feat: manage more ceph requirements (#288)

- add ceph-common to provide utilities for managing ceph - add root and sysadmin ssh keys for ceph deployments Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/288
2025-05-17 11:14:45 +10:00 · 2025-05-17 11:14:45 +10:00 · d9e8637ad6
commit d9e8637ad6
parent 92f0ae64b9
5 changed files with 31 additions and 14 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -36,6 +36,12 @@ lookup_options:
  profiles::haproxy::server::listeners:
    merge:
      strategy: deep
+  profiles::accounts::root::sshkeys:
+    merge:
+      strategy: deep
+  profiles::accounts::sysadmin::sshkeys:
+    merge:
+      strategy: deep
  haproxy::backend:
    merge:
      strategy: deep
--- a/hieradata/roles/infra/incus/node.yaml
+++ b/hieradata/roles/infra/incus/node.yaml
@ -8,6 +8,7 @@ hiera_include:
 profiles::packages::include:
  bridge-utils: {}
  cephadm: {}
+  ceph-common: {}

 profiles::pki::vault::alt_names:
  - incus.service.consul
@ -27,6 +28,11 @@ profiles::ssh::sign::principals:
  - "%{hiera('networking_loopback1_ip')}"
  - "%{hiera('networking_loopback2_ip')}"

+profiles::accounts::root::sshkeys:
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEEiTQnbnfgIb2FAvrUzKkznB/Jyq06YXhP3E+Y8SmwFSeLZZPdZhKEiWRv0aY3zBIUgGsKmBXtPd8HTvQn959E6fgs3jNBtBIo76sTaR6LpNhb07tUuQDvycFlv3WZRgRu1s3RifNn0Ozfd7JPJtqjo/FGz8URtypkvOto4NnzkgOSjm1qOS6OjetBL2u+tB/h9vRDWIdKyEWqHp81aNqT9wv9MHMGBUCVNC7/WTblCsmL2rPY289dU9E/Ja5bAbNN+Lp23e8lQ+RoSeWmVIM7VCans78hLPzb2RqwNgWMBR2eStmGtHbOF1QYo3luC2GfGR7ImMfxgrR9NTu56nSHIOO+GCpWZEneIPGyLrL5vWWwhODIAJNjG6qGFeLL4PcQBYabI3fmoyrUOaMohiovLYGYs+9NK8wPOpVIP6i6CBq6RzVCjmgGq8x12dK8JhAkcoTfEcPdQwSJU/LRBFfLtRgtu1nb9BdSmotb3ESTSrXt+RYiPgAxatSSrN00qs= ceph-9a4b6eac-31d1-11f0-a634-00e04c680f5d
+profiles::accounts::sysadmin::sshkeys:
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEEiTQnbnfgIb2FAvrUzKkznB/Jyq06YXhP3E+Y8SmwFSeLZZPdZhKEiWRv0aY3zBIUgGsKmBXtPd8HTvQn959E6fgs3jNBtBIo76sTaR6LpNhb07tUuQDvycFlv3WZRgRu1s3RifNn0Ozfd7JPJtqjo/FGz8URtypkvOto4NnzkgOSjm1qOS6OjetBL2u+tB/h9vRDWIdKyEWqHp81aNqT9wv9MHMGBUCVNC7/WTblCsmL2rPY289dU9E/Ja5bAbNN+Lp23e8lQ+RoSeWmVIM7VCans78hLPzb2RqwNgWMBR2eStmGtHbOF1QYo3luC2GfGR7ImMfxgrR9NTu56nSHIOO+GCpWZEneIPGyLrL5vWWwhODIAJNjG6qGFeLL4PcQBYabI3fmoyrUOaMohiovLYGYs+9NK8wPOpVIP6i6CBq6RzVCjmgGq8x12dK8JhAkcoTfEcPdQwSJU/LRBFfLtRgtu1nb9BdSmotb3ESTSrXt+RYiPgAxatSSrN00qs= ceph-9a4b6eac-31d1-11f0-a634-00e04c680f5d
+
 # configure consul service
 consul::services:
  incus:
--- a/site/profiles/manifests/accounts/root.pp
+++ b/site/profiles/manifests/accounts/root.pp
@ -0,0 +1,18 @@
+# manage the root user
+class profiles::accounts::root (
+  Optional[Array[String]] $sshkeys = undef,
+) {
+
+  if $sshkeys {
+    accounts::user { 'root':
+      sshkeys => $sshkeys,
+    }
+  }
+
+  file {'/root/.config':
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0600',
+  }
+}
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@ -26,7 +26,7 @@ class profiles::base (
    include profiles::base::scripts
    include profiles::base::hosts
    include profiles::base::groups
-    include profiles::base::root
+    include profiles::accounts::root
    include profiles::accounts::sysadmin
    if $facts['virtual'] != 'lxc' {
      include profiles::ntp::client
--- a/site/profiles/manifests/base/root.pp
+++ b/site/profiles/manifests/base/root.pp
@ -1,13 +0,0 @@
-# manage the root user
-class profiles::base::root {
-
-  # TODO
-  # for now, add some root directories
-
-  file {'/root/.config':
-    ensure => directory,
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0600',
-  }
-}