Permalink
Fetching contributors…
Cannot retrieve contributors at this time
465 lines (415 sloc) 11.8 KB
---
classes:
- metacpan
# Configure munin master here, but
# load the class on the specific master
# lw-mc-01
munin::server: &munin_master 50.28.18.102
munin::master::collect_nodes: disabled
munin::master::html_strategy: cgi
munin::master::graph_strategy: cgi
munin::master::htmldir: /var/www/munin
munin::master::node_definitions:
'lw-mc-01.metacpan.org':
address: 50.28.18.102
'lw-mc-02.metacpan.org':
address: 50.28.18.103
'lw-mc-03.metacpan.org':
address: 50.28.18.168
'bm-mc-01.metacpan.org':
address: 5.153.225.19
'bm-mc-02.metacpan.org':
address: 5.153.225.20
'bm-mc-03.metacpan.org':
address: 46.43.35.68
'bm-mc-04.metacpan.org':
address: 89.16.178.21
# Munin node config
munin::node::allow:
- *munin_master
- 127.0.0.1 # localhost
munin::node::service_ensure: running
munin::node::export_node: disabled
munin::node::host_name: "%{hostname}.metacpan.org"
munin::node::plugins:
'nfs4_client':
ensure: 'absent'
'nfs_client':
ensure: 'absent'
'nfsd4':
ensure: 'absent'
'nfsd':
ensure: 'absent'
'sensors_fan':
target: '/usr/share/munin/plugins/sensors_'
ensure: 'link'
config: ['user metacpan']
'sensors_temp':
target: '/usr/share/munin/plugins/sensors_'
ensure: 'link'
config: ['user metacpan']
'sensors_volt':
target: '/usr/share/munin/plugins/sensors_'
ensure: 'link'
config: ['user metacpan']
# Email config default (overloaded in production)
exim::smarthost: 'localhost'
exim::config_type: 'internet'
# Defaults
perl::version: '5.22.2'
metacpan::user: 'metacpan'
metacpan::group: 'metacpan'
metacpan::users:
metacpan:
expire_password : false
bin_dir: true
# Where we mirror cpan with the rrrclient
# also where cpan.metacpan.org serves from
metacpan::cpan_mirror: '/mnt/lv-cpan'
# linked to var/tmp/metacpan
metacpan::tmp_dir: '/mnt/lv-metacpan--tmp'
# We don't want watcher enabled
metacpan::watcher::enable: false
# We don't want to have CPAN synced
metacpan::rrrclient::enable: false
# Elasticsearch basic options
metacpan::elasticsearch::version: 2.4.3
metacpan::elasticsearch::memory: '40m'
metacpan::elasticsearch::datadir: '/mnt/lv-elasticsearch'
metacpan::elasticsearch::scripts:
status_is_latest:
a_value: 1
score_version_numified:
a_value: 1
prefer_shorter_module_names_400:
a_value: 1
prefer_shorter_module_names_100:
a_value: 1
# Install logstash but don't run by default
metacpan::logstash::status: disabled
metacpan::web::starman:
metacpan-web:
git_source: 'https://github.com/metacpan/metacpan-web.git'
git_revision: 'master'
vhost_ssl_only: true
vhost_bare: true
vhost_aliases:
- 'v1.metacpan.org'
- 'metacpan.org'
- "lo.metacpan.org"
- "%{hostname}.metacpan.org"
starman_port: 5001
starman_workers: 3
vhost_extra_configs:
trailing_slash_rewrite:
template: 'trailing_slash'
metacpan-api:
git_source: 'https://github.com/metacpan/metacpan-api.git'
git_revision: 'master'
vhost_ssl: true
vhost_bare: true
vhost_aliases:
- 'api.metacpan.org'
- "api-v1.metacpan.org"
- "api.lo.metacpan.org"
- "api.%{hostname}.metacpan.org"
- "st.aticpan.org"
starman_port: 5000
starman_workers: 2
vhost_extra_proxies:
proxy_cpan_index:
location: '/v1/cpan'
proxy_v1:
location: '/v1'
vhost_extra_configs:
socket_io:
template: 'socket_io'
metacpan::web::static:
metacpan-cpan-static:
vhost_html: "%{hiera('metacpan::cpan_mirror')}"
vhost_ssl: true
