95 Commits

Author SHA1 Message Date
unkinben 23dd962d89 feat: allow specifying consul addr for exporters
- ensure frr/node exporter reachable on hosts with loopbacks
2025-08-09 17:08:38 +10:00
unkinben ac36d9627b feat: capture all journald logs (#377)
- create module class for journald clients
- ensure module class it used on all hosts
- use consul service address for insert/journald

Reviewed-on: #377
2025-08-09 15:11:47 +10:00
unkinben 198cee27c2 feat: enable https for vlstorage (#376)
- attempting to send to http:// fails as vlstorage is using tls
- enable tls on vlselect/vlinsert when writing to vlstorage
- add retention period to vlstorage

Reviewed-on: #376
2025-08-09 14:34:48 +10:00
unkinben f73d6f07ce fix: generate types as root (#375)
- larger permission issue that needs fixing
- reduce the number of failed runs

Reviewed-on: #375
2025-08-09 13:30:12 +10:00
unkinben 1c71229fd3 feat: add victorialogs module (#374)
- add module for victorialogs
- add hieradata for vl insert/select/storage
- manage packages, directories, services, etc
- manage exporting metrics

Reviewed-on: #374
2025-08-08 23:59:46 +10:00
unkinben d649195ccc fix: generate types needs to run more often (#373)
- seeing frequent errors in puppetboard about types missing
- change the puppet-generate-types timer from daily to per-minute

Reviewed-on: #373
2025-08-07 20:53:06 +10:00
unkinben fcd0bc4c74 feat: add victorialogs roles (#372)
- and hieradata
- empty roles currently

Reviewed-on: #372
2025-08-07 20:34:42 +10:00
unkinben a30ff81139 fix: reduce metadata lifetime (#371)
- metadata lifetime should be lowered to improve development speed

Reviewed-on: #371
2025-08-03 21:04:47 +10:00
unkinben bbed65b4b8 benvin/frr_exporter (#370)
Reviewed-on: #370
2025-08-03 20:14:19 +10:00
unkinben 75ca7a5685 feat: add frr_exporter class (#369)
- add frr exporter to all nodes running frr

Reviewed-on: #369
2025-08-03 16:15:29 +10:00
unkinben 53fabc923b feat: add nzbget_exporter (#368)
- add nzbget_exporter class
- add exporter to nzbget class

Reviewed-on: #368
2025-08-03 15:03:29 +10:00
unkinben 5a9241940f feat: export ceph metrics (#367)
- export cephmgr metrics
- will only be availabe from one host at a time

Reviewed-on: #367
2025-07-29 18:54:49 +10:00
unkinben df457306cc feat: add external grafana access (#366)
- enable access to grafana through haproxy
- ensure grafana cert created from letsencrypt
- enable user access to grafana

Reviewed-on: #366
2025-07-28 21:07:43 +10:00
unkinben 7fbb87b4b6 feat: add exportarr (#365)
- add exporters::exportarr
- deploy for radarr, sonarr and prowlarr

Reviewed-on: #365
2025-07-27 19:47:26 +10:00
unkinben fd902c1437 feat: create exporters module (#364)
- upgrade node_exporter, bring managed under exporters module
- upgrade postgres_exporter, bring managed under exporters module
- add flag to cleanup previous iterations of exporters from prometheus module
- fix issues with vmclusster: replication + dedup

Reviewed-on: #364
2025-07-27 13:28:41 +10:00
unkinben 0e64c9855a feat: add vmcluster module (#363)
- manage vmstorage package, service and environment file
- manage vmselect package, service and environment file
- manage vminsert package, service and environment file
- manage vmagent package, service and environment file
- manage options for vmstorage, vmselect, vminsert, vmagent role

Reviewed-on: #363
2025-07-26 18:17:20 +10:00
unkinben 3cfafbac44 feat: enable ceph on k8s nodes (#362)
- enable enough ceph/frr to join to cephfs
- notify sshd when restarting the network
- update ssh principals to include all ssh interfaces

Reviewed-on: #362
2025-07-19 20:30:46 +10:00
unkinben c5c40c3bfd chore: cleanup old physicals (#361)
- cleanup old nodes to redeploy them

Reviewed-on: #361
2025-07-15 22:34:46 +10:00
unkinben 98f1961a07 benvin/ceph_common (#360)
Reviewed-on: #360
2025-07-15 20:38:39 +10:00
unkinben eb1ada8ea5 fix: duplicate declatation (#359)
- only install ceph-common once

Reviewed-on: #359
2025-07-15 20:31:09 +10:00
unkinben ec3e42901a feat: add basic k8s node role (#358)
- update prodnxsr0001-8 to use networkd
- add basic k8s node role

Reviewed-on: #358
2025-07-15 20:18:17 +10:00
unkinben e905afcab0 chore: cleanup hieradata/nodes (#357)
- cleanup decommed nodes
- remove unneccessary node data

