neoloc/loopback_dns (#281)

- manage all interfaces in dns (except lo and anycast)
- move loopback0 anycast addresses to be anycast0

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/281
This commit was merged in pull request #281.
This commit is contained in:
2025-05-11 16:36:04 +10:00
parent 3e0141bb1b
commit 87a6c73578
14 changed files with 67 additions and 37 deletions
+11 -1
View File
@@ -13,10 +13,18 @@ profiles::pki::vault::alt_names:
- incus.query.consul
- "incus.service.%{facts.country}-%{facts.region}.consul"
profiles::pki::vault::ip_sans:
- "%{hiera('networking_loopback0_ip')}"
- "%{hiera('networking_loopback1_ip')}"
- "%{hiera('networking_loopback2_ip')}"
profiles::ssh::sign::principals:
- incus.service.consul
- incus.query.consul
- "incus.service.%{facts.country}-%{facts.region}.consul"
- "%{hiera('networking_loopback0_ip')}"
- "%{hiera('networking_loopback1_ip')}"
- "%{hiera('networking_loopback2_ip')}"
# configure consul service
consul::services:
@@ -65,10 +73,12 @@ profiles::yum::global::repos:
gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022
mirrorlist: absent
# dns
profiles::dns::base::primary_interface: loopback0
# networking
systemd::manage_networkd: true
systemd::manage_all_network_files: true
#networking::use_networkd: true
networking::interfaces:
enp2s0:
type: physical