From dffc97ad4c9dc3e363ac66fb3f1ac3f0307403a5 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 18 Nov 2023 18:25:44 +1100 Subject: [PATCH 1/4] chore: reorganise ntp server - bump enc to match changes - change ntp client to find servers through puppetdb query - changed default ntp servers to publicly available nodes --- hieradata/common.yaml | 7 +++++-- .../infra/{ntpserver.yaml => ntp/server.yaml} | 0 hieradata/roles/puppet/puppetmaster.yaml | 2 +- site/profiles/manifests/ntp/client.pp | 15 +++++++++++++-- site/profiles/manifests/ntp/server.pp | 2 +- .../infra/{ntpserver.pp => ntp/server.pp} | 2 +- 6 files changed, 21 insertions(+), 7 deletions(-) rename hieradata/roles/infra/{ntpserver.yaml => ntp/server.yaml} (100%) rename site/roles/manifests/infra/{ntpserver.pp => ntp/server.pp} (77%) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 5c36c0c..77fddd3 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,7 +1,10 @@ --- +profiles::ntp::client::ntp_role: 'roles::infra::ntp::server' profiles::ntp::client::peers: - - ntp01.main.unkin.net - - ntp02.main.unkin.net + - 0.pool.ntp.org + - 1.pool.ntp.org + - 2.pool.ntp.org + - 3.pool.ntp.org profiles::base::puppet_servers: - 'prodinf01n01.main.unkin.net' diff --git a/hieradata/roles/infra/ntpserver.yaml b/hieradata/roles/infra/ntp/server.yaml similarity index 100% rename from hieradata/roles/infra/ntpserver.yaml rename to hieradata/roles/infra/ntp/server.yaml diff --git a/hieradata/roles/puppet/puppetmaster.yaml b/hieradata/roles/puppet/puppetmaster.yaml index 931b916..25403d8 100644 --- a/hieradata/roles/puppet/puppetmaster.yaml +++ b/hieradata/roles/puppet/puppetmaster.yaml @@ -9,7 +9,7 @@ profiles::puppet::autosign::domains: # - 'somenode.main.unkin.net' profiles::puppet::enc::repo: https://git.unkin.net/unkinben/puppet-enc.git -profiles::puppet::enc::release: '0.6' +profiles::puppet::enc::release: '0.7.1' profiles::puppet::enc::force: true profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k' diff --git a/site/profiles/manifests/ntp/client.pp b/site/profiles/manifests/ntp/client.pp index 0429266..e3c90a7 100644 --- a/site/profiles/manifests/ntp/client.pp +++ b/site/profiles/manifests/ntp/client.pp @@ -2,6 +2,10 @@ # use exported resources from profiles::ntp::server if they are available class profiles::ntp::client ( Array $peers, + Variant[ + String, + Undef + ] $ntp_role = undef, Boolean $wait_enable = true, Enum[ 'running', @@ -14,16 +18,23 @@ class profiles::ntp::client ( # through the profiles::ntp::server class. if $client_only { + # if ntp_role is set, find all hosts matching that enc_role + if $ntp_role == undef { + $ntpserver_array = $peers + }else{ + $ntpserver_array = query_nodes("enc_role='${ntp_role}'", 'networking.fqdn') + } + # Define the client configuration based on OS family if $facts['os']['family'] == 'RedHat' { class { 'chrony': - servers => $peers, + servers => $ntpserver_array, wait_enable => $wait_enable, wait_ensure => $wait_ensure, } } else { class { 'chrony': - servers => $peers, + servers => $ntpserver_array, } } } diff --git a/site/profiles/manifests/ntp/server.pp b/site/profiles/manifests/ntp/server.pp index c2f9b83..88f1426 100644 --- a/site/profiles/manifests/ntp/server.pp +++ b/site/profiles/manifests/ntp/server.pp @@ -19,7 +19,7 @@ class profiles::ntp::server ( # check the enc_role has been set, it can take two puppet runs to do this # TODO: change away from external fact - if $facts['enc_role'] == 'roles::infra::ntpserver' { + if $facts['enc_role'] == 'roles::infra::ntp::server' { # define the server if $facts['os']['family'] == 'RedHat' { diff --git a/site/roles/manifests/infra/ntpserver.pp b/site/roles/manifests/infra/ntp/server.pp similarity index 77% rename from site/roles/manifests/infra/ntpserver.pp rename to site/roles/manifests/infra/ntp/server.pp index 887efce..cfc685d 100644 --- a/site/roles/manifests/infra/ntpserver.pp +++ b/site/roles/manifests/infra/ntp/server.pp @@ -1,5 +1,5 @@ # a role to deploy a ntp server -class roles::infra::ntpserver { +class roles::infra::ntp::server { include profiles::defaults include profiles::base include profiles::ntp::server From 460f9bc7e8a6076b4b8fe9e745c2346ca5af0cec Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 18 Nov 2023 18:44:11 +1100 Subject: [PATCH 2/4] refactor: move puppet::* roles to infra::puppet - start creation on apps:: roles - reorganise hieradata to match role changes - remove tagging for enc repo --- hieradata/roles/apps.yaml | 1 + hieradata/roles/{puppet.yaml => infra.yaml} | 0 .../{puppet/puppetmaster.yaml => infra/puppet/master.yaml} | 2 -- .../{puppet/puppetmaster.pp => infra/puppet/master.pp} | 2 +- .../{puppet/puppetboard.pp => infra/puppetboard/server.pp} | 2 +- .../{puppet/puppetdb_api.pp => infra/puppetdb/api.pp} | 2 +- .../{puppet/puppetdb_sql.pp => infra/puppetdb/sql.pp} | 2 +- site/roles/manifests/puppet/puppetdb.pp | 7 ------- 8 files changed, 5 insertions(+), 13 deletions(-) create mode 100644 hieradata/roles/apps.yaml rename hieradata/roles/{puppet.yaml => infra.yaml} (100%) rename hieradata/roles/{puppet/puppetmaster.yaml => infra/puppet/master.yaml} (89%) rename site/roles/manifests/{puppet/puppetmaster.pp => infra/puppet/master.pp} (81%) rename site/roles/manifests/{puppet/puppetboard.pp => infra/puppetboard/server.pp} (76%) rename site/roles/manifests/{puppet/puppetdb_api.pp => infra/puppetdb/api.pp} (80%) rename site/roles/manifests/{puppet/puppetdb_sql.pp => infra/puppetdb/sql.pp} (81%) delete mode 100644 site/roles/manifests/puppet/puppetdb.pp diff --git a/hieradata/roles/apps.yaml b/hieradata/roles/apps.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/hieradata/roles/apps.yaml @@ -0,0 +1 @@ +--- diff --git a/hieradata/roles/puppet.yaml b/hieradata/roles/infra.yaml similarity index 100% rename from hieradata/roles/puppet.yaml rename to hieradata/roles/infra.yaml diff --git a/hieradata/roles/puppet/puppetmaster.yaml b/hieradata/roles/infra/puppet/master.yaml similarity index 89% rename from hieradata/roles/puppet/puppetmaster.yaml rename to hieradata/roles/infra/puppet/master.yaml index 931b916..5a5f87c 100644 --- a/hieradata/roles/puppet/puppetmaster.yaml +++ b/hieradata/roles/infra/puppet/master.yaml @@ -9,8 +9,6 @@ profiles::puppet::autosign::domains: # - 'somenode.main.unkin.net' profiles::puppet::enc::repo: https://git.unkin.net/unkinben/puppet-enc.git -profiles::puppet::enc::release: '0.6' -profiles::puppet::enc::force: true profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k' profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml' diff --git a/site/roles/manifests/puppet/puppetmaster.pp b/site/roles/manifests/infra/puppet/master.pp similarity index 81% rename from site/roles/manifests/puppet/puppetmaster.pp rename to site/roles/manifests/infra/puppet/master.pp index b87f183..01e8877 100644 --- a/site/roles/manifests/puppet/puppetmaster.pp +++ b/site/roles/manifests/infra/puppet/master.pp @@ -1,6 +1,6 @@ # a role to deploy the puppetmaster # work in progress -class roles::puppet::puppetmaster { +class roles::infra::puppet::master { include profiles::defaults include profiles::base include profiles::puppet::puppetmaster diff --git a/site/roles/manifests/puppet/puppetboard.pp b/site/roles/manifests/infra/puppetboard/server.pp similarity index 76% rename from site/roles/manifests/puppet/puppetboard.pp rename to site/roles/manifests/infra/puppetboard/server.pp index 34862c3..4742810 100644 --- a/site/roles/manifests/puppet/puppetboard.pp +++ b/site/roles/manifests/infra/puppetboard/server.pp @@ -1,5 +1,5 @@ # a role to deploy the puppetboard -class roles::puppet::puppetboard { +class roles::infra::puppetboard::server { include profiles::defaults include profiles::base include profiles::puppet::puppetboard diff --git