Merge branch 'develop' into neoloc/syd1_puppetdb
This commit is contained in:
@@ -1,2 +1,2 @@
|
||||
---
|
||||
profiles::cobbler::server::default_password_crypted: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJidO18dSzKXgDEvFhigrDmiMTW+D7obTCZVAvl0JzQ6nqRdnh6Xa+j+yc7YzYtCg9VH60vfcutHFGhJptlMbTQq3vSUoF9ylgTutaW/to4T8jb8gBqK1n7b+devEQh4soJtOdAPSidCX4aqsP9dK3I8IijNWMABz59usGbY6oWedmC4865PBcxyIu3phWynNULTXPBEAqdXAutkh4N3P1ydFk3eARCVS3uWo7zaXVsu4vIkjYRDCUyFXBWb12L/NmQ2EhGwckPwgX/rcKRL9r49GxQTLBHJ5MoHQanwoiRw+5Tz3qLW69z+hk91VpnpkZgANc081rmhdyp6qmuIAVDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBiDUwXVJ6mmwzt4YAxg3+qgDDWm5mlWEgsZqCHwG0n94v7oqCBqY2WQdTJAM3TtKlX2nOPlLEmfLrwqtsS2r3QzLo=]
|
||||
profiles::cobbler::params::default_password_crypted: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJidO18dSzKXgDEvFhigrDmiMTW+D7obTCZVAvl0JzQ6nqRdnh6Xa+j+yc7YzYtCg9VH60vfcutHFGhJptlMbTQq3vSUoF9ylgTutaW/to4T8jb8gBqK1n7b+devEQh4soJtOdAPSidCX4aqsP9dK3I8IijNWMABz59usGbY6oWedmC4865PBcxyIu3phWynNULTXPBEAqdXAutkh4N3P1ydFk3eARCVS3uWo7zaXVsu4vIkjYRDCUyFXBWb12L/NmQ2EhGwckPwgX/rcKRL9r49GxQTLBHJ5MoHQanwoiRw+5Tz3qLW69z+hk91VpnpkZgANc081rmhdyp6qmuIAVDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBiDUwXVJ6mmwzt4YAxg3+qgDDWm5mlWEgsZqCHwG0n94v7oqCBqY2WQdTJAM3TtKlX2nOPlLEmfLrwqtsS2r3QzLo=]
|
||||
|
||||
@@ -14,4 +14,8 @@ profiles::packages::install:
|
||||
profiles::pki::vault::alt_names:
|
||||
- cobbler.main.unkin.net
|
||||
|
||||
profiles::cobbler::server::service_cname: 'cobbler.main.unkin.net'
|
||||
profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
|
||||
profiles::selinux::setenforce::mode: permissive
|
||||
|
||||
hiera_classes:
|
||||
- profiles::selinux::setenforce
|
||||
|
||||
@@ -0,0 +1,77 @@
|
||||
---
|
||||
profiles::dhcp::server::ntpservers:
|
||||
- ntp01.main.unkin.net
|
||||
- ntp02.main.unkin.net
|
||||
profiles::dhcp::server::interfaces:
|
||||
- eth0
|
||||
profiles::dhcp::server::default_lease_time: 1200
|
||||
profiles::dhcp::server::globaloptions:
|
||||
- 'arch code 93 = unsigned integer 16'
|
||||
|
||||
profiles::dhcp::server::pools:
|
||||
syd1-prod:
|
||||
network: 198.18.15.0
|
||||
mask: 255.255.255.0
|
||||
range:
|
||||
- '198.18.15.200 198.18.15.220'
|
||||
gateway: 198.18.15.254
|
||||
nameservers:
|
||||
- 198.18.13.12
|
||||
- 198.18.13.13
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.13.27
|
||||
syd1-test:
|
||||
network: 198.18.16.0
|
||||
mask: 255.255.255.0
|
||||
range:
|
||||
- '198.18.16.200 198.18.16.220'
|
||||
gateway: 198.18.16.254
|
||||
nameservers:
|
||||
- 198.18.13.12
|
||||
- 198.18.13.13
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.13.27
|
||||
syd1-prod1:
|
||||
network: 198.18.13.0
|
||||
mask: 255.255.255.0
|
||||
range:
|
||||
- '198.18.13.200 198.18.13.220'
|
||||
gateway: 198.18.13.254
|
||||
nameservers:
|
||||
- 198.18.13.12
|
||||
- 198.18.13.13
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.13.27
|
||||
syd1-prod2:
|
||||
network: 198.18.14.0
|
||||
mask: 255.255.255.0
|
||||
range:
|
||||
- '198.18.14.200 198.18.14.220'
|
||||
gateway: 198.18.14.254
|
||||
nameservers:
|
||||
- 198.18.13.12
|
||||
- 198.18.13.13
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.13.27
|
||||
drw1-prod:
|
||||
network: 198.18.17.0
|
||||
mask: 255.255.255.0
|
||||
range:
|
||||
- '198.18.17.200 198.18.17.220'
|
||||
gateway: 198.18.17.1
|
||||
nameservers:
|
||||
- 198.18.17.7
|
||||
- 198.18.17.8
|
||||
domain_name: main.unkin.net
|
||||
pxeserver: 198.18.13.27
|
||||
|
||||
# UFI 64-bit
|
||||
profiles::dhcp::server::classes:
|
||||
UEFI-64:
|
||||
parameters:
|
||||
- 'match if option arch = 00:07 or option arch = 00:09'
|
||||
