diff --git a/data/hostname/db0.internal.staging.swh.network.yaml b/data/hostname/db0.internal.staging.swh.network.yaml index bb4ecf75..79f13df8 100644 --- a/data/hostname/db0.internal.staging.swh.network.yaml +++ b/data/hostname/db0.internal.staging.swh.network.yaml @@ -1,64 +1,63 @@ --- networks: - default: - interface: eth0 + eth0: address: 192.168.128.3 netmask: 255.255.255.0 gateway: 192.168.128.1 swh::dbs: storage: name: swh user: swh indexer::storage: name: swh-indexer user: swh-indexer scheduler: name: swh-scheduler user: swh-scheduler vault: name: swh-vault user: swh-vault lister: name: swh-lister user: swh-lister postgres::server::port: 5433 postgres::server::listen_addresses: - localhost - 192.168.128.3 postgres::server::network_access: - 192.168.100.0/24 - 192.168.128.0/24 pgbouncer::auth_hba_file: /etc/postgresql/11/main/pg_hba.conf pgbouncer::listen_addr: 192.168.128.3 pgbouncer::databases: - source_db: swh host: localhost auth_user: postgres port: 5433 alias: staging-swh - source_db: swh-indexer host: localhost auth_user: postgres port: 5433 alias: staging-swh-indexer - source_db: swh-scheduler host: localhost auth_user: postgres port: 5433 alias: staging-swh-scheduler - source_db: swh-vault host: localhost auth_user: postgres port: 5433 alias: staging-swh-vault - source_db: swh-lister host: localhost auth_user: postgres port: 5433 alias: staging-swh-lister backups::exclude: - srv/softwareheritage/postgres diff --git a/data/hostname/deposit.internal.staging.swh.network.yaml b/data/hostname/deposit.internal.staging.swh.network.yaml index fbf9a91f..a7ce1f72 100644 --- a/data/hostname/deposit.internal.staging.swh.network.yaml +++ b/data/hostname/deposit.internal.staging.swh.network.yaml @@ -1,46 +1,45 @@ networks: - default: - interface: eth0 + eth0: address: 192.168.128.7 netmask: 255.255.255.0 gateway: 192.168.128.1 ## db setup postgres::server::port: 5433 postgres::server::listen_addresses: - localhost - 192.168.128.7 postgres::server::network_access: - 192.168.100.0/24 - 192.168.128.0/24 # Dbs to create swh::dbs: deposit: name: swh-deposit user: swh-deposit pgbouncer::auth_hba_file: /etc/postgresql/11/main/pg_hba.conf pgbouncer::listen_addr: 192.168.128.7 pgbouncer::databases: - source_db: swh-deposit host: localhost auth_user: postgres port: 5433 alias: staging-swh-deposit ## frontend hitch::frontend: "[*]:443" hitch::proxy_support: true varnish::http_port: 80 apache::http_port: 9080 # Disable default vhost on port 80 apache::default_vhost: false ## deposit swh::deploy::deposit::media_root_directory: /srv/softwareheritage/deposit diff --git a/data/hostname/gateway.internal.staging.swh.network.yaml b/data/hostname/gateway.internal.staging.swh.network.yaml index 372235e4..5dc354ac 100644 --- a/data/hostname/gateway.internal.staging.swh.network.yaml +++ b/data/hostname/gateway.internal.staging.swh.network.yaml @@ -1,23 +1,19 @@ --- networks: - default: - interface: eth0 + eth0: address: 192.168.100.125 netmask: 255.255.255.0 gateway: 192.168.100.1 ups: - 'iptables -t nat -A POSTROUTING -s 192.168.128.0/24 -o eth0 -j MASQUERADE' downs: - 'iptables -t nat -F' - private: - interface: eth1 + eth1: address: 192.168.128.1 netmask: 255.255.255.0 - ups: [] - downs: [] networks::private_routes: vpn: enabled: false azure: enabled: false diff --git a/data/hostname/moma.softwareheritage.org.yaml b/data/hostname/moma.softwareheritage.org.yaml index c1dd2f5a..3e80790b 100644 --- a/data/hostname/moma.softwareheritage.org.yaml +++ b/data/hostname/moma.softwareheritage.org.yaml @@ -1,31 +1,30 @@ networks: - private: - interface: eth1 - address: 192.168.100.31 - netmask: 255.255.255.0 - gateway: 192.168.100.1 - default: - interface: eth0 + eth0: address: 128.93.193.31 netmask: 255.255.255.0 gateway: 128.93.193.254 + eth1: + type: private + address: 192.168.100.31 + netmask: 255.255.255.0 + gateway: 192.168.100.1 backups::exclude: - var/lib/rabbitmq