--- /dev/null
+name "au"
+description "Role applied to all servers located in Australia"
+
+override_attributes(
+ :country => "au"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "base"
+description "Base role applied to all servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :grant => { :status => :administrator },
+ :tomh => { :status => :administrator },
+ :matt => { :status => :administrator },
+ :jburgess => { :status => :administrator }
+ }
+ },
+ :apt => {
+ :sources => [ "openstreetmap" ]
+ },
+ :networking => {
+ :roles => {
+ :internal => { :metric => 200, :zone => "loc" },
+ :external => { :metric => 100 }
+ },
+ :search => [ "openstreetmap.org" ]
+ },
+ :sysctl => {
+ :panic => {
+ :comment => "Reboot automatically after a panic",
+ :parameters => { "kernel.panic" => "60" }
+ },
+ :blackhole => {
+ :comment => "Do TCP level MTU probing if we seem to have an ICMP blackhole",
+ :parameters => { "net.ipv4.tcp_mtu_probing" => "1" }
+ },
+ :network_buffers => {
+ :comment => "Tune network buffers",
+ :parameters => {
+ "net.core.rmem_max" => "16777216",
+ "net.core.wmem_max" => "16777216",
+ "net.ipv4.tcp_rmem" => "4096\t87380\t16777216",
+ "net.ipv4.tcp_wmem" => "4096\t65536\t16777216"
+ }
+ },
+ :network_backlog => {
+ :comment => "Increase maximum backlog for incoming network packets",
+ :parameters => { "net.core.netdev_max_backlog" => "2500" }
+ },
+ :network_conntrack_established => {
+ :comment => "Only track established connections for four hours",
+ :parameters => {
+ "net.netfilter.nf_conntrack_tcp_timeout_established" => "14400"
+ }
+ },
+ :tcp_syncookies => {
+ :comment => "Turn off syncookies as they interact badly with the firewall",
+ :parameters => {
+ "net.ipv4.tcp_syncookies" => "0"
+ }
+ }
+ },
+ :sysfs => {
+ :cpufreq_ondemand => {
+ :comment => "Tune the ondemand CPU frequency governor",
+ :parameters => {
+ "devices/system/cpu/cpufreq/ondemand/up_threshold" => "25",
+ "devices/system/cpu/cpufreq/ondemand/sampling_down_factor" => "10"
+ }
+ }
+ }
+)
+
+run_list(
+ "recipe[accounts]",
+ "recipe[apt]",
+ "recipe[chef]",
+ "recipe[devices]",
+ "recipe[hardware]",
+ "recipe[munin]",
+ "recipe[networking]",
+ "recipe[exim]",
+ "recipe[ntp]",
+ "recipe[openssh]",
+ "recipe[sysctl]",
+ "recipe[sysfs]",
+ "recipe[tools]"
+)
--- /dev/null
+name "blix-nl"
+description "Role applied to all servers at Blix NL"
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.nl.pool.ntp.org", "1.nl.pool.ntp.org", "europe.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[nl]",
+ "role[blix]"
+)
--- /dev/null
+name "blix-no"
+description "Role applied to all servers at Blix NO"
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.no.pool.ntp.org", "1.no.pool.ntp.org", "europe.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[no]",
+ "role[blix]"
+)
--- /dev/null
+name "blix"
+description "Role applied to all servers at Blix"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :blixadmin => { :status => :administrator }
+ }
+ },
+ :networking => {
+ :nameservers => [ "8.8.8.8", "8.8.4.4" ],
+ :roles => {
+ :external => {
+ :zone => "bx"
+ }
+ }
+ }
+)
--- /dev/null
+name "blog"
+description "Role applied to blog servers"
+
+run_list(
+ "recipe[blog]"
+)
--- /dev/null
+name "bunyip"
+description "Master role applied to bunyip"
+
+default_attributes(
+ :devices => {
+ :os1 => {
+ :comment => "First os disk",
+ :type => "block",
+ :bus => "cciss",
+ :serial => "3600508b1001844585154453137470008",
+ :attrs => {
+ "queue/scheduler" => "noop",
+ "queue/nr_requests" => "512"
+ }
+ },
+ :tile1 => {
+ :comment => "First tile disk",
+ :type => "block",
+ :bus => "cciss",
+ :serial => "3600508b1001844585154453137470009",
+ :owner => "proxy",
+ :attrs => {
+ "queue/scheduler" => "noop",
+ "queue/nr_requests" => "512"
+ }
+ },
+ :tile2 => {
+ :comment => "Second tile disk",
+ :type => "block",
+ :bus => "cciss",
+ :serial => "3600508b100184458515445313747000a",
+ :owner => "proxy",
+ :attrs => {
+ "queue/scheduler" => "noop",
+ "queue/nr_requests" => "512"
+ }
+ },
+ :tile3 => {
+ :comment => "Third tile disk",
+ :type => "block",
+ :bus => "cciss",
+ :serial => "3600508b100184458515445313747000b",
+ :owner => "proxy",
+ :attrs => {
+ "queue/scheduler" => "noop",
+ "queue/nr_requests" => "512"
+ }
+ },
+ :tile4 => {
+ :comment => "Fourth tile disk",
+ :type => "block",
+ :bus => "cciss",
+ :serial => "3600508b100184458515445313747000c",
+ :owner => "proxy",
+ :attrs => {
+ "queue/scheduler" => "noop",
+ "queue/nr_requests" => "512"
+ }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "203.26.72.12",
+ :prefix => "28",
+ :gateway => "203.26.72.14"
+ },
+ :external_ipv6 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet6,
+ :address => "2402:6400:1:6:217:8ff:fe56:40c3",
+ :prefix => "64"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "5000 MB",
+ :cache_dir => "coss /dev/cciss/c0d1 128000 block-size=8192 max-size=262144 membufs=80"
+ }
+)
+
+run_list(
+ "role[racs]",
+ "role[tilecache]"
+)
--- /dev/null
+name "bytemark"
+description "Role applied to all servers at Bytemark"
+
+default_attributes(
+ :networking => {
+ :nameservers => [ "2001:41c8:2::1", "2001:41c8:2::2", "80.68.80.24", "80.68.80.25" ],
+ :roles => {
+ :external => {
+ :zone => "bm"
+ }
+ }
+ }
+)
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.uk.pool.ntp.org", "1.uk.pool.ntp.org", "europe.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[gb]"
+)
--- /dev/null
+name "ca"
+description "Role applied to all servers located in Canada"
+
+override_attributes(
+ :country => "ca"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "chef-repository"
+description "Role applied to all chef repositories"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :lonvia => {
+ :status => :user,
+ :shell => "/usr/bin/git-shell"
+ },
+ :yellowbkpk => {
+ :status => :user,
+ :shell => "/usr/bin/git-shell"
+ },
+ :chefrepo => {
+ :status => :role,
+ :members => [ :tomh, :grant, :matt, :lonvia, :yellowbkpk ]
+ }
+ }
+ },
+ :chef => {
+ :repository => "/var/lib/git/chef.git"
+ }
+)
+
+run_list(
+ "recipe[chef::repository]"
+)
--- /dev/null
+name "chef-server"
+description "Role applied to all chef servers"
+
+run_list(
+ "recipe[chef::server]"
+)
--- /dev/null
+name "db-master"
+description "Role applied to all the master database server"
+
+default_attributes(
+ :postgresql => {
+ :versions => [ "9.1" ],
+ :settings => {
+ :defaults => {
+ :wal_level => "hot_standby",
+ :archive_mode => "on",
+ :archive_command => "/bin/cp %p /store/postgresql/system/archive/%f",
+ :max_wal_senders => "2",
+ :user_name_maps => {
+ :backup => [
+ { :system => "osmbackup", :postgres => "backup" }
+ ]
+ },
+ :early_authentication_rules => [
+ { :type => "local", :database => "all", :user => "backup", :method => "peer", :options => { :map => "backup" } }
+ ],
+ :late_authentication_rules => [
+ { :database => "replication", :user => "replication", :address => "146.179.159.168/32" }
+ ]
+ }
+ }
+ },
+ :rsyncd => {
+ :modules => {
+ :archive => {
+ :comment => "WAL Archive",
+ :path => "/store/postgresql/system/archive",
+ :read_only => true,
+ :write_only => false,
+ :list => false,
+ :uid => "postgres",
+ :gid => "postgres",
+ :transfer_logging => false,
