ac36d9627b
feat: capture all journald logs ( #377 )
...
- create module class for journald clients
- ensure module class it used on all hosts
- use consul service address for insert/journald
Reviewed-on: #377
2025-08-09 15:11:47 +10:00
fd902c1437
feat: create exporters module ( #364 )
...
- upgrade node_exporter, bring managed under exporters module
- upgrade postgres_exporter, bring managed under exporters module
- add flag to cleanup previous iterations of exporters from prometheus module
- fix issues with vmclusster: replication + dedup
Reviewed-on: #364
2025-07-27 13:28:41 +10:00
d9e8637ad6
feat: manage more ceph requirements ( #288 )
...
- add ceph-common to provide utilities for managing ceph
- add root and sysadmin ssh keys for ceph deployments
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/288
2025-05-17 11:14:45 +10:00
ecce93bedb
feat: lxc cannot use chronyd ( #259 )
...
- ensure lxc nodes do not attempt to install chronyd
- ensure chrony is removed
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/259
2025-04-24 23:18:45 +10:00
c225564bdb
feat: continue incus implementation ( #245 )
...
- migrate to systemd-networkd
- setup dummy, bridge and static/ethernet interfaces
- manage sshd.service droping to start ssh after networking is online
- enable ip forewarding
- add fastpool/data/incus dataset
- enable ospf and frr
- add loopback0 as ssh listenaddress
- add loopback1/2 for ceph cluster/public traffic
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/245
2025-04-06 16:38:04 +10:00
dd5a4646ff
feat: update all modules ( #228 )
...
- update puppetlabs-* modules
- update puppet-* modules
- add limits and sysctl
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/228
2025-03-30 00:51:49 +11:00
8eb751e22f
feat: change enc_* fact to read direct from cobbler ( #219 )
...
- change enc_role and enc_env to read direct from cobbler
- cleanup profiles::base::facts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/219
2025-03-12 23:09:15 +11:00
46b4fdf632
neoloc/sysadmin_early ( #197 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/197
2024-12-09 22:12:01 +11:00
aaf81d0a6c
feat: create sysadmin on firstrun ( #196 )
...
- prevent packages from using uid 1000
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/196
2024-12-09 21:51:37 +11:00
681f9e3eb8
feat: deploy sonarr
...
- add required hieradata/role data to deploy sonarr
- add nginx simpleproxy
- add consul service/query
- add vault certificates
2024-06-21 22:51:40 +10:00
d4163233f6
Merge branch 'develop' into neoloc/sshsign_hostkeys
2024-06-09 20:38:25 +10:00
52b06dcd8e
feat: manage ssh known hosts
...
- disable use of stored configs for ssh-known-hosts
- manage the /etc/ssh/ssh_known_hosts content
2024-06-09 20:26:34 +10:00
06545c6298
feat: change hiera_include, hiera_exclude
...
- change hiera_classes to hiera_include
- add method to remove classes from hiera_include through hiera_exclude
2024-06-08 17:07:58 +10:00
b468f67103
feat: sign ssh host keys
...
- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
2024-06-01 22:51:42 +10:00
dde8d5978d
feat: firstrun improvements
...
- add fact to detect firstrun
- run a limited subset of classes on firstrun
- firstrun: includes:
- vault ca certificates
- yum/apt repositories
- fast-install packages with an exec
2024-05-19 21:28:14 +10:00
f536d19034
feat: generate consul policy/tokens
...
- generate policy/token to add nodes
- generate policy/token for all nodes
- add base::root profile to manage aspects of the root user
2024-04-27 20:21:57 +10:00
df56213b18
fix: enable repos before installing packages
2024-04-22 19:07:28 +10:00
9c6dee7609
feat: manage timezone per region
...
- add timezone module
- set per-region timezone setting
- setup hiera_classes, set to deep merge, and set to include all in base profile
2024-04-21 15:48:09 +10:00
d0d67e316a
feat: prepare puppet for debian
...
- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules
2024-04-13 22:34:28 +10:00
15e4e11097
feat: require vaultca for all yumrepos
2024-03-10 19:01:14 +11:00
05d2599bc5
feat: ensure vaultca certificate is trusted
...
- install the vault rootca on all nodes
- update ca-trust store on changes to the rootca certificate deployed
2024-03-03 14:54:59 +11:00
8009b59514
feat: automatically generate vault certs
...
- certificate will be generated for:
- fqdn
- hostname
- primary ip address
- localhost
- 127.0.0.1
- update base profile to generate vault certificate for all
- create facts for use with vault_certs
2024-03-03 13:38:52 +11:00
12ff053c6d
refacter: cleanup packages setup
2024-02-17 22:49:32 +11:00
685d7db264
feat: add nodelookup
...
- add helper script to make quering puppetdb easier and more efficient
2023-12-11 21:15:48 +11:00
08c14c2329
feat: split agent service/package from config
...
