Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1156f3d72a |
@@ -3,8 +3,3 @@
|
|||||||
detectors:
|
detectors:
|
||||||
FeatureEnvy:
|
FeatureEnvy:
|
||||||
enabled: false
|
enabled: false
|
||||||
TooManyStatements:
|
|
||||||
enabled: false
|
|
||||||
UncommunicativeVariableName:
|
|
||||||
accept:
|
|
||||||
- e
|
|
||||||
|
|||||||
+35
-45
@@ -2,54 +2,49 @@ forge 'forge.puppetlabs.com'
|
|||||||
moduledir 'external_modules'
|
moduledir 'external_modules'
|
||||||
|
|
||||||
# puppetlabs
|
# puppetlabs
|
||||||
mod 'puppetlabs-stdlib', '9.7.0'
|
mod 'puppetlabs-stdlib', '9.1.0'
|
||||||
mod 'puppetlabs-inifile', '6.2.0'
|
mod 'puppetlabs-inifile', '6.0.0'
|
||||||
mod 'puppetlabs-concat', '9.1.0'
|
mod 'puppetlabs-concat', '9.0.0'
|
||||||
mod 'puppetlabs-vcsrepo', '7.0.0'
|
mod 'puppetlabs-vcsrepo', '6.1.0'
|
||||||
mod 'puppetlabs-yumrepo_core', '2.1.0'
|
mod 'puppetlabs-yumrepo_core', '2.0.0'
|
||||||
mod 'puppetlabs-apt', '10.0.1'
|
mod 'puppetlabs-apt', '9.4.0'
|
||||||
mod 'puppetlabs-lvm', '3.0.1'
|
mod 'puppetlabs-lvm', '2.1.0'
|
||||||
mod 'puppetlabs-puppetdb', '7.14.0'
|
mod 'puppetlabs-puppetdb', '7.13.0'
|
||||||
mod 'puppetlabs-postgresql', '9.2.0'
|
mod 'puppetlabs-postgresql', '9.1.0'
|
||||||
mod 'puppetlabs-firewall', '8.1.4'
|
mod 'puppetlabs-firewall', '6.0.0'
|
||||||
mod 'puppetlabs-accounts', '8.2.2'
|
mod 'puppetlabs-accounts', '8.1.0'
|
||||||
mod 'puppetlabs-mysql', '16.2.0'
|
mod 'puppetlabs-mysql', '15.0.0'
|
||||||
mod 'puppetlabs-xinetd', '3.4.1'
|
mod 'puppetlabs-xinetd', '3.4.1'
|
||||||
mod 'puppetlabs-haproxy', '8.2.0'
|
mod 'puppetlabs-haproxy', '8.0.0'
|
||||||
mod 'puppetlabs-java', '11.1.0'
|
mod 'puppetlabs-java', '10.1.2'
|
||||||
mod 'puppetlabs-reboot', '5.1.0'
|
mod 'puppetlabs-reboot', '5.0.0'
|
||||||
mod 'puppetlabs-docker', '10.2.0'
|
|
||||||
|
|
||||||
# puppet
|
# puppet
|
||||||
mod 'puppet-python', '7.4.0'
|
mod 'puppet-python', '7.0.0'
|
||||||
mod 'puppet-systemd', '8.1.0'
|
mod 'puppet-systemd', '5.1.0'
|
||||||
mod 'puppet-yum', '7.2.0'
|
mod 'puppet-yum', '7.0.0'
|
||||||
mod 'puppet-archive', '7.1.0'
|
mod 'puppet-archive', '7.0.0'
|
||||||
mod 'puppet-chrony', '3.0.0'
|
mod 'puppet-chrony', '2.6.0'
|
||||||
mod 'puppet-puppetboard', '11.0.0'
|
mod 'puppet-puppetboard', '9.0.0'
|
||||||
mod 'puppet-nginx', '6.0.1'
|
mod 'puppet-nginx', '5.0.0'
|
||||||
mod 'puppet-selinux', '5.0.0'
|
mod 'puppet-selinux', '4.1.0'
|
||||||
mod 'puppet-prometheus', '16.0.0'
|
mod 'puppet-prometheus', '13.4.0'
|
||||||
mod 'puppet-grafana', '14.1.0'
|
mod 'puppet-grafana', '13.1.0'
|
||||||
mod 'puppet-consul', '9.1.0'
|
mod 'puppet-consul', '8.0.0'
|
||||||
mod 'puppet-vault', '4.1.1'
|
mod 'puppet-vault', '4.1.0'
|
||||||
mod 'puppet-dhcp', '6.1.0'
|
mod 'puppet-dhcp', '6.1.0'
|
||||||
mod 'puppet-keepalived', '5.1.0'
|
mod 'puppet-keepalived', '3.6.0'
|
||||||
mod 'puppet-extlib', '7.5.1'
|
mod 'puppet-extlib', '7.0.0'
|
||||||
mod 'puppet-network', '2.2.1'
|
mod 'puppet-network', '2.2.0'
|
||||||
mod 'puppet-kmod', '4.1.0'
|
mod 'puppet-kmod', '4.0.1'
|
||||||
mod 'puppet-filemapper', '4.0.0'
|
mod 'puppet-filemapper', '4.0.0'
|
||||||
mod 'puppet-letsencrypt', '11.1.0'
|
mod 'puppet-letsencrypt', '11.0.0'
|
||||||
mod 'puppet-rundeck', '9.2.0'
|
|
||||||
mod 'puppet-redis', '11.1.0'
|
|
||||||
mod 'puppet-nodejs', '11.0.0'
|
|
||||||
|
|
||||||
# other
|
# other
|
||||||
mod 'saz-sudo', '9.0.2'
|
|
||||||
mod 'saz-ssh', '13.1.0'
|
|
||||||
mod 'saz-limits', '5.0.0'
|
|
||||||
mod 'ghoneycutt-timezone', '4.0.0'
|
|
||||||
mod 'ghoneycutt-puppet', '3.3.0'
|
mod 'ghoneycutt-puppet', '3.3.0'
|
||||||
|
mod 'saz-sudo', '8.0.0'
|
||||||
|
mod 'saz-ssh', '12.1.0'
|
||||||
|
mod 'ghoneycutt-timezone', '4.0.0'
|
||||||
mod 'dalen-puppetdbquery', '3.0.1'
|
mod 'dalen-puppetdbquery', '3.0.1'
|
||||||
mod 'markt-galera', '3.1.0'
|
mod 'markt-galera', '3.1.0'
|
||||||
mod 'kogitoapp-minio', '1.1.4'
|
mod 'kogitoapp-minio', '1.1.4'
|
||||||
@@ -57,11 +52,6 @@ mod 'broadinstitute-certs', '3.0.1'
|
|||||||
mod 'stm-file_capability', '6.0.0'
|
mod 'stm-file_capability', '6.0.0'
|
||||||
mod 'h0tw1r3-gitea', '3.2.0'
|
mod 'h0tw1r3-gitea', '3.2.0'
|
||||||
mod 'rehan-mkdir', '2.0.0'
|
mod 'rehan-mkdir', '2.0.0'
|
||||||
mod 'tailoredautomation-patroni', '2.0.0'
|
|
||||||
mod 'ssm-crypto_policies', '0.3.3'
|
|
||||||
mod 'thias-sysctl', '1.0.8'
|
|
||||||
mod 'openstack-ceph', '7.0.0'
|
|
||||||
|
|
||||||
|
|
||||||
mod 'bind',
|
mod 'bind',
|
||||||
:git => 'https://git.service.au-syd1.consul/unkinben/puppet-bind.git',
|
:git => 'https://git.service.au-syd1.consul/unkinben/puppet-bind.git',
|
||||||
|
|||||||
+64
-104
@@ -3,10 +3,16 @@ lookup_options:
|
|||||||
hiera_classes:
|
hiera_classes:
|
||||||
merge:
|
merge:
|
||||||
strategy: deep
|
strategy: deep
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
merge:
|
merge:
|
||||||
strategy: deep
|
strategy: deep
|
||||||
profiles::packages::exclude:
|
profiles::packages::install_exclude:
|
||||||
|
merge:
|
||||||
|
strategy: deep
|
||||||
|
profiles::packages::remove:
|
||||||
|
merge:
|
||||||
|
strategy: deep
|
||||||
|
profiles::packages::remove_exclude:
|
||||||
merge:
|
merge:
|
||||||
strategy: deep
|
strategy: deep
|
||||||
profiles::pki::vault::alt_names:
|
profiles::pki::vault::alt_names:
|
||||||
@@ -129,24 +135,7 @@ lookup_options:
|
|||||||
certbot::client::domains:
|
certbot::client::domains:
|
||||||
merge:
|
merge:
|
||||||
strategy: deep
|
strategy: deep
|
||||||
keepalived::vrrp_script:
|
profiles::metrics::exportarr:
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
keepalived::vrrp_instance:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
profiles::etcd::node::initial_cluster_token:
|
|
||||||
convert_to: Sensitive
|
|
||||||
sysctl::base::values:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
limits::entries:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
zfs::zpools:
|
|
||||||
merge:
|
|
||||||
strategy: deep
|
|
||||||
zfs::datasets:
|
|
||||||
merge:
|
merge:
|
||||||
strategy: deep
|
strategy: deep
|
||||||
|
|
||||||
@@ -156,9 +145,6 @@ hiera_include:
|
|||||||
- timezone
|
- timezone
|
||||||
- networking
|
- networking
|
||||||
- ssh::server
|
- ssh::server
|
||||||
- profiles::accounts::rundeck
|
|
||||||
- limits
|
|
||||||
- sysctl::base
|
|
||||||
|
|
||||||
profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
|
profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
|
||||||
profiles::ntp::client::use_ntp: 'region'
|
profiles::ntp::client::use_ntp: 'region'
|
||||||
@@ -171,22 +157,9 @@ profiles::ntp::client::peers:
|
|||||||
profiles::base::puppet_servers:
|
profiles::base::puppet_servers:
|
||||||
- 'prodinf01n01.main.unkin.net'
|
- 'prodinf01n01.main.unkin.net'
|
||||||
|
|
||||||
consul::install_method: 'package'
|
|
||||||
consul::manage_repo: false
|
|
||||||
consul::bin_dir: /usr/bin
|
|
||||||
|
|
||||||
vault::install_method: 'repo'
|
|
||||||
vault::manage_repo: false
|
|
||||||
vault::bin_dir: /usr/bin
|
|
||||||
vault::manage_service_file: true
|
|
||||||
vault::manage_config_dir: true
|
|
||||||
vault::disable_mlock: false
|
|
||||||
|
|
||||||
profiles::dns::base::nameservers:
|
|
||||||
- 198.18.19.16
|
|
||||||
profiles::dns::master::basedir: '/var/named/sources'
|
profiles::dns::master::basedir: '/var/named/sources'
|
||||||
#profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
|
profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
|
||||||
#profiles::dns::base::use_ns: 'region'
|
profiles::dns::base::use_ns: 'region'
|
||||||
profiles::consul::server::members_role: roles::infra::storage::consul
|
profiles::consul::server::members_role: roles::infra::storage::consul
|
||||||
profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
|
profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
|
||||||
profiles::consul::client::members_lookup: true
|
profiles::consul::client::members_lookup: true
|
||||||
@@ -202,70 +175,59 @@ profiles::consul::client::node_rules:
|
|||||||
segment: ''
|
segment: ''
|
||||||
disposition: read
|
disposition: read
|
||||||
|
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
bash-completion: {}
|
- bash-completion
|
||||||
bzip2: {}
|
- bzip2
|
||||||
ccze: {}
|
- ccze
|
||||||
curl: {}
|
- curl
|
||||||
dstat: {}
|
- dstat
|
||||||
expect: {}
|
- expect
|
||||||
gzip: {}
|
- gcc
|
||||||
git: {}
|
- gzip
|
||||||
htop: {}
|
- git
|
||||||
inotify-tools: {}
|
- htop
|
||||||
iotop: {}
|
- inotify-tools
|
||||||
jq: {}
|
- iotop
|
||||||
lz4: {}
|
- jq
|
||||||
mtr: {}
|
- lz4
|
||||||
ncdu: {}
|
- mtr
|
||||||
neovim: {}
|
- ncdu
|
||||||
p7zip: {}
|
- neovim
|
||||||
pbzip2: {}
|
- p7zip
|
||||||
pigz: {}
|
- pbzip2
|
||||||
pv: {}
|
- pigz
|
||||||
python3.11: {}
|
- pv
|
||||||
rsync: {}
|
- python3.11
|
||||||
screen: {}
|
- rsync
|
||||||
socat: {}
|
- screen
|
||||||
strace: {}
|
- socat
|
||||||
sysstat: {}
|
- strace
|
||||||
tar: {}
|
- sysstat
|
||||||
tmux: {}
|
- tar
|
||||||
traceroute: {}
|
- tmux
|
||||||
unzip: {}
|
- traceroute
|
||||||
vim: {}
|
- unzip
|
||||||
vnstat: {}
|
- vim
|
||||||
wget: {}
|
- vnstat
|
||||||
zsh: {}
|
- wget
|
||||||
zstd: {}
|
- zsh
|
||||||
iwl100-firmware:
|
- zstd
|
||||||
ensure: absent
|
|
||||||
iwl1000-firmware:
|
profiles::packages::remove:
|
||||||
ensure: absent
|
- iwl100-firmware
|
||||||
iwl105-firmware:
|
- iwl1000-firmware
|
||||||
ensure: absent
|
- iwl105-firmware
|
||||||
iwl135-firmware:
|
- iwl135-firmware
|
||||||
ensure: absent
|
- iwl2000-firmware
|
||||||
iwl2000-firmware:
|
- iwl2030-firmware
|
||||||
ensure: absent
|
- iwl3160-firmware
|
||||||
iwl2030-firmware:
|
- iwl5000-firmware
|
||||||
ensure: absent
|
- iwl5150-firmware
|
||||||
iwl3160-firmware:
|
- iwl6000-firmware
|
||||||
ensure: absent
|
- iwl6000g2a-firmware
|
||||||
iwl5000-firmware:
|
- iwl6050-firmware
|
||||||
ensure: absent
|
- iwl7260-firmware
|
||||||
iwl5150-firmware:
|
- puppet7-release
|
||||||
ensure: absent
|
|
||||||
iwl6000-firmware:
|
|
||||||
ensure: absent
|
|
||||||
iwl6000g2a-firmware:
|
|
||||||
ensure: absent
|
|
||||||
iwl6050-firmware:
|
|
||||||
ensure: absent
|
|
||||||
iwl7260-firmware:
|
|
||||||
ensure: absent
|
|
||||||
puppet7-release:
|
|
||||||
ensure: absent
|
|
||||||
|
|
||||||
profiles::base::scripts::scripts:
|
profiles::base::scripts::scripts:
|
||||||
puppet: puppetwrapper.py
|
puppet: puppetwrapper.py
|
||||||
@@ -334,8 +296,6 @@ sudo::configs:
|
|||||||
|
|
||||||
profiles::accounts::sysadmin::sshkeys:
|
profiles::accounts::sysadmin::sshkeys:
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
|
||||||
profiles::accounts::rundeck::sshkeys:
|
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD4F7VcorbGpyZzBFexz7c/o1JBscrl7hZU0UkWV7fq6YLizW0r6fOzD99hMwu1kdYCjPxbvuUSDEHfyBIp2EgLWU6wFVoufQqlMyOV85+ivQZUc1VNV+X9T+U4v3u/01hkAmlpXtbkwhMSR4Wi+tdABd04+D3CuMDM37mvnFmBBmi41X4Mr1rJhOQumn1XHQ7EYbsdw2mxfEVVeWpZIHz5BjNKSGzEIAYZbFt6s0Y7X3J5RT+Gjqmu043Tc8nNIUFlR9E10qd3Euf9RiBYxBx3z+yfOzJPBzWNBSHv1+PIbO5Mq+z5JaAfoFZO41L7nw+FjV6JJUCVLr6Vq+bCxyA7LW4Oq9ZahSrt/vrT0kTa0tA5U9bqK6e7pB//dm7PzoROtTq0XksV8RseA/fvIje20uaN1z9dynx+UcbszXu9pQ5GIg1o7b5DEi3OZHJwpgdudiCyEeR4+00G0z4PjpEMnTSMHAJ53WxtjzrPAOBnAmPE7hPu4coU+XrCWEXAvRMloJmca68e+zFX7VvFK82KVDuQ99vQ6w4X73IESKoLzyAVxpelwHaDG4fN+zqYfqubVQU1L5cUeYKxqm5r3Us6VvMaYs1ZMUmDGXHOq4FNhGUJYxSjkLvunM6qyAAJQCd6Pw/2TV3UQVerbouGOZaeBLvRguHWSbDrO99Zu+t87w== rundeck_runner
|
|
||||||
|
|
||||||
networking::interface_defaults:
|
networking::interface_defaults:
|
||||||
ensure: present
|
ensure: present
|
||||||
|
|||||||
@@ -1,9 +1,2 @@
|
|||||||
---
|
---
|
||||||
timezone::timezone: 'Australia/Darwin'
|
timezone::timezone: 'Australia/Darwin'
|
||||||
profiles_dns_upstream_forwarder_unkin:
|
|
||||||
- 198.18.17.23
|
|
||||||
- 198.18.17.24
|
|
||||||
profiles_dns_upstream_forwarder_consul:
|
|
||||||
- 198.18.17.34
|
|
||||||
- 198.18.17.35
|
|
||||||
- 198.18.17.36
|
|
||||||
|
|||||||
@@ -1 +1,52 @@
|
|||||||
---
|
---
|
||||||
|
profiles::dns::resolver::zones:
|
||||||
|
main.unkin.net-forward:
|
||||||
|
domain: 'main.unkin.net'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
13.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '13.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
14.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '14.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
15.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '15.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
16.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '16.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
17.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '17.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.23
|
||||||
|
- 198.18.17.24
|
||||||
|
forward: 'only'
|
||||||
|
consul-forward:
|
||||||
|
domain: 'consul'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.17.34
|
||||||
|
- 198.18.17.35
|
||||||
|
- 198.18.17.36
|
||||||
|
forward: 'only'
|
||||||
|
|||||||
@@ -1,7 +1,3 @@
|
|||||||
---
|
---
|
||||||
timezone::timezone: 'Australia/Sydney'
|
timezone::timezone: 'Australia/Sydney'
|
||||||
certbot::client::webserver: ausyd1nxvm1021.main.unkin.net
|
certbot::client::webserver: ausyd1nxvm1021.main.unkin.net
|
||||||
profiles_dns_upstream_forwarder_unkin:
|
|
||||||
- 198.18.19.15
|
|
||||||
profiles_dns_upstream_forwarder_consul:
|
|
||||||
- 198.18.19.14
|
|
||||||
|
|||||||
@@ -1 +1,52 @@
|
|||||||
---
|
---
|
||||||
|
profiles::dns::resolver::zones:
|
||||||
|
main.unkin.net-forward:
|
||||||
|
domain: 'main.unkin.net'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
13.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '13.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
14.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '14.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
15.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '15.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
16.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '16.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
17.18.198.in-addr.arpa-forward:
|
||||||
|
domain: '17.18.198.in-addr.arpa'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.14
|
||||||
|
- 198.18.13.15
|
||||||
|
forward: 'only'
|
||||||
|
consul-forward:
|
||||||
|
domain: 'consul'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 198.18.13.19
|
||||||
|
- 198.18.13.20
|
||||||
|
- 198.18.13.21
|
||||||
|
forward: 'only'
|
||||||
|
|||||||
@@ -1,31 +1,4 @@
|
|||||||
---
|
---
|
||||||
hiera_include:
|
|
||||||
- keepalived
|
|
||||||
|
|
||||||
# keepalived
|
|
||||||
profiles::haproxy::dns::vrrp_ipaddr: '198.18.13.250'
|
|
||||||
profiles::haproxy::dns::vrrp_cnames:
|
|
||||||
- sonarr.main.unkin.net
|
|
||||||
- radarr.main.unkin.net
|
|
||||||
- lidarr.main.unkin.net
|
|
||||||
- readarr.main.unkin.net
|
|
||||||
- prowlarr.main.unkin.net
|
|
||||||
- nzbget.main.unkin.net
|
|
||||||
|
|
||||||
keepalived::vrrp_script:
|
|
||||||
check_haproxy:
|
|
||||||
script: '/usr/bin/killall -0 haproxy'
|
|
||||||
|
|
||||||
keepalived::vrrp_instance:
|
|
||||||
VI_250:
|
|
||||||
interface: 'eth0'
|
|
||||||
virtual_router_id: 250
|
|
||||||
auth_type: 'PASS'
|
|
||||||
auth_pass: 'quiiK7oo'
|
|
||||||
virtual_ipaddress: '198.18.13.250/32'
|
|
||||||
track_script:
|
|
||||||
- check_haproxy
|
|
||||||
|
|
||||||
# mappings
|
# mappings
|
||||||
profiles::haproxy::mappings:
|
profiles::haproxy::mappings:
|
||||||
fe_http:
|
fe_http:
|
||||||
@@ -260,7 +233,6 @@ profiles::haproxy::dns::cnames:
|
|||||||
- au-syd1-pve-api.main.unkin.net
|
- au-syd1-pve-api.main.unkin.net
|
||||||
|
|
||||||
# letsencrypt certificates
|
# letsencrypt certificates
|
||||||
certbot::client::service: haproxy
|
|
||||||
certbot::client::domains:
|
certbot::client::domains:
|
||||||
- au-syd1-pve.main.unkin.net
|
- au-syd1-pve.main.unkin.net
|
||||||
- au-syd1-pve-api.main.unkin.net
|
- au-syd1-pve-api.main.unkin.net
|
||||||
|
|||||||
@@ -1,3 +1,2 @@
|
|||||||
---
|
---
|
||||||
mysql::db::grafana::pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAozi1vFf9KfwsGSdxXvhOWRn9Vqbr9AZ+cVJuIOmmLVZMRP4AJkkNgCCly+o1pxtMiU8EISUQuBWCBHUi+u2Y1YAjIABzTa2K+PCU7qqkdrJaxvKqmmKS7C/CWFKp1stYvYIvIofyvl9Q854nMcpvxQKL0PBGh3rIaUHHV3L0PH1UDLqL5j6OPXaNvKL4UzwMDDIVAd7F5yMbtSx2PT23pBLbPYsbG1jRx7pUS/d1ZE9E8h3OA2jxW/CBf68Sb2Xlrh7IAB/6RiLLpIsUyRMv9zrbPrMuKg/q5lzO0i9fejh5z3Z3YkdnhH61doUT/RSjAjz3JrWDGxomOSK0y8TxjjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCg1kVqFs/mf4r+6EI32b8qgCBm6cL3JhVzj3Btit9D8VYU8mQcrIaXJZ3qF31zJMzCkw==]
|
