system-config/manifests/site.pp
Jeremy Stanley 2fc2d4be4e Switch translate-dev's IDP to OpenInfraID
The OpenStackID project has been rebranded, and the old
openstackid.org deployment is being retained temporarily in order to
ease transition, but id.openinfra.dev is in place now and intended
as its successor.

This will be used to test the IDP transition before applying a
similar change and scripted database edits to production.

Change-Id: Ia79f10d34d829784733ae43c9266241a57af9c23
2022-01-10 21:21:28 +00:00

250 lines
10 KiB
Puppet

# Node-OS: xenial
node /^health\d*\.openstack\.org$/ {
$group = "health"
class { 'openstack_project::server': }
class { 'openstack_project::openstack_health_api':
subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),
hostname => 'health.openstack.org',
}
}
# Node-OS: xenial
node /^cacti\d+\.open.*\.org$/ {
$group = "cacti"
class { 'openstack_project::cacti':
cacti_hosts => hiera_array('cacti_hosts'),
vhost_name => 'cacti.openstack.org',
}
}
# Node-OS: xenial
node /^ethercalc\d+\.open.*\.org$/ {
$group = "ethercalc"
class { 'openstack_project::server': }
class { 'openstack_project::ethercalc':
vhost_name => 'ethercalc.openstack.org',
ssl_cert_file => '/etc/letsencrypt-certs/ethercalc.openstack.org/ethercalc.openstack.org.cer',
ssl_key_file => '/etc/letsencrypt-certs/ethercalc.openstack.org/ethercalc.openstack.org.key',
ssl_chain_file => '/etc/letsencrypt-certs/ethercalc.openstack.org/ca.cer',
}
}
# Node-OS: xenial
node /^wiki\d+\.openstack\.org$/ {
$group = "wiki"
class { 'openstack_project::wiki':
bup_user => 'bup-wiki',
serveradmin => hiera('infra_apache_serveradmin'),
site_hostname => 'wiki.openstack.org',
ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
ssl_key_file_contents => hiera('ssl_key_file_contents'),
ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
wg_dbserver => hiera('wg_dbserver'),
wg_dbname => 'openstack_wiki',
wg_dbuser => 'wikiuser',
wg_dbpassword => hiera('wg_dbpassword'),
wg_secretkey => hiera('wg_secretkey'),
wg_upgradekey => hiera('wg_upgradekey'),
wg_recaptchasitekey => hiera('wg_recaptchasitekey'),
wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),
wg_googleanalyticsaccount => hiera('wg_googleanalyticsaccount'),
}
}
# Node-OS: xenial
node /^wiki-dev\d+\.openstack\.org$/ {
$group = "wiki-dev"
class { 'openstack_project::wiki':
serveradmin => hiera('infra_apache_serveradmin'),
site_hostname => 'wiki-dev.openstack.org',
wg_dbserver => hiera('wg_dbserver'),
wg_dbname => 'openstack_wiki',
wg_dbuser => 'wikiuser',
wg_dbpassword => hiera('wg_dbpassword'),
wg_secretkey => hiera('wg_secretkey'),
wg_upgradekey => hiera('wg_upgradekey'),
wg_recaptchasitekey => hiera('wg_recaptchasitekey'),
wg_recaptchasecretkey => hiera('wg_recaptchasecretkey'),
disallow_robots => true,
}
}
# Node-OS: xenial
node /^logstash\d*\.open.*\.org$/ {
class { 'openstack_project::server': }
class { 'openstack_project::logstash':
discover_nodes => [
'elasticsearch03.openstack.org:9200',
'elasticsearch04.openstack.org:9200',
'elasticsearch05.openstack.org:9200',
'elasticsearch06.openstack.org:9200',
'elasticsearch07.openstack.org:9200',
'elasticsearch02.openstack.org:9200',
],
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
}
}
# Node-OS: xenial
node /^logstash-worker\d+\.open.*\.org$/ {
$group = 'logstash-worker'
$elasticsearch_nodes = [
'elasticsearch02.openstack.org',
'elasticsearch03.openstack.org',
'elasticsearch04.openstack.org',
'elasticsearch05.openstack.org',
'elasticsearch06.openstack.org',
'elasticsearch07.openstack.org',
]
class { 'openstack_project::server': }
class { 'openstack_project::logstash_worker':
discover_node => 'elasticsearch03.openstack.org',
enable_mqtt => false,
mqtt_password => hiera('mqtt_service_user_password'),
mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
}
}
# Node-OS: xenial
node /^subunit-worker\d+\.open.*\.org$/ {
$group = "subunit-worker"
class { 'openstack_project::server': }
class { 'openstack_project::subunit_worker':
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
mqtt_pass => hiera('mqtt_service_user_password'),
mqtt_ca_cert_contents => hiera('mosquitto_tls_ca_file'),
}
}
# Node-OS: xenial
node /^elasticsearch\d+\.open.*\.org$/ {
$group = "elasticsearch"
$elasticsearch_nodes = [
'elasticsearch02.openstack.org',
'elasticsearch03.openstack.org',
'elasticsearch04.openstack.org',
'elasticsearch05.openstack.org',
'elasticsearch06.openstack.org',
'elasticsearch07.openstack.org',
]
class { 'openstack_project::server': }
class { 'openstack_project::elasticsearch_node':
