unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
1,096 Commits 18 Branches 0 Tags 3 MiB
b224cfb516
Commit Graph

332 Commits

Author SHA1 Message Date
Ben Vincent
b224cfb516 fix: cattle-system namespace (#399) 
- cattle-system namespace is created earlier than helm
- leave namespaces.yaml to manage cattle-system namespace (required
  before installing helm/rancher)

Reviewed-on: #399
 2025-09-21 00:21:41 +10:00
Ben Vincent
571a9b25a7 fix: resolve rke2-server errors (#397) 
- kubectl yaml files must not use underscores
- replace unicode hyphen with ascii hyphen

Reviewed-on: #397
 2025-09-20 18:40:18 +10:00
Ben Vincent
762f415d2d feat: k8s helm rework (#396) 
- remove helm-generated-yaml, replace with helm execs
- template/parameterise ceph csi

Reviewed-on: #396
 2025-09-20 17:40:41 +10:00
Ben Vincent
4e77fb7ee7 feat: manage rancher, purelb, cert-manager (#395) 
This change will install rancher, purelb and cert-manager, then
configure a dmz and common ip pool to be used by loadbalancers. The
nginx ingres controller is configured to use 198.18.200.0 (common) and
announce the ip from all nodes so that it becomes an anycast ip in ospf.

- manage the install of rancher, purelb and cert-manager
- add rancher ingress routes
- add nginx externalip/loadBalancer

Reviewed-on: #395
 2025-09-14 20:59:39 +10:00
Ben Vincent
6e4bc9fbc7 feat: adding rke2 (#394) 
- manage rke2 repos
- add rke2 module (init, params, install, config, service)
- split roles::infra::k8s::node -> control/compute roles
- moved common k8s config into k8s.yaml
- add bootstrap_node, manage server and token fields in rke2 config
- manage install of helm
- manage node attributes (from puppet facts)
- manage frr exclusions for service/cluster network

Reviewed-on: #394
 2025-09-14 13:27:49 +10:00
Ben Vincent
98a433d366 feat: mirror rke2 repo for rhel9 (#392) 
- create rhel9 mirrors for rke2 1.33 and common

Reviewed-on: #392
 2025-09-13 19:49:52 +10:00
Ben Vincent
0665873dc8 feat: update ospf source for learned routes (#388) 
- enable changing the source address for learned ospf routes
- this enables the loopback0 interface to be used as a default src address
- ensure k8s nodes use loopback0 as default src
- ensure incus nodes use loopback0 as default src

Reviewed-on: #388
 2025-09-07 16:09:21 +10:00
Ben Vincent
ae4eb3a5eb fix: set loopback0 as source for consul (#387) 
- fix consul service checks for prodnxsr0001-0008
- ensure the loopback0 interface whats bound too

Reviewed-on: #387
 2025-09-07 15:48:27 +10:00
Ben Vincent
65fb52da55 chore: add user for jelly (#385) 
Reviewed-on: #385
 2025-09-04 20:09:43 +10:00
Ben Vincent
d97cbfd570 chore: update src ips for arr stack (#384) 
- allow the arr stack to reach prowlarr

Reviewed-on: #384
 2025-08-31 18:52:47 +10:00
Ben Vincent
8f5d102945 feat: enabling changing ip for consul client (#383) 
- enable ability to set consul client bind/advertise ip

Reviewed-on: #383
 2025-08-14 22:55:35 +10:00
Ben Vincent
62aade77ff feat: add ceph-dashboard to haproxy (#382) 
- add profile to export haproxy backend
- add new cert for dashboard.ceph.unkin.net
- extend balancemember with ipaddress attribute

Reviewed-on: #382
 2025-08-14 11:06:11 +10:00
Ben Vincent
83bb3e1085 chore: increase client body size for s3 (#381) 
- s3 clients send objects too large for the default body size

Reviewed-on: #381
 2025-08-13 16:41:39 +10:00
Ben Vincent
92728047e7 feat: add ceph rgw (#380) 
- start managing ceph configuration file
- manage ceph-radosgw
- merge the ceph::conf and ceph::node profiles
- ensure the ceph repos exist
- mange nginx frontend and consul service

