aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/nodes.pp
blob: f784154b7e78077c649701a7e7c992f04a434dd3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
# to not repeat the setting everywhere
Exec { path => "/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin/" }

# svn, big important server
node valstar {
# Location: IELO datacenter (marseille)
#
# TODO:
# - GIT server
# - setup youri
# - setup maintainers database (with web interface)
# - mirroring (Nanar)
#
    include common::default_mageia_server
    timezone::timezone { "Europe/Paris": }
    include main_mirror
    include openldap::master 
    include subversion::client
    include subversion::server
    include puppet::master
    include ssh::auth
    include ssh::auth::keymaster
    include buildsystem::mainnode
    include buildsystem::mgacreatehome
    include buildsystem::sync20101
    include buildsystem::release
    include softwarekey::base

    include access_classes::committers
    include restrictshell::allow_git
    include restrictshell::allow_svn
    include restrictshell::allow_pkgsubmit
    # disabled the ldap key here instead of disabling for the
    # whole module ( see r698 )
    class { "openssh::ssh_keys_from_ldap":
    	symlink_users => ['schedbot', 'iurt']
    }

    include mirror::mdv2010spring

    include repositories::subversion
    include repositories::git

    include websites::svn

    subversion::snapshot { "/etc/puppet":
        source => "svn://svn.mageia.org/svn/adm/puppet/"
    }
}

# web apps
node alamut {
# Location: IELO datacenter (marseille)
#
# TODO:
# - Review board
# - nagios
# - api
# - mail server
# - mailing list server
# - wiki
# - pastebin
# - LDAP slave
# 
    include common::default_mageia_server_no_smtp
    include postgresql::server
    postgresql::tagged { "default": }

    timezone::timezone { "Europe/Paris": }

    include catdap
    include mga-mirrors
    include epoll
    include transifex
    include bugzilla
    include sympa::server
    include postfix::primary_smtp

    # temporary, just the time the vm is running there
    host { 'friteuse':
        ip => '192.168.122.131',
        host_aliases => [ "friteuse.$domain", "forums.$domain" ],
        ensure => 'present',
    }

    # to create all phpbb database on alamut
    phpbb::databases { $fqdn: }

    apache::vhost_redirect_ssl { "forums.$domain": }
    apache::vhost_redirect { "forum.$domain":
    	url => "https://forums.$domain/",
    }
    apache::vhost_redirect { "ssl_forum.$domain":
    	url => "https://forums.$domain/",
	vhost => "forum.$domain",
	use_ssl => true,
    }

    # connect to ssl so the proxy do not shoke if trying to 
    # enforce ssl ( note that this has not been tested, maybe this
    # is uneeded )
    apache::vhost_reverse_proxy { "ssl_forums.$domain":
        url => "https://forums.$domain/",
        vhost => "forums.$domain",
        use_ssl => true,
    }

    include tld_redirections

    include libvirtd::kvm
    include lists
    include dns::server 
    include repositories::mirror
    include viewvc
    include xymon::server
    apache::vhost_simple { "xymon.$domain":
	location => "/var/lib/xymon/www",
    }
    include youri-check::report
}

# buildnode
node jonund {
# Location: IELO datacenter (marseille)
#
    include common::default_mageia_server
    include buildsystem::buildnode
    include buildsystem::iurt20101
    timezone::timezone { "Europe/Paris": }
    include shorewall
    include shorewall::default_firewall
    include testvm
}

node ecosse {
# Location: IELO datacenter (marseille)
#
    include common::default_mageia_server
    include buildsystem::buildnode
    timezone::timezone { "Europe/Paris": }
}

# backup server
node fiona {
# Location: IELO datacenter (marseille)
#
# TODO:
# - buy the server
# - install the server in datacenter
# - install a backup system
    include common::default_mageia_server
} 

# gandi-vm
node krampouezh {
# Location: gandi VM
#
# TODO:
# - secondary MX
# - LDAP slave (for external traffic maybe)
#
    #include common::default_mageia_server
    include common::default_mageia_server_no_smtp
    include postfix::secondary_smtp
    include blog::base
    include blog::db_backup
    include mysql::server
    include dns::server 
    timezone::timezone { "Europe/Paris": }

    openldap::slave_instance { "1":
        rid => 1,
    }

# Other services running on this server :
# - meetbot
}

node champagne {
# Location: gandi VM
#
# TODO:
# - setup mageia.org web site
# - setup blog
# - setup planet
#
    include common::default_mageia_server
    timezone::timezone { "Europe/Paris": }
    include blog::files-bots
    include blog::files_backup
    include planet
    include websites::static
    include websites::hugs
    include websites::releases
    include dashboard::base
    include access_classes::web
    include openssh::ssh_keys_from_ldap
}

node friteuse {
# Location: VM hosted by nfrance (toulouse)
# 
# TODO:
# - setup forum

    include common::default_mageia_server
    timezone::timezone { "Europe/Paris": }
    include forums
}

node rabbit {
# Location: Server offered by Dedibox (paris)
# 
# - used to create isos ( and live, and so on )
# 
    include common::default_mageia_server
    timezone::timezone { "Europe/Paris": }
    include bcd::base
    include bcd::web
    include bcd::rsync
    include draklive::base
    include access_classes::iso_makers
    include openssh::ssh_keys_from_ldap
    include mirror::mageia
    include mirror::newrelease
    include releasekey::base
    include youri-check::check

    # for testing iso quickly
    include libvirtd::kvm
    libvirtd::group_access { "mga-iso_makers": }

    # to ease the creation of test iso 
    $netinst_iso_path = "/var/lib/libvirt/netboot"

    file { $netinst_iso_path:
        ensure => directory,
    }

    libvirtd::storage { "netinst_iso":
        path => $netinst_iso_path,
        require => File[$netinst_iso_path],
    }

    include auto_installation::download
    auto_installation::download::netboot_images { "mandriva":
        path => $netinst_iso_path,
        versions => ["2010.0","2010.1"],
        archs => ['i586','x86_64'],
        mirror_path => "ftp://ftp.free.fr/pub/Distributions_Linux/MandrivaLinux/official/%{version}/%{arch}/install/images/",
        files => ['boot.iso'],
        require => File[$netinst_iso_path],
    }

    # for testing pxe support of libvirt
    libvirtd::network {"pxe_network":
        network => "192.168.123.0/24",
        tftp_root => $auto_installation::variables::pxe_dir,
        bridge_name => "virbr1",
    }

    include auto_installation::pxe_menu
    auto_installation::mandriva_installation_entry { "pxe_test":
        version => "2010.1",
        arch => "i586",
    }
}