unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
1,129 Commits 17 Branches 0 Tags 2.9 MiB
develop
Commit Graph

595 Commits

Author SHA1 Message Date
Ben Vincent
0e64c9855a feat: add vmcluster module (#363) 
- manage vmstorage package, service and environment file
- manage vmselect package, service and environment file
- manage vminsert package, service and environment file
- manage vmagent package, service and environment file
- manage options for vmstorage, vmselect, vminsert, vmagent role

Reviewed-on: #363
 2025-07-26 18:17:20 +10:00
Ben Vincent
3cfafbac44 feat: enable ceph on k8s nodes (#362) 
- enable enough ceph/frr to join to cephfs
- notify sshd when restarting the network
- update ssh principals to include all ssh interfaces

Reviewed-on: #362
 2025-07-19 20:30:46 +10:00
Ben Vincent
c5c40c3bfd chore: cleanup old physicals (#361) 
- cleanup old nodes to redeploy them

Reviewed-on: #361
 2025-07-15 22:34:46 +10:00
Ben Vincent
98f1961a07 benvin/ceph_common (#360) 
Reviewed-on: #360
 2025-07-15 20:38:39 +10:00
Ben Vincent
eb1ada8ea5 fix: duplicate declatation (#359) 
- only install ceph-common once

Reviewed-on: #359
 2025-07-15 20:31:09 +10:00
Ben Vincent
ec3e42901a feat: add basic k8s node role (#358) 
- update prodnxsr0001-8 to use networkd
- add basic k8s node role

Reviewed-on: #358
 2025-07-15 20:18:17 +10:00
Ben Vincent
e905afcab0 chore: cleanup hieradata/nodes (#357) 
- cleanup decommed nodes
- remove unneccessary node data

Reviewed-on: #357
 2025-07-13 21:40:32 +10:00
Ben Vincent
de6e7d0ba9 feat: add vmagent role (#356) 
- add vmagent role for vicmet

Reviewed-on: #356
 2025-07-13 17:20:58 +10:00
Ben Vincent
780a97dfe4 feat: add new cobbler master (#355) 
- change cobbler.main.unkin.net to 2098

Reviewed-on: #355
 2025-07-12 20:31:43 +10:00
Ben Vincent
ccda327c7a gchore: cleanup old vms (#352) 
- remove ntp01/ntp02
- remove old gitea
- remove mariadb galera vms

Reviewed-on: #352
 2025-07-09 21:18:23 +10:00
Ben Vincent
acef1bde29 feat: move puppetca role (#351) 
- move puppetca from vm to lxd

Reviewed-on: #351
 2025-07-09 21:15:09 +10:00
Ben Vincent
7d87e11e79 feat: add victoria metrics roles (#350) 
- add vmstorage, vmselect and vminsert roles
- base roles, only adding packages
- preparation for standing up a vicmet cluster

Reviewed-on: #350
 2025-07-08 20:34:46 +10:00
Ben Vincent
be02d3d150 feat: migrate to external ntp (#349) 
- removing ntp vms from proxmox
- redirect ntp to external time sources

Reviewed-on: #349
 2025-07-07 20:27:02 +10:00
Ben Vincent
2d9faf578f feat: add unkin.net domain (#347) 
- manage the unkin.net domain
- ensure forwarding for unkin.net
- split domain from cname list and set zone correctly
- add fafflix to cnames list for haproxy2

Reviewed-on: #347
 2025-07-06 20:02:20 +10:00
Ben Vincent
73362a3bf9 feat: add stick tables for gitea (#345) 
- stick tables are required for docker authentication

Reviewed-on: #345
 2025-07-06 14:42:14 +10:00
Ben Vincent
0063f68bc6 feat: enable external access to gitea (#344) 
- add git.unkin.net to certbot
- export haproxy resources for gitea
- add be_gitea to haproxy, import the certbot cert
- update the ROOT_URL for gitea instances

Reviewed-on: #344
 2025-07-06 13:47:56 +10:00
Ben Vincent
372d99893a core: fix ROOT_URL (#343) 
- root_url is used for docker authentication
- access to git.unkin.net is not yet ready

