5725d092b8
feat: add haproxy exporter
...
- add admin socket for exporter
2024-06-16 20:56:23 +10:00
62cac63f11
feat: add database generation to grafana
...
- ensure a database, user and credential is created for each grafana node
- ensure all databases for a region are included in a mariadb cluster
- refine params with stdlib types
2024-06-16 18:49:59 +10:00
0fe05bb896
Merge branch 'develop' into neoloc/grafana
2024-06-16 00:39:45 +10:00
a901a0b868
feat: puppetserver dropins
...
- change ExecStartPost for crl.pem to two commands
- run `puppet generate types` after starting puppet
2024-06-16 00:11:56 +10:00
58acd83410
feat: manage latest crl for puppet
...
- ensure the latest crl.pem exists on each no-ca puppetserver
- ensure the latest crl.pem is used after each start of puppetserver
2024-06-15 23:32:50 +10:00
cc0a9e132e
Merge pull request 'fix: yumrepo purging' ( #34 ) from neoloc/yumresources into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/34
2024-06-14 23:57:54 +10:00
67f831edaf
fix: yumrepo purging
2024-06-14 23:55:31 +10:00
c9abc779a0
Merge pull request 'fix: yumrepo purge after deploy' ( #33 ) from neoloc/yumresources into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/33
2024-06-14 23:32:41 +10:00
380bb7bcb5
fix: yumrepo purge after deploy
...
- ensure the resources resource for yumrepo runs after deploying yumrepo resources
- rm all almalinux*.repo files before attempting to create yumrepo
resources
2024-06-14 23:21:14 +10:00
82ce3ed4d7
feat: ensure tftpd started on cobbler
2024-06-14 23:11:49 +10:00
cbbcfa3b9e
chore: cleanup old enc class
2024-06-11 20:29:21 +10:00
b7a22551b1
feat: add sonar role
2024-06-10 21:21:20 +10:00
d4163233f6
Merge branch 'develop' into neoloc/sshsign_hostkeys
2024-06-09 20:38:25 +10:00
52b06dcd8e
feat: manage ssh known hosts
...
- disable use of stored configs for ssh-known-hosts
- manage the /etc/ssh/ssh_known_hosts content
2024-06-09 20:26:34 +10:00
57b935b33e
Merge pull request 'neoloc/networking' ( #21 ) from neoloc/networking into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/21
2024-06-08 17:08:51 +10:00
06545c6298
feat: change hiera_include, hiera_exclude
...
- change hiera_classes to hiera_include
- add method to remove classes from hiera_include through hiera_exclude
2024-06-08 17:07:58 +10:00
aaf482c9b9
feat: manage the facts soft limit
...
- set the facts soft limit for agents and servers
- prevent warnings about reaching the default 2048 soft limit
2024-06-08 13:56:53 +10:00
6822a39dc3
fix: make ntp check script executable
2024-06-03 20:23:23 +10:00
76fc6b9fa1
fix: add missing check script
2024-06-02 19:32:02 +10:00
da3444e49f
feat: create ntp consul service
...
- create consul policy for ntp servers
- add consul service check and check script
2024-06-02 19:23:39 +10:00
b468f67103
feat: sign ssh host keys
...
- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
2024-06-01 22:51:42 +10:00
cc7165055d
Merge pull request 'feat: refacter gitea profile' ( #7 ) from neoloc/gitea_refactor into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/7
2024-06-01 17:28:28 +10:00
4bd3310ea8
feat: refacter gitea profile
...
- move more data to hiera
- change how the custom_configuration is made
2024-06-01 17:16:37 +10:00
4b4272250a
Merge branch 'develop' into neoloc/grafana
2024-06-01 14:47:06 +10:00
3dfe9b9b73
Merge pull request 'feat: puppetdb sql updates' ( #5 ) from neoloc/puppetdb_sql into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/5
2024-06-01 14:36:27 +10:00
810ba9ddb7
Merge pull request 'neoloc/nodelookup_consul' ( #2 ) from neoloc/nodelookup_consul into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/2
2024-06-01 12:11:48 +10:00
7cf2e78cea
feat: add sort and count to node_lookup
...
- add -C option to count number of identical records
- sort responses from node_lookup
2024-06-01 12:09:53 +10:00
91e3f2d427
chore: change node_lookup to use consul
...
- remove https, use http backend as no authentication is required
2024-06-01 12:04:57 +10:00
fab4ea5998
feat: add gitea classes
...
- add basic gitea class
2024-05-28 23:14:36 +10:00
ad268e8977
Merge pull request 'feat: vault use vault' ( #226 ) from neoloc/vault_use_vault into develop
...
Reviewed-on: unkinben/puppet-prod#226
2024-05-26 00:38:55 +09:30
7c0bf4a398
feat: vault use vault
...
- change vault to use vault ephemeral certificates
- remove nginx frontend to vault
2024-05-26 01:06:48 +10:00
0a49092f52
chore: add syd1 vault ca/int certs
...
- deploy syd1 vault ca certificates
2024-05-25 14:18:56 +10:00
22af602510
Merge pull request 'feat: puppet::client multiple altnames' ( #221 ) from neoloc/puppetdbapi_certs into develop
...
Reviewed-on: unkinben/puppet-prod#221
2024-05-22 22:42:59 +09:30
0901595de9
feat: puppet::client multiple altnames
...
- puppet clients can not request multiple dns alt_names
- set puppetdbapi hosts to request multiple certificates
2024-05-22 23:05:34 +10:00
349547c4bc
feat: puppetboard on consul
...
- updated nginx param types
- add nginx aliases, merge with vhost, use as server_names
- add additional vault alt-names
- add prepared query for puppetboard
2024-05-22 22:54:54 +10:00
770c8cc159
feat: update hiera key for puppetdb api/sql
...
- changed to use puppetdbapi and puppetdbsql hiera keys
- updated all classes that referenced old values
2024-05-22 22:18:32 +10:00
f6bf504416
Merge branch 'develop' into neoloc/syd1_puppetdb
2024-05-22 22:11:04 +10:00
39aa6e114e
feat: puppetdb sql updates
...
