unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
739 Commits 18 Branches 0 Tags 3 MiB
cc01259a64
Commit Graph

331 Commits

Author SHA1 Message Date
Ben Vincent
94aed2df9c feat: add pveceph consul services 
- refacter the pveceph facts
- define consul services for osd, mgr, mds and mons
 2024-06-18 21:14:57 +10:00
Ben Vincent
c6530e34f6 Merge pull request 'feat: add haproxy exporter' (#38) from neoloc/haproxy_exporter into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/38
 2024-06-17 21:36:31 +10:00
Ben Vincent
5725d092b8 feat: add haproxy exporter 
- add admin socket for exporter
 2024-06-16 20:56:23 +10:00
Ben Vincent
62cac63f11 feat: add database generation to grafana 
- ensure a database, user and credential is created for each grafana node
- ensure all databases for a region are included in a mariadb cluster
- refine params with stdlib types
 2024-06-16 18:49:59 +10:00
Ben Vincent
0fe05bb896 Merge branch 'develop' into neoloc/grafana 2024-06-16 00:39:45 +10:00
Ben Vincent
a901a0b868 feat: puppetserver dropins 
- change ExecStartPost for crl.pem to two commands
- run `puppet generate types` after starting puppet
 2024-06-16 00:11:56 +10:00
Ben Vincent
58acd83410 feat: manage latest crl for puppet 
- ensure the latest crl.pem exists on each no-ca puppetserver
- ensure the latest crl.pem is used after each start of puppetserver
 2024-06-15 23:32:50 +10:00
Ben Vincent
cc0a9e132e Merge pull request 'fix: yumrepo purging' (#34) from neoloc/yumresources into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/34
 2024-06-14 23:57:54 +10:00
Ben Vincent
67f831edaf fix: yumrepo purging 2024-06-14 23:55:31 +10:00
Ben Vincent
c9abc779a0 Merge pull request 'fix: yumrepo purge after deploy' (#33) from neoloc/yumresources into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/33
 2024-06-14 23:32:41 +10:00
Ben Vincent
380bb7bcb5 fix: yumrepo purge after deploy 
- ensure the resources resource for yumrepo runs after deploying yumrepo resources
- rm all almalinux*.repo files before attempting to create yumrepo
  resources
 2024-06-14 23:21:14 +10:00
Ben Vincent
82ce3ed4d7 feat: ensure tftpd started on cobbler 2024-06-14 23:11:49 +10:00
Ben Vincent
cbbcfa3b9e chore: cleanup old enc class 2024-06-11 20:29:21 +10:00
Ben Vincent
b7a22551b1 feat: add sonar role 2024-06-10 21:21:20 +10:00
Ben Vincent
d4163233f6 Merge branch 'develop' into neoloc/sshsign_hostkeys 2024-06-09 20:38:25 +10:00
Ben Vincent
52b06dcd8e feat: manage ssh known hosts 
- disable use of stored configs for ssh-known-hosts
- manage the /etc/ssh/ssh_known_hosts content
 2024-06-09 20:26:34 +10:00
Ben Vincent
57b935b33e Merge pull request 'neoloc/networking' (#21) from neoloc/networking into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/21
 2024-06-08 17:08:51 +10:00
Ben Vincent
06545c6298 feat: change hiera_include, hiera_exclude 
- change hiera_classes to hiera_include
- add method to remove classes from hiera_include through hiera_exclude
 2024-06-08 17:07:58 +10:00
Ben Vincent
aaf482c9b9 feat: manage the facts soft limit 
- set the facts soft limit for agents and servers
- prevent warnings about reaching the default 2048 soft limit
 2024-06-08 13:56:53 +10:00
Ben Vincent
6822a39dc3 fix: make ntp check script executable 2024-06-03 20:23:23 +10:00
Ben Vincent
76fc6b9fa1 fix: add missing check script 2024-06-02 19:32:02 +10:00
Ben Vincent
da3444e49f feat: create ntp consul service 
- create consul policy for ntp servers
- add consul service check and check script
 2024-06-02 19:23:39 +10:00
Ben Vincent
b468f67103 feat: sign ssh host keys 
- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
 2024-06-01 22:51:42 +10:00
Ben Vincent
cc7165055d Merge pull request 'feat: refacter gitea profile' (#7) from neoloc/gitea_refactor into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/7
 2024-06-01 17:28:28 +10:00
Ben Vincent
4bd3310ea8 feat: refacter gitea profile 
- move more data to hiera
- change how the custom_configuration is made
 2024-06-01 17:16:37 +10:00
Ben Vincent
4b4272250a Merge branch 'develop' into neoloc/grafana 2024-06-01 14:47:06 +10:00
Ben Vincent
3dfe9b9b73 Merge pull request 'feat: puppetdb sql updates' (#5) from neoloc/puppetdb_sql into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/5
 2024-06-01 14:36:27 +10:00
Ben Vincent
810ba9ddb7 Merge pull request 'neoloc/nodelookup_consul' (#2) from neoloc/nodelookup_consul into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/2
 2024-06-01 12:11:48 +10:00
Ben Vincent
7cf2e78cea feat: add sort and count to node_lookup 
- add -C option to count number of identical records
- sort responses from node_lookup
 2024-06-01 12:09:53 +10:00
Ben Vincent
91e3f2d427 chore: change node_lookup to use consul 
- remove https, use http backend as no authentication is required
 2024-06-01 12:04:57 +10:00
Ben Vincent
fab4ea5998 feat: add gitea classes 
- add basic gitea class
 2024-05-28 23:14:36 +10:00
Ben Vincent
ad268e8977 Merge pull request 'feat: vault use vault' (#226) from neoloc/vault_use_vault into develop 
Reviewed-on: unkinben/puppet-prod#226
 2024-05-26 00:38:55 +09:30
Ben Vincent
7c0bf4a398 feat: vault use vault 
- change vault to use vault ephemeral certificates
- remove nginx frontend to vault
 2024-05-26 01:06:48 +10:00
Ben Vincent
0a49092f52 chore: add syd1 vault ca/int certs 
- deploy syd1 vault ca certificates
 2024-05-25 14:18:56 +10:00
Ben Vincent
22af602510 Merge pull request 'feat: puppet::client multiple altnames' (#221) from neoloc/puppetdbapi_certs into develop 
Reviewed-on: unkinben/puppet-prod#221
 2024-05-22 22:42:59 +09:30
Ben Vincent
0901595de9 feat: puppet::client multiple altnames 
- puppet clients can not request multiple dns alt_names
- set puppetdbapi hosts to request multiple certificates
 2024-05-22 23:05:34 +10:00
Ben Vincent
349547c4bc feat: puppetboard on consul 
- updated nginx param types
- add nginx aliases, merge with vhost, use as server_names
- add additional vault alt-names
- add prepared query for puppetboard
 2024-05-22 22:54:54 +10:00
Ben Vincent
770c8cc159 feat: update hiera key for puppetdb api/sql 
- changed to use puppetdbapi and puppetdbsql hiera keys
- updated all classes that referenced old values
 2024-05-22 22:18:32 +10:00
Ben Vincent
f6bf504416 Merge branch 'develop' into neoloc/syd1_puppetdb 2024-05-22 22:11:04 +10:00
Ben Vincent
39aa6e114e feat: puppetdb sql updates 
- add consul support
- enable local script checks in consul agents
- add a test DB/User for consult to verify the psql instance is running
- manage the postgresql repo and gpg key
 2024-05-22 22:05:54 +10:00
Ben Vincent
4b0ff2deee Merge pull request 'feat: firstrun optimisations' (#216) from neoloc/yumrepos into develop 
Reviewed-on: unkinben/puppet-prod#216
 2024-05-19 22:46:19 +09:30
Ben Vincent
598a8c0f52 feat: firstrun optimisations 
- download gpg keys if gpgkey is defined
- ensure the profiles::defaults is called first
 2024-05-19 23:11:11 +10:00
Ben Vincent
2abbfe8feb feat: update all roles for firstrun 
- ensure the firstrun is processed before role specific class profiles
 2024-05-19 22:11:01 +10:00
Ben Vincent
dde8d5978d feat: firstrun improvements 
- add fact to detect firstrun