Reviewed-on: #357
2025-07-13 21:40:32 +10:00
unkinben de6e7d0ba9 feat: add vmagent role (#356)
- add vmagent role for vicmet

Reviewed-on: #356
2025-07-13 17:20:58 +10:00
unkinben 780a97dfe4 feat: add new cobbler master (#355)
- change cobbler.main.unkin.net to 2098

Reviewed-on: #355
2025-07-12 20:31:43 +10:00
unkinben 9aa6472e5b feat: ensure /etc/NetworkManager/conf.d exists (#354)
- required to create dns-none setting

Reviewed-on: #354
2025-07-12 14:19:22 +10:00
unkinben 80ab4e6889 chore: update cobbler for el9 (#353)
- update cobbler/cobbler-web package
- update path for ipxebins

Reviewed-on: #353
2025-07-12 14:19:14 +10:00
unkinben ccda327c7a gchore: cleanup old vms (#352)
- remove ntp01/ntp02
- remove old gitea
- remove mariadb galera vms

Reviewed-on: #352
2025-07-09 21:18:23 +10:00
unkinben acef1bde29 feat: move puppetca role (#351)
- move puppetca from vm to lxd

Reviewed-on: #351
2025-07-09 21:15:09 +10:00
unkinben 7d87e11e79 feat: add victoria metrics roles (#350)
- add vmstorage, vmselect and vminsert roles
- base roles, only adding packages
- preparation for standing up a vicmet cluster

Reviewed-on: #350
2025-07-08 20:34:46 +10:00
unkinben 40c57ede59 feat: add ci build task (#342)
- a ci workflow for build tests
- run pre-commit against all files

Reviewed-on: #342
2025-07-08 20:19:36 +10:00
unkinben be02d3d150 feat: migrate to external ntp (#349)
- removing ntp vms from proxmox
- redirect ntp to external time sources

Reviewed-on: #349
2025-07-07 20:27:02 +10:00
unkinben a550d48f21 fix: sort nameservers (#348)
- sort nameservers before creating glue records

Reviewed-on: #348
2025-07-06 20:09:19 +10:00
unkinben 2d9faf578f feat: add unkin.net domain (#347)
- manage the unkin.net domain
- ensure forwarding for unkin.net
- split domain from cname list and set zone correctly
- add fafflix to cnames list for haproxy2

Reviewed-on: #347
2025-07-06 20:02:20 +10:00
unkinben 2814a55df6 chore: hard-code git.unkin.net path (#346)
- dirty fix, set git.unkin.net in hosts file template
- avoid hairpint nat

Reviewed-on: #346
2025-07-06 16:43:07 +10:00
unkinben 73362a3bf9 feat: add stick tables for gitea (#345)
- stick tables are required for docker authentication

Reviewed-on: #345
2025-07-06 14:42:14 +10:00
unkinben 0063f68bc6 feat: enable external access to gitea (#344)
- add git.unkin.net to certbot
- export haproxy resources for gitea
- add be_gitea to haproxy, import the certbot cert
- update the ROOT_URL for gitea instances

Reviewed-on: #344
2025-07-06 13:47:56 +10:00
unkinben 372d99893a core: fix ROOT_URL (#343)
- root_url is used for docker authentication
- access to git.unkin.net is not yet ready

Reviewed-on: https://git.query.consul/unkin/puppet-prod/pulls/343
2025-07-06 13:20:27 +10:00
unkinben 620339f69d chore: cleanup hieradata/nodes (#341)
- remove all node hiera data for decommed hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/341
2025-07-06 12:23:22 +10:00
unkinben 2317d0af59 feat: expose gitea metrics (#340)
- add a gitea-metrics service to consul
- tag as metrics for victoria metrics
- check the /metrics endpoint (bypass nginx)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/340
2025-07-06 12:01:57 +10:00
unkinben cf0ff85b70 fix: manage git user (#339)
- prevent different gid/uid for git users when deploying cluster
- only add sudo conf when sudo_rules is a list

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/339
2025-07-06 11:27:35 +10:00
unkinben 359ce101f1 feat: add indexer for git (#338)
- reuse the database for the indexer

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/338
2025-07-05 17:12:38 +10:00
unkinben b6c959d368 feat: use redis for cache/queue (#337)
- use gitea redis cluster for queue/cache
- use redis+sentinel url (pass required for redis and sentinel)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/337
2025-07-05 16:42:01 +10:00
unkinben b976f2063a feat: deploy redis for git (#336)
- deploy redis/sentinel ha cluster for git
- update redis to 7 (required for almalinux 9)
- enable requirepass/masterauth

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/336
2025-07-05 15:51:28 +10:00
unkinben 93049707e7 benvin/gitea_cluster (#335)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/335
2025-07-05 14:49:56 +10:00
unkinben a9faa098ee benvin/grafana_postgres (#334)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/334
2025-07-01 19:07:24 +10:00
unkinben 61d912de30 feat: update password for grafana service account (#333)
- updated grafana password

