mirror of
https://github.com/zulip/zulip.git
synced 2025-10-23 04:52:12 +00:00
puppet: Rename puppet/zulip_ops to puppet/kandra.
This makes for easier tab-completion, and also is a bit more explicit about the expected consumer.
This commit is contained in:
Alex Vandiver
committed by
Tim Abbott
Tim Abbott
parent
f4ad102d39
commit
b23d90ed62
@@ -7,7 +7,7 @@ This script just checks the contents of a file. The forwarding test
|
||||
itself lives in api/integrations/zephyr/check-mirroring and should be
|
||||
run out of cron.
|
||||
|
||||
See puppet/zulip_ops/files/cron.d/zephyr-mirror for the crontab details.
|
||||
See puppet/kandra/files/cron.d/zephyr-mirror for the crontab details.
|
||||
"""
|
||||
import os
|
||||
import sys
|
||||
@@ -1,4 +1,4 @@
|
||||
class zulip_ops::apache {
|
||||
class kandra::apache {
|
||||
$apache_packages = [# Needed to run Apache with WSGI
|
||||
'apache2',
|
||||
'libapache2-mod-wsgi',
|
||||
@@ -28,7 +28,7 @@ class zulip_ops::apache {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0640',
|
||||
source => 'puppet:///modules/zulip_ops/apache/ports.conf',
|
||||
source => 'puppet:///modules/kandra/apache/ports.conf',
|
||||
notify => Service['apache2'],
|
||||
}
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
class zulip_ops::app_frontend {
|
||||
class kandra::app_frontend {
|
||||
include zulip::app_frontend_base
|
||||
include zulip::profile::memcached
|
||||
include zulip::profile::rabbitmq
|
||||
include zulip::postfix_localmail
|
||||
include zulip::static_asset_compiler
|
||||
include zulip::hooks::sentry
|
||||
include zulip_ops::app_frontend_monitoring
|
||||
include kandra::app_frontend_monitoring
|
||||
|
||||
zulip_ops::firewall_allow{ 'smtp': }
|
||||
zulip_ops::firewall_allow{ 'http': }
|
||||
zulip_ops::firewall_allow{ 'https': }
|
||||
kandra::firewall_allow{ 'smtp': }
|
||||
kandra::firewall_allow{ 'http': }
|
||||
kandra::firewall_allow{ 'https': }
|
||||
|
||||
$redis_hostname = zulipconf('redis', 'hostname', undef)
|
||||
group { 'redistunnel':
|
||||
@@ -25,7 +25,7 @@ class zulip_ops::app_frontend {
|
||||
home => '/home/redistunnel',
|
||||
managehome => true,
|
||||
}
|
||||
zulip_ops::user_dotfiles { 'redistunnel':
|
||||
kandra::user_dotfiles { 'redistunnel':
|
||||
keys => true,
|
||||
known_hosts => [$redis_hostname],
|
||||
}
|
||||
@@ -34,12 +34,12 @@ class zulip_ops::app_frontend {
|
||||
ensure => file,
|
||||
require => [
|
||||
Package['supervisor', 'autossh'],
|
||||
Zulip_Ops::User_Dotfiles['redistunnel'],
|
||||
Kandra::User_Dotfiles['redistunnel'],
|
||||
],
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/redis_tunnel.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/redis_tunnel.conf.template.erb'),
|
||||
notify => Service['supervisor'],
|
||||
}
|
||||
# Need redis_password in its own file for Nagios
|
||||
@@ -57,7 +57,7 @@ class zulip_ops::app_frontend {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/nginx/zulip-include-app.d/well-known.conf',
|
||||
source => 'puppet:///modules/kandra/nginx/zulip-include-app.d/well-known.conf',
|
||||
notify => Service['nginx'],
|
||||
}
|
||||
|
||||
@@ -68,6 +68,6 @@ class zulip_ops::app_frontend {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/cron.d/fetch-contributor-data',
|
||||
source => 'puppet:///modules/kandra/cron.d/fetch-contributor-data',
|
||||
}
|
||||
}
|
||||
@@ -1,11 +1,11 @@
|
||||
# @summary Munin monitoring of a Django frontend and RabbitMQ server.
|
||||
#
|
||||
class zulip_ops::app_frontend_monitoring {
|
||||
include zulip_ops::prometheus::rabbitmq
|
||||
include zulip_ops::prometheus::uwsgi
|
||||
include zulip_ops::prometheus::process
|
||||
zulip_ops::firewall_allow { 'grok_exporter': port => '9144' }
|
||||
include zulip_ops::munin_node
|
||||
class kandra::app_frontend_monitoring {
|
||||
include kandra::prometheus::rabbitmq
|
||||
include kandra::prometheus::uwsgi
|
||||
include kandra::prometheus::process
|
||||
kandra::firewall_allow { 'grok_exporter': port => '9144' }
|
||||
include kandra::munin_node
|
||||
$munin_plugins = [
|
||||
'rabbitmq_connections',
|
||||
'rabbitmq_consumers',
|
||||
@@ -15,7 +15,7 @@ class zulip_ops::app_frontend_monitoring {
|
||||
'rabbitmq_queue_memory',
|
||||
'zulip_send_receive_timing',
|
||||
]
|
||||
zulip_ops::munin_plugin { $munin_plugins: }
|
||||
kandra::munin_plugin { $munin_plugins: }
|
||||
|
||||
file { '/etc/cron.d/rabbitmq-monitoring':
|
||||
ensure => file,
|
||||
@@ -1,12 +1,12 @@
|
||||
# @summary Installs the AWS CLI
|
||||
#
|
||||
class zulip_ops::aws_tools {
|
||||
class kandra::aws_tools {
|
||||
$is_ec2 = zulipconf('machine', 'hosting_provider', 'ec2') == 'ec2'
|
||||
|
||||
file { '/usr/local/bin/install-aws-cli':
|
||||
ensure => file,
|
||||
mode => '0755',
|
||||
source => 'puppet:///modules/zulip_ops/install-aws-cli',
|
||||
source => 'puppet:///modules/kandra/install-aws-cli',
|
||||
}
|
||||
exec { 'install-aws-cli':
|
||||
require => File['/usr/local/bin/install-aws-cli'],
|
||||
@@ -49,7 +49,7 @@ class zulip_ops::aws_tools {
|
||||
mode => '0755',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
source => 'puppet:///modules/zulip_ops/teleport-aws-credentials',
|
||||
source => 'puppet:///modules/kandra/teleport-aws-credentials',
|
||||
}
|
||||
}
|
||||
file { '/root/.aws':