mysql::db::grafana::pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAozi1vFf9KfwsGSdxXvhOWRn9Vqbr9AZ+cVJuIOmmLVZMRP4AJkkNgCCly+o1pxtMiU8EISUQuBWCBHUi+u2Y1YAjIABzTa2K+PCU7qqkdrJaxvKqmmKS7C/CWFKp1stYvYIvIofyvl9Q854nMcpvxQKL0PBGh3rIaUHHV3L0PH1UDLqL5j6OPXaNvKL4UzwMDDIVAd7F5yMbtSx2PT23pBLbPYsbG1jRx7pUS/d1ZE9E8h3OA2jxW/CBf68Sb2Xlrh7IAB/6RiLLpIsUyRMv9zrbPrMuKg/q5lzO0i9fejh5z3Z3YkdnhH61doUT/RSjAjz3JrWDGxomOSK0y8TxjjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCg1kVqFs/mf4r+6EI32b8qgCBm6cL3JhVzj3Btit9D8VYU8mQcrIaXJZ3qF31zJMzCkw==]
|
||||||
mysql::db::rundeck::pass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAcWmZuTro0DNX8X/6DCJdmxm85hawng2cjSm/M26/sAzlr7i3XLIjg5TQc3BpeiKWZvQ2XZWygOEcW7g0bHH7FBS6XTXswDiLCf7ssd0DYL+eQbh4p6VijBKObug33fp4+YJaqGV7YRUNqBjXQv/SSmxFqbNaRahUqwbMidJCyjGNmfCfbSd9WxI4/8j0L38rjXR3/i+/xzgVIhgz/qymmw0rky6jN14YrwRIkdW6loMFzVd12tqdX9kh7UBdE7j58ntQgJSilQn2pLmQs6dgcXSOeIi8Sln4R0MfAtOQ1c6LoKMUdb7k8xEszpGbhX7sw51kpwvnL1LS6PQ+T8T9wDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDm1sAUc6LFtslrIuwk1JlJgDAngDM/0g4dpgyNOZDsvAU8OualEL6HZ2RFGfibteUc11wZzHkdFZlvHz2JZdO7Huo=]
|
|
||||||
|
|||||||
@@ -13,12 +13,3 @@ mysql::db:
|
|||||||
- INSERT
|
- INSERT
|
||||||
- UPDATE
|
- UPDATE
|
||||||
- DELETE
|
- DELETE
|
||||||
rundeck:
|
|
||||||
name: rundeck
|
|
||||||
user: rundeck
|
|
||||||
password: "%{alias('mysql::db::rundeck::pass')}"
|
|
||||||
grant:
|
|
||||||
- SELECT
|
|
||||||
- INSERT
|
|
||||||
- UPDATE
|
|
||||||
- DELETE
|
|
||||||
|
|||||||
@@ -5,9 +5,3 @@ networking::interfaces:
|
|||||||
networking::routes:
|
networking::routes:
|
||||||
default:
|
default:
|
||||||
gateway: 198.18.13.254
|
gateway: 198.18.13.254
|
||||||
|
|
||||||
profiles::haproxy::dns::vrrp_master: true
|
|
||||||
keepalived::vrrp_instance:
|
|
||||||
VI_250:
|
|
||||||
state: 'MASTER'
|
|
||||||
priority: 101
|
|
||||||
|
|||||||
@@ -5,8 +5,3 @@ networking::interfaces:
|
|||||||
networking::routes:
|
networking::routes:
|
||||||
default:
|
default:
|
||||||
gateway: 198.18.13.254
|
gateway: 198.18.13.254
|
||||||
|
|
||||||
keepalived::vrrp_instance:
|
|
||||||
VI_250:
|
|
||||||
state: 'BACKUP'
|
|
||||||
priority: 100
|
|
||||||
|
|||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.59
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.60
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.61
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.62
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.63
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.64
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.65
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.66
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.67
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.68
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.69
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.70
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.71
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.72
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.73
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.74
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.74
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.64.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.75
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.75
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.65.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.76
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.76
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.66.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.77
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.77
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.67.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.78
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.78
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.68.254/24'
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.79
|
|
||||||
ens19:
|
|
||||||
ensure: present
|
|
||||||
family: inet
|
|
||||||
method: static
|
|
||||||
ipaddress: 10.18.15.79
|
|
||||||
netmask: 255.255.255.0
|
|
||||||
onboot: true
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
docker::bip: '198.18.69.254/24'
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.80
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.81
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
ipaddress: 198.18.13.82
|
|
||||||
networking::routes:
|
|
||||||
default:
|
|
||||||
gateway: 198.18.13.254
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
profiles::consul::server::anycast_ip: 198.18.19.14
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_master_anycast_ip: 198.18.19.15
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_master_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_master_anycast_ip: 198.18.19.15
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_master_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_master_anycast_ip: 198.18.19.15
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_master_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_resolver_anycast_ip: 198.18.19.16
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_resolver_anycast_ip: 198.18.19.16
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- frrouting
|
|
||||||
|
|
||||||
# networking
|
|
||||||
dns_resolver_anycast_ip: 198.18.19.16
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
eth0:
|
|
||||||
type: physical
|
|
||||||
forwarding: true
|
|
||||||
dhcp: true
|
|
||||||
anycast0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 1500
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{facts.networking.ip}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
anycast0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
@@ -1,18 +0,0 @@
|
|||||||
---
|
|
||||||
networking_loopback0_ip: 198.18.19.9 # management loopback
|
|
||||||
networking_loopback1_ip: 198.18.22.9 # ceph-cluster loopback
|
|
||||||
networking_loopback2_ip: 198.18.23.9 # ceph-public loopback
|
|
||||||
networking_br10_ip: 198.18.25.254
|
|
||||||
networking::interfaces:
|
|
||||||
enp2s0:
|
|
||||||
mac: 70:b5:e8:38:e9:8d
|
|
||||||
ipaddress: 198.18.15.9
|
|
||||||
gateway: 198.18.15.254
|
|
||||||
enp3s0:
|
|
||||||
mac: 00:e0:4c:68:0f:5d
|
|
||||||
ipaddress: 198.18.21.9
|
|
||||||
|
|
||||||
#zfs::zpools:
|
|
||||||
# fastpool:
|
|
||||||
# ensure: present
|
|
||||||
# disk: /dev/nvme0n1
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
networking_loopback0_ip: 198.18.19.10 # management loopback
|
|
||||||
networking_loopback1_ip: 198.18.22.10 # ceph-cluster loopback
|
|
||||||
networking_loopback2_ip: 198.18.23.10 # ceph-public loopback
|
|
||||||
networking_br10_ip: 198.18.26.254
|
|
||||||
networking::interfaces:
|
|
||||||
enp2s0:
|
|
||||||
mac: 70:b5:e8:38:e9:37
|
|
||||||
ipaddress: 198.18.15.10
|
|
||||||
gateway: 198.18.15.254
|
|
||||||
enp3s0:
|
|
||||||
mac: 00:e0:4c:68:0f:de
|
|
||||||
ipaddress: 198.18.21.10
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
networking_loopback0_ip: 198.18.19.11 # management loopback
|
|
||||||
networking_loopback1_ip: 198.18.22.11 # ceph-cluster loopback
|
|
||||||
networking_loopback2_ip: 198.18.23.11 # ceph-public loopback
|
|
||||||
networking_br10_ip: 198.18.27.254
|
|
||||||
networking::interfaces:
|
|
||||||
enp2s0:
|
|
||||||
mac: 70:b5:e8:38:e9:0f
|
|
||||||
ipaddress: 198.18.15.11
|
|
||||||
gateway: 198.18.15.254
|
|
||||||
enp3s0:
|
|
||||||
mac: 00:e0:4c:68:0f:55
|
|
||||||
ipaddress: 198.18.21.11
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
networking_loopback0_ip: 198.18.19.12 # management loopback
|
|
||||||
networking_loopback1_ip: 198.18.22.12 # ceph-cluster loopback
|
|
||||||
networking_loopback2_ip: 198.18.23.12 # ceph-public loopback
|
|
||||||
networking_br10_ip: 198.18.28.254
|
|
||||||
networking::interfaces:
|
|
||||||
enp2s0:
|
|
||||||
mac: 70:b5:e8:4f:05:1e
|
|
||||||
ipaddress: 198.18.15.12
|
|
||||||
gateway: 198.18.15.254
|
|
||||||
enp3s0:
|
|
||||||
mac: 00:e0:4c:68:0f:e5
|
|
||||||
ipaddress: 198.18.21.12
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
networking_loopback0_ip: 198.18.19.13 # management loopback
|
|
||||||
networking_loopback1_ip: 198.18.22.13 # ceph-cluster loopback
|
|
||||||
networking_loopback2_ip: 198.18.23.13 # ceph-public loopback
|
|
||||||
networking_br10_ip: 198.18.29.254
|
|
||||||
networking::interfaces:
|
|
||||||
enp2s0:
|
|
||||||
mac: 70:b5:e8:4f:04:b0
|
|
||||||
ipaddress: 198.18.15.13
|
|
||||||
gateway: 198.18.15.254
|
|
||||||
enp3s0:
|
|
||||||
mac: 00:e0:4c:68:0f:36
|
|
||||||
ipaddress: 198.18.21.13
|
|
||||||
@@ -1,23 +1,2 @@
|
|||||||
# hieradata/os/AlmaLinux/AlmaLinux8.yaml
|
# hieradata/os/AlmaLinux/AlmaLinux8.yaml
|
||||||
---
|
---
|
||||||
crypto_policies::policy: 'DEFAULT'
|
|
||||||
|
|
||||||
profiles::packages::include:
|
|
||||||
network-scripts: {}
|
|
||||||
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
powertools:
|
|
||||||
name: powertools
|
|
||||||
descr: powertools repository
|
|
||||||
target: /etc/yum.repos.d/powertools.repo
|
|
||||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os
|
|
||||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
|
||||||
mirrorlist: absent
|
|
||||||
unkin:
|
|
||||||
name: unkin
|
|
||||||
descr: unkin repository
|
|
||||||
target: /etc/yum.repos.d/unkin.repo
|
|
||||||
baseurl: https://git.query.consul/api/packages/unkin/rpm/almalinux/el8
|
|
||||||
gpgkey: https://git.query.consul/api/packages/unkin/rpm/repository.key
|
|
||||||
gpgcheck: false
|
|
||||||
mirrorlist: absent
|
|
||||||
|
|||||||
@@ -1,36 +1,2 @@
|
|||||||
# hieradata/os/AlmaLinux/AlmaLinux9.yaml
|
# hieradata/os/AlmaLinux/AlmaLinux9.yaml
|
||||||
---
|
---
|
||||||
crypto_policies::policy: 'DEFAULT:SHA1'
|
|
||||||
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
baseos:
|
|
||||||
baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/baseos-daily/%{facts.os.architecture}/os/
|
|
||||||
gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/baseos-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
|
|
||||||
mirrorlist: absent
|
|
||||||
extras:
|
|
||||||
baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/extras-daily/%{facts.os.architecture}/os/
|
|
||||||
gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/extras-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
|
|
||||||
mirrorlist: absent
|
|
||||||
appstream:
|
|
||||||
baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/appstream-daily/%{facts.os.architecture}/os/
|
|
||||||
gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/appstream-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
|
|
||||||
mirrorlist: absent
|
|
||||||
highavailability:
|
|
||||||
baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/ha-daily/%{facts.os.architecture}/os/
|
|
||||||
gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/ha-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
|
|
||||||
mirrorlist: absent
|
|
||||||
crb:
|
|
||||||
name: crb
|
|
||||||
descr: crb repository
|
|
||||||
target: /etc/yum.repos.d/crb.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/crb-daily/%{facts.os.architecture}/os/
|
|
||||||
gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/crb-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
|
|
||||||
mirrorlist: absent
|
|
||||||
unkin:
|
|
||||||
name: unkin
|
|
||||||
descr: unkin repository
|
|
||||||
target: /etc/yum.repos.d/unkin.repo
|
|
||||||
baseurl: https://git.query.consul/api/packages/unkin/rpm/almalinux/el9
|
|
||||||
gpgkey: https://git.query.consul/api/packages/unkin/rpm/repository.key
|
|
||||||
gpgcheck: false
|
|
||||||
mirrorlist: absent
|
|
||||||
|
|||||||
@@ -3,17 +3,17 @@
|
|||||||
profiles::firewall::firewalld::ensure_package: 'absent'
|
profiles::firewall::firewalld::ensure_package: 'absent'
|
||||||
profiles::firewall::firewalld::ensure_service: 'stopped'
|
profiles::firewall::firewalld::ensure_service: 'stopped'
|
||||||
profiles::firewall::firewalld::enable_service: false
|
profiles::firewall::firewalld::enable_service: false
|
||||||
profiles::puppet::agent::puppet_version: '7.34.0'
|
profiles::puppet::agent::puppet_version: '7.26.0'
|
||||||
|
|
||||||
hiera_include:
|
hiera_include:
|
||||||
- profiles::almalinux::base
|
- profiles::almalinux::base
|
||||||
|
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
crypto-policies-scripts: {}
|
- lzo
|
||||||
lzo: {}
|
- network-scripts
|
||||||
policycoreutils: {}
|
- policycoreutils
|
||||||
unar: {}
|
- unar
|
||||||
xz: {}
|
- xz
|
||||||
|
|
||||||
lm-sensors::package: lm_sensors
|
lm-sensors::package: lm_sensors
|
||||||
|
|
||||||
@@ -39,6 +39,13 @@ profiles::yum::global::repos:
|
|||||||
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os
|
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/AppStream/%{facts.os.architecture}/os
|
||||||
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||||
mirrorlist: absent
|
mirrorlist: absent
|
||||||
|
powertools:
|
||||||
|
name: powertools
|
||||||
|
descr: powertools repository
|
||||||
|
target: /etc/yum.repos.d/powertools.repo
|
||||||
|
baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/PowerTools/%{facts.os.architecture}/os
|
||||||
|
gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
|
||||||
|
mirrorlist: absent
|
||||||
highavailability:
|
highavailability:
|
||||||
name: highavailability
|
name: highavailability
|
||||||
descr: highavailability repository
|
descr: highavailability repository
|
||||||
@@ -57,12 +64,12 @@ profiles::yum::global::repos:
|
|||||||
name: puppet
|
name: puppet
|
||||||
descr: puppet repository
|
descr: puppet repository
|
||||||
target: /etc/yum.repos.d/puppet.repo
|
target: /etc/yum.repos.d/puppet.repo
|
||||||
baseurl: https://packagerepo.service.consul/puppet7/el/%{facts.os.release.major}-daily/%{facts.os.architecture}/os/
|
baseurl: https://yum.puppet.com/puppet7/el/%{facts.os.release.major}/%{facts.os.architecture}
|
||||||
gpgkey: https://packagerepo.service.consul/puppet7/el/%{facts.os.release.major}-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-puppet-20250406
|
gpgkey: https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406
|
||||||
mirrorlist: absent
|
mirrorlist: absent
|
||||||
unkinben:
|
unkin:
|
||||||
name: unkinben
|
name: unkin
|
||||||
descr: unkinben repository
|
descr: unkin repository
|
||||||
target: /etc/yum.repos.d/unkin.repo
|
target: /etc/yum.repos.d/unkin.repo
|
||||||
baseurl: https://git.query.consul/api/packages/unkinben/rpm/el%{facts.os.release.major}
|
baseurl: https://git.query.consul/api/packages/unkinben/rpm/el%{facts.os.release.major}
|
||||||
gpgkey: https://git.query.consul/api/packages/unkinben/rpm/repository.key
|
gpgkey: https://git.query.consul/api/packages/unkinben/rpm/repository.key
|
||||||
|
|||||||
@@ -1,19 +1,15 @@
|
|||||||
# hieradata/os/debian/all_releases.yaml
|
# hieradata/os/debian/all_releases.yaml
|
||||||
---
|
---
|
||||||
profiles::apt::base::mirrorurl: http://edgecache.query.consul/debian/
|
profiles::apt::base::mirrorurl: https://edgecache.query.consul/debian/
|
||||||
profiles::apt::base::secureurl: http://security.debian.org/debian-security
|
profiles::apt::base::secureurl: http://security.debian.org/debian-security
|
||||||
profiles::apt::puppet7::mirror: http://apt.puppetlabs.com
|
profiles::apt::puppet7::mirror: http://apt.puppetlabs.com
|
||||||
profiles::apt::puppet7::repo: puppet7
|
profiles::apt::puppet7::repo: puppet7
|
||||||
profiles::pki::vaultca::ca_cert-path: /usr/local/share/ca-certificates/
|
profiles::pki::vaultca::ca_cert-path: /usr/local/share/ca-certificates/
|
||||||
|
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
lzop: {}
|
- lzop
|
||||||
python3.11-venv: {}
|
- python3.11-venv
|
||||||
xz-utils: {}
|
- xz-utils
|
||||||
|
|
||||||
lm-sensors::package: lm-sensors
|
lm-sensors::package: lm-sensors
|
||||||
networking::nwmgr_dns_none: false
|
networking::nwmgr_dns_none: false
|
||||||
|
|
||||||
consul::install_method: 'url'
|
|
||||||
consul::manage_repo: false
|
|
||||||
consul::bin_dir: /usr/local/bin
|
|
||||||
|
|||||||
@@ -1 +0,0 @@
|
|||||||
profiles::jupyter::jupyterhub::ldap_bind_pass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJspN3e2WzA0uZaLgFZ0Ewqii9dY0tTgbirsW70M2VZtLY+s+C6HE8ZZUtpfnRsFwUUhOj7s25X9xVOZNTpZIGPyfx9MWlSyFw2RFuXSEwaydf1DcBbg8261YrTTysA4Jsa1L4DLsX55q+XJUyeUbimVQkIacVIvzTdnZCBKnVNUh3U2PNAmV7SOL2KH8Jpbfs/EQfBt8XuGMCg3I/4RDyoNERqthW6W2KiMX2Gmd8iQ5+W9udH0lEAMx415oyImmN+dEuThcx9FGMi8BWYtnxH96yWafpT5qltwW6EVzIGWuLhiD1LcWYc5RB8jc3DhbeouChpKsN6c4EHoKt3aWsTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC8jcnqilJgY1/AnHWHfX4bgDCi2a3Rj43Z0dgfB5HaHdpfked3Cx+u94r2S5+Cg3QogU1AIF04rjzOL+bD2HdaMfo=]
|
|
||||||
@@ -1,74 +0,0 @@
|
|||||||
---
|
|
||||||
profiles::packages::include:
|
|
||||||
python3.12: {}
|
|
||||||
python3.12-pip: {}
|
|
||||||
|
|
||||||
hiera_include:
|
|