swh::deploy::storage::db::host: db.internal.softwareheritage.org hitch::frontend: "[*]:443" hitch::proxy_support: true varnish::http_port: 80 apache::http_port: 9080 # Disabled as it seems to be flaky #hitch::http2_support: true #varnish::http2_support: true # Disable default vhost on port 80 apache::default_vhost: false swh::remote_service::storage::config: "%{alias('swh::remote_service::storage::config::localhost')}" diff --git a/data/hostname/pergamon.softwareheritage.org.yaml b/data/hostname/pergamon.softwareheritage.org.yaml index 03090e0c..ec60dc6b 100644 --- a/data/hostname/pergamon.softwareheritage.org.yaml +++ b/data/hostname/pergamon.softwareheritage.org.yaml @@ -1,74 +1,73 @@ dns::local_cache: false # Overrides for primary bind server bind::zones::type: master smtp::relay_destinations: - destination: "%{hiera('phabricator::vhost::name')}" route: smtp:[tate.internal.softwareheritage.org] smtp::mynetworks: - 127.0.0.0/8 - "[::ffff:127.0.0.0]/104" - "[::1]/128" - 192.168.100.0/23 - 192.168.200.0/21 networks: - private: - interface: eth1 - address: 192.168.100.29 - netmask: 255.255.255.0 - gateway: 192.168.100.1 - default: - interface: eth0 + eth0: address: 128.93.193.29 netmask: 255.255.255.0 gateway: 128.93.193.254 + eth1: + type: private + address: 192.168.100.29 + netmask: 255.255.255.0 + gateway: 192.168.100.1 networks::private_routes: staging: enabled: true # Set apache MPM to prefork apache::mpm_module: prefork backups::exclude: - srv/softwareheritage/annex/annexroot - srv/softwareheritage/bitbucket-archive - var/lib/prometheus icinga2::role: master icinga2::features: - checker - mainlog - notification - statusdata - compatlog - command systemd_journal::role: collector users: jenkins-push-docs: uid: 3000 full_name: Jenkins Documentation Push user shell: /bin/bash authorized_keys: jenkins-push-docs@thyssen: type: ssh-rsa key: AAAAB3NzaC1yc2EAAAADAQABAAACAQDWk4WLCNPdSthCdYSDGP7UEIzrBigy2q74ux6OjxSd7SxUKObbsVJeV1MLxIrK3DALQEGZuNUn8hPH6NnyuRBoY+5b7KJ1uV4UAZc4CctxLrrq81cS4x71wU6bzNlZH8DFZa5s0WFnskzg1X5KvyNDj/EdJ8a1TbL/wtj8dPw9odcCw82uqT9Dookvn+yAJ6Lld4MJYy03TfQGCufq2aRRbe/wwNTgL01g3FOuOpaXgmNGGyPpUae290M3+2/slqnHmTDTabnAwDFGfgdX3EIZ2janNJN1j9/5sqDmRQt/cpc5GXfZkpuEIm6+PBj2EWPpHuOUOCAJOQ8u/x2m+v1JJ7qtEmp4sKGqRddUROsWJD73z6XA/p3Xd+nfSrxgnFpW/38upttkqh1OVZshv0+8RijK9Ve5NTU2tIQXmFyYniHUJ8CYpDJug/0pOWNy8Jasqk8jt2Qm5mwR4q9v47PR413KAv+mr/VrhECJKbfoExf3djNYekXtYwD/L45dKg2ogFiZOHgzJSqtoUlIy6RY6ylo1/u3PZY+g3HpcDUYCjNigO8Wwc4ACYIS+DvPRYm0/6+rGl/GoHcgWV4sFKXZCkcGPikL/ECIB6i5AFBKArEYtijN86lhw+dKDEEjQHrURqGMkX2v2TQ37KRSVDY7YoC7Bn+aKWKPGvlR0l9nuw== boatbucket: uid: 1002 full_name: Bitbucket Life Raft shell: /bin/bash groups: jenkins-push-docs: gid: 3000 boatbucket: gid: 1024 diff --git a/data/hostname/scheduler0.internal.staging.swh.network.yaml b/data/hostname/scheduler0.internal.staging.swh.network.yaml index c783a906..39deb577 100644 --- a/data/hostname/scheduler0.internal.staging.swh.network.yaml +++ b/data/hostname/scheduler0.internal.staging.swh.network.yaml @@ -1,16 +1,15 @@ networks: - default: - interface: eth0 + eth0: address: 192.168.128.4 netmask: 255.255.255.0 gateway: 192.168.128.1 backups::exclude: - var/lib/rabbitmq swh::postgres::service::users: - swhscheduler swh::deploy::scheduler::remote::backend::listen::host: 0.0.0.0 swh::deploy::scheduler::task_broker: "amqp://guest:guest@127.0.0.1:5672/%2f" diff --git a/data/hostname/storage0.internal.staging.swh.network.yaml b/data/hostname/storage0.internal.staging.swh.network.yaml index 6c02e84a..8dba8deb 100644 --- a/data/hostname/storage0.internal.staging.swh.network.yaml +++ b/data/hostname/storage0.internal.staging.swh.network.yaml @@ -1,48 +1,47 @@ networks: - default: - interface: eth0 + eth0: address: 192.168.128.2 netmask: 255.255.255.0 gateway: 192.168.128.1 swh::postgres::service::users: - swhstorage # open objstorage api swh::deploy::objstorage::backend::listen::host: 0.0.0.0 