- add consul support
- enable local script checks in consul agents
- add a test DB/User for consult to verify the psql instance is running
- manage the postgresql repo and gpg key
2024-05-22 22:05:54 +10:00
4b0ff2deee
Merge pull request 'feat: firstrun optimisations' ( #216 ) from neoloc/yumrepos into develop
...
Reviewed-on: unkinben/puppet-prod#216
2024-05-19 22:46:19 +09:30
598a8c0f52
feat: firstrun optimisations
...
- download gpg keys if gpgkey is defined
- ensure the profiles::defaults is called first
2024-05-19 23:11:11 +10:00
2abbfe8feb
feat: update all roles for firstrun
...
- ensure the firstrun is processed before role specific class profiles
2024-05-19 22:11:01 +10:00
dde8d5978d
feat: firstrun improvements
...
- add fact to detect firstrun
- run a limited subset of classes on firstrun
- firstrun: includes:
- vault ca certificates
- yum/apt repositories
- fast-install packages with an exec
2024-05-19 21:28:14 +10:00
0e7168026d
Merge pull request 'neoloc/yumrepos' ( #212 ) from neoloc/yumrepos into develop
...
Reviewed-on: unkinben/puppet-prod#212
2024-05-19 20:09:50 +09:30
fd466fcccc
feat: cleanup old repo management
...
- change profiles::puppet::agent to require Yumrepo['puppet']
- remove managed repos hieradata
- remove profiles:😋 :* classes that are not required
- remove missed rebase comment
2024-05-19 20:27:56 +10:00
5f9480f186
feat: direct yumrepo config
...
- deep merge yumrepo resources
- convert repos to direct yumrepo in hieradata
- change from repos.main.unkin.net to edgecache.query.consul
- create all yumrepo resources from $profiles:😋 :global::repos
2024-05-19 20:27:47 +10:00
150d5b97a9
feat: cleanup excessive comments
2024-05-19 17:23:00 +10:00
6f9a606549
feat: configure edgecache for postgresql
...
- add fact to record system resolvers
- add resolvers feature in /etc/nginx/conf.d/resolvers.conf
- add rewrite rules for postgres/yum/repodata
2024-05-19 16:56:36 +10:00
81e4dffa36
feat: mariadb improvements
...
- add bind-address to local_ip
- add consul service
2024-05-12 19:56:46 +10:00
6bddec6bd2
Merge pull request 'feat: manage pgsql settings for puppetdb' ( #208 ) from neoloc/puppetdb_connections into develop
...
Reviewed-on: unkinben/puppet-prod#208
2024-05-12 16:10:42 +09:30
5774ebd614
feat: manage pgsql settings for puppetdb
...
- deep merge postgresql_config_entries in common.yaml
- add postgresql_config_entries into a new hieradata/roles/infra/puppetdb/sql.yaml
- set puppetdb role to import the options
2024-05-12 16:36:43 +10:00
48b9177e05
Merge pull request 'feat: prepare syd1 mariadb cluster' ( #207 ) from neoloc/mariadb_syd1 into develop
...
Reviewed-on: unkinben/puppet-prod#207
2024-05-12 15:44:03 +09:30
2aa5ead9d1
feat: prepare syd1 mariadb cluster
...
- update role to wait for enc_role
- move hiera data to country/region/role specific location
2024-05-12 15:40:43 +10:00
bed0ef3c79
feat: improve first run on el8
...
- change defaults for yumrepo resources
2024-05-12 15:06:47 +10:00
4171427e7b
feat: add edgecache role
...
- add edge-caching role
- add mirror for debian, almalinux and epel repositories
- export service as edgecache in consul
2024-05-11 21:46:20 +10:00
911e284586
Merge pull request 'fix: export cobbler DNS if is_cobbler_master' ( #200 ) from neoloc/cobbler_dns into develop
...
Reviewed-on: unkinben/puppet-prod#200
2024-05-11 14:13:37 +09:30
a05f81799d
fix: export cobbler DNS if is_cobbler_master
...
- set prodinf01n48 as primary cobbler node
- ensure the cobbler DNS record is created
2024-05-11 14:36:28 +10:00
ce3e0f2320
Merge pull request 'neoloc/cobbler_refacter' ( #199 ) from neoloc/cobbler_refacter into develop
...
Reviewed-on: unkinben/puppet-prod#199
2024-05-09 22:45:33 +09:30
fee0bde604
feat: complete cobbler automation
...
- add facts to manage the /var/www/cobbler and /data/cobbler directories
- move /var/www/cobbler -> /data/cobbler
- create symlink from /var/www/cobbler -> /data/cobbler
- ensure that cobbler nodes are set to permissive selinux mode
2024-05-09 22:44:55 +10:00
72077d64a2
refactor: reconfigure cobbler to module style
...
- split params into class
- split class into individual functions
2024-05-07 22:44:01 +10:00
8de1ed9766
feat: dhcp wait for enc_role fact
2024-05-06 22:07:39 +10:00
e9c7fbc2b5
feat: update puppetdb_api for multi-zone
...
- wait for the enc_role fact to be updated and match
- move puppetdb db/api host values to common.yaml
- add vault cert altnames for consul query/service addresses
- add consul services/rules/checks
2024-05-06 20:38:25 +10:00
14a56a41a2
Merge branch 'develop' into neoloc/consul_wan
...
Conflicts:
hieradata/common.yaml
2024-05-05 18:01:41 +10:00
f1ff7cb736
feat: distribute eyaml pub/priv key
...
- distribute the private/public pem for eyaml via eyaml
2024-05-05 16:25:18 +10:00
fe296d52d9
feat: manage puppet/puppetca consul services
...
- add puppet service
- add puppetca service
- add ability to write to puppet/puppetca service in consul
- add puppet.(query,service).consul to dns_alt_names of all masters
- add puppetca.(query,service).consul to dns_alt_names of puppetca
2024-05-04 16:10:32 +10:00
8a241d6b96
feat: add prepared_query capabilities to consul
...
