diff --git a/Puppetfile b/Puppetfile index af166ab..ddbc134 100644 --- a/Puppetfile +++ b/Puppetfile @@ -35,6 +35,9 @@ mod 'puppet-vault', '4.1.0' mod 'puppet-dhcp', '6.1.0' mod 'puppet-keepalived', '3.6.0' mod 'puppet-extlib', '7.0.0' +mod 'puppet-network', '2.2.0' +mod 'puppet-kmod', '4.0.1' +mod 'puppet-filemapper', '4.0.0' # other mod 'ghoneycutt-puppet', '3.3.0' diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 749d007..c947d0c 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -108,11 +108,18 @@ lookup_options: profiles::nginx::simpleproxy::nginx_aliases: merge: strategy: deep + networking::interfaces: + merge: + strategy: deep + networking::routes: + merge: + strategy: deep facts_path: '/opt/puppetlabs/facter/facts.d' -hiera_classes: +hiera_include: - timezone + - networking - ssh::server profiles::ntp::client::ntp_role: 'roles::infra::ntp::server' @@ -264,6 +271,26 @@ sudo::configs: profiles::accounts::sysadmin::sshkeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net +networking::interfaces: + lo: + ensure: present + family: inet + method: loopback + onboot: true + eth0: + ensure: present + family: inet + method: static + netmask: 255.255.255.0 + onboot: true +networking::routes: + default: + ensure: present + interface: eth0 + netmask: 0.0.0.0 + network: default + + profiles::base::hosts::additional_hosts: - ip: 198.18.17.3 hostname: prodinf01n01.main.unkin.net diff --git a/hieradata/nodes/ausyd1nxvm1000.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1000.main.unkin.net.yaml new file mode 100644 index 0000000..0d0f768 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1000.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.10 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1001.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1001.main.unkin.net.yaml new file mode 100644 index 0000000..5f25e62 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1001.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.11 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1002.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1002.main.unkin.net.yaml new file mode 100644 index 0000000..df3aa6c --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1002.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.12 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1003.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1003.main.unkin.net.yaml new file mode 100644 index 0000000..3742c94 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1003.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.13 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1004.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1004.main.unkin.net.yaml new file mode 100644 index 0000000..07b1320 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1004.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.14 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1005.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1005.main.unkin.net.yaml new file mode 100644 index 0000000..637f41a --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1005.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.15 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1006.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1006.main.unkin.net.yaml new file mode 100644 index 0000000..b3ad9ef --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1006.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.16 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1007.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1007.main.unkin.net.yaml new file mode 100644 index 0000000..d13378d --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1007.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.17 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1008.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1008.main.unkin.net.yaml new file mode 100644 index 0000000..21161d2 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1008.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.18 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1009.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1009.main.unkin.net.yaml new file mode 100644 index 0000000..5714209 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1009.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.19 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1010.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1010.main.unkin.net.yaml new file mode 100644 index 0000000..85030a0 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1010.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.20 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1011.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1011.main.unkin.net.yaml new file mode 100644 index 0000000..1e4bd69 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1011.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.21 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1012.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1012.main.unkin.net.yaml new file mode 100644 index 0000000..fe067ca --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1012.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.22 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1013.