unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
370 Commits 18 Branches 0 Tags 3 MiB
26f26e6283
Commit Graph

131 Commits

Author SHA1 Message Date
Ben Vincent
f536d19034 feat: generate consul policy/tokens 
- generate policy/token to add nodes
- generate policy/token for all nodes
- add base::root profile to manage aspects of the root user
 2024-04-27 20:21:57 +10:00
Ben Vincent
a7e9f1590e fix: move primary_datacenter to region/role 
- set syd1 as primary consul datacentre
- add consul.service.consul zone
- add nginx reverse proxy for consul webui
- set dns zones/acls/views/keys to be deep merged from hiera
- update default token
- add consul/consul.service.consul/consul.main.unkin.net to vault cert
 2024-04-26 23:11:38 +10:00
Ben Vincent
3ca92ee1f3 fix: consul members role key 
- moved members_role for consul to common yaml
 2024-04-25 00:00:24 +10:00
Ben Vincent
2671b51fc2 Merge pull request 'feat: add syd1 consul cluster' (#170) from neoloc/syd1_consul_cluster into develop 
Reviewed-on: unkinben/puppet-prod#170
 2024-04-24 19:02:01 +09:30
Ben Vincent
89fcfe38ea feat: add syd1 consul cluster 2024-04-24 19:31:18 +10:00
Ben Vincent
99d3dcf4d8 Merge branch 'develop' into neoloc/dns_master_multiregion 2024-04-24 18:58:41 +10:00
Ben Vincent
b8d799e8e9 feat: select nameserver in soa based on role 
- find all dns servers in $ns_use (region/country/all),
- or use the current node as the only nameserver
 2024-04-24 18:44:08 +10:00
Ben Vincent
f8fd6700da feat: enable selecting nameserver by fact 
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
 2024-04-24 18:40:18 +10:00
Ben Vincent
6fc0b240c1 Merge pull request 'feat: sort ntpservers, select ntp to use' (#167) from neoloc/ntp_selection into develop 
Reviewed-on: unkinben/puppet-prod#167
 2024-04-23 23:29:06 +09:30
Ben Vincent
7b316c6b0b feat: sort ntpservers, select ntp to use 
- sort the ntpservers array so it doesnt change each run of puppet
- allow the selection of all, region or country specific ntp servers
 2024-04-23 23:57:01 +10:00
Ben Vincent
dbe11323c5 feat: enable selecting nameserver by fact 
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
 2024-04-23 22:39:33 +10:00
Ben Vincent
e5b3112189 Merge pull request 'feat: add new syd1 prod networks' (#161) from neoloc/sydney_subnets into develop 
Reviewed-on: unkinben/puppet-prod#161
 2024-04-21 22:25:56 +09:30
Ben Vincent
bc4246dd05 feat: add new syd1 prod networks 2024-04-21 22:55:06 +10:00
Ben Vincent
9c6dee7609 feat: manage timezone per region 
- add timezone module
- set per-region timezone setting
- setup hiera_classes, set to deep merge, and set to include all in base profile
 2024-04-21 15:48:09 +10:00
Ben Vincent
f04c74bd4d feat: manage proxmox nodes 
- change /etc/hosts to meet proxmox requirements
- add proxmox node role
- add init, params, repo, install, clusterjoin classes
 2024-04-21 15:08:28 +10:00
Ben Vincent
19c8749d9e feat: split lm-sensors for debian/rhel 2024-04-14 23:17:38 +10:00
Ben Vincent
d0d67e316a feat: prepare puppet for debian 
- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules
 2024-04-13 22:34:28 +10:00
Ben Vincent
82f2d75888 feat: add frontends, backends, listeners 
- add a way to define frontends, backends and listeners through hieradata
 2024-04-06 20:23:37 +11:00
Ben Vincent
ed60e18062 feat: update jdk11 for puppetdb 
- specify the java_bin
- specify the java_args
 2024-04-06 20:05:23 +11:00
Ben Vincent
f79d9de495 feat: update node_lookup 
- update node_lookup to use new puppetdb URL
 2024-04-06 18:31:41 +11:00
Ben Vincent
c9a1d35af9 feat: add cnames to haproxy 
- manage A records for haproxy
- manage cnames for services using haproxy
 2024-04-06 16:26:50 +11:00
Ben Vincent
e97d061f46 feat: add puppetdbapi to haproxy 
- add puppetdbapi backend to haproxy
- add puppetdbapi altname to the vault certificate
- add mapping for hostname to backend
 2024-04-06 15:49:10 +11:00
Ben Vincent
f7881b19cf Merge pull request 'feat: add puppetboard backend' (#150) from neoloc/haproxy_puppetboard into develop 
Reviewed-on: unkinben/puppet-prod#150
 2024-04-06 02:54:26 +09:30
Ben Vincent
57b7a3036b Merge pull request 'feat: add virtual/physical check' (#147) from neoloc/sensors into develop 
Reviewed-on: unkinben/puppet-prod#147
 2024-04-06 02:53:57 +09:30