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/333
2025-06-30 20:22:18 +10:00
unkinben 9bed18f78c fix: duplicate toml resources (#332)
- change resource name for puppetserver_gem
- ensure toml installed on all agents

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/332
2025-06-30 19:57:29 +10:00
unkinben aab3eaf9e7 feat: add grafana service to ldap (#331)
- add grafana service account for binding
- add grafana_user group
- add users to group

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/331
2025-06-30 19:17:56 +10:00
unkinben 33c8b226e0 feat: add puppetserver gem for toml (#330)
- require toml for puppetserver gem

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/330
2025-06-30 19:05:12 +10:00
unkinben 49ff7cc3ab feat: add toml puppet gem (#329)
- required for ldap support in grafana

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/329
2025-06-30 19:02:37 +10:00
unkinben d1e63ad18b feat: add shared pgsql instance (#328)
- add shared pgsql instance
- use patroni

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/328
2025-06-29 17:25:59 +10:00
unkinben 99b312669b benvin/dhcp_failover (#327)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/327
2025-06-29 13:36:16 +10:00
unkinben 715e88176b chore: confine incus facts to incus (#326)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/326
2025-06-28 21:24:08 +10:00
unkinben 1837506b6c feat: add incus facts (#325)
- incus container counts
- incus profile list
- allocated memory/cpu

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/325
2025-06-28 21:14:39 +10:00
unkinben 3bb2a5dbad fix: enable health check from haproxy2 (#324)
- tactical fix: enable dmz subnets container access to health url

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/324
2025-06-28 17:04:25 +10:00
unkinben 0ce6e95f2d chore: cleanup removed hosts (#323)
- remove 1018, 1031, 1032, 1033

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/323
2025-06-28 16:28:03 +10:00
unkinben 770fd643ac feat: add haproxy2 role (#322)
- add basic haproxy2 role
- add peers and resolvers
- add haproxy2+ metrics frontend

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/322
2025-06-28 16:20:06 +10:00
unkinben bd9e08dc24 feat: cleanup hieranodes settings (#321)
- migrate hieranodes values to roles yaml
- rename anycast ip keys to be similar

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/321
2025-06-21 23:16:34 +10:00
unkinben 62837bb22d feat: add zone to subnet facts (#320)
- add common and dmz zone fact information

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/320
2025-06-21 15:42:37 +10:00
unkinben ae57e0e81c feat: add openvox repos to reposync (#319)
- add el8/9/10 for openvox7/8

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/319
2025-06-19 06:06:41 +10:00
unkinben cb1d562cb0 feat: migrate pupeptdb sql to patroni (#318)
- change puppetdb::sql to using the patroni profile
- change puppetdb::api to use new patroni cluster
- remove references to puppetlabs-puppetdb managed database
- update consul rules to enable sessions

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/318
2025-06-19 05:52:32 +10:00
unkinben 26b908e5e7 feat: add node_pools (#317)
- change agentv2 to common node_pool
- set default node_pool to default

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/317
2025-06-15 17:43:19 +10:00
unkinben a47c6155b8 feat: use fqdn in host_volumes (#316)
- fix hard-coded message

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/316
2025-06-15 17:34:03 +10:00
unkinben 1cbc1be808 feat: add host_volumes to nomad (#315)
- add puppet client certs
- add tls-ca-bundle

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/315
2025-06-14 19:37:50 +10:00
unkinben 60834ced00 feat: nomad cni additions (#314)
- add consul-cni package
- enable grpc for consul servers
- enable consul connect for consul servers
- set recursors for consul
- add ports to consul agent (grpc, dns, http for nomad)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/314
2025-06-14 18:47:24 +10:00
unkinben 890e9670f3 chore: update the consul service name (#313)
- update the name for the packagerepo service
- was copy/pasted from jupyterhub

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/313
2025-06-09 14:46:16 +10:00
unkinben a26daca28c feat: stop manage nginx repo (#312)
- use epel repo for nginx

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/312
2025-06-09 14:18:30 +10:00
unkinben 057c4ab747 feat: manage nginx resource ordering (#311)
- ensure the package is installed before creating directories
- ensure nginx is restarted when vhost config changes

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/311
2025-06-09 11:18:39 +10:00
unkinben 1fb46b5ab6 chore: use packagerepo for epel (#310)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/310
2025-06-09 10:24:56 +10:00
unkinben 66fdd7b615 feat: update incus image host to run on incus (#309)
- remove zfs
- remove some sysctl values
- remove memlocks from limits
- install iptables, required for creating bridges

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/309
2025-06-08 22:58:44 +10:00
unkinben f43d5f685b feat: update reposync repos (#308)
- remove almalinux 9.4
- add almalinux 9.6
- add epel 8 and 9
- update mssql
- add k8s 1.33

