Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
1912 lines (1734 sloc) 65.5 KB
#
# Please also update hieradata_aws/common.yaml
#
---
HIERA_SAFETY_CHECK: true
app_domain: 'dev.gov.uk'
app_domain_internal: 'dev.gov.uk'
node_class: &node_class
api:
apps:
- backdrop-read
- backdrop-write
asset_master:
apps:
- asset_env_sync
backend:
apps:
- asset-manager
- cache-clearing-service
- canary-backend
- collections-publisher
- contacts
- content-audit-tool
- content-data-admin
- content-performance-manager
- content-publisher
- content-tagger
- hmrc-manuals-api
- imminence
- kibana
- link-checker-api
- local-links-manager
- manuals-publisher
- maslow
- publisher
- release
- search-admin
- service-manual-publisher
- short-url-manager
- sidekiq-monitoring
- signon
- specialist-publisher
- support
- support-api
- support_api_csv_env_sync
- travel-advice-publisher
bouncer:
apps:
- bouncer
cache:
apps:
- router
content_store:
apps:
- content-store
calculators_frontend:
apps:
- calculators
- calendars
- finder-frontend
- licencefinder
- smartanswers
ckan:
apps:
- ckan
draft_cache:
apps:
- authenticating-proxy
- router
- router-api
draft_content_store:
apps:
- content-store
draft_frontend:
apps:
- collections
- email-alert-frontend
- frontend
- government-frontend
- manuals-frontend
- service-manual-frontend
- smartanswers
- static
email_alert_api:
apps:
- email-alert-api
- email-alert-service
frontend:
apps:
- canary-frontend
- collections
- email-alert-frontend
- feedback
- frontend
- government-frontend
- info-frontend
- manuals-frontend
- service-manual-frontend
- static
mapit:
apps:
- mapit
mirrorer:
apps:
- govuk-crawler-worker
publishing_api:
apps:
- publishing-api
router_backend:
apps:
- router-api
search:
apps:
- rummager
whitehall_backend:
apps:
- whitehall
whitehall_frontend:
apps:
- whitehall
govuk::node::s_base::node_apps:
<<: *node_class
# If the repository name is the same as the application name
# we don't need to explicitly declare the repository, but we
# need to add an empty hash
deployable_applications: &deployable_applications
asset-manager: {}
authenticating-proxy: {}
backdrop-read:
repository: 'backdrop'
backdrop-write:
repository: 'backdrop'
bouncer: {}
cache-clearing-service: {}
calculators: {}
calendars: {}
ckan:
repository: 'ckanext-datagovuk'
collections: {}
collections-publisher: {}
contacts:
repository: 'contacts-admin'
content-audit-tool: {}
content-data-admin: {}
content-performance-manager: {}
content-publisher: {}
content-store: {}
content-tagger: {}
email-alert-api: {}
email-alert-frontend: {}
email-alert-service: {}
feedback: {}
finder-frontend: {}
frontend: {}
government-frontend: {}
govuk-content-schemas: {}
govuk_crawler_worker: {}
govuk-puppet: {}
hmrc-manuals-api: {}
imminence: {}
info-frontend: {}
licencefinder:
repository: 'licence-finder'
link-checker-api: {}
local-links-manager: {}
manuals-frontend: {}
manuals-publisher: {}
mapit: {}
maslow: {}
publisher: {}
publishing-api: {}
release: {}
router: {}
router-api: {}
rummager: {}
search-admin: {}
service-manual-frontend: {}
service-manual-publisher: {}
short-url-manager: {}
sidekiq-monitoring: {}
signon: {}
smartanswers:
repository: 'smart-answers'
specialist-publisher: {}
static: {}
support: {}
support-api: {}
transition: {}
travel-advice-publisher: {}
whitehall: {}
apt_mirror_hostname: 'apt.publishing.service.gov.uk'
apt::apt_update_frequency: 'daily'
apt::purge_preferences_d: true
apt::purge_sources_list: true
apt::purge_sources_list_d: true
apt::purge:
preferences.d: true
sources.list: true
sources.list.d: true
apt::sources:
ubuntu:
location: 'http://gb.archive.ubuntu.com/ubuntu/'
release: '%{::lsbdistcodename}'
repos: 'main restricted universe multiverse'
ubuntu-updates:
location: 'http://gb.archive.ubuntu.com/ubuntu/'
release: '%{::lsbdistcodename}-updates'
repos: 'main restricted universe multiverse'
ubuntu-backports:
location: 'http://gb.archive.ubuntu.com/ubuntu/'
release: '%{::lsbdistcodename}-backports'
repos: 'main restricted universe multiverse'
ubuntu-security:
location: 'http://gb.archive.ubuntu.com/ubuntu/'
release: '%{::lsbdistcodename}-security'
repos: 'main restricted universe multiverse'
backup::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
base::packages::gems:
ruby-shadow:
ensure: 2.5.0
base::packages::packages:
- 'ack-grep'
- 'bzip2'
- 'daemontools'
- 'dnsutils'
- 'dstat'
- 'gettext'
- 'git'
- 'htop'
- 'iftop'
- 'iotop'
- 'iptraf'
- 'less'
- 'libc6-dev'
- 'libcurl4-openssl-dev'
- 'libreadline-dev'
- 'libreadline5'
- 'libsqlite3-dev'
- 'libxml2-dev'
- 'libxslt1-dev'
- 'logtail'
- 'mailutils'
- 'man-db'
- 'manpages'
- 'ncdu'
- 'pv'
- 'strace'
- 'tar'
- 'tcpdump'
- 'tmux'
- 'tree'
- 'update-notifier-common'
- 'unzip'
- 'vim-nox'
- 'xz-utils'
- 'zip'
collectd::plugin::tcp::metrics:
- 'ListenOverflows'
- 'ListenDrops'
- 'TCPLoss'
- 'TCPTimeouts'
- 'TCPFastRetrans'
- 'TCPLostRetransmit'
- 'TCPForwardRetrans'
- 'TCPSlowStartRetrans'
- 'CurrEstab'
- 'TCPAbortOnMemory'
- 'TCPBacklogDrop'
- 'AttemptFails'
- 'EstabResets'
- 'InErrs'
- 'ActiveOpens'
- 'PassiveOpens'
collectd::package::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
collectd::plugin::docker::repo: "https://github.com/alphagov/docker-collectd-plugin.git"
collectd::plugin::docker::commit: "e56ddb84536065786e0a55143faa8c6fc035c119"
duplicity::packages::version: '0.7.11-0ubuntu0ppa1263~ubuntu14.04.1'
environment_ip_prefix: '10.1'
filebeat::prospectors:
apt-history:
paths:
- '/var/log/apt/history.log'
tags:
- 'history'
fields:
application: 'apt'
multiline:
pattern: '^$'
negate: true
match: 'after'
timeout: 30
apt-term:
paths:
- '/var/log/apt/term.log'
tags:
- 'term'
fields:
application: 'apt'
dpkg:
paths:
- '/var/log/dpkg.log'
fields:
application: 'dpkg'
syslog:
paths:
- '/var/log/syslog'
- '/var/log/auth.log'
fields:
application: 'syslog'
unattended-upgrades:
paths:
- '/var/log/unattended-upgrades/unattended-upgrades.log'
- '/var/log/unattended-upgrades/unattended-upgrades-shutdown.log'
tags:
- 'unattended'
fields:
application: 'apt'
gdal::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk::apps::asset_manager::jwt_auth_secret: "%{hiera('jwt_auth_secret')}"
govuk::apps::asset_manager::mongodb_nodes:
- 'mongo-1.backend'
- 'mongo-2.backend'
- 'mongo-3.backend'
govuk::apps::asset_manager::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::asset_manager::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::asset_manager::unicorn_worker_processes: "16"
govuk::apps::asset_manager::nagios_memory_warning: 2500
govuk::apps::asset_manager::nagios_memory_critical: 2750
govuk::apps::authenticating_proxy::jwt_auth_secret: "%{hiera('jwt_auth_secret')}"
govuk::apps::bouncer::db_hostname: "transition-postgresql-slave-1.backend"
govuk::apps::bouncer::nagios_memory_warning: 1400
govuk::apps::bouncer::nagios_memory_critical: 1500
govuk::apps::bouncer::unicorn_worker_processes: "8"
govuk::apps::cache_clearing_service::enabled: true
govuk::apps::cache_clearing_service::nagios_memory_warning: 2750
govuk::apps::cache_clearing_service::nagios_memory_critical: 3000
govuk::apps::cache_clearing_service::puppetdb_node_url: 'http://puppetdb.cluster/v2/nodes'
govuk::apps::cache_clearing_service::rabbitmq_hosts:
- rabbitmq-1.backend
- rabbitmq-2.backend
- rabbitmq-3.backend
govuk::apps::cache_clearing_service::rabbitmq::queue_size_critical_threshold: 100000
govuk::apps::cache_clearing_service::rabbitmq::queue_size_warning_threshold: 80000
govuk::apps::ckan::db_hostname: "postgresql-primary-1.backend"
govuk::apps::ckan::db_port: 6432
govuk::apps::ckan::db_allow_prepared_statements: false
govuk::apps::ckan::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::ckan::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::ckan::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::ckan::ckan_site_url: "http://ckan.dev.gov.uk"
govuk::apps::ckan::gunicorn_worker_processes: "1"
govuk::apps::collections::nagios_memory_warning: 900
govuk::apps::collections::nagios_memory_critical: 1000