|
||||
@@ -66,7 +66,7 @@ class zulip_ops::aws_tools {
|
||||
mode => '0644',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('zulip_ops/dotfiles/aws_config.erb'),
|
||||
content => template('kandra/dotfiles/aws_config.erb'),
|
||||
}
|
||||
|
||||
# Pull keys and authorized_keys from AWS secretsmanager
|
||||
@@ -76,7 +76,7 @@ class zulip_ops::aws_tools {
|
||||
mode => '0755',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
source => 'puppet:///modules/zulip_ops/install-ssh-keys',
|
||||
source => 'puppet:///modules/kandra/install-ssh-keys',
|
||||
}
|
||||
file { '/usr/local/bin/install-ssh-authorized-keys':
|
||||
ensure => file,
|
||||
@@ -84,6 +84,6 @@ class zulip_ops::aws_tools {
|
||||
mode => '0755',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
source => 'puppet:///modules/zulip_ops/install-ssh-authorized-keys',
|
||||
source => 'puppet:///modules/kandra/install-ssh-authorized-keys',
|
||||
}
|
||||
}
|
||||
7
puppet/kandra/manifests/camo.pp
Normal file
7
puppet/kandra/manifests/camo.pp
Normal file
@@ -0,0 +1,7 @@
|
||||
class kandra::camo {
|
||||
class { 'zulip::camo':
|
||||
listen_address => '0.0.0.0',
|
||||
}
|
||||
|
||||
kandra::firewall_allow { 'camo': port => '9292' }
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
class zulip_ops::firewall {
|
||||
class kandra::firewall {
|
||||
package { 'iptables-persistent': }
|
||||
concat { '/etc/iptables/rules.v4':
|
||||
ensure => present,
|
||||
@@ -7,12 +7,12 @@ class zulip_ops::firewall {
|
||||
}
|
||||
concat::fragment { 'iptables-header.v4':
|
||||
target => '/etc/iptables/rules.v4',
|
||||
source => 'puppet:///modules/zulip_ops/iptables/header.v4',
|
||||
source => 'puppet:///modules/kandra/iptables/header.v4',
|
||||
order => '01',
|
||||
}
|
||||
concat::fragment { 'iptables-trailer.v4':
|
||||
target => '/etc/iptables/rules.v4',
|
||||
source => 'puppet:///modules/zulip_ops/iptables/trailer.v4',
|
||||
source => 'puppet:///modules/kandra/iptables/trailer.v4',
|
||||
order => '99',
|
||||
}
|
||||
|
||||
@@ -23,12 +23,12 @@ class zulip_ops::firewall {
|
||||
}
|
||||
concat::fragment { 'iptables-header.v6':
|
||||
target => '/etc/iptables/rules.v6',
|
||||
source => 'puppet:///modules/zulip_ops/iptables/header.v6',
|
||||
source => 'puppet:///modules/kandra/iptables/header.v6',
|
||||
order => '01',
|
||||
}
|
||||
concat::fragment { 'iptables-trailer.v6':
|
||||
target => '/etc/iptables/rules.v6',
|
||||
source => 'puppet:///modules/zulip_ops/iptables/trailer.v6',
|
||||
source => 'puppet:///modules/kandra/iptables/trailer.v6',
|
||||
order => '99',
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
#
|
||||
# Rules with the same ordering are ordered by the rule name.
|
||||
#
|
||||
define zulip_ops::firewall_allow (
|
||||
define kandra::firewall_allow (
|
||||
$port = '',
|
||||
$proto = 'tcp',
|
||||
$order = '50',
|
||||
@@ -1,4 +1,4 @@
|
||||
class zulip_ops::ksplice_uptrack {
|
||||
class kandra::ksplice_uptrack {
|
||||
$ksplice_access_key = zulipsecret('secrets', 'ksplice_access_key', '')
|
||||
if $ksplice_access_key != '' {
|
||||
file { '/etc/uptrack':
|
||||
@@ -12,7 +12,7 @@ class zulip_ops::ksplice_uptrack {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/uptrack/uptrack.conf.erb'),
|
||||
content => template('kandra/uptrack/uptrack.conf.erb'),
|
||||
}
|
||||
$setup_apt_repo_file = "${::zulip_scripts_path}/lib/setup-apt-repo"
|
||||
exec{ 'setup-apt-repo-ksplice':
|
||||
@@ -1,4 +1,4 @@
|
||||
class zulip_ops::munin_node {
|
||||
class kandra::munin_node {
|
||||
zulip::safepackage { ['munin-node', 'munin-plugins-extra']: ensure => installed }
|
||||
|
||||
service { 'munin-node':
|
||||
@@ -11,7 +11,7 @@ class zulip_ops::munin_node {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/munin/munin-node.conf',
|
||||
source => 'puppet:///modules/kandra/munin/munin-node.conf',
|
||||
notify => Service['munin-node'],
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ class zulip_ops::munin_node {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/munin/plugin-conf.d',
|
||||
source => 'puppet:///modules/kandra/munin/plugin-conf.d',
|
||||
notify => Service['munin-node'],
|
||||
}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
define zulip_ops::munin_plugin {
|
||||
define kandra::munin_plugin {
|
||||
file { "/usr/local/munin/lib/plugins/${title}":
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
source => "puppet:///modules/zulip_ops/munin-plugins/${title}",
|
||||
source => "puppet:///modules/kandra/munin-plugins/${title}",
|
||||
}
|
||||
|
||||
file { "/etc/munin/plugins/${name}":
|
||||
@@ -1,4 +1,4 @@
|
||||
class zulip_ops::prod_app_frontend_once {
|
||||
class kandra::prod_app_frontend_once {
|
||||
include zulip::app_frontend_once
|
||||
include zulip::hooks::push_git_ref
|
||||
include zulip::hooks::zulip_notify
|
||||
@@ -32,7 +32,7 @@ class zulip_ops::prod_app_frontend_once {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/cron.d/check_send_receive_time',
|
||||
source => 'puppet:///modules/kandra/cron.d/check_send_receive_time',
|
||||
}
|
||||
|
||||
file { '/etc/cron.d/check_user_zephyr_mirror_liveness':
|
||||
@@ -40,6 +40,6 @@ class zulip_ops::prod_app_frontend_once {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/cron.d/check_user_zephyr_mirror_liveness',
