unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
1,014 Commits 18 Branches 0 Tags 3 MiB
1cbc1be808
Commit Graph

278 Commits

Author SHA1 Message Date
Ben Vincent
1cbc1be808 feat: add host_volumes to nomad (#315) 
- add puppet client certs
- add tls-ca-bundle

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/315
 2025-06-14 19:37:50 +10:00
Ben Vincent
60834ced00 feat: nomad cni additions (#314) 
- add consul-cni package
- enable grpc for consul servers
- enable consul connect for consul servers
- set recursors for consul
- add ports to consul agent (grpc, dns, http for nomad)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/314
 2025-06-14 18:47:24 +10:00
Ben Vincent
890e9670f3 chore: update the consul service name (#313) 
- update the name for the packagerepo service
- was copy/pasted from jupyterhub

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/313
 2025-06-09 14:46:16 +10:00
Ben Vincent
66fdd7b615 feat: update incus image host to run on incus (#309) 
- remove zfs
- remove some sysctl values
- remove memlocks from limits
- install iptables, required for creating bridges

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/309
 2025-06-08 22:58:44 +10:00
Ben Vincent
f43d5f685b feat: update reposync repos (#308) 
- remove almalinux 9.4
- add almalinux 9.6
- add epel 8 and 9
- update mssql
- add k8s 1.33

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/308
 2025-06-01 18:20:10 +10:00
Ben Vincent
bb2f59621a feat: split reposync into two roles (#307) 
- reposync and packagerepo web service
- change backing datastore to be cephfs /shared/app/packagerepo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/307
 2025-06-01 11:33:44 +10:00
Ben Vincent
1a904af2ee feat: change g10k to use a package (#304) 
- the archive path is no longer valid
- produced a g10k rpm with rpmbuilder

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/304
 2025-05-31 13:51:51 +10:00
Ben Vincent
ed1a4f6488 fix: missed address in consul service (#303) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/303
 2025-05-30 23:27:44 +10:00
Ben Vincent
bdd833fa4e feat: create basic k8s roles to start deployment (#302) 
- just create roles so can deploy hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/302
 2025-05-30 23:21:02 +10:00
Ben Vincent
c10a3e49fa chore: add new user (#301) 
- just jelly access

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/301
 2025-05-28 19:46:45 +10:00
Ben Vincent
3d5d40f381 chore: minor jellyfin updates (#300) 
- add jellyfin to video group, for access to gpu
- install intel related gpu drivers
- export lxc jellyfin to haproxy

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/300
 2025-05-27 19:55:55 +10:00
Ben Vincent
b3347f9226 chore: migrate media applications (#299) 
- migrate media applications to new cephfs pool + incus
- enable exporting haproxy
- move ceph-client-setup to only apply to non-lxc hosts
- ensure unrar is installed for nzbget
- updated jellyfin use of data_dir
- set lxc instances for jellyfin to use /shared/apps/jellyfin

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/299
 2025-05-25 20:27:17 +10:00
Ben Vincent
1d23fef82e feat: update settings for ceph (#298) 
- enable root logins via ssh with keys
- add ssh key for ceph to root user

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/298
 2025-05-25 20:22:00 +10:00
Ben Vincent
596e498a00 feat: change media arr apps to hiera_include (#296) 
- change profiles::media::* to be hiera_included
- this is required to enable it to be hiera_excluded on virtual == lxc

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/296
 2025-05-24 20:23:56 +10:00
Ben Vincent
520e8a34e0 feat: add a nomad agent v2 role (#293) 
- excludes ceph (will be passed from incus)
- excludes frrouting (will use host-networking)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/293
 2025-05-24 15:35:20 +10:00
Ben Vincent
89a0f329d8 feat: update vault url (#291) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/291
 2025-05-21 19:58:12 +10:00
Ben Vincent
6dcc7343e0 feat: updated ceph ssh authorized_key (#290) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/290
 2025-05-17 14:05:25 +10:00
Ben Vincent
e7d4c75192 feat: enable ssh access to enp3s0 (#289) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/289
 2025-05-17 13:50:35 +10:00
Ben Vincent
d9e8637ad6 feat: manage more ceph requirements (#288) 
- add ceph-common to provide utilities for managing ceph
- add root and sysadmin ssh keys for ceph deployments

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/288
 2025-05-17 11:14:45 +10:00
Ben Vincent
92f0ae64b9 feat: enable ssh on all loopbacks (#287) 
- required for cephadm to manage roles

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/287
 2025-05-16 07:05:31 +10:00
Ben Vincent
c1637d9f43 feat: add cephadm to incus hosts (#286) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/286
 2025-05-16 05:56:28 +10:00
Ben Vincent
1aabe21173 feat: manage mon loopback0 (#285) 
- add frrouting
- set all ceph nodes to use ospf + loopback0 + networkd
- fix ceph repos for mons

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/285
 2025-05-15 19:46:59 +10:00
Ben Vincent
2f088c461f feat: add ceph roles (#284) 
- add hieradata to manage ceph repo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/284
 2025-05-15 19:29:53 +10:00
Ben Vincent
90504e5b02 chore: use alias for nameservers (#283) 
- use an alias for nameservers for dhcp ranges
- move aliased nameservers to region-wide hiera

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/283
 2025-05-14 20:19:18 +10:00
Ben Vincent
87a6c73578 neoloc/loopback_dns (#281) 
- manage all interfaces in dns (except lo and anycast)
- move loopback0 anycast addresses to be anycast0