govuk::apps::collections_publisher::db_hostname: "mysql-master-1.backend"
govuk::apps::collections_publisher::jwt_auth_secret: "%{hiera('jwt_auth_secret')}"
govuk::apps::collections_publisher::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::collections_publisher::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::contacts::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::contacts::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::content_audit_tool::db_hostname: "postgresql-primary-1.backend"
govuk::apps::content_audit_tool::db_port: 6432
govuk::apps::content_audit_tool::db_allow_prepared_statements: false
govuk::apps::content_audit_tool::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::content_audit_tool::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::content_audit_tool::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::content_data_admin::db_hostname: "postgresql-primary-1.backend"
govuk::apps::content_data_admin::db_port: 6432
govuk::apps::content_data_admin::db_allow_prepared_statements: false
govuk::apps::content_data_admin::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::content_data_admin::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::content_data_admin::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::content_performance_manager::rabbitmq_user: "content_performance_manager"
govuk::apps::content_performance_manager::rabbitmq_password: "%{hiera('govuk::apps::content_performance_manager::rabbitmq::amqp_pass')}"
govuk::apps::content_performance_manager::db_hostname: "warehouse-postgresql-1.backend"
govuk::apps::content_performance_manager::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::content_performance_manager::rabbitmq_hosts:
- rabbitmq-1.backend
- rabbitmq-2.backend
- rabbitmq-3.backend
govuk::apps::content_performance_manager::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::content_performance_manager::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::content_publisher::db_hostname: "postgresql-primary-1.backend"
govuk::apps::content_publisher::db_port: 6432
govuk::apps::content_publisher::db_allow_prepared_statements: false
govuk::apps::content_publisher::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::content_publisher::jwt_auth_secret: "%{hiera('jwt_auth_secret')}"
govuk::apps::content_publisher::aws_region: "eu-west-1"
govuk::apps::content_publisher::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::content_publisher::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::content_store::nagios_memory_warning: 2600
govuk::apps::content_store::nagios_memory_critical: 2800
govuk::apps::content_store::unicorn_worker_processes: "8"
govuk::apps::content_tagger::db_hostname: "postgresql-primary-1.backend"
govuk::apps::content_tagger::db_port: 6432
govuk::apps::content_tagger::db_allow_prepared_statements: false
govuk::apps::content_tagger::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::content_tagger::enable_procfile_worker: true
govuk::apps::content_tagger::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::content_tagger::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::email_alert_api::enabled: true
govuk::apps::email_alert_api::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::email_alert_api::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::email_alert_api::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::email_alert_api::db_hostname: 'postgresql-primary-1.backend'
govuk::apps::email_alert_api::db_password: "%{hiera('govuk::apps::email_alert_api::db::password')}"
govuk::apps::email_alert_api::db_port: 6432
govuk::apps::email_alert_api::db_allow_prepared_statements: false
govuk::apps::email_alert_api::nagios_memory_warning: 1200
govuk::apps::email_alert_api::nagios_memory_critical: 1500
govuk::apps::email_alert_api::unicorn_worker_processes: '4'
# This list should be kept in sync with https://www.notifications.service.gov.uk/services/ecfc7e2f-5145-45a6-9413-5d9b6e813ea9/users
govuk::apps::email_alert_api::email_address_override_whitelist:
- govuk-email-courtesy-copies@digital.cabinet-office.gov.uk
- bevan.loon@digital.cabinet-office.gov.uk
- complaint@simulator.amazonses.com
- deborah.chua@digital.cabinet-office.gov.uk
- kevin.dew@digital.cabinet-office.gov.uk
- ruben.arakelyan@digital.cabinet-office.gov.uk
- thomas.leese@digital.cabinet-office.gov.uk
- tijmen.brommet@digital.cabinet-office.gov.uk
govuk::apps::email_alert_service::enabled: true
govuk::apps::email_alert_service::rabbitmq_hosts:
- rabbitmq-1.backend
- rabbitmq-2.backend
- rabbitmq-3.backend
govuk::apps::email_alert_service::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::email_alert_service::rabbitmq::queue_size_critical_threshold: 25
govuk::apps::email_alert_service::rabbitmq::queue_size_warning_threshold: 5
govuk::apps::finder_frontend::enabled: true
govuk::apps::finder_frontend::nagios_memory_warning: 2000
govuk::apps::finder_frontend::nagios_memory_critical: 2500
govuk::apps::finder_frontend::unicorn_worker_processes: "4"
govuk::apps::frontend::nagios_memory_warning: 1200
govuk::apps::frontend::nagios_memory_critical: 1400
govuk::apps::frontend::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::frontend::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::frontend::unicorn_worker_processes: "4"
govuk::apps::government_frontend::nagios_memory_warning: 2500
govuk::apps::government_frontend::nagios_memory_critical: 2800
govuk::apps::government_frontend::unicorn_worker_processes: "8"
govuk::apps::kibana::logit_account: 1c6b2316-16e2-4ca5-a3df-ff18631b0e74
govuk::apps::link_checker_api::db_hostname: "postgresql-primary-1.backend"
govuk::apps::link_checker_api::db_port: 6432
govuk::apps::link_checker_api::db_allow_prepared_statements: false
govuk::apps::link_checker_api::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
# Hardcoded to redis-2 to improve performance
# This setting is overridden in `development.yaml`
govuk::apps::link_checker_api::redis_host: "redis-2.backend"
govuk::apps::link_checker_api::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::manuals_publisher::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::manuals_publisher::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::mapit::gdal_version: "1.11.5"
govuk::apps::publisher::jwt_auth_secret: "%{hiera('jwt_auth_secret')}"
govuk::apps::publisher::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::publisher::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::publisher::email_group_dev: 'govuk-dev@digital.cabinet-office.gov.uk'
govuk::apps::publisher::email_group_business: 'govuk-dev@digital.cabinet-office.gov.uk'
govuk::apps::publisher::email_group_citizen: 'govuk-dev@digital.cabinet-office.gov.uk'
govuk::apps::short_url_manager::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::short_url_manager::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::support_api::zendesk_client_username: 'zd-api-govt@digital.cabinet-office.gov.uk/token'
govuk::apps::whitehall::admin_db_hostname: whitehall-master.mysql
govuk::apps::whitehall::admin_key_space_limit: '262144'
govuk::apps::whitehall::admin_db_name: whitehall_production
govuk::apps::whitehall::admin_db_password: "%{hiera('govuk::apps::whitehall::db::mysql_whitehall_admin')}"
govuk::apps::whitehall::admin_db_username: whitehall
govuk::apps::whitehall::db_hostname: whitehall-slave.mysql
govuk::apps::whitehall::db_name: whitehall_production
govuk::apps::whitehall::db_password: "%{hiera('govuk::apps::whitehall::db::mysql_whitehall')}"
govuk::apps::whitehall::db_username: whitehall_fe
govuk::apps::whitehall::jwt_auth_secret: "%{hiera('jwt_auth_secret')}"
govuk::apps::whitehall::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::whitehall::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::whitehall::procfile_worker_process_count: 2
govuk::apps::whitehall::db::whitehall_fe_password: "%{hiera('mysql_whitehall_frontend')}"