+ :hosts_allow => [
+ "146.179.159.168"
+ ]
+ }
+ }
+ }
+)
+
+run_list(
+ "role[db]",
+ "recipe[db::master]",
+ "recipe[rsyncd]"
+)
--- /dev/null
+name "db"
+description "Role applied to all database servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :rails => {
+ :status => :role,
+ :members => [ :tomh, :grant ]
+ }
+ }
+ },
+ :munin => {
+ :plugins => {
+ :postgres_connections_openstreetmap => {
+ :waiting => {
+ :warning => 10,
+ :critical => 20
+ }
+ },
+ :postgres_locks_openstreetmap => {
+ :accesssharelock => {
+ :warning => 900,
+ :critical => 1000
+ },
+ :rowexclusivelock => {
+ :warning => 250,
+ :critical => 300
+ }
+ }
+ }
+ },
+ :nfs => {
+ "/store/rails" => { :host => "horntail", :path => "/store/rails" }
+ },
+ :postgresql => {
+ :versions => [ "9.1" ],
+ :settings => {
+ :defaults => {
+ :listen_addresses => "*",
+ :max_connections => "500",
+ :max_stack_depth => "7MB",
+ :checkpoint_segments => "32",
+ :checkpoint_completion_target => "0.8",
+ :late_authentication_rules => [
+ { :address => "146.179.159.160/27" }
+ ]
+ }
+ }
+ },
+ :sysctl => {
+ :swappiness => {
+ :comment => "Only swap in an emergency",
+ :parameters => {
+ "vm.swappiness" => 0
+ }
+ }
+ }
+)
+
+run_list(
+ "recipe[nfs]"
+)
--- /dev/null
+name "de"
+description "Role applied to all servers located in Germany"
+
+override_attributes(
+ :country => "de"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "dev"
+description "Role applied to all development servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :edgemaster => { :status => :administrator },
+ :emacsen => { :status => :administrator },
+ :twain => { :status => :user },
+ :bretth => { :status => :user },
+ :richard => { :status => :user },
+ :shaunmcdonald => { :status => :user },
+ :random => { :status => :user },
+ :steve8 => { :status => :user },
+ :blackadder => { :status => :user },
+ :timsc => { :status => :user },
+ :bobkare => { :status => :user },
+ :daveh => { :status => :user },
+ :gravitystorm => { :status => :user },
+ :fred => { :status => :user },
+ :nick => { :status => :user },
+ :deelkar => { :status => :user },
+ :simone => { :status => :user },
+ :mitjak => { :status => :user },
+ :htonl => { :status => :user },
+ :russ => { :status => :user },
+ :merio => { :status => :user },
+ :chippy => { :status => :user },
+ :joerichards => { :status => :user },
+ :pafciu17 => { :status => :user },
+ :ojw => { :status => :user },
+ :harrywood => { :status => :user },
+ :yellowbkpk => { :status => :user },
+ :apmon => { :status => :user },
+ :mackerski => { :status => :user },
+ :ldp => { :status => :user },
+ :mdaines => { :status => :user },
+ :dan => { :status => :user },
+ :ris => { :status => :user },
+ :nroets => { :status => :user },
+ :ollie => { :status => :user },
+ :mvexel => { :status => :user },
+ :tomchance => { :status => :user },
+ :lfrancke => { :status => :user },
+ :davidearl => { :status => :user },
+ :emacsen => { :status => :user },
+ :rweait => { :status => :user },
+ :ant => { :status => :user },
+ :milliams => { :status => :user },
+ :pierzen => { :status => :user },
+ :gregory => { :status => :user },
+ :bsupnik => { :status => :user },
+ :derick => { :status => :user },
+ :joshd => { :status => :user },
+ :maba => { :status => :user },
+ :pnorman => { :status => :user },
+ :csmale => { :status => :user },
+ :jgc => { :status => :user },
+ :cobra => { :status => :user },
+ :ppawel => { :status => :user },
+ :simon04 => { :status => :user },
+ :jfire => { :status => :user },
+ :malenki => { :status => :user },
+ :lonvia => { :status => :user },
+ :nicolas17 => { :status => :user },
+ :zverik => { :status => :user },
+ :ooc => {
+ :status => :role,
+ :members => [ :tomh, :blackadder, :timsc, :ollie ]
+ },
+ :apis => {
+ :status => :role,
+ :members => [ :tomh ]
+ },
+ :os => {
+ :status => :role,
+ :members => [ :tomh, :grant, :ollie ]
+ },
+ :gpsmid => {
+ :status => :role,
+ :members => [ :apmon, :maba ]
+ }
+ }
+ },
+ :apache => {
+ :mpm => "event",
+ :timeout => 30,
+ :event => {
+ :server_limit => 32,
+ :max_clients => 800,
+ :threads_per_child => 50,
+ :max_requests_per_child => 10000
+ }
+ },
+ :apt => {
+ :sources => [
+ "brightbox-ruby-ng",
+ "ubuntugis-stable", "ubuntugis-unstable",
+ "mapnik-v210"
+ ]
+ },
+ :dev => {
+ :ruby => "1.9.1",
+ :rails => {
+ :master => {
+ :repository => "git://git.openstreetmap.org/rails.git",
+ :revision => "master",
+ :aliases => [ "api06.dev.openstreetmap.org" ]
+ },
+ :forms => {
+ :repository => "git://github.com/tomhughes/openstreetmap-website.git",
+ :revision => "forms"
+ },
+ :routing => {
+ :repository => "git://github.com/apmon/openstreetmap-website.git",
+ :revision => "routing2"
+ },
+ :tomh => {
+ :repository => "git://github.com/tomhughes/openstreetmap-website.git",
+ :revision => "next"
+ },
+ :owl => {
+ :repository => "git://github.com/ppawel/openstreetmap-website.git",
+ :revision => "owl-history-tab"
+ },
+ :overpass => {
+ :repository => "git://github.com/drolbr/openstreetmap-website.git",
+ :revision => "master"
+ }
+ }
+ },
+ :postgresql => {
+ :versions => [ "9.1" ],
+ :settings => {
+ :defaults => {
+ :shared_buffers => "1GB",
+ :work_mem => "32MB",
+ :maintenance_work_mem => "64MB",
+ :max_stack_depth => "4MB",
+ :effective_cache_size => "4GB"
+ },
+ "9.1" => {
+ :port => "5433"
+ }
+ }
+ },
+ :sysctl => {
+ :postgres => {
+ :comment => "Increase shared memory for postgres",
+ :parameters => {
+ "kernel.shmall" => "4194304",
+ "kernel.shmmax" => "17179869184"
+ }
+ }
+ }
+)
+
+run_list(
+ "recipe[dev]"
+)
--- /dev/null
+name "dns"
+description "Role applied to DNS management servers"
+
+default_attributes(
+ :dns => {
+ :repository => "/var/lib/git/dns.git"
+ }
+)
+
+run_list(
+ "recipe[dns]"
+)
--- /dev/null
+name "draco"
+description "Master role applied to draco"
+
+default_attributes(
+ :apt => {
+ :sources => [ "ubuntugis-stable", "ubuntugis-unstable" ]
+ },
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.11"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.95"
+ }
+ }
+ },
+ :sysctl => {
+ :tune_cpu_scheduler => {
+ :comment => "Tune CPU scheduler for server scheduling",
+ :parameters => {
+ "kernel.sched_migration_cost" => 50000000,
+ "kernel.sched_autogroup_enabled" => 0
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]"
+)
--- /dev/null
+name "errol"
+description "Master role applied to errol"
+
+default_attributes(
+ :munin => {
+ :plugins => {
+ :sensors_fan => {
+ :contacts => "null"
+ },
+ :sensors_temp => {
+ :contacts => "null"
+ },
+ :sensors_volt => {
+ :contacts => "null",
+ :volt10 => {
+ :warning => "3.11:3.50",
+ :critical => "2.98:3.63"
+ }
+ }
+ }
+ },
+ :devices => {
+ :osdsk => {
+ :comment => "First os disk",
+ :type => "block",
+ :bus => "scsi",
+ :serial => "20004d927fffff800",
+ :attrs => {
+ "queue/scheduler" => "deadline",
+ "queue/nr_requests" => "512"
+ }
+ },
+ :homedsk => {
+ :comment => "First home disk",
+ :type => "block",
+ :bus => "scsi",
+ :serial => "20004d927fffff801",
+ :attrs => {
+ "queue/scheduler" => "deadline",
+ "queue/nr_requests" => "512"
+ }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.14"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.103"
+ }
+ }
+ }
+);
