X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/d08ce246307a810b931513fe0feaa15b93455f99..f59ba065beebca01875211a01a54692ea7c0b32d:/roles/ironbelly.rb?ds=sidebyside diff --git a/roles/ironbelly.rb b/roles/ironbelly.rb index 8b90bbb44..5042c4dd0 100644 --- a/roles/ironbelly.rb +++ b/roles/ironbelly.rb @@ -5,6 +5,13 @@ default_attributes( :apt => { :sources => ["ubuntugis-unstable"] }, + :bind => { + :clients => "equinix" + }, + :dhcpd => { + :first_address => "10.0.63.1", + :last_address => "10.0.63.254" + }, :elasticsearch => { :cluster => { :routing => { @@ -12,7 +19,8 @@ default_attributes( :disk => { :watermark => { :low => "95%", - :high => "98%" + :high => "98%", + :flood_stage => "99%" } } } @@ -22,58 +30,28 @@ default_attributes( :data => "/store/elasticsearch" } }, - :git => { - :allowed_nodes => "fqdn:*", - :user => "chefrepo", - :group => "chefrepo", - :backup => "chef-git" - }, :networking => { :interfaces => { :internal_ipv4 => { - :interface => "eth0", + :interface => "bond0", :role => :internal, :family => :inet, - :address => "146.179.159.177" + :address => "10.0.48.10", + :bond => { + :slaves => %w[eth0 eth1] + } }, :external_ipv4 => { - :interface => "eth1", + :interface => "bond0.2", :role => :external, :family => :inet, - :address => "193.63.75.107" + :address => "130.117.76.10" }, :external_ipv6 => { - :interface => "eth1", + :interface => "bond0.2", :role => :external, :family => :inet6, - :address => "2001:630:12:500:225:90ff:fec4:f6ef" - } - } - }, - :openvpn => { - :address => "10.0.16.2", - :tunnels => { - :ic2ucl => { - :port => "1194", - :mode => "server", - :peer => { - :host => "ridley.openstreetmap.org" - } - }, - :aws2ic => { - :port => "1195", - :mode => "server", - :peer => { - :host => "fafnir.openstreetmap.org" - } - }, - :ic2bm => { - :port => "1196", - :mode => "client", - :peer => { - :host => "grisu.openstreetmap.org", - :port => "1194" - } + :address => "2001:978:2:2C::172:A" } } }, @@ -107,15 +85,15 @@ default_attributes( :gid => "www-data", :transfer_logging => false, :hosts_allow => [ - "193.60.236.0/24", # ucl external - "146.179.159.160/27", # ic internal - "193.63.75.96/27", # ic external - "2001:630:12:500::/64", # ic external - "10.0.32.0/20", # bytemark internal - "89.16.162.16/28", # bytemark external - "2001:41c9:2:d6::/64", # bytemark external - "127.0.0.0/8", # localhost - "::1" # localhost + "193.60.236.0/24", # ucl external + "10.0.48.0/20", # equinix internal + "130.117.76.0/27", # equinix external + "2001:978:2:2C::172:0/112", # equinix external + "10.0.32.0/20", # bytemark internal + "89.16.162.16/28", # bytemark external + "2001:41c9:2:d6::/64", # bytemark external + "127.0.0.0/8", # localhost + "::1" # localhost ], :nodes_allow => "roles:tilecache" } @@ -124,17 +102,14 @@ default_attributes( ) run_list( - "role[ic]", + "role[equinix]", "role[gateway]", "role[web-storage]", "role[supybot]", "role[backup]", - "role[stats]", "role[planet]", "role[planetdump]", - "role[logstash]", - "role[letsencrypt]", "recipe[rsyncd]", - "recipe[openvpn]", + "recipe[dhcpd]", "recipe[tilelog]" )