unkinben
23dd962d89
feat: allow specifying consul addr for exporters
...
- ensure frr/node exporter reachable on hosts with loopbacks
2025-08-09 17:08:38 +10:00
unkinben
ac36d9627b
feat: capture all journald logs ( #377 )
...
- create module class for journald clients
- ensure module class it used on all hosts
- use consul service address for insert/journald
Reviewed-on: #377
2025-08-09 15:11:47 +10:00
unkinben
198cee27c2
feat: enable https for vlstorage ( #376 )
...
- attempting to send to http:// fails as vlstorage is using tls
- enable tls on vlselect/vlinsert when writing to vlstorage
- add retention period to vlstorage
Reviewed-on: #376
2025-08-09 14:34:48 +10:00
unkinben
f73d6f07ce
fix: generate types as root ( #375 )
...
- larger permission issue that needs fixing
- reduce the number of failed runs
Reviewed-on: #375
2025-08-09 13:30:12 +10:00
unkinben
1c71229fd3
feat: add victorialogs module ( #374 )
...
- add module for victorialogs
- add hieradata for vl insert/select/storage
- manage packages, directories, services, etc
- manage exporting metrics
Reviewed-on: #374
2025-08-08 23:59:46 +10:00
unkinben
d649195ccc
fix: generate types needs to run more often ( #373 )
...
- seeing frequent errors in puppetboard about types missing
- change the puppet-generate-types timer from daily to per-minute
Reviewed-on: #373
2025-08-07 20:53:06 +10:00
unkinben
fcd0bc4c74
feat: add victorialogs roles ( #372 )
...
- and hieradata
- empty roles currently
Reviewed-on: #372
2025-08-07 20:34:42 +10:00
unkinben
a30ff81139
fix: reduce metadata lifetime ( #371 )
...
- metadata lifetime should be lowered to improve development speed
Reviewed-on: #371
2025-08-03 21:04:47 +10:00
unkinben
bbed65b4b8
benvin/frr_exporter ( #370 )
...
Reviewed-on: #370
2025-08-03 20:14:19 +10:00
unkinben
75ca7a5685
feat: add frr_exporter class ( #369 )
...
- add frr exporter to all nodes running frr
Reviewed-on: #369
2025-08-03 16:15:29 +10:00
unkinben
53fabc923b
feat: add nzbget_exporter ( #368 )
...
- add nzbget_exporter class
- add exporter to nzbget class
Reviewed-on: #368
2025-08-03 15:03:29 +10:00
unkinben
5a9241940f
feat: export ceph metrics ( #367 )
...
- export cephmgr metrics
- will only be availabe from one host at a time
Reviewed-on: #367
2025-07-29 18:54:49 +10:00
unkinben
df457306cc
feat: add external grafana access ( #366 )
...
- enable access to grafana through haproxy
- ensure grafana cert created from letsencrypt
- enable user access to grafana
Reviewed-on: #366
2025-07-28 21:07:43 +10:00
unkinben
7fbb87b4b6
feat: add exportarr ( #365 )
...
- add exporters::exportarr
- deploy for radarr, sonarr and prowlarr
Reviewed-on: #365
2025-07-27 19:47:26 +10:00
unkinben
fd902c1437
feat: create exporters module ( #364 )
...
- upgrade node_exporter, bring managed under exporters module
- upgrade postgres_exporter, bring managed under exporters module
- add flag to cleanup previous iterations of exporters from prometheus module
- fix issues with vmclusster: replication + dedup
Reviewed-on: #364
2025-07-27 13:28:41 +10:00
unkinben
0e64c9855a
feat: add vmcluster module ( #363 )
...
- manage vmstorage package, service and environment file
- manage vmselect package, service and environment file
- manage vminsert package, service and environment file
- manage vmagent package, service and environment file
- manage options for vmstorage, vmselect, vminsert, vmagent role
Reviewed-on: #363
2025-07-26 18:17:20 +10:00
unkinben
3cfafbac44
feat: enable ceph on k8s nodes ( #362 )
...
- enable enough ceph/frr to join to cephfs
- notify sshd when restarting the network
- update ssh principals to include all ssh interfaces
Reviewed-on: #362
2025-07-19 20:30:46 +10:00
unkinben
c5c40c3bfd
chore: cleanup old physicals ( #361 )
...
- cleanup old nodes to redeploy them
Reviewed-on: #361
2025-07-15 22:34:46 +10:00
unkinben
98f1961a07
benvin/ceph_common ( #360 )
...
Reviewed-on: #360
2025-07-15 20:38:39 +10:00
unkinben
eb1ada8ea5
fix: duplicate declatation ( #359 )
...
- only install ceph-common once
Reviewed-on: #359
2025-07-15 20:31:09 +10:00
unkinben
ec3e42901a
feat: add basic k8s node role ( #358 )
...
- update prodnxsr0001-8 to use networkd
- add basic k8s node role
Reviewed-on: #358
2025-07-15 20:18:17 +10:00
unkinben
e905afcab0
chore: cleanup hieradata/nodes ( #357 )
...
- cleanup decommed nodes
- remove unneccessary node data
Reviewed-on: #357
2025-07-13 21:40:32 +10:00
unkinben
de6e7d0ba9
feat: add vmagent role ( #356 )
...
- add vmagent role for vicmet
Reviewed-on: #356
2025-07-13 17:20:58 +10:00
unkinben
780a97dfe4
feat: add new cobbler master ( #355 )
...
- change cobbler.main.unkin.net to 2098
Reviewed-on: #355
2025-07-12 20:31:43 +10:00
unkinben
9aa6472e5b
feat: ensure /etc/NetworkManager/conf.d exists ( #354 )
...
- required to create dns-none setting
Reviewed-on: #354
2025-07-12 14:19:22 +10:00
unkinben
80ab4e6889
chore: update cobbler for el9 ( #353 )
...
- update cobbler/cobbler-web package
- update path for ipxebins
Reviewed-on: #353
2025-07-12 14:19:14 +10:00
unkinben
ccda327c7a
gchore: cleanup old vms ( #352 )
...