- add prepared query for:
- vault
- puppet
- puppetca
2024-05-04 15:46:47 +10:00
6020143f76
feat: consul multi-datacentre joining
...
- add method to join multiple consul datacentres
- set syd1 as the primary datacentre
- use default token from au-syd1 cluster in all locations
- add replication token
2024-05-04 00:39:18 +10:00
df8a55c3dd
feat: manage puppetca
...
- manage the puppet ca.cfg
- distribute the crl.pem from the puppetca to masters
2024-05-03 21:29:25 +10:00
052b07be83
chore: remove excessive comments
...
- remove the excessive comments and notes at the top of the puppet classes
2024-05-03 20:48:20 +10:00
a429255c63
feat: puppet server agent
...
- add [agent] settings for puppetservers
2024-05-03 20:46:01 +10:00
56b23620b7
refactor: reoganise the puppetserver profile
...
- manage puppetserver package
- set order for puppetserver classes
- for profiles::puppet::server class:
- set param types using stdlib where possible
- set default values for all params
- move configuration data to hieradata
- wait for enc_role fact to match role
- exclude puppet::client from puppermaster nodes
2024-05-02 23:32:32 +10:00
8697492611
feat: haproxy refactor
...
- configure deep merging in hiera
- move fe_http and fe_https to hiera
- configure pve backends for standard and api traffic
2024-05-01 19:02:03 +10:00
220ac182f4
feat: sydney haproxy cluster
...
- add au-syd1 halb cluster
- add http-response to frontends
- manage haproxy after enc_role is correct
2024-04-28 21:14:36 +10:00
8df927de18
feat: add node_token to agent config
...
- move policy rules to hiera array[hash]
- add node_token to agent as the default token
2024-04-28 17:06:06 +10:00
0f0d392fb4
feat: deploy consul agent
...
- install the consul agent on all nodes, except consul servers
2024-04-28 13:23:43 +10:00
6fc5829fce
feat: simple nginx proxy
...
- merge consul/vault nginx proxy into single class
- replace nginx proxy classes for consul/vault with simpleproxy class
2024-04-28 00:32:04 +10:00
3001bc32f2
feat: add sydney vault cluster
...
- separate yaml between multiple regions
- add nginx frontend to vault
2024-04-27 22:35:16 +10:00
f536d19034
feat: generate consul policy/tokens
...
- generate policy/token to add nodes
- generate policy/token for all nodes
- add base::root profile to manage aspects of the root user
2024-04-27 20:21:57 +10:00
a7e9f1590e
fix: move primary_datacenter to region/role
...
- set syd1 as primary consul datacentre
- add consul.service.consul zone
- add nginx reverse proxy for consul webui
- set dns zones/acls/views/keys to be deep merged from hiera
- update default token
- add consul/consul.service.consul/consul.main.unkin.net to vault cert
2024-04-26 23:11:38 +10:00
3ca92ee1f3
fix: consul members role key
...
- moved members_role for consul to common yaml
2024-04-25 00:00:24 +10:00
98deb58fde
Merge pull request 'fix: enable new consul clusters to be started' ( #173 ) from neoloc/consul_bootstrap into develop
...
Reviewed-on: unkinben/puppet-prod#173
2024-04-24 23:23:08 +09:30
b6d3fc26de
fix: enable new consul clusters to be started
...
- wait for the enc_role fact to be correct, as this is required to find
all keys in hiera
2024-04-24 23:51:26 +10:00
6ad01abc6c
Merge pull request 'fix: absent to file, for custom_facts.yaml' ( #172 ) from neoloc/enc_role_facts2 into develop
...
Reviewed-on: unkinben/puppet-prod#172
2024-04-24 23:05:05 +09:30
5f6ba93393
fix: absent to file, for custom_facts.yaml
2024-04-24 23:34:21 +10:00
3ed433fb97
Merge pull request 'feat: moved enc_role and enc_env to ruby facts' ( #171 ) from neoloc/enc_role_facts into develop
...
Reviewed-on: unkinben/puppet-prod#171
2024-04-24 23:01:57 +09:30
e0dbecbfa0
feat: moved enc_role and enc_env to ruby facts
2024-04-24 23:30:27 +10:00
99d3dcf4d8
Merge branch 'develop' into neoloc/dns_master_multiregion
2024-04-24 18:58:41 +10:00
b8d799e8e9
feat: select nameserver in soa based on role
...
- find all dns servers in $ns_use (region/country/all),
- or use the current node as the only nameserver
2024-04-24 18:44:08 +10:00
f8fd6700da
feat: enable selecting nameserver by fact
...
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
2024-04-24 18:40:18 +10:00
2bae42fa31
Merge pull request 'feat: install ksm for proxmox' ( #168 ) from neoloc/proxmox_ksm into develop
...
Reviewed-on: unkinben/puppet-prod#168
2024-04-24 17:46:37 +09:30
3810385fcd
feat: install ksm for proxmox
2024-04-24 18:13:56 +10:00
6fc0b240c1
Merge pull request 'feat: sort ntpservers, select ntp to use' ( #167 ) from neoloc/ntp_selection into develop
...
Reviewed-on: unkinben/puppet-prod#167
2024-04-23 23:29:06 +09:30
7b316c6b0b
feat: sort ntpservers, select ntp to use
...
- sort the ntpservers array so it doesnt change each run of puppet
- allow the selection of all, region or country specific ntp servers
2024-04-23 23:57:01 +10:00
4b2690a678
Merge pull request 'feat: enable selecting nameserver by fact' ( #166 ) from neoloc/dns_selection into develop
...
Reviewed-on: unkinben/puppet-prod#166
2024-04-23 22:14:59 +09:30
dbe11323c5
feat: enable selecting nameserver by fact
...
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
2024-04-23 22:39:33 +10:00
a7b40daee0
Merge pull request 'feat: sort nameserver/search_domains' ( #165 ) from neoloc/dns_sorting into develop
...
