--- classes: - apt - apt::update - base - git_asf - orthrus - postfix::server - python - subversionclient - unattended_upgrades base::basepackages: - apt-transport-https - apt-file - bash - bc - ca-certificates - htop - iotop - libnet-snmp-perl - libpam-cap - libpam-systemd - libsnmp-perl - nload - screen - sockstat - software-properties-common - tcsh - zsh base::purgedpackages: - 'collectd' - 'collectd-core' apache::mod::geoip::enable: true apache::mod::geoip::flag: 'MemoryCache' apache::mod::geoip::db_file: - '/usr/share/GeoIP/GeoIP.dat' - '/usr/share/GeoIP/GeoIPCity.dat' apache::mod::ssl::ssl_cipher: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4' apache::log_formats: combined: '<%%JSON:httpd_access%%> { \"time\": \"%%{HIERA}{%Y-%m-%dT%H:%M:%S%z}t\", \"clientip\": \"%a\", \"duration\": %D, \"status\": %>s, \"request\": \"%U%q\", \"uri\": \"%U\", \"remote_user\": \"%u\", \"query_string\": \"%q\", \"document\": \"%f\", \"bytes\": %B, \"request_method\": \"%m\", \"referer\": \"%%{HIERA}{Referer}i\", \"useragent\": \"%%{HIERA}{User-agent}i\", \"vhost\": \"%%{HIERA}{Host}i\", \"geo_country\": \"%%{HIERA}{GEOIP_COUNTRY_CODE}n\", \"geo_long\": \"%%{HIERA}{GEOIP_LONGITUDE}n\", \"geo_lat\": \"%%{HIERA}{GEOIP_LATITUDE}n\", \"geo_coords\": \"%%{HIERA}{GEOIP_LATITUDE}n,%%{HIERA}{GEOIP_LONGITUDE}n\", \"geo_city\": \"%%{HIERA}{GEOIP_CITY}n\", \"geo_combo\": \"%%{HIERA}{GEOIP_CITY}n, %%{HIERA}{GEOIP_COUNTRY_NAME}n\" }' apache::trace_enable: Off apt::sources: 'asf_internal': location: 'https://packages.apache.org/asf_internal' release: 'xenial' repos: 'main' key: id: '390EF70BB1EA12B2773962950EE62FB37A00258D' server: 'pool.sks-keyservers.net' include: deb: true src: false notify_update: true 'elasticsearch': location: 'https://packages.elastic.co/elasticsearch/2.x/debian' release: 'stable' repos: 'main' key: id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' server: 'pool.sks-keyservers.net' include: deb: true src: false ensure: absent 'elasticsearch-2.x': location: 'https://packages.elastic.co/elasticsearch/2.x/debian' release: 'stable' repos: 'main' key: id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' server: 'pool.sks-keyservers.net' include: deb: true src: false 'elasticsearch-5.x': location: 'https://artifacts.elastic.co/packages/5.x/apt' release: 'stable' repos: 'main' key: id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' server: 'pool.sks-keyservers.net' include: deb: true src: false 'docker-engine': location: 'https://apt.dockerproject.org/repo' release: 'ubuntu-xenial' repos: 'main' key: id: '58118E89F3A912897C070ADBF76221572C52609D' server: 'pool.sks-keyservers.net' include: deb: true src: false apt::force: 'orthrus': release: 'main' require: Apt::Source['asf_internal'] unattended_upgrades::update: 1 unattended_upgrades::download: 1 unattended_upgrades::upgrade: 1 unattended_upgrades::autoclean: 7 unattended_upgrades::origins: - '${distro_id} ${distro_codename}-security' - '${distro_id} ${distro_codename}-updates' apt::always_apt_update: true base::remove_os_install_user::osinstalluser: 'ubuntu' base::remove_os_install_user::osinstallgroup: 'ubuntu' fail2ban::service_status: true fail2ban_asf::config::filters: sshd-asf999: filtername: 'sshd-asf999' filtersource: 'puppet:///modules/fail2ban_asf/fail2ban/conf/filter.d/sshd-asf999.conf' fail2ban_asf::config::actions: asf999-log: actionname: 'asf999-log' actionsource: 