|
||||
source => 'puppet:///modules/kandra/cron.d/check_user_zephyr_mirror_liveness',
|
||||
}
|
||||
}
|
||||
@@ -1,12 +1,12 @@
|
||||
class zulip_ops::profile::base {
|
||||
class kandra::profile::base {
|
||||
include zulip::profile::base
|
||||
include zulip_ops::munin_node
|
||||
include zulip_ops::ksplice_uptrack
|
||||
include zulip_ops::firewall
|
||||
include zulip_ops::teleport::node
|
||||
include zulip_ops::prometheus::node
|
||||
include kandra::munin_node
|
||||
include kandra::ksplice_uptrack
|
||||
include kandra::firewall
|
||||
include kandra::teleport::node
|
||||
include kandra::prometheus::node
|
||||
|
||||
zulip_ops::firewall_allow { 'ssh': order => '10'}
|
||||
kandra::firewall_allow { 'ssh': order => '10'}
|
||||
$is_ec2 = zulipconf('machine', 'hosting_provider', 'ec2') == 'ec2'
|
||||
|
||||
$org_base_packages = [
|
||||
@@ -43,30 +43,30 @@ class zulip_ops::profile::base {
|
||||
file { '/etc/apt/apt.conf.d/02periodic':
|
||||
ensure => file,
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/apt/apt.conf.d/02periodic',
|
||||
source => 'puppet:///modules/kandra/apt/apt.conf.d/02periodic',
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/50unattended-upgrades':
|
||||
ensure => file,
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/apt/apt.conf.d/50unattended-upgrades',
|
||||
source => 'puppet:///modules/kandra/apt/apt.conf.d/50unattended-upgrades',
|
||||
}
|
||||
if $::os['distro']['release']['major'] == '22.04' {
|
||||
file { '/etc/needrestart/conf.d/zulip.conf':
|
||||
ensure => file,
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/needrestart/zulip.conf',
|
||||
source => 'puppet:///modules/kandra/needrestart/zulip.conf',
|
||||
}
|
||||
}
|
||||
|
||||
user { 'root': }
|
||||
zulip_ops::user_dotfiles { 'root':
|
||||
kandra::user_dotfiles { 'root':
|
||||
home => '/root',
|
||||
keys => 'internal-read-only-deploy-key',
|
||||
authorized_keys => 'common',
|
||||
}
|
||||
|
||||
zulip_ops::user_dotfiles { 'zulip':
|
||||
kandra::user_dotfiles { 'zulip':
|
||||
keys => 'internal-read-only-deploy-key',
|
||||
authorized_keys => 'common',
|
||||
}
|
||||
@@ -75,14 +75,14 @@ class zulip_ops::profile::base {
|
||||
ensure => running,
|
||||
}
|
||||
|
||||
include zulip_ops::aws_tools
|
||||
include kandra::aws_tools
|
||||
|
||||
if $is_ec2 {
|
||||
# EC2 hosts can use the in-VPC timeserver
|
||||
file { '/etc/chrony/chrony.conf':
|
||||
ensure => file,
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/chrony.conf',
|
||||
source => 'puppet:///modules/kandra/chrony.conf',
|
||||
require => Package['chrony'],
|
||||
notify => Service['chrony'],
|
||||
}
|
||||
@@ -107,7 +107,7 @@ class zulip_ops::profile::base {
|
||||
group => 'nagios',
|
||||
mode => '0700',
|
||||
}
|
||||
zulip_ops::user_dotfiles { 'nagios':
|
||||
kandra::user_dotfiles { 'nagios':
|
||||
home => '/var/lib/nagios',
|
||||
authorized_keys => true,
|
||||
}
|
||||
20
puppet/kandra/manifests/profile/chat_zulip_org.pp
Normal file
20
puppet/kandra/manifests/profile/chat_zulip_org.pp
Normal file
@@ -0,0 +1,20 @@
|
||||
class kandra::profile::chat_zulip_org inherits kandra::profile::base {
|
||||
include zulip::profile::standalone
|
||||
include zulip::postfix_localmail
|
||||
include zulip::hooks::sentry
|
||||
|
||||
include kandra::app_frontend_monitoring
|
||||
include kandra::prometheus::redis
|
||||
include kandra::prometheus::postgresql
|
||||
kandra::firewall_allow { 'smokescreen_metrics': port => '9810' }
|
||||
kandra::firewall_allow { 'http': }
|
||||
kandra::firewall_allow { 'https': }
|
||||
kandra::firewall_allow { 'smtp': }
|
||||
|
||||
Kandra::User_Dotfiles['root'] {
|
||||
keys => false,
|
||||
}
|
||||
Kandra::User_Dotfiles['zulip'] {
|
||||
keys => false,
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
# @summary Observability using Grafana
|
||||
#
|
||||
class zulip_ops::profile::grafana inherits zulip_ops::profile::base {
|
||||
class kandra::profile::grafana inherits kandra::profile::base {
|
||||
|
||||
include zulip::supervisor
|
||||
|
||||
@@ -39,8 +39,8 @@ class zulip_ops::profile::grafana inherits zulip_ops::profile::base {
|
||||
group => 'grafana',
|
||||
}
|
||||
|
||||
zulip_ops::teleport::application { 'monitoring': port => '3000' }
|
||||
zulip_ops::firewall_allow { 'grafana': port => '3000' }
|
||||
kandra::teleport::application { 'monitoring': port => '3000' }
|
||||
kandra::firewall_allow { 'grafana': port => '3000' }
|
||||
file { "${zulip::common::supervisor_conf_dir}/grafana.conf":
|
||||
ensure => file,
|
||||
require => [
|
||||
@@ -52,7 +52,7 @@ class zulip_ops::profile::grafana inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/grafana.conf.erb'),
|
||||
content => template('kandra/supervisor/conf.d/grafana.conf.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
|
||||
@@ -67,7 +67,7 @@ class zulip_ops::profile::grafana inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/grafana/grafana.ini',
|
||||
source => 'puppet:///modules/kandra/grafana/grafana.ini',
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
class zulip_ops::profile::munin_server inherits zulip_ops::profile::base {
|
||||
class kandra::profile::munin_server inherits kandra::profile::base {
|
||||
|
||||
include zulip_ops::apache
|
||||
include kandra::apache
