diff options
Diffstat (limited to 'manifests')
25 files changed, 339 insertions, 212 deletions
diff --git a/manifests/defaults.pp b/manifests/defaults.pp index c7b0dd85..85f3f31c 100644 --- a/manifests/defaults.pp +++ b/manifests/defaults.pp @@ -29,3 +29,7 @@ User { Service { ensure => running, } + +Service { + provider => systemd, +} diff --git a/manifests/extlookup.pp b/manifests/extlookup.pp index 554958ed..0837818b 100644 --- a/manifests/extlookup.pp +++ b/manifests/extlookup.pp @@ -1,4 +1,4 @@ -# see http://www.devco.net/archives/2009/08/31/complex_data_and_puppet.php +# see https://www.devco.net/archives/2009/08/31/complex_data_and_puppet.php $extlookup_datadir = '/etc/puppet/extdata' $extlookup_precedence = ['%{fqdn}', 'common'] diff --git a/manifests/nodes/alamut.pp b/manifests/nodes/alamut.pp deleted file mode 100644 index bfa0d6f2..00000000 --- a/manifests/nodes/alamut.pp +++ /dev/null @@ -1,103 +0,0 @@ -# web apps -node alamut { -# Location: IELO datacenter (marseille) -# -# TODO: -# - Review board -# - api -# - pastebin -# - LDAP slave -# - include common::default_mageia_server_no_smtp - include postgresql::server - postgresql::tagged { 'default': } - - timezone::timezone { 'Europe/Paris': } - - include catdap - include mga-mirrors - include epoll - include transifex - include bugzilla - include sympa::server - include postfix::server::primary - - # temporary, just the time the vm is running there - host { 'friteuse': - ensure => 'present', - ip => '192.168.122.131', - host_aliases => [ "friteuse.$domain", "forums.$domain" ], - } - - # to create all phpbb database on alamut - phpbb::databases { $fqdn: } - - apache::vhost::redirect_ssl { "forums.$domain": } - apache::vhost_redirect { "forum.$domain": - url => "https://forums.$domain/", - } - apache::vhost_redirect { "ssl_forum.$domain": - url => "https://forums.$domain/", - vhost => "forum.$domain", - use_ssl => true, - } - - # connect to ssl so the proxy do not shoke if trying to - # enforce ssl ( note that this has not been tested, maybe this - # is uneeded ) - apache::vhost::reverse_proxy { "ssl_forums.$domain": - url => "https://forums.$domain/", - vhost => "forums.$domain", - use_ssl => true, - } - - include tld_redirections - - include libvirtd::kvm - include lists - include dns::server - include repositories::svn_mirror - include viewvc - - # disabled until fixed - #Enable back to test. - include repositories::git_mirror - include gitweb - - include xymon::server - apache::vhost_simple { "xymon.$domain": - location => '/var/lib/xymon/www', - } - - youri-check::report_www { 'check': } - - youri-check::config {'config_cauldron': - version => 'cauldron', - } - youri-check::report { 'report_cauldron': - version => 'cauldron', - hour => '*', - minute => '24' - } - - youri-check::config {'config_1': - version => '1', - } - youri-check::report {'report_1': - version => '1', - hour => '*', - minute => '54' - } - - youri-check::config {'config_2': - version => '2', - } - youri-check::report {'report_2': - version => '2', - hour => '*', - minute => '9' - } - - include wikis - include websites::perl -} diff --git a/manifests/nodes/armlet1.pp b/manifests/nodes/armlet1.pp new file mode 100644 index 00000000..0d731f08 --- /dev/null +++ b/manifests/nodes/armlet1.pp @@ -0,0 +1,7 @@ +node armlet1 { +# Location: Scaleway (Iliad/Online datacenter) +# + include common::default_mageia_server + include mga_buildsystem::buildnode + timezone::timezone { 'Europe/Paris': } +} diff --git a/manifests/nodes/armlet2.pp b/manifests/nodes/armlet2.pp new file mode 100644 index 00000000..7566249f --- /dev/null +++ b/manifests/nodes/armlet2.pp @@ -0,0 +1,7 @@ +node armlet2 { +# Location: Scaleway (Iliad/Online datacenter) +# + include common::default_mageia_server + include mga_buildsystem::buildnode + timezone::timezone { 'Europe/Paris': } +} diff --git a/manifests/nodes/champagne.pp b/manifests/nodes/champagne.pp deleted file mode 100644 index cc575d2b..00000000 --- a/manifests/nodes/champagne.pp +++ /dev/null @@ -1,22 +0,0 @@ -node champagne { -# Location: gandi VM -# - include common::default_mageia_server - timezone::timezone { 'Europe/Paris': } - include blog::files_bots - include blog::files_backup - include planet - include websites::static - include websites::hugs - include websites::releases - include websites::www - include websites::nav - include websites::doc - include websites::start - include dashboard - include access_classes::web - include openssh::ssh_keys_from_ldap - - # temporary protection for CVE-2011-3192 - include apache::cve-2011-3192 -} diff --git a/manifests/nodes/valstar.pp b/manifests/nodes/duvel.pp index c79f65af..772e43dc 100644 --- a/manifests/nodes/valstar.pp +++ b/manifests/nodes/duvel.pp @@ -1,5 +1,4 @@ -# svn, big important server -node valstar { +node duvel { # Location: IELO datacenter (marseille) # # TODO: @@ -10,16 +9,17 @@ node valstar { timezone::timezone { 'Europe/Paris': } include main_mirror include openldap::master + include git::client include subversion::client include subversion::server include puppet::master - include reports::ii + #include reports::ii - include ssh::auth - include ssh::auth::keymaster + include sshkeys::keymaster include mga_buildsystem::mainnode include softwarekey include mgasoft + include spec-tree-reports include access_classes::committers include restrictshell::allow_git @@ -27,25 +27,30 @@ node valstar { include restrictshell::allow_pkgsubmit include restrictshell::allow_maintdb include restrictshell::allow_upload_bin - # disabled the ldap key here instead of disabling for the - # whole module ( see r698 ) - class { 'openssh::ssh_keys_from_ldap': - symlink_users => ['schedbot', 'iurt'] - } - - include mirror::mdv2010spring + include openssh::ssh_keys_from_ldap include repositories::subversion - include repositories::git - include repositories::sparkleshare + + # include irkerd include websites::svn + include websites::git - subversion::snapshot { '/etc/puppet': - source => 'svn://svn.mageia.org/svn/adm/puppet/' + class { 'mga-advisories': + vhost => "advisories.${::domain}", + } + + git::snapshot { '/etc/puppet': + source => "git://git.${::domain}/infrastructure/puppet/" } mirror_cleaner::orphans { 'cauldron': base => '/distrib/bootstrap/distrib/', } + + class { 'mgagit': + ldap_server => "ldap.${::domain}", + binddn => 'cn=mgagit-valstar,ou=System Accounts,dc=mageia,dc=org', + bindpw => extlookup('mgagit_ldap','x'), + } } diff --git a/manifests/nodes/ec2aa1.pp b/manifests/nodes/ec2aa1.pp new file mode 100644 index 00000000..f000db8a --- /dev/null +++ b/manifests/nodes/ec2aa1.pp @@ -0,0 +1,7 @@ +node ec2aa1 { +# Location: Amazon (eu-central-1a) +# + include common::default_mageia_server + include mga_buildsystem::buildnode + timezone::timezone { 'Europe/Paris': } +} diff --git a/manifests/nodes/ec2aa2.pp b/manifests/nodes/ec2aa2.pp new file mode 100644 index 00000000..a4e1e27f --- /dev/null +++ b/manifests/nodes/ec2aa2.pp @@ -0,0 +1,7 @@ +node ec2aa2 { +# Location: Amazon (eu-central-1b) +# + include common::default_mageia_server + include mga_buildsystem::buildnode + timezone::timezone { 'Europe/Paris': } +} diff --git a/manifests/nodes/ec2aa3.pp b/manifests/nodes/ec2aa3.pp new file mode 100644 index 00000000..763675d7 --- /dev/null +++ b/manifests/nodes/ec2aa3.pp @@ -0,0 +1,7 @@ +node ec2aa3 { +# Location: Amazon (eu-central-1b) +# + include common::default_mageia_server + include mga_buildsystem::buildnode + timezone::timezone { 'Europe/Paris': } +} diff --git a/manifests/nodes/ec2x1.pp b/manifests/nodes/ec2x1.pp new file mode 100644 index 00000000..4a0f5a0f --- /dev/null +++ b/manifests/nodes/ec2x1.pp @@ -0,0 +1,7 @@ +node ec2x1 { +# Location: Amazon (eu-central-1b) +# + include common::default_mageia_server + include mga_buildsystem::buildnode + timezone::timezone { 'Europe/Paris': } +} diff --git a/manifests/nodes/ec2x2.pp b/manifests/nodes/ec2x2.pp new file mode 100644 index 00000000..bf25cf8e --- /dev/null +++ b/manifests/nodes/ec2x2.pp @@ -0,0 +1,7 @@ +node ec2x2 { +# Location: Amazon (eu-central-1a) +# + include common::default_mageia_server + include mga_buildsystem::buildnode + timezone::timezone { 'Europe/Paris': } +} diff --git a/manifests/nodes/ecosse.pp b/manifests/nodes/ecosse.pp index a106d0ed..c7fa95e5 100644 --- a/manifests/nodes/ecosse.pp +++ b/manifests/nodes/ecosse.pp @@ -2,6 +2,6 @@ node ecosse { # Location: IELO datacenter (marseille) # include common::default_mageia_server - include buildsystem::buildnode + include mga_buildsystem::buildnode timezone::timezone { 'Europe/Paris': } } diff --git a/manifests/nodes/fiona.pp b/manifests/nodes/fiona.pp index bb533586..2093001a 100644 --- a/manifests/nodes/fiona.pp +++ b/manifests/nodes/fiona.pp @@ -6,5 +6,5 @@ node fiona { # - install a backup system include common::default_mageia_server timezone::timezone { 'Europe/Paris': } - include backups::server +# include backups::server } diff --git a/manifests/nodes/friteuse.pp b/manifests/nodes/friteuse.pp index 9c0fdde1..b096021e 100644 --- a/manifests/nodes/friteuse.pp +++ b/manifests/nodes/friteuse.pp @@ -1,5 +1,5 @@ node friteuse { -# Location: VM hosted by nfrance (toulouse) +# Location: VM hosted on sucuk # include common::default_mageia_server timezone::timezone { 'Europe/Paris': } diff --git a/manifests/nodes/jonund.pp b/manifests/nodes/jonund.pp deleted file mode 100644 index ff448844..00000000 --- a/manifests/nodes/jonund.pp +++ /dev/null @@ -1,11 +0,0 @@ -# buildnode -node jonund { -# Location: IELO datacenter (marseille) -# - include common::default_mageia_server - include buildsystem::buildnode - include buildsystem::iurt20101 - timezone::timezone { 'Europe/Paris': } -# include shorewall -# include shorewall::default_firewall -} diff --git a/manifests/nodes/krampouezh.pp b/manifests/nodes/krampouezh.pp deleted file mode 100644 index 52fd93f5..00000000 --- a/manifests/nodes/krampouezh.pp +++ /dev/null @@ -1,27 +0,0 @@ -# gandi-vm -node krampouezh { -# Location: gandi VM -# -# - #include common::default_mageia_server - include common::default_mageia_server_no_smtp - include postfix::server::secondary - include blog::base - include blog::db_backup - include mysql::server - include dns::server - timezone::timezone { 'Europe/Paris': } - - openldap::slave_instance { '1': - rid => 1, - } - - # http server for meetbot logs - include apache::base - - # temporary protection for CVE-2011-3192 - include apache::cve-2011-3192 - -# Other services running on this server : -# - meetbot -} diff --git a/manifests/nodes/arm2.pp b/manifests/nodes/ncaa1.pp index 2cd94b71..b512939a 100644 --- a/manifests/nodes/arm2.pp +++ b/manifests/nodes/ncaa1.pp @@ -1,5 +1,7 @@ -node arm2 { -# Location: IELO datacenter (marseille) +node ncaa1 { +# Location: Netcup, Vienna +# include common::default_mageia_server + include mga_buildsystem::buildnode timezone::timezone { 'Europe/Paris': } } diff --git a/manifests/nodes/neru.pp b/manifests/nodes/neru.pp new file mode 100644 index 00000000..66958059 --- /dev/null +++ b/manifests/nodes/neru.pp @@ -0,0 +1,45 @@ +node neru { +# Location: Scaleway Paris +# + include common::default_mageia_server_no_smtp + timezone::timezone { 'Europe/Paris': } + include postfix::server::secondary + include blog::base + include blog::db_backup + include blog::files_bots + include blog::files_backup + include mysql::server + include dns::server + + include planet + include websites::archives + include websites::static + include websites::hugs + include websites::releases + include websites::www + include websites::doc + include websites::start + include websites::meetbot + include dashboard + include access_classes::web + include openssh::ssh_keys_from_ldap + + # temporary redirects for madb (2024-11) until it gets hosted on Mageia infra + apache::vhost_redirect { "madb.