feat: manage more ceph requirements

- add ceph-common to provide utilities for managing ceph - add root and sysadmin ssh keys for ceph deployments
2025-05-17 11:07:21 +10:00 · 2025-05-17 11:07:21 +10:00 · f1bb392f8d
commit f1bb392f8d
parent 92f0ae64b9
5 changed files with 31 additions and 14 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -36,6 +36,12 @@ lookup_options:
  profiles::haproxy::server::listeners:
    merge:
      strategy: deep
  profiles::accounts::root::sshkeys:
    merge:
      strategy: deep
  profiles::accounts::sysadmin::sshkeys:
    merge:
      strategy: deep
  haproxy::backend:
    merge:
      strategy: deep
--- a/hieradata/roles/infra/incus/node.yaml
+++ b/hieradata/roles/infra/incus/node.yaml
@ -8,6 +8,7 @@ hiera_include:
 profiles::packages::include:
  bridge-utils: {}
  cephadm: {}
  ceph-common: {}
 profiles::pki::vault::alt_names:
  - incus.service.consul
@ -27,6 +28,11 @@ profiles::ssh::sign::principals:
  - "%{hiera('networking_loopback1_ip')}"
  - "%{hiera('networking_loopback2_ip')}"
 profiles::accounts::root::sshkeys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEEiTQnbnfgIb2FAvrUzKkznB/Jyq06YXhP3E+Y8SmwFSeLZZPdZhKEiWRv0aY3zBIUgGsKmBXtPd8HTvQn959E6fgs3jNBtBIo76sTaR6LpNhb07tUuQDvycFlv3WZRgRu1s3RifNn0Ozfd7JPJtqjo/FGz8URtypkvOto4NnzkgOSjm1qOS6OjetBL2u+tB/h9vRDWIdKyEWqHp81aNqT9wv9MHMGBUCVNC7/WTblCsmL2rPY289dU9E/Ja5bAbNN+Lp23e8lQ+RoSeWmVIM7VCans78hLPzb2RqwNgWMBR2eStmGtHbOF1QYo3luC2GfGR7ImMfxgrR9NTu56nSHIOO+GCpWZEneIPGyLrL5vWWwhODIAJNjG6qGFeLL4PcQBYabI3fmoyrUOaMohiovLYGYs+9NK8wPOpVIP6i6CBq6RzVCjmgGq8x12dK8JhAkcoTfEcPdQwSJU/LRBFfLtRgtu1nb9BdSmotb3ESTSrXt+RYiPgAxatSSrN00qs= ceph-9a4b6eac-31d1-11f0-a634-00e04c680f5d
 profiles::accounts::sysadmin::sshkeys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEEiTQnbnfgIb2FAvrUzKkznB/Jyq06YXhP3E+Y8SmwFSeLZZPdZhKEiWRv0aY3zBIUgGsKmBXtPd8HTvQn959E6fgs3jNBtBIo76sTaR6LpNhb07tUuQDvycFlv3WZRgRu1s3RifNn0Ozfd7JPJtqjo/FGz8URtypkvOto4NnzkgOSjm1qOS6OjetBL2u+tB/h9vRDWIdKyEWqHp81aNqT9wv9MHMGBUCVNC7/WTblCsmL2rPY289dU9E/Ja5bAbNN+Lp23e8lQ+RoSeWmVIM7VCans78hLPzb2RqwNgWMBR2eStmGtHbOF1QYo3luC2GfGR7ImMfxgrR9NTu56nSHIOO+GCpWZEneIPGyLrL5vWWwhODIAJNjG6qGFeLL4PcQBYabI3fmoyrUOaMohiovLYGYs+9NK8wPOpVIP6i6CBq6RzVCjmgGq8x12dK8JhAkcoTfEcPdQwSJU/LRBFfLtRgtu1nb9BdSmotb3ESTSrXt+RYiPgAxatSSrN00qs= ceph-9a4b6eac-31d1-11f0-a634-00e04c680f5d
 # configure consul service
 consul::services:
  incus:
--- a/site/profiles/manifests/accounts/root.pp
+++ b/site/profiles/manifests/accounts/root.pp
@ -0,0 +1,18 @@
 # manage the root user
 class profiles::accounts::root (
  Optional[Array[String]] $sshkeys = undef,
 ) {
  if $sshkeys {
    accounts::user { 'root':
      sshkeys => $sshkeys,
    }
  }
  file {'/root/.config':
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0600',
  }
 }
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@ -26,7 +26,7 @@ class profiles::base (
    include profiles::base::scripts
    include profiles::base::hosts
    include profiles::base::groups
-    include profiles::base::root
+    include profiles::accounts::root
    include profiles::accounts::sysadmin
    if $facts['virtual'] != 'lxc' {
      include profiles::ntp::client
--- a/site/profiles/manifests/base/root.pp
+++ b/site/profiles/manifests/base/root.pp
@ -1,13 +0,0 @@
 # manage the root user
 class profiles::base::root {
  # TODO
  # for now, add some root directories
  file {'/root/.config':
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0600',
  }
 }