1 Commits

Author SHA1 Message Date
unkinben 51e8fa7526 feat: improve ci performance
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
split all pre-commit checks into individual workflows, so that
woodpecker spawns a container/job for each. this vastly improves the
time it takes for CI to complete checks for puppet

- create per-pre-commit-check pre-commit config files
- create per-pre-commit-check woodpecker workflows
2026-03-17 17:33:50 +11:00
50 changed files with 67 additions and 541 deletions
-10
View File
@@ -6,13 +6,3 @@ steps:
image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317 image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317
commands: commands:
- uvx pre-commit run --all-files --config ci/bolt-validate.yaml - uvx pre-commit run --all-files --config ci/bolt-validate.yaml
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 1
-10
View File
@@ -6,13 +6,3 @@ steps:
image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317 image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317
commands: commands:
- uvx pre-commit run --all-files --config ci/epp-validate.yaml - uvx pre-commit run --all-files --config ci/epp-validate.yaml
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 1
-10
View File
@@ -6,13 +6,3 @@ steps:
image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317 image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317
commands: commands:
- uvx pre-commit run --all-files --config ci/erb-validate.yaml - uvx pre-commit run --all-files --config ci/erb-validate.yaml
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 1
-10
View File
@@ -6,13 +6,3 @@ steps:
image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317 image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317
commands: commands:
- uvx pre-commit run --all-files --config ci/puppet-lint.yaml - uvx pre-commit run --all-files --config ci/puppet-lint.yaml
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 1
-10
View File
@@ -6,13 +6,3 @@ steps:
image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317 image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317
commands: commands:
- uvx pre-commit run --all-files --config ci/puppet-validate.yaml - uvx pre-commit run --all-files --config ci/puppet-validate.yaml
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 2
limits:
memory: 2Gi
cpu: 2
-10
View File
@@ -6,13 +6,3 @@ steps:
image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317 image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317
commands: commands:
- uvx pre-commit run --all-files --config ci/ruby-check.yaml - uvx pre-commit run --all-files --config ci/ruby-check.yaml
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 1
-10
View File
@@ -6,13 +6,3 @@ steps:
image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317 image: git.unkin.net/unkin/almalinux9-puppet-pr-validator:20260317
commands: commands:
- uvx pre-commit run --all-files --config ci/ruby-validate.yaml - uvx pre-commit run --all-files --config ci/ruby-validate.yaml
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 1
+1 -11
View File
@@ -3,16 +3,6 @@ when:
steps: steps:
- name: yamllint - name: yamllint
image: git.unkin.net/unkin/almalinux9-base:20260606 image: git.unkin.net/unkin/almalinux9-base:20260317
commands: commands:
- uvx pre-commit run --all-files --config ci/yamllint.yaml - uvx pre-commit run --all-files --config ci/yamllint.yaml
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 1
+1
View File
@@ -53,6 +53,7 @@ mod 'saz-ssh', '13.1.0'
mod 'saz-limits', '5.0.0' mod 'saz-limits', '5.0.0'
mod 'ghoneycutt-timezone', '4.0.0' mod 'ghoneycutt-timezone', '4.0.0'
mod 'ghoneycutt-puppet', '3.3.0' mod 'ghoneycutt-puppet', '3.3.0'
mod 'dalen-puppetdbquery', '3.0.1'
mod 'markt-galera', '3.1.0' mod 'markt-galera', '3.1.0'
mod 'kogitoapp-minio', '1.1.4' mod 'kogitoapp-minio', '1.1.4'
mod 'broadinstitute-certs', '3.0.1' mod 'broadinstitute-certs', '3.0.1'
-1
View File
@@ -30,7 +30,6 @@ hierarchy:
- "roles/%{::enc_role_tier1}.eyaml" - "roles/%{::enc_role_tier1}.eyaml"
- "roles/%{::enc_role_tier1}.yaml" - "roles/%{::enc_role_tier1}.yaml"
- "virtual/%{facts.virtual}.yaml" - "virtual/%{facts.virtual}.yaml"
- "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.%{facts.os.release.minor}.yaml"
- "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml" - "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml"
- "os/%{facts.os.name}/all_releases.yaml" - "os/%{facts.os.name}/all_releases.yaml"
- "common.eyaml" - "common.eyaml"
@@ -1,7 +1,4 @@
--- ---
haproxy_server_k8s_syd1_traefik_internal: 'k8s-traefik-internal 198.18.200.4:443 ssl verify none check inter 2s rise 3 fall 2'
haproxy_server_k8s_syd1_traefik_external: 'k8s-traefik-external 198.18.199.0:443 ssl verify none check inter 2s rise 3 fall 2'
profiles::haproxy::dns::ipaddr: "%{hiera('anycast_ip')}" profiles::haproxy::dns::ipaddr: "%{hiera('anycast_ip')}"
profiles::haproxy::dns::vrrp_cnames: profiles::haproxy::dns::vrrp_cnames:
- sonarr.main.unkin.net - sonarr.main.unkin.net
