboard::dev(
|
||||
|
||||
class { 'openstack_project::storyboard':
|
||||
project_config_repo => $project_config_repo,
|
||||
sysadmins => $sysadmins,
|
||||
superusers =>
|
||||
'puppet:///modules/openstack_project/storyboard/dev_superusers.yaml',
|
||||
mysql_host => $mysql_host,
|
||||
@ -39,11 +37,4 @@ class openstack_project::storyboard::dev(
|
||||
default_url => $default_url,
|
||||
}
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['SotK'],
|
||||
User::Virtual::Localuser['Zara'],
|
||||
User::Virtual::Localuser['diablo_rojo'],
|
||||
)
|
||||
|
||||
|
||||
}
|
||||
|
@ -1,14 +1,8 @@
|
||||
class openstack_project::summit (
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['ttx'],
|
||||
)
|
||||
}
|
||||
|
||||
# vim:sw=2:ts=2:expandtab:textwidth=79
|
||||
|
@ -20,7 +20,6 @@ class openstack_project::translate_dev(
|
||||
$mysql_user = 'zanata',
|
||||
$mysql_password,
|
||||
$admin_users = '',
|
||||
$sysadmins = [],
|
||||
$zanata_server_user = '',
|
||||
$zanata_server_api_key = '',
|
||||
$project_config_repo = '',
|
||||
@ -37,7 +36,6 @@ class openstack_project::translate_dev(
|
||||
) {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => $sysadmins,
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
}
|
||||
|
||||
|
@ -1,280 +0,0 @@
|
||||
# == Class: openstack_project::users
|
||||
#
|
||||
class openstack_project::users {
|
||||
# Make sure we have our UID/GID account minimums for dynamic users set higher
|
||||
# than we'll use for static assignments, so as to avoid future conflicts.
|
||||
include ::openstack_project::params
|
||||
file { '/etc/login.defs':
|
||||
ensure => present,
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
owner => 'root',
|
||||
source => $::openstack_project::params::login_defs,
|
||||
}
|
||||
User::Virtual::Localuser {
|
||||
require => File['/etc/login.defs']
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'mordred':
|
||||
realname => 'Monty Taylor',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLsTZJ8hXTmzjKxYh/7V07mIy8xl2HL+9BaUlt6A6TMsL3LSvaVQNSgmXX5g0XfPWSCKmkZb1O28q49jQI2n7n7+sHkxn0dJDxj1N2oNrzNY7pDuPrdtCijczLFdievygXNhXNkQ2WIqHXDquN/jfLLJ9L0jxtxtsUMbiL2xxZEZcaf/K5MqyPhscpqiVNE1MjE4xgPbIbv8gCKtPpYIIrktOMb4JbV7rhOp5DcSP5gXtLhOF5fbBpZ+szqrTVUcBX0oTYr3iRfOje9WPsTZIk9vBfBtF416mCNxMSRc7KhSW727AnUu85hS0xiP0MRAf69KemG1OE1pW+LtDIAEYp',
|
||||
key_id => 'mordred@camelot',
|
||||
uid => 2000,
|
||||
gid => 2000,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'corvus':
|
||||
realname => 'James E. Blair',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAvKYcWK1T7e3PKSFiqb03EYktnoxVASpPoq2rJw2JvhsP0JfS+lKrPzpUQv7L4JCuQMsPNtZ8LnwVEft39k58Kh8XMebSfaqPYAZS5zCNvQUQIhP9myOevBZf4CDeG+gmssqRFcWEwIllfDuIzKBQGVbomR+Y5QuW0HczIbkoOYI6iyf2jB6xg+bmzR2HViofNrSa62CYmHS6dO04Z95J27w6jGWpEOTBjEQvnb9sdBc4EzaBVmxCpa2EilB1u0th7/DvuH0yP4T+X8G8UjW1gZCTOVw06fqlBCST4KjdWw1F/AuOCT7048klbf4H+mCTaEcPzzu3Fkv8ckMWtS/Z9Q==',
|
||||
key_id => 'jeblair@operational-necessity',
|
||||
uid => 2001,
|
||||
gid => 2001,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'smaffulli':
|
||||
realname => 'Stefano Maffulli',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDD/zAvXaOUXCAT6/B4sCMu/38d/PyOIg/tYsYFAMgfDUzuZwkjZWNGrTpp/HFrOAZISER5KmOg48DKPvm91AeZOHfAXHCP6x9/FcogP9rmc48ym1B5XyIc78QVQjgN6JMSlEZsl0GWzFhQsPDjXundflY07TZfSC1IhpG9UgzamEVFcRjmNztnBuvq2uYVGpdI+ghmqFw9kfvSXJvUbj/F7Pco5XyJBx2e+gofe+X/UNee75xgoU/FyE2a6dSSc4uP4oUBvxDNU3gIsUKrSCmV8NuVQvMB8C9gXYR+JqtcvUSS9DdUAA8StP65woVsvuU+lqb+HVAe71JotDfOBd6f',
|
||||
key_id => 'stefano@mattone-E6420',
|
||||
uid => 2002,
|
||||
gid => 2002,
|
||||
}
|
||||
|
||||
# NOTE(pabelanger): Inactive user
|
||||
@user::virtual::localuser { 'oubiwann':
|
||||
realname => 'Duncan McGreggor',
|
||||