# FIXME: The API can be crawled when https://github.com/alphagov/govuk_crawler_worker/issues/97 is fixed.
govuk::apps::govuk_crawler_worker::blacklist_paths:
- '/api/'
- '/apply-for-a-licence'
- '/business-finance-support-finder'
- '/drug-device-alerts.atom'
- '/drug-safety-update.atom'
- '/foreign-travel-advice.atom'
- '/government/announcements.atom'
- '/government/publications.atom'
- '/government/statistics.atom'
- '/government/uploads'
- '/licence-finder'
- '/search'
govuk::apps::govuk_crawler_worker::enabled: true
govuk::apps::govuk_crawler_worker::root_urls:
- "https://assets.%{hiera('app_domain')}"
- "https://www.%{hiera('app_domain')}"
govuk::apps::imminence::mongodb_nodes:
- 'mongo-1.backend'
- 'mongo-2.backend'
- 'mongo-3.backend'
govuk::apps::imminence::redis_host: 'redis-1.backend'
govuk::apps::imminence::redis_port: '6379'
govuk::apps::imminence::nagios_memory_warning: 1200
govuk::apps::imminence::nagios_memory_critical: 1400
govuk::apps::imminence::unicorn_worker_processes: "4"
govuk::apps::info_frontend::enabled: true
govuk::apps::info_frontend::vhost_aliases:
- 'info-frontend'
govuk::apps::local_links_manager::db_hostname: "postgresql-primary-1.backend"
govuk::apps::local_links_manager::db_port: 6432
govuk::apps::local_links_manager::db_allow_prepared_statements: false
govuk::apps::local_links_manager::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::local_links_manager::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::local_links_manager::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::local_links_manager::unicorn_worker_processes: "4"
govuk::apps::mapit::enabled: true
govuk::apps::rummager::rabbitmq_hosts:
- rabbitmq-1.backend
- rabbitmq-2.backend
- rabbitmq-3.backend
govuk::apps::licencefinder::mongodb_nodes:
- 'mongo-1.backend'
- 'mongo-2.backend'
- 'mongo-3.backend'
govuk::apps::publishing_api::content_store: "https://content-store.%{hiera('app_domain')}"
govuk::apps::publishing_api::db_hostname: "postgresql-primary-1.backend"
govuk::apps::publishing_api::db_port: 6432
govuk::apps::publishing_api::db_allow_prepared_statements: false
govuk::apps::publishing_api::draft_content_store: "https://draft-content-store.%{hiera('app_domain')}"
govuk::apps::publishing_api::rabbitmq_hosts:
- rabbitmq-1.backend
- rabbitmq-2.backend
- rabbitmq-3.backend
govuk::apps::publishing_api::rabbitmq_password: "%{hiera('govuk::apps::publishing_api::rabbitmq::amqp_pass')}"
# Hardcoded to redis-2 to improve performance
# This setting is overridden in `development.yaml`
govuk::apps::publishing_api::redis_host: "redis-2.backend"
govuk::apps::publishing_api::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::publishing_api::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::publishing_api::govuk_content_schemas_path: '/data/apps/govuk-content-schemas/current'
govuk::apps::publishing_api::nagios_memory_warning: 2000
govuk::apps::publishing_api::nagios_memory_critical: 2500
govuk::apps::release::db_hostname: "master.mysql"
govuk::apps::release::db_username: "release"
govuk::apps::release::db_password: "%{hiera('govuk::apps::release::db::mysql_release')}"
govuk::apps::release::github_username: "govuk-ci"
govuk::apps::rummager::nagios_memory_warning: 4600
govuk::apps::rummager::nagios_memory_critical: 4900
govuk::apps::rummager::enable_bulk_reindex_listener: true
govuk::apps::rummager::enable_govuk_index_listener: true
govuk::apps::rummager::enable_publishing_listener: true
govuk::apps::rummager::rabbitmq::enable_bulk_reindex_listener: true
govuk::apps::rummager::rabbitmq::enable_govuk_index_listener: true
govuk::apps::rummager::rabbitmq::enable_publishing_listener: true
govuk::apps::rummager::rabbitmq_user: 'rummager-v2'
govuk::apps::rummager::redis_host: 'api-redis-1.api'
govuk::apps::rummager::redis_port: '6379'
govuk::apps::rummager::unicorn_worker_processes: "6"
govuk::apps::search_admin::db_name: 'search_admin_production'
govuk::apps::search_admin::db_hostname: 'master.mysql'
govuk::apps::search_admin::db_password: "%{hiera('govuk::apps::search_admin::db::mysql_search_admin')}"
govuk::apps::search_admin::db_username: 'search_admin'
govuk::apps::service_manual_publisher::http_username: "%{hiera('http_username')}"
govuk::apps::service_manual_publisher::http_password: "%{hiera('http_password')}"
govuk::apps::service_manual_publisher::db_port: 6432
govuk::apps::service_manual_publisher::db_allow_prepared_statements: false
govuk::apps::service_manual_publisher::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::sidekiq_monitoring::asset_manager_redis_host: "%{hiera('govuk::apps::asset_manager::redis_host')}"
govuk::apps::sidekiq_monitoring::asset_manager_redis_port: "%{hiera('govuk::apps::asset_manager::redis_port')}"
govuk::apps::sidekiq_monitoring::collections_publisher_redis_host: "%{hiera('govuk::apps::collections_publisher::redis_host')}"
govuk::apps::sidekiq_monitoring::collections_publisher_redis_port: "%{hiera('govuk::apps::collections_publisher::redis_port')}"
govuk::apps::sidekiq_monitoring::content_audit_tool_redis_host: "%{hiera('govuk::apps::content_audit_tool::redis_host')}"
govuk::apps::sidekiq_monitoring::content_audit_tool_redis_port: "%{hiera('govuk::apps::content_audit_tool::redis_port')}"
govuk::apps::sidekiq_monitoring::content_data_admin_redis_host: "%{hiera('govuk::apps::content_data_admin::redis_host')}"
govuk::apps::sidekiq_monitoring::content_data_admin_redis_port: "%{hiera('govuk::apps::content_data_admin::redis_port')}"
govuk::apps::sidekiq_monitoring::content_performance_manager_redis_host: "%{hiera('govuk::apps::content_performance_manager::redis_host')}"
govuk::apps::sidekiq_monitoring::content_performance_manager_redis_port: "%{hiera('govuk::apps::content_performance_manager::redis_port')}"
govuk::apps::sidekiq_monitoring::content_publisher_redis_host: "%{hiera('govuk::apps::content_publisher::redis_host')}"
govuk::apps::sidekiq_monitoring::content_publisher_redis_port: "%{hiera('govuk::apps::content_publisher::redis_port')}"
govuk::apps::sidekiq_monitoring::content_tagger_redis_host: "%{hiera('govuk::apps::content_tagger::redis_host')}"
govuk::apps::sidekiq_monitoring::content_tagger_redis_port: "%{hiera('govuk::apps::content_tagger::redis_port')}"
govuk::apps::sidekiq_monitoring::email_alert_api_redis_host: "%{hiera('govuk::apps::email_alert_api::redis_host')}"
govuk::apps::sidekiq_monitoring::email_alert_api_redis_port: "%{hiera('govuk::apps::email_alert_api::redis_port')}"
govuk::apps::sidekiq_monitoring::imminence_redis_host: "%{hiera('govuk::apps::imminence::redis_host')}"
govuk::apps::sidekiq_monitoring::imminence_redis_port: "%{hiera('govuk::apps::imminence::redis_port')}"
govuk::apps::sidekiq_monitoring::link_checker_api_redis_host: "%{hiera('govuk::apps::link_checker_api::redis_host')}"
govuk::apps::sidekiq_monitoring::link_checker_api_redis_port: "%{hiera('govuk::apps::link_checker_api::redis_port')}"
govuk::apps::sidekiq_monitoring::manuals_publisher_redis_host: "%{hiera('govuk::apps::manuals_publisher::redis_host')}"
govuk::apps::sidekiq_monitoring::manuals_publisher_redis_port: "%{hiera('govuk::apps::manuals_publisher::redis_port')}"
govuk::apps::sidekiq_monitoring::publisher_redis_host: "%{hiera('govuk::apps::publisher::redis_host')}"
govuk::apps::sidekiq_monitoring::publisher_redis_port: "%{hiera('govuk::apps::publisher::redis_port')}"
govuk::apps::sidekiq_monitoring::publishing_api_redis_host: "%{hiera('govuk::apps::publishing_api::redis_host')}"
govuk::apps::sidekiq_monitoring::publishing_api_redis_port: "%{hiera('govuk::apps::publishing_api::redis_port')}"
govuk::apps::sidekiq_monitoring::rummager_redis_host: "%{hiera('govuk::apps::rummager::redis_host')}"
govuk::apps::sidekiq_monitoring::rummager_redis_port: "%{hiera('govuk::apps::rummager::redis_port')}"
govuk::apps::sidekiq_monitoring::signon_redis_host: "%{hiera('govuk::apps::signon::redis_host')}"
govuk::apps::sidekiq_monitoring::signon_redis_port: "%{hiera('govuk::apps::signon::redis_port')}"
govuk::apps::sidekiq_monitoring::specialist_publisher_redis_host: "%{hiera('govuk::apps::specialist_publisher::redis_host')}"
govuk::apps::sidekiq_monitoring::specialist_publisher_redis_port: "%{hiera('govuk::apps::specialist_publisher::redis_port')}"
