feat: add etcd module/role (#215)
- add etcd module - add etcd role, profile and hieradata Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/215
This commit was merged in pull request #215.
This commit is contained in:
@@ -135,6 +135,8 @@ lookup_options:
|
||||
keepalived::vrrp_instance:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::etcd::node::initial_cluster_token:
|
||||
convert_to: Sensitive
|
||||
|
||||
facts_path: '/opt/puppetlabs/facter/facts.d'
|
||||
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
profiles::etcd::node::initial_cluster_token: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAhLyXszXUU6Dkiw9bEJTH0RXGaV2751NzvLH94i7QHfNukvOslF/kaDOA+FwqG06xSKSKo24Qyj4ewYA3BzhN8XLf2E9uW2LuDrUoA6aXUP2tYPqiTw8zmmgsVV5t7Y5PeNcleV3KmfcJZJKp33yGCKtGF7ggvNvnied5slO6E1BDkcVnqO7sdyI0MqSvsvH4IvEmeiSWAcBRBnwVLIwfn10frIvUg0fH4uZR7DASfO/HstYWKAEacz4xYBv74TtVVtYHlPvnVwC20YIYDMrgBsm3XngyWIQvruQCgyIkRzHjUKCpp76HpyEqzdJdEdaywkODYNOT6ab1B5uUu9WaMjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBADXLPOqFHdnVgJW5+iXJYcgCDK1Eyr+RwvMA+3VszYALU5B6OCH5maplwC5aUgiQZ7ew==]
|
||||
@@ -0,0 +1,60 @@
|
||||
---
|
||||
hiera_include:
|
||||
- profiles::etcd::node
|
||||
|
||||
profiles::etcd::node::members_lookup: true
|
||||
profiles::etcd::node::members_role: roles::infra::etcd::node
|
||||
|
||||
profiles::etcd::node::config:
|
||||
data-dir: /data/etcd
|
||||
client-cert-auth: false
|
||||
client-transport-security:
|
||||
cert-file: /etc/pki/tls/vault/certificate.crt
|
||||
key-file: /etc/pki/tls/vault/private.key
|
||||
client-cert-auth: false
|
||||
auto-tls: false
|
||||
peer-transport-security:
|
||||
cert-file: /etc/pki/tls/vault/certificate.crt
|
||||
key-file: /etc/pki/tls/vault/private.key
|
||||
client-cert-auth: false
|
||||
auto-tls: false
|
||||
allowed-cn:
|
||||
max-wals: 5
|
||||
max-snapshots: 5
|
||||
snapshot-count: 10000
|
||||
heartbeat-interval: 100
|
||||
election-timeout: 1000
|
||||
cipher-suites: [
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
]
|
||||
tls-min-version: 'TLS1.2'
|
||||
tls-max-version: 'TLS1.3'
|
||||
|
||||
profiles::pki::vault::alt_names:
|
||||
- etcd.service.consul
|
||||
- etcd.query.consul
|
||||
- "etcd.service.%{facts.country}-%{facts.region}.consul"
|
||||
|
||||
profiles::ssh::sign::principals:
|
||||
- etcd.query.consul
|
||||
- etcd.service.consul
|
||||
- etcd.service.%{facts.country}-%{facts.region}.consul
|
||||
|
||||
consul::services:
|
||||
etcd:
|
||||
service_name: 'etcd'
|
||||
tags:
|
||||
- 'etcd'
|
||||
address: "%{facts.networking.ip}"
|
||||
port: 2379
|
||||
checks:
|
||||
- id: 'etcd_tcp_check'
|
||||
name: 'ETCD TCP Check'
|
||||
tcp: "%{facts.networking.ip}:2379"
|
||||
interval: '10s'
|
||||
timeout: '1s'
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: service
|
||||
segment: etcd
|
||||
disposition: write
|
||||
Reference in New Issue
Block a user