105bf1b09d
feat: add puppetboard backend
...
- add balancemember to puppetboard nodes
- add be_puppetboard to haproxxy
- add puppetboard.main.unkin.net to haproxy altnames
- add puppetboard to backend mapping
- change way backends are registered in haproxy
2024-04-06 04:20:39 +11:00
2091f1ada3
feat: add haproxy profile
...
- add haproxy server class
- add haproxy profile to role
- add hiera data for region specific haproxy
- add selinux configuration
- add certlist management
- add default http and https frontends
- add default stats listener
2024-04-06 03:27:45 +11:00
5bde96fb4d
feat: change certmanage to approles
...
- created approle 'certmanager' using 'certmanager' policy
- update certmanager script to generate token based on roleid
2024-04-04 00:32:08 +11:00
64563902d4
feat: deploy cobbler enc
...
- install python3.11 on all nodes
- create python3.11 venv for cobbler-enc
- install requirements in cobbler-enc venv
- symlink to /usr/local/bin/
2024-03-31 20:58:31 +11:00
0ad31f6013
feat: add virtual/physical check
...
- add virtual tree to hiera
- add virtual/kvm and virtual/physical hiera sources
- add lm_sensors to be installed on hardware nodes
2024-03-31 15:36:41 +11:00
d64e185919
Merge pull request 'feat: add dhcp servers' ( #145 ) from neoloc/dhcp-server into develop
...
Reviewed-on: unkinben/puppet-prod#145
2024-03-29 07:45:16 +09:30
d64860f47b
feat: add dhcp servers
...
- include puppet-dhcp module
- manage dhcp pools
- manage dhcp classes (bios/uefi)
2024-03-29 09:13:26 +11:00
159c57677a
Merge pull request 'feat: add cobbler profile' ( #144 ) from neoloc/cobbler_profile into develop
...
Reviewed-on: unkinben/puppet-prod#144
2024-03-29 07:10:33 +09:30
80b7ad8639
feat: add cobbler profile
...
- add datavol to cobbler nodes
- add cobbler profile
- add cobbler role hieradata
- manage selinux where required for cobbler
- manage service cname
2024-03-29 08:36:42 +11:00
e02921be75
feat: deep merge yum repos to manage
...
- fixed merging of yum repos
- changed puppet7 to use local copy of repo
2024-03-28 21:41:15 +11:00
0383db2b10
feat: set sysadmin password
2024-03-28 20:34:50 +11:00
748a0e8632
feat: enable sydney subnets
2024-03-28 20:08:00 +11:00
f2cdcb8c8e
feat: add sydney subnets
2024-03-21 22:02:25 +11:00
8f5e9e40a1
feat: add ovirt roles
...
- add repositories for ovirt
- add role/profile for ovirt/engine and ovirt/node
- add deep-merge for managed_repos
- change repos to allow filesource (URL or file://)
- change reposync to use curl instead of wget
2024-03-16 16:43:12 +11:00
bca5d32793
fix: updated gpg key for psql repos
2024-03-10 16:18:03 +11:00
51d0ca16ec
feat: update yumrepos to use https://
...
- require vaultca on all repos on repos.main.unkin.net
2024-03-03 16:44:16 +11:00
df97b75aca
Merge pull request 'feat: change nginx to use vault ssl certs' ( #128 ) from neoloc/packagerepo_ssl into develop
...
Reviewed-on: unkinben/puppet-prod#128
2024-03-03 13:34:04 +09:30
5afa9e8960
Merge pull request 'neoloc/pki_generate' ( #127 ) from neoloc/pki_generate into develop
...
Reviewed-on: unkinben/puppet-prod#127
2024-03-03 13:33:33 +09:30
88ba8406b8
feat: deep merge alt_names and ip_sans
...
- set hiera to deep-merge alt_names and ip_sans for generating vault
certificates
2024-03-03 15:01:14 +11:00
3e98ced8da
feat: change nginx to use vault ssl certs
...
