unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
355 Commits 18 Branches 0 Tags 3 MiB
99d3dcf4d8
Commit Graph

143 Commits

Author SHA1 Message Date
Ben Vincent
99d3dcf4d8 Merge branch 'develop' into neoloc/dns_master_multiregion 2024-04-24 18:58:41 +10:00
Ben Vincent
b8d799e8e9 feat: select nameserver in soa based on role 
- find all dns servers in $ns_use (region/country/all),
- or use the current node as the only nameserver
 2024-04-24 18:44:08 +10:00
Ben Vincent
f8fd6700da feat: enable selecting nameserver by fact 
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
 2024-04-24 18:40:18 +10:00
Ben Vincent
2bae42fa31 Merge pull request 'feat: install ksm for proxmox' (#168) from neoloc/proxmox_ksm into develop 
Reviewed-on: unkinben/puppet-prod#168
 2024-04-24 17:46:37 +09:30
Ben Vincent
3810385fcd feat: install ksm for proxmox 2024-04-24 18:13:56 +10:00
Ben Vincent
6fc0b240c1 Merge pull request 'feat: sort ntpservers, select ntp to use' (#167) from neoloc/ntp_selection into develop 
Reviewed-on: unkinben/puppet-prod#167
 2024-04-23 23:29:06 +09:30
Ben Vincent
7b316c6b0b feat: sort ntpservers, select ntp to use 
- sort the ntpservers array so it doesnt change each run of puppet
- allow the selection of all, region or country specific ntp servers
 2024-04-23 23:57:01 +10:00
Ben Vincent
4b2690a678 Merge pull request 'feat: enable selecting nameserver by fact' (#166) from neoloc/dns_selection into develop 
Reviewed-on: unkinben/puppet-prod#166
 2024-04-23 22:14:59 +09:30
Ben Vincent
dbe11323c5 feat: enable selecting nameserver by fact 
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
 2024-04-23 22:39:33 +10:00
Ben Vincent
a7b40daee0 Merge pull request 'feat: sort nameserver/search_domains' (#165) from neoloc/dns_sorting into develop 
Reviewed-on: unkinben/puppet-prod#165
 2024-04-23 20:44:59 +09:30
Ben Vincent
bb8bf202ac feat: sort nameserver/search_domains 
- ensure the list doesnt change every puppet run
 2024-04-23 21:11:56 +10:00
Ben Vincent
df56213b18 fix: enable repos before installing packages 2024-04-22 19:07:28 +10:00
Ben Vincent
9c6dee7609 feat: manage timezone per region 
- add timezone module
- set per-region timezone setting
- setup hiera_classes, set to deep merge, and set to include all in base profile
 2024-04-21 15:48:09 +10:00
Ben Vincent
f04c74bd4d feat: manage proxmox nodes 
- change /etc/hosts to meet proxmox requirements
- add proxmox node role
- add init, params, repo, install, clusterjoin classes
 2024-04-21 15:08:28 +10:00
Ben Vincent
d0d67e316a feat: prepare puppet for debian 
- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules
 2024-04-13 22:34:28 +10:00
Ben Vincent
114d3fe195 feat: nginx reverse proxy debian cache 
- add debian, debian/pool locations to reposyncer
- add selinux fcontext rules
 2024-04-13 20:52:27 +10:00
Ben Vincent
82f2d75888 feat: add frontends, backends, listeners 
- add a way to define frontends, backends and listeners through hieradata
 2024-04-06 20:23:37 +11:00
Ben Vincent
ed60e18062 feat: update jdk11 for puppetdb 
- specify the java_bin
- specify the java_args
 2024-04-06 20:05:23 +11:00
Ben Vincent
c9a1d35af9 feat: add cnames to haproxy 
- manage A records for haproxy
- manage cnames for services using haproxy
 2024-04-06 16:26:50 +11:00
Ben Vincent
e97d061f46 feat: add puppetdbapi to haproxy 
- add puppetdbapi backend to haproxy
- add puppetdbapi altname to the vault certificate
- add mapping for hostname to backend
 2024-04-06 15:49:10 +11:00
Ben Vincent
105bf1b09d feat: add puppetboard backend 
- add balancemember to puppetboard nodes
- add be_puppetboard to haproxxy
- add puppetboard.main.unkin.net to haproxy altnames
- add puppetboard to backend mapping
- change way backends are registered in haproxy
 2024-04-06 04:20:39 +11:00
Ben Vincent
2091f1ada3 feat: add haproxy profile 
- add haproxy server class
- add haproxy profile to role
- add hiera data for region specific haproxy
- add selinux configuration
- add certlist management
- add default http and https frontends
- add default stats listener
 2024-04-06 03:27:45 +11:00
Ben Vincent
64563902d4 feat: deploy cobbler enc 
- install python3.11 on all nodes
- create python3.11 venv for cobbler-enc
- install requirements in cobbler-enc venv
- symlink to /usr/local/bin/
 2024-03-31 20:58:31 +11:00
Ben Vincent
d64e185919 Merge pull request 'feat: add dhcp servers' (#145) from neoloc/dhcp-server into develop 
Reviewed-on: unkinben/puppet-prod#145
 2024-03-29 07:45:16 +09:30
Ben Vincent
d64860f47b feat: add dhcp servers 
