Merge branch 'develop' into neoloc/syd1_puppetdb

This commit is contained in:
2024-05-22 22:11:04 +10:00
77 changed files with 1230 additions and 668 deletions
+1 -1
View File
@@ -1,2 +1,2 @@
---
profiles::cobbler::server::default_password_crypted: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJidO18dSzKXgDEvFhigrDmiMTW+D7obTCZVAvl0JzQ6nqRdnh6Xa+j+yc7YzYtCg9VH60vfcutHFGhJptlMbTQq3vSUoF9ylgTutaW/to4T8jb8gBqK1n7b+devEQh4soJtOdAPSidCX4aqsP9dK3I8IijNWMABz59usGbY6oWedmC4865PBcxyIu3phWynNULTXPBEAqdXAutkh4N3P1ydFk3eARCVS3uWo7zaXVsu4vIkjYRDCUyFXBWb12L/NmQ2EhGwckPwgX/rcKRL9r49GxQTLBHJ5MoHQanwoiRw+5Tz3qLW69z+hk91VpnpkZgANc081rmhdyp6qmuIAVDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBiDUwXVJ6mmwzt4YAxg3+qgDDWm5mlWEgsZqCHwG0n94v7oqCBqY2WQdTJAM3TtKlX2nOPlLEmfLrwqtsS2r3QzLo=]
profiles::cobbler::params::default_password_crypted: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJidO18dSzKXgDEvFhigrDmiMTW+D7obTCZVAvl0JzQ6nqRdnh6Xa+j+yc7YzYtCg9VH60vfcutHFGhJptlMbTQq3vSUoF9ylgTutaW/to4T8jb8gBqK1n7b+devEQh4soJtOdAPSidCX4aqsP9dK3I8IijNWMABz59usGbY6oWedmC4865PBcxyIu3phWynNULTXPBEAqdXAutkh4N3P1ydFk3eARCVS3uWo7zaXVsu4vIkjYRDCUyFXBWb12L/NmQ2EhGwckPwgX/rcKRL9r49GxQTLBHJ5MoHQanwoiRw+5Tz3qLW69z+hk91VpnpkZgANc081rmhdyp6qmuIAVDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBiDUwXVJ6mmwzt4YAxg3+qgDDWm5mlWEgsZqCHwG0n94v7oqCBqY2WQdTJAM3TtKlX2nOPlLEmfLrwqtsS2r3QzLo=]
+5 -1
View File
@@ -14,4 +14,8 @@ profiles::packages::install:
profiles::pki::vault::alt_names:
- cobbler.main.unkin.net
profiles::cobbler::server::service_cname: 'cobbler.main.unkin.net'
profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
profiles::selinux::setenforce::mode: permissive
hiera_classes:
- profiles::selinux::setenforce
+77
View File
@@ -0,0 +1,77 @@
---
profiles::dhcp::server::ntpservers:
- ntp01.main.unkin.net
- ntp02.main.unkin.net
profiles::dhcp::server::interfaces:
- eth0
profiles::dhcp::server::default_lease_time: 1200
profiles::dhcp::server::globaloptions:
- 'arch code 93 = unsigned integer 16'
profiles::dhcp::server::pools:
syd1-prod:
network: 198.18.15.0
mask: 255.255.255.0
range:
- '198.18.15.200 198.18.15.220'
gateway: 198.18.15.254
nameservers:
- 198.18.13.12
- 198.18.13.13
domain_name: main.unkin.net
pxeserver: 198.18.13.27
syd1-test:
network: 198.18.16.0
mask: 255.255.255.0
range:
- '198.18.16.200 198.18.16.220'
gateway: 198.18.16.254
nameservers:
- 198.18.13.12
- 198.18.13.13
domain_name: main.unkin.net
pxeserver: 198.18.13.27
syd1-prod1:
network: 198.18.13.0
mask: 255.255.255.0
range:
- '198.18.13.200 198.18.13.220'
gateway: 198.18.13.254
nameservers:
- 198.18.13.12
- 198.18.13.13
domain_name: main.unkin.net
pxeserver: 198.18.13.27
syd1-prod2:
network: 198.18.14.0
mask: 255.255.255.0
range:
- '198.18.14.200 198.18.14.220'
gateway: 198.18.14.254
nameservers:
- 198.18.13.12
- 198.18.13.13
domain_name: main.unkin.net
pxeserver: 198.18.13.27
drw1-prod:
network: 198.18.17.0
mask: 255.255.255.0
range:
- '198.18.17.200 198.18.17.220'
gateway: 198.18.17.1
nameservers:
- 198.18.17.7
- 198.18.17.8
domain_name: main.unkin.net
pxeserver: 198.18.13.27
# UFI 64-bit
profiles::dhcp::server::classes:
UEFI-64:
parameters:
- 'match if option arch = 00:07 or option arch = 00:09'
- 'filename "/ipxe.efi"'
Legacy:
parameters:
- 'match if option arch = 00:00'
- 'filename "/undionly.kpxe"'
+49 -9
View File
@@ -1,10 +1,50 @@
---
profiles::yum::global::managed_repos:
- 'virt-advanced-virtualization'
- 'storage-ceph-pacific'
- 'cloud-openstack-xena'
- 'messaging-rabbitmq-38'
- 'nfv-openvswitch-2'
- 'opstools-collectd-5'
- 'storage-gluster-10'
- 'virt-ovirt-45'
profiles::yum::global::repos:
centos_8_advanced_virtualization:
name: 'virt-advanced-virtualization'
descr: 'CentOS Advanced Virtualization'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/advancedvirt-common
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
centos_8_ceph_pacific:
name: 'storage-ceph-pacific'
descr: 'CentOS Ceph Pacific'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/ceph-pacific
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
centos_8_rabbitmq_38:
name: 'messaging-rabbitmq-38'
descr: 'CentOS RabbitMQ 38'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/messaging/x86_64/rabbitmq-38
