Merge branch 'develop' into neoloc/syd1_puppetdb
This commit is contained in:
@@ -5,3 +5,4 @@ profiles::consul::client::secret_id_salt: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCC
|
||||
profiles::consul::token::node_editor::secret_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAO8IIF2r18dFf0bVKEwjJUe1TmXHH0AIzsQHxkHwV7d37kvH1cY9rYw0TtdHn7GTxvotJG7GZbWvbunpBs1g2p2RPADiM6TMhbO8mJ0tAWLnMk7bQ221xu8Pc7KceqWmU17dmgNhVCohyfwJNqbA756TlHVgxGA0LtNrKoLOmgKGXAL1VYZoKEQnWq7xOpO+z3e1UfjoO6CvX/Od2hGYfUkHdro8mwRw4GFKzU7XeKFdAMUGpn5rVmY3xe+1ARXwGFaSrTHzk2n85pvwhPRlQ+OwqzyT19Qo2FNeAO6RoCRIFTtqbsjTWPUlseHIhw4Q5bHO1I0Mrlm5IHDESw/22IzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCEe9wD72qxnpeq5nCi/d7BgDCP29sDFObkFTabt2uZ/nF9MT1g+QOrrdFKgnG6ThnwH1hwpZPsSVgIs+yRQH8laB4=]
|
||||
profiles::consul::server::acl_tokens_initial_management: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAi1UH7AZirJ1PdxWy+KEgS5ufm0wbn2xy9rkg14hKYpcVjBa4pOZpSLMGMiiUpBIqBytDMZM4ezYa/luktpkBImJbM/TE16beGtsacQGA+9eZk2Tihs9GR2qbAQiu5lLITiDlwNnf0GeWdqHM8CTeD68DczQF320d9U14/k6pG/7z+w/MGLcjsQoSuOFTm42JVn1BI46t1CYSCHMXQc/9Tfs+FzI+vumohI8DxAYBIuyzU5HBX/MntAsvD/yixMJS1pZL9WwgqZJC/wK34rVRB39DpxWf/WROrI+WLuSJwr7WBjaeF9Ju+89WKCgsI53EWhFTj8GgDZm/jqPoE478NjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAoACRzJdQKNYXZv6cghFIIgDAzB81DMcuY815nb8POtZpiA06jT/068AoZmSctHoFK/zW9tY229N5r1Tb+WHElqLk=]
|
||||
profiles::consul::server::acl_tokens_default: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAh4Ag95xgkIZHL0gP9OLnZauih0dB1/2l9Jzw8mP3OiIv7fw23otHYONlS3Emtj7oxW8MKcZGKDCzwCT6T2p+V5wx1n15wr2J+FmL24VbclJwrMPQ4AdgP359B9h21uoyo7Zdy7RuuvLfkU1fWXbs3SeWbi2HJs1Ed1/oI1jzr3OgwMbVtbyzd1VuAXeZ9bHQG3IA8z+w/k5m61th0HTyHjw7eldQulbohDuwv545z9axHEoHKCRT2a3ZwBufV2ST6Dm3g9GERzXE9Adp9DQC5adqM74wfsujOMLK2QFJSSIOj2uCs1CpEnrNrQ8zjP3fudM2z3l7KdSHZazEamCSxTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBY/Tn9tzEKYc5dxnzP2rP7gDBWKgVP3lf2T4Q0WPQt3ns0E6RUSO6OtBegb/5qDyohY2nsDeJTnMKOYzYt/J1PhnY=]
|
||||
profiles::consul::server::acl_tokens_replication: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEzTIxbaAR/TZYnC671aBhiahsfwf3ieyeSHpD5hQm40sMEF/fXlEDijq9i2ykPikm94074j1Uo4HNzv/V9GTf0NSC/64t61jJ/Ya3QKa5f/36+DcRj3lcETsSIyhWwmU+E+zkY8I2r68MtXAuvSoMSMZdpgWSkPx/3FFgZlrsg//bzDu69jS9cx4UK582N3A6QN4Uy/qwYtJcm+2iTQlqqgGRWGqnSgTirxhegxPbJGWTDoAEpAL4/DyF5/hqcUn6mgoSfAsHF3loPHOqN30lG+9o0THWJ9B8Gf4W/1X2UWA/avmUnqBnumGoz0p7AYdNgpW+qLl2rk4lyGYa4kvQjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD9KSLH3Pn/1EIzgVJM+8VOgDDpKWzHfSVsfUMyTD0XIRPGclTdmxqCnsdhKNqmUfSjkYIf2nI9rQtSK6n42TYuO4k=]
|
||||
|
||||
@@ -87,9 +87,21 @@ lookup_options:
|
||||
profiles::consul::client::node_rules:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::consul::prepared_query::rules:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::puppet::server::dns_alt_names:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::base::hosts::additional_hosts:
|
||||
merge:
|
||||
strategy: deep
|
||||
postgresql_config_entries:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::yum::global::repos:
|
||||
merge:
|
||||
