6dcc7343e0
feat: updated ceph ssh authorized_key ( #290 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/290
2025-05-17 14:05:25 +10:00
e7d4c75192
feat: enable ssh access to enp3s0 ( #289 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/289
2025-05-17 13:50:35 +10:00
d9e8637ad6
feat: manage more ceph requirements ( #288 )
...
- add ceph-common to provide utilities for managing ceph
- add root and sysadmin ssh keys for ceph deployments
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/288
2025-05-17 11:14:45 +10:00
92f0ae64b9
feat: enable ssh on all loopbacks ( #287 )
...
- required for cephadm to manage roles
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/287
2025-05-16 07:05:31 +10:00
c1637d9f43
feat: add cephadm to incus hosts ( #286 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/286
2025-05-16 05:56:28 +10:00
90504e5b02
chore: use alias for nameservers ( #283 )
...
- use an alias for nameservers for dhcp ranges
- move aliased nameservers to region-wide hiera
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/283
2025-05-14 20:19:18 +10:00
87a6c73578
neoloc/loopback_dns ( #281 )
...
- manage all interfaces in dns (except lo and anycast)
- move loopback0 anycast addresses to be anycast0
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/281
2025-05-11 16:36:04 +10:00
51d6c1e81d
fix: enable dns resolver access for dmz1 ( #278 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/278
2025-05-10 06:57:05 +10:00
f322440d01
feat: setup anycast consul dns ( #276 )
...
- manage frrouting repo/ospf
- change to systemd-networkd
- enable ospf on incus nodes bridges
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/276
2025-05-09 22:07:42 +10:00
b05acb23f4
feat: use custom cert for puppetdb access ( #271 )
...
- manually generated certificate using sudo puppetserver ca generate --certname puppetdbapi.query.consul
- saved certificate and private_key in eyaml
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/271
2025-05-03 12:41:23 +10:00
cdf9456456
feat: update psql15 repos for roles ( #269 )
...
- update patroni to use packagerepo
- update puppetdb to use packagerepo
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/269
2025-04-29 21:04:45 +10:00
2323ef7749
feat: postgresql15/postgresql17 ( #268 )
...
- add postgresql15 and 17 to reposync
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/268
2025-04-28 21:39:45 +10:00
78f4d2a88f
feat: cleanup mpls configuration ( #262 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/262
2025-04-26 00:39:23 +10:00
762d980ea8
feat: update dns resolver zone management ( #261 )
...
- move zones to common role path
- specify forwarders for each zone in region based hiera
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/261
2025-04-25 01:01:47 +10:00
463abe4b9d
feat: add reverse dns zones for incus ( #260 )
...
- add reverse dns zones for incus hosts
- update acls for openresolver
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/260
2025-04-24 23:48:34 +10:00
2321186ad5
neoloc/mpls_ldp_frr ( #255 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/255
2025-04-24 16:51:31 +10:00
c24babe309
feat: add incus image host ( #254 )
...
- add role
- add consul service + checks
- manage the datavol as zfs
- insure the incus fact exists before attempting to read it
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/254
2025-04-24 01:00:39 +10:00
bfda2b628b
feat: enable ip forwarding for gitea runners ( #253 )
...
- required to enable docker containers reach git service
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/253
2025-04-21 18:40:17 +10:00
278f8001b0
feat: add frr synced repo ( #252 )
...
- add frr repo to incus hosts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/252
2025-04-18 21:21:23 +10:00
0fe44cf4e2
feat: add frr repos ( #251 )
...
- add frr/stable/el8
- add frr/stable/el9
- add frr/extras/el8
- add frr/extras/el9
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/251
2025-04-15 02:21:55 +10:00
25b06cde22
feat: move bridge management to incus ( #250 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/250
2025-04-15 00:04:14 +10:00
0e3dd4d7d0
feat: initialise barebones server ( #248 )
...
- manage incus servers init
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/248
2025-04-06 23:56:50 +10:00
b6ea353cfb
feat: update dns resolver acls ( #246 )
...
- add dmz acl
- add common acl
- add loopback/ceph/physical subnets to main acl
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/246
2025-04-06 16:44:16 +10:00
c225564bdb
feat: continue incus implementation ( #245 )
...