swh::deploy::objstorage::backend::workers: 4 swh::deploy::objstorage::directory: "%{hiera('swh::deploy::storage::directory')}" swh::deploy::objstorage::slicing: 0:1/1:5 swh::remote_service::objstorage::config: cls: pathslicing args: root: "%{hiera('swh::deploy::storage::directory')}" slicing: "%{hiera('swh::deploy::objstorage::slicing')}" # Deploy the storage server as a public resource swh::deploy::storage::backend::listen::host: 0.0.0.0 swh::deploy::storage::backend::workers: 4 swh::deploy::storage::backend::max_requests: 100 swh::deploy::storage::backend::max_requests_jitter: 10 # Deploy the indexer storage server as a public resource swh::deploy::indexer::storage::backend::listen::host: 0.0.0.0 swh::deploy::indexer::storage::backend::workers: 4 nginx::worker_processes: 4 swh::deploy::storage::config: storage: cls: local args: db: "host=%{hiera('swh::deploy::storage::db::host')} port=%{hiera('swh::deploy::storage::db::port')} user=%{hiera('swh::deploy::storage::db::user')} dbname=%{hiera('swh::deploy::storage::db::dbname')} password=%{hiera('swh::deploy::storage::db::password')}" objstorage: "%{alias('swh::remote_service::objstorage::config')}" journal_writer: cls: kafka args: brokers: "%{alias('swh::deploy::journal::brokers')}" prefix: "%{alias('swh::deploy::journal::prefix')}" client_id: "swh.storage.journal_writer.%{::swh_hostname.short}" producer_config: message.max.bytes: 1000000000 diff --git a/data/hostname/tate.softwareheritage.org.yaml b/data/hostname/tate.softwareheritage.org.yaml index 37ab6d71..91486a42 100644 --- a/data/hostname/tate.softwareheritage.org.yaml +++ b/data/hostname/tate.softwareheritage.org.yaml @@ -1,36 +1,35 @@ smtp::virtual_aliases: - destination: "@%{hiera('phabricator::vhost::name')}" alias: "%{hiera('phabricator::user')}" smtp::mail_aliases: - user: "%{hiera('phabricator::user')}" aliases: - "| %{hiera('phabricator::basepath')}/phabricator/scripts/mail/mail_handler.php" ssh::port: 2222 networks: - private: - interface: eth1 - address: 192.168.100.30 - netmask: 255.255.255.0 - gateway: 192.168.100.1 - default: - interface: eth0 + eth0: address: 128.93.193.30 netmask: 255.255.255.0 gateway: 128.93.193.254 + eth1: + type: private + address: 192.168.100.30 + netmask: 255.255.255.0 + gateway: 192.168.100.1 apache::rewrite_domains: # Must have matching certificates in letsencrypt::certificates wg.softwareheritage.org: rewrites: - "^.*$ https://wiki.softwareheritage.org/index.php?title=Working_groups" git.softwareheritage.org: rewrites: - "^.*$ https://forge.softwareheritage.org/" backups::exclude: - /var/lib/mysql diff --git a/data/hostname/webapp.internal.staging.swh.network.yaml b/data/hostname/webapp.internal.staging.swh.network.yaml index c9d0009b..a4f4dfca 100644 --- a/data/hostname/webapp.internal.staging.swh.network.yaml +++ b/data/hostname/webapp.internal.staging.swh.network.yaml @@ -1,62 +1,61 @@ networks: - default: - interface: eth0 + eth0: address: 192.168.128.8 netmask: 255.255.255.0 gateway: 192.168.128.1 hitch::frontend: "[*]:443" hitch::proxy_support: true varnish::http_port: 80 apache::http_port: 9080 # Disable default vhost on port 80 apache::default_vhost: false swh::deploy::webapp::backend::workers: 16 swh::deploy::webapp::backend::http_keepalive: 5 swh::deploy::webapp::backend::http_timeout: 3600 swh::deploy::webapp::backend::reload_mercy: 3600 swh::deploy::webapp::config::throttling: cache_uri: "%{hiera('memcached::server::bind')}:%{hiera('memcached::server::port')}" scopes: swh_api: limiter_rate: default: 120/h exempted_networks: - 127.0.0.0/8 - 192.168.100.0/23 - 129.168.128.0/24 swh_api_origin_search: limiter_rate: default: 10/m swh_api_origin_visit_latest: # This endpoint gets called a lot (by default, up to 70 times # per origin search), so it deserves a much higher rate-limit # than the rest of the API. limiter_rate: default: 700/m exempted_networks: - 127.0.0.0/8 - 192.168.100.0/23 - 192.168.128.0/24 