strategy: deep
|
||||
|
||||
facts_path: '/opt/puppetlabs/facter/facts.d'
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
---
|
||||
profiles::consul::server::gossip_key: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEADwwYLK+fU0M/uLqQpRjHnIAyrt6yPEZSXpUX2jvOGVOA63X8LOYpLVfEGWMmkZ7BHRO0fgr847UUI/xI8otIuiOpgtW2E7QLWs806KUNXz+L8c7kSnQ1XAD5R81/5joDHl4AIxl5fAGryTXH1gfnpTMWh2yjFzU/KYuk2GhrU0M9ewCGJErQG4pT4u3ymGmkLjx6AiZ8r9xb4Eos2bhCCpFWfyb0kKcJqdKU9mzy508byNCfp8lr1DoKxEQrdqSSAQdepn6wCgBZtlAK/k63tOqM9dxyDaCsK8vLG9LlvuEwi3OL2lzTtc1mAcdYxahDo3uBX0/VcCswaXq3nPnu3TBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCUwXPoMh/dylvFwyRzAsnRgDDvh5CHrzJYdUXWGsauYlifOOukYokkwG3yqqtCByveMqVWfWsQukiDTixdqpCgfzw=]
|
||||
profiles::consul::server::acl_tokens_initial_management: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAi1UH7AZirJ1PdxWy+KEgS5ufm0wbn2xy9rkg14hKYpcVjBa4pOZpSLMGMiiUpBIqBytDMZM4ezYa/luktpkBImJbM/TE16beGtsacQGA+9eZk2Tihs9GR2qbAQiu5lLITiDlwNnf0GeWdqHM8CTeD68DczQF320d9U14/k6pG/7z+w/MGLcjsQoSuOFTm42JVn1BI46t1CYSCHMXQc/9Tfs+FzI+vumohI8DxAYBIuyzU5HBX/MntAsvD/yixMJS1pZL9WwgqZJC/wK34rVRB39DpxWf/WROrI+WLuSJwr7WBjaeF9Ju+89WKCgsI53EWhFTj8GgDZm/jqPoE478NjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAoACRzJdQKNYXZv6cghFIIgDAzB81DMcuY815nb8POtZpiA06jT/068AoZmSctHoFK/zW9tY229N5r1Tb+WHElqLk=]
|
||||
profiles::consul::server::acl_tokens_default: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAPRZN7DnYUhVL81p7xC9rUYPutoO3UrF2Sl8DlopfYoAG9omnXZlrut8wIffDZJSiU5XkOGv8x2QsXZc+bWqiplJ0VfzLClxEM2onWaT/GGGg7E+2YhrYuMG7mZYaqRYQ6/AgLDcIMBIdQBdL5mlpy+fVZn7Mu4cmsQYJTIe+yrNQtGMWMiNaHpwLGXvoXgwT6giX6L6VNiN51dAnHAdMYZ9Hf3G5CZEs6x8uOveqf6+qy+df24ItRUcsfQlSwsEaQRY+xjIVYIoiV8l8D8HiO+mVqbxtfQgyJIMv+0hl95zHGlc2W5lb6MvIFcJGu2xKIc00D7YOYgxLUx1aegixxzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBnYSZmhDFSDoO1s329ktFegDC2Z7A+TGqTtZXKXaj2qQmowIvTZOVoUyF/5G0aED0wo/h+vfgosSS3Tx1dam0KUl0=]
|
||||
#profiles::consul::server::acl_tokens_initial_management: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAi1UH7AZirJ1PdxWy+KEgS5ufm0wbn2xy9rkg14hKYpcVjBa4pOZpSLMGMiiUpBIqBytDMZM4ezYa/luktpkBImJbM/TE16beGtsacQGA+9eZk2Tihs9GR2qbAQiu5lLITiDlwNnf0GeWdqHM8CTeD68DczQF320d9U14/k6pG/7z+w/MGLcjsQoSuOFTm42JVn1BI46t1CYSCHMXQc/9Tfs+FzI+vumohI8DxAYBIuyzU5HBX/MntAsvD/yixMJS1pZL9WwgqZJC/wK34rVRB39DpxWf/WROrI+WLuSJwr7WBjaeF9Ju+89WKCgsI53EWhFTj8GgDZm/jqPoE478NjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAoACRzJdQKNYXZv6cghFIIgDAzB81DMcuY815nb8POtZpiA06jT/068AoZmSctHoFK/zW9tY229N5r1Tb+WHElqLk=]
|
||||
#profiles::consul::server::acl_tokens_default: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAPRZN7DnYUhVL81p7xC9rUYPutoO3UrF2Sl8DlopfYoAG9omnXZlrut8wIffDZJSiU5XkOGv8x2QsXZc+bWqiplJ0VfzLClxEM2onWaT/GGGg7E+2YhrYuMG7mZYaqRYQ6/AgLDcIMBIdQBdL5mlpy+fVZn7Mu4cmsQYJTIe+yrNQtGMWMiNaHpwLGXvoXgwT6giX6L6VNiN51dAnHAdMYZ9Hf3G5CZEs6x8uOveqf6+qy+df24ItRUcsfQlSwsEaQRY+xjIVYIoiV8l8D8HiO+mVqbxtfQgyJIMv+0hl95zHGlc2W5lb6MvIFcJGu2xKIc00D7YOYgxLUx1aegixxzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBnYSZmhDFSDoO1s329ktFegDC2Z7A+TGqTtZXKXaj2qQmowIvTZOVoUyF/5G0aED0wo/h+vfgosSS3Tx1dam0KUl0=]
