puppet-prod

Author	SHA1	Message	Date
Ben Vincent	df56213b18	fix: enable repos before installing packages	2024-04-22 19:07:28 +10:00
Ben Vincent	9c6dee7609	feat: manage timezone per region - add timezone module - set per-region timezone setting - setup hiera_classes, set to deep merge, and set to include all in base profile	2024-04-21 15:48:09 +10:00
Ben Vincent	ccf43f3bcb	Merge pull request 'feat: manage proxmox nodes' (#159 ) from neoloc/proxmox into develop Reviewed-on: unkinben/puppet-prod#159	2024-04-21 15:07:43 +09:30
Ben Vincent	f04c74bd4d	feat: manage proxmox nodes - change /etc/hosts to meet proxmox requirements - add proxmox node role - add init, params, repo, install, clusterjoin classes	2024-04-21 15:08:28 +10:00
Ben Vincent	085416fea9	Merge pull request 'feat: node_lookup compatability for Debian' (#158 ) from neoloc/node_lookup_debian into develop Reviewed-on: unkinben/puppet-prod#158	2024-04-20 17:39:31 +09:30
Ben Vincent	80a4cb0544	feat: debian vaultcert compatability - remove comma from certificate file - add comments identifying each certificate	2024-04-20 18:08:16 +10:00
Ben Vincent	49b4a65302	feat: node_lookup compatability for Debian	2024-04-20 18:04:54 +10:00
Ben Vincent	d0d67e316a	feat: prepare puppet for debian - set yum::versionlock to be only for redhat family - set puppet-agent require statement to use apt or yum - remove requirement of downloading puppet7-release-$dist.deb - create all paths in $base_path for vault certificate - set correct $PATH for update-ca-certificates - dynamically set debian release name - split packages to install from common.yaml to os-specific - create groups profile to manage local groups - change sysadmin to be a member of admins group - setup admins sudo rules	2024-04-13 22:34:28 +10:00
Ben Vincent	114d3fe195	feat: nginx reverse proxy debian cache - add debian, debian/pool locations to reposyncer - add selinux fcontext rules	2024-04-13 20:52:27 +10:00
Ben Vincent	82f2d75888	feat: add frontends, backends, listeners - add a way to define frontends, backends and listeners through hieradata	2024-04-06 20:23:37 +11:00
Ben Vincent	ed60e18062	feat: update jdk11 for puppetdb - specify the java_bin - specify the java_args	2024-04-06 20:05:23 +11:00
Ben Vincent	f79d9de495	feat: update node_lookup - update node_lookup to use new puppetdb URL	2024-04-06 18:31:41 +11:00
Ben Vincent	c9a1d35af9	feat: add cnames to haproxy - manage A records for haproxy - manage cnames for services using haproxy	2024-04-06 16:26:50 +11:00
Ben Vincent	e97d061f46	feat: add puppetdbapi to haproxy - add puppetdbapi backend to haproxy - add puppetdbapi altname to the vault certificate - add mapping for hostname to backend	2024-04-06 15:49:10 +11:00
Ben Vincent	105bf1b09d	feat: add puppetboard backend - add balancemember to puppetboard nodes - add be_puppetboard to haproxxy - add puppetboard.main.unkin.net to haproxy altnames - add puppetboard to backend mapping - change way backends are registered in haproxy	2024-04-06 04:20:39 +11:00
Ben Vincent	2091f1ada3	feat: add haproxy profile - add haproxy server class - add haproxy profile to role - add hiera data for region specific haproxy - add selinux configuration - add certlist management - add default http and https frontends - add default stats listener	2024-04-06 03:27:45 +11:00
Ben Vincent	5bde96fb4d	feat: change certmanage to approles - created approle 'certmanager' using 'certmanager' policy - update certmanager script to generate token based on roleid	2024-04-04 00:32:08 +11:00
Ben Vincent	64563902d4	feat: deploy cobbler enc - install python3.11 on all nodes - create python3.11 venv for cobbler-enc - install requirements in cobbler-enc venv - symlink to /usr/local/bin/	2024-03-31 20:58:31 +11:00