- run a limited subset of classes on firstrun
- firstrun: includes:
  - vault ca certificates
  - yum/apt repositories
  - fast-install packages with an exec
 2024-05-19 21:28:14 +10:00
Ben Vincent
0e7168026d Merge pull request 'neoloc/yumrepos' (#212) from neoloc/yumrepos into develop 
Reviewed-on: unkinben/puppet-prod#212
 2024-05-19 20:09:50 +09:30
Ben Vincent
fd466fcccc feat: cleanup old repo management 
- change profiles::puppet::agent to require Yumrepo['puppet']
- remove managed repos hieradata
- remove profiles:😋:* classes that are not required
- remove missed rebase comment
 2024-05-19 20:27:56 +10:00
Ben Vincent
5f9480f186 feat: direct yumrepo config 
- deep merge yumrepo resources
- convert repos to direct yumrepo in hieradata
- change from repos.main.unkin.net to edgecache.query.consul
- create all yumrepo resources from $profiles:😋:global::repos
 2024-05-19 20:27:47 +10:00
Ben Vincent
150d5b97a9 feat: cleanup excessive comments 2024-05-19 17:23:00 +10:00
Ben Vincent
6f9a606549 feat: configure edgecache for postgresql 
- add fact to record system resolvers
- add resolvers feature in /etc/nginx/conf.d/resolvers.conf
- add rewrite rules for postgres/yum/repodata
 2024-05-19 16:56:36 +10:00
Ben Vincent
81e4dffa36 feat: mariadb improvements 
- add bind-address to local_ip
- add consul service
 2024-05-12 19:56:46 +10:00
Ben Vincent
6bddec6bd2 Merge pull request 'feat: manage pgsql settings for puppetdb' (#208) from neoloc/puppetdb_connections into develop 
Reviewed-on: unkinben/puppet-prod#208
 2024-05-12 16:10:42 +09:30
Ben Vincent
5774ebd614 feat: manage pgsql settings for puppetdb 
- deep merge postgresql_config_entries in common.yaml
- add postgresql_config_entries into a new hieradata/roles/infra/puppetdb/sql.yaml
- set puppetdb role to import the options
 2024-05-12 16:36:43 +10:00
Ben Vincent
48b9177e05 Merge pull request 'feat: prepare syd1 mariadb cluster' (#207) from neoloc/mariadb_syd1 into develop 
Reviewed-on: unkinben/puppet-prod#207
 2024-05-12 15:44:03 +09:30
Ben Vincent
2aa5ead9d1 feat: prepare syd1 mariadb cluster 
- update role to wait for enc_role
- move hiera data to country/region/role specific location
 2024-05-12 15:40:43 +10:00
Ben Vincent
bed0ef3c79 feat: improve first run on el8 
- change defaults for yumrepo resources
 2024-05-12 15:06:47 +10:00
Ben Vincent
4171427e7b feat: add edgecache role 
- add edge-caching role
- add mirror for debian, almalinux and epel repositories
- export service as edgecache in consul
 2024-05-11 21:46:20 +10:00
Ben Vincent
911e284586 Merge pull request 'fix: export cobbler DNS if is_cobbler_master' (#200) from neoloc/cobbler_dns into develop 
Reviewed-on: unkinben/puppet-prod#200
 2024-05-11 14:13:37 +09:30
Ben Vincent
a05f81799d fix: export cobbler DNS if is_cobbler_master 
- set prodinf01n48 as primary cobbler node
- ensure the cobbler DNS record is created
 2024-05-11 14:36:28 +10:00
Ben Vincent
ce3e0f2320 Merge pull request 'neoloc/cobbler_refacter' (#199) from neoloc/cobbler_refacter into develop 
Reviewed-on: unkinben/puppet-prod#199
 2024-05-09 22:45:33 +09:30
Ben Vincent
fee0bde604 feat: complete cobbler automation 
- add facts to manage the /var/www/cobbler and /data/cobbler directories
- move /var/www/cobbler -> /data/cobbler
- create symlink from /var/www/cobbler -> /data/cobbler
- ensure that cobbler nodes are set to permissive selinux mode
 2024-05-09 22:44:55 +10:00
Ben Vincent
72077d64a2 refactor: reconfigure cobbler to module style 
- split params into class
- split class into individual functions
 2024-05-07 22:44:01 +10:00