|
||||
include zulip::supervisor
|
||||
|
||||
$munin_packages = [
|
||||
@@ -18,7 +18,7 @@ class zulip_ops::profile::munin_server inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/munin/apache.conf',
|
||||
source => 'puppet:///modules/kandra/munin/apache.conf',
|
||||
notify => Service['apache2'],
|
||||
}
|
||||
|
||||
@@ -40,7 +40,7 @@ class zulip_ops::profile::munin_server inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/munin/munin.conf.erb'),
|
||||
content => template('kandra/munin/munin.conf.erb'),
|
||||
}
|
||||
|
||||
file { "${zulip::common::supervisor_conf_dir}/munin_tunnels.conf":
|
||||
@@ -49,7 +49,7 @@ class zulip_ops::profile::munin_server inherits zulip_ops::profile::base {
|
||||
mode => '0644',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('zulip_ops/supervisor/conf.d/munin_tunnels.conf.erb'),
|
||||
content => template('kandra/supervisor/conf.d/munin_tunnels.conf.erb'),
|
||||
notify => Service['supervisor'],
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
class kandra::profile::nagios inherits kandra::profile::base {
|
||||
|
||||
include zulip_ops::apache
|
||||
include kandra::apache
|
||||
|
||||
zulip::ssh_keys { 'nagios': }
|
||||
$nagios_packages = [# Packages needed for Nagios
|
||||
@@ -40,7 +40,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/nagios4/',
|
||||
source => 'puppet:///modules/kandra/nagios4/',
|
||||
notify => Service['nagios4'],
|
||||
}
|
||||
|
||||
@@ -50,7 +50,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0640',
|
||||
content => template('zulip_ops/nagios_apache_site.conf.template.erb'),
|
||||
content => template('kandra/nagios_apache_site.conf.template.erb'),
|
||||
}
|
||||
apache2site { 'nagios':
|
||||
ensure => present,
|
||||
@@ -60,7 +60,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
],
|
||||
notify => Service['apache2'],
|
||||
}
|
||||
zulip_ops::teleport::application{ 'nagios':
|
||||
kandra::teleport::application{ 'nagios':
|
||||
description => 'Monitoring: nagios and munin',
|
||||
port => '3000',
|
||||
}
|
||||
@@ -70,7 +70,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/nagios4/contacts.cfg.template.erb'),
|
||||
content => template('kandra/nagios4/contacts.cfg.template.erb'),
|
||||
notify => Service['nagios4'],
|
||||
}
|
||||
file { '/etc/nagios4/conf.d/hosts.cfg':
|
||||
@@ -78,7 +78,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/nagios4/hosts.cfg.template.erb'),
|
||||
content => template('kandra/nagios4/hosts.cfg.template.erb'),
|
||||
notify => Service['nagios4'],
|
||||
}
|
||||
file { '/etc/nagios4/conf.d/localhost.cfg':
|
||||
@@ -86,7 +86,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/nagios4/localhost.cfg.template.erb'),
|
||||
content => template('kandra/nagios4/localhost.cfg.template.erb'),
|
||||
notify => Service['nagios4'],
|
||||
}
|
||||
|
||||
@@ -95,7 +95,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/nagios4/cgi.cfg.template.erb'),
|
||||
content => template('kandra/nagios4/cgi.cfg.template.erb'),
|
||||
notify => Service['nagios4'],
|
||||
}
|
||||
|
||||
@@ -120,7 +120,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
mode => '0644',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('zulip_ops/nagios_autossh.template.erb'),
|
||||
content => template('kandra/nagios_autossh.template.erb'),
|
||||
notify => Service['nagios4'],
|
||||
}
|
||||
|
||||
@@ -129,7 +129,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
mode => '0600',
|
||||
owner => 'nagios',
|
||||
group => 'nagios',
|
||||
content => template('zulip_ops/msmtprc_nagios.template.erb'),
|
||||
content => template('kandra/msmtprc_nagios.template.erb'),
|
||||
require => File['/var/lib/nagios'],
|
||||
}
|
||||
|
||||
@@ -138,7 +138,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
||||
mode => '0644',
|
||||
owner => 'nagios',
|
||||
group => 'nagios',
|
||||
source => 'puppet:///modules/zulip_ops/nagios_ssh_config',
|
||||
source => 'puppet:///modules/kandra/nagios_ssh_config',
|
||||
}
|
||||
|
||||
# Disable apparmor for msmtp so it can read the above config file
|
||||
@@ -1,13 +1,13 @@
|
||||
class zulip_ops::profile::postgresql inherits zulip_ops::profile::base {
|
||||
class kandra::profile::postgresql inherits kandra::profile::base {
|
||||
|
||||
include zulip::profile::postgresql
|
||||
include zulip_ops::teleport::db
|
||||
include zulip_ops::prometheus::postgresql
|
||||
include kandra::teleport::db
|
||||
include kandra::prometheus::postgresql
|
||||
|
||||
$common_packages = ['xfsprogs']
|
||||
package { $common_packages: ensure => installed }
|
||||
|
||||
zulip_ops::firewall_allow{ 'postgresql': }
|
||||
kandra::firewall_allow{ 'postgresql': }
|
||||
|
||||
zulip::sysctl { 'postgresql-swappiness':
|
||||
key => 'vm.swappiness',
|
||||
@@ -23,7 +23,7 @@ class zulip_ops::profile::postgresql inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0744',
|
||||
source => 'puppet:///modules/zulip_ops/postgresql/setup_disks.sh',
|
||||
source => 'puppet:///modules/kandra/postgresql/setup_disks.sh',
|
||||
}
|
||||
exec { 'setup_disks':
|
||||
command => '/root/setup_disks.sh',
|
||||
@@ -37,6 +37,6 @@ class zulip_ops::profile::postgresql inherits zulip_ops::profile::base {
|
||||
owner => 'postgres',
|
||||
group => 'postgres',
|
||||
mode => '0640',
|
||||