swh_vault_cooking: limiter_rate: default: 120/h GET: 60/m exempted_networks: - 127.0.0.0/8 - 192.168.100.0/23 - 192.168.128.0/24 swh_save_origin: limiter_rate: default: 120/h POST: 10/h exempted_networks: - 127.0.0.0/8 - 192.168.100.0/23 - 129.168.128.0/24 swh::deploy::webapp::config::keycloak: server_url: "https://%{hiera('keycloak::vhost::name')}/auth/" realm_name: SoftwareHeritageStaging diff --git a/data/hostname/worker0.internal.staging.swh.network.yaml b/data/hostname/worker0.internal.staging.swh.network.yaml index 00c851b8..516e7178 100644 --- a/data/hostname/worker0.internal.staging.swh.network.yaml +++ b/data/hostname/worker0.internal.staging.swh.network.yaml @@ -1,6 +1,5 @@ networks: - default: - interface: eth0 + eth0: address: 192.168.128.5 netmask: 255.255.255.0 gateway: 192.168.128.1 diff --git a/data/hostname/worker01.softwareheritage.org.yaml b/data/hostname/worker01.softwareheritage.org.yaml index 62a1329c..5c8e9c91 100644 --- a/data/hostname/worker01.softwareheritage.org.yaml +++ b/data/hostname/worker01.softwareheritage.org.yaml @@ -1,24 +1,23 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.21 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.21 netmask: 255.255.255.0 gateway: 128.93.193.254 swh::deploy::worker::lister::concurrency: 1 swh::deploy::worker::lister::config: storage: "%{alias('swh::remote_service::storage::config::writable')}" scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}" lister: "%{alias('swh::deploy::lister::db::local')}" celery: task_broker: "%{alias('swh::deploy::worker::task_broker')}" task_queues: - swh.lister.github.tasks.RangeGitHubLister - swh.lister.github.tasks.FullGitHubRelister credentials: "%{alias('swh::deploy::worker::lister::config::credentials')}" diff --git a/data/hostname/worker02.softwareheritage.org.yaml b/data/hostname/worker02.softwareheritage.org.yaml index d01d846f..4e324304 100644 --- a/data/hostname/worker02.softwareheritage.org.yaml +++ b/data/hostname/worker02.softwareheritage.org.yaml @@ -1,23 +1,22 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.22 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.22 netmask: 255.255.255.0 gateway: 128.93.193.254 swh::deploy::worker::lister::concurrency: 1 swh::deploy::worker::lister::config: storage: "%{alias('swh::remote_service::storage::config::writable')}" scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}" lister: "%{alias('swh::deploy::lister::db::local')}" celery: task_broker: "%{alias('swh::deploy::worker::task_broker')}" task_queues: - swh.lister.github.tasks.IncrementalGitHubLister credentials: "%{alias('swh::deploy::worker::lister::config::credentials')}" diff --git a/data/hostname/worker03.softwareheritage.org.yaml b/data/hostname/worker03.softwareheritage.org.yaml index 7f5c8f52..3f560bfb 100644 --- a/data/hostname/worker03.softwareheritage.org.yaml +++ b/data/hostname/worker03.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.23 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.23 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker04.softwareheritage.org.yaml b/data/hostname/worker04.softwareheritage.org.yaml index 8a9f069f..df03c87a 100644 --- a/data/hostname/worker04.softwareheritage.org.yaml +++ b/data/hostname/worker04.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.24 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.24 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker05.softwareheritage.org.yaml b/data/hostname/worker05.softwareheritage.org.yaml index e0a6ab6d..5d4355bb 100644 --- a/data/hostname/worker05.softwareheritage.org.yaml +++ b/data/hostname/worker05.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.25 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.25 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker06.softwareheritage.org.yaml b/data/hostname/worker06.softwareheritage.org.yaml index ace4048f..095f536a 100644 --- a/data/hostname/worker06.softwareheritage.org.yaml +++ b/data/hostname/worker06.