govuk::apps::sidekiq_monitoring::support_api_redis_host: "%{hiera('govuk::apps::support_api::redis_host')}"
govuk::apps::sidekiq_monitoring::support_api_redis_port: "%{hiera('govuk::apps::support_api::redis_port')}"
govuk::apps::sidekiq_monitoring::transition_redis_host: "%{hiera('govuk::apps::transition::redis_host')}"
govuk::apps::sidekiq_monitoring::transition_redis_port: "%{hiera('govuk::apps::transition::redis_port')}"
govuk::apps::sidekiq_monitoring::travel_advice_publisher_redis_host: "%{hiera('govuk::apps::travel_advice_publisher::redis_host')}"
govuk::apps::sidekiq_monitoring::travel_advice_publisher_redis_port: "%{hiera('govuk::apps::travel_advice_publisher::redis_port')}"
govuk::apps::sidekiq_monitoring::whitehall_redis_host: "%{hiera('govuk::apps::whitehall::redis_host')}"
govuk::apps::sidekiq_monitoring::whitehall_redis_port: "%{hiera('govuk::apps::whitehall::redis_port')}"
govuk::apps::signon::db_hostname: 'master.mysql'
govuk::apps::signon::db_name: 'signon_production'
govuk::apps::signon::db_password: "%{hiera('govuk::apps::signon::db::mysql_signonotron')}"
govuk::apps::signon::db_username: 'signon'
govuk::apps::signon::redis_url: "redis://redis-1.backend:6379/0"
govuk::apps::signon::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::signon::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::signon::nagios_memory_warning: 900
govuk::apps::signon::nagios_memory_critical: 1000
govuk::apps::signon::unicorn_worker_processes: "4"
govuk::apps::specialist_publisher::enabled: true
govuk::apps::specialist_publisher::nagios_memory_warning: 1100
govuk::apps::specialist_publisher::nagios_memory_critical: 1200
govuk::apps::specialist_publisher::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::specialist_publisher::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::smartanswers::nagios_memory_warning: 4000
govuk::apps::smartanswers::nagios_memory_critical: 4500
govuk::apps::smartanswers::unicorn_worker_processes: "4"
govuk::apps::smokey::http_username: "%{hiera('http_username')}"
govuk::apps::smokey::http_password: "%{hiera('http_password')}"
govuk::apps::smokey::smokey_signon_email: "%{hiera('smokey_signon_email')}"
govuk::apps::smokey::smokey_signon_password: "%{hiera('smokey_signon_password')}"
govuk::apps::smokey::smokey_bearer_token: "%{hiera('smokey_bearer_token')}"
govuk::apps::smokey::rate_limit_token: "%{hiera('smokey_rate_limit_token')}"
govuk::apps::static::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::static::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::static::unicorn_worker_processes: "8"
govuk::apps::static::nagios_memory_warning: 1500
govuk::apps::static::nagios_memory_critical: 1750
govuk::apps::support::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::support::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::support::zendesk_anonymous_ticket_email: 'zd-api-public@digital.cabinet-office.gov.uk'
govuk::apps::support::zendesk_client_username: 'zd-api-govt@digital.cabinet-office.gov.uk/token'
govuk::apps::support_api::db_name: 'support_contacts_production'
govuk::apps::support_api::db_hostname: 'postgresql-primary-1.backend'
govuk::apps::support_api::db_port: 6432
govuk::apps::support_api::db_allow_prepared_statements: false
govuk::apps::support_api::db_password: "%{hiera('govuk::apps::support_api::db::password')}"
govuk::apps::support_api::db_username: 'support_contacts'
govuk::apps::support_api::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::support_api::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::support_api::db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::transition::postgresql_db::backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::apps::transition::db_hostname: "transition-postgresql-master-1.backend"
govuk::apps::transition::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::transition::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::travel_advice_publisher::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::travel_advice_publisher::redis_port: "%{hiera('sidekiq_port')}"
# dummy configuration for search-api, because all keys in
# hieradata_aws/common.yaml have to be in hieradata/common.yaml as
# well (even though search-api isn't deployable here):
govuk::apps::search_api::nagios_memory_warning: 4600
govuk::apps::search_api::nagios_memory_critical: 4900
govuk::apps::search_api::rabbitmq_hosts: []
govuk::apps::search_api::enable_bulk_reindex_listener: false
govuk::apps::search_api::enable_publishing_listener: false
govuk::apps::search_api::enable_govuk_index_listener: false
govuk::apps::search_api::rabbitmq::enable_bulk_reindex_listener: false
govuk::apps::search_api::rabbitmq::enable_govuk_index_listener: false
govuk::apps::search_api::rabbitmq::enable_publishing_listener: false
govuk::apps::search_api::rabbitmq_user: 'search-api'
govuk::apps::search_api::redis_host: "%{hiera('sidekiq_host')}"
govuk::apps::search_api::redis_port: "%{hiera('sidekiq_port')}"
govuk::apps::search_api::elasticsearch_hosts: ''
govuk::apps::search_api::unicorn_worker_processes: '0'
govuk::apps::sidekiq_monitoring::search_api_redis_host: "%{hiera('govuk::apps::search_api::redis_host')}"
govuk::apps::sidekiq_monitoring::search_api_redis_port: "%{hiera('govuk::apps::search_api::redis_port')}"
govuk_awscli::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_aws_xray_daemon::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_beat::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_ci::agent::gcloud::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk::deploy::config::asset_root: "https://assets.%{hiera('app_domain')}"
govuk::deploy::config::website_root: "https://www.%{hiera('app_domain')}"
govuk::deploy::config::app_domain: "%{hiera('app_domain')}"
govuk_gor::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_htpasswd::http_username: "%{hiera('http_username')}"
govuk_jenkins::packages::gcloud::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_jenkins::packages::govuk_python::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_jenkins::packages::terraform::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_jenkins::packages::terraform_docs::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_jenkins::packages::sops::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_jenkins::packages::vale::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk::node::s_api_redis::allowed_api_ip_range: "%{hiera('environment_ip_prefix')}.4.0/24"
govuk::node::s_api_redis::allowed_backend_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
govuk::node::s_asset_base::firewall_allow_ip_range: "%{hiera('environment_ip_prefix')}.3.0/24"
# Note: it's important that all targets here have matching host entries both in
# production, and on the dev VM, otherwise nginx will fail to start.
govuk::node::s_backend_lb::app_specific_static_asset_routes:
'/asset-manager': "asset-manager"
'/government/assets/': "whitehall-frontend"
govuk::node::s_backend_lb::asset_manager_uploaded_assets_routes:
- '/government/uploads/'
- '/media/'
govuk::node::s_backend_lb::whitehall_uploaded_assets_routes:
- '/government/placeholder'
- '~ ^/government/uploads/system/uploads/attachment_data/file/[0-9]+/.*/preview$'
govuk::node::s_backend_lb::assets_carrenza_vhost_name: "assets-carrenza.%{hiera('app_domain')}"
govuk::node::s_backend_lb::draft_assets_carrenza_vhost_name: "draft-assets-carrenza.%{hiera('app_domain')}"
govuk::node::s_backend_lb::assets_carrenza_vhost_aliases:
- 'assets.digital.cabinet-office.gov.uk'
- 'assets.publishing.service.gov.uk'
govuk::node::s_backend_lb::assets_carrenza_real_ip_header: "True-Client-Ip"
govuk::node::s_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk::node::s_graphite::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk::node::s_licensify_lb::backend_app_servers:
- 'licensing-backend-1.licensify'
- 'licensing-backend-2.licensify'
govuk::node::s_licensify_lb::frontend_app_servers:
- 'licensing-frontend-1.licensify'
- 'licensing-frontend-2.licensify'
govuk::node::s_mysql_master::aws_access_key_id: "%{hiera('govuk::node::s_mysql_backup::aws_access_key_id')}"