@@ -19,7 +16,6 @@ profiles::haproxy::dns::vrrp_cnames:
- mail.main.unkin.net - mail.main.unkin.net
- autoconfig.main.unkin.net - autoconfig.main.unkin.net
- autodiscover.main.unkin.net - autodiscover.main.unkin.net
- auth.unkin.net
profiles::haproxy::mappings: profiles::haproxy::mappings:
fe_http: fe_http:
@@ -41,7 +37,6 @@ profiles::haproxy::mappings:
- 'mail-webadmin.main.unkin.net be_stalwart_webadmin' - 'mail-webadmin.main.unkin.net be_stalwart_webadmin'
- 'autoconfig.main.unkin.net be_stalwart_webadmin' - 'autoconfig.main.unkin.net be_stalwart_webadmin'
- 'autodiscovery.main.unkin.net be_stalwart_webadmin' - 'autodiscovery.main.unkin.net be_stalwart_webadmin'
- 'auth.unkin.net be_k8s_kanidm'
fe_https: fe_https:
ensure: present ensure: present
mappings: mappings:
@@ -61,7 +56,6 @@ profiles::haproxy::mappings:
- 'mail-webadmin.main.unkin.net be_stalwart_webadmin' - 'mail-webadmin.main.unkin.net be_stalwart_webadmin'
- 'autoconfig.main.unkin.net be_stalwart_webadmin' - 'autoconfig.main.unkin.net be_stalwart_webadmin'
- 'autodiscovery.main.unkin.net be_stalwart_webadmin' - 'autodiscovery.main.unkin.net be_stalwart_webadmin'
- 'auth.unkin.net be_k8s_kanidm'
profiles::haproxy::frontends: profiles::haproxy::frontends:
fe_http: fe_http:
@@ -86,7 +80,6 @@ profiles::haproxy::frontends:
- 'acl_stalwart_webadmin req.hdr(host) -i mail-webadmin.main.unkin.net' - 'acl_stalwart_webadmin req.hdr(host) -i mail-webadmin.main.unkin.net'
- 'acl_stalwart_webadmin req.hdr(host) -i autoconfig.main.unkin.net' - 'acl_stalwart_webadmin req.hdr(host) -i autoconfig.main.unkin.net'
- 'acl_stalwart_webadmin req.hdr(host) -i autodiscovery.main.unkin.net' - 'acl_stalwart_webadmin req.hdr(host) -i autodiscovery.main.unkin.net'
- 'acl_kanidm req.hdr(host) -i auth.unkin.net'
- 'acl_internalsubnets src 198.18.0.0/16 10.10.12.0/24' - 'acl_internalsubnets src 198.18.0.0/16 10.10.12.0/24'
use_backend: use_backend:
- "%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]" - "%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]"
@@ -106,7 +99,6 @@ profiles::haproxy::frontends:
- 'set-header X-Frame-Options DENY if acl_grafana' - 'set-header X-Frame-Options DENY if acl_grafana'
- 'set-header X-Frame-Options DENY if acl_ceph_dashboard' - 'set-header X-Frame-Options DENY if acl_ceph_dashboard'
- 'set-header X-Frame-Options DENY if acl_stalwart_webadmin' - 'set-header X-Frame-Options DENY if acl_stalwart_webadmin'
- 'set-header X-Frame-Options DENY if acl_kanidm'
- 'set-header X-Content-Type-Options nosniff' - 'set-header X-Content-Type-Options nosniff'
- 'set-header X-XSS-Protection 1;mode=block' - 'set-header X-XSS-Protection 1;mode=block'
@@ -328,26 +320,6 @@ profiles::haproxy::backends:
- add-header X-Forwarded-Proto https if { dst_port 9443 } - add-header X-Forwarded-Proto https if { dst_port 9443 }
redirect: 'scheme https if !{ ssl_fc }' redirect: 'scheme https if !{ ssl_fc }'
stick-table: 'type ip size 200k expire 30m' stick-table: 'type ip size 200k expire 30m'
be_k8s_kanidm:
description: Backend for Kanidm (auth.unkin.net via Kubernetes internal Traefik)
collect_exported: false
options:
balance: roundrobin
option:
- httpchk
- forwardfor
- http-keep-alive
- prefer-last-server
http-check:
- 'connect ssl sni auth.unkin.net'
- 'send meth GET uri /status ver HTTP/1.1 hdr Host auth.unkin.net'
- 'expect status 200'
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
server: "%{lookup('haproxy_server_k8s_syd1_traefik_internal')} sni str(auth.unkin.net)"
be_stalwart_imap: be_stalwart_imap:
description: Backend for Stalwart IMAP (STARTTLS) description: Backend for Stalwart IMAP (STARTTLS)
collect_exported: false collect_exported: false
@@ -421,7 +393,6 @@ profiles::haproxy::certlist::certificates:
- /etc/pki/tls/letsencrypt/git.unkin.net/fullchain_combined.pem - /etc/pki/tls/letsencrypt/git.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/grafana.unkin.net/fullchain_combined.pem - /etc/pki/tls/letsencrypt/grafana.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/dashboard.ceph.unkin.net/fullchain_combined.pem - /etc/pki/tls/letsencrypt/dashboard.ceph.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/auth.unkin.net/fullchain_combined.pem
- /etc/pki/tls/vault/certificate.pem - /etc/pki/tls/vault/certificate.pem
# additional altnames # additional altnames
@@ -451,4 +422,3 @@ certbot::client::domains:
- git.unkin.net - git.unkin.net
- grafana.unkin.net - grafana.unkin.net
- dashboard.ceph.unkin.net - dashboard.ceph.unkin.net
- auth.unkin.net
+1 -1
View File
@@ -1,7 +1,7 @@
# hieradata/os/AlmaLinux/AlmaLinux8.yaml # hieradata/os/AlmaLinux/AlmaLinux8.yaml
--- ---
crypto_policies::policy: 'DEFAULT' crypto_policies::policy: 'DEFAULT'
almalinux-base-repo: almalinux
profiles::packages::include: profiles::packages::include:
network-scripts: {} network-scripts: {}
-2
View File
@@ -1,2 +0,0 @@
---
almalinux-base-repo: almalinux-vault
+1 -1
View File
@@ -1,7 +1,7 @@
# hieradata/os/AlmaLinux/AlmaLinux9.yaml # hieradata/os/AlmaLinux/AlmaLinux9.yaml
--- ---
crypto_policies::policy: 'DEFAULT:SHA1' crypto_policies::policy: 'DEFAULT:SHA1'