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.26 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.26 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker07.softwareheritage.org.yaml b/data/hostname/worker07.softwareheritage.org.yaml index 01333d9d..172d1eb0 100644 --- a/data/hostname/worker07.softwareheritage.org.yaml +++ b/data/hostname/worker07.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.27 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.27 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker08.softwareheritage.org.yaml b/data/hostname/worker08.softwareheritage.org.yaml index 596ba3b2..31298352 100644 --- a/data/hostname/worker08.softwareheritage.org.yaml +++ b/data/hostname/worker08.softwareheritage.org.yaml @@ -1,14 +1,13 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.28 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.28 netmask: 255.255.255.0 gateway: 128.93.193.254 backups::select: - home diff --git a/data/hostname/worker09.softwareheritage.org.yaml b/data/hostname/worker09.softwareheritage.org.yaml index 32d8cd27..09d841b1 100644 --- a/data/hostname/worker09.softwareheritage.org.yaml +++ b/data/hostname/worker09.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.35 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.35 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker1.internal.staging.swh.network.yaml b/data/hostname/worker1.internal.staging.swh.network.yaml index 6551b050..c31da8de 100644 --- a/data/hostname/worker1.internal.staging.swh.network.yaml +++ b/data/hostname/worker1.internal.staging.swh.network.yaml @@ -1,6 +1,5 @@ networks: - default: - interface: eth0 + eth0: address: 192.168.128.6 netmask: 255.255.255.0 gateway: 192.168.128.1 diff --git a/data/hostname/worker10.softwareheritage.org.yaml b/data/hostname/worker10.softwareheritage.org.yaml index 694b4a4b..4efceff7 100644 --- a/data/hostname/worker10.softwareheritage.org.yaml +++ b/data/hostname/worker10.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.36 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.36 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker11.softwareheritage.org.yaml b/data/hostname/worker11.softwareheritage.org.yaml index 15367b57..5f2fa9f8 100644 --- a/data/hostname/worker11.softwareheritage.org.yaml +++ b/data/hostname/worker11.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.37 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.37 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker12.softwareheritage.org.yaml b/data/hostname/worker12.softwareheritage.org.yaml index 52cdf1fc..43858d38 100644 --- a/data/hostname/worker12.softwareheritage.org.yaml +++ b/data/hostname/worker12.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.38 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.38 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker13.softwareheritage.org.yaml b/data/hostname/worker13.softwareheritage.org.yaml index ec50c7b2..72cd92bf 100644 --- a/data/hostname/worker13.softwareheritage.org.yaml +++ b/data/hostname/worker13.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.39 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.39 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker14.softwareheritage.org.yaml b/data/hostname/worker14.softwareheritage.org.yaml index 7261bfc3..248a7c28 100644 --- a/data/hostname/worker14.softwareheritage.org.yaml +++ b/data/hostname/worker14.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.40 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.40 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker15.softwareheritage.org.yaml b/data/hostname/worker15.softwareheritage.org.yaml index 645845a6..dda1043f 100644 --- a/data/hostname/worker15.softwareheritage.org.yaml +++ b/data/hostname/worker15.