Merge branch 'develop' into neoloc/grafana
This commit is contained in:
+75
-36
@@ -108,11 +108,22 @@ lookup_options:
|
||||
profiles::nginx::simpleproxy::nginx_aliases:
|
||||
merge:
|
||||
strategy: deep
|
||||
networking::interfaces:
|
||||
merge:
|
||||
strategy: deep
|
||||
networking::routes:
|
||||
merge:
|
||||
strategy: deep
|
||||
ssh::server::options:
|
||||
merge:
|
||||
strategy: deep
|
||||
|
||||
facts_path: '/opt/puppetlabs/facter/facts.d'
|
||||
|
||||
hiera_classes:
|
||||
hiera_include:
|
||||
- timezone
|
||||
- networking
|
||||
- ssh::server
|
||||
|
||||
profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
|
||||
profiles::ntp::client::use_ntp: 'region'
|
||||
@@ -215,6 +226,38 @@ puppetdbsql: puppetdbsql.service.au-syd1.consul
|
||||
prometheus::node_exporter::export_scrape_job: true
|
||||
prometheus::systemd_exporter::export_scrape_job: true
|
||||
|
||||
ssh::server::storeconfigs_enabled: false
|
||||
ssh::server::options:
|
||||
Protocol: '2'
|
||||
ListenAddress:
|
||||
- '127.0.0.1'
|
||||
- '%{facts.networking.ip}'
|
||||
SyslogFacility: 'AUTHPRIV'
|
||||
HostKey:
|
||||
- /etc/ssh/ssh_host_rsa_key
|
||||
- /etc/ssh/ssh_host_ecdsa_key
|
||||
- /etc/ssh/ssh_host_ed25519_key
|
||||
HostCertificate: /etc/ssh/ssh_host_rsa_key-cert.pem
|
||||
AuthorizedKeysFile: .ssh/authorized_keys
|
||||
PermitRootLogin: no
|
||||
PasswordAuthentication: no
|
||||
ChallengeResponseAuthentication: no
|
||||
PubkeyAuthentication: yes
|
||||
GSSAPIAuthentication: yes
|
||||
GSSAPICleanupCredentials: yes
|
||||
UsePAM: yes
|
||||
X11Forwarding: no
|
||||
PrintMotd: no
|
||||
AcceptEnv:
|
||||
- LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
||||
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||
- XMODIFIERS
|
||||
Subsystem: sftp /usr/libexec/openssh/sftp-server
|
||||
|
||||
profiles::ssh::knownhosts::lines:
|
||||
- '@cert-authority * ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1HD97vYxLTniE4qNpGuftUlvmkEXIuX8+7nbENv/IzsGUghEDRtyThjQ7ojNKIsQ7f8wXr0gMcI+fAPfrbcOMHCAoYMomikwL0b3h95SZI40q3CyM+0DMnwiVVDX6C1QxkO2Rv9cszSkCa85NotJhXiUuTBI9BFcRPy+mAhbpAru+bfypYofI0wW97XNTl8Jgwmni5MgutBIQAokFIn5ux8iWxndCH3AqDtmkwC5DfQeQ+wZx7rkwqJEpJffQzrjb1gIM6P9hDCVBBVPh/3o80IJ69rFWrJAZUb+JpG4cXJH0NcSW+wqc3JCT/x3q8VlHwOTXSlNNKtOJCRx73mB8e1XTTy2a9FgpKDDg5XQXWHAViJDz1RTRL9gRefMylRgKz4bXoTuY9kJWM8hPTyUejtukbJThlBJc3OmDxBZBF7F0iqB11pHexok43OCEiANodVa36eWu9/5X032Vm48fZ1/akDPY/NSy3wAn7kwut+A0/JAHFHASrq+1mt9YurkJegI+YHXO6eEWpBIpmI7ORHJbGL4MhkHrxYzVamuP8CkU7tXzsv138+wpOcRHNp9yJY4PT40BZkRf/O3O+jt3pj9Dj8rvgywF2W6hFzywh3Y78upOprRkQlQtHfsI8EyrYI8/hUw2u3H+3yPXh3YjWfqvWVG1BRLRHBV7m90uaw=='
|
||||
|
||||
profiles::base::groups::local:
|
||||
admins:
|
||||
ensure: present
|
||||
@@ -231,38 +274,34 @@ sudo::configs:
|
||||
profiles::accounts::sysadmin::sshkeys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
|
||||
|
||||
profiles::base::hosts::additional_hosts:
|
||||
- ip: 198.18.17.3
|
||||
hostname: prodinf01n01.main.unkin.net
|
||||
aliases:
|
||||
- prodinf01n01
|
||||
- puppet
|
||||
- puppetmaster
|
||||
- puppetca
|
||||
- ip: 198.18.17.4
|
||||
hostname: prodinf01n04.main.unkin.net
|
||||
aliases:
|
||||
- prodinf01n04
|
||||
- ip: 198.18.17.5
