data/nodes/es-cluster-eu-01.apache.org.yaml - infrastructure-puppet - Git at Google

 ---
 classes:
   - elasticsearch
   - apache
   - apache::mod::authnz_ldap
   - apache::mod::ext_filter
   - apache::mod::headers
   - apache::mod::proxy
   - apache::mod::proxy_http
   - apache::mod::rewrite
   - datadog_agent::integrations::elasticsearch
   - oraclejava::install
   - ssl::name::wildcard_apache_org
   - vhosts_asf::modules
   - vhosts_asf::vhosts

 base::basepackages:
   - 'lua5.2'
   - 'liblua5.2-dev'
   - 'lua5.2-cjson'
   - 'lua5.2-socket'
   - 'lua5.2-sec'

 vhosts_asf::modules::modules:
   allowmethods:
     name: 'allowmethods'
   lua:
     name: 'lua'

 datadog_agent::integrations::elasticsearch::url: 'http://10.90.21.11:9200'

 elasticsearch::init_defaults:
   DATA_DIR: '/elastic/db/'
 elasticsearch::jvm_options:
   - '-Xms31g'
   - '-Xmx31g'
 elasticsearch::java_install: true
 elasticsearch::version: '5.4.3'
 elasticsearch::ensure: 'present'
 elasticsearch::status: 'enabled'
 elasticsearch::instances:
   asful:
     datadir: '/elastic/db/'
     config:
       node.name: 'es-cluster-eu-01'
       discovery.zen.minimum_master_nodes: '2'
       network.host: '10.90.21.11'
       discovery.zen.ping.unicast.hosts:
         - 10.90.21.11
         - 10.91.3.208
         - 10.90.183.199

 apache::default_vhost: false
 apache::default_ssl_cert:                    '/etc/ssl/certs/wildcard.apache.org.crt'
 apache::default_ssl_chain:                   '/etc/ssl/certs/wildcard.apache.org.chain'
 apache::default_ssl_key:                     '/etc/ssl/private/wildcard.apache.org.key'

 apache::mpm_module:         'event'

 apache::mod::event::listenbacklog: '511'
 apache::mod::event::maxclients: '500'
 apache::mod::event::maxconnectionsperchild: '20000'
 apache::mod::event::maxrequestworkers: '300'
 apache::mod::event::maxsparethreads: '250'
 apache::mod::event::minsparethreads: '50'
 apache::mod::event::serverlimit: '6'
 apache::mod::event::startservers: '3'
 apache::mod::event::threadlimit: '300'
 apache::mod::event::threadsperchild: '50'

 logrotate::rule:
   apache2:
     ensure: 'present'

 oraclejava::install::version: '8'
 oraclejava::install::unlimited_jce: true

 vhosts_asf::vhosts::vhosts:
   es-cluster-01-ssl:
     vhost_name: '*'
     ensure: 'present'
     port: 443
     ssl: true
     servername: 'es-cluster-eu-01.apache.org'
     serveradmin: 'webmaster@apache.org'
     docroot: '/var/www/snappy/'
     access_log_file: '/dev/null'
     error_log_file: 'es-cluster-eu-01.apache.org.error.log'
     custom_fragment: |
       <Location /logstash/%{hiera('loggy::route')}/>
           AllowMethods POST PUT HEAD
           <If "%%{HIERA}{REQUEST_METHOD} in { 'GET', 'DELETE' }">
             Require all denied
           </If>
           ProxyPass http://10.90.21.11:9200/
       </Location>
   blocky-ssl:
     vhost_name: '*'
     ensure: 'present'
     port: 443
     ssl: true
     servername: 'blocky.apache.org'
     serveradmin: 'webmaster@apache.org'
     docroot: '/var/www/snappy/'
     access_log_file: 'logsearch.apache.org.ssl_access.log'
     error_log_file: 'logsearch.apache.org.error.log'
     custom_fragment: |
       Header set Access-Control-Allow-Origin "*"
       Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
       Header set Access-Control-Allow-Headers "X-PINGOTHER"
       Header set Access-Control-Max-Age "1728000"
       Alias /json/ /var/www/html/json/
       <Directory /var/www/html>
         Require all granted
         Options +Indexes
       </Directory>
       LuaScope thread
       LuaCodeCache stat
       AddHandler lua-script .lua
       RewriteEngine On
       RewriteRule ^/?blocky.json /blocky/api/blocklist.lua
       <Location /blocky/>
           AuthLDAPUrl "ldaps://ldap-eu-ro.apache.org/ou=people,dc=apache,dc=org?uid"
           AuthLDAPRemoteUserAttribute member
           AuthName "ASF Infrastructure-root Only"
           AuthType Basic
           AuthBasicProvider ldap
           AuthLDAPGroupAttributeIsDN on
           Require ldap-group cn=infrastructure-root,ou=groups,ou=services,dc=apache,dc=org
           AcceptPathInfo On
           DirectoryIndex index.html
       </Location>
       <LocationMatch ^/((app|ui|bundles|api|plugins|es_admin|elasticsearch)/.*)$>
           AuthLDAPUrl "ldaps://ldap-eu-ro.apache.org/ou=people,dc=apache,dc=org?uid"
           AuthLDAPRemoteUserAttribute member
           AuthName "ASF Infrastructure-root/logging Only"
           AuthType Basic
           AuthBasicProvider ldap
           AuthLDAPGroupAttributeIsDN on
           <RequireAny>
             Require ldap-group cn=infrastructure-root,ou=groups,ou=services,dc=apache,dc=org
             Require ldap-group cn=infrastructure-logging,ou=groups,ou=services,dc=apache,dc=org
           </RequireAny>
           ProxyPass http://127.0.0.1:5602/$1
       </LocationMatch>
	---
	classes:
	- elasticsearch
	- apache
	- apache::mod::authnz_ldap
	- apache::mod::ext_filter
	- apache::mod::headers
	- apache::mod::proxy
	- apache::mod::proxy_http
	- apache::mod::rewrite
	- datadog_agent::integrations::elasticsearch
	- oraclejava::install
	- ssl::name::wildcard_apache_org
	- vhosts_asf::modules
	- vhosts_asf::vhosts