||||||
- docker
|
|
||||||
- profiles::nginx::simpleproxy
|
|
||||||
|
|
||||||
# manage docker
|
|
||||||
docker::version: latest
|
|
||||||
docker::curl_ensure: false
|
|
||||||
docker::root_dir: /data/docker
|
|
||||||
|
|
||||||
# manage a simple nginx reverse proxy
|
|
||||||
profiles::nginx::simpleproxy::nginx_vhost: 'jupyterhub.query.consul'
|
|
||||||
profiles::nginx::simpleproxy::nginx_aliases:
|
|
||||||
- jupyterhub.service.consul
|
|
||||||
- jupyterhub.query.consul
|
|
||||||
- "jupyterhub.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
profiles::nginx::simpleproxy::proxy_host: 127.0.0.1
|
|
||||||
profiles::nginx::simpleproxy::proxy_port: 8000
|
|
||||||
profiles::nginx::simpleproxy::proxy_path: '/'
|
|
||||||
profiles::nginx::simpleproxy::use_default_location: false
|
|
||||||
nginx::client_max_body_size: 20M
|
|
||||||
|
|
||||||
profiles::nginx::simpleproxy::locations:
|
|
||||||
# authorised access from external
|
|
||||||
default:
|
|
||||||
ensure: 'present'
|
|
||||||
server: "%{lookup('profiles::nginx::simpleproxy::nginx_vhost')}"
|
|
||||||
ssl_only: true
|
|
||||||
location: '/'
|
|
||||||
proxy: "http://%{lookup('profiles::nginx::simpleproxy::proxy_host')}:%{lookup('profiles::nginx::simpleproxy::proxy_port')}"
|
|
||||||
proxy_set_header:
|
|
||||||
- 'Host $host'
|
|
||||||
- 'X-Real-IP $remote_addr'
|
|
||||||
- 'X-Forwarded-For $proxy_add_x_forwarded_for'
|
|
||||||
- 'X-Forwarded-Host $host'
|
|
||||||
- 'X-Forwarded-Proto $scheme'
|
|
||||||
- 'Upgrade $http_upgrade'
|
|
||||||
- 'Connection $http_connection'
|
|
||||||
- 'X-Scheme $scheme'
|
|
||||||
proxy_redirect: 'off'
|
|
||||||
proxy_http_version: '1.1'
|
|
||||||
proxy_buffering: 'off'
|
|
||||||
|
|
||||||
# additional altnames
|
|
||||||
profiles::pki::vault::alt_names:
|
|
||||||
- jupyterhub.service.consul
|
|
||||||
- jupyterhub.query.consul
|
|
||||||
- "jupyterhub.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
# configure consul service
|
|
||||||
consul::services:
|
|
||||||
jupyterhub:
|
|
||||||
service_name: 'jupyterhub'
|
|
||||||
tags:
|
|
||||||
- 'jupyterhub'
|
|
||||||
address: "%{facts.networking.ip}"
|
|
||||||
port: 443
|
|
||||||
checks:
|
|
||||||
- id: 'jupyterhub_http_check'
|
|
||||||
name: 'jupyterhub HTTP Check'
|
|
||||||
http: "https://%{facts.networking.fqdn}"
|
|
||||||
method: 'GET'
|
|
||||||
tls_skip_verify: true
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: jupyterhub
|
|
||||||
disposition: write
|
|
||||||
@@ -2,6 +2,7 @@
|
|||||||
hiera_include:
|
hiera_include:
|
||||||
- lidarr
|
- lidarr
|
||||||
- profiles::nginx::ldapauth
|
- profiles::nginx::ldapauth
|
||||||
|
- profiles::metrics::exportarr
|
||||||
|
|
||||||
# manage lidarr
|
# manage lidarr
|
||||||
lidarr::params::user: lidarr
|
lidarr::params::user: lidarr
|
||||||
@@ -54,3 +55,11 @@ profiles::consul::client::node_rules:
|
|||||||
- resource: service
|
- resource: service
|
||||||
segment: lidarr
|
segment: lidarr
|
||||||
disposition: write
|
disposition: write
|
||||||
|
|
||||||
|
profiles::metrics::exportarr:
|
||||||
|
app: 'lidarr'
|
||||||
|
config_path: '/opt/lidarr/config.xml'
|
||||||
|
api_key: "%{hiera('lidarr::api_key')}"
|
||||||
|
version: '2.0.1'
|
||||||
|
app_port: "%hiera('lidarr::params::port')"
|
||||||
|
enable_additional_metrics: true
|
||||||
|
|||||||
@@ -59,19 +59,3 @@ profiles::consul::client::node_rules:
|
|||||||
- resource: service
|
- resource: service
|
||||||
segment: nzbget
|
segment: nzbget
|
||||||
disposition: write
|
disposition: write
|
||||||
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
rpmfusion-free:
|
|
||||||
name: rpmfusion-free
|
|
||||||
descr: rpmfusion-free repository
|
|
||||||
target: /etc/yum.repos.d/rpmfusion.repo
|
|
||||||
baseurl: https://download1.rpmfusion.org/free/el/updates/%{facts.os.release.major}/%{facts.os.architecture}
|
|
||||||
gpgkey: https://download1.rpmfusion.org/free/el/RPM-GPG-KEY-rpmfusion-free-el-%{facts.os.release.major}
|
|
||||||
mirrorlist: absent
|
|
||||||
rpmfusion-nonfree:
|
|
||||||
name: rpmfusion-nonfree
|
|
||||||
descr: rpmfusion-nonfree repository
|
|
||||||
target: /etc/yum.repos.d/rpmfusion.repo
|
|
||||||
baseurl: https://download1.rpmfusion.org/nonfree/el/updates/%{facts.os.release.major}/%{facts.os.architecture}
|
|
||||||
gpgkey: https://download1.rpmfusion.org/nonfree/el/RPM-GPG-KEY-rpmfusion-nonfree-el-%{facts.os.release.major}
|
|
||||||
mirrorlist: absent
|
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
hiera_include:
|
hiera_include:
|
||||||
- prowlarr
|
- prowlarr
|
||||||
- profiles::nginx::ldapauth
|
- profiles::nginx::ldapauth
|
||||||
|
- profiles::metrics::exportarr
|
||||||
|
|
||||||
# manage prowlarr
|
# manage prowlarr
|
||||||
prowlarr::params::user: prowlarr
|
prowlarr::params::user: prowlarr
|
||||||
@@ -55,11 +56,10 @@ profiles::consul::client::node_rules:
|
|||||||
segment: prowlarr
|
segment: prowlarr
|
||||||
disposition: write
|
disposition: write
|
||||||
|
|
||||||
profiles::nginx::simpleproxy::locations:
|
profiles::metrics::exportarr:
|
||||||
arrstack_web_external:
|
app: 'prowlarr'
|
||||||
location_satisfy: any
|
config_path: '/opt/prowlarr/config.xml'
|
||||||
location_allow:
|
api_key: "%{hiera('prowlarr::api_key')}"
|
||||||
- 198.18.13.47
|
version: '2.0.1'
|
||||||
- 198.18.13.50
|
app_port: "%hiera('prowlarr::params::port')"
|
||||||
- 198.18.13.51
|
enable_additional_metrics: true
|
||||||
- 198.18.13.52
|
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
hiera_include:
|
hiera_include:
|
||||||
- radarr
|
- radarr
|
||||||
- profiles::nginx::ldapauth
|
- profiles::nginx::ldapauth
|
||||||
|
- profiles::metrics::exportarr
|
||||||
|
|
||||||
# manage radarr
|
# manage radarr
|
||||||
radarr::params::user: radarr
|
radarr::params::user: radarr
|
||||||
@@ -55,3 +56,11 @@ profiles::consul::client::node_rules:
|
|||||||
- resource: service
|
- resource: service
|
||||||
segment: radarr
|
segment: radarr
|
||||||
disposition: write
|
disposition: write
|
||||||
|
|
||||||
|
profiles::metrics::exportarr:
|
||||||
|
app: 'radarr'
|
||||||
|
config_path: '/opt/radarr/config.xml'
|
||||||
|
api_key: "%{hiera('radarr::api_key')}"
|
||||||
|
version: '2.0.1'
|
||||||
|
app_port: "%hiera('radarr::params::port')"
|
||||||
|
enable_additional_metrics: true
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
hiera_include:
|
hiera_include:
|
||||||
- readarr
|
- readarr
|
||||||
- profiles::nginx::ldapauth
|
- profiles::nginx::ldapauth
|
||||||
|
- profiles::metrics::exportarr
|
||||||
|
|
||||||
# manage readarr
|
# manage readarr
|
||||||
readarr::params::user: readarr
|
readarr::params::user: readarr
|
||||||
@@ -54,3 +55,11 @@ profiles::consul::client::node_rules:
|
|||||||
- resource: service
|
- resource: service
|
||||||
segment: readarr
|
segment: readarr
|
||||||
disposition: write
|
disposition: write
|
||||||
|
|
||||||
|
profiles::metrics::exportarr:
|
||||||
|
app: 'readarr'
|
||||||
|
config_path: '/opt/readarr/config.xml'
|
||||||
|
api_key: "%{hiera('readarr::api_key')}"
|
||||||
|
version: '2.0.1'
|
||||||
|
app_port: "%hiera('readarr::params::port')"
|
||||||
|
enable_additional_metrics: true
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
hiera_include:
|
hiera_include:
|
||||||
- sonarr
|
- sonarr
|
||||||
- profiles::nginx::ldapauth
|
- profiles::nginx::ldapauth
|
||||||
|
- profiles::metrics::exportarr
|
||||||
|
|
||||||
# manage sonarr
|
# manage sonarr
|
||||||
sonarr::params::user: sonarr
|
sonarr::params::user: sonarr
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
policycoreutils: {}
|
- policycoreutils
|
||||||
|
|
||||||
puppetdb::master::config::create_puppet_service_resource: false
|
puppetdb::master::config::create_puppet_service_resource: false
|
||||||
#puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"
|
#puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"
|
||||||
|
|||||||
@@ -59,12 +59,6 @@ glauth::users:
|
|||||||
- 20014
|
- 20014
|
||||||
- 20015
|
- 20015
|
||||||
- 20016
|
- 20016
|
||||||
- 20017
|
|
||||||
- 20018
|
|
||||||
- 20023
|
|
||||||
- 20024
|
|
||||||
- 20025 # jupyterhub_admin
|
|
||||||
- 20026 # jupyterhub_user
|
|
||||||
loginshell: '/bin/bash'
|
loginshell: '/bin/bash'
|
||||||
homedir: '/home/benvin'
|
homedir: '/home/benvin'
|
||||||
passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a'
|
passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a'
|
||||||
@@ -88,109 +82,6 @@ glauth::users:
|
|||||||
loginshell: '/bin/bash'
|
loginshell: '/bin/bash'
|
||||||
homedir: '/home/matsol'
|
homedir: '/home/matsol'
|
||||||
passsha256: '369263e2455a57c8c21388860c417b640fcf045a303cfc88def18c5197493600'
|
passsha256: '369263e2455a57c8c21388860c417b640fcf045a303cfc88def18c5197493600'
|
||||||
seablo:
|
|
||||||
user_name: 'seablo'
|
|
||||||
givenname: 'Sean'
|
|
||||||
sn: 'Bloomfield'
|
|
||||||
mail: 'seablo@users.main.unkin.net'
|
|
||||||
uidnumber: 20002
|
|
||||||
primarygroup: 20000
|
|
||||||
othergroups:
|
|
||||||
- 20010 # jelly
|
|
||||||
- 20011 # sonarr
|
|
||||||
- 20012 # radarr
|
|
||||||
- 20013 # lidarr
|
|
||||||
- 20014 # readarr
|
|
||||||
- 20016 # nzbget
|
|
||||||
loginshell: '/bin/bash'
|
|
||||||
homedir: '/home/seablo'
|
|
||||||
passsha256: '2db12484b2b5fdae7f3a1f9f870143c363af14bf2c31a415a9a7afcb02520df2'
|
|
||||||
marbal:
|
|
||||||
user_name: 'marbal'
|
|
||||||
givenname: 'Mark'
|
|
||||||
sn: 'Balch'
|
|
||||||
mail: 'marbal@users.main.unkin.net'
|
|
||||||
uidnumber: 20003
|
|
||||||
primarygroup: 20000
|
|
||||||
othergroups:
|
|
||||||
- 20010 # jelly
|
|
||||||
- 20011 # sonarr
|
|
||||||
- 20012 # radarr
|
|
||||||
- 20013 # lidarr
|
|
||||||
- 20014 # readarr
|
|
||||||
- 20016 # nzbget
|
|
||||||
loginshell: '/bin/bash'
|
|
||||||
homedir: '/home/marbal'
|
|
||||||
passsha256: 'cc20cee6269b9970a76549c66b51d0c543352796180d4122260a47f0f7a442a9'
|
|
||||||
kelren:
|
|
||||||
user_name: 'kelren'
|
|
||||||
givenname: 'Kelly'
|
|
||||||
sn: 'Rennie'
|
|
||||||
mail: 'kelren@users.main.unkin.net'
|
|
||||||
uidnumber: 20004
|
|
||||||
primarygroup: 20000
|
|
||||||
othergroups:
|
|
||||||
- 20010 # jelly
|
|
||||||
- 20011 # sonarr
|
|
||||||
- 20012 # radarr
|
|
||||||
- 20013 # lidarr
|
|
||||||
- 20014 # readarr
|
|
||||||
- 20016 # nzbget
|
|
||||||
loginshell: '/bin/bash'
|
|
||||||
homedir: '/home/kelren'
|
|
||||||
passsha256: '5b01659bca1ecb27847d2f746fab03eb169879ebcc86547024753dac7cb184c4'
|
|
||||||
ryadun:
|
|
||||||
user_name: 'ryadun'
|
|
||||||
givenname: 'Ryan'
|
|
||||||
sn: 'Dunbar'
|
|
||||||
mail: 'ryadun@users.main.unkin.net'
|
|
||||||
uidnumber: 20005
|
|
||||||
primarygroup: 20000
|
|
||||||
othergroups:
|
|
||||||
- 20010 # jelly
|
|
||||||
- 20011 # sonarr
|
|
||||||
- 20012 # radarr
|
|
||||||
- 20013 # lidarr
|
|
||||||
- 20014 # readarr
|
|
||||||
- 20016 # nzbget
|
|
||||||
loginshell: '/bin/bash'
|
|
||||||
homedir: '/home/ryadun'
|
|
||||||
passsha256: 'ee17174d49545f6f7257ae79eb173de4acf2b2edf55e181de90decd0e4b4e617'
|
|
||||||
margol:
|
|
||||||
user_name: 'margol'
|
|
||||||
givenname: 'Maree'
|
|
||||||
sn: 'Goldsworthy'
|
|
||||||
mail: 'margol@users.main.unkin.net'
|
|
||||||
uidnumber: 20006
|
|
||||||
primarygroup: 20000
|
|
||||||
othergroups:
|
|
||||||
- 20010 # jelly
|
|
||||||
- 20011 # sonarr
|
|
||||||
- 20012 # radarr
|
|
||||||
- 20013 # lidarr
|
|
||||||
- 20014 # readarr
|
|
||||||
- 20016 # nzbget
|
|
||||||
loginshell: '/bin/bash'
|
|
||||||
homedir: '/home/margol'
|
|
||||||
passsha256: '31a66085fb7eaeb059e51d1376233db72b54f96a6c45947aafbb350c83e618ef'
|
|
||||||
sudobo:
|
|
||||||
user_name: 'sudobo'
|
|
||||||
givenname: 'Sudaporn'
|
|
||||||
sn: 'Obom'
|
|
||||||
mail: 'sudobo@users.main.unkin.net'
|
|
||||||
uidnumber: 20007
|
|
||||||
primarygroup: 20000
|
|
||||||
othergroups:
|
|
||||||
- 20010 # jelly
|
|
||||||
- 20011 # sonarr
|
|
||||||
- 20012 # radarr
|
|
||||||
- 20013 # lidarr
|
|
||||||
- 20014 # readarr
|
|
||||||
- 20016 # nzbget
|
|
||||||
- 20026 # jupyterhub_user
|
|
||||||
loginshell: '/bin/bash'
|
|
||||||
homedir: '/home/sudobo'
|
|
||||||
passsha256: 'a326e049c2a615226877946220a978a0a8247c569be1adcd73539b09b14136d0'
|
|
||||||
|
|
||||||
glauth::services:
|
glauth::services:
|
||||||
svc_jellyfin:
|
svc_jellyfin:
|
||||||
@@ -235,38 +126,6 @@ glauth::services:
|
|||||||
uidnumber: 30006
|
uidnumber: 30006
|
||||||
primarygroup: 20001
|
primarygroup: 20001
|
||||||
passsha256: 'c9d38f687fcbea754a9f78675d89276d2347f9d15190fff267c3ae1a75f61be6'
|
passsha256: 'c9d38f687fcbea754a9f78675d89276d2347f9d15190fff267c3ae1a75f61be6'
|
||||||
svc_nzbsubmit:
|
|
||||||
service_name: 'svc_nzbsubmit'
|
|
||||||
mail: 'nzbsubmit@service.main.unkin.net'
|
|
||||||
uidnumber: 30007
|
|
||||||
primarygroup: 20001
|
|
||||||
othergroups:
|
|
||||||
- 20016
|
|
||||||
passsha256: '7af7e12fdc56e9050d16c167f4e34091ad3cf938283e13451b35f9b3d212bfa2'
|
|
||||||
svc_rundeck:
|
|
||||||
service_name: 'svc_rundeck'
|
|
||||||
mail: 'rundeck@service.main.unkin.net'
|
|
||||||
uidnumber: 30007
|
|
||||||
primarygroup: 20001
|
|
||||||
passsha256: 'b27786b22c5938d24ffc9be049de366b055c9f054bf38fb73bbd6fba9e1bd525'
|
|
||||||
svc_terraform:
|
|
||||||
service_name: 'svc_terraform'
|
|
||||||
mail: 'terraform@service.main.unkin.net'
|
|
||||||
uidnumber: 30008
|
|
||||||
primarygroup: 20001
|
|
||||||
passsha256: 'b27786b22c5938d24ffc9be049de366b055c9f054bf38fb73bbd6fba9e1bd525'
|
|
||||||
svc_vault:
|
|
||||||
service_name: 'svc_vault'
|
|
||||||
mail: 'vault@service.main.unkin.net'
|
|
||||||
uidnumber: 30009
|
|
||||||
primarygroup: 20001
|
|
||||||
passsha256: 'd63b04884d5c7d630b0c06896046065a0926ac5c3d6177ef85320e5fa1be00b9'
|
|
||||||
svc_jupyterhub:
|
|
||||||
service_name: 'svc_jupyterhub'
|
|
||||||
mail: 'jupyterhub@service.main.unkin.net'
|
|
||||||
uidnumber: 30010
|
|
||||||
primarygroup: 20001
|
|
||||||
passsha256: '09db1e0c2498214da35f3f2ed46a90a7b90635c207f8725e7abf76b48345a39b'
|
|
||||||
|
|
||||||
glauth::groups:
|
glauth::groups:
|
||||||
users:
|
users:
|
||||||
@@ -296,33 +155,3 @@ glauth::groups:
|
|||||||
nzbget_access:
|
nzbget_access:
|
||||||
group_name: 'nzbget_access'
|
group_name: 'nzbget_access'
|
||||||
gidnumber: 20016
|
gidnumber: 20016
|
||||||
rundeck_access:
|
|
||||||
group_name: 'rundeck_access'
|
|
||||||
gidnumber: 20017
|
|
||||||
rundeck_globaladmin:
|
|
||||||
group_name: 'rundeck_globaladmin'
|
|
||||||
gidnumber: 20018
|
|
||||||
rundeck_selfservice_admin:
|
|
||||||
group_name: 'rundeck_selfservice_admin'
|
|
||||||
gidnumber: 20019
|
|
||||||
rundeck_selfservice_user:
|
|
||||||
group_name: 'rundeck_selfservice_user'
|
|
||||||
gidnumber: 20020
|
|
||||||
rundeck_infrastructure_admin:
|
|
||||||
group_name: 'rundeck_infrastructure_admin'
|
|
||||||
gidnumber: 20021
|
|
||||||
rundeck_infrastructure_user:
|
|
||||||
group_name: 'rundeck_infrastructure_user'
|
|
||||||
gidnumber: 20022
|
|
||||||
vault_access:
|
|
||||||
group_name: 'vault_access'
|
|
||||||
gidnumber: 20023
|
|
||||||
vault_admin:
|
|
||||||
group_name: 'vault_admin'
|
|
||||||
gidnumber: 20024
|
|
||||||
jupyterhub_admin:
|
|
||||||
group_name: 'jupyterhub_admin'
|
|
||||||
gidnumber: 20025
|
|
||||||
jupyterhub_user:
|
|
||||||
group_name: 'jupyterhub_user'
|
|
||||||
gidnumber: 20026
|
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
@@ -1,205 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- profiles::rundeck::server
|
|
||||||
- profiles::nginx::simpleproxy
|
|
||||||
|
|
||||||
hiera_exclude:
|
|
||||||
- profiles::accounts::rundeck
|
|
||||||
|
|
||||||
profiles::packages::exclude:
|
|
||||||
- jq
|
|
||||||
|
|
||||||
profiles::ssh::sign::principals:
|
|
||||||
- rundeck.main.unkin.net
|
|
||||||
- rundeck.service.consul
|
|
||||||
- rundeck.query.consul
|
|
||||||
|
|
||||||
# manage a simple nginx reverse proxy
|
|
||||||
profiles::nginx::simpleproxy::nginx_vhost: 'rundeck.query.consul'
|
|
||||||
profiles::nginx::simpleproxy::nginx_aliases:
|
|
||||||
- rundeck.main.unkin.net
|
|
||||||
- rundeck.service.consul
|
|
||||||
- rundeck.query.consul
|
|
||||||
- "rundeck.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
profiles::nginx::simpleproxy::proxy_port: 4440
|
|
||||||
profiles::nginx::simpleproxy::proxy_path: '/'
|
|
||||||
nginx::client_max_body_size: 20M
|
|
||||||
# additional altnames
|
|
||||||
profiles::pki::vault::alt_names:
|
|
||||||
- rundeck.main.unkin.net
|
|
||||||
- rundeck.service.consul
|
|
||||||
- rundeck.query.consul
|
|
||||||
- "rundeck.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
# configure consul service
|
|
||||||
consul::services:
|
|
||||||
rundeck:
|
|
||||||
service_name: 'rundeck'
|
|
||||||
tags:
|
|
||||||
