febd98d316
chore: cleanup yum repos
...
- cleanup yum repos on first run
2024-06-27 21:59:27 +10:00
40ff5f7d92
feat: deploy radarr
...
- manage ens19 nic on ausyd1nxvm1040
- manage cephfs storage
2024-06-26 22:57:36 +10:00
679a4203a9
chore: duplicate resource
2024-06-26 22:42:17 +10:00
b90c6468b3
chore: add facts/motd to firstrun
2024-06-26 22:37:17 +10:00
3b907159f1
chore: change eth0 to ens18
2024-06-23 16:47:46 +10:00
803a0ac01d
Merge pull request 'neoloc/cephfs' ( #54 ) from neoloc/cephfs into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/54
2024-06-23 15:34:04 +10:00
82ed27cf56
feat: add sonarr profile
...
- add cephfs secret for mounting mediafs
- add ceph-reef repo for apps::media roles
- add the shared cephfs mediafs mount
2024-06-23 15:33:40 +10:00
5631f07e6e
feat: add cephfs shared volume define
...
- add ceph class to manage ceph client configuration/packages
- add cephfs define for mounting volumes
- add ceph keyring define to manage secrets used to mount cephfs
2024-06-23 15:33:33 +10:00
548076728a
feat: swap networkmanager for network service
2024-06-22 16:31:03 +10:00
f5a9eaef4a
fix: proxmox ceph services use different network
...
- set the consul services for ceph mon, mds, mgr and osd to report the ceph
cluster interface
2024-06-22 00:45:17 +10:00
8548ef0284
Merge pull request 'neoloc/sonarr_deploy' ( #48 ) from neoloc/sonarr_deploy into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/48
2024-06-21 22:53:06 +10:00
681f9e3eb8
feat: deploy sonarr
...
- add required hieradata/role data to deploy sonarr
- add nginx simpleproxy
- add consul service/query
- add vault certificates
2024-06-21 22:51:40 +10:00
59b181ed54
Merge pull request 'feat: add ceph mirror to edgecache' ( #43 ) from neoloc/ceph_mirror into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/43
2024-06-21 20:44:08 +10:00
36ad19ffed
feat: add ceph mirror to edgecache
...
- add ceph reef apt and rpm repository to edgecache
- add the centos storage sig gpg
2024-06-21 20:38:54 +10:00
a3ef535bfc
fix: ceph consul check script
...
- add permissions to write ceph-* services to consul
- change from `script` to `args` array
2024-06-19 22:36:04 +10:00
94aed2df9c
feat: add pveceph consul services
...
- refacter the pveceph facts
- define consul services for osd, mgr, mds and mons
2024-06-18 21:14:57 +10:00
c6530e34f6
Merge pull request 'feat: add haproxy exporter' ( #38 ) from neoloc/haproxy_exporter into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/38
2024-06-17 21:36:31 +10:00
5725d092b8
feat: add haproxy exporter
...
- add admin socket for exporter
2024-06-16 20:56:23 +10:00
62cac63f11
feat: add database generation to grafana
...
- ensure a database, user and credential is created for each grafana node
- ensure all databases for a region are included in a mariadb cluster
- refine params with stdlib types
2024-06-16 18:49:59 +10:00
0fe05bb896
Merge branch 'develop' into neoloc/grafana
2024-06-16 00:39:45 +10:00
a901a0b868
feat: puppetserver dropins
...
- change ExecStartPost for crl.pem to two commands
- run `puppet generate types` after starting puppet
2024-06-16 00:11:56 +10:00
58acd83410
feat: manage latest crl for puppet
...
- ensure the latest crl.pem exists on each no-ca puppetserver
- ensure the latest crl.pem is used after each start of puppetserver
2024-06-15 23:32:50 +10:00
cc0a9e132e
Merge pull request 'fix: yumrepo purging' ( #34 ) from neoloc/yumresources into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/34
2024-06-14 23:57:54 +10:00
67f831edaf
fix: yumrepo purging
2024-06-14 23:55:31 +10:00
c9abc779a0
Merge pull request 'fix: yumrepo purge after deploy' ( #33 ) from neoloc/yumresources into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/33
2024-06-14 23:32:41 +10:00
380bb7bcb5
fix: yumrepo purge after deploy
...