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
---
|
||||
profiles::consul::server::bootstrap_count: 3
|
||||
profiles::consul::server::raft_multiplier: 10
|
||||
profiles::consul::server::primary_datacenter: 'au-drw1'
|
||||
profiles::consul::server::primary_datacenter: 'au-syd1'
|
||||
profiles::consul::server::join_remote_regions: true
|
||||
profiles::consul::server::remote_regions:
|
||||
- syd1
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
profiles::sql::galera_member::cluster_name: au-syd1
|
||||
profiles::sql::galera_member::galera_master: ausyd1nxvm1027.main.unkin.net
|
||||
profiles::sql::galera_member::innodb_buffer_pool_size: 256M
|
||||
@@ -2,3 +2,6 @@
|
||||
profiles::consul::server::bootstrap_count: 3
|
||||
profiles::consul::server::raft_multiplier: 10
|
||||
profiles::consul::server::primary_datacenter: 'au-syd1'
|
||||
profiles::consul::server::join_remote_regions: true
|
||||
profiles::consul::server::remote_regions:
|
||||
- drw1
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
profiles::cobbler::params::is_cobbler_master: true
|
||||
@@ -1,11 +1,2 @@
|
||||
# hieradata/os/AlmaLinux/AlmaLinux8.yaml
|
||||
---
|
||||
profiles::yum::global::managed_repos:
|
||||
- 'base'
|
||||
- 'appstream'
|
||||
- 'epel'
|
||||
- 'powertools'
|
||||
- 'highavailability'
|
||||
- 'puppet7'
|
||||
- 'yum.postgresql.org'
|
||||
- 'unkin'
|
||||
|
||||
@@ -1,8 +1,2 @@
|
||||
# hieradata/os/AlmaLinux/AlmaLinux9.yaml
|
||||
---
|
||||
profiles::yum::global::managed_repos:
|
||||
- 'base'
|
||||
- 'appstream'
|
||||
- 'epel'
|
||||
- 'puppet7'
|
||||
- 'yum.postgresql.org'
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
# hieradata/os/almalinux/all_releases.yaml
|
||||
---
|
||||
profiles::yum::base::baseurl: https://repos.main.unkin.net/almalinux
|
||||
profiles::yum::epel::baseurl: https://repos.main.unkin.net/epel
|
||||
profiles::yum::unkin::baseurl: https://repos.main.unkin.net/unkin
|
||||
profiles::yum::ovirt::baseurl: https://repos.main.unkin.net/centos
|
||||
profiles::firewall::firewalld::ensure_package: 'absent'
|
||||
profiles::firewall::firewalld::ensure_service: 'stopped'
|
||||
profiles::firewall::firewalld::enable_service: false
|
||||
@@ -12,5 +8,55 @@ profiles::puppet::agent::puppet_version: '7.26.0'
|
||||
profiles::packages::install:
|
||||
- lzo
|
||||
- xz
|
||||
- policycoreutils
|
||||
|
||||
lm-sensors::package: lm_sensors
|
||||
|
||||
profiles::yum::global::repos:
|
||||
baseos:
|
||||
name: baseos
|
||||
descr: baseos repository
|
||||
target: /etc/yum.repos.d/baseos.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/BaseOS/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
extras:
|
||||
name: extras
|
||||
descr: extras repository
|
||||
target: /etc/yum.repos.d/extras.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/extras/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
appstream:
|
||||
name: appstream
|
||||
descr: appstream repository
|
||||
target: /etc/yum.repos.d/appstream.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
powertools:
|
||||
name: powertools
|
||||
descr: powertools repository
|
||||
target: /etc/yum.repos.d/powertools.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
highavailability:
|
||||
name: highavailability
|
||||
descr: highavailability repository
|
||||
target: /etc/yum.repos.d/highavailability.repo
|
||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/HighAvailability/%{facts.os.architecture}/os
|
||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||
epel:
|
||||
name: epel
|
||||
descr: epel repository
|
||||
target: /etc/yum.repos.d/epel.repo
|
||||
baseurl: https://edgecache.query.consul/epel/%{facts.os.release.major}/Everything/%{facts.os.architecture}
|
||||
gpgkey: http://edgecache.query.consul/epel/RPM-GPG-KEY-EPEL-%{facts.os.release.major}
|
||||
puppet:
|
||||
name: puppet
|
||||
descr: puppet repository
|
||||
target: /etc/yum.repos.d/puppet.repo
|
||||
baseurl: https://yum.puppet.com/puppet7/el/%{facts.os.release.major}/%{facts.os.architecture}
|
||||
gpgkey: https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406
|
||||
unkin:
|
||||
name: unkin
|
||||
descr: unkin repository
|
||||
target: /etc/yum.repos.d/unkin.repo
|
||||
baseurl: https://repos.main.unkin.net/unkin/%{facts.os.release.major}/%{facts.os.architecture}/os
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
profiles::cobbler::server::default_password_crypted: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJidO18dSzKXgDEvFhigrDmiMTW+D7obTCZVAvl0JzQ6nqRdnh6Xa+j+yc7YzYtCg9VH60vfcutHFGhJptlMbTQq3vSUoF9ylgTutaW/to4T8jb8gBqK1n7b+devEQh4soJtOdAPSidCX4aqsP9dK3I8IijNWMABz59usGbY6oWedmC4865PBcxyIu3phWynNULTXPBEAqdXAutkh4N3P1ydFk3eARCVS3uWo7zaXVsu4vIkjYRDCUyFXBWb12L/NmQ2EhGwckPwgX/rcKRL9r49GxQTLBHJ5MoHQanwoiRw+5Tz3qLW69z+hk91VpnpkZgANc081rmhdyp6qmuIAVDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBiDUwXVJ6mmwzt4YAxg3+qgDDWm5mlWEgsZqCHwG0n94v7oqCBqY2WQdTJAM3TtKlX2nOPlLEmfLrwqtsS2r3QzLo=]
|
||||
profiles::cobbler::params::default_password_crypted: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJidO18dSzKXgDEvFhigrDmiMTW+D7obTCZVAvl0JzQ6nqRdnh6Xa+j+yc7YzYtCg9VH60vfcutHFGhJptlMbTQq3vSUoF9ylgTutaW/to4T8jb8gBqK1n7b+devEQh4soJtOdAPSidCX4aqsP9dK3I8IijNWMABz59usGbY6oWedmC4865PBcxyIu3phWynNULTXPBEAqdXAutkh4N3P1ydFk3eARCVS3uWo7zaXVsu4vIkjYRDCUyFXBWb12L/NmQ2EhGwckPwgX/rcKRL9r49GxQTLBHJ5MoHQanwoiRw+5Tz3qLW69z+hk91VpnpkZgANc081rmhdyp6qmuIAVDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBiDUwXVJ6mmwzt4YAxg3+qgDDWm5mlWEgsZqCHwG0n94v7oqCBqY2WQdTJAM3TtKlX2nOPlLEmfLrwqtsS2r3QzLo=]
|
||||
|
||||
@@ -14,4 +14,8 @@ profiles::packages::install:
|
||||
profiles::pki::vault::alt_names:
|
||||
- cobbler.main.unkin.net
|
||||
|
||||
profiles::cobbler::server::service_cname: 'cobbler.main.unkin.net'
|
||||
profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
|
||||
profiles::selinux::setenforce::mode: permissive
|
||||
|
||||
hiera_classes:
|
||||
- profiles::selinux::setenforce
|
||||
|
||||
+13
-13
@@ -16,10 +16,10 @@ profiles::dhcp::server::pools:
|
||||
- '198.18.15.200 198.18.15.220'
|
||||
gateway: 198.18.15.254
|
||||
nameservers:
|
||||
