fix: move primary_datacenter to region/role
- set syd1 as primary consul datacentre - add consul.service.consul zone - add nginx reverse proxy for consul webui - set dns zones/acls/views/keys to be deep merged from hiera - update default token - add consul/consul.service.consul/consul.main.unkin.net to vault cert
This commit is contained in:
@@ -2,6 +2,7 @@
|
||||
profiles::dns::resolver::acls:
|
||||
acl-main.unkin.net:
|
||||
addresses:
|
||||
- 10.10.8.1/32
|
||||
- 198.18.21.160/27
|
||||
- 198.18.21.192/27
|
||||
- 198.18.13.0/24
|
||||
@@ -11,53 +12,62 @@ profiles::dns::resolver::acls:
|
||||
- 198.18.17.0/24
|
||||
|
||||
profiles::dns::resolver::zones:
|
||||
main.unkin.net-forward:
|
||||
domain: 'main.unkin.net'
|
||||
8.10.10.in-addr.arpa-forward:
|
||||
domain: '8.10.10.in-addr.arpa'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 198.18.17.23
|
||||
- 198.18.17.24
|
||||
- 10.10.16.32
|
||||
- 10.10.16.33
|
||||
forward: 'only'
|
||||
16.10.10.in-addr.arpa-forward:
|
||||
domain: '16.10.10.in-addr.arpa'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 10.10.16.32
|
||||
- 10.10.16.33
|
||||
forward: 'only'
|
||||
20.10.10.in-addr.arpa-forward:
|
||||
domain: '20.10.10.in-addr.arpa'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 10.10.16.32
|
||||
- 10.10.16.33
|
||||
forward: 'only'
|
||||
unkin.net-forward:
|
||||
domain: 'unkin.net'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 10.10.16.32
|
||||
- 10.10.16.33
|
||||
forward: 'only'
|
||||
dmz.unkin.net-forward:
|
||||
domain: 'dmz.unkin.net'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 10.10.16.32
|
||||
- 10.10.16.33
|
||||
forward: 'only'
|
||||
network.unkin.net-forward:
|
||||
domain: 'network.unkin.net'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 10.10.16.32
|
||||
- 10.10.16.33
|
||||
forward: 'only'
|
||||
prod.unkin.net-forward:
|
||||
domain: 'prod.unkin.net'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 10.10.8.1
|
||||
- 10.10.16.32
|
||||
- 10.10.16.33
|
||||
forward: 'only'
|
||||
13.18.198.in-addr.arpa-forward:
|
||||
domain: '13.18.198.in-addr.arpa'
|
||||
consul.service.consul-forward:
|
||||
domain: 'consul.service.consul'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 198.18.17.23
|
||||
- 198.18.17.24
|
||||
forward: 'only'
|
||||
14.18.198.in-addr.arpa-forward:
|
||||
domain: '14.18.198.in-addr.arpa'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 198.18.17.23
|
||||
- 198.18.17.24
|
||||
forward: 'only'
|
||||
15.18.198.in-addr.arpa-forward:
|
||||
domain: '15.18.198.in-addr.arpa'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 198.18.17.23
|
||||
- 198.18.17.24
|
||||
forward: 'only'
|
||||
16.18.198.in-addr.arpa-forward:
|
||||
domain: '16.18.198.in-addr.arpa'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 198.18.17.23
|
||||
- 198.18.17.24
|
||||
forward: 'only'
|
||||
17.18.198.in-addr.arpa-forward:
|
||||
domain: '17.18.198.in-addr.arpa'
|
||||
zone_type: 'forward'
|
||||
forwarders:
|
||||
- 198.18.17.23
|
||||
- 198.18.17.24
|
||||
- 198.18.13.19
|
||||
- 198.18.13.20
|
||||
- 198.18.13.21
|
||||
forward: 'only'
|
||||
|
||||
profiles::dns::resolver::views:
|
||||
@@ -65,11 +75,18 @@ profiles::dns::resolver::views:
|
||||
recursion: true
|
||||
zones:
|
||||
- main.unkin.net-forward
|
||||
- unkin.net-forward
|
||||
- dmz.unkin.net-forward
|
||||
- network.unkin.net-forward
|
||||
- prod.unkin.net-forward
|
||||
- consul.service.consul-forward
|
||||
- 13.18.198.in-addr.arpa-forward
|
||||
- 14.18.198.in-addr.arpa-forward
|
||||
- 15.18.198.in-addr.arpa-forward
|
||||
- 16.18.198.in-addr.arpa-forward
|
||||
- 17.18.198.in-addr.arpa-forward
|
||||
- 8.10.10.in-addr.arpa-forward
|
||||
- 16.10.10.in-addr.arpa-forward
|
||||
- 20.10.10.in-addr.arpa-forward
|
||||
match_clients:
|
||||
- acl-main.unkin.net
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
---
|
||||
profiles::consul::server::members_lookup: true
|
||||
profiles::consul::server::data_dir: /data/consul
|
||||
profiles::consul::server::primary_datacenter: 'au-drw1'
|
||||
profiles::consul::server::addresses:
|
||||
dns: "%{::networking.ip}"
|
||||
http: "%{::networking.ip}"
|
||||
@@ -19,3 +18,9 @@ profiles::consul::server::acl:
|
||||
tokens:
|
||||
initial_management: "%{alias('profiles::consul::server::acl_tokens_initial_management')}"
|
||||
default: "%{alias('profiles::consul::server::acl_tokens_default')}"
|
||||
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
- consul.main.unkin.net
|
||||
- consul.service.consul
|
||||
- consul
|
||||
|
||||
Reference in New Issue
Block a user