- remove ntp01/ntp02
- remove old gitea
- remove mariadb galera vms
Reviewed-on: #352
2025-07-09 21:18:23 +10:00
unkinben
acef1bde29
feat: move puppetca role ( #351 )
...
- move puppetca from vm to lxd
Reviewed-on: #351
2025-07-09 21:15:09 +10:00
unkinben
7d87e11e79
feat: add victoria metrics roles ( #350 )
...
- add vmstorage, vmselect and vminsert roles
- base roles, only adding packages
- preparation for standing up a vicmet cluster
Reviewed-on: #350
2025-07-08 20:34:46 +10:00
unkinben
40c57ede59
feat: add ci build task ( #342 )
...
- a ci workflow for build tests
- run pre-commit against all files
Reviewed-on: #342
2025-07-08 20:19:36 +10:00
unkinben
be02d3d150
feat: migrate to external ntp ( #349 )
...
- removing ntp vms from proxmox
- redirect ntp to external time sources
Reviewed-on: #349
2025-07-07 20:27:02 +10:00
unkinben
a550d48f21
fix: sort nameservers ( #348 )
...
- sort nameservers before creating glue records
Reviewed-on: #348
2025-07-06 20:09:19 +10:00
unkinben
2d9faf578f
feat: add unkin.net domain ( #347 )
...
- manage the unkin.net domain
- ensure forwarding for unkin.net
- split domain from cname list and set zone correctly
- add fafflix to cnames list for haproxy2
Reviewed-on: #347
2025-07-06 20:02:20 +10:00
unkinben
2814a55df6
chore: hard-code git.unkin.net path ( #346 )
...
- dirty fix, set git.unkin.net in hosts file template
- avoid hairpint nat
Reviewed-on: #346
2025-07-06 16:43:07 +10:00
unkinben
73362a3bf9
feat: add stick tables for gitea ( #345 )
...
- stick tables are required for docker authentication
Reviewed-on: #345
2025-07-06 14:42:14 +10:00
unkinben
0063f68bc6
feat: enable external access to gitea ( #344 )
...
- add git.unkin.net to certbot
- export haproxy resources for gitea
- add be_gitea to haproxy, import the certbot cert
- update the ROOT_URL for gitea instances
Reviewed-on: #344
2025-07-06 13:47:56 +10:00
unkinben
372d99893a
core: fix ROOT_URL ( #343 )
...
- root_url is used for docker authentication
- access to git.unkin.net is not yet ready
Reviewed-on: https://git.query.consul/unkin/puppet-prod/pulls/343
2025-07-06 13:20:27 +10:00
unkinben
620339f69d
chore: cleanup hieradata/nodes ( #341 )
...
- remove all node hiera data for decommed hosts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/341
2025-07-06 12:23:22 +10:00
unkinben
2317d0af59
feat: expose gitea metrics ( #340 )
...
- add a gitea-metrics service to consul
- tag as metrics for victoria metrics
- check the /metrics endpoint (bypass nginx)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/340
2025-07-06 12:01:57 +10:00
unkinben
cf0ff85b70
fix: manage git user ( #339 )
...
- prevent different gid/uid for git users when deploying cluster
- only add sudo conf when sudo_rules is a list
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/339
2025-07-06 11:27:35 +10:00
unkinben
359ce101f1
feat: add indexer for git ( #338 )
...
- reuse the database for the indexer
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/338
2025-07-05 17:12:38 +10:00
unkinben
b6c959d368
feat: use redis for cache/queue ( #337 )
...
- use gitea redis cluster for queue/cache
- use redis+sentinel url (pass required for redis and sentinel)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/337
2025-07-05 16:42:01 +10:00
unkinben
b976f2063a
feat: deploy redis for git ( #336 )
...
- deploy redis/sentinel ha cluster for git
- update redis to 7 (required for almalinux 9)
- enable requirepass/masterauth
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/336
2025-07-05 15:51:28 +10:00
unkinben
93049707e7
benvin/gitea_cluster ( #335 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/335
2025-07-05 14:49:56 +10:00
unkinben
a9faa098ee
benvin/grafana_postgres ( #334 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/334
2025-07-01 19:07:24 +10:00
unkinben
61d912de30
feat: update password for grafana service account ( #333 )
...
- updated grafana password
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/333
2025-06-30 20:22:18 +10:00
unkinben
9bed18f78c
fix: duplicate toml resources ( #332 )
...
- change resource name for puppetserver_gem
- ensure toml installed on all agents
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/332
2025-06-30 19:57:29 +10:00
unkinben
aab3eaf9e7
feat: add grafana service to ldap ( #331 )
...
- add grafana service account for binding
- add grafana_user group
- add users to group
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/331
2025-06-30 19:17:56 +10:00
unkinben
33c8b226e0
feat: add puppetserver gem for toml ( #330 )
...
- require toml for puppetserver gem
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/330
2025-06-30 19:05:12 +10:00
unkinben
49ff7cc3ab
feat: add toml puppet gem ( #329 )
...
- required for ldap support in grafana
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/329
2025-06-30 19:02:37 +10:00
unkinben
d1e63ad18b
feat: add shared pgsql instance ( #328 )
...
- add shared pgsql instance
- use patroni
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/328
2025-06-29 17:25:59 +10:00
unkinben
99b312669b
benvin/dhcp_failover ( #327 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/327
2025-06-29 13:36:16 +10:00
unkinben
715e88176b
chore: confine incus facts to incus ( #326 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/326
2025-06-28 21:24:08 +10:00
unkinben
1837506b6c
feat: add incus facts ( #325 )
...
- incus container counts
- incus profile list
- allocated memory/cpu
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/325
2025-06-28 21:14:39 +10:00
unkinben
3bb2a5dbad
fix: enable health check from haproxy2 ( #324 )
...
