unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: unkin:benvin/artifactapi_repos
Branches Tags
unkin:develop
unkin:benvin/centralise_repo_config
unkin:benvin/artifactapi_repos
unkin:benvin/hiera_data_hash
unkin:benvin/openbao_audit_devices
unkin:benvin/backend_dovecot
unkin:benvin/exporter_ip_loopback
unkin:benvin/k8s_control
unkin:neoloc/k8s
unkin:neoloc/ceph
unkin:neoloc/mpls_mpbgp_rr
unkin:neoloc/firewall
unkin:neoloc/includegroups
unkin:neoloc/exportarr
unkin:neoloc/authproxy
unkin:neoloc/openldap
unkin:neoloc/puppetdb_ssl
unkin:master
..
compare: unkin:develop
Branches Tags
unkin:benvin/centralise_repo_config
unkin:develop
unkin:benvin/artifactapi_repos
unkin:benvin/hiera_data_hash
unkin:benvin/openbao_audit_devices
unkin:benvin/backend_dovecot
unkin:benvin/exporter_ip_loopback
unkin:benvin/k8s_control
unkin:neoloc/k8s
unkin:neoloc/ceph
unkin:neoloc/mpls_mpbgp_rr
unkin:neoloc/firewall
unkin:neoloc/includegroups
unkin:neoloc/exportarr
unkin:neoloc/authproxy
unkin:neoloc/openldap
unkin:neoloc/puppetdb_ssl
unkin:master

2 Commits
benvin/art ... develop

Author SHA1 Message Date
Ben Vincent
9f5b1cec82 fix: thundering hurd (#435) 
- started all puppet clients at the same time, resulting in thundering herd
- add a randomness timer of 10 minutes

Reviewed-on: #435
 2026-01-12 20:21:39 +11:00
Ben Vincent
383bbb0507 fix: ensure join-api is functioning (#434) 
- consul was directing new rke2 control nodes to a dead join api
- add additional check to verify its responding (not just up)

Reviewed-on: #434
 2026-01-11 13:51:36 +11:00
6 changed files with 40 additions and 14 deletions
Show Stats Expand all files Collapse all files

4
hieradata/os/AlmaLinux/AlmaLinux8.yaml
View File

@ -10,8 +10,8 @@ profiles::yum::global::repos:
name: powertools name: powertools
descr: powertools repository descr: powertools repository
target: /etc/yum.repos.d/powertools.repo target: /etc/yum.repos.d/powertools.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
unkin: unkin:
name: unkin name: unkin

20
hieradata/os/AlmaLinux/AlmaLinux9.yaml
View File

@ -3,12 +3,28 @@
crypto_policies::policy: 'DEFAULT:SHA1' crypto_policies::policy: 'DEFAULT:SHA1'
profiles::yum::global::repos: profiles::yum::global::repos:
baseos:
baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/baseos-daily/%{facts.os.architecture}/os/
gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/baseos-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
mirrorlist: absent
extras:
baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/extras-daily/%{facts.os.architecture}/os/
gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/extras-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
mirrorlist: absent
appstream:
baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/appstream-daily/%{facts.os.architecture}/os/
gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/appstream-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
mirrorlist: absent
highavailability:
baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/ha-daily/%{facts.os.architecture}/os/
gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/ha-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
mirrorlist: absent
crb: crb:
name: crb name: crb
descr: crb repository descr: crb repository
target: /etc/yum.repos.d/crb.repo target: /etc/yum.repos.d/crb.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/CRB/%{facts.os.architecture}/os baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/crb-daily/%{facts.os.architecture}/os/
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/CRB/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/crb-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
mirrorlist: absent mirrorlist: absent
unkin: unkin:
name: unkin name: unkin

20
hieradata/os/AlmaLinux/all_releases.yaml
View File

@ -23,36 +23,36 @@ profiles::yum::global::repos:
name: baseos name: baseos
descr: baseos repository descr: baseos repository
target: /etc/yum.repos.d/baseos.repo target: /etc/yum.repos.d/baseos.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/BaseOS/%{facts.os.architecture}/os baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/BaseOS/%{facts.os.architecture}/os
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/BaseOS/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
extras: extras:
name: extras name: extras
descr: extras repository descr: extras repository
target: /etc/yum.repos.d/extras.repo target: /etc/yum.repos.d/extras.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/extras/%{facts.os.architecture}/os baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/extras/%{facts.os.architecture}/os
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/extras/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
appstream: appstream:
name: appstream name: appstream
descr: appstream repository descr: appstream repository
target: /etc/yum.repos.d/appstream.repo target: /etc/yum.repos.d/appstream.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
highavailability: highavailability:
name: highavailability name: highavailability
descr: highavailability repository descr: highavailability repository
target: /etc/yum.repos.d/highavailability.repo target: /etc/yum.repos.d/highavailability.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/HighAvailability/%{facts.os.architecture}/os baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/HighAvailability/%{facts.os.architecture}/os
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/HighAvailability/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
epel: epel:
name: epel name: epel
descr: epel repository descr: epel repository
target: /etc/yum.repos.d/epel.repo target: /etc/yum.repos.d/epel.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/epel/%{facts.os.release.major}/Everything/%{facts.os.architecture} baseurl: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/epel/RPM-GPG-KEY-EPEL-%{facts.os.release.major} gpgkey: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-EPEL-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
unkinben: unkinben:
name: unkinben name: unkinben

6
hieradata/roles/infra/k8s/control.yaml
View File

@ -58,6 +58,12 @@ consul::services:
tcp: "%{hiera('networking_loopback0_ip')}:9345" tcp: "%{hiera('networking_loopback0_ip')}:9345"
interval: '10s' interval: '10s'
timeout: '1s' timeout: '1s'
- id: 'rke2_server_ping_check'
name: 'rke2 Server Ping Check'
http: "https://%{hiera('networking_loopback0_ip')}:9345/ping"
interval: '10s'
timeout: '3s'
tls_skip_verify: true
profiles::consul::client::node_rules: profiles::consul::client::node_rules:
- resource: service - resource: service
segment: api-k8s segment: api-k8s

2
site/profiles/manifests/puppet/client.pp
View File

@ -13,6 +13,8 @@ class profiles::puppet::client (
Boolean $show_diff = true, Boolean $show_diff = true,
Boolean $usecacheonfailure = false, Boolean $usecacheonfailure = false,
Integer $facts_soft_limit = 4096, Integer $facts_soft_limit = 4096,
Boolean $splay = true,
Integer $splaylimit = 600,
) { ) {
# dont manage puppet.conf if this is a puppetmaster # dont manage puppet.conf if this is a puppetmaster

2
site/profiles/templates/puppet/client/puppet.conf.erb
View File

@ -12,3 +12,5 @@ runtimeout = <%= @runtimeout %>
show_diff = <%= @show_diff %> show_diff = <%= @show_diff %>
usecacheonfailure = <%= @usecacheonfailure %> usecacheonfailure = <%= @usecacheonfailure %>
number_of_facts_soft_limit = <%= @facts_soft_limit %> number_of_facts_soft_limit = <%= @facts_soft_limit %>
splay = <%= @splay %>
splaylimit = <%= @splaylimit %>