3e98ced8da
feat: change nginx to use vault ssl certs
...
- update packagerepo webserver class to allow using ssl
2024-03-03 14:53:36 +11:00
8009b59514
feat: automatically generate vault certs
...
- certificate will be generated for:
- fqdn
- hostname
- primary ip address
- localhost
- 127.0.0.1
- update base profile to generate vault certificate for all
- create facts for use with vault_certs
2024-03-03 13:38:52 +11:00
36c2e6afaa
fix: ssl warning breaks puppet run
...
- remove ssl warning for certmanager temporarily
2024-02-25 23:04:43 +11:00
974c8ce71d
Merge pull request 'fix: restart vault-unseal' ( #122 ) from neoloc/vault_unseal_on_change into develop
...
Reviewed-on: unkinben/puppet-prod#122
2024-02-25 20:03:26 +09:30
d1f5d3c09e
fix: restart vault-unseal
...
- restart vault-unseal when the unseal keys change
2024-02-25 21:32:01 +11:00
48e0bd6796
fix: vault role fails on new servers
...
- vault server fails on new servers
- move unseal class to be included after vault class
2024-02-25 21:06:37 +11:00
f6110f534c
feat: certmanager output as json
...
- prepare certmanager for pki::vault class
- allow puppet to read certmanager config
2024-02-25 19:31:32 +11:00
7f03bc5c76
feat: add certmanager helper
...
- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only
2024-02-19 21:20:50 +11:00
e10bed689c
Merge pull request 'refacter: cleanup packages setup' ( #116 ) from neoloc/package_changes into develop
...
Reviewed-on: unkinben/puppet-prod#116
2024-02-17 21:30:49 +09:30
9be1e19900
Merge pull request 'fix: fact was misspelled' ( #115 ) from neoloc/mariadb_fixes into develop
...
Reviewed-on: unkinben/puppet-prod#115
2024-02-17 21:30:27 +09:30
1f7b347ef4
refacter: tidy facts
...
- create a facts module, move all facts to this module
2024-02-17 22:57:36 +11:00
12ff053c6d
refacter: cleanup packages setup
2024-02-17 22:49:32 +11:00
d92c13525c
fix: fact was misspelled
...
- fixed fact name
2024-02-17 21:19:55 +11:00
73a21059f8
Merge pull request 'feat: add vault server profile' ( #113 ) from neoloc/vault_server into develop
...
Reviewed-on: unkinben/puppet-prod#113
2024-02-17 19:48:13 +09:30
fe05c86463
feat: add vault server profile
...
- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
2024-02-17 21:12:12 +11:00
09291da89f
fix: use fact to determine if selinux in use
2024-02-11 21:05:48 +11:00
Ben Vincent
f8b30f335b
Merge pull request 'feat: add consul server profile' ( #111 ) from neoloc/consul_server into develop
...
Reviewed-on: unkinben/puppet-prod#111
2024-02-11 15:56:24 +09:30
8cb6b68b53
feat: add consul server profile
...
- install/configure consul
- install/configure dnsmasq as dns proxy for consul
- add unkin yumrepo definition as source for consul
- update datavol to ensure the /data volume is mounted
2024-02-11 17:12:35 +11:00
Ben Vincent
a0434fc7b5
Merge pull request 'feat: cleanup reposync conf files' ( #110 ) from neoloc/cleanup_reposync_conf into develop
...
Reviewed-on: unkinben/puppet-prod#110
2024-02-10 14:15:00 +09:30
71c316e7ae
feat: cleanup reposync conf files
...
- add feature to /etc/reposync/conf.d to ensure the subfiles are cleaned
up when they are not defined
2024-02-10 15:37:24 +11:00
Ben Vincent
4bce524b49
Merge pull request 'feat: puppet wrapper replace dot' ( #108 ) from neoloc/puppetwrapper_dot into develop
...
Reviewed-on: unkinben/puppet-prod#108
2024-02-10 14:02:48 +09:30
a054a94d98
feat: puppet wrapper replace dot
...