Reviewed-on: https://git.query.consul/unkin/puppet-prod/pulls/343
 2025-07-06 13:20:27 +10:00
Ben Vincent
620339f69d chore: cleanup hieradata/nodes (#341) 
- remove all node hiera data for decommed hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/341
 2025-07-06 12:23:22 +10:00
Ben Vincent
2317d0af59 feat: expose gitea metrics (#340) 
- add a gitea-metrics service to consul
- tag as metrics for victoria metrics
- check the /metrics endpoint (bypass nginx)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/340
 2025-07-06 12:01:57 +10:00
Ben Vincent
cf0ff85b70 fix: manage git user (#339) 
- prevent different gid/uid for git users when deploying cluster
- only add sudo conf when sudo_rules is a list

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/339
 2025-07-06 11:27:35 +10:00
Ben Vincent
359ce101f1 feat: add indexer for git (#338) 
- reuse the database for the indexer

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/338
 2025-07-05 17:12:38 +10:00
Ben Vincent
b6c959d368 feat: use redis for cache/queue (#337) 
- use gitea redis cluster for queue/cache
- use redis+sentinel url (pass required for redis and sentinel)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/337
 2025-07-05 16:42:01 +10:00
Ben Vincent
b976f2063a feat: deploy redis for git (#336) 
- deploy redis/sentinel ha cluster for git
- update redis to 7 (required for almalinux 9)
- enable requirepass/masterauth

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/336
 2025-07-05 15:51:28 +10:00
Ben Vincent
93049707e7 benvin/gitea_cluster (#335) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/335
 2025-07-05 14:49:56 +10:00
Ben Vincent
a9faa098ee benvin/grafana_postgres (#334) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/334
 2025-07-01 19:07:24 +10:00
Ben Vincent
61d912de30 feat: update password for grafana service account (#333) 
- updated grafana password

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/333
 2025-06-30 20:22:18 +10:00
Ben Vincent
aab3eaf9e7 feat: add grafana service to ldap (#331) 
- add grafana service account for binding
- add grafana_user group
- add users to group

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/331
 2025-06-30 19:17:56 +10:00
Ben Vincent
49ff7cc3ab feat: add toml puppet gem (#329) 
- required for ldap support in grafana

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/329
 2025-06-30 19:02:37 +10:00
Ben Vincent
d1e63ad18b feat: add shared pgsql instance (#328) 
- add shared pgsql instance
- use patroni

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/328
 2025-06-29 17:25:59 +10:00
Ben Vincent
99b312669b benvin/dhcp_failover (#327) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/327
 2025-06-29 13:36:16 +10:00
Ben Vincent
3bb2a5dbad fix: enable health check from haproxy2 (#324) 
- tactical fix: enable dmz subnets container access to health url

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/324
 2025-06-28 17:04:25 +10:00
Ben Vincent
0ce6e95f2d chore: cleanup removed hosts (#323) 
- remove 1018, 1031, 1032, 1033

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/323
 2025-06-28 16:28:03 +10:00
Ben Vincent
770fd643ac feat: add haproxy2 role (#322) 
- add basic haproxy2 role
- add peers and resolvers
- add haproxy2+ metrics frontend

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/322
 2025-06-28 16:20:06 +10:00
Ben Vincent
bd9e08dc24 feat: cleanup hieranodes settings (#321) 
- migrate hieranodes values to roles yaml
- rename anycast ip keys to be similar

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/321
 2025-06-21 23:16:34 +10:00
Ben Vincent
ae57e0e81c feat: add openvox repos to reposync (#319) 
- add el8/9/10 for openvox7/8

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/319
 2025-06-19 06:06:41 +10:00
Ben Vincent
cb1d562cb0 feat: migrate pupeptdb sql to patroni (#318) 
- change puppetdb::sql to using the patroni profile
- change puppetdb::api to use new patroni cluster
- remove references to puppetlabs-puppetdb managed database
- update consul rules to enable sessions

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/318
 2025-06-19 05:52:32 +10:00
Ben Vincent
26b908e5e7 feat: add node_pools (#317) 
- change agentv2 to common node_pool
- set default node_pool to default

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/317
 2025-06-15 17:43:19 +10:00
Ben Vincent
a47c6155b8 feat: use fqdn in host_volumes (#316) 
- fix hard-coded message

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/316
 2025-06-15 17:34:03 +10:00
Ben Vincent
1cbc1be808 feat: add host_volumes to nomad (#315) 
- add puppet client certs
- add tls-ca-bundle

