From: Tom Hughes Date: Tue, 18 Jun 2013 21:27:12 +0000 (+0100) Subject: Add roles from the private repository X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/a7d96c8358a00088b485fadb5966eb4b231d2ff1 Add roles from the private repository --- diff --git a/roles/au.rb b/roles/au.rb new file mode 100644 index 000000000..857845298 --- /dev/null +++ b/roles/au.rb @@ -0,0 +1,10 @@ +name "au" +description "Role applied to all servers located in Australia" + +override_attributes( + :country => "au" +) + +run_list( + "role[base]" +) diff --git a/roles/base.rb b/roles/base.rb new file mode 100644 index 000000000..15c913d3d --- /dev/null +++ b/roles/base.rb @@ -0,0 +1,83 @@ +name "base" +description "Base role applied to all servers" + +default_attributes( + :accounts => { + :users => { + :grant => { :status => :administrator }, + :tomh => { :status => :administrator }, + :matt => { :status => :administrator }, + :jburgess => { :status => :administrator } + } + }, + :apt => { + :sources => [ "openstreetmap" ] + }, + :networking => { + :roles => { + :internal => { :metric => 200, :zone => "loc" }, + :external => { :metric => 100 } + }, + :search => [ "openstreetmap.org" ] + }, + :sysctl => { + :panic => { + :comment => "Reboot automatically after a panic", + :parameters => { "kernel.panic" => "60" } + }, + :blackhole => { + :comment => "Do TCP level MTU probing if we seem to have an ICMP blackhole", + :parameters => { "net.ipv4.tcp_mtu_probing" => "1" } + }, + :network_buffers => { + :comment => "Tune network buffers", + :parameters => { + "net.core.rmem_max" => "16777216", + "net.core.wmem_max" => "16777216", + "net.ipv4.tcp_rmem" => "4096\t87380\t16777216", + "net.ipv4.tcp_wmem" => "4096\t65536\t16777216" + } + }, + :network_backlog => { + :comment => "Increase maximum backlog for incoming network packets", + :parameters => { "net.core.netdev_max_backlog" => "2500" } + }, + :network_conntrack_established => { + :comment => "Only track established connections for four hours", + :parameters => { + "net.netfilter.nf_conntrack_tcp_timeout_established" => "14400" + } + }, + :tcp_syncookies => { + :comment => "Turn off syncookies as they interact badly with the firewall", + :parameters => { + "net.ipv4.tcp_syncookies" => "0" + } + } + }, + :sysfs => { + :cpufreq_ondemand => { + :comment => "Tune the ondemand CPU frequency governor", + :parameters => { + "devices/system/cpu/cpufreq/ondemand/up_threshold" => "25", + "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "10" + } + } + } +) + +run_list( + "recipe[accounts]", + "recipe[apt]", + "recipe[chef]", + "recipe[devices]", + "recipe[hardware]", + "recipe[munin]", + "recipe[networking]", + "recipe[exim]", + "recipe[ntp]", + "recipe[openssh]", + "recipe[sysctl]", + "recipe[sysfs]", + "recipe[tools]" +) diff --git a/roles/blix-nl.rb b/roles/blix-nl.rb new file mode 100644 index 000000000..cf8e1f6a2 --- /dev/null +++ b/roles/blix-nl.rb @@ -0,0 +1,13 @@ +name "blix-nl" +description "Role applied to all servers at Blix NL" + +override_attributes( + :ntp => { + :servers => [ "0.nl.pool.ntp.org", "1.nl.pool.ntp.org", "europe.pool.ntp.org" ] + } +) + +run_list( + "role[nl]", + "role[blix]" +) diff --git a/roles/blix-no.rb b/roles/blix-no.rb new file mode 100644 index 000000000..02eab6d79 --- /dev/null +++ b/roles/blix-no.rb @@ -0,0 +1,13 @@ +name "blix-no" +description "Role applied to all servers at Blix NO" + +override_attributes( + :ntp => { + :servers => [ "0.no.pool.ntp.org", "1.no.pool.ntp.org", "europe.pool.ntp.org" ] + } +) + +run_list( + "role[no]", + "role[blix]" +) diff --git a/roles/blix.rb b/roles/blix.rb new file mode 100644 index 000000000..756e3c16d --- /dev/null +++ b/roles/blix.rb @@ -0,0 +1,18 @@ +name "blix" +description "Role applied to all servers at Blix" + +default_attributes( + :accounts => { + :users => { + :blixadmin => { :status => :administrator } + } + }, + :networking => { + :nameservers => [ "8.8.8.8", "8.8.4.4" ], + :roles => { + :external => { + :zone => "bx" + } + } + } +) diff --git a/roles/blog.rb b/roles/blog.rb new file mode 100644 index 000000000..d6bda457d --- /dev/null +++ b/roles/blog.rb @@ -0,0 +1,6 @@ +name "blog" +description "Role applied to blog servers" + +run_list( + "recipe[blog]" +) diff --git a/roles/bunyip.rb b/roles/bunyip.rb new file mode 100644 index 000000000..cf73f558d --- /dev/null +++ b/roles/bunyip.rb @@ -0,0 +1,89 @@ +name "bunyip" +description "Master role applied to bunyip" + +default_attributes( + :devices => { + :os1 => { + :comment => "First os disk", + :type => "block", + :bus => "cciss", + :serial => "3600508b1001844585154453137470008", + :attrs => { + "queue/scheduler" => "noop", + "queue/nr_requests" => "512" + } + }, + :tile1 => { + :comment => "First tile disk", + :type => "block", + :bus => "cciss", + :serial => "3600508b1001844585154453137470009", + :owner => "proxy", + :attrs => { + "queue/scheduler" => "noop", + "queue/nr_requests" => "512" + } + }, + :tile2 => { + :comment => "Second tile disk", + :type => "block", + :bus => "cciss", + :serial => "3600508b100184458515445313747000a", + :owner => "proxy", + :attrs => { + "queue/scheduler" => "noop", + "queue/nr_requests" => "512" + } + }, + :tile3 => { + :comment => "Third tile disk", + :type => "block", + :bus => "cciss", + :serial => "3600508b100184458515445313747000b", + :owner => "proxy", + :attrs => { + "queue/scheduler" => "noop", + "queue/nr_requests" => "512" + } + }, + :tile4 => { + :comment => "Fourth tile disk", + :type => "block", + :bus => "cciss", + :serial => "3600508b100184458515445313747000c", + :owner => "proxy", + :attrs => { + "queue/scheduler" => "noop", + "queue/nr_requests" => "512" + } + } + }, + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "203.26.72.12", + :prefix => "28", + :gateway => "203.26.72.14" + }, + :external_ipv6 => { + :interface => "eth0", + :role => :external, + :family => :inet6, + :address => "2402:6400:1:6:217:8ff:fe56:40c3", + :prefix => "64" + } + } + }, + :squid => { + :cache_mem => "5000 MB", + :cache_dir => "coss /dev/cciss/c0d1 128000 block-size=8192 max-size=262144 membufs=80" + } +) + +run_list( + "role[racs]", + "role[tilecache]" +) diff --git a/roles/bytemark.rb b/roles/bytemark.rb new file mode 100644 index 000000000..1655af171 --- /dev/null +++ b/roles/bytemark.rb @@ -0,0 +1,23 @@ +name "bytemark" +description "Role applied to all servers at Bytemark" + +default_attributes( + :networking => { + :nameservers => [ "2001:41c8:2::1", "2001:41c8:2::2", "80.68.80.24", "80.68.80.25" ], + :roles => { + :external => { + :zone => "bm" + } + } + } +) + +override_attributes( + :ntp => { + :servers => [ "0.uk.pool.ntp.org", "1.uk.pool.ntp.org", "europe.pool.ntp.org" ] + } +) + +run_list( + "role[gb]" +) diff --git a/roles/ca.rb b/roles/ca.rb new file mode 100644 index 000000000..3d83f885c --- /dev/null +++ b/roles/ca.rb @@ -0,0 +1,10 @@ +name "ca" +description "Role applied to all servers located in Canada" + +override_attributes( + :country => "ca" +) + +run_list( + "role[base]" +) diff --git a/roles/chef-repository.rb b/roles/chef-repository.rb new file mode 100644 index 000000000..9e1815f13 --- /dev/null +++ b/roles/chef-repository.rb @@ -0,0 +1,28 @@ +name "chef-repository" +description "Role applied to all chef repositories" + +default_attributes( + :accounts => { + :users => { + :lonvia => { + :status => :user, + :shell => "/usr/bin/git-shell" + }, + :yellowbkpk => { + :status => :user, + :shell => "/usr/bin/git-shell" + }, + :chefrepo => { + :status => :role, + :members => [ :tomh, :grant, :matt, :lonvia, :yellowbkpk ] + } + } + }, + :chef => { + :repository => "/var/lib/git/chef.git" + } +) + +run_list( + "recipe[chef::repository]" +) diff --git a/roles/chef-server.rb b/roles/chef-server.rb new file mode 100644 index 000000000..9ae1fbc00 --- /dev/null +++ b/roles/chef-server.rb @@ -0,0 +1,6 @@ +name "chef-server" +description "Role applied to all chef servers" + +run_list( + "recipe[chef::server]" +) diff --git a/roles/db-master.rb b/roles/db-master.rb new file mode 100644 index 000000000..84dd05c55 --- /dev/null +++ b/roles/db-master.rb @@ -0,0 +1,50 @@ +name "db-master" +description "Role applied to all the master database server" + +default_attributes( + :postgresql => { + :versions => [ "9.1" ], + :settings => { + :defaults => { + :wal_level => "hot_standby", + :archive_mode => "on", + :archive_command => "/bin/cp %p /store/postgresql/system/archive/%f", + :max_wal_senders => "2", + :user_name_maps => { + :backup => [ + { :system => "osmbackup", :postgres => "backup" } + ] + }, + :early_authentication_rules => [ + { :type => "local", :database => "all", :user => "backup", :method => "peer", :options => { :map => "backup" } } + ], + :late_authentication_rules => [ + { :database => "replication", :user => "replication", :address => "146.179.159.168/32" } + ] + } + } + }, + :rsyncd => { + :modules => { + :archive => { + :comment => "WAL Archive", + :path => "/store/postgresql/system/archive", + :read_only => true, + :write_only => false, + :list => false, + :uid => "postgres", + :gid => "postgres", + :transfer_logging => false, + :hosts_allow => [ + "146.179.159.168" + ] + } + } + } +) + +run_list( + "role[db]", + "recipe[db::master]", + "recipe[rsyncd]" +) diff --git a/roles/db.rb b/roles/db.rb new file mode 100644 index 000000000..031865a6c --- /dev/null +++ b/roles/db.rb @@ -0,0 +1,63 @@ +name "db" +description "Role applied to all database servers" + +default_attributes( + :accounts => { + :users => { + :rails => { + :status => :role, + :members => [ :tomh, :grant ] + } + } + }, + :munin => { + :plugins => { + :postgres_connections_openstreetmap => { + :waiting => { + :warning => 10, + :critical => 20 + } + }, + :postgres_locks_openstreetmap => { + :accesssharelock => { + :warning => 900, + :critical => 1000 + }, + :rowexclusivelock => { + :warning => 250, + :critical => 300 + } + } + } + }, + :nfs => { + "/store/rails" => { :host => "horntail", :path => "/store/rails" } + }, + :postgresql => { + :versions => [ "9.1" ], + :settings => { + :defaults => { + :listen_addresses => "*", + :max_connections => "500", + :max_stack_depth => "7MB", + :checkpoint_segments => "32", + :checkpoint_completion_target => "0.8", + :late_authentication_rules => [ + { :address => "146.179.159.160/27" } + ] + } + } + }, + :sysctl => { + :swappiness => { + :comment => "Only swap in an emergency", + :parameters => { + "vm.swappiness" => 0 + } + } + } +) + +run_list( + "recipe[nfs]" +) diff --git a/roles/de.rb b/roles/de.rb new file mode 100644 index 000000000..9fd3dbb78 --- /dev/null +++ b/roles/de.rb @@ -0,0 +1,10 @@ +name "de" +description "Role applied to all servers located in Germany" + +override_attributes( + :country => "de" +) + +run_list( + "role[base]" +) diff --git a/roles/dev.rb b/roles/dev.rb new file mode 100644 index 000000000..52f8dc7de --- /dev/null +++ b/roles/dev.rb @@ -0,0 +1,160 @@ +name "dev" +description "Role applied to all development servers" + +default_attributes( + :accounts => { + :users => { + :edgemaster => { :status => :administrator }, + :emacsen => { :status => :administrator }, + :twain => { :status => :user }, + :bretth => { :status => :user }, + :richard => { :status => :user }, + :shaunmcdonald => { :status => :user }, + :random => { :status => :user }, + :steve8 => { :status => :user }, + :blackadder => { :status => :user }, + :timsc => { :status => :user }, + :bobkare => { :status => :user }, + :daveh => { :status => :user }, + :gravitystorm => { :status => :user }, + :fred => { :status => :user }, + :nick => { :status => :user }, + :deelkar => { :status => :user }, + :simone => { :status => :user }, + :mitjak => { :status => :user }, + :htonl => { :status => :user }, + :russ => { :status => :user }, + :merio => { :status => :user }, + :chippy => { :status => :user }, + :joerichards => { :status => :user }, + :pafciu17 => { :status => :user }, + :ojw => { :status => :user }, + :harrywood => { :status => :user }, + :yellowbkpk => { :status => :user }, + :apmon => { :status => :user }, + :mackerski => { :status => :user }, + :ldp => { :status => :user }, + :mdaines => { :status => :user }, + :dan => { :status => :user }, + :ris => { :status => :user }, + :nroets => { :status => :user }, + :ollie => { :status => :user }, + :mvexel => { :status => :user }, + :tomchance => { :status => :user }, + :lfrancke => { :status => :user }, + :davidearl => { :status => :user }, + :emacsen => { :status => :user }, + :rweait => { :status => :user }, + :ant => { :status => :user }, + :milliams => { :status => :user }, + :pierzen => { :status => :user }, + :gregory => { :status => :user }, + :bsupnik => { :status => :user }, + :derick => { :status => :user }, + :joshd => { :status => :user }, + :maba => { :status => :user }, + :pnorman => { :status => :user }, + :csmale => { :status => :user }, + :jgc => { :status => :user }, + :cobra => { :status => :user }, + :ppawel => { :status => :user }, + :simon04 => { :status => :user }, + :jfire => { :status => :user }, + :malenki => { :status => :user }, + :lonvia => { :status => :user }, + :nicolas17 => { :status => :user }, + :zverik => { :status => :user }, + :ooc => { + :status => :role, + :members => [ :tomh, :blackadder, :timsc, :ollie ] + }, + :apis => { + :status => :role, + :members => [ :tomh ] + }, + :os => { + :status => :role, + :members => [ :tomh, :grant, :ollie ] + }, + :gpsmid => { + :status => :role, + :members => [ :apmon, :maba ] + } + } + }, + :apache => { + :mpm => "event", + :timeout => 30, + :event => { + :server_limit => 32, + :max_clients => 800, + :threads_per_child => 50, + :max_requests_per_child => 10000 + } + }, + :apt => { + :sources => [ + "brightbox-ruby-ng", + "ubuntugis-stable", "ubuntugis-unstable", + "mapnik-v210" + ] + }, + :dev => { + :ruby => "1.9.1", + :rails => { + :master => { + :repository => "git://git.openstreetmap.org/rails.git", + :revision => "master", + :aliases => [ "api06.dev.openstreetmap.org" ] + }, + :forms => { + :repository => "git://github.com/tomhughes/openstreetmap-website.git", + :revision => "forms" + }, + :routing => { + :repository => "git://github.com/apmon/openstreetmap-website.git", + :revision => "routing2" + }, + :tomh => { + :repository => "git://github.com/tomhughes/openstreetmap-website.git", + :revision => "next" + }, + :owl => { + :repository => "git://github.com/ppawel/openstreetmap-website.git", + :revision => "owl-history-tab" + }, + :overpass => { + :repository => "git://github.com/drolbr/openstreetmap-website.git", + :revision => "master" + } + } + }, + :postgresql => { + :versions => [ "9.1" ], + :settings => { + :defaults => { + :shared_buffers => "1GB", + :work_mem => "32MB", + :maintenance_work_mem => "64MB", + :max_stack_depth => "4MB", + :effective_cache_size => "4GB" + }, + "9.1" => { + :port => "5433" + } + } + }, + :sysctl => { + :postgres => { + :comment => "Increase shared memory for postgres", + :parameters => { + "kernel.shmall" => "4194304", + "kernel.shmmax" => "17179869184" + } + } + } +) + +run_list( + "recipe[dev]" +) diff --git a/roles/dns.rb b/roles/dns.rb new file mode 100644 index 000000000..7a5e5a46a --- /dev/null +++ b/roles/dns.rb @@ -0,0 +1,12 @@ +name "dns" +description "Role applied to DNS management servers" + +default_attributes( + :dns => { + :repository => "/var/lib/git/dns.git" + } +) + +run_list( + "recipe[dns]" +) diff --git a/roles/draco.rb b/roles/draco.rb new file mode 100644 index 000000000..2c373e4d5 --- /dev/null +++ b/roles/draco.rb @@ -0,0 +1,37 @@ +name "draco" +description "Master role applied to draco" + +default_attributes( + :apt => { + :sources => [ "ubuntugis-stable", "ubuntugis-unstable" ] + }, + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.11" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.95" + } + } + }, + :sysctl => { + :tune_cpu_scheduler => { + :comment => "Tune CPU scheduler for server scheduling", + :parameters => { + "kernel.sched_migration_cost" => 50000000, + "kernel.sched_autogroup_enabled" => 0 + } + } + } +) + +run_list( + "role[ucl-internal]" +) diff --git a/roles/errol.rb b/roles/errol.rb new file mode 100644 index 000000000..efb7b93b4 --- /dev/null +++ b/roles/errol.rb @@ -0,0 +1,65 @@ +name "errol" +description "Master role applied to errol" + +default_attributes( + :munin => { + :plugins => { + :sensors_fan => { + :contacts => "null" + }, + :sensors_temp => { + :contacts => "null" + }, + :sensors_volt => { + :contacts => "null", + :volt10 => { + :warning => "3.11:3.50", + :critical => "2.98:3.63" + } + } + } + }, + :devices => { + :osdsk => { + :comment => "First os disk", + :type => "block", + :bus => "scsi", + :serial => "20004d927fffff800", + :attrs => { + "queue/scheduler" => "deadline", + "queue/nr_requests" => "512" + } + }, + :homedsk => { + :comment => "First home disk", + :type => "block", + :bus => "scsi", + :serial => "20004d927fffff801", + :attrs => { + "queue/scheduler" => "deadline", + "queue/nr_requests" => "512" + } + } + }, + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.14" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.103" + } + } + } +); + +run_list( + "role[ucl-external]", + "role[dev]" +) diff --git a/roles/eustace.rb b/roles/eustace.rb new file mode 100644 index 000000000..bbb5da681 --- /dev/null +++ b/roles/eustace.rb @@ -0,0 +1,26 @@ +name "eustace" +description "Master role applied to eustace" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.9" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.101" + } + } + } +) + +run_list( + "role[ucl-internal]", + "role[piwik]" +) diff --git a/roles/faffy.rb b/roles/faffy.rb new file mode 100644 index 000000000..e8030613f --- /dev/null +++ b/roles/faffy.rb @@ -0,0 +1,62 @@ +name "faffy" +description "Master role applied to faffy" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.7" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.108" + } + } + }, + :rsyncd => { + :modules => { + :agri_imagery => { + :comment => "AGRI Imagery Archive", + :path => "/mnt/md0/agri", + :read_only => true, + :write_only => false, + :list => true, + :uid => "nobody", + :gid => "nogroup", + :transfer_logging => false, + :exclude => [ ".