Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 4487551f62 | |||
| f352247473 | |||
| c82e2cd9ad | |||
| 7bc3084bb8 |
@@ -3,8 +3,3 @@
|
|||||||
detectors:
|
detectors:
|
||||||
FeatureEnvy:
|
FeatureEnvy:
|
||||||
enabled: false
|
enabled: false
|
||||||
TooManyStatements:
|
|
||||||
enabled: false
|
|
||||||
UncommunicativeVariableName:
|
|
||||||
accept:
|
|
||||||
- e
|
|
||||||
|
|||||||
+31
-47
@@ -2,66 +2,50 @@ forge 'forge.puppetlabs.com'
|
|||||||
moduledir 'external_modules'
|
moduledir 'external_modules'
|
||||||
|
|
||||||
# puppetlabs
|
# puppetlabs
|
||||||
mod 'puppetlabs-stdlib', '9.7.0'
|
mod 'puppetlabs-stdlib', '9.1.0'
|
||||||
mod 'puppetlabs-inifile', '6.2.0'
|
mod 'puppetlabs-inifile', '6.0.0'
|
||||||
mod 'puppetlabs-concat', '9.1.0'
|
mod 'puppetlabs-concat', '9.0.0'
|
||||||
mod 'puppetlabs-vcsrepo', '7.0.0'
|
mod 'puppetlabs-vcsrepo', '6.1.0'
|
||||||
mod 'puppetlabs-yumrepo_core', '2.1.0'
|
mod 'puppetlabs-yumrepo_core', '2.0.0'
|
||||||
mod 'puppetlabs-apt', '10.0.1'
|
mod 'puppetlabs-apt', '9.4.0'
|
||||||
mod 'puppetlabs-lvm', '3.0.1'
|
mod 'puppetlabs-lvm', '2.1.0'
|
||||||
mod 'puppetlabs-puppetdb', '7.14.0'
|
mod 'puppetlabs-puppetdb', '7.13.0'
|
||||||
mod 'puppetlabs-postgresql', '9.2.0'
|
mod 'puppetlabs-postgresql', '9.1.0'
|
||||||
mod 'puppetlabs-firewall', '8.1.4'
|
mod 'puppetlabs-firewall', '6.0.0'
|
||||||
mod 'puppetlabs-accounts', '8.2.2'
|
mod 'puppetlabs-accounts', '8.1.0'
|
||||||
mod 'puppetlabs-mysql', '16.2.0'
|
mod 'puppetlabs-mysql', '15.0.0'
|
||||||
mod 'puppetlabs-xinetd', '3.4.1'
|
mod 'puppetlabs-xinetd', '3.4.1'
|
||||||
mod 'puppetlabs-haproxy', '8.2.0'
|
mod 'puppetlabs-haproxy', '8.0.0'
|
||||||
mod 'puppetlabs-java', '11.1.0'
|
mod 'puppetlabs-java', '10.1.2'
|
||||||
mod 'puppetlabs-reboot', '5.1.0'
|
mod 'puppetlabs-reboot', '5.0.0'
|
||||||
mod 'puppetlabs-docker', '10.2.0'
|
|
||||||
|
|
||||||
# puppet
|
# puppet
|
||||||
mod 'puppet-python', '7.4.0'
|
mod 'puppet-python', '7.0.0'
|
||||||
mod 'puppet-systemd', '8.1.0'
|
mod 'puppet-systemd', '5.1.0'
|
||||||
mod 'puppet-yum', '7.2.0'
|
mod 'puppet-yum', '7.0.0'
|
||||||
mod 'puppet-archive', '7.1.0'
|
mod 'puppet-archive', '7.0.0'
|
||||||
mod 'puppet-chrony', '3.0.0'
|
mod 'puppet-chrony', '2.6.0'
|
||||||
mod 'puppet-puppetboard', '11.0.0'
|
mod 'puppet-puppetboard', '9.0.0'
|
||||||
mod 'puppet-nginx', '6.0.1'
|
mod 'puppet-nginx', '5.0.0'
|
||||||
mod 'puppet-selinux', '5.0.0'
|
mod 'puppet-selinux', '4.1.0'
|
||||||
mod 'puppet-prometheus', '16.0.0'
|
mod 'puppet-prometheus', '13.4.0'
|
||||||
mod 'puppet-grafana', '14.1.0'
|
mod 'puppet-grafana', '13.1.0'
|
||||||
mod 'puppet-consul', '9.1.0'
|
mod 'puppet-consul', '8.0.0'
|
||||||
mod 'puppet-vault', '4.1.1'
|
mod 'puppet-vault', '4.1.0'
|
||||||
mod 'puppet-dhcp', '6.1.0'
|
mod 'puppet-dhcp', '6.1.0'
|
||||||
mod 'puppet-keepalived', '5.1.0'
|
mod 'puppet-keepalived', '3.6.0'
|
||||||
mod 'puppet-extlib', '7.5.1'
|
mod 'puppet-extlib', '7.0.0'
|
||||||
mod 'puppet-network', '2.2.1'
|
|
||||||
mod 'puppet-kmod', '4.1.0'
|
|
||||||
mod 'puppet-filemapper', '4.0.0'
|
|
||||||
mod 'puppet-letsencrypt', '11.1.0'
|
|
||||||
mod 'puppet-rundeck', '9.2.0'
|
|
||||||
mod 'puppet-redis', '11.1.0'
|
|
||||||
mod 'puppet-nodejs', '11.0.0'
|
|
||||||
|
|
||||||
# other
|
# other
|
||||||
mod 'saz-sudo', '9.0.2'
|
|
||||||
mod 'saz-ssh', '13.1.0'
|
|
||||||
mod 'saz-limits', '5.0.0'
|
|
||||||
mod 'ghoneycutt-timezone', '4.0.0'
|
|
||||||
mod 'ghoneycutt-puppet', '3.3.0'
|
mod 'ghoneycutt-puppet', '3.3.0'
|
||||||
|
mod 'saz-sudo', '8.0.0'
|
||||||
|
mod 'ghoneycutt-timezone', '4.0.0'
|
||||||
mod 'dalen-puppetdbquery', '3.0.1'
|
mod 'dalen-puppetdbquery', '3.0.1'
|
||||||
mod 'markt-galera', '3.1.0'
|
mod 'markt-galera', '3.1.0'
|
||||||
mod 'kogitoapp-minio', '1.1.4'
|
mod 'kogitoapp-minio', '1.1.4'
|
||||||
mod 'broadinstitute-certs', '3.0.1'
|
mod 'broadinstitute-certs', '3.0.1'
|
||||||
mod 'stm-file_capability', '6.0.0'
|
mod 'stm-file_capability', '6.0.0'
|
||||||
mod 'h0tw1r3-gitea', '3.2.0'
|
mod 'h0tw1r3-gitea', '3.2.0'
|
||||||
mod 'rehan-mkdir', '2.0.0'
|
|
||||||
mod 'tailoredautomation-patroni', '2.0.0'
|
|
||||||
mod 'ssm-crypto_policies', '0.3.3'
|
|
||||||
mod 'thias-sysctl', '1.0.8'
|
|
||||||
mod 'openstack-ceph', '7.0.0'
|
|
||||||
|
|
||||||
|
|
||||||
mod 'bind',
|
mod 'bind',
|
||||||
:git => 'https://git.service.au-syd1.consul/unkinben/puppet-bind.git',
|
:git => 'https://git.service.au-syd1.consul/unkinben/puppet-bind.git',
|
||||||
|
|||||||
@@ -1,9 +0,0 @@
|
|||||||
# Group administration
|
|
||||||
|
|
||||||
This page exists to list all the locally managed groups, their gid's and what their general purpose is for.
