diff --git a/data/common/common.yaml b/data/common/common.yaml
index 3fa77d32..31b63887 100644
--- a/data/common/common.yaml
+++ b/data/common/common.yaml
@@ -1,3449 +1,3450 @@
---
### See also public_keys.yaml for public key/cert fingerprint blocks
###
dns::local_cache: true
dns::nameservers:
- 127.0.0.1
dns::search_domains:
- internal.softwareheritage.org
- softwareheritage.org
dns::disable_local_zones:
- '168.192.in-addr.arpa.'
dns::forward_zones:
'internal.softwareheritage.org.': "%{alias('dns::local_nameservers')}"
'100.168.192.in-addr.arpa.': "%{alias('dns::local_nameservers')}"
'101.168.192.in-addr.arpa.': "%{alias('dns::local_nameservers')}"
'200.168.192.in-addr.arpa.': "%{alias('dns::local_nameservers')}"
'internal.staging.swh.network.': "%{alias('dns::local_nameservers')}"
'internal.admin.swh.network.': "%{alias('dns::local_nameservers')}"
'130.168.192.in-addr.arpa.': "%{alias('dns::local_nameservers')}"
'50.168.192.in-addr.arpa.': "%{alias('dns::local_nameservers')}"
# dns::forwarders per-subnet. No Default value
# dns::local_nameservers per-subnet. No Default value
# ntp::servers per-subnet. Default value:
ntp::servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
- 2.debian.pool.ntp.org
- 3.debian.pool.ntp.org
sudo::configs: {}
# smtp::relay_hostname is per-subnet. Default value:
smtp::relay_hostname: 'pergamon.internal.softwareheritage.org'
smtp::relayhost: "[%{lookup('smtp::relay_hostname')}]"
smtp::mydestination:
- "%{::fqdn}"
smtp::mynetworks:
- 127.0.0.0/8
- "[::ffff:127.0.0.0]/104"
- "[::1]/128"
smtp::relay_destinations: []
smtp::virtual_aliases: []
smtp::mail_aliases:
- user: anlambert
aliases:
- antoine.lambert33@gmail.com
- user: ardumont
aliases:
- antoine.romain.dumont@gmail.com
- user: aeviso
aliases:
- aeviso@softwareheritage.org
- user: ddouard
aliases:
- david.douard@sdfa3.org
- user: olasd
aliases:
- nicolas+swhinfra@dandrimont.eu
- user: morane
aliases:
- morane.gg@gmail.com
- user: postgres
aliases:
- root
- user: rdicosmo
aliases:
- roberto@dicosmo.org
- user: root
aliases:
- olasd
- zack
- ardumont
- ddouard
- vsellier
- user: seirl
aliases:
- antoine.pietri1@gmail.com
- user: swhstorage
aliases:
- root
- user: swhworker
aliases:
- zack
- olasd
- ardumont
- vsellier
- user: swhdeposit
aliases:
- ardumont
- vsellier
- user: zack
aliases:
- zack@upsilon.cc
- user: vlorentz
aliases:
- valentin.lorentz@inria.fr
- user: haltode
aliases:
- haltode@gmail.com
- user: danseraf
aliases:
- me@danieleserafini.eu
- user: vsellier
aliases:
- vincent.sellier@gmail.com
- user: tenma
aliases:
- nicolas.gattolin@softwareheritage.org
- user: tg1999
aliases:
- tushar.goel.dav@gmail.com
- user: hakb
aliases:
- hakim.baaloudj@gmail.com
- user: jayesh
aliases:
- jayesh.mail@gmail.com
networks::manage_interfaces: true
networks::private_routes:
vpn:
network: 192.168.101.0/24
gateway: "%{alias('networks::private_gateway')}"
enabled: true
azure:
network: 192.168.200.0/21
gateway: "%{alias('networks::private_gateway')}"
enabled: true
staging_legacy:
network: 192.168.128.0/24
gateway: "%{alias('networks::staging_legacy_gateway')}"
enabled: false
staging:
network: 192.168.130.0/24
gateway: "%{alias('networks::staging_gateway')}"
enabled: false
admin:
network: 192.168.50.0/24
gateway: "%{alias('networks::admin_gateway')}"
enabled: false
networks::private_network: 192.168.100.0/24
networks::private_gateway: 192.168.100.1
networks::staging_legacy_gateway: 192.168.100.125
networks::staging_gateway: 192.168.100.130
networks::admin_gateway: 192.168.100.130
networks::public_swh_gateway: "%{alias('networks::staging_gateway')}"
locales::default_locale: C.UTF-8
locales::installed_locales:
- C.UTF-8 UTF-8
- en_US.UTF-8 UTF-8
- fr_FR.UTF-8 UTF-8
- it_IT.UTF-8 UTF-8
timezone: Etc/UTC
packages:
- acl
- curl
- dstat
- etckeeper
- fish
- git
- htop
- iotop
- ipython3
- molly-guard
- moreutils
- ncdu
- netcat-openbsd
- nfs-common
- python3
- python3-yaml
- ruby-filesystem
- strace
- tcpdump
- tmux
- vim
- zsh
- zstd
packages::desktop:
- autojump
- chromium
- curl
- emacs
- ethtool
- gnome
- i3
- ii
- libx11-dev
- mosh
- myrepos
- net-tools
- ruby-dev
- rxvt-unicode-256color
- screen
- scrot
- tcpdump
- tree
- vim-nox
- weechat
- weechat-scripts
packages::devel:
- arcanist
- elpa-magit
- git-email
- gitg
- gitk
- ltrace
- perl-doc
packages::devel::debian:
- devscripts
- dpkg-dev
- reprepro
- sbuild
packages::devel::python:
- graphviz
- make
- python3-arrow
- python3-azure-storage
- python3-blinker
- python3-celery
- python3-cffi
- python3-click
- python3-dateutil
- python3-dev
- python3-dulwich
- python3-flake8
- python3-flask
- python3-flask-api
- python3-flask-limiter
- python3-flask-testing
- python3-libcloud
- python3-msgpack
- python3-nose
- python3-psycopg2
- python3-pygit2
- python3-requests
- python3-retrying
- python3-sphinx
- python3-subvertpy
- python3-vcversioner
- python3-venv
- python3-wheel
packages::devel::broker:
- rabbitmq-server
packages::devel::postgres:
- apgdiff
- barman
- check-postgres
- libpq-dev
- postgresql
- postgresql-autodoc
- postgresql-client
- postgresql-contrib
- postgresql-doc
- postgresql-plpython3-11
users:
root:
uid: 0
full_name:
shell: /bin/bash
groups: []
authorized_keys:
root@louvre:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDMLEWHlUQldlvZs5rg0y42lRNAfOhD+6pmO8a73DzpJWHTqvAlfteLpU78IPjSacB4dO5ish1E/1RX/HC+Bt8p2v4RBqbCnVLx2w+Hx4ahWu6qbeTVmTz+U++1SQrHnL08fSlhT0OekCw0lRZM2sQq21FZi6+vul97Ecikag4Xaw6Qfumylu94pM3t05uzTUlKk1+6VMCjhT8dlSe8VS8OirVQpE/OqYtTMAWtQaMXGHPCsqDdYRAKzkJ8GjH7ydZmX5VCRyqS0RvPKAlcJfLCs5HBtv0u5rbeGtiHhuzhj/j3YgS/6NJOC2mUfcetcDOMPLnhkKpnF0vUAzTsJ7aR
root@banco:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAIDcljv9eR52wJsu9yYan6/riIQw70lQuyz+Qt0XpGXMs
zack:
uid: 1000
full_name: Stefano Zacchiroli
shell: /usr/bin/zsh
groups:
- adm
- swhdev
- swhstorage
- swhscheduler
- swhdeploy
- sudo
- gitorious
- swhteam
authorized_keys:
zack-software-heritage:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAACAQDU0O8tkUqtQCelLEatOGfGpx1sIwHPSMA+7OdXoZjZG5pT9Sfgf3ITsNgo1iYWge5bpH/TKhhvf20B05fa8cCEE5ULaD+xdV9eTIvBEaCiP36HH33WNl/UV8T8klTG2sqBXUgLMJuinfGkuRJ977ndm7mjNwzl3Ghf6JwKfpHrvob4GLc0hm54yzcnNEzQZLcdxmOCWdwTINKnL+W/DDM8NR3vNF6T5+xaiLJzsS0IGcTubklugD3m05qbswS/uACWys3FzRM8tttw/0wCRrC9SCSKoDLonab5y3Ld6vCj1k12J2RAHSqJYwVCm70JRPWZcmU67Udi6kbqkJMftp04K0pplu8V7RLPrpwLyH4sPx7Kkhslvxqj0rerLPOkoDkqneFgxNoMcxN5ayod7fBJAq5jQUmGozeTtgPLKybnxRDhsYpkEH9paZroQ3CqDsA0dptOpedVpcQUSbiLMaYd8kgCPkVIdKANnTGGXDcTfWv21IvFx6sKm1kld2Me3ExVMq7JFcmXutF/IQom9F4vj/xd/7Lt4KmqZKyiAq4n5iaPIRUbZvmwd2D6umOHpMGlqKwtsiWRUYnAVvhRfuSZmgrGgliYiYr+vU2xeWe+XXQhP9vt3eItmdSp/8/+a2lqaIE9slE75hEI2n8in7DeSn6QhFDbyUKwZz5OwK7QVw==
olasd:
uid: 1001
full_name: Nicolas Dandrimont
shell: /bin/bash
groups:
- adm
- swhdev
- swhstorage
- swhscheduler
- swhdeploy
- sudo
- gitorious
- swhteam
authorized_keys:
nicolasd@darboux:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ1TCpfzrvxLhEMhxjbxqPDCwY0nazIr1cyIbhGD2bUdAbZqVMdNtr7MeDnlLIKrIPJWuvltauvLNkYU0iLc1jMntdBCBM3hgXjmTyDtc8XvXseeBp5tDqccYNR/cnDUuweNcL5tfeu5kzaAg3DFi5Dsncs5hQK5KQ8CPKWcacPjEk4ir9gdFrtKG1rZmg/wi7YbfxrJYWzb171hdV13gSgyXdsG5UAFsNyxsKSztulcLKxvbmDgYbzytr38FK2udRk7WuqPbtEAW1zV4yrBXBSB/uw8EAMi+wwvLTwyUcEl4u0CTlhREljUx8LhYrsQUCrBcmoPAmlnLCD5Q9XrGH
mirzakhani-ed25519:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAID/qk9xQq6KpRbRjMVpMzPM7unmGnJp+i6oQ3a0NA65k
ardumont:
uid: 1003
full_name: Antoine R. Dumont
shell: /usr/bin/zsh
groups:
- adm
- swhdev
- swhstorage
- swhscheduler
- swhdeploy
- sudo
- gitorious
- swhteam
authorized_keys:
eniotna.t@gmail.com:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn
ardumont@louvre:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABAQC0Xj8nwGWTb6VGFNIrlhVTLX6VFTlvpirjdgOTOz8riRxBTS9ra35g3cz8zfDl0iVyE455GXzxlm33w/uu3DX0jQOIzkcoEBRw+T33EK89lo6tCCd9xQrteWCTNR1ZBFloHSnYk2m7kw9kyrisziyAdULsCrXmMd3BH1oJyEpISA+sv/dtVpIOWdEQmkbLmdHl2uEdjBLjqb3BtAp2oJZMmppE5YjAx0Aa1+7uSnURf7NnwMx+0wTDMdfqn8z4wqI8eQny+B+bqLH9kY++52FfMVALuErGh5+75/vtd2xzRQamjKsBlTGjFFbMRagZiVNLDX2wtdudhNmnQDIKA+rH
ardumont@yavin4:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAIPsJCCMKJEXEEsHyoFOrydDmXxL8B4yhzrE8PcDVtCjr
swhworker:
uid: 1004
full_name: SWH Worker Acccount
shell: /bin/bash
groups:
- swhdeploy
- gitorious
swhstorage:
uid: 1005
full_name: SWH Storage Account
shell: /bin/bash
groups:
- swhdeploy
- swhstorage
swhwebapp:
uid: 1006
full_name: SWH Web App Account
shell: /bin/bash
groups: []
swhbackup:
uid: 1007
full_name: SWH Backup Account
shell: /bin/bash
groups: []
rdicosmo:
uid: 1008
full_name: Roberto Di Cosmo
shell: /bin/bash
groups:
- swhteam
authorized_keys:
dicosmo@voyager:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAACAQC5aS/3Cps2Ru9EW+nIF9Z9o6/xq1thwtCgpIjSPgcrm2BVisj6xbD5OOapS3U6BpLKjWZG8sMGBCsJJ3S1cP0s2I+xHFToqCcbfOxIe/tq/UgTtxGJ0+TfUKNoD+QJjIKnjyC+HVEQm5bSm8mJv0vptj4On8yNopytSGuLcFHHnMB2t+IOkHnTW7n3emhh3SZKAcpI1h7WvPqsqBobMFDMeqvGeHaH2AM2OSoUi7AY+MmcVL0Je6QtJqpz60QI5dvaM4AsobC12AZSJKXnuqQTY6nJy4r9jPRK8RUqo5PuAAsNtlxf5xA4s1LrDR5PxBDpYz47Pq2LHtI9Hgf/SFB3IqZeBKqquMI1xThRBwP307/vOtTiwJr4ZKcpOH+SbU7Tnde4n8siM719QZM8VITtrbwm/VBiEwvhGC/23npX4S55W7Et/l9gmeP3Q+lSw50vBuQhBSn7BzedPM1CqbTN/zqM8TCDUtPVIo+6b2s5ao/Vcq9vBXm5bP0xZeNsqsCl05zpCShudKpT6AlMGAaRTd6NUHHsf4D1JjNx3v42R3vQr6OgHELVMGECuyPs3zWHOS/P6AdD0yJTSOMaklRh2HGN8uj0+aQ7RhnrkYqRfhN+6UkrTANuxdb44AGdLmBAKIYglVrAJe+DEji/LzJdZ22baAWg4ar/WikpFJtxkw==
swhteamannex:
uid: 1009
full_name: SWH Team Git Annex Account
shell: /bin/bash
groups:
- swhteam
authorized_keys:
swhteamannex@louvre:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAACAQDL/Ef9kktq/QkJ0lohan8ObQ3o7hMf7EOQPjO+u7UhIMjBNufJnaftQRGIA6N1/wEsDvxxNNz75/oJECJHgZs2OOTJJPsKfYeybmSBocSa/sn6IKK7/b/qlwHJlSGWPGVgbtfP0KexlSAKAmKZuJyqjES5igTLV5w4wTjvUUen9QyefuUehnCX3MJhTpoyixp7icXE80aNMaCPwHZppKb/28sNlPX3MbSONGM45wSFRXNuj0mAAjrgojkhAqFNnI9oKNAt9mDcw1hV0n86VvrDhEbMCJP/z58ecn376BgyXQ8zNUPIr2g0SrSPUNjfxZHfJ0XYpF7624wOMOmZE3fsQzZh+FeMF0IFRPvcG34RaelV9dXiy+/q45oqwbMF464gFSbyt++4jpgqHdsARM4zR//jBhyLvFXR+GaKC3hFENno5W5Raff4XE5rzN/q9jVJBNfvfuEPWrapyM3A/ePeuK3SyNJwyIx+bOEQXsRdxEWKszTeJO2SLPWtCrKrC+G4/HktQSQOj5S9a+N6HoKD8E889eBEYoeZGPIuzMot4cuUlyPt3P99z4oRIaeC6XwUCvZCD2DaTAkQWQMsmOn+soaeZ1zBHbsCBbV0mBMRx7K4Vjs62vhSelryQAXW+cBgd6+f5XBjOnNhHQhsNsDfYP4Kmztn58faQV2TzGG5ow==
swhscheduler:
uid: 1010
full_name: SWH Scheduler Account
shell: /bin/bash
groups:
- swhscheduler
jbertran:
uid: 2001
full_name: Jordi Bertran de Balanda
shell: /bin/false
groups: []
password: "!"
qcampos:
uid: 2002
full_name: Quentin Campos
shell: /bin/false
groups: []
password: "!"
gitorious:
uid: 5000
full_name: Gitorious System User
shell: /bin/false
groups:
- gitorious
fiendish:
uid: 1011
full_name: Avi Kelman
shell: /bin/false
groups: []
password: "!"
morane:
uid: 1012
full_name: Morane Otilia Gruenpeter
shell: /bin/bash
groups:
- swhdev
- swhstorage
- swhteam
authorized_keys:
morane.gg@gmail.com:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDm8kH1pP+4ENKmpkTCkL2ashxxnOFVndGrcvfX05lV1hOo2NdItpdoR9txIgFEs3d7v73mtH4nWciUyaK7FIByrtvsR2TIhdVgEcb0Xai8viV+sDMTndpiNlWNilbfxm0K70tgpG4BeSWRJy8cPxnCR9CWoB2Vo9Df7lDKz1LXDgfY4VLJd69ahf1DPFUDjpWIEQdPFX2ZyGUYM+0yPXIoyYW/qreDt1JkYZXXVbRAV8j44/TVgTRYJLgYb9ThW6WzlGM1S4uP7GQdAuROCcspqW3ahV/UmV4Z9SM6S34NN182KvM0Ve7uxAPQz+IdWOgZTK0pvd+hfjHKbLSTA6I3
seirl:
uid: 1013
full_name: Antoine Pietri
shell: /usr/bin/zsh
groups:
- swhdev
- swhstorage
- swhteam
- swhdeploy
authorized_keys:
seirl:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAILiua8eEg+nU0XSbYPTgnOMftzvpbN+u7v5jDabeO/0E
ssushant:
uid: 1014
full_name: Sushant
shell: /bin/false
groups: []
password: "!"