Ben Vincent
8de1ed9766 feat: dhcp wait for enc_role fact 2024-05-06 22:07:39 +10:00
Ben Vincent
e9c7fbc2b5 feat: update puppetdb_api for multi-zone 
- wait for the enc_role fact to be updated and match
- move puppetdb db/api host values to common.yaml
- add vault cert altnames for consul query/service addresses
- add consul services/rules/checks
 2024-05-06 20:38:25 +10:00
Ben Vincent
14a56a41a2 Merge branch 'develop' into neoloc/consul_wan 
Conflicts:
	hieradata/common.yaml
 2024-05-05 18:01:41 +10:00
Ben Vincent
f1ff7cb736 feat: distribute eyaml pub/priv key 
- distribute the private/public pem for eyaml via eyaml
 2024-05-05 16:25:18 +10:00
Ben Vincent
fe296d52d9 feat: manage puppet/puppetca consul services 
- add puppet service
- add puppetca service
- add ability to write to puppet/puppetca service in consul
- add puppet.(query,service).consul to dns_alt_names of all masters
- add puppetca.(query,service).consul to dns_alt_names of puppetca
 2024-05-04 16:10:32 +10:00
Ben Vincent
8a241d6b96 feat: add prepared_query capabilities to consul 
- add prepared query for:
  - vault
  - puppet
  - puppetca
 2024-05-04 15:46:47 +10:00
Ben Vincent
6020143f76 feat: consul multi-datacentre joining 
- add method to join multiple consul datacentres
- set syd1 as the primary datacentre
- use default token from au-syd1 cluster in all locations
- add replication token
 2024-05-04 00:39:18 +10:00
Ben Vincent
df8a55c3dd feat: manage puppetca 
- manage the puppet ca.cfg
- distribute the crl.pem from the puppetca to masters
 2024-05-03 21:29:25 +10:00
Ben Vincent
052b07be83 chore: remove excessive comments 
- remove the excessive comments and notes at the top of the puppet classes
 2024-05-03 20:48:20 +10:00
Ben Vincent
a429255c63 feat: puppet server agent 
- add [agent] settings for puppetservers
 2024-05-03 20:46:01 +10:00
Ben Vincent
56b23620b7 refactor: reoganise the puppetserver profile 
- manage puppetserver package
- set order for puppetserver classes
- for profiles::puppet::server class:
  - set param types using stdlib where possible
  - set default values for all params
- move configuration data to hieradata
- wait for enc_role fact to match role
- exclude puppet::client from puppermaster nodes
 2024-05-02 23:32:32 +10:00
Ben Vincent
8697492611 feat: haproxy refactor 
- configure deep merging in hiera
- move fe_http and fe_https to hiera
- configure pve backends for standard and api traffic
 2024-05-01 19:02:03 +10:00
Ben Vincent
220ac182f4 feat: sydney haproxy cluster 
- add au-syd1 halb cluster
- add http-response to frontends
- manage haproxy after enc_role is correct
 2024-04-28 21:14:36 +10:00
Ben Vincent
8df927de18 feat: add node_token to agent config 
- move policy rules to hiera array[hash]
- add node_token to agent as the default token
 2024-04-28 17:06:06 +10:00
Ben Vincent
0f0d392fb4 feat: deploy consul agent 
- install the consul agent on all nodes, except consul servers
 2024-04-28 13:23:43 +10:00
Ben Vincent
6fc5829fce feat: simple nginx proxy 
- merge consul/vault nginx proxy into single class
- replace nginx proxy classes for consul/vault with simpleproxy class
 2024-04-28 00:32:04 +10:00
Ben Vincent
3001bc32f2 feat: add sydney vault cluster 
- separate yaml between multiple regions
- add nginx frontend to vault
 2024-04-27 22:35:16 +10:00
Ben Vincent
f536d19034 feat: generate consul policy/tokens 
- generate policy/token to add nodes
- generate policy/token for all nodes
- add base::root profile to manage aspects of the root user
 2024-04-27 20:21:57 +10:00
Ben Vincent
a7e9f1590e fix: move primary_datacenter to region/role 