- ensure the resources resource for yumrepo runs after deploying yumrepo resources
- rm all almalinux*.repo files before attempting to create yumrepo
resources
2024-06-14 23:21:14 +10:00
82ce3ed4d7
feat: ensure tftpd started on cobbler
2024-06-14 23:11:49 +10:00
cbbcfa3b9e
chore: cleanup old enc class
2024-06-11 20:29:21 +10:00
d4163233f6
Merge branch 'develop' into neoloc/sshsign_hostkeys
2024-06-09 20:38:25 +10:00
52b06dcd8e
feat: manage ssh known hosts
...
- disable use of stored configs for ssh-known-hosts
- manage the /etc/ssh/ssh_known_hosts content
2024-06-09 20:26:34 +10:00
57b935b33e
Merge pull request 'neoloc/networking' ( #21 ) from neoloc/networking into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/21
2024-06-08 17:08:51 +10:00
06545c6298
feat: change hiera_include, hiera_exclude
...
- change hiera_classes to hiera_include
- add method to remove classes from hiera_include through hiera_exclude
2024-06-08 17:07:58 +10:00
aaf482c9b9
feat: manage the facts soft limit
...
- set the facts soft limit for agents and servers
- prevent warnings about reaching the default 2048 soft limit
2024-06-08 13:56:53 +10:00
6822a39dc3
fix: make ntp check script executable
2024-06-03 20:23:23 +10:00
da3444e49f
feat: create ntp consul service
...
- create consul policy for ntp servers
- add consul service check and check script
2024-06-02 19:23:39 +10:00
b468f67103
feat: sign ssh host keys
...
- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
2024-06-01 22:51:42 +10:00
cc7165055d
Merge pull request 'feat: refacter gitea profile' ( #7 ) from neoloc/gitea_refactor into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/7
2024-06-01 17:28:28 +10:00
4bd3310ea8
feat: refacter gitea profile
...
- move more data to hiera
- change how the custom_configuration is made
2024-06-01 17:16:37 +10:00
4b4272250a
Merge branch 'develop' into neoloc/grafana
2024-06-01 14:47:06 +10:00
3dfe9b9b73
Merge pull request 'feat: puppetdb sql updates' ( #5 ) from neoloc/puppetdb_sql into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/5
2024-06-01 14:36:27 +10:00
fab4ea5998
feat: add gitea classes
...
- add basic gitea class
2024-05-28 23:14:36 +10:00
7c0bf4a398
feat: vault use vault
...
- change vault to use vault ephemeral certificates
- remove nginx frontend to vault
2024-05-26 01:06:48 +10:00
22af602510
Merge pull request 'feat: puppet::client multiple altnames' ( #221 ) from neoloc/puppetdbapi_certs into develop
...
Reviewed-on: unkinben/puppet-prod#221
2024-05-22 22:42:59 +09:30
0901595de9
feat: puppet::client multiple altnames
...
- puppet clients can not request multiple dns alt_names
- set puppetdbapi hosts to request multiple certificates
2024-05-22 23:05:34 +10:00
349547c4bc
feat: puppetboard on consul
...
- updated nginx param types
- add nginx aliases, merge with vhost, use as server_names
- add additional vault alt-names
- add prepared query for puppetboard
2024-05-22 22:54:54 +10:00
770c8cc159
feat: update hiera key for puppetdb api/sql
...
- changed to use puppetdbapi and puppetdbsql hiera keys
- updated all classes that referenced old values
2024-05-22 22:18:32 +10:00
f6bf504416
Merge branch 'develop' into neoloc/syd1_puppetdb
2024-05-22 22:11:04 +10:00
39aa6e114e
feat: puppetdb sql updates
...
- add consul support
- enable local script checks in consul agents
- add a test DB/User for consult to verify the psql instance is running
- manage the postgresql repo and gpg key
2024-05-22 22:05:54 +10:00
598a8c0f52
feat: firstrun optimisations
...
- download gpg keys if gpgkey is defined
- ensure the profiles::defaults is called first
2024-05-19 23:11:11 +10:00
dde8d5978d
feat: firstrun improvements
...
- add fact to detect firstrun
- run a limited subset of classes on firstrun
- firstrun: includes:
- vault ca certificates
- yum/apt repositories
- fast-install packages with an exec
2024-05-19 21:28:14 +10:00