source => 'puppet:///modules/zulip_ops/postgresql/pg_hba.conf',
|
||||
source => 'puppet:///modules/kandra/postgresql/pg_hba.conf',
|
||||
}
|
||||
}
|
||||
@@ -1,11 +1,11 @@
|
||||
class zulip_ops::profile::prod_app_frontend inherits zulip_ops::profile::base {
|
||||
include zulip_ops::app_frontend
|
||||
class kandra::profile::prod_app_frontend inherits kandra::profile::base {
|
||||
include kandra::app_frontend
|
||||
include zulip::hooks::zulip_notify
|
||||
|
||||
Zulip_Ops::User_Dotfiles['root'] {
|
||||
Kandra::User_Dotfiles['root'] {
|
||||
keys => 'internal-limited-write-deploy-key',
|
||||
}
|
||||
Zulip_Ops::User_Dotfiles['zulip'] {
|
||||
Kandra::User_Dotfiles['zulip'] {
|
||||
keys => 'internal-limited-write-deploy-key',
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ class zulip_ops::profile::prod_app_frontend inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/nginx/sites-available/zulip',
|
||||
source => 'puppet:///modules/kandra/nginx/sites-available/zulip',
|
||||
notify => Service['nginx'],
|
||||
}
|
||||
|
||||
@@ -39,7 +39,7 @@ class zulip_ops::profile::prod_app_frontend inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
source => 'puppet:///modules/zulip_ops/nagios_plugins/zulip_zephyr_mirror',
|
||||
source => 'puppet:///modules/kandra/nagios_plugins/zulip_zephyr_mirror',
|
||||
}
|
||||
|
||||
# Prod has our Apple Push Notifications Service private key at
|
||||
@@ -2,18 +2,18 @@
|
||||
#
|
||||
# Only one instance is necessary.
|
||||
#
|
||||
class zulip_ops::profile::prometheus_server inherits zulip_ops::profile::base {
|
||||
class kandra::profile::prometheus_server inherits kandra::profile::base {
|
||||
|
||||
include zulip_ops::prometheus::base
|
||||
include kandra::prometheus::base
|
||||
|
||||
# This blackbox monitoring of the backup system runs locally
|
||||
include zulip_ops::prometheus::wal_g
|
||||
include kandra::prometheus::wal_g
|
||||
|
||||
# Ditto the Akamai logs
|
||||
include zulip_ops::prometheus::akamai
|
||||
include kandra::prometheus::akamai
|
||||
|
||||
# Export prometheus stats to status.zulip.com
|
||||
include zulip_ops::statuspage
|
||||
include kandra::statuspage
|
||||
|
||||
$version = $zulip::common::versions['prometheus']['version']
|
||||
$dir = "/srv/zulip-prometheus-${version}"
|
||||
@@ -48,7 +48,7 @@ class zulip_ops::profile::prometheus_server inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/prometheus/prometheus.yaml',
|
||||
source => 'puppet:///modules/kandra/prometheus/prometheus.yaml',
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
|
||||
@@ -63,7 +63,7 @@ class zulip_ops::profile::prometheus_server inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/prometheus.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/prometheus.conf.template.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
class zulip_ops::profile::redis inherits zulip_ops::profile::base {
|
||||
class kandra::profile::redis inherits kandra::profile::base {
|
||||
include zulip::profile::redis
|
||||
include zulip_ops::prometheus::redis
|
||||
include kandra::prometheus::redis
|
||||
|
||||
zulip::sysctl { 'redis-somaxconn':
|
||||
key => 'net.core.somaxconn',
|
||||
@@ -29,7 +29,7 @@ class zulip_ops::profile::redis inherits zulip_ops::profile::base {
|
||||
home => '/home/redistunnel',
|
||||
managehome => true,
|
||||
}
|
||||
zulip_ops::user_dotfiles { 'redistunnel':
|
||||
kandra::user_dotfiles { 'redistunnel':
|
||||
authorized_keys => true,
|
||||
}
|
||||
}
|
||||
9
puppet/kandra/manifests/profile/smokescreen.pp
Normal file
9
puppet/kandra/manifests/profile/smokescreen.pp
Normal file
@@ -0,0 +1,9 @@
|
||||
class kandra::profile::smokescreen inherits kandra::profile::base {
|
||||
|
||||
|
||||
include zulip::profile::smokescreen
|
||||
kandra::firewall_allow { 'smokescreen': port => '4750' }
|
||||
kandra::firewall_allow { 'smokescreen_metrics': port => '9810' }
|
||||
|
||||
include kandra::camo
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
class zulip_ops::profile::staging_app_frontend inherits zulip_ops::profile::base {
|
||||
class kandra::profile::staging_app_frontend inherits kandra::profile::base {
|
||||
|
||||
include zulip_ops::app_frontend
|
||||
include kandra::app_frontend
|
||||
|
||||
file { '/etc/nginx/sites-available/zulip-staging':
|
||||
ensure => file,
|
||||
@@ -8,7 +8,7 @@ class zulip_ops::profile::staging_app_frontend inherits zulip_ops::profile::base
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/nginx/sites-available/zulip-staging',
|
||||
source => 'puppet:///modules/kandra/nginx/sites-available/zulip-staging',
|
||||
notify => Service['nginx'],
|
||||
}
|
||||
file { '/etc/nginx/sites-enabled/zulip-staging':
|
||||
@@ -24,6 +24,6 @@ class zulip_ops::profile::staging_app_frontend inherits zulip_ops::profile::base
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/cron.d/check_send_receive_time',
|
||||
source => 'puppet:///modules/kandra/cron.d/check_send_receive_time',
|
||||
}
|
||||
}
|
||||
@@ -1,23 +1,23 @@
|
||||
class zulip_ops::profile::teleport inherits zulip_ops::profile::base {
|
||||
class kandra::profile::teleport inherits kandra::profile::base {
|
||||
|
||||
|
||||
file { '/etc/teleport_server.yaml':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/teleport_server.yaml',