almalinux-base-repo: almalinux
profiles::yum::global::repos: profiles::yum::global::repos:
crb: crb:
ensure: present ensure: present
+12 -12
View File
@@ -23,45 +23,45 @@ profiles::yum::global::repos:
name: baseos name: baseos
descr: baseos repository descr: baseos repository
target: /etc/yum.repos.d/baseos.repo target: /etc/yum.repos.d/baseos.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/BaseOS/%{facts.os.architecture}/os/ baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/BaseOS/%{facts.os.architecture}/os/
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/BaseOS/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/BaseOS/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
extras: extras:
name: extras name: extras
descr: extras repository descr: extras repository
target: /etc/yum.repos.d/extras.repo target: /etc/yum.repos.d/extras.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/extras/%{facts.os.architecture}/os/ baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/extras/%{facts.os.architecture}/os/
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/extras/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/extras/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
appstream: appstream:
name: appstream name: appstream
descr: appstream repository descr: appstream repository
target: /etc/yum.repos.d/appstream.repo target: /etc/yum.repos.d/appstream.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os/ baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os/
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
highavailability: highavailability:
name: highavailability name: highavailability
descr: highavailability repository descr: highavailability repository
target: /etc/yum.repos.d/highavailability.repo target: /etc/yum.repos.d/highavailability.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/HighAvailability/%{facts.os.architecture}/os/ baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/HighAvailability/%{facts.os.architecture}/os/
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/HighAvailability/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/HighAvailability/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
crb: crb:
ensure: absent ensure: absent
name: crb name: crb
descr: crb repository descr: crb repository
target: /etc/yum.repos.d/crb.repo target: /etc/yum.repos.d/crb.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/CRB/%{facts.os.architecture}/os/ baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/CRB/%{facts.os.architecture}/os/
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/CRB/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/CRB/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
powertools: powertools:
ensure: absent ensure: absent
name: powertools name: powertools
descr: powertools repository descr: powertools repository
target: /etc/yum.repos.d/powertools.repo target: /etc/yum.repos.d/powertools.repo
baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os/ baseurl: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os/
gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/%{lookup('almalinux-base-repo')}/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major} gpgkey: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/almalinux/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
mirrorlist: absent mirrorlist: absent
epel: epel:
name: epel name: epel
+1 -3
View File
@@ -6,10 +6,8 @@ hiera_include:
profiles::dns::resolver::acls: profiles::dns::resolver::acls:
acl-main.unkin.net: acl-main.unkin.net:
addresses: addresses:
- 198.18.1.10/32 - 10.10.8.1/32
- 198.18.2.160/27
- 198.18.21.160/27 - 198.18.21.160/27
- 198.18.2.192/27
- 198.18.21.192/27 - 198.18.21.192/27
- 198.18.13.0/24 - 198.18.13.0/24
- 198.18.14.0/24 - 198.18.14.0/24
+2 -8
View File
@@ -82,14 +82,8 @@ profiles::sql::postgresdb::dbname: gitea
profiles::sql::postgresdb::dbuser: gitea profiles::sql::postgresdb::dbuser: gitea
# deploy gitea # deploy gitea
gitea::base_url: 'https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/gitea-dl/gitea' gitea::ensure: '1.22.4'
gitea::install::checksums: gitea::checksum: 'd549104f55067e6fb156e7ba060c9af488f36e12d5e747db7563fcc99eaf8532'
1.26.2:
linux:
amd64: 5b37937b625de69196748f7293eee1a7363f8637ae6e3da3c359bb380bd61a6a
gitea::ensure: '1.26.2'
gitea::checksum: '5b37937b625de69196748f7293eee1a7363f8637ae6e3da3c359bb380bd61a6a'
gitea::manage_user: false gitea::manage_user: false
gitea::manage_group: false gitea::manage_group: false
gitea::manage_home: false gitea::manage_home: false
+1 -5
View File
@@ -5,10 +5,6 @@ hiera_include:
- incus - incus
- zfs - zfs
- profiles::ceph::node - profiles::ceph::node
- profiles::ceph::mon
- profiles::ceph::mgr
- profiles::ceph::mds
- profiles::ceph::osd
- profiles::ceph::client - profiles::ceph::client
- profiles::ceph::dashboard - profiles::ceph::dashboard
- profiles::storage::cephfsvols - profiles::storage::cephfsvols
@@ -103,7 +99,7 @@ profiles::yum::global::repos:
profiles::dns::base::primary_interface: loopback0 profiles::dns::base::primary_interface: loopback0
# dashboard/haproxy # dashboard/haproxy
profiles::ceph::dashboard::ipaddress: "%{hiera('networking_loopback2_ip')}" profiles::ceph::dashboard::ipaddress: "%{hiera('networking_loopback0_ip')}"
# networking # networking
systemd::manage_networkd: true systemd::manage_networkd: true
-68
View File
@@ -2,7 +2,6 @@
hiera_include: hiera_include:
- profiles::selinux::setenforce - profiles::selinux::setenforce
- profiles::ceph::node - profiles::ceph::node
- profiles::ceph::osd
- profiles::ceph::client - profiles::ceph::client
- exporters::frr_exporter - exporters::frr_exporter
- frrouting - frrouting
@@ -11,62 +10,6 @@ hiera_include:
# manage rke2 # manage rke2
rke2::bootstrap_node: prodnxsr0001.main.unkin.net rke2::bootstrap_node: prodnxsr0001.main.unkin.net
rke2::join_url: https://join-k8s.service.consul:9345 rke2::join_url: https://join-k8s.service.consul:9345
rke2::manage_registries: true
rke2::registries:
docker.io:
endpoint:
- "https://artifactapi.k8s.syd1.au.unkin.net"
rewrite:
"^(.*)$": "dockerhub/$1"
disable-default-registry-endpoint: true
ghcr.io:
endpoint:
- "https://artifactapi.k8s.syd1.au.unkin.net"
rewrite:
"^(.*)$": "ghcr/$1"
disable-default-registry-endpoint: true
quay.io:
endpoint:
- "https://artifactapi.k8s.syd1.au.unkin.net"
rewrite:
"^(.*)$": "quay/$1"
disable-default-registry-endpoint: true
registry.k8s.io:
endpoint:
- "https://artifactapi.k8s.syd1.au.unkin.net"
rewrite:
"^(.*)$": "k8s-registry/$1"
disable-default-registry-endpoint: true
registry.gitlab.com:
endpoint:
- "https://artifactapi.k8s.syd1.au.unkin.net"
rewrite:
"^(.*)$": "gitlab/$1"
disable-default-registry-endpoint: true
docker.elastic.co:
endpoint:
- "https://artifactapi.k8s.syd1.au.unkin.net"
rewrite:
"^(.*)$": "elastic/$1"
disable-default-registry-endpoint: true
gcr.io:
endpoint:
- "https://artifactapi.k8s.syd1.au.unkin.net"
rewrite:
"^(.*)$": "gcr/$1"
disable-default-registry-endpoint: true
docker.litellm.ai:
endpoint:
- "https://artifactapi.k8s.syd1.au.unkin.net"
rewrite:
"^(.*)$": "litellm/$1"
disable-default-registry-endpoint: true
public.ecr.aws:
endpoint:
- "https://artifactapi.k8s.syd1.au.unkin.net"
rewrite:
"^(.*)$": "ecr-public/$1"
disable-default-registry-endpoint: true
rke2::config_hash: rke2::config_hash:
bind-address: "%{hiera('networking_loopback0_ip')}" bind-address: "%{hiera('networking_loopback0_ip')}"
node-ip: "%{hiera('networking_loopback0_ip')}" node-ip: "%{hiera('networking_loopback0_ip')}"
@@ -182,17 +125,6 @@ frrouting::ospf_exclude_k8s_enable: true
frrouting::k8s_cluster_cidr: '10.42.0.0/16' # RKE2 cluster-cidr (pods) frrouting::k8s_cluster_cidr: '10.42.0.0/16' # RKE2 cluster-cidr (pods)
frrouting::k8s_service_cidr: '10.43.0.0/16' # RKE2 service-cidr frrouting::k8s_service_cidr: '10.43.0.0/16' # RKE2 service-cidr
# sysctl recommendations
sysctl::base::values:
net.ipv4.conf.default.rp_filter:
value: '0'
net.ipv4.conf.all.rp_filter:
value: '0'
fs.inotify.max_user_watches:
value: '524288'
fs.inotify.max_user_instances:
value: '512'
# add loopback interfaces to ssh list # add loopback interfaces to ssh list
ssh::server::options: ssh::server::options:
ListenAddress: ListenAddress:
@@ -11,7 +11,6 @@ profiles::metrics::grafana::db_name: "%{hiera('profiles::sql::postgresdb::dbname
profiles::metrics::grafana::db_user: "%{hiera('profiles::sql::postgresdb::dbuser')}" profiles::metrics::grafana::db_user: "%{hiera('profiles::sql::postgresdb::dbuser')}"
profiles::metrics::grafana::db_pass: "%{hiera('profiles::sql::postgresdb::dbpass')}" profiles::metrics::grafana::db_pass: "%{hiera('profiles::sql::postgresdb::dbpass')}"
profiles::metrics::grafana::pgsql_backend: true profiles::metrics::grafana::pgsql_backend: true
profiles::metrics::grafana::version: '13.0.2'
profiles::metrics::grafana::plugins: profiles::metrics::grafana::plugins:
victoriametrics-logs-datasource: victoriametrics-logs-datasource:
ensure: present ensure: present
-1
View File
@@ -16,4 +16,3 @@ certbot::domains:
- git.unkin.net - git.unkin.net
- grafana.unkin.net - grafana.unkin.net
- dashboard.ceph.unkin.net - dashboard.ceph.unkin.net
- auth.unkin.net
+1 -1
View File
@@ -26,7 +26,7 @@ profiles::puppet::cobbler_enc::packages:
- 'requests' - 'requests'
- 'PyYAML' - 'PyYAML'
profiles::puppet::enc::repo: https://git.service.au-syd1.consul/unkinben/puppet-enc.git profiles::puppet::enc::repo: https://git.service.au-syd1.consul/unkinben/puppet-enc.git
profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkin/puppet-r10k.git profiles::puppet::r10k::r10k_repo: https://git.service.au-syd1.consul/unkin/puppet-r10k.git
profiles::puppet::g10k::bin_path: '/usr/bin/g10k' profiles::puppet::g10k::bin_path: '/usr/bin/g10k'
profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml' profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml'
profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments' profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments'
+2 -2
View File
@@ -28,8 +28,8 @@ class externaldns::master inherits externaldns {