sshkeys => '',
|
||||
key_id => 'oubiwann@rhosgobel',
|
||||
uid => 2003,
|
||||
gid => 2003,
|
||||
}
|
||||
|
||||
# NOTE(pabelanger): Inactive user
|
||||
@user::virtual::localuser { 'rockstar':
|
||||
realname => 'Paul Hummer',
|
||||
sshkeys => '',
|
||||
key_id => 'rockstar@spackrace.local',
|
||||
uid => 2004,
|
||||
gid => 2004,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'clarkb':
|
||||
realname => 'Clark Boylan',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCnfoVhOTkrY7uoebL8PoHXb0Fg4jJqGCbwkxUdNUdheIdbnfyjuRG3iL8WZnzf7nzWnD+IGo6kkAo8BkNMK9L0P0Y+5IjI8NH49KU22tQ1umij4EIf5tzLh4gsqkJmy6QLrlbf10m6UF4rLFQhKzOd4b2H2K6KbP00CIymvbW3BwvNDODM4xRE2uao387qfvXZBUkB0PpRD+7fWPoN58gpFUm407Eba3WwX5PCD+1DD+RVBsG8maIDXerQ7lvFLoSuyMswv1TfkvCj0ZFhSFbfTd2ZysCu6eryFfeixR7NY9SNcp9YTqG6LrxGA7Ci6wz+hycFHXlDrlBgfFJDe5At',
|
||||
key_id => 'clark@work',
|
||||
old_keys => [
|
||||
'boylandcl@boylancl1',
|
||||
],
|
||||
uid => 2005,
|
||||
gid => 2005,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'rlane':
|
||||
realname => 'Ryan Lane',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCdtI7H+fsgSrjrdG8aGVcrN0GFW3XqLVsLG4n7JW4qH2W//hqgdL7A7cNVQNPoB9I1jAqvnO2Ct6wrVSh84QU89Uufw412M3qNSNeiGgv2c2KdxP2XBrnsLYAaJRbgOWJX7nty1jpO0xwF503ky2W3OMUsCXMAbYmYNSod6gAdzf5Xgo/3+eXRh7NbV1eKPrzwWoMOYh9T0Mvmokon/GXV5PiAA2bIaQvCy4BH/BzWiQwRM7KtiEt5lHahY172aEu+dcWxciuxHqkYqlKhbU+x1fwZJ+MpXSj5KBU+L0yf3iKySob7g6DZDST/Ylcm4MMjpOy8/9Cc6Xgpx77E/Pvd',
|
||||
key_id => 'laner@Free-Public-Wifi.local',
|
||||
uid => 2006,
|
||||
gid => 2006,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'fungi':
|
||||
realname => 'Jeremy Stanley',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQD3KnRBTH5QPpKjf4RWu4akzYt2gwp796cMkFl5vu8e7G/cHuh4979FeNJXMVP6F3rvZB+yXDHLCU5LBVLq0K+1GbAZT/hH38hpMOIvniwKIquvI6C/drkVPHO6YmVlapw/NI530PGnT/TAqCOycHBO5eF1bYsaqV1yZqvs9v7UZc6J4LukoLZwpmyWZ5P3ltAiiy8+FGq3SLCKWDMmv/Bjz4zTsaNbSWThJi0BydINjC1/0ze5Tyc/XgW1sDuxmmXJxgQp4EvLpronqb2hT60iA52kj8lrmoCIryRpgnbaRA7BrxKF8zIr0ZALHijxEUeWHhFJDIVRGUf0Ef0nrmBv',
|
||||
key_id => 'fungi-openstack-2015',
|
||||
old_keys => [
|
||||
'fungi-openstack-2012',
|
||||
'fungi-openstack-2013',
|
||||
'fungi-openstack-2014',
|
||||
],
|
||||
uid => 2007,
|
||||
gid => 2007,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'ttx':
|
||||
realname => 'Thierry Carrez',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDCGpMtSehQNZL0/EJ7VUbklJygsxvii2Qi4HPSUFcLJUWAx4VltsmPkmx43D9ITwnRPRMPNtZrOvhY7v0myVlFuRnyTYAqZwigf5gxrktb+4PwCWb+2XobziUVnfJlbOTjneWSTYoZ+OjTaWd5AcVbUvgYAP2qbddycc5ACswpPDo5VrS6fQfCwE4z3BqLFNeOnqxbECHwHeFYIR6Kd6mnKAzDNZxZIkviWg9eIwwuFf5V5bUPiVkeFHVL3EJlCoYs2Em4bvYZBtrV7kUseN85X/+5Uail4uYBEcB3GLL32e6HeD1Qk4xIxLTI2bFPGUp0Oq7iPgrQQe4zCBsGi7Dx+JVy+U0JqLLAN94UPCn2fhsX7PdKfTPcxFPFKeX/PRutkb7qxdbS2ubCdOEhc6WN7OkQmbdK8lk6ms4v4dFc0ooMepWELqKC6thICsVdizpuij0+h8c4SRD3gtwGDPxrkJcodPoAimVVlW1p+RpMxsCFrK473TzgeNPVeAdSZVpqZ865VOwFqoFQB6WpmCDZQPFlkS2VDe9R54ePDHWKYLvVW6yvQqWTx3KrIrS1twSoydj+gADgBYsZaW5MNkWYHAWotEX67j6fMZ6ZSTS5yaTeLywB2Ykh0kjo4jpTFk5JNL7DINkfmCEZMLw60da29iN4QzAJr9cP1bwjf/QDqw==',
|
||||
key_id => 'ttx@mercury',
|
||||
uid => 2008,
|
||||
gid => 2008,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'rbryant':
|
||||
realname => 'Russell Bryant',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDZVikFz5KoRg3gKdiSa3PQ0i2bN5+bUyc4lMMg6P+jEStVddwN+nAgpa3zJaokmNAOp+MjcGa7K1Zi4b9Fe2ufusTzSKdNVlRDiw0R4Lk0LwTIfkhLywKvgcAz8hkqWPUIgTMU4xIizh50KTL9Ttsu9ULop8t7urTpPE4TthHX4nz1Y9NwYLU0W8cWhzgRonBbqtGs/Lif0NC+TdWGkVyTaP3x1A48s0SMPcZKln1hDv7KbKdknG4XyS4jlr4qI+R+har7m2ED/PH93PSXi5QnT4U6laWRg03HTxpPKWq077u/tPW9wcbkgpBcYMmDKTo/NDPtoN+r/jkbdW7zKJHx',
|
||||
key_id => 'russel@russelbryant.net',
|
||||
uid => 2009,
|
||||