- tactical fix: enable dmz subnets container access to health url
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/324
2025-06-28 17:04:25 +10:00
unkinben
0ce6e95f2d
chore: cleanup removed hosts ( #323 )
...
- remove 1018, 1031, 1032, 1033
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/323
2025-06-28 16:28:03 +10:00
unkinben
770fd643ac
feat: add haproxy2 role ( #322 )
...
- add basic haproxy2 role
- add peers and resolvers
- add haproxy2+ metrics frontend
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/322
2025-06-28 16:20:06 +10:00
unkinben
bd9e08dc24
feat: cleanup hieranodes settings ( #321 )
...
- migrate hieranodes values to roles yaml
- rename anycast ip keys to be similar
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/321
2025-06-21 23:16:34 +10:00
unkinben
62837bb22d
feat: add zone to subnet facts ( #320 )
...
- add common and dmz zone fact information
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/320
2025-06-21 15:42:37 +10:00
unkinben
ae57e0e81c
feat: add openvox repos to reposync ( #319 )
...
- add el8/9/10 for openvox7/8
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/319
2025-06-19 06:06:41 +10:00
unkinben
cb1d562cb0
feat: migrate pupeptdb sql to patroni ( #318 )
...
- change puppetdb::sql to using the patroni profile
- change puppetdb::api to use new patroni cluster
- remove references to puppetlabs-puppetdb managed database
- update consul rules to enable sessions
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/318
2025-06-19 05:52:32 +10:00
unkinben
26b908e5e7
feat: add node_pools ( #317 )
...
- change agentv2 to common node_pool
- set default node_pool to default
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/317
2025-06-15 17:43:19 +10:00
unkinben
a47c6155b8
feat: use fqdn in host_volumes ( #316 )
...
- fix hard-coded message
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/316
2025-06-15 17:34:03 +10:00
unkinben
1cbc1be808
feat: add host_volumes to nomad ( #315 )
...
- add puppet client certs
- add tls-ca-bundle
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/315
2025-06-14 19:37:50 +10:00
unkinben
60834ced00
feat: nomad cni additions ( #314 )
...
- add consul-cni package
- enable grpc for consul servers
- enable consul connect for consul servers
- set recursors for consul
- add ports to consul agent (grpc, dns, http for nomad)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/314
2025-06-14 18:47:24 +10:00
unkinben
890e9670f3
chore: update the consul service name ( #313 )
...
- update the name for the packagerepo service
- was copy/pasted from jupyterhub
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/313
2025-06-09 14:46:16 +10:00
unkinben
a26daca28c
feat: stop manage nginx repo ( #312 )
...
- use epel repo for nginx
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/312
2025-06-09 14:18:30 +10:00
unkinben
057c4ab747
feat: manage nginx resource ordering ( #311 )
...
- ensure the package is installed before creating directories
- ensure nginx is restarted when vhost config changes
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/311
2025-06-09 11:18:39 +10:00
unkinben
1fb46b5ab6
chore: use packagerepo for epel ( #310 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/310
2025-06-09 10:24:56 +10:00
unkinben
66fdd7b615
feat: update incus image host to run on incus ( #309 )
...
- remove zfs
- remove some sysctl values
- remove memlocks from limits
- install iptables, required for creating bridges
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/309
2025-06-08 22:58:44 +10:00
unkinben
f43d5f685b
feat: update reposync repos ( #308 )
...
- remove almalinux 9.4
- add almalinux 9.6
- add epel 8 and 9
- update mssql
- add k8s 1.33
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/308
2025-06-01 18:20:10 +10:00
unkinben
bb2f59621a
feat: split reposync into two roles ( #307 )
...
- reposync and packagerepo web service
- change backing datastore to be cephfs /shared/app/packagerepo
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/307
2025-06-01 11:33:44 +10:00
unkinben
1df11b8977
chore: migrate certbot webserver ( #306 )
...
- ausyd1nxvm1021 is decommed
- new source is ausyd1nxvm2057
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/306
2025-05-31 16:22:59 +10:00
unkinben
10f2dc7047
feat: cleanup removed hosts ( #305 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/305
2025-05-31 14:26:16 +10:00
unkinben
1a904af2ee
feat: change g10k to use a package ( #304 )
...
- the archive path is no longer valid
- produced a g10k rpm with rpmbuilder
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/304
2025-05-31 13:51:51 +10:00
unkinben
ed1a4f6488
fix: missed address in consul service ( #303 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/303
2025-05-30 23:27:44 +10:00
unkinben
bdd833fa4e
feat: create basic k8s roles to start deployment ( #302 )
...
- just create roles so can deploy hosts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/302
2025-05-30 23:21:02 +10:00
unkinben
c10a3e49fa
chore: add new user ( #301 )
...
- just jelly access
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/301
2025-05-28 19:46:45 +10:00
unkinben
3d5d40f381
chore: minor jellyfin updates ( #300 )
...
- add jellyfin to video group, for access to gpu
- install intel related gpu drivers
- export lxc jellyfin to haproxy
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/300
2025-05-27 19:55:55 +10:00
unkinben
b3347f9226
chore: migrate media applications ( #299 )
...
- migrate media applications to new cephfs pool + incus
- enable exporting haproxy
- move ceph-client-setup to only apply to non-lxc hosts
- ensure unrar is installed for nzbget
- updated jellyfin use of data_dir
- set lxc instances for jellyfin to use /shared/apps/jellyfin
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/299
2025-05-25 20:27:17 +10:00
unkinben
1d23fef82e
feat: update settings for ceph ( #298 )
...
- enable root logins via ssh with keys
- add ssh key for ceph to root user
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/298
2025-05-25 20:22:00 +10:00
unkinben
c0aab1087e
fix: readd to jellyfin_haproxy ( #297 )
...
- fix operator for jellyfin/haproxy
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/297
2025-05-24 21:10:56 +10:00
unkinben
596e498a00
feat: change media arr apps to hiera_include ( #296 )
...
