refactor: convert puppetserver compilers to deployment with configmap integration (#57)
- Convert StatefulSet to Deployment for better scaling flexibility - Add initContainer to copy configmaps to shared RWX volume (10GB) - Integrate puppetserver-compiler-config configmap for environment variables - Configure configMapGenerator with stable names (disableNameSuffixHash) - Update HPA to target Deployment instead of StatefulSet - Simplify puppetboard SSL config to skip verification for internal connections Reviewed-on: #57
This commit was merged in pull request #57.
This commit is contained in:
Executable
+50
@@ -0,0 +1,50 @@
|
||||
#!/usr/bin/env -S uv run --quiet --script
|
||||
# /// script
|
||||
# requires-python = ">=3.11"
|
||||
# dependencies = ['pyyaml','requests']
|
||||
# ///
|
||||
"""
|
||||
External Node Classifier (ENC) for Puppet.
|
||||
|
||||
If the environment specified in the YAML file is 'testing',
|
||||
the environment is not included in the output.
|
||||
"""
|
||||
|
||||
import sys
|
||||
import yaml
|
||||
import requests
|
||||
|
||||
def fetch_enc_data(cobbler_url: str, hostname: str) -> str:
|
||||
"""
|
||||
Fetches and modifies ENC data from a given URL to ensure classes are in list format.
|
||||
"""
|
||||
url = f"{cobbler_url}/cblr/svc/op/puppet/hostname/{hostname}"
|
||||
try:
|
||||
response = requests.get(url, verify='/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem')
|
||||
response.raise_for_status()
|
||||
except requests.RequestException as e:
|
||||
sys.exit(f"Request failed: {e}")
|
||||
|
||||
data = yaml.safe_load(response.text)
|
||||
data["parameters"] = data.get("parameters", {})
|
||||
|
||||
# Ensure 'classes' is in the desired list format
|
||||
if "classes" in data:
|
||||
if isinstance(data["classes"], dict):
|
||||
data["parameters"]["enc_role"] = list(data["classes"].keys())
|
||||
data["classes"] = list(data["classes"].keys())
|
||||
else:
|
||||
data["parameters"]["enc_role"] = list(data["classes"])
|
||||
data["classes"] = list(data["classes"])
|
||||
|
||||
if "environment" in data:
|
||||
data["parameters"]["enc_env"] = data["environment"]
|
||||
if data["environment"] == "testing":
|
||||
del data["environment"]
|
||||
|
||||
return yaml.dump(data)
|
||||
|
||||
if __name__ == "__main__":
|
||||
if len(sys.argv) != 2:
|
||||
sys.exit(f"Usage: {sys.argv[0]} <hostname>")
|
||||
print(fetch_enc_data("https://cobbler.main.unkin.net", sys.argv[1]))
|
||||
@@ -0,0 +1,15 @@
|
||||
# Autosign all nodes from these subnets
|
||||
198.18.13.0/24
|
||||
198.18.14.0/24
|
||||
198.18.15.0/24
|
||||
198.18.16.0/24
|
||||
198.18.17.0/24
|
||||
198.18.20.0/24
|
||||
198.18.24.0/24
|
||||
198.18.25.0/24
|
||||
198.18.26.0/24
|
||||
198.18.27.0/24
|
||||
198.18.28.0/24
|
||||
198.18.29.0/24
|
||||
# Autosign all nodes from these domains
|
||||
*.main.unkin.net
|
||||
@@ -0,0 +1,23 @@
|
||||
[main]
|
||||
server = puppetserver-compiler
|
||||
serverport = 8140
|
||||
dns_alt_names = puppetserver-compiler,puppet-headless,puppet,puppet.k8s.syd1.au.unkin.net
|
||||
|
||||
[server]
|
||||
vardir = /opt/puppetlabs/server/data/puppetserver
|
||||
logdir = /var/log/puppetlabs/puppetserver
|
||||
rundir = /var/run/puppetlabs/puppetserver
|
||||
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
|
||||
codedir = /etc/puppetlabs/code
|
||||
environmentpath = /etc/puppetlabs/code/environments
|
||||
|
||||
[master]
|
||||
node_terminus = exec
|
||||
external_nodes = /usr/local/bin/cobbler-enc
|
||||
autosign = /etc/puppetlabs/puppet/autosign.conf
|
||||
default_manifest = /etc/puppetlabs/code/environments/develop/manifests
|
||||
default_environment = develop
|
||||
storeconfigs = true
|
||||
storeconfigs_backend = puppetdb
|
||||
reports = puppetdb
|
||||
usecacheonfailure = false
|
||||
@@ -0,0 +1,3 @@
|
||||
[main]
|
||||
server_urls = https://puppetdb.k8s.syd1.au.unkin.net
|
||||
soft_write_failure = true
|
||||
Reference in New Issue
Block a user