gid => 2009,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'pabelanger':
|
||||
realname => 'Paul Belanger',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCuP0CZE8AYnbm8gxecCxKeRw0wHRyryd+FKmNNsdr0d3UvfCbqNzLigrqEBZsKpofi3M4qCWNpKRyfhnjPynLTQjP1vnX9AbL9UGoiHxScfvh3skntTYMs9ezJRd0rMJJZO76FPo8bJLDlwxAQl8m/nuj3HfYiO5hYE7P+a3rhsJh4nEfBb7xh+Q5yM0PWObkkBl6IRiBYjlcsXNZHgTA5kNuihUk5bHqAw54sHh05DhpgOITpTw4LFbh4Ew2NKq49dEb2xbTuAyAr2DHNOGgIwKEZpwtKZEIGEuiLbb4DQRsfivrvyOjnK2NFjQzGyNOHfsOldWHRQwUKUs8nrxKdXvqcrfMnSVaibeYK2TRL+6jd9kc5SIhWI3XLm7HbX7uXMD7/JQrkL25Rcs6nndDCH72DJLz+ynA/T5umMbNBQ9tybL5z73IOpfShRGjQYego22CxDOy7e/5OEMHNoksbFb1S02viM9O2puS7LDqqfT9JIbbPqCrbRi/zOXo0f4EXo6xKUAmd8qlV+6f/p57/qFihzQDaRFVlFEH3k7qwsw7PYGUTwkPaThe6xyZN6D5jqxCZU3aSYu+FGb0oYo+M5IxOm0Cb4NNsvvkRPxWtwSayfFGu6+m/+/RyA3GBcAMev7AuyKN+K2vGMsLagHOx4i+5ZAcUwGzLeXAENNum3w==',
|
||||
key_id => 'pabelanger@redhat.com',
|
||||
uid => 2010,
|
||||
gid => 2010,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'mkiss':
|
||||
realname => 'Marton Kiss',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCb5qdaiKaRqBRgLW8Df+zD3C4a+gO/GFZYEDEd5nvk+LDGPuzi6s639DLqdfx6yvJ1sxxNUOOYhE/T7raDeS8m8fjk0hdVzARXraYDbckt6AELl7B16ZM4aEzjAPoSByizmfwIVkO1zP6kghyumV1kr5Nqx0hTd5/thIzgwdaGBY4I+5iqcWncuLyBCs34oTh/S+QFzjmMgoT86PrdLSsBIINx/4rb2Br2Sb6pRHmzbU+3evnytdlDFwDUPfdzoCaQEdXtjISC0xBdmnjEvHJYgmSkWMZGgRgomrA06Al9M9+2PR7x+burLVVsZf9keRoC7RYLAcryRbGMExC17skL',
|
||||
key_id => 'marton.kiss@gmail.com',
|
||||
uid => 2011,
|
||||
gid => 2011,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'smarcet':
|
||||
realname => 'Sebastian Marcet',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDP5ce0Ywtbgi3LGMZWA5Zlv/EQ07F/gWnZOMN6TRfiCiiBNyf8ARtKgmYSINS8W537HJYBt3qTfa5xkZmpBrtE6x8OTfR5y1L+x/PrLTUkQhVDY19EixD9wDIrQIIjo2ZVq+zErXBRQuGmJ3Hl+OGw+wtvGS8f768kMnwhKUgyITjWV2tKr/q88J8mBOep48XUcRhidDWsOjgIDJQeY2lbsx1bbZ7necrJS17PHqxhUbWntyR/VKKbBbrNmf2bhtTRUSYoJuqabyGDTZ0J25A88Qt2IKELy6jsVTxHj9Y5D8oH57uB7GaNsNiU+CaOcVfwOenES9mcWOr1t5zNOdrp',
|
||||
key_id => 'smarcet@gmail.com',
|
||||
uid => 2012,
|
||||
gid => 2012,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'zaro':
|
||||
realname => 'Khai Do',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDJqB//ilMx7Y1tKzviAn/6yeXSRAi2VnaGN0/bfaa5Gciz+SWt8vAEAUE99fzuqeJ/ezjkuIXDFm/sjZr93y567a6sDT6CuhVUac1FZIhXRTs0J+pBOiENbwQ7RZxbkyNHQ0ndvtz3kBA1DF5D+MDkluBlIWb085Z31rFJmetsB2Zb8s1FKUjHVk/skyeKSj0qAK5KN3Wme6peWhYjwBiM0gUlxIsEZM6JLYdoPIbD5B8GYAktMN2FvJU9LgKGL93jLZ/vnMtoQIHHAG/85NdPURL1Zbi92Xlxbm4LkbcHnruBdmtPfSgaEupwJ+zFmK264OHD7QFt10ztPMbAFCFn',
|
||||
key_id => 'khaido@khaido-HP-EliteBook-Folio-9470m',
|
||||
uid => 2013,
|
||||
gid => 2013,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'slukjanov':
|
||||
realname => 'Sergey Lukjanov',
|
||||
sshkeys => '',
|
||||
uid => 2014,
|
||||
gid => 2014,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'elizabeth':
|
||||
realname => 'Elizabeth K. Joseph',
|
||||
sshkeys => '',
|
||||
uid => 2015,
|
||||
gid => 2015,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'jhesketh':
|
||||
realname => 'Joshua Hesketh',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQC3onVLOZiiGpQWTCIV0QwHmc3Jvqyl7UaJxIu7D49OQcLHqVZsozI9pSiCdTnWyAaM+E+5wD9yVcSTqMWqn2AZmZSwQ+Fh6KnCgPZ/o63+iCZPGL0RNk20M1iNh5dvdStDnn+j2fpeV/JONF0tBn07QvNL2eF4BwtbTG9Zhl186QNsXjXDghrSO3Etl6DSfcUhxyvMoA2LnclWWD5hLmiRhcBm+PIxveVsr4B+o0k1HV5SUOvJMWtbEC37AH5I818O4fNOob6CnOFaCsbA9oUDzB5rqxutPZb9SmNJpNoLqYqDgyppM0yeql0Kn97tUt7H4j5xHrWoGnJ4IXfuDc0AMmmy4fpcLGkNf7zcBftKS6iz/3AlOXjlp5WZvKxngJj9HIir2SE/qV4Lxw9936BzvAcQyw5+bEsLQJwi+LPZxEqLC6oklkX9dg/+1yBFHsz6mulA0b4Eq7VF9omRzrhhN4iPpU5KQYPRNz7yRYckXDxYnp2lz6yHgSYh2/lqMc+UqmCL9EAWcDw3jsgvJ6kH/YUVUojiRHD9QLqlhOusu1wrTfojjwF05mqkXKmH+LH8f8AJAlMdYg0c2WLlrcxnwCkLLxzU5cYmKcZ41LuLtQR3ik+EKjYzBXXyCEzFm6qQEbR2akpXyxvONgrf7pijrgNOi0GeatUt0bUQcAONYw==',