Reviewed-on: unkinben/puppet-prod#165
2024-04-23 20:44:59 +09:30
bb8bf202ac
feat: sort nameserver/search_domains
...
- ensure the list doesnt change every puppet run
2024-04-23 21:11:56 +10:00
df56213b18
fix: enable repos before installing packages
2024-04-22 19:07:28 +10:00
9c6dee7609
feat: manage timezone per region
...
- add timezone module
- set per-region timezone setting
- setup hiera_classes, set to deep merge, and set to include all in base profile
2024-04-21 15:48:09 +10:00
ccf43f3bcb
Merge pull request 'feat: manage proxmox nodes' ( #159 ) from neoloc/proxmox into develop
...
Reviewed-on: unkinben/puppet-prod#159
2024-04-21 15:07:43 +09:30
f04c74bd4d
feat: manage proxmox nodes
...
- change /etc/hosts to meet proxmox requirements
- add proxmox node role
- add init, params, repo, install, clusterjoin classes
2024-04-21 15:08:28 +10:00
085416fea9
Merge pull request 'feat: node_lookup compatability for Debian' ( #158 ) from neoloc/node_lookup_debian into develop
...
Reviewed-on: unkinben/puppet-prod#158
2024-04-20 17:39:31 +09:30
80a4cb0544
feat: debian vaultcert compatability
...
- remove comma from certificate file
- add comments identifying each certificate
2024-04-20 18:08:16 +10:00
49b4a65302
feat: node_lookup compatability for Debian
2024-04-20 18:04:54 +10:00
d0d67e316a
feat: prepare puppet for debian
...
- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules
2024-04-13 22:34:28 +10:00
114d3fe195
feat: nginx reverse proxy debian cache
...
- add debian, debian/pool locations to reposyncer
- add selinux fcontext rules
2024-04-13 20:52:27 +10:00
82f2d75888
feat: add frontends, backends, listeners
...
- add a way to define frontends, backends and listeners through hieradata
2024-04-06 20:23:37 +11:00
ed60e18062
feat: update jdk11 for puppetdb
...
- specify the java_bin
- specify the java_args
2024-04-06 20:05:23 +11:00
f79d9de495
feat: update node_lookup
...
- update node_lookup to use new puppetdb URL
2024-04-06 18:31:41 +11:00
c9a1d35af9
feat: add cnames to haproxy
...
- manage A records for haproxy
- manage cnames for services using haproxy
2024-04-06 16:26:50 +11:00
e97d061f46
feat: add puppetdbapi to haproxy
...
- add puppetdbapi backend to haproxy
- add puppetdbapi altname to the vault certificate
- add mapping for hostname to backend
2024-04-06 15:49:10 +11:00
105bf1b09d
feat: add puppetboard backend
...
- add balancemember to puppetboard nodes
- add be_puppetboard to haproxxy
- add puppetboard.main.unkin.net to haproxy altnames
- add puppetboard to backend mapping
- change way backends are registered in haproxy
2024-04-06 04:20:39 +11:00
2091f1ada3
feat: add haproxy profile
...
- add haproxy server class
- add haproxy profile to role
- add hiera data for region specific haproxy
- add selinux configuration
- add certlist management
- add default http and https frontends
- add default stats listener
2024-04-06 03:27:45 +11:00
5bde96fb4d
feat: change certmanage to approles
...
- created approle 'certmanager' using 'certmanager' policy
- update certmanager script to generate token based on roleid
2024-04-04 00:32:08 +11:00
64563902d4
feat: deploy cobbler enc
...
- install python3.11 on all nodes
- create python3.11 venv for cobbler-enc
- install requirements in cobbler-enc venv
- symlink to /usr/local/bin/
2024-03-31 20:58:31 +11:00
d64e185919
Merge pull request 'feat: add dhcp servers' ( #145 ) from neoloc/dhcp-server into develop
...
Reviewed-on: unkinben/puppet-prod#145
2024-03-29 07:45:16 +09:30
d64860f47b
feat: add dhcp servers
...
- include puppet-dhcp module
- manage dhcp pools
- manage dhcp classes (bios/uefi)
2024-03-29 09:13:26 +11:00
159c57677a
Merge pull request 'feat: add cobbler profile' ( #144 ) from neoloc/cobbler_profile into develop
...
Reviewed-on: unkinben/puppet-prod#144
2024-03-29 07:10:33 +09:30
80b7ad8639
feat: add cobbler profile
...
- add datavol to cobbler nodes
- add cobbler profile
- add cobbler role hieradata
- manage selinux where required for cobbler
- manage service cname
2024-03-29 08:36:42 +11:00
e02921be75
feat: deep merge yum repos to manage
...
- fixed merging of yum repos
- changed puppet7 to use local copy of repo
2024-03-28 21:41:15 +11:00
0383db2b10
feat: set sysadmin password
2024-03-28 20:34:50 +11:00
fe4af852b6
feat: cobbler setup
...
- add cobbler profile
- add dhcp server profile
2024-03-17 17:52:34 +11:00
8f5e9e40a1
feat: add ovirt roles
...
- add repositories for ovirt
- add role/profile for ovirt/engine and ovirt/node
- add deep-merge for managed_repos
- change repos to allow filesource (URL or file://)
- change reposync to use curl instead of wget
2024-03-16 16:43:12 +11:00
3587ea2295
feat: add ovirt base roles
2024-03-13 22:31:03 +11:00
15e4e11097
feat: require vaultca for all yumrepos
2024-03-10 19:01:14 +11:00
fd5dbb7813
Merge pull request 'feat: add country/region/environment to motd' ( #134 ) from neoloc/motd_facts into develop
...
Reviewed-on: unkinben/puppet-prod#134
2024-03-10 14:19:09 +09:30
428dc910bb
feat: add country/region/environment to motd
2024-03-10 15:48:26 +11:00
816bec9f17
feat: add base role for redis
2024-03-05 22:53:49 +11:00
465bbbd9e1
Merge pull request 'feat: update yumrepos to use https://' ( #130 ) from neoloc/yumrepo_use_https into develop
...