- change profiles::media::* to be hiera_included
- this is required to enable it to be hiera_excluded on virtual == lxc
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/296
2025-05-24 20:23:56 +10:00
unkinben
f6694599ef
benvin/media_apps_incus ( #295 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/295
2025-05-24 20:18:23 +10:00
unkinben
93cd02deec
chore: update media roles for incus ( #294 )
...
- prevent incus roles from exporting haproxy endpoints (for now)
- incus doesnt need to mount cephfs
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/294
2025-05-24 18:59:46 +10:00
unkinben
520e8a34e0
feat: add a nomad agent v2 role ( #293 )
...
- excludes ceph (will be passed from incus)
- excludes frrouting (will use host-networking)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/293
2025-05-24 15:35:20 +10:00
unkinben
77d07672f8
chore: dont mount cephfs inside lxc ( #292 )
...
- lxc instances will have cephfs passed from the host
- skip cephfs mounting for lxc instances
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/292
2025-05-22 21:06:15 +10:00
unkinben
89a0f329d8
feat: update vault url ( #291 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/291
2025-05-21 19:58:12 +10:00
unkinben
6dcc7343e0
feat: updated ceph ssh authorized_key ( #290 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/290
2025-05-17 14:05:25 +10:00
unkinben
e7d4c75192
feat: enable ssh access to enp3s0 ( #289 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/289
2025-05-17 13:50:35 +10:00
unkinben
d9e8637ad6
feat: manage more ceph requirements ( #288 )
...
- add ceph-common to provide utilities for managing ceph
- add root and sysadmin ssh keys for ceph deployments
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/288
2025-05-17 11:14:45 +10:00
unkinben
92f0ae64b9
feat: enable ssh on all loopbacks ( #287 )
...
- required for cephadm to manage roles
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/287
2025-05-16 07:05:31 +10:00
unkinben
c1637d9f43
feat: add cephadm to incus hosts ( #286 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/286
2025-05-16 05:56:28 +10:00
unkinben
1aabe21173
feat: manage mon loopback0 ( #285 )
...
- add frrouting
- set all ceph nodes to use ospf + loopback0 + networkd
- fix ceph repos for mons
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/285
2025-05-15 19:46:59 +10:00
unkinben
2f088c461f
feat: add ceph roles ( #284 )
...
- add hieradata to manage ceph repo
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/284
2025-05-15 19:29:53 +10:00
unkinben
90504e5b02
chore: use alias for nameservers ( #283 )
...
- use an alias for nameservers for dhcp ranges
- move aliased nameservers to region-wide hiera
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/283
2025-05-14 20:19:18 +10:00
unkinben
a7b793238a
fix: exclude docker0 interfaces ( #282 )
...
- docker0 is the same on many hosts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/282
2025-05-11 16:53:34 +10:00
unkinben
87a6c73578
neoloc/loopback_dns ( #281 )
...
- manage all interfaces in dns (except lo and anycast)
- move loopback0 anycast addresses to be anycast0
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/281
2025-05-11 16:36:04 +10:00
unkinben
3e0141bb1b
feat: change to anycast resolver ( #280 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/280
2025-05-11 11:39:00 +10:00
unkinben
bb6f6cbd49
feat: anycast dnsmasters ( #279 )
...
- change dns masters on incus to anycast for bind
- change to networkd to support anycast/loopbacks
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/279
2025-05-10 23:00:03 +10:00
unkinben
51d6c1e81d
fix: enable dns resolver access for dmz1 ( #278 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/278
2025-05-10 06:57:05 +10:00
unkinben
537a207779
feat: update upstream ip for consul dns ( #277 )
...
- set bind resolvers to use consuls anycast address for forwarding
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/277
2025-05-09 22:10:35 +10:00
unkinben
f322440d01
feat: setup anycast consul dns ( #276 )
...
- manage frrouting repo/ospf
- change to systemd-networkd
- enable ospf on incus nodes bridges
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/276
2025-05-09 22:07:42 +10:00
unkinben
ed947dee59
fix: listen-addr -> listen-address ( #275 )
...
- listen-address is the correct option
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/275
2025-05-04 00:07:45 +10:00
unkinben
a70b6492b0
feat: update consul/dnsmasq ( #274 )
...
- update params with bind/advertise addr
- update params with anycast ip option
- migrate dnsmasq config to template
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/274
2025-05-03 23:51:29 +10:00
unkinben
3079f7d000
feat: enable use of dhcp addresses in networkd ( #273 )
...
- change ipaddress to be optional
- add dhcp option
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/273
2025-05-03 23:51:17 +10:00
unkinben
1b8f50786f
feat: ensure the vault audit_log exists ( #272 )
...
- without this, vault will not take a leadership role
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/272
2025-05-03 22:25:10 +10:00
unkinben
b05acb23f4
feat: use custom cert for puppetdb access ( #271 )
...
- manually generated certificate using sudo puppetserver ca generate --certname puppetdbapi.query.consul
- saved certificate and private_key in eyaml
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/271
2025-05-03 12:41:23 +10:00
unkinben
62f71e1feb
chore: change puppetboard python version ( #270 )
...
- change python version to follow python3_release fact
- this will follow os-release upgrades
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/270
2025-05-03 01:07:52 +10:00
unkinben
cdf9456456
feat: update psql15 repos for roles ( #269 )
...
- update patroni to use packagerepo
- update puppetdb to use packagerepo
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/269
2025-04-29 21:04:45 +10:00
unkinben
2323ef7749
feat: postgresql15/postgresql17 ( #268 )
...
- add postgresql15 and 17 to reposync
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/268
2025-04-28 21:39:45 +10:00
unkinben
07b89ab737
feat: enable terraform access to puppetca ( #267 )
...
- enable terraform to clean certificates
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/267
2025-04-28 18:46:58 +10:00
unkinben
9359b8902e
feat: vault mlock ( #266 )
...
- enable mlock by default
- disable mlock on lxd/incus nodes (lxc doesnt support it)
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/266
2025-04-26 22:43:20 +10:00
unkinben
1e3ce0ec1c
feat: dont set gid/uid for sysadmin ( #265 )
...