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.41 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.41 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker16.softwareheritage.org.yaml b/data/hostname/worker16.softwareheritage.org.yaml index 1189edf6..9520e635 100644 --- a/data/hostname/worker16.softwareheritage.org.yaml +++ b/data/hostname/worker16.softwareheritage.org.yaml @@ -1,11 +1,10 @@ networks: - private: - interface: ens19 + ens19: + type: private address: 192.168.100.42 netmask: 255.255.255.0 gateway: 192.168.100.1 - default: - interface: ens18 + ens18: address: 128.93.193.42 netmask: 255.255.255.0 gateway: 128.93.193.254 diff --git a/data/hostname/worker2.internal.staging.swh.network.yaml b/data/hostname/worker2.internal.staging.swh.network.yaml index 10eb4169..0a1c4ed5 100644 --- a/data/hostname/worker2.internal.staging.swh.network.yaml +++ b/data/hostname/worker2.internal.staging.swh.network.yaml @@ -1,6 +1,5 @@ networks: - default: - interface: eth0 + eth0: address: 192.168.128.11 netmask: 255.255.255.0 gateway: 192.168.128.1 diff --git a/site-modules/profile/manifests/network.pp b/site-modules/profile/manifests/network.pp index 8f95f978..85eb7180 100644 --- a/site-modules/profile/manifests/network.pp +++ b/site-modules/profile/manifests/network.pp @@ -1,73 +1,73 @@ # Network configuration for Software Heritage servers -# -# Supports one private and one public interface class profile::network { debnet::iface::loopback { 'lo': } # The network description is expected to be a dict of key route_label # (values: private, default) and value a dict describing the interface. # The interface dict has the following possible keys: # - interface: interface's name # - address: ip address for the node # - netmask: netmask # - gateway: to use for the network # - ups: Post instruction when the interface is up # - downs: Post instructions to run when the interface is teared down $interfaces = lookup('networks') $private_routes = lookup('networks::private_routes', Hash, 'deep') - each($interfaces) |$label, $data| { + each($interfaces) |$interface, $data| { - if $label == 'private' { + $interface_type = pick($data['type'], 'default') + + if $interface_type == 'private' { file_line {'private route table': ensure => 'present', line => '42 private', path => '/etc/iproute2/rt_tables', } $filtered_routes = $private_routes.filter |$route_label, $route_data| { pick($route_data['enabled'], true) } $routes_up = $filtered_routes.map |$route_label, $route_data| { "ip route add ${route_data['network']} via ${route_data['gateway']}" } $routes_down = $filtered_routes.map |$route_label, $route_data| { "ip route del ${route_data['network']} via ${route_data['gateway']}" }.reverse $_ups = $routes_up + [ "ip rule add from ${data['address']} table private", - "ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", - "ip route add default via ${data['gateway']} dev ${data['interface']} table private", + "ip route add 192.168.100.0/24 src ${data['address']} dev ${interface} table private", + "ip route add default via ${data['gateway']} dev ${interface} table private", 'ip route flush cache', ] $_downs = [ - "ip route del default via ${data['gateway']} dev ${data['interface']} table private", - "ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", + "ip route del default via ${data['gateway']} dev ${interface} table private", + "ip route del 192.168.100.0/24 src ${data['address']} dev ${interface} table private", "ip rule del from ${data['address']} table private", ] + $routes_down + [ 'ip route flush cache', ] $ups = pick_default($data['ups'], $_ups) $downs = pick_default($data['downs'], $_downs) $gateway = undef } else { $ups = pick_default($data['ups'], []) $downs = pick_default($data['downs'], []) $gateway = $data['gateway'] } - debnet::iface { $data['interface']: + debnet::iface { $interface: method => 'static', address => $data['address'], netmask => $data['netmask'], gateway => $gateway, ups => $ups, downs => $downs, } } }