|
||||
source => 'puppet:///modules/kandra/teleport_server.yaml',
|
||||
notify => Service['teleport_server'],
|
||||
}
|
||||
zulip_ops::teleport::part { 'server': }
|
||||
kandra::teleport::part { 'server': }
|
||||
|
||||
# https://goteleport.com/docs/admin-guide/#ports
|
||||
# Port 443 is outward-facing, for UI
|
||||
zulip_ops::firewall_allow { 'teleport_server_ui': port => 443 }
|
||||
kandra::firewall_allow { 'teleport_server_ui': port => 443 }
|
||||
# Port 3023 is outward-facing, for teleport clients to connect to.
|
||||
zulip_ops::firewall_allow { 'teleport_server_proxy': port => 3023 }
|
||||
kandra::firewall_allow { 'teleport_server_proxy': port => 3023 }
|
||||
# Port 3034 is outward-facing, for teleport servers outside the
|
||||
# cluster to connect back to establish reverse proxies.
|
||||
zulip_ops::firewall_allow { 'teleport_server_reverse': port => 3024 }
|
||||
kandra::firewall_allow { 'teleport_server_reverse': port => 3024 }
|
||||
# Port 3025 is inward-facing, for other nodes to look up auth information
|
||||
zulip_ops::firewall_allow { 'teleport_server_auth': port => 3025 }
|
||||
kandra::firewall_allow { 'teleport_server_auth': port => 3025 }
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
||||
class kandra::profile::zmirror inherits kandra::profile::base {
|
||||
|
||||
include zulip::supervisor
|
||||
|
||||
@@ -21,7 +21,7 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/supervisor/conf.d/zmirror.conf',
|
||||
source => 'puppet:///modules/kandra/supervisor/conf.d/zmirror.conf',
|
||||
notify => Service['supervisor'],
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/cron.d/zephyr-mirror',
|
||||
source => 'puppet:///modules/kandra/cron.d/zephyr-mirror',
|
||||
}
|
||||
|
||||
file { '/etc/krb5.conf':
|
||||
@@ -38,7 +38,7 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/krb5.conf',
|
||||
source => 'puppet:///modules/kandra/krb5.conf',
|
||||
}
|
||||
|
||||
file { '/etc/default/zephyr-clients':
|
||||
@@ -46,7 +46,7 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/zephyr-clients',
|
||||
source => 'puppet:///modules/kandra/zephyr-clients',
|
||||
}
|
||||
|
||||
file { '/usr/lib/nagios/plugins/zulip_zephyr_mirror':
|
||||
@@ -56,18 +56,18 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
source => 'puppet:///modules/zulip_ops/nagios_plugins/zulip_zephyr_mirror',
|
||||
source => 'puppet:///modules/kandra/nagios_plugins/zulip_zephyr_mirror',
|
||||
}
|
||||
|
||||
# Allow the relevant UDP ports
|
||||
concat::fragment { 'iptables-zmirror.v4':
|
||||
target => '/etc/iptables/rules.v4',
|
||||
source => 'puppet:///modules/zulip_ops/iptables/zmirror.v4',
|
||||
source => 'puppet:///modules/kandra/iptables/zmirror.v4',
|
||||
order => '20',
|
||||
}
|
||||
concat::fragment { 'iptables-zmirror.v6':
|
||||
target => '/etc/iptables/rules.v6',
|
||||
source => 'puppet:///modules/zulip_ops/iptables/zmirror.v6',
|
||||
source => 'puppet:///modules/kandra/iptables/zmirror.v6',
|
||||
order => '20',
|
||||
}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
class zulip_ops::profile::zmirror_personals inherits zulip_ops::profile::base {
|
||||
class kandra::profile::zmirror_personals inherits kandra::profile::base {
|
||||
|
||||
include zulip::supervisor
|
||||
|
||||
Zulip_Ops::User_Dotfiles['zulip'] {
|
||||
Kandra::User_Dotfiles['zulip'] {
|
||||
authorized_keys => [
|
||||
'common',
|
||||
'production-write-ccache',
|
||||
@@ -51,7 +51,7 @@ class zulip_ops::profile::zmirror_personals inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/krb5.conf',
|
||||
source => 'puppet:///modules/kandra/krb5.conf',
|
||||
}
|
||||
|
||||
concat::fragment { '01-supervisor-zmirror':
|
||||
@@ -73,7 +73,7 @@ class zulip_ops::profile::zmirror_personals inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/cron.d/test_zephyr_personal_mirrors',
|
||||
source => 'puppet:///modules/kandra/cron.d/test_zephyr_personal_mirrors',
|
||||
}
|
||||
|
||||
file { '/usr/lib/nagios/plugins/zulip_zephyr_mirror':
|
||||
@@ -83,18 +83,18 @@ class zulip_ops::profile::zmirror_personals inherits zulip_ops::profile::base {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
source => 'puppet:///modules/zulip_ops/nagios_plugins/zulip_zephyr_mirror',
|
||||
source => 'puppet:///modules/kandra/nagios_plugins/zulip_zephyr_mirror',
|
||||
}
|
||||
|
||||
# Allow the relevant UDP ports
|
||||
concat::fragment { 'iptables-zmirror.v4':
|
||||
target => '/etc/iptables/rules.v4',
|
||||
source => 'puppet:///modules/zulip_ops/iptables/zmirror.v4',
|
||||
source => 'puppet:///modules/kandra/iptables/zmirror.v4',
|
||||
order => '20',
|
||||
}
|
||||
concat::fragment { 'iptables-zmirror.v6':