- set puppet wrapper to replace '.' with '_' in the branch name
2024-02-10 15:31:45 +11:00
8332d4f374
fix: recursive restorecon for reposync
...
- set reposync to restore selinux controls on all files in the new
snap_path
2024-02-10 15:19:12 +11:00
db23e203c6
fix: fix minio certificate param
...
- change enum['string', undef] to an optional param so undef can be set
2024-01-05 22:00:10 +11:00
d8751ac6c8
feat: add minio profile
...
- add additional modules in Puppetfile
- update puppetlabs-lvm to 2.1.0
- add facts.d base path to hieradata
- add infra/storage and infra/storage/minio role data to hieradata
- add new facts for minio setup status
- add a static yaml minio-facts file to assist dynamic ruby facts
- updated hiera with additional directories (country/{role,region})
2024-01-05 21:44:41 +11:00
Ben Vincent
a049338c9d
Merge pull request 'feat: install bind-utils' ( #98 ) from neoloc/add_bind_utils into develop
...
Reviewed-on: unkinben/puppet-prod#98
2023-12-26 14:58:10 +09:30
a144e4ec2d
feat: install bind-utils
2023-12-26 16:27:28 +11:00
Ben Vincent
920f12b45e
Merge pull request 'feat: add/update location facts' ( #97 ) from neoloc/location_facts into develop
...
Reviewed-on: unkinben/puppet-prod#97
2023-12-26 13:23:17 +09:30
dbec0222b3
feat: add/update location facts
...
- add country fact, change region to exclude country string
2023-12-26 14:51:40 +11:00
42211ddf7d
Merge pull request 'feat: add new datavol' ( #96 ) from neoloc/datavol_define into develop
...
Reviewed-on: unkinben/puppet-prod#96
2023-12-24 12:45:36 +09:30
ff83769ffc
Merge pull request 'feat: add region fact' ( #95 ) from neoloc/region_fact into develop
...
Reviewed-on: unkinben/puppet-prod#95
2023-12-24 12:44:15 +09:30
7431ebf51c
feat: add region fact
...
- add fact that maps primary ip subnet to a region code
- defaults to 'lost' if there is no subnet to region mapping
2023-12-24 14:12:54 +11:00
0c1548fbd8
feat: add new datavol
...
- add datavol define to replace the datavol class, which has more
flexibility through additional params, and the ability to call it
multiple times for multiple datavolumes
2023-12-24 12:54:09 +11:00
f9562a9109
fix: check for python3_version
...
- check for python3 version before attempting to setup node_lookup
2023-12-18 23:51:39 +11:00
b6c7e3fd2d
Merge pull request 'feat: add selinux support to puppetboard' ( #92 ) from neoloc/nginx_selinux into develop
...
Reviewed-on: unkinben/puppet-prod#92
2023-12-11 20:46:30 +09:30
bf729d9b11
feat: add selinux support to puppetboard
...
- required to allow nginx to reach puppetdb
2023-12-11 22:14:45 +11:00
5b75cf735a
feat: manage ruby/puppet gems
...
- manage installation of puppet_gem packages for puppetmasters
2023-12-11 22:07:23 +11:00
254c9f1358
feat: configure grafana
...
- create grafana class
- configure database with db export, and db parameters
2023-12-11 21:46:53 +11:00
685d7db264
feat: add nodelookup
...
- add helper script to make quering puppetdb easier and more efficient
2023-12-11 21:15:48 +11:00
d998fbd85a
Merge branch 'develop' into neoloc/mariadbgalera
2023-12-10 16:34:42 +11:00
11a98b16bb
feat: setup galera cluster member profile
...
- add eyaml support for role
- add /data volume for galera cluster members
- create profiles::selinux namespace for defining selinux configuration
- create profiles::selinux::mysqld for managing specifics for mysqld
- create profiles::selinux::setenforce to manage selinux mode
- parameterised options required in mysqld::server module
- add mariadb repo
- add additional facts for managing mysqld and galera
2023-12-10 16:31:57 +11:00
a9aabfa161
fix: failed to test previously
...
