unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'neoloc/networking' (#21) from neoloc/networking into develop

Browse Source 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/21
This commit is contained in:
Ben Vincent 2024-06-08 17:08:51 +10:00
commit 57b935b33e
46 changed files with 340 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Puppetfile
View File

@ -35,6 +35,9 @@ mod 'puppet-vault', '4.1.0'
mod 'puppet-dhcp', '6.1.0'
mod 'puppet-keepalived', '3.6.0'
mod 'puppet-extlib', '7.0.0'
mod 'puppet-network', '2.2.0'
mod 'puppet-kmod', '4.0.1'
mod 'puppet-filemapper', '4.0.0'
# other
mod 'ghoneycutt-puppet', '3.3.0'

29
hieradata/common.yaml
View File

@ -108,11 +108,18 @@ lookup_options:
profiles::nginx::simpleproxy::nginx_aliases:
merge:
strategy: deep
networking::interfaces:
merge:
strategy: deep
networking::routes:
merge:
strategy: deep
facts_path: '/opt/puppetlabs/facter/facts.d'
hiera_classes:
hiera_include:
- timezone
- networking
profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
profiles::ntp::client::use_ntp: 'region'
@ -231,6 +238,26 @@ sudo::configs:
profiles::accounts::sysadmin::sshkeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
networking::interfaces:
lo:
ensure: present
family: inet
method: loopback
onboot: true
eth0:
ensure: present
family: inet
method: static
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
ensure: present
interface: eth0
netmask: 0.0.0.0
network: default
profiles::base::hosts::additional_hosts:
- ip: 198.18.17.3
hostname: prodinf01n01.main.unkin.net

7
hieradata/nodes/ausyd1nxvm1000.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.10
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1001.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.11
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1002.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.12
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1003.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.13
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1004.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.14
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1005.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.15
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1006.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.16
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1007.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.17
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1008.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.18
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1009.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.19
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1010.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.20
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1011.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.21
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1012.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.22
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1013.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.23
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1014.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.24
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1015.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.25
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1016.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.26
networking::routes:
default:
gateway: 198.18.13.254

6
hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml
View File

@ -1,2 +1,8 @@
---
profiles::cobbler::params::is_cobbler_master: true
networking::interfaces:
eth0:
ipaddress: 198.18.13.27
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1018.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.28
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1019.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.29
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1020.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.30
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1021.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.31
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1022.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.32
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1023.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.33
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1024.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.34
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1025.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.35
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1026.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.36
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1027.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.37
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1028.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.38
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1029.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.39
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1030.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.40
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1031.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.41
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1032.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.42
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1033.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.43
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1034.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.44
networking::routes:
default:
gateway: 198.18.13.254

7
hieradata/nodes/ausyd1nxvm1035.main.unkin.net.yaml Normal file
View File

@ -0,0 +1,7 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.45
networking::routes:
default:
gateway: 198.18.13.254

6
hieradata/nodes/ausyd1nxvm1036.main.unkin.net.yaml
View File

@ -7,3 +7,9 @@ profiles::puppet::server::dns_alt_names:
profiles::puppet::puppetca::is_puppetca: true
profiles::puppet::puppetca::allow_subject_alt_names: true
networking::interfaces:
eth0:
ipaddress: 198.18.13.46
networking::routes:
default:
gateway: 198.18.13.254

3
hieradata/nodes/prodinf01n01.main.unkin.net.yaml
View File

@ -7,3 +7,6 @@ profiles::puppet::server::dns_alt_names:
profiles::puppet::puppetca::is_puppetca: false
profiles::puppet::puppetca::allow_subject_alt_names: true
hiera_exclude:
- networking

1
hieradata/os/Debian/all_releases.yaml
View File

@ -12,3 +12,4 @@ profiles::packages::install:
- xz-utils
lm-sensors::package: lm-sensors
networking::nwmgr_dns_none: false

2
hieradata/roles/infra/cobbler/server.yaml
View File

@ -17,5 +17,5 @@ profiles::pki::vault::alt_names:
profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
profiles::selinux::setenforce::mode: permissive
hiera_classes:
hiera_include:
- profiles::selinux::setenforce

3
hieradata/roles/infra/proxmox.yaml
View File

@ -5,3 +5,6 @@ sudo::configs:
content: |
ceph ALL=NOPASSWD: /usr/sbin/smartctl -x --json=o /dev/*
ceph ALL=NOPASSWD: /usr/sbin/nvme * smart-log-add --json /dev/*
hiera_exclude:
- networking

35
modules/networking/manifests/init.pp Normal file
View File

@ -0,0 +1,35 @@
# unkin networking module
class networking (
Hash $interfaces = {},
Hash $routes = {},
){
include network
include networking::params
$interfaces.each | $interface, $data | {
network_config {$interface:
* => $data,
}
}
$routes.each | $route, $data | {
network_route {$route:
* => $data,
}
}
# prevent DNS from being overwritten by networkmanager
if $networking::params::nwmgr_dns_none {
file {'/etc/NetworkManager/conf.d/dns_none.conf':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0655',
content => "[main]\ndns=none",
}
}else{
file {'/etc/NetworkManager/conf.d/dns_none.conf':
ensure => 'absent',
}
}
}

6
modules/networking/manifests/params.pp Normal file
View File

@ -0,0 +1,6 @@
# networking params
class networking::params (
Boolean $nwmgr_dns_none = true,
Boolean $nwmgr_service_running = true,
){
}

4
site/profiles/manifests/base.pp
View File

@ -56,7 +56,9 @@ class profiles::base (
}
# include classes from hiera
lookup('hiera_classes', Array[String], 'unique').include
$hiera_include = lookup('hiera_include', Array[String], 'unique', [])
$hiera_exclude = lookup('hiera_exclude', Array[String], 'unique', [])
($hiera_include - $hiera_exclude).include
# specifc ordering constraints
Class['profiles::pki::vaultca']