|
||||
hostname: prodinf01n05.main.unkin.net
|
||||
aliases:
|
||||
- prodinf01n05
|
||||
- ip: 198.18.17.6
|
||||
hostname: prodinf01n06.main.unkin.net
|
||||
aliases:
|
||||
- prodinf01n06
|
||||
- ip: 198.18.17.9
|
||||
hostname: prodinf01n09.main.unkin.net
|
||||
aliases:
|
||||
- prodinf01n09
|
||||
- ntp01.main.unkin.net
|
||||
- ip: 198.18.17.10
|
||||
hostname: prodinf01n10.main.unkin.net
|
||||
aliases:
|
||||
- prodinf01n10
|
||||
- ntp02.main.unkin.net
|
||||
- ip: 198.18.17.22
|
||||
hostname: prodinf01n22.main.unkin.net
|
||||
aliases:
|
||||
- prodinf01n22
|
||||
- repos.main.unkin.net
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ensure: present
|
||||
family: inet
|
||||
method: static
|
||||
netmask: 255.255.255.0
|
||||
onboot: true
|
||||
networking::routes:
|
||||
default:
|
||||
ensure: present
|
||||
interface: eth0
|
||||
netmask: 0.0.0.0
|
||||
network: default
|
||||
|
||||
|
||||
#profiles::base::hosts::additional_hosts:
|
||||
# - ip: 198.18.17.9
|
||||
# hostname: prodinf01n09.main.unkin.net
|
||||
# aliases:
|
||||
# - prodinf01n09
|
||||
# - ntp01.main.unkin.net
|
||||
# - ip: 198.18.17.10
|
||||
# hostname: prodinf01n10.main.unkin.net
|
||||
# aliases:
|
||||
# - prodinf01n10
|
||||
# - ntp02.main.unkin.net
|
||||
# - ip: 198.18.17.22
|
||||
# hostname: prodinf01n22.main.unkin.net
|
||||
# aliases:
|
||||
# - prodinf01n22
|
||||
# - repos.main.unkin.net
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
---
|
||||
certmanager::vault_token: ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAWh7bsttz/JCBo/CPoCgA2doo3jO6jT6NsOoE3/06W2IW+Ij6KHKYILMkG3tS4NAegMI48QR9n++4Xa7u+97w1HO4ENpfLrkuKUcWUFCxxb2OdWhxucIlt3Ay/2+tofOSvqiRKeEISBtOK//Q1a4Iu5GwEP+lvDQ5rcoS0dryNie/okXaLratWOsmctJ6LFuUw5siCcFyUzfvr2ROsB14YoF989np+X1dJqBWxcLmbVNKx766GrRhb1WGeF0qxounCmWEKGt0zY4Zk27KNFlFu7XByDWZoSCVCMvkQaRKhvdNA39Y9vscZJGPGFhz+qKPoeqwUidz0IY51CaFSXewmzCBjAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQC+e2iOlFLlr9inVU8nEVWIBgqb0u/ICsLtxZqOpN9OIFWl+4hVrvTo24JzTc1jMSCONeL4Ab7jtTMbsweE9zUf6XlwhHLXfxfg7FL3WBsOWCUBXIAh338cZCXUGX7m0Qvtgg3VTEbTNDJhZle8Sjo6Gl]
|
||||
certmanager::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJuE+uzgQaBRUXBCigckEo1j+UxxbiUGrzdf/B9K7XPdVxZh6TzYLpBgNnyaT6vLo0boX4uRD/By0gT5R/2qcXD6d/j+fh517Ctk4d2uO64f0vH3PzyyOBalsNtcCdPiV3q/xGqzQSHhPiNkFEjDvMBz5p53UjfKA6gAiPrLklp4rN/NVyiLBw20NeIqbL25VdkQa13ViS0Gm/eUQu7a2xQ1dvQFWWfuLaQxO0dh8L0ynkfmWKIjaiD5412Z8hYURu0otxbqVDdIbEMx5xQsXnFKeN93yHmgs7a7M6fLdp9jh+G8B+IlK1W7/9v2+RT0/yI3ZgWHVTvDRhMHuPGBjfTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5avtOPp9N65U1ILQENnvAgDBqI8XAjqbWIvXHqOEiKYdu+co0EEtsHR1v5xAeCmj/ZA6MLeKFlAVJbvpyCpzjons=]
|
||||
sshsignhost::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAT86C/InXrgDtXCc9NFze91YMvjTNDqWgv4uzPFI48clOeQyD6x+vOHWP2yNp1OyNHcYLCiLyrv+rSIQyXlLnbeyZWV+7kXIon057Tp7l0BxWtd0hjQEcyWzqQQE7R264C8/qKRak81LIu6RshWZAchYo/BMPuOqVr0m+1zDwOV9JwZc3bpexzsl57CK5pesOrpfdvnd/xrOoEMR+P+C5PC6QLtQl3zkOD3N9kP6HqwbhWH5ZBPy88Kc+5kYM6QVpQSjFIIHK1SWsN0VZoxpkuFlFXB5KHDgZtg3kxrofzjQghl41zJBCDq9Z5oZ+2b1p/j/9jCASyp/ju68H5WXzbzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCf4Nqp6SAl/XjmhPDnTvVJgDCdDhxWaChhjJ3eRcW4NTFgf3zm7Bu65za0li26FKuKks00duF4zebfNw7ZUVsYtIU=]