- migrate to systemd-networkd
- setup dummy, bridge and static/ethernet interfaces
- manage sshd.service droping to start ssh after networking is online
- enable ip forewarding
- add fastpool/data/incus dataset
- enable ospf and frr
- add loopback0 as ssh listenaddress
- add loopback1/2 for ceph cluster/public traffic
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/245
2025-04-06 16:38:04 +10:00
06666fe488
fix: resolve issue with baseos in el9 ( #244 )
...
- was not correctly provisioning the baseos repo for el9 incus hosts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/244
2025-04-02 21:02:08 +11:00
95bc2716cf
neoloc/incus_deploy ( #241 )
...
feat: deploy incus
- manage sysctl based on incus recommendations
- manage limits based on incus recommendations
- manage zpools and zfs datasets
- add incus hiera settings
feat: manage repo for zfs
- dont use zfs module to manage repo, use profiles:😋 :global::repos
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/241
2025-03-31 23:14:05 +11:00
d39d25d3f1
feat: add almalinux 9.5 repos using mirrorlist ( #235 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/235
2025-03-30 16:24:55 +11:00
06b458cb0e
feat: reposync for almalinux 9.4 (in vault) ( #234 )
...
- sync baseos, ha, appstream and crb repos
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/234
2025-03-30 12:31:09 +11:00
e025928d77
chore: set secretid for puppetboard ( #232 )
...
- manage the secret_key for puppetboard
- required since module upgrade
https://github.com/voxpupuli/puppetboard/issues/721
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/232
2025-03-30 01:53:25 +11:00
6a04701891
feat: add incus role ( #229 )
...
- add basic infra::incus role
- add autossl, consul and ssh-principals for incus
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/229
2025-03-30 00:56:04 +11:00
b95bcbd10a
feat: add zfs to reposync ( #224 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/224
2025-03-29 20:08:31 +11:00
771b981d91
feat: enable nomad to manage sessions/services ( #222 )
...
- this is required to start patroni
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/222
2025-03-20 19:21:40 +11:00
a309244713
feat: add nomad nodes ( #220 )
...
- change existing nodes to be nomad-agents
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/220
2025-03-13 21:23:40 +11:00
b981a6fb01
feat: enable nomad jobs to query dns ( #218 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/218
2025-03-09 17:49:35 +11:00
7c1d96bd22
feat: add k8s and docker repos ( #217 )
...
- add docker stable repos to packagerepo
- add k8s 1.32 to packagerepo
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/217
2025-01-27 12:59:59 +11:00
0222f5ec4a
feat: update consul etcd check ( #216 )
...
- check the health api endpoint
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/216
2025-01-26 20:05:18 +11:00
afd3405c98
feat: add etcd module/role ( #215 )
...
- add etcd module
- add etcd role, profile and hieradata
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/215
2025-01-26 20:00:20 +11:00
4400456519
feat: add frrouting module ( #208 )
...
- add frrouting module
- enable ospf daemon on nomad agents
- enable docker volumes
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/208
2024-12-27 23:39:03 +11:00
d37fb5d7e1
neoloc/nomad_agent ( #207 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/207
2024-12-26 20:23:27 +11:00
022a564dc0
feat: add nomad agent role ( #206 )
...
- add nomad agent role
- mount cephfs volume nomadfs to /shared/nomad
- manage docker volume path to be /shared/nomad
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/206
2024-12-26 20:20:51 +11:00
6ebf5c03a5
feat: add nomad profile/role ( #200 )
...
- add basic consul manage nomad servers
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/200
2024-12-22 22:35:31 +11:00
52fff0ccea
feat: enable root_dir for docker
...
- move docker root_dir to /data/docker for runners
2024-11-30 23:11:24 +11:00
58d31c5c9a
chore: migrate puppet-r10k
...
- moved puppet-r10k the unkin organisation
- ensure branch is set to follow origin/master
2024-11-17 19:26:27 +11:00
92d6697175
Merge pull request 'fix: fix release name' ( #180 ) from neoloc/reposync_sydney into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/180
2024-11-16 22:36:02 +11:00
d3f471f3ed
fix: fix release name
...
- fix release name for postgresql repos
2024-11-16 22:35:23 +11:00
8f0b3e615c
Merge pull request 'feat: add el9 puppet/posgresql repos' ( #178 ) from neoloc/reposync_sydney into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/178
2024-11-16 22:25:48 +11:00
8679a0b904
feat: add el9 puppet/posgresql repos
...