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/281
 2025-05-11 16:36:04 +10:00
Ben Vincent
51d6c1e81d fix: enable dns resolver access for dmz1 (#278) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/278
 2025-05-10 06:57:05 +10:00
Ben Vincent
f322440d01 feat: setup anycast consul dns (#276) 
- manage frrouting repo/ospf
- change to systemd-networkd
- enable ospf on incus nodes bridges

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/276
 2025-05-09 22:07:42 +10:00
Ben Vincent
b05acb23f4 feat: use custom cert for puppetdb access (#271) 
- manually generated certificate using sudo puppetserver ca generate --certname puppetdbapi.query.consul
- saved certificate and private_key in eyaml

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/271
 2025-05-03 12:41:23 +10:00
Ben Vincent
cdf9456456 feat: update psql15 repos for roles (#269) 
- update patroni to use packagerepo
- update puppetdb to use packagerepo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/269
 2025-04-29 21:04:45 +10:00
Ben Vincent
2323ef7749 feat: postgresql15/postgresql17 (#268) 
- add postgresql15 and 17 to reposync

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/268
 2025-04-28 21:39:45 +10:00
Ben Vincent
78f4d2a88f feat: cleanup mpls configuration (#262) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/262
 2025-04-26 00:39:23 +10:00
Ben Vincent
762d980ea8 feat: update dns resolver zone management (#261) 
- move zones to common role path
- specify forwarders for each zone in region based hiera

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/261
 2025-04-25 01:01:47 +10:00
Ben Vincent
463abe4b9d feat: add reverse dns zones for incus (#260) 
- add reverse dns zones for incus hosts
- update acls for openresolver

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/260
 2025-04-24 23:48:34 +10:00
Ben Vincent
2321186ad5 neoloc/mpls_ldp_frr (#255) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/255
 2025-04-24 16:51:31 +10:00
Ben Vincent
c24babe309 feat: add incus image host (#254) 
- add role
- add consul service + checks
- manage the datavol as zfs
- insure the incus fact exists before attempting to read it

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/254
 2025-04-24 01:00:39 +10:00
Ben Vincent
bfda2b628b feat: enable ip forwarding for gitea runners (#253) 
- required to enable docker containers reach git service

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/253
 2025-04-21 18:40:17 +10:00
Ben Vincent
278f8001b0 feat: add frr synced repo (#252) 
- add frr repo to incus hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/252
 2025-04-18 21:21:23 +10:00
Ben Vincent
0fe44cf4e2 feat: add frr repos (#251) 
- add frr/stable/el8
- add frr/stable/el9
- add frr/extras/el8
- add frr/extras/el9

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/251
 2025-04-15 02:21:55 +10:00
Ben Vincent
25b06cde22 feat: move bridge management to incus (#250) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/250
 2025-04-15 00:04:14 +10:00
Ben Vincent
0e3dd4d7d0 feat: initialise barebones server (#248) 
- manage incus servers init

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/248
 2025-04-06 23:56:50 +10:00
Ben Vincent
b6ea353cfb feat: update dns resolver acls (#246) 
- add dmz acl
- add common acl
- add loopback/ceph/physical subnets to main acl

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/246
 2025-04-06 16:44:16 +10:00
Ben Vincent
c225564bdb feat: continue incus implementation (#245) 
- migrate to systemd-networkd
- setup dummy, bridge and static/ethernet interfaces
- manage sshd.service droping to start ssh after networking is online
- enable ip forewarding
- add fastpool/data/incus dataset
- enable ospf and frr
- add loopback0 as ssh listenaddress
- add loopback1/2 for ceph cluster/public traffic

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/245
 2025-04-06 16:38:04 +10:00
Ben Vincent
06666fe488 fix: resolve issue with baseos in el9 (#244) 
- was not correctly provisioning the baseos repo for el9 incus hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/244
 2025-04-02 21:02:08 +11:00
Ben Vincent
95bc2716cf neoloc/incus_deploy (#241) 
feat: deploy incus

- manage sysctl based on incus recommendations
- manage limits based on incus recommendations
- manage zpools and zfs datasets
- add incus hiera settings

feat: manage repo for zfs

- dont use zfs module to manage repo, use profiles:😋:global::repos

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/241
 2025-03-31 23:14:05 +11:00
Ben Vincent
d39d25d3f1 feat: add almalinux 9.5 repos using mirrorlist (#235) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/235
 2025-03-30 16:24:55 +11:00
Ben Vincent
06b458cb0e feat: reposync for almalinux 9.4 (in vault) (#234) 
- sync baseos, ha, appstream and crb repos

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/234
 2025-03-30 12:31:09 +11:00
Ben Vincent
e025928d77 chore: set secretid for puppetboard (#232) 
- manage the secret_key for puppetboard
- required since module upgrade

https://github.com/voxpupuli/puppetboard/issues/721

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/232
 2025-03-30 01:53:25 +11:00
Ben Vincent
6a04701891 feat: add incus role (#229) 
- add basic infra::incus role
- add autossl, consul and ssh-principals for incus

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/229
 2025-03-30 00:56:04 +11:00
Ben Vincent
b95bcbd10a feat: add zfs to reposync (#224) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/224
 2025-03-29 20:08:31 +11:00
Ben Vincent
771b981d91 feat: enable nomad to manage sessions/services (#222) 
- this is required to start patroni

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/222
 2025-03-20 19:21:40 +11:00