unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
390 Commits 18 Branches 0 Tags 3 MiB
a429255c63
Commit Graph

390 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Vincent
05ea9c45ca Merge pull request 'feat: require vaultca for all yumrepos' (#136) from neoloc/vaultca_cert_first into develop 
Reviewed-on: unkinben/puppet-prod#136
 2024-03-10 17:33:43 +09:30
Ben Vincent
15e4e11097 feat: require vaultca for all yumrepos 2024-03-10 19:01:14 +11:00
Ben Vincent
92db575d7d Merge pull request 'fix: updated gpg key for psql repos' (#135) from neoloc/postgresql_gpg into develop 
Reviewed-on: unkinben/puppet-prod#135
 2024-03-10 14:48:41 +09:30
Ben Vincent
bca5d32793 fix: updated gpg key for psql repos 2024-03-10 16:18:03 +11:00
Ben Vincent
fd5dbb7813 Merge pull request 'feat: add country/region/environment to motd' (#134) from neoloc/motd_facts into develop 
Reviewed-on: unkinben/puppet-prod#134
 2024-03-10 14:19:09 +09:30
Ben Vincent
428dc910bb feat: add country/region/environment to motd 2024-03-10 15:48:26 +11:00
Ben Vincent
df05be21f6 Merge pull request 'feat: merge subnet facts' (#133) from neoloc/env_fact into develop 
Reviewed-on: unkinben/puppet-prod#133
 2024-03-10 14:13:46 +09:30
Ben Vincent
5dff24d9b9 feat: merge subnet facts 
- add fact for environment
- define 198.18.18.0/24 subnet
 2024-03-10 15:42:14 +11:00
Ben Vincent
69f3ae7095 Merge pull request 'feat: add base role for redis' (#131) from neoloc/redis_base_role into develop 
Reviewed-on: unkinben/puppet-prod#131
 2024-03-05 21:25:11 +09:30
Ben Vincent
816bec9f17 feat: add base role for redis 2024-03-05 22:53:49 +11:00
Ben Vincent
465bbbd9e1 Merge pull request 'feat: update yumrepos to use https://' (#130) from neoloc/yumrepo_use_https into develop 
Reviewed-on: unkinben/puppet-prod#130
 2024-03-03 16:29:28 +09:30
Ben Vincent
51d0ca16ec feat: update yumrepos to use https:// 
- require vaultca on all repos on repos.main.unkin.net
 2024-03-03 16:44:16 +11:00
Ben Vincent
e61ae597f6 Merge pull request 'feat: dynamically add subscribe to nginx resource' (#129) from neoloc/subscribe_ssl_cert into develop 
Reviewed-on: unkinben/puppet-prod#129
 2024-03-03 14:57:48 +09:30
Ben Vincent
0782cd5679 feat: dynamically add subscribe to nginx resource 
- add subscribe option to nginx resource dependent on nginx_listen_mode
- ensure nginx reloads when the ssl_cert or ssl_key changes, only if
  these values are not undef
- ensure the file resources are defined for certificates
 2024-03-03 16:25:51 +11:00
Ben Vincent
df97b75aca Merge pull request 'feat: change nginx to use vault ssl certs' (#128) from neoloc/packagerepo_ssl into develop 
Reviewed-on: unkinben/puppet-prod#128
 2024-03-03 13:34:04 +09:30
Ben Vincent
5afa9e8960 Merge pull request 'neoloc/pki_generate' (#127) from neoloc/pki_generate into develop 
Reviewed-on: unkinben/puppet-prod#127
 2024-03-03 13:33:33 +09:30
Ben Vincent
88ba8406b8 feat: deep merge alt_names and ip_sans 
- set hiera to deep-merge alt_names and ip_sans for generating vault
  certificates
 2024-03-03 15:01:14 +11:00
Ben Vincent
05d2599bc5 feat: ensure vaultca certificate is trusted 
- install the vault rootca on all nodes
- update ca-trust store on changes to the rootca certificate deployed
 2024-03-03 14:54:59 +11:00
Ben Vincent
3e98ced8da feat: change nginx to use vault ssl certs 
- update packagerepo webserver class to allow using ssl
 2024-03-03 14:53:36 +11:00
Ben Vincent
8009b59514 feat: automatically generate vault certs 
- certificate will be generated for:
  - fqdn
  - hostname
  - primary ip address
  - localhost
  - 127.0.0.1
- update base profile to generate vault certificate for all
- create facts for use with vault_certs
 2024-03-03 13:38:52 +11:00
Ben Vincent
9ea49bc48d Merge pull request 'fix: ssl warning breaks puppet run' (#125) from neoloc/certmanager_ignore_ssl into develop 
Reviewed-on: unkinben/puppet-prod#125
 2024-02-25 21:35:21 +09:30
Ben Vincent
36c2e6afaa fix: ssl warning breaks puppet run 
- remove ssl warning for certmanager temporarily
 2024-02-25 23:04:43 +11:00
Ben Vincent
8ec75e55fa Merge pull request 'chore: updated vault_token' (#124) from neoloc/pki_token_vault into develop 
Reviewed-on: unkinben/puppet-prod#124
 2024-02-25 21:02:50 +09:30
Ben Vincent
