f04c74bd4d
feat: manage proxmox nodes
...
- change /etc/hosts to meet proxmox requirements
- add proxmox node role
- add init, params, repo, install, clusterjoin classes
2024-04-21 15:08:28 +10:00
085416fea9
Merge pull request 'feat: node_lookup compatability for Debian' ( #158 ) from neoloc/node_lookup_debian into develop
...
Reviewed-on: unkinben/puppet-prod#158
2024-04-20 17:39:31 +09:30
80a4cb0544
feat: debian vaultcert compatability
...
- remove comma from certificate file
- add comments identifying each certificate
2024-04-20 18:08:16 +10:00
49b4a65302
feat: node_lookup compatability for Debian
2024-04-20 18:04:54 +10:00
d0d67e316a
feat: prepare puppet for debian
...
- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules
2024-04-13 22:34:28 +10:00
114d3fe195
feat: nginx reverse proxy debian cache
...
- add debian, debian/pool locations to reposyncer
- add selinux fcontext rules
2024-04-13 20:52:27 +10:00
82f2d75888
feat: add frontends, backends, listeners
...
- add a way to define frontends, backends and listeners through hieradata
2024-04-06 20:23:37 +11:00
ed60e18062
feat: update jdk11 for puppetdb
...
- specify the java_bin
- specify the java_args
2024-04-06 20:05:23 +11:00
f79d9de495
feat: update node_lookup
...
- update node_lookup to use new puppetdb URL
2024-04-06 18:31:41 +11:00
c9a1d35af9
feat: add cnames to haproxy
...
- manage A records for haproxy
- manage cnames for services using haproxy
2024-04-06 16:26:50 +11:00
e97d061f46
feat: add puppetdbapi to haproxy
...
- add puppetdbapi backend to haproxy
- add puppetdbapi altname to the vault certificate
- add mapping for hostname to backend
2024-04-06 15:49:10 +11:00
105bf1b09d
feat: add puppetboard backend
...
- add balancemember to puppetboard nodes
- add be_puppetboard to haproxxy
- add puppetboard.main.unkin.net to haproxy altnames
- add puppetboard to backend mapping
- change way backends are registered in haproxy
2024-04-06 04:20:39 +11:00
2091f1ada3
feat: add haproxy profile
...
- add haproxy server class
- add haproxy profile to role
- add hiera data for region specific haproxy
- add selinux configuration
- add certlist management
- add default http and https frontends
- add default stats listener
2024-04-06 03:27:45 +11:00
5bde96fb4d
feat: change certmanage to approles
...
- created approle 'certmanager' using 'certmanager' policy
- update certmanager script to generate token based on roleid
2024-04-04 00:32:08 +11:00
64563902d4
feat: deploy cobbler enc
...
- install python3.11 on all nodes
- create python3.11 venv for cobbler-enc
- install requirements in cobbler-enc venv
- symlink to /usr/local/bin/
2024-03-31 20:58:31 +11:00
d64e185919
Merge pull request 'feat: add dhcp servers' ( #145 ) from neoloc/dhcp-server into develop
...
Reviewed-on: unkinben/puppet-prod#145
2024-03-29 07:45:16 +09:30
d64860f47b
feat: add dhcp servers
...
- include puppet-dhcp module
- manage dhcp pools
- manage dhcp classes (bios/uefi)
2024-03-29 09:13:26 +11:00
159c57677a
Merge pull request 'feat: add cobbler profile' ( #144 ) from neoloc/cobbler_profile into develop
...
Reviewed-on: unkinben/puppet-prod#144
2024-03-29 07:10:33 +09:30
80b7ad8639
feat: add cobbler profile
...
- add datavol to cobbler nodes
- add cobbler profile
- add cobbler role hieradata
- manage selinux where required for cobbler
- manage service cname
2024-03-29 08:36:42 +11:00
e02921be75
feat: deep merge yum repos to manage
...
- fixed merging of yum repos
- changed puppet7 to use local copy of repo
2024-03-28 21:41:15 +11:00
0383db2b10
feat: set sysadmin password
2024-03-28 20:34:50 +11:00
fe4af852b6
feat: cobbler setup
...
- add cobbler profile
- add dhcp server profile
2024-03-17 17:52:34 +11:00
8f5e9e40a1
feat: add ovirt roles
...