- include puppet-dhcp module
- manage dhcp pools
- manage dhcp classes (bios/uefi)
 2024-03-29 09:13:26 +11:00
Ben Vincent
159c57677a Merge pull request 'feat: add cobbler profile' (#144) from neoloc/cobbler_profile into develop 
Reviewed-on: unkinben/puppet-prod#144
 2024-03-29 07:10:33 +09:30
Ben Vincent
80b7ad8639 feat: add cobbler profile 
- add datavol to cobbler nodes
- add cobbler profile
- add cobbler role hieradata
- manage selinux where required for cobbler
- manage service cname
 2024-03-29 08:36:42 +11:00
Ben Vincent
e02921be75 feat: deep merge yum repos to manage 
- fixed merging of yum repos
- changed puppet7 to use local copy of repo
 2024-03-28 21:41:15 +11:00
Ben Vincent
0383db2b10 feat: set sysadmin password 2024-03-28 20:34:50 +11:00
Ben Vincent
8f5e9e40a1 feat: add ovirt roles 
- add repositories for ovirt
- add role/profile for ovirt/engine and ovirt/node
- add deep-merge for managed_repos
- change repos to allow filesource (URL or file://)
- change reposync to use curl instead of wget
 2024-03-16 16:43:12 +11:00
Ben Vincent
15e4e11097 feat: require vaultca for all yumrepos 2024-03-10 19:01:14 +11:00
Ben Vincent
fd5dbb7813 Merge pull request 'feat: add country/region/environment to motd' (#134) from neoloc/motd_facts into develop 
Reviewed-on: unkinben/puppet-prod#134
 2024-03-10 14:19:09 +09:30
Ben Vincent
428dc910bb feat: add country/region/environment to motd 2024-03-10 15:48:26 +11:00
Ben Vincent
465bbbd9e1 Merge pull request 'feat: update yumrepos to use https://' (#130) from neoloc/yumrepo_use_https into develop 
Reviewed-on: unkinben/puppet-prod#130
 2024-03-03 16:29:28 +09:30
Ben Vincent
51d0ca16ec feat: update yumrepos to use https:// 
- require vaultca on all repos on repos.main.unkin.net
 2024-03-03 16:44:16 +11:00
Ben Vincent
0782cd5679 feat: dynamically add subscribe to nginx resource 
- add subscribe option to nginx resource dependent on nginx_listen_mode
- ensure nginx reloads when the ssl_cert or ssl_key changes, only if
  these values are not undef
- ensure the file resources are defined for certificates
 2024-03-03 16:25:51 +11:00
Ben Vincent
df97b75aca Merge pull request 'feat: change nginx to use vault ssl certs' (#128) from neoloc/packagerepo_ssl into develop 
Reviewed-on: unkinben/puppet-prod#128
 2024-03-03 13:34:04 +09:30
Ben Vincent
5afa9e8960 Merge pull request 'neoloc/pki_generate' (#127) from neoloc/pki_generate into develop 
Reviewed-on: unkinben/puppet-prod#127
 2024-03-03 13:33:33 +09:30
Ben Vincent
05d2599bc5 feat: ensure vaultca certificate is trusted 
- install the vault rootca on all nodes
- update ca-trust store on changes to the rootca certificate deployed
 2024-03-03 14:54:59 +11:00
Ben Vincent
3e98ced8da feat: change nginx to use vault ssl certs 
- update packagerepo webserver class to allow using ssl
 2024-03-03 14:53:36 +11:00
Ben Vincent
8009b59514 feat: automatically generate vault certs 
- certificate will be generated for:
  - fqdn
  - hostname
  - primary ip address
  - localhost
  - 127.0.0.1
- update base profile to generate vault certificate for all
- create facts for use with vault_certs
 2024-03-03 13:38:52 +11:00
Ben Vincent
974c8ce71d Merge pull request 'fix: restart vault-unseal' (#122) from neoloc/vault_unseal_on_change into develop 
Reviewed-on: unkinben/puppet-prod#122
 2024-02-25 20:03:26 +09:30
Ben Vincent
d1f5d3c09e fix: restart vault-unseal 
- restart vault-unseal when the unseal keys change
 2024-02-25 21:32:01 +11:00
Ben Vincent
48e0bd6796 fix: vault role fails on new servers 
- vault server fails on new servers
- move unseal class to be included after vault class
 2024-02-25 21:06:37 +11:00
Ben Vincent
f6110f534c feat: certmanager output as json 
- prepare certmanager for pki::vault class
- allow puppet to read certmanager config
 2024-02-25 19:31:32 +11:00
Ben Vincent
7f03bc5c76 feat: add certmanager helper 
- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only
 2024-02-19 21:20:50 +11:00
Ben Vincent
e10bed689c Merge pull request 'refacter: cleanup packages setup' (#116) from neoloc/package_changes into develop 
Reviewed-on: unkinben/puppet-prod#116
 2024-02-17 21:30:49 +09:30
Ben Vincent
12ff053c6d refacter: cleanup packages setup 2024-02-17 22:49:32 +11:00
Ben Vincent
d92c13525c fix: fact was misspelled 
- fixed fact name
 2024-02-17 21:19:55 +11:00
Ben Vincent
73a21059f8 Merge pull request 'feat: add vault server profile' (#113) from neoloc/vault_server into develop 
Reviewed-on: unkinben/puppet-prod#113
 2024-02-17 19:48:13 +09:30