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/315
 2025-06-14 19:37:50 +10:00
Ben Vincent
60834ced00 feat: nomad cni additions (#314) 
- add consul-cni package
- enable grpc for consul servers
- enable consul connect for consul servers
- set recursors for consul
- add ports to consul agent (grpc, dns, http for nomad)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/314
 2025-06-14 18:47:24 +10:00
Ben Vincent
890e9670f3 chore: update the consul service name (#313) 
- update the name for the packagerepo service
- was copy/pasted from jupyterhub

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/313
 2025-06-09 14:46:16 +10:00
Ben Vincent
1fb46b5ab6 chore: use packagerepo for epel (#310) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/310
 2025-06-09 10:24:56 +10:00
Ben Vincent
66fdd7b615 feat: update incus image host to run on incus (#309) 
- remove zfs
- remove some sysctl values
- remove memlocks from limits
- install iptables, required for creating bridges

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/309
 2025-06-08 22:58:44 +10:00
Ben Vincent
f43d5f685b feat: update reposync repos (#308) 
- remove almalinux 9.4
- add almalinux 9.6
- add epel 8 and 9
- update mssql
- add k8s 1.33

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/308
 2025-06-01 18:20:10 +10:00
Ben Vincent
bb2f59621a feat: split reposync into two roles (#307) 
- reposync and packagerepo web service
- change backing datastore to be cephfs /shared/app/packagerepo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/307
 2025-06-01 11:33:44 +10:00
Ben Vincent
1df11b8977 chore: migrate certbot webserver (#306) 
- ausyd1nxvm1021 is decommed
- new source is ausyd1nxvm2057

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/306
 2025-05-31 16:22:59 +10:00
Ben Vincent
10f2dc7047 feat: cleanup removed hosts (#305) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/305
 2025-05-31 14:26:16 +10:00
Ben Vincent
1a904af2ee feat: change g10k to use a package (#304) 
- the archive path is no longer valid
- produced a g10k rpm with rpmbuilder

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/304
 2025-05-31 13:51:51 +10:00
Ben Vincent
ed1a4f6488 fix: missed address in consul service (#303) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/303
 2025-05-30 23:27:44 +10:00
Ben Vincent
bdd833fa4e feat: create basic k8s roles to start deployment (#302) 
- just create roles so can deploy hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/302
 2025-05-30 23:21:02 +10:00
Ben Vincent
c10a3e49fa chore: add new user (#301) 
- just jelly access

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/301
 2025-05-28 19:46:45 +10:00
Ben Vincent
3d5d40f381 chore: minor jellyfin updates (#300) 
- add jellyfin to video group, for access to gpu
- install intel related gpu drivers
- export lxc jellyfin to haproxy

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/300
 2025-05-27 19:55:55 +10:00
Ben Vincent
b3347f9226 chore: migrate media applications (#299) 
- migrate media applications to new cephfs pool + incus
- enable exporting haproxy
- move ceph-client-setup to only apply to non-lxc hosts
- ensure unrar is installed for nzbget
- updated jellyfin use of data_dir
- set lxc instances for jellyfin to use /shared/apps/jellyfin

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/299
 2025-05-25 20:27:17 +10:00
Ben Vincent
1d23fef82e feat: update settings for ceph (#298) 
- enable root logins via ssh with keys
- add ssh key for ceph to root user

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/298
 2025-05-25 20:22:00 +10:00
Ben Vincent
596e498a00 feat: change media arr apps to hiera_include (#296) 
- change profiles::media::* to be hiera_included
- this is required to enable it to be hiera_excluded on virtual == lxc

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/296
 2025-05-24 20:23:56 +10:00
Ben Vincent
f6694599ef benvin/media_apps_incus (#295) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/295
 2025-05-24 20:18:23 +10:00
Ben Vincent
93cd02deec chore: update media roles for incus (#294) 
- prevent incus roles from exporting haproxy endpoints (for now)
- incus doesnt need to mount cephfs

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/294
 2025-05-24 18:59:46 +10:00
Ben Vincent
520e8a34e0 feat: add a nomad agent v2 role (#293) 
- excludes ceph (will be passed from incus)
- excludes frrouting (will use host-networking)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/293
 2025-05-24 15:35:20 +10:00
Ben Vincent
89a0f329d8 feat: update vault url (#291) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/291
 2025-05-21 19:58:12 +10:00
Ben Vincent
6dcc7343e0 feat: updated ceph ssh authorized_key (#290) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/290
 2025-05-17 14:05:25 +10:00
Ben Vincent
e7d4c75192 feat: enable ssh access to enp3s0 (#289) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/289
 2025-05-17 13:50:35 +10:00
Ben Vincent
d9e8637ad6 feat: manage more ceph requirements (#288) 
- add ceph-common to provide utilities for managing ceph
- add root and sysadmin ssh keys for ceph deployments