- add repositories for ovirt
- add role/profile for ovirt/engine and ovirt/node
- add deep-merge for managed_repos
- change repos to allow filesource (URL or file://)
- change reposync to use curl instead of wget
2024-03-16 16:43:12 +11:00
3587ea2295
feat: add ovirt base roles
2024-03-13 22:31:03 +11:00
15e4e11097
feat: require vaultca for all yumrepos
2024-03-10 19:01:14 +11:00
fd5dbb7813
Merge pull request 'feat: add country/region/environment to motd' ( #134 ) from neoloc/motd_facts into develop
...
Reviewed-on: unkinben/puppet-prod#134
2024-03-10 14:19:09 +09:30
428dc910bb
feat: add country/region/environment to motd
2024-03-10 15:48:26 +11:00
816bec9f17
feat: add base role for redis
2024-03-05 22:53:49 +11:00
465bbbd9e1
Merge pull request 'feat: update yumrepos to use https://' ( #130 ) from neoloc/yumrepo_use_https into develop
...
Reviewed-on: unkinben/puppet-prod#130
2024-03-03 16:29:28 +09:30
51d0ca16ec
feat: update yumrepos to use https://
...
- require vaultca on all repos on repos.main.unkin.net
2024-03-03 16:44:16 +11:00
0782cd5679
feat: dynamically add subscribe to nginx resource
...
- add subscribe option to nginx resource dependent on nginx_listen_mode
- ensure nginx reloads when the ssl_cert or ssl_key changes, only if
these values are not undef
- ensure the file resources are defined for certificates
2024-03-03 16:25:51 +11:00
df97b75aca
Merge pull request 'feat: change nginx to use vault ssl certs' ( #128 ) from neoloc/packagerepo_ssl into develop
...
Reviewed-on: unkinben/puppet-prod#128
2024-03-03 13:34:04 +09:30
5afa9e8960
Merge pull request 'neoloc/pki_generate' ( #127 ) from neoloc/pki_generate into develop
...
Reviewed-on: unkinben/puppet-prod#127
2024-03-03 13:33:33 +09:30
05d2599bc5
feat: ensure vaultca certificate is trusted
...
- install the vault rootca on all nodes
- update ca-trust store on changes to the rootca certificate deployed
2024-03-03 14:54:59 +11:00
3e98ced8da
feat: change nginx to use vault ssl certs
...
- update packagerepo webserver class to allow using ssl
2024-03-03 14:53:36 +11:00
8009b59514
feat: automatically generate vault certs
...
- certificate will be generated for:
- fqdn
- hostname
- primary ip address
- localhost
- 127.0.0.1
- update base profile to generate vault certificate for all
- create facts for use with vault_certs
2024-03-03 13:38:52 +11:00
36c2e6afaa
fix: ssl warning breaks puppet run
...
- remove ssl warning for certmanager temporarily
2024-02-25 23:04:43 +11:00
974c8ce71d
Merge pull request 'fix: restart vault-unseal' ( #122 ) from neoloc/vault_unseal_on_change into develop
...
Reviewed-on: unkinben/puppet-prod#122
2024-02-25 20:03:26 +09:30
d1f5d3c09e
fix: restart vault-unseal
...
- restart vault-unseal when the unseal keys change
2024-02-25 21:32:01 +11:00
48e0bd6796
fix: vault role fails on new servers
...
- vault server fails on new servers
- move unseal class to be included after vault class
2024-02-25 21:06:37 +11:00
f6110f534c
feat: certmanager output as json
...
- prepare certmanager for pki::vault class
- allow puppet to read certmanager config
2024-02-25 19:31:32 +11:00
7f03bc5c76
feat: add certmanager helper
...
- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only
2024-02-19 21:20:50 +11:00
e10bed689c
Merge pull request 'refacter: cleanup packages setup' ( #116 ) from neoloc/package_changes into develop
...
Reviewed-on: unkinben/puppet-prod#116
2024-02-17 21:30:49 +09:30
9be1e19900
Merge pull request 'fix: fact was misspelled' ( #115 ) from neoloc/mariadb_fixes into develop
...
Reviewed-on: unkinben/puppet-prod#115
2024-02-17 21:30:27 +09:30
1f7b347ef4
refacter: tidy facts
...
- create a facts module, move all facts to this module
2024-02-17 22:57:36 +11:00
12ff053c6d
refacter: cleanup packages setup
2024-02-17 22:49:32 +11:00
d92c13525c
fix: fact was misspelled
...