- 'automation'
|
|
||||||
- 'rundeck'
|
|
||||||
address: "%{facts.networking.ip}"
|
|
||||||
port: 443
|
|
||||||
checks:
|
|
||||||
- id: 'glauth_http_check'
|
|
||||||
name: 'glauth HTTP Check'
|
|
||||||
http: "http://%{facts.networking.fqdn}:4440"
|
|
||||||
method: 'GET'
|
|
||||||
tls_skip_verify: true
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: rundeck
|
|
||||||
disposition: write
|
|
||||||
|
|
||||||
profiles::rundeck::server::mysql_backend: true
|
|
||||||
profiles::rundeck::server::mysql_host: mariadb-prod.service.au-syd1.consul
|
|
||||||
profiles::rundeck::server::grails_server_url: https://rundeck.service.consul
|
|
||||||
profiles::rundeck::server::auth_config:
|
|
||||||
file:
|
|
||||||
auth_flag: 'sufficient'
|
|
||||||
jaas_config:
|
|
||||||
file: '/etc/rundeck/realm.properties'
|
|
||||||
realm_config:
|
|
||||||
admin_user: 'admin'
|
|
||||||
admin_password: "%{hiera('rundeck_admin_pass')}"
|
|
||||||
ldap:
|
|
||||||
jaas_config:
|
|
||||||
debug: 'true'
|
|
||||||
providerUrl: 'ldap://ldap.service.consul:389'
|
|
||||||
bindDn: 'cn=svc_rundeck,ou=services,ou=users,dc=main,dc=unkin,dc=net'
|
|
||||||
bindPassword: "%{hiera('ldap_bindpass')}"
|
|
||||||
authenticationMethod: 'simple'
|
|
||||||
forceBindingLogin: 'true'
|
|
||||||
userBaseDn: 'ou=people,ou=users,dc=main,dc=unkin,dc=net'
|
|
||||||
userRdnAttribute: 'uid'
|
|
||||||
userIdAttribute: 'uid'
|
|
||||||
userPasswordAttribute: 'userPassword'
|
|
||||||
userObjectClass: 'posixAccount'
|
|
||||||
roleBaseDn: 'ou=groups,dc=main,dc=unkin,dc=net'
|
|
||||||
roleNameAttribute: 'uid'
|
|
||||||
roleMemberAttribute: 'uniqueMember'
|
|
||||||
roleObjectClass: 'groupOfUniqueNames'
|
|
||||||
nestedGroups: 'true'
|
|
||||||
|
|
||||||
profiles::rundeck::server::key_storage_config:
|
|
||||||
- type: 'db'
|
|
||||||
path: 'keys'
|
|
||||||
- type: 'vault-storage'
|
|
||||||
path: 'vault'
|
|
||||||
config:
|
|
||||||
prefix: 'rundeck'
|
|
||||||
address: https://vault.query.consul:8200
|
|
||||||
storageBehaviour: 'vault'
|
|
||||||
secretBackend: rundeck
|
|
||||||
engineVersion: '2'
|
|
||||||
authBackend: approle
|
|
||||||
approleAuthMount: approle
|
|
||||||
approleId: "%{hiera('vault::roleid')}"
|
|
||||||
|
|
||||||
profiles::rundeck::server::cli_projects:
|
|
||||||
Self-Service:
|
|
||||||
update_method: 'set'
|
|
||||||
config:
|
|
||||||
project.description: 'self-service tasks'
|
|
||||||
project.disable.executions: 'false'
|
|
||||||
Infrastructure:
|
|
||||||
config:
|
|
||||||
project.description: 'infrastructure management'
|
|
||||||
project.disable.schedule: 'false'
|
|
||||||
|
|
||||||
profiles::rundeck::server::acl_policies:
|
|
||||||
global_admin_policy:
|
|
||||||
acl_policies:
|
|
||||||
- description: 'Global Admin, all access'
|
|
||||||
context:
|
|
||||||
application: "rundeck"
|
|
||||||
for:
|
|
||||||
project:
|
|
||||||
- allow: '*'
|
|
||||||
resource:
|
|
||||||
- allow: '*'
|
|
||||||
storage:
|
|
||||||
- allow: '*'
|
|
||||||
by:
|
|
||||||
- group: ['rundeck_globaladmin']
|
|
||||||
- description: 'Global Admin, all access'
|
|
||||||
context:
|
|
||||||
project: '.*'
|
|
||||||
for:
|
|
||||||
resource:
|
|
||||||
- allow: '*'
|
|
||||||
adhoc:
|
|
||||||
- allow: '*'
|
|
||||||
job:
|
|
||||||
- allow: '*'
|
|
||||||
node:
|
|
||||||
- allow: '*'
|
|
||||||
by:
|
|
||||||
- group: ['rundeck_globaladmin']
|
|
||||||
selfservice_admin_policy:
|
|
||||||
acl_policies:
|
|
||||||
- description: 'Admin, all access for Self-Service project'
|
|
||||||
context:
|
|
||||||
project: 'Self-Service'
|
|
||||||
for:
|
|
||||||
resource:
|
|
||||||
- allow: '*'
|
|
||||||
adhoc:
|
|
||||||
- allow: '*'
|
|
||||||
job:
|
|
||||||
- allow: '*'
|
|
||||||
node:
|
|
||||||
- allow: '*'
|
|
||||||
by:
|
|
||||||
- group: ['rundeck_selfserice_admin']
|
|
||||||
selfservice_user_policy:
|
|
||||||
acl_policies:
|
|
||||||
- description: 'Users can execute tasks but not edit for Self-Service project'
|
|
||||||
context:
|
|
||||||
project: 'Self-Service'
|
|
||||||
for:
|
|
||||||
resource:
|
|
||||||
- allow: ['read']
|
|
||||||
adhoc:
|
|
||||||
- allow: ['run']
|
|
||||||
job:
|
|
||||||
- allow: ['read', 'run']
|
|
||||||
node:
|
|
||||||
- allow: ['read', 'run']
|
|
||||||
by:
|
|
||||||
- group: ['rundeck_selfserice_user']
|
|
||||||
infrastructure_admin_policy:
|
|
||||||
acl_policies:
|
|
||||||
- description: 'Admin, all access for Infrastructure project'
|
|
||||||
context:
|
|
||||||
project: 'Infrastructure'
|
|
||||||
for:
|
|
||||||
resource:
|
|
||||||
- allow: '*'
|
|
||||||
adhoc:
|
|
||||||
- allow: '*'
|
|
||||||
job:
|
|
||||||
- allow: '*'
|
|
||||||
node:
|
|
||||||
- allow: '*'
|
|
||||||
by:
|
|
||||||
- group: ['rundeck_infrastructure_admin']
|
|
||||||
infrastructure_user_policy:
|
|
||||||
acl_policies:
|
|
||||||
- description: 'Users can execute tasks but not edit for Infrastructure project'
|
|
||||||
context:
|
|
||||||
project: 'Infrastructure'
|
|
||||||
for:
|
|
||||||
resource:
|
|
||||||
- allow: ['read']
|
|
||||||
adhoc:
|
|
||||||
- allow: ['run']
|
|
||||||
job:
|
|
||||||
- allow: ['read', 'run']
|
|
||||||
node:
|
|
||||||
- allow: ['read', 'run']
|
|
||||||
by:
|
|
||||||
- group: ['rundeck_infrastructure_user']
|
|
||||||
@@ -1,15 +1,15 @@
|
|||||||
---
|
---
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
cobbler: {}
|
- cobbler
|
||||||
cobbler3.2-web: {}
|
- cobbler3.2-web
|
||||||
httpd: {}
|
- httpd
|
||||||
syslinux: {}
|
- syslinux
|
||||||
dnf-plugins-core: {}
|
- dnf-plugins-core
|
||||||
debmirror: {}
|
- debmirror
|
||||||
pykickstart: {}
|
- pykickstart
|
||||||
fence-agents: {}
|
- fence-agents
|
||||||
selinux-policy-devel: {}
|
- selinux-policy-devel
|
||||||
ipxe-bootimgs: {}
|
- ipxe-bootimgs
|
||||||
|
|
||||||
profiles::pki::vault::alt_names:
|
profiles::pki::vault::alt_names:
|
||||||
- cobbler.main.unkin.net
|
- cobbler.main.unkin.net
|
||||||
|
|||||||
@@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
redisha::masterauth: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAV8znsSGAbPpPUhAcyOIWFltVyAcx3yVcIvC+JFndkkuVBT1813GSURrXIreXSilvJEHlwRC03A9NhjWJSsHBIS12uUb+7ap95oh2JJ7OHmeWSVD1GDDRpTQAgDEOikAnioRNJfQ83jUa11nJrsavt46hSq8vDq+rZ2P8ugiNk59mNX5vgYthCPXcEJd7UmpLZhgxZ8+42l4TKo7QpqKRcIMteJXk1NvyYfYGnGTZhknuyHM3xPGauGjKzamMlTzD9dGnn2K0/Q7I4PUyT24ZEG3kNVyDlVHTYcKnIT5q8qvmJdDQfZwOETF3SrzcqhQ2nqFvmI19sCTsQVmveb/2ITBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC9KML3vzwF4vGZdtiu++jmgDAWPZspCckgoXPkgNRMePov3pXSlKUAGxwmdsuIM75rJMxlSTiil2lzMMBWXmUofys=]
|
|
||||||
@@ -1,67 +0,0 @@
|
|||||||
---
|
|
||||||
# additional altnames
|
|
||||||
profiles::pki::vault::alt_names:
|
|
||||||
- redis.main.unkin.net
|
|
||||||
- redis.service.consul
|
|
||||||
- redis.query.consul
|
|
||||||
- "redis.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
profiles::ssh::sign::principals:
|
|
||||||
- redis.main.unkin.net
|
|
||||||
- redis.service.consul
|
|
||||||
- redis.query.consul
|
|
||||||
|
|
||||||
|
|
||||||
hiera_include:
|
|
||||||
- redisha
|
|
||||||
|
|
||||||
redisha::manage_repo: false
|
|
||||||
redisha::redisha_members_lookup: true
|
|
||||||
redisha::redisha_members_role: roles::infra::db::redis
|
|
||||||
#redisha::redis::requirepass: "%{hiera('redisha::masterauth')}"
|
|
||||||
#redisha::redis::masterauth: "%{hiera('redisha::masterauth')}"
|
|
||||||
redisha::sentinel::master_name: "%{facts.country}-%{facts.region}"
|
|
||||||
redisha::sentinel::requirepass: "%{hiera('redisha::masterauth')}"
|
|
||||||
redisha::sentinel::auth_pass: "%{hiera('redisha::masterauth')}"
|
|
||||||
redisha::tools::requirepass: "%{hiera('redisha::masterauth')}"
|
|
||||||
|
|
||||||
sudo::configs:
|
|
||||||
consul:
|
|
||||||
priority: 20
|
|
||||||
content: |
|
|
||||||
consul ALL=(ALL) NOPASSWD: /usr/local/sbin/sentineladm info
|
|
||||||
consul::services:
|
|
||||||
redis-replica:
|
|
||||||
service_name: "redis-replica-%{facts.environment}"
|
|
||||||
tags:
|
|
||||||
- 'redis'
|
|
||||||
- 'redis-replica'
|
|
||||||
address: "%{facts.networking.ip}"
|
|
||||||
port: 6379
|
|
||||||
checks:
|
|
||||||
- id: 'redis-replica_tcp_check'
|
|
||||||
name: 'Redis Replica TCP Check'
|
|
||||||
tcp: "%{facts.networking.ip}:6379"
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
redis-master:
|
|
||||||
service_name: "redis-master-%{facts.environment}"
|
|
||||||
tags:
|
|
||||||
- 'redis'
|
|
||||||
- 'redis-master'
|
|
||||||
address: "%{facts.networking.ip}"
|
|
||||||
port: 6379
|
|
||||||
checks:
|
|
||||||
- id: 'redis-master_tcp_check'
|
|
||||||
name: "Redis Master Check"
|
|
||||||
args:
|
|
||||||
- '/usr/local/bin/check_redis_master'
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: "redis-replica-%{facts.environment}"
|
|
||||||
disposition: write
|
|
||||||
- resource: service
|
|
||||||
segment: "redis-master-%{facts.environment}"
|
|
||||||
disposition: write
|
|
||||||
@@ -15,7 +15,9 @@ profiles::dhcp::server::pools:
|
|||||||
range:
|
range:
|
||||||
- '198.18.15.200 198.18.15.220'
|
- '198.18.15.200 198.18.15.220'
|
||||||
gateway: 198.18.15.254
|
gateway: 198.18.15.254
|
||||||
nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
nameservers:
|
||||||
|
- 198.18.13.12
|
||||||
|
- 198.18.13.13
|
||||||
domain_name: main.unkin.net
|
domain_name: main.unkin.net
|
||||||
pxeserver: 198.18.13.27
|
pxeserver: 198.18.13.27
|
||||||
syd1-test:
|
syd1-test:
|
||||||
@@ -24,7 +26,9 @@ profiles::dhcp::server::pools:
|
|||||||
range:
|
range:
|
||||||
- '198.18.16.200 198.18.16.220'
|
- '198.18.16.200 198.18.16.220'
|
||||||
gateway: 198.18.16.254
|
gateway: 198.18.16.254
|
||||||
nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
nameservers:
|
||||||
|
- 198.18.13.12
|
||||||
|
- 198.18.13.13
|
||||||
domain_name: main.unkin.net
|
domain_name: main.unkin.net
|
||||||
pxeserver: 198.18.13.27
|
pxeserver: 198.18.13.27
|
||||||
syd1-prod1:
|
syd1-prod1:
|
||||||
@@ -33,7 +37,9 @@ profiles::dhcp::server::pools:
|
|||||||
range:
|
range:
|
||||||
- '198.18.13.200 198.18.13.220'
|
- '198.18.13.200 198.18.13.220'
|
||||||
gateway: 198.18.13.254
|
gateway: 198.18.13.254
|
||||||
nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
nameservers:
|
||||||
|
- 198.18.13.12
|
||||||
|
- 198.18.13.13
|
||||||
domain_name: main.unkin.net
|
domain_name: main.unkin.net
|
||||||
pxeserver: 198.18.13.27
|
pxeserver: 198.18.13.27
|
||||||
syd1-prod2:
|
syd1-prod2:
|
||||||
@@ -42,7 +48,9 @@ profiles::dhcp::server::pools:
|
|||||||
range:
|
range:
|
||||||
- '198.18.14.200 198.18.14.220'
|
- '198.18.14.200 198.18.14.220'
|
||||||
gateway: 198.18.14.254
|
gateway: 198.18.14.254
|
||||||
nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
nameservers:
|
||||||
|
- 198.18.13.12
|
||||||
|
- 198.18.13.13
|
||||||
domain_name: main.unkin.net
|
domain_name: main.unkin.net
|
||||||
pxeserver: 198.18.13.27
|
pxeserver: 198.18.13.27
|
||||||
drw1-prod:
|
drw1-prod:
|
||||||
@@ -51,7 +59,9 @@ profiles::dhcp::server::pools:
|
|||||||
range:
|
range:
|
||||||
- '198.18.17.200 198.18.17.220'
|
- '198.18.17.200 198.18.17.220'
|
||||||
gateway: 198.18.17.1
|
gateway: 198.18.17.1
|
||||||
nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
nameservers:
|
||||||
|
- 198.18.17.7
|
||||||
|
- 198.18.17.8
|
||||||
domain_name: main.unkin.net
|
domain_name: main.unkin.net
|
||||||
pxeserver: 198.18.13.27
|
pxeserver: 198.18.13.27
|
||||||
|
|
||||||
|
|||||||
@@ -9,14 +9,6 @@ profiles::dns::master::acls:
|
|||||||
- 198.18.15.0/24
|
- 198.18.15.0/24
|
||||||
- 198.18.16.0/24
|
- 198.18.16.0/24
|
||||||
- 198.18.17.0/24
|
- 198.18.17.0/24
|
||||||
- 198.18.19.0/24
|
|
||||||
- 198.18.20.0/24
|
|
||||||
- 198.18.24.0/24
|
|
||||||
- 198.18.25.0/24
|
|
||||||
- 198.18.26.0/24
|
|
||||||
- 198.18.27.0/24
|
|
||||||
- 198.18.28.0/24
|
|
||||||
- 198.18.29.0/24
|
|
||||||
|
|
||||||
profiles::dns::master::zones:
|
profiles::dns::master::zones:
|
||||||
main.unkin.net:
|
main.unkin.net:
|
||||||
@@ -55,72 +47,6 @@ profiles::dns::master::zones:
|
|||||||
dynamic: false
|
dynamic: false
|
||||||
ns_notify: true
|
ns_notify: true
|
||||||
source: '/var/named/sources/17.18.198.in-addr.arpa.conf'
|
source: '/var/named/sources/17.18.198.in-addr.arpa.conf'
|
||||||
19.18.198.in-addr.arpa:
|
|
||||||
domain: '19.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/19.18.198.in-addr.arpa.conf'
|
|
||||||
20.18.198.in-addr.arpa:
|
|
||||||
domain: '20.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/20.18.198.in-addr.arpa.conf'
|
|
||||||
21.18.198.in-addr.arpa:
|
|
||||||
domain: '21.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/21.18.198.in-addr.arpa.conf'
|
|
||||||
22.18.198.in-addr.arpa:
|
|
||||||
domain: '22.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/22.18.198.in-addr.arpa.conf'
|
|
||||||
23.18.198.in-addr.arpa:
|
|
||||||
domain: '23.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/23.18.198.in-addr.arpa.conf'
|
|
||||||
24.18.198.in-addr.arpa:
|
|
||||||
domain: '24.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/24.18.198.in-addr.arpa.conf'
|
|
||||||
25.18.198.in-addr.arpa:
|
|
||||||
domain: '25.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/25.18.198.in-addr.arpa.conf'
|
|
||||||
26.18.198.in-addr.arpa:
|
|
||||||
domain: '26.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/26.18.198.in-addr.arpa.conf'
|
|
||||||
27.18.198.in-addr.arpa:
|
|
||||||
domain: '27.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/27.18.198.in-addr.arpa.conf'
|
|
||||||
28.18.198.in-addr.arpa:
|
|
||||||
domain: '28.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/28.18.198.in-addr.arpa.conf'
|
|
||||||
29.18.198.in-addr.arpa:
|
|
||||||
domain: '29.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'master'
|
|
||||||
dynamic: false
|
|
||||||
ns_notify: true
|
|
||||||
source: '/var/named/sources/29.18.198.in-addr.arpa.conf'
|
|
||||||
|
|
||||||
profiles::dns::master::views:
|
profiles::dns::master::views:
|
||||||
master-zones:
|
master-zones:
|
||||||
@@ -132,17 +58,6 @@ profiles::dns::master::views:
|
|||||||
- 15.18.198.in-addr.arpa
|
- 15.18.198.in-addr.arpa
|
||||||
- 16.18.198.in-addr.arpa
|
- 16.18.198.in-addr.arpa
|
||||||
- 17.18.198.in-addr.arpa
|
- 17.18.198.in-addr.arpa
|
||||||
- 19.18.198.in-addr.arpa
|
|
||||||
- 20.18.198.in-addr.arpa
|
|
||||||
- 21.18.198.in-addr.arpa
|
|
||||||
- 22.18.198.in-addr.arpa
|
|
||||||
- 23.18.198.in-addr.arpa
|
|
||||||
- 24.18.198.in-addr.arpa
|
|
||||||
- 25.18.198.in-addr.arpa
|
|
||||||
- 26.18.198.in-addr.arpa
|
|
||||||
- 27.18.198.in-addr.arpa
|
|
||||||
- 28.18.198.in-addr.arpa
|
|
||||||
- 29.18.198.in-addr.arpa
|
|
||||||
match_clients:
|
match_clients:
|
||||||
- acl-main.unkin.net
|
- acl-main.unkin.net
|
||||||
|
|
||||||
|
|||||||
@@ -10,30 +10,6 @@ profiles::dns::resolver::acls:
|
|||||||
- 198.18.15.0/24
|
- 198.18.15.0/24
|
||||||
- 198.18.16.0/24
|
- 198.18.16.0/24
|
||||||
- 198.18.17.0/24
|
- 198.18.17.0/24
|
||||||
- 198.18.18.0/24
|
|
||||||
- 198.18.19.0/24
|
|
||||||
- 198.18.20.0/24
|
|
||||||
- 198.18.21.0/24
|
|
||||||
- 198.18.22.0/24
|
|
||||||
- 198.18.23.0/24
|
|
||||||
acl-dmz:
|
|
||||||
addresses:
|
|
||||||
- 198.18.24.0/24
|
|
||||||
acl-common:
|
|
||||||
addresses:
|
|
||||||
- 198.18.25.0/24
|
|
||||||
- 198.18.26.0/24
|
|
||||||
- 198.18.27.0/24
|
|
||||||
- 198.18.28.0/24
|
|
||||||
- 198.18.29.0/24
|
|
||||||
acl-nomad-jobs:
|
|
||||||
addresses:
|
|
||||||
- 198.18.64.0/24
|
|
||||||
- 198.18.65.0/24
|
|
||||||
- 198.18.66.0/24
|
|
||||||
- 198.18.67.0/24
|
|
||||||
- 198.18.68.0/24
|
|
||||||
- 198.18.69.0/24
|
|
||||||
|
|
||||||
profiles::dns::resolver::zones:
|
profiles::dns::resolver::zones:
|
||||||
8.10.10.in-addr.arpa-forward:
|
8.10.10.in-addr.arpa-forward:
|
||||||
@@ -57,6 +33,13 @@ profiles::dns::resolver::zones:
|
|||||||
- 10.10.16.32
|
- 10.10.16.32
|
||||||
- 10.10.16.33
|
- 10.10.16.33
|
||||||
forward: 'only'
|
forward: 'only'
|
||||||
|
unkin.net-forward:
|
||||||
|
domain: 'unkin.net'
|
||||||
|
zone_type: 'forward'
|
||||||
|
forwarders:
|
||||||
|
- 10.10.16.32
|
||||||
|
- 10.10.16.33
|
||||||
|
forward: 'only'
|
||||||
dmz.unkin.net-forward:
|
dmz.unkin.net-forward:
|
||||||
domain: 'dmz.unkin.net'
|
domain: 'dmz.unkin.net'
|
||||||
zone_type: 'forward'
|
zone_type: 'forward'
|
||||||
@@ -78,102 +61,13 @@ profiles::dns::resolver::zones:
|
|||||||
- 10.10.16.32
|
- 10.10.16.32
|
||||||
- 10.10.16.33
|
- 10.10.16.33
|
||||||
forward: 'only'
|
forward: 'only'
|
||||||
main.unkin.net-forward:
|
|
||||||
domain: 'main.unkin.net'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
13.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '13.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