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/308
2025-06-01 18:20:10 +10:00
unkinben bb2f59621a feat: split reposync into two roles (#307)
- reposync and packagerepo web service
- change backing datastore to be cephfs /shared/app/packagerepo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/307
2025-06-01 11:33:44 +10:00
unkinben 1df11b8977 chore: migrate certbot webserver (#306)
- ausyd1nxvm1021 is decommed
- new source is ausyd1nxvm2057

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/306
2025-05-31 16:22:59 +10:00
unkinben 10f2dc7047 feat: cleanup removed hosts (#305)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/305
2025-05-31 14:26:16 +10:00
unkinben 1a904af2ee feat: change g10k to use a package (#304)
- the archive path is no longer valid
- produced a g10k rpm with rpmbuilder

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/304
2025-05-31 13:51:51 +10:00
unkinben ed1a4f6488 fix: missed address in consul service (#303)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/303
2025-05-30 23:27:44 +10:00
unkinben bdd833fa4e feat: create basic k8s roles to start deployment (#302)
- just create roles so can deploy hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/302
2025-05-30 23:21:02 +10:00
unkinben c10a3e49fa chore: add new user (#301)
- just jelly access

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/301
2025-05-28 19:46:45 +10:00
unkinben 3d5d40f381 chore: minor jellyfin updates (#300)
- add jellyfin to video group, for access to gpu
- install intel related gpu drivers
- export lxc jellyfin to haproxy

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/300
2025-05-27 19:55:55 +10:00
unkinben b3347f9226 chore: migrate media applications (#299)
- migrate media applications to new cephfs pool + incus
- enable exporting haproxy
- move ceph-client-setup to only apply to non-lxc hosts
- ensure unrar is installed for nzbget
- updated jellyfin use of data_dir
- set lxc instances for jellyfin to use /shared/apps/jellyfin

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/299
2025-05-25 20:27:17 +10:00
unkinben 1d23fef82e feat: update settings for ceph (#298)
- enable root logins via ssh with keys
- add ssh key for ceph to root user

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/298
2025-05-25 20:22:00 +10:00
unkinben c0aab1087e fix: readd to jellyfin_haproxy (#297)
- fix operator for jellyfin/haproxy

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/297
2025-05-24 21:10:56 +10:00
unkinben 596e498a00 feat: change media arr apps to hiera_include (#296)
- change profiles::media::* to be hiera_included
- this is required to enable it to be hiera_excluded on virtual == lxc

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/296
2025-05-24 20:23:56 +10:00
unkinben f6694599ef benvin/media_apps_incus (#295)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/295
2025-05-24 20:18:23 +10:00
unkinben 93cd02deec chore: update media roles for incus (#294)
- prevent incus roles from exporting haproxy endpoints (for now)
- incus doesnt need to mount cephfs

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/294
2025-05-24 18:59:46 +10:00
unkinben 520e8a34e0 feat: add a nomad agent v2 role (#293)
- excludes ceph (will be passed from incus)
- excludes frrouting (will use host-networking)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/293
2025-05-24 15:35:20 +10:00
unkinben 77d07672f8 chore: dont mount cephfs inside lxc (#292)
- lxc instances will have cephfs passed from the host
- skip cephfs mounting for lxc instances

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/292
2025-05-22 21:06:15 +10:00
unkinben 89a0f329d8 feat: update vault url (#291)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/291
2025-05-21 19:58:12 +10:00
unkinben 6dcc7343e0 feat: updated ceph ssh authorized_key (#290)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/290
2025-05-17 14:05:25 +10:00
unkinben e7d4c75192 feat: enable ssh access to enp3s0 (#289)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/289
2025-05-17 13:50:35 +10:00
unkinben d9e8637ad6 feat: manage more ceph requirements (#288)
- add ceph-common to provide utilities for managing ceph
- add root and sysadmin ssh keys for ceph deployments

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/288
2025-05-17 11:14:45 +10:00
unkinben 92f0ae64b9 feat: enable ssh on all loopbacks (#287)
- required for cephadm to manage roles

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/287
2025-05-16 07:05:31 +10:00
unkinben c1637d9f43 feat: add cephadm to incus hosts (#286)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/286
2025-05-16 05:56:28 +10:00
unkinben 1aabe21173 feat: manage mon loopback0 (#285)
- add frrouting
- set all ceph nodes to use ospf + loopback0 + networkd
- fix ceph repos for mons