|
|
||||||
|
|
||||||
## List of groups
|
|
||||||
| name | gid | purpose |
|
|
||||||
|-------------|-------------|-------------|
|
|
||||||
| admin | 10000 | admin group designed for system admins |
|
|
||||||
| media | 20000 | group permissions to manage media (*arrs) |
|
|
||||||
@@ -1,60 +0,0 @@
|
|||||||
# managing ceph
|
|
||||||
|
|
||||||
Always refer back to the official documentation at https://docs.ceph.com/en/latest
|
|
||||||
|
|
||||||
## adding new cephfs
|
|
||||||
- create a erasure code profile which will allow you to customise the raid level
|
|
||||||
- raid5 with 3 disks? k=2,m=1
|
|
||||||
- raid5 with 6 disks? k=5,m=1
|
|
||||||
- raid6 with 4 disks? k=2,m=2, etc
|
|
||||||
- create osd pool using custom profile for data
|
|
||||||
- create osd pool using default replicated profile for metadata
|
|
||||||
- enable ec_overwrites for the data pool
|
|
||||||
- create the ceph fs volume using data/metadata pools
|
|
||||||
- set ceph fs settings
|
|
||||||
- specify minimum number of metadata servers (mds)
|
|
||||||
- set fs to be for bulk data
|
|
||||||
- set mds fast failover with standby reply
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo ceph osd erasure-code-profile set ec_4_1 k=4 m=1
|
|
||||||
sudo ceph osd pool create media_data 128 erasure ec_4_1
|
|
||||||
sudo ceph osd pool create media_metadata 32 replicated_rule
|
|
||||||
sudo ceph osd pool set media_data allow_ec_overwrites true
|
|
||||||
sudo ceph osd pool set media_data bulk true
|
|
||||||
sudo ceph fs new mediafs media_metadata media_data --force
|
|
||||||
sudo ceph fs set mediafs allow_standby_replay true
|
|
||||||
sudo ceph fs set mediafs max_mds 2
|
|
||||||
```
|
|
||||||
|
|
||||||
## creating authentication tokens
|
|
||||||
|
|
||||||
- this will create a client keyring named media
|
|
||||||
- this client will have the following capabilities:
|
|
||||||
- mon: read
|
|
||||||
- mds:
|
|
||||||
- read /
|
|
||||||
- read/write /media
|
|
||||||
- read/write /common
|
|
||||||
- osd: read/write to cephfs_data pool
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo ceph auth get-or-create client.media \
|
|
||||||
mon 'allow r' \
|
|
||||||
mds 'allow r path=/, allow rw path=/media, allow rw path=/common' \
|
|
||||||
osd 'allow rw pool=cephfs_data'
|
|
||||||
```
|
|
||||||
|
|
||||||
## list the authentication tokens and permissions
|
|
||||||
|
|
||||||
ceph auth ls
|
|
||||||
|
|
||||||
## change the capabilities of a token
|
|
||||||
|
|
||||||
this will overwrite the current capabilities of a given client.user
|
|
||||||
|
|
||||||
sudo ceph auth caps client.media \
|
|
||||||
mon 'allow r' \
|
|
||||||
mds 'allow rw path=/' \
|
|
||||||
osd 'allow rw pool=media_data'
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
# add additional master
|
|
||||||
|
|
||||||
these steps are required when adding additional puppet masters, as the subject alternative names on the certificate will need to be changed. this requires the old certificate be revoked, cleaned up, and for a new certificate to be generated and signed.
|
|
||||||
|
|
||||||
## prepare a new node
|
|
||||||
- deploy a new now, or identify a space with the base role
|
|
||||||
- change the hosts class to roles::infra::puppet::master
|
|
||||||
- apply puppet until there are no more changes
|
|
||||||
|
|
||||||
## revoke the current certificate on the puppet master
|
|
||||||
|
|
||||||
sudo puppetserver ca clean --certname ausyd1nxvm1023.main.unkin.net
|
|
||||||
|
|
||||||
## stop the new puppetserver and cleanup revoked certificates
|
|
||||||
|
|
||||||
sudo systemctl stop puppetserver
|
|
||||||
sudo rm -f /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem
|
|
||||||
sudo rm -f /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem
|
|
||||||
|
|
||||||
## copy the current crl.pem, as puppetserver will overwrite it when starting
|
|
||||||
|
|
||||||
sudo cp /etc/puppetlabs/puppet/ssl/crl.pem /root/current_crl.pem
|
|
||||||
|
|
||||||
## request new puppet agent certificate
|
|
||||||
|
|
||||||
sudo puppet ssl bootstrap
|
|
||||||
|
|
||||||
## start the puppetserver service and move the crl.pem back in place
|
|
||||||
|
|
||||||
sudo systemctl start puppetserver
|
|
||||||
sudo cp /root/current_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem
|
|
||||||
@@ -1,123 +0,0 @@
|
|||||||
# PKI
|
|
||||||
## root ca
|
|
||||||
vault secrets enable -path=pki_root pki
|
|
||||||
vault secrets tune -max-lease-ttl=87600h pki_root
|
|
||||||
|
|
||||||
vault write -field=certificate pki_root/root/generate/internal \
|
|
||||||
common_name="unkin.net" \
|
|
||||||
issuer_name="UNKIN_ROOTCA_2024" \
|
|
||||||
ttl=87600h > unkinroot_2024_ca.crt
|
|
||||||
|
|
||||||
vault read pki_root/issuer/$(vault list -format=json pki_root/issuers/ | jq -r '.[]') | tail -n 6
|
|
||||||
|
|
||||||
vault write pki_root/roles/2024-servers allow_any_name=true
|
|
||||||
|
|
||||||
vault write pki_root/config/urls \
|
|
||||||
issuing_certificates="$VAULT_ADDR/v1/pki_root/ca" \
|
|
||||||
crl_distribution_points="$VAULT_ADDR/v1/pki_root/crl"
|
|
||||||
|
|
||||||
## intermediate
|
|
||||||
vault secrets enable -path=pki_int pki
|
|
||||||
vault secrets tune -max-lease-ttl=43800h pki_int
|
|
||||||
|
|
||||||
vault write -format=json pki_int/intermediate/generate/internal \
|
|
||||||
common_name="unkin.net Intermediate Authority" \
|
|
||||||
issuer_name="UNKIN_VAULTCA_2024" \
|
|
||||||
| jq -r '.data.csr' > pki_intermediate.csr
|
|
||||||
|
|
||||||
vault write -format=json pki_root/root/sign-intermediate \
|
|
||||||
issuer_ref="UNKIN_ROOTCA_2024" \
|
|
||||||
csr=@pki_intermediate.csr \
|
|
||||||
format=pem_bundle ttl="43800h" \
|
|
||||||
| jq -r '.data.certificate' > intermediate.cert.pem
|
|
||||||
|
|
||||||
vault write pki_int/intermediate/set-signed certificate=@intermediate.cert.pem
|
|
||||||
|
|
||||||
## create role
|
|
||||||
vault write pki_int/roles/servers_default \
|
|
||||||
issuer_ref="$(vault read -field=default pki_int/config/issuers)" \
|
|
||||||
allow_ip_sans=true \
|
|
||||||
allowed_domains="unkin.net, *.unkin.net, localhost" \
|
|
||||||
allow_subdomains=true \
|
|
||||||
allow_glob_domains=true \
|
|
||||||
allow_bare_domains=true \
|
|
||||||
enforce_hostnames=true \
|
|
||||||
allow_any_name=true \
|
|
||||||
max_ttl="2160h" \
|
|
||||||
key_bits=4096 \
|
|
||||||
country="Australia"
|
|
||||||
|
|
||||||
## test generating a domain cert
|
|
||||||
vault write pki_int/issue/servers_default common_name="test.unkin.net" ttl="24h"
|
|
||||||
vault write pki_int/issue/servers_default common_name="test.main.unkin.net" ttl="24h"
|
|
||||||
vault write pki_int/issue/servers_default common_name="*.test.main.unkin.net" ttl="24h"
|
|
||||||
|
|
||||||
## remove expired certificates
|
|
||||||
vault write pki_int/tidy tidy_cert_store=true tidy_revoked_certs=true
|
|
||||||
|
|
||||||
# AUTH
|
|
||||||
## enable approles
|
|
||||||
vault auth enable approle
|
|
||||||
|
|
||||||
# CERTMANAGER
|
|
||||||
## create certmanager policy and token, limit to puppetmaster
|
|
||||||
cat <<EOF > certmanager.hcl
|
|
||||||
path "pki_int/issue/*" {
|
|
||||||
capabilities = ["create", "update", "read"]
|
|
||||||
}
|
|
||||||
path "pki_int/renew/*" {
|
|
||||||
capabilities = ["update"]
|
|
||||||
}
|
|
||||||
path "pki_int/cert/*" {
|
|
||||||
capabilities = ["read"]
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
vault policy write certmanager certmanager.hcl
|
|
||||||
|
|
||||||
vault write auth/approle/role/certmanager \
|
|
||||||