+
+run_list(
+ "role[ucl-external]",
+ "role[dev]"
+)
--- /dev/null
+name "eustace"
+description "Master role applied to eustace"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.9"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.101"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]",
+ "role[piwik]"
+)
--- /dev/null
+name "faffy"
+description "Master role applied to faffy"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.7"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.108"
+ }
+ }
+ },
+ :rsyncd => {
+ :modules => {
+ :agri_imagery => {
+ :comment => "AGRI Imagery Archive",
+ :path => "/mnt/md0/agri",
+ :read_only => true,
+ :write_only => false,
+ :list => true,
+ :uid => "nobody",
+ :gid => "nogroup",
+ :transfer_logging => false,
+ :exclude => [ ".*" ],
+ :max_connections => 10,
+ :ignore_errors => true,
+ :ignore_nonreadable => true,
+ :timeout => 3600,
+ :refuse_options => [ "checksum" ]
+ },
+ :agri_extra => {
+ :comment => "AGRI Extras Archive",
+ :path => "/var/www/agri.openstreetmap.org/download",
+ :read_only => true,
+ :write_only => false,
+ :list => true,
+ :uid => "nobody",
+ :gid => "nogroup",
+ :transfer_logging => false,
+ :exclude => [ ".*" ],
+ :max_connections => 10,
+ :ignore_errors => true,
+ :ignore_nonreadable => true,
+ :timeout => 3600,
+ :refuse_options => [ "checksum" ]
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]",
+ "recipe[rsyncd]"
+)
--- /dev/null
+name "firefishynet"
+description "Role applied to all servers at Firefishy"
+
+default_attributes(
+ :networking => {
+ :nameservers => [ "8.8.8.8", "8.8.4.4" ],
+ :roles => {
+ :external => {
+ :zone => "ff"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[gb]"
+)
--- /dev/null
+name "foundation"
+description "Role applied to all OSMF servers"
+
+default_attributes(
+ :apache => {
+ :mpm => "prefork",
+ :timeout => 60,
+ :keepalive => false
+ },
+ :apt => {
+ :sources => [ "brightbox", "aw-drupal" ]
+ },
+ :memcached => {
+ :memory_limit => 400,
+ :chunk_growth_factor => 1.05,
+ :min_item_size => 5
+ }
+)
+
+run_list(
+ "recipe[mediawiki]",
+ "recipe[civicrm]"
+)
--- /dev/null
+name "fr"
+description "Role applied to all servers located in France"
+
+override_attributes(
+ :country => "fr"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "fume"
+description "Master role applied to fume"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "85.30.190.241",
+ :prefix => "29",
+ :gateway => "85.30.190.246"
+ },
+ :external_ipv6 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet6,
+ :address => "2a02:80:0:3ff8:222:64ff:fe2a:2714",
+ :prefix => "64"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "16000 MB",
+ :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ },
+ :sysfs => {
+ :hdd_tune => {
+ :comment => "Tune the queue for improved performance",
+ :parameters => {
+ "block/cciss\!c0d0/queue/nr_requests" => "512",
+ "block/cciss\!c0d1/queue/nr_requests" => "512",
+ "block/cciss\!c0d0/queue/scheduler" => "noop",
+ "block/cciss\!c0d1/queue/scheduler" => "noop"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[teleservice]",
+ "role[tilecache]"
+)
--- /dev/null
+name "gateway"
+description "Role applied to all network gateways"
+
+default_attributes(
+ :sysctl => {
+ :network_forwarding => {
+ :comment => "Enable forwarding",
+ :parameters => { "net.ipv4.ip_forward" => "1" }
+ }
+ },
+ :exim => {
+ :relay_from_hosts => [ "10.0.0.0/8"]
+ }
+)
+
+run_list(
+ "recipe[bind]"
+)
--- /dev/null
+name "gb"
+description "Role applied to all servers located in the UK"
+
+override_attributes(
+ :country => "gb"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "geodns"
+description "Role applied to all geographic DNS servers"
+
+run_list(
+ "recipe[geodns]"
+)
--- /dev/null
+name "git"
+description "Role applied to all git servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :lonvia => {
+ :status => :user,
+ :shell => "/usr/bin/git-shell"
+ },
+ :translatewiki => {
+ :status => :user,
+ :shell => "/usr/bin/git-shell"
+ },
+ :git => {
+ :status => :role,
+ :members => [ :tomh, :grant, :matt, :lonvia, :translatewiki ]
+ }
+ }
+ },
+ :git => {
+ :host => "git.openstreetmap.org",
+ :directory => "/var/lib/git"
+ }
+)
+
+run_list(
+ "recipe[git::server]"
+)
--- /dev/null
+name "gorynych"
+description "Master role applied to gorynych"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "130.193.62.73",
+ :prefix => "29",
+ :gateway => "130.193.62.78"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "5800 MB",
+ :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ }
+)
+
+run_list(
+ "role[yandex]",
+ "role[tilecache]"
+)
--- /dev/null
+name "grisu"
+description "Master role applied to grisu"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :yellowbkpk => { :status => :administrator }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "142.4.213.166",
+ :prefix => "24",
+ :gateway => "142.4.213.254"
+ },
+ :external_ipv6 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet6,
+ :address => "2607:5300:60:12a6::1",
+ :prefix => "64",
+ :gateway => "2607:5300:60:12ff:ff:ff:ff:ff"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "9000 MB",
+ :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ }
+)
+
+run_list(
+ "role[ovh-ca]",
+ "role[tilecache]"
+)
--- /dev/null
+name "hetzner"
+description "Role applied to all servers at Hetzner"
+
+default_attributes(
+ :networking => {
+ :nameservers => [
+ "213.133.98.98",
+ "213.133.99.99",
+ "213.133.100.100",
+ "2a01:4f8:0:a111::add:9898",
+ "2a01:4f8:0:a102::add:9999",
+ "2a01:4f8:0:a0a1::add:1010"
+ ],
+ :roles => {
+ :external => {
+ :zone => "hz"
+ }
+ }
+ }
+)
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.de.pool.ntp.org", "1.de.pool.ntp.org", "europe.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[de]"
+)
--- /dev/null
+name "horntail"
+description "Master role applied to horntail"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :gravitystorm => { :status => :user }
+ }
+ },
+ :munin => {
+ :plugins => {
+ :ipmi_fans => {
+ :FAN1 => { :graph => "no" },
+ :FAN2 => { :graph => "no" },
+ :FAN3 => { :graph => "no" },
+ :FAN4 => { :graph => "no" },
+ :FAN5 => { :graph => "no" }
+ },
+ :sensors_fan => {
+ :fan1 => { :graph => "no" },
+ :fan2 => { :graph => "no" },
+ :fan3 => { :graph => "no" },
+ :fan4 => { :graph => "no" },
+ :fan5 => { :graph => "no" },
+ :fan6 => { :graph => "no" },
+ :fan9 => { :graph => "no" },
+ :fan10 => { :graph => "no" }
+ },
+ :sensors_volt => {
+ :contacts => "null",
+ :volt1 => {
+ :warning => "1.316:1.484",
+ :critical => "1.26:1.54"
+ },
+ :volt3 => {
+ :warning => "1.1:2.0",
+ :critical => "1.0:3.0"
+ },
+ :volt4 => {
+ :warning => "11.0:13.0",
+ :critical => "10.5:13.5"
+ }
+ }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "193.63.75.101"
+ },
+ :external_ipv6 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet6,
+ :address => "2001:630:12:500:202:b3ff:feec:eeac"
+ },
+ :internal_ipv4 => {
+ :interface => "eth1",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.164"
+ }
+ }
+ },
+ :openvpn => {
+ :address => "10.0.16.2",
+ :tunnels => {
+ :ic2ucl => {
+ :port => "1194",
+ :mode => "server",
+ :peer => {
+ :host => "ridley.openstreetmap.org"
+ }
+ }
+ }
+ },