|
||||
key_id => 'jhesketh@infra',
|
||||
uid => 2016,
|
||||
gid => 2016,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'nibz':
|
||||
realname => 'Spencer Krum',
|
||||
sshkeys => '',
|
||||
uid => 2017,
|
||||
gid => 2017,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'yolanda':
|
||||
realname => 'Yolanda Robla',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSR2NmJC8PSanHUpKJuaMmohG80COO2IPkE3Mxhr7US8P1B3p1c6lOrT6M1txRzBY8FlbxfOinGtutP+ADCB2taXfpO8UiaG9eOqojAT/PeP2Y2ov72rVMSWupLozUv2uAR5yyFVFHOjKPYGAa01aJtfzfJujSak8dM0ifFeFwgp/8RBGEfC7atq+45TdrfAURRcEgcOLiF5Aq6fprCOwpllnrH6VoId9YS7u/5xF2/zBjr9PuOP7jEgCaL/+FNqu7jgj87aG5jiZPlweb7GTLJON9H6eFpyfpoJE0sZ1yR9Q+e9FAqQIA44Zi748qKBlFKbLxzoC4mc0SbNUAleEL',
|
||||
key_id => 'yolanda@infra',
|
||||
uid => 2018,
|
||||
gid => 2018,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'rcarrillocruz':
|
||||
realname => 'Ricardo Carrillo Cruz',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1CW5E87v8o7O8B5fe7j1uaPCToRdaBukjH2HzQZ+DSGTIPjirLpp5ZXPuyNnmtRMzwld6mlHYlevVEwuZTNyQwS7ut5o0LjyW6yoEcvPq0xMEZLxaso5dZAtzNgf3FzbtaUYBnkhSwX7c24lf8wPGAl7TC3yO0dePQh2lXVdaBiGB9ybVeQr+kwJIxleUE4puuQ+ONJE2D+hHjoQ/huUMpb996pb/YzkjkAxqHguMid0c1taelyW8n17nEDoWvlV9Qqbo8cerhgURo1OBt2zENLjQQ0kOkPxJx4qx3652e0kbkr11y50r9BMs418mnJdWselMxkSqQNZ+XotoH5Dwn+3K2a6Wv4OX3Dqb9SF/JTD7lA/tIkNfxgsRlzfEQ01rK1+g7Je10EnDCLEzHpFjvZ5q4EEMcYqY+osLFpHAOWGLMx+3eY4pz/xEzRP/x3sjGU09uNOZ3oCWUfSkE4xebnnWtxwWZKyFmv3GHtaqJn2UvpAbODPEYyYcOS3XV3zd233W3C09YYnFUyZbGLXpD05Yet5fZfGTnveMRn5/9LZai+dBPwoMWUJdX4yPnGXgOG8zk0u1nWfcNJfYg+xajSUDiMKjDhlkuFK/GXNYuINe42s1TxzL7pJ4X4UhqLiopeJvPg/U5xdCV5pxVKf1MVenrGe2pfwf1Yr2WMv5w==',
|
||||
key_id => 'rcarrillocruz@infra',
|
||||
uid => 2019,
|
||||
gid => 2019,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'krotscheck':
|
||||
realname => 'Michael Krotscheck',
|
||||
sshkeys => '',
|
||||
uid => 2020,
|
||||
gid => 2020,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'colleen':
|
||||
realname => 'Colleen Murphy',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDcHzySqYlH1TfAPx5PaVzqkuMbI3zksJ5E2aZBlsIN7wNSoyO0Dts6HegHZIgi5NGT05wRBAUMCNZwupqFoWDg41JBKzPKITkqvEe/FnNmJFxt591ltXigZZ+ZLoX8B12nww/eeA5nx9PT4hIsLQG50MxEm0iC4ApusaAXMXa7+gTDkzf6yyl4QwinyFFTYtyJwFw5XfQXXRQwL8Qv6mVGrhDz3Fj4VWawByQuxRHgt5G3Ux/PnZzatJ3tuSK66o1uXrvuOiGdUtDCuAFUx+kgcmUTpCC6vgMZdDbrfyw0CGxkmAUNfeEMOw0TWbdioJ2FwH5+4BEvMgiFgsCTjIwDqqyFV9eK8sd0mbJ+I82EyOXPlFPKGan6Ie6LD1qotdUW9vT3pfpR/44s/Id2un3FBnVg7GZkGJshikGO1UqjmZfhEpQ6Q+auLir+mBv2X/ril6qJ2NuQpwMRVzZmriPMxdJDs6xhzg2fGEYRvEvh0kzsqNf4OgKbSWiVOB3WALM30Cx3YdmnB6JonRGA+6CqD+LO4HQMbD7LBVcYzEIS1WtP8aPx/NiybemrF0LWmIgl34A0Tpcc+5MLzzUtgUt6lYFyWxltCP43u1N7ODH+FsFALzo6CO9DjyMxEd6Ay61hyx8Btfhn8NH/wEdCQj1WAMHU+d2ljk5ndAfp8c6LRQ==',
|
||||
key_id => 'krinkle@gir',
|
||||
uid => 2021,
|
||||
gid => 2021,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'Zara':
|
||||
realname => 'Zara Zaimeche',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCt9wQvGgQIvLvifm7n5g+2sjgjGCQLt03D0v5Fb5xEMufJncIDkwBNDzGvsASwHGjP9YEAA8+f8Ya+Yc9EaDgqQl9r9YEO9CoEC6O1Euk41nQJYYRnzkgmMaxTSlUKNur8XSmzoElLut6ivlLW71fZmSKHAcg9O4lgd9weDDjCcWLD1C9WmRVdtEnw6NQJd5Mn/llHqdbmMlf3I5VL8QvzPndxZEyESdSBz0ywLO5ygtUxtPaCxaanHSTz1yNooT9t2vwDnfc1LB9oT4CaEnVG+FugCPGFnn204eJ2BVEQ945ZsabgFndyvfmEwxlzAeA6+YjQYrukMijb1Owxh1fv',
|
||||
key_id => 'zara.zaimeche@codethink.co.uk',
|
||||
uid => 2022,
|
||||
gid => 2022,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'SotK':
|
||||
realname => 'Adam Coldrick',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCaE7gafwJQHQ9E2vlcjx8ufcGpyTdQdaBal/ZRt3aPbKXNqsDH4jOWvSXZxE0NlOGo+rWBSu0DxdyM7O5BwYxC79BaFq9JMPn1Q/p1WplOeLENX7jd6lsrLIo2x1MQ134+MliO5FNXmSF2m2il4GCQuiUdGORs/caF1mMPTDeQmf9rRS2fYW0dZ3wZgRzzehtg9LmeW8+DoU+dAeKj4igPcsDsvALmya1JB0XP1UNEG9XMdrYJCoj3K/ALQvJIVB0qwNDYdJ59erVZTvYGe5v6GMUHjIKkmaXJjJyT22hcmnRPk5yIktMrGwkiHGr4Pu0T+lyopSqLEm8HJWp6hc53',