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/288
 2025-05-17 11:14:45 +10:00
Ben Vincent
92f0ae64b9 feat: enable ssh on all loopbacks (#287) 
- required for cephadm to manage roles

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/287
 2025-05-16 07:05:31 +10:00
Ben Vincent
c1637d9f43 feat: add cephadm to incus hosts (#286) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/286
 2025-05-16 05:56:28 +10:00
Ben Vincent
1aabe21173 feat: manage mon loopback0 (#285) 
- add frrouting
- set all ceph nodes to use ospf + loopback0 + networkd
- fix ceph repos for mons

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/285
 2025-05-15 19:46:59 +10:00
Ben Vincent
2f088c461f feat: add ceph roles (#284) 
- add hieradata to manage ceph repo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/284
 2025-05-15 19:29:53 +10:00
Ben Vincent
90504e5b02 chore: use alias for nameservers (#283) 
- use an alias for nameservers for dhcp ranges
- move aliased nameservers to region-wide hiera

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/283
 2025-05-14 20:19:18 +10:00
Ben Vincent
87a6c73578 neoloc/loopback_dns (#281) 
- manage all interfaces in dns (except lo and anycast)
- move loopback0 anycast addresses to be anycast0

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/281
 2025-05-11 16:36:04 +10:00
Ben Vincent
3e0141bb1b feat: change to anycast resolver (#280) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/280
 2025-05-11 11:39:00 +10:00
Ben Vincent
bb6f6cbd49 feat: anycast dnsmasters (#279) 
- change dns masters on incus to anycast for bind
- change to networkd to support anycast/loopbacks

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/279
 2025-05-10 23:00:03 +10:00
Ben Vincent
51d6c1e81d fix: enable dns resolver access for dmz1 (#278) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/278
 2025-05-10 06:57:05 +10:00
Ben Vincent
537a207779 feat: update upstream ip for consul dns (#277) 
- set bind resolvers to use consuls anycast address for forwarding

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/277
 2025-05-09 22:10:35 +10:00
Ben Vincent
f322440d01 feat: setup anycast consul dns (#276) 
- manage frrouting repo/ospf
- change to systemd-networkd
- enable ospf on incus nodes bridges

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/276
 2025-05-09 22:07:42 +10:00
Ben Vincent
b05acb23f4 feat: use custom cert for puppetdb access (#271) 
- manually generated certificate using sudo puppetserver ca generate --certname puppetdbapi.query.consul
- saved certificate and private_key in eyaml

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/271
 2025-05-03 12:41:23 +10:00
Ben Vincent
cdf9456456 feat: update psql15 repos for roles (#269) 
- update patroni to use packagerepo
- update puppetdb to use packagerepo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/269
 2025-04-29 21:04:45 +10:00
Ben Vincent
2323ef7749 feat: postgresql15/postgresql17 (#268) 
- add postgresql15 and 17 to reposync

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/268
 2025-04-28 21:39:45 +10:00
Ben Vincent
9359b8902e feat: vault mlock (#266) 
- enable mlock by default
- disable mlock on lxd/incus nodes (lxc doesnt support it)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/266
 2025-04-26 22:43:20 +10:00
Ben Vincent
496ed12a58 feat: change vault to use package install (#264) 
- vault 18.2 rpm produced by rpmbuilder repo
- ensure the /etc/vault directory is managed
- ensure service file is managed by puppet
- ensure package comes from unkin repo (not hashicorp)
- disable_mlock as unprivileged containers cannot use mlock

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/264
 2025-04-26 18:40:31 +10:00
Ben Vincent
78f4d2a88f feat: cleanup mpls configuration (#262) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/262
 2025-04-26 00:39:23 +10:00
Ben Vincent
762d980ea8 feat: update dns resolver zone management (#261) 
- move zones to common role path
- specify forwarders for each zone in region based hiera

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/261
 2025-04-25 01:01:47 +10:00
Ben Vincent
463abe4b9d feat: add reverse dns zones for incus (#260) 
- add reverse dns zones for incus hosts
- update acls for openresolver