bind_secret_id=false \
|
|
||||||
token_policies="certmanager" \
|
|
||||||
token_ttl=30s \
|
|
||||||
token_max_ttl=30s \
|
|
||||||
token_bound_cidrs="198.18.17.3/32,198.18.13.32/32,198.18.13.33/32,198.18.13.34/32"
|
|
||||||
|
|
||||||
## get the certmanager approle id
|
|
||||||
vault read -field=role_id auth/approle/role/certmanager/role-id
|
|
||||||
|
|
||||||
|
|
||||||
# SSH Hostkey Signing
|
|
||||||
|
|
||||||
## create ssh engine, key, set ttl
|
|
||||||
vault secrets enable -path=ssh-host-signer ssh
|
|
||||||
vault write ssh-host-signer/config/ca generate_signing_key=true
|
|
||||||
vault secrets tune -max-lease-ttl=87600h ssh-host-signer
|
|
||||||
|
|
||||||
## create role
|
|
||||||
vault write ssh-host-signer/roles/hostrole \
|
|
||||||
key_type=ca \
|
|
||||||
algorithm_signer=rsa-sha2-256 \
|
|
||||||
ttl=87600h \
|
|
||||||
allow_host_certificates=true \
|
|
||||||
allowed_domains="unkin.net" \
|
|
||||||
allow_subdomains=true \
|
|
||||||
allow_baredomains=true
|
|
||||||
|
|
||||||
## create policy to use hostrole
|
|
||||||
cat <<EOF > sshsign-host.hcl
|
|
||||||
path "ssh-host-signer/sign/hostrole" {
|
|
||||||
capabilities = ["create", "update"]
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
vault policy write sshsign-host-policy sshsign-host.hcl
|
|
||||||
|
|
||||||
vault write auth/approle/role/sshsign-host-role \
|
|
||||||
bind_secret_id=false \
|
|
||||||
token_policies="sshsign-host-policy" \
|
|
||||||
token_ttl=30s \
|
|
||||||
token_max_ttl=30s \
|
|
||||||
token_bound_cidrs="198.18.17.3/32,198.18.13.32/32,198.18.13.33/32,198.18.13.34/32"
|
|
||||||
|
|
||||||
## get the sshsign-host-role approle id
|
|
||||||
vault read -field=role_id auth/approle/role/sshsign-host-role/role-id
|
|
||||||
@@ -0,0 +1,48 @@
|
|||||||
|
# root ca
|
||||||
|
vault secrets enable -path=pki_root pki
|
||||||
|
|
||||||
|
vault write -field=certificate pki_root/root/generate/internal \
|
||||||
|
common_name="unkin.net" \
|
||||||
|
issuer_name="unkinroot-2024" \
|
||||||
|
ttl=87600h > unkinroot_2024_ca.crt
|
||||||
|
|
||||||
|
vault read pki_root/issuer/$(vault list -format=json pki_root/issuers/ | jq -r '.[]') | tail -n 6
|
||||||
|
|
||||||
|
vault write pki_root/roles/2024-servers allow_any_name=true
|
||||||
|
|
||||||
|
vault write pki_root/config/urls \
|
||||||
|
issuing_certificates="$VAULT_ADDR/v1/pki_root/ca" \
|
||||||
|
crl_distribution_points="$VAULT_ADDR/v1/pki_root/crl"
|
||||||
|
|
||||||
|
# intermediate
|
||||||
|
vault secrets enable -path=pki_int pki
|
||||||
|
vault secrets tune -max-lease-ttl=43800h pki_int
|
||||||
|
|
||||||
|
vault write -format=json pki_int/intermediate/generate/internal \
|
||||||
|
common_name="unkin.net Intermediate Authority" \
|
||||||
|
issuer_name="unkin-dot-net-intermediate" \
|
||||||
|
| jq -r '.data.csr' > pki_intermediate.csr
|
||||||
|
|
||||||
|
vault write -format=json pki_root/root/sign-intermediate \
|
||||||
|
issuer_ref="unkinroot-2024" \
|
||||||
|
csr=@pki_intermediate.csr \
|
||||||
|
format=pem_bundle ttl="43800h" \
|
||||||
|
| jq -r '.data.certificate' > intermediate.cert.pem
|
||||||
|
|
||||||
|
vault write pki_int/intermediate/set-signed certificate=@intermediate.cert.pem
|
||||||
|
|
||||||
|
# create role
|
||||||
|
vault write pki_int/roles/unkin-dot-net \
|
||||||
|
issuer_ref="$(vault read -field=default pki_int/config/issuers)" \
|
||||||
|
allowed_domains="unkin.net" \
|
||||||
|
allow_subdomains=true \
|
||||||
|
max_ttl="2160h"
|
||||||
|
|
||||||
|
# test generating a domain cert
|
||||||
|
vault write pki_int/issue/unkin-dot-net common_name="test.unkin.net" ttl="24h"
|
||||||
|
vault write pki_int/issue/unkin-dot-net common_name="test.main.unkin.net" ttl="24h"
|
||||||
|
vault write pki_int/issue/unkin-dot-net common_name="*.test.main.unkin.net" ttl="24h"
|
||||||
|
|
||||||
|
|
||||||
|
# remove expired certificates
|
||||||
|
vault write pki_int/tidy tidy_cert_store=true tidy_revoked_certs=true
|
||||||
+97
-201
@@ -3,10 +3,16 @@ lookup_options:
|
|||||||
hiera_classes:
|
hiera_classes:
|
||||||
merge:
|
merge:
|
||||||
strategy: deep
|
strategy: deep
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
merge:
|
merge:
|
||||||
strategy: deep
|
strategy: deep
|
||||||
profiles::packages::exclude:
|
profiles::packages::install_exclude:
|
||||||
|
merge:
|
||||||
|
strategy: deep
|
||||||
|
profiles::packages::remove:
|
||||||
|
merge:
|
||||||
|
strategy: deep
|
||||||
|
profiles::packages::remove_exclude:
|
||||||
merge:
|
merge:
|
||||||
strategy: deep
|
strategy: deep
|
||||||
profiles::pki::vault::alt_names:
|
profiles::pki::vault::alt_names:
|
||||||
@@ -102,63 +108,11 @@ lookup_options:
|
|||||||
profiles::nginx::simpleproxy::nginx_aliases:
|
profiles::nginx::simpleproxy::nginx_aliases:
|
||||||
merge:
|
merge:
|
||||||
strategy: deep
|
strategy: deep
|
||||||
networking::interfaces:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
networking::interface_defaults:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
networking::routes:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
networking::route_defaults:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
ssh::server::options:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
mysql::db:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
profiles::ceph::client::keyrings:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
profiles::nginx::simpleproxy::locations:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
certbot::client::domains:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
keepalived::vrrp_script:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
keepalived::vrrp_instance:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
profiles::etcd::node::initial_cluster_token:
|
|
||||||
convert_to: Sensitive
|
|
||||||
sysctl::base::values:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
limits::entries:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
zfs::zpools:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
zfs::datasets:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
|
|
||||||
facts_path: '/opt/puppetlabs/facter/facts.d'
|
facts_path: '/opt/puppetlabs/facter/facts.d'
|
||||||
|
|
||||||
hiera_include:
|
hiera_classes:
|
||||||
- timezone
|
- timezone
|
||||||
- networking
|
|
||||||
- ssh::server
|
|
||||||
- profiles::accounts::rundeck
|
|
||||||
- limits
|
|
||||||
- sysctl::base
|
|
||||||
|
|
||||||
profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
|
profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
|
||||||
profiles::ntp::client::use_ntp: 'region'
|
profiles::ntp::client::use_ntp: 'region'
|
||||||
@@ -171,22 +125,9 @@ profiles::ntp::client::peers:
|
|||||||
profiles::base::puppet_servers:
|
profiles::base::puppet_servers:
|
||||||
- 'prodinf01n01.main.unkin.net'
|
- 'prodinf01n01.main.unkin.net'
|
||||||
|
|
||||||
consul::install_method: 'package'
|
|
||||||
consul::manage_repo: false
|
|
||||||
consul::bin_dir: /usr/bin
|
|
||||||
|
|
||||||
vault::install_method: 'repo'
|
|
||||||
vault::manage_repo: false
|
|
||||||
vault::bin_dir: /usr/bin
|
|
||||||
vault::manage_service_file: true
|
|
||||||
vault::manage_config_dir: true
|
|
||||||
vault::disable_mlock: false
|
|
||||||
|
|
||||||
profiles::dns::base::nameservers:
|
|
||||||
- 198.18.19.16
|
|
||||||
profiles::dns::master::basedir: '/var/named/sources'
|
profiles::dns::master::basedir: '/var/named/sources'
|
||||||
#profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
|
profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