- update packagerepo webserver class to allow using ssl
2024-03-03 14:53:36 +11:00
5b56767be7
chore: updated vault_token
2024-02-25 22:32:18 +11:00
6bcdda1a93
chore: update vault policy
...
- updated vault policy for certificates
2024-02-25 22:11:31 +11:00
8112c07ba8
fix: rebuild vault
...
- rebuilt vault, updated root token and unseak keys
2024-02-25 21:19:43 +11:00
7f03bc5c76
feat: add certmanager helper
...
- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only
2024-02-19 21:20:50 +11:00
12ff053c6d
refacter: cleanup packages setup
2024-02-17 22:49:32 +11:00
fe05c86463
feat: add vault server profile
...
- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
2024-02-17 21:12:12 +11:00
Ben Vincent
f8b30f335b
Merge pull request 'feat: add consul server profile' ( #111 ) from neoloc/consul_server into develop
...
Reviewed-on: unkinben/puppet-prod#111
2024-02-11 15:56:24 +09:30
8cb6b68b53
feat: add consul server profile
...
- install/configure consul
- install/configure dnsmasq as dns proxy for consul
- add unkin yumrepo definition as source for consul
- update datavol to ensure the /data volume is mounted
2024-02-11 17:12:35 +11:00
5471294f1e
feat: cleanup almalinux 8.8 reposync
...
- syncing almalinux 8.8 no longer required
2024-02-10 14:13:59 +11:00
d8751ac6c8
feat: add minio profile
...
- add additional modules in Puppetfile
- update puppetlabs-lvm to 2.1.0
- add facts.d base path to hieradata
- add infra/storage and infra/storage/minio role data to hieradata
- add new facts for minio setup status
- add a static yaml minio-facts file to assist dynamic ruby facts
- updated hiera with additional directories (country/{role,region})
2024-01-05 21:44:41 +11:00
Ben Vincent
2b4e1e1d03
Merge pull request 'feat: remove boolean for bind::updater' ( #99 ) from neoloc/add_bind_utils_woops into develop
...
Reviewed-on: unkinben/puppet-prod#99
2023-12-26 15:02:29 +09:30
aabce289a4
feat: remove boolean for bind::updater
...
- default to the default set by the module
2023-12-26 16:31:40 +11:00
Ben Vincent
a049338c9d
Merge pull request 'feat: install bind-utils' ( #98 ) from neoloc/add_bind_utils into develop
...
Reviewed-on: unkinben/puppet-prod#98
2023-12-26 14:58:10 +09:30
a144e4ec2d
feat: install bind-utils
2023-12-26 16:27:28 +11:00
5b75cf735a
feat: manage ruby/puppet gems
...
- manage installation of puppet_gem packages for puppetmasters
2023-12-11 22:07:23 +11:00
d998fbd85a
Merge branch 'develop' into neoloc/mariadbgalera
2023-12-10 16:34:42 +11:00
11a98b16bb
feat: setup galera cluster member profile
...
- add eyaml support for role
- add /data volume for galera cluster members
- create profiles::selinux namespace for defining selinux configuration
- create profiles::selinux::mysqld for managing specifics for mysqld
- create profiles::selinux::setenforce to manage selinux mode
- parameterised options required in mysqld::server module
- add mariadb repo
- add additional facts for managing mysqld and galera
2023-12-10 16:31:57 +11:00
d261e3348d
Merge pull request 'feat: add/remove capabilities for packages' ( #86 ) from neoloc/base_packages_refactor into develop
...
Reviewed-on: unkinben/puppet-prod#86
2023-12-03 16:38:17 +09:30
8f04de2b52
feat: add/remove capabilities for packages
...
- add deepmerge lookup_options
- add packages to remove and packages to add to profiles::packages::base class
2023-12-03 17:24:58 +11:00
6e185ee248
Merge pull request 'feat: split agent service/package from config' ( #84 ) from neoloc/split_puppet_agent into develop
...
Reviewed-on: unkinben/puppet-prod#84
2023-12-03 15:20:51 +09:30
08c14c2329
feat: split agent service/package from config
...