Ben Vincent	d64e185919	Merge pull request 'feat: add dhcp servers' (#145 ) from neoloc/dhcp-server into develop Reviewed-on: unkinben/puppet-prod#145	2024-03-29 07:45:16 +09:30
Ben Vincent	d64860f47b	feat: add dhcp servers - include puppet-dhcp module - manage dhcp pools - manage dhcp classes (bios/uefi)	2024-03-29 09:13:26 +11:00
Ben Vincent	159c57677a	Merge pull request 'feat: add cobbler profile' (#144 ) from neoloc/cobbler_profile into develop Reviewed-on: unkinben/puppet-prod#144	2024-03-29 07:10:33 +09:30
Ben Vincent	80b7ad8639	feat: add cobbler profile - add datavol to cobbler nodes - add cobbler profile - add cobbler role hieradata - manage selinux where required for cobbler - manage service cname	2024-03-29 08:36:42 +11:00
Ben Vincent	e02921be75	feat: deep merge yum repos to manage - fixed merging of yum repos - changed puppet7 to use local copy of repo	2024-03-28 21:41:15 +11:00
Ben Vincent	0383db2b10	feat: set sysadmin password	2024-03-28 20:34:50 +11:00
Ben Vincent	8f5e9e40a1	feat: add ovirt roles - add repositories for ovirt - add role/profile for ovirt/engine and ovirt/node - add deep-merge for managed_repos - change repos to allow filesource (URL or file://) - change reposync to use curl instead of wget	2024-03-16 16:43:12 +11:00
Ben Vincent	15e4e11097	feat: require vaultca for all yumrepos	2024-03-10 19:01:14 +11:00
Ben Vincent	fd5dbb7813	Merge pull request 'feat: add country/region/environment to motd' (#134 ) from neoloc/motd_facts into develop Reviewed-on: unkinben/puppet-prod#134	2024-03-10 14:19:09 +09:30
Ben Vincent	428dc910bb	feat: add country/region/environment to motd	2024-03-10 15:48:26 +11:00
Ben Vincent	465bbbd9e1	Merge pull request 'feat: update yumrepos to use https://' (#130 ) from neoloc/yumrepo_use_https into develop Reviewed-on: unkinben/puppet-prod#130	2024-03-03 16:29:28 +09:30
Ben Vincent	51d0ca16ec	feat: update yumrepos to use https:// - require vaultca on all repos on repos.main.unkin.net	2024-03-03 16:44:16 +11:00
Ben Vincent	0782cd5679	feat: dynamically add subscribe to nginx resource - add subscribe option to nginx resource dependent on nginx_listen_mode - ensure nginx reloads when the ssl_cert or ssl_key changes, only if these values are not undef - ensure the file resources are defined for certificates	2024-03-03 16:25:51 +11:00
Ben Vincent	df97b75aca	Merge pull request 'feat: change nginx to use vault ssl certs' (#128 ) from neoloc/packagerepo_ssl into develop Reviewed-on: unkinben/puppet-prod#128	2024-03-03 13:34:04 +09:30
Ben Vincent	5afa9e8960	Merge pull request 'neoloc/pki_generate' (#127 ) from neoloc/pki_generate into develop Reviewed-on: unkinben/puppet-prod#127	2024-03-03 13:33:33 +09:30
Ben Vincent	05d2599bc5	feat: ensure vaultca certificate is trusted - install the vault rootca on all nodes - update ca-trust store on changes to the rootca certificate deployed	2024-03-03 14:54:59 +11:00
Ben Vincent	3e98ced8da	feat: change nginx to use vault ssl certs - update packagerepo webserver class to allow using ssl	2024-03-03 14:53:36 +11:00
Ben Vincent	8009b59514	feat: automatically generate vault certs - certificate will be generated for: - fqdn - hostname - primary ip address - localhost - 127.0.0.1 - update base profile to generate vault certificate for all - create facts for use with vault_certs	2024-03-03 13:38:52 +11:00
Ben Vincent	36c2e6afaa	fix: ssl warning breaks puppet run - remove ssl warning for certmanager temporarily	2024-02-25 23:04:43 +11:00
Ben Vincent	974c8ce71d	Merge pull request 'fix: restart vault-unseal' (#122 ) from neoloc/vault_unseal_on_change into develop Reviewed-on: unkinben/puppet-prod#122	2024-02-25 20:03:26 +09:30