14.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '14.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
15.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '15.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
16.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '16.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
17.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '17.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
19.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '19.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
20.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '20.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
21.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '21.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
22.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '22.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
23.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '23.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
24.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '24.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
25.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '25.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
26.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '26.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
27.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '27.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
28.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '28.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
29.18.198.in-addr.arpa-forward:
|
|
||||||
domain: '29.18.198.in-addr.arpa'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
|
|
||||||
forward: 'only'
|
|
||||||
consul-forward:
|
|
||||||
domain: 'consul'
|
|
||||||
zone_type: 'forward'
|
|
||||||
forwarders: "%{alias('profiles_dns_upstream_forwarder_consul')}"
|
|
||||||
forward: 'only'
|
|
||||||
|
|
||||||
profiles::dns::resolver::views:
|
profiles::dns::resolver::views:
|
||||||
openforwarder:
|
openforwarder:
|
||||||
recursion: true
|
recursion: true
|
||||||
zones:
|
zones:
|
||||||
- main.unkin.net-forward
|
- main.unkin.net-forward
|
||||||
|
- unkin.net-forward
|
||||||
- dmz.unkin.net-forward
|
- dmz.unkin.net-forward
|
||||||
- network.unkin.net-forward
|
- network.unkin.net-forward
|
||||||
- prod.unkin.net-forward
|
- prod.unkin.net-forward
|
||||||
@@ -183,22 +77,8 @@ profiles::dns::resolver::views:
|
|||||||
- 15.18.198.in-addr.arpa-forward
|
- 15.18.198.in-addr.arpa-forward
|
||||||
- 16.18.198.in-addr.arpa-forward
|
- 16.18.198.in-addr.arpa-forward
|
||||||
- 17.18.198.in-addr.arpa-forward
|
- 17.18.198.in-addr.arpa-forward
|
||||||
- 19.18.198.in-addr.arpa-forward
|
|
||||||
- 20.18.198.in-addr.arpa-forward
|
|
||||||
- 21.18.198.in-addr.arpa-forward
|
|
||||||
- 22.18.198.in-addr.arpa-forward
|
|
||||||
- 23.18.198.in-addr.arpa-forward
|
|
||||||
- 24.18.198.in-addr.arpa-forward
|
|
||||||
- 25.18.198.in-addr.arpa-forward
|
|
||||||
- 26.18.198.in-addr.arpa-forward
|
|
||||||
- 27.18.198.in-addr.arpa-forward
|
|
||||||
- 28.18.198.in-addr.arpa-forward
|
|
||||||
- 29.18.198.in-addr.arpa-forward
|
|
||||||
- 8.10.10.in-addr.arpa-forward
|
- 8.10.10.in-addr.arpa-forward
|
||||||
- 16.10.10.in-addr.arpa-forward
|
- 16.10.10.in-addr.arpa-forward
|
||||||
- 20.10.10.in-addr.arpa-forward
|
- 20.10.10.in-addr.arpa-forward
|
||||||
match_clients:
|
match_clients:
|
||||||
- acl-main.unkin.net
|
- acl-main.unkin.net
|
||||||
- acl-nomad-jobs
|
|
||||||
- acl-common
|
|
||||||
- acl-dmz
|
|
||||||
|
|||||||
@@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
droneci_server::rpc_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAF8cEANj72ACYYdilP52Oz4EXVt+stx838tFVV4SFukoCTmN+kJ3GUUEM9x+oDvo17CsZhDzx5dX0JGo7N9MCLHsR4XKx3GSoAKvaSiD73TbzbdTNJgTIE1tRP9HNbJKizwWLo4lo+OUNtwnu0Z5dkMLYRHyvZ1hG24qmdXVn9DI06gVGQw9YXGmNy8AvA0BKnaHvUnE5XoLNVKZ4g1yvc/nkYpK6nLB+X4sZ96PRig7khiuFVvAfpg5c2iWnF13ljIajnG9uY12RyGaAGfH4l/d3UEyuHyQL4zzT8N7gGt8fvg7eNFx51TyEpVRFLyQ7dqq/lzn0moXVT35PQr9K3DBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCGJ+rkxhqmyUUiIQLG7PnggDBPH9gyYAW5/XjDp5xd6GnuSt/WWOwOGxhg+1BoPzbV5o+Xufg5zyMVdYeI1MWD/u8=]
|
|
||||||
@@ -1,25 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- profiles::base::datavol
|
|
||||||
- docker
|
|
||||||
- droneci::runner
|
|
||||||
|
|
||||||
docker::version: latest
|
|
||||||
docker::curl_ensure: false
|
|
||||||
|
|
||||||
droneci::runner::ports:
|
|
||||||
- 3000:3000
|
|
||||||
droneci::runner::volumes:
|
|
||||||
- type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock
|
|
||||||
- type=bind,source=/data,target=/data
|
|
||||||
- type=bind,source=/etc/pki/tls/vault/certificate.crt,target=/etc/pki/tls/vault/certificate.crt,readonly
|
|
||||||
- type=bind,source=/etc/pki/tls/vault/private.key,target=/etc/pki/tls/vault/private.key,readonly
|
|
||||||
- type=bind,source=/etc/pki/tls/certs/ca-bundle.crt,target=/etc/pki/tls/certs/ca-bundle.crt,readonly
|
|
||||||
- type=bind,source=/etc/pki/tls/certs/ca-bundle.crt,target=/etc/ssl/certs/ca-certificates.crt,readonly
|
|
||||||
droneci::runner::env_vars:
|
|
||||||
DRONE_RPC_PROTO: https
|
|
||||||
DRONE_RPC_HOST: droneci.query.consul
|
|
||||||
DRONE_RPC_SECRET: "%{hiera('droneci_server::rpc_secret')}"
|
|
||||||
DRONE_RUNNER_CAPACITY: 2
|
|
||||||
DRONE_RUNNER_NAME: "%{facts.networking.fqdn}"
|
|
||||||
DRONE_RUNNER_VOLUMES: /etc/pki/tls/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
droneci_server::gitea_client_secret: ENC[PKCS7,MIIBqQYJKoZIhvcNAQcDoIIBmjCCAZYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJLcMKV4EevB8V/vjex+Srq47pWLvPozjSb+vjS/crFpKq3/dgtkJ8WkqF98fPnXxkMowP/BpNexJBCmPtTR2pPTKHIYkXjxGax0g3P2gcgeT7wsNl24mnUJDWZs1/z8ibwUXv4Zg0nbKi+YdomjsvT3vl2IPI88TKZDkq6HBoturwqx2l/edC5IeAi8vgPRXF8hn2TVuslkmoNXoI28Qp10b2XNOCss6KUJ4rbOwpIgdOVFbXqi7CFjhGz/3uS9xK+2m3iuE/gXi8KSKfiQ+QcGuXL9Zy5PH5rrNg4mbrFiaFfTevsHInl1wwRmULilQ0kEY3NW4b/URXqBBuwcN/TBsBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDlv7tA+6OQwDuL7z3xGYZjgEBcEAj3TQ9R9TntxTyBa9mKFRXimFTDDxdZ2zD96qFNz+7ZZFGD6pFQNHSMC9AYlAue94UsIHJZaXwgAo5zc98Q]
|
|
||||||
droneci_server::cookie_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAKTWrB7Cca8RgFEeP46puzhVWOAiI6nB+m5+/sgz1qNnn6VgNh9Q6D26p9HISrMp4k60KVuGXrIbZYpkvKZmv4zHgK2et+50sr/F1anhDRX4rsmGWVV9n8VhaIJFAyQkW4de9YxV9LAgk0tWs1BgfXv4cV4+sDBv0OSVIFJDst3LUWpBR6lsiV9IifvNNUrdOHkdt5XjuL4JVmc0nkjetAg9HSvJ9VHYLIQagFHnTQp0FWluE1/ibGNc2kz7D4K7cPz2bBxRJWomckSUwgQK0NrGID4D13haZXhKXAO/8QpQOwPra8vD9FYrFenMeFLwdw43NzSr2g/W1ss5PekbWGjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBASshs2UwkGqK4ShFfXni7cgDCDCnEiqcfxIz4X/Bq71IpRKan3uQbHOewFqjNGqoR+1oWupjRxzNL39H9YF1a6i6s=]
|
|
||||||
droneci_server::database_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEASu4C45TYWZKgIoyqC3YdwYYXn+T+ruP6oIvhYFJ5dxeZ+6HtWbRMViErvpPuWYfgs5qt6Zj9eLz2hqimFCvKiAvzANeZ9hkhw/jkpmvG8iXpDFw6x8QKcPJteRo896KSLiGiVlZfRbgQCGAqiEMw6y6M9CvfCLzE/mZ9gOKjSJVKiioAnXU2fyq0Y0M6g0iLRw0VXl2BVc4ORCnVECARQPo48T3U+TT39q0ar4mRO1AFO0VA5iDJ6/EMPBcH3ekKO/1dB1UbV6VkD3s9BAHGyL5a5Wr6ztg/5Yl6VBCXmECZqpCx8jx8KDUoaj1R/+I83YQxbw9ch76j79haIK6+jzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAh6MmfbUELaWbSNZ9/Dev2gDD/E3G/uYJGXNGl1+PIVwGmi0z2BTXNqg7ax/b/uF5Xc9ZtBSPiSxR6BPRXN3GleNo=]
|
|
||||||
droneci_server::postgres_password: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEANpDnrpratpuYheXFrN4nwRTauPm9rZz2ubDyJlcxmah+kOWqsWIeEkv5GuATlymfAx5UuHPOv3dJPCSK+YuyQY+kGW/8uEFM68QrNi38NdRqEpdXuPBe5+AmWxcjYK3mdJ4maEwsbbxtYJmD8TF6kskS2P/KhnIzYR5PPHZTaYbEf/W5Da3l+J5WnFYpStuLq+86yZokBAygFPI+y/Ic+zJIdhpzVdLyGuqxGLXZq7nNMrjuNyFPKkCj1BBpuJTMCS4oPKCUTlm5hIIeeC2pFREI0CMTV5siZB8NphobPNn/ZbJrcs9q75LtIa47pkFYRbmV4WPctCwZXg6jtMleuzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDHJaChyidZq/5FN5n+ASJWgDCqUcR/DG9e8AD7fRmTb5BZM8XQ77a1hUJoaCycnMQ/5UyKmqU/7fLPrsxCf2vZU1M=]
|
|
||||||
droneci_server::redis_password: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAYMoZlVXHC1qfkDptPy3PyWGrUs5y9M9AOv5Vn1AK6DYViixhjwPZUCfwTONmt7CiBuqmkDOpR5isWFiBo/+TMeMXlM9C/D+Svc9tpeHLpVaXAYeoz5um2InyBFkLWSaUaWSftF9U7O5Nv/OiLIsd7nn4T8Dd21rfUiRfUN/2HPLMCs+mW15Az9XNOcvfm+kPXDAcB+ukHde0vvtYTZEFWjMdwJjjE43DiCmAoLTcpvQxdlclojotBpFeBLZs/F21FDQ4hvBUvPBMuZ1o7ImSP5fuomYSFK8etbD7JO5gg5BN59lGl1ljyR83phv6wmmqlzB8wQl0pjEpni9o7fa9hTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCKJrkPA78qx3wAu1eroIjRgDA72N9U0YZf1MzACcGSOMU5RGO242RwlIKUrnuYcdC0dKkjLXtP+yVpSKkX5WxcsDQ=]
|
|
||||||
@@ -1,79 +0,0 @@
|
|||||||
---
|
|
||||||
# additional altnames
|
|
||||||
profiles::pki::vault::alt_names:
|
|
||||||
- droneci.main.unkin.net
|
|
||||||
- droneci.service.consul
|
|
||||||
- droneci.query.consul
|
|
||||||
- "droneci.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
profiles::ssh::sign::principals:
|
|
||||||
- droneci.main.unkin.net
|
|
||||||
- droneci.service.consul
|
|
||||||
- droneci.query.consul
|
|
||||||
|
|
||||||
hiera_include:
|
|
||||||
- docker
|
|
||||||
- profiles::sql::postgresdb
|
|
||||||
- droneci
|
|
||||||
|
|
||||||
docker::version: latest
|
|
||||||
docker::curl_ensure: false
|
|
||||||
|
|
||||||
profiles::sql::postgresdb::dbname: droneci
|
|
||||||
profiles::sql::postgresdb::dbuser: droneci
|
|
||||||
profiles::sql::postgresdb::dbpass: "%{hiera('droneci_server::postgres_password')}"
|
|
||||||
profiles::sql::postgresdb::members_lookup: true
|
|
||||||
profiles::sql::postgresdb::members_role: roles::infra::droneci::server
|
|
||||||
|
|
||||||
droneci::ports:
|
|
||||||
- 80:80
|
|
||||||
- 443:443
|
|
||||||
droneci::volumes:
|
|
||||||
- type=bind,source=/var/lib/drone,target=/data
|
|
||||||
- type=bind,source=/etc/pki/tls/vault/certificate.crt,target=/etc/pki/tls/vault/certificate.crt,readonly
|
|
||||||
- type=bind,source=/etc/pki/tls/vault/private.key,target=/etc/pki/tls/vault/private.key,readonly
|
|
||||||
- type=bind,source=/etc/pki/tls/certs/ca-bundle.crt,target=/etc/pki/tls/certs/ca-bundle.crt,readonly
|
|
||||||
- type=bind,source=/etc/pki/tls/certs/ca-bundle.crt,target=/etc/ssl/certs/ca-certificates.crt,readonly
|
|
||||||
droneci::env_vars:
|
|
||||||
DRONE_GITEA_SERVER: https://git.query.consul
|
|
||||||
DRONE_GITEA_CLIENT_ID: dda67581-86df-4e65-88ae-1e505b849082
|
|
||||||
DRONE_USER_CREATE: username:unkinben,admin:true
|
|
||||||
DRONE_GITEA_CLIENT_SECRET: "%{hiera('droneci_server::gitea_client_secret')}"
|
|
||||||
DRONE_RPC_SECRET: "%{hiera('droneci_server::rpc_secret')}"
|
|
||||||
DRONE_SERVER_HOST: droneci.query.consul
|
|
||||||
DRONE_SERVER_PROTO: https
|
|
||||||
DRONE_TLS_CERT: /etc/pki/tls/vault/certificate.crt
|
|
||||||
DRONE_TLS_KEY: /etc/pki/tls/vault/private.key
|
|
||||||
DRONE_COOKIE_SECRET: "%{hiera('droneci_server::cookie_secret')}"
|
|
||||||
DRONE_COOKIE_TIMEOUT: 720h
|
|
||||||
DRONE_HTTP_SSL_REDIRECT: true
|
|
||||||
DRONE_HTTP_SSL_TEMPORARY_REDIRECT: true
|
|
||||||
DRONE_HTTP_SSL_HOST: droneci.query.consul
|
|
||||||
DRONE_LOGS_TEXT: true
|
|
||||||
DRONE_LOGS_PRETTY: true
|
|
||||||
DRONE_LOGS_COLOR: true
|
|
||||||
DRONE_DATABASE_SECRET: "%{hiera('droneci_server::database_secret')}"
|
|
||||||
DRONE_DATABASE_DRIVER: postgres
|
|
||||||
DRONE_DATABASE_DATASOURCE: "postgres://droneci:%{hiera('droneci_server::postgres_password')}@master.patroni-prod.service.au-syd1.consul:5432/droneci?sslmode=disable"
|
|
||||||
DRONE_REDIS_CONNECTION: "redis://%{hiera('droneci_server::redis_password')}@redis-master-prod.service.au-syd1.consul:6379/2"
|
|
||||||
|
|
||||||
consul::services:
|
|
||||||
droneci:
|
|
||||||
service_name: 'droneci'
|
|
||||||
tags:
|
|
||||||
- 'drone'
|
|
||||||
- 'droneci'
|
|
||||||
address: "%{facts.networking.ip}"
|
|
||||||
port: 443
|
|
||||||
checks:
|
|
||||||
- id: 'droneci_https_check'
|
|
||||||
name: 'droneci HTTPS Check'
|
|
||||||
http: "https://%{facts.networking.fqdn}:443"
|
|
||||||
method: 'GET'
|
|
||||||
tls_skip_verify: true
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: droneci
|
|
||||||
disposition: write
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
profiles::etcd::node::initial_cluster_token: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAhLyXszXUU6Dkiw9bEJTH0RXGaV2751NzvLH94i7QHfNukvOslF/kaDOA+FwqG06xSKSKo24Qyj4ewYA3BzhN8XLf2E9uW2LuDrUoA6aXUP2tYPqiTw8zmmgsVV5t7Y5PeNcleV3KmfcJZJKp33yGCKtGF7ggvNvnied5slO6E1BDkcVnqO7sdyI0MqSvsvH4IvEmeiSWAcBRBnwVLIwfn10frIvUg0fH4uZR7DASfO/HstYWKAEacz4xYBv74TtVVtYHlPvnVwC20YIYDMrgBsm3XngyWIQvruQCgyIkRzHjUKCpp76HpyEqzdJdEdaywkODYNOT6ab1B5uUu9WaMjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBADXLPOqFHdnVgJW5+iXJYcgCDK1Eyr+RwvMA+3VszYALU5B6OCH5maplwC5aUgiQZ7ew==]
|
|
||||||
@@ -1,62 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- profiles::etcd::node
|
|
||||||
|
|
||||||
profiles::etcd::node::members_lookup: true
|
|
||||||
profiles::etcd::node::members_role: roles::infra::etcd::node
|
|
||||||
|
|
||||||
profiles::etcd::node::config:
|
|
||||||
data-dir: /data/etcd
|
|
||||||
client-cert-auth: false
|
|
||||||
client-transport-security:
|
|
||||||
cert-file: /etc/pki/tls/vault/certificate.crt
|
|
||||||
key-file: /etc/pki/tls/vault/private.key
|
|
||||||
client-cert-auth: false
|
|
||||||
auto-tls: false
|
|
||||||
peer-transport-security:
|
|
||||||
cert-file: /etc/pki/tls/vault/certificate.crt
|
|
||||||
key-file: /etc/pki/tls/vault/private.key
|
|
||||||
client-cert-auth: false
|
|
||||||
auto-tls: false
|
|
||||||
allowed-cn:
|
|
||||||
max-wals: 5
|
|
||||||
max-snapshots: 5
|
|
||||||
snapshot-count: 10000
|
|
||||||
heartbeat-interval: 100
|
|
||||||
election-timeout: 1000
|
|
||||||
cipher-suites: [
|
|
||||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
||||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
||||||
]
|
|
||||||
tls-min-version: 'TLS1.2'
|
|
||||||
tls-max-version: 'TLS1.3'
|
|
||||||
|
|
||||||
profiles::pki::vault::alt_names:
|
|
||||||
- etcd.service.consul
|
|
||||||
- etcd.query.consul
|
|
||||||
- "etcd.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
profiles::ssh::sign::principals:
|
|
||||||
- etcd.query.consul
|
|
||||||
- etcd.service.consul
|
|
||||||
- etcd.service.%{facts.country}-%{facts.region}.consul
|
|
||||||
|
|
||||||
consul::services:
|
|
||||||
etcd:
|
|
||||||
service_name: 'etcd'
|
|
||||||
tags:
|
|
||||||
- 'etcd'
|
|
||||||
address: "%{facts.networking.ip}"
|
|
||||||
port: 2379
|
|
||||||
checks:
|
|
||||||
- id: 'etcd_http_health_check'
|
|
||||||
name: 'ETCD HTTP Health Check'
|
|
||||||
http: "https://%{facts.networking.ip}:2379/health"
|
|
||||||
method: 'GET'
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
tls_skip_verify: true
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: etcd
|
|
||||||
disposition: write
|
|
||||||
@@ -41,7 +41,7 @@ profiles::nginx::simpleproxy::nginx_aliases:
|
|||||||
- "git.service.%{facts.country}-%{facts.region}.consul"
|
- "git.service.%{facts.country}-%{facts.region}.consul"
|
||||||
profiles::nginx::simpleproxy::proxy_port: 3000
|
profiles::nginx::simpleproxy::proxy_port: 3000
|
||||||
profiles::nginx::simpleproxy::proxy_path: '/'
|
profiles::nginx::simpleproxy::proxy_path: '/'
|
||||||
nginx::client_max_body_size: 1024M
|
nginx::client_max_body_size: 250M
|
||||||
|
|
||||||
profiles::gitea::init::root:
|
profiles::gitea::init::root:
|
||||||
APP_NAME: 'Gitea'
|
APP_NAME: 'Gitea'
|
||||||
|
|||||||
@@ -1 +0,0 @@
|
|||||||
profiles::gitea::runner::registration_token: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAOL/ug4IPhEW1n+Lq+SsMSEJUYsDDK2s0+oNF3unxcbH3QDqWo7kuYKkDWQ+W3otcxvuRlbC8+0W2fO2udhF7sSGrF93INsTCDqWlLnaaAgxlgNSXthA4OCJlI8DCLeD/Sr0TTCchUdpQrIpDo6Gh0EUjgRv5574q26or7c/vvtQ4nfLVQOqEV9UpsCgEYiQvXVcf55LEpgaDp4mFL0qCnfzDnGNbZ0GUo6552ka19IocqOqILPnZO0qDcEoLbQ90sP197+5Jw611i1Akx1C4lFP81bazFMpbdiEP0V4Ax+33LfZEb0KnXuMbKOF23vIwwwfpFJaSOAjA5YehA3xM2zBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDPJHB2uL+VEyntgZocyoMXgDBJ1dnRWiJM77XomzbNdDUO+ktIHLOTL5do0m4CkXZ1s42KtaAwWL+/EGdxg80UMC8=]
|
|
||||||
@@ -1,54 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- docker
|
|
||||||
- profiles::gitea::runner
|
|
||||||
|
|
||||||
docker::version: latest
|
|
||||||
docker::curl_ensure: false
|
|
||||||
docker::root_dir: /data/docker
|
|
||||||
|
|
||||||
profiles::gitea::runner::home: /data/runner
|
|
||||||
profiles::gitea::runner::version: '0.2.10'
|
|
||||||
profiles::gitea::runner::source: "https://gitea.com/gitea/act_runner/releases/download/v%{hiera('profiles::gitea::runner::version')}/act_runner-%{hiera('profiles::gitea::runner::version')}-linux-amd64"
|
|
||||||
profiles::gitea::runner::config:
|
|
||||||
log:
|
|
||||||
level: info
|
|
||||||
runner:
|
|
||||||
file: "%{hiera('profiles::gitea::runner::home')}/.runner"
|
|
||||||
capacity: 2
|
|
||||||
envs:
|
|
||||||