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
centos_8_nfv_openvswitch:
name: 'nfv-openvswitch-2'
descr: 'CentOS NFV OpenvSwitch'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/nfv/x86_64/openvswitch-2
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
centos_8_openstack_xena:
name: 'cloud-openstack-xena'
descr: 'CentOS OpenStack Xena'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/cloud/x86_64/openstack-xena
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
centos_8_opstools:
name: 'opstools-collectd-5'
descr: 'CentOS OpsTools - collectd'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/opstools/x86_64/collectd-5
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
centos_8_ovirt45:
name: 'virt-ovirt-45'
descr: 'CentOS oVirt 4.5'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/ovirt-45
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
centos_8_stream_gluster10:
name: 'storage-gluster-10'
descr: 'CentOS oVirt 4.5 - Glusterfs 10'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/gluster-10
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
+50 -9
View File
@@ -1,17 +1,58 @@
---
profiles::firewall::firewalld::ensure_package: 'installed'
profiles::firewall::firewalld::ensure_service: 'running'
profiles::yum::global::managed_repos:
- 'virt-advanced-virtualization'
- 'storage-ceph-pacific'
- 'cloud-openstack-xena'
- 'messaging-rabbitmq-38'
- 'nfv-openvswitch-2'
- 'opstools-collectd-5'
- 'storage-gluster-10'
- 'virt-ovirt-45'
sudo::purge_ignore:
- '50_vdsm'
- '50_vdsm_hook_ovirt_provider_ovn_hook'
- '60_ovirt-ha'
profiles::yum::global::repos:
centos_8_advanced_virtualization:
name: 'virt-advanced-virtualization'
descr: 'CentOS Advanced Virtualization'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/advancedvirt-common
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
centos_8_ceph_pacific:
name: 'storage-ceph-pacific'
descr: 'CentOS Ceph Pacific'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/ceph-pacific
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
centos_8_rabbitmq_38:
name: 'messaging-rabbitmq-38'
descr: 'CentOS RabbitMQ 38'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/messaging/x86_64/rabbitmq-38
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
centos_8_nfv_openvswitch:
name: 'nfv-openvswitch-2'
descr: 'CentOS NFV OpenvSwitch'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/nfv/x86_64/openvswitch-2
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
centos_8_openstack_xena:
name: 'cloud-openstack-xena'
descr: 'CentOS OpenStack Xena'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/cloud/x86_64/openstack-xena
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
centos_8_opstools:
name: 'opstools-collectd-5'
descr: 'CentOS OpsTools - collectd'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/opstools/x86_64/collectd-5
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
centos_8_ovirt45:
name: 'virt-ovirt-45'
descr: 'CentOS oVirt 4.5'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/ovirt-45
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
centos_8_stream_gluster10:
name: 'storage-gluster-10'
descr: 'CentOS oVirt 4.5 - Glusterfs 10'
target: /etc/yum.repos.d/ovirt.repo
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/gluster-10
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
+4
View File
@@ -0,0 +1,4 @@
---
postgresql_config_entries:
max_connections: 300
shared_buffers: '256MB'
+19 -3
View File
@@ -1,11 +1,27 @@
---
profiles::sql::galera_member::cluster_name: galera01
profiles::sql::galera_member::galera_master: prodinf01n29.main.unkin.net
profiles::sql::galera_member::configure_firewall: false
profiles::sql::galera_member::wsrep_sst_method: rsync
profiles::sql::galera_member::galera_members_lookup: true
profiles::sql::galera_member::galera_members_role: roles::infra::sql::galera
profiles::sql::galera_member::datadir: /data/mariadb
profiles::sql::galera_member::innodb_buffer_pool_size: 256M
profiles::sql::galera_member::innodb_file_per_table: 1
profiles::sql::galera_member::package_name: mariadb-galera-server
consul::services:
mariadb:
service_name: "mariadb-%{facts.environment}"
tags:
- 'database'
- 'mariadb'
address: "%{facts.networking.ip}"
