diff --git a/data/hostname/saam.internal.softwareheritage.org.yaml b/data/hostname/saam.internal.softwareheritage.org.yaml index e1f5b5f6..c69ee74b 100644 --- a/data/hostname/saam.internal.softwareheritage.org.yaml +++ b/data/hostname/saam.internal.softwareheritage.org.yaml @@ -1,267 +1,290 @@ --- backups::exclude: - annex - data - mnt - srv/softwareheritage/annex - srv/softwareheritage/objects-xfs # Deploy the storage server as a public resource swh::deploy::storage::backend::listen::host: 0.0.0.0 swh::deploy::storage::backend::workers: 128 swh::deploy::storage::backend::max_requests: 5000 swh::deploy::storage::backend::max_requests_jitter: 500 swh::deploy::storage::legacy_directory: /srv/softwareheritage/objects-xfs swh::deploy::storage::config::local: cls: local args: db: "host=%{hiera('swh::deploy::storage::db::host')} user=%{hiera('swh::deploy::storage::db::user')} dbname=%{hiera('swh::deploy::storage::db::dbname')} password=%{hiera('swh::deploy::storage::db::password')}" objstorage: cls: multiplexer args: objstorages: - cls: pathslicing args: root: "%{hiera('swh::deploy::storage::directory')}" slicing: "0:2/0:5" compression: none - cls: filtered args: storage_conf: cls: pathslicing args: root: "%{hiera('swh::deploy::storage::legacy_directory')}" slicing: "0:1/0:2/2:4/4:6" compression: gzip filters_conf: - type: readonly - "%{alias('swh::remote_service::objstorage::config::azure')}" journal_writer: "%{alias('swh::deploy::journal::writer::config')}" # Deploy the indexer storage server as a public resource swh::deploy::indexer::storage::backend::listen::host: 0.0.0.0 swh::deploy::indexer::storage::backend::workers: 32 swh::deploy::indexer::storage::config: indexer_storage: cls: local db: "host=%{hiera('swh::deploy::indexer::storage::db::host')} port=%{hiera('swh::deploy::indexer::storage::db::port')} user=%{hiera('swh::deploy::indexer::storage::db::user')} dbname=%{hiera('swh::deploy::indexer::storage::db::dbname')} password=%{hiera('swh::deploy::indexer::storage::db::password')}" # open objstorage api swh::deploy::objstorage::backend::listen::host: 0.0.0.0 swh::deploy::objstorage::backend::workers: 16 swh::deploy::objstorage::config: objstorage: cls: multiplexer args: objstorages: - cls: pathslicing args: root: "%{hiera('swh::deploy::storage::directory')}" slicing: "0:2/0:5" compression: none - cls: filtered args: storage_conf: cls: pathslicing args: root: "%{hiera('swh::deploy::storage::legacy_directory')}" slicing: "0:1/0:2/2:4/4:6" compression: gzip filters_conf: - type: readonly client_max_size: 1073741824 # 1 GiB icinga2::host::vars: load: high disks: disk /srv/softwareheritage/objects-xfs/0: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/1: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/2: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/3: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/4: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/5: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/6: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/7: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/8: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/9: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/a: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/b: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/c: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/d: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/e: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' disk /srv/softwareheritage/objects-xfs/f: disk_units: 'GB' disk_wfree: '100' disk_cfree: '50' nginx::worker_processes: 32 swh::apt_config::enable_non_free: true packages: - intel-microcode mountpoints: # override default mountpoints /srv/softwareheritage/objects: # zfs mount: not in fstab ensure: absent /srv/storage/space: # local mount device: /dev/mapper/vg--data-uffizi--space fstype: xfs options: - nofail # local mountpoints /srv/softwareheritage/objects-xfs/0: device: /dev/mapper/vg--data-uffizi--data0 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/1: device: /dev/mapper/vg--data-uffizi--data1 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/2: device: /dev/mapper/vg--data-uffizi--data2 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/3: device: /dev/mapper/vg--data-uffizi--data3 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/4: device: /dev/mapper/vg--data-uffizi--data4 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/5: device: /dev/mapper/vg--data-uffizi--data5 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/6: device: /dev/mapper/vg--data-uffizi--data6 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/7: device: /dev/mapper/vg--data-uffizi--data7 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/8: device: /dev/mapper/vg--data-uffizi--data8 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/9: device: /dev/mapper/vg--data-uffizi--data9 fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/a: device: /dev/mapper/vg--data-uffizi--dataa fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/b: device: /dev/mapper/vg--data-uffizi--datab fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/c: device: /dev/mapper/vg--data-uffizi--datac fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/d: device: /dev/mapper/vg--data-uffizi--datad fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/e: device: /dev/mapper/vg--data-uffizi--datae fstype: xfs options: - nofail - ro /srv/softwareheritage/objects-xfs/f: device: /dev/mapper/vg--data-uffizi--dataf fstype: xfs options: - nofail - ro /srv/storage/content-replayer: device: content-replayer-scratch fstype: tmpfs options: - nodev - nosuid - noexec - size=8G - uid=swhworker - gid=swhdev + +swh::apt_config::backported_packages: + buster: + # Recent systemd makes saam unbootable! + - -libnss-myhostname + - -libnss-mymachines + - -libnss-resolve + - -libnss-systemd + - -libpam-systemd + - -libsystemd-dev + - -libsystemd0 + - -libudev-dev + - -libudev1 + - -libudev1-udeb + - -libzstd1 + - -systemd + - -systemd-container + - -systemd-coredump + - -systemd-journal-remote + - -systemd-sysv + - -systemd-tests + - -udev + - -udev-udeb diff --git a/site-modules/profile/manifests/swh/apt_config/backports.pp b/site-modules/profile/manifests/swh/apt_config/backports.pp index 08627009..89341786 100644 --- a/site-modules/profile/manifests/swh/apt_config/backports.pp +++ b/site-modules/profile/manifests/swh/apt_config/backports.pp @@ -1,30 +1,38 @@ # Configure apt pinning for packages we always want from backports class profile::swh::apt_config::backports { - $backported_packages = lookup('swh::apt_config::backported_packages', Hash, 'deep') + $backported_packages = lookup({ + name => 'swh::apt_config::backported_packages', + value_type => Hash, + merge => { + strategy => 'deep', + knockout_prefix => '-', + }, + }) + $pinned_packages = $backported_packages[$::lsbdistcodename] if $pinned_packages { ::apt::pin {'swh-backported-packages': explanation => 'Pin packages backports', codename => "${::lsbdistcodename}-backports", packages => $pinned_packages, priority => 990, } } else { ::apt::pin {'swh-backported-packages': ensure => absent, } } if $::lsbdistcodename != 'sid' { class {'::apt::backports': pin => 100, location => $profile::swh::apt_config::debian_mirror, repos => $profile::swh::apt_config::repos, } } else { ::apt::source {['backports', 'debian-updates', 'debian-security']: ensure => absent, } } }