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/285
2025-05-15 19:46:59 +10:00
unkinben 2f088c461f feat: add ceph roles (#284)
- add hieradata to manage ceph repo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/284
2025-05-15 19:29:53 +10:00
276 changed files with 4354 additions and 1734 deletions
+24
View File
@@ -0,0 +1,24 @@
name: Build
on:
pull_request:
jobs:
precommit:
runs-on: almalinux-8
container:
image: git.unkin.net/unkin/almalinux9-actionsdind:latest
options: --privileged
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install requirements
run: |
dnf groupinstall -y "Development Tools" -y
dnf install rubygems ruby-devel gcc make redhat-rpm-config glibc-headers glibc-devel -y
- name: Pre-Commit All Files
run: |
uvx pre-commit run --all-files
+3
View File
@@ -8,3 +8,6 @@ Style/Documentation:
Layout/LineLength:
Max: 140
Metrics/BlockNesting:
Max: 4
+21 -7
View File
@@ -36,6 +36,12 @@ lookup_options:
profiles::haproxy::server::listeners:
merge:
strategy: deep
profiles::accounts::root::sshkeys:
merge:
strategy: deep
profiles::accounts::sysadmin::sshkeys:
merge:
strategy: deep
haproxy::backend:
merge:
strategy: deep
@@ -159,14 +165,13 @@ hiera_include:
- profiles::accounts::rundeck
- limits
- sysctl::base
- exporters::node_exporter
profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
profiles::ntp::client::use_ntp: 'region'
profiles::ntp::client::peers:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
- 0.au.pool.ntp.org
- 1.au.pool.ntp.org
- 2.au.pool.ntp.org
- 3.au.pool.ntp.org
profiles::base::puppet_servers:
- 'prodinf01n01.main.unkin.net'
@@ -201,6 +206,9 @@ profiles::consul::client::node_rules:
- resource: node
segment: ''
disposition: read
- resource: service
segment: node_exporter
disposition: write
profiles::packages::include:
bash-completion: {}
@@ -284,7 +292,8 @@ profiles::puppet::client::dns_alt_names:
puppetdbapi: puppetdbapi.query.consul
puppetdbsql: puppetdbsql.service.au-syd1.consul
prometheus::node_exporter::export_scrape_job: true
exporters::node_exporter::enable: true
exporters::node_exporter::cleanup_old_node_exporter: true
prometheus::systemd_exporter::export_scrape_job: true
ssh::server::storeconfigs_enabled: false
@@ -349,6 +358,11 @@ networking::route_defaults:
netmask: 0.0.0.0
network: default
# logging:
victorialogs::client::journald::enable: true
victorialogs::client::journald::inserturl: https://vlinsert.service.consul:9428/insert/journald
# FIXME these are for the proxmox ceph cluster
profiles::ceph::client::fsid: 7f7f00cb-95de-498c-8dcc-14b54e4e9ca8
profiles::ceph::client::mons:
- 10.18.15.1
+1 -1
View File
@@ -1,6 +1,6 @@
---
timezone::timezone: 'Australia/Sydney'
certbot::client::webserver: ausyd1nxvm1021.main.unkin.net
certbot::client::webserver: ausyd1nxvm2057.main.unkin.net
profiles_dns_upstream_forwarder_unkin:
- 198.18.19.15
profiles_dns_upstream_forwarder_consul:
@@ -3,7 +3,7 @@ hiera_include:
- keepalived
# keepalived
profiles::haproxy::dns::vrrp_ipaddr: '198.18.13.250'
profiles::haproxy::dns::ipaddr: '198.18.13.250'
profiles::haproxy::dns::vrrp_cnames:
- sonarr.main.unkin.net
- radarr.main.unkin.net
@@ -0,0 +1,305 @@
---
profiles::haproxy::dns::ipaddr: "%{hiera('anycast_ip')}"
profiles::haproxy::dns::vrrp_cnames:
- sonarr.main.unkin.net
- radarr.main.unkin.net
- lidarr.main.unkin.net
- readarr.main.unkin.net
- prowlarr.main.unkin.net
- nzbget.main.unkin.net
- git.unkin.net
- fafflix.unkin.net
- grafana.unkin.net
profiles::haproxy::mappings:
fe_http:
ensure: present
mappings:
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
- 'sonarr.main.unkin.net be_sonarr'
- 'radarr.main.unkin.net be_radarr'
- 'lidarr.main.unkin.net be_lidarr'
- 'readarr.main.unkin.net be_readarr'
- 'prowlarr.main.unkin.net be_prowlarr'
- 'nzbget.main.unkin.net be_nzbget'
- 'jellyfin.main.unkin.net be_jellyfin'
- 'fafflix.unkin.net be_jellyfin'
- 'git.unkin.net be_gitea'
- 'grafana.unkin.net be_grafana'
fe_https:
ensure: present
mappings:
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
- 'sonarr.main.unkin.net be_sonarr'
- 'radarr.main.unkin.net be_radarr'
- 'lidarr.main.unkin.net be_lidarr'
- 'readarr.main.unkin.net be_readarr'
- 'prowlarr.main.unkin.net be_prowlarr'
- 'nzbget.main.unkin.net be_nzbget'
- 'jellyfin.main.unkin.net be_jellyfin'
- 'fafflix.unkin.net be_jellyfin'
- 'git.unkin.net be_gitea'
- 'grafana.unkin.net be_grafana'
profiles::haproxy::frontends:
fe_http:
options:
use_backend:
- "%[req.hdr(host),lower,map(/etc/haproxy/fe_http.map,be_default)]"
fe_https:
options:
acl:
- 'acl_ausyd1pve req.hdr(host) -i au-syd1-pve.main.unkin.net'
- 'acl_sonarr req.hdr(host) -i sonarr.main.unkin.net'
- 'acl_radarr req.hdr(host) -i radarr.main.unkin.net'
- 'acl_lidarr req.hdr(host) -i lidarr.main.unkin.net'
- 'acl_readarr req.hdr(host) -i readarr.main.unkin.net'
- 'acl_prowlarr req.hdr(host) -i prowlarr.main.unkin.net'
- 'acl_nzbget req.hdr(host) -i nzbget.main.unkin.net'
- 'acl_jellyfin req.hdr(host) -i jellyfin.main.unkin.net'
- 'acl_fafflix req.hdr(host) -i fafflix.unkin.net'
- 'acl_gitea req.hdr(host) -i git.unkin.net'
- 'acl_grafana req.hdr(host) -i grafana.unkin.net'
- 'acl_internalsubnets src 198.18.0.0/16 10.10.12.0/24'
use_backend:
- "%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]"
http-request:
- 'deny if { hdr_dom(host) -i au-syd1-pve.main.unkin.net } !acl_internalsubnets'
http-response:
- 'set-header X-Frame-Options DENY if acl_ausyd1pve'
- 'set-header X-Frame-Options DENY if acl_sonarr'
- 'set-header X-Frame-Options DENY if acl_radarr'
- 'set-header X-Frame-Options DENY if acl_lidarr'
- 'set-header X-Frame-Options DENY if acl_readarr'
- 'set-header X-Frame-Options DENY if acl_prowlarr'
- 'set-header X-Frame-Options DENY if acl_nzbget'
- 'set-header X-Frame-Options DENY if acl_jellyfin'