- fixed fact name
2024-02-17 21:19:55 +11:00
73a21059f8
Merge pull request 'feat: add vault server profile' ( #113 ) from neoloc/vault_server into develop
...
Reviewed-on: unkinben/puppet-prod#113
2024-02-17 19:48:13 +09:30
fe05c86463
feat: add vault server profile
...
- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
2024-02-17 21:12:12 +11:00
09291da89f
fix: use fact to determine if selinux in use
2024-02-11 21:05:48 +11:00
Ben Vincent
f8b30f335b
Merge pull request 'feat: add consul server profile' ( #111 ) from neoloc/consul_server into develop
...
Reviewed-on: unkinben/puppet-prod#111
2024-02-11 15:56:24 +09:30
8cb6b68b53
feat: add consul server profile
...
- install/configure consul
- install/configure dnsmasq as dns proxy for consul
- add unkin yumrepo definition as source for consul
- update datavol to ensure the /data volume is mounted
2024-02-11 17:12:35 +11:00
Ben Vincent
a0434fc7b5
Merge pull request 'feat: cleanup reposync conf files' ( #110 ) from neoloc/cleanup_reposync_conf into develop
...
Reviewed-on: unkinben/puppet-prod#110
2024-02-10 14:15:00 +09:30
71c316e7ae
feat: cleanup reposync conf files
...
- add feature to /etc/reposync/conf.d to ensure the subfiles are cleaned
up when they are not defined
2024-02-10 15:37:24 +11:00
Ben Vincent
4bce524b49
Merge pull request 'feat: puppet wrapper replace dot' ( #108 ) from neoloc/puppetwrapper_dot into develop
...
Reviewed-on: unkinben/puppet-prod#108
2024-02-10 14:02:48 +09:30
a054a94d98
feat: puppet wrapper replace dot
...
- set puppet wrapper to replace '.' with '_' in the branch name
2024-02-10 15:31:45 +11:00
8332d4f374
fix: recursive restorecon for reposync
...
- set reposync to restore selinux controls on all files in the new
snap_path
2024-02-10 15:19:12 +11:00
d6eeed0b61
feat: add vault role
...
- add basic vault role to begin building servers
2024-02-10 14:16:51 +11:00
dc97d15ef9
feat: add consul role
2024-02-06 22:51:59 +11:00
da53e28f0e
feat: add haproxy role
...
- add infra::halb section for highly available load balancers
2024-01-07 18:34:34 +11:00
db23e203c6
fix: fix minio certificate param
...
- change enum['string', undef] to an optional param so undef can be set
2024-01-05 22:00:10 +11:00
d8751ac6c8
feat: add minio profile
...
- add additional modules in Puppetfile
- update puppetlabs-lvm to 2.1.0
- add facts.d base path to hieradata
- add infra/storage and infra/storage/minio role data to hieradata
- add new facts for minio setup status
- add a static yaml minio-facts file to assist dynamic ruby facts
- updated hiera with additional directories (country/{role,region})
2024-01-05 21:44:41 +11:00
Ben Vincent
a049338c9d
Merge pull request 'feat: install bind-utils' ( #98 ) from neoloc/add_bind_utils into develop
...
Reviewed-on: unkinben/puppet-prod#98
2023-12-26 14:58:10 +09:30
a144e4ec2d
feat: install bind-utils
2023-12-26 16:27:28 +11:00
Ben Vincent
920f12b45e
Merge pull request 'feat: add/update location facts' ( #97 ) from neoloc/location_facts into develop
...
Reviewed-on: unkinben/puppet-prod#97
2023-12-26 13:23:17 +09:30
dbec0222b3
feat: add/update location facts
...
- add country fact, change region to exclude country string
2023-12-26 14:51:40 +11:00
42211ddf7d
Merge pull request 'feat: add new datavol' ( #96 ) from neoloc/datavol_define into develop
...
Reviewed-on: unkinben/puppet-prod#96
2023-12-24 12:45:36 +09:30
ff83769ffc
Merge pull request 'feat: add region fact' ( #95 ) from neoloc/region_fact into develop
...
Reviewed-on: unkinben/puppet-prod#95
2023-12-24 12:44:15 +09:30
7431ebf51c
feat: add region fact
...
- add fact that maps primary ip subnet to a region code
- defaults to 'lost' if there is no subnet to region mapping
2023-12-24 14:12:54 +11:00
0c1548fbd8
feat: add new datavol
...