- split package/service from config so puppetservers agents can be
managed in the same was as clients
2023-12-03 16:49:38 +11:00
8a6b3ef0fb
feat: add mirrorlist capability to reposyncer
...
- add mirrorlist param to reposyncer repos
- update almalinux 8.8 repos to use mirrorlist
- add almalinux 8.9 repos
2023-12-03 00:16:01 +11:00
ae05b870aa
fix: wrong scheme for gpgkey
...
- change gpg key for puppet7 from http:// to https://
2023-11-27 23:38:25 +11:00
cfec05f3c7
feat: update repositories to sync
...
- remove epel modular
- add postgresql 16 for rhel8
- add postgresql common for rhel8
2023-11-27 23:27:44 +11:00
e183ee2b44
feat: add extra repositories
...
- mariadb 11.2
- puppet el8
2023-11-27 18:57:42 +11:00
10a6085b84
fix: resolve prometheus issues
...
- broken prometheus::server config, resolve conflicts
- move hieradata for role to match role, not profile
2023-11-21 20:03:26 +11:00
663b10e5a5
Merge branch 'develop' into neoloc/prometheus
2023-11-21 19:40:17 +11:00
a5207eb717
feat: add prometheus server
...
- bump enc, include prometheus server nodes
- add prometheus role and server class
2023-11-21 19:38:22 +11:00
Ben Vincent
530ffed55a
Merge pull request 'feat: add forwarding for 17.18.198.in-addr.arpa' ( #72 ) from neoloc/reversedns_zone_forwarding into develop
...
Reviewed-on: unkinben/puppet-prod#72
2023-11-18 18:52:43 +09:30
c34a2b2360
feat: add forwarding for 17.18.198.in-addr.arpa
...
- add forward zone for 198.18.17.0/24 reverse dns zone
2023-11-18 20:21:27 +11:00
dd334da2b0
chore: reorganise reposync role
2023-11-18 20:08:16 +11:00
ab1b031275
Merge branch 'develop' into neoloc/puppet_cleanup
2023-11-18 20:03:46 +11:00
460f9bc7e8
refactor: move puppet::* roles to infra::puppet
...
- start creation on apps:: roles
- reorganise hieradata to match role changes
- remove tagging for enc repo
2023-11-18 20:00:58 +11:00
dffc97ad4c
chore: reorganise ntp server
...
- bump enc to match changes
- change ntp client to find servers through puppetdb query
- changed default ntp servers to publicly available nodes
2023-11-18 19:18:14 +11:00
92269ae94b
Merge branch 'develop' into neoloc/node_exporter
2023-11-17 23:20:02 +11:00
a21b7ffc96
feat: setup metrics agents
...
- set puppet::puppetdb_api class to export puppetdb
- set infra::dns::server class to export bind
- set all to export node and systemd metrics
2023-11-17 23:12:37 +11:00
fdb13b7338
feat: find resolvers by role
...
- use puppetdbquery module to query puppetdb for resolvers
- move dns client config to profiles::dns::base
- manage the /etc/resolv.conf file
2023-11-17 21:54:20 +11:00
c996c9b7e3
fix: enable dynamic/tsig updates
...
- add eyaml to hiera.yaml
- consolidate all paths into single tree
- change to new profiles::dns::client wrapper
- change to new profiles::dns::record wrapper
- change to use concat method to build zone file
2023-11-16 21:40:16 +11:00
d877fd00f3
chore: bump enc version
...
unkinben/puppet-enc#27
2023-11-13 22:00:19 +11:00
49f31edb03
Merge branch 'develop' into neoloc/bind_resolver
2023-11-13 21:55:21 +11:00
76b54fc59d
feat: add dns resolver/master classes
...
- define resolver and master dns server
- export A and PTR records from dns clients
- collect exported resources for master
- create hiera structure for acls, zones and views
2023-11-13 21:42:57 +11:00
cc77cc7ded
feat: change to use local mirror
...