Reviewed-on: unkinben/puppet-prod#130
2024-03-03 16:29:28 +09:30
51d0ca16ec
feat: update yumrepos to use https://
...
- require vaultca on all repos on repos.main.unkin.net
2024-03-03 16:44:16 +11:00
0782cd5679
feat: dynamically add subscribe to nginx resource
...
- add subscribe option to nginx resource dependent on nginx_listen_mode
- ensure nginx reloads when the ssl_cert or ssl_key changes, only if
these values are not undef
- ensure the file resources are defined for certificates
2024-03-03 16:25:51 +11:00
df97b75aca
Merge pull request 'feat: change nginx to use vault ssl certs' ( #128 ) from neoloc/packagerepo_ssl into develop
...
Reviewed-on: unkinben/puppet-prod#128
2024-03-03 13:34:04 +09:30
5afa9e8960
Merge pull request 'neoloc/pki_generate' ( #127 ) from neoloc/pki_generate into develop
...
Reviewed-on: unkinben/puppet-prod#127
2024-03-03 13:33:33 +09:30
05d2599bc5
feat: ensure vaultca certificate is trusted
...
- install the vault rootca on all nodes
- update ca-trust store on changes to the rootca certificate deployed
2024-03-03 14:54:59 +11:00
3e98ced8da
feat: change nginx to use vault ssl certs
...
- update packagerepo webserver class to allow using ssl
2024-03-03 14:53:36 +11:00
8009b59514
feat: automatically generate vault certs
...
- certificate will be generated for:
- fqdn
- hostname
- primary ip address
- localhost
- 127.0.0.1
- update base profile to generate vault certificate for all
- create facts for use with vault_certs
2024-03-03 13:38:52 +11:00
36c2e6afaa
fix: ssl warning breaks puppet run
...
- remove ssl warning for certmanager temporarily
2024-02-25 23:04:43 +11:00
974c8ce71d
Merge pull request 'fix: restart vault-unseal' ( #122 ) from neoloc/vault_unseal_on_change into develop
...
Reviewed-on: unkinben/puppet-prod#122
2024-02-25 20:03:26 +09:30
d1f5d3c09e
fix: restart vault-unseal
...
- restart vault-unseal when the unseal keys change
2024-02-25 21:32:01 +11:00
48e0bd6796
fix: vault role fails on new servers
...
- vault server fails on new servers
- move unseal class to be included after vault class
2024-02-25 21:06:37 +11:00
f6110f534c
feat: certmanager output as json
...
- prepare certmanager for pki::vault class
- allow puppet to read certmanager config
2024-02-25 19:31:32 +11:00
7f03bc5c76
feat: add certmanager helper
...
- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only
2024-02-19 21:20:50 +11:00
e10bed689c
Merge pull request 'refacter: cleanup packages setup' ( #116 ) from neoloc/package_changes into develop
...
Reviewed-on: unkinben/puppet-prod#116
2024-02-17 21:30:49 +09:30
9be1e19900
Merge pull request 'fix: fact was misspelled' ( #115 ) from neoloc/mariadb_fixes into develop
...
Reviewed-on: unkinben/puppet-prod#115
2024-02-17 21:30:27 +09:30
1f7b347ef4
refacter: tidy facts
...
- create a facts module, move all facts to this module
2024-02-17 22:57:36 +11:00
12ff053c6d
refacter: cleanup packages setup
2024-02-17 22:49:32 +11:00
d92c13525c
fix: fact was misspelled
...
- fixed fact name
2024-02-17 21:19:55 +11:00
73a21059f8
Merge pull request 'feat: add vault server profile' ( #113 ) from neoloc/vault_server into develop
...
Reviewed-on: unkinben/puppet-prod#113
2024-02-17 19:48:13 +09:30
fe05c86463
feat: add vault server profile
...
- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
2024-02-17 21:12:12 +11:00
09291da89f
fix: use fact to determine if selinux in use
2024-02-11 21:05:48 +11:00
Ben Vincent
f8b30f335b
Merge pull request 'feat: add consul server profile' ( #111 ) from neoloc/consul_server into develop
...
Reviewed-on: unkinben/puppet-prod#111
2024-02-11 15:56:24 +09:30
8cb6b68b53
feat: add consul server profile
...
- install/configure consul
- install/configure dnsmasq as dns proxy for consul
- add unkin yumrepo definition as source for consul
- update datavol to ensure the /data volume is mounted
2024-02-11 17:12:35 +11:00
Ben Vincent
a0434fc7b5
Merge pull request 'feat: cleanup reposync conf files' ( #110 ) from neoloc/cleanup_reposync_conf into develop
...
Reviewed-on: unkinben/puppet-prod#110
2024-02-10 14:15:00 +09:30
71c316e7ae
feat: cleanup reposync conf files
...
- add feature to /etc/reposync/conf.d to ensure the subfiles are cleaned
up when they are not defined
2024-02-10 15:37:24 +11:00
Ben Vincent
4bce524b49
Merge pull request 'feat: puppet wrapper replace dot' ( #108 ) from neoloc/puppetwrapper_dot into develop
...
Reviewed-on: unkinben/puppet-prod#108
2024-02-10 14:02:48 +09:30
a054a94d98
feat: puppet wrapper replace dot
...
- set puppet wrapper to replace '.' with '_' in the branch name
2024-02-10 15:31:45 +11:00
8332d4f374
fix: recursive restorecon for reposync
...
- set reposync to restore selinux controls on all files in the new
snap_path
2024-02-10 15:19:12 +11:00
d6eeed0b61
feat: add vault role
...
- add basic vault role to begin building servers
2024-02-10 14:16:51 +11:00
dc97d15ef9
feat: add consul role
2024-02-06 22:51:59 +11:00
da53e28f0e
feat: add haproxy role
...
- add infra::halb section for highly available load balancers
2024-01-07 18:34:34 +11:00
db23e203c6
fix: fix minio certificate param
...
- change enum['string', undef] to an optional param so undef can be set
2024-01-05 22:00:10 +11:00
d8751ac6c8
feat: add minio profile
...