|
||||||
#profiles::dns::base::use_ns: 'region'
|
profiles::dns::base::use_ns: 'region'
|
||||||
profiles::consul::server::members_role: roles::infra::storage::consul
|
profiles::consul::server::members_role: roles::infra::storage::consul
|
||||||
profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
|
profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
|
||||||
profiles::consul::client::members_lookup: true
|
profiles::consul::client::members_lookup: true
|
||||||
@@ -202,70 +143,57 @@ profiles::consul::client::node_rules:
|
|||||||
segment: ''
|
segment: ''
|
||||||
disposition: read
|
disposition: read
|
||||||
|
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
bash-completion: {}
|
- bash-completion
|
||||||
bzip2: {}
|
- bzip2
|
||||||
ccze: {}
|
- ccze
|
||||||
curl: {}
|
- curl
|
||||||
dstat: {}
|
- dstat
|
||||||
expect: {}
|
- expect
|
||||||
gzip: {}
|
- gzip
|
||||||
git: {}
|
- git
|
||||||
htop: {}
|
- htop
|
||||||
inotify-tools: {}
|
- inotify-tools
|
||||||
iotop: {}
|
- iotop
|
||||||
jq: {}
|
- jq
|
||||||
lz4: {}
|
- lz4
|
||||||
mtr: {}
|
- mtr
|
||||||
ncdu: {}
|
- ncdu
|
||||||
neovim: {}
|
- neovim
|
||||||
p7zip: {}
|
- p7zip
|
||||||
pbzip2: {}
|
- pbzip2
|
||||||
pigz: {}
|
- pigz
|
||||||
pv: {}
|
- pv
|
||||||
python3.11: {}
|
- python3.11
|
||||||
rsync: {}
|
- rsync
|
||||||
screen: {}
|
- screen
|
||||||
socat: {}
|
- socat
|
||||||
strace: {}
|
- strace
|
||||||
sysstat: {}
|
- sysstat
|
||||||
tar: {}
|
- tmux
|
||||||
tmux: {}
|
- traceroute
|
||||||
traceroute: {}
|
- unzip
|
||||||
unzip: {}
|
- vim
|
||||||
vim: {}
|
- vnstat
|
||||||
vnstat: {}
|
- wget
|
||||||
wget: {}
|
- zsh
|
||||||
zsh: {}
|
- zstd
|
||||||
zstd: {}
|
|
||||||
iwl100-firmware:
|
profiles::packages::remove:
|
||||||
ensure: absent
|
- iwl100-firmware
|
||||||
iwl1000-firmware:
|
- iwl1000-firmware
|
||||||
ensure: absent
|
- iwl105-firmware
|
||||||
iwl105-firmware:
|
- iwl135-firmware
|
||||||
ensure: absent
|
- iwl2000-firmware
|
||||||
iwl135-firmware:
|
- iwl2030-firmware
|
||||||
ensure: absent
|
- iwl3160-firmware
|
||||||
iwl2000-firmware:
|
- iwl5000-firmware
|
||||||
ensure: absent
|
- iwl5150-firmware
|
||||||
iwl2030-firmware:
|
- iwl6000-firmware
|
||||||
ensure: absent
|
- iwl6000g2a-firmware
|
||||||
iwl3160-firmware:
|
- iwl6050-firmware
|
||||||
ensure: absent
|
- iwl7260-firmware
|
||||||
iwl5000-firmware:
|
- puppet7-release
|
||||||
ensure: absent
|
|
||||||
iwl5150-firmware:
|
|
||||||
ensure: absent
|
|
||||||
iwl6000-firmware:
|
|
||||||
ensure: absent
|
|
||||||
iwl6000g2a-firmware:
|
|
||||||
ensure: absent
|
|
||||||
iwl6050-firmware:
|
|
||||||
ensure: absent
|
|
||||||
iwl7260-firmware:
|
|
||||||
ensure: absent
|
|
||||||
puppet7-release:
|
|
||||||
ensure: absent
|
|
||||||
|
|
||||||
profiles::base::scripts::scripts:
|
profiles::base::scripts::scripts:
|
||||||
puppet: puppetwrapper.py
|
puppet: puppetwrapper.py
|
||||||
@@ -287,38 +215,6 @@ puppetdbsql: puppetdbsql.service.au-syd1.consul
|
|||||||
prometheus::node_exporter::export_scrape_job: true
|
prometheus::node_exporter::export_scrape_job: true
|
||||||
prometheus::systemd_exporter::export_scrape_job: true
|
prometheus::systemd_exporter::export_scrape_job: true
|
||||||
|
|
||||||
ssh::server::storeconfigs_enabled: false
|
|
||||||
ssh::server::options:
|
|
||||||
Protocol: '2'
|
|
||||||
ListenAddress:
|
|
||||||
- '127.0.0.1'
|
|
||||||
- '%{facts.networking.ip}'
|
|
||||||
SyslogFacility: 'AUTHPRIV'
|
|
||||||
HostKey:
|
|
||||||
- /etc/ssh/ssh_host_rsa_key
|
|
||||||
- /etc/ssh/ssh_host_ecdsa_key
|
|
||||||
- /etc/ssh/ssh_host_ed25519_key
|
|
||||||
HostCertificate: /etc/ssh/ssh_host_rsa_key-cert.pem
|
|
||||||
AuthorizedKeysFile: .ssh/authorized_keys
|
|
||||||
PermitRootLogin: no
|
|
||||||
PasswordAuthentication: no
|
|
||||||
ChallengeResponseAuthentication: no
|
|
||||||
PubkeyAuthentication: yes
|
|
||||||
GSSAPIAuthentication: yes
|
|
||||||
GSSAPICleanupCredentials: yes
|
|
||||||
UsePAM: yes
|
|
||||||
X11Forwarding: no
|
|
||||||
PrintMotd: no
|
|
||||||
AcceptEnv:
|
|
||||||
- LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
||||||
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
||||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
|
||||||
- XMODIFIERS
|
|
||||||
Subsystem: sftp /usr/libexec/openssh/sftp-server
|
|
||||||
|
|
||||||
profiles::ssh::knownhosts::lines:
|
|
||||||
- '@cert-authority * ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1HD97vYxLTniE4qNpGuftUlvmkEXIuX8+7nbENv/IzsGUghEDRtyThjQ7ojNKIsQ7f8wXr0gMcI+fAPfrbcOMHCAoYMomikwL0b3h95SZI40q3CyM+0DMnwiVVDX6C1QxkO2Rv9cszSkCa85NotJhXiUuTBI9BFcRPy+mAhbpAru+bfypYofI0wW97XNTl8Jgwmni5MgutBIQAokFIn5ux8iWxndCH3AqDtmkwC5DfQeQ+wZx7rkwqJEpJffQzrjb1gIM6P9hDCVBBVPh/3o80IJ69rFWrJAZUb+JpG4cXJH0NcSW+wqc3JCT/x3q8VlHwOTXSlNNKtOJCRx73mB8e1XTTy2a9FgpKDDg5XQXWHAViJDz1RTRL9gRefMylRgKz4bXoTuY9kJWM8hPTyUejtukbJThlBJc3OmDxBZBF7F0iqB11pHexok43OCEiANodVa36eWu9/5X032Vm48fZ1/akDPY/NSy3wAn7kwut+A0/JAHFHASrq+1mt9YurkJegI+YHXO6eEWpBIpmI7ORHJbGL4MhkHrxYzVamuP8CkU7tXzsv138+wpOcRHNp9yJY4PT40BZkRf/O3O+jt3pj9Dj8rvgywF2W6hFzywh3Y78upOprRkQlQtHfsI8EyrYI8/hUw2u3H+3yPXh3YjWfqvWVG1BRLRHBV7m90uaw=='
|
|
||||||
|
|
||||||
profiles::base::groups::local:
|
profiles::base::groups::local:
|
||||||
admins:
|
admins:
|
||||||
ensure: present
|
ensure: present
|
||||||
@@ -334,39 +230,39 @@ sudo::configs:
|
|||||||
|
|
||||||
profiles::accounts::sysadmin::sshkeys:
|
profiles::accounts::sysadmin::sshkeys:
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
|
||||||
profiles::accounts::rundeck::sshkeys:
|
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD4F7VcorbGpyZzBFexz7c/o1JBscrl7hZU0UkWV7fq6YLizW0r6fOzD99hMwu1kdYCjPxbvuUSDEHfyBIp2EgLWU6wFVoufQqlMyOV85+ivQZUc1VNV+X9T+U4v3u/01hkAmlpXtbkwhMSR4Wi+tdABd04+D3CuMDM37mvnFmBBmi41X4Mr1rJhOQumn1XHQ7EYbsdw2mxfEVVeWpZIHz5BjNKSGzEIAYZbFt6s0Y7X3J5RT+Gjqmu043Tc8nNIUFlR9E10qd3Euf9RiBYxBx3z+yfOzJPBzWNBSHv1+PIbO5Mq+z5JaAfoFZO41L7nw+FjV6JJUCVLr6Vq+bCxyA7LW4Oq9ZahSrt/vrT0kTa0tA5U9bqK6e7pB//dm7PzoROtTq0XksV8RseA/fvIje20uaN1z9dynx+UcbszXu9pQ5GIg1o7b5DEi3OZHJwpgdudiCyEeR4+00G0z4PjpEMnTSMHAJ53WxtjzrPAOBnAmPE7hPu4coU+XrCWEXAvRMloJmca68e+zFX7VvFK82KVDuQ99vQ6w4X73IESKoLzyAVxpelwHaDG4fN+zqYfqubVQU1L5cUeYKxqm5r3Us6VvMaYs1ZMUmDGXHOq4FNhGUJYxSjkLvunM6qyAAJQCd6Pw/2TV3UQVerbouGOZaeBLvRguHWSbDrO99Zu+t87w== rundeck_runner
|
|
||||||
|
|
||||||
networking::interface_defaults:
|
profiles::base::hosts::additional_hosts:
|
||||||
ensure: present
|
- ip: 198.18.17.3
|
||||||
family: inet
|
hostname: prodinf01n01.main.unkin.net
|
||||||
method: static
|
aliases:
|
||||||
netmask: 255.255.255.0
|
- prodinf01n01
|
||||||
onboot: true
|
- puppet
|
||||||
networking::route_defaults:
|
- puppetmaster
|
||||||
ensure: present
|
- puppetca
|
||||||
interface: eth0
|
- ip: 198.18.17.4
|
||||||
netmask: 0.0.0.0
|
hostname: prodinf01n04.main.unkin.net
|
||||||
network: default
|
aliases:
|
||||||
|
- prodinf01n04
|
||||||
profiles::ceph::client::fsid: 7f7f00cb-95de-498c-8dcc-14b54e4e9ca8
|
- ip: 198.18.17.5
|
||||||
profiles::ceph::client::mons:
|
hostname: prodinf01n05.main.unkin.net
|
||||||
- 10.18.15.1
|
aliases:
|
||||||
- 10.18.15.2
|
- prodinf01n05
|
||||||
- 10.18.15.3
|
- ip: 198.18.17.6
|
||||||
#profiles::base::hosts::additional_hosts:
|
hostname: prodinf01n06.main.unkin.net
|
||||||
# - ip: 198.18.17.9
|
aliases:
|
||||||
# hostname: prodinf01n09.main.unkin.net
|
- prodinf01n06
|
||||||
# aliases:
|
- ip: 198.18.17.9
|
||||||
# - prodinf01n09
|
hostname: prodinf01n09.main.unkin.net
|
||||||
# - ntp01.main.unkin.net
|
aliases:
|
||||||