dynamic => true, dynamic => true,
allow_updates => ['key externaldns-key'], allow_updates => ['key externaldns-key'],
allow_transfers => empty($slave_ips) ? { allow_transfers => empty($slave_ips) ? {
true => ['key externaldns-key'], true => [],
false => ['key externaldns-key','dns-slaves'], false => ['dns-slaves'],
}, },
ns_notify => !empty($slave_ips), ns_notify => !empty($slave_ips),
also_notify => $slave_ips, also_notify => $slave_ips,
+1 -6
View File
@@ -22,12 +22,7 @@ class incus::cluster (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes("enc_role='${members_role}' and region='${facts['region']}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${members_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params # else use provided array from params
}else{ }else{
-56
View File
@@ -1,56 +0,0 @@
# frozen_string_literal: true
require 'facter'
# Detects active ceph service instances via systemctl and exposes facts
# for use in ceph service management profiles.
# rubocop:disable Style/ClassAndModuleChildren
module Unkin
module Ceph
# Detects active ceph service instances via systemctl and exposes Facter facts.
module Utils
TYPES = %w[mon mgr mds osd].freeze
def self.services
output = Facter::Core::Execution.execute(
'systemctl list-units "ceph*" --no-legend --plain --all 2>/dev/null',
on_fail: ''
)
parse_units(output)
end
def self.parse_units(output)
result = TYPES.each_with_object({}) { |type, hash| hash[type] = [] }
output.each_line do |line|
unit = line.split.first
next unless unit
match_unit(result, unit)
end
result
end
def self.match_unit(result, unit)
TYPES.each do |type|
match = unit.match(/\Aceph-#{type}@(.+)\.service\z/)
result[type] << "ceph-#{type}@#{match[1]}" if match
end
end
TYPES.each do |type|
define_singleton_method(:"#{type}?") { !services[type].empty? }
end
end
end
end
# rubocop:enable Style/ClassAndModuleChildren
Facter.add('ceph_services') do
setcode { Unkin::Ceph::Utils.services }
end
Unkin::Ceph::Utils::TYPES.each do |type|
Facter.add("is_ceph_#{type}") do
setcode { Unkin::Ceph::Utils.public_send(:"#{type}?") }
end
end
+1 -6
View File
@@ -20,12 +20,7 @@ class redisha::redis (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes("enc_role='${redisha_members_role}' and region='${facts['region']}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${redisha_members_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params # else use provided array from params
}else{ }else{
+1 -6
View File
@@ -23,12 +23,7 @@ class redisha::sentinel (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes("enc_role='${redisha_members_role}' and region='${facts['region']}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${redisha_members_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params # else use provided array from params
}else{ }else{
-20
View File
@@ -7,8 +7,6 @@ class rke2::config (
Stdlib::Fqdn $bootstrap_node = $rke2::bootstrap_node, Stdlib::Fqdn $bootstrap_node = $rke2::bootstrap_node,
String $node_token = $rke2::node_token, String $node_token = $rke2::node_token,
Array[String[1]] $extra_config_files = $rke2::extra_config_files, Array[String[1]] $extra_config_files = $rke2::extra_config_files,
Boolean $manage_registries = $rke2::manage_registries,
Hash $registries = $rke2::registries,
){ ){
# if its not the bootstrap node, add join path to config # if its not the bootstrap node, add join path to config
@@ -30,24 +28,6 @@ class rke2::config (
$config = $config_hash $config = $config_hash
} }
if $manage_registries {
file { '/etc/rancher/rke2/registries.yaml':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => epp('rke2/registries.yaml.epp', { registries => $registries }),
require => Package["rke2-${node_type}"],
notify => Service["rke2-${node_type}"],
}
}else{
file { '/etc/rancher/rke2/registries.yaml':
ensure => absent,
require => Package["rke2-${node_type}"],
notify => Service["rke2-${node_type}"],
}
}
# create the config file # create the config file
file { $config_file: file { $config_file:
ensure => file, ensure => file,
-2
View File
@@ -12,8 +12,6 @@ class rke2 (
Hash $helm_repos = $rke2::params::helm_repos, Hash $helm_repos = $rke2::params::helm_repos,
Array[String[1]] $extra_config_files = $rke2::params::extra_config_files, Array[String[1]] $extra_config_files = $rke2::params::extra_config_files,
Stdlib::HTTPUrl $container_archive_source = $rke2::params::container_archive_source, Stdlib::HTTPUrl $container_archive_source = $rke2::params::container_archive_source,
Boolean $manage_registries = $rke2::params::manage_registries,
Hash $registries = $rke2::params::registries,
) inherits rke2::params { ) inherits rke2::params {
include rke2::install include rke2::install
-2
View File
@@ -12,6 +12,4 @@ class rke2::params (
Hash $helm_repos = {}, Hash $helm_repos = {},
Array[String[1]] $extra_config_files = [], Array[String[1]] $extra_config_files = [],
Stdlib::HTTPUrl $container_archive_source = 'https://github.com/rancher/rke2/releases/download', Stdlib::HTTPUrl $container_archive_source = 'https://github.com/rancher/rke2/releases/download',