- 198.18.17.7
|
||||
- 198.18.17.8
|
||||
- 198.18.13.12
|
||||
- 198.18.13.13
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.17.48
|
||||
pxeserver: 198.18.13.27
|
||||
syd1-test:
|
||||
network: 198.18.16.0
|
||||
mask: 255.255.255.0
|
||||
@@ -27,10 +27,10 @@ profiles::dhcp::server::pools:
|
||||
- '198.18.16.200 198.18.16.220'
|
||||
gateway: 198.18.16.254
|
||||
nameservers:
|
||||
- 198.18.17.7
|
||||
- 198.18.17.8
|
||||
- 198.18.13.12
|
||||
- 198.18.13.13
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.17.48
|
||||
pxeserver: 198.18.13.27
|
||||
syd1-prod1:
|
||||
network: 198.18.13.0
|
||||
mask: 255.255.255.0
|
||||
@@ -38,10 +38,10 @@ profiles::dhcp::server::pools:
|
||||
- '198.18.13.200 198.18.13.220'
|
||||
gateway: 198.18.13.254
|
||||
nameservers:
|
||||
- 198.18.17.7
|
||||
- 198.18.17.8
|
||||
- 198.18.13.12
|
||||
- 198.18.13.13
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.17.48
|
||||
pxeserver: 198.18.13.27
|
||||
syd1-prod2:
|
||||
network: 198.18.14.0
|
||||
mask: 255.255.255.0
|
||||
@@ -49,10 +49,10 @@ profiles::dhcp::server::pools:
|
||||
- '198.18.14.200 198.18.14.220'
|
||||
gateway: 198.18.14.254
|
||||
nameservers:
|
||||
- 198.18.17.7
|
||||
- 198.18.17.8
|
||||
- 198.18.13.12
|
||||
- 198.18.13.13
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.17.48
|
||||
pxeserver: 198.18.13.27
|
||||
drw1-prod:
|
||||
network: 198.18.17.0
|
||||
mask: 255.255.255.0
|
||||
@@ -63,7 +63,7 @@ profiles::dhcp::server::pools:
|
||||
- 198.18.17.7
|
||||
- 198.18.17.8
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.17.48
|
||||
pxeserver: 198.18.13.27
|
||||
|
||||
# UFI 64-bit
|
||||
profiles::dhcp::server::classes:
|
||||
@@ -1,10 +1,50 @@
|
||||
---
|
||||
profiles::yum::global::managed_repos:
|
||||
- 'virt-advanced-virtualization'
|
||||
- 'storage-ceph-pacific'
|
||||
- 'cloud-openstack-xena'
|
||||
- 'messaging-rabbitmq-38'
|
||||
- 'nfv-openvswitch-2'
|
||||
- 'opstools-collectd-5'
|
||||
- 'storage-gluster-10'
|
||||
- 'virt-ovirt-45'
|
||||
profiles::yum::global::repos:
|
||||
centos_8_advanced_virtualization:
|
||||
name: 'virt-advanced-virtualization'
|
||||
descr: 'CentOS Advanced Virtualization'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/advancedvirt-common
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||
centos_8_ceph_pacific:
|
||||
name: 'storage-ceph-pacific'
|
||||
descr: 'CentOS Ceph Pacific'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/ceph-pacific
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||
centos_8_rabbitmq_38:
|
||||
name: 'messaging-rabbitmq-38'
|
||||
descr: 'CentOS RabbitMQ 38'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/messaging/x86_64/rabbitmq-38
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
|
||||
centos_8_nfv_openvswitch:
|
||||
name: 'nfv-openvswitch-2'
|
||||
descr: 'CentOS NFV OpenvSwitch'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/nfv/x86_64/openvswitch-2
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
|
||||
centos_8_openstack_xena:
|
||||
name: 'cloud-openstack-xena'
|
||||
