4bd3310ea8
feat: refacter gitea profile
...
- move more data to hiera
- change how the custom_configuration is made
2024-06-01 17:16:37 +10:00
4b4272250a
Merge branch 'develop' into neoloc/grafana
2024-06-01 14:47:06 +10:00
3dfe9b9b73
Merge pull request 'feat: puppetdb sql updates' ( #5 ) from neoloc/puppetdb_sql into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/5
2024-06-01 14:36:27 +10:00
de39515862
ferat: change to gitea hosted package repo
2024-06-01 14:05:14 +10:00
6c2328e8ba
feat: bump git client_max_body_size
...
- change from 100m to 250m
2024-06-01 13:31:35 +10:00
e7ddbfa035
feat: increase client_max_body_size for git
...
- update hieradata with client_max_body_size for git role
2024-06-01 12:51:06 +10:00
f029b04427
feat: update git sources
...
- update r10k source
- update enc source
- update source for puppet-bind module
2024-05-28 23:51:19 +10:00
fab4ea5998
feat: add gitea classes
...
- add basic gitea class
2024-05-28 23:14:36 +10:00
263d41fe9e
chore: remove prodinf01n01 as puppetca
2024-05-28 21:06:04 +10:00
df371a6b09
feat: syd1 puppetca provisioning
...
- move puppetca to ausyd1nxvm1036
2024-05-28 20:13:08 +10:00
d2d08bc479
fix: change drw1 puppetmasters to use syd1 approle
...
- changing vault url to vault.query.consul forced puppetmasters in drw1
to connect to syd1 vault hosts
- set drw1 puppetmasters to use syd1 approle_id
2024-05-26 01:27:45 +10:00
b00781b604
feat: change vault url to vaul.query.consul
...
- support access to vault from multiple datacentres for certmanager
2024-05-26 01:23:16 +10:00
ad268e8977
Merge pull request 'feat: vault use vault' ( #226 ) from neoloc/vault_use_vault into develop
...
Reviewed-on: unkinben/puppet-prod#226
2024-05-26 00:38:55 +09:30
ad4f9b81f4
Merge pull request 'neoloc/syd1_certmanager_approle' ( #224 ) from neoloc/syd1_certmanager_approle into develop
...
Reviewed-on: unkinben/puppet-prod#224
2024-05-26 00:38:16 +09:30
7c0bf4a398
feat: vault use vault
...
- change vault to use vault ephemeral certificates
- remove nginx frontend to vault
2024-05-26 01:06:48 +10:00
b9c327799f
feat: add vault service/query altnames
...
- add nginx aliases for vault services
- add additional vault certificates
- change certmanager script to use vault.service.consul
2024-05-25 15:51:09 +10:00
2c3aa2bbdc
feat: vault certmanager tokens
...
- move vault certmanager tokens to drw1/syd1 specific eyaml
- add syd1 certmanger token for syd1 vault
2024-05-25 15:50:59 +10:00
0b549325a1
Merge pull request 'feat: added country-region altnames' ( #223 ) from neoloc/puppetboard_altnames into develop
...
Reviewed-on: unkinben/puppet-prod#223
2024-05-24 23:01:37 +09:30
c883bc8c91
feat: added country-region altnames
...
- add puppetboard.service.au-{syd1|drw1}.consul to:
- vault pki cert
- nginx server aliases
2024-05-24 23:27:07 +10:00
cbf3f0e694
feat: change drw1 puppetdb -> syd1
2024-05-24 23:06:18 +10:00
22af602510
Merge pull request 'feat: puppet::client multiple altnames' ( #221 ) from neoloc/puppetdbapi_certs into develop
...
Reviewed-on: unkinben/puppet-prod#221
2024-05-22 22:42:59 +09:30
0901595de9
feat: puppet::client multiple altnames
...
- puppet clients can not request multiple dns alt_names
- set puppetdbapi hosts to request multiple certificates
2024-05-22 23:05:34 +10:00
349547c4bc
feat: puppetboard on consul
...
- updated nginx param types
- add nginx aliases, merge with vhost, use as server_names
- add additional vault alt-names
- add prepared query for puppetboard
2024-05-22 22:54:54 +10:00
8fb4c59f88
Merge branch 'develop' into neoloc/syd1_puppetdb
2024-05-22 22:30:10 +10:00
d2235610af
Merge pull request 'feat: set syd1 puppetdb hosts' ( #218 ) from neoloc/puppetboard into develop
...
Reviewed-on: unkinben/puppet-prod#218
2024-05-22 21:58:52 +09:30
25cbff4656
feat: set syd1 puppetdb hosts
...
- change syd1 puppetdb hosts to use consul serivce/query addresses
2024-05-22 22:23:07 +10:00
770c8cc159
feat: update hiera key for puppetdb api/sql
...