- change next's outside of a loop to a single if statement
2023-12-08 21:32:32 +11:00
ebd20a5e5a
feat: mysql wsrep_ facts
...
- add facts generated from mysql's wsrep status variables
2023-12-08 21:25:01 +11:00
d261e3348d
Merge pull request 'feat: add/remove capabilities for packages' ( #86 ) from neoloc/base_packages_refactor into develop
...
Reviewed-on: unkinben/puppet-prod#86
2023-12-03 16:38:17 +09:30
53c54f982a
Merge pull request 'feat: setup/manage dnf-autoupdate' ( #85 ) from neoloc/dnf_autoupdate into develop
...
Reviewed-on: unkinben/puppet-prod#85
2023-12-03 16:37:56 +09:30
d8ff9ddb11
feat: setup/manage dnf-autoupdate
...
- create service to run dnf update
- create timer to call the service
- manage settings via params
2023-12-03 18:05:01 +11:00
8f04de2b52
feat: add/remove capabilities for packages
...
- add deepmerge lookup_options
- add packages to remove and packages to add to profiles::packages::base class
2023-12-03 17:24:58 +11:00
6e185ee248
Merge pull request 'feat: split agent service/package from config' ( #84 ) from neoloc/split_puppet_agent into develop
...
Reviewed-on: unkinben/puppet-prod#84
2023-12-03 15:20:51 +09:30
08c14c2329
feat: split agent service/package from config
...
- split package/service from config so puppetservers agents can be
managed in the same was as clients
2023-12-03 16:49:38 +11:00
8a6b3ef0fb
feat: add mirrorlist capability to reposyncer
...
- add mirrorlist param to reposyncer repos
- update almalinux 8.8 repos to use mirrorlist
- add almalinux 8.9 repos
2023-12-03 00:16:01 +11:00
1ccd8141ab
feat: add cname for repos
2023-11-29 23:13:17 +11:00
705c02c3a1
feat: fix selinux permissions each sync
...
- restorecon on each sync, to update selinux for new files/directories
2023-11-27 23:19:01 +11:00
10a6085b84
fix: resolve prometheus issues
...
- broken prometheus::server config, resolve conflicts
- move hieradata for role to match role, not profile
2023-11-21 20:03:26 +11:00
663b10e5a5
Merge branch 'develop' into neoloc/prometheus
2023-11-21 19:40:17 +11:00
a5207eb717
feat: add prometheus server
...
- bump enc, include prometheus server nodes
- add prometheus role and server class
2023-11-21 19:38:22 +11:00
dffc97ad4c
chore: reorganise ntp server
...
- bump enc to match changes
- change ntp client to find servers through puppetdb query
- changed default ntp servers to publicly available nodes
2023-11-18 19:18:14 +11:00
92269ae94b
Merge branch 'develop' into neoloc/node_exporter
2023-11-17 23:20:02 +11:00
6b9d9e6aa7
Merge branch 'develop' into neoloc/resolvconf
2023-11-17 23:17:59 +11:00
Ben Vincent
7cc1a1ddc0
Merge pull request 'feat: manage qemu-agent' ( #66 ) from neoloc/qemuagent into develop
...
Reviewed-on: unkinben/puppet-prod#66
2023-11-17 21:46:08 +09:30
a21b7ffc96
feat: setup metrics agents
...
- set puppet::puppetdb_api class to export puppetdb
- set infra::dns::server class to export bind
- set all to export node and systemd metrics
2023-11-17 23:12:37 +11:00
d6f3262836
feat: manage qemu-agent
2023-11-17 22:25:43 +11:00
8d80fa3c51
feat: manage cloudinit
...
- add/remove cloud-init, default to remove
2023-11-17 22:17:24 +11:00
fdb13b7338
feat: find resolvers by role
...
- use puppetdbquery module to query puppetdb for resolvers
- move dns client config to profiles::dns::base
- manage the /etc/resolv.conf file
2023-11-17 21:54:20 +11:00
c996c9b7e3
fix: enable dynamic/tsig updates
...