'puppet:///modules/fail2ban_asf/fail2ban/conf/action.d/asf999-log.conf' fail2ban_asf::config::jails: ssh: filter: sshd port: ssh action: - iptables-allports logpath: /var/log/auth.log findtime: 1800 maxretry: 5 enable: true ssh-ddos: filter: sshd-ddos action: - iptables-allports logpath: '/var/log/auth.log' maxretry: 6 enable: true asf999: filter: 'sshd-asf999' action: - 'asf999-log[name=asf999, dest=root@apache.org, sender=fail2ban@apache.org]' logpath: '/var/log/auth.log' maxretry: 1 bantime: 2 enable: true ldapclient::install::ubuntu::1604::tlscertpath: '/etc/ldap/cacerts/ldap-client.pem' ldapclient::install::ubuntu::1604::pamhostcheck: 'yes' ldapclient::ldapclient_packages: - ldap-auth-client - ldap-utils - libldap-2.4-2 - libpam-ldapd - libnss-ldapd - libpam-modules - nslcd ldapclient::ldapclient_remove_packages: - nscd - libnss-ldap ldapserver::install::ubuntu::1604::packages: - slapd - slapd-dbg ntp::interfaces: - eth0 - lo postfix::server::myhostname: "%{::fqdn}" postfix::server::mydomain: 'apache.org' postfix::server::mydestination: "%{::fqdn}, localhost.%{::domain}, localhost" postfix::server::inet_interfaces: 'localhost' postfix::server::message_size_limit: '15360000' postfix::server::alias_maps: 'hash:/etc/aliases' postfix::server::mail_name: "ASF Mail Server at %{::fqdn}" postfix::server::smtpd_sender_restrictions: - 'permit_mynetworks' - 'reject_unknown_sender_domain' postfix::server::smtpd_recipient_restrictions: - 'permit_mynetworks' - 'reject_unauth_destination' postfix::server::smtpd_tls_key_file: '/etc/ssl/private/wildcard.apache.org.key' postfix::server::smtpd_tls_cert_file: '/etc/ssl/private/wildcard.apache.org-combined.crt' postfix::server::ssl: 'wildcard.apache.org' postfix::server::submission: 'true' puppet::puppetconf: '/etc/puppet/puppet.conf' python::dev: true python::pip: true python::virtualenv: true snmp:snmpd_options: '-Lsd -Lf /dev/null -u snmp -g snmp -p /var/run/snmpd.pid' spamassassin::package_list: - spamassassin spamassassin::spamc::haproxy_packagelist: - haproxy spamassassin::sa_update: '/usr/bin/sa-update && /etc/init.d/spamassassin reload' subversionclient::packages: - subversion subversionclient::svn_conf_config: '/etc/subversion/config' subversionclient::svn_conf_servers: '/etc/subversion/servers' subversion_server::packages: - p7zip - python-svn - s3cmd - viewvc ssh_asf::server_options: AuthorizedKeysCommandUser: 'root' build_slaves::jenkins::jenkins_pub_key: 'AAAAB3NzaC1yc2EAAAABIwAAAIEAtxkcKDiPh1OaVzaVdc80daKq2sRy8aAgt8u2uEcLClzMrnv/g19db7XVggfT4+HPCqcbFbO3mtVnUnWWtuSEpDjqriWnEcSj2G1P53zsdKEu9qCGLmEFMgwcq8b5plv78PRdAQn09WCBI1QrNMypjxgCKhNNn45WqV4AD8Jp7/8=' build_slaves::jenkins::jenkins_packages: - asf-build-apache-ant-1.8.4 - asf-build-apache-ant-1.9.4 - asf-build-apache-ant-1.9.7 - asf-build-apache-forrest-0.9 - asf-build-apache-maven-2.2.1 - asf-build-apache-maven-3.0.4 - asf-build-apache-maven-3.0.5 - asf-build-apache-maven-3.2.1 - asf-build-apache-maven-3.2.5 - asf-build-apache-maven-3.3.3 - asf-build-apache-maven-3.3.9 - asf-build-clover-ant-4.1.2 - asf-build-findbugs-2.0.3 - asf-build-findbugs-3.0.1 - asf-build-ibm-java-x86-64-70 - asf-build-ibm-java-x86-64-80 - asf-build-j2sdk1.4.2-19 - asf-build-jdk1.5.0-22-32 - asf-build-jdk1.5.0-22-64 - asf-build-jdk1.6.0-20-32-unlimited-security - asf-build-jdk1.6.0-45-64 - asf-build-jdk1.7.0-79-unlimited-security - asf-build-jdk1.7.0-80 - asf-build-jdk1.8.0-66-unlimited-security - asf-build-jdk1.8.0-92 - asf-build-jdk1.8.0-102 - asf-build-jdk9-ea-b128 - asf-build-jdk9-ea-b132 - asf-build-jdk9-ea-b139 - asf-build-jigsaw-jdk9-ea-b142 - asf-build-jira-cli-2.1.0 # Not all build slaves. This is just for Jenkins slaves. build_slaves::distro_packages: - ant - asciidoc - autoconf - automake - bison - build-essential - cabal-install - cmake - cppcheck - curl - debhelper - devscripts - dh-make - emacs24-nox - erlang-base - erlang-dev - erlang-eunit - flex - g++ - g++-4.8-multilib - g++-multilib - gcc-multilib - ghc - git-core - lib32ncurses5 - lib32z1 - libapr1-dev - libbit-vector-perl - libboost-dev - libboost-filesystem-dev - libboost-program-options-dev - libboost-system-dev - libboost-test-dev - libc6-dev-i386 - libclass-accessor-class-perl - libcppunit-dev - libcurl4-openssl-dev - libevent-dev - libfuse-dev - libghc-binary-dev - libghc-hashable-dev - libghc-http-dev - libghc-network-dev - libghc-unordered-containers-dev - libghc-vector-dev - libglib2.0-dev - libjpeg8-dev - liblzo2-dev - liblua5.2-dev - libmono-system-web4.0-cil - libperl-dev - libqt4-dev - libsasl2-dev - libsnappy-dev - libssl-dev - libstdc++-4.8-dev - libsvn-dev - libswt-gtk-3-java - libswt-gtk-3-jni - libtool - libxml-xpath-perl - libz-dev - linux-headers-4.4.0-34 - linux-headers-4.4.0-34-generic - linux-image-4.4.0-34-generic - linux-image-4.4.0-34-lowlatency - lua5.2 - docker-engine - mingw-w64 - binutils-mingw-w64 - mingw-w64-tools - mingw-w64-common - mono-devel - mono-complete - nodejs - nsis - php-pear - php-dev - php7.0-cli - pkg-config - protobuf-compiler - python-all - python-all-dbg - python-all-dev - python-boto - python-setuptools - re2c - ruby - ruby-dev - sharutils - shellcheck - sloccount - swig - tmux - unzip - virtualenvwrapper - xvfb buildbot_slave::buildbot::buildbot_packages: - asf-build-apache-ant-1.8.4 - asf-build-apache-ant-1.9.4 - asf-build-apache-ant-1.9.7 - asf-build-apache-maven-2.2.1 - asf-build-apache-maven-3.0.4 - asf-build-apache-maven-3.0.5 - asf-build-apache-maven-3.2.1 - asf-build-apache-maven-3.2.5 - asf-build-apache-maven-3.3.3 - asf-build-apache-maven-3.3.9 - asf-build-ibm-java-x86-64-80 - asf-build-jdk1.5.0-22-32 - asf-build-jdk1.5.0-22-64 - asf-build-jdk1.6.0-45-64 - asf-build-jdk1.7.0-64 - asf-build-jdk1.7.0-79-unlimited-security - asf-build-jdk1.7.0-80 - asf-build-jdk1.8.0 - asf-build-jdk1.8.0-66-unlimited-security - asf-build-jdk1.8.0-92 - asf-build-jdk1.8.0-102 - asf-build-jdk9-ea-b132 - asf-build-jdk9-ea-b139 - asf-build-jigsaw-jdk9-ea-b142 buildbot_slave::bb_basepackages: - ant - apache2-dev - autoconf - automake - buildbot-slave - cmake - doxygen - junit4 - libapr1 - libapr1-dev - libaprutil1 - libaprutil1-dev - libpam0g-dev - libserf-1-1 - libserf-dev - libsqlite3-0 - libsqlite3-dev - maven - pkg-config - python3-dev - python3-markdown - python3-pip - rake - ruby-dev - unzip - virtualenvwrapper - zip logrotate::rule: apache2: name: 'apache2' path: '/var/log/apache2/*.log' ensure: 'absent' compress: true compressoptions: '-9' rotate: 7 create_owner: 'root' create_group: 'adm' rotate_every: 'day' create_mode: '0644' missingok: true dateext: true delaycompress: false ifempty: false create: true sharedscripts: true postrotate: - 'if /etc/init.d/apache2 status > /dev/null ; then /etc/init.d/apache2 reload > /dev/null; fi;' prerotate: - 'if [ -d /etc/logrotate.d/httpd-prerotate ]; then run-parts /etc/logrotate.d/httpd-prerotate; fi;'