Ben Vincent
105bf1b09d feat: add puppetboard backend 
- add balancemember to puppetboard nodes
- add be_puppetboard to haproxxy
- add puppetboard.main.unkin.net to haproxy altnames
- add puppetboard to backend mapping
- change way backends are registered in haproxy
 2024-04-06 04:20:39 +11:00
Ben Vincent
2091f1ada3 feat: add haproxy profile 
- add haproxy server class
- add haproxy profile to role
- add hiera data for region specific haproxy
- add selinux configuration
- add certlist management
- add default http and https frontends
- add default stats listener
 2024-04-06 03:27:45 +11:00
Ben Vincent
5bde96fb4d feat: change certmanage to approles 
- created approle 'certmanager' using 'certmanager' policy
- update certmanager script to generate token based on roleid
 2024-04-04 00:32:08 +11:00
Ben Vincent
64563902d4 feat: deploy cobbler enc 
- install python3.11 on all nodes
- create python3.11 venv for cobbler-enc
- install requirements in cobbler-enc venv
- symlink to /usr/local/bin/
 2024-03-31 20:58:31 +11:00
Ben Vincent
0ad31f6013 feat: add virtual/physical check 
- add virtual tree to hiera
- add virtual/kvm and virtual/physical hiera sources
- add lm_sensors to be installed on hardware nodes
 2024-03-31 15:36:41 +11:00
Ben Vincent
d64e185919 Merge pull request 'feat: add dhcp servers' (#145) from neoloc/dhcp-server into develop 
Reviewed-on: unkinben/puppet-prod#145
 2024-03-29 07:45:16 +09:30
Ben Vincent
d64860f47b feat: add dhcp servers 
- include puppet-dhcp module
- manage dhcp pools
- manage dhcp classes (bios/uefi)
 2024-03-29 09:13:26 +11:00
Ben Vincent
159c57677a Merge pull request 'feat: add cobbler profile' (#144) from neoloc/cobbler_profile into develop 
Reviewed-on: unkinben/puppet-prod#144
 2024-03-29 07:10:33 +09:30
Ben Vincent
80b7ad8639 feat: add cobbler profile 
- add datavol to cobbler nodes
- add cobbler profile
- add cobbler role hieradata
- manage selinux where required for cobbler
- manage service cname
 2024-03-29 08:36:42 +11:00
Ben Vincent
e02921be75 feat: deep merge yum repos to manage 
- fixed merging of yum repos
- changed puppet7 to use local copy of repo
 2024-03-28 21:41:15 +11:00
Ben Vincent
0383db2b10 feat: set sysadmin password 2024-03-28 20:34:50 +11:00
Ben Vincent
748a0e8632 feat: enable sydney subnets 2024-03-28 20:08:00 +11:00
Ben Vincent
f2cdcb8c8e feat: add sydney subnets 2024-03-21 22:02:25 +11:00
Ben Vincent
8f5e9e40a1 feat: add ovirt roles 
- add repositories for ovirt
- add role/profile for ovirt/engine and ovirt/node
- add deep-merge for managed_repos
- change repos to allow filesource (URL or file://)
- change reposync to use curl instead of wget
 2024-03-16 16:43:12 +11:00
Ben Vincent
bca5d32793 fix: updated gpg key for psql repos 2024-03-10 16:18:03 +11:00
Ben Vincent
51d0ca16ec feat: update yumrepos to use https:// 
- require vaultca on all repos on repos.main.unkin.net
 2024-03-03 16:44:16 +11:00
Ben Vincent
df97b75aca Merge pull request 'feat: change nginx to use vault ssl certs' (#128) from neoloc/packagerepo_ssl into develop 
Reviewed-on: unkinben/puppet-prod#128
 2024-03-03 13:34:04 +09:30
Ben Vincent
5afa9e8960 Merge pull request 'neoloc/pki_generate' (#127) from neoloc/pki_generate into develop 
Reviewed-on: unkinben/puppet-prod#127
 2024-03-03 13:33:33 +09:30
Ben Vincent
88ba8406b8 feat: deep merge alt_names and ip_sans 
- set hiera to deep-merge alt_names and ip_sans for generating vault
  certificates
 2024-03-03 15:01:14 +11:00
Ben Vincent
3e98ced8da feat: change nginx to use vault ssl certs 
- update packagerepo webserver class to allow using ssl
 2024-03-03 14:53:36 +11:00
Ben Vincent
5b56767be7 chore: updated vault_token 2024-02-25 22:32:18 +11:00
Ben Vincent
6bcdda1a93 chore: update vault policy 
- updated vault policy for certificates
 2024-02-25 22:11:31 +11:00
Ben Vincent
8112c07ba8 fix: rebuild vault 
- rebuilt vault, updated root token and unseak keys
 2024-02-25 21:19:43 +11:00
Ben Vincent
7f03bc5c76 feat: add certmanager helper 
- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only
 2024-02-19 21:20:50 +11:00
Ben Vincent
12ff053c6d refacter: cleanup packages setup 2024-02-17 22:49:32 +11:00
Ben Vincent
fe05c86463 feat: add vault server profile 
- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
 2024-02-17 21:12:12 +11:00