- add datavol define to replace the datavol class, which has more
flexibility through additional params, and the ability to call it
multiple times for multiple datavolumes
2023-12-24 12:54:09 +11:00
a0786f3f67
Merge pull request 'feat: add minio base role' ( #94 ) from neoloc/minio_role into develop
...
Reviewed-on: unkinben/puppet-prod#94
2023-12-22 17:47:47 +09:30
dcf83aa466
feat: add minio base role
2023-12-22 19:17:04 +11:00
f9562a9109
fix: check for python3_version
...
- check for python3 version before attempting to setup node_lookup
2023-12-18 23:51:39 +11:00
b6c7e3fd2d
Merge pull request 'feat: add selinux support to puppetboard' ( #92 ) from neoloc/nginx_selinux into develop
...
Reviewed-on: unkinben/puppet-prod#92
2023-12-11 20:46:30 +09:30
bf729d9b11
feat: add selinux support to puppetboard
...
- required to allow nginx to reach puppetdb
2023-12-11 22:14:45 +11:00
5b75cf735a
feat: manage ruby/puppet gems
...
- manage installation of puppet_gem packages for puppetmasters
2023-12-11 22:07:23 +11:00
254c9f1358
feat: configure grafana
...
- create grafana class
- configure database with db export, and db parameters
2023-12-11 21:46:53 +11:00
685d7db264
feat: add nodelookup
...
- add helper script to make quering puppetdb easier and more efficient
2023-12-11 21:15:48 +11:00
d998fbd85a
Merge branch 'develop' into neoloc/mariadbgalera
2023-12-10 16:34:42 +11:00
11a98b16bb
feat: setup galera cluster member profile
...
- add eyaml support for role
- add /data volume for galera cluster members
- create profiles::selinux namespace for defining selinux configuration
- create profiles::selinux::mysqld for managing specifics for mysqld
- create profiles::selinux::setenforce to manage selinux mode
- parameterised options required in mysqld::server module
- add mariadb repo
- add additional facts for managing mysqld and galera
2023-12-10 16:31:57 +11:00
a9aabfa161
fix: failed to test previously
...
- change next's outside of a loop to a single if statement
2023-12-08 21:32:32 +11:00
ebd20a5e5a
feat: mysql wsrep_ facts
...
- add facts generated from mysql's wsrep status variables
2023-12-08 21:25:01 +11:00
d261e3348d
Merge pull request 'feat: add/remove capabilities for packages' ( #86 ) from neoloc/base_packages_refactor into develop
...
Reviewed-on: unkinben/puppet-prod#86
2023-12-03 16:38:17 +09:30
53c54f982a
Merge pull request 'feat: setup/manage dnf-autoupdate' ( #85 ) from neoloc/dnf_autoupdate into develop
...
Reviewed-on: unkinben/puppet-prod#85
2023-12-03 16:37:56 +09:30
d8ff9ddb11
feat: setup/manage dnf-autoupdate
...
- create service to run dnf update
- create timer to call the service
- manage settings via params
2023-12-03 18:05:01 +11:00
8f04de2b52
feat: add/remove capabilities for packages
...
- add deepmerge lookup_options
- add packages to remove and packages to add to profiles::packages::base class
2023-12-03 17:24:58 +11:00
6e185ee248
Merge pull request 'feat: split agent service/package from config' ( #84 ) from neoloc/split_puppet_agent into develop
...
Reviewed-on: unkinben/puppet-prod#84
2023-12-03 15:20:51 +09:30
08c14c2329
feat: split agent service/package from config
...
- split package/service from config so puppetservers agents can be
managed in the same was as clients
2023-12-03 16:49:38 +11:00
8a6b3ef0fb
feat: add mirrorlist capability to reposyncer
...
- add mirrorlist param to reposyncer repos
- update almalinux 8.8 repos to use mirrorlist
- add almalinux 8.9 repos
2023-12-03 00:16:01 +11:00
1ccd8141ab
feat: add cname for repos
2023-11-29 23:13:17 +11:00
705c02c3a1
feat: fix selinux permissions each sync
...
- restorecon on each sync, to update selinux for new files/directories
2023-11-27 23:19:01 +11:00
Ben Vincent
7aae7e22a3
Merge pull request 'feat: add galera role' ( #76 ) from neoloc/mariadb into develop
...
