From 6a04701891940952c6aa4f126aae536cb4f3c3e8 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 30 Mar 2025 00:56:04 +1100 Subject: [PATCH] feat: add incus role (#229) - add basic infra::incus role - add autossl, consul and ssh-principals for incus Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/229 --- hieradata/roles/infra/incus/node.yaml | 33 ++++++++++++++++++++++++ site/roles/manifests/infra/incus/node.pp | 10 +++++++ 2 files changed, 43 insertions(+) create mode 100644 hieradata/roles/infra/incus/node.yaml create mode 100644 site/roles/manifests/infra/incus/node.pp diff --git a/hieradata/roles/infra/incus/node.yaml b/hieradata/roles/infra/incus/node.yaml new file mode 100644 index 0000000..a0c8ecb --- /dev/null +++ b/hieradata/roles/infra/incus/node.yaml @@ -0,0 +1,33 @@ +--- +profiles::pki::vault::alt_names: + - incus.service.consul + - incus.query.consul + - "incus.service.%{facts.country}-%{facts.region}.consul" + +profiles::ssh::sign::principals: + - incus.service.consul + - incus.query.consul + - "incus.service.%{facts.country}-%{facts.region}.consul" + +# configure consul service +consul::services: + incus: + service_name: 'incus' + tags: + - 'incus' + - 'container' + - 'lxd' + address: "%{facts.networking.ip}" + port: 8443 + checks: + - id: 'incus_https_check' + name: 'incus HTTPS Check' + http: "https://%{facts.networking.fqdn}:8443" + method: 'GET' + tls_skip_verify: true + interval: '10s' + timeout: '1s' +profiles::consul::client::node_rules: + - resource: service + segment: incus + disposition: write diff --git a/site/roles/manifests/infra/incus/node.pp b/site/roles/manifests/infra/incus/node.pp new file mode 100644 index 0000000..070bbf1 --- /dev/null +++ b/site/roles/manifests/infra/incus/node.pp @@ -0,0 +1,10 @@ +# a role to deploy a incus node +class roles::infra::incus::node { + if $facts['firstrun'] { + include profiles::defaults + include profiles::firstrun::init + }else{ + include profiles::defaults + include profiles::base + } +}