Merge branch 'develop' into neoloc/prometheus

2023-11-21 19:40:17 +11:00 · 2023-11-21 19:40:17 +11:00 · 663b10e5a5
commit 663b10e5a5
parent a5207eb717 530ffed55a
16 changed files with 34 additions and 20 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -1,7 +1,10 @@
 ---
+profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
 profiles::ntp::client::peers:
-  - ntp01.main.unkin.net
-  - ntp02.main.unkin.net
+  - 0.pool.ntp.org
+  - 1.pool.ntp.org
+  - 2.pool.ntp.org
+  - 3.pool.ntp.org

 profiles::base::puppet_servers:
  - 'prodinf01n01.main.unkin.net'
--- a/hieradata/roles/apps.yaml
+++ b/hieradata/roles/apps.yaml
@ -0,0 +1 @@
+---
--- a/hieradata/roles/puppet.yaml
+++ b/hieradata/roles/puppet.yaml
--- a/hieradata/roles/infra/dns/resolver.yaml
+++ b/hieradata/roles/infra/dns/resolver.yaml
@ -18,6 +18,13 @@ profiles::dns::resolver::zones:
    forwarders:
      - 10.10.8.1
    forward: 'only'
+  17.18.198.in-addr.arpa-forward:
+    domain: '17.18.198.in-addr.arpa'
+    zone_type: 'forward'
+    forwarders:
+      - 198.18.17.23
+      - 198.18.17.24
+    forward: 'only'

 profiles::dns::resolver::views:
  openforwarder:
@ -25,5 +32,6 @@ profiles::dns::resolver::views:
    zones:
      - main.unkin.net-forward
      - prod.unkin.net-forward
+      - 17.18.198.in-addr.arpa-forward
    match_clients:
      - acl-main.unkin.net
--- a/hieradata/roles/infra/ntp/server.yaml
+++ b/hieradata/roles/infra/ntp/server.yaml
--- a/hieradata/roles/infra/puppet/master.yaml
+++ b/hieradata/roles/infra/puppet/master.yaml
@ -9,8 +9,6 @@ profiles::puppet::autosign::domains:
 #  - 'somenode.main.unkin.net'

 profiles::puppet::enc::repo: https://git.unkin.net/unkinben/puppet-enc.git
-profiles::puppet::enc::release: '0.7'
-profiles::puppet::enc::force: true
 profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git
 profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k'
 profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml'
--- a/hieradata/roles/infra/reposync/syncer.yaml
+++ b/hieradata/roles/infra/reposync/syncer.yaml
--- a/site/profiles/manifests/ntp/client.pp
+++ b/site/profiles/manifests/ntp/client.pp
@ -2,6 +2,10 @@
 # use exported resources from profiles::ntp::server if they are available
 class profiles::ntp::client (
  Array     $peers,
+  Variant[
+    String,
+    Undef
+  ]         $ntp_role = undef,
  Boolean   $wait_enable = true,
  Enum[
    'running',
@ -14,16 +18,23 @@ class profiles::ntp::client (
  # through the profiles::ntp::server class.
  if $client_only {

+    # if ntp_role is set, find all hosts matching that enc_role
+    if $ntp_role == undef {
+      $ntpserver_array = $peers
+    }else{
+      $ntpserver_array = query_nodes("enc_role='${ntp_role}'", 'networking.fqdn')
+    }
+
    # Define the client configuration based on OS family
    if $facts['os']['family'] == 'RedHat' {
      class { 'chrony':
-        servers     => $peers,
+        servers     => $ntpserver_array,
        wait_enable => $wait_enable,
        wait_ensure => $wait_ensure,
      }
    } else {
      class { 'chrony':
-        servers    => $peers,
+        servers    => $ntpserver_array,
      }
    }
  }
--- a/site/profiles/manifests/ntp/server.pp
+++ b/site/profiles/manifests/ntp/server.pp
@ -19,7 +19,7 @@ class profiles::ntp::server (

  # check the enc_role has been set, it can take two puppet runs to do this
  # TODO: change away from external fact
-  if $facts['enc_role'] == 'roles::infra::ntpserver' {
+  if $facts['enc_role'] == 'roles::infra::ntp::server' {

    # define the server
    if $facts['os']['family'] == 'RedHat' {
--- a/site/roles/manifests/infra/ntp/server.pp
+++ b/site/roles/manifests/infra/ntp/server.pp
@ -1,5 +1,5 @@
 # a role to deploy a ntp server
-class roles::infra::ntpserver {
+class roles::infra::ntp::server {
  include profiles::defaults
  include profiles::base
  include profiles::ntp::server
--- a/site/roles/manifests/infra/puppet/master.pp
+++ b/site/roles/manifests/infra/puppet/master.pp
@ -1,6 +1,6 @@
 # a role to deploy the puppetmaster
 # work in progress
-class roles::puppet::puppetmaster {
+class roles::infra::puppet::master {
    include profiles::defaults
    include profiles::base
    include profiles::puppet::puppetmaster
--- a/site/roles/manifests/infra/puppetboard/server.pp
+++ b/site/roles/manifests/infra/puppetboard/server.pp
@ -1,5 +1,5 @@
 # a role to deploy the puppetboard
-class roles::puppet::puppetboard {
+class roles::infra::puppetboard::server {
    include profiles::defaults
    include profiles::base
    include profiles::puppet::puppetboard
--- a/site/roles/manifests/puppet/puppetdb_api.pp
+++ b/site/roles/manifests/puppet/puppetdb_api.pp
@ -1,5 +1,5 @@
 # a role to deploy the puppetdb api service
-class roles::puppet::puppetdb_api {
+class roles::infra::puppetdb::api {
    include profiles::defaults
    include profiles::base
    include profiles::puppet::puppetdb_api
--- a/site/roles/manifests/puppet/puppetdb_sql.pp
+++ b/site/roles/manifests/puppet/puppetdb_sql.pp
@ -1,5 +1,5 @@
 # a role to deploy the puppetdb postgresql service
-class roles::puppet::puppetdb_sql {
+class roles::infra::puppetdb::sql {
    include profiles::defaults
    include profiles::base
    include profiles::puppet::puppetdb_sql
--- a/site/roles/manifests/infra/reposync/syncer.pp
+++ b/site/roles/manifests/infra/reposync/syncer.pp
@ -1,5 +1,5 @@
 # a role to deploy a packagerepo
-class roles::infra::packagerepo {
+class roles::infra::reposync::syncer {
  include profiles::defaults
  include profiles::base
  include profiles::base::datavol
--- a/site/roles/manifests/puppet/puppetdb.pp
+++ b/site/roles/manifests/puppet/puppetdb.pp
@ -1,7 +0,0 @@
-# a role to deploy the puppetdb
-# work in progress
-class roles::puppet::puppetdb {
-    include profiles::defaults
-    include profiles::base
-    include profiles::puppet::puppetdb
-  }