5b56767be7 chore: updated vault_token 2024-02-25 22:32:18 +11:00
Ben Vincent
0db9d01a20 Merge pull request 'chore: update vault policy' (#123) from neoloc/certmanager_defaults into develop 
Reviewed-on: unkinben/puppet-prod#123
 2024-02-25 20:42:17 +09:30
Ben Vincent
6bcdda1a93 chore: update vault policy 
- updated vault policy for certificates
 2024-02-25 22:11:31 +11:00
Ben Vincent
974c8ce71d Merge pull request 'fix: restart vault-unseal' (#122) from neoloc/vault_unseal_on_change into develop 
Reviewed-on: unkinben/puppet-prod#122
 2024-02-25 20:03:26 +09:30
Ben Vincent
d1f5d3c09e fix: restart vault-unseal 
- restart vault-unseal when the unseal keys change
 2024-02-25 21:32:01 +11:00
Ben Vincent
495b785518 Merge pull request 'fix: rebuild vault' (#121) from neoloc/vault_update_unseal into develop 
Reviewed-on: unkinben/puppet-prod#121
 2024-02-25 19:51:21 +09:30
Ben Vincent
8112c07ba8 fix: rebuild vault 
- rebuilt vault, updated root token and unseak keys
 2024-02-25 21:19:43 +11:00
Ben Vincent
b1083df6f1 Merge pull request 'fix: vault role fails on new servers' (#120) from neoloc/vault_initial into develop 
Reviewed-on: unkinben/puppet-prod#120
 2024-02-25 19:43:04 +09:30
Ben Vincent
48e0bd6796 fix: vault role fails on new servers 
- vault server fails on new servers
- move unseal class to be included after vault class
 2024-02-25 21:06:37 +11:00
Ben Vincent
bc3084a1e7 Merge pull request 'feat: certmanager output as json' (#119) from neoloc/certmanager_json into develop 
Reviewed-on: unkinben/puppet-prod#119
 2024-02-25 18:03:56 +09:30
Ben Vincent
f6110f534c feat: certmanager output as json 
- prepare certmanager for pki::vault class
- allow puppet to read certmanager config
 2024-02-25 19:31:32 +11:00
Ben Vincent
4cdba982fe Merge pull request 'feat: add certmanager helper' (#118) from neoloc/certmanager into develop 
Reviewed-on: unkinben/puppet-prod#118
 2024-02-19 19:53:36 +09:30
Ben Vincent
7f03bc5c76 feat: add certmanager helper 
- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only
 2024-02-19 21:20:50 +11:00
Ben Vincent
cd369d8fef Merge pull request 'refacter: renamed facts to libs' (#117) from neoloc/lib_module into develop 
Reviewed-on: unkinben/puppet-prod#117
 2024-02-17 21:34:34 +09:30
Ben Vincent
1030ba460e refacter: renamed facts to libs 2024-02-17 23:03:54 +11:00
Ben Vincent
e10bed689c Merge pull request 'refacter: cleanup packages setup' (#116) from neoloc/package_changes into develop 
Reviewed-on: unkinben/puppet-prod#116
 2024-02-17 21:30:49 +09:30
Ben Vincent
9be1e19900 Merge pull request 'fix: fact was misspelled' (#115) from neoloc/mariadb_fixes into develop 
Reviewed-on: unkinben/puppet-prod#115
 2024-02-17 21:30:27 +09:30
Ben Vincent
1a33465c7a Merge pull request 'refacter: tidy facts' (#114) from neoloc/move_facts into develop 
Reviewed-on: unkinben/puppet-prod#114
 2024-02-17 21:29:55 +09:30
Ben Vincent
1f7b347ef4 refacter: tidy facts 
- create a facts module, move all facts to this module
 2024-02-17 22:57:36 +11:00
Ben Vincent
12ff053c6d refacter: cleanup packages setup 2024-02-17 22:49:32 +11:00
Ben Vincent
d92c13525c fix: fact was misspelled 
- fixed fact name
 2024-02-17 21:19:55 +11:00
Ben Vincent
73a21059f8 Merge pull request 'feat: add vault server profile' (#113) from neoloc/vault_server into develop 
Reviewed-on: unkinben/puppet-prod#113
 2024-02-17 19:48:13 +09:30
Ben Vincent
fe05c86463 feat: add vault server profile 
- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
 2024-02-17 21:12:12 +11:00
Ben Vincent
c690fe5816 Merge pull request 'fix: use fact to determine if selinux in use' (#112) from neoloc/selinux_enhancements into develop 
Reviewed-on: unkinben/puppet-prod#112
 2024-02-11 19:38:59 +09:30
Ben Vincent
09291da89f fix: use fact to determine if selinux in use 2024-02-11 21:05:48 +11:00
Ben Vincent
f8b30f335b Merge pull request 'feat: add consul server profile' (#111) from neoloc/consul_server into develop 
Reviewed-on: unkinben/puppet-prod#111
 2024-02-11 15:56:24 +09:30
Ben Vincent
8cb6b68b53 feat: add consul server profile 
- install/configure consul
- install/configure dnsmasq as dns proxy for consul
- add unkin yumrepo definition as source for consul
- update datavol to ensure the /data volume is mounted
 2024-02-11 17:12:35 +11:00