- add eyaml to hiera.yaml
- consolidate all paths into single tree
- change to new profiles::dns::client wrapper
- change to new profiles::dns::record wrapper
- change to use concat method to build zone file
2023-11-16 21:40:16 +11:00
49f31edb03
Merge branch 'develop' into neoloc/bind_resolver
2023-11-13 21:55:21 +11:00
76b54fc59d
feat: add dns resolver/master classes
...
- define resolver and master dns server
- export A and PTR records from dns clients
- collect exported resources for master
- create hiera structure for acls, zones and views
2023-11-13 21:42:57 +11:00
b2844c4b3a
fix: updated path for gpg keys
2023-11-12 17:26:58 +11:00
cc77cc7ded
feat: change to use local mirror
...
- change almalinux and epel *.repo files on nodes to use local package mirror
- add option to purge yumrepo resources, default to true
- add versionlocking to yum, enable it for puppet-agent
2023-11-12 17:17:59 +11:00
48ea444e7c
fix: resolved issue with repodata
...
- repodata was being created in the wrong location
- update script to create in the path where the new snap exists
2023-11-12 15:48:30 +11:00
Ben Vincent
5276731d23
Merge pull request 'fix: datavol profile doesnt create the mountpoint' ( #56 ) from neoloc/datavol_create_mountpath into develop
...
Reviewed-on: unkinben/puppet-prod#56
2023-11-12 12:55:29 +09:30
Ben Vincent
79e37d9dae
Merge pull request 'refactor: move to ruby-script facts' ( #53 ) from neoloc/additional_enc_facts into develop
...
Reviewed-on: unkinben/puppet-prod#53
2023-11-11 22:15:42 +09:30
1b9a4f7832
refactor: move to ruby-script facts
...
- change enc_role_path fact to be ruby
- add enc_role_tier1, enc_role_tier2 and enc_role_tier3
- add new paths to hiera.yaml
2023-11-11 23:41:48 +11:00
9bfae72d2e
Merge branch 'develop' into neoloc/ntpserver
2023-11-11 00:14:03 +11:00
f73c16bca2
feat: add enc_role_path fact
2023-11-11 00:03:12 +11:00
9cb730d116
feat: add ntp server/client
...
- add ntp client and server class
- add ntp server role
- update hiera.yaml to work with enc_role
- cleanup base profile
2023-11-10 23:59:10 +11:00
19836e2069
feat: adding reposync wrapper and tooling
...
- add autosyncer/autopromoter scripts
- add timer and service to initial sync process
- add timer/service for daily/weekly/monthly autopromote
- add define to manage each repo
- add nginx webserver to share repos
- add favion.ico if enabled
- add selinux management, and packages for selinux
- cleanup package management, sorting package groups into package classes
2023-11-08 23:16:56 +11:00
d11dcc0b24
fix: datavol profile doesnt create the mountpoint
...
- add file resource to create the required mountpath
- add Array[Enum[]] for mount_options
- fix mount to ensure the mount_options are used
- remove pass and dump options, leave as defaults
2023-11-06 19:31:35 +11:00
cb9af5a2a8
fix: variant regex results in error
...
- update the $size variant regex so it actually matches correctly
- default $size to undef, which results in 100%FREE
2023-11-05 18:11:53 +11:00
6bbc14136f
Merge branch 'develop' into neoloc/datavol
2023-11-05 17:40:19 +11:00
def2561e6c
feat: add datavol class to manage /data
...
- included puppetlabs-lvm module
- created profiles::base::datavol to:
- create pv, vg, lv and format the filesystem and mount it
2023-11-05 17:37:10 +11:00
56518f1fcb
feat: change enc repo to be tagged
...
- enc repository will download a specific tag
- defaults to master
- hiera set to release tag '0.1'
2023-11-04 20:36:08 +11:00
0cc0bacad3
feat: add motd and facts
...
- use parameters created by the enc to create external facts
- use external facts to generate the motd
- use features from unkinben/puppet-enc#22
2023-11-04 20:11:20 +11:00
Ben Vincent
89653912cb
Merge pull request 'feat: manage puppet clients' ( #35 ) from neoloc/puppetclient into develop
...
