5bde96fb4d
feat: change certmanage to approles
...
- created approle 'certmanager' using 'certmanager' policy
- update certmanager script to generate token based on roleid
2024-04-04 00:32:08 +11:00
64563902d4
feat: deploy cobbler enc
...
- install python3.11 on all nodes
- create python3.11 venv for cobbler-enc
- install requirements in cobbler-enc venv
- symlink to /usr/local/bin/
2024-03-31 20:58:31 +11:00
80b7ad8639
feat: add cobbler profile
...
- add datavol to cobbler nodes
- add cobbler profile
- add cobbler role hieradata
- manage selinux where required for cobbler
- manage service cname
2024-03-29 08:36:42 +11:00
8f5e9e40a1
feat: add ovirt roles
...
- add repositories for ovirt
- add role/profile for ovirt/engine and ovirt/node
- add deep-merge for managed_repos
- change repos to allow filesource (URL or file://)
- change reposync to use curl instead of wget
2024-03-16 16:43:12 +11:00
fd5dbb7813
Merge pull request 'feat: add country/region/environment to motd' ( #134 ) from neoloc/motd_facts into develop
...
Reviewed-on: unkinben/puppet-prod#134
2024-03-10 14:19:09 +09:30
428dc910bb
feat: add country/region/environment to motd
2024-03-10 15:48:26 +11:00
5afa9e8960
Merge pull request 'neoloc/pki_generate' ( #127 ) from neoloc/pki_generate into develop
...
Reviewed-on: unkinben/puppet-prod#127
2024-03-03 13:33:33 +09:30
05d2599bc5
feat: ensure vaultca certificate is trusted
...
- install the vault rootca on all nodes
- update ca-trust store on changes to the rootca certificate deployed
2024-03-03 14:54:59 +11:00
36c2e6afaa
fix: ssl warning breaks puppet run
...
- remove ssl warning for certmanager temporarily
2024-02-25 23:04:43 +11:00
f6110f534c
feat: certmanager output as json
...
- prepare certmanager for pki::vault class
- allow puppet to read certmanager config
2024-02-25 19:31:32 +11:00
7f03bc5c76
feat: add certmanager helper
...
- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only
2024-02-19 21:20:50 +11:00
fe05c86463
feat: add vault server profile
...
- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
2024-02-17 21:12:12 +11:00
Ben Vincent
4bce524b49
Merge pull request 'feat: puppet wrapper replace dot' ( #108 ) from neoloc/puppetwrapper_dot into develop
...
Reviewed-on: unkinben/puppet-prod#108
2024-02-10 14:02:48 +09:30
a054a94d98
feat: puppet wrapper replace dot
...
- set puppet wrapper to replace '.' with '_' in the branch name
2024-02-10 15:31:45 +11:00
8332d4f374
fix: recursive restorecon for reposync
...
- set reposync to restore selinux controls on all files in the new
snap_path
2024-02-10 15:19:12 +11:00
d8751ac6c8
feat: add minio profile
...
- add additional modules in Puppetfile
- update puppetlabs-lvm to 2.1.0
- add facts.d base path to hieradata
- add infra/storage and infra/storage/minio role data to hieradata
- add new facts for minio setup status
- add a static yaml minio-facts file to assist dynamic ruby facts
- updated hiera with additional directories (country/{role,region})
2024-01-05 21:44:41 +11:00
685d7db264
feat: add nodelookup
...
- add helper script to make quering puppetdb easier and more efficient
2023-12-11 21:15:48 +11:00
d8ff9ddb11
feat: setup/manage dnf-autoupdate
...
- create service to run dnf update
- create timer to call the service
- manage settings via params
2023-12-03 18:05:01 +11:00
705c02c3a1
feat: fix selinux permissions each sync
...
- restorecon on each sync, to update selinux for new files/directories
2023-11-27 23:19:01 +11:00
fdb13b7338
feat: find resolvers by role
...
- use puppetdbquery module to query puppetdb for resolvers
- move dns client config to profiles::dns::base
- manage the /etc/resolv.conf file
2023-11-17 21:54:20 +11:00
c996c9b7e3
fix: enable dynamic/tsig updates
...
