blob: 9a6088eafa4e8e299be29a7abe2699facfc0d131 [file] [log] [blame]
---
classes:
- elasticsearch
- apache
- apache::mod::authnz_ldap
- apache::mod::ext_filter
- apache::mod::headers
- apache::mod::proxy
- apache::mod::proxy_http
- apache::mod::rewrite
- datadog_agent::integrations::elasticsearch
- oraclejava::install
- ssl::name::wildcard_apache_org
- vhosts_asf::modules
- vhosts_asf::vhosts
- webstats
base::basepackages:
- 'lua5.2'
- 'liblua5.2-dev'
- 'lua5.2-cjson'
- 'lua5.2-socket'
- 'lua5.2-sec'
vhosts_asf::modules::modules:
allowmethods:
name: 'allowmethods'
lua:
name: 'lua'
datadog_agent::integrations::elasticsearch::url: 'http://localhost:9200'
dnsclient::nameservers:
- '213.133.100.100'
- '213.133.98.98'
- '213.133.99.99'
- '2a01:4f8:0:a102::add:9999'
- '2a01:4f8:0:a111::add:9898'
- '2a01:4f8:0:a0a1::add:1010'
elasticsearch::init_defaults:
DATA_DIR: '/x1/elastic/db/'
elasticsearch::jvm_options:
- '-Xms30g'
- '-Xmx30g'
elasticsearch::java_install: true
elasticsearch::version: '5.6.6'
elasticsearch::ensure: 'present'
elasticsearch::status: 'enabled'
elasticsearch::default_logging_level: 'WARN'
elasticsearch::instances:
asful:
datadir: '/x1/elastic/db/'
config:
node.name: 'es1-eu-mid'
discovery.zen.minimum_master_nodes: '2'
network.host: '0.0.0.0'
discovery.zen.ping.unicast.hosts:
- 94.130.237.55
- 94.130.237.59
apache::default_vhost: false
apache::default_ssl_cert: '/etc/ssl/certs/wildcard.apache.org.crt'
apache::default_ssl_chain: '/etc/ssl/certs/wildcard.apache.org.chain'
apache::default_ssl_key: '/etc/ssl/private/wildcard.apache.org.key'
apache::mpm_module: 'event'
apache::mod::event::listenbacklog: '511'
apache::mod::event::maxclients: '1000'
apache::mod::event::maxconnectionsperchild: '20000'
apache::mod::event::maxrequestworkers: '1000'
apache::mod::event::maxsparethreads: '500'
apache::mod::event::minsparethreads: '100'
apache::mod::event::serverlimit: '10'
apache::mod::event::startservers: '5'
apache::mod::event::threadlimit: '1000'
apache::mod::event::threadsperchild: '100'
# Hermes etc needs old-skool stuff still
apache::mod::ssl::ssl_cipher: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'
apache::mod::ssl::ssl_protocol: ['all', '-SSLv2', '-SSLv3']
cron:
# Curator cron for keeping disk space happy
curator:
user: 'root'
minute: [0]
hour: '2'
command: 'cd /root/ && python3 curator.py'
logrotate::rule:
apache2:
ensure: 'present'
vhosts_asf::vhosts::vhosts:
es1-eu-mid-ssl:
vhost_name: '*'
ensure: 'present'
port: 443
ssl: true
servername: 'es1-eu-mid.apache.org'
serveradmin: 'webmaster@apache.org'
docroot: '/var/www/snappy/'
access_log_file: '/dev/null'
error_log_file: 'es1-eu-mid.apache.org.error.log'
custom_fragment: |
<Location /logstash/%{hiera('loggy::route')}/>
AllowMethods POST PUT HEAD
<If "%%{HIERA}{REQUEST_METHOD} in { 'GET', 'DELETE' }">
Require all denied
</If>
ProxyPass http://localhost:9200/
</Location>
blocky-ssl:
vhost_name: '*'
ensure: 'present'
port: 443
ssl: true
servername: 'blocky.apache.org'
serveradmin: 'webmaster@apache.org'
docroot: '/var/www/snappy/'
access_log_file: 'logsearch.apache.org.ssl_access.log'
error_log_file: 'logsearch.apache.org.error.log'
custom_fragment: |
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
Header set Access-Control-Allow-Headers "X-PINGOTHER"
Header set Access-Control-Max-Age "1728000"
Alias /json/ /var/www/html/json/
<Directory /var/www/html>
Require all granted
Options +Indexes
</Directory>
LuaScope thread
LuaCodeCache stat
AddHandler lua-script .lua
RewriteEngine On
RewriteRule ^/?blocky.json /blocky/api/blocklist.lua
<Location /blocky/>
AuthLDAPUrl "ldaps://ldap-eu-ro.apache.org/ou=people,dc=apache,dc=org?uid"
AuthLDAPRemoteUserAttribute member
AuthName "ASF Infrastructure-root Only"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
Require ldap-group cn=infrastructure-root,ou=groups,ou=services,dc=apache,dc=org
AcceptPathInfo On
DirectoryIndex index.html
</Location>
<LocationMatch ^/((app|ui|bundles|api|plugins|es_admin|elasticsearch)/.*)$>
AuthLDAPUrl "ldaps://ldap-eu-ro.apache.org/ou=people,dc=apache,dc=org?uid"
AuthLDAPRemoteUserAttribute member
AuthName "ASF Infrastructure-root/logging Only"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
<RequireAny>
Require ldap-group cn=infrastructure-root,ou=groups,ou=services,dc=apache,dc=org
Require ldap-group cn=infrastructure-logging,ou=groups,ou=services,dc=apache,dc=org
</RequireAny>
ProxyPass http://127.0.0.1:5602/$1
</LocationMatch>