- changed to use puppetdbapi and puppetdbsql hiera keys
- updated all classes that referenced old values
2024-05-22 22:18:32 +10:00
9e3b680b0b
feat: add prepared query for puppetdbapi
...
- merge to develop
- add prepared query for puppetdbapi
2024-05-22 22:11:51 +10:00
f6bf504416
Merge branch 'develop' into neoloc/syd1_puppetdb
2024-05-22 22:11:04 +10:00
39aa6e114e
feat: puppetdb sql updates
...
- add consul support
- enable local script checks in consul agents
- add a test DB/User for consult to verify the psql instance is running
- manage the postgresql repo and gpg key
2024-05-22 22:05:54 +10:00
6035af37a1
feat: increase puppetdb api Xmx
...
- change java args to use 2048mb of memory
2024-05-22 21:37:00 +10:00
65bd2ae8d5
fix: repo target changes
...
- use per-repo target files
2024-05-19 22:46:27 +10:00
0e7168026d
Merge pull request 'neoloc/yumrepos' ( #212 ) from neoloc/yumrepos into develop
...
Reviewed-on: unkinben/puppet-prod#212
2024-05-19 20:09:50 +09:30
fd466fcccc
feat: cleanup old repo management
...
- change profiles::puppet::agent to require Yumrepo['puppet']
- remove managed repos hieradata
- remove profiles:😋 :* classes that are not required
- remove missed rebase comment
2024-05-19 20:27:56 +10:00
5f9480f186
feat: direct yumrepo config
...
- deep merge yumrepo resources
- convert repos to direct yumrepo in hieradata
- change from repos.main.unkin.net to edgecache.query.consul
- create all yumrepo resources from $profiles:😋 :global::repos
2024-05-19 20:27:47 +10:00
da2e98ed4d
feat: add centos mirror to edgecache
...
- add centos repo to edgecache
2024-05-19 19:41:15 +10:00
6f9a606549
feat: configure edgecache for postgresql
...
- add fact to record system resolvers
- add resolvers feature in /etc/nginx/conf.d/resolvers.conf
- add rewrite rules for postgres/yum/repodata
2024-05-19 16:56:36 +10:00
9640779846
feat: mariadb improvements
...
- add bind-address to local_ip
- add consul service
2024-05-19 14:53:14 +10:00
8f4799ce2a
feat: update consul service service
...
- change edgecache service name from puppet -> edgecache
2024-05-19 14:53:14 +10:00
6bddec6bd2
Merge pull request 'feat: manage pgsql settings for puppetdb' ( #208 ) from neoloc/puppetdb_connections into develop
...
Reviewed-on: unkinben/puppet-prod#208
2024-05-12 16:10:42 +09:30
5774ebd614
feat: manage pgsql settings for puppetdb
...
- deep merge postgresql_config_entries in common.yaml
- add postgresql_config_entries into a new hieradata/roles/infra/puppetdb/sql.yaml
- set puppetdb role to import the options
2024-05-12 16:36:43 +10:00
2aa5ead9d1
feat: prepare syd1 mariadb cluster
...
- update role to wait for enc_role
- move hiera data to country/region/role specific location
2024-05-12 15:40:43 +10:00
4a1848db38
fix: cobbler host
...
- fixed name of cobbler host in yaml
2024-05-11 23:09:30 +10:00
5577e368e9
Merge pull request 'chore: move pxeboot to syd1 cobbler' ( #204 ) from neoloc/dhcp_syd1_cobbler into develop
...
Reviewed-on: unkinben/puppet-prod#204
2024-05-11 21:36:23 +09:30
dca99d2716
chore: move pxeboot to syd1 cobbler
...
- update nameservers for syd1 to use local dns resolvers
- update pxeserver to au-syd1 cobbler
2024-05-11 22:05:21 +10:00
ec6e49e37a
Merge pull request 'feat: change cobbler master' ( #203 ) from neoloc/cobbler_master into develop
...
Reviewed-on: unkinben/puppet-prod#203
2024-05-11 21:20:56 +09:30
3e233ea688
feat: change cobbler master
...
- promote ausyd1nxvm1017
2024-05-11 21:50:02 +10:00
cb54cd2dba
feat: add edgecache prepared_query
...
- add edgecache as a prepared_query in consul
2024-05-11 21:47:14 +10:00
4171427e7b
feat: add edgecache role
...
- add edge-caching role
- add mirror for debian, almalinux and epel repositories
- export service as edgecache in consul
2024-05-11 21:46:20 +10:00
9edd060367
feat: deep merge /etc/hosts
...
- allow managing /etc/hosts on multiple levels of hiera
2024-05-11 21:45:24 +10:00
eeb21081d3
Merge branch 'develop' into neoloc/selinux_fix
2024-05-11 15:01:38 +09:30
6633f07d8b
feat: install policycoreutils
...