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
---
|
||||
certmanager::vault_token: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJuE+uzgQaBRUXBCigckEo1j+UxxbiUGrzdf/B9K7XPdVxZh6TzYLpBgNnyaT6vLo0boX4uRD/By0gT5R/2qcXD6d/j+fh517Ctk4d2uO64f0vH3PzyyOBalsNtcCdPiV3q/xGqzQSHhPiNkFEjDvMBz5p53UjfKA6gAiPrLklp4rN/NVyiLBw20NeIqbL25VdkQa13ViS0Gm/eUQu7a2xQ1dvQFWWfuLaQxO0dh8L0ynkfmWKIjaiD5412Z8hYURu0otxbqVDdIbEMx5xQsXnFKeN93yHmgs7a7M6fLdp9jh+G8B+IlK1W7/9v2+RT0/yI3ZgWHVTvDRhMHuPGBjfTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5avtOPp9N65U1ILQENnvAgDBqI8XAjqbWIvXHqOEiKYdu+co0EEtsHR1v5xAeCmj/ZA6MLeKFlAVJbvpyCpzjons=]
|
||||
certmanager::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJuE+uzgQaBRUXBCigckEo1j+UxxbiUGrzdf/B9K7XPdVxZh6TzYLpBgNnyaT6vLo0boX4uRD/By0gT5R/2qcXD6d/j+fh517Ctk4d2uO64f0vH3PzyyOBalsNtcCdPiV3q/xGqzQSHhPiNkFEjDvMBz5p53UjfKA6gAiPrLklp4rN/NVyiLBw20NeIqbL25VdkQa13ViS0Gm/eUQu7a2xQ1dvQFWWfuLaQxO0dh8L0ynkfmWKIjaiD5412Z8hYURu0otxbqVDdIbEMx5xQsXnFKeN93yHmgs7a7M6fLdp9jh+G8B+IlK1W7/9v2+RT0/yI3ZgWHVTvDRhMHuPGBjfTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5avtOPp9N65U1ILQENnvAgDBqI8XAjqbWIvXHqOEiKYdu+co0EEtsHR1v5xAeCmj/ZA6MLeKFlAVJbvpyCpzjons=]
|
||||
sshsignhost::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAT86C/InXrgDtXCc9NFze91YMvjTNDqWgv4uzPFI48clOeQyD6x+vOHWP2yNp1OyNHcYLCiLyrv+rSIQyXlLnbeyZWV+7kXIon057Tp7l0BxWtd0hjQEcyWzqQQE7R264C8/qKRak81LIu6RshWZAchYo/BMPuOqVr0m+1zDwOV9JwZc3bpexzsl57CK5pesOrpfdvnd/xrOoEMR+P+C5PC6QLtQl3zkOD3N9kP6HqwbhWH5ZBPy88Kc+5kYM6QVpQSjFIIHK1SWsN0VZoxpkuFlFXB5KHDgZtg3kxrofzjQghl41zJBCDq9Z5oZ+2b1p/j/9jCASyp/ju68H5WXzbzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCf4Nqp6SAl/XjmhPDnTvVJgDCdDhxWaChhjJ3eRcW4NTFgf3zm7Bu65za0li26FKuKks00duF4zebfNw7ZUVsYtIU=]
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.10
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.11
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.12
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.13
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.14
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.15
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.16
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.17
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.18
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.19
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.20
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.21
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.22
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.23
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.24
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.25
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.26
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -1,2 +1,8 @@
|
||||
---
|
||||
profiles::cobbler::params::is_cobbler_master: true
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.27
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.28
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.29
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.30
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.31
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.32