descr: 'CentOS OpenStack Xena'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/cloud/x86_64/openstack-xena
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
|
||||
centos_8_opstools:
|
||||
name: 'opstools-collectd-5'
|
||||
descr: 'CentOS OpsTools - collectd'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/opstools/x86_64/collectd-5
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
|
||||
centos_8_ovirt45:
|
||||
name: 'virt-ovirt-45'
|
||||
descr: 'CentOS oVirt 4.5'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/ovirt-45
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||
centos_8_stream_gluster10:
|
||||
name: 'storage-gluster-10'
|
||||
descr: 'CentOS oVirt 4.5 - Glusterfs 10'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/gluster-10
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||
|
||||
@@ -1,17 +1,58 @@
|
||||
---
|
||||
profiles::firewall::firewalld::ensure_package: 'installed'
|
||||
profiles::firewall::firewalld::ensure_service: 'running'
|
||||
profiles::yum::global::managed_repos:
|
||||
- 'virt-advanced-virtualization'
|
||||
- 'storage-ceph-pacific'
|
||||
- 'cloud-openstack-xena'
|
||||
- 'messaging-rabbitmq-38'
|
||||
- 'nfv-openvswitch-2'
|
||||
- 'opstools-collectd-5'
|
||||
- 'storage-gluster-10'
|
||||
- 'virt-ovirt-45'
|
||||
|
||||
sudo::purge_ignore:
|
||||
- '50_vdsm'
|
||||
- '50_vdsm_hook_ovirt_provider_ovn_hook'
|
||||
- '60_ovirt-ha'
|
||||
|
||||
profiles::yum::global::repos:
|
||||
centos_8_advanced_virtualization:
|
||||
name: 'virt-advanced-virtualization'
|
||||
descr: 'CentOS Advanced Virtualization'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/advancedvirt-common
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||
centos_8_ceph_pacific:
|
||||
name: 'storage-ceph-pacific'
|
||||
descr: 'CentOS Ceph Pacific'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/ceph-pacific
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||
centos_8_rabbitmq_38:
|
||||
name: 'messaging-rabbitmq-38'
|
||||
descr: 'CentOS RabbitMQ 38'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/messaging/x86_64/rabbitmq-38
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
|
||||
centos_8_nfv_openvswitch:
|
||||
name: 'nfv-openvswitch-2'
|
||||
descr: 'CentOS NFV OpenvSwitch'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/nfv/x86_64/openvswitch-2
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
|
||||
centos_8_openstack_xena:
|
||||
name: 'cloud-openstack-xena'
|
||||
descr: 'CentOS OpenStack Xena'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/cloud/x86_64/openstack-xena
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
|
||||
centos_8_opstools:
|
||||
name: 'opstools-collectd-5'
|
||||
descr: 'CentOS OpsTools - collectd'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/opstools/x86_64/collectd-5
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
|
||||
centos_8_ovirt45:
|
||||
name: 'virt-ovirt-45'
|
||||
descr: 'CentOS oVirt 4.5'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/ovirt-45
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||