anlambert:
uid: 1015
full_name: Antoine Lambert
shell: /bin/bash
groups:
- swhdev
- swhstorage
- swhteam
- swhdeploy
- swhwebapp
authorized_keys:
antoine.lambert@inria.fr:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAACAQDLWPcZnSUszEedMa39dT3ZCHpRod3NTs6WT4OfMMRVahrhTtWYdSiNGy8U3kEQveTZvMrb9WLtLPB3K8o7Xrf8WCI8iTOl9eb9DVjE9XL+zS0ZAcEmoZ5YH8e3gEDoDm8ZrMxF+V5XSlvhNi6kbWzJdqhXu++bJHHqGrKUHeTCQCfpYYMrsnvhPjtxe+90BK7e+IGm1Ha8LZMCCmOtz0XggxD8d2mFBaP2p8v9xsM48KfwFvsRMb3TZIaO/+NcsRSTe7wfFAR1pb14pi5LZAHeb2tpWfVH2vQGaE7Rej+Ycf4UOeaRmFGpimw7u7fugvDvKfZ/vs7w7Qs2RtxNdqJf9JM+vvi78OQbloufot1Tz2r19aDbhM9nsCn+Uo3rNfkmD+UcSMKrRJCMEXVBbaY/bgzs7XoqCJ8ODE2U/dF3NtHBZr+CB52iilUtemXy+Xwqw4TSs/r9vW7/XueTdb0Yp/cUs5uLCqCwlMpGS5okorpdJextp5gRuN6EMlUo6PffRiz5T0CqKm1xJu0NeT0EaacAXoGTDQaS4pIQGglqWfAOmjej9dM8gxAF6rgrx70uJt6Hy18tvzdB5iwJ4F2LUjcZhFnrxjUDzhjPoDBiRtPNgEKrCc30OHsveqXwMPo3v/d3np1Vpkum0JEwmp83q92P5T2rbf+wiruxZhhtww==
grouss:
uid: 1016
full_name: Guillaume Rousseau
shell: /bin/bash
groups:
- swhteam
authorized_keys:
guillaume.rousseau@univ-paris-diderot.fr:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Akcdxrod/MFcHg53dCf7iZY/ph9MR0tWU08pjMDfU04j1nAgmHmvumYbxBtFNnd0nu4A9YY4nT79273PCE3c6ba3zSGS9DBYhrASGDqHBECrgEREM3YPXpA2NI0FKEZ878Ic3CQlYaOmRoe/QkFpm2j8CMoG4VdKp0EcvV1RCTgWqJY1P4KC30CJUg+OdGRaaqHEoSskjstU5yjbZCC9M90Hz0xO+MsMl/xKdcDmvwbLDMtp/3SKDQeyN4Q7Uu/zZwoZ8FmgEU4Xp7nKN3yCiEB9rqMkP/lLY71hTPHn/GiZnPo4rWL13w3unuI3X0GDpqxPxjt0LZN4xQEGEn+1
ftigeot:
uid: 1017
full_name: Francois Tigeot
shell: /bin/false
password: "!"
groups: []
swhdeposit:
uid: 1018
full_name: SWH Deposit App Account
shell: /bin/bash
groups:
- swhscheduler
swhvault:
uid: 1019
full_name: SWH Vault Account
shell: /bin/bash
groups:
- swhdeploy
- swhstorage
- swhvault
ddouard:
uid: 1020
full_name: David Douard
shell: /bin/bash
groups:
- adm
- sudo
- swhdev
- swhteam
- swhscheduler
authorized_keys:
david.douard@sdfa3.org:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAACAQCoON7De2Bx03owpZfzbOyucZTmyQdm7F+LP4D4H9EyOFxtyMpjH2S9Ve/JvMoFIWGQQlXSkYzRv63Z0BzPLKD2NsYgomcjOLdw1Baxnv8VOH+Q01g4B3cabcP2LMVjerHt/KRkY3E6dnKLQGE5UiER/taQ7KazAwvu89nUd4BJsV43rJ3X3DtFEfH3lR4ZEIgFyPUkVemQAjBhueFmN3w8debOdr7t9cBpnYvYKzLQN+G/kQVFc+fgs+fFOtOv+Az9kTXChfLs5pKPBm+MuGxz4gS3fPiAjY9cN6vGzr7ZNkCRUSUjJ10Hlm7Gf2EN8f+k6iSR4CPeixDcZ+scbCg4dCORqTsliSQzUORIJED9fbUR6bBjF4rRwm5GvnXx5ZTToWDJu0PSHYOkomqffp30wqvAvs6gLb+bG1daYsOLp+wYru3q09J9zUAA8vNXoWYaERFxgwsmsf57t8+JevUuePJGUC45asHjQh/ON1H5PDXtULmeD1GKkjqyaS7SBNbpOWgQb21l3pwhLet3Mq3TJmxVqzGMDnYvQMUCkiPdZq2pDplzfpDpOKLaDg8q82rR5+/tAfB4P2Z9RCOqnMLRcQk9AluTyO1D472Mkp+v5VA4di0eTWZ0tuzwYJEft0OVo+QOVTslCGsyGiEUoOcHzkrdgsT5uQziyAfgTMSuiw==
vlorentz:
uid: 1021
full_name: Valentin Lorentz
shell: /usr/bin/zsh
groups:
- swhdev
- swhteam
authorized_keys:
vlorentz@pro-desktop:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAILsRMQjrrfUjX1ka9e6YlyMyDvTC+qk5a21Fp9yXYI7p
vlorentz@perso-laptop:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAIIjJoY4XBTTNsxLVF/sUKBI4WGR2AIiR9qfMdspnsRfJ
vlorentz@pro-laptop:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAIND42yBr8C/zKJiQx2I84yIlMNsS9IMTUkdb9GjYgFON
haltode:
uid: 1022
full_name: Thibault Allancon
shell: /usr/bin/zsh
groups:
- swhdev
- swhteam
authorized_keys:
haltode@gmail.com:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAIORGwY56PpvgwMWqDei718PPriV6U7LL5JMPJWS7zTcg
danseraf:
uid: 1023
full_name: Daniel Serafini
groups:
- swhdev
shell: /usr/bin/fish
authorized_keys:
me@danieleserafini.eu:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABgQDsQ1QxD/xHOOhCAarH9o3oAfT7YCwxXCAVaazxC1ZMygWZUE95oMu6D2Wib5Q4GBKD35ddclY/l5GsYB5uXbl1UxAFUPe4COqTEt+7deMSWakv46ceb5oHxOkMAF4w400FV1Pi1usk2TpArarOPuxN7yKu54sBACI5HEezn3KOvxPYt/DUAt+XdrfLsiZPyzjOYYezocCV+O1PkivhC99cXHtlwTBRntWTjlyUt9p46U6Uf2G9u88v4v2KopH0sQG7nAYNXN7W14pB925fnDYDHFYUoKDCBbJiQMMKKlQxJZLSfh/KX6kX7OIXOiMclIfmBYAUwDHU3MevdczAIj8JWspUVyRf32B1jnD+H8UnDTCwApCFytcvzDuoYCgiUVk4bDpJOHeb8V4dh6UZt0DFa4iiLsVIX8MjcqaI5TmmvaYgjGPSTLlUsasUJnVqCweQNTiZPhDiqrs258aQvSGf634k10lxmhAAB0xAGVO6Zj1mBjqS+XDJiLzf4mWwm4M=
aeviso:
uid: 1024
full_name: Andres Ezequiel Viso
groups:
- swhdev
- swhteam
shell: /bin/bash
authorized_keys:
andres@powerage:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDRnVV1UimkTbAAb1FPxDPAqfyCVSrlB7a1Kq83ZKc6e7tTVmOKA55whZa3KwNBwgZGB8389ejCery+WDqSiRZsirup4UN/VZ5X3XJdnRVPPcpzVuWFivPKBMn6D4LMa9D7moMnV9JC5q9zwMNHZQ4qJbGlW44MzWOi0RnPVd28jsRkL0sMRvz+i3KXFGDNeaVPV0YLB4vS1bmEho/8Tu5NlY/Tzkter9qTNN7QNIAbnq8oQF/lLPFAytE0s61ZtoDcXfznJPXWkIljMCTQHlxeDci9DQWUgQc+A+7qWmqkb3lzDYKQrxRfZtl3hbnR3jrtSfTI+q0Nagh0O4FN2QUj
vsellier:
uid: 1025
full_name: Vincent Sellier
groups:
- swhdev
- swhteam
- sudo
shell: /usr/bin/zsh
authorized_keys:
vsellier@swh-vs1:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAII5oO0jj/IeV04osZ/iaKBZdnuqdziJD3x1VOhtK9tZY
tenma:
uid: 1026
full_name: Nicolas Gattolin
groups:
- swhdev
- swhteam
shell: /bin/bash
authorized_keys:
tenma@swh-ng1:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAIFZ2Ny1YDntm3yHa7yTG+HsZr+HUIMHAi/k/MS6hoKzY
tg1999:
uid: 1027
full_name: Tushar Goel
groups:
- swhdev
- swhteam
shell: /bin/false
authorized_keys:
tg@tg-Inspiron-15-7000-Gaming:
type: ssh-ed25519
key: !
hakb:
uid: 1028
full_name: Hakim Baaloudj
shell: /bin/bash
groups:
- swhdev
- swhteam
authorized_keys:
hbaaloud@po461-pro.paris.inria.fr:
type: ssh-ed25519
key: AAAAC3NzaC1lZDI1NTE5AAAAILxjcB/AomGshUUhPI0odv10WjQZaPNlfr1eIfwVHaeS
jayesh:
uid: 1029
full_name: Jayesh Velayudhan
shell: /bin/bash
groups:
- swhdev
- swhteam
authorized_keys:
jayesh.mail@gmail.com:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAACAQDLVYpzpelvLCL+OqKAtCu75fd8RBGeu4T+HL9kDvGp0/+oNd32hsP7aXmclDpUOH1Fn91PZ3MYSXreXNFgHihs7r6k3gjA4szrMrQHgJhHCyh3uP7Szzsb5HP4RIe9hqAnrxYVWjyp/BrKWEZM2nxjW1Y7XCxfcIgMFQZfA4SdKtB/mR/P9VJwtDJIkPyUVWlfdFSgUsHEU8puVJmdQDk0XwTSDOeZTpNB1oDqOABuaEJZYNKXjnClfGSvJy5ISoGSRV4BPpOofVh5idyv49+brEeugfa66gGds2WQdtMkKQ+qCygaGkc1ee3yME55fTqYyCrU84rCr+nDMbXiwCke21TTBFC7xGFAhIwCPXcEWG5lFeUlL96olt38YKAYCE+LjlCsjg3kAeN+w3fmV+N5QjG0vJoHv+s6+FmOAW9zmrTFESUFuxfvQzDVL1NYfH4D54Tma2aqQFKE28P4b3jQMXEaXk/oMVNjkoTGDhYbWggfA0PrzXr9saiRrVwlmoob+DYaGG5fACCnQuJtONxjQJqc4e5I2AGlK30V3kRtodwbfTiypJCFXqJ7lw1AsalArGLTm53ydfUX28sOZmBkrqgqUl0Y9UI6O0SIm/KP0eUsgM2UWFbHoSoecuOK72HhwC4oN2UUD4iZ6+ZNrsWb7j7JtETZDkYYBJkL98Wv1Q==
groups:
adm:
gid: 4 # assigned from base-files
sudo:
gid: 27 # assigned from base-files
www-data:
gid: 33 # assigned from base-files
zack:
gid: 1000
olasd:
gid: 1001
ardumont:
gid: 1003
ddouard:
gid: 1020
swhworker:
gid: 1004
swhdev:
gid: 1002
swhstorage:
gid: 1005
swhdeploy:
gid: 1006
swhbackup:
gid: 1007
swhwebapp:
gid: 1008
swhteam:
gid: 1009
swhscheduler:
gid: 1010
gitorious:
gid: 5000
swhdeposit:
gid: 1018
swhvault:
gid: 1019
vsellier:
gid: 1025
tenma:
gid: 1026
tg1999:
gid: 1027
gunicorn::statsd::host: 127.0.0.1:8125
munin::master::hostname: munin.internal.softwareheritage.org
rabbitmq::monitoring::user: swhdev
# following password key in private data
# - rabbitmq::monitoring::password
# - swh::deploy::worker::task_broker::password
# - swh::deploy::scheduler::task_broker::password
rabbitmq::server::users:
- name: "%{hiera('rabbitmq::monitoring::user')}"
is_admin: true
password: "%{hiera('rabbitmq::monitoring::password')}"
tags: []
- name: swhconsumer
is_admin: false
password: "%{hiera('swh::deploy::worker::task_broker::password')}"
tags: []
- name: swhproducer
is_admin: false
password: "%{hiera('swh::deploy::scheduler::task_broker::password')}"
tags:
- management
puppet::master::hostname: pergamon.internal.softwareheritage.org
puppet::master::puppetdb: pergamon.internal.softwareheritage.org
puppetdb::master::config::terminus_package: puppet-terminus-puppetdb
strict_transport_security::max_age: 15768000
php::version: '7.4'
# Those variables get picked up by 'include ::php::fpm::daemon'
php::fpm::daemon::log_owner: www-data
php::fpm::daemon::log_group: adm
php::fpm::daemon::log_dir_mode: '0750'
# Those variables get picked up by 'include ::apache'
apache::server_tokens: 'Prod'
apache::server_signature: 'Off'
apache::trace_enable: 'Off'
apache::manage_group: false
# Those variables get picked up by 'include ::apache::mod::passenger'
apache::mod::passenger::passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
