feat: split reposync into two roles (#307)

- reposync and packagerepo web service
- change backing datastore to be cephfs /shared/app/packagerepo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/307
This commit was merged in pull request #307.
This commit is contained in:
2025-06-01 11:33:44 +10:00
parent 1df11b8977
commit bb2f59621a
9 changed files with 62 additions and 48 deletions
+41
View File
@@ -0,0 +1,41 @@
---
hiera_include:
- profiles::reposync::webserver
profiles::ssh::sign::principals:
- packagerepo.service.consul
- packagerepo.query.consul
- "packagerepo.service.%{facts.country}-%{facts.region}.consul"
# additional altnames
profiles::pki::vault::alt_names:
- packagerepo.main.unkin.net
- packagerepo.service.consul
- packagerepo.query.consul
- "packagerepo.service.%{facts.country}-%{facts.region}.consul"
# configure consul service
consul::services:
jupyterhub:
service_name: 'packagerepo'
tags:
- 'packagerepo'
address: "%{facts.networking.ip}"
port: 443
checks:
- id: 'packagerepo_http_check'
name: 'packagerepo HTTP Check'
http: "https://%{facts.networking.fqdn}"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: packagerepo
disposition: write
profiles::reposync::webserver::nginx_listen_mode: both
profiles::reposync::webserver::nginx_cert_type: vault
profiles::reposync::webserver::www_root: /shared/apps/packagerepo/snap
profiles::reposync::webserver::cache_root: /data/repos/cache
@@ -2,41 +2,6 @@
profiles::packages::include:
createrepo: {}
profiles::ssh::sign::principals:
- packagerepo.service.consul
- packagerepo.query.consul
- "packagerepo.service.%{facts.country}-%{facts.region}.consul"
# additional altnames
profiles::pki::vault::alt_names:
- packagerepo.main.unkin.net
- packagerepo.service.consul
- packagerepo.query.consul
- "packagerepo.service.%{facts.country}-%{facts.region}.consul"
# configure consul service
consul::services:
jupyterhub:
service_name: 'packagerepo'
tags:
- 'packagerepo'
address: "%{facts.networking.ip}"
port: 443
checks:
- id: 'packagerepo_http_check'
name: 'packagerepo HTTP Check'
http: "https://%{facts.networking.fqdn}"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: packagerepo
disposition: write
profiles::reposync::webserver::nginx_listen_mode: both
profiles::reposync::webserver::nginx_cert_type: vault
profiles::reposync::repos_list:
almalinux_9_5_baseos:
repository: 'baseos'