- 'filename "/ipxe.efi"'
|
||||
Legacy:
|
||||
parameters:
|
||||
- 'match if option arch = 00:00'
|
||||
- 'filename "/undionly.kpxe"'
|
||||
@@ -1,10 +1,50 @@
|
||||
---
|
||||
profiles::yum::global::managed_repos:
|
||||
- 'virt-advanced-virtualization'
|
||||
- 'storage-ceph-pacific'
|
||||
- 'cloud-openstack-xena'
|
||||
- 'messaging-rabbitmq-38'
|
||||
- 'nfv-openvswitch-2'
|
||||
- 'opstools-collectd-5'
|
||||
- 'storage-gluster-10'
|
||||
- 'virt-ovirt-45'
|
||||
profiles::yum::global::repos:
|
||||
centos_8_advanced_virtualization:
|
||||
name: 'virt-advanced-virtualization'
|
||||
descr: 'CentOS Advanced Virtualization'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/advancedvirt-common
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||
centos_8_ceph_pacific:
|
||||
name: 'storage-ceph-pacific'
|
||||
descr: 'CentOS Ceph Pacific'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/ceph-pacific
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||
centos_8_rabbitmq_38:
|
||||
name: 'messaging-rabbitmq-38'
|
||||
descr: 'CentOS RabbitMQ 38'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/messaging/x86_64/rabbitmq-38
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
|
||||
centos_8_nfv_openvswitch:
|
||||
name: 'nfv-openvswitch-2'
|
||||
descr: 'CentOS NFV OpenvSwitch'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/nfv/x86_64/openvswitch-2
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
|
||||
centos_8_openstack_xena:
|
||||
name: 'cloud-openstack-xena'
|
||||
descr: 'CentOS OpenStack Xena'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/cloud/x86_64/openstack-xena
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
|
||||
centos_8_opstools:
|
||||
name: 'opstools-collectd-5'
|
||||
descr: 'CentOS OpsTools - collectd'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/opstools/x86_64/collectd-5
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
|
||||
centos_8_ovirt45:
|
||||
name: 'virt-ovirt-45'
|
||||
descr: 'CentOS oVirt 4.5'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/ovirt-45
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||
centos_8_stream_gluster10:
|
||||
name: 'storage-gluster-10'
|
||||
descr: 'CentOS oVirt 4.5 - Glusterfs 10'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/gluster-10
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||
|
||||
@@ -1,17 +1,58 @@
|
||||
---
|
||||
profiles::firewall::firewalld::ensure_package: 'installed'
|
||||
profiles::firewall::firewalld::ensure_service: 'running'
|
||||
profiles::yum::global::managed_repos:
|
||||
- 'virt-advanced-virtualization'
|
||||
- 'storage-ceph-pacific'
|
||||
- 'cloud-openstack-xena'
|
||||
- 'messaging-rabbitmq-38'
|
||||
- 'nfv-openvswitch-2'
|
||||
- 'opstools-collectd-5'
|
||||
- 'storage-gluster-10'
|
||||
- 'virt-ovirt-45'
|
||||
|
||||
sudo::purge_ignore:
|
||||
- '50_vdsm'
|
||||
- '50_vdsm_hook_ovirt_provider_ovn_hook'
|
||||
- '60_ovirt-ha'
|
||||
|
||||
profiles::yum::global::repos:
|
||||
centos_8_advanced_virtualization:
|
||||
name: 'virt-advanced-virtualization'
|
||||
descr: 'CentOS Advanced Virtualization'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/advancedvirt-common
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||
centos_8_ceph_pacific:
|
||||
name: 'storage-ceph-pacific'
|
||||
descr: 'CentOS Ceph Pacific'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/ceph-pacific
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||
centos_8_rabbitmq_38:
|
||||
name: 'messaging-rabbitmq-38'
|
||||
descr: 'CentOS RabbitMQ 38'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/messaging/x86_64/rabbitmq-38