+ :rsyncd => {
+ :modules => {
+ :hosts => {
+ :comment => "Host data",
+ :path => "/home/hosts",
+ :read_only => true,
+ :write_only => false,
+ :list => false,
+ :uid => "tomh",
+ :gid => "tomh",
+ :transfer_logging => false,
+ :hosts_allow => [
+ "89.16.179.150", # shenron
+ "2001:41c8:10:996:21d:7dff:fec3:df70", # shenron
+ "212.159.112.221" # grant
+ ]
+ },
+ :logs => {
+ :comment => "Log files",
+ :path => "/store/logs",
+ :read_only => false,
+ :write_only => true,
+ :list => false,
+ :uid => "www-data",
+ :gid => "www-data",
+ :transfer_logging => false,
+ :hosts_allow => [
+ "128.40.168.0/24", # ucl external
+ "146.179.159.160/27", # ic internal
+ "193.63.75.96/27", # ic external
+ "2001:630:12:500::/64", # ic external
+ "127.0.0.0/8", # localhost
+ "::1" # localhost
+ ]
+ },
+ :backup => {
+ :comment => "Backups",
+ :path => "/store/backup",
+ :read_only => false,
+ :write_only => true,
+ :list => false,
+ :uid => "osmbackup",
+ :gid => "osmbackup",
+ :transfer_logging => false,
+ :hosts_allow => [
+ "128.40.168.0/24", # ucl external
+ "146.179.159.160/27", # ic internal
+ "193.63.75.96/27", # ic external
+ "2001:630:12:500::/64", # ic external
+ "127.0.0.0/8", # localhost
+ "::1" # localhost
+ ]
+ }
+ }
+ }
+);
+
+run_list(
+ "role[ic]",
+ "role[gateway]",
+ "role[chef-server]",
+ "role[chef-repository]",
+ "role[planet]",
+ "role[web-storage]",
+ "recipe[rsyncd]",
+ "recipe[openvpn]"
+)
--- /dev/null
+name "ic"
+description "Role applied to all servers at Imperial College"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :icladmin => { :status => :user }
+ }
+ },
+ :networking => {
+ :nameservers => [ "146.179.159.164" ],
+ :roles => {
+ :internal => {
+ :inet => {
+ :prefix => "27",
+ :gateway => "146.179.159.164"
+ }
+ },
+ :external => {
+ :zone => "ic",
+ :inet => {
+ :prefix => "27",
+ :gateway => "193.63.75.97"
+ },
+ :inet6 => {
+ :prefix => "64",
+ :gateway => "fe80::5:73ff:fea0:1"
+ }
+ }
+ }
+ }
+)
+
+override_attributes(
+ :networking => {
+ :search => [ "ic.openstreetmap.org", "openstreetmap.org" ]
+ },
+ :ntp => {
+ :servers => [ "0.uk.pool.ntp.org", "1.uk.pool.ntp.org", "europe.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[gb]"
+)
--- /dev/null
+name "idris"
+description "Master role applied to idris"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.4"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.98"
+ }
+ }
+ },
+ :postgresql => {
+ :versions => [ "9.1" ],
+ :settings => {
+ :defaults => {
+ :shared_buffers => "1GB",
+ :maintenance_work_mem => "256MB",
+ :effective_cache_size => "2GB"
+ }
+ }
+ },
+ :sysctl => {
+ :postgres => {
+ :comment => "Increase shared memory for postgres",
+ :parameters => {
+ "kernel.shmmax" => 4 * 1024 * 1024 * 1024,
+ "kernel.shmall" => 4 * 1024 * 1024 * 1024 / 4096
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]",
+ "role[tile]"
+)
--- /dev/null
+name "irc"
+description "Role applied to all IRC gateways"
+
+run_list(
+ "recipe[cgiirc]"
+)
--- /dev/null
+name "jakelong"
+description "Master role applied to jakelong"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "64.62.205.202",
+ :prefix => "26",
+ :gateway => "64.62.205.193"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "650 MB",
+ :cache_dir => "coss /store/squid/coss-01 15000 block-size=8192 max-size=262144 membufs=30"
+ }
+)
+
+run_list(
+ "role[prgmr]",
+ "role[tilecache]"
+)
--- /dev/null
+name "katla"
+description "Master role applied to katla"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.173",
+ :hwaddress => "00:25:90:94:91:00"
+ }
+ }
+ }
+);
+
+run_list(
+ "role[ic]"
+)
--- /dev/null
+name "konqi"
+description "Master role applied to konqi"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "193.63.75.104"
+ },
+ :external_ipv4_alias => {
+ :interface => "eth0:1",
+ :family => :inet,
+ :address => "193.63.75.105",
+ :prefix => "27"
+ },
+ :external_ipv6 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet6,
+ :address => "2001:630:12:500:215:60ff:feaa:9956"
+ }
+ }
+ }
+)
+
+override_attributes(
+ :networking => {
+ :nameservers => [ "8.8.8.8", "8.8.4.4" ],
+ :search => [ "ic.openstreetmap.org", "openstreetmap.org" ],
+ }
+)
+
+run_list(
+ "role[ic]",
+ "role[wiki]"
+)
--- /dev/null
+name "lists"
+description "Role applied to all mailing list servers"
+
+run_list(
+ "recipe[mailman]"
+)
--- /dev/null
+name "lurien"
+description "Master role applied to lurien"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.64.1.22",
+ :prefix => "24",
+ :mtu => "9000"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "193.55.222.229",
+ :prefix => "24",
+ :gateway => "193.55.222.1"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "9000 MB",
+ :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ }
+)
+
+run_list(
+ "role[paulla]",
+ "role[tilecache]"
+)
--- /dev/null
+name "lyonix"
+description "Role applied to all servers at LyonIX"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :lyonix => { :status => :administrator }
+ }
+ },
+ :networking => {
+ :nameservers => [ "77.95.64.205", "77.95.64.206", "8.8.8.8", "8.8.4.4" ],
+ :roles => {
+ :external => {
+ :zone => "ly"
+ }
+ }
+ }
+)
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.fr.pool.ntp.org", "1.fr.pool.ntp.org", "europe.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[fr]"
+)
--- /dev/null
+name "munin"
+description "Role applied to all munin servers"
+
+run_list(
+ "recipe[munin::server]"
+)
--- /dev/null
+name "nepomuk"
+description "Master role applied to nepomuk"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "77.95.70.166",
+ :prefix => "27",
+ :gateway => "77.95.70.161"
+ },
+ :external_ipv6 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet6,
+ :address => "2001:7f8:47:21::a6",
+ :prefix => "64",
+ :gateway => "2001:7f8:47:21::a1"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "7500 MB",
+ :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ },
+ :sysfs => {
+ :hdd_tune => {
+ :comment => "Tune the queue for improved performance",
+ :parameters => {
+ "block/vda/queue/nr_requests" => "512",
+ "block/vda/queue/scheduler" => "noop"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[lyonix]",
+ "role[tilecache]"
+)
--- /dev/null
+name "nl"
+description "Role applied to all servers located in the Netherlands"
+
+override_attributes(
+ :country => "nl"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "no"
+description "Role applied to all servers located in Norway"
+
+override_attributes(
+ :country => "no"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "nominatim"
+description "Role applied to all nominatim servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :lonvia => { :status => :administrator },
+ :twain => { :status => :administrator }
+ }
+ },
+ :apache => {
+ :mpm => "event",
+ :timeout => 60,
+ :keepalive => false,
+ :event => {
+ :max_clients => 560,
+ :threads_per_child => 35
+ }
+ },
+ :apt => {
+ :sources => [ "ubuntugis-stable", "ubuntugis-unstable" ]
+ },
+ :postgresql => {
+ :versions => [ "9.1" ],
+ :settings => {
+ :defaults => {
+ :max_connections => "450",
+ :synchronous_commit => "off",
+ :checkpoint_segments => "50",
+ :checkpoint_timeout => "10min",
+ :checkpoint_completion_target => "0.9",
