unkinben
4e652ccbe6
chore: add alt-names to consul ( #448 )
...
- ensure consul datacenter is added to altnames
Reviewed-on: #448
2026-02-09 01:03:20 +11:00
unkinben
8c24c6582f
feat: manage vault version ( #446 )
...
- add params for version and package name
- add param to cleanup openbao
- add version lock (if not latest)
Reviewed-on: #446
2026-02-08 22:26:22 +11:00
unkinben
6bfc63ca31
feat: enable plugins for vault/openbao ( #447 )
...
- install openbao-plugins
- add plugin_directory
Reviewed-on: #447
2026-02-08 19:19:33 +11:00
unkinben
7215a6f534
chore: terraform state too large for body ( #442 )
...
- update consul/nginx max body size to 512MB
Reviewed-on: #442
2026-01-18 17:15:08 +11:00
unkinben
dbe1398218
chore: centralise all yum repo configuration ( #436 )
...
- add 30+ repository definitions to AlmaLinux/all_releases.yaml with `ensure: absent` defaults
- update all role-specific hieradata files to use `ensure: present` pattern
- remove duplicated repository URL/GPG key configurations from individual roles
- maintains existing functionality while improving maintainability"
Reviewed-on: #436
2026-01-15 21:35:13 +11:00
unkinben
92a48b4113
feat: ensure latest openbao package ( #417 )
...
- stop version locking openbao, use latest
Reviewed-on: #417
2025-11-06 20:01:37 +11:00
unkinben
16e654fdd7
feat: use openbao ( #404 )
...
- change vault role to use openbao
Reviewed-on: #404
2025-10-11 20:55:21 +11:00
unkinben
75ca7a5685
feat: add frr_exporter class ( #369 )
...
- add frr exporter to all nodes running frr
Reviewed-on: #369
2025-08-03 16:15:29 +10:00
unkinben
bd9e08dc24
feat: cleanup hieranodes settings ( #321 )
...
- migrate hieranodes values to roles yaml
- rename anycast ip keys to be similar
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/321
2025-06-21 23:16:34 +10:00
unkinben
60834ced00
feat: nomad cni additions ( #314 )
...
- add consul-cni package
- enable grpc for consul servers
- enable consul connect for consul servers
- set recursors for consul
- add ports to consul agent (grpc, dns, http for nomad)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/314
2025-06-14 18:47:24 +10:00
unkinben
5d36a4053b
feat: add droneci module
...
- add droneci module for server
- add droneci/server role
- add consul query for droneci service
- manage certificates, ssh principals, consul services/checks
2024-08-24 00:34:15 +10:00
unkinben
e2873a492a
fix: also fix repodata
2024-08-10 13:36:04 +10:00
unkinben
52e3d5b20b
fix: ceph-reef 18.2.4 not on el8
...
- force repo to use 18.2.2
2024-08-10 13:30:16 +10:00
unkinben
36ad19ffed
feat: add ceph mirror to edgecache
...
- add ceph reef apt and rpm repository to edgecache
- add the centos storage sig gpg
2024-06-21 20:38:54 +10:00
unkinben
62cac63f11
feat: add database generation to grafana
...
- ensure a database, user and credential is created for each grafana node
- ensure all databases for a region are included in a mariadb cluster
- refine params with stdlib types
2024-06-16 18:49:59 +10:00
unkinben
da3444e49f
feat: create ntp consul service
...
- create consul policy for ntp servers
- add consul service check and check script
2024-06-02 19:23:39 +10:00
unkinben
fab4ea5998
feat: add gitea classes
...
- add basic gitea class
2024-05-28 23:14:36 +10:00
unkinben
b9c327799f
feat: add vault service/query altnames
...
- add nginx aliases for vault services
- add additional vault certificates
- change certmanager script to use vault.service.consul
2024-05-25 15:51:09 +10:00
unkinben
349547c4bc
feat: puppetboard on consul
...