- split package/service from config so puppetservers agents can be
managed in the same was as clients
2023-12-03 16:49:38 +11:00
92269ae94b
Merge branch 'develop' into neoloc/node_exporter
2023-11-17 23:20:02 +11:00
6b9d9e6aa7
Merge branch 'develop' into neoloc/resolvconf
2023-11-17 23:17:59 +11:00
Ben Vincent
7cc1a1ddc0
Merge pull request 'feat: manage qemu-agent' ( #66 ) from neoloc/qemuagent into develop
...
Reviewed-on: unkinben/puppet-prod#66
2023-11-17 21:46:08 +09:30
a21b7ffc96
feat: setup metrics agents
...
- set puppet::puppetdb_api class to export puppetdb
- set infra::dns::server class to export bind
- set all to export node and systemd metrics
2023-11-17 23:12:37 +11:00
d6f3262836
feat: manage qemu-agent
2023-11-17 22:25:43 +11:00
8d80fa3c51
feat: manage cloudinit
...
- add/remove cloud-init, default to remove
2023-11-17 22:17:24 +11:00
fdb13b7338
feat: find resolvers by role
...
- use puppetdbquery module to query puppetdb for resolvers
- move dns client config to profiles::dns::base
- manage the /etc/resolv.conf file
2023-11-17 21:54:20 +11:00
76b54fc59d
feat: add dns resolver/master classes
...
- define resolver and master dns server
- export A and PTR records from dns clients
- collect exported resources for master
- create hiera structure for acls, zones and views
2023-11-13 21:42:57 +11:00
9cb730d116
feat: add ntp server/client
...
- add ntp client and server class
- add ntp server role
- update hiera.yaml to work with enc_role
- cleanup base profile
2023-11-10 23:59:10 +11:00
19836e2069
feat: adding reposync wrapper and tooling
...
- add autosyncer/autopromoter scripts
- add timer and service to initial sync process
- add timer/service for daily/weekly/monthly autopromote
- add define to manage each repo
- add nginx webserver to share repos
- add favion.ico if enabled
- add selinux management, and packages for selinux
- cleanup package management, sorting package groups into package classes
2023-11-08 23:16:56 +11:00
0cc0bacad3
feat: add motd and facts
...
- use parameters created by the enc to create external facts
- use external facts to generate the motd
- use features from unkinben/puppet-enc#22
2023-11-04 20:11:20 +11:00
130669a130
feat: manage puppet clients
...
- manage the service
- manage the package, version lock it
- deploy the /etc/puppetlabs/puppet/puppet.conf from template for puppet
clients only
2023-10-29 20:26:39 +11:00
6bb52f2a15
feat: add firewalld management profile
...
- basic profile to enable/disable, and install/remove
- defaulting to enabled and installed, but set to disabled and removed
in hiera
2023-10-22 19:54:10 +11:00
95434214a9
feat: add management of /etc/hosts
...
- add class to manage the /etc/hosts file
- add static hosts to /etc/hosts file via hiera array/hash
2023-10-22 00:34:22 +11:00
e847954e03
Merge branch 'develop' into neoloc/puppet_wrapper
2023-10-22 00:00:52 +11:00
86a6c1bd96
feat: add sudo secure_path
...
- update the sudo class from an include to a definition
- set the secure_path variable to include /usr/local/{bin,sbin}
2023-10-21 23:52:48 +11:00
ac27a9ce0b
Merge branch 'develop' into neoloc/puppetdb
2023-10-21 23:30:40 +11:00
080cdd8884
Setup PuppetDB/Puppetboard
...
- install modules required
- puppetdb
- postgresql
- puppetboard
- python
- create new profiles to manage each item (puppetdb/puppetboard)
- added puppetdb role
- include the puppetdb::master::config in puppetmaster role
- re-organised the puppetfile
- moved python to be managed by the python module
- added postgresql to list of managed repos
2023-10-21 23:11:40 +11:00
2b11a9417c
Account/Sudo management
...
- imported account and sudo puppet modules
- created account management wrapper
- defined sysadmin account, set to be created on all nodes
- removed sudo from base packages as its managed by sudo module now
2023-08-29 23:25:10 +10:00
116342bdaa
Added class to manage a default set of scripts
...
- included scripts into profiles::base
- updated hiera with list of scripts to create and their template name
- created template for a puppet wrapper
2023-08-26 16:11:53 +10:00
d48283734c
Added a new profile to manage common packages
...
* will by default pull data from hiera
* could change it on a per-distro/role basis
* requires stdlib for ensure_packages
2023-07-02 14:55:02 +10:00
c00821763e
Added a base role
...
* base role imports the base profile
* updated profiles::base to work with debian family
2023-06-27 20:37:06 +10:00
7f2c82e07d
Add a switch to check for os family
...
This is so I can include either apt or yum/dnf based profiles. This can
be expanded easily if new families are added, or if new base role
includes are added that are different based on the family of the os.
2023-06-25 13:31:29 +10:00
87c38eadf2
Renamed role/profile directories
...
* renamed role to roles
* renamed profile to profiles
* cleaned up all profiles/roles/hieradata to match new paths
2023-06-25 13:24:07 +10:00