# - ip: 198.18.17.10
|
- prodinf01n09
|
||||||
# hostname: prodinf01n10.main.unkin.net
|
- ntp01.main.unkin.net
|
||||||
# aliases:
|
- ip: 198.18.17.10
|
||||||
# - prodinf01n10
|
hostname: prodinf01n10.main.unkin.net
|
||||||
# - ntp02.main.unkin.net
|
aliases:
|
||||||
# - ip: 198.18.17.22
|
- prodinf01n10
|
||||||
# hostname: prodinf01n22.main.unkin.net
|
- ntp02.main.unkin.net
|
||||||
# aliases:
|
- ip: 198.18.17.22
|
||||||
# - prodinf01n22
|
hostname: prodinf01n22.main.unkin.net
|
||||||
# - repos.main.unkin.net
|
aliases:
|
||||||
|
- prodinf01n22
|
||||||
|
- repos.main.unkin.net
|
||||||
|
|||||||
@@ -1,9 +1,2 @@
|
|||||||
---
|
---
|
||||||
timezone::timezone: 'Australia/Darwin'
|
timezone::timezone: 'Australia/Darwin'
|
||||||
profiles_dns_upstream_forwarder_unkin:
|
|
||||||
- 198.18.17.23
|
|
||||||
- 198.18.17.24
|
|
||||||
profiles_dns_upstream_forwarder_consul:
|
|
||||||
- 198.18.17.34
|
|
||||||
- 198.18.17.35
|
|
||||||
- 198.18.17.36
|
|
||||||
|
|||||||
@@ -1 +1,52 @@
|
|||||||
---
|
---
|
||||||
|
profiles::dns::resolver::zones:
|
||||||
|
main.unkin.net-forward:
|
||||||
|
domain: 'main.unkin.net'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
13.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '13.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
14.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '14.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
15.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '15.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
16.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '16.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
17.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '17.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
consul-forward:
|
||||||
|
domain: 'consul'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.34
|
||||||
|
- 198.18.17.35
|
||||||
|
- 198.18.17.36
|
||||||
|
forward: 'only'
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
---
|
---
|
||||||
certmanager::vault_token: ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAWh7bsttz/JCBo/CPoCgA2doo3jO6jT6NsOoE3/06W2IW+Ij6KHKYILMkG3tS4NAegMI48QR9n++4Xa7u+97w1HO4ENpfLrkuKUcWUFCxxb2OdWhxucIlt3Ay/2+tofOSvqiRKeEISBtOK//Q1a4Iu5GwEP+lvDQ5rcoS0dryNie/okXaLratWOsmctJ6LFuUw5siCcFyUzfvr2ROsB14YoF989np+X1dJqBWxcLmbVNKx766GrRhb1WGeF0qxounCmWEKGt0zY4Zk27KNFlFu7XByDWZoSCVCMvkQaRKhvdNA39Y9vscZJGPGFhz+qKPoeqwUidz0IY51CaFSXewmzCBjAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQC+e2iOlFLlr9inVU8nEVWIBgqb0u/ICsLtxZqOpN9OIFWl+4hVrvTo24JzTc1jMSCONeL4Ab7jtTMbsweE9zUf6XlwhHLXfxfg7FL3WBsOWCUBXIAh338cZCXUGX7m0Qvtgg3VTEbTNDJhZle8Sjo6Gl]
|
certmanager::vault_token: ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAWh7bsttz/JCBo/CPoCgA2doo3jO6jT6NsOoE3/06W2IW+Ij6KHKYILMkG3tS4NAegMI48QR9n++4Xa7u+97w1HO4ENpfLrkuKUcWUFCxxb2OdWhxucIlt3Ay/2+tofOSvqiRKeEISBtOK//Q1a4Iu5GwEP+lvDQ5rcoS0dryNie/okXaLratWOsmctJ6LFuUw5siCcFyUzfvr2ROsB14YoF989np+X1dJqBWxcLmbVNKx766GrRhb1WGeF0qxounCmWEKGt0zY4Zk27KNFlFu7XByDWZoSCVCMvkQaRKhvdNA39Y9vscZJGPGFhz+qKPoeqwUidz0IY51CaFSXewmzCBjAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQC+e2iOlFLlr9inVU8nEVWIBgqb0u/ICsLtxZqOpN9OIFWl+4hVrvTo24JzTc1jMSCONeL4Ab7jtTMbsweE9zUf6XlwhHLXfxfg7FL3WBsOWCUBXIAh338cZCXUGX7m0Qvtgg3VTEbTNDJhZle8Sjo6Gl]
|
||||||
certmanager::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJuE+uzgQaBRUXBCigckEo1j+UxxbiUGrzdf/B9K7XPdVxZh6TzYLpBgNnyaT6vLo0boX4uRD/By0gT5R/2qcXD6d/j+fh517Ctk4d2uO64f0vH3PzyyOBalsNtcCdPiV3q/xGqzQSHhPiNkFEjDvMBz5p53UjfKA6gAiPrLklp4rN/NVyiLBw20NeIqbL25VdkQa13ViS0Gm/eUQu7a2xQ1dvQFWWfuLaQxO0dh8L0ynkfmWKIjaiD5412Z8hYURu0otxbqVDdIbEMx5xQsXnFKeN93yHmgs7a7M6fLdp9jh+G8B+IlK1W7/9v2+RT0/yI3ZgWHVTvDRhMHuPGBjfTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5avtOPp9N65U1ILQENnvAgDBqI8XAjqbWIvXHqOEiKYdu+co0EEtsHR1v5xAeCmj/ZA6MLeKFlAVJbvpyCpzjons=]
|
certmanager::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJuE+uzgQaBRUXBCigckEo1j+UxxbiUGrzdf/B9K7XPdVxZh6TzYLpBgNnyaT6vLo0boX4uRD/By0gT5R/2qcXD6d/j+fh517Ctk4d2uO64f0vH3PzyyOBalsNtcCdPiV3q/xGqzQSHhPiNkFEjDvMBz5p53UjfKA6gAiPrLklp4rN/NVyiLBw20NeIqbL25VdkQa13ViS0Gm/eUQu7a2xQ1dvQFWWfuLaQxO0dh8L0ynkfmWKIjaiD5412Z8hYURu0otxbqVDdIbEMx5xQsXnFKeN93yHmgs7a7M6fLdp9jh+G8B+IlK1W7/9v2+RT0/yI3ZgWHVTvDRhMHuPGBjfTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5avtOPp9N65U1ILQENnvAgDBqI8XAjqbWIvXHqOEiKYdu+co0EEtsHR1v5xAeCmj/ZA6MLeKFlAVJbvpyCpzjons=]
|
||||||
sshsignhost::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAT86C/InXrgDtXCc9NFze91YMvjTNDqWgv4uzPFI48clOeQyD6x+vOHWP2yNp1OyNHcYLCiLyrv+rSIQyXlLnbeyZWV+7kXIon057Tp7l0BxWtd0hjQEcyWzqQQE7R264C8/qKRak81LIu6RshWZAchYo/BMPuOqVr0m+1zDwOV9JwZc3bpexzsl57CK5pesOrpfdvnd/xrOoEMR+P+C5PC6QLtQl3zkOD3N9kP6HqwbhWH5ZBPy88Kc+5kYM6QVpQSjFIIHK1SWsN0VZoxpkuFlFXB5KHDgZtg3kxrofzjQghl41zJBCDq9Z5oZ+2b1p/j/9jCASyp/ju68H5WXzbzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCf4Nqp6SAl/XjmhPDnTvVJgDCdDhxWaChhjJ3eRcW4NTFgf3zm7Bu65za0li26FKuKks00duF4zebfNw7ZUVsYtIU=]
|
|
||||||
|
|||||||
@@ -1,7 +1,2 @@
|
|||||||
---
|
---
|
||||||
timezone::timezone: 'Australia/Sydney'
|
timezone::timezone: 'Australia/Sydney'
|
||||||
certbot::client::webserver: ausyd1nxvm1021.main.unkin.net
|
|
||||||
profiles_dns_upstream_forwarder_unkin:
|
|
||||||
- 198.18.19.15
|
|
||||||
profiles_dns_upstream_forwarder_consul:
|
|
||||||
- 198.18.19.14
|
|
||||||
|
|||||||
@@ -1 +1,52 @@
|
|||||||
---
|
---
|
||||||
|
profiles::dns::resolver::zones:
|
||||||
|
main.unkin.net-forward:
|
||||||
|
domain: 'main.unkin.net'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
13.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '13.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
14.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '14.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
15.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '15.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
16.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '16.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
17.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '17.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
consul-forward:
|
||||||
|
domain: 'consul'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.19
|
||||||
|
- 198.18.13.20
|
||||||
|
- 198.18.13.21
|
||||||
|
forward: 'only'
|
||||||
|
|||||||
@@ -1,31 +1,4 @@
|
|||||||
---
|
---
|
||||||
hiera_include:
|
|
||||||
- keepalived
|
|
||||||
|
|
||||||
# keepalived
|
|
||||||
profiles::haproxy::dns::vrrp_ipaddr: '198.18.13.250'
|
|
||||||
profiles::haproxy::dns::vrrp_cnames:
|
|
||||||
- sonarr.main.unkin.net
|
|
||||||
- radarr.main.unkin.net
|
|
||||||
- lidarr.main.unkin.net
|
|
||||||
- readarr.main.unkin.net
|
|
||||||
- prowlarr.main.unkin.net
|
|
||||||
- nzbget.main.unkin.net
|
|
||||||
|
|
||||||
keepalived::vrrp_script:
|
|
||||||
check_haproxy:
|
|
||||||
script: '/usr/bin/killall -0 haproxy'
|
|
||||||
|
|
||||||
keepalived::vrrp_instance:
|
|
||||||
VI_250:
|
|
||||||
interface: 'eth0'
|
|
||||||
virtual_router_id: 250
|
|
||||||
auth_type: 'PASS'
|
|
||||||
auth_pass: 'quiiK7oo'
|
|
||||||
virtual_ipaddress: '198.18.13.250/32'
|
|
||||||
track_script:
|
|
||||||
- check_haproxy
|
|
||||||
|
|
||||||
# mappings
|
# mappings
|
||||||
profiles::haproxy::mappings:
|
profiles::haproxy::mappings:
|
||||||
fe_http:
|
fe_http:
|
||||||
@@ -33,27 +6,11 @@ profiles::haproxy::mappings:
|
|||||||
mappings:
|
mappings:
|
||||||
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
|
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
|
||||||
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