- updated nginx param types
- add nginx aliases, merge with vhost, use as server_names
- add additional vault alt-names
- add prepared query for puppetboard
2024-05-22 22:54:54 +10:00
unkinben
9e3b680b0b
feat: add prepared query for puppetdbapi
...
- merge to develop
- add prepared query for puppetdbapi
2024-05-22 22:11:51 +10:00
unkinben
0e7168026d
Merge pull request 'neoloc/yumrepos' ( #212 ) from neoloc/yumrepos into develop
...
Reviewed-on: unkinben/puppet-prod#212
2024-05-19 20:09:50 +09:30
unkinben
da2e98ed4d
feat: add centos mirror to edgecache
...
- add centos repo to edgecache
2024-05-19 19:41:15 +10:00
unkinben
6f9a606549
feat: configure edgecache for postgresql
...
- add fact to record system resolvers
- add resolvers feature in /etc/nginx/conf.d/resolvers.conf
- add rewrite rules for postgres/yum/repodata
2024-05-19 16:56:36 +10:00
unkinben
8f4799ce2a
feat: update consul service service
...
- change edgecache service name from puppet -> edgecache
2024-05-19 14:53:14 +10:00
unkinben
cb54cd2dba
feat: add edgecache prepared_query
...
- add edgecache as a prepared_query in consul
2024-05-11 21:47:14 +10:00
unkinben
4171427e7b
feat: add edgecache role
...
- add edge-caching role
- add mirror for debian, almalinux and epel repositories
- export service as edgecache in consul
2024-05-11 21:46:20 +10:00
unkinben
8a241d6b96
feat: add prepared_query capabilities to consul
...
- add prepared query for:
- vault
- puppet
- puppetca
2024-05-04 15:46:47 +10:00
unkinben
6020143f76
feat: consul multi-datacentre joining
...
- add method to join multiple consul datacentres
- set syd1 as the primary datacentre
- use default token from au-syd1 cluster in all locations
- add replication token
2024-05-04 00:39:18 +10:00
unkinben
4453c8604a
fix: fix proxyurl for vault
...
- change to http://
- change to localhost
2024-04-28 00:52:47 +10:00
unkinben
6fc5829fce
feat: simple nginx proxy
...
- merge consul/vault nginx proxy into single class
- replace nginx proxy classes for consul/vault with simpleproxy class
2024-04-28 00:32:04 +10:00
unkinben
3001bc32f2
feat: add sydney vault cluster
...
- separate yaml between multiple regions
- add nginx frontend to vault
2024-04-27 22:35:16 +10:00
unkinben
a7e9f1590e
fix: move primary_datacenter to region/role
...
- set syd1 as primary consul datacentre
- add consul.service.consul zone
- add nginx reverse proxy for consul webui
- set dns zones/acls/views/keys to be deep merged from hiera
- update default token
- add consul/consul.service.consul/consul.main.unkin.net to vault cert
2024-04-26 23:11:38 +10:00
unkinben
3ca92ee1f3
fix: consul members role key
...
- moved members_role for consul to common yaml
2024-04-25 00:00:24 +10:00
unkinben
8112c07ba8
fix: rebuild vault
...
- rebuilt vault, updated root token and unseak keys
2024-02-25 21:19:43 +11:00
unkinben
fe05c86463
feat: add vault server profile
...
- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
2024-02-17 21:12:12 +11:00
unkinben
8cb6b68b53
feat: add consul server profile
...
- install/configure consul
- install/configure dnsmasq as dns proxy for consul
- add unkin yumrepo definition as source for consul
- update datavol to ensure the /data volume is mounted
2024-02-11 17:12:35 +11:00
unkinben
d8751ac6c8
feat: add minio profile
...
- add additional modules in Puppetfile
- update puppetlabs-lvm to 2.1.0
- add facts.d base path to hieradata
- add infra/storage and infra/storage/minio role data to hieradata
- add new facts for minio setup status
- add a static yaml minio-facts file to assist dynamic ruby facts
- updated hiera with additional directories (country/{role,region})
2024-01-05 21:44:41 +11:00