${::domain}": + url => "https://madb.mageialinux-online.org/", + } + apache::vhost_redirect { "ssl_madb.${::domain}": + use_ssl => true, + vhost => "madb.${::domain}", + url => "https://madb.mageialinux-online.org/", + } + + openldap::slave_instance { '1': + rid => 1, + } + + # http server for meetbot logs + include apache::base +} +# Other services running on this server : +# - meetbot diff --git a/manifests/nodes/arm1.pp b/manifests/nodes/ociaa1.pp index 6409f9b4..ce476665 100644 --- a/manifests/nodes/arm1.pp +++ b/manifests/nodes/ociaa1.pp @@ -1,5 +1,7 @@ -node arm1 { -# Location: IELO datacenter (marseille) +node ociaa1 { +# Location: ? +# include common::default_mageia_server + include mga_buildsystem::buildnode timezone::timezone { 'Europe/Paris': } } diff --git a/manifests/nodes/pktaa1.pp b/manifests/nodes/pktaa1.pp new file mode 100644 index 00000000..31f649c4 --- /dev/null +++ b/manifests/nodes/pktaa1.pp @@ -0,0 +1,7 @@ +node pktaa1 { +# Location: Equinix Metal / SV - SJC1 +# + include common::default_mageia_server + include mga_buildsystem::buildnode + timezone::timezone { 'Europe/Paris': } +} diff --git a/manifests/nodes/rabbit.pp b/manifests/nodes/rabbit.pp index 8906de0c..2436219b 100644 --- a/manifests/nodes/rabbit.pp +++ b/manifests/nodes/rabbit.pp @@ -1,14 +1,16 @@ node rabbit { -# Location: Server offered by Dedibox (paris) +# Location: IELO datacenter (marseille) # # - used to create isos ( and live, and so on ) # include common::default_mageia_server timezone::timezone { 'Europe/Paris': } include bcd::base - include bcd::web + #include bcd::web include bcd::rsync + include mga_buildsystem::buildnode include draklive + include git::svn include access_classes::iso_makers include openssh::ssh_keys_from_ldap # include mirror::mageia @@ -19,31 +21,12 @@ node rabbit { } youri-check::check {'check_cauldron': version => 'cauldron', - hour => '*', - minute => 4 - } - - youri-check::config {'config_1': - version => '1', - } - youri-check::check {'check_1': - version => '1', - hour => '*/2', + hour => '1-23/2', minute => 30 } - youri-check::config {'config_2': - version => '2', - } - - youri-check::check {'check_2': - version => '2', - hour => '*/2', - minute => 45 - } - # for testing iso quickly - include libvirtd::kvm - libvirtd::group_access { 'mga-iso_makers': } + # include libvirtd::kvm + # libvirtd::group_access { 'mga-iso_makers': } } diff --git a/manifests/nodes/sucuk.pp b/manifests/nodes/sucuk.pp index 9789fd97..e56fd113 100644 --- a/manifests/nodes/sucuk.pp +++ b/manifests/nodes/sucuk.pp @@ -1,9 +1,131 @@ # server for various task node sucuk { # Location: IELO datacenter (marseille) - include common::default_mageia_server + include common::default_mageia_server_no_smtp timezone::timezone { 'Europe/Paris': } include openssh::ssh_keys_from_ldap include access_classes::admin + + include postgresql::server + postgresql::tagged { 'default': } + + class {'epoll::var': + db_password => extlookup('epoll_pgsql','x'), + password => extlookup('epoll_password','x'), + } + + #include epoll + #include epoll::create_db + + include sympa::server + include postfix::server::primary + include lists + + include catdap + include mga-mirrors + + include wikis + include websites::perl + include websites::www + include websites::nav + + include bugzilla + + # gitweb + include repositories::git_mirror + include cgit + include gitmirror + + include repositories::svn_mirror + include viewvc + +# include mirrorbrain + + include dns::server + + include xymon::server + apache::vhost_simple { "xymon.