discover_nodes => $elasticsearch_nodes,
}
}
# A machine to run Storyboard
# Node-OS: xenial
node /^storyboard\d+\.opendev\.org$/ {
$group = "storyboard"
class { 'openstack_project::storyboard':
project_config_repo => 'https://opendev.org/openstack/project-config',
mysql_host => hiera('storyboard_db_host', 'localhost'),
mysql_user => hiera('storyboard_db_user', 'username'),
mysql_password => hiera('storyboard_db_password'),
rabbitmq_user => hiera('storyboard_rabbit_user', 'username'),
rabbitmq_password => hiera('storyboard_rabbit_password'),
ssl_cert => '/etc/letsencrypt-certs/storyboard.openstack.org/storyboard.openstack.org.cer',
ssl_key => '/etc/letsencrypt-certs/storyboard.openstack.org/storyboard.openstack.org.key',
ssl_ca => '/etc/letsencrypt-certs/storyboard.openstack.org/ca.cer',
hostname => 'storyboard.openstack.org',
valid_oauth_clients => ['storyboard.openstack.org',],
cors_allowed_origins => ['https://storyboard.openstack.org',],
sender_email_address => 'storyboard@storyboard.openstack.org',
default_url => 'https://storyboard.openstack.org',
}
}
# A machine to run Storyboard devel
# Node-OS: xenial
node /^storyboard-dev\d+\.opendev\.org$/ {
$group = "storyboard-dev"
class { 'openstack_project::storyboard::dev':
project_config_repo => 'https://opendev.org/openstack/project-config',
mysql_host => hiera('storyboard_db_host', 'localhost'),
mysql_user => hiera('storyboard_db_user', 'username'),
mysql_password => hiera('storyboard_db_password'),
rabbitmq_user => hiera('storyboard_rabbit_user', 'username'),
rabbitmq_password => hiera('storyboard_rabbit_password'),
hostname => 'storyboard-dev.openstack.org',
valid_oauth_clients => ['^.*',],
cors_allowed_origins => ['^.*',],
sender_email_address => 'storyboard-dev@storyboard-dev.openstack.org',
default_url => 'https://storyboard-dev.openstack.org',
}
}
# A machine to serve various project status updates.
# Node-OS: xenial
node /^status\d*\.open.*\.org$/ {
$group = 'status'
class { 'openstack_project::server': }
class { 'openstack_project::status':
gerrit_host => 'review.opendev.org',
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
reviewday_ssh_public_key => hiera('reviewday_rsa_pubkey_contents'),
reviewday_ssh_private_key => hiera('reviewday_rsa_key_contents'),
recheck_ssh_public_key => hiera('elastic-recheck_gerrit_ssh_public_key'),
recheck_ssh_private_key => hiera('elastic-recheck_gerrit_ssh_private_key'),
recheck_bot_nick => 'openstackrecheck',
recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'),
}
}
# Node-OS: xenial
node /^translate\d+\.open.*\.org$/ {
$group = "translate"
class { 'openstack_project::server': }
class { 'openstack_project::translate':
admin_users => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
openid_url => 'https://openstackid.org',
listeners => ['ajp'],
from_address => 'noreply@openstack.org',
mysql_host => hiera('translate_mysql_host', 'localhost'),
mysql_password => hiera('translate_mysql_password'),
zanata_server_user => hiera('proposal_zanata_user'),
zanata_server_api_key => hiera('proposal_zanata_api_key'),
zanata_wildfly_version => '10.1.0',
zanata_wildfly_install_url => 'https://repo1.maven.org/maven2/org/wildfly/wildfly-dist/10.1.0.Final/wildfly-dist-10.1.0.Final.tar.gz',
zanata_main_version => 4,
zanata_url => 'https://github.com/zanata/zanata-platform/releases/download/platform-4.3.3/zanata-4.3.3-wildfly.zip',
zanata_checksum => 'eaf8bd07401dade758b677007d2358f173193d17',
project_config_repo => 'https://opendev.org/openstack/project-config',
ssl_cert_file => '/etc/letsencrypt-certs/translate.openstack.org/translate.openstack.org.cer',
ssl_key_file => '/etc/letsencrypt-certs/translate.openstack.org/translate.openstack.org.key',
ssl_chain_file => '/etc/letsencrypt-certs/translate.openstack.org/ca.cer',
vhost_name => 'translate.openstack.org',
}
}
# Node-OS: xenial
node /^translate-dev\d*\.open.*\.org$/ {
$group = "translate-dev"
class { 'openstack_project::translate_dev':
admin_users => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
openid_url => 'https://id.openinfra.dev',
listeners => ['ajp'],
from_address => 'noreply@openstack.org',
mysql_host => hiera('translate_dev_mysql_host', 'localhost'),
mysql_password => hiera('translate_dev_mysql_password'),
zanata_server_user => hiera('proposal_zanata_user'),
zanata_server_api_key => hiera('proposal_zanata_api_key'),
project_config_repo => 'https://opendev.org/openstack/project-config',
vhost_name => 'translate-dev.openstack.org',
}
}
# vim:sw=2:ts=2:expandtab:textwidth=79