# Those variables need to be set manually in the SSL vhosts.
apache::ssl_protocol: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
apache::ssl_honorcipherorder: 'On'
apache::ssl_cipher: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
apache::hsts_header: "set Strict-Transport-Security \"max-age=%{hiera('strict_transport_security::max_age')}\""
# Those variables need to be set manually for all vhosts
apache::http_port: 80
apache::https_port: 443
apache::log_formats:
combined_with_duration: "%a %l %u %t \\\"%r\\\" %>s %b \\\"%{literal('%')}{Referer}i\\\" \\\"%{literal('%')}{User-Agent}i\\\" %{literal('%')}{ms}T"
# Hitch TLS proxy configuration
hitch::frontend: "[*]:10443"
hitch::proxy_support: false
hitch::http2_support: false
# Varnish configuration
varnish::http_port: 10080
varnish::proxy_port: 6081
varnish::http2_support: false
varnish::listen:
- ":%{hiera('varnish::http_port')}"
- "[::1]:%{hiera('varnish::proxy_port')},PROXY"
varnish::backend_http_port: "%{hiera('apache::http_port')}"
varnish::admin_listen: 127.0.0.1
varnish::admin_port: 6082
varnish::storage_type: malloc
varnish::storage_size: 256m
varnish::storage_file: /var/lib/varnish/varnish_storage.bin
# varnish::secret in private-data
swh::deploy::reverse_proxy::services:
- deposit
- webapp
letsencrypt::account_email: sysop+letsencrypt@softwareheritage.org
letsencrypt::server: https://acme-v02.api.letsencrypt.org/directory
letsencrypt::gandi_livedns_hook::config:
gandi_api: https://dns.api.gandi.net/api/v5/
zones:
softwareheritage.org:
api_key: "%{alias('gandi::softwareheritage_org::api_key')}"
sharing_id: "%{alias('gandi::softwareheritage_org::sharing_id')}"
swh.network:
api_key: "%{alias('gandi::softwareheritage_org::api_key')}"
sharing_id: "%{alias('gandi::swh_network::sharing_id')}"
letsencrypt::gandi_paas_hook::config:
gandi_xmlrpc: https://rpc.gandi.net/xmlrpc/
zone_keys:
softwareheritage.org: "%{alias('gandi::softwareheritage_org::xmlrpc_key')}"
letsencrypt::certificates::exported_directory: "%{::puppet_vardir}/letsencrypt_exports"
letsencrypt::certificates::directory: /etc/ssl/certs/letsencrypt
letsencrypt::certificates:
archive_production:
domains:
# Should match with keycloak::resources::realms.SoftwareHeritage.clients.swh-web.redirect_uris
- archive.softwareheritage.org
- base.softwareheritage.org
- archive.internal.softwareheritage.org
archive_staging:
domains:
# Should match with keycloak::resources::realms.SoftwareHeritageStaging.clients.swh-web.redirect_uris
- webapp.staging.swh.network
- webapp-rp.internal.staging.swh.network
archive_webapp1:
domains:
- webapp1.internal.softwareheritage.org
deposit_production:
domains:
- deposit.softwareheritage.org
- deposit.internal.softwareheritage.org
deposit_staging:
domains:
- deposit.staging.swh.network
- deposit-rp.internal.staging.swh.network
hedgedoc:
domains:
- hedgedoc.softwareheritage.org
journal0.internal.staging.swh.network:
domains:
- broker0.journal.staging.swh.network
- journal0.internal.staging.swh.network
objstorage_staging:
domains:
- objstorage.staging.swh.network
- objstorage-rp.internal.staging.swh.network
stats_export:
domains:
- stats.export.softwareheritage.org
- pergamon.softwareheritage.org
jenkins:
domains:
- jenkins.softwareheritage.org
sentry:
domains:
- sentry.softwareheritage.org
keycloak:
domains:
- auth.softwareheritage.org
kafka1.internal.softwareheritage.org:
domains:
- broker1.journal.softwareheritage.org
- kafka1.internal.softwareheritage.org
kafka2.internal.softwareheritage.org:
domains:
- broker2.journal.softwareheritage.org
- kafka2.internal.softwareheritage.org
kafka3.internal.softwareheritage.org:
domains:
- broker3.journal.softwareheritage.org
- kafka3.internal.softwareheritage.org
kafka4.internal.softwareheritage.org:
domains:
- broker4.journal.softwareheritage.org
- kafka4.internal.softwareheritage.org
kafka01.euwest.azure.internal.softwareheritage.org:
domains:
- kafka01.euwest.azure.internal.softwareheritage.org
- kafka01.euwest.azure.softwareheritage.org
kafka02.euwest.azure.internal.softwareheritage.org:
domains:
- kafka02.euwest.azure.internal.softwareheritage.org
- kafka02.euwest.azure.softwareheritage.org
kafka03.euwest.azure.internal.softwareheritage.org:
domains:
- kafka03.euwest.azure.internal.softwareheritage.org
- kafka03.euwest.azure.softwareheritage.org
kafka04.euwest.azure.internal.softwareheritage.org:
domains:
- kafka04.euwest.azure.internal.softwareheritage.org
- kafka04.euwest.azure.softwareheritage.org
kafka05.euwest.azure.internal.softwareheritage.org:
domains:
- kafka05.euwest.azure.internal.softwareheritage.org
- kafka05.euwest.azure.softwareheritage.org
kafka06.euwest.azure.internal.softwareheritage.org:
domains:
- kafka06.euwest.azure.internal.softwareheritage.org
- kafka06.euwest.azure.softwareheritage.org
annex.softwareheritage.org:
domains:
- annex.softwareheritage.org
bitbucket-archive.softwareheritage.org:
domains:
- bitbucket-archive.softwareheritage.org
debian.softwareheritage.org:
domains:
- debian.softwareheritage.org
- debian.internal.softwareheritage.org
docs.softwareheritage.org:
domains:
- docs.softwareheritage.org
intranet.softwareheritage.org:
domains:
- intranet.softwareheritage.org
wiki.softwareheritage.org:
domains:
- wiki.softwareheritage.org
icinga.softwareheritage.org:
domains:
- icinga.softwareheritage.org
- icinga.internal.softwareheritage.org
wg.softwareheritage.org:
domains:
- wg.softwareheritage.org
git.softwareheritage.org:
domains:
- git.softwareheritage.org
forge.softwareheritage.org:
domains:
- forge.softwareheritage.org
grafana.softwareheritage.org:
domains:
- grafana.softwareheritage.org
www-dev:
domains:
- www-dev.softwareheritage.org
deploy_hook: gandi_paas
www:
domains:
- softwareheritage.org
- www.softwareheritage.org
deploy_hook: gandi_paas
gandi-redirects:
domains:
- softwareheritage.org
- sponsors.softwareheritage.org
- sponsorship.softwareheritage.org
- testimonials.softwareheritage.org
deploy_hook: gandi_paas
netbox:
domains:
- inventory.internal.softwareheritage.org
netbox-vagrant:
domains:
- inventory-vagrant.internal.softwareheritage.org
bind::update_key: local-update
bind::zones:
internal.softwareheritage.org:
domain: internal.softwareheritage.org
100.168.192.in-addr.arpa:
domain: 100.168.192.in-addr.arpa
101.168.192.in-addr.arpa:
domain: 101.168.192.in-addr.arpa
internal.staging.swh.network:
domain: internal.staging.swh.network
internal.admin.swh.network:
domain: internal.admin.swh.network
50.168.192.in-addr.arpa:
domain: 50.168.192.in-addr.arpa
128.168.192.in-addr.arpa:
domain: 128.168.192.in-addr.arpa
130.168.192.in-addr.arpa:
domain: 130.168.192.in-addr.arpa
200.168.192.in-addr.arpa:
domain: 200.168.192.in-addr.arpa
201.168.192.in-addr.arpa:
domain: 201.168.192.in-addr.arpa
202.168.192.in-addr.arpa:
domain: 202.168.192.in-addr.arpa
203.168.192.in-addr.arpa:
domain: 203.168.192.in-addr.arpa
204.168.192.in-addr.arpa:
domain: 204.168.192.in-addr.arpa
205.168.192.in-addr.arpa:
domain: 205.168.192.in-addr.arpa
206.168.192.in-addr.arpa:
domain: 206.168.192.in-addr.arpa
207.168.192.in-addr.arpa:
domain: 207.168.192.in-addr.arpa
# Defaults for secondary bind server
bind::zones::type: slave
bind::zones::masters:
- 192.168.100.29
bind::zones::allow_transfers:
- 192.168.100.0/24
- 192.168.101.0/24
- 192.168.200.22
bind::zones::default_data:
zone_type: "%{alias('bind::zones::type')}"
dynamic: true
masters: "%{alias('bind::zones::masters')}"
transfer_source: ''
allow_updates: []
update_policies: ''
allow_transfers: "%{alias('bind::zones::allow_transfers')}"
dnssec: false
key_directory: ''
ns_notify: true
also_notify: ''
allow_notify: ''
forwarders: ''
forward: ''
source: ''
ns_records:
- pergamon.internal.softwareheritage.org.
- ns0.euwest.azure.internal.softwareheritage.org.
bind::resource_records:
archive/CNAME:
type: CNAME
record: archive.internal.softwareheritage.org
data: moma.internal.softwareheritage.org.
db/CNAME:
type: CNAME
record: db.internal.softwareheritage.org
data: belvedere.internal.softwareheritage.org.
debian/CNAME:
type: CNAME
record: debian.internal.softwareheritage.org
data: pergamon.internal.softwareheritage.org.
backup/CNAME:
type: CNAME
record: backup.internal.softwareheritage.org
data: banco.internal.softwareheritage.org.
icinga/CNAME:
type: CNAME
record: icinga.internal.softwareheritage.org
data: pergamon.internal.softwareheritage.org.
faitout/CNAME:
type: CNAME
record: faitout.internal.softwareheritage.org
data: prado.internal.softwareheritage.org.
graph/CNAME:
type: CNAME
record: graph.internal.softwareheritage.org
data: granet.internal.softwareheritage.org.
logstash/CNAME:
type: CNAME
record: logstash.internal.softwareheritage.org
data: logstash0.internal.softwareheritage.org.
kibana/CNAME:
type: CNAME
record: kibana.internal.softwareheritage.org
data: banco.internal.softwareheritage.org.
rabbitmq/CNAME:
type: CNAME
record: rabbitmq.internal.softwareheritage.org
data: saatchi.internal.softwareheritage.org.
inventory/CNAME:
type: CNAME
record: inventory.internal.softwareheritage.org
data: bojimans.internal.softwareheritage.org.
staging-gateway/A: # Cannot autogenerate due to limitations in $::swh_hostname fact
record: staging-gateway.internal.softwareheritage.org
data: 192.168.100.125
glyptotek/A: # OPNSense firewall, not managed by puppet
record: "%{alias('opnsense::hosts.glyptotek.fqdn')}"
data: "%{alias('opnsense::hosts.glyptotek.ip')}"
pushkin/A: # OPNSense firewall, not managed by puppet
record: "%{alias('opnsense::hosts.pushkin.fqdn')}"
data: "%{alias('opnsense::hosts.pushkin.ip')}"
internalgw/A: # Firewal(s)l vip, not managed by puppet
record: gw.internal.softwareheritage.org
data: 192.168.100.130
staging-rp0/A:
record: rp0.internal.staging.swh.network
data: 192.168.130.20
staging-webapp/A:
record: webapp.internal.staging.swh.network
data: 192.168.130.30
staging-webapp-rp/CNAME:
type: CNAME
record: webapp-rp.internal.staging.swh.network
data: rp0.internal.staging.swh.network.
staging-deposit/A:
record: deposit.internal.staging.swh.network
data: 192.168.130.31
staging-deposit-rp/CNAME:
type: CNAME
record: deposit-rp.internal.staging.swh.network
data: rp0.internal.staging.swh.network.
# Non-puppet azure hosts
pgmirror0.euwest.azure/A:
record: pgmirror0.euwest.azure.internal.softwareheritage.org
data: 192.168.200.51
# VPN hosts
zack/A:
record: zack.internal.softwareheritage.org
data: 192.168.101.6
olasd/A:
record: olasd.internal.softwareheritage.org
data: 192.168.101.10
ardumont/A:
record: ardumont.internal.softwareheritage.org
data: 192.168.101.14
ardumont-desktop/A:
record: ardumont-desktop.internal.softwareheritage.org
data: 192.168.101.158
rdicosmo/A:
record: rdicosmo.internal.softwareheritage.org
data: 192.168.101.38
grand-palais/A:
record: grand-palais.internal.softwareheritage.org
data: 192.168.101.62
grandpalais/CNAME:
type: CNAME
record: grandpalais.internal.softwareheritage.org
data: grand-palais.internal.softwareheritage.org.
petit-palais/A:
record: petit-palais.internal.softwareheritage.org
data: 192.168.101.58
petitpalais/CNAME:
type: CNAME
record: petitpalais.internal.softwareheritage.org
data: petit-palais.internal.softwareheritage.org.
giverny/A:
type: A
record: giverny.internal.softwareheritage.org
data: 192.168.101.118
orangeriedev/A:
type: A
record: orangeriedev.internal.softwareheritage.org
data: 192.168.101.130
orangerie/A:
type: A
record: orangerie.internal.softwareheritage.org
data: 192.168.101.142
ddouard-desktop/A:
record: ddouard-desktop.internal.softwareheritage.org
data: 192.168.101.162
vlorentz-desktop/A:
record: vlorentz-desktop.internal.softwareheritage.org
data: 192.168.101.166
oturtle-desktop/A:
record: oturtle-desktop.internal.softwareheritage.org
data: 192.168.101.222
bind::resource_records::default_data:
type: A
bind::clients:
- 192.168.50.0/24
- 192.168.100.0/24
- 192.168.101.0/24
- 192.168.130.0/24
- 192.168.200.0/21
- 127.0.0.0/8
- '::1/128'
bind::autogenerate:
192.168.100.0/24: .internal.softwareheritage.org
192.168.200.0/21: .internal.softwareheritage.org
192.168.130.0/24: .internal.staging.swh.network
192.168.50.0/24: .internal.admin.swh.network
backups::legacy_storage: /srv/backups
backups::enable: true
backups::base: /
backups::exclude:
- dev
- proc
- run
- srv/backups
- srv/db-backups
- srv/elasticsearch
- srv/remote-backups
- srv/softwareheritage/objects
- srv/softwareheritage/postgres
- srv/softwareheritage/scratch
- srv/softwareheritage/scratch.2TB
- srv/storage
- sys
- tmp
- var/cache
- var/lib/mysql
- var/log/journal
- var/run
- var/tmp
phabricator::basepath: /srv/phabricator
phabricator::user: phabricator
phabricator::group: phabricator
phabricator::vcs_user: git
phabricator::notification::client_host: 127.0.0.1
phabricator::notification::client_port: 22280
phabricator::notification::listen: "%{hiera('phabricator::notification::client_host')}:%{hiera('phabricator::notification::client_port')}"
phabricator::mysql::database_prefix: phabricator
phabricator::mysql::username: phabricator
phabricator::mysql::readonly_usernames: []
# phabricator::mysql::readonly_password_seed in private data
phabricator::mysql::conf::max_allowed_packet: 33554432
phabricator::mysql::conf::sql_mode: STRICT_ALL_TABLES
phabricator::mysql::conf::ft_stopword_file: "%{hiera('phabricator::basepath')}/phabricator/resources/sql/stopwords.txt"
phabricator::mysql::conf::ft_min_word_len: 3
phabricator::mysql::conf::ft_boolean_syntax: "' |-><()~*:\"\"&^'"
phabricator::mysql::conf::innodb_buffer_pool_size: 4G
phabricator::mysql::conf::innodb_file_per_table: TRUE
phabricator::mysql::conf::innodb_flush_method: O_DIRECT
phabricator::mysql::conf::innodb_log_file_size: 1G
phabricator::mysql::conf::max_connections: 16384
phabricator::php::fpm_listen: 127.0.0.1:9001
phabricator::php::max_file_size: 128M
phabricator::php::opcache_validate_timestamps: 0
# Must have a matching cert in letsencrypt::domains
phabricator::vhost::name: forge.softwareheritage.org
phabricator::vhost::docroot: "%{hiera('phabricator::basepath')}/phabricator/webroot"
phabricator::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
phabricator::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
phabricator::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
phabricator::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
mediawiki::php::fpm_listen: 127.0.0.1:9002
mediawiki::vhosts:
# Must have matching certificates in letsencrypt::certificates
intranet.softwareheritage.org:
swh_logo: /images/9/99/Swh-intranet-logo.png
mysql:
username: mw_intranet
dbname: mediawiki_intranet
aliases: []
site_name: Software Heritage Intranet
wiki.softwareheritage.org:
swh_logo: /images/b/b2/Swh-logo.png
mysql:
username: mw_public
dbname: mediawiki_public
aliases: []
site_name: Software Heritage Wiki
mediawiki::vhost::docroot: /var/lib/mediawiki
mediawiki::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
mediawiki::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
mediawiki::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
mediawiki::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
annex::basepath: /srv/softwareheritage/annex
# Must have matching certificate in letsencrypt::certificates
annex::vhost::name: annex.softwareheritage.org
annex::vhost::docroot: "%{hiera('annex::basepath')}/webroot"
annex::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
annex::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
annex::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
annex::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
docs::basepath: /srv/softwareheritage/docs
# Must have matching certificate in letsencrypt::certificates
docs::vhost::name: docs.softwareheritage.org
docs::vhost::docroot: "%{hiera('docs::basepath')}/webroot"
docs::vhost::docroot_owner: "jenkins-push-docs"
docs::vhost::docroot_group: "www-data"
docs::vhost::docroot_mode: "2755"
docs::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
docs::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
docs::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
docs::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
# Must have matching certificate in letsencrypt::certificates
bitbucket_archive::vhost::name: bitbucket-archive.softwareheritage.org
bitbucket_archive::vhost::docroot: /srv/softwareheritage/bitbucket-archive/webroot
bitbucket_archive::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
bitbucket_archive::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
bitbucket_archive::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
bitbucket_archive::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
ssh::port: 22
ssh::permitrootlogin: without-password
swh::base_directory: /srv/softwareheritage
swh::conf_directory: /etc/softwareheritage
swh::log_directory: /var/log/softwareheritage
swh::global_conf::file: "%{hiera('swh::conf_directory')}/global.ini"
swh::apt_config::swh_repository::hostname: debian.softwareheritage.org
swh::apt_config::swh_repository: "https://%{hiera('swh::apt_config::swh_repository::hostname')}/"
swh::apt_config::enable_non_free: false
swh::apt_config::backported_packages:
stretch:
# For swh.scheduler
- python3-msgpack
# T1609
- python3-urllib3
- python3-requests
- python3-chardet
- python3-idna
buster:
# More recent systemd for new features like OOMPolicy
- libnss-myhostname
- libnss-mymachines
- libnss-resolve
- libnss-systemd
- libpam-systemd
- libsystemd-dev
- libsystemd0
- libudev-dev
- libudev1
- libudev1-udeb
- libzstd1
- systemd
- systemd-container
- systemd-coredump
- systemd-journal-remote
- systemd-sysv
- systemd-tests
- udev
- udev-udeb
# python3-msgpack 1.0 breaks the older versions of borgbackup
- borgbackup
# Needed for some swh packages
- python3-typing-extensions
debian_repository::basepath: "%{hiera('swh::base_directory')}/repository"
debian_repository::owner: swhdebianrepo
debian_repository::owner::homedir: /home/swhdebianrepo
debian_repository::group: swhdev
debian_repository::mode: "02775"
debian_repository::ssh_authorized_keys:
nicolasd@darboux:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ1TCpfzrvxLhEMhxjbxqPDCwY0nazIr1cyIbhGD2bUdAbZqVMdNtr7MeDnlLIKrIPJWuvltauvLNkYU0iLc1jMntdBCBM3hgXjmTyDtc8XvXseeBp5tDqccYNR/cnDUuweNcL5tfeu5kzaAg3DFi5Dsncs5hQK5KQ8CPKWcacPjEk4ir9gdFrtKG1rZmg/wi7YbfxrJYWzb171hdV13gSgyXdsG5UAFsNyxsKSztulcLKxvbmDgYbzytr38FK2udRk7WuqPbtEAW1zV4yrBXBSB/uw8EAMi+wwvLTwyUcEl4u0CTlhREljUx8LhYrsQUCrBcmoPAmlnLCD5Q9XrGH
jenkins@thyssen:
type: ssh-rsa
key: AAAAB3NzaC1yc2EAAAADAQABAAABAQCrfYnl8v4QK1ClkPMHO4WiPqgLVoOGpOPFUvg3WehMo8xMQ9e/EeZddQn96mhHkbbC5HCWEVK1VwafpIeadaMHnypdGhpapncYPpoKItxmf1IwVtlt/h8OYai5pTMCgkuOHjhnQdO20Amr9WMkoRZ/K7v/GijIZ6svvgWiYKfDnu0s1ziFYIT5rEA5hL9SqNJTlKdy2H68/7mmTii9NpBsGWQYDOjcrwELNOI5EUgQSOzmeKxecPkABfh/dezp6jmrv/2x7bm7LT46d+rnVDqVRiUrLVnLhrZCmZDxXfbEmftTdAoK8U/wjLreanRxKOc7arYRyKu0RbAaejPejzgR
debian_repository::gpg_keys:
# olasd
- 791F12396630DD71FD364375B8E5087766475AAF
# zack
- 4900707DDC5C07F2DECB02839C31503C6D866396
# ardumont
- BF00203D741AC9D546A8BE0752E2E9840D10C3B8
# anlambert
- 91FAF3F5CDE011E4FDF4CBF2D026E5C2F802586D
# seirl
- 225CD9E3FA9374BDF6E057042F8984858B1A9945
# vlorentz
- 379043E3DF96D3237E6782AC0E082B40E4376B1E
# ddouard
- 7DC7325EF1A6226AB6C3D7E32388A3BF6F0A6938
# jenkins-debian1
- 1F4BDC445E30C7066324D7B3D7D3329147AE3148
# vsellier
- 89226003C15CBC8C65C189C33F13C434EADAD17D
# Must have matching certificate in letsencrypt::certificates
debian_repository::vhost::name: "%{hiera('swh::apt_config::swh_repository::hostname')}"
debian_repository::vhost::aliases:
- debian.internal.softwareheritage.org
debian_repository::vhost::docroot: "%{hiera('debian_repository::basepath')}"
debian_repository::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
debian_repository::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
debian_repository::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
debian_repository::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
swh::apt_config::debian_mirror::hostname: deb.debian.org
swh::apt_config::debian_mirror: "http://%{hiera('swh::apt_config::debian_mirror::hostname')}/debian/"
swh::apt_config::debian_security_mirror::hostname: "%{hiera('swh::apt_config::debian_mirror::hostname')}"
swh::apt_config::debian_security_mirror: "http://%{hiera('swh::apt_config::debian_mirror::hostname')}/debian-security/"
swh::apt_config::azure_repository::hostname: debian-archive.trafficmanager.net
swh::apt_config::azure_repository: "http://%{hiera('swh::apt_config::azure_repository::hostname')}/debian-azure/"
swh::apt_config::unattended_upgrades: true
swh::apt_config::unattended_upgraes::origins:
- "o=Debian,n=%{::lsbdistcodename}" # main Debian archive
- "o=Debian,n=%{::lsbdistcodename}-updates" # stable-updates (ex-volatile)
- "o=Debian,n=%{::lsbdistcodename},l=Debian-Security" # security updates
- "o=debian icinga-%{::lsbdistcodename},n=icinga-%{::lsbdistcodename}" # Icinga2 repository
- "o=Debian Azure,n=%{::lsbdistcodename}" # Debian Azure
- "o=Proxmox,n=%{::lsbdistcodename}" # Proxmox repository
- "o=packages.sury.org" # PHP backports (tate)
#####################################################################################################
