unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
405 Commits 18 Branches 0 Tags 3 MiB
14a56a41a2
Commit Graph

405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Vincent
14a56a41a2 Merge branch 'develop' into neoloc/consul_wan 
Conflicts:
	hieradata/common.yaml
 2024-05-05 18:01:41 +10:00
Ben Vincent
31f670ad18 Merge pull request 'neoloc/syd1_puppet' (#195) from neoloc/syd1_puppet into develop 
Reviewed-on: unkinben/puppet-prod#195
 2024-05-05 17:13:38 +09:30
Ben Vincent
6335167e3a feat: change clients to use puppet.query.consul 
- change all clients/servers to use puppet from consul service mesh
 2024-05-05 16:47:39 +10:00
Ben Vincent
f1ff7cb736 feat: distribute eyaml pub/priv key 
- distribute the private/public pem for eyaml via eyaml
 2024-05-05 16:25:18 +10:00
Ben Vincent
ff83e28413 Merge pull request 'feat: per-datacentre consul dns' (#194) from neoloc/consul_dns into develop 
Reviewed-on: unkinben/puppet-prod#194
 2024-05-04 16:00:55 +09:30
Ben Vincent
51bd1796ad feat: per-datacentre consul dns 
- change forwarding for consul to be per-datacentre to local consul
- change domain from service.consul -> consul so query.consul can be resolved
 2024-05-04 16:27:32 +10:00
Ben Vincent
fe296d52d9 feat: manage puppet/puppetca consul services 
- add puppet service
- add puppetca service
- add ability to write to puppet/puppetca service in consul
- add puppet.(query,service).consul to dns_alt_names of all masters
- add puppetca.(query,service).consul to dns_alt_names of puppetca
 2024-05-04 16:10:32 +10:00
Ben Vincent
8a241d6b96 feat: add prepared_query capabilities to consul 
- add prepared query for:
  - vault
  - puppet
  - puppetca
 2024-05-04 15:46:47 +10:00
Ben Vincent
6020143f76 feat: consul multi-datacentre joining 
- add method to join multiple consul datacentres
- set syd1 as the primary datacentre
- use default token from au-syd1 cluster in all locations
- add replication token
 2024-05-04 00:39:18 +10:00
Ben Vincent
df8a55c3dd feat: manage puppetca 
- manage the puppet ca.cfg
- distribute the crl.pem from the puppetca to masters
 2024-05-03 21:29:25 +10:00
Ben Vincent
052b07be83 chore: remove excessive comments 
- remove the excessive comments and notes at the top of the puppet classes
 2024-05-03 20:48:20 +10:00
Ben Vincent
a429255c63 feat: puppet server agent 
- add [agent] settings for puppetservers
 2024-05-03 20:46:01 +10:00
Ben Vincent
56b23620b7 refactor: reoganise the puppetserver profile 
- manage puppetserver package
- set order for puppetserver classes
- for profiles::puppet::server class:
  - set param types using stdlib where possible
  - set default values for all params
- move configuration data to hieradata
- wait for enc_role fact to match role
- exclude puppet::client from puppermaster nodes
 2024-05-02 23:32:32 +10:00
Ben Vincent
7dc2daf48f Merge pull request 'fix: add use_backend for drw1 haproxy' (#193) from neoloc/haproxy_drw1 into develop 
Reviewed-on: unkinben/puppet-prod#193
 2024-05-01 21:50:30 +09:30
Ben Vincent
95135fb58a fix: add use_backend for drw1 haproxy 2024-05-01 21:58:10 +10:00
Ben Vincent
38ee3ec218 Merge pull request 'feat: haproxy refactor' (#192) from neoloc/haproxy_frontent_hiera into develop 
Reviewed-on: unkinben/puppet-prod#192
 2024-05-01 18:38:32 +09:30
Ben Vincent
8697492611 feat: haproxy refactor 
- configure deep merging in hiera
- move fe_http and fe_https to hiera
- configure pve backends for standard and api traffic
 2024-05-01 19:02:03 +10:00
Ben Vincent
af8763b044 Merge pull request 'feat: sydney haproxy cluster' (#191) from neoloc/haproxy_syd1 into develop 
Reviewed-on: unkinben/puppet-prod#191
 2024-04-28 20:49:32 +09:30
Ben Vincent
220ac182f4 feat: sydney haproxy cluster 
- add au-syd1 halb cluster
- add http-response to frontends
- manage haproxy after enc_role is correct
 2024-04-28 21:14:36 +10:00
Ben Vincent
a141de8b74 Merge pull request 'neoloc/consul_services' (#190) from neoloc/consul_services into develop 
Reviewed-on: unkinben/puppet-prod#190
 2024-04-28 16:40:02 +09:30
Ben Vincent
587df5309f Merge branch 'develop' into neoloc/consul_services 
Conflicts:
	hieradata/common.yaml
	site/profiles/manifests/consul/client.pp
 2024-04-28 17:09:18 +10:00
Ben Vincent
926ed24070 Merge pull request 'feat: change forwarded domain for consul' (#189) from neoloc/consul_dns into develop 
Reviewed-on: unkinben/puppet-prod#189
 2024-04-28 16:37:09 +09:30
Ben Vincent
8df927de18 feat: add node_token to agent config 
- move policy rules to hiera array[hash]
- add node_token to agent as the default token
 2024-04-28 17:06:06 +10:00
Ben Vincent
dff3f93297 feat: change forwarded domain for consul 