Boolean $manage_registries = false,
Hash $registries = {},
) {} ) {}
@@ -1,20 +0,0 @@
<%- | Hash $registries | -%>
---
# DO NOT MODIFY - MANAGED BY PUPPET
mirrors:
<%- $registries.each |$registry, $config| { -%>
<%= $registry %>:
endpoint:
<%- $config['endpoint'].each |$ep| { -%>
- "<%= $ep %>"
<%- } -%>
<%- if $config['rewrite'] { -%>
rewrite:
<%- $config['rewrite'].each |$pattern, $replacement| { -%>
"<%= $pattern %>": "<%= $replacement %>"
<%- } -%>
<%- } -%>
<%- if $config['disable-default-registry-endpoint'] { -%>
disable-default-registry-endpoint: true
<%- } -%>
<%- } -%>
+2 -21
View File
@@ -167,13 +167,7 @@ class stalwart (
# Query cluster members for validation # Query cluster members for validation
$cluster_query = "enc_role='${cluster_role}' and country='${facts['country']}' and region='${facts['region']}'" $cluster_query = "enc_role='${cluster_role}' and country='${facts['country']}' and region='${facts['region']}'"
$cluster_members_raw = puppetdb_query( $cluster_members_raw = query_nodes($cluster_query, 'networking.fqdn')
"facts[certname] {
name = 'enc_role' and value = '${cluster_role}' and
certname in facts[certname] { name = 'country' and value = '${facts['country']}' } and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] }
$cluster_members = $cluster_members_raw ? { $cluster_members = $cluster_members_raw ? {
undef => [], undef => [],
default => $cluster_members_raw, default => $cluster_members_raw,
@@ -186,20 +180,7 @@ class stalwart (
# Query HAProxy nodes for proxy trusted networks # Query HAProxy nodes for proxy trusted networks
$haproxy_query = "enc_role='${haproxy_role}' and country='${facts['country']}' and region='${facts['region']}'" $haproxy_query = "enc_role='${haproxy_role}' and country='${facts['country']}' and region='${facts['region']}'"
$haproxy_members_raw = puppetdb_query( $haproxy_members_raw = query_nodes($haproxy_query, 'networking.ip')
"facts[certname,value] {
name = 'networking' and
certname in facts[certname] {
name = 'enc_role' and value = '${haproxy_role}'
} and
certname in facts[certname] {
name = 'country' and value = '${facts['country']}'
} and
certname in facts[certname] {
name = 'region' and value = '${facts['region']}'
}
}"
).map |$fact| { $fact['value']['ip'] }
$haproxy_ips = $haproxy_members_raw ? { $haproxy_ips = $haproxy_members_raw ? {
undef => [], undef => [],
default => sort($haproxy_members_raw), default => sort($haproxy_members_raw),
-13
View File
@@ -1,13 +0,0 @@
class profiles::ceph::mds (
Boolean $ensure_running = true,
) {
if $ensure_running and $facts['is_ceph_mds'] {
$facts['ceph_services']['mds'].each |String $svc| {
service { $svc:
ensure => running,
enable => true,
}
}
}
}
-13
View File
@@ -1,13 +0,0 @@
class profiles::ceph::mgr (
Boolean $ensure_running = true,
) {
if $ensure_running and $facts['is_ceph_mgr'] {
$facts['ceph_services']['mgr'].each |String $svc| {
service { $svc:
ensure => running,
enable => true,
}
}
}
}
-13
View File
@@ -1,13 +0,0 @@
class profiles::ceph::mon (
Boolean $ensure_running = true,
) {
if $ensure_running and $facts['is_ceph_mon'] {
$facts['ceph_services']['mon'].each |String $svc| {
service { $svc:
ensure => running,
enable => true,
}
}
}
}
-13
View File
@@ -1,13 +0,0 @@
class profiles::ceph::osd (
Boolean $ensure_running = true,
) {
if $ensure_running and $facts['is_ceph_osd'] {
$facts['ceph_services']['osd'].each |String $svc| {
service { $svc:
ensure => running,
enable => true,
}
}
}
}
+1 -6
View File
@@ -28,12 +28,7 @@ class profiles::consul::client (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes("enc_role='${members_role}' and region='${::facts['region']}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${members_role}' and
certname in facts[certname] { name = 'region' and value = '${::facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params # else use provided array from params
}else{ }else{
+2 -12
View File
@@ -65,22 +65,12 @@ class profiles::consul::server (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes("enc_role='${members_role}' and region='${::facts['region']}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${members_role}' and
certname in facts[certname] { name = 'region' and value = '${::facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
if $join_remote_regions { if $join_remote_regions {
# get all nodes in the members_role for each other region # get all nodes in the members_role for each other region
$region_to_servers = $remote_regions.reduce({}) |$memo, $region| { $region_to_servers = $remote_regions.reduce({}) |$memo, $region| {
$servers = sort(puppetdb_query( $servers = sort(query_nodes("enc_role='${members_role}' and region='${region}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${members_role}' and
certname in facts[certname] { name = 'region' and value = '${region}' }
}"
).map |$fact| { $fact['certname'] })
$memo + { $region => $servers } $memo + { $region => $servers }
} }
+3 -22
View File
@@ -18,28 +18,9 @@ class profiles::dns::base (