# Remote service configurations
# Default ports
swh::remote_service::storage::port: 5002
swh::remote_service::objstorage::port: 5003
swh::remote_service::webapp::port: 5004
swh::remote_service::vault::port: 5005
swh::remote_service::deposit::port: 5006
swh::remote_service::indexer::port: 5007
swh::remote_service::scheduler::port: 5008
swh::remote_service::search::port: 5010
swh::remote_service::counters::port: 5011
# Default backend services. Override in specific sites if needed. Configurations
# are split between read-only (the default) and writable storages. In most cases
# overrides should only happen for read-only services.
swh::remote_service::objstorage::config: "%{alias('swh::remote_service::objstorage::config::azure_readonly_with_fallback')}"
swh::remote_service::objstorage::config::writable: "%{alias('swh::remote_service::objstorage::config::saam')}"
swh::remote_service::objstorage::config_as_dict:
banco: "%{alias('swh::remote_service::objstorage::config::banco')}"
saam: "%{alias('swh::remote_service::objstorage::config::saam')}"
azure: "%{alias('swh::remote_service::objstorage::config::azure')}"
swh::remote_service::storage::config: "%{alias('swh::remote_service::storage::config::saam')}"
swh::remote_service::storage::config::writable: &swh_remote_service_storage_config_writable
"%{alias('swh::remote_service::storage::config::saam')}"
swh::remote_service::indexer::config: "%{alias('swh::remote_service::indexer::config::saam')}"
swh::remote_service::indexer::config::writable: "%{alias('swh::remote_service::indexer::config::saam')}"
swh::remote_service::scheduler::config: "%{alias('swh::remote_service::scheduler::config::saatchi')}"
swh::remote_service::scheduler::config::writable: "%{alias('swh::remote_service::scheduler::config::saatchi')}"
swh::remote_service::vault::config: "%{alias('swh::remote_service::vault::config::azure')}"
swh::remote_service::vault::config::writable: "%{alias('swh::remote_service::vault::config::azure')}"
# Pipeline storage with retry, filter, buffer and finally writable storage
swh::deploy::worker::storage::pipeline:
cls: pipeline
steps:
- cls: buffer
min_batch_size:
content: 1000
content_bytes: 52428800 # 50 MB
directory: 1000
revision: 1000
release: 1000
- cls: filter
- cls: retry
- "%{alias('swh::remote_service::storage::config::writable')}"
# Objstorage backend configurations
swh::remote_service::objstorage::config::azure:
cls: azure-prefixed
args:
accounts:
"0":
account_name: 0euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::0euwestswh')}"
container_name: contents
"1":
account_name: 1euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::1euwestswh')}"
container_name: contents
"2":
account_name: 2euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::2euwestswh')}"
container_name: contents
"3":
account_name: 3euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::3euwestswh')}"
container_name: contents
"4":
account_name: 4euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::4euwestswh')}"
container_name: contents
"5":
account_name: 5euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::5euwestswh')}"
container_name: contents
"6":
account_name: 6euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::6euwestswh')}"
container_name: contents
"7":
account_name: 7euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::7euwestswh')}"
container_name: contents
"8":
account_name: 8euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::8euwestswh')}"
container_name: contents
"9":
account_name: 9euwestswh
api_secret_key: "%{hiera('swh::azure::credentials::9euwestswh')}"
container_name: contents
"a":
account_name: aeuwestswh
api_secret_key: "%{hiera('swh::azure::credentials::aeuwestswh')}"
container_name: contents
"b":
account_name: beuwestswh
api_secret_key: "%{hiera('swh::azure::credentials::beuwestswh')}"
container_name: contents
"c":
account_name: ceuwestswh
api_secret_key: "%{hiera('swh::azure::credentials::ceuwestswh')}"
container_name: contents
"d":
account_name: deuwestswh
api_secret_key: "%{hiera('swh::azure::credentials::deuwestswh')}"
container_name: contents
"e":
account_name: eeuwestswh
api_secret_key: "%{hiera('swh::azure::credentials::eeuwestswh')}"
container_name: contents
"f":
account_name: feuwestswh
api_secret_key: "%{hiera('swh::azure::credentials::feuwestswh')}"
container_name: contents
swh::remote_service::objstorage::config::azure::readonly:
cls: filtered
args:
storage_conf: "%{alias('swh::remote_service::objstorage::config::azure')}"
filters_conf:
- type: readonly
swh::remote_service::objstorage::config::saam:
cls: remote
args:
url: "http://saam.internal.softwareheritage.org:%{hiera('swh::remote_service::objstorage::port')}/"
swh::remote_service::objstorage::config::saam::readonly:
cls: filtered
args:
storage_conf: "%{alias('swh::remote_service::objstorage::config::saam')}"
filters_conf:
- type: readonly
swh::remote_service::objstorage::config::banco:
cls: remote
args:
url: "http://banco.internal.softwareheritage.org:%{hiera('swh::remote_service::objstorage::port')}/"
swh::remote_service::objstorage::config::banco::readonly:
cls: filtered
args:
storage_conf: "%{alias('swh::remote_service::objstorage::config::banco')}"
filters_conf:
- type: readonly
swh::remote_service::objstorage::config::azure_readonly_with_fallback: &swh_azure_readonly_with_fallback
cls: multiplexer
args:
objstorages:
- "%{alias('swh::remote_service::objstorage::config::azure::readonly')}"
- "%{alias('swh::remote_service::objstorage::config::banco::readonly')}"
- "%{alias('swh::remote_service::objstorage::config::saam::readonly')}"
swh::remote_service::objstorage::config::localhost:
cls: remote
args:
url: "http://127.0.0.1:%{hiera('swh::remote_service::objstorage::port')}/"
# Storage backend configurations
swh::remote_service::storage::config::saam:
cls: remote
args:
url: "http://saam.internal.softwareheritage.org:%{hiera('swh::remote_service::storage::port')}/"
swh::remote_service::storage::config::azure:
cls: remote
args:
url: "http://storage01.euwest.azure.internal.softwareheritage.org:%{hiera('swh::remote_service::storage::port')}/"
swh::remote_service::storage::config::localhost:
cls: remote
args:
url: "http://localhost:%{hiera('swh::remote_service::storage::port')}/"
swh::remote_service::search::config::empty: {}
swh::remote_service::search::config::localhost:
cls: remote
url: "http://localhost:%{hiera('swh::remote_service::search::port')}/"
swh::remote_service::search::config::search1:
cls: remote
url: "http://search1.internal.softwareheritage.org:%{hiera('swh::remote_service::search::port')}/"
swh::remote_service::search::config: "%{alias('swh::remote_service::search::config::localhost')}"
# Indexer backend configurations
swh::remote_service::indexer::config::saam:
cls: remote
url: "http://saam.internal.softwareheritage.org:%{hiera('swh::remote_service::indexer::port')}/"
swh::remote_service::indexer::config::azure:
cls: remote
url: "http://storage01.euwest.azure.internal.softwareheritage.org:%{hiera('swh::remote_service::indexer::port')}/"
# Scheduler backend configurations
swh::remote_service::scheduler::config::saatchi:
cls: remote
url: "http://saatchi.internal.softwareheritage.org:%{hiera('swh::remote_service::scheduler::port')}/"
# Vault backend configurations
swh::remote_service::vault::config::azure:
cls: remote
url: "http://vangogh.euwest.azure.internal.softwareheritage.org:%{hiera('swh::remote_service::vault::port')}/"
# Counters backend configurations
swh::remote_service::counters::url: "http://counters1.internal.softwareheritage.org:%{hiera('swh::remote_service::counters::port')}/"
swh::remote_service::counters::config:
cls: remote
url: "%{alias('swh::remote_service::counters::url')}"
# End remote service configurations
#####################################################################################################
swh::deploy::db::pgbouncer::port: 5432
swh::deploy::db::main::port: 5433
swh::deploy::db::secondary::port: 5434
swh::deploy::db::indexer::port: 5435
swh::deploy::db::pgbouncer::user::login: postgres
swh::deploy::db::pgbouncer::user::password: "%{alias('swh::deploy::db::postgres::password')}"
pgbouncer::common::listen_addresses:
- 127.0.0.1
- 127.0.1.1
- "%{alias('pgbouncer::listen_addr')}"
pgbouncer::config_params:
logfile: /var/log/postgresql/pgbouncer.log
pidfile: /var/run/postgresql/pgbouncer.pid
unix_socket_dir: /var/run/postgresql
client_tls_sslmode: allow
client_tls_ca_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
client_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
client_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
server_tls_sslmode: allow
listen_port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
listen_addr: "%{alias('pgbouncer::common::listen_addresses')}"
auth_type: "hba"
auth_file: /etc/pgbouncer/userlist.txt
auth_hba_file: "%{hiera('pgbouncer::auth_hba_file')}"
admin_users:
- "%{hiera('swh::deploy::db::pgbouncer::user::login')}"
- olasd
pool_mode: session
ignore_startup_parameters: extra_float_digits
server_reset_query: DISCARD ALL
max_client_conn: 2000
default_pool_size: 2000
max_db_connections: 2000
max_user_connections: 2000
log_connections: 0
log_disconnections: 0
pgbouncer::user: postgres
pgbouncer::group: postgres
# swh::deploy::db::pgbouncer::user::password in private data
pgbouncer::userlist:
- user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}"
password: "%{hiera('swh::deploy::db::pgbouncer::user::password')}"
pgbouncer::databases: []
swh::deploy::directory: "%{hiera('swh::conf_directory')}/deploy"
swh::deploy::group: swhdeploy
swh::deploy::public_key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWrJX/uUss/EYZaTp2EIsZgg3ZSH8JcNZV5gBdNZ7EHcQcqxYUCqmwv9Ss3xT8n9kIrH6iz/vquqf84XR+keoZK3bsp50tMOY8LJWpcl/JK2XD6ovoJrHPu+iAroLkE59RdTa1Vz+jF67Q2UuG9f0nKwL4rnkeWTyuK/zAbyHyYKFQntkkwMr5/YTU8sjl/4aNF/2Ww8hitdi2GORlCjav2bB0wyPBA2e8sMt8Hp9O4TIWg/RD6vPX+ZvuFaB/Lw/Hv21622QGTHoZiO92/8/W9/t24il6SU4z96ZGfXqdUZkpPYKBGwyIkZkS4dN6jb4CcRlyXTObphyu3dAlABRt swhworker@worker01'
swh::deploy::storage::sentry_swh_package: swh.storage
swh::deploy::storage::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::storage::sentry_dsn: "https://%{lookup('swh::deploy::storage::sentry_token')}@sentry.softwareheritage.org/3"
swh::deploy::storage::conf_directory: "%{hiera('swh::conf_directory')}/storage"
swh::deploy::storage::conf_file: "%{hiera('swh::deploy::storage::conf_directory')}/storage.yml"
swh::deploy::storage::user: swhstorage
swh::deploy::storage::group: swhstorage
swh::deploy::storage::db::host: db.internal.softwareheritage.org
swh::deploy::storage::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}"
swh::deploy::storage::db::user: swhstorage
swh::deploy::storage::db::dbname: softwareheritage
swh::deploy::storage::directory: "%{hiera('swh::base_directory')}/objects"
swh::deploy::storage::backend::listen::host: 127.0.0.1
swh::deploy::storage::backend::listen::port: "%{alias('swh::remote_service::storage::port')}"
swh::deploy::storage::backend::workers: 4
swh::deploy::storage::backend::reload_mercy: 3600
swh::deploy::storage::backend::http_keepalive: 5
swh::deploy::storage::backend::http_timeout: 3600
swh::deploy::storage::backend::max_requests: 10000
swh::deploy::storage::backend::max_requests_jitter: 1000
swh::deploy::storage::backend::server_names:
- "%{::swh_hostname.internal_fqdn}"
- "%{::hostname}"
- 127.0.0.1
- localhost
- "::1"
# This can be overriden per storage node
swh::deploy::storage::config::local:
cls: local
args:
db: "host=%{hiera('swh::deploy::storage::db::host')} port=%{hiera('swh::deploy::storage::db::port')} user=%{hiera('swh::deploy::storage::db::user')} dbname=%{hiera('swh::deploy::storage::db::dbname')} password=%{hiera('swh::deploy::storage::db::password')}"
objstorage: "%{alias('swh::remote_service::objstorage::config')}"
swh::deploy::storage::config:
storage: "%{alias('swh::deploy::storage::config::local')}"
swh::deploy::journal::writer::config:
cls: kafka
args:
brokers: "%{alias('swh::deploy::journal::brokers')}"
prefix: "%{alias('swh::deploy::journal::prefix')}"
client_id: "swh.storage.journal_writer.%{::swh_hostname.short}"
anonymize: true
producer_config:
message.max.bytes: 1000000000
swh::deploy::journal::backfill::config_file: "%{hiera('swh::deploy::journal::conf_directory')}/backfill.yml"
swh::deploy::journal::backfill::user: swhstorage
swh::deploy::journal::backfill::group: swhstorage
swh::deploy::storage::config::local-read-only:
cls: local
db: "host=%{hiera('swh::deploy::storage::db::host')} port=%{hiera('swh::deploy::storage::db::port')} user=guest dbname=%{hiera('swh::deploy::storage::db::dbname')} password=guest"
# objstorage is required but it's not used in that context
objstorage:
cls: memory
swh::deploy::journal::backfill::config:
storage: "%{alias('swh::deploy::storage::config::local-read-only')}"
journal_writer: "%{alias('swh::deploy::journal::writer::config')}"
swh::deploy::journal::backfill::config_logging_file: "%{hiera('swh::deploy::journal::conf_directory')}/backfill_logger.yml"
swh::deploy::journal::backfill::config_logging:
version: 1
handlers:
console:
class: logging.StreamHandler
formatter: detail
level: INFO
stream: ext://sys.stdout
formatters:
detail:
format: '%(asctime)s %(levelname)-8s %(name)-15s %(message)s'
datefmt: '%Y-%m-%dT%H:%M:%S'
loggers:
swh: {}
root:
level: INFO
handlers:
- console
swh::deploy::indexer::storage::sentry_swh_package: swh.indexer
swh::deploy::indexer::storage::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::indexer::storage::sentry_dsn: "%{alias('swh::deploy::indexer::sentry_dsn')}"
swh::deploy::indexer::storage::conf_file: "%{hiera('swh::deploy::storage::conf_directory')}/indexer.yml"
swh::deploy::indexer::storage::user: swhstorage
swh::deploy::indexer::storage::group: swhstorage
swh::deploy::indexer::storage::db::host: belvedere.internal.softwareheritage.org
swh::deploy::indexer::storage::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}"
swh::deploy::indexer::storage::db::user: swhstorage
swh::deploy::indexer::storage::db::dbname: softwareheritage-indexer
swh::deploy::indexer::storage::backend::listen::host: 127.0.0.1
swh::deploy::indexer::storage::backend::listen::port: "%{alias('swh::remote_service::indexer::port')}"
swh::deploy::indexer::storage::backend::workers: 4
swh::deploy::indexer::storage::backend::reload_mercy: 3600
swh::deploy::indexer::storage::backend::http_keepalive: 5
swh::deploy::indexer::storage::backend::http_timeout: 3600
swh::deploy::indexer::storage::backend::max_requests: 10000
swh::deploy::indexer::storage::backend::max_requests_jitter: 1000
swh::deploy::indexer::storage::backend::server_names:
- "%{::swh_hostname.internal_fqdn}"
- "%{::hostname}"
- 127.0.0.1
- localhost
- "::1"
swh::deploy::indexer::storage::config:
indexer_storage:
cls: local
db: "host=%{hiera('swh::deploy::indexer::storage::db::host')} port=%{hiera('swh::deploy::indexer::storage::db::port')} user=%{hiera('swh::deploy::indexer::storage::db::user')} dbname=%{hiera('swh::deploy::indexer::storage::db::dbname')} password=%{hiera('swh::deploy::indexer::storage::db::password')}"