- change forward lookup zone for consul from consul.service.consul -> service.consul
 2024-04-28 15:45:13 +10:00
Ben Vincent
199e35840f fix: fix proxyurl for vault 
- change to http://
- change to localhost
 2024-04-28 14:22:33 +10:00
Ben Vincent
43afc23535 feat: deploy consul services 
- add vault.service.consul
 2024-04-28 14:06:49 +10:00
Ben Vincent
0f0d392fb4 feat: deploy consul agent 
- install the consul agent on all nodes, except consul servers
 2024-04-28 13:23:43 +10:00
Ben Vincent
dc39b7c7a4 Merge pull request 'fix: fix proxyurl for vault' (#188) from neoloc/vault_proxy into develop 
Reviewed-on: unkinben/puppet-prod#188
 2024-04-28 00:54:49 +09:30
Ben Vincent
f7141d7214 Merge pull request 'feat: deploy consul agent' (#187) from neoloc/consul_agent into develop 
Reviewed-on: unkinben/puppet-prod#187
 2024-04-28 00:54:15 +09:30
Ben Vincent
bf44c8f7b7 feat: deploy consul agent 
- install the consul agent on all nodes, except consul servers
 2024-04-28 01:19:08 +10:00
Ben Vincent
4453c8604a fix: fix proxyurl for vault 
- change to http://
- change to localhost
 2024-04-28 00:52:47 +10:00
Ben Vincent
f4a273e56c Merge pull request 'feat: simple nginx proxy' (#186) from neoloc/merge_nginx_consul_vault into develop 
Reviewed-on: unkinben/puppet-prod#186
 2024-04-28 00:03:33 +09:30
Ben Vincent
6fc5829fce feat: simple nginx proxy 
- merge consul/vault nginx proxy into single class
- replace nginx proxy classes for consul/vault with simpleproxy class
 2024-04-28 00:32:04 +10:00
Ben Vincent
0c6ae1a69a Merge pull request 'feat: add sydney vault cluster' (#184) from neoloc/vault_syd1 into develop 
Reviewed-on: unkinben/puppet-prod#184
 2024-04-27 22:05:59 +09:30
Ben Vincent
3001bc32f2 feat: add sydney vault cluster 
- separate yaml between multiple regions
- add nginx frontend to vault
 2024-04-27 22:35:16 +10:00
Ben Vincent
26f26e6283 Merge pull request 'feat: generate consul policy/tokens' (#176) from neoloc/consul_node_policies into develop 
Reviewed-on: unkinben/puppet-prod#176
 2024-04-27 19:52:26 +09:30
Ben Vincent
f536d19034 feat: generate consul policy/tokens 
- generate policy/token to add nodes
- generate policy/token for all nodes
- add base::root profile to manage aspects of the root user
 2024-04-27 20:21:57 +10:00
Ben Vincent
c0642bbcf1 Merge pull request 'fix: move primary_datacenter to region/role' (#175) from neoloc/consul_syd1_default_dc into develop 
Reviewed-on: unkinben/puppet-prod#175
 2024-04-26 23:41:26 +09:30
Ben Vincent
a7e9f1590e fix: move primary_datacenter to region/role 
- set syd1 as primary consul datacentre
- add consul.service.consul zone
- add nginx reverse proxy for consul webui
- set dns zones/acls/views/keys to be deep merged from hiera
- update default token
- add consul/consul.service.consul/consul.main.unkin.net to vault cert
 2024-04-26 23:11:38 +10:00
Ben Vincent
f863d6f6bb Merge pull request 'fix: consul members role key' (#174) from neoloc/consul_members_class into develop 
Reviewed-on: unkinben/puppet-prod#174
 2024-04-24 23:30:52 +09:30
Ben Vincent
3ca92ee1f3 fix: consul members role key 
- moved members_role for consul to common yaml
 2024-04-25 00:00:24 +10:00
Ben Vincent
98deb58fde Merge pull request 'fix: enable new consul clusters to be started' (#173) from neoloc/consul_bootstrap into develop 
Reviewed-on: unkinben/puppet-prod#173
 2024-04-24 23:23:08 +09:30
Ben Vincent
b6d3fc26de fix: enable new consul clusters to be started 
- wait for the enc_role fact to be correct, as this is required to find
  all keys in hiera
 2024-04-24 23:51:26 +10:00
Ben Vincent
6ad01abc6c Merge pull request 'fix: absent to file, for custom_facts.yaml' (#172) from neoloc/enc_role_facts2 into develop 
Reviewed-on: unkinben/puppet-prod#172
 2024-04-24 23:05:05 +09:30
Ben Vincent
5f6ba93393 fix: absent to file, for custom_facts.yaml 2024-04-24 23:34:21 +10:00
Ben Vincent
3ed433fb97 Merge pull request 'feat: moved enc_role and enc_env to ruby facts' (#171) from neoloc/enc_role_facts into develop 
Reviewed-on: unkinben/puppet-prod#171
 2024-04-24 23:01:57 +09:30
Ben Vincent
e0dbecbfa0 feat: moved enc_role and enc_env to ruby facts 2024-04-24 23:30:27 +10:00
Ben Vincent
2671b51fc2 Merge pull request 'feat: add syd1 consul cluster' (#170) from neoloc/syd1_consul_cluster into develop 
Reviewed-on: unkinben/puppet-prod#170
 2024-04-24 19:02:01 +09:30
Ben Vincent
89fcfe38ea feat: add syd1 consul cluster 2024-04-24 19:31:18 +10:00
Ben Vincent
4149d89dc0 Merge pull request 'neoloc/dns_master_multiregion' (#169) from neoloc/dns_master_multiregion into develop 
Reviewed-on: unkinben/puppet-prod#169
 2024-04-24 18:29:27 +09:30