govuk::node::s_mysql_master::aws_secret_access_key: "%{hiera('govuk::node::s_mysql_backup::aws_secret_access_key')}"
govuk::node::s_mysql_master::encryption_key: "%{hiera('govuk::node::s_mysql_backup::encryption_key')}"
govuk::node::s_publishing_api_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk::node::s_transition_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk::node::s_warehouse_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk::node::s_email_alert_api_db_admin::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk::node::s_whitehall_mysql_master::aws_access_key_id: "%{hiera('govuk::node::s_mysql_backup::aws_access_key_id')}"
govuk::node::s_whitehall_mysql_master::aws_secret_access_key: "%{hiera('govuk::node::s_mysql_backup::aws_secret_access_key')}"
govuk::node::s_whitehall_mysql_master::encryption_key: "%{hiera('govuk::node::s_mysql_backup::encryption_key')}"
govuk::node::s_transition_postgresql_slave::redirector_ip_range: 10.6.0.1/16
govuk::node::s_transition_postgresql_standby::redirector_ip_range: "%{hiera('govuk::node::s_transition_postgresql_slave::redirector_ip_range')}"
govuk::node::s_postgresql_standby::aws_access_key_id: "%{hiera('govuk::node::s_postgresql_primary::aws_access_key_id')}"
govuk::node::s_postgresql_standby::aws_secret_access_key: "%{hiera('govuk::node::s_postgresql_primary::aws_secret_access_key')}"
govuk::node::s_postgresql_standby::s3_bucket_url: "%{hiera('govuk::node::s_postgresql_primary::s3_bucket_url')}"
govuk::node::s_postgresql_standby::wale_private_gpg_key: "%{hiera('govuk::node::s_postgresql_primary::wale_private_gpg_key')}"
govuk::node::s_postgresql_standby::wale_private_gpg_key_fingerprint: "%{hiera('govuk::node::s_postgresql_primary::wale_private_gpg_key_fingerprint')}"
govuk::node::s_transition_postgresql_slave::aws_access_key_id: "%{hiera('govuk::node::s_transition_postgresql_master::aws_access_key_id')}"
govuk::node::s_transition_postgresql_slave::aws_secret_access_key: "%{hiera('govuk::node::s_transition_postgresql_master::aws_secret_access_key')}"
govuk::node::s_transition_postgresql_slave::s3_bucket_url: "%{hiera('govuk::node::s_transition_postgresql_master::s3_bucket_url')}"
govuk::node::s_transition_postgresql_slave::wale_private_gpg_key: "%{hiera('govuk::node::s_transition_postgresql_master::wale_private_gpg_key')}"
govuk::node::s_transition_postgresql_slave::wale_private_gpg_key_fingerprint: "%{hiera('govuk::node::s_transition_postgresql_master::wale_private_gpg_key_fingerprint')}"
govuk_postgresql::mirror::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_ppa::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_prometheus::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_prometheus_node_exporter::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_sshkeys::deployment_keys:
github.com:
key: 'AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=='
github.digital.cabinet-office.gov.uk:
key: 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC5y+7bm9YIMJXYbSdk2pVzl/w110eFrLIvirT4HKYATp7pxV454T2YoWIvIbtKF7GKz1SwX79uKePmwFKBQ8LIYlmFBbcYf8j3Jl9Px4vcmDPkWjZlfg/aqZUJI3WqwVCNelYM+RTlgtDsME8hIK2FbyPIjotF1WRsE1JgsMLfpzK/rVACGbktfQdmgY+56Ze9WA/rfCCKvrCtdavFR1rNxwkjm+GMImlcgmYTIT8BCEM2pkK0dIEJwKJWBVyyRBcTwHZDgvfVM/EyEfe+gIsgiQTORa1JaScHntH7Q7CBagpXvQHr/tSngGvbSBM1vMRLdtrw8BF5//AmNLOW3glZ'
govuk_cdnlogs::use_tls: '1'
govuk_cdnlogs::service_port_map:
govuk: 6514
assets: 6515
bouncer: 6516
govuk_ci::master::pipeline_jobs:
<<: *deployable_applications
asset_bom_removal-rails: {}
backdrop-transactions-explorer-collector: {}
bulk-merger: {}
deprecated_columns: {}
email-alert-monitoring: {}
gapy: {}
gds-api-adapters: {}
gds-scala-common: {}
gds-sso: {}
gds_zendesk: {}
govspeak: {}
govuk-app-deployment: {}
govuk-aws: {}
govuk_admin_template: {}
govuk_ab_testing: {}
govuk_app_config: {}
govuk-cdn-config: {}
govuk-content-schema-test-helpers: {}
govuk-csp-forwarder: {}
govuk-dummy_content_store: {}
govuk-dependencies: {}
govuk-developer-docs: {}
govuk_document_types: {}
govuk-guix: {}
govuk-jenkinslib: {}
govuk-lint: {}
govuk_message_queue_consumer: {}
govuk-provisioning: {}
govuk_publishing_components: {}
govuk-secrets: {}
govuk_seed_crawler: {}
govuk_schemas: {}
govuk_sidekiq: {}
govuk-taxonomy-supervised-learning: {}
govuk_taxonomy_helpers: {}
govuk_test: {}
govuk-user-reviewer: {}
licensify: {}
omniauth-gds: {}
optic14n: {}
performanceplatform-client.py: {}
performanceplatform-collector: {}
performanceplatform-documentation: {}
plek: {}
publishing-e2e-tests: {}
rack-logstasher: {}
rails_translation_manager: {}
router-data: {}
seal: {}
search-api: {}
shared_mustache: {}
slimmer: {}
smokey: {}
special-route-publisher: {}
transition-config: {}
ubuntu_unused_kernels:
repo_owner: 'gds-operations'
vcloud-core:
repo_owner: 'gds-operations'
vcloud-edge_gateway:
repo_owner: 'gds-operations'
vcloud-launcher:
repo_owner: 'gds-operations'
vcloud-net_launcher:
repo_owner: 'gds-operations'
vcloud-tools:
repo_owner: 'gds-operations'
vcloud-tools-tester:
repo_owner: 'gds-operations'
vcloud-walker:
repo_owner: 'gds-operations'
govuk_ci::master::ci_agents:
ci-agent-1:
agent_hostname: 'ci-agent-1.ci'
labels: 'mongodb-2.4 ci-agent-1 elasticsearch-5.6 terraform postgresql-9.3'
ci-agent-2:
agent_hostname: 'ci-agent-2.ci'
labels: 'mongodb-2.4 ci-agent-2 elasticsearch-2.4 terraform postgresql-9.3'
ci-agent-3:
agent_hostname: 'ci-agent-3.ci'
labels: 'mongodb-2.4 ci-agent-3 elasticsearch-2.4 terraform postgresql-9.3'
ci-agent-4:
agent_hostname: 'ci-agent-4.ci'
labels: 'mongodb-3.2 ci-agent-4 elasticsearch-2.4 terraform postgresql-9.6'
ci-agent-5:
agent_hostname: 'ci-agent-5.ci'
exclusive: true
executors: 1
labels: 'publishing-e2e-tests'
ci-agent-6:
agent_hostname: 'ci-agent-6.ci'
exclusive: true
executors: 1
labels: 'publishing-e2e-tests'
ci-agent-7:
agent_hostname: 'ci-agent-7.ci'
exclusive: true
executors: 1
labels: 'publishing-e2e-tests'
ci-agent-8:
agent_hostname: 'ci-agent-8.ci'
exclusive: true
executors: 1
labels: 'publishing-e2e-tests'
govuk_ci::master::credentials_id: 'jenkins-ssh-slave'
govuk_ci::agent::master_ssh_key: "%{hiera('govuk_jenkins::ssh_key::public_key')}"
govuk_containers::app::config::global_envvars:
- "GOVUK_ENV=production"
- "NODE_ENV=production"
- "RACK_ENV=production"
- "RAILS_ENV=production"
- "ERRBIT_ENVIRONMENT_NAME=%{hiera('govuk::deploy::config::errbit_environment_name')}"
- "SENTRY_CURRENT_ENV=%{hiera('govuk::deploy::config::errbit_environment_name')}"
- "GOVUK_APP_DOMAIN=%{hiera('app_domain')}"
- "GOVUK_APP_DOMAIN_EXTERNAL=%{hiera('app_domain')}"
- "GOVUK_ASSET_HOST=%{hiera('govuk::deploy::config::asset_root')}"
- "GOVUK_ASSET_ROOT=%{hiera('govuk::deploy::config::asset_root')}"
- "GOVUK_WEBSITE_ROOT=%{hiera('govuk::deploy::config::website_root')}"
govuk_containers::apps::release::envvars:
- "OAUTH_ID=%{hiera('govuk::apps::release::oauth_id')}"
- "OAUTH_SECRET=%{hiera('govuk::apps::release::oauth_secret')}"
- "GITHUB_USERNAME=%{hiera('govuk::apps::release::github_username')}"
- "GITHUB_ACCESS_TOKEN=%{hiera('govuk::apps::release::github_access_token')}"
- "SECRET_KEY_BASE=%{hiera('govuk::apps::release::secret_key_base')}"
- "DATABASE_URL=mysql2://%{hiera('govuk::apps::release::db_username')}:%{hiera('govuk::apps::release::db_password')}@%{hiera('govuk::apps::release::db_hostname')}/release_production"
- "RAILS_SERVE_STATIC_FILES=true"
govuk_containers::frontend::haproxy::backend_mappings:
- "release.%{hiera('app_domain')}": "release"
govuk_containers::frontend::haproxy::wildcard_publishing_certificate: "%{hiera('wildcard_publishing_certificate')}"
govuk_containers::frontend::haproxy::wildcard_publishing_key: "%{hiera('wildcard_publishing_key')}"
govuk_crawler::amqp_host: 'localhost'
govuk_crawler::site_root: "https://www.%{hiera('app_domain')}"
govuk_docker::version: "17.09.0~ce-0~ubuntu"
govuk_docker::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_elasticsearch::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_java::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_jenkins::package::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_jenkins::config::github_api_uri: "https://api.github.com"
govuk_jenkins::config::github_web_uri: "https://github.com"
govuk_jenkins::jobs::deploy_app::app_domain: "%{hiera('app_domain')}"
