diff --git a/data/subnets/azure_euwest.yaml b/data/deployments/production/azure_euwest.yaml similarity index 82% copy from data/subnets/azure_euwest.yaml copy to data/deployments/production/azure_euwest.yaml index 5cfbc719..89baeefd 100644 --- a/data/subnets/azure_euwest.yaml +++ b/data/deployments/production/azure_euwest.yaml @@ -1,25 +1,16 @@ --- -dns::local_nameservers: - - 192.168.200.22 - - 192.168.100.29 - -dns::forwarders: [] -dns::forwarder_insecure: false - -internal_network: 192.168.200.0/21 - swh::deploy::worker::instances: - indexer_content_mimetype - indexer_fossology_license - indexer_origin_intrinsic_metadata swh::remote_service::storage::config: "%{alias('swh::remote_service::storage::config::azure')}" swh::remote_service::indexer::config: "%{alias('swh::remote_service::indexer::config::azure')}" swh::remote_service::objstorage::config::azure_readonly_with_fallback: &swh_azure_readonly_with_fallback cls: multiplexer args: objstorages: - "%{alias('swh::remote_service::objstorage::config::azure::readonly')}" - "%{alias('swh::remote_service::objstorage::config::banco::readonly')}" - "%{alias('swh::remote_service::objstorage::config::uffizi::readonly')}" diff --git a/data/subnets/sesi_rocquencourt_staging.yaml b/data/deployments/staging/common.yaml similarity index 90% copy from data/subnets/sesi_rocquencourt_staging.yaml copy to data/deployments/staging/common.yaml index 8f7e4747..09bbf2dc 100644 --- a/data/subnets/sesi_rocquencourt_staging.yaml +++ b/data/deployments/staging/common.yaml @@ -1,129 +1,105 @@ --- swh::deploy::environment: staging -backups::enable: false - -dns::local_cache: false -dns::nameservers: - - 192.168.100.29 -dns::search_domains: - - internal.staging.swh.network - -dns::local_nameservers: - - 192.168.100.29 - - 192.168.200.22 - -dns::forwarders: - - 193.51.196.130 - - 193.51.196.131 -dns::forwarder_insecure: true - -ntp::servers: - - sesi-ntp1.inria.fr - - sesi-ntp2.inria.fr - -internal_network: 192.168.128.0/24 - -smtp::relay_hostname: 'smtp.inria.fr' swh::deploy::worker::loader_nixguix::loglevel: debug swh::deploy::storage::db::host: db0.internal.staging.swh.network swh::deploy::storage::db::user: swh swh::deploy::storage::db::dbname: swh swh::deploy::indexer::storage::db::host: db0.internal.staging.swh.network swh::deploy::indexer::storage::db::user: swh-indexer swh::deploy::indexer::storage::db::dbname: swh-indexer swh::deploy::scheduler::db::host: db0.internal.staging.swh.network swh::deploy::scheduler::db::dbname: swh-scheduler swh::deploy::scheduler::db::user: swh-scheduler swh::deploy::deposit::db::host: deposit.internal.staging.swh.network swh::deploy::deposit::db::dbuser: swh-deposit swh::deploy::deposit::db::dbname: swh-deposit swh::deploy::vault::db::host: db0.internal.staging.swh.network swh::deploy::vault::db::user: swh-vault swh::deploy::vault::db::dbname: swh-vault swh::deploy::worker::lister::db::host: db0.internal.staging.swh.network swh::deploy::worker::lister::db::user: swh-lister swh::deploy::worker::lister::db::name: swh-lister swh::deploy::worker::instances: - checker_deposit - loader_archive - loader_cran - loader_debian - loader_deposit - loader_nixguix - loader_git - loader_mercurial - loader_npm - loader_pypi - loader_svn - vault_cooker - lister - indexer_origin_intrinsic_metadata #### Rabbitmq instance to use # swh::deploy::worker::task_broker::password in private data swh::deploy::worker::task_broker: "amqp://swhconsumer:%{hiera('swh::deploy::worker::task_broker::password')}@scheduler0.internal.staging.swh.network:5672/%2f" #### Storage/Indexer/Vault/Scheduler services to use in staging area swh::remote_service::storage::config::storage0: cls: remote args: url: "http://storage0.internal.staging.swh.network:%{hiera('swh::remote_service::storage::port')}/" swh::remote_service::storage::config: "%{alias('swh::remote_service::storage::config::storage0')}" swh::remote_service::storage::config::writable: &swh_remote_service_storage_config_writable "%{alias('swh::remote_service::storage::config::storage0')}" swh::remote_service::vault::config::vault0: cls: remote args: url: "http://vault.internal.staging.swh.network:%{hiera('swh::remote_service::vault::port')}/" swh::remote_service::vault::config: "%{alias('swh::remote_service::vault::config::vault0')}" swh::remote_service::vault::config::writable: "%{alias('swh::remote_service::vault::config::vault0')}" swh::remote_service::indexer::config::storage0: cls: remote args: url: "http://storage0.internal.staging.swh.network:%{hiera('swh::remote_service::indexer::port')}/" swh::remote_service::indexer::config: "%{alias('swh::remote_service::indexer::config::storage0')}" swh::remote_service::indexer::config::writable: "%{alias('swh::remote_service::indexer::config::storage0')}" swh::remote_service::scheduler::config::scheduler0: cls: remote args: url: "http://scheduler0.internal.staging.swh.network:%{hiera('swh::remote_service::scheduler::port')}/" swh::remote_service::scheduler::config: "%{alias('swh::remote_service::scheduler::config::scheduler0')}" swh::remote_service::scheduler::config::writable: "%{alias('swh::remote_service::scheduler::config::scheduler0')}" swh::deploy::deposit::url: http://deposit.internal.staging.swh.network # do not save pack swh::deploy::worker::loader_git::save_data_path: "" swh::deploy::worker::loader_git::concurrency: 1 zookeeper::clusters: rocquencourt: '1': journal0.internal.staging.swh.network kafka::clusters: rocquencourt: zookeeper::chroot: '/kafka/softwareheritage' zookeeper::servers: - journal0.internal.staging.swh.network brokers: journal0.internal.staging.swh.network: id: 1 swh::deploy::journal::brokers: - journal0.internal.staging.swh.network swh::deploy::deposit::vhost::letsencrypt_cert: deposit_staging swh::deploy::webapp::vhost::letsencrypt_cert: archive_staging diff --git a/data/subnets/azure_euwest.yaml b/data/subnets/azure_euwest.yaml index 5cfbc719..5af11dd3 100644 --- a/data/subnets/azure_euwest.yaml +++ b/data/subnets/azure_euwest.yaml @@ -1,25 +1,9 @@ --- dns::local_nameservers: - 192.168.200.22 - 192.168.100.29 dns::forwarders: [] dns::forwarder_insecure: false internal_network: 192.168.200.0/21 - -swh::deploy::worker::instances: - - indexer_content_mimetype - - indexer_fossology_license - - indexer_origin_intrinsic_metadata - -swh::remote_service::storage::config: "%{alias('swh::remote_service::storage::config::azure')}" -swh::remote_service::indexer::config: "%{alias('swh::remote_service::indexer::config::azure')}" - -swh::remote_service::objstorage::config::azure_readonly_with_fallback: &swh_azure_readonly_with_fallback - cls: multiplexer - args: - objstorages: - - "%{alias('swh::remote_service::objstorage::config::azure::readonly')}" - - "%{alias('swh::remote_service::objstorage::config::banco::readonly')}" - - "%{alias('swh::remote_service::objstorage::config::uffizi::readonly')}" diff --git a/data/subnets/sesi_rocquencourt_staging.yaml b/data/subnets/sesi_rocquencourt_staging.yaml index 8f7e4747..b3815138 100644 --- a/data/subnets/sesi_rocquencourt_staging.yaml +++ b/data/subnets/sesi_rocquencourt_staging.yaml @@ -1,129 +1,23 @@ --- -swh::deploy::environment: staging -backups::enable: false - dns::local_cache: false dns::nameservers: - 192.168.100.29 dns::search_domains: - internal.staging.swh.network dns::local_nameservers: - 192.168.100.29 - 192.168.200.22 dns::forwarders: - 193.51.196.130 - 193.51.196.131 dns::forwarder_insecure: true ntp::servers: - sesi-ntp1.inria.fr - sesi-ntp2.inria.fr internal_network: 192.168.128.0/24 smtp::relay_hostname: 'smtp.inria.fr' - -swh::deploy::worker::loader_nixguix::loglevel: debug - -swh::deploy::storage::db::host: db0.internal.staging.swh.network -swh::deploy::storage::db::user: swh -swh::deploy::storage::db::dbname: swh - -swh::deploy::indexer::storage::db::host: db0.internal.staging.swh.network -swh::deploy::indexer::storage::db::user: swh-indexer -swh::deploy::indexer::storage::db::dbname: swh-indexer - -swh::deploy::scheduler::db::host: db0.internal.staging.swh.network -swh::deploy::scheduler::db::dbname: swh-scheduler -swh::deploy::scheduler::db::user: swh-scheduler - -swh::deploy::deposit::db::host: deposit.internal.staging.swh.network -swh::deploy::deposit::db::dbuser: swh-deposit -swh::deploy::deposit::db::dbname: swh-deposit - -swh::deploy::vault::db::host: db0.internal.staging.swh.network -swh::deploy::vault::db::user: swh-vault -swh::deploy::vault::db::dbname: swh-vault - -swh::deploy::worker::lister::db::host: db0.internal.staging.swh.network -swh::deploy::worker::lister::db::user: swh-lister -swh::deploy::worker::lister::db::name: swh-lister - -swh::deploy::worker::instances: - - checker_deposit - - loader_archive - - loader_cran - - loader_debian - - loader_deposit - - loader_nixguix - - loader_git - - loader_mercurial - - loader_npm - - loader_pypi - - loader_svn - - vault_cooker - - lister - - indexer_origin_intrinsic_metadata - -#### Rabbitmq instance to use -# swh::deploy::worker::task_broker::password in private data -swh::deploy::worker::task_broker: "amqp://swhconsumer:%{hiera('swh::deploy::worker::task_broker::password')}@scheduler0.internal.staging.swh.network:5672/%2f" - -#### Storage/Indexer/Vault/Scheduler services to use in staging area - -swh::remote_service::storage::config::storage0: - cls: remote - args: - url: "http://storage0.internal.staging.swh.network:%{hiera('swh::remote_service::storage::port')}/" -swh::remote_service::storage::config: "%{alias('swh::remote_service::storage::config::storage0')}" -swh::remote_service::storage::config::writable: &swh_remote_service_storage_config_writable - "%{alias('swh::remote_service::storage::config::storage0')}" - -swh::remote_service::vault::config::vault0: - cls: remote - args: - url: "http://vault.internal.staging.swh.network:%{hiera('swh::remote_service::vault::port')}/" -swh::remote_service::vault::config: "%{alias('swh::remote_service::vault::config::vault0')}" -swh::remote_service::vault::config::writable: "%{alias('swh::remote_service::vault::config::vault0')}" - -swh::remote_service::indexer::config::storage0: - cls: remote - args: - url: "http://storage0.internal.staging.swh.network:%{hiera('swh::remote_service::indexer::port')}/" -swh::remote_service::indexer::config: "%{alias('swh::remote_service::indexer::config::storage0')}" -swh::remote_service::indexer::config::writable: "%{alias('swh::remote_service::indexer::config::storage0')}" - -swh::remote_service::scheduler::config::scheduler0: - cls: remote - args: - url: "http://scheduler0.internal.staging.swh.network:%{hiera('swh::remote_service::scheduler::port')}/" - -swh::remote_service::scheduler::config: "%{alias('swh::remote_service::scheduler::config::scheduler0')}" -swh::remote_service::scheduler::config::writable: "%{alias('swh::remote_service::scheduler::config::scheduler0')}" - -swh::deploy::deposit::url: http://deposit.internal.staging.swh.network - -# do not save pack -swh::deploy::worker::loader_git::save_data_path: "" -swh::deploy::worker::loader_git::concurrency: 1 - -zookeeper::clusters: - rocquencourt: - '1': journal0.internal.staging.swh.network - -kafka::clusters: - rocquencourt: - zookeeper::chroot: '/kafka/softwareheritage' - zookeeper::servers: - - journal0.internal.staging.swh.network - brokers: - journal0.internal.staging.swh.network: - id: 1 - -swh::deploy::journal::brokers: - - journal0.internal.staging.swh.network - -swh::deploy::deposit::vhost::letsencrypt_cert: deposit_staging -swh::deploy::webapp::vhost::letsencrypt_cert: archive_staging diff --git a/hiera.yaml b/hiera.yaml index 6f7d0402..834f6eb1 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -1,18 +1,22 @@ --- version: 5 defaults: datadir: data # datadir by default moved to 'defaults' folder data_hash: yaml_data # Default backend hierarchy: - path: "private/hostname/%{trusted.certname}.yaml" name: "Per hostname private credentials override" - path: "hostname/%{trusted.certname}.yaml" name: "Per hostname override configuration" + - path: "deployments/${::deployment}/${::subnet}.yaml" + name: "Per-deployment and subnet settings" + - path: "deployments/${::deployment}/common.yaml" + name: "Per-deployment settings" - path: "private/subnets/%{::subnet}.yaml" name: "Per subnet private credentials" - path: "subnets/%{::subnet}.yaml" name: "Per subnet settings" - path: "private/common.yaml" name: "Common private credentials" - glob: "common/*.yaml" name: "Common settings"