Reviewed-on: unkinben/puppet-prod#76
2023-11-21 19:31:05 +09:30
a0d1623286
feat: add galera role
...
- add a base galera cluster member role
- include mysql and galera modules
2023-11-21 21:00:12 +11:00
Ben Vincent
caffc7dff9
Merge pull request 'fix: resolve prometheus issues' ( #75 ) from neoloc/prometheus_server into develop
...
Reviewed-on: unkinben/puppet-prod#75
2023-11-21 18:53:37 +09:30
609f9135df
feat: add base grafana role
...
- include puppet-grafana module
- infra::metrics::grafana role is currently clone of base
2023-11-21 20:13:14 +11:00
10a6085b84
fix: resolve prometheus issues
...
- broken prometheus::server config, resolve conflicts
- move hieradata for role to match role, not profile
2023-11-21 20:03:26 +11:00
663b10e5a5
Merge branch 'develop' into neoloc/prometheus
2023-11-21 19:40:17 +11:00
a5207eb717
feat: add prometheus server
...
- bump enc, include prometheus server nodes
- add prometheus role and server class
2023-11-21 19:38:22 +11:00
dd334da2b0
chore: reorganise reposync role
2023-11-18 20:08:16 +11:00
ab1b031275
Merge branch 'develop' into neoloc/puppet_cleanup
2023-11-18 20:03:46 +11:00
460f9bc7e8
refactor: move puppet::* roles to infra::puppet
...
- start creation on apps:: roles
- reorganise hieradata to match role changes
- remove tagging for enc repo
2023-11-18 20:00:58 +11:00
dffc97ad4c
chore: reorganise ntp server
...
- bump enc to match changes
- change ntp client to find servers through puppetdb query
- changed default ntp servers to publicly available nodes
2023-11-18 19:18:14 +11:00
92269ae94b
Merge branch 'develop' into neoloc/node_exporter
2023-11-17 23:20:02 +11:00
6b9d9e6aa7
Merge branch 'develop' into neoloc/resolvconf
2023-11-17 23:17:59 +11:00
Ben Vincent
7cc1a1ddc0
Merge pull request 'feat: manage qemu-agent' ( #66 ) from neoloc/qemuagent into develop
...
Reviewed-on: unkinben/puppet-prod#66
2023-11-17 21:46:08 +09:30
a21b7ffc96
feat: setup metrics agents
...
- set puppet::puppetdb_api class to export puppetdb
- set infra::dns::server class to export bind
- set all to export node and systemd metrics
2023-11-17 23:12:37 +11:00
d6f3262836
feat: manage qemu-agent
2023-11-17 22:25:43 +11:00
8d80fa3c51
feat: manage cloudinit
...
- add/remove cloud-init, default to remove
2023-11-17 22:17:24 +11:00
fdb13b7338
feat: find resolvers by role
...
- use puppetdbquery module to query puppetdb for resolvers
- move dns client config to profiles::dns::base
- manage the /etc/resolv.conf file
2023-11-17 21:54:20 +11:00
c996c9b7e3
fix: enable dynamic/tsig updates
...
- add eyaml to hiera.yaml
- consolidate all paths into single tree
- change to new profiles::dns::client wrapper
- change to new profiles::dns::record wrapper
- change to use concat method to build zone file
2023-11-16 21:40:16 +11:00
49f31edb03
Merge branch 'develop' into neoloc/bind_resolver
2023-11-13 21:55:21 +11:00
76b54fc59d
feat: add dns resolver/master classes
...
- define resolver and master dns server
- export A and PTR records from dns clients
- collect exported resources for master
- create hiera structure for acls, zones and views
2023-11-13 21:42:57 +11:00
b2844c4b3a
fix: updated path for gpg keys
2023-11-12 17:26:58 +11:00
cc77cc7ded
feat: change to use local mirror
...
- change almalinux and epel *.repo files on nodes to use local package mirror
- add option to purge yumrepo resources, default to true
- add versionlocking to yum, enable it for puppet-agent
2023-11-12 17:17:59 +11:00
48ea444e7c
fix: resolved issue with repodata
...
- repodata was being created in the wrong location
- update script to create in the path where the new snap exists
2023-11-12 15:48:30 +11:00
Ben Vincent
dd12726842
Merge pull request 'feat: add resolver/authoritive dns roles' ( #57 ) from neoloc/bindserver into develop
...