|
||||
target => '/etc/iptables/rules.v6',
|
||||
source => 'puppet:///modules/zulip_ops/iptables/zmirror.v6',
|
||||
source => 'puppet:///modules/kandra/iptables/zmirror.v6',
|
||||
order => '20',
|
||||
}
|
||||
}
|
||||
8
puppet/kandra/manifests/profile/zulipbot_zulip_org.pp
Normal file
8
puppet/kandra/manifests/profile/zulipbot_zulip_org.pp
Normal file
@@ -0,0 +1,8 @@
|
||||
class kandra::profile::zulipbot_zulip_org inherits kandra::profile::base {
|
||||
|
||||
kandra::firewall_allow { 'http': }
|
||||
kandra::firewall_allow { 'https': }
|
||||
|
||||
# TODO: This does not do any configuration of zulipbot itself, or of
|
||||
# caddy.
|
||||
}
|
||||
@@ -1,11 +1,11 @@
|
||||
# @summary Prometheus monitoring of Akamai access logs
|
||||
#
|
||||
class zulip_ops::prometheus::akamai {
|
||||
include zulip_ops::prometheus::base
|
||||
include zulip_ops::vector
|
||||
class kandra::prometheus::akamai {
|
||||
include kandra::prometheus::base
|
||||
include kandra::vector
|
||||
include zulip::supervisor
|
||||
|
||||
$bin = $zulip_ops::vector::bin
|
||||
$bin = $kandra::vector::bin
|
||||
$conf = '/etc/vector.toml'
|
||||
$pipelines = {
|
||||
'static' => zulipsecret('secrets', 'akamai_static_sqs_url', ''),
|
||||
@@ -17,7 +17,7 @@ class zulip_ops::prometheus::akamai {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/vector.toml.template.erb'),
|
||||
content => template('kandra/vector.toml.template.erb'),
|
||||
}
|
||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_akamai_exporter.conf":
|
||||
ensure => file,
|
||||
@@ -30,7 +30,7 @@ class zulip_ops::prometheus::akamai {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/prometheus_akamai_exporter.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/prometheus_akamai_exporter.conf.template.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
# @summary Configures a node for monitoring with Prometheus
|
||||
#
|
||||
class zulip_ops::prometheus::base {
|
||||
class kandra::prometheus::base {
|
||||
group { 'prometheus':
|
||||
ensure => present,
|
||||
gid => '1060',
|
||||
@@ -1,7 +1,7 @@
|
||||
# @summary Configures a node for monitoring with Prometheus
|
||||
#
|
||||
class zulip_ops::prometheus::node {
|
||||
include zulip_ops::prometheus::base
|
||||
class kandra::prometheus::node {
|
||||
include kandra::prometheus::base
|
||||
include zulip::supervisor
|
||||
|
||||
$version = $zulip::common::versions['node_exporter']['version']
|
||||
@@ -14,7 +14,7 @@ class zulip_ops::prometheus::node {
|
||||
tarball_prefix => "node_exporter-${version}.linux-${zulip::common::goarch}",
|
||||
}
|
||||
|
||||
zulip_ops::firewall_allow { 'node_exporter': port => '9100' }
|
||||
kandra::firewall_allow { 'node_exporter': port => '9100' }
|
||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_node_exporter.conf":
|
||||
ensure => file,
|
||||
require => [
|
||||
@@ -25,7 +25,7 @@ class zulip_ops::prometheus::node {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/prometheus_node_exporter.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/prometheus_node_exporter.conf.template.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
# @summary Prometheus monitoring of postgresql servers
|
||||
#
|
||||
class zulip_ops::prometheus::postgresql {
|
||||
include zulip_ops::prometheus::base
|
||||
class kandra::prometheus::postgresql {
|
||||
include kandra::prometheus::base
|
||||
include zulip::supervisor
|
||||
include zulip::golang
|
||||
|
||||
@@ -55,7 +55,7 @@ class zulip_ops::prometheus::postgresql {
|
||||
user => 'postgres',
|
||||
}
|
||||
|
||||
zulip_ops::firewall_allow { 'postgres_exporter': port => '9187' }
|
||||
kandra::firewall_allow { 'postgres_exporter': port => '9187' }
|
||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_postgres_exporter.conf":
|
||||
ensure => file,
|
||||
require => [
|
||||
@@ -67,7 +67,7 @@ class zulip_ops::prometheus::postgresql {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/prometheus_postgres_exporter.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/prometheus_postgres_exporter.conf.template.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
# @summary Prometheus monitoring of Zulip server processes
|
||||
#
|
||||
class zulip_ops::prometheus::process {
|
||||
include zulip_ops::prometheus::base
|
||||
class kandra::prometheus::process {
|
||||
include kandra::prometheus::base
|
||||
include zulip::supervisor
|
||||
|
||||
$version = $zulip::common::versions['process_exporter']['version']
|
||||
@@ -15,14 +15,14 @@ class zulip_ops::prometheus::process {
|
||||
tarball_prefix => "process-exporter-${version}.linux-${zulip::common::goarch}",
|
||||
}
|
||||
|
||||
zulip_ops::firewall_allow { 'process_exporter': port => '9256' }
|
||||
kandra::firewall_allow { 'process_exporter': port => '9256' }
|
||||
file { $conf:
|
||||
ensure => file,
|
||||
require => User[zulip],
|
||||
owner => 'zulip',
|
||||
group => 'zulip',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/zulip_ops/process_exporter.yaml',
|
||||
source => 'puppet:///modules/kandra/process_exporter.yaml',
|
||||
}
|
||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_process_exporter.conf":
|
||||
ensure => file,
|
||||
@@ -35,7 +35,7 @@ class zulip_ops::prometheus::process {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/prometheus_process_exporter.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/prometheus_process_exporter.conf.template.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -2,13 +2,13 @@
|
||||
# the built-in prometheus plugin which serves on port 15692:
|
||||
# https://www.rabbitmq.com/prometheus.html
|
||||
#
|
||||
class zulip_ops::prometheus::rabbitmq {
|
||||
include zulip_ops::prometheus::base
|