|
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
|
||||||
- 'sonarr.main.unkin.net be_sonarr'
|
|
||||||
- 'radarr.main.unkin.net be_radarr'
|
|
||||||
- 'lidarr.main.unkin.net be_lidarr'
|
|
||||||
- 'readarr.main.unkin.net be_readarr'
|
|
||||||
- 'prowlarr.main.unkin.net be_prowlarr'
|
|
||||||
- 'nzbget.main.unkin.net be_nzbget'
|
|
||||||
- 'jellyfin.main.unkin.net be_jellyfin'
|
|
||||||
- 'fafflix.unkin.net be_jellyfin'
|
|
||||||
fe_https:
|
fe_https:
|
||||||
ensure: present
|
ensure: present
|
||||||
mappings:
|
mappings:
|
||||||
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
|
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
|
||||||
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
|
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
|
||||||
- 'sonarr.main.unkin.net be_sonarr'
|
|
||||||
- 'radarr.main.unkin.net be_radarr'
|
|
||||||
- 'lidarr.main.unkin.net be_lidarr'
|
|
||||||
- 'readarr.main.unkin.net be_readarr'
|
|
||||||
- 'prowlarr.main.unkin.net be_prowlarr'
|
|
||||||
- 'nzbget.main.unkin.net be_nzbget'
|
|
||||||
- 'jellyfin.main.unkin.net be_jellyfin'
|
|
||||||
- 'fafflix.unkin.net be_jellyfin'
|
|
||||||
|
|
||||||
profiles::haproxy::frontends:
|
profiles::haproxy::frontends:
|
||||||
fe_http:
|
fe_http:
|
||||||
@@ -63,15 +20,7 @@ profiles::haproxy::frontends:
|
|||||||
fe_https:
|
fe_https:
|
||||||
options:
|
options:
|
||||||
acl:
|
acl:
|
||||||
- 'acl_ausyd1pve req.hdr(host) -i au-syd1-pve.main.unkin.net'
|
- 'acl_ausyd1pve req.hdr(host) -i https://au-syd1-pve.main.unkin.net'
|
||||||
- 'acl_sonarr req.hdr(host) -i sonarr.main.unkin.net'
|
|
||||||
- 'acl_radarr req.hdr(host) -i radarr.main.unkin.net'
|
|
||||||
- 'acl_lidarr req.hdr(host) -i lidarr.main.unkin.net'
|
|
||||||
- 'acl_readarr req.hdr(host) -i readarr.main.unkin.net'
|
|
||||||
- 'acl_prowlarr req.hdr(host) -i prowlarr.main.unkin.net'
|
|
||||||
- 'acl_nzbget req.hdr(host) -i nzbget.main.unkin.net'
|
|
||||||
- 'acl_jellyfin req.hdr(host) -i jellyfin.main.unkin.net'
|
|
||||||
- 'acl_fafflix req.hdr(host) -i fafflix.unkin.net'
|
|
||||||
- 'acl_internalsubnets src 198.18.0.0/16 10.10.12.0/24'
|
- 'acl_internalsubnets src 198.18.0.0/16 10.10.12.0/24'
|
||||||
use_backend:
|
use_backend:
|
||||||
- "%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]"
|
- "%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]"
|
||||||
@@ -79,14 +28,6 @@ profiles::haproxy::frontends:
|
|||||||
- 'deny if { hdr_dom(host) -i au-syd1-pve.main.unkin.net } !acl_internalsubnets'
|
- 'deny if { hdr_dom(host) -i au-syd1-pve.main.unkin.net } !acl_internalsubnets'
|
||||||
http-response:
|
http-response:
|
||||||
- 'set-header X-Frame-Options DENY if acl_ausyd1pve'
|
- 'set-header X-Frame-Options DENY if acl_ausyd1pve'
|
||||||
- 'set-header X-Frame-Options DENY if acl_sonarr'
|
|
||||||
- 'set-header X-Frame-Options DENY if acl_radarr'
|
|
||||||
- 'set-header X-Frame-Options DENY if acl_lidarr'
|
|
||||||
- 'set-header X-Frame-Options DENY if acl_readarr'
|
|
||||||
- 'set-header X-Frame-Options DENY if acl_prowlarr'
|
|
||||||
- 'set-header X-Frame-Options DENY if acl_nzbget'
|
|
||||||
- 'set-header X-Frame-Options DENY if acl_jellyfin'
|
|
||||||
- 'set-header X-Frame-Options DENY if acl_fafflix'
|
|
||||||
- 'set-header X-Content-Type-Options nosniff'
|
- 'set-header X-Content-Type-Options nosniff'
|
||||||
- 'set-header X-XSS-Protection 1;mode=block'
|
- 'set-header X-XSS-Protection 1;mode=block'
|
||||||
|
|
||||||
@@ -122,152 +63,17 @@ profiles::haproxy::backends:
|
|||||||
- set-header X-Forwarded-Port %[dst_port]
|
- set-header X-Forwarded-Port %[dst_port]
|
||||||
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
||||||
redirect: 'scheme https if !{ ssl_fc }'
|
redirect: 'scheme https if !{ ssl_fc }'
|
||||||
be_sonarr:
|
|
||||||
description: Backend for au-syd1 sonarr
|
|
||||||
collect_exported: false # handled in custom function
|
|
||||||
options:
|
|
||||||
balance: roundrobin
|
|
||||||
option:
|
|
||||||
- httpchk GET /consul/health
|
|
||||||
- forwardfor
|
|
||||||
- http-keep-alive
|
|
||||||
- prefer-last-server
|
|
||||||
cookie: SRVNAME insert indirect nocache
|
|
||||||
http-reuse: always
|
|
||||||
http-request:
|
|
||||||
- set-header X-Forwarded-Port %[dst_port]
|
|
||||||
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
|
||||||
redirect: 'scheme https if !{ ssl_fc }'
|
|
||||||
be_radarr:
|
|
||||||
description: Backend for au-syd1 radarr
|
|
||||||
collect_exported: false # handled in custom function
|
|
||||||
options:
|
|
||||||
balance: roundrobin
|
|
||||||
option:
|
|
||||||
- httpchk GET /consul/health
|
|
||||||
- forwardfor
|
|
||||||
- http-keep-alive
|
|
||||||
- prefer-last-server
|
|
||||||
cookie: SRVNAME insert indirect nocache
|
|
||||||
http-reuse: always
|
|
||||||
http-request:
|
|
||||||
- set-header X-Forwarded-Port %[dst_port]
|
|
||||||
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
|
||||||
redirect: 'scheme https if !{ ssl_fc }'
|
|
||||||
be_lidarr:
|
|
||||||
description: Backend for au-syd1 lidarr
|
|
||||||
collect_exported: false # handled in custom function
|
|
||||||
options:
|
|
||||||
balance: roundrobin
|
|
||||||
option:
|
|
||||||
- httpchk GET /consul/health
|
|
||||||
- forwardfor
|
|
||||||
- http-keep-alive
|
|
||||||
- prefer-last-server
|
|
||||||
cookie: SRVNAME insert indirect nocache
|
|
||||||
http-reuse: always
|
|
||||||
http-request:
|
|
||||||
- set-header X-Forwarded-Port %[dst_port]
|
|
||||||
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
|
||||||
redirect: 'scheme https if !{ ssl_fc }'
|
|
||||||
be_readarr:
|
|
||||||
description: Backend for au-syd1 readarr
|
|
||||||
collect_exported: false # handled in custom function
|
|
||||||
options:
|
|
||||||
balance: roundrobin
|
|
||||||
option:
|
|
||||||
- httpchk GET /consul/health
|
|
||||||
- forwardfor
|
|
||||||
- http-keep-alive
|
|
||||||
- prefer-last-server
|
|
||||||
cookie: SRVNAME insert indirect nocache
|
|
||||||
http-reuse: always
|
|
||||||
http-request:
|
|
||||||
- set-header X-Forwarded-Port %[dst_port]
|
|
||||||
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
|
||||||
redirect: 'scheme https if !{ ssl_fc }'
|
|
||||||
be_prowlarr:
|
|
||||||
description: Backend for au-syd1 prowlarr
|
|
||||||
collect_exported: false # handled in custom function
|
|
||||||
options:
|
|
||||||
balance: roundrobin
|
|
||||||
option:
|
|
||||||
- httpchk GET /consul/health
|
|
||||||
- forwardfor
|
|
||||||
- http-keep-alive
|
|
||||||
- prefer-last-server
|
|
||||||
cookie: SRVNAME insert indirect nocache
|
|
||||||
http-reuse: always
|
|
||||||
http-request:
|
|
||||||
- set-header X-Forwarded-Port %[dst_port]
|
|
||||||
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
|
||||||
redirect: 'scheme https if !{ ssl_fc }'
|
|
||||||
be_nzbget:
|
|
||||||
description: Backend for au-syd1 nzbget
|
|
||||||
collect_exported: false # handled in custom function
|
|
||||||
options:
|
|
||||||
balance: roundrobin
|
|
||||||
option:
|
|
||||||
- httpchk GET /consul/health
|
|
||||||
- forwardfor
|
|
||||||
- http-keep-alive
|
|
||||||
- prefer-last-server
|
|
||||||
cookie: SRVNAME insert indirect nocache
|
|
||||||
http-reuse: always
|
|
||||||
http-request:
|
|
||||||
- set-header X-Forwarded-Port %[dst_port]
|
|
||||||
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
|
||||||
redirect: 'scheme https if !{ ssl_fc }'
|
|
||||||
be_jellyfin:
|
|
||||||
description: Backend for au-syd1 jellyfin
|
|
||||||
collect_exported: false # handled in custom function