|
||||
key_id => 'adam@wrackside',
|
||||
old_keys => [
|
||||
'adam.coldrick@codethink.co.uk',
|
||||
'adam@arreliam',
|
||||
],
|
||||
uid => 2023,
|
||||
gid => 2023,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'maxwell':
|
||||
realname => 'JP Maxwell',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEA2b5I7Yff9FCrtRmSjpILUePi54Vbc8zqJTbzrIAQZGFLBi3xd2MLlhV5QVgpDBC9H3lGjbdnc81D3aFd3HwHT4dvvvyedT12PR3VDEpftdW84vw3jzdtALcayOQznjbGnScwvX5SgnRhNxuX9Rkh8qNvOsjYPUafRr9azkQoomJFkdNVI4Vb5DbLhTpt18FPeOf0UuqDt/J2tHI4SjZ3kjzr7Nbwpg8xGgANPNE0+2pJbwCA8YDt4g3bzfzvVafQs5o9Gfc9tudkR9ugQG1M+EWCgu42CleOwMTd/rYEB2fgNNPsZAWqwQfdPajVuk70EBKUEQSyoA09eEZX+xJN9Q==',
|
||||
key_id => 'jpmaxman@tipit.net',
|
||||
uid => 2024,
|
||||
gid => 2024,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'ianw':
|
||||
realname => 'Ian Wienand',
|
||||
key_type => 'ssh-ed25519',
|
||||
sshkeys => 'AAAAC3NzaC1lZDI1NTE5AAAAILOjz+dkwRWTJcW9Gt3iGHSzRBsvVlTAK6G2oH3+0D41',
|
||||
key_id => 'iwienand+osinfra@redhat.com',
|
||||
uid => 2025,
|
||||
gid => 2025,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'shrews':
|
||||
realname => 'David Shrewsbury',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCtNtbgLw0dyRVnuwZz4oUcWTzEUtpO2V47t4ykijdH1hkEe7qkuusM5bD8pC4L3wDZP5U3lsIAvZ97LCQp+MNJz1j8cjXuAboqP5FC3TtCJR1WtCWmOBSO7sIvcsgwse/9KZN/TETOGA9no1oKS43Adi9bXrRFAKDAAM34IVt/UHNS51vxUhuGv+56yJmaki7CjxrGtXcB4hi+TCQAfKJPzhAMwcFQUyvXJkRei6NN6uYyHnVtLR3KXEkeTesZ2GQxmQ+1jmCMN1zUN2VLypmDqAvlKtuQW+3nY89q4HDwzCpuC1rscJgOuncdMahTMoKA3/dQtT4WuJIwLQa3tEEn',
|
||||
key_id => 'shrews2018',
|
||||
old_keys => [
|
||||
'david@koala',
|
||||
],
|
||||
uid => 2026,
|
||||
gid => 2026,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'jbryce':
|
||||
realname => 'Jonathan Bryce',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEApFGM9q1gfiawBX5EnCQGxx2T1hwPDxrX2M64MfqcoBRpdrWRjxWm6Vhczfl+Ar2EQtGsuIm1QQiyiPL4zsJSQOfYXB0TqOQaAuFamSzZSNEm8coSa93E3zfXR9uln1lgCGutaWwH/KmGcSeAuuQCipKmKxc8QSAepGNP4Jx2L/EnXQh850xTQEIviJkJpA9oTRzXu12T7vzxsUCw041Q/KX16UvvGpt9IAoMAWFlQrMPzPFmqbUOIr7pRvv8TKcK9BNFS8S8jjT+wN0y/LY7cbTblgDfwSAl1P/naME5ugRVD5MZKixIE1F+x/j+M8+fpZ/EyR/6jSA3DYjEXOk2zQ==',
|
||||
key_id => 'jbryce@jbryce-mbp-3.local',
|
||||
uid => 2027,
|
||||
gid => 2027,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'dmsimard':
|
||||
realname => 'David Moreau-Simard',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDDyXfFj44OTsJZnHbecbYrwA8zXuMiULb+o326maOh3wh5/6fk+MzivkUzJC2uZqAlKvBnNXsrb/07eV1gRjaIQBQJxaV9HQUwMNX7AkjkDzaMXVDjG/JOium90R23gVGMukzp9IamezUscAqAxVK+2C10k3tq8dZ/GeZfHl3NFGRHlIAXsJ/SIQoxJAEA0IQ/8Y50nR1Hp2mV2xsfxH9oZhLR/eiFdhJpNupdfw/oE9+vpCHS8SG88KGeLYbn+EhH6LSCD+6WNthF6oE7NANnScqn1Fl0ZpSd3RlRb+kDVKGqNxfB7EJTeimYvqaYmrTiTZTaTJua5Bj5yBTudqnBgdHCz3xMb2Nv2s2INNcJmP/CKpivYQ8AJs6cVlqRWnLJiNQQYCj+xAXBvY5T0Xq/qOhVifLiWZvZQOTHFWqFP9asZkrGa1mFWIaR9VPQY0FoYlUOT9t6J6TRbzktJIuP5AiOVoJLL6wjZuUMjghHfkYbqtyBqE4BbCY8YF3JSf8jx+9eWy+sD+dRwKXBCrGV0dNidioZR7ZJpBb6ye8wElebjPZizKhppsNpwtRxPfiAM52f55lXGD7IDpz9CZrOKUcV2uc3Rhl50u7T3psZfX7GysZvlnAH+Yr+UM+LPBAabXAfKlMnJp+SskLuOplTeQrvAwMluBmFnla8TnwnxQ==',
|
||||
key_id => 'dmsimard@hostname',
|
||||
uid => 2028,
|
||||
gid => 2028,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'frickler':
|
||||
realname => 'Jens Harbott',
|
||||
key_type => 'ssh-ed25519',
|
||||
sshkeys => 'AAAAC3NzaC1lZDI1NTE5AAAAIGmc5fbzMptjAb5D86zSH13ZYCbf3QuV1jk9hL0r1qHw',
|
||||
key_id => 'frickler@os-infra-2017',
|
||||
uid => 2029,
|
||||
gid => 2029,
|
||||
}
|
||||
|
||||
@user::virtual::localuser { 'diablo_rojo':