centos_8_stream_gluster10:
|
||||
name: 'storage-gluster-10'
|
||||
descr: 'CentOS oVirt 4.5 - Glusterfs 10'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/gluster-10
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
postgresql_config_entries:
|
||||
max_connections: 300
|
||||
shared_buffers: '256MB'
|
||||
@@ -1,11 +1,27 @@
|
||||
---
|
||||
profiles::sql::galera_member::cluster_name: galera01
|
||||
profiles::sql::galera_member::galera_master: prodinf01n29.main.unkin.net
|
||||
profiles::sql::galera_member::configure_firewall: false
|
||||
profiles::sql::galera_member::wsrep_sst_method: rsync
|
||||
profiles::sql::galera_member::galera_members_lookup: true
|
||||
profiles::sql::galera_member::galera_members_role: roles::infra::sql::galera
|
||||
profiles::sql::galera_member::datadir: /data/mariadb
|
||||
profiles::sql::galera_member::innodb_buffer_pool_size: 256M
|
||||
profiles::sql::galera_member::innodb_file_per_table: 1
|
||||
profiles::sql::galera_member::package_name: mariadb-galera-server
|
||||
|
||||
consul::services:
|
||||
mariadb:
|
||||
service_name: "mariadb-%{facts.environment}"
|
||||
tags:
|
||||
- 'database'
|
||||
- 'mariadb'
|
||||
address: "%{facts.networking.ip}"
|
||||
port: 3306
|
||||
checks:
|
||||
- id: 'mariadb_tcp_check'
|
||||
name: 'MariaDB TCP Check'
|
||||
tcp: "%{facts.networking.ip}:3306"
|
||||
interval: '10s'
|
||||
timeout: '1s'
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: service
|
||||
segment: "mariadb-%{facts.environment}"
|
||||
disposition: write
|
||||
|
||||
@@ -18,6 +18,7 @@ profiles::consul::server::acl:
|
||||
tokens:
|
||||
initial_management: "%{alias('profiles::consul::server::acl_tokens_initial_management')}"
|
||||
default: "%{alias('profiles::consul::server::acl_tokens_default')}"
|
||||
replication: "%{alias('profiles::consul::server::acl_tokens_replication')}"
|
||||
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
@@ -32,3 +33,29 @@ profiles::nginx::simpleproxy::nginx_aliases:
|
||||
- consul.main.unkin.net
|
||||
profiles::nginx::simpleproxy::proxy_port: 8500
|
||||
profiles::nginx::simpleproxy::proxy_path: '/'
|
||||
|
||||
profiles::consul::prepared_query::rules:
|
||||
vault:
|
||||
ensure: 'present'
|
||||
service_name: 'vault'
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
puppet:
|
||||
ensure: 'present'
|
||||
service_name: 'puppet'
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
puppetca:
|
||||
ensure: 'present'
|
||||
service_name: 'puppetca'
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
edgecache:
|
||||
ensure: 'present'
|
||||
service_name: 'edgecache'
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
|
||||
@@ -0,0 +1,120 @@
|
||||
---
|
||||
consul::services:
|
||||
edgecache:
|
||||
service_name: 'edgecache'
|
||||
tags:
|
||||
- 'cache'
|
||||
- 'edge'
|
||||
address: "%{facts.networking.ip}"
|
||||
port: 443
|
||||
checks:
|
||||
- id: 'edgecache_https_check'
|
||||
name: 'EdgeCache HTTPS Check'
|
||||
http: "https://%{facts.networking.fqdn}"
|
||||
method: 'GET'
|
||||
tls_skip_verify: true
|
||||
interval: '10s'