- 'set-header X-Frame-Options DENY if acl_fafflix'
- 'set-header X-Frame-Options DENY if acl_gitea'
- 'set-header X-Frame-Options DENY if acl_grafana'
- 'set-header X-Content-Type-Options nosniff'
- 'set-header X-XSS-Protection 1;mode=block'
profiles::haproxy::backends:
be_ausyd1pve_web:
description: Backend for au-syd1 pve cluster (Web)
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_ausyd1pve_api:
description: Backend for au-syd1 pve cluster (API only)
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_sonarr:
description: Backend for au-syd1 sonarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /consul/health
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_radarr:
description: Backend for au-syd1 radarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /consul/health
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_lidarr:
description: Backend for au-syd1 lidarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /consul/health
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_readarr:
description: Backend for au-syd1 readarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /consul/health
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_prowlarr:
description: Backend for au-syd1 prowlarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /consul/health
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_nzbget:
description: Backend for au-syd1 nzbget
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /consul/health
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_jellyfin:
description: Backend for au-syd1 jellyfin
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_gitea:
description: Backend for gitea cluster
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
stick-table: 'type ip size 200k expire 30m'
stick: 'on src'
be_grafana:
description: Backend for grafana nodes
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
stick-table: 'type ip size 200k expire 30m'
stick: 'on src'
profiles::haproxy::certlist::enabled: true
profiles::haproxy::certlist::certificates:
- /etc/pki/tls/letsencrypt/au-syd1-pve.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/au-syd1-pve-api.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/sonarr.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/radarr.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/lidarr.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/readarr.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/prowlarr.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/nzbget.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/fafflix.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/git.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/grafana.unkin.net/fullchain_combined.pem
- /etc/pki/tls/vault/certificate.pem
# additional altnames
profiles::pki::vault::alt_names:
- au-syd1-pve.main.unkin.net
- au-syd1-pve-api.main.unkin.net
- jellyfin.main.unkin.net
# additional cnames
profiles::haproxy::dns::cnames:
- au-syd1-pve.main.unkin.net
- au-syd1-pve-api.main.unkin.net
# letsencrypt certificates
certbot::client::service: haproxy
certbot::client::domains:
- au-syd1-pve.main.unkin.net
- au-syd1-pve-api.main.unkin.net
- sonarr.main.unkin.net
- radarr.main.unkin.net
- lidarr.main.unkin.net
- readarr.main.unkin.net
- prowlarr.main.unkin.net
- nzbget.main.unkin.net
- fafflix.unkin.net
- git.unkin.net
- grafana.unkin.net
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.10
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.11
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.12
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.13
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.14
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.15
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.16
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.17
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.18
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.19
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.20
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.21
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.22
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.23
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.24
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,13 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.25
networking::routes:
default:
gateway: 198.18.13.254
profiles::haproxy::dns::vrrp_master: true
keepalived::vrrp_instance:
VI_250:
state: 'MASTER'
priority: 101
@@ -1,12 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.26
networking::routes:
default:
gateway: 198.18.13.254
keepalived::vrrp_instance:
VI_250:
state: 'BACKUP'
priority: 100
@@ -1,11 +0,0 @@
---
profiles::cobbler::params::is_cobbler_master: true
networking::interfaces:
ens18:
ipaddress: 198.18.13.27
networking::routes:
default:
gateway: 198.18.13.254
interface: ens18
profiles::almalinux::base::remove_ens18: false
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.28
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.29
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.30
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,10 +0,0 @@
---
networking::interfaces:
ens18:
ipaddress: 198.18.13.31
networking::routes:
default:
gateway: 198.18.13.254
interface: ens18
profiles::almalinux::base::remove_ens18: false
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.32
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.33
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.34
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.35
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.36
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.37
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.38