|
||||
realname => 'Kendall Nelson',
|
||||
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCx96P1BVbRALeCz8jktUtT9qWzeXbG5yQrwQZ6n3NWsqEueCHp9DaVPDQLWIFAyvL0PKtlSOktClsUYuGfxB+dBuAFFMsx1Apk78EID4wvdXfEUDxZOsKX7zE9teJSxPEMppHAJIcnPu7dMFzZWxh+sA+fR8ZddPRunxtztGayNdYsCqDGIc9GqemjOqXDIFMIXgJLxNaHGSR56UcDHwgqmXXANkpTKsLW+U+VdNofHKpRhbXNS07jPFAAe1rBmoU/TRitzQFz7WYA4ml54ZiB7Q1O7RIyJWVBihHVrxSZbjn2a46CVeLo5Xw7loWF32wY/hA98hmpBNiF8tGSI6mh',
|
||||
key_id => 'kennelson11@gmail.com',
|
||||
uid => 2030,
|
||||
gid => 2030,
|
||||
}
|
||||
}
|
@ -1,66 +0,0 @@
|
||||
# Class: openstack_project::users_install
|
||||
#
|
||||
# This class handles adding and removing openstack admin users
|
||||
# from the servers.
|
||||
#
|
||||
# Parameters:
|
||||
# install_users - Boolean to set install or removal of O.O
|
||||
# admins. Defaults to 'false', can be set in hiera.
|
||||
#
|
||||
# Requires:
|
||||
# openstack_project::users - must contain the users designated.
|
||||
#
|
||||
# Sample Usage:
|
||||
# include openstack_project::users_install
|
||||
# class { 'openstack_project::users_install':
|
||||
# install_users => true,
|
||||
# }
|
||||
|
||||
class openstack_project::users_install (
|
||||
$install_users = false,
|
||||
) {
|
||||
|
||||
include ::openstack_project::users
|
||||
|
||||
## TODO: this should be it's own manifest.
|
||||
if ( $install_users == true ) {
|
||||
package { $::openstack_project::params::user_packages:
|
||||
ensure => present
|
||||
}
|
||||
## NOTE: This list is arranged in order of chronological precedence,
|
||||
## additions should be appended to the end.
|
||||
realize (
|
||||
User::Virtual::Localuser['mordred'],
|
||||
User::Virtual::Localuser['corvus'],
|
||||
User::Virtual::Localuser['clarkb'],
|
||||
User::Virtual::Localuser['fungi'],
|
||||
User::Virtual::Localuser['jhesketh'],
|
||||
User::Virtual::Localuser['yolanda'],
|
||||
User::Virtual::Localuser['pabelanger'],
|
||||
User::Virtual::Localuser['rcarrillocruz'],
|
||||
User::Virtual::Localuser['ianw'],
|
||||
User::Virtual::Localuser['shrews'],
|
||||
User::Virtual::Localuser['dmsimard'],
|
||||
User::Virtual::Localuser['frickler'],
|
||||
)
|
||||
user::virtual::disable{'slukjanov':}
|
||||
user::virtual::disable{'elizabeth':}
|
||||
user::virtual::disable{'nibz':}
|
||||
} else {
|
||||
user::virtual::disable{'mordred':}
|
||||
user::virtual::disable{'corvus':}
|
||||
user::virtual::disable{'clarkb':}
|
||||
user::virtual::disable{'fungi':}
|
||||
user::virtual::disable{'slukjanov':}
|
||||
user::virtual::disable{'elizabeth':}
|
||||
user::virtual::disable{'jhesketh':}
|
||||
user::virtual::disable{'nibz':}
|
||||
user::virtual::disable{'yolanda':}
|
||||
user::virtual::disable{'pabelanger':}
|
||||
user::virtual::disable{'rcarrillocruz':}
|
||||
user::virtual::disable{'ianw':}
|
||||
user::virtual::disable{'shrews':}
|
||||
user::virtual::disable{'dmsimard':}
|
||||
user::virtual::disable{'frickler':}
|
||||
}
|
||||
}
|
@ -2,7 +2,6 @@
|
||||
#
|
||||
class openstack_project::wiki (
|
||||
$site_hostname,
|
||||
$sysadmins = [],
|
||||
$bup_user = undef,
|
||||
$serveradmin = undef,
|
||||
$ssl_cert_file_contents = undef,
|
||||
@ -26,15 +25,8 @@ class openstack_project::wiki (
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => $sysadmins,
|
||||
}
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['rlane'],
|
||||
User::Virtual::Localuser['mkiss'],
|
||||
User::Virtual::Localuser['maxwell'],
|
||||
)
|
||||
|
||||
class { 'mediawiki':
|
||||
role => 'all',
|
||||
mediawiki_location => '/srv/mediawiki/w',
|
||||
|
@ -47,19 +47,21 @@ describe 'openstack_project::server' do
|
||||
'clarkb',
|
||||
'fungi',
|
||||
'jhesketh',
|
||||
'yolanda',
|
||||
'pabelanger',
|