- add eyaml to hiera.yaml
- consolidate all paths into single tree
- change to new profiles::dns::client wrapper
- change to new profiles::dns::record wrapper
- change to use concat method to build zone file
2023-11-16 21:40:16 +11:00
48ea444e7c
fix: resolved issue with repodata
...
- repodata was being created in the wrong location
- update script to create in the path where the new snap exists
2023-11-12 15:48:30 +11:00
1b9a4f7832
refactor: move to ruby-script facts
...
- change enc_role_path fact to be ruby
- add enc_role_tier1, enc_role_tier2 and enc_role_tier3
- add new paths to hiera.yaml
2023-11-11 23:41:48 +11:00
f73c16bca2
feat: add enc_role_path fact
2023-11-11 00:03:12 +11:00
19836e2069
feat: adding reposync wrapper and tooling
...
- add autosyncer/autopromoter scripts
- add timer and service to initial sync process
- add timer/service for daily/weekly/monthly autopromote
- add define to manage each repo
- add nginx webserver to share repos
- add favion.ico if enabled
- add selinux management, and packages for selinux
- cleanup package management, sorting package groups into package classes
2023-11-08 23:16:56 +11:00
0cc0bacad3
feat: add motd and facts
...
- use parameters created by the enc to create external facts
- use external facts to generate the motd
- use features from unkinben/puppet-enc#22
2023-11-04 20:11:20 +11:00
Ben Vincent
89653912cb
Merge pull request 'feat: manage puppet clients' ( #35 ) from neoloc/puppetclient into develop
...
Reviewed-on: unkinben/puppet-prod#35
2023-10-29 18:59:52 +09:30
130669a130
feat: manage puppet clients
...
- manage the service
- manage the package, version lock it
- deploy the /etc/puppetlabs/puppet/puppet.conf from template for puppet
clients only
2023-10-29 20:26:39 +11:00
Ben Vincent
cf26d2d2e7
Merge pull request 'feat: add puppetboard role' ( #34 ) from neoloc/puppetboard into develop
...
Reviewed-on: unkinben/puppet-prod#34
2023-10-29 18:06:27 +09:30
46c3eb9597
feat: add puppetboard role
...
- add nginx module to manage reverse proxy on host level
- add puppetboard venv
- add gunicorn instance
- add script to start the gunicorn instance
- add nginx vhost
2023-10-29 19:33:11 +11:00
0171a82d58
feat: add features to puppet.conf
...
- reports, for sending reports to puppetdb
- usecacheonfailure, to show faulures in puppetboard (when set to false)
2023-10-23 22:37:41 +11:00
e682462917
feat: split puppetdb role into api and sql
...
- add puppetdb_api and puppetdb_sql role
- add puppetdb_api and puppetdb_sql profile
- add prodinf01n05 to /etc/hosts file
- set listen_address for all services to be hosts ip
- set storeconfigs and storeconfigs_backend to be managed by puppetmaster profile
2023-10-22 21:55:50 +11:00
95434214a9
feat: add management of /etc/hosts
...
- add class to manage the /etc/hosts file
- add static hosts to /etc/hosts file via hiera array/hash
2023-10-22 00:34:22 +11:00
e847954e03
Merge branch 'develop' into neoloc/puppet_wrapper
2023-10-22 00:00:52 +11:00
116342bdaa
Added class to manage a default set of scripts
...
- included scripts into profiles::base
- updated hiera with list of scripts to create and their template name
- created template for a puppet wrapper
2023-08-26 16:11:53 +10:00
efc769191e
Adding a default environment
...
- set through puppet.conf
- created symbolic link from develop -> production in code/environments
- changed puppet-g10k script to be generated from a template
- parameterised g10k into hieradata
2023-08-26 15:36:35 +10:00
c96676e143
Updated autosign
...
- added way to manage individual nodes
- added defaults for domains, subnets and nodes
- updated comments and doc
2023-08-26 01:00:31 +10:00
5b4a17b77a
Changed to a simple autosign method
2023-08-26 00:49:21 +10:00
87c38eadf2
Renamed role/profile directories
...
* renamed role to roles
* renamed profile to profiles
* cleaned up all profiles/roles/hieradata to match new paths
2023-06-25 13:24:07 +10:00