A_TEST_ENV_NAME_1: a_test_env_value_1
|
|
||||||
A_TEST_ENV_NAME_2: a_test_env_value_2
|
|
||||||
env_file: .env
|
|
||||||
timeout: 3h
|
|
||||||
insecure: false
|
|
||||||
fetch_timeout: 5s
|
|
||||||
fetch_interval: 2s
|
|
||||||
labels:
|
|
||||||
- "almalinux-latest"
|
|
||||||
- "almalinux-8:docker"
|
|
||||||
- "almalinux-8.10:docker"
|
|
||||||
cache:
|
|
||||||
enabled: true
|
|
||||||
dir: "%{hiera('profiles::gitea::runner::home')}/.cache/actcache"
|
|
||||||
host: ""
|
|
||||||
port: 0
|
|
||||||
external_server: ""
|
|
||||||
container:
|
|
||||||
network: ""
|
|
||||||
privileged: false
|
|
||||||
options:
|
|
||||||
workdir_parent: /workspace
|
|
||||||
valid_volumes: []
|
|
||||||
docker_host: ""
|
|
||||||
force_pull: true
|
|
||||||
force_rebuild: false
|
|
||||||
host:
|
|
||||||
workdir_parent: "%{hiera('profiles::gitea::runner::home')}/.cache/act"
|
|
||||||
|
|
||||||
# enable ip forwarding for docker containers
|
|
||||||
sysctl::base::values:
|
|
||||||
net.ipv4.conf.all.forwarding:
|
|
||||||
value: '1'
|
|
||||||
net.ipv6.conf.all.forwarding:
|
|
||||||
value: '1'
|
|
||||||
@@ -1,125 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- incus
|
|
||||||
- zfs
|
|
||||||
|
|
||||||
profiles::packages::include:
|
|
||||||
bridge-utils: {}
|
|
||||||
dnsmasq: {}
|
|
||||||
|
|
||||||
profiles::pki::vault::alt_names:
|
|
||||||
- incus-images.service.consul
|
|
||||||
- incus-images.query.consul
|
|
||||||
- "incus-images.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
profiles::ssh::sign::principals:
|
|
||||||
- incus-images.service.consul
|
|
||||||
- incus-images.query.consul
|
|
||||||
- "incus-images.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
# configure consul service
|
|
||||||
consul::services:
|
|
||||||
incus-images:
|
|
||||||
service_name: 'incus-images'
|
|
||||||
tags:
|
|
||||||
- 'incus'
|
|
||||||
- 'images'
|
|
||||||
- 'container'
|
|
||||||
- 'lxd'
|
|
||||||
address: "%{facts.networking.ip}"
|
|
||||||
port: 8443
|
|
||||||
checks:
|
|
||||||
- id: 'incus_https_check'
|
|
||||||
name: 'incus HTTPS Check'
|
|
||||||
http: "https://%{facts.networking.fqdn}:8443"
|
|
||||||
method: 'GET'
|
|
||||||
tls_skip_verify: true
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: incus-images
|
|
||||||
disposition: write
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
zfs-kmod:
|
|
||||||
name: zfs-kmod
|
|
||||||
descr: zfs-kmod repository
|
|
||||||
target: /etc/yum.repos.d/zfs-kmod.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022
|
|
||||||
mirrorlist: absent
|
|
||||||
|
|
||||||
# zfs settings
|
|
||||||
zfs::manage_repo: false
|
|
||||||
zfs::zfs_arc_min: ~
|
|
||||||
zfs::zfs_arc_max: 429496729 # 400MB
|
|
||||||
zfs::zpools:
|
|
||||||
fastpool:
|
|
||||||
ensure: present
|
|
||||||
disk: /dev/vdb
|
|
||||||
ashift: 12
|
|
||||||
zfs::datasets:
|
|
||||||
fastpool:
|
|
||||||
canmount: 'off'
|
|
||||||
acltype: posix
|
|
||||||
atime: 'off'
|
|
||||||
relatime: 'off'
|
|
||||||
compression: 'zstd'
|
|
||||||
xattr: 'sa'
|
|
||||||
fastpool/data:
|
|
||||||
canmount: 'on'
|
|
||||||
mountpoint: '/data'
|
|
||||||
fastpool/data/incus:
|
|
||||||
canmount: 'on'
|
|
||||||
mountpoint: '/data/incus'
|
|
||||||
|
|
||||||
# manage incus
|
|
||||||
incus::init: true
|
|
||||||
incus::server_port: 8443
|
|
||||||
incus::storage_images_volume: fastpool/imagestore
|
|
||||||
|
|
||||||
# add sysadmin to incus-admin group
|
|
||||||
profiles::accounts::sysadmin::extra_groups:
|
|
||||||
- incus-admin
|
|
||||||
|
|
||||||
# sysctl recommendations
|
|
||||||
sysctl::base::values:
|
|
||||||
fs.aio-max-nr:
|
|
||||||
value: '524288'
|
|
||||||
fs.inotify.max_queued_events:
|
|
||||||
value: '1048576'
|
|
||||||
fs.inotify.max_user_instances:
|
|
||||||
value: '1048576'
|
|
||||||
fs.inotify.max_user_watches:
|
|
||||||
value: '1048576'
|
|
||||||
kernel.dmesg_restrict:
|
|
||||||
value: '1'
|
|
||||||
kernel.keys.maxbytes:
|
|
||||||
value: '2000000'
|
|
||||||
kernel.keys.maxkeys:
|
|
||||||
value: '2000'
|
|
||||||
net.core.bpf_jit_limit:
|
|
||||||
value: '1000000000'
|
|
||||||
net.ipv4.neigh.default.gc_thresh3:
|
|
||||||
value: '8192'
|
|
||||||
net.ipv6.neigh.default.gc_thresh3:
|
|
||||||
value: '8192'
|
|
||||||
vm.max_map_count:
|
|
||||||
value: '262144'
|
|
||||||
net.ipv4.conf.all.forwarding:
|
|
||||||
value: '1'
|
|
||||||
net.ipv6.conf.all.forwarding:
|
|
||||||
value: '1'
|
|
||||||
|
|
||||||
# limits.d recommendations
|
|
||||||
limits::entries:
|
|
||||||
'*/nofile':
|
|
||||||
both: 1048576
|
|
||||||
'root/nofile':
|
|
||||||
both: 1048576
|
|
||||||
'*/memlock':
|
|
||||||
both: unlimited
|
|
||||||
'root/memlock':
|
|
||||||
both: unlimited
|
|
||||||
@@ -1,230 +0,0 @@
|
|||||||
---
|
|
||||||
hiera_include:
|
|
||||||
- profiles::selinux::frr
|
|
||||||
- frrouting
|
|
||||||
- incus
|
|
||||||
- zfs
|
|
||||||
- profiles::ceph::mon
|
|
||||||
|
|
||||||
profiles::packages::include:
|
|
||||||
bridge-utils: {}
|
|
||||||
|
|
||||||
profiles::pki::vault::alt_names:
|
|
||||||
- incus.service.consul
|
|
||||||
- incus.query.consul
|
|
||||||
- "incus.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
profiles::pki::vault::ip_sans:
|
|
||||||
- "%{hiera('networking_loopback0_ip')}"
|
|
||||||
- "%{hiera('networking_loopback1_ip')}"
|
|
||||||
- "%{hiera('networking_loopback2_ip')}"
|
|
||||||
|
|
||||||
profiles::ssh::sign::principals:
|
|
||||||
- incus.service.consul
|
|
||||||
- incus.query.consul
|
|
||||||
- "incus.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
- "%{hiera('networking_loopback0_ip')}"
|
|
||||||
- "%{hiera('networking_loopback1_ip')}"
|
|
||||||
- "%{hiera('networking_loopback2_ip')}"
|
|
||||||
|
|
||||||
# configure consul service
|
|
||||||
consul::services:
|
|
||||||
incus:
|
|
||||||
service_name: 'incus'
|
|
||||||
tags:
|
|
||||||
- 'incus'
|
|
||||||
- 'container'
|
|
||||||
- 'lxd'
|
|
||||||
address: "%{hiera('networking_loopback0_ip')}"
|
|
||||||
port: 8443
|
|
||||||
checks:
|
|
||||||
- id: 'incus_https_check'
|
|
||||||
name: 'incus HTTPS Check'
|
|
||||||
http: "https://%{hiera('networking_loopback0_ip')}:8443"
|
|
||||||
method: 'GET'
|
|
||||||
tls_skip_verify: true
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: incus
|
|
||||||
disposition: write
|
|
||||||
|
|
||||||
# additional repos
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
ceph:
|
|
||||||
name: ceph
|
|
||||||
descr: ceph repository
|
|
||||||
target: /etc/yum.repos.d/ceph.repo
|
|
||||||
baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture}
|
|
||||||
gpgkey: https://download.ceph.com/keys/release.asc
|
|
||||||
mirrorlist: absent
|
|
||||||
ceph-noarch:
|
|
||||||
name: ceph-noarch
|
|
||||||
descr: ceph-noarch repository
|
|
||||||
target: /etc/yum.repos.d/ceph-noarch.repo
|
|
||||||
baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/noarch
|
|
||||||
gpgkey: https://download.ceph.com/keys/release.asc
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-extras:
|
|
||||||
name: frr-extras
|
|
||||||
descr: frr-extras repository
|
|
||||||
target: /etc/yum.repos.d/frr-extras.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
frr-stable:
|
|
||||||
name: frr-stable
|
|
||||||
descr: frr-stable repository
|
|
||||||
target: /etc/yum.repos.d/frr-stable.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
|
|
||||||
mirrorlist: absent
|
|
||||||
zfs-kmod:
|
|
||||||
name: zfs-kmod
|
|
||||||
descr: zfs-kmod repository
|
|
||||||
target: /etc/yum.repos.d/zfs-kmod.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022
|
|
||||||
mirrorlist: absent
|
|
||||||
|
|
||||||
# dns
|
|
||||||
profiles::dns::base::primary_interface: loopback0
|
|
||||||
|
|
||||||
# networking
|
|
||||||
systemd::manage_networkd: true
|
|
||||||
systemd::manage_all_network_files: true
|
|
||||||
networking::interfaces:
|
|
||||||
enp2s0:
|
|
||||||
type: physical
|
|
||||||
txqueuelen: 10000
|
|
||||||
forwarding: true
|
|
||||||
enp3s0:
|
|
||||||
type: physical
|
|
||||||
mtu: 9000
|
|
||||||
txqueuelen: 10000
|
|
||||||
forwarding: true
|
|
||||||
loopback0:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('networking_loopback0_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 9000
|
|
||||||
loopback1:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('networking_loopback1_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 9000
|
|
||||||
loopback2:
|
|
||||||
type: dummy
|
|
||||||
ipaddress: "%{hiera('networking_loopback2_ip')}"
|
|
||||||
netmask: 255.255.255.255
|
|
||||||
mtu: 9000
|
|
||||||
|
|
||||||
# frrouting
|
|
||||||
frrouting::ospfd_router_id: "%{hiera('networking_loopback0_ip')}"
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
enp2s0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
enp3s0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
loopback0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
loopback1:
|
|
||||||
area: 0.0.0.0
|
|
||||||
loopback2:
|
|
||||||
area: 0.0.0.0
|
|
||||||
brcom1:
|
|
||||||
area: 0.0.0.0
|
|
||||||
brdmz1:
|
|
||||||
area: 0.0.0.0
|
|
||||||
brwan1:
|
|
||||||
area: 0.0.0.0
|
|
||||||
frrouting::daemons:
|
|
||||||
ospfd: true
|
|
||||||
|
|
||||||
# add loopback interfaces to ssh list
|
|
||||||
ssh::server::options:
|
|
||||||
ListenAddress:
|
|
||||||
- "%{hiera('networking_loopback0_ip')}"
|
|
||||||
|
|
||||||
# zfs settings
|
|
||||||
zfs::manage_repo: false
|
|
||||||
zfs::zfs_arc_min: ~
|
|
||||||
zfs::zfs_arc_max: 4294967296 # 4GB
|
|
||||||
zfs::zpools:
|
|
||||||
fastpool:
|
|
||||||
ensure: present
|
|
||||||
disk: /dev/nvme1n1
|
|
||||||
ashift: 12
|
|
||||||
zfs::datasets:
|
|
||||||
fastpool:
|
|
||||||
canmount: 'off'
|
|
||||||
acltype: posix
|
|
||||||
atime: 'off'
|
|
||||||
relatime: 'off'
|
|
||||||
compression: 'zstd'
|
|
||||||
xattr: 'sa'
|
|
||||||
fastpool/data:
|
|
||||||
canmount: 'on'
|
|
||||||
mountpoint: '/data'
|
|
||||||
fastpool/data/incus:
|
|
||||||
canmount: 'on'
|
|
||||||
mountpoint: '/data/incus'
|
|
||||||
|
|
||||||
# manage incus
|
|
||||||
incus::init: true
|
|
||||||
incus::bridge: br10
|
|
||||||
incus::server_port: 8443
|
|
||||||
incus::server_addr: "%{hiera('networking_loopback0_ip')}"
|
|
||||||
|
|
||||||
# add sysadmin to incus-admin group
|
|
||||||
profiles::accounts::sysadmin::extra_groups:
|
|
||||||
- incus-admin
|
|
||||||
|
|
||||||
# sysctl recommendations
|
|
||||||
sysctl::base::values:
|
|
||||||
fs.aio-max-nr:
|
|
||||||
value: '524288'
|
|
||||||
fs.inotify.max_queued_events:
|
|
||||||
value: '1048576'
|
|
||||||
fs.inotify.max_user_instances:
|
|
||||||
value: '1048576'
|
|
||||||
fs.inotify.max_user_watches:
|
|
||||||
value: '1048576'
|
|
||||||
kernel.dmesg_restrict:
|
|
||||||
value: '1'
|
|
||||||
kernel.keys.maxbytes:
|
|
||||||
value: '2000000'
|
|
||||||
kernel.keys.maxkeys:
|
|
||||||
value: '2000'
|
|
||||||
net.core.bpf_jit_limit:
|
|
||||||
value: '1000000000'
|
|
||||||
net.ipv4.neigh.default.gc_thresh3:
|
|
||||||
value: '8192'
|
|
||||||
net.ipv6.neigh.default.gc_thresh3:
|
|
||||||
value: '8192'
|
|
||||||
vm.max_map_count:
|
|
||||||
value: '262144'
|
|
||||||
net.ipv4.conf.all.forwarding:
|
|
||||||
value: '1'
|
|
||||||
net.ipv6.conf.all.forwarding:
|
|
||||||
value: '1'
|
|
||||||
net.ipv4.tcp_l3mdev_accept:
|
|
||||||
value: '0'
|
|
||||||
net.ipv4.conf.default.rp_filter:
|
|
||||||
value: '0'
|
|
||||||
net.ipv4.conf.all.rp_filter:
|
|
||||||
value: '0'
|
|
||||||
|
|
||||||
# limits.d recommendations
|
|
||||||
limits::entries:
|
|
||||||
'*/nofile':
|
|
||||||
both: 1048576
|
|
||||||
'root/nofile':
|
|
||||||
both: 1048576
|
|
||||||
'*/memlock':
|
|
||||||
both: unlimited
|
|
||||||
'root/memlock':
|
|
||||||
both: unlimited
|
|
||||||
@@ -9,5 +9,4 @@ profiles::metrics::server::scrape_jobs:
|
|||||||
- puppetdb
|
- puppetdb
|
||||||
- systemd
|
- systemd
|
||||||
- haproxy
|
- haproxy
|
||||||
- postgres
|
|
||||||
profiles::metrics::server::localstorage: /data/prometheus
|
profiles::metrics::server::localstorage: /data/prometheus
|
||||||
|
|||||||
@@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
ceph::key::media: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEzl2zX8ok6iURymPLbvkFE/dZhunzwisNCsLE5Tx6Pmil0PNx7iFULHXxWU6HMVOxzJmgcnTY+NsRnoTMSpXHGeC3wmD525T4xO4wvG/l9apzmPs1NTI4hcyYCj4NkAKyo249xXEodU4uM2AZp3ZgLBLf2cZpOe0/SPngWSq0kC4pJMnxWH+YsQ/O/1EMxpjSgMMna4YcMtcW2M0+wRhASNSTV7icsiAp6F/cInZuP44ASviHmM6+aMEhygBariOT80kaHZZI+aP6vqSd9lChXCV5qjRzeoEBIKOzT2ZBj41RTsF75J8UYFPwY7dp584tDpiIedUSR9IRCJe4d0uTjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCau9oXJiYiCGgvxZl62EsagDDgX2cU3+3QCkImEGS1oBahkPl3fYHKynbRi0ZQW1CoW0UFRzY8FmWmGkowns9OsIM=]
|
|
||||||
@@ -1,72 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
hiera_include:
|
|
||||||
- docker
|
|
||||||
- docker::networks
|
|
||||||
- frrouting
|
|
||||||
- profiles::nomad::node
|
|
||||||
|
|
||||||
docker::version: latest
|
|
||||||
docker::curl_ensure: false
|
|
||||||
docker::root_dir: /data/docker
|
|
||||||
docker::ip_forward: true
|
|
||||||
docker::ip_masq: false
|
|
||||||
docker::iptables: false
|
|
||||||
|
|
||||||
frrouting::ospfd_redistribute:
|
|
||||||
- connected
|
|
||||||
frrouting::ospfd_interfaces:
|
|
||||||
eth0:
|
|
||||||
area: 0.0.0.0
|
|
||||||
ens19:
|
|
||||||
passive: true
|
|
||||||
docker0:
|
|
||||||
area: 0.0.0.1
|
|
||||||
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
ceph-reef:
|
|
||||||
name: ceph-reef
|
|
||||||
descr: ceph reef repository
|
|
||||||
target: /etc/yum.repos.d/ceph-reef.repo
|
|
||||||
baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture}
|
|
||||||
gpgcheck: 0,
|
|
||||||
mirrorlist: absent
|
|
||||||
|
|
||||||
profiles::ceph::client::keyrings:
|
|
||||||
nomad:
|
|
||||||
key: "%{hiera('ceph::key::media')}"
|
|
||||||
|
|
||||||
profiles::packages::include:
|
|
||||||
nomad: {}
|
|
||||||
cni-plugins: {}
|
|
||||||
|
|
||||||
profiles::nomad::node::client: true
|
|
||||||
|
|
||||||
# additional altnames
|
|
||||||
profiles::pki::vault::alt_names:
|
|
||||||
- client.global.nomad
|
|
||||||
- client.au-syd1.nomad
|
|
||||||
- nomad-client.service.consul
|
|
||||||
- nomad-client.query.consul
|
|
||||||
- "nomad-client.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
# configure consul service
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: nomad-client
|
|
||||||
disposition: write
|
|
||||||
- resource: agent_prefix
|
|
||||||
segment: ''
|
|
||||||
disposition: read
|
|
||||||
- resource: node_prefix
|
|
||||||
segment: ''
|
|
||||||
disposition: write
|
|
||||||
- resource: service_prefix
|
|
||||||
segment: ''
|
|
||||||
disposition: write
|
|
||||||
- resource: key_prefix
|
|
||||||
segment: "nomad"
|
|
||||||
disposition: write
|
|
||||||
- resource: session_prefix
|
|
||||||
segment: ""
|
|
||||||
disposition: write
|
|
||||||
@@ -1,34 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
hiera_include:
|
|
||||||
- profiles::nomad::node
|
|
||||||
|
|
||||||
profiles::packages::include:
|
|
||||||
nomad: {}
|
|
||||||
|
|
||||||
profiles::nomad::node::server: true
|
|
||||||
|
|
||||||
# additional altnames
|
|
||||||
profiles::pki::vault::alt_names:
|
|
||||||
- client.global.nomad
|
|
||||||
- client.au-syd1.nomad
|
|
||||||
- server.global.nomad
|
|
||||||
- server.au-syd1.nomad
|
|
||||||
- nomad.service.consul
|
|
||||||
- nomad.query.consul
|
|
||||||
- "nomad.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
# configure consul service
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: nomad
|
|
||||||
disposition: write
|
|
||||||
- resource: agent_prefix
|
|
||||||
segment: ''
|
|
||||||
disposition: read
|
|
||||||
- resource: node_prefix
|
|
||||||
segment: ''
|
|
||||||
disposition: write
|
|
||||||
- resource: service_prefix
|
|
||||||
segment: ''
|
|
||||||
disposition: write
|
|
||||||
@@ -1,29 +0,0 @@
|
|||||||
profiles::pki::vault::alt_names:
|
|
||||||
- jumphost.service.consul
|
|
||||||
- jumphost.query.consul
|
|
||||||
- "jumphost.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
profiles::ssh::sign::principals:
|
|
||||||
- jumphost.query.consul
|
|
||||||
- jumphost.service.consul
|
|
||||||
- jumphost.service.%{facts.country}-%{facts.region}.consul
|
|
||||||
|
|
||||||
consul::services:
|
|
||||||
jumphost:
|
|
||||||
service_name: 'jumphost'
|
|
||||||
tags:
|
|
||||||
- 'jumphost'
|
|
||||||
- 'proxy'
|
|
||||||
- 'ssh'
|
|
||||||
address: "%{facts.networking.ip}"
|
|
||||||
port: 22
|
|
||||||
checks:
|
|
||||||
- id: 'ssh_tcp_check'
|
|
||||||
name: 'SSH TCP Check'
|
|
||||||
tcp: "%{facts.networking.ip}:22"
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: jumphost
|
|
||||||
disposition: write
|
|
||||||
@@ -1,3 +1,3 @@
|
|||||||