a/site/roles/manifests/puppet/puppetdb_api.pp b/site/roles/manifests/infra/puppetdb/api.pp similarity index 80% rename from site/roles/manifests/puppet/puppetdb_api.pp rename to site/roles/manifests/infra/puppetdb/api.pp index 991102d..65bee4c 100644 --- a/site/roles/manifests/puppet/puppetdb_api.pp +++ b/site/roles/manifests/infra/puppetdb/api.pp @@ -1,5 +1,5 @@ # a role to deploy the puppetdb api service -class roles::puppet::puppetdb_api { +class roles::infra::puppetdb::api { include profiles::defaults include profiles::base include profiles::puppet::puppetdb_api diff --git a/site/roles/manifests/puppet/puppetdb_sql.pp b/site/roles/manifests/infra/puppetdb/sql.pp similarity index 81% rename from site/roles/manifests/puppet/puppetdb_sql.pp rename to site/roles/manifests/infra/puppetdb/sql.pp index db640a3..97ebc96 100644 --- a/site/roles/manifests/puppet/puppetdb_sql.pp +++ b/site/roles/manifests/infra/puppetdb/sql.pp @@ -1,5 +1,5 @@ # a role to deploy the puppetdb postgresql service -class roles::puppet::puppetdb_sql { +class roles::infra::puppetdb::sql { include profiles::defaults include profiles::base include profiles::puppet::puppetdb_sql diff --git a/site/roles/manifests/puppet/puppetdb.pp b/site/roles/manifests/puppet/puppetdb.pp deleted file mode 100644 index 29ece76..0000000 --- a/site/roles/manifests/puppet/puppetdb.pp +++ /dev/null @@ -1,7 +0,0 @@ -# a role to deploy the puppetdb -# work in progress -class roles::puppet::puppetdb { - include profiles::defaults - include profiles::base - include profiles::puppet::puppetdb - } From dd334da2b06f02d1aa9c60674e792feb99bd8b20 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 18 Nov 2023 20:08:16 +1100 Subject: [PATCH 3/4] chore: reorganise reposync role --- .../roles/infra/{packagerepo.yaml => reposync/syncer.yaml} | 0 .../manifests/infra/{packagerepo.pp => reposync/syncer.pp} | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename hieradata/roles/infra/{packagerepo.yaml => reposync/syncer.yaml} (100%) rename site/roles/manifests/infra/{packagerepo.pp => reposync/syncer.pp} (80%) diff --git a/hieradata/roles/infra/packagerepo.yaml b/hieradata/roles/infra/reposync/syncer.yaml similarity index 100% rename from hieradata/roles/infra/packagerepo.yaml rename to hieradata/roles/infra/reposync/syncer.yaml diff --git a/site/roles/manifests/infra/packagerepo.pp b/site/roles/manifests/infra/reposync/syncer.pp similarity index 80% rename from site/roles/manifests/infra/packagerepo.pp rename to site/roles/manifests/infra/reposync/syncer.pp index ff90820..8c5a613 100644 --- a/site/roles/manifests/infra/packagerepo.pp +++ b/site/roles/manifests/infra/reposync/syncer.pp @@ -1,5 +1,5 @@ # a role to deploy a packagerepo -class roles::infra::packagerepo { +class roles::infra::reposync::syncer { include profiles::defaults include profiles::base include profiles::base::datavol From c34a2b23606b6f8ecb1fd9e8752e6f82b9ac54ba Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 18 Nov 2023 20:21:27 +1100 Subject: [PATCH 4/4] feat: add forwarding for 17.18.198.in-addr.arpa - add forward zone for 198.18.17.0/24 reverse dns zone --- hieradata/roles/infra/dns/resolver.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hieradata/roles/infra/dns/resolver.yaml b/hieradata/roles/infra/dns/resolver.yaml index 2c0fa2d..2e80a11 100644 --- a/hieradata/roles/infra/dns/resolver.yaml +++ b/hieradata/roles/infra/dns/resolver.yaml @@ -18,6 +18,13 @@ profiles::dns::resolver::zones: forwarders: - 10.10.8.1 forward: 'only' + 17.18.198.in-addr.arpa-forward: + domain: '17.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: + - 198.18.17.23 + - 198.18.17.24 + forward: 'only' profiles::dns::resolver::views: openforwarder: @@ -25,5 +32,6 @@ profiles::dns::resolver::views: zones: - main.unkin.net-forward - prod.unkin.net-forward + - 17.18.198.in-addr.arpa-forward match_clients: - acl-main.unkin.net