vhost_autoindex: true
vhost_aliases:
- 'cpan.metacpan.org'
- "cpan.lo.metacpan.org"
- "cpan.%{hostname}.metacpan.org"
vhost_extra_configs:
fastly_surrogate_headers:
template: 'fastly'
munin:
vhost_html: "/var/www/munin"
vhost_ssl: false
vhost_bare: true
vhost_autoindex: false
vhost_aliases:
- 'munin.metacpan.org'
- "munin.%{hostname}.metacpan.org"
vhost_extra_configs:
munin_cgi:
template: 'munin_cgi'
metacpan-web-redirect:
vhost_aliases:
- 'www.metacpan.org'
- 'www.lo.metacpan.org'
- "www.%{hostname}.metacpan.org"
vhost_bare: true
vhost_ssl: true
vhost_extra_configs:
rewrite_to_https:
template: 'rewrite'
metacpan-vmbox:
vhost_html: /home/%{hiera('metacpan::user')}/metacpan-vmbox
vhost_autoindex: true
vhost_aliases:
- 'vmbox.metacpan.org'
metacpan-explorer:
git_source: 'https://github.com/metacpan/metacpan-explorer.git'
git_revision: 'master'
vhost_html: /home/%{hiera('metacpan::user')}/metacpan-explorer/build
vhost_aliases:
- 'explorer.metacpan.org'
- "explorer.lo.metacpan.org"
- "explorer.%{hostname}.metacpan.org"
# NOTE: set to `absent` here - turn on in the node
metacpan::crons::general:
import_authors:
cmd : "/home/%{hiera('metacpan::user')}/metacpan-api/bin/cron/author.sh"
minute : 40
user: "%{hiera('metacpan::user')}"
ensure : absent
user_data_index_backups:
cmd : "/home/%{hiera('metacpan::user')}/metacpan-api/bin/cron/backups.sh"
minute : 35
hour: 3
user: 'root'
ensure : absent
run_puppet:
cmd : "/etc/puppet/run.sh >/var/log/puppet/last_run.log 2>&1"
minute : 55
user: 'root'
ensure : absent
backup_api:
cmd : "rsync -a /home/%{hiera('metacpan::user')}/metacpan-api/var/backup /mnt/backup/api >/dev/null 2>&1"
hour : 4
minute : 50
ensure : absent
metacpan_clean_up_source:
cmd : "test -e %{hiera('metacpan::tmp_dir')}/starman/metacpan-api/source/ && find %{hiera('metacpan::tmp_dir')}/starman/metacpan-api/source/ -mindepth 2 -maxdepth 2 -type d -mtime +30 | head -50000 | xargs rm -rf"
hour : 3
minute : 22
ensure : absent
metacpan_sitemaps:
cmd : "/home/%{hiera('metacpan::user')}/bin/metacpan-web-carton-exec bin/generate_sitemap.pl"
hour : 2
minute : 0
ensure : absent
github-meets-cpan:
cmd : "/home/%{hiera('metacpan::user')}/bin/github-meets-cpan-carton-exec cron/update.pl"
minute : 20
hour : 1
ensure : absent
swat_monitoring:
cmd : "/bin/sh /home/%{hiera('metacpan::user')}/metacpan-monitoring/cron.sh"
minute : 37
ensure : absent
# NOTE: set to `absent` here - turn on in the node
metacpan::crons::api:
# Remvoe author - now in wrapper script in general
author:
cmd : author
minute : 51
ensure : absent
ratings:
cmd : ratings
minute : 20
ensure : absent
mirrors:
cmd : mirrors
minute : 7
ensure : absent
cpantesters:
cmd : cpantestersapi
hour : '*/6'
minute : 42
ensure : absent
# Force the latest as otherwise doesn't always work correctly
# 21:08 < oalders> the initial problem was that we got tarballs _before_ 02packages was updated
# 21:08 < oalders> so we indexed right away, but we could check perms until much later
# 21:09 < oalders> 02packages gets updated more frequently now, but i'm not sure if
# it's in real time. i thought it was every 5 minutes
latest:
cmd : 'latest >>/var/log/starman/metacpan-api/latest.log 2>&1'
minute : 30
ensure : absent
snapshot_cpan_index:
cmd : snapshot --snap --indices 'cpan' --snap-stub cpan --date-format '\%Y-\%m-\%d'
hour : 2
minute : 30
ensure : absent
snapshot_user_index:
cmd : snapshot --snap --indices 'user' --snap-stub user --date-format '\%Y-\%m-\%d'
hour : 2
minute : 5
ensure : absent
snapshot_cover_index:
cmd : snapshot --snap --indices 'cover' --snap-stub cover --date-format '\%Y-\%m-\%d'
hour : 2
minute : 15
ensure : absent
snapshot_contributor_index:
cmd : snapshot --snap --indices 'contributor' --snap-stub contributor --date-format '\%Y-\%m-\%d'
hour : 2
minute : 20
ensure : absent
snapshot_purge_old:
cmd : snapshot --purge-old
hour : 3
minute : 10
ensure : absent
backup_favorite:
cmd : 'backup --index cpan --type favorite'
hour : 2
minute : 22
ensure : absent
backup_author:
cmd : 'backup --index cpan --type author'
hour : 2
minute : 28
ensure : absent
backup_user:
cmd : 'backup --index user'
hour : 2
minute : 25
ensure : absent
backup_purge:
cmd : 'backup --purge'
minute : 25
hour : 1
ensure : absent
session: # clear out old sessions
cmd : session
minute : 30
hour: 3
ensure : absent
release:
cmd : "release --queue --skip --age 48 --detect_backpan --latest /home/%{hiera('metacpan::user')}/CPAN/authors/id/"
hour : 0
minute : 5
ensure : absent
# PAUSE updates these files every 5 minutes. For now we'll refresh it every 10.
package:
cmd : package
minute : '*/10'
hour: '1-23'
ensure : absent
# Run the full package cleanup - can take half an hour
package_cleanup:
cmd : 'package --clean_up'
minute : 0
hour: 0
ensure : absent
permission:
cmd : permission
minute : '*/10'
hour: '1-23'
ensure : absent
# Run the full permissions cleanup - can take half an hour
permission_cleanup:
cmd : 'permission --clean_up'
minute : 0
hour: 0
ensure : absent
tickets:
cmd : tickets
minute : 12
hour : 3
ensure : absent
river:
cmd : 'river'
minute : 30
hour : 1
ensure : absent
external_cygwin:
cmd : 'external --external_source cygwin --email_to book@cpan.org'
minute : 31
hour : 2
ensure : absent
external_debian:
cmd : 'external --external_source debian --email_to book@cpan.org'
minute : 33
hour : 3
ensure : absent
external_fedora:
cmd : 'external --external_source fedora --email_to book@cpan.org'
minute : 35
hour : 3
ensure : absent
favorite_hourly:
cmd : 'favorite --check_missing --age 240 --queue'
minute: '*/30'
ensure : absent
favorite_weekly:
cmd : 'favorite --queue'
hour: 12
minute: 0
weekday: 0
ensure : absent
contributor_daily:
cmd : 'contributor --age 2'
hour: 5
minute: 30
ensure : absent
contributor_weekly:
cmd : 'contributor --age 14'
hour: 12
minute: 0
weekday: 0
ensure : absent
cover_full:
cmd : 'cover'
hour: 14
minute: 0
ensure : absent
metacpan::fw_ports:
http:
order: 210
port: 80
source: '0.0.0.0/0'
https:
order: 210
port: 443
source: '0.0.0.0/0'
munin:
order: 110
port: 4949
source: *munin_master
nginx::allowed:
# local
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 127.0.0.1/32
# local machine's IP
- "%{ipaddress}/32"
# https://api.fastly.com/public-ip-list + 127.0.0.1/32
- 103.244.50.0/24
- 103.245.222.0/23
- 103.245.224.0/24
- 104.156.80.0/20
- 151.101.0.0/16
- 157.52.64.0/18
- 172.111.64.0/18
- 185.31.16.0/22
- 199.232.0.0/16
- 199.27.72.0/21
- 202.21.128.11/32
- 202.21.128.12/32
- 203.57.145.11/32
- 203.57.145.12/32
- 23.235.32.0/20
- 43.249.72.0/22
# Disable the systemd imjournal
rsyslog::im_journal_ratelimit_interval: false
rsyslog::im_journal_statefile: false
rsyslog::im_journal_ratelimit_burst: false
rsyslog::im_journal_ignore_previous_messages: false