- add additional modules in Puppetfile
- update puppetlabs-lvm to 2.1.0
- add facts.d base path to hieradata
- add infra/storage and infra/storage/minio role data to hieradata
- add new facts for minio setup status
- add a static yaml minio-facts file to assist dynamic ruby facts
- updated hiera with additional directories (country/{role,region})
2024-01-05 21:44:41 +11:00
Ben Vincent
a049338c9d
Merge pull request 'feat: install bind-utils' ( #98 ) from neoloc/add_bind_utils into develop
...
Reviewed-on: unkinben/puppet-prod#98
2023-12-26 14:58:10 +09:30
a144e4ec2d
feat: install bind-utils
2023-12-26 16:27:28 +11:00
Ben Vincent
920f12b45e
Merge pull request 'feat: add/update location facts' ( #97 ) from neoloc/location_facts into develop
...
Reviewed-on: unkinben/puppet-prod#97
2023-12-26 13:23:17 +09:30
dbec0222b3
feat: add/update location facts
...
- add country fact, change region to exclude country string
2023-12-26 14:51:40 +11:00
42211ddf7d
Merge pull request 'feat: add new datavol' ( #96 ) from neoloc/datavol_define into develop
...
Reviewed-on: unkinben/puppet-prod#96
2023-12-24 12:45:36 +09:30
ff83769ffc
Merge pull request 'feat: add region fact' ( #95 ) from neoloc/region_fact into develop
...
Reviewed-on: unkinben/puppet-prod#95
2023-12-24 12:44:15 +09:30
7431ebf51c
feat: add region fact
...
- add fact that maps primary ip subnet to a region code
- defaults to 'lost' if there is no subnet to region mapping
2023-12-24 14:12:54 +11:00
0c1548fbd8
feat: add new datavol
...
- add datavol define to replace the datavol class, which has more
flexibility through additional params, and the ability to call it
multiple times for multiple datavolumes
2023-12-24 12:54:09 +11:00
a0786f3f67
Merge pull request 'feat: add minio base role' ( #94 ) from neoloc/minio_role into develop
...
Reviewed-on: unkinben/puppet-prod#94
2023-12-22 17:47:47 +09:30
dcf83aa466
feat: add minio base role
2023-12-22 19:17:04 +11:00
f9562a9109
fix: check for python3_version
...
- check for python3 version before attempting to setup node_lookup
2023-12-18 23:51:39 +11:00
b6c7e3fd2d
Merge pull request 'feat: add selinux support to puppetboard' ( #92 ) from neoloc/nginx_selinux into develop
...
Reviewed-on: unkinben/puppet-prod#92
2023-12-11 20:46:30 +09:30
bf729d9b11
feat: add selinux support to puppetboard
...
- required to allow nginx to reach puppetdb
2023-12-11 22:14:45 +11:00
5b75cf735a
feat: manage ruby/puppet gems
...
- manage installation of puppet_gem packages for puppetmasters
2023-12-11 22:07:23 +11:00
254c9f1358
feat: configure grafana
...
- create grafana class
- configure database with db export, and db parameters
2023-12-11 21:46:53 +11:00
685d7db264
feat: add nodelookup
...
- add helper script to make quering puppetdb easier and more efficient
2023-12-11 21:15:48 +11:00
d998fbd85a
Merge branch 'develop' into neoloc/mariadbgalera
2023-12-10 16:34:42 +11:00
11a98b16bb
feat: setup galera cluster member profile
...
- add eyaml support for role
- add /data volume for galera cluster members
- create profiles::selinux namespace for defining selinux configuration
- create profiles::selinux::mysqld for managing specifics for mysqld
- create profiles::selinux::setenforce to manage selinux mode
- parameterised options required in mysqld::server module
- add mariadb repo
- add additional facts for managing mysqld and galera
2023-12-10 16:31:57 +11:00
a9aabfa161
fix: failed to test previously
...
- change next's outside of a loop to a single if statement
2023-12-08 21:32:32 +11:00
ebd20a5e5a
feat: mysql wsrep_ facts
...
- add facts generated from mysql's wsrep status variables
2023-12-08 21:25:01 +11:00
d261e3348d
Merge pull request 'feat: add/remove capabilities for packages' ( #86 ) from neoloc/base_packages_refactor into develop
...
Reviewed-on: unkinben/puppet-prod#86
2023-12-03 16:38:17 +09:30
53c54f982a
Merge pull request 'feat: setup/manage dnf-autoupdate' ( #85 ) from neoloc/dnf_autoupdate into develop
...
Reviewed-on: unkinben/puppet-prod#85
2023-12-03 16:37:56 +09:30
d8ff9ddb11
feat: setup/manage dnf-autoupdate
...
- create service to run dnf update
- create timer to call the service
- manage settings via params
2023-12-03 18:05:01 +11:00
8f04de2b52
feat: add/remove capabilities for packages
...
- add deepmerge lookup_options
- add packages to remove and packages to add to profiles::packages::base class
2023-12-03 17:24:58 +11:00
6e185ee248
Merge pull request 'feat: split agent service/package from config' ( #84 ) from neoloc/split_puppet_agent into develop
...
Reviewed-on: unkinben/puppet-prod#84
2023-12-03 15:20:51 +09:30
08c14c2329
feat: split agent service/package from config
...
- split package/service from config so puppetservers agents can be
managed in the same was as clients
2023-12-03 16:49:38 +11:00
8a6b3ef0fb
feat: add mirrorlist capability to reposyncer
...
- add mirrorlist param to reposyncer repos
- update almalinux 8.8 repos to use mirrorlist
- add almalinux 8.9 repos
2023-12-03 00:16:01 +11:00
1ccd8141ab
feat: add cname for repos
2023-11-29 23:13:17 +11:00
705c02c3a1
feat: fix selinux permissions each sync
...
- restorecon on each sync, to update selinux for new files/directories
2023-11-27 23:19:01 +11:00
Ben Vincent
7aae7e22a3
Merge pull request 'feat: add galera role' ( #76 ) from neoloc/mariadb into develop
...