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.39
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.40
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.41
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.42
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.43
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.44
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.45
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,14 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.47
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.47
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.48
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.49
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,14 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.50
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.50
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,14 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.51
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.51
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,14 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.52
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.52
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,14 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.53
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.53
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.54
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.55
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.56
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,14 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.57
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.57
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,14 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.58
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.58
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.59
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.60
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.61
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.62
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.63
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.64
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.65
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.66
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.67
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.68
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.69
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.70
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.71
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.72
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.73
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,15 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.74
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.74
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
docker::bip: '198.18.64.254/24'
@@ -1,15 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.75
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.75
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
docker::bip: '198.18.65.254/24'
@@ -1,15 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.76
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.76
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
docker::bip: '198.18.66.254/24'
@@ -1,15 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.77
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.77
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
docker::bip: '198.18.67.254/24'
@@ -1,15 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.78
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.78
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
docker::bip: '198.18.68.254/24'
@@ -1,15 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.79
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.79
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254
docker::bip: '198.18.69.254/24'
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.80
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.81
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,7 +0,0 @@
---
networking::interfaces:
eth0:
ipaddress: 198.18.13.82
networking::routes:
default:
gateway: 198.18.13.254
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
profiles::consul::server::anycast_ip: 198.18.19.14
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
profiles::consul::server::anycast_ip: 198.18.19.14
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
profiles::consul::server::anycast_ip: 198.18.19.14
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
profiles::consul::server::anycast_ip: 198.18.19.14
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
dns_master_anycast_ip: 198.18.19.15
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('dns_master_anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
dns_master_anycast_ip: 198.18.19.15
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('dns_master_anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
dns_master_anycast_ip: 198.18.19.15
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('dns_master_anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
dns_resolver_anycast_ip: 198.18.19.16
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
dns_resolver_anycast_ip: 198.18.19.16
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -1,47 +0,0 @@
---
hiera_include:
- frrouting
# networking
dns_resolver_anycast_ip: 198.18.19.16
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
@@ -13,9 +13,3 @@ profiles::ssh::sign::principals:
profiles::puppet::puppetca::is_puppetca: true
profiles::puppet::puppetca::allow_subject_alt_names: true