journal_writer: "%{alias('swh::deploy::indexer::journal::writer::config')}"
swh::deploy::indexer::journal::prefix: 'swh.journal.indexed'
swh::deploy::indexer::brokers: "%{alias('swh::deploy::journal::brokers')}"
swh::deploy::indexer::journal::writer::config:
cls: kafka
brokers: "%{alias('swh::deploy::indexer::brokers')}"
prefix: "%{alias('swh::deploy::indexer::journal::prefix')}"
client_id: "swh.idx_storage.journal_writer.%{::swh_hostname.short}"
producer_config:
message.max.bytes: 1000000000
swh::deploy::vault::cache: "%{hiera('swh::base_directory')}/vault_cache"
# Default cache (orangerie/orangeriedev) is a pathslicing objstorage
swh::deploy::vault::config::cache:
cls: pathslicing
root: "%{hiera('swh::deploy::vault::cache')}"
slicing: "0:1/1:5"
swh::deploy::vault::sentry_swh_package: swh.vault
swh::deploy::vault::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::vault::sentry_dsn: "https://%{lookup('swh::deploy::vault::sentry_token')}@sentry.softwareheritage.org/11"
swh::deploy::vault::conf_directory: "%{hiera('swh::conf_directory')}/vault"
swh::deploy::vault::conf_file: "%{hiera('swh::deploy::vault::conf_directory')}/server.yml"
swh::deploy::vault::user: swhvault
swh::deploy::vault::group: swhvault
swh::deploy::vault::db::host: db.internal.softwareheritage.org
swh::deploy::vault::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}"
swh::deploy::vault::db::user: swh-vault
swh::deploy::vault::db::dbname: swh-vault
swh::deploy::vault::backend::listen::host: 127.0.0.1
swh::deploy::vault::backend::listen::port: "%{alias('swh::remote_service::vault::port')}"
swh::deploy::vault::backend::workers: 4
swh::deploy::vault::backend::reload_mercy: 3600
swh::deploy::vault::backend::http_keepalive: 5
swh::deploy::vault::backend::http_timeout: 3600
swh::deploy::vault::backend::max_requests: 10000
swh::deploy::vault::backend::max_requests_jitter: 1000
swh::deploy::vault::backend::server_names:
- "%{::swh_hostname.internal_fqdn}"
- "%{::hostname}"
- 127.0.0.1
- localhost
- "::1"
swh::deploy::vault::config:
storage:
cls: retry
storage: "%{alias('swh::remote_service::storage::config')}"
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
cache: "%{alias('swh::deploy::vault::config::cache')}"
vault:
cls: local
db: "host=%{hiera('swh::deploy::vault::db::host')} port=%{hiera('swh::deploy::vault::db::port')} user=%{hiera('swh::deploy::vault::db::user')} dbname=%{hiera('swh::deploy::vault::db::dbname')} password=%{hiera('swh::deploy::vault::db::password')}"
swh::deploy::journal::conf_directory: "%{hiera('swh::conf_directory')}/journal"
swh::deploy::journal::brokers:
- kafka1.internal.softwareheritage.org
- kafka2.internal.softwareheritage.org
- kafka3.internal.softwareheritage.org
- kafka4.internal.softwareheritage.org
swh::deploy::journal::prefix: swh.journal.objects
swh::deploy::journal_simple_checker_producer::conf_file: "%{hiera('swh::deploy::journal::conf_directory')}/checker.yml"
swh::deploy::journal_simple_checker_producer::user: swhstorage
swh::deploy::journal_simple_checker_producer::group: swhstorage
swh::deploy::journal_simple_checker_producer::config:
brokers: "%{alias('swh::deploy::journal::brokers')}"
temporary_prefix: swh.tmp_journal.new
storage_dbconn: "host=%{hiera('swh::deploy::storage::db::host')} port=%{hiera('swh::deploy::storage::db::port')} user=%{hiera('swh::deploy::storage::db::user')} dbname=%{hiera('swh::deploy::storage::db::dbname')} password=%{hiera('swh::deploy::storage::db::password')}"
object_types:
- content
- directory
- revision
- release
- origin
- origin_visit
swh::deploy::objstorage::sentry_swh_package: swh.objstorage
swh::deploy::objstorage::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::objstorage::sentry_dsn: "https://%{lookup('swh::deploy::objstorage::sentry_token')}@sentry.softwareheritage.org/4"
swh::deploy::objstorage::conf_directory: "%{hiera('swh::conf_directory')}/objstorage"
swh::deploy::objstorage::conf_file: "%{hiera('swh::deploy::objstorage::conf_directory')}/server.yml"
swh::deploy::objstorage::user: "%{hiera('swh::deploy::storage::user')}"
swh::deploy::objstorage::group: "%{hiera('swh::deploy::storage::group')}"
swh::deploy::objstorage::directory: "%{hiera('swh::deploy::storage::directory')}"
swh::deploy::objstorage::slicing: 0:2/2:4/4:6
swh::deploy::objstorage::config:
objstorage:
cls: pathslicing
args:
root: "%{hiera('swh::deploy::objstorage::directory')}"
slicing: "%{hiera('swh::deploy::objstorage::slicing')}"
client_max_size: 1073741824 # 1 GiB
swh::deploy::objstorage::backend::listen::host: 127.0.0.1
swh::deploy::objstorage::backend::listen::port: "%{alias('swh::remote_service::objstorage::port')}"
swh::deploy::objstorage::backend::workers: 4
swh::deploy::objstorage::backend::reload_mercy: 3600
swh::deploy::objstorage::backend::http_workers: 1
swh::deploy::objstorage::backend::http_keepalive: 5
swh::deploy::objstorage::backend::http_timeout: 3600
swh::deploy::objstorage::backend::max_requests: 0
swh::deploy::objstorage::backend::max_requests_jitter: 0
swh::deploy::objstorage::backend::server_names:
- "%{::swh_hostname.internal_fqdn}"
- "%{::hostname}"
- 127.0.0.1
- localhost
- "::1"
swh::deploy::deposit::reverse_proxy::backend_http_port: "%{alias('varnish::backend_http_port')}"
# aliases are pulled from letsencrypt::certificates[$swh::deploy::deposit::vhost::letsencrypt_cert]
swh::deploy::deposit::vhost::letsencrypt_cert: deposit_production
swh::deploy::deposit::url: https://deposit.softwareheritage.org
swh::deploy::deposit::internal_url: "%{hiera('swh::deploy::deposit::url')}"
swh::deploy::deposit::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
swh::deploy::deposit::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
swh::deploy::deposit::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
swh::deploy::deposit::vhost::access_log_format: combined_with_duration
swh::deploy::deposit::locked_endpoints:
- /1/private/[^/]+/[^/]+/[^/]+
- /1/private/deposits/
# e2e checks on deposit
swh::deploy::deposit::e2e::server: "%{hiera('swh::deploy::deposit::url')}/1"
swh::deploy::deposit::e2e::user: swh
swh::deploy::deposit::e2e::collection: swh
swh::deploy::deposit::e2e::poll_interval: 1
swh::deploy::deposit::e2e:archive: /usr/share/swh/icinga-plugins/data/deposit/jesuisgpl.tgz
swh::deploy::deposit::e2e:metadata: /usr/share/swh/icinga-plugins/data/deposit/jesuisgpl.tgz.xml
swh::deploy::deposit::sentry_swh_package: swh.deposit
swh::deploy::deposit::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::deposit::sentry_dsn: "https://%{lookup('swh::deploy::deposit::sentry_token')}@sentry.softwareheritage.org/12"
swh::deploy::deposit::config_directory: "%{hiera('swh::conf_directory')}/deposit"
swh::deploy::deposit::config_file: "%{hiera('swh::deploy::deposit::config_directory')}/server.yml"
swh::deploy::deposit::user: swhdeposit
swh::deploy::deposit::group: swhdeposit
swh::deploy::deposit::media_root_directory: /srv/storage/space/swh-deposit/uploads/
swh::deploy::deposit::db::host: db.internal.softwareheritage.org
swh::deploy::deposit::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}"
swh::deploy::deposit::db::dbname: softwareheritage-deposit
swh::deploy::deposit::db::dbuser: swhstorage
swh::config::keycloak::realm_name: SoftwareHeritage
swh::deploy::deposit::config::keycloak:
server_url: "https://%{hiera('keycloak::vhost::name')}/auth/"
realm_name: "%{alias('swh::config::keycloak::realm_name')}"
swh::deploy::deposit::config::authentication:
authentication_provider: keycloak
keycloak: "%{alias('swh::deploy::deposit::config::keycloak')}"
cache_uri: "%{hiera('memcached::server::bind')}:%{hiera('memcached::server::port')}"
# swh::deploy::deposit::db::password: in private data
# swh::deploy::deposit::runtime_secret_key in private data
swh::deploy::deposit::config:
max_upload_size: 209715200
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
# The backend server writes raw_extrinsic_metadata objects
storage_metadata: "%{alias('swh::remote_service::storage::config::writable')}"
# It only reads some information from this storage, but use the same config for consistency.
storage: "%{alias('swh::remote_service::storage::config::writable')}"
private:
secret_key: "%{hiera('swh::deploy::deposit::runtime_secret_key')}"
db:
host: "%{hiera('swh::deploy::deposit::db::host')}"
port: "%{hiera('swh::deploy::deposit::db::port')}"
name: "%{hiera('swh::deploy::deposit::db::dbname')}"
user: "%{hiera('swh::deploy::deposit::db::dbuser')}"
password: "%{hiera('swh::deploy::deposit::db::password')}"
media_root: "%{hiera('swh::deploy::deposit::media_root_directory')}"
extraction_dir: /tmp/swh-deposit/archive/
swh_authority_url: "%{hiera('swh::deploy::deposit::url')}/"
swh::deploy::worker::loader_deposit::config_file: "%{hiera('swh::conf_directory')}/loader_deposit.yml"
swh::deploy::worker::loader_deposit::concurrency: 1
swh::deploy::worker::loader_deposit::private_tmp: true
swh::deploy::worker::loader_deposit::loglevel: info
# deposit_basic_auth_swhworker_{username|password} in private_data
swh::deploy::worker::loader_deposit::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.package.deposit.tasks.LoadDeposit
deposit:
url: "%{alias('swh::deploy::webapp::deposit::private::url')}"
auth:
username: "%{hiera('deposit_basic_auth_swhworker_username')}"
password: "%{hiera('deposit_basic_auth_swhworker_password')}"
default_filename: archive.tar
swh::deploy::checker_deposit::sentry_swh_package: swh.deposit.loader
swh::deploy::checker_deposit::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::worker::checker_deposit::config_file: "%{hiera('swh::conf_directory')}/checker_deposit.yml"
swh::deploy::worker::checker_deposit::concurrency: 1
swh::deploy::worker::checker_deposit::private_tmp: true
swh::deploy::worker::checker_deposit::loglevel: info
# deposit_basic_auth_swhworker_{username|password} in private_data
swh::deploy::worker::checker_deposit::config:
storage: "%{alias('swh::remote_service::storage::config::writable')}"
extraction_dir: /tmp/swh.checker.deposit/
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_modules:
- swh.deposit.loader.tasks
task_queues:
- swh.deposit.loader.tasks.ChecksDepositTsk
deposit:
url: "%{hiera('swh::deploy::deposit::internal_url')}/1/private/"
auth:
username: "%{hiera('deposit_basic_auth_swhworker_username')}"
password: "%{hiera('deposit_basic_auth_swhworker_password')}"
swh::deploy::deposit::backend::listen::host: 127.0.0.1
swh::deploy::deposit::backend::listen::port: "%{alias('swh::remote_service::deposit::port')}"
swh::deploy::deposit::backend::workers: 8
swh::deploy::deposit::backend::reload_mercy: 3600
swh::deploy::deposit::backend::http_keepalive: 5
swh::deploy::deposit::backend::http_timeout: 3600
swh::deploy::objstorage_log_checker::conf_directory: "%{hiera('swh::deploy::objstorage::conf_directory')}"
swh::deploy::objstorage_log_checker::conf_file: "%{hiera('swh::deploy::objstorage_log_checker::conf_directory')}/log_checker.yml"
swh::deploy::objstorage_log_checker::user: "%{hiera('swh::deploy::objstorage::user')}"
swh::deploy::objstorage_log_checker::group: "%{hiera('swh::deploy::objstorage::group')}"
swh::deploy::objstorage_log_checker:config:
storage:
cls: pathslicing
args:
root: "%{hiera('swh::deploy::objstorage::directory')}"
slicing: "%{hiera('swh::deploy::objstorage::slicing')}"
batch_size: 1000
log_tag: objstorage.checker.log
swh::deploy::objstorage_repair_checker::conf_directory: "%{hiera('swh::deploy::objstorage::conf_directory')}"
swh::deploy::objstorage_repair_checker::conf_file: "%{hiera('swh::deploy::objstorage_repair_checker::conf_directory')}/repair_checker.yml"
swh::deploy::objstorage_repair_checker::user: "%{hiera('swh::deploy::objstorage::user')}"
swh::deploy::objstorage_repair_checker::group: "%{hiera('swh::deploy::objstorage::group')}"
swh::deploy::objstorage_repair_checker::config:
storage:
cls: pathslicing
args:
root: "%{hiera('swh::deploy::objstorage::directory')}"
slicing: "%{hiera('swh::deploy::objstorage::slicing')}"
batch_size: 1000
log_tag: objstorage.checker.repair
backup_storages: "%{alias('swh::remote_service::objstorage::config_as_dict')}"
swh::deploy::webapp::backported_packages:
stretch:
- python3-django
- python-django-common
buster:
- python3-django
- python3-typing-extensions
swh::deploy::deposit::backported_packages: "%{alias('swh::deploy::webapp::backported_packages')}"
swh::deploy::webapp::sentry_swh_package: swh.web
swh::deploy::webapp::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::webapp::sentry_dsn: "https://%{lookup('swh::deploy::webapp::sentry_token')}@sentry.softwareheritage.org/13"
swh::deploy::webapp::conf_directory: "%{hiera('swh::conf_directory')}/web"
swh::deploy::webapp::conf_file: "%{hiera('swh::deploy::webapp::conf_directory')}/web.yml"
swh::deploy::webapp::user: swhwebapp
swh::deploy::webapp::group: swhwebapp
swh::deploy::webapp::conf::log_dir: "%{hiera('swh::log_directory')}/webapp"
swh::deploy::webapp::backend::listen::host: 127.0.0.1
swh::deploy::webapp::backend::listen::port: "%{alias('swh::remote_service::webapp::port')}"
swh::deploy::webapp::backend::workers: 32
swh::deploy::webapp::backend::http_keepalive: 5
swh::deploy::webapp::backend::http_timeout: 3600
swh::deploy::webapp::backend::reload_mercy: 3600
swh::deploy::webapp::db::host: db.internal.softwareheritage.org
swh::deploy::webapp::db::user: swh-web
swh::deploy::webapp::db::name: swh-web
swh::deploy::webapp::db::port: 5433
# swh::deploy::webapp::db::password in private data
swh::deploy::webapp::production_db:
host: "%{alias('swh::deploy::webapp::db::host')}"
port: "%{alias('swh::deploy::db::pgbouncer::port')}"
name: "%{alias('swh::deploy::webapp::db::name')}"
user: "%{alias('swh::deploy::webapp::db::user')}"
password: "%{alias('swh::deploy::webapp::db::password')}"
swh::deploy::webapp::reverse_proxy::backend_http_port: "%{alias('varnish::backend_http_port')}"
# aliases are pulled from letsencrypt::certificates[$swh::deploy::webapp::vhost::letsencrypt_cert]
swh::deploy::webapp::vhost::letsencrypt_cert: archive_production
swh::deploy::webapp::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
swh::deploy::webapp::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
swh::deploy::webapp::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
swh::deploy::webapp::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
swh::deploy::webapp::vhost::access_log_format: combined_with_duration
swh::deploy::webapp::config::es_workers_index_url: http://esnode1.internal.softwareheritage.org:9200/swh_workers-*
swh::deploy::webapp::deposit::private::url: "%{hiera('swh::deploy::deposit::internal_url')}/1/private/"
swh::deploy::webapp::config::throttling:
cache_uri: "%{hiera('memcached::server::bind')}:%{hiera('memcached::server::port')}"
scopes:
swh_api:
limiter_rate:
default: 120/h
exempted_networks:
- 127.0.0.0/8
- 192.168.100.0/23
- 128.93.166.14
- 131.107.174.0/24
# OpenAIRE
- 213.135.60.145
- 213.135.60.146
# DINSIC
- 37.187.137.47
# Antoine Eiche
- 37.187.96.121
swh_api_origin_search:
limiter_rate:
default: 10/m
swh_api_origin_visit_latest:
# This endpoint gets called a lot (by default, up to 70 times
# per origin search), so it deserves a much higher rate-limit
# than the rest of the API.
limiter_rate:
default: 700/m
swh_vault_cooking:
limiter_rate:
default: 120/h
GET: 60/m
exempted_networks:
- 127.0.0.0/8
- 192.168.100.0/23
- 128.93.166.14
- 131.107.174.0/24
# OpenAIRE
- 213.135.60.145
- 213.135.60.146
# Antoine Eiche
- 37.187.96.121
swh_save_origin:
limiter_rate:
default: 120/h
POST: 10/h
exempted_networks:
- 127.0.0.0/8
- 192.168.100.0/23
- 128.93.166.14
- 131.107.174.0/24
# OpenAIRE
- 213.135.60.145
- 213.135.60.146
# Antoine Eiche
- 37.187.96.121
swh::deploy::webapp::config::keycloak:
server_url: "https://%{hiera('keycloak::vhost::name')}/auth/"
realm_name: "%{alias('swh::config::keycloak::realm_name')}"
swh::deploy::webapp::metadata_search_backend: swh-indexer-storage
swh::deploy::webapp::history_counters_url: "https://stats.export.softwareheritage.org/history_counters.json"
swh::deploy::webapp::counters_backend: swh-storage
# in private data:
# deposit_basic_auth_swhworker_username
# deposit_basic_auth_swhworker_password
swh::deploy::webapp::config:
search: "%{alias('swh::remote_service::search::config')}"
metadata_search_backend: "%{alias('swh::deploy::webapp::metadata_search_backend')}"
storage: "%{alias('swh::remote_service::storage::config')}"
vault: "%{alias('swh::remote_service::vault::config::writable')}"
indexer_storage: "%{alias('swh::remote_service::indexer::config')}"
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
counters: "%{alias('swh::remote_service::counters::config')}"
counters_backend: "%{alias('swh::deploy::webapp::counters_backend')}"
log_dir: "%{hiera('swh::deploy::webapp::conf::log_dir')}"
secret_key: "%{hiera('swh::deploy::webapp::conf::secret_key')}"
content_display_max_size: 1048576
throttling: "%{alias('swh::deploy::webapp::config::throttling')}"
production_db: "%{alias('swh::deploy::webapp::production_db')}"
es_workers_index_url: "%{alias('swh::deploy::webapp::config::es_workers_index_url')}"
deposit:
private_api_url: "%{hiera('swh::deploy::webapp::deposit::private::url')}"
private_api_user: "%{hiera('deposit_basic_auth_swhworker_username')}"
private_api_password: "%{hiera('deposit_basic_auth_swhworker_password')}"
client_config:
sentry_dsn: "%{lookup('swh::deploy::webapp::sentry_dsn')}"
keycloak: "%{alias('swh::deploy::webapp::config::keycloak')}"
history_counters_url: "%{alias('swh::deploy::webapp::history_counters_url')}"
swh::deploy::webapp::locked_endpoints:
- /api/1/content/[^/]+/symbol/
- /api/1/entity/
- /api/1/provenance/
# local configuration for the scheduler
swh::deploy::scheduler::config::local: &swh_scheduler_local_config
scheduler:
cls: local
db: "host=%{hiera('swh::deploy::scheduler::db::host')} port=%{hiera('swh::deploy::scheduler::db::port')} dbname=%{hiera('swh::deploy::scheduler::db::dbname')} user=%{hiera('swh::deploy::scheduler::db::user')} password=%{hiera('swh::deploy::scheduler::db::password')}"
swh::deploy::scheduler::sentry_swh_package: swh.scheduler
swh::deploy::scheduler::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::scheduler::sentry_dsn: "https://%{lookup('swh::deploy::scheduler::sentry_token')}@sentry.softwareheritage.org/7"
swh::deploy::scheduler::conf_dir: "%{lookup('swh::conf_directory')}/scheduler"
swh::deploy::scheduler::conf_file: "%{hiera('swh::deploy::scheduler::conf_dir')}/listener-runner.yml"
swh::deploy::scheduler::user: swhscheduler
swh::deploy::scheduler::group: swhscheduler
swh::deploy::scheduler::db::host: db.internal.softwareheritage.org
swh::deploy::scheduler::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}"
swh::deploy::scheduler::db::dbname: softwareheritage-scheduler
swh::deploy::scheduler::db::user: swhscheduler
# swh::deploy::scheduler::db::password in private data
# swh::deploy::scheduler::task_broker::password in private data
swh::deploy::scheduler::task_broker: "amqp://swhproducer:%{hiera('swh::deploy::scheduler::task_broker::password')}@rabbitmq:5672/%2f"
swh::deploy::scheduler::listener::log_level: INFO
swh::deploy::scheduler::runner::log_level: INFO
swh::deploy::scheduler::config:
<<: *swh_scheduler_local_config
celery:
task_broker: "%{alias('swh::deploy::scheduler::task_broker')}"
swh::deploy::scheduler::packages:
- python3-swh.scheduler
swh::deploy::scheduler::remote::sentry_swh_package: swh.scheduler
swh::deploy::scheduler::remote::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::scheduler::remote::sentry_dsn: "%{alias('swh::deploy::scheduler::sentry_dsn')}"
swh::deploy::scheduler::remote::conf_dir: "%{alias('swh::deploy::scheduler::conf_dir')}"
swh::deploy::scheduler::remote::conf_file: "%{hiera('swh::deploy::scheduler::remote::conf_dir')}/backend.yml"
swh::deploy::scheduler::remote::user: swhscheduler
swh::deploy::scheduler::remote::group: swhscheduler
swh::deploy::scheduler::remote::backend::listen::host: 127.0.0.1
swh::deploy::scheduler::remote::backend::listen::port: "%{alias('swh::remote_service::scheduler::port')}"
swh::deploy::scheduler::remote::backend::workers: 16
swh::deploy::scheduler::remote::backend::reload_mercy: 3600
swh::deploy::scheduler::remote::backend::http_keepalive: 5
swh::deploy::scheduler::remote::backend::http_timeout: 3600
swh::deploy::scheduler::remote::backend::max_requests: 10000
swh::deploy::scheduler::remote::backend::max_requests_jitter: 1000
swh::deploy::scheduler::remote::backend::server_names:
- "%{::swh_hostname.internal_fqdn}"
- "%{::hostname}"
- 127.0.0.1
- localhost
- "::1"
swh::deploy::scheduler::remote::config: "%{alias('swh::deploy::scheduler::config::local')}"
swh::elasticsearch::storage_nodes:
- host: esnode2.internal.softwareheritage.org
port: 9200
- host: esnode3.internal.softwareheritage.org
port: 9200
- host: esnode1.internal.softwareheritage.org
port: 9200
swh::elasticsearch::search_nodes:
- host: search-esnode1.internal.softwareheritage.org
port: 9200
- host: search-esnode2.internal.softwareheritage.org
port: 9200
- host: search-esnode3.internal.softwareheritage.org
port: 9200
swh::deploy::scheduler::archive::conf_file: "%{lookup('swh::deploy::scheduler::conf_dir')}/elastic.yml"
swh::deploy::scheduler::archive::user: "%{hiera('swh::deploy::scheduler::user')}"
swh::deploy::scheduler::archive::config:
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
elasticsearch:
cls: local
args:
index_name_prefix: swh-tasks
storage_nodes:
"%{alias('swh::elasticsearch::storage_nodes')}"
client_options:
sniff_on_start: false
sniff_on_connection_fail: true
http_compress: false
sniffer_timeout: 60
swh::deploy::scheduler::journal_client::config_file: "%{lookup('swh::deploy::scheduler::conf_dir')}/journal-client.yml"
swh::deploy::scheduler::journal_client::user: "%{alias('swh::deploy::scheduler::user')}"
swh::deploy::scheduler::journal_client::group: "%{alias('swh::deploy::scheduler::group')}"
swh::deploy::scheduler::journal_client::config:
<<: *swh_scheduler_local_config
journal:
brokers: "%{alias('swh::deploy::journal::brokers')}"
group_id: swh.scheduler.journal_client
# Main lister configuration
swh::deploy::worker::lister::db::user: swh-lister
swh::deploy::worker::lister::db::name: swh-lister
swh::deploy::worker::lister::db::host: db.internal.softwareheritage.org
swh::deploy::worker::lister::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}"
# swh::deploy::lister::db::password in private data
# swh::deploy::worker::task_broker::password in private data
swh::deploy::worker::task_broker: "amqp://swhconsumer:%{hiera('swh::deploy::worker::task_broker::password')}@rabbitmq:5672/%2f"
swh::deploy::worker::instances: []
swh::deploy::loader_git::sentry_swh_package: swh.loader.git
swh::deploy::loader_git::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::loader_git::sentry_dsn: "https://%{lookup('swh::deploy::loader_git::sentry_token')}@sentry.softwareheritage.org/8"
swh::deploy::worker::loader_git::config_file: "%{hiera('swh::conf_directory')}/loader_git.yml"
swh::deploy::worker::loader_git::concurrency: 1
swh::deploy::worker::loader_git::max_tasks_per_child: 100
swh::deploy::worker::loader_git::loglevel: info
swh::deploy::worker::loader_git::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.git.tasks.UpdateGitRepository
# loader-git-disk
- swh.loader.git.tasks.LoadDiskGitRepository
- swh.loader.git.tasks.UncompressAndLoadDiskGitRepository
# high priority loader (save-code-now, ...)
swh::deploy::worker::loader_high_priority::config_file: "%{hiera('swh::conf_directory')}/loader_high_priority.yml"
swh::deploy::worker::loader_high_priority::concurrency: 1
swh::deploy::worker::loader_high_priority::max_tasks_per_child: 100
swh::deploy::worker::loader_high_priority::loglevel: info
swh::deploy::worker::loader_high_priority::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
# loader-git
- save_code_now:swh.loader.git.tasks.UpdateGitRepository
# mercurial
- save_code_now:swh.loader.mercurial.tasks.LoadMercurial
- save_code_now:swh.loader.mercurial.tasks.LoadArchiveMercurial
# svn
- save_code_now:swh.loader.svn.tasks.LoadSvnRepository
- save_code_now:swh.loader.svn.tasks.MountAndLoadSvnRepository
+ - save_code_now:swh.loader.svn.tasks.DumpMountAndLoadSvnRepository
# for all loader packages
swh::deploy::loader_core::sentry_swh_package: swh.loader.core
swh::deploy::loader_core::sentry_environment: "%{hiera('swh::deploy::environment')}"
swh::deploy::loader_core::sentry_dsn: "https://%{lookup('swh::deploy::loader_core::sentry_token')}@sentry.softwareheritage.org/9"
swh::deploy::worker::loader_debian::config_file: "%{hiera('swh::conf_directory')}/loader_debian.yml"
swh::deploy::worker::loader_debian::private_tmp: true
swh::deploy::worker::loader_debian::concurrency: 1
swh::deploy::worker::loader_debian::loglevel: info
swh::deploy::worker::loader_debian::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.package.debian.tasks.LoadDebian
swh::deploy::worker::loader_archive::config_file: "%{hiera('swh::conf_directory')}/loader_archive.yml"
swh::deploy::worker::loader_archive::private_tmp: true
swh::deploy::worker::loader_archive::concurrency: 1
swh::deploy::worker::loader_archive::loglevel: info
swh::deploy::worker::loader_archive::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.package.archive.tasks.LoadArchive
swh::deploy::worker::loader_cran::config_file: "%{hiera('swh::conf_directory')}/loader_cran.yml"
swh::deploy::worker::loader_cran::private_tmp: true
swh::deploy::worker::loader_cran::concurrency: 1
swh::deploy::worker::loader_cran::loglevel: info
swh::deploy::worker::loader_cran::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.package.cran.tasks.LoadCRAN
swh::deploy::worker::loader_nixguix::config_file: "%{hiera('swh::conf_directory')}/loader_nixguix.yml"
swh::deploy::worker::loader_nixguix::private_tmp: true
swh::deploy::worker::loader_nixguix::concurrency: 1
swh::deploy::worker::loader_nixguix::loglevel: info
swh::deploy::worker::loader_nixguix::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.package.nixguix.tasks.LoadNixguix
unsupported_file_extensions:
- patch
- iso
- whl
- gem
- pom
- msi
- pod
- png
- rock
- ttf
- jar
- c
- el
- rpm
- diff
swh::deploy::lister::db::local:
cls: local
args:
db: "postgresql://%{hiera('swh::deploy::worker::lister::db::user')}:%{hiera('swh::deploy::lister::db::password')}@%{hiera('swh::deploy::worker::lister::db::host')}:%{hiera('swh::deploy::worker::lister::db::port')}/%{hiera('swh::deploy::worker::lister::db::name')}"
swh::deploy::lister::sentry_swh_package: swh.lister
swh::deploy::lister::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::lister::sentry_dsn: "https://%{lookup('swh::deploy::lister::sentry_token')}@sentry.softwareheritage.org/6"
swh::deploy::worker::lister::config_file: "%{hiera('swh::conf_directory')}/lister.yml"
swh::deploy::worker::lister::concurrency: 5
swh::deploy::worker::lister::loglevel: warning
swh::deploy::worker::lister::config:
storage: "%{alias('swh::remote_service::storage::config::writable')}"
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
lister: "%{alias('swh::deploy::lister::db::local')}"
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.lister.bitbucket.tasks.IncrementalBitBucketLister
- swh.lister.bitbucket.tasks.FullBitBucketRelister
- swh.lister.cgit.tasks.CGitListerTask
- swh.lister.cran.tasks.CRANListerTask
- swh.lister.debian.tasks.DebianListerTask
- swh.lister.gitea.tasks.IncrementalGiteaLister
- swh.lister.gitea.tasks.RangeGiteaLister
- swh.lister.gitea.tasks.FullGiteaRelister
- swh.lister.gitlab.tasks.IncrementalGitLabLister
- swh.lister.gitlab.tasks.RangeGitLabLister
- swh.lister.gitlab.tasks.FullGitLabRelister
- swh.lister.gnu.tasks.GNUListerTask
- swh.lister.launchpad.tasks.FullLaunchpadLister
- swh.lister.launchpad.tasks.IncrementalLaunchpadLister
- swh.lister.npm.tasks.NpmListerTask
- swh.lister.phabricator.tasks.FullPhabricatorLister
- swh.lister.pypi.tasks.PyPIListerTask
credentials: "%{alias('swh::deploy::worker::lister::config::credentials')}"
swh::deploy::loader_mercurial::sentry_swh_package: swh.loader.mercurial
swh::deploy::loader_mercurial::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::loader_mercurial::sentry_dsn: "https://%{lookup('swh::deploy::loader_mercurial::sentry_token')}@sentry.softwareheritage.org/10"
swh::deploy::worker::loader_mercurial::config_file: "%{hiera('swh::conf_directory')}/loader_mercurial.yml"
swh::deploy::worker::loader_mercurial::concurrency: 1
swh::deploy::worker::loader_mercurial::private_tmp: true
swh::deploy::worker::loader_mercurial::loglevel: info
swh::deploy::worker::loader_mercurial::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
reduce_effort: False
clone_timeout_seconds: 7200
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.mercurial.tasks.LoadMercurial
- swh.loader.mercurial.tasks.LoadArchiveMercurial
swh::deploy::worker::loader_pypi::config_file: "%{hiera('swh::conf_directory')}/loader_pypi.yml"
swh::deploy::worker::loader_pypi::concurrency: 1
swh::deploy::worker::loader_pypi::private_tmp: true
swh::deploy::worker::loader_pypi::loglevel: info
swh::deploy::worker::loader_pypi::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.package.pypi.tasks.LoadPyPI
swh::deploy::worker::loader_npm::config_file: "%{hiera('swh::conf_directory')}/loader_npm.yml"
swh::deploy::worker::loader_npm::concurrency: 1
swh::deploy::worker::loader_npm::private_tmp: true
swh::deploy::worker::loader_npm::loglevel: info
swh::deploy::worker::loader_npm::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.package.npm.tasks.LoadNpm
swh::deploy::loader_svn::sentry_swh_package: swh.loader.svn
swh::deploy::loader_svn::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::loader_svn::sentry_dsn: "https://%{lookup('swh::deploy::loader_svn::sentry_token')}@sentry.softwareheritage.org/14"
swh::deploy::worker::loader_svn::config_file: "%{hiera('swh::conf_directory')}/loader_svn.yml"
swh::deploy::worker::loader_svn::concurrency: 1
swh::deploy::worker::loader_svn::private_tmp: true
swh::deploy::worker::loader_svn::limit_no_file: 8192
swh::deploy::worker::loader_svn::loglevel: info
# Contains a password: in private data
swh::deploy::worker::loader_svn::config:
storage: "%{alias('swh::deploy::worker::storage::pipeline')}"
max_content_size: 104857600
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_queues:
- swh.loader.svn.tasks.LoadSvnRepository
- swh.loader.svn.tasks.MountAndLoadSvnRepository
- swh.loader.svn.tasks.DumpMountAndLoadSvnRepository
swh::deploy::base_indexer::config_directory: "%{hiera('swh::conf_directory')}/indexer"
swh::deploy::indexer_journal_client::config_file: "journal_client.yml"
swh::deploy::indexer_journal_client::user: swhstorage
swh::deploy::indexer_journal_client::group: swhstorage
swh::deploy::indexer_journal_client::config:
journal:
brokers: "%{alias('swh::deploy::journal::brokers')}"