|
|
||||||
options:
|
|
||||||
balance: roundrobin
|
|
||||||
option:
|
|
||||||
- httpchk GET /
|
|
||||||
- forwardfor
|
|
||||||
- http-keep-alive
|
|
||||||
- prefer-last-server
|
|
||||||
cookie: SRVNAME insert indirect nocache
|
|
||||||
http-reuse: always
|
|
||||||
http-request:
|
|
||||||
- set-header X-Forwarded-Port %[dst_port]
|
|
||||||
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
|
||||||
redirect: 'scheme https if !{ ssl_fc }'
|
|
||||||
|
|
||||||
profiles::haproxy::certlist::enabled: true
|
profiles::haproxy::certlist::enabled: true
|
||||||
profiles::haproxy::certlist::certificates:
|
profiles::haproxy::certlist::certificates:
|
||||||
- /etc/pki/tls/letsencrypt/au-syd1-pve.main.unkin.net/fullchain_combined.pem
|
|
||||||
- /etc/pki/tls/letsencrypt/au-syd1-pve-api.main.unkin.net/fullchain_combined.pem
|
|
||||||
- /etc/pki/tls/letsencrypt/sonarr.main.unkin.net/fullchain_combined.pem
|
|
||||||
- /etc/pki/tls/letsencrypt/radarr.main.unkin.net/fullchain_combined.pem
|
|
||||||
- /etc/pki/tls/letsencrypt/lidarr.main.unkin.net/fullchain_combined.pem
|
|
||||||
- /etc/pki/tls/letsencrypt/readarr.main.unkin.net/fullchain_combined.pem
|
|
||||||
- /etc/pki/tls/letsencrypt/prowlarr.main.unkin.net/fullchain_combined.pem
|
|
||||||
- /etc/pki/tls/letsencrypt/nzbget.main.unkin.net/fullchain_combined.pem
|
|
||||||
- /etc/pki/tls/letsencrypt/fafflix.unkin.net/fullchain_combined.pem
|
|
||||||
- /etc/pki/tls/vault/certificate.pem
|
- /etc/pki/tls/vault/certificate.pem
|
||||||
|
|
||||||
# additional altnames
|
# additional altnames
|
||||||
profiles::pki::vault::alt_names:
|
profiles::pki::vault::alt_names:
|
||||||
- au-syd1-pve.main.unkin.net
|
- au-syd1-pve.main.unkin.net
|
||||||
- au-syd1-pve-api.main.unkin.net
|
- au-syd1-pve-api.main.unkin.net
|
||||||
- jellyfin.main.unkin.net
|
|
||||||
|
|
||||||
# additional cnames
|
# additional cnames
|
||||||
profiles::haproxy::dns::cnames:
|
profiles::haproxy::dns::cnames:
|
||||||
- au-syd1-pve.main.unkin.net
|
- au-syd1-pve.main.unkin.net
|
||||||
- au-syd1-pve-api.main.unkin.net
|
- au-syd1-pve-api.main.unkin.net
|
||||||
|
|
||||||
# letsencrypt certificates
|
|
||||||
certbot::client::service: haproxy
|
|
||||||
certbot::client::domains:
|
|
||||||
- au-syd1-pve.main.unkin.net
|
|
||||||
- au-syd1-pve-api.main.unkin.net
|
|
||||||
- sonarr.main.unkin.net
|
|
||||||
- radarr.main.unkin.net
|
|
||||||
- lidarr.main.unkin.net
|
|
||||||
- readarr.main.unkin.net
|
|
||||||
- prowlarr.main.unkin.net
|
|
||||||
- nzbget.main.unkin.net
|
|
||||||
- fafflix.unkin.net
|
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
---
|
---
|
||||||
certmanager::vault_token: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJuE+uzgQaBRUXBCigckEo1j+UxxbiUGrzdf/B9K7XPdVxZh6TzYLpBgNnyaT6vLo0boX4uRD/By0gT5R/2qcXD6d/j+fh517Ctk4d2uO64f0vH3PzyyOBalsNtcCdPiV3q/xGqzQSHhPiNkFEjDvMBz5p53UjfKA6gAiPrLklp4rN/NVyiLBw20NeIqbL25VdkQa13ViS0Gm/eUQu7a2xQ1dvQFWWfuLaQxO0dh8L0ynkfmWKIjaiD5412Z8hYURu0otxbqVDdIbEMx5xQsXnFKeN93yHmgs7a7M6fLdp9jh+G8B+IlK1W7/9v2+RT0/yI3ZgWHVTvDRhMHuPGBjfTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5avtOPp9N65U1ILQENnvAgDBqI8XAjqbWIvXHqOEiKYdu+co0EEtsHR1v5xAeCmj/ZA6MLeKFlAVJbvpyCpzjons=]
|
certmanager::vault_token: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJuE+uzgQaBRUXBCigckEo1j+UxxbiUGrzdf/B9K7XPdVxZh6TzYLpBgNnyaT6vLo0boX4uRD/By0gT5R/2qcXD6d/j+fh517Ctk4d2uO64f0vH3PzyyOBalsNtcCdPiV3q/xGqzQSHhPiNkFEjDvMBz5p53UjfKA6gAiPrLklp4rN/NVyiLBw20NeIqbL25VdkQa13ViS0Gm/eUQu7a2xQ1dvQFWWfuLaQxO0dh8L0ynkfmWKIjaiD5412Z8hYURu0otxbqVDdIbEMx5xQsXnFKeN93yHmgs7a7M6fLdp9jh+G8B+IlK1W7/9v2+RT0/yI3ZgWHVTvDRhMHuPGBjfTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5avtOPp9N65U1ILQENnvAgDBqI8XAjqbWIvXHqOEiKYdu+co0EEtsHR1v5xAeCmj/ZA6MLeKFlAVJbvpyCpzjons=]
|
||||||
certmanager::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJuE+uzgQaBRUXBCigckEo1j+UxxbiUGrzdf/B9K7XPdVxZh6TzYLpBgNnyaT6vLo0boX4uRD/By0gT5R/2qcXD6d/j+fh517Ctk4d2uO64f0vH3PzyyOBalsNtcCdPiV3q/xGqzQSHhPiNkFEjDvMBz5p53UjfKA6gAiPrLklp4rN/NVyiLBw20NeIqbL25VdkQa13ViS0Gm/eUQu7a2xQ1dvQFWWfuLaQxO0dh8L0ynkfmWKIjaiD5412Z8hYURu0otxbqVDdIbEMx5xQsXnFKeN93yHmgs7a7M6fLdp9jh+G8B+IlK1W7/9v2+RT0/yI3ZgWHVTvDRhMHuPGBjfTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5avtOPp9N65U1ILQENnvAgDBqI8XAjqbWIvXHqOEiKYdu+co0EEtsHR1v5xAeCmj/ZA6MLeKFlAVJbvpyCpzjons=]
|
certmanager::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJuE+uzgQaBRUXBCigckEo1j+UxxbiUGrzdf/B9K7XPdVxZh6TzYLpBgNnyaT6vLo0boX4uRD/By0gT5R/2qcXD6d/j+fh517Ctk4d2uO64f0vH3PzyyOBalsNtcCdPiV3q/xGqzQSHhPiNkFEjDvMBz5p53UjfKA6gAiPrLklp4rN/NVyiLBw20NeIqbL25VdkQa13ViS0Gm/eUQu7a2xQ1dvQFWWfuLaQxO0dh8L0ynkfmWKIjaiD5412Z8hYURu0otxbqVDdIbEMx5xQsXnFKeN93yHmgs7a7M6fLdp9jh+G8B+IlK1W7/9v2+RT0/yI3ZgWHVTvDRhMHuPGBjfTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC5avtOPp9N65U1ILQENnvAgDBqI8XAjqbWIvXHqOEiKYdu+co0EEtsHR1v5xAeCmj/ZA6MLeKFlAVJbvpyCpzjons=]
|
||||||
sshsignhost::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAT86C/InXrgDtXCc9NFze91YMvjTNDqWgv4uzPFI48clOeQyD6x+vOHWP2yNp1OyNHcYLCiLyrv+rSIQyXlLnbeyZWV+7kXIon057Tp7l0BxWtd0hjQEcyWzqQQE7R264C8/qKRak81LIu6RshWZAchYo/BMPuOqVr0m+1zDwOV9JwZc3bpexzsl57CK5pesOrpfdvnd/xrOoEMR+P+C5PC6QLtQl3zkOD3N9kP6HqwbhWH5ZBPy88Kc+5kYM6QVpQSjFIIHK1SWsN0VZoxpkuFlFXB5KHDgZtg3kxrofzjQghl41zJBCDq9Z5oZ+2b1p/j/9jCASyp/ju68H5WXzbzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCf4Nqp6SAl/XjmhPDnTvVJgDCdDhxWaChhjJ3eRcW4NTFgf3zm7Bu65za0li26FKuKks00duF4zebfNw7ZUVsYtIU=]
|
|
||||||
|
|||||||
@@ -1,3 +0,0 @@
|
|||||||
---
|
|
||||||
mysql::db::grafana::pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAozi1vFf9KfwsGSdxXvhOWRn9Vqbr9AZ+cVJuIOmmLVZMRP4AJkkNgCCly+o1pxtMiU8EISUQuBWCBHUi+u2Y1YAjIABzTa2K+PCU7qqkdrJaxvKqmmKS7C/CWFKp1stYvYIvIofyvl9Q854nMcpvxQKL0PBGh3rIaUHHV3L0PH1UDLqL5j6OPXaNvKL4UzwMDDIVAd7F5yMbtSx2PT23pBLbPYsbG1jRx7pUS/d1ZE9E8h3OA2jxW/CBf68Sb2Xlrh7IAB/6RiLLpIsUyRMv9zrbPrMuKg/q5lzO0i9fejh5z3Z3YkdnhH61doUT/RSjAjz3JrWDGxomOSK0y8TxjjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCg1kVqFs/mf4r+6EI32b8qgCBm6cL3JhVzj3Btit9D8VYU8mQcrIaXJZ3qF31zJMzCkw==]
|
|
||||||
mysql::db::rundeck::pass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAcWmZuTro0DNX8X/6DCJdmxm85hawng2cjSm/M26/sAzlr7i3XLIjg5TQc3BpeiKWZvQ2XZWygOEcW7g0bHH7FBS6XTXswDiLCf7ssd0DYL+eQbh4p6VijBKObug33fp4+YJaqGV7YRUNqBjXQv/SSmxFqbNaRahUqwbMidJCyjGNmfCfbSd9WxI4/8j0L38rjXR3/i+/xzgVIhgz/qymmw0rky6jN14YrwRIkdW6loMFzVd12tqdX9kh7UBdE7j58ntQgJSilQn2pLmQs6dgcXSOeIi8Sln4R0MfAtOQ1c6LoKMUdb7k8xEszpGbhX7sw51kpwvnL1LS6PQ+T8T9wDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDm1sAUc6LFtslrIuwk1JlJgDAngDM/0g4dpgyNOZDsvAU8OualEL6HZ2RFGfibteUc11wZzHkdFZlvHz2JZdO7Huo=]
|
|
||||||
@@ -2,23 +2,3 @@
|
|||||||
profiles::sql::galera_member::cluster_name: au-syd1
|
profiles::sql::galera_member::cluster_name: au-syd1
|
||||||
profiles::sql::galera_member::galera_master: ausyd1nxvm1027.main.unkin.net
|
profiles::sql::galera_member::galera_master: ausyd1nxvm1027.main.unkin.net
|
||||||
profiles::sql::galera_member::innodb_buffer_pool_size: 256M
|
profiles::sql::galera_member::innodb_buffer_pool_size: 256M
|
||||||
|
|
||||||
mysql::db:
|
|
||||||
grafana:
|
|
||||||
name: grafana
|
|
||||||
user: grafana
|
|
||||||
password: "%{alias('mysql::db::grafana::pass')}"
|
|
||||||
grant:
|
|
||||||
- SELECT
|
|
||||||
- INSERT
|
|
||||||
- UPDATE
|
|
||||||
- DELETE
|
|
||||||
rundeck:
|
|
||||||
name: rundeck
|
|
||||||
user: rundeck
|
|
||||||
password: "%{alias('mysql::db::rundeck::pass')}"
|
|
||||||
grant:
|
|
||||||
- SELECT
|
|
||||||
- INSERT
|
|
||||||
- UPDATE
|
|