Reviewed-on: unkinben/puppet-prod#57
2023-11-12 13:11:56 +09:30
Ben Vincent
5276731d23
Merge pull request 'fix: datavol profile doesnt create the mountpoint' ( #56 ) from neoloc/datavol_create_mountpath into develop
...
Reviewed-on: unkinben/puppet-prod#56
2023-11-12 12:55:29 +09:30
Ben Vincent
79e37d9dae
Merge pull request 'refactor: move to ruby-script facts' ( #53 ) from neoloc/additional_enc_facts into develop
...
Reviewed-on: unkinben/puppet-prod#53
2023-11-11 22:15:42 +09:30
1b9a4f7832
refactor: move to ruby-script facts
...
- change enc_role_path fact to be ruby
- add enc_role_tier1, enc_role_tier2 and enc_role_tier3
- add new paths to hiera.yaml
2023-11-11 23:41:48 +11:00
1ff4611318
Merge branch 'develop' into neoloc/bind_resolver
...
- bring up to speed with rest of repo
2023-11-11 21:48:44 +11:00
7da58059d2
feat: add resolver/authoritive dns roles
...
- roles are currently empty, this just exists so I can branch off it
and start building test servers with this role
2023-11-11 21:47:21 +11:00
9bfae72d2e
Merge branch 'develop' into neoloc/ntpserver
2023-11-11 00:14:03 +11:00
f73c16bca2
feat: add enc_role_path fact
2023-11-11 00:03:12 +11:00
9cb730d116
feat: add ntp server/client
...
- add ntp client and server class
- add ntp server role
- update hiera.yaml to work with enc_role
- cleanup base profile
2023-11-10 23:59:10 +11:00
19836e2069
feat: adding reposync wrapper and tooling
...
- add autosyncer/autopromoter scripts
- add timer and service to initial sync process
- add timer/service for daily/weekly/monthly autopromote
- add define to manage each repo
- add nginx webserver to share repos
- add favion.ico if enabled
- add selinux management, and packages for selinux
- cleanup package management, sorting package groups into package classes
2023-11-08 23:16:56 +11:00
d11dcc0b24
fix: datavol profile doesnt create the mountpoint
...
- add file resource to create the required mountpath
- add Array[Enum[]] for mount_options
- fix mount to ensure the mount_options are used
- remove pass and dump options, leave as defaults
2023-11-06 19:31:35 +11:00
cb9af5a2a8
fix: variant regex results in error
...
- update the $size variant regex so it actually matches correctly
- default $size to undef, which results in 100%FREE
2023-11-05 18:11:53 +11:00
1d1541419a
feat: adding base packagerepo role
...
- create roles::infra::packagerepo
- bump enc version
2023-11-05 17:45:13 +11:00
6bbc14136f
Merge branch 'develop' into neoloc/datavol
2023-11-05 17:40:19 +11:00
def2561e6c
feat: add datavol class to manage /data
...
- included puppetlabs-lvm module
- created profiles::base::datavol to:
- create pv, vg, lv and format the filesystem and mount it
2023-11-05 17:37:10 +11:00
56518f1fcb
feat: change enc repo to be tagged
...
- enc repository will download a specific tag
- defaults to master
- hiera set to release tag '0.1'
2023-11-04 20:36:08 +11:00
0cc0bacad3
feat: add motd and facts
...
- use parameters created by the enc to create external facts
- use external facts to generate the motd
- use features from unkinben/puppet-enc#22
2023-11-04 20:11:20 +11:00
5076d7383a
feat: add ceph osd/mds/mon roles
...
- basic roles currently
- will allow build of ceph to begin
2023-11-02 20:12:47 +11:00
Ben Vincent
89653912cb
Merge pull request 'feat: manage puppet clients' ( #35 ) from neoloc/puppetclient into develop
...
Reviewed-on: unkinben/puppet-prod#35
2023-10-29 18:59:52 +09:30
130669a130
feat: manage puppet clients
...
- manage the service
- manage the package, version lock it
- deploy the /etc/puppetlabs/puppet/puppet.conf from template for puppet
clients only
2023-10-29 20:26:39 +11:00
Ben Vincent
cf26d2d2e7
Merge pull request 'feat: add puppetboard role' ( #34 ) from neoloc/puppetboard into develop
...
Reviewed-on: unkinben/puppet-prod#34
2023-10-29 18:06:27 +09:30
46c3eb9597
feat: add puppetboard role
...