group_id: swh.indexer.journal_client
prefix: "%{alias('swh::deploy::journal::prefix')}"
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
# for all indexers
swh::deploy::indexer::sentry_swh_package: swh.indexer
swh::deploy::indexer::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::indexer::sentry_dsn: "https://%{lookup('swh::deploy::indexer::sentry_token')}@sentry.softwareheritage.org/5"
swh::deploy::worker::indexer_content_mimetype::config_file: "%{hiera('swh::conf_directory')}/indexer_content_mimetype.yml"
swh::deploy::worker::indexer_content_mimetype::concurrency: 1
swh::deploy::worker::indexer_content_mimetype::loglevel: info
# Contains a password: in private data
swh::deploy::worker::indexer_content_mimetype::config:
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
indexer_storage: "%{alias('swh::remote_service::indexer::config::writable')}"
objstorage: "%{alias('swh::remote_service::objstorage::config')}"
storage: "%{alias('swh::remote_service::storage::config')}"
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_modules:
- swh.indexer.tasks
task_queues:
- swh.indexer.tasks.ContentMimetypePartition
tools:
name: file
version: 2:0.4.15-2
configuration:
type: library
debian-package: python3-magic
write_batch_size: 1000
swh::deploy::worker::indexer_origin_intrinsic_metadata::config_file: "%{hiera('swh::conf_directory')}/indexer_origin_intrinsic_metadata.yml"
swh::deploy::worker::indexer_origin_intrinsic_metadata::concurrency: 1
swh::deploy::worker::indexer_origin_intrinsic_metadata::loglevel: info
# Contains a password: in private data
swh::deploy::worker::indexer_origin_intrinsic_metadata::config:
scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
indexer_storage: "%{alias('swh::remote_service::indexer::config::writable')}"
objstorage: "%{alias('swh::remote_service::objstorage::config')}"
storage: "%{alias('swh::remote_service::storage::config')}"
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_modules:
- swh.indexer.tasks
task_queues:
- swh.indexer.tasks.OriginMetadata
tools:
name: swh-metadata-detector
version: 0.0.2
configuration: {}
swh::deploy::worker::indexer_rehash::config_file: "rehash.yml"
swh::deploy::worker::indexer_rehash::concurrency: 5
swh::deploy::worker::indexer_rehash::loglevel: info
# Contains a password: in private data
swh::deploy::worker::indexer_rehash::config:
storage: "%{alias('swh::remote_service::storage::config::writable')}"
objstorage: "%{alias('swh::remote_service::objstorage::config')}"
compute_checksums:
- blake2s256
batch_size_retrieve_content: 10000
batch_size_update: 5000
swh::deploy::worker::indexer_fossology_license::config_file: "%{hiera('swh::conf_directory')}/indexer_fossology_license.yml"
swh::deploy::worker::indexer_fossology_license::concurrency: 1
swh::deploy::worker::indexer_fossology_license::loglevel: info
# Contains a password: in private data
swh::deploy::worker::indexer_fossology_license::config:
indexer_storage: "%{alias('swh::remote_service::indexer::config::writable')}"
objstorage: "%{alias('swh::remote_service::objstorage::config')}"
storage: "%{alias('swh::remote_service::storage::config')}"
workdir: /tmp/swh/indexer.fossology.license/
tools:
name: 'nomos'
version: '3.1-1~bpo9~swh+1'
configuration:
command_line: "nomossa <filepath>"
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_modules:
- swh.indexer.tasks
task_queues:
- swh.indexer.tasks.ContentFossologyLicensePartition
write_batch_size: 1000
swh::deploy::vault_cooker::sentry_swh_package: swh.vault
swh::deploy::vault_cooker::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::worker::vault_cooker::config_file: "%{hiera('swh::conf_directory')}/vault_cooker.yml"
swh::deploy::worker::vault_cooker::concurrency: 20
swh::deploy::worker::vault_cooker::loglevel: info
swh::deploy::worker::vault_cooker::conf_file: "%{hiera('swh::conf_directory')}/vault/cooker.yml"
swh::deploy::worker::vault_cooker::config:
storage:
cls: retry
storage: "%{alias('swh::remote_service::storage::config')}"
vault: "%{alias('swh::remote_service::vault::config::writable')}"
celery:
task_broker: "%{alias('swh::deploy::worker::task_broker')}"
task_modules:
- swh.vault.cooking_tasks
task_queues:
- swh.vault.cooking_tasks.SWHCookingTask
- swh.vault.cooking_tasks.SWHBatchCookingTask
max_bundle_size: 1073741824 # 1GiB
desktop::printers:
MFP_C:
uri: lpd://print.paris.inria.fr/MFP_C-pro
description: Impression couleur
location: Partout
ppd: "%{hiera('desktop::printers::ppd_dir')}/MFP_Paris.ppd"
ppd_options:
ColorType: Color
MFP:
uri: lpd://print.paris.inria.fr/MFP-pro
description: Impression Noir et Blanc
location: Partout
ppd: "%{hiera('desktop::printers::ppd_dir')}/MFP_Paris.ppd"
ppd_options:
ColorType: Mono
desktop::printers::default: MFP
desktop::printers::ppd_dir: /usr/share/ppd/softwareheritage
desktop::printers::cups_usernames:
ardumont: andumont
morane: mgruenpe
olasd: ndandrim
seirl: apietri
zack: zacchiro
# Real exported files from munin
stats_export::export_path: "/var/www/stats.export.softwareheritage.org"
stats_export::export_file: "%{hiera('stats_export::export_path')}/history_counters.json"
# Exposed through the following host's apache venv
stats_export::vhost::name: stats.export.softwareheritage.org
stats_export::vhost::docroot: "/var/www/%{hiera('stats_export::vhost::name')}"
stats_export::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
stats_export::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
stats_export::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
stats_export::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
icinga2::role: agent
icinga2::master::zonename: master
icinga2::master::db::username: icinga2
# icinga2::master::db::password in private data
icinga2::master::db::database: icinga2
icinga2::icingaweb2::db::username: icingaweb2
# icinga2::icingaweb2::db::password in private data
icinga2::icingaweb2::db::database: icingaweb2
icinga2::icingaweb2::protected_customvars:
- "*pw*"
- "*pass*"
- community
- http_auth_pair
# Must have matching certificate in letsencrypt::certificates
icinga2::icingaweb2::vhost::name: icinga.softwareheritage.org
icinga2::icingaweb2::vhost::aliases:
- icinga.internal.softwareheritage.org
icinga2::icingaweb2::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
icinga2::icingaweb2::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
icinga2::icingaweb2::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
icinga2::icingaweb2::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
icinga2::parent_zone: master
icinga2::parent_endpoints:
pergamon.softwareheritage.org:
host: 192.168.100.29
icinga2::network: "%{lookup('internal_network')}"
icinga2::features:
- checker
- mainlog
icinga2::service_configuration:
load:
default:
load_wload1: 30
load_wload5: 28
load_wload15: 26
load_cload1: 50
load_cload5: 45
load_cload15: 40
sql:
load_wload1: 50
load_wload5: 40
load_wload15: 35
load_cload1: 70
load_cload5: 60
load_cload15: 50
high:
load_wload1: 140
load_wload5: 120
load_wload15: 100
load_cload1: 240
load_cload5: 220
load_cload15: 200
icinga2::host::vars:
os: Linux
cores: "%{::processorcount}"
virtual_machine: "%{::is_virtual}"
distro: "%{::operatingsystem}"
disks:
'disk /':
disk_partitions: '/'
icinga2::disk::excludes:
- ^/srv/containers/
- ^/var/lib/docker/overlay2/
- ^/var/lib/docker/buildkit/
- ^/run/schroot/
icinga2::apiusers:
root:
# password in private data
permissions:
- '*'
icinga2::exported_checks::filename: "/etc/icinga2/zones.d/%{hiera('icinga2::parent_zone')}/exported-checks.conf"
logstash_hosts:
- logstash.internal.softwareheritage.org:5044
systemd_journal::logstash_hosts: "%{alias('logstash_hosts')}"
filebeat::config:
filebeat.config.inputs:
enabled: true
path: inputs.d/*.yml
output:
logstash:
hosts: "%{alias('logstash_hosts')}"
memcached::server::bind: 127.0.0.1
memcached::server::port: 11211
memcached::server::max_memory: '5%'
mountpoints:
/srv/storage/space:
device: saam:/srv/storage/space
fstype: nfs
options:
- rw
- soft
- intr
- rsize=8192
- wsize=8192
- noauto
- x-systemd.automount
- x-systemd.device-timeout=10
/srv/softwareheritage/objects:
device: saam:/srv/softwareheritage/objects
fstype: nfs
options:
- rw
- soft
- intr
- rsize=8192
- wsize=8192
- noauto
- x-systemd.automount
- x-systemd.device-timeout=10
ceph::release: luminous
ceph::fsid: b3e34018-388e-499b-9579-d1c0d57e8c09
# needs to match the values of $::hostname on the ceph monitors
ceph::mon_initial_members:
- ceph-mon1
ceph::mon_host:
- 192.168.100.170
ceph::keys:
admin:
secret: "%{hiera('ceph::secrets::admin')}"
cap_mds: allow
cap_mgr: allow *
cap_mon: allow *
cap_osd: allow *
bootstrap-osd:
secret: "%{hiera('ceph::secrets::bootstrap_osd')}"
cap_mon: allow profile bootstrap-osd
proxmox-rbd:
secret: "%{hiera('ceph::secrets::proxmox_rbd')}"
cap_mon: profile rbd
cap_osd: profile rbd pool=rbd
swh-contents:
secret: "%{hiera('ceph::secrets::swh_contents')}"
cap_mon: allow r
cap_osd: allow r pool=swh_contents
swh-contents-rw:
secret: "%{hiera('ceph::secrets::swh_contents_rw')}"
cap_mon: allow r
cap_osd: allow rw pool=swh_contents
swh-contents-test:
secret: "%{hiera('ceph::secrets::swh_contents_test')}"
cap_mon: allow r
cap_osd: allow r pool=swh_contents_test
swh-contents-test-rw:
secret: "%{hiera('ceph::secrets::swh_contents_test_rw')}"
cap_mon: allow r
cap_osd: allow rw pool=swh_contents_test
ceph::default_client_keyring: /etc/softwareheritage/ceph-keyring
ceph::client_keyrings:
'/etc/softwareheritage/ceph-keyring':
owner: root
group: swhdev
mode: '0644'
keys:
- swh-contents
- swh-contents-test
swh::deploy::objstorage::ceph::keyring: "%{alias('ceph::default_client_keyring')}"
swh::deploy::objstorage::ceph::pool_name: swh_contents
swh::deploy::objstorage::ceph::rados_id: swh-contents
swh::deploy::objstorage::ceph::config:
cls: rados
args:
pool_name: "%{alias('swh::deploy::objstorage::ceph::pool_name')}"
rados_id: "%{alias('swh::deploy::objstorage::ceph::rados_id')}"
ceph_config:
keyring: "%{alias('swh::deploy::objstorage::ceph::keyring')}"
nginx::package_name: nginx-light
nginx::accept_mutex: 'off'
nginx::names_hash_bucket_size: 128
nginx::names_hash_max_size: 1024
nginx::worker_processes: "%{::processorcount}"
prometheus::server::defaults_config:
web:
enable_admin_api: true
storage:
tsdb:
retention: '1y'
prometheus::server::config::global:
scrape_interval: 1m
scrape_timeout: 45s
prometheus::server::listen_network: "%{lookup('internal_network')}"
prometheus::server::listen_port: 9090
prometheus::server::certname: pergamon.softwareheritage.org
swh::deploy::environment: production
prometheus::static_labels:
instance: "%{::swh_hostname.internal_fqdn}"
environment: "%{lookup('swh::deploy::environment')}"
prometheus::node::listen_network: "%{lookup('internal_network')}"
prometheus::node::listen_port: 9100
prometheus::node::textfile_directory: /var/lib/prometheus/node-exporter
prometheus::node::defaults_config:
collector:
diskstats:
ignored_devices: "^(ram|loop|fd|(h|s|v|xv)d[a-z]|nvme\\d+n\\d+p)\\d+$"
filesystem:
ignored_mount_points: "^/(sys|proc|dev|run|srv/softwareheritage/objects/[0-9a-f][0-9a-f])($|/)"
systemd: true
logind: true
loadavg: true
ntp: true
netstat: true
netdev:
ignored_devices: "^lo$"
textfile:
directory: "%{lookup('prometheus::node::textfile_directory')}"
prometheus::node::scripts::directory: /var/lib/prometheus/node-exporter-scripts
prometheus::node::scripts:
puppet-classes:
mode: cron
cron:
user: root
specification:
minute: fqdn_rand
apt:
mode: cron
cron:
user: root
specification:
minute: fqdn_rand
prometheus::statsd::listen_network: "%{lookup('internal_network')}"
prometheus::statsd::listen_port: 9102
prometheus::statsd::defaults_config: {}
prometheus::statsd::statsd_listen_tcp: 127.0.0.1:8125
prometheus::statsd::statsd_listen_udp: 127.0.0.1:8125
prometheus::statsd::mapping:
defaults:
timer_type: histogram
buckets:
- .005
- .01
- .025
- .05
- .1
- .25
- .5
- .75
- 1
- 2
- 5
- 10
- 15
- 30
- 45
- 60
- 120
- 300
- 600
- 900
- 1800
- 2700
- 3600
- 7200
prometheus::sql::listen_network: "%{lookup('internal_network')}"
prometheus::sql::listen_port: 9237
prometheus::sql::config_snippets:
- activity
- queries
- replication
- wal
prometheus::jmx::version: 0.11.0
prometheus::kafka::listen_network: "%{lookup('internal_network')}"
prometheus::kafka::listen_port: 7071
prometheus::kafka_consumer_group::listen_network: "%{lookup('internal_network')}"
prometheus::kafka_consumer_group::base_port: 9208
prometheus::rabbitmq::listen_network: "%{lookup('internal_network')}"
prometheus::rabbitmq::listen_port: 9419
# Include first, then skip
prometheus::rabbitmq::include_vhost: .*
prometheus::rabbitmq::skip_vhost: ^$
prometheus::rabbitmq::include_queues: .*
prometheus::rabbitmq::skip_queues: ^(.*\.pidbox|amq\.gen.*|.*\.tasks\.ping)$
prometheus::rabbitmq::rabbit_capabilities:
- bert
- no_sort
prometheus::rabbitmq::rabbit_exporters:
- exchange
- node
- queue
prometheus::rabbitmq::rabbit_timeout: 30
prometheus::rabbitmq::exclude_metrics: []
grafana::db::database: grafana
grafana::db::username: grafana
# grafana::db::password in private-data
grafana::backend::port: 3000
# Must have a matching certificate in letsencrypt::certificates
grafana::vhost::name: grafana.softwareheritage.org
grafana::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
grafana::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
grafana::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
grafana::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
grafana::config:
app_mode: production
server:
root_url: "https://%{lookup('grafana::vhost::name')}/"
http_port: "%{alias('grafana::backend::port')}"
users:
allow_sign_up: false
auth.anonymous:
enabled: true
org_name: Software Heritage
org_role: Viewer
smtp:
enabled: true
skip_verify: true
from_address: grafana@softwareheritage.org
grafana::objects::organizations:
- name: Software Heritage
id: 1
grafana::objects::users: []
grafana::objects::datasources:
- name: Prometheus (Pergamon)
url: "http://pergamon.internal.softwareheritage.org:%{hiera('prometheus::server::listen_port')}"
type: prometheus
organization: 1
access_mode: proxy
is_default: true
java::distribution: jre
jenkins::backend::url: http://thyssen.internal.softwareheritage.org:8080/
jenkins::vhost::name: jenkins.softwareheritage.org
jenkins::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
jenkins::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
jenkins::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
jenkins::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
jenkins::agent::jar_url: "https://%{hiera('jenkins::vhost::name')}/jnlpJars/agent.jar"
jenkins::agent::name: "%{::swh_hostname.internal_fqdn}"
# jenkins::agent::jnlp::token in private_data
weekly_report_bot::user: nobody
weekly_report_bot::cron:
minute: 0
hour: 12
weekday: fri
swh::postgres::service::users:
- root
- zack
- ardumont
swh::postgres::service::dbs:
- alias: admin-swh
name: "%{hiera('swh::deploy::storage::db::dbname')}"
host: "%{hiera('swh::deploy::storage::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: "%{hiera('swh::deploy::storage::db::user')}"
password: "%{hiera('swh::deploy::storage::db::password')}"
- alias: admin-swh-deposit
name: "%{hiera('swh::deploy::deposit::db::dbname')}"
host: "%{hiera('swh::deploy::deposit::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: "%{hiera('swh::deploy::deposit::db::dbuser')}"
password: "%{hiera('swh::deploy::deposit::db::password')}"
- alias: admin-swh-scheduler
name: "%{hiera('swh::deploy::scheduler::db::dbname')}"
host: "%{hiera('swh::deploy::scheduler::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: "%{hiera('swh::deploy::scheduler::db::user')}"
password: "%{hiera('swh::deploy::scheduler::db::password')}"
- alias: admin-swh-vault
name: "%{hiera('swh::deploy::vault::db::dbname')}"