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.33
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.34
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.35
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.36
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.37
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.38
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.39
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.40
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.41
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.42
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.43
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.44
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.45
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -5,5 +5,17 @@ profiles::puppet::server::dns_alt_names:
|
||||
- puppetca.query.consul
|
||||
- puppetca
|
||||
|
||||
profiles::ssh::sign::principals:
|
||||
- puppetca.main.unkin.net
|
||||
- puppetca.service.consul
|
||||
- puppetca.query.consul
|
||||
- puppetca
|
||||
|
||||
profiles::puppet::puppetca::is_puppetca: true
|
||||
profiles::puppet::puppetca::allow_subject_alt_names: true
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.46
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.47
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.48
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.49
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -7,3 +7,6 @@ profiles::puppet::server::dns_alt_names:
|
||||
|
||||
profiles::puppet::puppetca::is_puppetca: false
|
||||
profiles::puppet::puppetca::allow_subject_alt_names: true
|
||||
|
||||
hiera_exclude:
|
||||
- networking
|
||||
|
||||
@@ -19,44 +19,53 @@ profiles::yum::global::repos:
|
||||
target: /etc/yum.repos.d/baseos.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/BaseOS/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
mirrorlist: absent
|
||||
extras:
|
||||
name: extras
|
||||
descr: extras repository
|
||||
target: /etc/yum.repos.d/extras.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/extras/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
mirrorlist: absent
|
||||
appstream:
|
||||
name: appstream
|
||||
descr: appstream repository
|
||||
target: /etc/yum.repos.d/appstream.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
mirrorlist: absent
|
||||
powertools:
|
||||
name: powertools
|
||||
descr: powertools repository
|
||||
target: /etc/yum.repos.d/powertools.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
mirrorlist: absent
|
||||
highavailability:
|
||||
name: highavailability
|
||||
descr: highavailability repository
|
||||
target: /etc/yum.repos.d/highavailability.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/HighAvailability/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
mirrorlist: absent
|
||||
epel:
|
||||
name: epel
|
||||
descr: epel repository
|
||||
target: /etc/yum.repos.d/epel.repo
|
||||
baseurl: https://edgecache.query.consul/epel/%{facts.os.release.major}/Everything/%{facts.os.architecture}
|
||||
gpgkey: http://edgecache.query.consul/epel/RPM-GPG-KEY-EPEL-%{facts.os.release.major}
|
||||
mirrorlist: absent