---
|
---
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
puppetserver: {}
|
- puppetserver
|
||||||
|
|||||||
@@ -5,13 +5,6 @@ profiles::puppet::autosign::subnet_ranges:
|
|||||||
- '198.18.15.0/24'
|
- '198.18.15.0/24'
|
||||||
- '198.18.16.0/24'
|
- '198.18.16.0/24'
|
||||||
- '198.18.17.0/24'
|
- '198.18.17.0/24'
|
||||||
- '198.18.20.0/24'
|
|
||||||
- '198.18.24.0/24'
|
|
||||||
- '198.18.25.0/24'
|
|
||||||
- '198.18.26.0/24'
|
|
||||||
- '198.18.27.0/24'
|
|
||||||
- '198.18.28.0/24'
|
|
||||||
- '198.18.29.0/24'
|
|
||||||
|
|
||||||
profiles::puppet::autosign::domains:
|
profiles::puppet::autosign::domains:
|
||||||
- '*.main.unkin.net'
|
- '*.main.unkin.net'
|
||||||
@@ -26,7 +19,7 @@ profiles::puppet::cobbler_enc::packages:
|
|||||||
- 'requests'
|
- 'requests'
|
||||||
- 'PyYAML'
|
- 'PyYAML'
|
||||||
profiles::puppet::enc::repo: https://git.service.au-syd1.consul/unkinben/puppet-enc.git
|
profiles::puppet::enc::repo: https://git.service.au-syd1.consul/unkinben/puppet-enc.git
|
||||||
profiles::puppet::r10k::r10k_repo: https://git.service.au-syd1.consul/unkin/puppet-r10k.git
|
profiles::puppet::r10k::r10k_repo: https://git.service.au-syd1.consul/unkinben/puppet-r10k.git
|
||||||
profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k'
|
profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k'
|
||||||
profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml'
|
profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml'
|
||||||
profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments'
|
profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments'
|
||||||
|
|||||||
@@ -1 +0,0 @@
|
|||||||
profiles::puppet::puppetboard::secret_key: ENC[PKCS7,MIIB+wYJKoZIhvcNAQcDoIIB7DCCAegCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAoCr9JTtrnMaVjJlEpA0NYNt/QAgTGiEmS3kPn2oJ80Ay7fUl79pop95uLQIfw6C3e8WGUhxYt31wmzent4Bfbced7uF/tjhP2cniKPmZGuf/tmVrGIHIh4T4g0Wz2K0DIU/dGWUlgE03ICRxXlAy0atjUuAp02ehj7bzLuMf+vZbghm8vnOoDCTKjeZNAJEkDvBkIzwUu9JiM9Gn6BzoLLGdEERqs/LR832vjjNmF7KUEH/Ntt47wbLdfCzawsZsBNLggEb1HNGu0aSb0qBXYBPRq6w1L/RU8gX2dCqGRbhDZymihebaOcwU1AtbLEBdHTYQpga+c4bcTz9rJplLtjCBvQYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQAdSjLEaZPK47TY7LDCB7b4CBkOTvHbi4nb+pB/Kng+Z3N9ocZPZdGbV6WzMNGxsxmhWXoi+XKEzEvfB10UhQwDcvZXd2W9hhiRkakq7+S0uLWzCX1jNMH2LXZAzoiyGM4FFvGpx7Z64OhmVrOJuKnxD+3zK6PZqvMb3g7CjZeAr5vyhcT/zO75krhJuYp11ZFpLCRcuASf0ru+Jq5OKD4+ZI/g==]
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
profiles::puppet::puppetdb_api::public_cert: ENC[PKCS7,MIIJrQYJKoZIhvcNAQcDoIIJnjCCCZoCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATUl7Aa6W6Q0gWWPet6fufBUtFUO7wCkED8w3NojkDYNR0Cine5+yWupy1FZ0d75mtdjI16DgZ9d2BhNlnbvPrZHuFSfBFj0s6lc0cYs1dpEUwPwPssmfNNfLe+73Fn0e43fguXisBYiE0Xn4x9UqGEIXXnwBqucIo4lkR0QAvhrmgEsNJKrxKV2isBZOnV40hrilnK3fLszGlfEfEuK1ZLrdtQV54Cl/Fpga8OOEk3Ji+WO/qC3WSQ+RWmc+si5L7w6raFLcHb3ZN96BHNVN2h2rBe85RRTg08LT+9Eyge3Fc0/+eoRmzTvnHMc4RptRfvopv5RGGyOma0mExmD6CzCCCG4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEB2t8I7YdvzPGIuGG1fUIViAgghAKhUoHO1UphPXu/KwYgo3xPSmWWF76B/ZKPd3SdzobYBsfK7CEhRiONU29W/wEzDdn7An2E16bIuecxT114z0i6OqQc3W92jBETWlpV1IRWs4DTb2QWjA4l74KdwRtltpeAKeFjSjuW2+L5UUOgGsaW4lxR0wP/uIqUT76/wQCoCAIw/i+YcIvIJDpeVPKSyaA6GFJbiT8CuG1SzD/1tb+XOxEf3WpeUwVNrPIO1ADjdi3cha6bJDa6Dvrtz8ornYwsfZ9cIlhDb6kmz938+EWpH5swCppfHcMncSd+R1zST6DzhN54+kvWGjvrN79m5+f0al/t3a85iZ6boLXSE8VkPLWZnlAt0ISdCtt0m7luxWWUN3AvmBmLZ5hhjnHUQC4RNCmu3BrjB7bN/nvInZQNcBlArhthiy/DpbdjLpF5kkUq+J+S7I898rG/B8lWrWjYsQvOUM/yiVbpCtsLJS9Pv1UjlkHcere6YgOq4gZKaESF19npV6SLU2MfC+Raefj1biE+haOOjpDdR+xQLAHmZqgOBUFMkYh1RH77zg2QPtz5aDLGypO/yVuJDcuSGV6qpoxc0uu7EmihfOg2cHF6FtSlStwFQYw3mG3oyuByv527lVRUjNHOx85bXeFccb96lyTzStAopLADo9nuOHjDxs6qzXj4h0y5w0ODh3Wyy/h4EXYaTrXuSB/FJJb1rvToC+XJ7ABxzt0rB8ySNtt+DFRssZQ5ZXWF6T88YKLcigKYGNTGmf92Iwpq6+hw0NEF1OWy7aHDzog6xORilgy6zcPTWkz2TUxzOuwN6Y0UeLlj+C4r+hl17/9aYhls6UJ+5xF+ZNcJmqEXqZ5HHykcYRwaWI0FF4tkbsto8Is2/aZVfeQc/2JZ+9IbLXlh1Km6hJxWJmw/S9RwTXVK7kGO/IlIoQiYTFYoeSU4RDPVUXZTBmGxuBmz37JPVMLXkL6tGUPwTz6pa+AMppT/qMLC8y2LhLm+eRsfz4w2ySc/kBR0FKsD0Z1h9h4zM+VtNnxaSYmxkFG77pX+bi/ToQqaydWblf0NPdw2t+uoULzkxxhX3wjZi8V9gGOhZ7s7YUKJFljZZYcl0MnDab+xGjD8DGiq/vHqTLXm8DYpVOxsryGIJ3zXf5KPvo8y6/wQAkKq6Vb4lraqkg9m5wGLxQDemE4h2OWgjcnWOXx/N9bcVO0xMyqrFo337wPoZ+hYQhwxzrfiQZ87nLe28OstaWS8OK6KoAx95LvMypaFURf+EoZkYO8wFiLmFBNAMMOkf/TJjmXoeDw46Qv1sZi57239pgzxz6RXEjd5TBURli7tSaniqKNarRY7ZoYymzYBv9Kyj6zQGgXxozhQsMsju9fTo2l+bXQ2siBljHnNkI+I3aO5Q6FLpM57h5xhA86ayJzfaKSbniMARGY2inG3qUfKafgQUvrYBxaIxSBAg7LfE2GRJx8gEioATFZpclrm+0fP3xaXW3I/wiyl/EPKIP2aPP8lqJam/KWXZ46nYdgrKIrg51tXp/YUcgR6geZYHIBWkAgofJeThKPz9ervLzu3dYS0FgMiRcyCOXfI4nttW/QCNl5a19UXXYpSgj0MOAKuSZYkHYgaSt7DNt3sZtWLtCZ1M/QFLSiqsfUAULVwUJpOCS4Ul0Bn9gu038xCBCkaQ8VnSHtvl6NsCUHDhk/JGq5pmZjrE5zTEnlMBUBoQ1sun/HwLAnoX24KV+3pzwul0eCLm2pBndWvgnHsEY7COiookx7mwvg93xuejN7zQk/NAJp4L3haT5ueVTcUcEsTPmsIDMn2xg2HSGLum6yG02XPMBYJlG/GHtu2kuvOV2UFqxkzje4FB3cNishelQ1VRDOBJodt8xmfKkgPciFChEOVe5OY7AbBvKIBab+kjbG78guGReqkmePFkEtsnL7KouiERojAVsGXtvqOT2dQvO7xLrozLk+kY/Xk6HkGedmc2PUEc/CSKPy73k2a154ByzwfOaAaTM1XCvo4Ff7hTA7VHUu3rWpHmd2LZbKN1nlGbrrX0Wk0jt72OsRWRzgKp+81jEkNh/hbD9xCjmIbzdloOmcJJbcyikmThVpFaUMaHowZmrBtQxE7pR2ARbhVvNXH3fZQnIpxMcHEPoKh12pOTlp+GIO8H1EsGZ6tOjXniBiy/szoa8Oi/eJp/Co8uRoDSyBc5t6ZD6ciLHOVG4c0nCdMHaouA/EXNe/EOzLg4fYk7cLBNGoaBUo8LbXv0Z2tkhtE1ctl8NBvZS3X80VchtmQg7lVlqZUEkcXEtoadrjRpiWL9EW68mzjTsejePMNBb6CCL4zGqQwCfA1zUVtlNJslguClQ2u0IlqPjBYsj3Xy+leg24YrHKB1zEu1/aGuVxCBlJMozQj//5OCTp+1iO0EExnGBYjZuk8UTYrUj9FZeu5GiRlBvky1HBE/fq4LPD7l/Gr0npAwKJofIglA2DZe9Sr4VmA8oi4vsmbpmtyPLVa/pfVXrl/w2dLH/Y2TI8MbPFMvjtAgdlK6endrxpb9EC2YeWrFibDXL9EsOAXo5droa6WyIDoVr7GBZ0Faa19uW2IZf0fw02tz0L1Bg/4RopeIZpbH0CKCwpqg5GNb7gKvKkXt9ugI84ZGnF5CgrqXH+lXXtMgHsEkUQ6vAJeKioLSMVla6Pu/BdztDKBVuKTEzV/lH/nbR2qhjlIEm+AntndtRNU3J6Aakje0keGjDV66paCnh/v7fha3SOPkgCV8OxrqMDAUl9/RxB907OF/Ethg4F/gsWfwDJLcAoS206rV6r+VZyurb3xx6HSLFzh+MMBgNlJhf]
|
|
||||||
profiles::puppet::puppetdb_api::private_cert: ENC[PKCS7,MIIOHQYJKoZIhvcNAQcDoIIODjCCDgoCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAR7TO46Sg7DTeJmy+YMKpcKgcbbyDed4zHib7Jii2ltlFBMzFAJ49u986i13pSE0qaPIgydc94ILKc0oTwTWvstbiBJB2NYikswKHIJwKKSTzzbfCz1/eyfVKwKyp3DakdImdPClmjZIp/eQyWsLkZjxmJ5T9MVHSo3l8sNVY3WyGbKwEi0TwZabE9Op8cvFTifcBL5zDwKMrhwghAPEoVz8DALoMOko8Lp2K7yCo+LvyvY/Ib9CtIfbgpXQTo2NDbww29/KWHqw6PjzRdyuswUDdnCuLOaThUQkDopTZyhhJ9Y5z5/7Doo/zGYQLBkyThjtKkKwsPlq1eGkjFzY/ITCCDN4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEAvibroua3O2ot73run7uWKAggywIm7gZ/o/vc47kaCICTS2LtsHDmTe9HHqujdAdQLlBGvEhasKGDMr8s54aIbNUbLhD82Vuvwjl2GShqSg/IATfwzDPoqm982KrVZd/9kO61o3vBdtqZO1+InbY7iDbTqf45A7Ar3545aF+/y30WDamFyECwCePrQu1Y9bw6VhLTEVYO+A8zr8y0CYRKAtWNYcPpTP/3VO8/RKtMV+nWrUzS00zAp56lA7xeOzdeKdHzCkpKeaHrpSEN6YGrZmAhTdKBxHYiez9h3eZprEtqoAz0I5DL9Y54t74+pZxicFjQKYPxUGccqg0dIkFZUgE1dxuOkASspydJ890xC/SYJZxREeuF9SPCUkT4Szc814/JHzfqrHt5ZfdzQcBX0xjtEfwoud+Hc4MVerT4cmhyaJLP1/jEe8l3B3Cj4uVilbfAyxOAmAHZl4lcKawdzqUm1os6bsBzCwQU0usKYlW1vczvjvxHvq5z/+IQvCvvlPlUrVIlB7XaiIihkW4LbgZBKNaCWW8rihewX5FUTtvjveHzkGqXnzBBF8WfQmNvVtjKFGdkz3teOHShZOZO7fYo4rHGAV+KVz3kzSCZ8pgqAUsYYW5z/aViNnFuNdDz8xiq05DfUtD3GwbydH2mr5IN8bAFwufAidKEfuQeAusCuS5k6PRJyXK81ErqYMW/H+mSLVw9jCNOqqGGfiYdfcx8oNw+U1Vz/fDmQIQ+eT/JKDSOCbBYjrydC9WBzvgRngDoLQ/UXGCnIENqLJekvVJ0x9KTUhrzQyZVky+INyzp3i5UDyu2uLH55vJEI7qSmcM0Y8Eyj3Buc+0k739OQCC56IiQm/Aw6Uh+6Vi+/MfevcI5K0etMgTZ+dIhRAJAT5Jd4vRu4ge8M1HqEOQQj5lQfO+WtHcgwFyg1dGeQF6I6iy0JfMqXZVDsEkyCsDN6ZDaLcgMQN0FYWSsqy7tCzU9ZbvQ/pAHT/Ed1mNDWs+w0YzgcVv8+XCBGVzunpqcjbi08aKDYIKOIL5EBVOfDwGIeYjBuJhINQa49tNryXEkjZs+OxXDM4YvvksvwfNq4P4OLNJHoQ4DCEyqVbdqGGksRjNtU28Lu8y2M5eX6ehG8ismBMSgUy0SIbR5vTDVNjguo4HD7slVNYqERfMjlwHbnOLajoPl8nWIrhW3glWKBvJ1bQKWU81TRawlCAQ3k5DFnebFgoBagtqo0+Zoygt29Bz38wwqfF90jvfzVEM0sy4X+7FxZFYX2WTWKyZV3+16a7hWBjMbJeulU1chzs1V0/lPMXVEa+c3xcO8W2DyrX4wR27fUEfjPmug49tMhMSFOZXEOwzUMsXjz3K4XhEcC0mtYHDMT0EYtRX8pHe62RkMILuJGRHvw3Wwg2GzZRMpZfPQy8jLhkOhUSGc7z4XEWC/PdLmfGjBTZsZ6G2FfKlGLbSxOlgQlew2sZ+oNTHRrN+aMrkgyG11TheXDbE0y+Sxls+13DEYbMaflq5wjE2FlvD3b5X7/Pu4BizQI7Ski7jjb5qcqik8xoin2qGfhnY6H6PNSPz67J1RTxVZjHgUtZQKG56e+aKIv5FFyjFTgEPRqj3Yyrzh7+E6gt+LETh3vuJDUxKPLZskLD03xP6E/yiLbIu5DIYzK9+uuS/JGF3OibE93hgwp9uzDFirDzRbcuDVDxZyToSfH8P7m58lhp/FiKO3rpUqRqaC/GXz5xbekQ+yGuMKk6qEmiPj7B3pHm2Ic2tJIGTpTNCDNfsqefplUJXbKskiKRxOP04yCIn3XuHu8jUDhWZW848RWHgXfySdqEAFKrvsyamJKXz/1IGIdDzOgnAcd/wiudhZ41gDaCyA1DQYxU9T04106eD9aTZwj+mS9uZmfwHfROiBinC1ZAHsXfjLtwVZj3gpdUsieIqAiuAuMKle9yOMn3np4NEu5vjj/SOZeVWCvBfcPg8VB+uj6s7FtXRH5jdxkaB72PykYa8aTAbNKqcw/qlowv0k/vWnWa++fFFVfbg+VZ3a6oEW2YKvcVefQg/R4nEeTusmH/tnOl7SHLlJ4WLQ+U+v0GLeCY6zJKS6WweN+6SXIbkB9BLES2VpvxlYAmjqLlQuJBpcIuxL1SwCIkKUXdWjQqp6WzfS4XSxuxizZNL8xlEjXSJzFXvo+rPZXF37gHvmLHnjJkQdhctZUjyzDUfgLdR4FcMsp/U8qugWtbbemARFtrXHT9D3M/hVp0z/0ho80LB2chI1nOfY0u8GXgHtJfwZtoeyctud6JLo4zUxZy0zQMqIqgpytVNhjMPOIK5sWpKCKscPlg8+vANhPQHze7Wc8PXwC7jbSMH4QqqnGz+fPB/KKl+wz4jICe/vu7fNJRq0pehibPifXJtBDBH+i+s/U3ZX2WECKPYsF0DXq8Askisa3b97WPO7oWk8ghzE8ZXZs5CypkLpq+oPRg/WrsRJea+EWmkzKmBXtS23AQzhItNB0KFP18elLVmb6atYNs4lzv22ptifD+5wbYmk+/mAVgInqqixLPAy2uofCXvlXhIPd4vgkwpjar/lxcZWGtX7c7EUzDND1AyirMjcZyTaMsHEzYybT3S/8n8OgxVvyemLvgHnmZxmWnUBFUhItQ2Pt6iF2Dn68huo+0PE5K5qlKzoRPbfNLrNYImn4KxmLW5+bT2STe1j8aowyY3ROY1r+4BxHIbDknCb5aj6N4WR14SeUWSSPu23oK1VDLBlQUMiHHqfJwu0NiGhsI8Vl0Mp5Slp6FK0UvZz2O7C+x0HGaWVK9mMuP40BKHjEo7T97ZoXMN0uX4GmBQ3jEwXzsPpuPbZI5JnwwEyp5YX+IyYWJyCww2fntSQ/fS509b6mvG5isUMK3lpiogucROtJTA1KrODrocpTgUGvIwDUP/tosGT57lmXjTmHbTf6WjCHIUZsrbT5ycjYNJI0sn+dfx3Tba289CEeBEaX2FefnHX+o8HMLlRI4JmiD6faswCjC2IFMjDVfkJoie45Y+8Q9LSVZ8TkZey1QucNRrMIKpNLo4cPDCdUJIOPUDbfX4I1g0Qhk7T5WYX/JUtiaUgKiR5Gc/PHmV8oL8G9P+OSgg2Lc5XaN7/PevHCiBOLwAXsKbSCwL7oGmxyw90+sHIZr+ZyClNnfuXE3UrW7NXQI6mCxvQWKtJKn1trO17I6Cd00RMfC3uPy5/LIicubunfvDjp3BlaatxIrzDg3rVnFPX0dKzt/s4iuSyK3IT0le/x9OBLIp4EhdQdvd2HOFYxOtjxzbvWRzWrqGpBsLQLg7EG5adrqg69VOQMCT2pq0sCJp6hk4yGHbuz4hoX2PIeiI3l/Z0TwDGopGWW3uWRWxH/6bq1a6idgxHYhruUmR8aFpUKSsVyodiDV1PtK1zj5mKcZdeXx0THBYTEUWyo3RI9iLUnMcDYyPRTjCKoCm6pPS7yjIT7tq+MUi3iWo2XijY8AaV/K+WrnkcqoQH2cXsrBoH0sZMksdWwYBYz97+RKkx3FSxgdXJb1xxr0X21oPW1PhJq/zHSxe3OmxwYMPeZsGPaG8UngxTdfTQ3KPn+mN9NRXvlXkqudGJa/d/QMinCf/tp9eU1WX5xktqDgqBbPD391+6gcDsFgdidFdpLKf6yGLEovTwE9GrLX7srAC2dPOxviWekqng8H0N9RjHT06NVD9kAnnR/01ZkmmPzdP7vLX9imy0j/huTpN8i9XpFS6za4jdGt46Y5SfRKg/4qpwtE6meElgiOnTkP2uBI5cF4czaK1rYr1ZlwoneFzNHnBVFctAP7CD+w98hYexQ5RrdUYgFrMB5+88Y1IrI8Gd02RCEycPCoxdEFXqBVWmu2N/fuovgihTn9qf/mUxpQPsiUHjCgmV5w+ALs02oiRf08b8mTBAjy8utziFA6efpAppv98bQUfTs8lyNn7sH6OCoa4ZKeB51wqPXZBsKZ8Ja9VDZXjpCV+MB0b9XuSgOx2Y3UD/GJ/+eW7J6MiYFTHrhB1kRert5vRdF4M2KMoyYnVRFMBRqimnNBq6xrOvz4D6dSiquhFRtxlnb6dPCyRgHImsFbR/qdDukLB6DB+vfjzZQArLbkaMVF86hX1+9xP+BdZPsnVapY9u+DSZP7ZkEP/VftTl7uJZnqAWUis+jOncUizmzSIpV6cZO7SVdiQicHiRm6VSOmpBhniRKYN13Ct8B0g+JJeyMlx6OGALMLvcXKDXxJNvyYL9FuXyRvOygButRRjvLsEku+fl9ESD27r56ZNExf7w411cGbKQ+obhSnMsBM2qGBDR97VJyLGhbFX7SKl7CGOAWZF3TbOe4PU4Ty75qb8+U5R8amQ1FFQD4r65M=]
|
|
||||||
@@ -29,11 +29,11 @@ profiles::yum::global::repos:
|
|||||||
name: postgresql-15
|
name: postgresql-15
|
||||||
descr: postgresql-15 repository
|
descr: postgresql-15 repository
|
||||||
target: /etc/yum.repos.d/postgresql.repo
|
target: /etc/yum.repos.d/postgresql.repo
|
||||||
baseurl: https://packagerepo.service.consul/postgresql/rhel%{facts.os.release.major}/15-daily/%{facts.os.architecture}/os
|
baseurl: https://edgecache.query.consul/postgres/yum/15/redhat/rhel-%{facts.os.release.full}-%{facts.os.architecture}
|
||||||
gpgkey: https://packagerepo.service.consul/postgresql/rhel%{facts.os.release.major}/15-daily/%{facts.os.architecture}/os/PGDG-RPM-GPG-KEY-RHEL
|
gpgkey: https://edgecache.query.consul/postgres/yum/keys/PGDG-RPM-GPG-KEY-RHEL
|
||||||
postgresql-common:
|
postgresql-common:
|
||||||
name: postgresql-common
|
name: postgresql-common
|
||||||
descr: postgresql-common repository
|
descr: postgresql-common repository
|
||||||
target: /etc/yum.repos.d/postgresql.repo
|
target: /etc/yum.repos.d/postgresql.repo
|
||||||
baseurl: https://packagerepo.service.consul/postgresql/rhel%{facts.os.release.major}/common-daily/%{facts.os.architecture}/os
|
baseurl: https://edgecache.query.consul/postgres/yum/common/redhat/rhel-%{facts.os.release.full}-%{facts.os.architecture}
|
||||||
gpgkey: https://packagerepo.service.consul/postgresql/rhel%{facts.os.release.major}/common-daily/%{facts.os.architecture}/os/PGDG-RPM-GPG-KEY-RHEL
|
gpgkey: https://edgecache.query.consul/postgres/yum/keys/PGDG-RPM-GPG-KEY-RHEL
|
||||||
|
|||||||
@@ -1,162 +1,111 @@
|
|||||||
---
|
---
|
||||||
profiles::packages::include:
|
profiles::packages::install:
|
||||||
createrepo: {}
|
- createrepo
|
||||||
|
|
||||||
profiles::ssh::sign::principals:
|
|
||||||
- packagerepo.service.consul
|
|
||||||
- packagerepo.query.consul
|
|
||||||
- "packagerepo.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
# additional altnames
|
|
||||||
profiles::pki::vault::alt_names:
|
profiles::pki::vault::alt_names:
|
||||||
- packagerepo.main.unkin.net
|
- repos.main.unkin.net
|
||||||
- packagerepo.service.consul
|
|
||||||
- packagerepo.query.consul
|
|
||||||
- "packagerepo.service.%{facts.country}-%{facts.region}.consul"
|
|
||||||
|
|
||||||
# configure consul service
|
|
||||||
consul::services:
|
|
||||||
jupyterhub:
|
|
||||||
service_name: 'packagerepo'
|
|
||||||
tags:
|
|
||||||
- 'packagerepo'
|
|
||||||
address: "%{facts.networking.ip}"
|
|
||||||
port: 443
|
|
||||||
checks:
|
|
||||||
- id: 'packagerepo_http_check'
|
|
||||||
name: 'packagerepo HTTP Check'
|
|
||||||
http: "https://%{facts.networking.fqdn}"
|
|
||||||
method: 'GET'
|
|
||||||
tls_skip_verify: true
|
|
||||||
interval: '10s'
|
|
||||||
timeout: '1s'
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service
|
|
||||||
segment: packagerepo
|
|
||||||
disposition: write
|
|
||||||
|
|
||||||
profiles::reposync::webserver::nginx_listen_mode: both
|
profiles::reposync::webserver::nginx_listen_mode: both
|
||||||
profiles::reposync::webserver::nginx_cert_type: vault
|
profiles::reposync::webserver::nginx_cert_type: vault
|
||||||
profiles::reposync::repos_list:
|
profiles::reposync::repos_list:
|
||||||
almalinux_9_5_baseos:
|
almalinux_8_9_baseos:
|
||||||
repository: 'baseos'
|
repository: 'BaseOS'
|
||||||
description: 'AlmaLinux 9.5 BaseOS'
|
description: 'AlmaLinux 8.9 - BaseOS'
|
||||||
osname: 'almalinux'
|
osname: 'almalinux'
|
||||||
release: '9.5'
|
release: '8.9'
|
||||||
mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/baseos'
|
mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/baseos
|
||||||
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
|
||||||
almalinux_9_5_appstream:
|
almalinux_8_9_appstream:
|
||||||
repository: 'appstream'
|
repository: 'AppStream'
|
||||||
description: 'AlmaLinux 9.5 AppStream'
|
description: 'AlmaLinux 8.9 - AppStream'
|
||||||
osname: 'almalinux'
|
osname: 'almalinux'
|
||||||
release: '9.5'
|
release: '8.9'
|
||||||
mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/appstream'
|
mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/appstream
|
||||||
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
|
||||||
almalinux_9_5_crb:
|
almalinux_8_9_highavailability:
|
||||||
repository: 'crb'
|
repository: 'HighAvailability'
|
||||||
description: 'AlmaLinux 9.5 CRB'
|
description: 'AlmaLinux 8.9 - HighAvailability'
|
||||||
osname: 'almalinux'
|
osname: 'almalinux'
|
||||||
release: '9.5'
|
release: '8.9'
|
||||||
mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/crb'
|
mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/ha
|
||||||
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
|
||||||
almalinux_9_5_ha:
|
almalinux_8_9_powertools:
|
||||||
repository: 'ha'
|
repository: 'PowerTools'
|
||||||
description: 'AlmaLinux 9.5 HighAvailability'
|
description: 'AlmaLinux 8.9 - PowerTools'
|
||||||
osname: 'almalinux'
|
osname: 'almalinux'
|
||||||
release: '9.5'
|
release: '8.9'
|
||||||
mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/highavailability'
|
mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/powertools
|
||||||
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
|
||||||
almalinux_9_5_extras:
|
almalinux_8_9_extras:
|
||||||
repository: 'extras'
|
repository: 'extras'
|
||||||
description: 'AlmaLinux 9.5 extras'
|
description: 'AlmaLinux 8.9 - extras'
|
||||||
osname: 'almalinux'
|
osname: 'almalinux'
|
||||||
release: '9.5'
|
release: '8.9'
|
||||||
mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/extras'
|
mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/extras
|
||||||
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
|
||||||
almalinux_9_4_baseos:
|
centos_8_advanced_virtualization:
|
||||||
repository: 'baseos'
|
repository: 'virt-advanced-virtualization'
|
||||||
description: 'AlmaLinux 9.4 BaseOS'
|
description: 'CentOS Advanced Virtualization'
|
||||||
osname: 'almalinux'