|
||||
timeout: '1s'
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: service
|
||||
segment: edgecache
|
||||
disposition: write
|
||||
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
- edgecache.service.consul
|
||||
- edgecache.query.consul
|
||||
|
||||
profiles::edgecache::params::nginx_resolvers_enable: true
|
||||
profiles::edgecache::params::nginx_resolvers_ipv4only: true
|
||||
profiles::edgecache::params::nginx_listen_mode: both
|
||||
profiles::edgecache::params::nginx_cert_type: vault
|
||||
profiles::edgecache::params::nginx_aliases:
|
||||
- edgecache.service.consul
|
||||
- edgecache.query.consul
|
||||
profiles::edgecache::params::directories:
|
||||
/data/edgecache: { owner: root, group: root }
|
||||
/data/edgecache/pub: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/centos: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/almalinux: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/debian: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/epel: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/postgres: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/postgres/apt: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/postgres/yum: { owner: nginx, group: nginx }
|
||||
|
||||
profiles::edgecache::params::mirrors:
|
||||
debian:
|
||||
ensure: present
|
||||
location: /debian
|
||||
proxy: http://mirror.gsl.icu
|
||||
debian_pool:
|
||||
ensure: present
|
||||
location: /debian/pool
|
||||
proxy: http://mirror.gsl.icu
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
centos_repodata:
|
||||
ensure: present
|
||||
location: '~* ^/centos/.*/repodata/'
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
centos_data:
|
||||
ensure: present
|
||||
location: /centos
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
almalinux_repodata:
|
||||
ensure: present
|
||||
location: '~* ^/almalinux/.*/repodata/'
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
almalinux_data:
|
||||
ensure: present
|
||||
location: /almalinux
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
epel_repodata:
|
||||
ensure: present
|
||||
location: '~* ^/epel/.*/repodata/'
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
epel_data:
|
||||
ensure: present
|
||||
location: /epel
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
postgres_yum_repodata:
|
||||
ensure: present
|
||||
location: '~* ^/postgres/yum/.*/repodata/'
|
||||
rewrite_rules:
|
||||
- '^/postgres/yum/(.*)$ /pub/repos/yum/$1 break'
|
||||
proxy: https://download.postgresql.org
|
||||
postgres_yum_data:
|
||||
ensure: present
|
||||
location: /postgres/yum
|
||||
proxy: https://download.postgresql.org/pub/repos/yum
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
postgres_apt:
|
||||
ensure: present
|
||||
location: /postgres/apt
|
||||
proxy: https://download.postgresql.org/pub/repos/apt
|
||||
postgres_apt_pool:
|
||||
ensure: present
|
||||
location: /postgres/apt/pool
|
||||
proxy: https://download.postgresql.org/pub/repos/apt/pool
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
Reference in New Issue
Block a user