|
||||
puppet:
|
||||
name: puppet
|
||||
descr: puppet repository
|
||||
target: /etc/yum.repos.d/puppet.repo
|
||||
baseurl: https://yum.puppet.com/puppet7/el/%{facts.os.release.major}/%{facts.os.architecture}
|
||||
gpgkey: https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406
|
||||
mirrorlist: absent
|
||||
unkin:
|
||||
name: unkin
|
||||
descr: unkin repository
|
||||
target: /etc/yum.repos.d/unkin.repo
|
||||
baseurl: https://repos.main.unkin.net/unkin/%{facts.os.release.major}/%{facts.os.architecture}/os
|
||||
baseurl: https://git.query.consul/api/packages/unkinben/rpm/el%{facts.os.release.major}
|
||||
gpgkey: https://git.query.consul/api/packages/unkinben/rpm/repository.key
|
||||
mirrorlist: absent
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# hieradata/os/debian/all_releases.yaml
|
||||
---
|
||||
profiles::apt::base::mirrorurl: http://repos.main.unkin.net/debian
|
||||
profiles::apt::base::mirrorurl: https://edgecache.query.consul/debian/
|
||||
profiles::apt::base::secureurl: http://security.debian.org/debian-security
|
||||
profiles::apt::puppet7::mirror: http://apt.puppetlabs.com
|
||||
profiles::apt::puppet7::repo: puppet7
|
||||
@@ -12,3 +12,4 @@ profiles::packages::install:
|
||||
- xz-utils
|
||||
|
||||
lm-sensors::package: lm-sensors
|
||||
networking::nwmgr_dns_none: false
|
||||
|
||||
@@ -17,5 +17,5 @@ profiles::pki::vault::alt_names:
|
||||
profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
|
||||
profiles::selinux::setenforce::mode: permissive
|
||||
|
||||
hiera_classes:
|
||||
hiera_include:
|
||||
- profiles::selinux::setenforce
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
---
|
||||
profiles::gitea::init::mysql_pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAjmMVHQcvy0PLruFWI6UmYqM2uEqXntV8HdA54RCTm7GaneXsW+rom+ibFVd0i9L+spQPQzcidh7FlzBRYgny8yH8TqZlh7XMraXSYG2EvrjwzNvgnwhY5mGEQNQcQkqN9Orfsf6HjXmXg2CxajYibKu0/belJZFffzPzzrn15wy3Cj5lDjAziqYoD+8Ko1zkF9lWz4ewVjll82yo8iSpidN+PyvoeWsi/eJ9cW72TgFLt/rvGquLq3MuW54J716hrR1Z37Uf0OO18AiKCVjoCi5Cf/k0VKRsXM8Myu2KInqrGcUHAO+fsOXBXnmU0MOxW0OIOmwxfwY6LJfN23arlDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB6GktEMe8gSTijJ/dIHC5/gCCblMojNKO1ig9fNsuT9I2u5Bt4iJrSMN+GBGnCzO1Bvw==]
|
||||
profiles::gitea::mysql_pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAjmMVHQcvy0PLruFWI6UmYqM2uEqXntV8HdA54RCTm7GaneXsW+rom+ibFVd0i9L+spQPQzcidh7FlzBRYgny8yH8TqZlh7XMraXSYG2EvrjwzNvgnwhY5mGEQNQcQkqN9Orfsf6HjXmXg2CxajYibKu0/belJZFffzPzzrn15wy3Cj5lDjAziqYoD+8Ko1zkF9lWz4ewVjll82yo8iSpidN+PyvoeWsi/eJ9cW72TgFLt/rvGquLq3MuW54J716hrR1Z37Uf0OO18AiKCVjoCi5Cf/k0VKRsXM8Myu2KInqrGcUHAO+fsOXBXnmU0MOxW0OIOmwxfwY6LJfN23arlDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB6GktEMe8gSTijJ/dIHC5/gCCblMojNKO1ig9fNsuT9I2u5Bt4iJrSMN+GBGnCzO1Bvw==]
|
||||
profiles::gitea::init::lfs_jwt_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEACd6q4E/4l1EYD3SFjc1okibyJ13kcGGWU+ShbCgwLgkW7INkyCxhbNm69yPA7WcyuRhH/Lfz/XjJKd3BSCyRQPr5IUOIRINspx82tLBcaMzY/99GFrfyDnf3+SV/AxrPJ/zD5TGkKQP7uX6WjC9DXpHE+pFJa9wBAipmV439y0JDVt2gXFmhqBWThSjBDBfJ5X4zO5wY8CfBX4APOcD5hIQP/T4n04dQLNpigEKKy6B+GFuooTbdmMmFj3ZpT+cUS8Aw9mFkBwyyN1o+50XU3vW4eieUz8cYkzDPu574XfTunqD2jcvPiFjCla8G1SpKfHkruKnZWwgO0Ntw9td5QDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAIRVL5j4dzbYg6f2XjvkQ6gDAd2qUNzPn2flZgKwsjIZcYdmFMTn48hGPUFfVaMDeyzPoJi84CyRJl8cQvcAe52sw=]