|
osname: 'centos'
|
||||||
release: '9.4'
|
release: '8' # Assumed static value for demonstration
|
||||||
baseurl: 'https://vault.almalinux.org/9.4/BaseOS/x86_64/os/'
|
mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=virt-advanced-virtualization' # Assuming 'stream' and 'x86_64'
|
||||||
gpgkey: 'https://vault.almalinux.org/9.4/BaseOS/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||||
almalinux_9_4_appstream:
|
centos_8_ceph_pacific:
|
||||||
repository: 'appstream'
|
repository: 'storage-ceph-pacific'
|
||||||
description: 'AlmaLinux 9.4 AppStream'
|
description: 'CentOS Ceph Pacific'
|
||||||
osname: 'almalinux'
|
osname: 'centos'
|
||||||
release: '9.4'
|
release: '8' # Assumed static value for demonstration
|
||||||
baseurl: 'https://vault.almalinux.org/9.4/AppStream/x86_64/os/'
|
mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=storage-ceph-pacific' # Assuming '8' and 'x86_64'
|
||||||
gpgkey: 'https://vault.almalinux.org/9.4/AppStream/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||||
almalinux_9_4_crb:
|
centos_8_rabbitmq_38:
|
||||||
repository: 'crb'
|
repository: 'messaging-rabbitmq-38'
|
||||||
description: 'AlmaLinux 9.4 CRB'
|
description: 'CentOS RabbitMQ 38'
|
||||||
osname: 'almalinux'
|
osname: 'centos'
|
||||||
release: '9.4'
|
release: '8-stream' # Specified based on the repository name
|
||||||
baseurl: 'https://vault.almalinux.org/9.4/CRB/x86_64/os/'
|
mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=messaging-rabbitmq-38' # Assuming '8' and 'x86_64'
|
||||||
gpgkey: 'https://vault.almalinux.org/9.4/CRB/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
|
||||||
almalinux_9_4_ha:
|
centos_8_nfv_openvswitch:
|
||||||
repository: 'ha'
|
repository: 'nfv-openvswitch-2'
|
||||||
description: 'AlmaLinux 9.4 HighAvailability'
|
description: 'CentOS NFV OpenvSwitch'
|
||||||
osname: 'almalinux'
|
osname: 'centos'
|
||||||
release: '9.4'
|
release: '8-stream' # Assumed static value for demonstration
|
||||||
baseurl: 'https://vault.almalinux.org/9.4/HighAvailability/x86_64/os/'
|
mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=nfv-openvswitch-2' # Assuming 'stream' and 'x86_64'
|
||||||
gpgkey: 'https://vault.almalinux.org/9.4/HighAvailability/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
|
||||||
almalinux_9_4_extras:
|
centos_8_openstack_xena:
|
||||||
repository: 'extras'
|
repository: 'cloud-openstack-xena'
|
||||||
description: 'AlmaLinux 9.4 extras'
|
description: 'CentOS OpenStack Xena'
|
||||||
osname: 'almalinux'
|
osname: 'centos'
|
||||||
release: '9.4'
|
release: '8-stream' # Directly taken from the provided mirrorlist
|
||||||
baseurl: 'https://vault.almalinux.org/9.4/extras/x86_64/os/'
|
mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=cloud-openstack-xena' # Assuming 'x86_64'
|
||||||
gpgkey: 'https://vault.almalinux.org/9.4/extras/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
|
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
|
||||||
docker_stable_el8:
|
centos_8_opstools:
|
||||||
repository: 'stable'
|
repository: 'opstools-collectd-5'
|
||||||
description: 'Docker CE Stable EL8'
|
description: 'CentOS OpsTools - collectd'
|
||||||
osname: 'docker'
|
osname: 'centos'
|
||||||
release: 'el8'
|
release: '8-stream' # Assumed static value for demonstration
|
||||||
baseurl: 'https://download.docker.com/linux/centos/8/x86_64/stable/'
|
mirrorlist: 'http://mirrorlist.centos.org/?arch=x86_64&release=8-stream&repo=opstools-collectd-5' # Assuming 'stream' and 'x86_64'
|
||||||
gpgkey: 'https://download.docker.com/linux/centos/gpg'
|
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
|
||||||
docker_stable_el9:
|
centos_8_ovirt45:
|
||||||
repository: 'stable'
|
repository: 'virt-ovirt-45'
|
||||||
description: 'Docker CE Stable EL9'
|
description: 'CentOS oVirt 4.5'
|
||||||
osname: 'docker'
|
osname: 'centos'
|
||||||
release: 'el9'
|
release: '8-stream' # Assumed static value for demonstration
|
||||||
baseurl: 'https://download.docker.com/linux/centos/9/x86_64/stable/'
|
mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=virt-ovirt-45' # Assuming 'stream' and 'x86_64'
|
||||||
gpgkey: 'https://download.docker.com/linux/centos/gpg'
|
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
|
||||||
frr_stable_el8:
|
centos_8_stream_gluster10:
|
||||||
repository: 'stable'
|
repository: 'storage-gluster-10'
|
||||||
description: 'FRR Stable EL8'
|
description: 'CentOS oVirt 4.5 - Glusterfs 10'
|
||||||
osname: 'frr'
|
osname: 'centos'
|
||||||
release: 'el8'
|
release: '8-stream' # Assumed static value for demonstration
|
||||||
baseurl: 'https://rpm.frrouting.org/repo/el8/frr/'
|
mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=storage-gluster-10' # Assuming 'stream' and 'x86_64'
|
||||||
gpgkey: 'https://packagerepo.service.consul/frr/gpg/RPM-GPG-KEY-FRR'
|
gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
|
||||||
frr_extras_el8:
|
epel_8_everything:
|
||||||
repository: 'extras'
|
repository: 'Everything'
|
||||||
description: 'FRR Extras EL8'
|
description: 'EPEL 8 Everything'
|
||||||
osname: 'frr'
|
osname: 'epel'
|
||||||
release: 'el8'
|
release: '8'
|
||||||
baseurl: 'https://rpm.frrouting.org/repo/el8/extras/'
|
mirrorlist: 'https://mirrors.fedoraproject.org/mirrorlist?repo=epel-8&arch=x86_64'
|
||||||
gpgkey: 'https://packagerepo.service.consul/frr/gpg/RPM-GPG-KEY-FRR'
|
gpgkey: 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8'
|
||||||
frr_stable_el9:
|
|
||||||
repository: 'stable'
|
|
||||||
description: 'FRR Stable EL9'
|
|
||||||
osname: 'frr'
|
|
||||||
release: 'el9'
|
|
||||||
baseurl: 'https://rpm.frrouting.org/repo/el9/frr/'
|
|
||||||
gpgkey: 'https://packagerepo.service.consul/frr/gpg/RPM-GPG-KEY-FRR'
|
|
||||||
frr_extras_el9:
|
|
||||||
repository: 'extras'
|
|
||||||
description: 'FRR Extras el9'
|
|
||||||
osname: 'frr'
|
|
||||||
release: 'el9'
|
|
||||||
baseurl: 'https://rpm.frrouting.org/repo/el9/extras/'
|
|
||||||
gpgkey: 'https://packagerepo.service.consul/frr/gpg/RPM-GPG-KEY-FRR'
|
|
||||||
k8s_1.32:
|
|
||||||
repository: '1.32'
|
|
||||||
description: 'Kubernetes 1.32'
|
|
||||||
osname: 'k8s'
|
|
||||||
release: '1.32'
|
|
||||||
baseurl: 'https://pkgs.k8s.io/core:/stable:/v1.32/rpm/'
|
|
||||||
gpgkey: 'https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key'
|
|
||||||
mariadb_11_2_el8:
|
mariadb_11_2_el8:
|
||||||
repository: 'el8'
|
repository: 'el8'
|
||||||
description: 'MariaDB 11.2'
|
description: 'MariaDB 11.2'
|
||||||
@@ -171,27 +120,6 @@ profiles::reposync::repos_list:
|
|||||||
release: 'el'
|
release: 'el'
|
||||||
baseurl: 'https://yum.puppet.com/puppet7/el/8/x86_64/'
|
baseurl: 'https://yum.puppet.com/puppet7/el/8/x86_64/'
|
||||||
gpgkey: 'https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406'
|
gpgkey: 'https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406'
|
||||||
puppet7_el9:
|
|
||||||
repository: '9'
|
|
||||||
description: 'Puppet 7 EL9'
|
|
||||||
osname: 'puppet7'
|
|
||||||
release: 'el'
|
|
||||||
baseurl: 'https://yum.puppet.com/puppet7/el/9/x86_64/'
|
|
||||||
gpgkey: 'https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406'
|
|
||||||
puppet8_el8:
|
|
||||||
repository: '8'
|
|
||||||
description: 'Puppet 8 EL8'
|
|
||||||
osname: 'puppet8'
|
|
||||||
release: 'el'
|
|
||||||
baseurl: 'https://yum.puppet.com/puppet8/el/8/x86_64/'
|
|
||||||
gpgkey: 'https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406'
|
|
||||||
puppet8_el9:
|
|
||||||
repository: '9'
|
|
||||||
description: 'Puppet 8 EL9'
|
|
||||||
osname: 'puppet8'
|
|
||||||
release: 'el'
|
|
||||||
baseurl: 'https://yum.puppet.com/puppet8/el/9/x86_64/'
|
|
||||||
gpgkey: 'https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406'
|
|
||||||
postgresql_rhel8_common:
|
postgresql_rhel8_common:
|
||||||
repository: 'common'
|
repository: 'common'
|
||||||
description: 'PostgreSQL Common RHEL 8'
|
description: 'PostgreSQL Common RHEL 8'
|
||||||
@@ -199,27 +127,6 @@ profiles::reposync::repos_list:
|
|||||||
release: 'rhel8'
|
release: 'rhel8'
|
||||||
baseurl: 'https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-8-x86_64/'
|
baseurl: 'https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-8-x86_64/'
|
||||||
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
||||||
postgresql_rhel9_common:
|
|
||||||
repository: 'common'
|
|
||||||
description: 'PostgreSQL Common RHEL 9'
|
|
||||||
osname: 'postgresql'
|
|
||||||
release: 'rhel9'
|
|
||||||
baseurl: 'https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-9-x86_64/'
|
|
||||||
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
|
||||||
postgresql_rhel8_15:
|
|
||||||
repository: '15'
|
|
||||||
description: 'PostgreSQL 15 RHEL 8'
|
|
||||||
osname: 'postgresql'
|
|
||||||
release: 'rhel8'
|
|
||||||
baseurl: 'https://download.postgresql.org/pub/repos/yum/15/redhat/rhel-8-x86_64/'
|
|
||||||
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
|
||||||
postgresql_rhel9_15:
|
|
||||||
repository: '15'
|
|
||||||
description: 'PostgreSQL 15 RHEL 9'
|
|
||||||
osname: 'postgresql'
|
|
||||||
release: 'rhel9'
|
|
||||||
baseurl: 'https://download.postgresql.org/pub/repos/yum/15/redhat/rhel-9-x86_64/'
|
|
||||||
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
|
||||||
postgresql_rhel8_16:
|
postgresql_rhel8_16:
|
||||||
repository: '16'
|
repository: '16'
|
||||||
description: 'PostgreSQL 16 RHEL 8'
|
description: 'PostgreSQL 16 RHEL 8'
|
||||||
@@ -227,52 +134,3 @@ profiles::reposync::repos_list:
|
|||||||
release: 'rhel8'
|
release: 'rhel8'
|
||||||
baseurl: 'https://download.postgresql.org/pub/repos/yum/16/redhat/rhel-8-x86_64/'
|
baseurl: 'https://download.postgresql.org/pub/repos/yum/16/redhat/rhel-8-x86_64/'
|
||||||
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
||||||
postgresql_rhel9_16:
|
|
||||||
repository: '16'
|
|
||||||
description: 'PostgreSQL 16 RHEL 9'
|
|
||||||
osname: 'postgresql'
|
|
||||||
release: 'rhel9'
|
|
||||||
baseurl: 'https://download.postgresql.org/pub/repos/yum/16/redhat/rhel-9-x86_64/'
|
|
||||||
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
|
||||||
postgresql_rhel8_17:
|
|
||||||
repository: '17'
|
|
||||||
description: 'PostgreSQL 17 RHEL 8'
|
|
||||||
osname: 'postgresql'
|
|
||||||
release: 'rhel8'
|
|
||||||
baseurl: 'https://download.postgresql.org/pub/repos/yum/17/redhat/rhel-8-x86_64/'
|
|
||||||
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
|
||||||
postgresql_rhel9_17:
|
|
||||||
repository: '17'
|
|
||||||
description: 'PostgreSQL 17 RHEL 9'
|
|
||||||
osname: 'postgresql'
|
|
||||||
release: 'rhel9'
|
|
||||||
baseurl: 'https://download.postgresql.org/pub/repos/yum/17/redhat/rhel-9-x86_64/'
|
|
||||||
gpgkey: 'https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL'
|
|
||||||
zfs_dkms_rhel8:
|
|
||||||
repository: 'dkms'
|
|
||||||
description: 'ZFS DKMS RHEL 8'
|
|
||||||
osname: 'zfs'
|
|
||||||
release: 'rhel8'
|
|
||||||
baseurl: 'http://download.zfsonlinux.org/epel/8/x86_64/'
|
|
||||||
gpgkey: 'https://packagerepo.service.consul/zfs/gpg/RPM-GPG-KEY-openzfs-2013'
|
|
||||||
zfs_kmod_rhel8:
|
|
||||||
repository: 'kmod'
|
|
||||||
description: 'ZFS KMOD RHEL 8'
|
|
||||||
osname: 'zfs'
|
|
||||||
release: 'rhel8'
|
|
||||||
baseurl: 'http://download.zfsonlinux.org/epel/8/kmod/x86_64/'
|
|
||||||
gpgkey: 'https://packagerepo.service.consul/zfs/gpg/RPM-GPG-KEY-openzfs-2013'
|
|
||||||
zfs_dkms_rhel9:
|
|
||||||
repository: 'dkms'
|
|
||||||
description: 'ZFS DKMS RHEL 9'
|
|
||||||
osname: 'zfs'
|
|
||||||
release: 'rhel9'
|
|
||||||
baseurl: 'http://download.zfsonlinux.org/epel/9/x86_64/'
|
|
||||||
gpgkey: 'https://packagerepo.service.consul/zfs/gpg/RPM-GPG-KEY-openzfs-2022'
|
|
||||||
zfs_kmod_rhel9:
|
|
||||||
repository: 'kmod'
|
|
||||||
description: 'ZFS KMOD RHEL 9'
|
|
||||||
osname: 'zfs'
|
|
||||||
release: 'rhel9'
|
|
||||||
baseurl: 'http://download.zfsonlinux.org/epel/9/kmod/x86_64/'
|
|
||||||
gpgkey: 'https://packagerepo.service.consul/zfs/gpg/RPM-GPG-KEY-openzfs-2022'
|
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
profiles::sql::patroni::superuser_password: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAImaYEH6ktU6KYDu96OtuJu11FbmE+b9YwrkJiv72QfuVivR7lGfieRKcvkrq3IsNcwhhnl1lzyMZHteib7jLEIiaq59AZFiZyfF2E5bhNYfW4QcDJd4QOheU2awkZkl6oaoMUxgWOnqvihYVLDfoJ0lj6hBTFuqIzO/KU+AJ4NMO3+/+AK9+HB0u/8Iyuev4RQBkvaRAoszCcFCWTAZJTmhOgWe4xJIxfbh0/5k/dmT5WQ1JPEQK7hnVly9iToROZJDjuyndNHbrhCQUg4+DYMPS2fZVWvcESfxN8lJjBFPojj9ZbG5mLlq1e4A4KiZNwHfA1V4D88VWOkRg65XtZDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBzToImdK5/pk3UeZPyavjTgDCcYBzwY/g353Pbh0xr/we8KmvsQEtfxPDuPm4Kv4hsD5X0dHu2nGzBAZq5uWcE3RE=]
|
|
||||||
profiles::sql::patroni::replication_password: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAWyCj+7WfzpTcpBg6uQ5ykGmLZmb/avW3Pc+VWj9bGvxSQCA8LA6HJlEhhL3mrJSTGUyHLgeEebEup9AVHe2k2l/JHIvhyfx7LI+mNDp8u5p40pM6ZxTdIJFOZmOS/nGjAR6mTv6Ennhpw4sWSDYXU0mJPTHGAked2FXV1xsS0zpTY7hccJHuww5ixOw6jP8E1Pu0ex4LmefOXApowf0jZ2pARndlsXwZldahUHIF48XejclpgCK9rTrb4eQsOZr5ozcj0BBpWg/JKNkQt8mQU5l5/z0GDT08Op8g6MVdJuOWr92uPqjc8sydrz0QAx4l8t1KY2fMWK7BPKqSdcOxiDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDEZBNd56BHVGRVfHDPPwZHgDAZKnqicbF/MVKPi1PwwyHrXMW/fWqocgr1zWx6RXWgXICqjJdEFXwFerXXb39RSDg=]
|
|
||||||
profiles::sql::patroni::postgres_exporter_pass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAL5brQt9CGFU7okDXZWF1jL1j+RbrQZhKfzGWyWl+SqRK6q+xH0LIzYQhOAji7tlDBzvFZpzglmzj0xDrAkQA46jg1DkR5+9Ozru9jL1nhg/6z/F54DlhAG7Ui0hjgSLal79VABLXa/cb9xJThx97b9xoOW+/vpfSKa4izFtkN9fliClFTVafxLlLLD/yABW99aq1OK+9MyCsppvs/rjWbXvjEKL+C0jawh4dBnc+tYJMHC/k5NIK0th4A/zSYVH5q6gFakpxrV2ubETIbVTDncC8zfRLhnrikZYNbCy5PuJb2a4vW1O0AOzUWqvqbRkWpYF7dJB9fzW/Tu8f8d10KTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAJS5PcA9aJvjGIfKSciLLpgDAU7xXGF+Sj+g1ABMvsenEmgXsdSKVU9ZYusIiGnPdFdN4EF9usi7g4SahochlG0NU=]
|
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
---
|
|
||||||
profiles::yum::global::repos:
|
|
||||||
postgresql-15:
|
|
||||||
name: postgresql-15
|
|
||||||
descr: postgresql-15 repository
|
|
||||||
target: /etc/yum.repos.d/postgresql.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/postgresql/rhel%{facts.os.release.major}/15-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/postgresql/rhel%{facts.os.release.major}/15-daily/%{facts.os.architecture}/os/PGDG-RPM-GPG-KEY-RHEL
|
|
||||||
postgresql-common:
|
|
||||||
name: postgresql-common
|
|
||||||
descr: postgresql-common repository
|
|
||||||
target: /etc/yum.repos.d/postgresql.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/postgresql/rhel%{facts.os.release.major}/common-daily/%{facts.os.architecture}/os
|
|
||||||
gpgkey: https://packagerepo.service.consul/postgresql/rhel%{facts.os.release.major}/common-daily/%{facts.os.architecture}/os/PGDG-RPM-GPG-KEY-RHEL
|
|
||||||
|
|
||||||
profiles::sql::patroni::cluster_name: "patroni-%{facts.environment}"
|
|
||||||
profiles::sql::patroni::postgres_exporter_enabled: true
|
|
||||||
profiles::sql::patroni::postgres_exporter_user: postgres_exporter
|
|
||||||
profiles::consul::client::node_rules:
|
|
||||||
- resource: service_prefix
|
|
||||||
segment: "%{hiera('profiles::sql::patroni::cluster_name')}"
|
|
||||||
disposition: write
|
|
||||||
- resource: key_prefix
|
|
||||||
segment: "service/%{hiera('profiles::sql::patroni::cluster_name')}"
|
|
||||||
disposition: write
|
|
||||||
- resource: session_prefix
|
|
||||||
segment: ""
|
|
||||||
disposition: write
|
|
||||||
@@ -89,9 +89,3 @@ profiles::consul::prepared_query::rules:
|
|||||||
service_failover_n: 3
|
service_failover_n: 3
|
||||||
service_only_passing: true
|
service_only_passing: true
|
||||||
ttl: 10
|
ttl: 10
|
||||||
droneci:
|
|
||||||
ensure: 'present'
|
|
||||||
service_name: 'droneci'
|
|
||||||
service_failover_n: 3
|
|
||||||
service_only_passing: true
|
|
||||||
ttl: 10
|
|
||||||
|
|||||||
@@ -125,12 +125,12 @@ profiles::edgecache::params::mirrors:
|
|||||||
ensure: present
|
ensure: present
|
||||||
location: '~* ^/ceph/yum/.*/repodata/'
|
location: '~* ^/ceph/yum/.*/repodata/'
|
||||||
rewrite_rules:
|
rewrite_rules:
|
||||||
- '^/ceph/yum/(.*)$ /rpm-18.2.2/$1 break'
|
- '^/ceph/yum/(.*)$ /rpm-reef/$1 break'
|
||||||
proxy: http://158.69.68.124
|
proxy: http://158.69.68.124
|
||||||
ceph_yum_data:
|
ceph_yum_data:
|
||||||
ensure: present
|
ensure: present
|
||||||
location: /ceph/yum
|
location: /ceph/yum
|
||||||
proxy: http://158.69.68.124/rpm-18.2.2
|
proxy: http://158.69.68.124/rpm-reef
|
||||||
proxy_cache: cache
|
proxy_cache: cache
|
||||||
proxy_cache_valid:
|
proxy_cache_valid:
|
||||||
- '200 302 1440h'
|
- '200 302 1440h'
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user