||||||
- DELETE
|
|
||||||
|
|||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.10
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.11
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.12
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.13
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.14
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.15
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.16
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.17
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.18
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.19
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.20
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.21
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.22
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.23
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.24
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.25
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
|
|
||||||
profiles::haproxy::dns::vrrp_master: true
|
|
||||||
keepalived::vrrp_instance:
|
|
||||||
VI_250:
|
|
||||||
state: 'MASTER'
|
|
||||||
priority: 101
|
|
||||||
@@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.26
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
|
|
||||||
keepalived::vrrp_instance:
|
|
||||||
VI_250:
|
|
||||||
state: 'BACKUP'
|
|
||||||
priority: 100
|
|
||||||
@@ -1,11 +1,2 @@
|
|||||||
---
|
---
|
||||||
profiles::cobbler::params::is_cobbler_master: true
|
profiles::cobbler::params::is_cobbler_master: true
|
||||||
networking::interfaces:
|
|
||||||
ens18:
|
|
||||||
ipaddress: 198.18.13.27
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
interface: ens18
|
|
||||||
|
|
||||||
profiles::almalinux::base::remove_ens18: false
|
|
||||||
|
|||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.28
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.29
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.30
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
ens18:
|
|
||||||
ipaddress: 198.18.13.31
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
interface: ens18
|
|
||||||
|
|
||||||
profiles::almalinux::base::remove_ens18: false
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.32
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.33
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.34
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.35
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.36
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.37
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.38
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.39
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.40
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.41
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.42
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.43
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.44
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.45
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -5,17 +5,5 @@ profiles::puppet::server::dns_alt_names:
|
|||||||
- puppetca.query.consul
|
- puppetca.query.consul
|
||||||
- puppetca
|
- puppetca
|
||||||
|
|
||||||
profiles::ssh::sign::principals:
|
|
||||||
- puppetca.main.unkin.net
|
|
||||||
- puppetca.service.consul
|
|
||||||
- puppetca.query.consul
|
|
||||||
- puppetca
|
|
||||||
|
|
||||||
profiles::puppet::puppetca::is_puppetca: true
|
profiles::puppet::puppetca::is_puppetca: true
|
||||||
profiles::puppet::puppetca::allow_subject_alt_names: true
|
profiles::puppet::puppetca::allow_subject_alt_names: true
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.46
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
|
|||||||
@@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.47
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.47
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.48
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.49
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.50
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.50
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.51
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.51
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.52
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.52
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.53
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.53
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.54
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.55
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.56
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.57
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.57
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.58
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.58
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.59
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.60
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.61
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.62
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.63
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.64
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.65
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.66
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.67
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.68
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.69
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.70
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.71
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.72
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.73
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.74
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.74
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.64.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.75
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.75
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.65.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.76
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.76
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.66.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.77
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.77
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.67.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.78
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.78
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.68.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.79
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.79
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.69.254/24'
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.80
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.81
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.82
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_master_anycast_ip: 198.18.19.15
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_master_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_master_anycast_ip: 198.18.19.15
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_master_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_master_anycast_ip: 198.18.19.15
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_master_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_resolver_anycast_ip: 198.18.19.16
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_resolver_anycast_ip: 198.18.19.16
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user