||||
'rcarrillocruz',
|
||||
'ianw',
|
||||
'shrews',
|
||||
'dmsimard',
|
||||
'yolanda',
|
||||
'rcarrillocruz',
|
||||
'frickler'].each do |user|
|
||||
describe user(user) do
|
||||
it { should exist }
|
||||
end
|
||||
end
|
||||
|
||||
['slukjanov', 'elizabeth', 'nibz'].each do |user|
|
||||
['slukjanov',
|
||||
'elizabeth',
|
||||
'nibz'].each do |user|
|
||||
describe user(user) do
|
||||
it { should_not exist }
|
||||
end
|
||||
|
@ -9,6 +9,10 @@
|
||||
roles:
|
||||
- base-server
|
||||
|
||||
- hosts: "puppet:!disabled"
|
||||
roles:
|
||||
- disable-puppet-agent
|
||||
|
||||
- hosts: "!ci-backup:!disabled"
|
||||
roles:
|
||||
- exim
|
||||
|
@ -80,6 +80,18 @@ all_users:
|
||||
uid: 2016
|
||||
gid: 2016
|
||||
|
||||
yolanda:
|
||||
comment: Yolanda Robla
|
||||
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSR2NmJC8PSanHUpKJuaMmohG80COO2IPkE3Mxhr7US8P1B3p1c6lOrT6M1txRzBY8FlbxfOinGtutP+ADCB2taXfpO8UiaG9eOqojAT/PeP2Y2ov72rVMSWupLozUv2uAR5yyFVFHOjKPYGAa01aJtfzfJujSak8dM0ifFeFwgp/8RBGEfC7atq+45TdrfAURRcEgcOLiF5Aq6fprCOwpllnrH6VoId9YS7u/5xF2/zBjr9PuOP7jEgCaL/+FNqu7jgj87aG5jiZPlweb7GTLJON9H6eFpyfpoJE0sZ1yR9Q+e9FAqQIA44Zi748qKBlFKbLxzoC4mc0SbNUAleEL yolanda@infra
|
||||
uid: 2018
|
||||
gid: 2018
|
||||
|
||||
rcarrillocruz:
|
||||
comment: Ricardo Carrillo Cruz
|
||||
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1CW5E87v8o7O8B5fe7j1uaPCToRdaBukjH2HzQZ+DSGTIPjirLpp5ZXPuyNnmtRMzwld6mlHYlevVEwuZTNyQwS7ut5o0LjyW6yoEcvPq0xMEZLxaso5dZAtzNgf3FzbtaUYBnkhSwX7c24lf8wPGAl7TC3yO0dePQh2lXVdaBiGB9ybVeQr+kwJIxleUE4puuQ+ONJE2D+hHjoQ/huUMpb996pb/YzkjkAxqHguMid0c1taelyW8n17nEDoWvlV9Qqbo8cerhgURo1OBt2zENLjQQ0kOkPxJx4qx3652e0kbkr11y50r9BMs418mnJdWselMxkSqQNZ+XotoH5Dwn+3K2a6Wv4OX3Dqb9SF/JTD7lA/tIkNfxgsRlzfEQ01rK1+g7Je10EnDCLEzHpFjvZ5q4EEMcYqY+osLFpHAOWGLMx+3eY4pz/xEzRP/x3sjGU09uNOZ3oCWUfSkE4xebnnWtxwWZKyFmv3GHtaqJn2UvpAbODPEYyYcOS3XV3zd233W3C09YYnFUyZbGLXpD05Yet5fZfGTnveMRn5/9LZai+dBPwoMWUJdX4yPnGXgOG8zk0u1nWfcNJfYg+xajSUDiMKjDhlkuFK/GXNYuINe42s1TxzL7pJ4X4UhqLiopeJvPg/U5xdCV5pxVKf1MVenrGe2pfwf1Yr2WMv5w== rcarrillocruz@infra
|
||||
uid: 2019
|
||||
gid: 2019
|
||||
|
||||
colleen:
|
||||
comment: Colleen Murphy
|
||||
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcHzySqYlH1TfAPx5PaVzqkuMbI3zksJ5E2aZBlsIN7wNSoyO0Dts6HegHZIgi5NGT05wRBAUMCNZwupqFoWDg41JBKzPKITkqvEe/FnNmJFxt591ltXigZZ+ZLoX8B12nww/eeA5nx9PT4hIsLQG50MxEm0iC4ApusaAXMXa7+gTDkzf6yyl4QwinyFFTYtyJwFw5XfQXXRQwL8Qv6mVGrhDz3Fj4VWawByQuxRHgt5G3Ux/PnZzatJ3tuSK66o1uXrvuOiGdUtDCuAFUx+kgcmUTpCC6vgMZdDbrfyw0CGxkmAUNfeEMOw0TWbdioJ2FwH5+4BEvMgiFgsCTjIwDqqyFV9eK8sd0mbJ+I82EyOXPlFPKGan6Ie6LD1qotdUW9vT3pfpR/44s/Id2un3FBnVg7GZkGJshikGO1UqjmZfhEpQ6Q+auLir+mBv2X/ril6qJ2NuQpwMRVzZmriPMxdJDs6xhzg2fGEYRvEvh0kzsqNf4OgKbSWiVOB3WALM30Cx3YdmnB6JonRGA+6CqD+LO4HQMbD7LBVcYzEIS1WtP8aPx/NiybemrF0LWmIgl34A0Tpcc+5MLzzUtgUt6lYFyWxltCP43u1N7ODH+FsFALzo6CO9DjyMxEd6Ay61hyx8Btfhn8NH/wEdCQj1WAMHU+d2ljk5ndAfp8c6LRQ== krinkle@gir
|
||||
|
2
playbooks/group_vars/ask.yaml
Normal file
2
playbooks/group_vars/ask.yaml
Normal file
@ -0,0 +1,2 @@
|
||||
extra_users:
|
||||
- mkiss
|
2
playbooks/group_vars/groups.yaml
Normal file
2
playbooks/group_vars/groups.yaml
Normal file
@ -0,0 +1,2 @@
|
||||
extra_users:
|
||||
- mkiss
|
2
playbooks/group_vars/review-dev.yaml
Normal file
2
playbooks/group_vars/review-dev.yaml
Normal file
@ -0,0 +1,2 @@
|
||||
exim_extra_aliases:
|
||||
gerrit2: root
|
2
playbooks/group_vars/review.yaml
Normal file
2
playbooks/group_vars/review.yaml
Normal file
@ -0,0 +1,2 @@
|
||||
exim_extra_aliases:
|
||||
gerrit2: root
|
4
playbooks/group_vars/storyboard-dev.yaml
Normal file
4
playbooks/group_vars/storyboard-dev.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
extra_users:
|
||||
- SotK
|
||||
- Zara
|
||||
- diablo_rojo
|
3