Ben Vincent	d1f5d3c09e	fix: restart vault-unseal - restart vault-unseal when the unseal keys change	2024-02-25 21:32:01 +11:00
Ben Vincent	48e0bd6796	fix: vault role fails on new servers - vault server fails on new servers - move unseal class to be included after vault class	2024-02-25 21:06:37 +11:00
Ben Vincent	f6110f534c	feat: certmanager output as json - prepare certmanager for pki::vault class - allow puppet to read certmanager config	2024-02-25 19:31:32 +11:00
Ben Vincent	7f03bc5c76	feat: add certmanager helper - add certmanager script and config.yaml file - install into pyenv for certmanager - deploy to puppet-masters only	2024-02-19 21:20:50 +11:00
Ben Vincent	e10bed689c	Merge pull request 'refacter: cleanup packages setup' (#116 ) from neoloc/package_changes into develop Reviewed-on: unkinben/puppet-prod#116	2024-02-17 21:30:49 +09:30
Ben Vincent	9be1e19900	Merge pull request 'fix: fact was misspelled' (#115 ) from neoloc/mariadb_fixes into develop Reviewed-on: unkinben/puppet-prod#115	2024-02-17 21:30:27 +09:30
Ben Vincent	1f7b347ef4	refacter: tidy facts - create a facts module, move all facts to this module	2024-02-17 22:57:36 +11:00
Ben Vincent	12ff053c6d	refacter: cleanup packages setup	2024-02-17 22:49:32 +11:00
Ben Vincent	d92c13525c	fix: fact was misspelled - fixed fact name	2024-02-17 21:19:55 +11:00
Ben Vincent	73a21059f8	Merge pull request 'feat: add vault server profile' (#113 ) from neoloc/vault_server into develop Reviewed-on: unkinben/puppet-prod#113	2024-02-17 19:48:13 +09:30
Ben Vincent	fe05c86463	feat: add vault server profile - add vault module to puppetfile - define class to manage the install and config of vault - manage the datavol and raft storage - manage the unzip and other compression tools - define custom unseal script and service - add documentation on initial setup of vault	2024-02-17 21:12:12 +11:00
Ben Vincent	09291da89f	fix: use fact to determine if selinux in use	2024-02-11 21:05:48 +11:00
Ben Vincent	f8b30f335b	Merge pull request 'feat: add consul server profile' (#111 ) from neoloc/consul_server into develop Reviewed-on: unkinben/puppet-prod#111	2024-02-11 15:56:24 +09:30
Ben Vincent	8cb6b68b53	feat: add consul server profile - install/configure consul - install/configure dnsmasq as dns proxy for consul - add unkin yumrepo definition as source for consul - update datavol to ensure the /data volume is mounted	2024-02-11 17:12:35 +11:00
Ben Vincent	a0434fc7b5	Merge pull request 'feat: cleanup reposync conf files' (#110 ) from neoloc/cleanup_reposync_conf into develop Reviewed-on: unkinben/puppet-prod#110	2024-02-10 14:15:00 +09:30
Ben Vincent	71c316e7ae	feat: cleanup reposync conf files - add feature to /etc/reposync/conf.d to ensure the subfiles are cleaned up when they are not defined	2024-02-10 15:37:24 +11:00
Ben Vincent	4bce524b49	Merge pull request 'feat: puppet wrapper replace dot' (#108 ) from neoloc/puppetwrapper_dot into develop Reviewed-on: unkinben/puppet-prod#108	2024-02-10 14:02:48 +09:30
Ben Vincent	a054a94d98	feat: puppet wrapper replace dot - set puppet wrapper to replace '.' with '_' in the branch name	2024-02-10 15:31:45 +11:00
Ben Vincent	8332d4f374	fix: recursive restorecon for reposync - set reposync to restore selinux controls on all files in the new snap_path	2024-02-10 15:19:12 +11:00
Ben Vincent	db23e203c6	fix: fix minio certificate param - change enum['string', undef] to an optional param so undef can be set	2024-01-05 22:00:10 +11:00