Reviewed-on: unkinben/puppet-prod#35
2023-10-29 18:59:52 +09:30
130669a130
feat: manage puppet clients
...
- manage the service
- manage the package, version lock it
- deploy the /etc/puppetlabs/puppet/puppet.conf from template for puppet
clients only
2023-10-29 20:26:39 +11:00
Ben Vincent
cf26d2d2e7
Merge pull request 'feat: add puppetboard role' ( #34 ) from neoloc/puppetboard into develop
...
Reviewed-on: unkinben/puppet-prod#34
2023-10-29 18:06:27 +09:30
46c3eb9597
feat: add puppetboard role
...
- add nginx module to manage reverse proxy on host level
- add puppetboard venv
- add gunicorn instance
- add script to start the gunicorn instance
- add nginx vhost
2023-10-29 19:33:11 +11:00
0171a82d58
feat: add features to puppet.conf
...
- reports, for sending reports to puppetdb
- usecacheonfailure, to show faulures in puppetboard (when set to false)
2023-10-23 22:37:41 +11:00
ef0d865845
Merge pull request 'feat: split puppetdb role into api and sql' ( #32 ) from neoloc/puppetdb2 into develop
...
Reviewed-on: unkinben/puppet-prod#32
2023-10-22 20:30:43 +09:30
e682462917
feat: split puppetdb role into api and sql
...
- add puppetdb_api and puppetdb_sql role
- add puppetdb_api and puppetdb_sql profile
- add prodinf01n05 to /etc/hosts file
- set listen_address for all services to be hosts ip
- set storeconfigs and storeconfigs_backend to be managed by puppetmaster profile
2023-10-22 21:55:50 +11:00
6bb52f2a15
feat: add firewalld management profile
...
- basic profile to enable/disable, and install/remove
- defaulting to enabled and installed, but set to disabled and removed
in hiera
2023-10-22 19:54:10 +11:00
f772215630
fix: found typo in r10k script
2023-10-22 01:30:57 +11:00
2faed5de72
Merge pull request 'fix: set the puppetdb_host correctly' ( #29 ) from neoloc/puppetdb_server_loc into develop
...
Reviewed-on: unkinben/puppet-prod#29
2023-10-21 23:17:00 +09:30
c6c36e8351
fix: set the puppetdb_host correctly
...
- change the puppetdb::master::config from include to class statement
- set the puppetdb_host value to match what is stored in hiera
- disable firewall management on the puppetdb host
2023-10-22 00:40:12 +11:00
95434214a9
feat: add management of /etc/hosts
...
- add class to manage the /etc/hosts file
- add static hosts to /etc/hosts file via hiera array/hash
2023-10-22 00:34:22 +11:00
e847954e03
Merge branch 'develop' into neoloc/puppet_wrapper
2023-10-22 00:00:52 +11:00
86a6c1bd96
feat: add sudo secure_path
...
- update the sudo class from an include to a definition
- set the secure_path variable to include /usr/local/{bin,sbin}
2023-10-21 23:52:48 +11:00
ac27a9ce0b
Merge branch 'develop' into neoloc/puppetdb
2023-10-21 23:30:40 +11:00
080cdd8884
Setup PuppetDB/Puppetboard
...
- install modules required
- puppetdb
- postgresql
- puppetboard
- python
- create new profiles to manage each item (puppetdb/puppetboard)
- added puppetdb role
- include the puppetdb::master::config in puppetmaster role
- re-organised the puppetfile
- moved python to be managed by the python module
- added postgresql to list of managed repos
2023-10-21 23:11:40 +11:00
2b11a9417c
Account/Sudo management
...
- imported account and sudo puppet modules
- created account management wrapper
- defined sysadmin account, set to be created on all nodes
- removed sudo from base packages as its managed by sudo module now
2023-08-29 23:25:10 +10:00
d2fb3cff27
Merge branch 'develop' into feature/default_environment
2023-08-26 19:50:54 +10:00
afb30f9dce
Updated dns_alt_names for puppetmaster
2023-08-26 19:45:43 +10:00
116342bdaa
Added class to manage a default set of scripts
...
