Allow some extra apache processes to account for graceful termination

[chef.git] / roles / shenron.rb

diff --git a/roles/shenron.rb b/roles/shenron.rb
index 9009c08245aabe597d4c4f1a10caf42ccedaf50a..27a10f9c1af6bc77a0938df456c0fd8b8e0996cb 100644 (file)
--- a/roles/shenron.rb
+++ b/roles/shenron.rb
@@ -9,33 +9,24 @@ default_attributes(
       :max_spare_threads => 150
     }
   },
-  :apt => {
-    :sources => ["brightbox-ruby-ng"]
-  },
   :hardware => {
+    :hwmon => {
+      "platform_it87_552" => {
+        :ignore => %w[in6]
+      }
+    },
     :mcelog => {
       :enabled => false
     },
     :modules => [
       "it87"
     ]
-  },
-  :openvpn => {
-    :address => "10.0.16.3",
-    :tunnels => {
-      :shenron2ucl => {
-        :port => "1194",
-        :mode => "server",
-        :peer => {
-          :host => "ridley.openstreetmap.org"
-        }
-      }
-    }
   }
 )
 
 override_attributes(
   :networking => {
+    :dnssec => "false",
     :interfaces => {
       :external_ipv4 => {
         :interface => "eth0",
@@ -53,7 +44,11 @@ override_attributes(
         :prefix => "64",
         :gateway => "fe80::1"
       }
-    }
+    },
+    # Do not use Cloudflare Public DNS as it does not support ECS as required by https://www.spamhaus.org/organization/dnsblusage/
+    # https://www.spamhaus.org/news/article/816/service-update-spamhaus-dnsbl-users-who-query-via-cloudflare-dns-need-to-make-changes-to-email-set-up
+    :nameservers => ["8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844"],
+    :private_address => "10.0.16.100"
   }
 )
 
@@ -65,7 +60,5 @@ run_list(
   "role[trac]",
   "role[osqa]",
   "role[irc]",
-  "role[geodns]",
-  "recipe[blogs]",
-  "recipe[openvpn]"
+  "recipe[blogs]"
 )