Ben Vincent	d8751ac6c8	feat: add minio profile - add additional modules in Puppetfile - update puppetlabs-lvm to 2.1.0 - add facts.d base path to hieradata - add infra/storage and infra/storage/minio role data to hieradata - add new facts for minio setup status - add a static yaml minio-facts file to assist dynamic ruby facts - updated hiera with additional directories (country/{role,region})	2024-01-05 21:44:41 +11:00
Ben Vincent	a049338c9d	Merge pull request 'feat: install bind-utils' (#98 ) from neoloc/add_bind_utils into develop Reviewed-on: unkinben/puppet-prod#98	2023-12-26 14:58:10 +09:30
Ben Vincent	a144e4ec2d	feat: install bind-utils	2023-12-26 16:27:28 +11:00
Ben Vincent	920f12b45e	Merge pull request 'feat: add/update location facts' (#97 ) from neoloc/location_facts into develop Reviewed-on: unkinben/puppet-prod#97	2023-12-26 13:23:17 +09:30
Ben Vincent	dbec0222b3	feat: add/update location facts - add country fact, change region to exclude country string	2023-12-26 14:51:40 +11:00
Ben Vincent	42211ddf7d	Merge pull request 'feat: add new datavol' (#96 ) from neoloc/datavol_define into develop Reviewed-on: unkinben/puppet-prod#96	2023-12-24 12:45:36 +09:30
Ben Vincent	ff83769ffc	Merge pull request 'feat: add region fact' (#95 ) from neoloc/region_fact into develop Reviewed-on: unkinben/puppet-prod#95	2023-12-24 12:44:15 +09:30
Ben Vincent	7431ebf51c	feat: add region fact - add fact that maps primary ip subnet to a region code - defaults to 'lost' if there is no subnet to region mapping	2023-12-24 14:12:54 +11:00
Ben Vincent	0c1548fbd8	feat: add new datavol - add datavol define to replace the datavol class, which has more flexibility through additional params, and the ability to call it multiple times for multiple datavolumes	2023-12-24 12:54:09 +11:00
Ben Vincent	f9562a9109	fix: check for python3_version - check for python3 version before attempting to setup node_lookup	2023-12-18 23:51:39 +11:00
Ben Vincent	b6c7e3fd2d	Merge pull request 'feat: add selinux support to puppetboard' (#92 ) from neoloc/nginx_selinux into develop Reviewed-on: unkinben/puppet-prod#92	2023-12-11 20:46:30 +09:30
Ben Vincent	bf729d9b11	feat: add selinux support to puppetboard - required to allow nginx to reach puppetdb	2023-12-11 22:14:45 +11:00
Ben Vincent	5b75cf735a	feat: manage ruby/puppet gems - manage installation of puppet_gem packages for puppetmasters	2023-12-11 22:07:23 +11:00
Ben Vincent	685d7db264	feat: add nodelookup - add helper script to make quering puppetdb easier and more efficient	2023-12-11 21:15:48 +11:00
Ben Vincent	d998fbd85a	Merge branch 'develop' into neoloc/mariadbgalera	2023-12-10 16:34:42 +11:00
Ben Vincent	11a98b16bb	feat: setup galera cluster member profile - add eyaml support for role - add /data volume for galera cluster members - create profiles::selinux namespace for defining selinux configuration - create profiles::selinux::mysqld for managing specifics for mysqld - create profiles::selinux::setenforce to manage selinux mode - parameterised options required in mysqld::server module - add mariadb repo - add additional facts for managing mysqld and galera	2023-12-10 16:31:57 +11:00
Ben Vincent	a9aabfa161	fix: failed to test previously - change next's outside of a loop to a single if statement	2023-12-08 21:32:32 +11:00
Ben Vincent	ebd20a5e5a	feat: mysql wsrep_ facts - add facts generated from mysql's wsrep status variables	2023-12-08 21:25:01 +11:00
Ben Vincent	d261e3348d	Merge pull request 'feat: add/remove capabilities for packages' (#86 ) from neoloc/base_packages_refactor into develop Reviewed-on: unkinben/puppet-prod#86	2023-12-03 16:38:17 +09:30
Ben Vincent	53c54f982a	Merge pull request 'feat: setup/manage dnf-autoupdate' (#85 ) from neoloc/dnf_autoupdate into develop Reviewed-on: unkinben/puppet-prod#85	2023-12-03 16:37:56 +09:30