- change almalinux and epel *.repo files on nodes to use local package mirror
- add option to purge yumrepo resources, default to true
- add versionlocking to yum, enable it for puppet-agent
2023-11-12 17:17:59 +11:00
1b78904588
fix: typo in repo url namne
...
- change repo.main.unkin.net to repos.main.unkin.net
2023-11-12 15:55:19 +11:00
fa211925e4
chore: bump enc version
...
- add new dns hosts, update dns roles
2023-11-12 14:42:38 +11:00
1999b96d24
Merge branch 'develop' into neoloc/reorganise_hiera
...
- added the additional powertools repo
2023-11-12 14:03:00 +11:00
0071f74e60
chore: reorganise hieradata
...
- move role specific hieradata into respective roles/* paths
2023-11-12 13:57:39 +11:00
02976779c3
Merge pull request 'feat: add powertools repo to reposync' ( #54 ) from neoloc/powertools_repo into develop
...
Reviewed-on: unkinben/puppet-prod#54
2023-11-11 22:48:57 +09:30
2efde81fff
feat: add powertools repo to reposync
...
- add http://mirror.aarnet.edu.au/pub/almalinux/8.8/PowerTools/x86_64/os/ to
be synced and mirrored by reposync tools
2023-11-12 00:17:28 +11:00
c3b8044e1c
Merge pull request 'chore: bump puppet-enc' ( #52 ) from neoloc/bump_enc_ntpservers into develop
...
Reviewed-on: unkinben/puppet-prod#52
2023-11-10 22:53:03 +09:30
aef3311fce
chore: bump puppet-enc
...
- includes ntpservers in ntpserver role
- unkinben/puppet-enc#25
2023-11-11 00:21:56 +11:00
9cb730d116
feat: add ntp server/client
...
- add ntp client and server class
- add ntp server role
- update hiera.yaml to work with enc_role
- cleanup base profile
2023-11-10 23:59:10 +11:00
a913e44176
Merge branch 'develop' into neoloc/packagerepo
2023-11-09 22:09:24 +11:00
19836e2069
feat: adding reposync wrapper and tooling
...
- add autosyncer/autopromoter scripts
- add timer and service to initial sync process
- add timer/service for daily/weekly/monthly autopromote
- add define to manage each repo
- add nginx webserver to share repos
- add favion.ico if enabled
- add selinux management, and packages for selinux
- cleanup package management, sorting package groups into package classes
2023-11-08 23:16:56 +11:00
058cc25008
feat: add bash completion
...
- quality of life addition to all hosts
2023-11-08 22:03:21 +11:00
36142a3565
fix: bump enc
...
unkinben/puppet-enc#24
2023-11-05 17:54:36 +11:00
1d1541419a
feat: adding base packagerepo role
...
- create roles::infra::packagerepo
- bump enc version
2023-11-05 17:45:13 +11:00
56518f1fcb
feat: change enc repo to be tagged
...
- enc repository will download a specific tag
- defaults to master
- hiera set to release tag '0.1'
2023-11-04 20:36:08 +11:00
a89a68bc61
fix: debian puppet_version different to EL
...
- change puppet_version to be set per-os in hieradata
2023-11-02 22:14:38 +11:00
75a66a3339
fix: digitalpacific epel repodata broken
...
- change epel to read from aarnet
2023-11-02 22:08:00 +11:00
Ben Vincent
89653912cb
Merge pull request 'feat: manage puppet clients' ( #35 ) from neoloc/puppetclient into develop
...
Reviewed-on: unkinben/puppet-prod#35
2023-10-29 18:59:52 +09:30
130669a130
feat: manage puppet clients
...
- manage the service
- manage the package, version lock it
- deploy the /etc/puppetlabs/puppet/puppet.conf from template for puppet
clients only
2023-10-29 20:26:39 +11:00
46c3eb9597
feat: add puppetboard role
...