*" ], + :max_connections => 10, + :ignore_errors => true, + :ignore_nonreadable => true, + :timeout => 3600, + :refuse_options => [ "checksum" ] + }, + :agri_extra => { + :comment => "AGRI Extras Archive", + :path => "/var/www/agri.openstreetmap.org/download", + :read_only => true, + :write_only => false, + :list => true, + :uid => "nobody", + :gid => "nogroup", + :transfer_logging => false, + :exclude => [ ".*" ], + :max_connections => 10, + :ignore_errors => true, + :ignore_nonreadable => true, + :timeout => 3600, + :refuse_options => [ "checksum" ] + } + } + } +) + +run_list( + "role[ucl-internal]", + "recipe[rsyncd]" +) diff --git a/roles/firefishynet.rb b/roles/firefishynet.rb new file mode 100644 index 000000000..49a1ff4c9 --- /dev/null +++ b/roles/firefishynet.rb @@ -0,0 +1,17 @@ +name "firefishynet" +description "Role applied to all servers at Firefishy" + +default_attributes( + :networking => { + :nameservers => [ "8.8.8.8", "8.8.4.4" ], + :roles => { + :external => { + :zone => "ff" + } + } + } +) + +run_list( + "role[gb]" +) diff --git a/roles/foundation.rb b/roles/foundation.rb new file mode 100644 index 000000000..cc80f3dfe --- /dev/null +++ b/roles/foundation.rb @@ -0,0 +1,23 @@ +name "foundation" +description "Role applied to all OSMF servers" + +default_attributes( + :apache => { + :mpm => "prefork", + :timeout => 60, + :keepalive => false + }, + :apt => { + :sources => [ "brightbox", "aw-drupal" ] + }, + :memcached => { + :memory_limit => 400, + :chunk_growth_factor => 1.05, + :min_item_size => 5 + } +) + +run_list( + "recipe[mediawiki]", + "recipe[civicrm]" +) diff --git a/roles/fr.rb b/roles/fr.rb new file mode 100644 index 000000000..0e076d9e7 --- /dev/null +++ b/roles/fr.rb @@ -0,0 +1,10 @@ +name "fr" +description "Role applied to all servers located in France" + +override_attributes( + :country => "fr" +) + +run_list( + "role[base]" +) diff --git a/roles/fume.rb b/roles/fume.rb new file mode 100644 index 000000000..ac5b7ecd4 --- /dev/null +++ b/roles/fume.rb @@ -0,0 +1,44 @@ +name "fume" +description "Master role applied to fume" + +default_attributes( + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "85.30.190.241", + :prefix => "29", + :gateway => "85.30.190.246" + }, + :external_ipv6 => { + :interface => "eth0", + :role => :external, + :family => :inet6, + :address => "2a02:80:0:3ff8:222:64ff:fe2a:2714", + :prefix => "64" + } + } + }, + :squid => { + :cache_mem => "16000 MB", + :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + }, + :sysfs => { + :hdd_tune => { + :comment => "Tune the queue for improved performance", + :parameters => { + "block/cciss\!c0d0/queue/nr_requests" => "512", + "block/cciss\!c0d1/queue/nr_requests" => "512", + "block/cciss\!c0d0/queue/scheduler" => "noop", + "block/cciss\!c0d1/queue/scheduler" => "noop" + } + } + } +) + +run_list( + "role[teleservice]", + "role[tilecache]" +) diff --git a/roles/gateway.rb b/roles/gateway.rb new file mode 100644 index 000000000..653d686f3 --- /dev/null +++ b/roles/gateway.rb @@ -0,0 +1,18 @@ +name "gateway" +description "Role applied to all network gateways" + +default_attributes( + :sysctl => { + :network_forwarding => { + :comment => "Enable forwarding", + :parameters => { "net.ipv4.ip_forward" => "1" } + } + }, + :exim => { + :relay_from_hosts => [ "10.0.0.0/8"] + } +) + +run_list( + "recipe[bind]" +) diff --git a/roles/gb.rb b/roles/gb.rb new file mode 100644 index 000000000..7362781f1 --- /dev/null +++ b/roles/gb.rb @@ -0,0 +1,10 @@ +name "gb" +description "Role applied to all servers located in the UK" + +override_attributes( + :country => "gb" +) + +run_list( + "role[base]" +) diff --git a/roles/geodns.rb b/roles/geodns.rb new file mode 100644 index 000000000..0d1510710 --- /dev/null +++ b/roles/geodns.rb @@ -0,0 +1,6 @@ +name "geodns" +description "Role applied to all geographic DNS servers" + +run_list( + "recipe[geodns]" +) diff --git a/roles/git.rb b/roles/git.rb new file mode 100644 index 000000000..1fb7fac7f --- /dev/null +++ b/roles/git.rb @@ -0,0 +1,29 @@ +name "git" +description "Role applied to all git servers" + +default_attributes( + :accounts => { + :users => { + :lonvia => { + :status => :user, + :shell => "/usr/bin/git-shell" + }, + :translatewiki => { + :status => :user, + :shell => "/usr/bin/git-shell" + }, + :git => { + :status => :role, + :members => [ :tomh, :grant, :matt, :lonvia, :translatewiki ] + } + } + }, + :git => { + :host => "git.openstreetmap.org", + :directory => "/var/lib/git" + } +) + +run_list( + "recipe[git::server]" +) diff --git a/roles/gorynych.rb b/roles/gorynych.rb new file mode 100644 index 000000000..3d2b038d5 --- /dev/null +++ b/roles/gorynych.rb @@ -0,0 +1,26 @@ +name "gorynych" +description "Master role applied to gorynych" + +default_attributes( + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "130.193.62.73", + :prefix => "29", + :gateway => "130.193.62.78" + } + } + }, + :squid => { + :cache_mem => "5800 MB", + :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + } +) + +run_list( + "role[yandex]", + "role[tilecache]" +) diff --git a/roles/grisu.rb b/roles/grisu.rb new file mode 100644 index 000000000..37511e2f2 --- /dev/null +++ b/roles/grisu.rb @@ -0,0 +1,39 @@ +name "grisu" +description "Master role applied to grisu" + +default_attributes( + :accounts => { + :users => { + :yellowbkpk => { :status => :administrator } + } + }, + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "142.4.213.166", + :prefix => "24", + :gateway => "142.4.213.254" + }, + :external_ipv6 => { + :interface => "eth0", + :role => :external, + :family => :inet6, + :address => "2607:5300:60:12a6::1", + :prefix => "64", + :gateway => "2607:5300:60:12ff:ff:ff:ff:ff" + } + } + }, + :squid => { + :cache_mem => "9000 MB", + :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + } +) + +run_list( + "role[ovh-ca]", + "role[tilecache]" +) diff --git a/roles/hetzner.rb b/roles/hetzner.rb new file mode 100644 index 000000000..948001afa --- /dev/null +++ b/roles/hetzner.rb @@ -0,0 +1,30 @@ +name "hetzner" +description "Role applied to all servers at Hetzner" + +default_attributes( + :networking => { + :nameservers => [ + "213.133.98.98", + "213.133.99.99", + "213.133.100.100", + "2a01:4f8:0:a111::add:9898", + "2a01:4f8:0:a102::add:9999", + "2a01:4f8:0:a0a1::add:1010" + ], + :roles => { + :external => { + :zone => "hz" + } + } + } +) + +override_attributes( + :ntp => { + :servers => [ "0.de.pool.ntp.org", "1.de.pool.ntp.org", "europe.pool.ntp.org" ] + } +) + +run_list( + "role[de]" +) diff --git a/roles/horntail.rb b/roles/horntail.rb new file mode 100644 index 000000000..6f88fdf24 --- /dev/null +++ b/roles/horntail.rb @@ -0,0 +1,146 @@ +name "horntail" +description "Master role applied to horntail" + +default_attributes( + :accounts => { + :users => { + :gravitystorm => { :status => :user } + } + }, + :munin => { + :plugins => { + :ipmi_fans => { + :FAN1 => { :graph => "no" }, + :FAN2 => { :graph => "no" }, + :FAN3 => { :graph => "no" }, + :FAN4 => { :graph => "no" }, + :FAN5 => { :graph => "no" } + }, + :sensors_fan => { + :fan1 => { :graph => "no" }, + :fan2 => { :graph => "no" }, + :fan3 => { :graph => "no" }, + :fan4 => { :graph => "no" }, + :fan5 => { :graph => "no" }, + :fan6 => { :graph => "no" }, + :fan9 => { :graph => "no" }, + :fan10 => { :graph => "no" } + }, + :sensors_volt => { + :contacts => "null", + :volt1 => { + :warning => "1.316:1.484", + :critical => "1.26:1.54" + }, + :volt3 => { + :warning => "1.1:2.0", + :critical => "1.0:3.0" + }, + :volt4 => { + :warning => "11.0:13.0", + :critical => "10.5:13.5" + } + } + } + }, + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "193.63.75.101" + }, + :external_ipv6 => { + :interface => "eth0", + :role => :external, + :family => :inet6, + :address => "2001:630:12:500:202:b3ff:feec:eeac" + }, + :internal_ipv4 => { + :interface => "eth1", + :role => :internal, + :family => :inet, + :address => "146.179.159.164" + } + } + }, + :openvpn => { + :address => "10.0.16.2", + :tunnels => { + :ic2ucl => { + :port => "1194", + :mode => "server", + :peer => { + :host => "ridley.openstreetmap.org" + } + } + } + }, + :rsyncd => { + :modules => { + :hosts => { + :comment => "Host data", + :path => "/home/hosts", + :read_only => true, + :write_only => false, + :list => false, + :uid => "tomh", + :gid => "tomh", + :transfer_logging => false, + :hosts_allow => [ + "89.16.179.150", # shenron + "2001:41c8:10:996:21d:7dff:fec3:df70", # shenron + "212.159.112.221" # grant + ] + }, + :logs => { + :comment => "Log files", + :path => "/store/logs", + :read_only => false, + :write_only => true, + :list => false, + :uid => "www-data", + :gid => "www-data", + :transfer_logging => false, + :hosts_allow => [ + "128.40.168.0/24", # ucl external + "146.179.159.160/27", # ic internal + "193.63.75.96/27", # ic external + "2001:630:12:500::/64", # ic external + "127.0.0.0/8", # localhost + "::1" # localhost + ] + }, + :backup => { + :comment => "Backups", + :path => "/store/backup", + :read_only => false, + :write_only => true, + :list => false, + :uid => "osmbackup", + :gid => "osmbackup", + :transfer_logging => false, + :hosts_allow => [ + "128.40.168.0/24", # ucl external + "146.179.159.160/27", # ic internal + "193.63.75.96/27", # ic external + "2001:630:12:500::/64", # ic external + "127.0.0.0/8", # localhost + "::1" # localhost + ] + } + } + } +); + +run_list( + "role[ic]", + "role[gateway]", + "role[chef-server]", + "role[chef-repository]", + "role[planet]", + "role[web-storage]", + "recipe[rsyncd]", + "recipe[openvpn]" +) diff --git a/roles/ic.rb b/roles/ic.rb new file mode 100644 index 000000000..369380956 --- /dev/null +++ b/roles/ic.rb @@ -0,0 +1,45 @@ +name "ic" +description "Role applied to all servers at Imperial College" + +default_attributes( + :accounts => { + :users => { + :icladmin => { :status => :user } + } + }, + :networking => { + :nameservers => [ "146.179.159.164" ], + :roles => { + :internal => { + :inet => { + :prefix => "27", + :gateway => "146.179.159.164" + } + }, + :external => { + :zone => "ic", + :inet => { + :prefix => "27", + :gateway => "193.63.75.97" + }, + :inet6 => { + :prefix => "64", + :gateway => "fe80::5:73ff:fea0:1" + } + } + } + } +) + +override_attributes( + :networking => { + :search => [ "ic.openstreetmap.org", "openstreetmap.org" ] + }, + :ntp => { + :servers => [ "0.uk.pool.ntp.org", "1.uk.pool.ntp.org", "europe.pool.ntp.org" ] + } +) + +run_list( + "role[gb]" +) diff --git a/roles/idris.rb b/roles/idris.rb new file mode 100644 index 000000000..f25b3246a --- /dev/null +++ b/roles/idris.rb @@ -0,0 +1,45 @@ +name "idris" +description "Master role applied to idris" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.4" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.98" + } + } + }, + :postgresql => { + :versions => [ "9.1" ], + :settings => { + :defaults => { + :shared_buffers => "1GB", + :maintenance_work_mem => "256MB", + :effective_cache_size => "2GB" + } + } + }, + :sysctl => { + :postgres => { + :comment => "Increase shared memory for postgres", + :parameters => { + "kernel.shmmax" => 4 * 1024 * 1024 * 1024, + "kernel.shmall" => 4 * 1024 * 1024 * 1024 / 4096 + } + } + } +) + +run_list( + "role[ucl-internal]", + "role[tile]" +) diff --git a/roles/irc.rb b/roles/irc.rb new file mode 100644 index 000000000..f12e2691e --- /dev/null +++ b/roles/irc.rb @@ -0,0 +1,6 @@ +name "irc" +description "Role applied to all IRC gateways" + +run_list( + "recipe[cgiirc]" +) diff --git a/roles/jakelong.rb b/roles/jakelong.rb new file mode 100644 index 000000000..c01bd848c --- /dev/null +++ b/roles/jakelong.rb @@ -0,0 +1,26 @@ +name "jakelong" +description "Master role applied to jakelong" + +default_attributes( + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "64.62.205.202", + :prefix => "26", + :gateway => "64.62.205.193" + } + } + }, + :squid => { + :cache_mem => "650 MB", + :cache_dir => "coss /store/squid/coss-01 15000 block-size=8192 max-size=262144 membufs=30" + } +) + +run_list( + "role[prgmr]", + "role[tilecache]" +) diff --git a/roles/katla.rb b/roles/katla.rb new file mode 100644 index 000000000..ece28c522 --- /dev/null +++ b/roles/katla.rb @@ -0,0 +1,20 @@ +name "katla" +description "Master role applied to katla" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.173", + :hwaddress => "00:25:90:94:91:00" + } + } + } +); + +run_list( + "role[ic]" +) diff --git a/roles/konqi.rb b/roles/konqi.rb new file mode 100644 index 000000000..557d762da --- /dev/null +++ b/roles/konqi.rb @@ -0,0 +1,39 @@ +name "konqi" +description "Master role applied to konqi" + +default_attributes( + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "193.63.75.104" + }, + :external_ipv4_alias => { + :interface => "eth0:1", + :family => :inet, + :address => "193.63.75.105", + :prefix => "27" + }, + :external_ipv6 => { + :interface => "eth0", + :role => :external, + :family => :inet6, + :address => "2001:630:12:500:215:60ff:feaa:9956" + } + } + } +) + +override_attributes( + :networking => { + :nameservers => [ "8.8.8.8", "8.8.4.4" ], + :search => [ "ic.openstreetmap.org", "openstreetmap.org" ], + } +) + +run_list( + "role[ic]", + "role[wiki]" +) diff --git a/roles/lists.rb b/roles/lists.rb new file mode 100644 index 000000000..47f0deb5f --- /dev/null +++ b/roles/lists.rb @@ -0,0 +1,6 @@ +name "lists" +description "Role applied to all mailing list servers" + +run_list( + "recipe[mailman]" +) diff --git a/roles/lurien.rb b/roles/lurien.rb new file mode 100644 index 000000000..390040208 --- /dev/null +++ b/roles/lurien.rb @@ -0,0 +1,34 @@ +name "lurien" +description "Master role applied to lurien" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.64.1.22", + :prefix => "24", + :mtu => "9000" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "193.55.222.229", + :prefix => "24", + :gateway => "193.55.222.1" + } + } + }, + :squid => { + :cache_mem => "9000 MB", + :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + } +) + +run_list( + "role[paulla]", + "role[tilecache]" +) diff --git a/roles/lyonix.rb b/roles/lyonix.rb new file mode 100644 index 000000000..8233916fd --- /dev/null +++ b/roles/lyonix.rb @@ -0,0 +1,28 @@ +name "lyonix" +description "Role applied to all servers at LyonIX" + +default_attributes( + :accounts => { + :users => { + :lyonix => { :status => :administrator } + } + }, + :networking => { + :nameservers => [ "77.95.64.205", "77.95.64.206", "8.8.8.8", "8.8.4.4" ], + :roles => { + :external => { + :zone => "ly" + } + } + } +) + +override_attributes( + :ntp => { + :servers => [ "0.fr.pool.ntp.org", "1.fr.pool.ntp.org", "europe.pool.ntp.org" ] + } +) + +run_list( + "role[fr]" +) diff --git a/roles/munin.rb b/roles/munin.rb new file mode 100644 index 000000000..046360b0a --- /dev/null +++ b/roles/munin.rb @@ -0,0 +1,6 @@ +name "munin" +description "Role applied to all munin servers" + +run_list( + "recipe[munin::server]" +) diff --git a/roles/nepomuk.rb b/roles/nepomuk.rb new file mode 100644 index 000000000..8a1c3679c --- /dev/null +++ b/roles/nepomuk.rb @@ -0,0 +1,43 @@ +name "nepomuk" +description "Master role applied to nepomuk" + +default_attributes( + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "77.95.70.166", + :prefix => "27", + :gateway => "77.95.70.161" + }, + :external_ipv6 => { + :interface => "eth0", + :role => :external, + :family => :inet6, + :address => "2001:7f8:47:21::a6", + :prefix => "64", + :gateway => "2001:7f8:47:21::a1" + } + } + }, + :squid => { + :cache_mem => "7500 MB", + :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + }, + :sysfs => { + :hdd_tune => { + :comment => "Tune the queue for improved performance", + :parameters => { + "block/vda/queue/nr_requests" => "512", + "block/vda/queue/scheduler" => "noop" + } + } + } +) + +run_list( + "role[lyonix]", + "role[tilecache]" +) diff --git a/roles/nl.rb b/roles/nl.rb new file mode 100644 index 000000000..e42f1b222 --- /dev/null +++ b/roles/nl.rb @@ -0,0 +1,10 @@ +name "nl" +description "Role applied to all servers located in the Netherlands" + +override_attributes( + :country => "nl" +) + +run_list( + "role[base]" +) diff --git a/roles/no.rb b/roles/no.rb new file mode 100644 index 000000000..ce6e2bf02 --- /dev/null +++ b/roles/no.rb @@ -0,0 +1,10 @@ +name "no" +description "Role applied to all servers located in Norway" + +override_attributes( + :country => "no" +) + +run_list( + "role[base]" +) diff --git a/roles/nominatim.rb b/roles/nominatim.rb new file mode 100644 index 000000000..401f1f755 --- /dev/null +++ b/roles/nominatim.rb @@ -0,0 +1,49 @@ +name "nominatim" +description "Role applied to all nominatim servers" + +default_attributes( + :accounts => { + :users => { + :lonvia => { :status => :administrator }, + :twain => { :status => :administrator } + } + }, + :apache => { + :mpm => "event", + :timeout => 60, + :keepalive => false, + :event => { + :max_clients => 560, + :threads_per_child => 35 + } + }, + :apt => { + :sources => [ "ubuntugis-stable", "ubuntugis-unstable" ] + }, + :postgresql => { + :versions => [ "9.1" ], + :settings => { + :defaults => { + :max_connections => "450", + :synchronous_commit => "off", + :checkpoint_segments => "50", + :checkpoint_timeout => "10min", + :checkpoint_completion_target => "0.9", + :autovacuum_max_workers => "1" + } + } + }, + :sysctl => { + :postgres => { + :comment => "Increase shared memory for postgres", + :parameters => { + "kernel.shmmax" => 16 * 1024 * 1024 * 1024, + "kernel.shmall" => 16 * 1024 * 1024 * 1024 / 4096 + } + } + } +) + +run_list( + "recipe[nominatim]" +) diff --git a/roles/norbert.rb b/roles/norbert.rb new file mode 100644 index 000000000..c8356949a --- /dev/null +++ b/roles/norbert.rb @@ -0,0 +1,48 @@ +name "norbert" +description "Master role applied to norbert" + +default_attributes( + :accounts => { + :users => { + :yellowbkpk => { :status => :administrator } + } + }, + :exim => { + :aliases => { + :root => "yellowbkpk" + } + }, + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.5" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.100" + } + } + }, + :sysfs => { + :hdd_tune => { + :comment => "Tune the queue for improved performance", + :parameters => { + "block/cciss\!c0d0/queue/nr_requests" => "512", + "block/cciss\!c0d1/queue/nr_requests" => "512", + "block/cciss\!c0d0/queue/scheduler" => "noop", + "block/cciss\!c0d1/queue/scheduler" => "noop", + "block/sda/queue/nr_requests" => "512", + "block/sda/queue/scheduler" => "deadline" + } + } + } +) + +run_list( + "role[ucl-internal]" +) diff --git a/roles/orm.rb b/roles/orm.rb new file mode 100644 index 000000000..66a7e6dba --- /dev/null +++ b/roles/orm.rb @@ -0,0 +1,78 @@ +name "orm" +description "Master role applied to orm" + +default_attributes( + :munin => { + :plugins => { + :ipmi_fans => { + :Sys6 => { :graph => "no" }, + :Sys8 => { :graph => "no" } + }, + :sensors_fan => { + :fan3 => { :graph => "no" }, + :fan4 => { :graph => "no" }, + :fan5 => { :graph => "no" }, + :fan6 => { :graph => "no" }, + :fan7 => { :graph => "no" }, + :fan8 => { :graph => "no" }, + :fan9 => { :graph => "no" }, + :fan10 => { :graph => "no" }, + :fan11 => { :graph => "no" }, + :fan12 => { :graph => "no" } + }, + :sensors_volt => { + :contacts => "null", + } + } + }, + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "193.63.75.98" + }, + :external_ipv6 => { + :interface => "eth0", + :role => :external, + :family => :inet6, + :address => "2001:630:12:500:2e0:81ff:fec5:2a8c" + } + } + }, + :postgresql => { + :versions => [ "9.1" ], + :settings => { + :defaults => { + :shared_buffers => "8GB", + :maintenance_work_mem => "7144MB", + :effective_cache_size => "16GB" + } + } + }, + :sysctl => { + :postgres => { + :comment => "Increase shared memory for postgres", + :parameters => { + "kernel.shmmax" => 9 * 1024 * 1024 * 1024, + "kernel.shmall" => 9 * 1024 * 1024 * 1024 / 4096 + } + } + }, + :tile => { + :tile_directory => "/store/tiles", + :node_file => "/store/database/nodes" + } +) + +override_attributes( + :networking => { + :nameservers => [ "8.8.8.8", "8.8.4.4" ] + } +) + +run_list( + "role[ic]", + "role[tile]" +) diff --git a/roles/osqa.rb b/roles/osqa.rb new file mode 100644 index 000000000..f916361da --- /dev/null +++ b/roles/osqa.rb @@ -0,0 +1,19 @@ +name "osqa" +description "Role applied to all OSQA servers" + +default_attributes( + :accounts => { + :users => { + :osqa => { :status => :role } + } + }, + :osqa => { + :sites => [ + { :name => "help.openstreetmap.org" } + ] + } +) + +run_list( + "recipe[osqa]" +) diff --git a/roles/ouroboros.rb b/roles/ouroboros.rb new file mode 100644 index 000000000..4160db358 --- /dev/null +++ b/roles/ouroboros.rb @@ -0,0 +1,32 @@ +name "ouroboros" +description "Master role applied to ouroboros" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.172" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "193.63.75.106" + }, + :external_ipv6 => { + :interface => "eth1", + :role => :external, + :family => :inet6, + :address => "2001:630:12:500:223:7dff:feea:813a" + } + } + } +) + +run_list( + "role[ic]", + "role[wiki-new]" +) diff --git a/roles/ovh-ca.rb b/roles/ovh-ca.rb new file mode 100644 index 000000000..c2b90c116 --- /dev/null +++ b/roles/ovh-ca.rb @@ -0,0 +1,13 @@ +name "ovh-ca" +description "Role applied to all servers at OVH CA" + +override_attributes( + :ntp => { + :servers => [ "0.ca.pool.ntp.org", "1.ca.pool.ntp.org", "north-america.pool.ntp.org" ] + } +) + +run_list( + "role[ca]", + "role[ovh]" +) diff --git a/roles/ovh.rb b/roles/ovh.rb new file mode 100644 index 000000000..dba20da4b --- /dev/null +++ b/roles/ovh.rb @@ -0,0 +1,13 @@ +name "ovh" +description "Role applied to all servers at OVH" + +default_attributes( + :networking => { + :nameservers => [ "8.8.4.4", "213.186.33.99", "8.8.8.8" ], + :roles => { + :external => { + :zone => "ov" + } + } + } +) diff --git a/roles/owl.rb b/roles/owl.rb new file mode 100644 index 000000000..36301c01b --- /dev/null +++ b/roles/owl.rb @@ -0,0 +1,54 @@ +name "owl" +description "Role applied to all OWL servers" + +default_attributes( + :accounts => { + :users => { + :yellowbkpk => { :status => :user }, + :ppawel => { :status => :user }, + :owl => { + :status => :role, + :members => [ :yellowbkpk, :ppawel ] + }, + }, + :groups => { + :adm => { + :members => [ :yellowbkpk, :ppawel ] + } + } + }, + :apache => { + :mpm => "event" + }, + :apt => { + :sources => [ "brightbox-ruby-ng", "ubuntugis-stable", "ubuntugis-unstable" ] + }, + :postgresql => { + :versions => [ "9.1" ], + :settings => { + :defaults => { + :fsync => "off", + :checkpoint_segments => "30", + :checkpoint_completion_target => "0.9", + :random_page_cost => "2.0", + :log_min_duration_statement => "3000" + }, + "9.1" => { + :port => "5433" + } + } + }, + :sysctl => { + :postgres => { + :comment => "Increase shared memory for postgres", + :parameters => { + "kernel.shmmax" => 16 * 1024 * 1024 * 1024, + "kernel.shmall" => 16 * 1024 * 1024 * 1024 / 4096 + } + } + } +) + +run_list( + "recipe[owl]" +) diff --git a/roles/paulla.rb b/roles/paulla.rb new file mode 100644 index 000000000..91099f94d --- /dev/null +++ b/roles/paulla.rb @@ -0,0 +1,32 @@ +name "paulla" +description "Role applied to all servers at PauLLA" + +default_attributes( + :accounts => { + :users => { + :redfox => { :status => :administrator }, + :jpcw => { :status => :administrator } + } + }, + :munin => { + :allow => [ "10.64.1.11" ] + }, + :networking => { + :nameservers => [ "10.64.1.3", "194.167.156.13" ], + :roles => { + :external => { + :zone => "pa" + } + } + } +) + +override_attributes( + :ntp => { + :servers => [ "cannelle.paulla.asso.fr" ] + } +) + +run_list( + "role[fr]" +) diff --git a/roles/piwik.rb b/roles/piwik.rb new file mode 100644 index 000000000..7bf549ab0 --- /dev/null +++ b/roles/piwik.rb @@ -0,0 +1,12 @@ +name "piwik" +description "Role applied to all Piwik servers" + +default_attributes( + :apache => { + :mpm => "prefork", + } +) + +run_list( + "recipe[piwik]" +) diff --git a/roles/planet.rb b/roles/planet.rb new file mode 100644 index 000000000..88cc5c1b5 --- /dev/null +++ b/roles/planet.rb @@ -0,0 +1,49 @@ +name "planet" +description "Role applied to all planet servers" + +default_attributes( + :accounts => { + :users => { + :bretth => { :status => :user }, + :planet => { + :status => :role, + :members => [ :bretth ] + } + } + }, + :rsyncd => { + :modules => { + :planet => { + :comment => "Semi public planet.osm archive", + :path => "/store/planet", + :read_only => true, + :write_only => false, + :list => true, + :uid => "nobody", + :gid => "nogroup", + :transfer_logging => false, + :exclude => [ ".*" ], + :max_connections => 10, + :ignore_errors => true, + :ignore_nonreadable => true, + :timeout => 3600, + :refuse_options => [ "checksum" ] + } + } + }, + :apache => { + :mpm => "event", + :keepalive => false, + :event => { + :server_limit => 20, + :max_clients => 1000, + :threads_per_child => 50 + } + } +) + +run_list( + "recipe[planet]", + "recipe[nfs::server]", + "recipe[rsyncd]" +) diff --git a/roles/poldi.rb b/roles/poldi.rb new file mode 100644 index 000000000..77b905b36 --- /dev/null +++ b/roles/poldi.rb @@ -0,0 +1,66 @@ +name "poldi" +description "Master role applied to poldi" + +default_attributes( + :devices => { + :ubuntu => { + :comment => "RAID array backing the ubuntu volume group", + :type => "block", + :bus => "scsi", + :serial => "20004d927fffff800", + :attrs => { + "queue/scheduler" => "deadline" + } + }, + :nominatim => { + :comment => "RAID array backing the nominatim volume group", + :type => "block", + :bus => "scsi", + :serial => "20004d927fffff801", + :attrs => { + "queue/scheduler" => "deadline" + } + }, + :nominatim2 => { + :comment => "RAID array backing the nominatim2 volume group", + :type => "block", + :bus => "scsi", + :serial => "20004d927fffff802", + :attrs => { + "queue/scheduler" => "deadline" + } + } + }, + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.16" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.106" + } + } + }, + :postgresql => { + :settings => { + :defaults => { + :shared_buffers => "9GB", + :work_mem => "160MB", + :maintenance_work_mem => "9GB", + :random_page_cost => "1.5", + :effective_cache_size => "24GB" + } + } + } +) + +run_list( + "role[ucl-internal]", + "role[nominatim]" +) diff --git a/roles/prgmr.rb b/roles/prgmr.rb new file mode 100644 index 000000000..96319e004 --- /dev/null +++ b/roles/prgmr.rb @@ -0,0 +1,23 @@ +name "prgmr" +description "Role applied to all servers at prgmr.com" + +default_attributes( + :networking => { + :nameservers => [ "8.8.4.4", "65.19.174.2", "65.19.175.2" ], + :roles => { + :external => { + :zone => "pr" + } + } + } +) + +override_attributes( + :ntp => { + :servers => [ "0.us.pool.ntp.org", "1.us.pool.ntp.org", "2.us.pool.ntp.org" ] + } +) + +run_list( + "role[us]" +) diff --git a/roles/racs.rb b/roles/racs.rb new file mode 100644 index 000000000..a319a48bd --- /dev/null +++ b/roles/racs.rb @@ -0,0 +1,28 @@ +name "racs" +description "Role applied to all servers at Roy Adams Computer Services" + +default_attributes( + :accounts => { + :users => { + :kamy => { :status => :administrator } + } + }, + :networking => { + :nameservers => [ "8.8.8.8", "8.8.4.4" ], + :roles => { + :external => { + :zone => "ra" + } + } + } +) + +override_attributes( + :ntp => { + :servers => [ "0.au.pool.ntp.org", "1.au.pool.ntp.org", "oceania.pool.ntp.org" ] + } +) + +run_list( + "role[au]" +) diff --git a/roles/ramoth.rb b/roles/ramoth.rb new file mode 100644 index 000000000..927c349a2 --- /dev/null +++ b/roles/ramoth.rb @@ -0,0 +1,65 @@ +name "ramoth" +description "Master role applied to ramoth" + +default_attributes( + :db => { + :cluster => "9.1/main" + }, + :devices => { + :store_openstreetmap => { + :comment => "RAID array mounted on /store/postgresql/openstreetmap", + :type => "block", + :bus => "scsi", + :serial => "3600605b0039483a017092ecbe862082a", + :attrs => { + "queue/scheduler" => "deadline", + "queue/nr_requests" => "975" + } + }, + :store_system => { + :comment => "RAID array mounted on /store/postgresql/system", + :type => "block", + :bus => "scsi", + :serial => "3600605b0039483a017092ff8fa5a6332", + :attrs => { + "queue/scheduler" => "deadline", + "queue/nr_requests" => "975" + } + } + }, + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.170", + :hwaddress => "00:25:90:4b:05:9a" + } + } + }, + :postgresql => { + :settings => { + :defaults => { + :shared_buffers => "64GB", + :work_mem => "64MB", + :maintenance_work_mem => "1GB", + :effective_cache_size => "180GB" + } + } + }, + :sysctl => { + :postgres => { + :comment => "Increase shared memory for postgres", + :parameters => { + "kernel.shmmax" => 66 * 1024 * 1024 * 1024, + "kernel.shmall" => 66 * 1024 * 1024 * 1024 / 4096 + } + } + } +); + +run_list( + "role[ic]", + "role[db-master]" +) diff --git a/roles/ridgeback.rb b/roles/ridgeback.rb new file mode 100644 index 000000000..743987685 --- /dev/null +++ b/roles/ridgeback.rb @@ -0,0 +1,26 @@ +name "ridgeback" +description "Master role applied to ridgeback" + +default_attributes( + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "31.169.50.10", + :prefix => "30", + :gateway => "31.169.50.9" + } + } + }, + :squid => { + :cache_mem => "5500 MB", + :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + } +) + +run_list( + "role[blix-no]", + "role[tilecache]" +) diff --git a/roles/ridley.rb b/roles/ridley.rb new file mode 100644 index 000000000..c73baca1d --- /dev/null +++ b/roles/ridley.rb @@ -0,0 +1,88 @@ +name "ridley" +description "Master role applied to ridley" + +default_attributes( + :dhcpd =>{ + :first_address => "10.0.15.1", + :last_address => "10.0.15.254" + }, + :exim => { + :aliases => { + :root => "grant" + } + }, + :munin => { + :graphs => { + :apcpdu_ucl => { + :title => "Current for UCL", + :vlabel => "Amps", + :category => "Ups", + :values => { + :load => { + :sum => [ "apcpdu_apc1.load", "apcpdu_apc2.load", "apcpdu_apc3.load" ], + :label => "Load" + } + } + } + } + }, + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "128.40.168.102" + }, + :internal_ipv4 => { + :interface => "eth1", + :role => :internal, + :family => :inet, + :address => "10.0.0.3" + }, + } + }, + :openvpn => { + :address => "10.0.16.1", + :tunnels => { + :ic2ucl => { + :port => "1194", + :mode => "client", + :peer => { + :host => "horntail.openstreetmap.org", + :port => "1194" + } + }, + :shenron2ucl => { + :port => "1195", + :mode => "client", + :peer => { + :host => "shenron.openstreetmap.org", + :port => "1194" + } + }, + :firefishy => { + :port => "1196", + :mode => "client", + :peer => { + :host => "home.firefishy.com", + :port => "1194", + :address => "10.0.16.201" + } + } + } + } +) + +run_list( + "role[ucl-internal]", + "role[gateway]", + "role[foundation]", + "role[stateofthemap]", + "role[switch2osm]", + "role[blog]", + "role[otrs]", + "role[thinkup]", + "recipe[dhcpd]", + "recipe[openvpn]" +) diff --git a/roles/ru.rb b/roles/ru.rb new file mode 100644 index 000000000..4a0625753 --- /dev/null +++ b/roles/ru.rb @@ -0,0 +1,10 @@ +name "ru" +description "Role applied to all servers located in Russia" + +override_attributes( + :country => "ru" +) + +run_list( + "role[base]" +) diff --git a/roles/sarel.rb b/roles/sarel.rb new file mode 100644 index 000000000..f797afdda --- /dev/null +++ b/roles/sarel.rb @@ -0,0 +1,26 @@ +name "sarel" +description "Master role applied to sarel" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.12" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.97" + } + } + } +) + +run_list( + "role[ucl-internal]", + "role[yournavigation]" +) diff --git a/roles/se.rb b/roles/se.rb new file mode 100644 index 000000000..cab945af3 --- /dev/null +++ b/roles/se.rb @@ -0,0 +1,10 @@ +name "se" +description "Role applied to all servers located in Sweden" + +override_attributes( + :country => "se" +) + +run_list( + "role[base]" +) diff --git a/roles/shenron.rb b/roles/shenron.rb new file mode 100644 index 000000000..ef75b6015 --- /dev/null +++ b/roles/shenron.rb @@ -0,0 +1,58 @@ +name "shenron" +description "Master role applied to shenron" + +default_attributes( + :apache => { + :mpm => "event", + :event => { + :max_requests_per_child => 2000 + } + }, + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "89.16.179.150", + :prefix => "26", + :gateway => "89.16.179.129" + }, + :external_ipv6 => { + :interface => "eth0", + :role => :external, + :family => :inet6, + :address => "2001:41c8:0010:0996:21d:7dff:fec3:df70", + :prefix => "64", + :gateway => "fe80::1" + }, + } + }, + :openvpn => { + :address => "10.0.16.3", + :tunnels => { + :shenron2ucl => { + :port => "1194", + :mode => "server", + :peer => { + :host => "ridley.openstreetmap.org" + } + } + } + } +) + +run_list( + "role[bytemark]", + "role[mail]", + "role[lists]", + "role[git]", + "role[subversion]", + "role[trac]", + "role[osqa]", + "role[irc]", + "role[dns]", + "role[geodns]", + "role[chef-repository]", + "recipe[openvpn]" +) diff --git a/roles/smaug.rb b/roles/smaug.rb new file mode 100644 index 000000000..122c4d314 --- /dev/null +++ b/roles/smaug.rb @@ -0,0 +1,77 @@ +name "smaug" +description "Master role applied to smaug" + +default_attributes( + :accounts => { + :users => { + :gravitystorm => { :status => :user } + } + }, + :apt => { + :sources => [ "brightbox-ruby-ng" ] + }, + :db => { + :cluster => "9.1/main" + }, + :munin => { + :plugins => { + :ipmi_fans => { + :Fan4 => { :graph => "no" }, + :Fan7CPU1 => { :graph => "no" }, + :Fan8CPU2 => { :graph => "no" } + }, + :sensors_volt => { + :contacts => "null", + :volt10 => { + :warning => "3.11:3.50", + :critical => "2.98:3.63" + } + } + } + }, + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.168" + } + } + }, + :postgresql => { + :settings => { + :defaults => { + :shared_buffers => "16GB", + :work_mem => "32MB", + :maintenance_work_mem => "512MB", + :effective_cache_size => "45GB" + } + } + }, + :sysctl => { + :postgres => { + :comment => "Increase shared memory for postgres", + :parameters => { + "kernel.shmmax" => 17 * 1024 * 1024 * 1024, + "kernel.shmall" => 17 * 1024 * 1024 * 1024 / 4096 + } + }, + }, + :sysfs => { + :hdd_tune => { + :comment => "Tune the queue for improved performance", + :parameters => { + "block/sda/queue/nr_requests" => "512", + "block/sdb/queue/nr_requests" => "512", + "block/sda/queue/scheduler" => "noop", + "block/sdb/queue/scheduler" => "noop" + } + } + } +); + +run_list( + "role[ic]", + "role[db-slave]" +) diff --git a/roles/spike-01.rb b/roles/spike-01.rb new file mode 100644 index 000000000..84622aea0 --- /dev/null +++ b/roles/spike-01.rb @@ -0,0 +1,34 @@ +name "spike-01" +description "Master role applied to spike-01" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.162" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "193.63.75.99" + }, + :external_ipv6 => { + :interface => "eth1", + :role => :external, + :family => :inet6, + :address => "2001:630:12:500:21a:4bff:fea5:fd2a" + } + } + } +) + +run_list( + "role[ic]", + "role[web-frontend]", + "role[web-gpximport]", + "role[web-statistics]" +) diff --git a/roles/spike-02.rb b/roles/spike-02.rb new file mode 100644 index 000000000..b0152a02d --- /dev/null +++ b/roles/spike-02.rb @@ -0,0 +1,32 @@ +name "spike-02" +description "Master role applied to spike-02" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.163" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "193.63.75.100" + }, + :external_ipv6 => { + :interface => "eth1", + :role => :external, + :family => :inet6, + :address => "2001:630:12:500:219:bbff:fe39:3d9e" + } + } + } +) + +run_list( + "role[ic]", + "role[web-frontend]" +) diff --git a/roles/spike-03.rb b/roles/spike-03.rb new file mode 100644 index 000000000..433fd3cb8 --- /dev/null +++ b/roles/spike-03.rb @@ -0,0 +1,32 @@ +name "spike-03" +description "Master role applied to spike-03" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.171" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "193.63.75.103" + }, + :external_ipv6 => { + :interface => "eth1", + :role => :external, + :family => :inet6, + :address => "2001:630:12:500:219:bbff:fe39:8aba" + } + } + } +) + +run_list( + "role[ic]", + "role[web-frontend]" +) diff --git a/roles/stateofthemap.rb b/roles/stateofthemap.rb new file mode 100644 index 000000000..5afe706c2 --- /dev/null +++ b/roles/stateofthemap.rb @@ -0,0 +1,6 @@ +name "stateofthemap" +description "Role applied to State of the Map servers" + +run_list( + "recipe[stateofthemap]" +) diff --git a/roles/subversion.rb b/roles/subversion.rb new file mode 100644 index 000000000..19eff79b6 --- /dev/null +++ b/roles/subversion.rb @@ -0,0 +1,6 @@ +name "subversion" +description "Role applied to all subversion servers" + +run_list( + "recipe[subversion]" +) diff --git a/roles/switch2osm.rb b/roles/switch2osm.rb new file mode 100644 index 000000000..5b9eba097 --- /dev/null +++ b/roles/switch2osm.rb @@ -0,0 +1,6 @@ +name "switch2osm" +description "Role applied to switch2osm servers" + +run_list( + "recipe[switch2osm]" +) diff --git a/roles/tabaluga.rb b/roles/tabaluga.rb new file mode 100644 index 000000000..20b4494dc --- /dev/null +++ b/roles/tabaluga.rb @@ -0,0 +1,38 @@ +name "tabaluga" +description "Master role applied to tabaluga" + +default_attributes( + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "5.9.150.236", + :prefix => "27", + :gateway => "5.9.150.225" + }, + :external_ipv6 => { + :interface => "eth0", + :role => :external, + :family => :inet6, + :address => "2a01:4f8:190:33eb::2", + :prefix => "64", + :gateway => "fe80::1" + } + } + }, + :squid => { + :cache_mem => "12500 MB", + :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + }, + :tilecache => { + :ip_bucket_refill => "6144", + :net_bucket_refill => "24576" + } +) + +run_list( + "role[hetzner]", + "role[tilecache]" +) diff --git a/roles/teleservice.rb b/roles/teleservice.rb new file mode 100644 index 000000000..49f98d4b2 --- /dev/null +++ b/roles/teleservice.rb @@ -0,0 +1,23 @@ +name "teleservice" +description "Role applied to all servers at Teleservice" + +default_attributes( + :networking => { + :nameservers => [ "8.8.8.8", "8.8.4.4" ], + :roles => { + :external => { + :zone => "ts" + } + } + } +) + +override_attributes( + :ntp => { + :servers => [ "0.se.pool.ntp.org", "1.se.pool.ntp.org", "europe.pool.ntp.org" ] + } +) + +run_list( + "role[se]" +) diff --git a/roles/thinkup.rb b/roles/thinkup.rb new file mode 100644 index 000000000..d0df6286b --- /dev/null +++ b/roles/thinkup.rb @@ -0,0 +1,17 @@ +name "thinkup" +description "Role applied to all ThinkUp servers" + +default_attributes( + :accounts => { + :users => { + :thinkup => { :status => :role } + } + }, + :apache => { + :mpm => "prefork", + } +) + +run_list( + "recipe[thinkup]" +) diff --git a/roles/thorn-01.rb b/roles/thorn-01.rb new file mode 100644 index 000000000..65bbc810d --- /dev/null +++ b/roles/thorn-01.rb @@ -0,0 +1,20 @@ +name "thorn-01" +description "Master role applied to thorn-01" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.165" + } + } + } +) + +run_list( + "role[ic]", + "role[web-backend]" +) diff --git a/roles/thorn-02.rb b/roles/thorn-02.rb new file mode 100644 index 000000000..3bed1acc2 --- /dev/null +++ b/roles/thorn-02.rb @@ -0,0 +1,20 @@ +name "thorn-02" +description "Master role applied to thorn-02" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.166" + } + } + } +) + +run_list( + "role[ic]", + "role[web-backend]" +) diff --git a/roles/thorn-03.rb b/roles/thorn-03.rb new file mode 100644 index 000000000..da838574e --- /dev/null +++ b/roles/thorn-03.rb @@ -0,0 +1,20 @@ +name "thorn-03" +description "Master role applied to thorn-03" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "146.179.159.167" + } + } + } +) + +run_list( + "role[ic]", + "role[web-backend]" +) diff --git a/roles/tile-old.rb b/roles/tile-old.rb new file mode 100644 index 000000000..cc6750c54 --- /dev/null +++ b/roles/tile-old.rb @@ -0,0 +1,16 @@ +name "tile-old" +description "Role applied to all tile servers" + +default_attributes( + :apt => { + :sources => [ "pitti-postgresql" ] + }, + :sysctl => { + :sockets => { + :comment => "Increase size of connection queue", + :parameters => { + "net.core.somaxconn" => 10000 + } + } + } +) diff --git a/roles/tile.rb b/roles/tile.rb new file mode 100644 index 000000000..cc5a1ba56 --- /dev/null +++ b/roles/tile.rb @@ -0,0 +1,75 @@ +name "tile" +description "Role applied to all tile servers" + +default_attributes( + :accounts => { + :users => { + :tile => { + :status => :role, + :members => [ :jburgess, :tomh ] + }, + }, + }, + :apt => { + :sources => [ "ubuntugis-stable" ] + }, + :postgresql => { + :versions => [ "9.1" ], + :settings => { + :defaults => { + :temp_buffers => "32MB", + :work_mem => "128MB", + :wal_buffers => "1024kB", + :wal_writer_delay => "500ms", + :commit_delay => "10000", + :checkpoint_segments => "60" + } + } + }, + :sysctl => { + :sockets => { + :comment => "Increase size of connection queue", + :parameters => { + "net.core.somaxconn" => 10000 + } + } + }, + :tile => { + :database => { + :cluster => "9.1/main" + }, + :data => { + :world_boundaries => { + :url => "http://planet.openstreetmap.org/historical-shapefiles/world_boundaries-spherical.tgz" + }, + :shoreline => { + :url => "http://planet.openstreetmap.org/historical-shapefiles/shoreline_300.tar.bz2", + :directory => "shoreline_300" + }, + :admin_boundaries => { + :url => "http://www.naturalearthdata.com/http//www.naturalearthdata.com/download/110m/cultural/ne_110m_admin_0_boundary_lines_land.zip", + :directory => "ne_110m_admin_0_boundary_lines_land" + }, + :populated_places => { + :url => "http://www.naturalearthdata.com/http//www.naturalearthdata.com/download/10m/cultural/ne_10m_populated_places.zip", + :directory => "ne_10m_populated_places", + :original => "ne_10m_populated_places.shp", + :processed => "ne_10m_populated_places_fixed.shp" + }, + :processed => { + :url => "http://planet.openstreetmap.org/historical-shapefiles/processed_p.tar.bz2", + :directory => "processed_p" + } + }, + :styles => { + :default => { + :repository => "git://github.com/gravitystorm/openstreetmap-carto.git", + :revision => "v2.2.0" + } + } + } +) + +run_list( + "recipe[tile]" +) diff --git a/roles/tilecache.rb b/roles/tilecache.rb new file mode 100644 index 000000000..daaaddf2c --- /dev/null +++ b/roles/tilecache.rb @@ -0,0 +1,24 @@ +name "tilecache" +description "Role applied to all tile cache servers" + +default_attributes( + :sysctl => { + :network_conntrack_time_wait => { + :comment => "Only track completed connections for 30 seconds", + :parameters => { + "net.netfilter.nf_conntrack_tcp_timeout_time_wait" => "30" + } + }, + :squid_swappiness => { + :comment => "Prefer not to swapout to free memory", + :parameters => { + "vm.swappiness" => "30" + } + } + } +) + +run_list( + "role[geodns]", + "recipe[tilecache]" +) diff --git a/roles/trac.rb b/roles/trac.rb new file mode 100644 index 000000000..8f916ed13 --- /dev/null +++ b/roles/trac.rb @@ -0,0 +1,13 @@ +name "trac" +description "Role applied to all trac servers" + +default_attributes( + :accounts => { + :users => { + :trac => { :status => :role } + } + } +) +run_list( + "recipe[trac]" +) diff --git a/roles/trogdor.rb b/roles/trogdor.rb new file mode 100644 index 000000000..9523f5733 --- /dev/null +++ b/roles/trogdor.rb @@ -0,0 +1,26 @@ +name "trogdor" +description "Master role applied to trogdor" + +default_attributes( + :networking => { + :interfaces => { + :external_ipv4 => { + :interface => "eth0", + :role => :external, + :family => :inet, + :address => "134.90.146.26", + :prefix => "30", + :gateway => "134.90.146.25" + } + } + }, + :squid => { + :cache_mem => "6400 MB", + :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + } +) + +run_list( + "role[blix-nl]", + "role[tilecache]" +) diff --git a/roles/ucl-external.rb b/roles/ucl-external.rb new file mode 100644 index 000000000..d6ac52d5a --- /dev/null +++ b/roles/ucl-external.rb @@ -0,0 +1,12 @@ +name "ucl-external" +description "Role applied to all servers at UCL which are only on the external LAN" + +default_attributes( + :networking => { + :nameservers => [ "128.40.168.102", "8.8.8.8", "8.8.4.4" ] + } +) + +run_list( + "role[ucl]" +) diff --git a/roles/ucl-internal.rb b/roles/ucl-internal.rb new file mode 100644 index 000000000..6b88897e0 --- /dev/null +++ b/roles/ucl-internal.rb @@ -0,0 +1,13 @@ +name "ucl-internal" +description "Role applied to all servers at UCL which are on the internal LAN" + +override_attributes( + :networking => { + :nameservers => [ "10.0.0.3", "8.8.8.8", "8.8.4.4" ], + :search => [ "ucl.openstreetmap.org", "openstreetmap.org" ] + } +) + +run_list( + "role[ucl]" +) diff --git a/roles/ucl.rb b/roles/ucl.rb new file mode 100644 index 000000000..e61a04f7d --- /dev/null +++ b/roles/ucl.rb @@ -0,0 +1,44 @@ +name "ucl" +description "Role applied to all servers at UCL" + +default_attributes( + :bind => { + :forwarders => [ "144.82.100.1", "144.82.100.41" ] + }, + :networking => { + :roles => { + :internal => { + :inet => { + :prefix => "20", + :gateway => "10.0.0.3" + } + }, + :external => { + :zone => "ucl", + :inet => { + :prefix => "24", + :gateway => "128.40.168.126" + } + } + } + }, + :sysctl => { + :sack => { + :comment => "Disable SACK as the UCL firewall breaks it", + :parameters => { + "net.ipv4.tcp_sack" => "0" + } + } + } + +) + +override_attributes( + :ntp => { + :servers => [ "ntp1.ucl.ac.uk", "ntp2.ucl.ac.uk" ] + } +) + +run_list( + "role[gb]" +) diff --git a/roles/urmel.rb b/roles/urmel.rb new file mode 100644 index 000000000..eb0658d99 --- /dev/null +++ b/roles/urmel.rb @@ -0,0 +1,26 @@ +name "urmel" +description "Master role applied to urmel" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.6" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.96" + } + } + } +) + +run_list( + "role[ucl-internal]", + "role[munin]" +) diff --git a/roles/us.rb b/roles/us.rb new file mode 100644 index 000000000..8a5c456b7 --- /dev/null +++ b/roles/us.rb @@ -0,0 +1,10 @@ +name "us" +description "Role applied to all servers located in the USA" + +override_attributes( + :country => "us" +) + +run_list( + "role[base]" +) diff --git a/roles/web-backend.rb b/roles/web-backend.rb new file mode 100644 index 000000000..6c87efcbd --- /dev/null +++ b/roles/web-backend.rb @@ -0,0 +1,24 @@ +name "web-backend" +description "Role applied to all web/api backend servers" + +default_attributes( + :apache => { + :mpm => "worker", + :worker => { + :max_requests_per_child => 10000 + } + }, + :memcached => { + :memory_limit => 512 + }, + :web => { + :rails_daemon_limit => 12, + :rails_soft_memory_limit => 512, + :rails_hard_memory_limit => 2048 + } +) + +run_list( + "role[web]", + "recipe[web::backend]" +) diff --git a/roles/web-frontend.rb b/roles/web-frontend.rb new file mode 100644 index 000000000..7657b8267 --- /dev/null +++ b/roles/web-frontend.rb @@ -0,0 +1,40 @@ +name "web-frontend" +description "Role applied to all web/api frontend servers" + +default_attributes( + :apache => { + :mpm => "event", + :event => { + :server_limit => 40, + :max_clients => 1000, + :min_spare_threads => 50, + :max_spare_threads => 150, + :threads_per_child => 50, + :max_requests_per_child => 10000 + } + }, + :web => { + :rails_daemon_limit => 50, + :rails_soft_memory_limit => 192, + :rails_hard_memory_limit => 512 + }, + :exim => { + :local_domains => [ "messages.openstreetmap.org" ], + :trusted_users => [ "rails" ], + :routes => { + :messages => { + :comment => "messages.openstreetmap.org", + :domains => [ "messages.openstreetmap.org" ], + :command => "/srv/www.openstreetmap.org/rails/script/deliver-message $local_part", + :user => "rails", + :group => "rails", + :home_directory => "/srv/www.openstreetmap.org/rails" + } + } + } +) + +run_list( + "role[web]", + "recipe[web::frontend]" +) diff --git a/roles/web-gpximport.rb b/roles/web-gpximport.rb new file mode 100644 index 000000000..95ad87025 --- /dev/null +++ b/roles/web-gpximport.rb @@ -0,0 +1,7 @@ +name "web-gpximport" +description "Role applied to all web/api GPX import servers" + +run_list( + "role[web]", + "recipe[web::gpx]" +) diff --git a/roles/web-statistics.rb b/roles/web-statistics.rb new file mode 100644 index 000000000..578664b02 --- /dev/null +++ b/roles/web-statistics.rb @@ -0,0 +1,7 @@ +name "web-statistics" +description "Role applied to all web/api statistics generation servers" + +run_list( + "role[web]", + "recipe[web::statistics]" +) diff --git a/roles/web-storage.rb b/roles/web-storage.rb new file mode 100644 index 000000000..4dc1b3d79 --- /dev/null +++ b/roles/web-storage.rb @@ -0,0 +1,14 @@ +name "web-storage" +description "Base role applied to all web/api storage servers" + +default_attributes( + :accounts => { + :users => { + :rails => { :status => :role } + } + } +) + +run_list( + "recipe[nfs::server]" +) diff --git a/roles/web.rb b/roles/web.rb new file mode 100644 index 000000000..1e8c2666b --- /dev/null +++ b/roles/web.rb @@ -0,0 +1,27 @@ +name "web" +description "Role applied to all web/api servers" + +default_attributes( + :accounts => { + :users => { + :rails => { + :status => :role, + :members => [ :tomh, :grant ] + } + } + }, + :apt => { + :sources => [ "brightbox-ruby-ng" ] + }, + :nfs => { + "/store/rails" => { :host => "horntail", :path => "/store/rails" } + }, + :web => { + :status => "online", + :database_host => "db" + } +) + +run_list( + "recipe[nfs]" +) diff --git a/roles/wiki-new.rb b/roles/wiki-new.rb new file mode 100644 index 000000000..6b8f015a1 --- /dev/null +++ b/roles/wiki-new.rb @@ -0,0 +1,36 @@ +name "wiki-new" +description "Role applied to all wiki servers" + +default_attributes( + :accounts => { + :users => { + :wiki => { :status => :role } + } + }, + :exim => { + :trusted_users => [ "www-data" ], + :aliases => { + :root => "grant" + } + }, + :memcached => { + :memory_limit => 512, + :connection_limit => 8192, + :chunk_growth_factor => 1.05, + :min_item_size => 5 + }, + :apache => { + :mpm => "prefork", + :timeout => 30, + :event => { + :server_limit => 32, + :max_clients => 800, + :threads_per_child => 50, + :max_requests_per_child => 10000 + } + } +) + +run_list( + "recipe[mediawiki-new::wiki]" +) diff --git a/roles/wiki.rb b/roles/wiki.rb new file mode 100644 index 000000000..b1e16207e --- /dev/null +++ b/roles/wiki.rb @@ -0,0 +1,28 @@ +name "wiki" +description "Role applied to all wiki servers" + +default_attributes( + :accounts => { + :users => { + :wiki => { :status => :role } + } + }, + :exim => { + :trusted_users => [ "www-data" ], + :aliases => { + :root => "grant" + } + }, + :memcached => { + :tcp_port => 11000, + :udp_port => 11000, + :memory_limit => 512, + :connection_limit => 8192, + :chunk_growth_factor => 1.05, + :min_item_size => 5 + } +) + +run_list( + "recipe[mediawiki]" +) diff --git a/roles/xapi.rb b/roles/xapi.rb new file mode 100644 index 000000000..17e28fe21 --- /dev/null +++ b/roles/xapi.rb @@ -0,0 +1,10 @@ +name "xapi" +description "Role applied to all xapi servers" + +default_attributes( + :accounts => { + :users => { + :etienne => { :status => :user } + } + } +) diff --git a/roles/yandex.rb b/roles/yandex.rb new file mode 100644 index 000000000..fddf3a04c --- /dev/null +++ b/roles/yandex.rb @@ -0,0 +1,23 @@ +name "yandex" +description "Role applied to all servers at Yandex" + +default_attributes( + :networking => { + :nameservers => [ "8.8.8.8", "8.8.4.4" ], + :roles => { + :external => { + :zone => "yx" + } + } + } +) + +override_attributes( + :ntp => { + :servers => [ "0.ru.pool.ntp.org", "1.ru.pool.ntp.org", "europe.pool.ntp.org" ] + } +) + +run_list( + "role[ru]" +) diff --git a/roles/yevaud.rb b/roles/yevaud.rb new file mode 100644 index 000000000..8432757b1 --- /dev/null +++ b/roles/yevaud.rb @@ -0,0 +1,65 @@ +name "yevaud" +description "Master role applied to yevaud" + +default_attributes( + :munin => { + :plugins => { + :cpu => { + :system => { + :warning => 500, + :critical => 600 + } + }, + :load => { + :load => { + :warning => 150, + :critical => 200 + } + }, + :ipmi_fans => { + :contacts => "null", + }, + :ipmi_temp => { + :contacts => "null", + }, + :sensors_fan => { + :contacts => "null" + }, + :sensors_temp => { + :contacts => "null" + }, + :sensors_volt => { + :contacts => "null" + } + } + }, + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.15" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.104" + } + } + }, + :sysctl => { + :postgres => { + :comment => "Increase shared memory for postgres", + :parameters => { + "kernel.shmmax" => 4 * 1024 * 1024 * 1024 + } + } + } +); + +run_list( + "role[ucl-internal]", + "role[tile-old]" +) diff --git a/roles/yournavigation.rb b/roles/yournavigation.rb new file mode 100644 index 000000000..56e2a61e7 --- /dev/null +++ b/roles/yournavigation.rb @@ -0,0 +1,25 @@ +name "yournavigation" +description "Role applied to all yournavigation servers" + +default_attributes( + :accounts => { + :users => { + :lambertus => { :status => :administrator } + } + }, + :apache => { + :mpm => "prefork", + :timeout => 60, + :keepalive => false, + :prefork => { + :start_servers => 20, + :min_spare_servers => 20, + :max_spare_servers => 50, + :max_clients => 256, + } + } +) + +run_list( + "recipe[yournavigation]" +) diff --git a/roles/zark.rb b/roles/zark.rb new file mode 100644 index 000000000..3d187844e --- /dev/null +++ b/roles/zark.rb @@ -0,0 +1,36 @@ +name "zark" +description "Master role applied to zark" + +default_attributes( + :networking => { + :interfaces => { + :internal_ipv4 => { + :interface => "eth0", + :role => :internal, + :family => :inet, + :address => "10.0.0.8" + }, + :external_ipv4 => { + :interface => "eth1", + :role => :external, + :family => :inet, + :address => "128.40.168.107" + } + } + }, + :postgresql => { + :settings => { + :defaults => { + :shared_buffers => "2GB", + :work_mem => "8MB", + :maintenance_work_mem => "32MB", + :effective_cache_size => "4GB" + } + } + } +) + +run_list( + "role[ucl-internal]", + "role[owl]" +)