govuk_jenkins::jobs::email_alert_check::email_addresses_to_check: >-
govuk-email-courtesy-copies@digital.cabinet-office.gov.uk
,
govuk-email-courtesy-copies@digital.cabinet-office.gov.uk
:
govuk_email_check@digital.cabinet-office.gov.uk
,
gov.uk.email@notifications.service.gov.uk
govuk_jenkins::jobs::search_benchmark::auth_username: "%{hiera('http_username')}"
govuk_jenkins::jobs::search_benchmark::auth_password: "%{hiera('http_password')}"
govuk_jenkins::jobs::search_test_spelling_suggestions::auth_username: "%{hiera('http_username')}"
govuk_jenkins::jobs::search_test_spelling_suggestions::auth_password: "%{hiera('http_password')}"
govuk_jenkins::jobs::smokey::auth_username: "%{hiera('http_username')}"
govuk_jenkins::jobs::smokey::auth_password: "%{hiera('http_password')}"
govuk_jenkins::jobs::smokey::smokey_bearer_token: "%{hiera('smokey_bearer_token')}"
govuk_jenkins::jobs::smokey::signon_email: "%{hiera('smokey_signon_email')}"
govuk_jenkins::jobs::smokey::signon_password: "%{hiera('smokey_signon_password')}"
govuk_jenkins::jobs::run_rake_task::applications: *deployable_applications
govuk_jenkins::jobs::deploy_app::applications: *deployable_applications
govuk_jenkins::jobs::integration_deploy::applications: *deployable_applications
govuk_jenkins::jobs::deploy_lambda_app::lambda_apps:
- 'email_alert_notifications'
jenkins_admin_permission_list: &jenkins_admin_permission_list
- 'hudson.model.Hudson.Administer'
- 'hudson.model.Hudson.Read'
- 'hudson.model.Hudson.RunScripts'
- 'hudson.model.Item.Build'
- 'hudson.model.Item.Cancel'
- 'hudson.model.Item.Configure'
- 'hudson.model.Item.Create'
- 'hudson.model.Item.Delete'
- 'hudson.model.Item.Discover'
- 'hudson.model.Item.Read'
- 'hudson.model.Item.Workspace'
- 'hudson.model.Run.Delete'
- 'hudson.model.Run.Update'
- 'hudson.model.View.Configure'
- 'hudson.model.View.Create'
- 'hudson.model.View.Delete'
- 'hudson.model.View.Read'
- 'hudson.scm.SCM.Tag'
govuk_jenkins::config::user_permissions:
-
user: 'ci_alphagov'
permissions: *jenkins_admin_permission_list
-
user: 'alphagov*GOV.UK Production'
permissions: *jenkins_admin_permission_list
-
user: 'alphagov*GOV.UK DNS Administrators'
permissions: *jenkins_admin_permission_list
-
user: 'anonymous'
permissions:
- 'hudson.model.Hudson.Read'
- 'hudson.model.Item.Discover'
-
user: 'github'
permissions:
- 'hudson.model.Item.Build'
- 'hudson.model.Item.Read'
govuk::node::s_logging::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_mysql::server::expire_log_days: 3
govuk_mysql::server::monitoring::master::plaintext_mysql_password: "%{hiera('mysql_nagios')}"
govuk_mysql::server::monitoring::slave::plaintext_mysql_password: "%{hiera('mysql_nagios')}"
govuk_mysql::xtrabackup::packages::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_postgresql::server::configure_env_sync_user: true
govuk_rabbitmq::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_rbenv::all::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_search::gor::enabled: true
govuk_sudo::sudo_conf:
deploy_docker_image:
content: 'deploy ALL=NOPASSWD:/usr/bin/docker image *'
deploy_init_ctl:
content: 'deploy ALL=NOPASSWD:/sbin/initctl'
deploy_service_docker:
content: 'deploy ALL=NOPASSWD:/etc/init.d/docker-*'
deploy_service_memcached:
content: 'deploy ALL=NOPASSWD:/etc/init.d/memcached'
deploy_service_nginx:
content: 'deploy ALL=NOPASSWD:/etc/init.d/nginx'
deploy_service_varnish:
content: 'deploy ALL=NOPASSWD:/etc/init.d/varnish'
deploy_varnishadm:
content: 'deploy ALL=NOPASSWD:/usr/bin/varnishadm'
icinga_init_ctl:
content: 'nagios ALL=NOPASSWD:/sbin/initctl reload *'
ubuntu:
content: 'ubuntu ALL=(ALL) NOPASSWD:ALL'
govuk_sysdig::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_sysdig::ensure: 'absent'
govuk_unattended_reboot::enabled: true
govuk_unattended_reboot::mongodb::enabled: true
govuk_unattended_reboot::elasticsearch::enabled: true
govuk_unattended_reboot::monitoring_basic_auth:
username: "%{hiera('http_username')}"
password: "%{hiera('http_password')}"
grafana::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
grafana::dashboards::app_domain: "%{hiera('app_domain')}"
grafana::dashboards::machine_suffix_metrics: ''
grafana::dashboards::application_dashboards:
asset-manager:
show_sidekiq_graphs: true
has_workers: true
authenticating-proxy: {}
calculators: {}
calendars: {}
ckan:
docs_name: 'ckanext-datagovuk'
# No data in kibana
show_controller_errors: false
show_slow_requests: false
collections: {}
collections-publisher:
show_sidekiq_graphs: true
has_workers: true
contacts:
docs_name: 'contacts-admin'
content-audit-tool:
show_sidekiq_graphs: true
has_workers: true
content-data-admin:
show_sidekiq_graphs: true
has_workers: true
content-performance-manager:
show_sidekiq_graphs: true
has_workers: true
content-publisher:
show_sidekiq_graphs: true
has_workers: true
content-store:
dependent_app_5xx_errors:
- calendars
- collections
- contacts
- email-alert-frontend
- finder-frontend
- frontend
- government-frontend
- info-frontend
- manuals-frontend
- publishing-api
- smartanswers
- whitehall-frontend
content-tagger:
show_sidekiq_graphs: true
has_workers: true
email-alert-api:
show_sidekiq_graphs: true
has_workers: true
email-alert-frontend: {}
feedback: {}
finder-frontend:
show_external_request_time: true
show_memcached: true
instance_prefix: 'calculators_frontend'
frontend: {}
government-frontend: {}
hmrc-manuals-api: {}
imminence:
dependent_app_5xx_errors:
- frontend
show_sidekiq_graphs: true
has_workers: true
info-frontend: {}
licencefinder:
docs_name: 'licence-finder'
link-checker-api:
show_sidekiq_graphs: true
has_workers: true
local-links-manager:
dependent_app_5xx_errors:
- frontend
manuals-frontend: {}
manuals-publisher:
show_sidekiq_graphs: true
has_workers: true
mapit:
dependent_app_5xx_errors:
- frontend
- imminence
# No data in kibana
show_controller_errors: false
show_slow_requests: false
maslow: {}
publisher:
show_sidekiq_graphs: true
has_workers: true
publishing-api:
show_sidekiq_graphs: true
has_workers: true
release: {}
router-api: {}
rummager:
# rummager is a sinatra app
show_controller_errors: false
show_elasticsearch_stats: true
show_response_times: true
show_sidekiq_graphs: true
show_slow_requests: false
has_workers: true
dependent_app_5xx_errors:
- collections
- finder-frontend
- frontend
- government-frontend
- whitehall-frontend
search-admin: {}
service-manual-frontend: {}
service-manual-publisher: {}
short-url-manager: {}
signon:
show_sidekiq_graphs: true
has_workers: true
smartanswers:
docs_name: 'smart-answers'
specialist-publisher:
show_sidekiq_graphs: true
has_workers: true
static:
dependent_app_5xx_errors:
- calendars
- collections
- contacts
- email-alert-frontend
- finder-frontend
- frontend
- government-frontend
- manuals-frontend
- smartanswers
- whitehall-frontend
support:
show_sidekiq_graphs: true
has_workers: true
support-api:
show_sidekiq_graphs: true
has_workers: true
transition:
show_sidekiq_graphs: true
has_workers: true
travel-advice-publisher:
show_sidekiq_graphs: true
has_workers: true
whitehall:
show_sidekiq_graphs: true
has_workers: true
error_threshold: 50
warning_threshold: 25
grub2::recordfail_timeout: 5
hosts::production::ip_api_lb: '10.7.1.2'
hosts::production::ip_backend_lb: '10.3.1.2'
hosts::production::ip_draft_api_lb: '10.7.2.2'
hosts::production::ip_frontend_lb: '10.2.1.2'
hosts::production::ip_licensify_lb: '10.5.1.2'
hosts::production::api::hosts:
api-1:
ip: '10.1.4.16'
api-2:
ip: '10.1.4.17'
api-lb-1:
ip: '10.1.4.101'
api-lb-2:
ip: '10.1.4.102'
api-mongo-1:
ip: '10.1.4.21'
api-mongo-2:
ip: '10.1.4.22'
api-mongo-3:
ip: '10.1.4.23'
api-mongo-4:
ip: '10.1.12.21'
api-redis-1:
ip: '10.1.4.29'
content-store-1:
ip: '10.1.4.11'
content-store-2:
ip: '10.1.4.12'
draft-content-store-1:
ip: '10.1.4.200'
draft-content-store-2:
ip: '10.1.4.201'
mapit-1:
ip: '10.1.4.60'
mapit-2:
ip: '10.1.4.61'
performance-mongo-1:
ip: '10.1.4.31'
performance-mongo-2:
ip: '10.1.4.32'
performance-mongo-3:
ip: '10.1.4.33'
performance-mongo-4:
ip: '10.1.12.31'
rummager-elasticsearch-1:
ip: '10.1.4.55'
rummager-elasticsearch-2:
ip: '10.1.4.56'
rummager-elasticsearch-3:
ip: '10.1.4.57'
search-1:
ip: '10.1.4.4'
search-2:
ip: '10.1.4.5'