	base::basepackages:
	- 'lua5.2'
	- 'liblua5.2-dev'
	- 'lua5.2-cjson'
	- 'lua5.2-socket'
	- 'lua5.2-sec'

	vhosts_asf::modules::modules:
	allowmethods:
	name: 'allowmethods'
	lua:
	name: 'lua'

	datadog_agent::integrations::elasticsearch::url: 'http://10.90.21.11:9200'

	elasticsearch::init_defaults:
	DATA_DIR: '/elastic/db/'
	elasticsearch::jvm_options:
	- '-Xms31g'
	- '-Xmx31g'
	elasticsearch::java_install: true
	elasticsearch::version: '5.4.3'
	elasticsearch::ensure: 'present'
	elasticsearch::status: 'enabled'
	elasticsearch::instances:
	asful:
	datadir: '/elastic/db/'
	config:
	node.name: 'es-cluster-eu-01'
	discovery.zen.minimum_master_nodes: '2'
	network.host: '10.90.21.11'
	discovery.zen.ping.unicast.hosts:
	- 10.90.21.11
	- 10.91.3.208
	- 10.90.183.199

	apache::default_vhost: false
	apache::default_ssl_cert: '/etc/ssl/certs/wildcard.apache.org.crt'
	apache::default_ssl_chain: '/etc/ssl/certs/wildcard.apache.org.chain'
	apache::default_ssl_key: '/etc/ssl/private/wildcard.apache.org.key'

	apache::mpm_module: 'event'

	apache::mod::event::listenbacklog: '511'
	apache::mod::event::maxclients: '500'
	apache::mod::event::maxconnectionsperchild: '20000'
	apache::mod::event::maxrequestworkers: '300'
	apache::mod::event::maxsparethreads: '250'
	apache::mod::event::minsparethreads: '50'
	apache::mod::event::serverlimit: '6'
	apache::mod::event::startservers: '3'
	apache::mod::event::threadlimit: '300'
	apache::mod::event::threadsperchild: '50'

	logrotate::rule:
	apache2:
	ensure: 'present'

	oraclejava::install::version: '8'
	oraclejava::install::unlimited_jce: true

	vhosts_asf::vhosts::vhosts:
	es-cluster-01-ssl:
	vhost_name: '*'
	ensure: 'present'
	port: 443
	ssl: true
	servername: 'es-cluster-eu-01.apache.org'
	serveradmin: 'webmaster@apache.org'
	docroot: '/var/www/snappy/'
	access_log_file: '/dev/null'
	error_log_file: 'es-cluster-eu-01.apache.org.error.log'
	custom_fragment: \|
	<Location /logstash/%{hiera('loggy::route')}/>
	AllowMethods POST PUT HEAD
	<If "%%{HIERA}{REQUEST_METHOD} in { 'GET', 'DELETE' }">
	Require all denied
	</If>
	ProxyPass http://10.90.21.11:9200/
	</Location>
	blocky-ssl:
	vhost_name: '*'
	ensure: 'present'
	port: 443
	ssl: true
	servername: 'blocky.apache.org'
	serveradmin: 'webmaster@apache.org'
	docroot: '/var/www/snappy/'
	access_log_file: 'logsearch.apache.org.ssl_access.log'
	error_log_file: 'logsearch.apache.org.error.log'
	custom_fragment: \|
	Header set Access-Control-Allow-Origin "*"
	Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
	Header set Access-Control-Allow-Headers "X-PINGOTHER"
	Header set Access-Control-Max-Age "1728000"
	Alias /json/ /var/www/html/json/
	<Directory /var/www/html>
	Require all granted
	Options +Indexes
	</Directory>
	LuaScope thread
	LuaCodeCache stat
	AddHandler lua-script .lua
	RewriteEngine On
	RewriteRule ^/?blocky.json /blocky/api/blocklist.lua
	<Location /blocky/>
	AuthLDAPUrl "ldaps://ldap-eu-ro.apache.org/ou=people,dc=apache,dc=org?uid"
	AuthLDAPRemoteUserAttribute member
	AuthName "ASF Infrastructure-root Only"
	AuthType Basic
	AuthBasicProvider ldap
	AuthLDAPGroupAttributeIsDN on
	Require ldap-group cn=infrastructure-root,ou=groups,ou=services,dc=apache,dc=org
	AcceptPathInfo On
	DirectoryIndex index.html
	</Location>
	<LocationMatch ^/((app\|ui\|bundles\|api\|plugins\|es_admin\|elasticsearch)/.*)$>
	AuthLDAPUrl "ldaps://ldap-eu-ro.apache.org/ou=people,dc=apache,dc=org?uid"
	AuthLDAPRemoteUserAttribute member
	AuthName "ASF Infrastructure-root/logging Only"
	AuthType Basic
	AuthBasicProvider ldap
	AuthLDAPGroupAttributeIsDN on
	<RequireAny>
	Require ldap-group cn=infrastructure-root,ou=groups,ou=services,dc=apache,dc=org
	Require ldap-group cn=infrastructure-logging,ou=groups,ou=services,dc=apache,dc=org
	</RequireAny>
	ProxyPass http://127.0.0.1:5602/$1
	</LocationMatch>