port: 3306
checks:
- id: 'mariadb_tcp_check'
name: 'MariaDB TCP Check'
tcp: "%{facts.networking.ip}:3306"
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: "mariadb-%{facts.environment}"
disposition: write
+27
View File
@@ -18,6 +18,7 @@ profiles::consul::server::acl:
tokens:
initial_management: "%{alias('profiles::consul::server::acl_tokens_initial_management')}"
default: "%{alias('profiles::consul::server::acl_tokens_default')}"
replication: "%{alias('profiles::consul::server::acl_tokens_replication')}"
# additional altnames
profiles::pki::vault::alt_names:
@@ -32,3 +33,29 @@ profiles::nginx::simpleproxy::nginx_aliases:
- consul.main.unkin.net
profiles::nginx::simpleproxy::proxy_port: 8500
profiles::nginx::simpleproxy::proxy_path: '/'
profiles::consul::prepared_query::rules:
vault:
ensure: 'present'
service_name: 'vault'
service_failover_n: 3
service_only_passing: true
ttl: 10
puppet:
ensure: 'present'
service_name: 'puppet'
service_failover_n: 3
service_only_passing: true
ttl: 10
puppetca:
ensure: 'present'
service_name: 'puppetca'
service_failover_n: 3
service_only_passing: true
ttl: 10
edgecache:
ensure: 'present'
service_name: 'edgecache'
service_failover_n: 3
service_only_passing: true
ttl: 10
@@ -0,0 +1,120 @@
---
consul::services:
edgecache:
service_name: 'edgecache'
tags:
- 'cache'
- 'edge'
address: "%{facts.networking.ip}"
port: 443
checks:
- id: 'edgecache_https_check'
name: 'EdgeCache HTTPS Check'
http: "https://%{facts.networking.fqdn}"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: edgecache
disposition: write
# additional altnames
profiles::pki::vault::alt_names:
- edgecache.service.consul
- edgecache.query.consul
profiles::edgecache::params::nginx_resolvers_enable: true
profiles::edgecache::params::nginx_resolvers_ipv4only: true
profiles::edgecache::params::nginx_listen_mode: both
profiles::edgecache::params::nginx_cert_type: vault
profiles::edgecache::params::nginx_aliases:
- edgecache.service.consul
- edgecache.query.consul
profiles::edgecache::params::directories:
/data/edgecache: { owner: root, group: root }
/data/edgecache/pub: { owner: nginx, group: nginx }
/data/edgecache/pub/centos: { owner: nginx, group: nginx }
/data/edgecache/pub/almalinux: { owner: nginx, group: nginx }
/data/edgecache/pub/debian: { owner: nginx, group: nginx }
/data/edgecache/pub/epel: { owner: nginx, group: nginx }
/data/edgecache/pub/postgres: { owner: nginx, group: nginx }
/data/edgecache/pub/postgres/apt: { owner: nginx, group: nginx }
/data/edgecache/pub/postgres/yum: { owner: nginx, group: nginx }
profiles::edgecache::params::mirrors:
debian:
ensure: present
location: /debian
proxy: http://mirror.gsl.icu
debian_pool:
ensure: present
location: /debian/pool
proxy: http://mirror.gsl.icu
proxy_cache: cache
proxy_cache_valid:
- '200 302 1440h'
- '404 1m'
centos_repodata:
ensure: present
location: '~* ^/centos/.*/repodata/'
proxy: http://gsl-syd.mm.fcix.net
centos_data:
ensure: present
location: /centos
proxy: http://gsl-syd.mm.fcix.net
proxy_cache: cache
proxy_cache_valid:
- '200 302 1440h'
- '404 1m'
almalinux_repodata:
ensure: present
location: '~* ^/almalinux/.*/repodata/'
proxy: http://gsl-syd.mm.fcix.net
almalinux_data:
ensure: present
location: /almalinux
proxy: http://gsl-syd.mm.fcix.net
proxy_cache: cache
proxy_cache_valid:
- '200 302 1440h'
- '404 1m'
epel_repodata:
ensure: present
location: '~* ^/epel/.*/repodata/'
proxy: http://gsl-syd.mm.fcix.net
epel_data:
ensure: present
location: /epel
proxy: http://gsl-syd.mm.fcix.net
proxy_cache: cache
proxy_cache_valid:
- '200 302 1440h'
- '404 1m'
postgres_yum_repodata:
ensure: present
location: '~* ^/postgres/yum/.*/repodata/'
rewrite_rules:
- '^/postgres/yum/(.*)$ /pub/repos/yum/$1 break'
proxy: https://download.postgresql.org
postgres_yum_data:
ensure: present
location: /postgres/yum
proxy: https://download.postgresql.org/pub/repos/yum
proxy_cache: cache
proxy_cache_valid:
- '200 302 1440h'
- '404 1m'
postgres_apt:
ensure: present
location: /postgres/apt
proxy: https://download.postgresql.org/pub/repos/apt
postgres_apt_pool:
ensure: present
location: /postgres/apt/pool
proxy: https://download.postgresql.org/pub/repos/apt/pool
proxy_cache: cache
proxy_cache_valid:
- '200 302 1440h'
- '404 1m'