# FIXME: This machine doesn't exist, but this host entry
# is depended upon by s_api_elasticsearch. We should fix that.
search-3:
ip: '10.1.4.6'
hosts::production::api::app_hostnames:
- 'backdrop-read'
- 'backdrop-write'
- 'rummager'
- 'search'
hosts::production::backend::hosts:
asset-master-1:
ip: '10.1.3.20'
legacy_aliases:
- "asset-master-1.%{hiera('app_domain')}"
- 'asset-master'
- "asset-master.%{hiera('app_domain')}"
asset-slave-1:
ip: '10.1.3.21'
legacy_aliases:
- "asset-slave-1.%{hiera('app_domain')}"
- 'asset-slave'
- "asset-slave.%{hiera('app_domain')}"
asset-slave-2:
ip: '10.1.11.21'
backend-1:
ip: '10.1.3.2'
backend-2:
ip: '10.1.3.3'
# FIXME: This machine doesn't exist, but this host entry
# is depended upon by s_api_elasticsearch. We should fix that.
backend-3:
ip: '10.1.3.4'
backend-lb-1:
ip: '10.1.3.101'
backend-lb-2:
ip: '10.1.3.102'
ckan-1:
ip: '10.1.3.120'
docker-backend-1:
ip: '10.1.3.111'
docker-backend-2:
ip: '10.1.3.112'
elasticsearch-1:
ip: '10.1.3.15'
elasticsearch-2:
ip: '10.1.3.16'
elasticsearch-3:
ip: '10.1.3.17'
email-alert-api-1:
ip: '10.1.3.40'
email-alert-api-2:
ip: '10.1.3.41'
email-alert-api-3:
ip: '10.1.3.42'
mongo-1:
ip: '10.1.3.6'
service_aliases:
- 'mongodb'
mongo-2:
ip: '10.1.3.7'
mongo-3:
ip: '10.1.3.8'
mongo-4:
ip: '10.1.11.6'
mysql-backup-1:
ip: '10.1.3.93'
legacy_aliases:
- 'backup.mysql'
mysql-master-1:
ip: '10.1.3.90'
legacy_aliases:
- 'master.mysql'
- "mysql.backend.%{hiera('app_domain')}"
mysql-slave-1:
ip: '10.1.3.91'
legacy_aliases:
- 'slave.mysql'
mysql-slave-2:
ip: '10.1.11.91'
postgresql-primary-1:
ip: '10.1.3.12'
postgresql-standby-1:
ip: '10.1.3.13'
postgresql-standby-2:
ip: '10.1.11.13'
publishing-api-1:
ip: '10.1.3.45'
publishing-api-2:
ip: '10.1.3.46'
rabbitmq-1:
ip: '10.1.3.70'
rabbitmq-2:
ip: '10.1.3.71'
rabbitmq-3:
ip: '10.1.3.72'
redis-1:
ip: '10.1.3.50'
redis-2:
ip: '10.1.3.51'
transition-postgresql-master-1:
ip: '10.1.3.60'
legacy_aliases:
- 'transition-master.postgresql'
- "transition-postgresql.backend.%{hiera('app_domain')}"
transition-postgresql-slave-1:
ip: '10.1.3.61'
legacy_aliases:
- 'transition-slave.postgresql'
transition-postgresql-slave-2:
ip: '10.1.11.61'
transition-postgresql-primary-1:
ip: '10.1.3.160'
transition-postgresql-standby-1:
ip: '10.1.3.161'
transition-postgresql-standby-2:
ip: '10.1.11.161'
warehouse-postgresql-1:
ip: '10.1.3.110'
whitehall-backend-1:
ip: '10.1.3.25'
whitehall-backend-2:
ip: '10.1.3.26'
whitehall-mysql-backup-1:
ip: '10.1.3.34'
legacy_aliases:
- 'whitehall-backup.mysql'
whitehall-mysql-master-1:
ip: '10.1.3.30'
legacy_aliases:
- 'whitehall-master.mysql'
- "whitehall-mysql.backend.%{hiera('app_domain')}"
whitehall-mysql-slave-1:
ip: '10.1.3.31'
legacy_aliases:
- 'whitehall-slave.mysql'
whitehall-mysql-slave-2:
ip: '10.1.11.31'
hosts::production::backend::app_hostnames:
- 'asset-manager'
- 'canary-backend'
- 'ckan'
- 'collections-publisher'
- 'contacts-admin'
- 'content-audit-tool'
- 'content-data-admin'
- 'content-performance-manager'
- 'content-publisher'
- 'content-tagger'
- 'docs'
- 'email-alert-api'
- 'email-alert-api-public'
- 'hmrc-manuals-api'
- 'imminence'
- 'kibana'
- 'link-checker-api'
- 'local-links-manager'
- 'maslow'
- 'manuals-publisher'
- 'publisher'
- 'publishing-api'
- 'search-admin'
- 'service-manual-publisher'
- 'short-url-manager'
- 'signon'
- 'specialist-publisher'
- 'specialist-publisher-rebuild'
- 'specialist-publisher-rebuild-standalone'
- 'support'
- 'support-api'
- 'transition'
- 'travel-advice-publisher'
- 'whitehall-admin'
hosts::production::ci::hosts:
ci-master-1:
ip: '10.1.6.10'
legacy_aliases:
- "ci.%{hiera('app_domain')}"
ci-agent-1:
ip: '10.1.6.21'
ci-agent-2:
ip: '10.1.6.22'
ci-agent-3:
ip: '10.1.6.23'
ci-agent-4:
ip: '10.1.6.24'
ci-agent-5:
ip: '10.1.6.25'
ci-agent-6:
ip: '10.1.6.26'
ci-agent-7:
ip: '10.1.6.27'
ci-agent-8:
ip: '10.1.6.28'
hosts::production::frontend::hosts:
calculators-frontend-1:
ip: '10.1.2.11'
calculators-frontend-2:
ip: '10.1.2.12'
# FIXME: This machine doesn't exist, but this host entry
# is depended upon by s_api_elasticsearch. We should fix that.
calculators-frontend-3:
ip: '10.1.2.13'
docker-frontend-1:
ip: '10.1.2.31'
docker-frontend-2:
ip: '10.1.2.32'
frontend-1:
ip: '10.1.2.2'
frontend-2:
ip: '10.1.2.3'
draft-frontend-1:
ip: '10.1.2.200'
draft-frontend-2:
ip: '10.1.2.201'
whitehall-frontend-1:
ip: '10.1.2.5'
whitehall-frontend-2:
ip: '10.1.2.6'
frontend-lb-1:
ip: '10.1.2.101'
frontend-lb-2:
ip: '10.1.2.102'
hosts::production::external_licensify: true
hosts::production::frontend::app_hostnames:
- 'calculators'
- 'canary-frontend'
- 'collections'
- 'draft-collections'
- 'draft-email-alert-frontend'
- 'draft-frontend'
- 'draft-government-frontend'
- 'draft-manuals-frontend'
- 'draft-service-manual-frontend'
- 'draft-smartanswers'
- 'draft-static'
- 'email-alert-frontend'
- 'feedback'
- 'finder-frontend'
- 'frontend'
- 'government-frontend'
- 'info-frontend'
- 'manuals-frontend'
- 'licencefinder'
- 'service-manual'
- 'service-manual-frontend'
- 'smartanswers'
- 'static'
- 'whitehall-frontend'
- 'draft-whitehall-frontend'
hosts::production::licensify::hosts:
licensify-lb-1:
ip: '10.5.0.101'
licensify-lb-2:
ip: '10.5.0.102'
licensing-frontend-1:
ip: '10.5.0.12'
licensing-frontend-2:
ip: '10.5.0.13'
licensing-backend-1:
ip: '10.5.0.14'
licensing-backend-2:
ip: '10.5.0.15'
licensing-mongo-1:
ip: '10.5.0.16'
licensing-mongo-2:
ip: '10.5.0.17'
licensing-mongo-3:
ip: '10.5.0.18'
hosts::production::management::hosts:
jenkins-1:
ip: '10.1.0.3'
legacy_aliases:
- "ci-deploy.%{hiera('app_domain')}"
puppetmaster-1:
ip: '10.1.0.5'
legacy_aliases:
- 'puppet'
service_aliases:
- 'puppet'
- 'puppetdb'
monitoring-1:
ip: '10.1.0.20'
legacy_aliases:
- 'monitoring'
- "grafana.%{hiera('app_domain')}"
- "alert.%{hiera('app_domain')}"
service_aliases:
- 'alert'
- 'monitoring'
graphite-1:
ip: '10.1.0.22'
legacy_aliases:
- "graphite.%{hiera('app_domain')}"
service_aliases:
- 'graphite'
backup-1:
ip: '10.1.0.50'
apt-1:
ip: '10.1.0.75'
service_aliases:
- 'apt'
- 'gemstash'
docker-management-1:
ip: '10.1.0.80'
service_aliases:
- 'etcd'
jumpbox-1:
ip: '10.1.0.100'
mirrorer-1:
ip: '10.1.0.128'
jumpbox-2:
ip: '10.1.0.200'
hosts::production::redirector::hosts:
bouncer-1:
ip: '10.1.5.4'
bouncer-2:
ip: '10.1.5.5'
bouncer-3:
ip: '10.1.13.4'
bouncer-4:
ip: '10.1.13.5'
hosts::production::router::hosts:
cache-1:
ip: '10.1.1.2'
cache-2:
ip: '10.1.1.3'
draft-cache-1:
ip: '10.1.1.200'
draft-cache-2:
ip: '10.1.1.201'
router-backend-1:
ip: '10.1.1.10'
router-backend-2:
ip: '10.1.1.11'
router-backend-3:
ip: '10.1.1.12'
router-backend-4:
ip: '10.1.9.10'
cache:
ip: '10.1.1.254'
legacy_aliases:
- 'cache'
- "www.%{hiera('app_domain')}"
- "www-origin.%{hiera('app_domain')}"
- "assets-origin.%{hiera('app_domain')}"
service_aliases:
- 'cache'
- 'router'
router-backend-internal-lb:
ip: '10.1.1.253'
legacy_aliases:
- "router-api.%{hiera('app_domain')}"