Reviewed-on: unkinben/puppet-prod#76
2023-11-21 19:31:05 +09:30
a0d1623286
feat: add galera role
...
- add a base galera cluster member role
- include mysql and galera modules
2023-11-21 21:00:12 +11:00
Ben Vincent
caffc7dff9
Merge pull request 'fix: resolve prometheus issues' ( #75 ) from neoloc/prometheus_server into develop
...
Reviewed-on: unkinben/puppet-prod#75
2023-11-21 18:53:37 +09:30
609f9135df
feat: add base grafana role
...
- include puppet-grafana module
- infra::metrics::grafana role is currently clone of base
2023-11-21 20:13:14 +11:00
10a6085b84
fix: resolve prometheus issues
...
- broken prometheus::server config, resolve conflicts
- move hieradata for role to match role, not profile
2023-11-21 20:03:26 +11:00
663b10e5a5
Merge branch 'develop' into neoloc/prometheus
2023-11-21 19:40:17 +11:00
a5207eb717
feat: add prometheus server
...
- bump enc, include prometheus server nodes
- add prometheus role and server class
2023-11-21 19:38:22 +11:00
dd334da2b0
chore: reorganise reposync role
2023-11-18 20:08:16 +11:00
ab1b031275
Merge branch 'develop' into neoloc/puppet_cleanup
2023-11-18 20:03:46 +11:00
460f9bc7e8
refactor: move puppet::* roles to infra::puppet
...
- start creation on apps:: roles
- reorganise hieradata to match role changes
- remove tagging for enc repo
2023-11-18 20:00:58 +11:00
dffc97ad4c
chore: reorganise ntp server
...
- bump enc to match changes
- change ntp client to find servers through puppetdb query
- changed default ntp servers to publicly available nodes
2023-11-18 19:18:14 +11:00
92269ae94b
Merge branch 'develop' into neoloc/node_exporter
2023-11-17 23:20:02 +11:00
6b9d9e6aa7
Merge branch 'develop' into neoloc/resolvconf
2023-11-17 23:17:59 +11:00
Ben Vincent
7cc1a1ddc0
Merge pull request 'feat: manage qemu-agent' ( #66 ) from neoloc/qemuagent into develop
...
Reviewed-on: unkinben/puppet-prod#66
2023-11-17 21:46:08 +09:30
a21b7ffc96
feat: setup metrics agents
...
- set puppet::puppetdb_api class to export puppetdb
- set infra::dns::server class to export bind
- set all to export node and systemd metrics
2023-11-17 23:12:37 +11:00
d6f3262836
feat: manage qemu-agent
2023-11-17 22:25:43 +11:00
8d80fa3c51
feat: manage cloudinit
...
- add/remove cloud-init, default to remove
2023-11-17 22:17:24 +11:00
fdb13b7338
feat: find resolvers by role
...
- use puppetdbquery module to query puppetdb for resolvers
- move dns client config to profiles::dns::base
- manage the /etc/resolv.conf file
2023-11-17 21:54:20 +11:00
c996c9b7e3
fix: enable dynamic/tsig updates
...
- add eyaml to hiera.yaml
- consolidate all paths into single tree
- change to new profiles::dns::client wrapper
- change to new profiles::dns::record wrapper
- change to use concat method to build zone file
2023-11-16 21:40:16 +11:00
49f31edb03
Merge branch 'develop' into neoloc/bind_resolver
2023-11-13 21:55:21 +11:00
76b54fc59d
feat: add dns resolver/master classes
...
- define resolver and master dns server
- export A and PTR records from dns clients
- collect exported resources for master
- create hiera structure for acls, zones and views
2023-11-13 21:42:57 +11:00
b2844c4b3a
fix: updated path for gpg keys
2023-11-12 17:26:58 +11:00
cc77cc7ded
feat: change to use local mirror
...
- change almalinux and epel *.repo files on nodes to use local package mirror
- add option to purge yumrepo resources, default to true
- add versionlocking to yum, enable it for puppet-agent
2023-11-12 17:17:59 +11:00
48ea444e7c
fix: resolved issue with repodata
...
- repodata was being created in the wrong location
- update script to create in the path where the new snap exists
2023-11-12 15:48:30 +11:00
Ben Vincent
dd12726842
Merge pull request 'feat: add resolver/authoritive dns roles' ( #57 ) from neoloc/bindserver into develop
...
Reviewed-on: unkinben/puppet-prod#57
2023-11-12 13:11:56 +09:30
Ben Vincent
5276731d23
Merge pull request 'fix: datavol profile doesnt create the mountpoint' ( #56 ) from neoloc/datavol_create_mountpath into develop
...
Reviewed-on: unkinben/puppet-prod#56
2023-11-12 12:55:29 +09:30
Ben Vincent
79e37d9dae
Merge pull request 'refactor: move to ruby-script facts' ( #53 ) from neoloc/additional_enc_facts into develop
...
Reviewed-on: unkinben/puppet-prod#53
2023-11-11 22:15:42 +09:30
1b9a4f7832
refactor: move to ruby-script facts
...
- change enc_role_path fact to be ruby
- add enc_role_tier1, enc_role_tier2 and enc_role_tier3
- add new paths to hiera.yaml
2023-11-11 23:41:48 +11:00
1ff4611318
Merge branch 'develop' into neoloc/bind_resolver
...
- bring up to speed with rest of repo
2023-11-11 21:48:44 +11:00
7da58059d2
feat: add resolver/authoritive dns roles
...
- roles are currently empty, this just exists so I can branch off it
and start building test servers with this role
2023-11-11 21:47:21 +11:00
9bfae72d2e
Merge branch 'develop' into neoloc/ntpserver
2023-11-11 00:14:03 +11:00
f73c16bca2
feat: add enc_role_path fact
2023-11-11 00:03:12 +11:00
9cb730d116
feat: add ntp server/client
...
- add ntp client and server class
- add ntp server role
- update hiera.yaml to work with enc_role
- cleanup base profile
2023-11-10 23:59:10 +11:00
19836e2069
feat: adding reposync wrapper and tooling
...
