unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
329 Commits 18 Branches 0 Tags 3 MiB
d0d67e316a
Commit Graph

329 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Vincent
51d0ca16ec feat: update yumrepos to use https:// 
- require vaultca on all repos on repos.main.unkin.net
 2024-03-03 16:44:16 +11:00
Ben Vincent
e61ae597f6 Merge pull request 'feat: dynamically add subscribe to nginx resource' (#129) from neoloc/subscribe_ssl_cert into develop 
Reviewed-on: unkinben/puppet-prod#129
 2024-03-03 14:57:48 +09:30
Ben Vincent
0782cd5679 feat: dynamically add subscribe to nginx resource 
- add subscribe option to nginx resource dependent on nginx_listen_mode
- ensure nginx reloads when the ssl_cert or ssl_key changes, only if
  these values are not undef
- ensure the file resources are defined for certificates
 2024-03-03 16:25:51 +11:00
Ben Vincent
df97b75aca Merge pull request 'feat: change nginx to use vault ssl certs' (#128) from neoloc/packagerepo_ssl into develop 
Reviewed-on: unkinben/puppet-prod#128
 2024-03-03 13:34:04 +09:30
Ben Vincent
5afa9e8960 Merge pull request 'neoloc/pki_generate' (#127) from neoloc/pki_generate into develop 
Reviewed-on: unkinben/puppet-prod#127
 2024-03-03 13:33:33 +09:30
Ben Vincent
88ba8406b8 feat: deep merge alt_names and ip_sans 
- set hiera to deep-merge alt_names and ip_sans for generating vault
  certificates
 2024-03-03 15:01:14 +11:00
Ben Vincent
05d2599bc5 feat: ensure vaultca certificate is trusted 
- install the vault rootca on all nodes
- update ca-trust store on changes to the rootca certificate deployed
 2024-03-03 14:54:59 +11:00
Ben Vincent
3e98ced8da feat: change nginx to use vault ssl certs 
- update packagerepo webserver class to allow using ssl
 2024-03-03 14:53:36 +11:00
Ben Vincent
8009b59514 feat: automatically generate vault certs 
- certificate will be generated for:
  - fqdn
  - hostname
  - primary ip address
  - localhost
  - 127.0.0.1
- update base profile to generate vault certificate for all
- create facts for use with vault_certs
 2024-03-03 13:38:52 +11:00
Ben Vincent
9ea49bc48d Merge pull request 'fix: ssl warning breaks puppet run' (#125) from neoloc/certmanager_ignore_ssl into develop 
Reviewed-on: unkinben/puppet-prod#125
 2024-02-25 21:35:21 +09:30
Ben Vincent
36c2e6afaa fix: ssl warning breaks puppet run 
- remove ssl warning for certmanager temporarily
 2024-02-25 23:04:43 +11:00
Ben Vincent
8ec75e55fa Merge pull request 'chore: updated vault_token' (#124) from neoloc/pki_token_vault into develop 
Reviewed-on: unkinben/puppet-prod#124
 2024-02-25 21:02:50 +09:30
Ben Vincent
5b56767be7 chore: updated vault_token 2024-02-25 22:32:18 +11:00
Ben Vincent
0db9d01a20 Merge pull request 'chore: update vault policy' (#123) from neoloc/certmanager_defaults into develop 
Reviewed-on: unkinben/puppet-prod#123
 2024-02-25 20:42:17 +09:30
Ben Vincent
6bcdda1a93 chore: update vault policy 
- updated vault policy for certificates
 2024-02-25 22:11:31 +11:00
Ben Vincent
974c8ce71d Merge pull request 'fix: restart vault-unseal' (#122) from neoloc/vault_unseal_on_change into develop 
Reviewed-on: unkinben/puppet-prod#122
 2024-02-25 20:03:26 +09:30
Ben Vincent
d1f5d3c09e fix: restart vault-unseal 
- restart vault-unseal when the unseal keys change
 2024-02-25 21:32:01 +11:00
Ben Vincent
495b785518 Merge pull request 'fix: rebuild vault' (#121) from neoloc/vault_update_unseal into develop 
Reviewed-on: unkinben/puppet-prod#121
 2024-02-25 19:51:21 +09:30
Ben Vincent
8112c07ba8 fix: rebuild vault 
- rebuilt vault, updated root token and unseak keys
 2024-02-25 21:19:43 +11:00
Ben Vincent
b1083df6f1 Merge pull request 'fix: vault role fails on new servers' (#120) from neoloc/vault_initial into develop 
Reviewed-on: unkinben/puppet-prod#120
 2024-02-25 19:43:04 +09:30
Ben Vincent
48e0bd6796 fix: vault role fails on new servers 
- vault server fails on new servers
- move unseal class to be included after vault class
 2024-02-25 21:06:37 +11:00
Ben Vincent
bc3084a1e7 Merge pull request 'feat: certmanager output as json' (#119) from neoloc/certmanager_json into develop 
Reviewed-on: unkinben/puppet-prod#119
 2024-02-25 18:03:56 +09:30
Ben Vincent
f6110f534c feat: certmanager output as json 
- prepare certmanager for pki::vault class
- allow puppet to read certmanager config
 2024-02-25 19:31:32 +11:00
Ben Vincent