- included scripts into profiles::base
- updated hiera with list of scripts to create and their template name
- created template for a puppet wrapper
2023-08-26 16:11:53 +10:00
efc769191e
Adding a default environment
...
- set through puppet.conf
- created symbolic link from develop -> production in code/environments
- changed puppet-g10k script to be generated from a template
- parameterised g10k into hieradata
2023-08-26 15:36:35 +10:00
c96676e143
Updated autosign
...
- added way to manage individual nodes
- added defaults for domains, subnets and nodes
- updated comments and doc
2023-08-26 01:00:31 +10:00
5b4a17b77a
Changed to a simple autosign method
2023-08-26 00:49:21 +10:00
8fb922d5fb
Merge pull request 'Added a new profile to manage common packages' ( #7 ) from feature/base_packages into develop
...
Reviewed-on: unkinben/puppet-prod#7
2023-07-02 14:30:53 +09:30
d48283734c
Added a new profile to manage common packages
...
* will by default pull data from hiera
* could change it on a per-distro/role basis
* requires stdlib for ensure_packages
2023-07-02 14:55:02 +10:00
8663d446d3
Merge pull request 'Added default resource settings' ( #6 ) from fix/global_exec_path into develop
...
Reviewed-on: unkinben/puppet-prod#6
2023-07-02 13:53:49 +09:30
d7a7198497
Added default resource settings
...
* added profiles::default class in defaults.pp file
* imported into all roles
* cleaned up some duplicated code
2023-07-02 14:21:09 +10:00
e519b2aeff
Changed source for package to be url
...
* this removes the need to manually download/store the file, then
pass it to the dpkg package manager
2023-07-02 14:13:50 +10:00
87f174df33
Added Debian components
...
* added debian components for Debian12 and Debian11
* added apt module to puppetfile
* removed /etc/apt/sources.list management, done by apt module
* added profiles::apt::puppet7
2023-07-01 22:38:25 +10:00
46a95d756a
Merge pull request 'Added a base role' ( #3 ) from feature/base_role into develop
...
Reviewed-on: unkinben/puppet-prod#3
2023-06-27 20:13:27 +09:30
b12e3471f3
Merge branch 'develop' into feature/apt_repository
2023-06-27 20:10:44 +09:30
c00821763e
Added a base role
...
* base role imports the base profile
* updated profiles::base to work with debian family
2023-06-27 20:37:06 +10:00
754241bcf2
Added class to manage installing the git client
2023-06-26 20:06:15 +10:00
45a9639346
Changed r10k to update every 5 minutes
2023-06-26 20:02:08 +10:00
5d758da66e
Added r10k repo management
...
* added profile to download puppet-r10k, add a script to pull changes,
and scheduled it to happen automatically with systemd timer/service
* added to the puppetmaster profile
* updated hieradata
2023-06-26 19:42:15 +10:00
4e30d9b6d9
Added boilerplate for debian host management
...
* added apt repo management
* added switcher based on OS to base.pp
2023-06-26 19:20:05 +10:00
f1f39ef4e3
Changed to vox systemd module
...
* updated Puppetfile
* updated puppet-enc timer/service
* updated puppet-g10k timer/service
2023-06-25 14:46:09 +10:00
5ee4891157
Add a switch to check for os family
...
This is so I can include either apt or yum/dnf based profiles. This can
be expanded easily if new families are added, or if new base role
includes are added that are different based on the family of the os.
2023-06-25 14:36:23 +10:00
7a789ceaee
Renamed role/profile directories
...
* renamed role to roles
* renamed profile to profiles
* cleaned up all profiles/roles/hieradata to match new paths
2023-06-25 14:36:23 +10:00
1b7e807c0e
Renamed role/profile directories
...
* renamed role to roles
* renamed profile to profiles
* cleaned up all profiles/roles/hieradata to match new paths
2023-06-25 13:06:36 +10:00
