diff --git a/data/hostname/db0.internal.staging.swh.network.yaml b/data/hostname/db0.internal.staging.swh.network.yaml index 26c64f87..9a6a4eeb 100644 --- a/data/hostname/db0.internal.staging.swh.network.yaml +++ b/data/hostname/db0.internal.staging.swh.network.yaml @@ -1,48 +1,56 @@ --- networks: default: interface: eth0 address: 192.168.128.3 netmask: 255.255.255.0 gateway: 192.168.128.1 swh::dbs: storage: name: swh user: swh indexer: name: swh-indexer user: swh-indexer scheduler: name: swh-scheduler user: swh-scheduler + vault: + name: swh-vault + user: swh-vault postgres::server::port: 5433 postgres::server::listen_addresses: - localhost - 192.168.128.3 postgres::server::network_access: - 192.168.100.0/24 - 192.168.128.0/24 pgbouncer::auth_hba_file: /etc/postgresql/11/main/pg_hba.conf pgbouncer::listen_addr: 192.168.128.3 pgbouncer::databases: - source_db: swh host: db0.internal.staging.swh.network auth_user: postgres port: 5433 alias: staging-swh - source_db: swh-indexer host: db0.internal.staging.swh.network auth_user: postgres port: 5433 alias: staging-swh-indexer - source_db: swh-scheduler host: db0.internal.staging.swh.network auth_user: postgres port: 5433 alias: staging-swh-scheduler + - source_db: swh-vault + host: db0.internal.staging.swh.network + auth_user: postgres + port: 5433 + alias: staging-swh-vault dar::backup::exclude: - srv/softwareheritage/postgres diff --git a/data/hostname/vault.internal.staging.swh.network.yaml b/data/hostname/vault.internal.staging.swh.network.yaml new file mode 100644 index 00000000..c3a9dab4 --- /dev/null +++ b/data/hostname/vault.internal.staging.swh.network.yaml @@ -0,0 +1,12 @@ +# open vault api +swh::deploy::vault::backend::listen::host: 0.0.0.0 + +swh::deploy::worker::instances: + - vault_cooker + +swh::deploy::vault::backend::workers: 4 +swh::deploy::vault::backend::reload_mercy: 3600 +swh::deploy::vault::backend::http_keepalive: 5 +swh::deploy::vault::backend::http_timeout: 3600 +swh::deploy::vault::backend::max_requests: 10000 +swh::deploy::vault::backend::max_requests_jitter: 1000 diff --git a/data/location/sesi_rocquencourt_staging.yaml b/data/location/sesi_rocquencourt_staging.yaml index 53baf00c..a96bc45b 100644 --- a/data/location/sesi_rocquencourt_staging.yaml +++ b/data/location/sesi_rocquencourt_staging.yaml @@ -1,103 +1,108 @@ --- dns::local_cache: false dns::nameservers: - 192.168.100.29 dns::search_domains: - internal.staging.swh.network dns::forward_zones: 'internal.softwareheritage.org.': - 192.168.100.29 '100.168.192.in-addr.arpa.': - 192.168.100.29 '101.168.192.in-addr.arpa.': - 192.168.100.29 'internal.staging.swh.network': - 192.168.100.29 '128.168.192.in-addr.arpa.': - 192.168.100.29 dns::forwarders: - 193.51.196.130 - 193.51.196.131 dns::forwarder_insecure: true ntp::servers: - sesi-ntp1.inria.fr - sesi-ntp2.inria.fr internal_network: 192.168.128.0/24 smtp::relayhost: '[smtp.inria.fr]' swh::deploy::storage::db::host: db0.internal.staging.swh.network swh::deploy::storage::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}" swh::deploy::storage::db::user: swh swh::deploy::storage::db::dbname: swh swh::deploy::indexer::storage::db::host: db0.internal.staging.swh.network swh::deploy::indexer::storage::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}" swh::deploy::indexer::storage::db::user: swh-indexer swh::deploy::indexer::storage::db::dbname: swh-indexer swh::deploy::scheduler::db::host: db0.internal.staging.swh.network swh::deploy::scheduler::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}" swh::deploy::scheduler::db::dbname: swh-scheduler swh::deploy::scheduler::db::user: swh-scheduler swh::deploy::deposit::db::host: deposit.internal.staging.swh.network swh::deploy::deposit::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}" swh::deploy::deposit::db::dbuser: swh-deposit swh::deploy::deposit::db::dbname: swh-deposit +swh::deploy::vault::db::host: db0.internal.staging.swh.network +swh::deploy::vault::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}" +swh::deploy::vault::db::user: swh-vault +swh::deploy::vault::db::dbname: swh-vault + swh::deploy::worker::instances: - loader_git #### Rabbitmq instance to use # swh::deploy::worker::task_broker::password in private data swh::deploy::worker::task_broker: "amqp://swhconsumer:%{hiera('swh::deploy::worker::task_broker::password')}@scheduler0.internal.staging.swh.network:5672//" #### Storage/Indexer/Vault/Scheduler services to use in staging area swh::remote_service::storage::config::storage0: cls: remote args: url: "http://storage0.internal.staging.swh.network:%{hiera('swh::remote_service::storage::port')}/" swh::remote_service::storage::config: "%{alias('swh::remote_service::storage::config::storage0')}" swh::remote_service::storage::config::writable: "%{alias('swh::remote_service::storage::config::storage0')}" swh::remote_service::vault::config::vault0: cls: remote args: url: "http://vault0.internal.staging.swh.network:%{hiera('swh::remote_service::vault::port')}/" swh::remote_service::vault::config: "%{alias('swh::remote_service::vault::config::vault0')}" swh::remote_service::vault::config::writable: "%{alias('swh::remote_service::vault::config::vault0')}" swh::remote_service::indexer::config::storage0: cls: remote args: url: "http://storage0.internal.staging.swh.network:%{hiera('swh::remote_service::indexer::port')}/" swh::remote_service::indexer::config: "%{alias('swh::remote_service::indexer::config::storage0')}" swh::remote_service::indexer::config::writable: "%{alias('swh::remote_service::indexer::config::storage0')}" swh::remote_service::scheduler::config::scheduler0: cls: remote args: url: "http://scheduler0.internal.staging.swh.network:%{hiera('swh::remote_service::scheduler::port')}/" swh::remote_service::scheduler::config: "%{alias('swh::remote_service::scheduler::config::scheduler0')}" swh::remote_service::scheduler::config::writable: "%{alias('swh::remote_service::scheduler::config::scheduler0')}" swh::deploy::worker::loader_git::config: storage: "%{alias('swh::remote_service::storage::config::writable')}" save_data: false directory_packet_size: 100 celery: task_broker: "%{alias('swh::deploy::worker::task_broker')}" task_modules: - swh.loader.git.tasks task_queues: - swh.loader.git.tasks.UpdateGitRepository - swh.loader.git.tasks.LoadDiskGitRepository - swh.loader.git.tasks.UncompressAndLoadDiskGitRepository diff --git a/manifests/site.pp b/manifests/site.pp index 160aa1ba..dbd5d869 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1,153 +1,157 @@ node 'louvre.internal.softwareheritage.org' { include role::swh_server } node /^(orsay|beaubourg|hypervisor\d+)\.(internal\.)?softwareheritage\.org$/ { include role::swh_hypervisor } node 'pergamon.softwareheritage.org' { include role::swh_sysadmin include profile::export_archive_counters } node 'tate.softwareheritage.org' { include role::swh_forge } node 'moma.softwareheritage.org' { include role::swh_api } node 'webapp0.softwareheritage.org' { include role::swh_base_api } node 'saatchi.internal.softwareheritage.org' { include role::swh_scheduler } node /^(belvedere|somerset).(internal.)?softwareheritage.org$/ { include role::swh_database include profile::pgbouncer } node 'banco.softwareheritage.org' { include role::swh_backup include role::postgresql_backup } node /^esnode\d+.(internal.)?softwareheritage.org$/ { include role::swh_elasticsearch } node /^(unibo-test).(internal.)?softwareheritage.org$/ { include role::swh_vault_test } node /^(unibo-prod|vangogh).(euwest.azure.)?(internal.)?softwareheritage.org$/ { include role::swh_vault } node /^uffizi\.(internal\.)?softwareheritage\.org$/ { include role::swh_storage_baremetal } node /^storage\d+\.[^.]+\.azure\.internal\.softwareheritage\.org$/ { include role::swh_storage } node /^getty.(internal.)?softwareheritage.org$/ { include role::swh_eventlog } node /^worker\d+\.(internal\.)?softwareheritage\.org$/ { include role::swh_worker_inria } node /^worker\d+\..*\.azure\.internal\.softwareheritage\.org$/ { include role::swh_worker_azure } node /^dbreplica(0|1)\.euwest\.azure\.internal\.softwareheritage\.org$/ { include role::swh_database } node /^ceph-osd\d+\.internal\.softwareheritage\.org$/ { include role::swh_ceph_osd } node /^ceph-mon\d+\.internal\.softwareheritage\.org$/ { include role::swh_ceph_mon } node /^ns\d+\.(.*\.azure\.)?internal\.softwareheritage\.org/ { include role::swh_nameserver_secondary } node 'thyssen.internal.softwareheritage.org' { include role::swh_ci_server } node /^jenkins-debian\d+\.internal\.softwareheritage\.org$/ { include role::swh_ci_agent_debian } node 'logstash0.internal.softwareheritage.org' { include role::swh_logstash_instance } node 'kibana0.internal.softwareheritage.org' { include role::swh_kibana_instance } node 'munin0.internal.softwareheritage.org' { include role::swh_munin_master } node 'giverny.softwareheritage.org' { include role::swh_desktop } node 'db0.internal.staging.swh.network' { include role::swh_base_database include profile::postgresql::server include profile::pgbouncer include ::profile::devel::postgres } node 'scheduler0.internal.staging.swh.network' { include role::swh_scheduler include ::profile::devel::postgres } node 'gateway.internal.staging.swh.network' { include role::swh_gateway } node 'storage0.internal.staging.swh.network' { include role::swh_base_storage include ::profile::devel::postgres } node /^worker\d\.internal\.staging\.swh\.network$/ { include role::swh_worker_inria } node 'webapp.internal.staging.swh.network' { include role::swh_base_api include profile::network } node 'deposit.internal.staging.swh.network' { include role::swh_deposit include profile::postgresql::server include profile::pgbouncer include ::profile::devel::postgres } +node 'vault.internal.staging.swh.network' { + include role::swh_vault +} + node default { include role::swh_base include profile::puppet::agent }