- will upgrade to el9 soon, so need to store these repos
2024-11-16 22:25:06 +11:00
16ba54ee0a
Merge pull request 'feat: update packagerepo' ( #176 ) from neoloc/reposync_sydney into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/176
2024-11-16 22:02:46 +11:00
abdb3ec8cb
feat: update packagerepo
...
- remove almalinux/centos/epel repos
- manage consul service `packagerepo`
- manage ssh principals
- update vault alt-names
2024-11-16 21:43:11 +11:00
71b29d5e88
feat: add sudaporn account
...
- enable access to media
- enable access to jupyter
2024-11-16 20:23:01 +11:00
6493f392b8
Merge pull request 'neoloc/jupyterhub' ( #174 ) from neoloc/jupyterhub into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/174
2024-11-16 20:20:16 +11:00
42ad972697
feat: add ldap configuration
...
- add group members to jupyterhub_user
- add svc_jupyterhub user for ldap binding
- paramatarise all ldap fields required
- manage the notebook data directory
2024-11-16 19:20:20 +11:00
c6bdae5790
Merge pull request 'feat: add jupyterhub role' ( #173 ) from neoloc/jupyterhub into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/173
2024-11-10 19:14:49 +11:00
159d66af18
feat: add jupyterhub role
...
- add nodejs module to use npm package provider
- add jupyterhub role
- add class to configure the jupyterhub instance
- add ldap groups
- add nginx simpleproxy
2024-11-10 19:09:50 +11:00
4fec931fb1
feat: add service data
...
- add pki certificates
- add consul service
- add ssh principals
2024-10-27 13:26:07 +11:00
1db8847833
feat: add vault admin group
...
- group will be assigned global admin rights
2024-10-21 19:40:52 +11:00
5549275ecc
chore: add new user
...
- add margol as standard media user
2024-10-20 13:12:36 +11:00
7acfea8547
fix: correct given/sn fields
...
- fix ryadun's given/sn fields
2024-10-20 13:12:02 +11:00
4a0760516f
feat: add vault service account
...
- used by vault to bind to ldap
2024-09-23 22:13:48 +10:00
10b57abffc
feat: add terraform service account
...
- add terraform service account
2024-09-23 22:08:52 +10:00
e09819284d
feat: add vault access group
...
- add vault_access group
2024-09-20 23:17:35 +10:00
93b9629c5c
feat: enable larger uploads to gitea
...
- change client body max size to 1GB
2024-09-08 01:43:22 +10:00
0210d849c7
feat: add gitea runner role
...
- ensure docker is configured
- create runner user/group
- deploy config.yaml from hiera hash
- install runner from url
- register the runner with the gitea instance
- manage the act_runner service
2024-09-07 17:59:02 +10:00
69c298e162
Merge pull request 'feat: remove masterauth redis' ( #156 ) from neoloc/redis_masterauth into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/156
2024-09-03 21:29:58 +10:00
1ad2b806b4
feat: remove masterauth redis
...
- removed requirepass previously, also need to remove masterauth
2024-09-03 21:29:18 +10:00
bcb9beae5f
fix: updated client secret
2024-08-31 23:00:58 +10:00
0bed8ba4f4
Merge branch 'develop' into neoloc/runner
2024-08-27 22:01:24 +10:00
91d9a073d6
feat: add droneadmin
...
- add environment variable to assign primary admin
2024-08-25 14:58:56 +10:00
90eabac007
feat: droneci for organisation
...
- change from personal account to organisation
2024-08-25 14:24:45 +10:00
d79a5de17b
feat: add droneci runner
...
- ensure /data and docker are available
- add droneci runner configuration
2024-08-25 02:14:35 +10:00
0f755b231f
Merge pull request 'neoloc/droneci' ( #148 ) from neoloc/droneci into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/148
2024-08-25 00:01:27 +10:00
6326e820a9
Merge pull request 'chore: add new user' ( #142 ) from neoloc/ryadun into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/142
2024-08-24 12:36:09 +10:00
757f3042ed
chore: add new user
...
- add ryadun
2024-08-24 12:35:34 +10:00
5d36a4053b
feat: add droneci module
...