+ :autovacuum_max_workers => "1"
+ }
+ }
+ },
+ :sysctl => {
+ :postgres => {
+ :comment => "Increase shared memory for postgres",
+ :parameters => {
+ "kernel.shmmax" => 16 * 1024 * 1024 * 1024,
+ "kernel.shmall" => 16 * 1024 * 1024 * 1024 / 4096
+ }
+ }
+ }
+)
+
+run_list(
+ "recipe[nominatim]"
+)
--- /dev/null
+name "norbert"
+description "Master role applied to norbert"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :yellowbkpk => { :status => :administrator }
+ }
+ },
+ :exim => {
+ :aliases => {
+ :root => "yellowbkpk"
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.5"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.100"
+ }
+ }
+ },
+ :sysfs => {
+ :hdd_tune => {
+ :comment => "Tune the queue for improved performance",
+ :parameters => {
+ "block/cciss\!c0d0/queue/nr_requests" => "512",
+ "block/cciss\!c0d1/queue/nr_requests" => "512",
+ "block/cciss\!c0d0/queue/scheduler" => "noop",
+ "block/cciss\!c0d1/queue/scheduler" => "noop",
+ "block/sda/queue/nr_requests" => "512",
+ "block/sda/queue/scheduler" => "deadline"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]"
+)
--- /dev/null
+name "orm"
+description "Master role applied to orm"
+
+default_attributes(
+ :munin => {
+ :plugins => {
+ :ipmi_fans => {
+ :Sys6 => { :graph => "no" },
+ :Sys8 => { :graph => "no" }
+ },
+ :sensors_fan => {
+ :fan3 => { :graph => "no" },
+ :fan4 => { :graph => "no" },
+ :fan5 => { :graph => "no" },
+ :fan6 => { :graph => "no" },
+ :fan7 => { :graph => "no" },
+ :fan8 => { :graph => "no" },
+ :fan9 => { :graph => "no" },
+ :fan10 => { :graph => "no" },
+ :fan11 => { :graph => "no" },
+ :fan12 => { :graph => "no" }
+ },
+ :sensors_volt => {
+ :contacts => "null",
+ }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "193.63.75.98"
+ },
+ :external_ipv6 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet6,
+ :address => "2001:630:12:500:2e0:81ff:fec5:2a8c"
+ }
+ }
+ },
+ :postgresql => {
+ :versions => [ "9.1" ],
+ :settings => {
+ :defaults => {
+ :shared_buffers => "8GB",
+ :maintenance_work_mem => "7144MB",
+ :effective_cache_size => "16GB"
+ }
+ }
+ },
+ :sysctl => {
+ :postgres => {
+ :comment => "Increase shared memory for postgres",
+ :parameters => {
+ "kernel.shmmax" => 9 * 1024 * 1024 * 1024,
+ "kernel.shmall" => 9 * 1024 * 1024 * 1024 / 4096
+ }
+ }
+ },
+ :tile => {
+ :tile_directory => "/store/tiles",
+ :node_file => "/store/database/nodes"
+ }
+)
+
+override_attributes(
+ :networking => {
+ :nameservers => [ "8.8.8.8", "8.8.4.4" ]
+ }
+)
+
+run_list(
+ "role[ic]",
+ "role[tile]"
+)
--- /dev/null
+name "osqa"
+description "Role applied to all OSQA servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :osqa => { :status => :role }
+ }
+ },
+ :osqa => {
+ :sites => [
+ { :name => "help.openstreetmap.org" }
+ ]
+ }
+)
+
+run_list(
+ "recipe[osqa]"
+)
--- /dev/null
+name "ouroboros"
+description "Master role applied to ouroboros"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.172"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "193.63.75.106"
+ },
+ :external_ipv6 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet6,
+ :address => "2001:630:12:500:223:7dff:feea:813a"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ic]",
+ "role[wiki-new]"
+)
--- /dev/null
+name "ovh-ca"
+description "Role applied to all servers at OVH CA"
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.ca.pool.ntp.org", "1.ca.pool.ntp.org", "north-america.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[ca]",
+ "role[ovh]"
+)
--- /dev/null
+name "ovh"
+description "Role applied to all servers at OVH"
+
+default_attributes(
+ :networking => {
+ :nameservers => [ "8.8.4.4", "213.186.33.99", "8.8.8.8" ],
+ :roles => {
+ :external => {
+ :zone => "ov"
+ }
+ }
+ }
+)
--- /dev/null
+name "owl"
+description "Role applied to all OWL servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :yellowbkpk => { :status => :user },
+ :ppawel => { :status => :user },
+ :owl => {
+ :status => :role,
+ :members => [ :yellowbkpk, :ppawel ]
+ },
+ },
+ :groups => {
+ :adm => {
+ :members => [ :yellowbkpk, :ppawel ]
+ }
+ }
+ },
+ :apache => {
+ :mpm => "event"
+ },
+ :apt => {
+ :sources => [ "brightbox-ruby-ng", "ubuntugis-stable", "ubuntugis-unstable" ]
+ },
+ :postgresql => {
+ :versions => [ "9.1" ],
+ :settings => {
+ :defaults => {
+ :fsync => "off",
+ :checkpoint_segments => "30",
+ :checkpoint_completion_target => "0.9",
+ :random_page_cost => "2.0",
+ :log_min_duration_statement => "3000"
+ },
+ "9.1" => {
+ :port => "5433"
+ }
+ }
+ },
+ :sysctl => {
+ :postgres => {
+ :comment => "Increase shared memory for postgres",
+ :parameters => {
+ "kernel.shmmax" => 16 * 1024 * 1024 * 1024,
+ "kernel.shmall" => 16 * 1024 * 1024 * 1024 / 4096
+ }
+ }
+ }
+)
+
+run_list(
+ "recipe[owl]"
+)
--- /dev/null
+name "paulla"
+description "Role applied to all servers at PauLLA"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :redfox => { :status => :administrator },
+ :jpcw => { :status => :administrator }
+ }
+ },
+ :munin => {
+ :allow => [ "10.64.1.11" ]
+ },
+ :networking => {
+ :nameservers => [ "10.64.1.3", "194.167.156.13" ],
+ :roles => {
+ :external => {
+ :zone => "pa"
+ }
+ }
+ }
+)
+
+override_attributes(
+ :ntp => {
+ :servers => [ "cannelle.paulla.asso.fr" ]
+ }
+)
+
+run_list(
+ "role[fr]"
+)
--- /dev/null
+name "piwik"
+description "Role applied to all Piwik servers"
+
+default_attributes(
+ :apache => {
+ :mpm => "prefork",
+ }
+)
+
+run_list(
+ "recipe[piwik]"
+)
--- /dev/null
+name "planet"
+description "Role applied to all planet servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :bretth => { :status => :user },
+ :planet => {
+ :status => :role,
+ :members => [ :bretth ]
+ }
+ }
+ },
+ :rsyncd => {
+ :modules => {
+ :planet => {
+ :comment => "Semi public planet.osm archive",
+ :path => "/store/planet",
+ :read_only => true,
+ :write_only => false,
+ :list => true,
+ :uid => "nobody",
+ :gid => "nogroup",
+ :transfer_logging => false,
+ :exclude => [ ".*" ],
+ :max_connections => 10,
+ :ignore_errors => true,
+ :ignore_nonreadable => true,
+ :timeout => 3600,
+ :refuse_options => [ "checksum" ]
+ }
+ }
+ },
+ :apache => {
+ :mpm => "event",
+ :keepalive => false,
+ :event => {
+ :server_limit => 20,
+ :max_clients => 1000,
+ :threads_per_child => 50
+ }
+ }
+)
+
+run_list(
+ "recipe[planet]",
+ "recipe[nfs::server]",
+ "recipe[rsyncd]"
+)
--- /dev/null
+name "poldi"
+description "Master role applied to poldi"
+
+default_attributes(
+ :devices => {
+ :ubuntu => {
+ :comment => "RAID array backing the ubuntu volume group",
+ :type => "block",
+ :bus => "scsi",
+ :serial => "20004d927fffff800",
+ :attrs => {
+ "queue/scheduler" => "deadline"
+ }
+ },
+ :nominatim => {
+ :comment => "RAID array backing the nominatim volume group",
+ :type => "block",
+ :bus => "scsi",
+ :serial => "20004d927fffff801",
+ :attrs => {
+ "queue/scheduler" => "deadline"
+ }
+ },
+ :nominatim2 => {
+ :comment => "RAID array backing the nominatim2 volume group",
+ :type => "block",
+ :bus => "scsi",
+ :serial => "20004d927fffff802",
+ :attrs => {
+ "queue/scheduler" => "deadline"
+ }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.16"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.106"
+ }
+ }
+ },