- sysadmin doesnt need to be a specific uid/gid, the next available
uid/gid is fine
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/265
2025-04-26 20:02:57 +10:00
unkinben
496ed12a58
feat: change vault to use package install ( #264 )
...
- vault 18.2 rpm produced by rpmbuilder repo
- ensure the /etc/vault directory is managed
- ensure service file is managed by puppet
- ensure package comes from unkin repo (not hashicorp)
- disable_mlock as unprivileged containers cannot use mlock
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/264
2025-04-26 18:40:31 +10:00
unkinben
e4166c6b14
feat: lxc compatability with datavol ( #263 )
...
- lxc doesnt mount block devices, just check for mountpoint
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/263
2025-04-26 17:28:57 +10:00
unkinben
78f4d2a88f
feat: cleanup mpls configuration ( #262 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/262
2025-04-26 00:39:23 +10:00
unkinben
762d980ea8
feat: update dns resolver zone management ( #261 )
...
- move zones to common role path
- specify forwarders for each zone in region based hiera
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/261
2025-04-25 01:01:47 +10:00
unkinben
463abe4b9d
feat: add reverse dns zones for incus ( #260 )
...
- add reverse dns zones for incus hosts
- update acls for openresolver
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/260
2025-04-24 23:48:34 +10:00
unkinben
ecce93bedb
feat: lxc cannot use chronyd ( #259 )
...
- ensure lxc nodes do not attempt to install chronyd
- ensure chrony is removed
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/259
2025-04-24 23:18:45 +10:00
unkinben
9dcaafb8ba
feat: lxc updates ( #258 )
...
- add virtual/lxc.yaml
- add crypto crypto-policies-scripts
- ensure ssh::server is managed
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/258
2025-04-24 23:03:01 +10:00
unkinben
a21c1b3697
Adding hieradata/node/ausyd1nxvm1072.main.unkin.net.yaml ( #257 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/257
2025-04-24 21:25:00 +10:00
unkinben
bc5bd11f5e
feat: disable cobbler cache ( #256 )
...
- this is required to resolve issues with terraform deploying cobbler
settings
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/256
2025-04-24 21:18:59 +10:00
unkinben
2321186ad5
neoloc/mpls_ldp_frr ( #255 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/255
2025-04-24 16:51:31 +10:00
unkinben
c24babe309
feat: add incus image host ( #254 )
...
- add role
- add consul service + checks
- manage the datavol as zfs
- insure the incus fact exists before attempting to read it
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/254
2025-04-24 01:00:39 +10:00
unkinben
bfda2b628b
feat: enable ip forwarding for gitea runners ( #253 )
...
- required to enable docker containers reach git service
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/253
2025-04-21 18:40:17 +10:00
unkinben
278f8001b0
feat: add frr synced repo ( #252 )
...
- add frr repo to incus hosts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/252
2025-04-18 21:21:23 +10:00
unkinben
0fe44cf4e2
feat: add frr repos ( #251 )
...
- add frr/stable/el8
- add frr/stable/el9
- add frr/extras/el8
- add frr/extras/el9
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/251
2025-04-15 02:21:55 +10:00
unkinben
25b06cde22
feat: move bridge management to incus ( #250 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/250
2025-04-15 00:04:14 +10:00
unkinben
8c76e71dc4
chore: set core.https_address for incus ( #249 )
...
- check the current config and update core.https_address if its wrong
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/249
2025-04-07 11:04:12 +10:00
unkinben
0e3dd4d7d0
feat: initialise barebones server ( #248 )
...
- manage incus servers init
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/248
2025-04-06 23:56:50 +10:00
unkinben
83d0b31753
fix: set default for use_networkd ( #247 )
...
- resolving issue where the systemd::manage_networkd is missing for most
hosts, setting a default
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/247
2025-04-06 19:24:39 +10:00
unkinben
b6ea353cfb
feat: update dns resolver acls ( #246 )
...
- add dmz acl
- add common acl
- add loopback/ceph/physical subnets to main acl
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/246
2025-04-06 16:44:16 +10:00
unkinben
c225564bdb
feat: continue incus implementation ( #245 )
...
- migrate to systemd-networkd
- setup dummy, bridge and static/ethernet interfaces
- manage sshd.service droping to start ssh after networking is online
- enable ip forewarding
- add fastpool/data/incus dataset
- enable ospf and frr
- add loopback0 as ssh listenaddress
- add loopback1/2 for ceph cluster/public traffic
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/245
2025-04-06 16:38:04 +10:00
unkinben
06666fe488
fix: resolve issue with baseos in el9 ( #244 )
...
- was not correctly provisioning the baseos repo for el9 incus hosts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/244
2025-04-02 21:02:08 +11:00
unkinben
9dc88e6db6
feat: deep merge zpools/datasets ( #243 )
...
- change prodnxsr0009 to use nvme0n1 as zfs device
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/243
2025-04-02 20:35:04 +11:00
unkinben
d87983d8fc
chore: add sysadmin user after first run ( #242 )
...
- enables extra_groups to function correctly
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/242
2025-04-02 20:27:11 +11:00
unkinben
95bc2716cf
neoloc/incus_deploy ( #241 )
...
feat: deploy incus
- manage sysctl based on incus recommendations
- manage limits based on incus recommendations
- manage zpools and zfs datasets
- add incus hiera settings
feat: manage repo for zfs
- dont use zfs module to manage repo, use profiles::yum::global::repos
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/241
2025-03-31 23:14:05 +11:00
unkinben
978013f325
chore: set default nameservers ( #240 )
...
- if no nameservers are returned from puppetdb query, use default
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/240
2025-03-31 22:49:47 +11:00
unkinben
829b1b05fd
feat: cleanup consul from url install ( #239 )
...
- set bind_dir to be /usr/bin for rhel, /usr/local/bin for debian
- remove url-installed consul from rhel
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/239
2025-03-30 18:40:09 +11:00
unkinben
6cb249ffbc
fix: backtrack to 9.2.0 for postgresql ( #238 )
...