4cdba982fe Merge pull request 'feat: add certmanager helper' (#118) from neoloc/certmanager into develop 
Reviewed-on: unkinben/puppet-prod#118
 2024-02-19 19:53:36 +09:30
Ben Vincent
7f03bc5c76 feat: add certmanager helper 
- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only
 2024-02-19 21:20:50 +11:00
Ben Vincent
cd369d8fef Merge pull request 'refacter: renamed facts to libs' (#117) from neoloc/lib_module into develop 
Reviewed-on: unkinben/puppet-prod#117
 2024-02-17 21:34:34 +09:30
Ben Vincent
1030ba460e refacter: renamed facts to libs 2024-02-17 23:03:54 +11:00
Ben Vincent
e10bed689c Merge pull request 'refacter: cleanup packages setup' (#116) from neoloc/package_changes into develop 
Reviewed-on: unkinben/puppet-prod#116
 2024-02-17 21:30:49 +09:30
Ben Vincent
9be1e19900 Merge pull request 'fix: fact was misspelled' (#115) from neoloc/mariadb_fixes into develop 
Reviewed-on: unkinben/puppet-prod#115
 2024-02-17 21:30:27 +09:30
Ben Vincent
1a33465c7a Merge pull request 'refacter: tidy facts' (#114) from neoloc/move_facts into develop 
Reviewed-on: unkinben/puppet-prod#114
 2024-02-17 21:29:55 +09:30
Ben Vincent
1f7b347ef4 refacter: tidy facts 
- create a facts module, move all facts to this module
 2024-02-17 22:57:36 +11:00
Ben Vincent
12ff053c6d refacter: cleanup packages setup 2024-02-17 22:49:32 +11:00
Ben Vincent
d92c13525c fix: fact was misspelled 
- fixed fact name
 2024-02-17 21:19:55 +11:00
Ben Vincent
73a21059f8 Merge pull request 'feat: add vault server profile' (#113) from neoloc/vault_server into develop 
Reviewed-on: unkinben/puppet-prod#113
 2024-02-17 19:48:13 +09:30
Ben Vincent
fe05c86463 feat: add vault server profile 
- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
 2024-02-17 21:12:12 +11:00
Ben Vincent
c690fe5816 Merge pull request 'fix: use fact to determine if selinux in use' (#112) from neoloc/selinux_enhancements into develop 
Reviewed-on: unkinben/puppet-prod#112
 2024-02-11 19:38:59 +09:30
Ben Vincent
09291da89f fix: use fact to determine if selinux in use 2024-02-11 21:05:48 +11:00
Ben Vincent
f8b30f335b Merge pull request 'feat: add consul server profile' (#111) from neoloc/consul_server into develop 
Reviewed-on: unkinben/puppet-prod#111
 2024-02-11 15:56:24 +09:30
Ben Vincent
8cb6b68b53 feat: add consul server profile 
- install/configure consul
- install/configure dnsmasq as dns proxy for consul
- add unkin yumrepo definition as source for consul
- update datavol to ensure the /data volume is mounted
 2024-02-11 17:12:35 +11:00
Ben Vincent
a0434fc7b5 Merge pull request 'feat: cleanup reposync conf files' (#110) from neoloc/cleanup_reposync_conf into develop 
Reviewed-on: unkinben/puppet-prod#110
 2024-02-10 14:15:00 +09:30
Ben Vincent
71c316e7ae feat: cleanup reposync conf files 
- add feature to /etc/reposync/conf.d to ensure the subfiles are cleaned
  up when they are not defined
 2024-02-10 15:37:24 +11:00
Ben Vincent
d1c61dd13d Merge pull request 'feat: cleanup almalinux 8.8 reposync' (#109) from neoloc/cleanup_alma8.8_repos into develop 
Reviewed-on: unkinben/puppet-prod#109
 2024-02-10 14:03:24 +09:30
Ben Vincent
4bce524b49 Merge pull request 'feat: puppet wrapper replace dot' (#108) from neoloc/puppetwrapper_dot into develop 
Reviewed-on: unkinben/puppet-prod#108
 2024-02-10 14:02:48 +09:30
Ben Vincent
a054a94d98 feat: puppet wrapper replace dot 
- set puppet wrapper to replace '.' with '_' in the branch name
 2024-02-10 15:31:45 +11:00
Ben Vincent
974143c84e Merge pull request 'fix: recursive restorecon for reposync' (#107) from neoloc/restorecon_repos into develop 
Reviewed-on: unkinben/puppet-prod#107
 2024-02-10 13:50:35 +09:30
Ben Vincent
8332d4f374 fix: recursive restorecon for reposync 
- set reposync to restore selinux controls on all files in the new
  snap_path
 2024-02-10 15:19:12 +11:00
Ben Vincent
6b11ea09c7 Merge pull request 'feat: add vault role' (#106) from neoloc/vault_role into develop 
Reviewed-on: unkinben/puppet-prod#106
 2024-02-10 12:47:12 +09:30
Ben Vincent
d6eeed0b61 feat: add vault role 
- add basic vault role to begin building servers
 2024-02-10 14:16:51 +11:00
Ben Vincent
5471294f1e feat: cleanup almalinux 8.8 reposync 
- syncing almalinux 8.8 no longer required
 2024-02-10 14:13:59 +11:00
Ben Vincent
27d6c15c80 Merge pull request 'feat: add consul role' (#105) from neoloc/consul_role into develop 
Reviewed-on: unkinben/puppet-prod#105
 2024-02-06 21:23:33 +09:30