+ :postgresql => {
+ :settings => {
+ :defaults => {
+ :shared_buffers => "9GB",
+ :work_mem => "160MB",
+ :maintenance_work_mem => "9GB",
+ :random_page_cost => "1.5",
+ :effective_cache_size => "24GB"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]",
+ "role[nominatim]"
+)
--- /dev/null
+name "prgmr"
+description "Role applied to all servers at prgmr.com"
+
+default_attributes(
+ :networking => {
+ :nameservers => [ "8.8.4.4", "65.19.174.2", "65.19.175.2" ],
+ :roles => {
+ :external => {
+ :zone => "pr"
+ }
+ }
+ }
+)
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.us.pool.ntp.org", "1.us.pool.ntp.org", "2.us.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[us]"
+)
--- /dev/null
+name "racs"
+description "Role applied to all servers at Roy Adams Computer Services"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :kamy => { :status => :administrator }
+ }
+ },
+ :networking => {
+ :nameservers => [ "8.8.8.8", "8.8.4.4" ],
+ :roles => {
+ :external => {
+ :zone => "ra"
+ }
+ }
+ }
+)
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.au.pool.ntp.org", "1.au.pool.ntp.org", "oceania.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[au]"
+)
--- /dev/null
+name "ramoth"
+description "Master role applied to ramoth"
+
+default_attributes(
+ :db => {
+ :cluster => "9.1/main"
+ },
+ :devices => {
+ :store_openstreetmap => {
+ :comment => "RAID array mounted on /store/postgresql/openstreetmap",
+ :type => "block",
+ :bus => "scsi",
+ :serial => "3600605b0039483a017092ecbe862082a",
+ :attrs => {
+ "queue/scheduler" => "deadline",
+ "queue/nr_requests" => "975"
+ }
+ },
+ :store_system => {
+ :comment => "RAID array mounted on /store/postgresql/system",
+ :type => "block",
+ :bus => "scsi",
+ :serial => "3600605b0039483a017092ff8fa5a6332",
+ :attrs => {
+ "queue/scheduler" => "deadline",
+ "queue/nr_requests" => "975"
+ }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.170",
+ :hwaddress => "00:25:90:4b:05:9a"
+ }
+ }
+ },
+ :postgresql => {
+ :settings => {
+ :defaults => {
+ :shared_buffers => "64GB",
+ :work_mem => "64MB",
+ :maintenance_work_mem => "1GB",
+ :effective_cache_size => "180GB"
+ }
+ }
+ },
+ :sysctl => {
+ :postgres => {
+ :comment => "Increase shared memory for postgres",
+ :parameters => {
+ "kernel.shmmax" => 66 * 1024 * 1024 * 1024,
+ "kernel.shmall" => 66 * 1024 * 1024 * 1024 / 4096
+ }
+ }
+ }
+);
+
+run_list(
+ "role[ic]",
+ "role[db-master]"
+)
--- /dev/null
+name "ridgeback"
+description "Master role applied to ridgeback"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "31.169.50.10",
+ :prefix => "30",
+ :gateway => "31.169.50.9"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "5500 MB",
+ :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ }
+)
+
+run_list(
+ "role[blix-no]",
+ "role[tilecache]"
+)
--- /dev/null
+name "ridley"
+description "Master role applied to ridley"
+
+default_attributes(
+ :dhcpd =>{
+ :first_address => "10.0.15.1",
+ :last_address => "10.0.15.254"
+ },
+ :exim => {
+ :aliases => {
+ :root => "grant"
+ }
+ },
+ :munin => {
+ :graphs => {
+ :apcpdu_ucl => {
+ :title => "Current for UCL",
+ :vlabel => "Amps",
+ :category => "Ups",
+ :values => {
+ :load => {
+ :sum => [ "apcpdu_apc1.load", "apcpdu_apc2.load", "apcpdu_apc3.load" ],
+ :label => "Load"
+ }
+ }
+ }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.102"
+ },
+ :internal_ipv4 => {
+ :interface => "eth1",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.3"
+ },
+ }
+ },
+ :openvpn => {
+ :address => "10.0.16.1",
+ :tunnels => {
+ :ic2ucl => {
+ :port => "1194",
+ :mode => "client",
+ :peer => {
+ :host => "horntail.openstreetmap.org",
+ :port => "1194"
+ }
+ },
+ :shenron2ucl => {
+ :port => "1195",
+ :mode => "client",
+ :peer => {
+ :host => "shenron.openstreetmap.org",
+ :port => "1194"
+ }
+ },
+ :firefishy => {
+ :port => "1196",
+ :mode => "client",
+ :peer => {
+ :host => "home.firefishy.com",
+ :port => "1194",
+ :address => "10.0.16.201"
+ }
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]",
+ "role[gateway]",
+ "role[foundation]",
+ "role[stateofthemap]",
+ "role[switch2osm]",
+ "role[blog]",
+ "role[otrs]",
+ "role[thinkup]",
+ "recipe[dhcpd]",
+ "recipe[openvpn]"
+)
--- /dev/null
+name "ru"
+description "Role applied to all servers located in Russia"
+
+override_attributes(
+ :country => "ru"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "sarel"
+description "Master role applied to sarel"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.12"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.97"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]",
+ "role[yournavigation]"
+)
--- /dev/null
+name "se"
+description "Role applied to all servers located in Sweden"
+
+override_attributes(
+ :country => "se"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "shenron"
+description "Master role applied to shenron"
+
+default_attributes(
+ :apache => {
+ :mpm => "event",
+ :event => {
+ :max_requests_per_child => 2000
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "89.16.179.150",
+ :prefix => "26",
+ :gateway => "89.16.179.129"
+ },
+ :external_ipv6 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet6,
+ :address => "2001:41c8:0010:0996:21d:7dff:fec3:df70",
+ :prefix => "64",
+ :gateway => "fe80::1"
+ },
+ }
+ },
+ :openvpn => {
+ :address => "10.0.16.3",
+ :tunnels => {
+ :shenron2ucl => {
+ :port => "1194",
+ :mode => "server",
+ :peer => {
+ :host => "ridley.openstreetmap.org"
+ }
+ }
+ }
+ }
+)
+
+run_list(
+ "role[bytemark]",
+ "role[mail]",
+ "role[lists]",
+ "role[git]",
+ "role[subversion]",
+ "role[trac]",
+ "role[osqa]",
+ "role[irc]",
+ "role[dns]",
+ "role[geodns]",
+ "role[chef-repository]",
+ "recipe[openvpn]"
+)
--- /dev/null
+name "smaug"
+description "Master role applied to smaug"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :gravitystorm => { :status => :user }
+ }
+ },
+ :apt => {
+ :sources => [ "brightbox-ruby-ng" ]
+ },
+ :db => {
+ :cluster => "9.1/main"
+ },
+ :munin => {
+ :plugins => {
+ :ipmi_fans => {
+ :Fan4 => { :graph => "no" },
+ :Fan7CPU1 => { :graph => "no" },
+ :Fan8CPU2 => { :graph => "no" }
+ },
+ :sensors_volt => {
+ :contacts => "null",
+ :volt10 => {
+ :warning => "3.11:3.50",
+ :critical => "2.98:3.63"
+ }
+ }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.168"
+ }
+ }
+ },
+ :postgresql => {
+ :settings => {
+ :defaults => {
+ :shared_buffers => "16GB",
+ :work_mem => "32MB",
+ :maintenance_work_mem => "512MB",
+ :effective_cache_size => "45GB"
+ }
+ }
+ },
+ :sysctl => {
+ :postgres => {
+ :comment => "Increase shared memory for postgres",
+ :parameters => {
+ "kernel.shmmax" => 17 * 1024 * 1024 * 1024,
+ "kernel.shmall" => 17 * 1024 * 1024 * 1024 / 4096
+ }
+ },
+ },
+ :sysfs => {
+ :hdd_tune => {
+ :comment => "Tune the queue for improved performance",
+ :parameters => {
+ "block/sda/queue/nr_requests" => "512",
+ "block/sdb/queue/nr_requests" => "512",
+ "block/sda/queue/scheduler" => "noop",
+ "block/sdb/queue/scheduler" => "noop"
+ }
+ }
+ }
+);
+
+run_list(
+ "role[ic]",
+ "role[db-slave]"
+)
--- /dev/null
+name "spike-01"
+description "Master role applied to spike-01"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.162"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "193.63.75.99"