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
|
||||
centos_8_nfv_openvswitch:
|
||||
name: 'nfv-openvswitch-2'
|
||||
descr: 'CentOS NFV OpenvSwitch'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/nfv/x86_64/openvswitch-2
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
|
||||
centos_8_openstack_xena:
|
||||
name: 'cloud-openstack-xena'
|
||||
descr: 'CentOS OpenStack Xena'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/cloud/x86_64/openstack-xena
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
|
||||
centos_8_opstools:
|
||||
name: 'opstools-collectd-5'
|
||||
descr: 'CentOS OpsTools - collectd'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/opstools/x86_64/collectd-5
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
|
||||
centos_8_ovirt45:
|
||||
name: 'virt-ovirt-45'
|
||||
descr: 'CentOS oVirt 4.5'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/virt/x86_64/ovirt-45
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||
centos_8_stream_gluster10:
|
||||
name: 'storage-gluster-10'
|
||||
descr: 'CentOS oVirt 4.5 - Glusterfs 10'
|
||||
target: /etc/yum.repos.d/ovirt.repo
|
||||
baseurl: https://edgecache.query.consul/centos/8-stream/storage/x86_64/gluster-10
|
||||
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
postgresql_config_entries:
|
||||
max_connections: 300
|
||||
shared_buffers: '256MB'
|
||||
@@ -1,11 +1,27 @@
|
||||
---
|
||||
profiles::sql::galera_member::cluster_name: galera01
|
||||
profiles::sql::galera_member::galera_master: prodinf01n29.main.unkin.net
|
||||
profiles::sql::galera_member::configure_firewall: false
|
||||
profiles::sql::galera_member::wsrep_sst_method: rsync
|
||||
profiles::sql::galera_member::galera_members_lookup: true
|
||||
profiles::sql::galera_member::galera_members_role: roles::infra::sql::galera
|
||||
profiles::sql::galera_member::datadir: /data/mariadb
|
||||
profiles::sql::galera_member::innodb_buffer_pool_size: 256M
|
||||
profiles::sql::galera_member::innodb_file_per_table: 1
|
||||
profiles::sql::galera_member::package_name: mariadb-galera-server
|
||||
|
||||
consul::services:
|
||||
mariadb:
|
||||
service_name: "mariadb-%{facts.environment}"
|
||||
tags:
|
||||
- 'database'
|
||||
- 'mariadb'
|
||||
address: "%{facts.networking.ip}"
|
||||
port: 3306
|
||||
checks:
|
||||
- id: 'mariadb_tcp_check'
|
||||
name: 'MariaDB TCP Check'
|
||||
tcp: "%{facts.networking.ip}:3306"
|
||||
interval: '10s'
|
||||
timeout: '1s'
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: service
|
||||
segment: "mariadb-%{facts.environment}"
|
||||
disposition: write
|
||||
|
||||
@@ -18,6 +18,7 @@ profiles::consul::server::acl:
|
||||
tokens:
|
||||
initial_management: "%{alias('profiles::consul::server::acl_tokens_initial_management')}"
|
||||
default: "%{alias('profiles::consul::server::acl_tokens_default')}"
|
||||
replication: "%{alias('profiles::consul::server::acl_tokens_replication')}"
|
||||
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
@@ -32,3 +33,29 @@ profiles::nginx::simpleproxy::nginx_aliases:
|
||||
- consul.main.unkin.net
|
||||
profiles::nginx::simpleproxy::proxy_port: 8500
|
||||
profiles::nginx::simpleproxy::proxy_path: '/'
|
||||
|
||||
profiles::consul::prepared_query::rules:
|
||||
vault:
|
||||
ensure: 'present'
|
||||
service_name: 'vault'
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
puppet:
|
||||
ensure: 'present'
|
||||
service_name: 'puppet'
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
puppetca:
|
||||
ensure: 'present'
|
||||
service_name: 'puppetca'
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
edgecache:
|
||||
ensure: 'present'
|
||||
service_name: 'edgecache'
|
||||
service_failover_n: 3