- install policycoreutils on all almalinux releases
2024-05-11 15:30:01 +10:00
a618962d07
fix: move selinux profile to cobbler
...
- only import the selinux enforce profile in cobbler
2024-05-11 15:22:16 +10:00
911e284586
Merge pull request 'fix: export cobbler DNS if is_cobbler_master' ( #200 ) from neoloc/cobbler_dns into develop
...
Reviewed-on: unkinben/puppet-prod#200
2024-05-11 14:13:37 +09:30
a05f81799d
fix: export cobbler DNS if is_cobbler_master
...
- set prodinf01n48 as primary cobbler node
- ensure the cobbler DNS record is created
2024-05-11 14:36:28 +10:00
ce3e0f2320
Merge pull request 'neoloc/cobbler_refacter' ( #199 ) from neoloc/cobbler_refacter into develop
...
Reviewed-on: unkinben/puppet-prod#199
2024-05-09 22:45:33 +09:30
fee0bde604
feat: complete cobbler automation
...
- add facts to manage the /var/www/cobbler and /data/cobbler directories
- move /var/www/cobbler -> /data/cobbler
- create symlink from /var/www/cobbler -> /data/cobbler
- ensure that cobbler nodes are set to permissive selinux mode
2024-05-09 22:44:55 +10:00
72077d64a2
refactor: reconfigure cobbler to module style
...
- split params into class
- split class into individual functions
2024-05-07 22:44:01 +10:00
c2e413c0fb
chore: move dhcp hieradata to hieradata/role
2024-05-06 21:49:41 +10:00
e9c7fbc2b5
feat: update puppetdb_api for multi-zone
...
- wait for the enc_role fact to be updated and match
- move puppetdb db/api host values to common.yaml
- add vault cert altnames for consul query/service addresses
- add consul services/rules/checks
2024-05-06 20:38:25 +10:00
14a56a41a2
Merge branch 'develop' into neoloc/consul_wan
...
Conflicts:
hieradata/common.yaml
2024-05-05 18:01:41 +10:00
31f670ad18
Merge pull request 'neoloc/syd1_puppet' ( #195 ) from neoloc/syd1_puppet into develop
...
Reviewed-on: unkinben/puppet-prod#195
2024-05-05 17:13:38 +09:30
6335167e3a
feat: change clients to use puppet.query.consul
...
- change all clients/servers to use puppet from consul service mesh
2024-05-05 16:47:39 +10:00
f1ff7cb736
feat: distribute eyaml pub/priv key
...
- distribute the private/public pem for eyaml via eyaml
2024-05-05 16:25:18 +10:00
51bd1796ad
feat: per-datacentre consul dns
...
- change forwarding for consul to be per-datacentre to local consul
- change domain from service.consul -> consul so query.consul can be resolved
2024-05-04 16:27:32 +10:00
fe296d52d9
feat: manage puppet/puppetca consul services
...
- add puppet service
- add puppetca service
- add ability to write to puppet/puppetca service in consul
- add puppet.(query,service).consul to dns_alt_names of all masters
- add puppetca.(query,service).consul to dns_alt_names of puppetca
2024-05-04 16:10:32 +10:00
8a241d6b96
feat: add prepared_query capabilities to consul
...
- add prepared query for:
- vault
- puppet
- puppetca
2024-05-04 15:46:47 +10:00
6020143f76
feat: consul multi-datacentre joining
...
- add method to join multiple consul datacentres
- set syd1 as the primary datacentre
- use default token from au-syd1 cluster in all locations
- add replication token
2024-05-04 00:39:18 +10:00
df8a55c3dd
feat: manage puppetca
...
- manage the puppet ca.cfg
- distribute the crl.pem from the puppetca to masters
2024-05-03 21:29:25 +10:00
56b23620b7
refactor: reoganise the puppetserver profile
...
- manage puppetserver package
- set order for puppetserver classes
- for profiles::puppet::server class:
- set param types using stdlib where possible
- set default values for all params
- move configuration data to hieradata
- wait for enc_role fact to match role
- exclude puppet::client from puppermaster nodes
2024-05-02 23:32:32 +10:00
95135fb58a
fix: add use_backend for drw1 haproxy
2024-05-01 21:58:10 +10:00
8697492611
feat: haproxy refactor
...
- configure deep merging in hiera
- move fe_http and fe_https to hiera
- configure pve backends for standard and api traffic
2024-05-01 19:02:03 +10:00
220ac182f4
feat: sydney haproxy cluster
...
- add au-syd1 halb cluster
- add http-response to frontends
- manage haproxy after enc_role is correct
2024-04-28 21:14:36 +10:00
587df5309f
Merge branch 'develop' into neoloc/consul_services
...