networking::interfaces:
eth0:
ipaddress: 198.18.13.46
networking::routes:
default:
gateway: 198.18.13.254
@@ -0,0 +1,2 @@
---
profiles::cobbler::params::is_cobbler_master: true
@@ -1,12 +0,0 @@
---
profiles::puppet::server::dns_alt_names:
- puppetca.main.unkin.net
- puppetca.service.consul
- puppetca.query.consul
- puppetca
profiles::puppet::puppetca::is_puppetca: false
profiles::puppet::puppetca::allow_subject_alt_names: true
hiera_exclude:
- networking
@@ -1,5 +1,13 @@
---
profiles::proxmox::params::pve_clusterinit_master: true
profiles::proxmox::params::pve_ceph_mon: true
profiles::proxmox::params::pve_ceph_mgr: true
profiles::proxmox::params::pve_ceph_osd: true
networking_loopback0_ip: 198.18.19.1 # management loopback
networking_loopback1_ip: 198.18.22.1 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.1 # ceph-public loopback
networking_1000_ip: 198.18.15.1 # 1gbe network
networking_2500_ip: 198.18.21.1 # 2.5gbe network
networking_1000_iface: enp2s0
networking_2500_iface: enp3s0
networking::interfaces:
"%{hiera('networking_1000_iface')}":
mac: d8:9e:f3:75:c3:60
"%{hiera('networking_2500_iface')}":
mac: 00:ac:d0:00:00:50
@@ -1,4 +1,13 @@
---
profiles::proxmox::params::pve_ceph_mon: true
profiles::proxmox::params::pve_ceph_mgr: true
profiles::proxmox::params::pve_ceph_osd: true
networking_loopback0_ip: 198.18.19.2 # management loopback
networking_loopback1_ip: 198.18.22.2 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.2 # ceph-public loopback
networking_1000_ip: 198.18.15.2 # 1gbe network
networking_2500_ip: 198.18.21.2 # 2.5gbe network
networking_1000_iface: enp2s0
networking_2500_iface: enp3s0
networking::interfaces:
"%{hiera('networking_1000_iface')}":
mac: d8:9e:f3:74:b6:08
"%{hiera('networking_2500_iface')}":
mac: 00:e0:4c:68:08:43
@@ -1,4 +1,13 @@
---
profiles::proxmox::params::pve_ceph_mon: true
profiles::proxmox::params::pve_ceph_mgr: true
profiles::proxmox::params::pve_ceph_osd: true
networking_loopback0_ip: 198.18.19.3 # management loopback
networking_loopback1_ip: 198.18.22.3 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.3 # ceph-public loopback
networking_1000_ip: 198.18.15.3 # 1gbe network
networking_2500_ip: 198.18.21.3 # 2.5gbe network
networking_1000_iface: enp2s0
networking_2500_iface: enp3s0
networking::interfaces:
"%{hiera('networking_1000_iface')}":
mac: b8:85:84:a3:25:c5
"%{hiera('networking_2500_iface')}":
mac: 00:e0:4c:68:07:82
@@ -1,2 +1,13 @@
---
profiles::proxmox::params::pve_ceph_osd: true
networking_loopback0_ip: 198.18.19.4 # management loopback
networking_loopback1_ip: 198.18.22.4 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.4 # ceph-public loopback
networking_1000_ip: 198.18.15.4 # 1gbe network
networking_2500_ip: 198.18.21.4 # 2.5gbe network
networking_1000_iface: enp2s0
networking_2500_iface: enp3s0
networking::interfaces:
"%{hiera('networking_1000_iface')}":
mac: d8:9e:f3:75:d5:00
"%{hiera('networking_2500_iface')}":
mac: 00:ac:d0:00:00:43
@@ -1,2 +1,13 @@
---
profiles::proxmox::params::pve_ceph_osd: true
networking_loopback0_ip: 198.18.19.5 # management loopback
networking_loopback1_ip: 198.18.22.5 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.5 # ceph-public loopback
networking_1000_ip: 198.18.15.5 # 1gbe network
networking_2500_ip: 198.18.21.5 # 2.5gbe network
networking_1000_iface: enp1s0
networking_2500_iface: enp3s0
networking::interfaces:
"%{hiera('networking_1000_iface')}":
mac: 54:bf:64:a0:08:64
"%{hiera('networking_2500_iface')}":
mac: 00:e0:4c:68:07:79
@@ -1,2 +1,13 @@
---
profiles::proxmox::params::pve_ceph_osd: true
networking_loopback0_ip: 198.18.19.6 # management loopback
networking_loopback1_ip: 198.18.22.6 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.6 # ceph-public loopback
networking_1000_ip: 198.18.15.6 # 1gbe network
networking_2500_ip: 198.18.21.6 # 2.5gbe network
networking_1000_iface: enp2s0
networking_2500_iface: enp3s0
networking::interfaces:
"%{hiera('networking_1000_iface')}":
mac: d8:9e:f3:75:10:8d
"%{hiera('networking_2500_iface')}":
mac: 00:ac:d0:00:00:53
@@ -1,2 +1,13 @@
---
profiles::proxmox::params::pve_ceph_osd: true
networking_loopback0_ip: 198.18.19.7 # management loopback
networking_loopback1_ip: 198.18.22.7 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.7 # ceph-public loopback
networking_1000_ip: 198.18.15.7 # 1gbe network
networking_2500_ip: 198.18.21.7 # 2.5gbe network
networking_1000_iface: enp2s0
networking_2500_iface: enp3s0
networking::interfaces:
"%{hiera('networking_1000_iface')}":
mac: d8:9e:f3:74:b4:27
"%{hiera('networking_2500_iface')}":
mac: 00:ac:d0:00:00:5b
@@ -1,2 +1,13 @@
---
profiles::proxmox::params::pve_ceph_osd: true
networking_loopback0_ip: 198.18.19.8 # management loopback
networking_loopback1_ip: 198.18.22.8 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.8 # ceph-public loopback
networking_1000_ip: 198.18.15.8 # 1gbe network
networking_2500_ip: 198.18.21.8 # 2.5gbe network
networking_1000_iface: enp2s0
networking_2500_iface: enp3s0
networking::interfaces:
"%{hiera('networking_1000_iface')}":
mac: d8:9e:f3:75:06:18
"%{hiera('networking_2500_iface')}":
mac: 00:e0:4c:68:08:4b
+2 -2
View File
@@ -50,8 +50,8 @@ profiles::yum::global::repos:
name: epel
descr: epel repository
target: /etc/yum.repos.d/epel.repo
baseurl: https://edgecache.query.consul/epel/%{facts.os.release.major}/Everything/%{facts.os.architecture}
gpgkey: http://edgecache.query.consul/epel/RPM-GPG-KEY-EPEL-%{facts.os.release.major}
baseurl: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/
gpgkey: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-EPEL-%{facts.os.release.major}
mirrorlist: absent
puppet:
name: puppet

Some files were not shown because too many files have changed in this diff Show More