|
||||
service_only_passing: true
|
||||
ttl: 10
|
||||
|
||||
@@ -0,0 +1,120 @@
|
||||
---
|
||||
consul::services:
|
||||
edgecache:
|
||||
service_name: 'edgecache'
|
||||
tags:
|
||||
- 'cache'
|
||||
- 'edge'
|
||||
address: "%{facts.networking.ip}"
|
||||
port: 443
|
||||
checks:
|
||||
- id: 'edgecache_https_check'
|
||||
name: 'EdgeCache HTTPS Check'
|
||||
http: "https://%{facts.networking.fqdn}"
|
||||
method: 'GET'
|
||||
tls_skip_verify: true
|
||||
interval: '10s'
|
||||
timeout: '1s'
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: service
|
||||
segment: edgecache
|
||||
disposition: write
|
||||
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
- edgecache.service.consul
|
||||
- edgecache.query.consul
|
||||
|
||||
profiles::edgecache::params::nginx_resolvers_enable: true
|
||||
profiles::edgecache::params::nginx_resolvers_ipv4only: true
|
||||
profiles::edgecache::params::nginx_listen_mode: both
|
||||
profiles::edgecache::params::nginx_cert_type: vault
|
||||
profiles::edgecache::params::nginx_aliases:
|
||||
- edgecache.service.consul
|
||||
- edgecache.query.consul
|
||||
profiles::edgecache::params::directories:
|
||||
/data/edgecache: { owner: root, group: root }
|
||||
/data/edgecache/pub: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/centos: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/almalinux: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/debian: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/epel: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/postgres: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/postgres/apt: { owner: nginx, group: nginx }
|
||||
/data/edgecache/pub/postgres/yum: { owner: nginx, group: nginx }
|
||||
|
||||
profiles::edgecache::params::mirrors:
|
||||
debian:
|
||||
ensure: present
|
||||
location: /debian
|
||||
proxy: http://mirror.gsl.icu
|
||||
debian_pool:
|
||||
ensure: present
|
||||
location: /debian/pool
|
||||
proxy: http://mirror.gsl.icu
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
centos_repodata:
|
||||
ensure: present
|
||||
location: '~* ^/centos/.*/repodata/'
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
centos_data:
|
||||
ensure: present
|
||||
location: /centos
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
almalinux_repodata:
|
||||
ensure: present
|
||||
location: '~* ^/almalinux/.*/repodata/'
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
almalinux_data:
|
||||
ensure: present
|
||||
location: /almalinux
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
epel_repodata:
|
||||
ensure: present
|
||||
location: '~* ^/epel/.*/repodata/'
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
epel_data:
|
||||
ensure: present
|
||||
location: /epel
|
||||
proxy: http://gsl-syd.mm.fcix.net
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
postgres_yum_repodata:
|
||||
ensure: present
|
||||
location: '~* ^/postgres/yum/.*/repodata/'
|
||||
rewrite_rules:
|
||||
- '^/postgres/yum/(.*)$ /pub/repos/yum/$1 break'
|
||||
proxy: https://download.postgresql.org
|
||||
postgres_yum_data:
|
||||
ensure: present
|
||||
location: /postgres/yum
|
||||
proxy: https://download.postgresql.org/pub/repos/yum
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
postgres_apt:
|
||||
ensure: present
|
||||
location: /postgres/apt
|
||||
proxy: https://download.postgresql.org/pub/repos/apt
|
||||
postgres_apt_pool:
|
||||
ensure: present
|
||||
location: /postgres/apt/pool
|
||||
proxy: https://download.postgresql.org/pub/repos/apt/pool
|
||||
proxy_cache: cache
|
||||
proxy_cache_valid:
|
||||
- '200 302 1440h'
|
||||
- '404 1m'
|
||||
Reference in New Issue
Block a user