draft-cache-internal-lb:
ip: '10.1.1.252'
legacy_aliases:
- "draft-router-api.%{hiera('app_domain')}"
icinga::config::http_username: "%{hiera('http_username')}"
icinga::config::http_password: "%{hiera('http_password')}"
limits::entries:
'default_core':
ensure: 'present'
user: '*'
limit_type: 'core'
both: 0
'default_nproc':
ensure: 'present'
user: '*'
limit_type: 'nproc'
hard: 256
'default_nofile':
ensure: 'present'
user: '*'
limit_type: 'nofile'
hard: 2048
mongodb::repository::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
mongodb::server::version: '2.4.9'
monitoring::checks::aws_origin_domain: 'dev.govuk.digital'
monitoring::checks::http_username: "%{hiera('http_username')}"
monitoring::checks::http_password: "%{hiera('http_password')}"
monitoring::checks::smokey::features:
check_bouncer:
feature: bouncer
check_calendars:
feature: calendars
check_contacts:
feature: contacts
check_draft_environment:
feature: draft_environment
check_frontend:
feature: frontend
check_government_frontend:
feature: government_frontend
check_licencefinder:
feature: licencefinder
check_licensing:
feature: licensing
check_publishing:
feature: mainstream_publishing_tools
check_router:
feature: router
check_search:
feature: search
check_signon:
feature: signon
check_smartanswers:
feature: smartanswers
check_static_mirrors:
feature: mirror
check_travel_advice:
feature: travel_advice
check_whitehall:
feature: whitehall
monitoring::vpn_gateways::endpoints:
vpn_gateway_api_dr:
address: "%{hiera('environment_ip_prefix')}.12.1"
vpn_gateway_backend_dr:
address: "%{hiera('environment_ip_prefix')}.11.1"
vpn_gateway_licensify:
address: "10.5.0.1"
vpn_gateway_redirector_dr:
address: "%{hiera('environment_ip_prefix')}.13.1"
vpn_gateway_router_dr:
address: "%{hiera('environment_ip_prefix')}.9.1"
# FIXME: this has been added to avoid a bug until we move to v3 of the module
mysql::client::package_ensure: 'present'
nginx::package::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
nginx::package::nginx_version: "1.14.0-1~trusty"
nodejs::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
nodejs::version: '6.14.3-1nodesource1'
ntp::server_list:
- 'ntp.ubuntu.com'
- 'time.euro.apple.com'
- '0.uk.pool.ntp.org'
- '1.uk.pool.ntp.org'
- '2.uk.pool.ntp.org'
postgresql_api_slave_addresses_live: "%{hiera('environment_ip_prefix')}.4.41/32"
postgresql_api_slave_addresses_dr: "%{hiera('environment_ip_prefix')}.12.41/32"
postgresql_slave_addresses_live: "%{hiera('environment_ip_prefix')}.3.13/32"
postgresql_slave_addresses_dr: "%{hiera('environment_ip_prefix')}.11.13/32"
postgresql_transition_slave_addresses_live: "%{hiera('environment_ip_prefix')}.3.61/32"
postgresql_transition_slave_addresses_dr: "%{hiera('environment_ip_prefix')}.11.61/32"
postgresql_transition_standby_addresses_live: "%{hiera('environment_ip_prefix')}.3.161/32"
postgresql_transition_standby_addresses_dr: "%{hiera('environment_ip_prefix')}.11.161/32"
postgresql::lib::devel::link_pg_config: false
postgresql::globals::version: '9.3'
puppet::master::puppetdb_version: '2.0.0-1puppetlabs1'
puppet::puppetdb::database_password: ''
puppet::repository::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
rabbitmq::delete_guest_user: true
rabbitmq::config_stomp: true
# Always use our mirror because they only provide the latest package.
rabbitmq::package_ensure: '3.4.3-1'
rabbitmq::manage_repos: false
rcs::fsckfix: 'YES'
rcs::tmptime: '7'
# TODO: These don't work in 2.6.6 so setting to false
# consider changing if we update redis version
redis::conf_aof_rewrite_incremental_fsync: false
redis::conf_hz: false
redis::conf_repl_disable_tcp_nodelay: false
redis::conf_tcp_keepalive: false
# end TODO
# TODO: Replace this with `conf_tcp_keepalive`.
redis::conf_timeout: 300
resolvconf::nameservers:
- 1.1.1.1
- 8.8.8.8
- 8.8.4.4
resolvconf::options:
- 'single-request-reopen'
# Note: it's important that all targets here have matching host entries both in
# production, and on the dev VM, otherwise nginx will fail to start.
router::assets_origin::app_specific_static_asset_routes:
'/asset-manager': "asset-manager"
'/calculators/': "calculators"
'/collections/': "collections"
'/email-alert-frontend/': "email-alert-frontend"
'/feedback/': "feedback"
'/finder-frontend/': "finder-frontend"
'/frontend/': "frontend"
'/government/assets/': "whitehall-frontend"
'/government-frontend/': "government-frontend"
'/info-frontend/': "info-frontend"
'/manuals-frontend/': "manuals-frontend"
'/licencefinder/': "licencefinder"
'/service-manual-frontend/': "service-manual-frontend"
'/smartanswers/': "smartanswers"
router::assets_origin::whitehall_uploaded_assets_routes:
- '/government/placeholder'
- '~ ^/government/uploads/system/uploads/attachment_data/file/[0-9]+/.*/preview$'
router::assets_origin::asset_manager_uploaded_assets_routes:
- '/government/uploads/'
- '/media/'
router::assets_origin::vhost_aliases:
- 'assets.digital.cabinet-office.gov.uk'
- 'assets.publishing.service.gov.uk'
router::assets_origin::vhost_name: "assets-origin.%{hiera('app_domain')}"
router::draft_assets::vhost_name: "draft-assets.%{hiera('app_domain')}"
router::nginx::check_requests_warning: '@10'
router::nginx::check_requests_critical: '@8'
router::nginx::robotstxt: |
User-agent: *
Disallow: /*/print$
# Don't allow indexing of user needs pages
Disallow: /info/*
Sitemap: https://www.gov.uk/sitemap.xml
# https://ahrefs.com/robot/ crawls the site frequently
User-agent: AhrefsBot
Crawl-delay: 10
# https://www.deepcrawl.com/bot/ makes lots of requests. Ideally
# we'd slow it down rather than blocking it but it doesn't mention
# whether or not it supports crawl-delay.
User-agent: deepcrawl
Disallow: /
# Complaints of 429 'Too many requests' seem to be coming from SharePoint servers
# (https://social.msdn.microsoft.com/Forums/en-US/3ea268ed-58a6-4166-ab40-d3f4fc55fef4)
# The robot doesn't recognise its User-Agent string, see the MS support article:
# https://support.microsoft.com/en-us/help/3019711/the-sharepoint-server-crawler-ignores-directives-in-robots-txt
User-agent: MS Search 6.0 Robot
Disallow: /
sidekiq_host: 'redis-1.backend'
sidekiq_port: '6379'
ssh::config::allow_users_enable: true
statsd::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_unattended_reboot::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
unattended_reboot::cron_env_vars:
- 'MAILTO=""'
unattended_reboot::cron_hour: '0-5'
unattended_reboot::etcd_endpoints:
- "http://etcd.cluster:2379"
unattended_upgrades::blacklist:
- 'mysql-server.*'
unattended_upgrades::mail_to: 'machine.email@digital.cabinet-office.gov.uk'
unattended_upgrades::origins:
- "%{::lsbdistid} stable"
- "%{::lsbdistid} %{::lsbdistcodename}-security"
unicornherder::version: '0.0.8'
yarn::repo::apt_mirror_hostname: "%{hiera('apt_mirror_hostname')}"
govuk_datascrubber::ensure: absent
You can’t perform that action at this time.