unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
642 Commits 18 Branches 0 Tags 3 MiB
dc70687860
Commit Graph

133 Commits

Author SHA1 Message Date
Ben Vincent
dcccc85264 feat: add media user to all media roles 
- change *arrs to use media as the group
 2024-06-27 21:48:47 +10:00
Ben Vincent
89383268f0 chore: change to use sonarr::parmas 
- use sonarr::params class as it contains typing on params
 2024-06-27 20:39:25 +10:00
Ben Vincent
40ff5f7d92 feat: deploy radarr 
- manage ens19 nic on ausyd1nxvm1040
- manage cephfs storage
 2024-06-26 22:57:36 +10:00
Ben Vincent
f22556b39f feat: manage sonarr configuration 
- add config class to sonarr module
- update params to include unique group param
 2024-06-25 23:45:29 +10:00
Ben Vincent
82ed27cf56 feat: add sonarr profile 
- add cephfs secret for mounting mediafs
- add ceph-reef repo for apps::media roles
- add the shared cephfs mediafs mount
 2024-06-23 15:33:40 +10:00
Ben Vincent
8548ef0284 Merge pull request 'neoloc/sonarr_deploy' (#48) from neoloc/sonarr_deploy into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/48
 2024-06-21 22:53:06 +10:00
Ben Vincent
681f9e3eb8 feat: deploy sonarr 
- add required hieradata/role data to deploy sonarr
- add nginx simpleproxy
- add consul service/query
- add vault certificates
 2024-06-21 22:51:40 +10:00
Ben Vincent
59b181ed54 Merge pull request 'feat: add ceph mirror to edgecache' (#43) from neoloc/ceph_mirror into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/43
 2024-06-21 20:44:08 +10:00
Ben Vincent
36ad19ffed feat: add ceph mirror to edgecache 
- add ceph reef apt and rpm repository to edgecache
- add the centos storage sig gpg
 2024-06-21 20:38:54 +10:00
Ben Vincent
a3ef535bfc fix: ceph consul check script 
- add permissions to write ceph-* services to consul
- change from `script` to `args` array
 2024-06-19 22:36:04 +10:00
Ben Vincent
0ff9b86782 Merge pull request 'chore: change ssh to listen to vmbr1' (#39) from neoloc/proxmox_ips into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/39
 2024-06-17 21:55:18 +10:00
Ben Vincent
7d70b99491 chore: change ssh to listen to vmbr1 
- changed enp3s0 from static interface to bridge member
- added bridge vmbr1, with enp3s0 as member
 2024-06-17 21:54:26 +10:00
Ben Vincent
c6530e34f6 Merge pull request 'feat: add haproxy exporter' (#38) from neoloc/haproxy_exporter into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/38
 2024-06-17 21:36:31 +10:00
Ben Vincent
5725d092b8 feat: add haproxy exporter 
- add admin socket for exporter
 2024-06-16 20:56:23 +10:00
Ben Vincent
62cac63f11 feat: add database generation to grafana 
- ensure a database, user and credential is created for each grafana node
- ensure all databases for a region are included in a mariadb cluster
- refine params with stdlib types
 2024-06-16 18:49:59 +10:00
Ben Vincent
0fe05bb896 Merge branch 'develop' into neoloc/grafana 2024-06-16 00:39:45 +10:00
Ben Vincent
6b0e0daecb chore: add ssh principals 
- add ssh principals for consul service addresses
 2024-06-11 20:20:12 +10:00
Ben Vincent
6f7740e6a2 fix: add cluster ip to sshd ListenAddress 
- ensure cluster communication over ssh can function
 2024-06-11 20:02:04 +10:00
Ben Vincent
a143732b3b fix: resolve vncproxy issue 
https://forum.proxmox.com/threads/lc_pve_ticket-not-set-vnc-proxy-without-password-is-forbiddentask-error-failed-to-run-vncproxy.98192/
 2024-06-10 13:01:45 +10:00
Ben Vincent
2b36ee3efa fix: proxmox root ssh 
- allow proxmox hosts to accept root logins
 2024-06-10 12:07:08 +10:00
Ben Vincent
d4163233f6 Merge branch 'develop' into neoloc/sshsign_hostkeys 2024-06-09 20:38:25 +10:00
Ben Vincent
06545c6298 feat: change hiera_include, hiera_exclude 
- change hiera_classes to hiera_include
- add method to remove classes from hiera_include through hiera_exclude
 2024-06-08 17:07:58 +10:00
Ben Vincent
da3444e49f feat: create ntp consul service 
- create consul policy for ntp servers
- add consul service check and check script
 2024-06-02 19:23:39 +10:00
Ben Vincent
b468f67103 feat: sign ssh host keys 
- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
 2024-06-01 22:51:42 +10:00
Ben Vincent
cc7165055d Merge pull request 'feat: refacter gitea profile' (#7) from neoloc/gitea_refactor into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/7
 2024-06-01 17:28:28 +10:00
Ben Vincent