- no parameter named 'instance'
- no parameter named 'port'
downgrading due to incompatibilities between the latest version of puppetdb and postgresql
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/238
2025-03-30 17:51:33 +11:00
unkinben
427fe352b4
feat: debian package for consul not managed ( #237 )
...
- change debian hosts to use the url method to download consul
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/237
2025-03-30 17:13:54 +11:00
unkinben
45b061a053
feat: change almalinux9 to use packagerepo ( #236 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/236
2025-03-30 17:05:03 +11:00
unkinben
d39d25d3f1
feat: add almalinux 9.5 repos using mirrorlist ( #235 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/235
2025-03-30 16:24:55 +11:00
unkinben
06b458cb0e
feat: reposync for almalinux 9.4 (in vault) ( #234 )
...
- sync baseos, ha, appstream and crb repos
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/234
2025-03-30 12:31:09 +11:00
unkinben
e3046563a2
chore: install consul from package ( #233 )
...
- upgrade to puppet-consul changed default install method to archive
- ensure package method is used
- dont manage the repo, consul is packaged by rpmbuilder
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/233
2025-03-30 02:04:13 +11:00
unkinben
e025928d77
chore: set secretid for puppetboard ( #232 )
...
- manage the secret_key for puppetboard
- required since module upgrade
https://github.com/voxpupuli/puppetboard/issues/721
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/232
2025-03-30 01:53:25 +11:00
unkinben
e3e8b3484d
chore: enable extra groups ( #231 )
...
- enable adding extra groups to the sysadmin user
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/231
2025-03-30 01:20:59 +11:00
unkinben
bdf420973d
feat: add incus module ( #230 )
...
- add a basic incus module
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/230
2025-03-30 01:12:53 +11:00
unkinben
6a04701891
feat: add incus role ( #229 )
...
- add basic infra::incus role
- add autossl, consul and ssh-principals for incus
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/229
2025-03-30 00:56:04 +11:00
unkinben
dd5a4646ff
feat: update all modules ( #228 )
...
- update puppetlabs-* modules
- update puppet-* modules
- add limits and sysctl
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/228
2025-03-30 00:51:49 +11:00
unkinben
4e47745077
chore: setup unkin repo for el9 and el8 ( #227 )
...
- update the unkin repo definition for el8 and el9
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/227
2025-03-29 22:50:08 +11:00
unkinben
3a4e606459
chore: set yum/dnf metadata expiry ( #226 )
...
- set expiry to 1 day so that dnf frequently checks for updates from packagerepo
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/226
2025-03-29 22:37:37 +11:00
unkinben
d0eb4c078d
feat: add zfs modules ( #225 )
...
- add zfs_core module to puppetfile (provides zfs/zpool provider)
- add module to manage zfs
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/225
2025-03-29 22:31:02 +11:00
unkinben
b95bcbd10a
feat: add zfs to reposync ( #224 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/224
2025-03-29 20:08:31 +11:00
unkinben
adc0cf2c09
neoloc/lxd_hosts ( #223 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/223
2025-03-29 19:40:01 +11:00
unkinben
771b981d91
feat: enable nomad to manage sessions/services ( #222 )
...
- this is required to start patroni
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/222
2025-03-20 19:21:40 +11:00
unkinben
e0c3a23424
fix: define missing .cache directory ( #221 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/221
2025-03-13 21:48:47 +11:00
unkinben
a309244713
feat: add nomad nodes ( #220 )
...
- change existing nodes to be nomad-agents
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/220
2025-03-13 21:23:40 +11:00
unkinben
8eb751e22f
feat: change enc_* fact to read direct from cobbler ( #219 )
...
- change enc_role and enc_env to read direct from cobbler
- cleanup profiles::base::facts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/219
2025-03-12 23:09:15 +11:00
unkinben
b981a6fb01
feat: enable nomad jobs to query dns ( #218 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/218
2025-03-09 17:49:35 +11:00
unkinben
7c1d96bd22
feat: add k8s and docker repos ( #217 )
...
- add docker stable repos to packagerepo
- add k8s 1.32 to packagerepo
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/217
2025-01-27 12:59:59 +11:00
unkinben
0222f5ec4a
feat: update consul etcd check ( #216 )
...
- check the health api endpoint
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/216
2025-01-26 20:05:18 +11:00
unkinben
afd3405c98
feat: add etcd module/role ( #215 )
...
- add etcd module
- add etcd role, profile and hieradata
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/215
2025-01-26 20:00:20 +11:00
unkinben
ab7ce3bbfa
Adding hieradata/node/ausyd1nxvm1071.main.unkin.net.yaml ( #214 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/214
2025-01-25 20:15:20 +11:00
unkinben
4a85c5feff
Adding hieradata/node/ausyd1nxvm1070.main.unkin.net.yaml ( #213 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/213
2025-01-25 20:15:05 +11:00
unkinben
6134b4664b
Adding hieradata/node/ausyd1nxvm1069.main.unkin.net.yaml ( #212 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/212
2025-01-05 12:51:57 +11:00
unkinben
e061a72996
Adding hieradata/node/ausyd1nxvm1067.main.unkin.net.yaml ( #211 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/211
2025-01-05 12:51:46 +11:00
unkinben
eaa15e92dc
Adding hieradata/node/ausyd1nxvm1068.main.unkin.net.yaml ( #210 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/210
2025-01-05 12:51:37 +11:00
unkinben
a5a193d9eb
feat: update jupyterlab container ( #209 )
...
- change to packer created alma9 instance
- change docker root to use /data volume
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/209
2025-01-04 14:10:44 +11:00
unkinben
4400456519
feat: add frrouting module ( #208 )
...
- add frrouting module
- enable ospf daemon on nomad agents
- enable docker volumes
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/208
2024-12-27 23:39:03 +11:00
unkinben
d37fb5d7e1
neoloc/nomad_agent ( #207 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/207
2024-12-26 20:23:27 +11:00
unkinben
022a564dc0
feat: add nomad agent role ( #206 )
...