- add nginx module to manage reverse proxy on host level
- add puppetboard venv
- add gunicorn instance
- add script to start the gunicorn instance
- add nginx vhost
2023-10-29 19:33:11 +11:00
ef0d865845
Merge pull request 'feat: split puppetdb role into api and sql' ( #32 ) from neoloc/puppetdb2 into develop
...
Reviewed-on: unkinben/puppet-prod#32
2023-10-22 20:30:43 +09:30
e682462917
feat: split puppetdb role into api and sql
...
- add puppetdb_api and puppetdb_sql role
- add puppetdb_api and puppetdb_sql profile
- add prodinf01n05 to /etc/hosts file
- set listen_address for all services to be hosts ip
- set storeconfigs and storeconfigs_backend to be managed by puppetmaster profile
2023-10-22 21:55:50 +11:00
6bb52f2a15
feat: add firewalld management profile
...
- basic profile to enable/disable, and install/remove
- defaulting to enabled and installed, but set to disabled and removed
in hiera
2023-10-22 19:54:10 +11:00
95434214a9
feat: add management of /etc/hosts
...
- add class to manage the /etc/hosts file
- add static hosts to /etc/hosts file via hiera array/hash
2023-10-22 00:34:22 +11:00
e847954e03
Merge branch 'develop' into neoloc/puppet_wrapper
2023-10-22 00:00:52 +11:00
ac27a9ce0b
Merge branch 'develop' into neoloc/puppetdb
2023-10-21 23:30:40 +11:00
080cdd8884
Setup PuppetDB/Puppetboard
...
- install modules required
- puppetdb
- postgresql
- puppetboard
- python
- create new profiles to manage each item (puppetdb/puppetboard)
- added puppetdb role
- include the puppetdb::master::config in puppetmaster role
- re-organised the puppetfile
- moved python to be managed by the python module
- added postgresql to list of managed repos
2023-10-21 23:11:40 +11:00
2b11a9417c
Account/Sudo management
...
- imported account and sudo puppet modules
- created account management wrapper
- defined sysadmin account, set to be created on all nodes
- removed sudo from base packages as its managed by sudo module now
2023-08-29 23:25:10 +10:00
116342bdaa
Added class to manage a default set of scripts
...
- included scripts into profiles::base
- updated hiera with list of scripts to create and their template name
- created template for a puppet wrapper
2023-08-26 16:11:53 +10:00
efc769191e
Adding a default environment
...
- set through puppet.conf
- created symbolic link from develop -> production in code/environments
- changed puppet-g10k script to be generated from a template
- parameterised g10k into hieradata
2023-08-26 15:36:35 +10:00
c96676e143
Updated autosign
...
- added way to manage individual nodes
- added defaults for domains, subnets and nodes
- updated comments and doc
2023-08-26 01:00:31 +10:00
5b4a17b77a
Changed to a simple autosign method
2023-08-26 00:49:21 +10:00
d48283734c
Added a new profile to manage common packages
...
* will by default pull data from hiera
* could change it on a per-distro/role basis
* requires stdlib for ensure_packages
2023-07-02 14:55:02 +10:00
87f174df33
Added Debian components
...
* added debian components for Debian12 and Debian11
* added apt module to puppetfile
* removed /etc/apt/sources.list management, done by apt module
* added profiles::apt::puppet7
2023-07-01 22:38:25 +10:00
b12e3471f3
Merge branch 'develop' into feature/apt_repository
2023-06-27 20:10:44 +09:30
5d758da66e
Added r10k repo management
...
* added profile to download puppet-r10k, add a script to pull changes,
and scheduled it to happen automatically with systemd timer/service
* added to the puppetmaster profile
* updated hieradata
2023-06-26 19:42:15 +10:00
4e30d9b6d9
Added boilerplate for debian host management
...
* added apt repo management
* added switcher based on OS to base.pp
2023-06-26 19:20:05 +10:00
87c38eadf2
Renamed role/profile directories
...
* renamed role to roles
* renamed profile to profiles
* cleaned up all profiles/roles/hieradata to match new paths
2023-06-25 13:24:07 +10:00