Ben Vincent	d8ff9ddb11	feat: setup/manage dnf-autoupdate - create service to run dnf update - create timer to call the service - manage settings via params	2023-12-03 18:05:01 +11:00
Ben Vincent	8f04de2b52	feat: add/remove capabilities for packages - add deepmerge lookup_options - add packages to remove and packages to add to profiles::packages::base class	2023-12-03 17:24:58 +11:00
Ben Vincent	6e185ee248	Merge pull request 'feat: split agent service/package from config' (#84 ) from neoloc/split_puppet_agent into develop Reviewed-on: unkinben/puppet-prod#84	2023-12-03 15:20:51 +09:30
Ben Vincent	08c14c2329	feat: split agent service/package from config - split package/service from config so puppetservers agents can be managed in the same was as clients	2023-12-03 16:49:38 +11:00
Ben Vincent	8a6b3ef0fb	feat: add mirrorlist capability to reposyncer - add mirrorlist param to reposyncer repos - update almalinux 8.8 repos to use mirrorlist - add almalinux 8.9 repos	2023-12-03 00:16:01 +11:00
Ben Vincent	1ccd8141ab	feat: add cname for repos	2023-11-29 23:13:17 +11:00
Ben Vincent	705c02c3a1	feat: fix selinux permissions each sync - restorecon on each sync, to update selinux for new files/directories	2023-11-27 23:19:01 +11:00
Ben Vincent	10a6085b84	fix: resolve prometheus issues - broken prometheus::server config, resolve conflicts - move hieradata for role to match role, not profile	2023-11-21 20:03:26 +11:00
Ben Vincent	663b10e5a5	Merge branch 'develop' into neoloc/prometheus	2023-11-21 19:40:17 +11:00
Ben Vincent	a5207eb717	feat: add prometheus server - bump enc, include prometheus server nodes - add prometheus role and server class	2023-11-21 19:38:22 +11:00
Ben Vincent	dffc97ad4c	chore: reorganise ntp server - bump enc to match changes - change ntp client to find servers through puppetdb query - changed default ntp servers to publicly available nodes	2023-11-18 19:18:14 +11:00
Ben Vincent	92269ae94b	Merge branch 'develop' into neoloc/node_exporter	2023-11-17 23:20:02 +11:00
Ben Vincent	6b9d9e6aa7	Merge branch 'develop' into neoloc/resolvconf	2023-11-17 23:17:59 +11:00
Ben Vincent	7cc1a1ddc0	Merge pull request 'feat: manage qemu-agent' (#66 ) from neoloc/qemuagent into develop Reviewed-on: unkinben/puppet-prod#66	2023-11-17 21:46:08 +09:30
Ben Vincent	a21b7ffc96	feat: setup metrics agents - set puppet::puppetdb_api class to export puppetdb - set infra::dns::server class to export bind - set all to export node and systemd metrics	2023-11-17 23:12:37 +11:00
Ben Vincent	d6f3262836	feat: manage qemu-agent	2023-11-17 22:25:43 +11:00
Ben Vincent	8d80fa3c51	feat: manage cloudinit - add/remove cloud-init, default to remove	2023-11-17 22:17:24 +11:00
Ben Vincent	fdb13b7338	feat: find resolvers by role - use puppetdbquery module to query puppetdb for resolvers - move dns client config to profiles::dns::base - manage the /etc/resolv.conf file	2023-11-17 21:54:20 +11:00
Ben Vincent	c996c9b7e3	fix: enable dynamic/tsig updates - add eyaml to hiera.yaml - consolidate all paths into single tree - change to new profiles::dns::client wrapper - change to new profiles::dns::record wrapper - change to use concat method to build zone file	2023-11-16 21:40:16 +11:00
Ben Vincent	49f31edb03	Merge branch 'develop' into neoloc/bind_resolver	2023-11-13 21:55:21 +11:00
Ben Vincent	76b54fc59d	feat: add dns resolver/master classes - define resolver and master dns server - export A and PTR records from dns clients - collect exported resources for master - create hiera structure for acls, zones and views	2023-11-13 21:42:57 +11:00
Ben Vincent	b2844c4b3a	fix: updated path for gpg keys	2023-11-12 17:26:58 +11:00

1 2 3 4 5

205 Commits