+ },
+ :external_ipv6 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet6,
+ :address => "2001:630:12:500:21a:4bff:fea5:fd2a"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ic]",
+ "role[web-frontend]",
+ "role[web-gpximport]",
+ "role[web-statistics]"
+)
--- /dev/null
+name "spike-02"
+description "Master role applied to spike-02"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.163"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "193.63.75.100"
+ },
+ :external_ipv6 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet6,
+ :address => "2001:630:12:500:219:bbff:fe39:3d9e"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ic]",
+ "role[web-frontend]"
+)
--- /dev/null
+name "spike-03"
+description "Master role applied to spike-03"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.171"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "193.63.75.103"
+ },
+ :external_ipv6 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet6,
+ :address => "2001:630:12:500:219:bbff:fe39:8aba"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ic]",
+ "role[web-frontend]"
+)
--- /dev/null
+name "stateofthemap"
+description "Role applied to State of the Map servers"
+
+run_list(
+ "recipe[stateofthemap]"
+)
--- /dev/null
+name "subversion"
+description "Role applied to all subversion servers"
+
+run_list(
+ "recipe[subversion]"
+)
--- /dev/null
+name "switch2osm"
+description "Role applied to switch2osm servers"
+
+run_list(
+ "recipe[switch2osm]"
+)
--- /dev/null
+name "tabaluga"
+description "Master role applied to tabaluga"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "5.9.150.236",
+ :prefix => "27",
+ :gateway => "5.9.150.225"
+ },
+ :external_ipv6 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet6,
+ :address => "2a01:4f8:190:33eb::2",
+ :prefix => "64",
+ :gateway => "fe80::1"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "12500 MB",
+ :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ },
+ :tilecache => {
+ :ip_bucket_refill => "6144",
+ :net_bucket_refill => "24576"
+ }
+)
+
+run_list(
+ "role[hetzner]",
+ "role[tilecache]"
+)
--- /dev/null
+name "teleservice"
+description "Role applied to all servers at Teleservice"
+
+default_attributes(
+ :networking => {
+ :nameservers => [ "8.8.8.8", "8.8.4.4" ],
+ :roles => {
+ :external => {
+ :zone => "ts"
+ }
+ }
+ }
+)
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.se.pool.ntp.org", "1.se.pool.ntp.org", "europe.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[se]"
+)
--- /dev/null
+name "thinkup"
+description "Role applied to all ThinkUp servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :thinkup => { :status => :role }
+ }
+ },
+ :apache => {
+ :mpm => "prefork",
+ }
+)
+
+run_list(
+ "recipe[thinkup]"
+)
--- /dev/null
+name "thorn-01"
+description "Master role applied to thorn-01"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.165"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ic]",
+ "role[web-backend]"
+)
--- /dev/null
+name "thorn-02"
+description "Master role applied to thorn-02"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.166"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ic]",
+ "role[web-backend]"
+)
--- /dev/null
+name "thorn-03"
+description "Master role applied to thorn-03"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "146.179.159.167"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ic]",
+ "role[web-backend]"
+)
--- /dev/null
+name "tile-old"
+description "Role applied to all tile servers"
+
+default_attributes(
+ :apt => {
+ :sources => [ "pitti-postgresql" ]
+ },
+ :sysctl => {
+ :sockets => {
+ :comment => "Increase size of connection queue",
+ :parameters => {
+ "net.core.somaxconn" => 10000
+ }
+ }
+ }
+)
--- /dev/null
+name "tile"
+description "Role applied to all tile servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :tile => {
+ :status => :role,
+ :members => [ :jburgess, :tomh ]
+ },
+ },
+ },
+ :apt => {
+ :sources => [ "ubuntugis-stable" ]
+ },
+ :postgresql => {
+ :versions => [ "9.1" ],
+ :settings => {
+ :defaults => {
+ :temp_buffers => "32MB",
+ :work_mem => "128MB",
+ :wal_buffers => "1024kB",
+ :wal_writer_delay => "500ms",
+ :commit_delay => "10000",
+ :checkpoint_segments => "60"
+ }
+ }
+ },
+ :sysctl => {
+ :sockets => {
+ :comment => "Increase size of connection queue",
+ :parameters => {
+ "net.core.somaxconn" => 10000
+ }
+ }
+ },
+ :tile => {
+ :database => {
+ :cluster => "9.1/main"
+ },
+ :data => {
+ :world_boundaries => {
+ :url => "http://planet.openstreetmap.org/historical-shapefiles/world_boundaries-spherical.tgz"
+ },
+ :shoreline => {
+ :url => "http://planet.openstreetmap.org/historical-shapefiles/shoreline_300.tar.bz2",
+ :directory => "shoreline_300"
+ },
+ :admin_boundaries => {
+ :url => "http://www.naturalearthdata.com/http//www.naturalearthdata.com/download/110m/cultural/ne_110m_admin_0_boundary_lines_land.zip",
+ :directory => "ne_110m_admin_0_boundary_lines_land"
+ },
+ :populated_places => {
+ :url => "http://www.naturalearthdata.com/http//www.naturalearthdata.com/download/10m/cultural/ne_10m_populated_places.zip",
+ :directory => "ne_10m_populated_places",
+ :original => "ne_10m_populated_places.shp",
+ :processed => "ne_10m_populated_places_fixed.shp"
+ },
+ :processed => {
+ :url => "http://planet.openstreetmap.org/historical-shapefiles/processed_p.tar.bz2",
+ :directory => "processed_p"
+ }
+ },
+ :styles => {
+ :default => {
+ :repository => "git://github.com/gravitystorm/openstreetmap-carto.git",
+ :revision => "v2.2.0"
+ }
+ }
+ }
+)
+
+run_list(
+ "recipe[tile]"
+)
--- /dev/null
+name "tilecache"
+description "Role applied to all tile cache servers"
+
+default_attributes(
+ :sysctl => {
+ :network_conntrack_time_wait => {
+ :comment => "Only track completed connections for 30 seconds",
+ :parameters => {
+ "net.netfilter.nf_conntrack_tcp_timeout_time_wait" => "30"
+ }
+ },
+ :squid_swappiness => {
+ :comment => "Prefer not to swapout to free memory",
+ :parameters => {
+ "vm.swappiness" => "30"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[geodns]",
+ "recipe[tilecache]"
+)
--- /dev/null
+name "trac"
+description "Role applied to all trac servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :trac => { :status => :role }
+ }
+ }
+)
+run_list(
+ "recipe[trac]"
+)
--- /dev/null
+name "trogdor"
+description "Master role applied to trogdor"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :external_ipv4 => {
+ :interface => "eth0",
+ :role => :external,
+ :family => :inet,
+ :address => "134.90.146.26",
+ :prefix => "30",
+ :gateway => "134.90.146.25"
+ }
+ }
+ },
+ :squid => {
+ :cache_mem => "6400 MB",
+ :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ }
+)
+
+run_list(
+ "role[blix-nl]",
+ "role[tilecache]"
+)
--- /dev/null
+name "ucl-external"
+description "Role applied to all servers at UCL which are only on the external LAN"
+
+default_attributes(
+ :networking => {
+ :nameservers => [ "128.40.168.102", "8.8.8.8", "8.8.4.4" ]
+ }
+)
+
+run_list(
+ "role[ucl]"
+)
--- /dev/null
+name "ucl-internal"
+description "Role applied to all servers at UCL which are on the internal LAN"
+
+override_attributes(
+ :networking => {