- add nginx module to manage reverse proxy on host level
- add puppetboard venv
- add gunicorn instance
- add script to start the gunicorn instance
- add nginx vhost
2023-10-29 19:33:11 +11:00
0171a82d58
feat: add features to puppet.conf
...
- reports, for sending reports to puppetdb
- usecacheonfailure, to show faulures in puppetboard (when set to false)
2023-10-23 22:37:41 +11:00
ef0d865845
Merge pull request 'feat: split puppetdb role into api and sql' ( #32 ) from neoloc/puppetdb2 into develop
...
Reviewed-on: unkinben/puppet-prod#32
2023-10-22 20:30:43 +09:30
e682462917
feat: split puppetdb role into api and sql
...
- add puppetdb_api and puppetdb_sql role
- add puppetdb_api and puppetdb_sql profile
- add prodinf01n05 to /etc/hosts file
- set listen_address for all services to be hosts ip
- set storeconfigs and storeconfigs_backend to be managed by puppetmaster profile
2023-10-22 21:55:50 +11:00
6bb52f2a15
feat: add firewalld management profile
...
- basic profile to enable/disable, and install/remove
- defaulting to enabled and installed, but set to disabled and removed
in hiera
2023-10-22 19:54:10 +11:00
f772215630
fix: found typo in r10k script
2023-10-22 01:30:57 +11:00
2faed5de72
Merge pull request 'fix: set the puppetdb_host correctly' ( #29 ) from neoloc/puppetdb_server_loc into develop
...
Reviewed-on: unkinben/puppet-prod#29
2023-10-21 23:17:00 +09:30
c6c36e8351
fix: set the puppetdb_host correctly
...
- change the puppetdb::master::config from include to class statement
- set the puppetdb_host value to match what is stored in hiera
- disable firewall management on the puppetdb host
2023-10-22 00:40:12 +11:00
95434214a9
feat: add management of /etc/hosts
...
- add class to manage the /etc/hosts file
- add static hosts to /etc/hosts file via hiera array/hash
2023-10-22 00:34:22 +11:00
e847954e03
Merge branch 'develop' into neoloc/puppet_wrapper
2023-10-22 00:00:52 +11:00
86a6c1bd96
feat: add sudo secure_path
...
- update the sudo class from an include to a definition
- set the secure_path variable to include /usr/local/{bin,sbin}
2023-10-21 23:52:48 +11:00
ac27a9ce0b
Merge branch 'develop' into neoloc/puppetdb
2023-10-21 23:30:40 +11:00
080cdd8884
Setup PuppetDB/Puppetboard
...
- install modules required
- puppetdb
- postgresql
- puppetboard
- python
- create new profiles to manage each item (puppetdb/puppetboard)
- added puppetdb role
- include the puppetdb::master::config in puppetmaster role
- re-organised the puppetfile
- moved python to be managed by the python module
- added postgresql to list of managed repos
2023-10-21 23:11:40 +11:00
2b11a9417c
Account/Sudo management
...
- imported account and sudo puppet modules
- created account management wrapper
- defined sysadmin account, set to be created on all nodes
- removed sudo from base packages as its managed by sudo module now
2023-08-29 23:25:10 +10:00
d2fb3cff27
Merge branch 'develop' into feature/default_environment
2023-08-26 19:50:54 +10:00
afb30f9dce
Updated dns_alt_names for puppetmaster
2023-08-26 19:45:43 +10:00
116342bdaa
Added class to manage a default set of scripts
...
- included scripts into profiles::base
- updated hiera with list of scripts to create and their template name
- created template for a puppet wrapper
2023-08-26 16:11:53 +10:00
efc769191e
Adding a default environment
...
- set through puppet.conf
- created symbolic link from develop -> production in code/environments
- changed puppet-g10k script to be generated from a template
- parameterised g10k into hieradata
2023-08-26 15:36:35 +10:00
c96676e143
Updated autosign
...
- added way to manage individual nodes
- added defaults for domains, subnets and nodes
- updated comments and doc
2023-08-26 01:00:31 +10:00
5b4a17b77a
Changed to a simple autosign method
2023-08-26 00:49:21 +10:00
8fb922d5fb
Merge pull request 'Added a new profile to manage common packages' ( #7 ) from feature/base_packages into develop
...
Reviewed-on: unkinben/puppet-prod#7
2023-07-02 14:30:53 +09:30
d48283734c
Added a new profile to manage common packages
...