- set syd1 as primary consul datacentre
- add consul.service.consul zone
- add nginx reverse proxy for consul webui
- set dns zones/acls/views/keys to be deep merged from hiera
- update default token
- add consul/consul.service.consul/consul.main.unkin.net to vault cert
 2024-04-26 23:11:38 +10:00
Ben Vincent
3ca92ee1f3 fix: consul members role key 
- moved members_role for consul to common yaml
 2024-04-25 00:00:24 +10:00
Ben Vincent
98deb58fde Merge pull request 'fix: enable new consul clusters to be started' (#173) from neoloc/consul_bootstrap into develop 
Reviewed-on: unkinben/puppet-prod#173
 2024-04-24 23:23:08 +09:30
Ben Vincent
b6d3fc26de fix: enable new consul clusters to be started 
- wait for the enc_role fact to be correct, as this is required to find
  all keys in hiera
 2024-04-24 23:51:26 +10:00
Ben Vincent
6ad01abc6c Merge pull request 'fix: absent to file, for custom_facts.yaml' (#172) from neoloc/enc_role_facts2 into develop 
Reviewed-on: unkinben/puppet-prod#172
 2024-04-24 23:05:05 +09:30
Ben Vincent
5f6ba93393 fix: absent to file, for custom_facts.yaml 2024-04-24 23:34:21 +10:00
Ben Vincent
3ed433fb97 Merge pull request 'feat: moved enc_role and enc_env to ruby facts' (#171) from neoloc/enc_role_facts into develop 
Reviewed-on: unkinben/puppet-prod#171
 2024-04-24 23:01:57 +09:30
Ben Vincent
e0dbecbfa0 feat: moved enc_role and enc_env to ruby facts 2024-04-24 23:30:27 +10:00
Ben Vincent
99d3dcf4d8 Merge branch 'develop' into neoloc/dns_master_multiregion 2024-04-24 18:58:41 +10:00
Ben Vincent
b8d799e8e9 feat: select nameserver in soa based on role 
- find all dns servers in $ns_use (region/country/all),
- or use the current node as the only nameserver
 2024-04-24 18:44:08 +10:00
Ben Vincent
f8fd6700da feat: enable selecting nameserver by fact 
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
 2024-04-24 18:40:18 +10:00
Ben Vincent
2bae42fa31 Merge pull request 'feat: install ksm for proxmox' (#168) from neoloc/proxmox_ksm into develop 
Reviewed-on: unkinben/puppet-prod#168
 2024-04-24 17:46:37 +09:30
Ben Vincent
3810385fcd feat: install ksm for proxmox 2024-04-24 18:13:56 +10:00
Ben Vincent
6fc0b240c1 Merge pull request 'feat: sort ntpservers, select ntp to use' (#167) from neoloc/ntp_selection into develop 
Reviewed-on: unkinben/puppet-prod#167
 2024-04-23 23:29:06 +09:30
Ben Vincent
7b316c6b0b feat: sort ntpservers, select ntp to use 
- sort the ntpservers array so it doesnt change each run of puppet
- allow the selection of all, region or country specific ntp servers
 2024-04-23 23:57:01 +10:00
Ben Vincent
4b2690a678 Merge pull request 'feat: enable selecting nameserver by fact' (#166) from neoloc/dns_selection into develop 
Reviewed-on: unkinben/puppet-prod#166
 2024-04-23 22:14:59 +09:30
Ben Vincent
dbe11323c5 feat: enable selecting nameserver by fact 
- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
 2024-04-23 22:39:33 +10:00
Ben Vincent
a7b40daee0 Merge pull request 'feat: sort nameserver/search_domains' (#165) from neoloc/dns_sorting into develop 
Reviewed-on: unkinben/puppet-prod#165
 2024-04-23 20:44:59 +09:30
Ben Vincent
bb8bf202ac feat: sort nameserver/search_domains 
- ensure the list doesnt change every puppet run
 2024-04-23 21:11:56 +10:00
Ben Vincent
df56213b18 fix: enable repos before installing packages 2024-04-22 19:07:28 +10:00
Ben Vincent
9c6dee7609 feat: manage timezone per region 
- add timezone module
- set per-region timezone setting
- setup hiera_classes, set to deep merge, and set to include all in base profile
 2024-04-21 15:48:09 +10:00