+ :nameservers => [ "10.0.0.3", "8.8.8.8", "8.8.4.4" ],
+ :search => [ "ucl.openstreetmap.org", "openstreetmap.org" ]
+ }
+)
+
+run_list(
+ "role[ucl]"
+)
--- /dev/null
+name "ucl"
+description "Role applied to all servers at UCL"
+
+default_attributes(
+ :bind => {
+ :forwarders => [ "144.82.100.1", "144.82.100.41" ]
+ },
+ :networking => {
+ :roles => {
+ :internal => {
+ :inet => {
+ :prefix => "20",
+ :gateway => "10.0.0.3"
+ }
+ },
+ :external => {
+ :zone => "ucl",
+ :inet => {
+ :prefix => "24",
+ :gateway => "128.40.168.126"
+ }
+ }
+ }
+ },
+ :sysctl => {
+ :sack => {
+ :comment => "Disable SACK as the UCL firewall breaks it",
+ :parameters => {
+ "net.ipv4.tcp_sack" => "0"
+ }
+ }
+ }
+
+)
+
+override_attributes(
+ :ntp => {
+ :servers => [ "ntp1.ucl.ac.uk", "ntp2.ucl.ac.uk" ]
+ }
+)
+
+run_list(
+ "role[gb]"
+)
--- /dev/null
+name "urmel"
+description "Master role applied to urmel"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.6"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.96"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]",
+ "role[munin]"
+)
--- /dev/null
+name "us"
+description "Role applied to all servers located in the USA"
+
+override_attributes(
+ :country => "us"
+)
+
+run_list(
+ "role[base]"
+)
--- /dev/null
+name "web-backend"
+description "Role applied to all web/api backend servers"
+
+default_attributes(
+ :apache => {
+ :mpm => "worker",
+ :worker => {
+ :max_requests_per_child => 10000
+ }
+ },
+ :memcached => {
+ :memory_limit => 512
+ },
+ :web => {
+ :rails_daemon_limit => 12,
+ :rails_soft_memory_limit => 512,
+ :rails_hard_memory_limit => 2048
+ }
+)
+
+run_list(
+ "role[web]",
+ "recipe[web::backend]"
+)
--- /dev/null
+name "web-frontend"
+description "Role applied to all web/api frontend servers"
+
+default_attributes(
+ :apache => {
+ :mpm => "event",
+ :event => {
+ :server_limit => 40,
+ :max_clients => 1000,
+ :min_spare_threads => 50,
+ :max_spare_threads => 150,
+ :threads_per_child => 50,
+ :max_requests_per_child => 10000
+ }
+ },
+ :web => {
+ :rails_daemon_limit => 50,
+ :rails_soft_memory_limit => 192,
+ :rails_hard_memory_limit => 512
+ },
+ :exim => {
+ :local_domains => [ "messages.openstreetmap.org" ],
+ :trusted_users => [ "rails" ],
+ :routes => {
+ :messages => {
+ :comment => "messages.openstreetmap.org",
+ :domains => [ "messages.openstreetmap.org" ],
+ :command => "/srv/www.openstreetmap.org/rails/script/deliver-message $local_part",
+ :user => "rails",
+ :group => "rails",
+ :home_directory => "/srv/www.openstreetmap.org/rails"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[web]",
+ "recipe[web::frontend]"
+)
--- /dev/null
+name "web-gpximport"
+description "Role applied to all web/api GPX import servers"
+
+run_list(
+ "role[web]",
+ "recipe[web::gpx]"
+)
--- /dev/null
+name "web-statistics"
+description "Role applied to all web/api statistics generation servers"
+
+run_list(
+ "role[web]",
+ "recipe[web::statistics]"
+)
--- /dev/null
+name "web-storage"
+description "Base role applied to all web/api storage servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :rails => { :status => :role }
+ }
+ }
+)
+
+run_list(
+ "recipe[nfs::server]"
+)
--- /dev/null
+name "web"
+description "Role applied to all web/api servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :rails => {
+ :status => :role,
+ :members => [ :tomh, :grant ]
+ }
+ }
+ },
+ :apt => {
+ :sources => [ "brightbox-ruby-ng" ]
+ },
+ :nfs => {
+ "/store/rails" => { :host => "horntail", :path => "/store/rails" }
+ },
+ :web => {
+ :status => "online",
+ :database_host => "db"
+ }
+)
+
+run_list(
+ "recipe[nfs]"
+)
--- /dev/null
+name "wiki-new"
+description "Role applied to all wiki servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :wiki => { :status => :role }
+ }
+ },
+ :exim => {
+ :trusted_users => [ "www-data" ],
+ :aliases => {
+ :root => "grant"
+ }
+ },
+ :memcached => {
+ :memory_limit => 512,
+ :connection_limit => 8192,
+ :chunk_growth_factor => 1.05,
+ :min_item_size => 5
+ },
+ :apache => {
+ :mpm => "prefork",
+ :timeout => 30,
+ :event => {
+ :server_limit => 32,
+ :max_clients => 800,
+ :threads_per_child => 50,
+ :max_requests_per_child => 10000
+ }
+ }
+)
+
+run_list(
+ "recipe[mediawiki-new::wiki]"
+)
--- /dev/null
+name "wiki"
+description "Role applied to all wiki servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :wiki => { :status => :role }
+ }
+ },
+ :exim => {
+ :trusted_users => [ "www-data" ],
+ :aliases => {
+ :root => "grant"
+ }
+ },
+ :memcached => {
+ :tcp_port => 11000,
+ :udp_port => 11000,
+ :memory_limit => 512,
+ :connection_limit => 8192,
+ :chunk_growth_factor => 1.05,
+ :min_item_size => 5
+ }
+)
+
+run_list(
+ "recipe[mediawiki]"
+)
--- /dev/null
+name "xapi"
+description "Role applied to all xapi servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :etienne => { :status => :user }
+ }
+ }
+)
--- /dev/null
+name "yandex"
+description "Role applied to all servers at Yandex"
+
+default_attributes(
+ :networking => {
+ :nameservers => [ "8.8.8.8", "8.8.4.4" ],
+ :roles => {
+ :external => {
+ :zone => "yx"
+ }
+ }
+ }
+)
+
+override_attributes(
+ :ntp => {
+ :servers => [ "0.ru.pool.ntp.org", "1.ru.pool.ntp.org", "europe.pool.ntp.org" ]
+ }
+)
+
+run_list(
+ "role[ru]"
+)
--- /dev/null
+name "yevaud"
+description "Master role applied to yevaud"
+
+default_attributes(
+ :munin => {
+ :plugins => {
+ :cpu => {
+ :system => {
+ :warning => 500,
+ :critical => 600
+ }
+ },
+ :load => {
+ :load => {
+ :warning => 150,
+ :critical => 200
+ }
+ },
+ :ipmi_fans => {
+ :contacts => "null",
+ },
+ :ipmi_temp => {
+ :contacts => "null",
+ },
+ :sensors_fan => {
+ :contacts => "null"
+ },
+ :sensors_temp => {
+ :contacts => "null"
+ },
+ :sensors_volt => {
+ :contacts => "null"
+ }
+ }
+ },
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.15"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.104"
+ }
+ }
+ },
+ :sysctl => {
+ :postgres => {
+ :comment => "Increase shared memory for postgres",
+ :parameters => {
+ "kernel.shmmax" => 4 * 1024 * 1024 * 1024
+ }
+ }
+ }
+);
+
+run_list(
+ "role[ucl-internal]",
+ "role[tile-old]"
+)
--- /dev/null
+name "yournavigation"
+description "Role applied to all yournavigation servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :lambertus => { :status => :administrator }
+ }
+ },
+ :apache => {
+ :mpm => "prefork",
+ :timeout => 60,
+ :keepalive => false,
+ :prefork => {
+ :start_servers => 20,
+ :min_spare_servers => 20,
+ :max_spare_servers => 50,
+ :max_clients => 256,
+ }
+ }
+)
+
+run_list(
+ "recipe[yournavigation]"
+)
--- /dev/null
+name "zark"
+description "Master role applied to zark"
+
+default_attributes(
+ :networking => {
+ :interfaces => {
+ :internal_ipv4 => {
+ :interface => "eth0",
+ :role => :internal,
+ :family => :inet,
+ :address => "10.0.0.8"
+ },
+ :external_ipv4 => {
+ :interface => "eth1",
+ :role => :external,
+ :family => :inet,
+ :address => "128.40.168.107"
+ }
+ }
+ },
+ :postgresql => {
+ :settings => {
+ :defaults => {
+ :shared_buffers => "2GB",
+ :work_mem => "8MB",
+ :maintenance_work_mem => "32MB",
+ :effective_cache_size => "4GB"
+ }
+ }
+ }
+)
+
+run_list(
+ "role[ucl-internal]",
+ "role[owl]"
+)
projects / chef.git / commitdiff