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1013.main.unkin.net.yaml new file mode 100644 index 0000000..b7faf2d --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1013.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.23 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1014.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1014.main.unkin.net.yaml new file mode 100644 index 0000000..6eb0c2d --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1014.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.24 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1015.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1015.main.unkin.net.yaml new file mode 100644 index 0000000..d013779 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1015.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.25 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1016.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1016.main.unkin.net.yaml new file mode 100644 index 0000000..4139c9a --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1016.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.26 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml index f7ad64b..49565b5 100644 --- a/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml +++ b/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml @@ -1,2 +1,8 @@ --- profiles::cobbler::params::is_cobbler_master: true +networking::interfaces: + eth0: + ipaddress: 198.18.13.27 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1018.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1018.main.unkin.net.yaml new file mode 100644 index 0000000..cc95111 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1018.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.28 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1019.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1019.main.unkin.net.yaml new file mode 100644 index 0000000..f34d534 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1019.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.29 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1020.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1020.main.unkin.net.yaml new file mode 100644 index 0000000..1171c3a --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1020.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.30 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1021.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1021.main.unkin.net.yaml new file mode 100644 index 0000000..4db921a --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1021.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.31 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1022.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1022.main.unkin.net.yaml new file mode 100644 index 0000000..bc8c957 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1022.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.32 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1023.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1023.main.unkin.net.yaml new file mode 100644 index 0000000..2efaddd --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1023.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.33 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1024.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1024.main.unkin.net.yaml new file mode 100644 index 0000000..9b01689 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1024.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.34 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1025.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1025.main.unkin.net.yaml new file mode 100644 index 0000000..08699cd --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1025.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.35 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1026.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1026.main.unkin.net.yaml new file mode 100644 index 0000000..f2d2815 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1026.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.36 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1027.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1027.main.unkin.net.yaml new file mode 100644 index 0000000..d866894 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1027.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.37 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1028.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1028.main.unkin.net.yaml new file mode 100644 index 0000000..c500f84 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1028.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.38 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1029.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1029.main.unkin.net.yaml new file mode 100644 index 0000000..7c71aab --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1029.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.39 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1030.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1030.main.unkin.net.yaml new file mode 100644 index 0000000..5dfd63a --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1030.