||||
class kandra::prometheus::rabbitmq {
|
||||
include kandra::prometheus::base
|
||||
|
||||
exec { 'enable rabbitmq-prometheus':
|
||||
command => 'rabbitmq-plugins enable rabbitmq_prometheus',
|
||||
unless => 'grep -q rabbitmq_prometheus /etc/rabbitmq/enabled_plugins',
|
||||
require => Service['rabbitmq-server'],
|
||||
}
|
||||
zulip_ops::firewall_allow { 'rabbitmq': port => '15692' }
|
||||
kandra::firewall_allow { 'rabbitmq': port => '15692' }
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
# @summary Prometheus monitoring of redis servers
|
||||
#
|
||||
class zulip_ops::prometheus::redis {
|
||||
include zulip_ops::prometheus::base
|
||||
class kandra::prometheus::redis {
|
||||
include kandra::prometheus::base
|
||||
include zulip::supervisor
|
||||
|
||||
$version = $zulip::common::versions['redis_exporter']['version']
|
||||
@@ -14,7 +14,7 @@ class zulip_ops::prometheus::redis {
|
||||
tarball_prefix => "redis_exporter-v${version}.linux-${zulip::common::goarch}",
|
||||
}
|
||||
|
||||
zulip_ops::firewall_allow { 'redis_exporter': port => '9121' }
|
||||
kandra::firewall_allow { 'redis_exporter': port => '9121' }
|
||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_redis_exporter.conf":
|
||||
ensure => file,
|
||||
require => [
|
||||
@@ -25,7 +25,7 @@ class zulip_ops::prometheus::redis {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/prometheus_redis_exporter.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/prometheus_redis_exporter.conf.template.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
# @summary Prometheus monitoring of uwsgi servers
|
||||
#
|
||||
class zulip_ops::prometheus::uwsgi {
|
||||
include zulip_ops::prometheus::base
|
||||
class kandra::prometheus::uwsgi {
|
||||
include kandra::prometheus::base
|
||||
include zulip::supervisor
|
||||
|
||||
$version = $zulip::common::versions['uwsgi_exporter']['version']
|
||||
@@ -14,7 +14,7 @@ class zulip_ops::prometheus::uwsgi {
|
||||
tarball_prefix => "uwsgi_exporter-${version}.linux-${zulip::common::goarch}",
|
||||
}
|
||||
|
||||
zulip_ops::firewall_allow { 'uwsgi_exporter': port => '9238' }
|
||||
kandra::firewall_allow { 'uwsgi_exporter': port => '9238' }
|
||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_uwsgi_exporter.conf":
|
||||
ensure => file,
|
||||
require => [
|
||||
@@ -25,7 +25,7 @@ class zulip_ops::prometheus::uwsgi {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/prometheus_uwsgi_exporter.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/prometheus_uwsgi_exporter.conf.template.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
# @summary Prometheus monitoring of wal-g backups
|
||||
#
|
||||
class zulip_ops::prometheus::wal_g {
|
||||
include zulip_ops::prometheus::base
|
||||
class kandra::prometheus::wal_g {
|
||||
include kandra::prometheus::base
|
||||
include zulip::supervisor
|
||||
include zulip::wal_g
|
||||
|
||||
@@ -28,7 +28,7 @@ class zulip_ops::prometheus::wal_g {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/prometheus_wal_g_exporter.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/prometheus_wal_g_exporter.conf.template.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
define zulip_ops::ssh_authorized_keys(
|
||||
define kandra::ssh_authorized_keys(
|
||||
$keys = true,
|
||||
) {
|
||||
$user = $name
|
||||
@@ -1,4 +1,4 @@
|
||||
define zulip_ops::ssh_keys(
|
||||
define kandra::ssh_keys(
|
||||
$keys = true,
|
||||
) {
|
||||
$user = $name
|
||||
@@ -2,7 +2,7 @@
|
||||
#
|
||||
# Requires a /etc/zulip/statuspage.conf which maps statuspage.io
|
||||
# metric_ids to Prometheus queries.
|
||||
class zulip_ops::statuspage {
|
||||
class kandra::statuspage {
|
||||
$bin = '/usr/local/bin/statuspage-pusher'
|
||||
|
||||
file { $bin:
|
||||
@@ -10,7 +10,7 @@ class zulip_ops::statuspage {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
source => 'puppet:///modules/zulip_ops/statuspage-pusher',
|
||||
source => 'puppet:///modules/kandra/statuspage-pusher',
|
||||
}
|
||||
|
||||
file { "${zulip::common::supervisor_conf_dir}/statuspage-pusher.conf":
|
||||
@@ -22,7 +22,7 @@ class zulip_ops::statuspage {
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('zulip_ops/supervisor/conf.d/statuspage-pusher.conf.template.erb'),
|
||||
content => template('kandra/supervisor/conf.d/statuspage-pusher.conf.template.erb'),
|
||||
notify => Service[supervisor],
|
||||
}
|
||||
}
|
||||
@@ -1,15 +1,15 @@
|
||||
# @summary Adds an http "application" to the Teleport configuration for the host.
|
||||
#
|
||||
# See https://goteleport.com/docs/application-access/
|
||||
define zulip_ops::teleport::application (
|
||||
define kandra::teleport::application (
|
||||
$port,
|
||||
$description = '',
|
||||
$order = '50',
|
||||
) {
|
||||
include zulip_ops::teleport::application_top
|
||||
include kandra::teleport::application_top
|
||||
concat::fragment { "teleport_app_${name}":
|
||||
target => '/etc/teleport_node.yaml',
|
||||
order => $order,
|
||||
content => template('zulip_ops/teleport_app.yaml.template.erb'),
|
||||
content => template('kandra/teleport_app.yaml.template.erb'),
|
||||
}
|
||||
}
|
||||
@@ -1,10 +1,10 @@
|
||||
# @summary Enables application support on the node; include once.
|
||||
#
|
||||
# See https://goteleport.com/docs/application-access/
|
||||
class zulip_ops::teleport::application_top {
|
||||
class kandra::teleport::application_top {
|
||||
concat::fragment { 'teleport_app':
|
||||
target => '/etc/teleport_node.yaml',
|
||||
order => '10',
|
||||
source => 'puppet:///modules/zulip_ops/teleport_app.yaml',
|
||||
source => 'puppet:///modules/kandra/teleport_app.yaml',
|
||||
}
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user