4bd3310ea8 feat: refacter gitea profile 
- move more data to hiera
- change how the custom_configuration is made
 2024-06-01 17:16:37 +10:00
Ben Vincent
4b4272250a Merge branch 'develop' into neoloc/grafana 2024-06-01 14:47:06 +10:00
Ben Vincent
3dfe9b9b73 Merge pull request 'feat: puppetdb sql updates' (#5) from neoloc/puppetdb_sql into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/5
 2024-06-01 14:36:27 +10:00
Ben Vincent
6c2328e8ba feat: bump git client_max_body_size 
- change from 100m to 250m
 2024-06-01 13:31:35 +10:00
Ben Vincent
e7ddbfa035 feat: increase client_max_body_size for git 
- update hieradata with client_max_body_size for git role
 2024-06-01 12:51:06 +10:00
Ben Vincent
f029b04427 feat: update git sources 
- update r10k source
- update enc source
- update source for puppet-bind module
 2024-05-28 23:51:19 +10:00
Ben Vincent
fab4ea5998 feat: add gitea classes 
- add basic gitea class
 2024-05-28 23:14:36 +10:00
Ben Vincent
b00781b604 feat: change vault url to vaul.query.consul 
- support access to vault from multiple datacentres for certmanager
 2024-05-26 01:23:16 +10:00
Ben Vincent
ad4f9b81f4 Merge pull request 'neoloc/syd1_certmanager_approle' (#224) from neoloc/syd1_certmanager_approle into develop 
Reviewed-on: unkinben/puppet-prod#224
 2024-05-26 00:38:16 +09:30
Ben Vincent
b9c327799f feat: add vault service/query altnames 
- add nginx aliases for vault services
- add additional vault certificates
- change certmanager script to use vault.service.consul
 2024-05-25 15:51:09 +10:00
Ben Vincent
2c3aa2bbdc feat: vault certmanager tokens 
- move vault certmanager tokens to drw1/syd1 specific eyaml
- add syd1 certmanger token for syd1 vault
 2024-05-25 15:50:59 +10:00
Ben Vincent
c883bc8c91 feat: added country-region altnames 
- add puppetboard.service.au-{syd1|drw1}.consul to:
  - vault pki cert
  - nginx server aliases
 2024-05-24 23:27:07 +10:00
Ben Vincent
22af602510 Merge pull request 'feat: puppet::client multiple altnames' (#221) from neoloc/puppetdbapi_certs into develop 
Reviewed-on: unkinben/puppet-prod#221
 2024-05-22 22:42:59 +09:30
Ben Vincent
0901595de9 feat: puppet::client multiple altnames 
- puppet clients can not request multiple dns alt_names
- set puppetdbapi hosts to request multiple certificates
 2024-05-22 23:05:34 +10:00
Ben Vincent
349547c4bc feat: puppetboard on consul 
- updated nginx param types
- add nginx aliases, merge with vhost, use as server_names
- add additional vault alt-names
- add prepared query for puppetboard
 2024-05-22 22:54:54 +10:00
Ben Vincent
8fb4c59f88 Merge branch 'develop' into neoloc/syd1_puppetdb 2024-05-22 22:30:10 +10:00
Ben Vincent
9e3b680b0b feat: add prepared query for puppetdbapi 
- merge to develop
- add prepared query for puppetdbapi
 2024-05-22 22:11:51 +10:00
Ben Vincent
f6bf504416 Merge branch 'develop' into neoloc/syd1_puppetdb 2024-05-22 22:11:04 +10:00
Ben Vincent
39aa6e114e feat: puppetdb sql updates 
- add consul support
- enable local script checks in consul agents
- add a test DB/User for consult to verify the psql instance is running
- manage the postgresql repo and gpg key
 2024-05-22 22:05:54 +10:00
Ben Vincent
6035af37a1 feat: increase puppetdb api Xmx 
- change java args to use 2048mb of memory
 2024-05-22 21:37:00 +10:00
Ben Vincent
0e7168026d Merge pull request 'neoloc/yumrepos' (#212) from neoloc/yumrepos into develop 
Reviewed-on: unkinben/puppet-prod#212
 2024-05-19 20:09:50 +09:30
Ben Vincent
fd466fcccc feat: cleanup old repo management 
- change profiles::puppet::agent to require Yumrepo['puppet']
- remove managed repos hieradata
- remove profiles:😋:* classes that are not required
- remove missed rebase comment
 2024-05-19 20:27:56 +10:00
Ben Vincent
5f9480f186 feat: direct yumrepo config 
- deep merge yumrepo resources
- convert repos to direct yumrepo in hieradata
- change from repos.main.unkin.net to edgecache.query.consul
- create all yumrepo resources from $profiles:😋:global::repos
 2024-05-19 20:27:47 +10:00
Ben Vincent
da2e98ed4d feat: add centos mirror to edgecache 
- add centos repo to edgecache
 2024-05-19 19:41:15 +10:00
Ben Vincent
6f9a606549 feat: configure edgecache for postgresql 
- add fact to record system resolvers
- add resolvers feature in /etc/nginx/conf.d/resolvers.conf
- add rewrite rules for postgres/yum/repodata
 2024-05-19 16:56:36 +10:00