- add nomad agent role
- mount cephfs volume nomadfs to /shared/nomad
- manage docker volume path to be /shared/nomad
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/206
2024-12-26 20:20:51 +11:00
unkinben
48e1fb8e30
Adding hieradata/node/ausyd1nxvm1062.main.unkin.net.yaml ( #204 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/204
2024-12-23 17:28:47 +11:00
unkinben
561d74e9d9
Adding hieradata/node/ausyd1nxvm1063.main.unkin.net.yaml ( #205 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/205
2024-12-23 17:28:37 +11:00
unkinben
281fdb33d4
Adding hieradata/node/ausyd1nxvm1064.main.unkin.net.yaml ( #203 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/203
2024-12-23 17:28:09 +11:00
unkinben
1c04366eec
Adding hieradata/node/ausyd1nxvm1066.main.unkin.net.yaml ( #202 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/202
2024-12-23 17:27:59 +11:00
unkinben
86d3b61439
Adding hieradata/node/ausyd1nxvm1065.main.unkin.net.yaml ( #201 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/201
2024-12-23 17:27:49 +11:00
unkinben
6ebf5c03a5
feat: add nomad profile/role ( #200 )
...
- add basic consul manage nomad servers
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/200
2024-12-22 22:35:31 +11:00
unkinben
c97db0f0aa
Adding hieradata/node/ausyd1nxvm1061.main.unkin.net.yaml ( #198 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/198
2024-12-10 22:15:10 +11:00
unkinben
46b4fdf632
neoloc/sysadmin_early ( #197 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/197
2024-12-09 22:12:01 +11:00
unkinben
aaf81d0a6c
feat: create sysadmin on firstrun ( #196 )
...
- prevent packages from using uid 1000
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/196
2024-12-09 21:51:37 +11:00
unkinben
afbc15ff40
feat: import crypto-policices earlier ( #195 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/195
2024-12-08 22:50:25 +11:00
unkinben
64248a45c2
feat: ensure crypto-policices are managed before yumrepos ( #194 )
...
- ensure crypto_policies are set before creating yum yumrepos
- ensure that they rpmdb is rebuilt after upgrading to el9
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/194
2024-12-08 20:30:08 +11:00
unkinben
c7fb1f0cec
neoloc/crypto_policices_el8 ( #193 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/193
2024-12-08 19:54:15 +11:00
unkinben
dbccaea24b
feat: add crypto_policies ( #192 )
...
- ensure DEFAULT is used for EL8
- ensure DEFAULT:SHA1 is used for EL9, until issues with crypto are resolved for EL9
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/192
2024-12-08 19:47:59 +11:00
unkinben
b244327c34
neoloc/alma9 ( #191 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/191
2024-12-08 19:22:58 +11:00
unkinben
90bcdd1f51
neoloc/alma9 ( #190 )
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/190
2024-12-08 19:16:54 +11:00
unkinben
ec926dfe0a
feat: enable network manager on el9 ( #189 )
...
- el9 doesnt have the network-scripts scripts
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/189
2024-12-08 19:11:54 +11:00
unkinben
40af30d0ff
chore: change packagerepo vhost name ( #188 )
...
- ensure http endpoint works for packagerepo.service.consul
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/188
2024-12-08 17:05:38 +11:00
unkinben
bac90b5459
Merge pull request 'fix: permissions for cobbler files' ( #187 ) from neoloc/cobbler_perms into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/187
2024-12-08 08:37:36 +11:00
unkinben
41aab65f85
fix: permissions for cobbler files
...
- ensure idempotency for /var/lib/cobbler/web.ss
2024-12-08 08:36:35 +11:00
unkinben
c023cfe4dc
Merge pull request 'feat: upgrade puppet agent' ( #186 ) from neoloc/puppet_updates into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/186
2024-12-08 00:11:30 +11:00
unkinben
cffb6a54fc
feat: upgrade puppet agent
...
- move all almalinux hosts to 7.34
2024-12-08 00:09:40 +11:00
unkinben
fd7ced66ce
Merge pull request 'feat: edgecache updates' ( #185 ) from neoloc/edgecache_pki into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/185
2024-12-07 23:51:57 +11:00
unkinben
766f124b2c
feat: edgecache updates
...
- update metadatacache size
- increase cache age from 60d to 365d
- subscribe nginx service to ssl certs
2024-12-07 23:50:45 +11:00
unkinben
4de772436b
Merge pull request 'feat: update puppet repo' ( #184 ) from neoloc/almalinuxrepo into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/184
2024-12-07 23:32:48 +11:00
unkinben
75f865c26c
feat: update puppet repo
...
- move puppet repo to packagerepo
2024-12-07 23:31:40 +11:00
unkinben
2fdc709a17
Merge pull request 'feat: update repos' ( #183 ) from neoloc/almalinuxrepo into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/183
2024-12-01 00:33:10 +11:00
unkinben
ba3a9e374a
feat: update repos
...
- add unkin
- rename unkin -> unkinben
2024-12-01 00:30:58 +11:00
unkinben
a28ef09f28
Merge pull request 'feat: enable root_dir for docker' ( #182 ) from neoloc/docker_root into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/182
2024-12-01 00:27:04 +11:00
unkinben
52fff0ccea
feat: enable root_dir for docker
...
- move docker root_dir to /data/docker for runners
2024-11-30 23:11:24 +11:00
unkinben
f097cf2550
Merge pull request 'chore: migrate puppet-r10k' ( #181 ) from neoloc/r10k_adjustment into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/181
2024-11-17 19:27:43 +11:00
unkinben
58d31c5c9a
chore: migrate puppet-r10k
...
- moved puppet-r10k the unkin organisation
- ensure branch is set to follow origin/master
2024-11-17 19:26:27 +11:00
unkinben
92d6697175
Merge pull request 'fix: fix release name' ( #180 ) from neoloc/reposync_sydney into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/180
2024-11-16 22:36:02 +11:00
unkinben
d3f471f3ed
fix: fix release name
...
