unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add vault service/query altnames

Browse Source 
- add nginx aliases for vault services
- add additional vault certificates
- change certmanager script to use vault.service.consul
This commit is contained in:
Ben Vincent 2024-05-25 14:37:13 +10:00
parent 2c3aa2bbdc
commit b9c327799f
5 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hieradata/common.yaml
View File

@ -105,6 +105,9 @@ lookup_options:
profiles::yum::global::repos: profiles::yum::global::repos:
merge: merge:
strategy: deep strategy: deep
profiles::nginx::simpleproxy::nginx_aliases:
merge:
strategy: deep
facts_path: '/opt/puppetlabs/facter/facts.d' facts_path: '/opt/puppetlabs/facter/facts.d'

7
hieradata/country/au/region/drw1/infra/storage/vault.yaml
View File

@ -1,2 +1,9 @@
--- ---
# additional altnames
profiles::pki::vault::alt_names:
- vault.service.au-drw1.consul
profiles::nginx::simpleproxy::nginx_aliases:
- vault.service.au-drw1.consul
profiles::vault::server::primary_datacenter: 'au-drw1' profiles::vault::server::primary_datacenter: 'au-drw1'

9
hieradata/country/au/region/syd1/infra/storage/vault.yaml
View File

@ -1,4 +1,13 @@
--- ---
# additional altnames
profiles::pki::vault::alt_names:
- vault.service.au-syd1.consul
- vault.query.consul
profiles::nginx::simpleproxy::nginx_aliases:
- vault.service.au-syd1.consul
- vault.query.consul
profiles::vault::server::primary_datacenter: 'au-syd1' profiles::vault::server::primary_datacenter: 'au-syd1'
consul::services: consul::services:
vault: vault:

2
hieradata/roles/infra/puppet/master.yaml
View File

@ -30,7 +30,7 @@ profiles::puppet::gems::puppet:
- 'hiera-eyaml' - 'hiera-eyaml'
profiles::helpers::certmanager::vault_config: profiles::helpers::certmanager::vault_config:
addr: 'https://198.18.17.39:8200' addr: 'https://vault.service.consul:8200'
mount_point: 'pki_int' mount_point: 'pki_int'
approle_path: 'approle' approle_path: 'approle'
role_name: 'servers_default' role_name: 'servers_default'

3
hieradata/roles/infra/storage/vault.yaml
View File

@ -10,13 +10,14 @@ vault::download_url: http://repos.main.unkin.net/unkin/8/x86_64/os/Archives/vaul
profiles::pki::vault::alt_names: profiles::pki::vault::alt_names:
- vault.main.unkin.net - vault.main.unkin.net
- vault.service.consul - vault.service.consul
- vault.service.consul
- vault - vault
# manage a simple nginx reverse proxy # manage a simple nginx reverse proxy
profiles::nginx::simpleproxy::nginx_vhost: 'vault.service.consul' profiles::nginx::simpleproxy::nginx_vhost: 'vault.service.consul'
profiles::nginx::simpleproxy::nginx_aliases: profiles::nginx::simpleproxy::nginx_aliases:
- vault
- vault.main.unkin.net - vault.main.unkin.net
- vault
profiles::nginx::simpleproxy::proxy_scheme: 'http' profiles::nginx::simpleproxy::proxy_scheme: 'http'
profiles::nginx::simpleproxy::proxy_host: '127.0.0.1' profiles::nginx::simpleproxy::proxy_host: '127.0.0.1'
profiles::nginx::simpleproxy::proxy_port: 8200 profiles::nginx::simpleproxy::proxy_port: 8200