Conflicts:
hieradata/common.yaml
site/profiles/manifests/consul/client.pp
2024-04-28 17:09:18 +10:00
8df927de18
feat: add node_token to agent config
...
- move policy rules to hiera array[hash]
- add node_token to agent as the default token
2024-04-28 17:06:06 +10:00
dff3f93297
feat: change forwarded domain for consul
...
- change forward lookup zone for consul from consul.service.consul -> service.consul
2024-04-28 15:45:13 +10:00
199e35840f
fix: fix proxyurl for vault
...
- change to http://
- change to localhost
2024-04-28 14:22:33 +10:00
43afc23535
feat: deploy consul services
...
- add vault.service.consul
2024-04-28 14:06:49 +10:00
0f0d392fb4
feat: deploy consul agent
...
- install the consul agent on all nodes, except consul servers
2024-04-28 13:23:43 +10:00
dc39b7c7a4
Merge pull request 'fix: fix proxyurl for vault' ( #188 ) from neoloc/vault_proxy into develop
...
Reviewed-on: unkinben/puppet-prod#188
2024-04-28 00:54:49 +09:30
bf44c8f7b7
feat: deploy consul agent
...
- install the consul agent on all nodes, except consul servers
2024-04-28 01:19:08 +10:00
4453c8604a
fix: fix proxyurl for vault
...
- change to http://
- change to localhost
2024-04-28 00:52:47 +10:00
6fc5829fce
feat: simple nginx proxy
...
- merge consul/vault nginx proxy into single class
- replace nginx proxy classes for consul/vault with simpleproxy class
2024-04-28 00:32:04 +10:00
3001bc32f2
feat: add sydney vault cluster
...
- separate yaml between multiple regions
- add nginx frontend to vault
2024-04-27 22:35:16 +10:00
f536d19034
feat: generate consul policy/tokens
...
- generate policy/token to add nodes
- generate policy/token for all nodes
- add base::root profile to manage aspects of the root user
2024-04-27 20:21:57 +10:00
a7e9f1590e
fix: move primary_datacenter to region/role
...
- set syd1 as primary consul datacentre
- add consul.service.consul zone
- add nginx reverse proxy for consul webui
- set dns zones/acls/views/keys to be deep merged from hiera
- update default token
- add consul/consul.service.consul/consul.main.unkin.net to vault cert
2024-04-26 23:11:38 +10:00
3ca92ee1f3
fix: consul members role key
...
- moved members_role for consul to common yaml
2024-04-25 00:00:24 +10:00
2671b51fc2
Merge pull request 'feat: add syd1 consul cluster' ( #170 ) from neoloc/syd1_consul_cluster into develop
...
Reviewed-on: unkinben/puppet-prod#170
2024-04-24 19:02:01 +09:30
89fcfe38ea
feat: add syd1 consul cluster
2024-04-24 19:31:18 +10:00
99d3dcf4d8
Merge branch 'develop' into neoloc/dns_master_multiregion
2024-04-24 18:58:41 +10:00
b8d799e8e9
feat: select nameserver in soa based on role
...
- find all dns servers in $ns_use (region/country/all),
- or use the current node as the only nameserver
2024-04-24 18:44:08 +10:00
f8fd6700da
feat: enable selecting nameserver by fact
...
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
2024-04-24 18:40:18 +10:00
6fc0b240c1
Merge pull request 'feat: sort ntpservers, select ntp to use' ( #167 ) from neoloc/ntp_selection into develop
...
Reviewed-on: unkinben/puppet-prod#167
2024-04-23 23:29:06 +09:30
7b316c6b0b
feat: sort ntpservers, select ntp to use
...
- sort the ntpservers array so it doesnt change each run of puppet
- allow the selection of all, region or country specific ntp servers
2024-04-23 23:57:01 +10:00
dbe11323c5
feat: enable selecting nameserver by fact
...
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
2024-04-23 22:39:33 +10:00
e5b3112189
Merge pull request 'feat: add new syd1 prod networks' ( #161 ) from neoloc/sydney_subnets into develop
...
Reviewed-on: unkinben/puppet-prod#161
2024-04-21 22:25:56 +09:30
bc4246dd05
feat: add new syd1 prod networks
2024-04-21 22:55:06 +10:00
9c6dee7609
feat: manage timezone per region
...
- add timezone module
- set per-region timezone setting
- setup hiera_classes, set to deep merge, and set to include all in base profile
2024-04-21 15:48:09 +10:00
f04c74bd4d
feat: manage proxmox nodes
...
- change /etc/hosts to meet proxmox requirements
- add proxmox node role
- add init, params, repo, install, clusterjoin classes
2024-04-21 15:08:28 +10:00
19c8749d9e
feat: split lm-sensors for debian/rhel
2024-04-14 23:17:38 +10:00