|
||||
|
||||
@@ -6,6 +6,11 @@ profiles::pki::vault::alt_names:
|
||||
- git.query.consul
|
||||
- "git.service.%{facts.country}-%{facts.region}.consul"
|
||||
|
||||
profiles::ssh::sign::principals:
|
||||
- git.main.unkin.net
|
||||
- git.service.consul
|
||||
- git.query.consul
|
||||
|
||||
consul::services:
|
||||
git:
|
||||
service_name: 'git'
|
||||
@@ -37,3 +42,43 @@ profiles::nginx::simpleproxy::nginx_aliases:
|
||||
profiles::nginx::simpleproxy::proxy_port: 3000
|
||||
profiles::nginx::simpleproxy::proxy_path: '/'
|
||||
nginx::client_max_body_size: 250M
|
||||
|
||||
profiles::gitea::init::root:
|
||||
APP_NAME: 'Gitea'
|
||||
RUN_USER: 'git'
|
||||
RUN_MODE: 'prod'
|
||||
profiles::gitea::init::repository:
|
||||
ROOT: '/data/gitea/repos'
|
||||
FORCE_PRIVATE: false
|
||||
MAX_CREATION_LIMIT: -1
|
||||
DISABLE_HTTP_GIT: false
|
||||
DEFAULT_BRANCH: 'main'
|
||||
DEFAULT_PRIVATE: 'last'
|
||||
profiles::gitea::init::ui:
|
||||
SHOW_USER_EMAIL: false
|
||||
profiles::gitea::init::server:
|
||||
PROTOCOL: 'http'
|
||||
DOMAIN: 'git.query.consul'
|
||||
ROOT_URL: 'https://git.query.consul'
|
||||
HTTP_ADDR: '0.0.0.0'
|
||||
HTTP_PORT: 3000
|
||||
START_SSH_SERVER: false
|
||||
SSH_DOMAIN: 'git.query.consul'
|
||||
SSH_PORT: 2222
|
||||
SSH_LISTEN_HOST: '0.0.0.0'
|
||||
OFFLINE_MODE: true
|
||||
APP_DATA_PATH: '/data/gitea'
|
||||
SSH_LISTEN_PORT: 22
|
||||
LFS_START_SERVER: true
|
||||
profiles::gitea::init::database:
|
||||
DB_TYPE: 'mysql'
|
||||
HOST: 'mariadb-prod.service.au-syd1.consul:3306'
|
||||
NAME: 'gitea'
|
||||
USER: 'gitea'
|
||||
PASSWD: "%{hiera('profiles::gitea::mysql_pass')}"
|
||||
SSL_MODE: 'disable'
|
||||
LOG_SQL: false
|
||||
profiles::gitea::init::lfs:
|
||||
PATH: '/data/gitea/lfs'
|
||||
profiles::gitea::init::session:
|
||||
PROVIDER: db
|
||||
|
||||
@@ -12,3 +12,24 @@ profiles::ntp::server::peers:
|
||||
- '1.au.pool.ntp.org'
|
||||
- '2.au.pool.ntp.org'
|
||||
- '3.au.pool.ntp.org'
|
||||
|
||||
consul::services:
|
||||
ntp:
|
||||
service_name: 'ntp'
|
||||
tags:
|
||||
- 'ntp'
|
||||
- 'time'
|
||||
- 'sync'
|
||||
address: "%{facts.networking.ip}"
|
||||
port: 123
|
||||
checks:
|
||||
- id: ntp_check
|
||||
name: "NTP Service Check"
|
||||
args:
|
||||
- '/usr/local/bin/check_ntp.sh'
|
||||
interval: '15s'
|
||||
timeout: '5s'
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: service
|
||||
segment: ntp
|
||||
disposition: write
|
||||
|
||||
@@ -5,3 +5,17 @@ sudo::configs:
|
||||
content: |
|
||||
ceph ALL=NOPASSWD: /usr/sbin/smartctl -x --json=o /dev/*
|
||||
ceph ALL=NOPASSWD: /usr/sbin/nvme * smart-log-add --json /dev/*
|
||||
|
||||
hiera_exclude:
|
||||
- networking
|
||||
|
||||
# proxmox tools use root to authenticate against each other
|
||||
ssh::server::options:
|
||||
PermitRootLogin: yes
|
||||
AcceptEnv:
|
||||
- LANG LC_*
|
||||
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||
- XMODIFIERS
|
||||
ListenAddress:
|
||||
- "%{facts.networking.interfaces.enp3s0.ip}"
|
||||
|
||||
@@ -37,6 +37,14 @@ profiles::helpers::certmanager::vault_config:
|
||||
output_path: '/tmp/certmanager'
|
||||
role_id: "%{lookup('certmanager::role_id')}"
|
||||
|
||||
profiles::helpers::sshsignhost::vault_config:
|
||||
addr: 'https://vault.service.consul:8200'
|
||||
mount_point: 'ssh-host-signer'
|
||||
approle_path: 'approle'
|
||||
role_name: 'hostrole'
|
||||
output_path: '/tmp/sshsignhost'
|
||||
role_id: "%{lookup('sshsignhost::role_id')}"
|
||||
|
||||
profiles::puppet::server::agent_server: 'puppet.query.consul'
|
||||
profiles::puppet::server::report_server: 'puppet.query.consul'
|
||||
profiles::puppet::server::ca_server: 'puppetca.query.consul'
|
||||
@@ -50,6 +58,10 @@ profiles::puppet::server::dns_alt_names:
|
||||
- puppetmaster
|
||||
- puppet
|
||||
|
||||
profiles::ssh::sign::principals:
|
||||
- puppet.service.consul
|
||||
- puppet.query.consul
|
||||
|
||||
consul::services:
|
||||
puppet:
|
||||
service_name: 'puppet'
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
profiles::puppet::puppetdb_sql::consul_test_db_pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAes6pfgtxctlXpsD+P5bahGP46nbXdPE3EiwdWPSiFP0MKfzFKbhlfOMydhz09fXHEa5mpOY3YHxN9W0tNmbs6mMvHIKKvNog6yowv7JnsQ+D89+c3JEdbi+DPwk6wVnKQEgnSn5uzoOHJVOd7hhtX85n1VTw9iTtSPGZprh11A3VII8dkUaPu6jc35rDGV6tgPvxaYy2vVH/b7wGP+kEe9WjoYU7Qw3odrY2yloGbQ3zXGh7ZXvK9iswKIuCLAMPoaUyJpzVooV7VqD4k/zEHhRgf88RMtww//9P8OHPJ9JPM2q3zHyZzoqRfOP723AP9z2V7OyhEoUNw5npaA6TpzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBJevTZmH+Qm1mxwNxHdOzHgCAelk9abLhQkUO29O5d2PP04OTTlmK51BxHb203jqZSFQ==]
|
||||
@@ -2,3 +2,38 @@
|
||||
postgresql_config_entries:
|
||||
max_connections: 300
|
||||
shared_buffers: '256MB'
|
||||
|
||||
consul::services:
|
||||
puppetdbsql:
|
||||
service_name: 'puppetdbsql'
|
||||
tags:
|
||||
- 'puppet'
|
||||
- 'puppetdb'
|
||||
- 'database'
|
||||
address: "%{facts.networking.ip}"
|
||||
port: 5432
|
||||
checks:
|
||||
- id: 'psql-check'
|
||||
name: 'PostgreSQL Health Check'
|
||||
args:
|
||||
- '/usr/local/bin/check_consul_postgresql'
|
||||
interval: '10s'
|
||||
timeout: '1s'
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: service
|
||||
segment: puppetdbsql
|
||||
disposition: write
|
||||
|
||||
profiles::yum::global::repos:
|
||||
postgresql-15:
|
||||
name: postgresql-15
|
||||
descr: postgresql-15 repository
|
||||
target: /etc/yum.repos.d/postgresql.repo
|
||||
baseurl: https://edgecache.query.consul/postgres/yum/15/redhat/rhel-%{facts.os.release.full}-%{facts.os.architecture}
|
||||
gpgkey: https://edgecache.query.consul/postgres/yum/keys/PGDG-RPM-GPG-KEY-RHEL
|
||||
postgresql-common:
|
||||
name: postgresql-common
|
||||
descr: postgresql-common repository
|
||||
target: /etc/yum.repos.d/postgresql.repo
|
||||
baseurl: https://edgecache.query.consul/postgres/yum/common/redhat/rhel-%{facts.os.release.full}-%{facts.os.architecture}
|
||||
gpgkey: https://edgecache.query.consul/postgres/yum/keys/PGDG-RPM-GPG-KEY-RHEL
|
||||
|
||||
@@ -77,3 +77,9 @@ profiles::consul::prepared_query::rules:
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
ntp:
|
||||
ensure: 'present'
|
||||
service_name: 'ntp'
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
|
||||
Reference in New Issue
Block a user