Reviewed-on: #380
 2025-08-13 12:33:41 +10:00
Ben Vincent
308d97d783 feat: enable plugins for grafana (#378) 
- add method to install plugins for grafana
- ensure victoriametrics-logs-datasource is installed

Reviewed-on: #378
 2025-08-09 17:57:49 +10:00
Ben Vincent
198cee27c2 feat: enable https for vlstorage (#376) 
- attempting to send to http:// fails as vlstorage is using tls
- enable tls on vlselect/vlinsert when writing to vlstorage
- add retention period to vlstorage

Reviewed-on: #376
 2025-08-09 14:34:48 +10:00
Ben Vincent
1c71229fd3 feat: add victorialogs module (#374) 
- add module for victorialogs
- add hieradata for vl insert/select/storage
- manage packages, directories, services, etc
- manage exporting metrics

Reviewed-on: #374
 2025-08-08 23:59:46 +10:00
Ben Vincent
fcd0bc4c74 feat: add victorialogs roles (#372) 
- and hieradata
- empty roles currently

Reviewed-on: #372
 2025-08-07 20:34:42 +10:00
Ben Vincent
75ca7a5685 feat: add frr_exporter class (#369) 
- add frr exporter to all nodes running frr

Reviewed-on: #369
 2025-08-03 16:15:29 +10:00
Ben Vincent
53fabc923b feat: add nzbget_exporter (#368) 
- add nzbget_exporter class
- add exporter to nzbget class

Reviewed-on: #368
 2025-08-03 15:03:29 +10:00
Ben Vincent
5a9241940f feat: export ceph metrics (#367) 
- export cephmgr metrics
- will only be availabe from one host at a time

Reviewed-on: #367
 2025-07-29 18:54:49 +10:00
Ben Vincent
df457306cc feat: add external grafana access (#366) 
- enable access to grafana through haproxy
- ensure grafana cert created from letsencrypt
- enable user access to grafana

Reviewed-on: #366
 2025-07-28 21:07:43 +10:00
Ben Vincent
7fbb87b4b6 feat: add exportarr (#365) 
- add exporters::exportarr
- deploy for radarr, sonarr and prowlarr

Reviewed-on: #365
 2025-07-27 19:47:26 +10:00
Ben Vincent
fd902c1437 feat: create exporters module (#364) 
- upgrade node_exporter, bring managed under exporters module
- upgrade postgres_exporter, bring managed under exporters module
- add flag to cleanup previous iterations of exporters from prometheus module
- fix issues with vmclusster: replication + dedup

Reviewed-on: #364
 2025-07-27 13:28:41 +10:00
Ben Vincent
0e64c9855a feat: add vmcluster module (#363) 
- manage vmstorage package, service and environment file
- manage vmselect package, service and environment file
- manage vminsert package, service and environment file
- manage vmagent package, service and environment file
- manage options for vmstorage, vmselect, vminsert, vmagent role

Reviewed-on: #363
 2025-07-26 18:17:20 +10:00
Ben Vincent
3cfafbac44 feat: enable ceph on k8s nodes (#362) 
- enable enough ceph/frr to join to cephfs
- notify sshd when restarting the network
- update ssh principals to include all ssh interfaces

Reviewed-on: #362
 2025-07-19 20:30:46 +10:00
Ben Vincent
98f1961a07 benvin/ceph_common (#360) 
Reviewed-on: #360
 2025-07-15 20:38:39 +10:00
Ben Vincent
eb1ada8ea5 fix: duplicate declatation (#359) 
- only install ceph-common once

Reviewed-on: #359
 2025-07-15 20:31:09 +10:00
Ben Vincent
ec3e42901a feat: add basic k8s node role (#358) 
- update prodnxsr0001-8 to use networkd
- add basic k8s node role

Reviewed-on: #358
 2025-07-15 20:18:17 +10:00
Ben Vincent
de6e7d0ba9 feat: add vmagent role (#356) 
- add vmagent role for vicmet

Reviewed-on: #356
 2025-07-13 17:20:58 +10:00
Ben Vincent
780a97dfe4 feat: add new cobbler master (#355) 
- change cobbler.main.unkin.net to 2098

