feat: manage puppet/puppetca consul services

- add puppet service
- add puppetca service
- add ability to write to puppet/puppetca service in consul
- add puppet.(query,service).consul to dns_alt_names of all masters
- add puppetca.(query,service).consul to dns_alt_names of puppetca
This commit is contained in:
2024-05-03 22:16:20 +10:00
parent df8a55c3dd
commit fe296d52d9
4 changed files with 57 additions and 8 deletions
+34
View File
@@ -36,3 +36,37 @@ profiles::helpers::certmanager::vault_config:
role_name: 'servers_default'
output_path: '/tmp/certmanager'
role_id: "%{lookup('certmanager::role_id')}"
profiles::puppet::server::dns_alt_names:
- "%{facts.networking.fqdn}"
- "%{facts.networking.hostname}"
- puppetmaster.main.unkin.net
- puppet.main.unkin.net
- puppet.service.consul
- puppet.query.consul
- puppetmaster
- puppet
consul::services:
puppet:
service_name: 'puppet'
tags:
- 'puppet'
- 'master'
address: "%{facts.networking.ip}"
port: 8140
checks:
- id: 'puppet_https_check'
name: 'Puppet HTTPS Check'
http: "https://%{facts.networking.fqdn}:8140/status/v1/simple"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: puppet
disposition: write
- resource: service
segment: puppetca
disposition: write