playbooks/group_vars/wiki.yaml
Normal file
3
playbooks/group_vars/wiki.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
extra_users:
|
||||
- mkiss
|
||||
- maxwell
|
@ -53,3 +53,5 @@ exim_transports:
|
||||
# Errors-To: may carry old return_path
|
||||
headers_remove = Errors-To
|
||||
headers_add = Errors-To: ${return_path}
|
||||
extra_users:
|
||||
- jbryce
|
||||
|
3
playbooks/host_vars/openstackid-dev.openstack.org.yaml
Normal file
3
playbooks/host_vars/openstackid-dev.openstack.org.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
extra_users:
|
||||
- smarcet
|
||||
- mkiss
|
3
playbooks/host_vars/openstackid.org.yaml
Normal file
3
playbooks/host_vars/openstackid.org.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
extra_users:
|
||||
- smarcet
|
||||
- maxwell
|
5
playbooks/roles/disable-puppet-agent/tasks/Debian.yaml
Normal file
5
playbooks/roles/disable-puppet-agent/tasks/Debian.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
- name: Prevent puppet agent from running
|
||||
copy:
|
||||
mode: 0644
|
||||
src: puppet.default
|
||||
dest: /etc/default/puppet
|
10
playbooks/roles/disable-puppet-agent/tasks/main.yaml
Normal file
10
playbooks/roles/disable-puppet-agent/tasks/main.yaml
Normal file
@ -0,0 +1,10 @@
|
||||
- name: Include OS-specific tasks
|
||||
include_tasks: "{{ lookup('first_found', file_list) }}"
|
||||
vars:
|
||||
file_list: "{{ distro_lookup_path }}"
|
||||
|
||||
- name: Disable the puppet service
|
||||
service:
|
||||
name: puppet
|
||||
enabled: no
|
||||
state: stopped
|
@ -4,6 +4,7 @@ groups:
|
||||
afs: inventory_hostname is match('afs\d+.*openstack.org')
|
||||
afsadmin: inventory_hostname is match('mirror-update\d+\.openstack\.org')
|
||||
afsdb: inventory_hostname is match('afsdb.*openstack.org')
|
||||
ask: inventory_hostname.startswith('ask')
|
||||
cacti: inventory_hostname is match('cacti\d+\.openstack\.org')
|
||||
ci-backup: inventory_hostname is match('backup\d+.*\ci\.openstack\.org')
|
||||
disabled: inventory_hostname.startswith('backup') or inventory_hostname.startswith('wiki') or inventory_hostname.startswith('puppetmaster')
|
||||
@ -15,6 +16,7 @@ groups:
|
||||
git-loadbalancer: inventory_hostname is match('git(-fe\d+)?\.openstack\.org')
|
||||
git-server: inventory_hostname is match('git\d+\.openstack\.org')
|
||||
grafana: inventory_hostname.startswith('grafana')
|
||||
groups: inventory_hostname.regex_match('groups(-dev)?\d*\.openstack\.org')
|
||||
logstash-worker: inventory_hostname.startswith('logstash-worker')
|
||||
mailman: inventory_hostname.startswith('lists')
|
||||
nodepool: inventory_hostname is match('^(nodepool|nb|nl)')
|
||||
@ -25,6 +27,7 @@ groups:
|
||||
review: inventory_hostname is match('review\d+\.openstack\.org')
|
||||
status: inventory_hostname.startswith('status')
|
||||
storyboard: inventory_hostname.startswith('storyboard')
|
||||
storyboard-dev: inventory_hostname is match('storyboard-dev\d*\.openstack\.org')
|
||||
subunit-worker: inventory_hostname.startswith('subunit-worker')
|
||||
survey: inventory_hostname.startswith('survey')
|
||||
translate-dev: inventory_hostname is match('translate-dev\d+\.openstack\.org')
|
||||
|
@ -34,6 +34,7 @@ set +e
|
||||
timeout -k 2m 120m ansible-playbook -f 10 ${ANSIBLE_PLAYBOOKS}/update-system-config.yaml
|
||||
# Update the puppet version
|
||||
timeout -k 2m 120m ansible-playbook -f 10 ${ANSIBLE_PLAYBOOKS}/update_puppet_version.yaml
|
||||
|
||||
# Run the git/gerrit/zuul sequence, since it's important that they all work together
|
||||
timeout -k 2m 120m ansible-playbook -f 10 ${ANSIBLE_PLAYBOOKS}/remote_puppet_git.yaml
|
||||
# Run AFS changes separately so we can make sure to only do one at a time
|
||||
|
Loading…
x
Reference in New Issue
Block a user