host: "%{hiera('swh::deploy::vault::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: "%{hiera('swh::deploy::vault::db::user')}"
password: "%{hiera('swh::deploy::vault::db::password')}"
- alias: admin-swh-lister
name: "%{hiera('swh::deploy::worker::lister::db::name')}"
host: "%{hiera('swh::deploy::worker::lister::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: "%{hiera('swh::deploy::worker::lister::db::name')}"
password: "%{hiera('swh::deploy::lister::db::password')}"
- alias: admin-swh-replica
name: "%{hiera('swh::deploy::storage::db::dbname')}"
host: somerset.internal.softwareheritage.org
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}"
password: "%{hiera('swh::deploy::storage::db::password')}"
- alias: admin-swh-indexer
name: "%{hiera('swh::deploy::indexer::storage::db::dbname')}"
host: "%{hiera('swh::deploy::indexer::storage::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: "%{hiera('swh::deploy::indexer::storage::db::user')}"
password: "%{hiera('swh::deploy::indexer::storage::db::password')}"
- alias: admin-swh-web
name: "%{hiera('swh::deploy::webapp::db::name')}"
host: "%{hiera('swh::deploy::webapp::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: "%{hiera('swh::deploy::webapp::db::user')}"
password: "%{hiera('swh::deploy::webapp::db::password')}"
- alias: swh
name: "%{hiera('swh::deploy::storage::db::dbname')}"
host: "%{hiera('swh::deploy::storage::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: guest
- alias: swh-deposit
name: "%{hiera('swh::deploy::deposit::db::dbname')}"
host: "%{hiera('swh::deploy::deposit::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: guest
- alias: swh-scheduler
name: "%{hiera('swh::deploy::scheduler::db::dbname')}"
host: "%{hiera('swh::deploy::scheduler::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: guest
- alias: swh-vault
name: "%{hiera('swh::deploy::vault::db::dbname')}"
host: "%{hiera('swh::deploy::vault::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: guest
- alias: swh-lister
name: "%{hiera('swh::deploy::worker::lister::db::name')}"
host: "%{hiera('swh::deploy::worker::lister::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: guest
- alias: swh-replica
name: "%{hiera('swh::deploy::storage::db::dbname')}"
host: somerset.internal.softwareheritage.org
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: guest
- alias: swh-indexer
name: "%{hiera('swh::deploy::indexer::storage::db::dbname')}"
host: "%{hiera('swh::deploy::indexer::storage::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: guest
- alias: swh-web
name: "%{hiera('swh::deploy::webapp::db::name')}"
host: "%{hiera('swh::deploy::webapp::db::host')}"
port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
user: guest
elastic::elk_version: '7.8.0'
elasticsearch::hosts:
- http://esnode1.internal.softwareheritage.org:9200
- http://esnode2.internal.softwareheritage.org:9200
- http://esnode3.internal.softwareheritage.org:9200
elasticsearch::jvm_options:
- "-Xms%{lookup('elasticsearch::jvm_options::heap_size')}"
- "-Xmx%{lookup('elasticsearch::jvm_options::heap_size')}"
elasticsearch::config::path::data: /srv/elasticsearch
elasticsearch::config::path::logs: /var/log/elasticsearch
elasticsearch::config::http::port: 9200
elasticsearch::config::prometheus::indices: false
elasticsearch::config:
cluster.name: "%{alias('elasticsearch::config::cluster::name')}"
node.name: "%{::hostname}"
discovery.seed_hosts: "%{alias('elasticsearch::config::discovery::seed_hosts')}"
cluster.initial_master_nodes: "%{alias('elasticsearch::config::cluster::initial_master_nodes')}"
path.data: "%{alias('elasticsearch::config::path::data')}"
path.logs: "%{alias('elasticsearch::config::path::logs')}"
http.port: "%{alias('elasticsearch::config::http::port')}"
prometheus.indices: "%{alias('elasticsearch::config::prometheus::indices')}"
logstash::listen_network: "%{lookup('internal_network')}"
logstash::elasticsearch::hosts: "%{alias('elasticsearch::hosts')}"
kibana::listen_network: "%{lookup('internal_network')}"
kibana::server_name: "%{::swh_hostname.internal_fqdn}"
kibana::config:
server.name: "%{alias('kibana::server_name')}"
elasticsearch.hosts: "%{alias('elasticsearch::hosts')}"
kibana.index: .kibana
# puppet-module-keycloak has some issues with Keycloak 11.x so we stick to 10.x
# until then (https://github.com/treydock/puppet-module-keycloak/pull/154)
keycloak::version: 10.0.2
keycloak::swh_theme::repo_url: https://forge.softwareheritage.org/source/swh-keycloak-theme.git
keycloak::swh_theme::tag: v0.3.1
keycloak::vhost::name: auth.softwareheritage.org
keycloak::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
keycloak::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
keycloak::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
keycloak::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
keycloak::backend::port: 8080
keycloak::backend::url: "http://kelvingrove.internal.softwareheritage.org:%{lookup('keycloak::backend::port')}/"
keycloak::admin::user: keycloak-admin
# keycloak::admin::password in private-data
keycloak::postgres::host: db.internal.softwareheritage.org
keycloak::postgres::port: 5432
keycloak::postgres::dbname: keycloak
keycloak::postgres::user: keycloak
# keycloak::postgres::password in private-data
keycloak::resources::realms::common_settings:
remember_me: true
login_with_email_allowed: true
internationalization_enabled: true
supported_locales:
- en
account_theme: swh
admin_theme: swh
login_theme: swh
smtp_server_host: localhost
smtp_server_from: noreply@softwareheritage.org
smtp_server_from_display_name: Software Heritage Authentication Service
brute_force_protected: true
keycloak::resources::clients::common_settings:
public_client: true
login_theme: swh
default_client_scopes:
- profile
- email
- roles
- web-origins
optional_client_scopes:
- microprofile-jwt
- offline_access
keycloak::resources::clients::swh_web:::roles:
- swh.web.api.throttling_exempted
- swh.web.api.graph
keycloak::resources::clients::swh_deposit::roles:
- swh.deposit.api
keycloak::resources::protocol_mappers::audience:
resource_name: audience
type: oidc-audience-mapper
included_client_audience: __client_id__
keycloak::resources::protocol_mappers::groups:
resource_name: groups
type: oidc-group-membership-mapper
claim_name: groups
full_path: true
keycloak::resources::flows::direct_grant_no_otp:
name: direct_grant_no_otp
description: Direct grant flow without conditional OTP
executions:
direct-grant-validate-username:
requirement: REQUIRED
direct-grant-validate-password:
requirement: REQUIRED
keycloak::resources::realms:
master:
settings:
display_name: master
SoftwareHeritage:
settings:
display_name: Software Heritage
registration_allowed: true
reset_password_allowed: true
verify_email: true
flows:
- "%{alias('keycloak::resources::flows::direct_grant_no_otp')}"
clients:
swh-web:
settings:
redirect_uris:
# Should match letsencrypt::certificates.archive_production.domains
- https://archive.softwareheritage.org/*
- https://base.softwareheritage.org/*
- https://archive.internal.softwareheritage.org/*
roles: "%{alias('keycloak::resources::clients::swh_web:::roles')}"
direct_grant_flow: direct_grant_no_otp-SoftwareHeritage
protocol_mappers:
- "%{alias('keycloak::resources::protocol_mappers::audience')}"
- "%{alias('keycloak::resources::protocol_mappers::groups')}"
swh-deposit:
settings:
redirect_uris:
# Should match letsencrypt::certificates.archive_staging.domains
- https://deposit.softwareheritage.org/*
- https://deposit.internal.softwareheritage.org/*
roles: "%{alias('keycloak::resources::clients::swh_deposit::roles')}"
protocol_mappers:
- "%{alias('keycloak::resources::protocol_mappers::audience')}"
- "%{alias('keycloak::resources::protocol_mappers::groups')}"
SoftwareHeritageStaging:
settings:
display_name: Software Heritage (Staging)
registration_allowed: true
reset_password_allowed: true
verify_email: true
flows:
- "%{alias('keycloak::resources::flows::direct_grant_no_otp')}"
clients:
swh-web:
settings:
redirect_uris:
# Should match letsencrypt::certificates.archive_staging.domains
- https://webapp.staging.swh.network/*
- https://webapp.internal.staging.swh.network/*
roles: "%{alias('keycloak::resources::clients::swh_web:::roles')}"
direct_grant_flow: direct_grant_no_otp-SoftwareHeritageStaging
protocol_mappers:
- "%{alias('keycloak::resources::protocol_mappers::audience')}"
- "%{alias('keycloak::resources::protocol_mappers::groups')}"
swh-deposit:
settings:
redirect_uris:
# Should match letsencrypt::certificates.archive_staging.domains
- https://deposit.staging.swh.network/*
- https://deposit.internal.staging.swh.network/*
roles: "%{alias('keycloak::resources::clients::swh_deposit::roles')}"
protocol_mappers:
- "%{alias('keycloak::resources::protocol_mappers::audience')}"
- "%{alias('keycloak::resources::protocol_mappers::groups')}"
borg::repository_user: borg
borg::repository_group: borg
borg::base_path: /srv/borg
borg::repository_path: "%{lookup('borg::base_path')}/repositories"
borg::repository_server: banco.internal.softwareheritage.org
borg::encryption: repokey-blake2
swh::deploy::base_counters::config_directory: "%{hiera('swh::conf_directory')}/counters"
swh::deploy::base_counters::user: swhstorage
swh::deploy::base_counters::group: swhstorage
swh::deploy::counters::conf_file: "%{hiera('swh::deploy::base_counters::config_directory')}/server.yml"
swh::deploy::counters::sentry_swh_package: swh.counters
swh::deploy::counters::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::counters::sentry_dsn: "https://%{lookup('swh::deploy::counters::sentry_token')}@sentry.softwareheritage.org/19"
swh::deploy::counters::user: "%{alias('swh::deploy::base_counters::user')}"
swh::deploy::counters::group: "%{alias('swh::deploy::base_counters::group')}"
swh::deploy::counters::cache_directory: /srv/softwareheritage/counters
swh::deploy::counters::refresh_cache::activate: true
swh::deploy::counters::history_interval: 12h
swh::deploy::counters::live_data_start: 1618415227 # last point of the historical file
swh::deploy::counters::cache_static_file: static_history.json
swh::deploy::counters::refresh_cache::cron:
minute: 0
hour: "*/4"
swh::deploy::counters::backend::listen::host: 0.0.0.0
swh::deploy::counters::backend::listen::port: "%{alias('swh::remote_service::counters::port')}"
swh::deploy::counters::backend::workers: 2
swh::deploy::counters::backend::reload_mercy: 3600
swh::deploy::counters::backend::http_keepalive: 5
swh::deploy::counters::backend::http_timeout: 3600
swh::deploy::counters::backend::max_requests: 10000
swh::deploy::counters::backend::max_requests_jitter: 1000
swh::deploy::counters::backend::server_names:
- "%{::swh_hostname.internal_fqdn}"
- "%{::hostname}"
- 127.0.0.1
- localhost
- "::1"
swh::deploy::counters::config:
counters:
cls: redis
host: localhost:6379
history:
cls: prometheus
prometheus_host: pergamon.internal.softwareheritage.org
prometheus_port: 9090
live_data_start: "%{alias('swh::deploy::counters::live_data_start')}"
cache_base_directory: "%{alias('swh::deploy::counters::cache_directory')}"
interval: "%{alias('swh::deploy::counters::history_interval')}"
labels:
environment: "%{alias('swh::deploy::environment')}"
swh::deploy::counters::journal_client::config_file: "%{lookup('swh::deploy::base_counters::config_directory')}/journal_client.yml"
swh::deploy::counters::journal_client::config:
counters:
cls: remote
url: http://localhost:5011
journal:
brokers: "%{alias('swh::deploy::journal::brokers')}"
group_id: swh.counters.journal_client
prefix: swh.journal.objects
object_types:
- content
- directory
- origin
- origin_visit
- origin_visit_status
- release
- revision
- skipped_content
- snapshot
message.max.bytes: 524288000
swh::deploy::base_search::config_directory: "%{hiera('swh::conf_directory')}/search"
swh::deploy::base_search::user: swhstorage
swh::deploy::base_search::group: swhstorage
swh::deploy::search::sentry_swh_package: swh.search
swh::deploy::search::sentry_environment: "%{alias('swh::deploy::environment')}"
swh::deploy::search::sentry_dsn: "https://%{lookup('swh::deploy::search::sentry_token')}@sentry.softwareheritage.org/15"
swh::deploy::search::conf_file: "%{hiera('swh::deploy::base_search::config_directory')}/server.yml"
swh::deploy::search::user: "%{alias('swh::deploy::base_search::user')}"
swh::deploy::search::group: "%{alias('swh::deploy::base_search::group')}"
swh::deploy::search::index: origin
swh::deploy::search::config:
search:
cls: elasticsearch
hosts: "%{alias('swh::elasticsearch::search_nodes')}"
indexes:
origin:
index: "%{alias('swh::deploy::search::index')}"
read_alias: origin-read
write_alias: origin-write
swh::deploy::search::journal_client::service_types:
- objects
# - indexed # Waiting for T2876 resolution
swh::deploy::search::journal_client::objects::config_file: "%{lookup('swh::deploy::base_search::config_directory')}/journal_client_objects.yml"
swh::deploy::search::journal_client::objects::config:
search:
cls: elasticsearch
hosts: "%{alias('swh::elasticsearch::search_nodes')}"
journal:
brokers: "%{alias('swh::deploy::journal::brokers')}"
group_id: swh.search.journal_client
prefix: swh.journal.objects
object_types:
- origin
- origin_visit
- origin_visit_status
swh::deploy::search::journal_client::indexed::config_file: "%{lookup('swh::deploy::base_search::config_directory')}/journal_client_indexed.yml"
swh::deploy::search::journal_client::indexed::config:
search:
cls: elasticsearch
hosts: "%{alias('swh::elasticsearch::search_nodes')}"
journal:
brokers: "%{alias('swh::deploy::journal::brokers')}"
group_id: swh.search.journal_client.indexed
prefix: swh.journal.indexed
object_types:
- origin_intrinsic_metadata
swh::deploy::search::backend::listen::host: 127.0.0.1
swh::deploy::search::backend::listen::port: "%{alias('swh::remote_service::search::port')}"
swh::deploy::search::backend::workers: 4
swh::deploy::search::backend::reload_mercy: 3600
swh::deploy::search::backend::http_keepalive: 5
swh::deploy::search::backend::http_timeout: 3600
swh::deploy::search::backend::max_requests: 10000
swh::deploy::search::backend::max_requests_jitter: 1000
swh::deploy::search::backend::server_names:
- "%{::swh_hostname.internal_fqdn}"
- "%{::hostname}"
- 127.0.0.1
- localhost
- "::1"
netbox::version: 2.9.3
netbox::user: netbox
netbox::db::host: localhost
netbox::db::port: 5432
netbox::db::database: netbox
netbox::db::username: netbox
# netbox::db::password: in private-data
netbox::mail::host: "%{lookup('smtp::relay_hostname')}"
netbox::mail::from: inventory@softwareheritage.org
netbox::redis::host: localhost
netbox::redis::port: 6379
# netbox::redis::password in private-data
# netbox::redis_cache::password in private-data
# netbox::secret_key in private-data
netbox::admin::email: sysop+netbox@softwareheritage.org
# netbox::admin::password in private-data
# netbox::admin::api_token in private-data
netbox::webhook_enabled: true
netbox::gunicorn::binding: 127.0.0.1
netbox::gunicorn::port: 8001
netbox::data_directory: /var/lib/netbox
netbox::allowed_hosts:
- "*"
- "localhost"
netbox::vhost::letsencrypt_cert: netbox
netbox::vhost::name: inventory.internal.softwareheritage.org
netbox::backend::url: "http://localhost:%{hiera('netbox::gunicorn::port')}/"
netbox::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
netbox::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
netbox::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
netbox::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
opnsense::hosts:
pushkin:
fqdn: pushkin.internal.softwareheritage.org
ip: 192.168.100.129
glyptotek:
fqdn: glyptotek.internal.softwareheritage.org
ip: 192.168.100.128
opnsense::prometheus::port: 9100
opnsense::prometheus::metrics_path: /metrics
prometheus::elasticsearch::exporter::version: "%{lookup('elastic::elk_version')}.0"