blob: 0a221474273df36cd4b371db1dfacf14223e1ba5 [file] [log] [blame]
---
classes:
- elasticsearch
- apache
- apache::mod::authnz_ldap
- apache::mod::ext_filter
- apache::mod::headers
- apache::mod::proxy
- apache::mod::proxy_http
- apache::mod::rewrite
- datadog_agent::integrations::elasticsearch
- oraclejava::install
- ssl::name::wildcard_apache_org
- vhosts_asf::modules
- vhosts_asf::vhosts
base::basepackages:
- 'lua5.2'
- 'liblua5.2-dev'
- 'lua5.2-cjson'
- 'lua5.2-socket'
- 'lua5.2-sec'
vhosts_asf::modules::modules:
allowmethods:
name: 'allowmethods'
lua:
name: 'lua'
datadog_agent::integrations::elasticsearch::url: 'http://10.90.21.11:9200'
elasticsearch::init_defaults:
DATA_DIR: '/elastic/db/'
elasticsearch::jvm_options:
- '-Xms31g'
- '-Xmx31g'
elasticsearch::java_install: true
elasticsearch::version: '5.4.3'
elasticsearch::ensure: 'present'
elasticsearch::status: 'enabled'
elasticsearch::instances:
asful:
datadir: '/elastic/db/'
config:
node.name: 'es-cluster-eu-01'
discovery.zen.minimum_master_nodes: '2'
network.host: '10.90.21.11'
discovery.zen.ping.unicast.hosts:
- 10.90.21.11
- 10.91.3.208
- 10.90.183.199
apache::default_vhost: false
apache::default_ssl_cert: '/etc/ssl/certs/wildcard.apache.org.crt'
apache::default_ssl_chain: '/etc/ssl/certs/wildcard.apache.org.chain'
apache::default_ssl_key: '/etc/ssl/private/wildcard.apache.org.key'
apache::mpm_module: 'event'
apache::mod::event::listenbacklog: '511'
apache::mod::event::maxclients: '500'
apache::mod::event::maxconnectionsperchild: '20000'
apache::mod::event::maxrequestworkers: '300'
apache::mod::event::maxsparethreads: '250'
apache::mod::event::minsparethreads: '50'
apache::mod::event::serverlimit: '6'
apache::mod::event::startservers: '3'
apache::mod::event::threadlimit: '300'
apache::mod::event::threadsperchild: '50'
logrotate::rule:
apache2:
ensure: 'present'
oraclejava::install::version: '8'
oraclejava::install::unlimited_jce: true
vhosts_asf::vhosts::vhosts:
es-cluster-01-ssl:
vhost_name: '*'
ensure: 'present'
port: 443
ssl: true
servername: 'es-cluster-eu-01.apache.org'
serveradmin: 'webmaster@apache.org'
docroot: '/var/www/snappy/'
access_log_file: '/dev/null'
error_log_file: 'es-cluster-eu-01.apache.org.error.log'
custom_fragment: |
<Location /logstash/%{hiera('loggy::route')}/>
AllowMethods POST PUT HEAD
<If "%%{HIERA}{REQUEST_METHOD} in { 'GET', 'DELETE' }">
Require all denied
</If>
ProxyPass http://10.90.21.11:9200/
</Location>
blocky-ssl:
vhost_name: '*'
ensure: 'present'
port: 443
ssl: true
servername: 'blocky.apache.org'
serveradmin: 'webmaster@apache.org'
docroot: '/var/www/snappy/'
access_log_file: 'logsearch.apache.org.ssl_access.log'
error_log_file: 'logsearch.apache.org.error.log'
custom_fragment: |
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
Header set Access-Control-Allow-Headers "X-PINGOTHER"
Header set Access-Control-Max-Age "1728000"
Alias /json/ /var/www/html/json/
<Directory /var/www/html>
Require all granted
Options +Indexes
</Directory>
LuaScope thread
LuaCodeCache stat
AddHandler lua-script .lua
RewriteEngine On
RewriteRule ^/?blocky.json /blocky/api/blocklist.lua
<Location /blocky/>
AuthLDAPUrl "ldaps://ldap-eu-ro.apache.org/ou=people,dc=apache,dc=org?uid"
AuthLDAPRemoteUserAttribute member
AuthName "ASF Infrastructure-root Only"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
Require ldap-group cn=infrastructure-root,ou=groups,ou=services,dc=apache,dc=org
AcceptPathInfo On
DirectoryIndex index.html
</Location>
<LocationMatch ^/((app|ui|bundles|api|plugins|es_admin|elasticsearch)/.*)$>
AuthLDAPUrl "ldaps://ldap-eu-ro.apache.org/ou=people,dc=apache,dc=org?uid"
AuthLDAPRemoteUserAttribute member
AuthName "ASF Infrastructure-root/logging Only"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
<RequireAny>
Require ldap-group cn=infrastructure-root,ou=groups,ou=services,dc=apache,dc=org
Require ldap-group cn=infrastructure-logging,ou=groups,ou=services,dc=apache,dc=org
</RequireAny>
ProxyPass http://127.0.0.1:5602/$1
</LocationMatch>