${::domain}": + location => '/usr/share/xymon/www', + } + + class { 'mgapeople': + ldap_server => "ldap.${::domain}", + binddn => 'cn=mgapeople-alamut,ou=System Accounts,dc=mageia,dc=org', + bindpw => extlookup('mgapeople_ldap','x'), + vhost => "people.${::domain}", + vhostdir => "/var/www/vhosts/people.${::domain}", + maintdburl => "https://pkgsubmit.${::domain}/data/maintdb.txt", + } + + class { 'mga-treasurer': + vhost => "treasurer.${::domain}", + vhostdir => "/var/www/vhosts/treasurer.${::domain}", + } + + youri-check::report_www { 'check': } + + youri-check::createdb_user {'config_cauldron': + version => 'cauldron', + } + + youri-check::config {'config_cauldron': + version => 'cauldron', + } + youri-check::report { 'report_cauldron': + version => 'cauldron', + hour => '*/2', + minute => '0' + } + + youri-check::createdb_user {'config_9': + version => '9', + } + + youri-check::config {'config_9': + version => '9', + } + + youri-check::report {'report_9': + version => '9', + hour => '*/4', + minute => '56' + } + + include tld_redirections + + # temporary, just the time the vm is running there + host { 'friteuse': + ensure => 'present', + ip => '192.168.122.131', + host_aliases => [ "friteuse.${::domain}", "forums.${::domain}" ], + } + + # to create all phpbb database on sucuk + phpbb::databases { $fqdn: } + + apache::vhost::redirect_ssl { "forums.${::domain}": } + apache::vhost_redirect { "forum.${::domain}": + url => "https://forums.${::domain}/", + } + apache::vhost_redirect { "ssl_forum.${::domain}": + url => "https://forums.${::domain}/", + vhost => "forum.${::domain}", + use_ssl => true, + } + + # forums is running in a VM on the machine so https: isn't necessary + apache::vhost::reverse_proxy { "ssl_forums.${::domain}": + url => "http://forums.${::domain}/", + vhost => "forums.${::domain}", + use_ssl => true, + content => ' + RewriteEngine On + RewriteCond %{QUERY_STRING} mode=register + RewriteRule .*ucp.php - [forbidden] + ', + } + + include libvirtd::kvm + } diff --git a/manifests/nodes_ip.pp b/manifests/nodes_ip.pp new file mode 100644 index 00000000..38553b61 --- /dev/null +++ b/manifests/nodes_ip.pp @@ -0,0 +1,70 @@ +# Nodes IP addresses + +$nodes_ipaddr = { + neru => { + ipv4 => '163.172.148.228', + ipv6 => '2001:bc8:710:175f:dc00:ff:fe2d:c0ff', + }, + ecosse => { + ipv4 => '212.85.158.148', + ipv6 => '2a02:2178:2:7::4', + }, + fiona => { + ipv4 => '212.85.158.150', + ipv6 => '2a02:2178:2:7::6', + }, + sucuk => { + ipv4 => '212.85.158.151', + ipv6 => '2a02:2178:2:7::7', + }, + rabbit => { + ipv4 => '212.85.158.152', + ipv6 => '2a02:2178:2:7::8', + }, + duvel => { + ipv4 => '212.85.158.153', + ipv6 => '2a02:2178:2:7::9', + }, + armlet1 => { + ipv4 => '163.172.148.228', + }, + armlet2 => { + ipv4 => '163.172.148.228', + }, + friteuse => { + ipv4 => '192.168.122.131', + }, + ec2aa1 => { + ipv6 => '2a05:d014:e9:2c02:98ca:ec83:c601:371a', + }, + ec2aa2 => { + ipv6 => '2a05:d014:e9:2c03:b7e1:fda8:eab9:6692', + }, + ec2aa3 => { + ipv6 => '2a05:d014:e9:2c03:17a8:1204:6df6:662c', + }, + ec2aaauto => { + ipv6 => '2a05:d014:e9:2c03:c80d:e2d9:658d:4c28', + }, + ec2x1 => { + ipv6 => '2a05:d014:e9:2c03:ce2e:f80a:bc2b:da0d', + }, + ec2x2 => { + ipv6 => '2a05:d014:e9:2c02:42e4:6e93:ed55:7b2a', + }, + pktaa1 => { + ipv4 => '147.75.69.246', + }, + ociaa1 => { + ipv6 => '2603:c026:c101:f00::1:1', + }, + ociaa2 => { + ipv6 => '2603:c026:c101:f00::1:2', + }, + ncaa1 => { + ipv4 => '89.58.19.166', + ipv6 => '2a0a:4cc0:0:61c::1', + } +} + +# vim: sw=2 diff --git a/manifests/site.pp b/manifests/site.pp index 581dc87b..376c4213 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1,3 +1,4 @@ import 'extlookup' import 'defaults' +import 'nodes_ip' import 'nodes' |