- add autosyncer/autopromoter scripts
- add timer and service to initial sync process
- add timer/service for daily/weekly/monthly autopromote
- add define to manage each repo
- add nginx webserver to share repos
- add favion.ico if enabled
- add selinux management, and packages for selinux
- cleanup package management, sorting package groups into package classes
2023-11-08 23:16:56 +11:00
d11dcc0b24
fix: datavol profile doesnt create the mountpoint
...
- add file resource to create the required mountpath
- add Array[Enum[]] for mount_options
- fix mount to ensure the mount_options are used
- remove pass and dump options, leave as defaults
2023-11-06 19:31:35 +11:00
cb9af5a2a8
fix: variant regex results in error
...
- update the $size variant regex so it actually matches correctly
- default $size to undef, which results in 100%FREE
2023-11-05 18:11:53 +11:00
1d1541419a
feat: adding base packagerepo role
...
- create roles::infra::packagerepo
- bump enc version
2023-11-05 17:45:13 +11:00
6bbc14136f
Merge branch 'develop' into neoloc/datavol
2023-11-05 17:40:19 +11:00
def2561e6c
feat: add datavol class to manage /data
...
- included puppetlabs-lvm module
- created profiles::base::datavol to:
- create pv, vg, lv and format the filesystem and mount it
2023-11-05 17:37:10 +11:00
56518f1fcb
feat: change enc repo to be tagged
...
- enc repository will download a specific tag
- defaults to master
- hiera set to release tag '0.1'
2023-11-04 20:36:08 +11:00
0cc0bacad3
feat: add motd and facts
...
- use parameters created by the enc to create external facts
- use external facts to generate the motd
- use features from unkinben/puppet-enc#22
2023-11-04 20:11:20 +11:00
5076d7383a
feat: add ceph osd/mds/mon roles
...
- basic roles currently
- will allow build of ceph to begin
2023-11-02 20:12:47 +11:00
Ben Vincent
89653912cb
Merge pull request 'feat: manage puppet clients' ( #35 ) from neoloc/puppetclient into develop
...
Reviewed-on: unkinben/puppet-prod#35
2023-10-29 18:59:52 +09:30
130669a130
feat: manage puppet clients
...
- manage the service
- manage the package, version lock it
- deploy the /etc/puppetlabs/puppet/puppet.conf from template for puppet
clients only
2023-10-29 20:26:39 +11:00
Ben Vincent
cf26d2d2e7
Merge pull request 'feat: add puppetboard role' ( #34 ) from neoloc/puppetboard into develop
...
Reviewed-on: unkinben/puppet-prod#34
2023-10-29 18:06:27 +09:30
46c3eb9597
feat: add puppetboard role
...
- add nginx module to manage reverse proxy on host level
- add puppetboard venv
- add gunicorn instance
- add script to start the gunicorn instance
- add nginx vhost
2023-10-29 19:33:11 +11:00
0171a82d58
feat: add features to puppet.conf
...
- reports, for sending reports to puppetdb
- usecacheonfailure, to show faulures in puppetboard (when set to false)
2023-10-23 22:37:41 +11:00
ef0d865845
Merge pull request 'feat: split puppetdb role into api and sql' ( #32 ) from neoloc/puppetdb2 into develop
...
Reviewed-on: unkinben/puppet-prod#32
2023-10-22 20:30:43 +09:30
e682462917
feat: split puppetdb role into api and sql
...
- add puppetdb_api and puppetdb_sql role
- add puppetdb_api and puppetdb_sql profile
- add prodinf01n05 to /etc/hosts file
- set listen_address for all services to be hosts ip
- set storeconfigs and storeconfigs_backend to be managed by puppetmaster profile
2023-10-22 21:55:50 +11:00
6bb52f2a15
feat: add firewalld management profile
...
- basic profile to enable/disable, and install/remove
- defaulting to enabled and installed, but set to disabled and removed
in hiera
2023-10-22 19:54:10 +11:00
f772215630
fix: found typo in r10k script
2023-10-22 01:30:57 +11:00
2faed5de72
Merge pull request 'fix: set the puppetdb_host correctly' ( #29 ) from neoloc/puppetdb_server_loc into develop
...
Reviewed-on: unkinben/puppet-prod#29
2023-10-21 23:17:00 +09:30
c6c36e8351
fix: set the puppetdb_host correctly
...
- change the puppetdb::master::config from include to class statement
- set the puppetdb_host value to match what is stored in hiera
- disable firewall management on the puppetdb host
2023-10-22 00:40:12 +11:00
95434214a9
feat: add management of /etc/hosts
...
- add class to manage the /etc/hosts file
- add static hosts to /etc/hosts file via hiera array/hash
2023-10-22 00:34:22 +11:00
e847954e03
Merge branch 'develop' into neoloc/puppet_wrapper
2023-10-22 00:00:52 +11:00
86a6c1bd96
feat: add sudo secure_path
...
- update the sudo class from an include to a definition
- set the secure_path variable to include /usr/local/{bin,sbin}
2023-10-21 23:52:48 +11:00
ac27a9ce0b
Merge branch 'develop' into neoloc/puppetdb
2023-10-21 23:30:40 +11:00
080cdd8884
Setup PuppetDB/Puppetboard
...
- install modules required
- puppetdb
- postgresql
- puppetboard
- python
- create new profiles to manage each item (puppetdb/puppetboard)
- added puppetdb role
- include the puppetdb::master::config in puppetmaster role
- re-organised the puppetfile
- moved python to be managed by the python module
- added postgresql to list of managed repos
2023-10-21 23:11:40 +11:00
2b11a9417c
Account/Sudo management
...
- imported account and sudo puppet modules
- created account management wrapper
- defined sysadmin account, set to be created on all nodes
- removed sudo from base packages as its managed by sudo module now
2023-08-29 23:25:10 +10:00
d2fb3cff27
Merge branch 'develop' into feature/default_environment
2023-08-26 19:50:54 +10:00