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/260
 2025-04-24 23:48:34 +10:00
Ben Vincent
ecce93bedb feat: lxc cannot use chronyd (#259) 
- ensure lxc nodes do not attempt to install chronyd
- ensure chrony is removed

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/259
 2025-04-24 23:18:45 +10:00
Ben Vincent
9dcaafb8ba feat: lxc updates (#258) 
- add virtual/lxc.yaml
- add crypto crypto-policies-scripts
- ensure ssh::server is managed

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/258
 2025-04-24 23:03:01 +10:00
Ben Vincent
a21c1b3697 Adding hieradata/node/ausyd1nxvm1072.main.unkin.net.yaml (#257) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/257
 2025-04-24 21:25:00 +10:00
Ben Vincent
2321186ad5 neoloc/mpls_ldp_frr (#255) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/255
 2025-04-24 16:51:31 +10:00
Ben Vincent
c24babe309 feat: add incus image host (#254) 
- add role
- add consul service + checks
- manage the datavol as zfs
- insure the incus fact exists before attempting to read it

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/254
 2025-04-24 01:00:39 +10:00
Ben Vincent
bfda2b628b feat: enable ip forwarding for gitea runners (#253) 
- required to enable docker containers reach git service

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/253
 2025-04-21 18:40:17 +10:00
Ben Vincent
278f8001b0 feat: add frr synced repo (#252) 
- add frr repo to incus hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/252
 2025-04-18 21:21:23 +10:00
Ben Vincent
0fe44cf4e2 feat: add frr repos (#251) 
- add frr/stable/el8
- add frr/stable/el9
- add frr/extras/el8
- add frr/extras/el9

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/251
 2025-04-15 02:21:55 +10:00
Ben Vincent
25b06cde22 feat: move bridge management to incus (#250) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/250
 2025-04-15 00:04:14 +10:00
Ben Vincent
0e3dd4d7d0 feat: initialise barebones server (#248) 
- manage incus servers init

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/248
 2025-04-06 23:56:50 +10:00
Ben Vincent
b6ea353cfb feat: update dns resolver acls (#246) 
- add dmz acl
- add common acl
- add loopback/ceph/physical subnets to main acl

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/246
 2025-04-06 16:44:16 +10:00
Ben Vincent
c225564bdb feat: continue incus implementation (#245) 
- migrate to systemd-networkd
- setup dummy, bridge and static/ethernet interfaces
- manage sshd.service droping to start ssh after networking is online
- enable ip forewarding
- add fastpool/data/incus dataset
- enable ospf and frr
- add loopback0 as ssh listenaddress
- add loopback1/2 for ceph cluster/public traffic

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/245
 2025-04-06 16:38:04 +10:00
Ben Vincent
06666fe488 fix: resolve issue with baseos in el9 (#244) 
- was not correctly provisioning the baseos repo for el9 incus hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/244
 2025-04-02 21:02:08 +11:00
Ben Vincent
9dc88e6db6 feat: deep merge zpools/datasets (#243) 
- change prodnxsr0009 to use nvme0n1 as zfs device

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/243
 2025-04-02 20:35:04 +11:00
Ben Vincent
95bc2716cf neoloc/incus_deploy (#241) 
feat: deploy incus

- manage sysctl based on incus recommendations
- manage limits based on incus recommendations
- manage zpools and zfs datasets
- add incus hiera settings

feat: manage repo for zfs

- dont use zfs module to manage repo, use profiles:😋:global::repos

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/241
 2025-03-31 23:14:05 +11:00
Ben Vincent
829b1b05fd feat: cleanup consul from url install (#239) 
- set bind_dir to be /usr/bin for rhel, /usr/local/bin for debian
- remove url-installed consul from rhel

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/239
 2025-03-30 18:40:09 +11:00
Ben Vincent
427fe352b4 feat: debian package for consul not managed (#237) 
- change debian hosts to use the url method to download consul

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/237
 2025-03-30 17:13:54 +11:00
Ben Vincent
45b061a053 feat: change almalinux9 to use packagerepo (#236) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/236
 2025-03-30 17:05:03 +11:00
Ben Vincent
d39d25d3f1 feat: add almalinux 9.5 repos using mirrorlist (#235) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/235
 2025-03-30 16:24:55 +11:00