- add droneci module for server
- add droneci/server role
- add consul query for droneci service
- manage certificates, ssh principals, consul services/checks
2024-08-24 00:34:15 +10:00
8a8cc0ae1b
feat: remove requirepass
...
- required for droneci
2024-08-23 23:18:02 +10:00
1a2023f4ff
Merge pull request 'feat: add patroni/psql cluster' ( #140 ) from neoloc/patroni into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/140
2024-08-10 23:40:29 +10:00
35834f8f5a
feat: add patroni/psql cluster
...
- add patroni puppet module
- add patroni role and hieradata
- add sql/patroni class that utilised consul
2024-08-10 22:34:43 +10:00
4347faf153
Merge pull request 'neoloc/redis' ( #139 ) from neoloc/redis into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/139
2024-08-10 18:47:17 +10:00
5c731fef34
feat: deploy redisha cluster
...
- manage pki and ssh principals
- manage redis/sentinel with redisha module
- add consul checks to manage redis-replica/redis-master services
- manage sudo rules for consul checks
2024-08-10 17:39:30 +10:00
4d08e30733
Merge pull request 'fix: also fix repodata' ( #138 ) from neoloc/cephreef into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/138
2024-08-10 13:36:30 +10:00
e2873a492a
fix: also fix repodata
2024-08-10 13:36:04 +10:00
90af895a34
Merge pull request 'fix: ceph-reef 18.2.4 not on el8' ( #137 ) from neoloc/cephreef into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/137
2024-08-10 13:30:54 +10:00
52e3d5b20b
fix: ceph-reef 18.2.4 not on el8
...
- force repo to use 18.2.2
2024-08-10 13:30:16 +10:00
403e3eeb1b
chore: add account
2024-08-08 19:01:18 +10:00
a5baed8cd9
chore: add two new users
...
- add marbal and seablo
2024-08-07 22:19:08 +10:00
c846cc4e21
feat: add rundeck runner user
...
- add rundeck account on all hosts except rundeck
- add rundeck ssh private/public key to rundeck server
2024-08-06 22:33:32 +10:00
5354c99b1e
feat: add rundeck profile
...
- export mysql user for each rundeck server
- ensure the jdbc driver for mariadb is available
- exclude jq from default packages (managed by rundeck)
- add groups for admin/user for each project in rundeck
- add consul service
- add vault certificates
- add ssh principals
- add nginx simpleproxy
2024-07-28 01:51:41 +10:00
cb5bb0798f
feat: add rundeck to ldap
...
- add service account for rundeck
- add rundeck_access group
2024-07-27 13:06:14 +10:00
08241692ee
feat: add rundeck
...
- add puppet-rundeck module
- add rundeck role
2024-07-27 13:06:14 +10:00
cc01259a64
feat: change packages to Hash
...
- change from multiple arrays for managing packages to a hash
- change to ensure_packages to prevent duplicate resource conflicts
2024-07-27 13:01:06 +10:00
01fc6aacd7
Merge pull request 'fix: remove unkin.net from internal dns' ( #113 ) from neoloc/bind_static_dns into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/113
2024-07-11 22:31:29 +10:00
73c7dbd56c
fix: remove unkin.net from internal dns
...
- unkin.net is entirely hosted externally
2024-07-11 22:30:44 +10:00
3dc8fb03fa
chore: add service account to submit nzbs
2024-07-11 19:56:17 +10:00
1532641640
feat: add nzbget to media platform
...
- add haproxy rules
- generate/distribute letsencrypt certificates
- manage access to cephfs
2024-07-09 22:32:54 +10:00
857d51a934
chore: add matsol to nzbget
2024-07-09 22:26:03 +10:00
fd5163d6e6
Merge branch 'develop' into neoloc/nzbget
2024-07-09 22:25:28 +10:00
d67eba5860
feat: add nzbget module/role
...
- add nzbget module
- add nzbget ldap user/group
2024-07-09 22:23:58 +10:00
384e301fd3
Merge pull request 'feat: add new users' ( #98 ) from neoloc/moreusers into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/98
2024-07-09 19:22:26 +10:00
d52949fc4f
feat: add new users
...
- matsol
2024-07-09 19:21:59 +10:00
bd5164fed3
feat: certbot reorg
...
- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
2024-07-08 22:33:11 +10:00