$nameserver_array = $ns_role ? { $nameserver_array = $ns_role ? {
undef => $nameservers, undef => $nameservers,
default => $use_ns ? { default => $use_ns ? {
'all' => puppetdb_query( 'all' => query_nodes("enc_role='${ns_role}'", 'networking.ip'),
"facts[certname,value] { 'region' => query_nodes("enc_role='${ns_role}' and region=${facts['region']}", 'networking.ip'),
name = 'networking' and 'country' => query_nodes("enc_role='${ns_role}' and country=${facts['country']}", 'networking.ip'),
certname in nodes[certname] { facts.enc_role = '${ns_role}' }
}"
).map |$fact| { $fact['value']['ip'] },
'region' => puppetdb_query(
"facts[certname,value] {
name = 'networking' and
certname in nodes[certname] {
facts.enc_role = '${ns_role}' and facts.region = '${facts['region']}'
}
}"
).map |$fact| { $fact['value']['ip'] },
'country' => puppetdb_query(
"facts[certname,value] {
name = 'networking' and
certname in nodes[certname] {
facts.enc_role = '${ns_role}' and facts.country = '${facts['country']}'
}
}"
).map |$fact| { $fact['value']['ip'] },
} }
} }
+4 -18
View File
@@ -20,21 +20,9 @@ class profiles::dns::master (
$nameservers_array = $ns_role ? { $nameservers_array = $ns_role ? {
undef => [$facts['networking']['fqdn']], undef => [$facts['networking']['fqdn']],
default => $use_ns ? { default => $use_ns ? {
'all' => sort(puppetdb_query( 'all' => sort(query_nodes("enc_role='${ns_role}'", 'networking.fqdn')),
"facts[certname] { name = 'enc_role' and value = '${ns_role}' }" 'region' => sort(query_nodes("enc_role='${ns_role}' and region=${facts['region']}", 'networking.fqdn')),
).map |$fact| { $fact['certname'] }), 'country' => sort(query_nodes("enc_role='${ns_role}' and country=${facts['country']}", 'networking.fqdn')),
'region' => sort(puppetdb_query(
"facts[certname] {
name = 'enc_role' and value = '${ns_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] }),
'country' => sort(puppetdb_query(
"facts[certname] {
name = 'enc_role' and value = '${ns_role}' and
certname in facts[certname] { name = 'country' and value = '${facts['country']}' }
}"
).map |$fact| { $fact['certname'] }),
} }
} }
@@ -44,9 +32,7 @@ class profiles::dns::master (
$facts['networking']['fqdn'] => $facts['networking']['ip'] $facts['networking']['fqdn'] => $facts['networking']['ip']
}, },
default => $nameservers_array.reduce({}) |$acc, $fqdn| { default => $nameservers_array.reduce({}) |$acc, $fqdn| {
$result = puppetdb_query( $result = query_nodes("networking.fqdn='${fqdn}'", 'networking.ip')
"facts[certname,value] { name = 'networking' and certname = '${fqdn}' }"
).map |$fact| { $fact['value']['ip'] }
$ip = $result[0] $ip = $result[0]
$acc + { "${fqdn}." => $ip } $acc + { "${fqdn}." => $ip }
} }
+2 -7
View File
@@ -18,12 +18,7 @@ class profiles::etcd::node (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes("enc_role='${members_role}' and region='${facts['region']}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${members_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params # else use provided array from params
}else{ }else{
@@ -36,7 +31,7 @@ class profiles::etcd::node (
$initial_cluster = $servers_array.map |$fqdn| { $initial_cluster = $servers_array.map |$fqdn| {
# lookup the ip address for the current fqdn # lookup the ip address for the current fqdn
$ip = puppetdb_query("facts[certname,value] { name = 'networking' and certname = '${fqdn}' }").map |$fact| { $fact['value']['ip'] }[0] $ip = query_nodes("networking.fqdn='${fqdn}'", 'networking.ip')[0]
# construct the string for this server # construct the string for this server
"${fqdn}=https://${ip}:${peer_port}" "${fqdn}=https://${ip}:${peer_port}"
+7 -8
View File
@@ -30,14 +30,13 @@ class profiles::haproxy::dns (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes(
"facts[certname] { "enc_role='${facts['enc_role']}' and
name = 'enc_role' and value = '${facts['enc_role']}' and country='${facts['country']}' and
certname in facts[certname] { name = 'country' and value = '${facts['country']}' } and region='${facts['region']}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' } and environment='${facts['environment']}'",
certname in facts[certname] { name = 'environment' and value = '${facts['environment']}' } 'networking.fqdn'
}" ))
).map |$fact| { $fact['certname'] })
# give enough time for a few hosts to be provisioned # give enough time for a few hosts to be provisioned
if length($servers_array) >= 3 { if length($servers_array) >= 3 {
@@ -1,7 +1,6 @@
# profiles::metrics::grafana # profiles::metrics::grafana
class profiles::metrics::grafana ( class profiles::metrics::grafana (
String $ldap_bind_pass, String $ldap_bind_pass,
String $version = 'installed',
Stdlib::Port $http_port = 8080, Stdlib::Port $http_port = 8080,
String $app_mode = 'production', String $app_mode = 'production',
Boolean $allow_sign_up = false, Boolean $allow_sign_up = false,
@@ -108,7 +107,6 @@ class profiles::metrics::grafana (
# deploy grafana # deploy grafana
class { 'grafana': class { 'grafana':
version => $version,
cfg => $cfg, cfg => $cfg,
