X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/677f47bfd7c92ece12f3e83419ecfd7b1762ea83..5b2a2b1f80153fa0423b0256740ae5a99f586dcb:/roles/ironbelly.rb diff --git a/roles/ironbelly.rb b/roles/ironbelly.rb index e06df5b2f..7c90c9c87 100644 --- a/roles/ironbelly.rb +++ b/roles/ironbelly.rb @@ -2,30 +2,100 @@ name "ironbelly" description "Master role applied to ironbelly" default_attributes( + :apt => { + :sources => [ "ubuntugis-unstable" ] + }, + :git => { + :allowed_nodes => "*:*", + :user => "chefrepo", + :group => "chefrepo", + :backup => "chef-git" + }, :networking => { :interfaces => { - :external_ipv4 => { + :internal_ipv4 => { :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.177" + }, + :external_ipv4 => { + :interface => "eth1", :role => :external, :family => :inet, - :address => "" + :address => "193.63.75.107" }, :external_ipv6 => { - :interface => "eth0", + :interface => "eth1", :role => :external, :family => :inet6, - :address => "" + :address => "2001:630:12:500:225:90ff:fec4:f6ef" + } + } + }, + :openvpn => { + :address => "10.0.16.2", + :tunnels => { + :ic2ucl => { + :port => "1194", + :mode => "server", + :peer => { + :host => "ridley.openstreetmap.org" + } + } + } + }, + :rsyncd => { + :modules => { + :hosts => { + :comment => "Host data", + :path => "/home/hosts", + :read_only => true, + :write_only => false, + :list => false, + :uid => "tomh", + :gid => "tomh", + :transfer_logging => false, + :hosts_allow => [ + "89.16.179.150", # shenron + "2001:41c8:10:996:21d:7dff:fec3:df70", # shenron + "212.159.112.221" # grant + ] }, - :internal_ipv4 => { - :interface => "eth1", - :role => :internal, - :family => :inet, - :address => "" + :logs => { + :comment => "Log files", + :path => "/store/logs", + :read_only => false, + :write_only => true, + :list => false, + :uid => "www-data", + :gid => "www-data", + :transfer_logging => false, + :hosts_allow => [ + "128.40.168.0/24", # ucl external + "146.179.159.160/27", # ic internal + "193.63.75.96/27", # ic external + "2001:630:12:500::/64", # ic external + "127.0.0.0/8", # localhost + "::1" # localhost + ], + :nodes_allow => "roles:tilecache" } } } ); run_list( - "role[ic]" + "role[ic]", + "role[gateway]", + "role[chef-server]", + "role[chef-repository]", + "role[web-storage]", + "role[supybot]", + "role[backup]", + "role[stats]", + "role[planet]", + "recipe[rsyncd]", + "recipe[openvpn]", + "recipe[git::server]" )