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.40 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1031.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1031.main.unkin.net.yaml new file mode 100644 index 0000000..06ec9c5 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1031.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.41 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1032.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1032.main.unkin.net.yaml new file mode 100644 index 0000000..1163ae6 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1032.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.42 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1033.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1033.main.unkin.net.yaml new file mode 100644 index 0000000..fd6a428 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1033.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.43 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1034.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1034.main.unkin.net.yaml new file mode 100644 index 0000000..4749523 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1034.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.44 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1035.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1035.main.unkin.net.yaml new file mode 100644 index 0000000..d3e7eca --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm1035.main.unkin.net.yaml @@ -0,0 +1,7 @@ +--- +networking::interfaces: + eth0: + ipaddress: 198.18.13.45 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/ausyd1nxvm1036.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1036.main.unkin.net.yaml index a909eb0..1f56e70 100644 --- a/hieradata/nodes/ausyd1nxvm1036.main.unkin.net.yaml +++ b/hieradata/nodes/ausyd1nxvm1036.main.unkin.net.yaml @@ -7,3 +7,9 @@ profiles::puppet::server::dns_alt_names: profiles::puppet::puppetca::is_puppetca: true profiles::puppet::puppetca::allow_subject_alt_names: true +networking::interfaces: + eth0: + ipaddress: 198.18.13.46 +networking::routes: + default: + gateway: 198.18.13.254 diff --git a/hieradata/nodes/prodinf01n01.main.unkin.net.yaml b/hieradata/nodes/prodinf01n01.main.unkin.net.yaml index e6e8fc8..d3fd91b 100644 --- a/hieradata/nodes/prodinf01n01.main.unkin.net.yaml +++ b/hieradata/nodes/prodinf01n01.main.unkin.net.yaml @@ -7,3 +7,6 @@ profiles::puppet::server::dns_alt_names: profiles::puppet::puppetca::is_puppetca: false profiles::puppet::puppetca::allow_subject_alt_names: true + +hiera_exclude: + - networking diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml index c383966..b075680 100644 --- a/hieradata/os/AlmaLinux/all_releases.yaml +++ b/hieradata/os/AlmaLinux/all_releases.yaml @@ -59,4 +59,5 @@ profiles::yum::global::repos: name: unkin descr: unkin repository target: /etc/yum.repos.d/unkin.repo - baseurl: https://repos.main.unkin.net/unkin/%{facts.os.release.major}/%{facts.os.architecture}/os + baseurl: https://git.query.consul/api/packages/unkinben/rpm/el%{facts.os.release.major} + gpgkey: https://git.query.consul/api/packages/unkinben/rpm/repository.key diff --git a/hieradata/os/Debian/all_releases.yaml b/hieradata/os/Debian/all_releases.yaml index 221b479..04e4212 100644 --- a/hieradata/os/Debian/all_releases.yaml +++ b/hieradata/os/Debian/all_releases.yaml @@ -1,6 +1,6 @@ # hieradata/os/debian/all_releases.yaml --- -profiles::apt::base::mirrorurl: http://repos.main.unkin.net/debian +profiles::apt::base::mirrorurl: https://edgecache.query.consul/debian/ profiles::apt::base::secureurl: http://security.debian.org/debian-security profiles::apt::puppet7::mirror: http://apt.puppetlabs.com profiles::apt::puppet7::repo: puppet7 @@ -12,3 +12,4 @@ profiles::packages::install: - xz-utils lm-sensors::package: lm-sensors +networking::nwmgr_dns_none: false diff --git a/hieradata/roles/infra/cobbler/server.yaml b/hieradata/roles/infra/cobbler/server.yaml index 6709152..42dbef9 100644 --- a/hieradata/roles/infra/cobbler/server.yaml +++ b/hieradata/roles/infra/cobbler/server.yaml @@ -17,5 +17,5 @@ profiles::pki::vault::alt_names: profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net' profiles::selinux::setenforce::mode: permissive -hiera_classes: +hiera_include: - profiles::selinux::setenforce diff --git a/hieradata/roles/infra/ntp/server.yaml b/hieradata/roles/infra/ntp/server.yaml index 839e32d..6e4bd92 100644 --- a/hieradata/roles/infra/ntp/server.yaml +++ b/hieradata/roles/infra/ntp/server.yaml @@ -12,3 +12,24 @@ profiles::ntp::server::peers: - '1.au.pool.ntp.org' - '2.au.pool.ntp.org' - '3.au.pool.ntp.org' + +consul::services: + ntp: + service_name: 'ntp' + tags: + - 'ntp' + - 'time' + - 'sync' + address: "%{facts.networking.ip}" + port: 123 + checks: + - id: ntp_check + name: "NTP Service Check" + args: + - '/usr/local/bin/check_ntp.sh' + interval: '15s' + timeout: '5s' +profiles::consul::client::node_rules: + - resource: service + segment: ntp + disposition: write diff --git a/hieradata/roles/infra/proxmox.yaml b/hieradata/roles/infra/proxmox.yaml index 7a1b911..05e6a9b 100644 --- a/hieradata/roles/infra/proxmox.yaml +++ b/hieradata/roles/infra/proxmox.yaml @@ -5,3 +5,6 @@ sudo::configs: content: | ceph ALL=NOPASSWD: /usr/sbin/smartctl -x --json=o /dev/* ceph ALL=NOPASSWD: /usr/sbin/nvme * smart-log-add --json /dev/* + +hiera_exclude: + - networking diff --git a/hieradata/roles/infra/storage/consul.yaml b/hieradata/roles/infra/storage/consul.yaml index a3ea581..2902de3 100644 --- a/hieradata/roles/infra/storage/consul.yaml +++ b/hieradata/roles/infra/storage/consul.yaml @@ -77,3 +77,9 @@ profiles::consul::prepared_query::rules: service_failover_n: 3 service_only_passing: true ttl: 10 + ntp: + ensure: 'present' + service_name: 'ntp' + service_failover_n: 3 + service_only_passing: true + ttl: 10 diff --git a/modules/networking/manifests/init.pp b/modules/networking/manifests/init.pp new file mode 100644 index 0000000..f7239d5 --- /dev/null +++ b/modules/networking/manifests/init.pp @@ -0,0 +1,35 @@ +# unkin networking module +class networking ( + Hash $interfaces = {}, + Hash $routes = {}, +){ + + include network + include networking::params + + $interfaces.each | $interface, $data | { + network_config {$interface: + * => $data, + } + } + $routes.each | $route, $data | { + network_route {$route: + * => $data, + } + } + + # prevent DNS from being overwritten by networkmanager + if $networking::params::nwmgr_dns_none { + file {'/etc/NetworkManager/conf.d/dns_none.conf': + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0655', + content => "[main]\ndns=none", + } + }else{ + file {'/etc/NetworkManager/conf.d/dns_none.conf': + ensure => 'absent', + } + } +} diff --git a/modules/networking/manifests/params.pp b/modules/networking/manifests/params.pp new file mode 100644 index 0000000..27f58b8 --- /dev/null +++ b/modules/networking/manifests/params.pp @@ -0,0 +1,6 @@ +# networking params +class networking::params ( + Boolean $nwmgr_dns_none = true, + Boolean $nwmgr_service_running = true, +){ +} diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index e050581..13d18dd 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -58,7 +58,9 @@ class profiles::base ( } # include classes from hiera - lookup('hiera_classes', Array[String], 'unique').include + $hiera_include = lookup('hiera_include', Array[String], 'unique', []) + $hiera_exclude = lookup('hiera_exclude', Array[String], 'unique', []) + ($hiera_include - $hiera_exclude).include # specifc ordering constraints Class['profiles::pki::vaultca'] diff --git a/site/profiles/manifests/ntp/server.pp b/site/profiles/manifests/ntp/server.pp index 88f1426..a8a1c77 100644 --- a/site/profiles/manifests/ntp/server.pp +++ b/site/profiles/manifests/ntp/server.pp @@ -35,5 +35,13 @@ class profiles::ntp::server ( queryhosts => $allowquery, } } + + file {'/usr/local/bin/check_ntp.sh': + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0755', + content => template('profiles/ntp/check_ntp.sh.erb'), + } } } diff --git a/site/profiles/manifests/puppet/client.pp b/site/profiles/manifests/puppet/client.pp index aa3444c..1888cf5 100644 --- a/site/profiles/manifests/puppet/client.pp +++ b/site/profiles/manifests/puppet/client.pp @@ -12,6 +12,7 @@ class profiles::puppet::client ( Integer $runtimeout = 3600, Boolean $show_diff = true, Boolean $usecacheonfailure = false, + Integer $facts_soft_limit = 4096, ) { # dont manage puppet.conf if this is a puppetmaster diff --git a/site/profiles/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp index 771d41a..5d0c50b 100644 --- a/site/profiles/manifests/puppet/server.pp +++ b/site/profiles/manifests/puppet/server.pp @@ -28,6 +28,7 @@ class profiles::puppet::server ( Integer $runinterval = 1800, Integer $runtimeout = 3600, Boolean $show_diff = true, + Integer $facts_soft_limit = 4096, ) { file { '/etc/puppetlabs/puppet/puppet.conf': @@ -59,6 +60,7 @@ class profiles::puppet::server ( 'storeconfigs_backend' => $storeconfigs_backend, 'reports' => $reports, 'usecacheonfailure' => $usecacheonfailure, + 'facts_soft_limit' => $facts_soft_limit, }), notify => Service['puppetserver'], } diff --git a/site/profiles/templates/ntp/check_ntp.sh.erb b/site/profiles/templates/ntp/check_ntp.sh.erb new file mode 100644 index 0000000..6b940ba --- /dev/null +++ b/site/profiles/templates/ntp/check_ntp.sh.erb @@ -0,0 +1,8 @@ +#!/usr/bin/bash + +# Check if ntpd or chronyd is running +if pgrep ntpd > /dev/null || pgrep chronyd > /dev/null; then + exit 0 +else + exit 2 +fi diff --git a/site/profiles/templates/puppet/client/puppet.conf.erb b/site/profiles/templates/puppet/client/puppet.conf.erb index 40874c6..65f3328 100644 --- a/site/profiles/templates/puppet/client/puppet.conf.erb +++ b/site/profiles/templates/puppet/client/puppet.conf.erb @@ -11,3 +11,4 @@ runinterval = <%= @runinterval %> runtimeout = <%= @runtimeout %> show_diff = <%= @show_diff %> usecacheonfailure = <%= @usecacheonfailure %> +number_of_facts_soft_limit = <%= @facts_soft_limit %> diff --git a/site/profiles/templates/puppet/server/puppet.conf.epp b/site/profiles/templates/puppet/server/puppet.conf.epp index dbb93ee..1831263 100644 --- a/site/profiles/templates/puppet/server/puppet.conf.epp +++ b/site/profiles/templates/puppet/server/puppet.conf.epp @@ -17,6 +17,7 @@ report_server = <%= $report_server %> runinterval = <%= $runinterval %> runtimeout = <%= $runtimeout %> show_diff = <%= $show_diff %> +number_of_facts_soft_limit = <%= $facts_soft_limit %> [master] node_terminus = <%= $node_terminus %>