ldap_cfg => $ldap_cfg, ldap_cfg => $ldap_cfg,
plugins => $plugins, plugins => $plugins,
+2 -9
View File
@@ -98,15 +98,8 @@ class profiles::minio::server (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
#$servers_array = sort(puppetdb_query( #$servers_array = sort(query_nodes("enc_role='${minio_members_role}'", 'networking.fqdn'))
# "facts[certname] { name = 'enc_role' and value = '${minio_members_role}' }" $servers_array = sort(query_nodes("enc_role='${minio_members_role}' and minio_region='${minio_region}'", 'networking.fqdn'))
#).map |$fact| { $fact['certname'] })
$servers_array = sort(puppetdb_query(
"facts[certname] {
name = 'enc_role' and value = '${minio_members_role}' and
certname in facts[certname] { name = 'minio_region' and value = '${minio_region}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params # else use provided array from params
}else{ }else{
+3 -15
View File
@@ -26,21 +26,9 @@ class profiles::ntp::client (
$ntpserver_array = $ntp_role ? { $ntpserver_array = $ntp_role ? {
undef => $peers, undef => $peers,
default => $use_ntp ? { default => $use_ntp ? {
'all' => puppetdb_query( 'all' => query_nodes("enc_role='${ntp_role}'", 'networking.fqdn'),
"facts[certname] { name = 'enc_role' and value = '${ntp_role}' }" 'region' => query_nodes("enc_role='${ntp_role}' and region=${facts['region']}", 'networking.fqdn'),
).map |$fact| { $fact['certname'] }, 'country' => query_nodes("enc_role='${ntp_role}' and country=${facts['country']}", 'networking.fqdn'),
'region' => puppetdb_query(
"facts[certname] {
name = 'enc_role' and value = '${ntp_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] },
'country' => puppetdb_query(
"facts[certname] {
name = 'enc_role' and value = '${ntp_role}' and
certname in facts[certname] { name = 'country' and value = '${facts['country']}' }
}"
).map |$fact| { $fact['certname'] },
} }
} }
@@ -24,13 +24,10 @@ class profiles::proxmox::clusterinit {
} }
} }
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes(
"facts[certname] { "enc_role='${membersrole}' and country='${facts['country']}' and region='${facts['region']}'",
name = 'enc_role' and value = '${membersrole}' and 'networking.fqdn'
certname in facts[certname] { name = 'country' and value = '${facts['country']}' } and ))
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
if ! $profiles::proxmox::params::pve_clusterinit_master { if ! $profiles::proxmox::params::pve_clusterinit_master {
if !empty($servers_array) { if !empty($servers_array) {
@@ -11,14 +11,13 @@ class profiles::proxmox::clusterjoin {
$root_password = $profiles::proxmox::params::root_password $root_password = $profiles::proxmox::params::root_password
# query puppetdb for list of cluster members # query puppetdb for list of cluster members
$members_array = sort(puppetdb_query( $members_array = sort(query_nodes(
"facts[certname] { "enc_role='${membersrole}' and \
name = 'enc_role' and value = '${membersrole}' and country='${facts['country']}' and \
certname in facts[certname] { name = 'country' and value = '${facts['country']}' } and region='${facts['region']}' and \
certname in facts[certname] { name = 'region' and value = '${facts['region']}' } and pve_cluster.cluster_name='${clustername}'",
certname in facts[certname] { name = 'pve_cluster' and value.cluster_name = '${clustername}' } 'networking.fqdn'
}" ))
).map |$fact| { $fact['certname'] })
# check if the pve kernerl is running # check if the pve kernerl is running
if $facts['kernelrelease'] == $profiles::proxmox::params::pve_kernel_release { if $facts['kernelrelease'] == $profiles::proxmox::params::pve_kernel_release {
+1 -6
View File
@@ -48,12 +48,7 @@ class profiles::sql::galera_member (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes("enc_role='${galera_members_role}' and region='${facts['region']}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${galera_members_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params # else use provided array from params
}else{ }else{
+1 -6
View File
@@ -18,12 +18,7 @@ class profiles::sql::postgresdb (
} }
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes("enc_role='${members_role}' and region='${facts['region']}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${members_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params # else use provided array from params
}else{ }else{
+1 -6
View File
@@ -29,12 +29,7 @@ class profiles::vault::server (
if $members_lookup and $members_role != undef { if $members_lookup and $members_role != undef {
# if it is, find hosts, sort them so they dont cause changes every run # if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(puppetdb_query( $servers_array = sort(query_nodes("enc_role='${members_role}' and region='${::facts['region']}'", 'networking.fqdn'))
"facts[certname] {
name = 'enc_role' and value = '${members_role}' and
certname in facts[certname] { name = 'region' and value = '${::facts['region']}' }
}"
).map |$fact| { $fact['certname'] })
# else use provided array from params # else use provided array from params
}else{ }else{