* will by default pull data from hiera
* could change it on a per-distro/role basis
* requires stdlib for ensure_packages
2023-07-02 14:55:02 +10:00
8663d446d3
Merge pull request 'Added default resource settings' ( #6 ) from fix/global_exec_path into develop
...
Reviewed-on: unkinben/puppet-prod#6
2023-07-02 13:53:49 +09:30
d7a7198497
Added default resource settings
...
* added profiles::default class in defaults.pp file
* imported into all roles
* cleaned up some duplicated code
2023-07-02 14:21:09 +10:00
e519b2aeff
Changed source for package to be url
...
* this removes the need to manually download/store the file, then
pass it to the dpkg package manager
2023-07-02 14:13:50 +10:00
87f174df33
Added Debian components
...
* added debian components for Debian12 and Debian11
* added apt module to puppetfile
* removed /etc/apt/sources.list management, done by apt module
* added profiles::apt::puppet7
2023-07-01 22:38:25 +10:00
46a95d756a
Merge pull request 'Added a base role' ( #3 ) from feature/base_role into develop
...
Reviewed-on: unkinben/puppet-prod#3
2023-06-27 20:13:27 +09:30
b12e3471f3
Merge branch 'develop' into feature/apt_repository
2023-06-27 20:10:44 +09:30
c00821763e
Added a base role
...
* base role imports the base profile
* updated profiles::base to work with debian family
2023-06-27 20:37:06 +10:00
754241bcf2
Added class to manage installing the git client
2023-06-26 20:06:15 +10:00
45a9639346
Changed r10k to update every 5 minutes
2023-06-26 20:02:08 +10:00
5d758da66e
Added r10k repo management
...
* added profile to download puppet-r10k, add a script to pull changes,
and scheduled it to happen automatically with systemd timer/service
* added to the puppetmaster profile
* updated hieradata
2023-06-26 19:42:15 +10:00
4e30d9b6d9
Added boilerplate for debian host management
...
* added apt repo management
* added switcher based on OS to base.pp
2023-06-26 19:20:05 +10:00
f1f39ef4e3
Changed to vox systemd module
...
* updated Puppetfile
* updated puppet-enc timer/service
* updated puppet-g10k timer/service
2023-06-25 14:46:09 +10:00
5ee4891157
Add a switch to check for os family
...
This is so I can include either apt or yum/dnf based profiles. This can
be expanded easily if new families are added, or if new base role
includes are added that are different based on the family of the os.
2023-06-25 14:36:23 +10:00
7a789ceaee
Renamed role/profile directories
...
* renamed role to roles
* renamed profile to profiles
* cleaned up all profiles/roles/hieradata to match new paths
2023-06-25 14:36:23 +10:00
1b7e807c0e
Renamed role/profile directories
...
* renamed role to roles
* renamed profile to profiles
* cleaned up all profiles/roles/hieradata to match new paths
2023-06-25 13:06:36 +10:00
93c4689d8d
Setup puppet7 repo for el distros
...
* create that puppet7.repo file
* install the puppet-release rpm
2023-06-24 22:33:47 +10:00
87d9d920e8
Added classes to manage repositories for yum
...
* manage all base repositories
* manage epel if required
* cleanup /etc/yum.repos.d directory
2023-06-24 21:58:00 +10:00
c6d62a710c
Added puppet-enc setup
...
* systemd timer/service to update repo every minute
* added puppetlabs/vcsrepo module
* install git if its not already installed
* added to profile::puppet::puppetmaster
* updated pre-commit to allow long yaml lines
2023-06-21 22:03:43 +10:00
9536be5864
Inital commit for profile::puppet::*
...
* profile::pupper::server
* profile::puppet::puppetmaster
* profile::puppet::g10k
* profile::puppet::autosign
* updated Puppetfile
* updated role::puppet::puppetmaster
* added profile::puppet::puppetmaster to puppetmaster role
* added profile::puppet::server templates
2023-06-21 21:17:07 +10:00
725fef7d01
Updated ntp to chrony
...
* updated Puppetfile
* updated profiles::base to use chrony, and added class parameters
2023-06-18 17:16:48 +10:00
d4ec7e5041
Added puppetmaster role
2023-06-18 00:10:03 +10:00
172b9d2d1f
Initial commit
2023-05-15 22:27:27 +10:00