Reviewed-on: #355
 2025-07-12 20:31:43 +10:00
Ben Vincent
7d87e11e79 feat: add victoria metrics roles (#350) 
- add vmstorage, vmselect and vminsert roles
- base roles, only adding packages
- preparation for standing up a vicmet cluster

Reviewed-on: #350
 2025-07-08 20:34:46 +10:00
Ben Vincent
2d9faf578f feat: add unkin.net domain (#347) 
- manage the unkin.net domain
- ensure forwarding for unkin.net
- split domain from cname list and set zone correctly
- add fafflix to cnames list for haproxy2

Reviewed-on: #347
 2025-07-06 20:02:20 +10:00
Ben Vincent
0063f68bc6 feat: enable external access to gitea (#344) 
- add git.unkin.net to certbot
- export haproxy resources for gitea
- add be_gitea to haproxy, import the certbot cert
- update the ROOT_URL for gitea instances

Reviewed-on: #344
 2025-07-06 13:47:56 +10:00
Ben Vincent
372d99893a core: fix ROOT_URL (#343) 
- root_url is used for docker authentication
- access to git.unkin.net is not yet ready

Reviewed-on: https://git.query.consul/unkin/puppet-prod/pulls/343
 2025-07-06 13:20:27 +10:00
Ben Vincent
2317d0af59 feat: expose gitea metrics (#340) 
- add a gitea-metrics service to consul
- tag as metrics for victoria metrics
- check the /metrics endpoint (bypass nginx)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/340
 2025-07-06 12:01:57 +10:00
Ben Vincent
cf0ff85b70 fix: manage git user (#339) 
- prevent different gid/uid for git users when deploying cluster
- only add sudo conf when sudo_rules is a list

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/339
 2025-07-06 11:27:35 +10:00
Ben Vincent
359ce101f1 feat: add indexer for git (#338) 
- reuse the database for the indexer

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/338
 2025-07-05 17:12:38 +10:00
Ben Vincent
b6c959d368 feat: use redis for cache/queue (#337) 
- use gitea redis cluster for queue/cache
- use redis+sentinel url (pass required for redis and sentinel)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/337
 2025-07-05 16:42:01 +10:00
Ben Vincent
b976f2063a feat: deploy redis for git (#336) 
- deploy redis/sentinel ha cluster for git
- update redis to 7 (required for almalinux 9)
- enable requirepass/masterauth

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/336
 2025-07-05 15:51:28 +10:00
Ben Vincent
93049707e7 benvin/gitea_cluster (#335) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/335
 2025-07-05 14:49:56 +10:00
Ben Vincent
a9faa098ee benvin/grafana_postgres (#334) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/334
 2025-07-01 19:07:24 +10:00
Ben Vincent
61d912de30 feat: update password for grafana service account (#333) 
- updated grafana password

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/333
 2025-06-30 20:22:18 +10:00
Ben Vincent
aab3eaf9e7 feat: add grafana service to ldap (#331) 
- add grafana service account for binding
- add grafana_user group
- add users to group

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/331
 2025-06-30 19:17:56 +10:00
Ben Vincent
49ff7cc3ab feat: add toml puppet gem (#329) 
- required for ldap support in grafana

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/329
 2025-06-30 19:02:37 +10:00
Ben Vincent
d1e63ad18b feat: add shared pgsql instance (#328) 
- add shared pgsql instance
- use patroni

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/328
 2025-06-29 17:25:59 +10:00
Ben Vincent
99b312669b benvin/dhcp_failover (#327) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/327
 2025-06-29 13:36:16 +10:00
Ben Vincent
3bb2a5dbad fix: enable health check from haproxy2 (#324) 
- tactical fix: enable dmz subnets container access to health url

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/324
 2025-06-28 17:04:25 +10:00
Ben Vincent
770fd643ac feat: add haproxy2 role (#322) 
- add basic haproxy2 role
- add peers and resolvers
- add haproxy2+ metrics frontend

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/322
 2025-06-28 16:20:06 +10:00
Ben Vincent
bd9e08dc24 feat: cleanup hieranodes settings (#321) 
- migrate hieranodes values to roles yaml
- rename anycast ip keys to be similar

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/321
 2025-06-21 23:16:34 +10:00