- fix release name for postgresql repos
2024-11-16 22:35:23 +11:00
unkinben
ab1f4300a9
Merge pull request 'fix: ensure reposync directories exist' ( #179 ) from neoloc/reposync_sydney into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/179
2024-11-16 22:32:47 +11:00
unkinben
845b91b497
fix: ensure reposync directories exist
2024-11-16 22:32:15 +11:00
unkinben
8f0b3e615c
Merge pull request 'feat: add el9 puppet/posgresql repos' ( #178 ) from neoloc/reposync_sydney into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/178
2024-11-16 22:25:48 +11:00
unkinben
8679a0b904
feat: add el9 puppet/posgresql repos
...
- will upgrade to el9 soon, so need to store these repos
2024-11-16 22:25:06 +11:00
unkinben
16ba54ee0a
Merge pull request 'feat: update packagerepo' ( #176 ) from neoloc/reposync_sydney into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/176
2024-11-16 22:02:46 +11:00
unkinben
4b3553b75c
Merge pull request 'Adding hieradata/node/ausyd1nxvm1060.main.unkin.net.yaml' ( #177 ) from autonode/ausyd1nxvm1060.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/177
2024-11-16 21:44:57 +11:00
unkinben
abdb3ec8cb
feat: update packagerepo
...
- remove almalinux/centos/epel repos
- manage consul service `packagerepo`
- manage ssh principals
- update vault alt-names
2024-11-16 21:43:11 +11:00
unkinben
c0623b64f7
Adding hieradata/node/ausyd1nxvm1060.main.unkin.net.yaml
2024-11-16 21:36:58 +11:00
unkinben
d286e2d816
Merge pull request 'feat: add sudaporn account' ( #175 ) from neoloc/addying into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/175
2024-11-16 20:24:14 +11:00
unkinben
71b29d5e88
feat: add sudaporn account
...
- enable access to media
- enable access to jupyter
2024-11-16 20:23:01 +11:00
unkinben
6493f392b8
Merge pull request 'neoloc/jupyterhub' ( #174 ) from neoloc/jupyterhub into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/174
2024-11-16 20:20:16 +11:00
unkinben
8586e9eb32
feat: enable web-sockets
...
- change simpleproxy config for jupyter::hub role to use websockets
2024-11-16 20:15:03 +11:00
unkinben
92a9655a50
feat: jupyterhub updates
...
- always pull containers when starting new instance
- enable access to terminal
2024-11-16 19:54:19 +11:00
unkinben
42ad972697
feat: add ldap configuration
...
- add group members to jupyterhub_user
- add svc_jupyterhub user for ldap binding
- paramatarise all ldap fields required
- manage the notebook data directory
2024-11-16 19:20:20 +11:00
unkinben
61f5f1ce1f
feat: add docker settings
...
- list docker network and image
- fix ldap_admin setting to be a list of users
2024-11-10 20:26:18 +11:00
unkinben
926d3d29d0
fix: enable docker for jupyterhub
...
- install/manage docker
2024-11-10 20:21:51 +11:00
unkinben
c6bdae5790
Merge pull request 'feat: add jupyterhub role' ( #173 ) from neoloc/jupyterhub into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/173
2024-11-10 19:14:49 +11:00
unkinben
159d66af18
feat: add jupyterhub role
...
- add nodejs module to use npm package provider
- add jupyterhub role
- add class to configure the jupyterhub instance
- add ldap groups
- add nginx simpleproxy
2024-11-10 19:09:50 +11:00
unkinben
c728c1a5e0
Merge pull request 'feat: add service data' ( #172 ) from neoloc/jumphost into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/172
2024-10-27 14:03:28 +11:00
unkinben
4fec931fb1
feat: add service data
...
- add pki certificates
- add consul service
- add ssh principals
2024-10-27 13:26:07 +11:00
unkinben
76b4c8c930
Merge pull request 'feat: add jumphost role' ( #171 ) from neoloc/jumphost into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/171
2024-10-27 13:18:50 +11:00
unkinben
0455965525
feat: add jumphost role
...
- add role for ssh proxy/jumphost
2024-10-27 13:15:28 +11:00
unkinben
4e68900259
Merge pull request 'feat: ensure vault restarts with ssl cert' ( #170 ) from neoloc/vault_reload into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/170
2024-10-27 13:10:51 +11:00
unkinben
ca87702466
feat: ensure vault restarts with ssl cert
...
- ensure the vault service resource subscribes to the ssl crt/key
- update unseal script to retry unseal process until it completes
2024-10-27 12:59:36 +11:00
unkinben
09a448ea52
Merge pull request 'feat: add vault admin group' ( #166 ) from neoloc/vault_global_admin into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/166
2024-10-21 19:41:31 +11:00
unkinben
1db8847833
feat: add vault admin group
...
- group will be assigned global admin rights
2024-10-21 19:40:52 +11:00
unkinben
6d919580e1
Merge pull request 'neoloc/adduser' ( #165 ) from neoloc/adduser into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/165
2024-10-20 13:14:50 +11:00
unkinben
5549275ecc
chore: add new user
...
- add margol as standard media user
2024-10-20 13:12:36 +11:00
unkinben
7acfea8547
fix: correct given/sn fields
...
- fix ryadun's given/sn fields
2024-10-20 13:12:02 +11:00
unkinben
318e816568
Merge pull request 'feat: update certbot module' ( #164 ) from neoloc/restart_nginx into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/164
2024-10-07 13:42:57 +11:00
unkinben
2ef4fb0bf8
feat: update certbot module
...
- update documentation
- add option to notify services
- set haproxy role to notify the haproxy service
2024-10-07 13:40:53 +11:00
unkinben
2013641720
Merge pull request 'feat: restart nginx on ssl change' ( #163 ) from neoloc/restart_nginx into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/163
2024-09-27 21:51:15 +10:00
unkinben
4bf4b42fdf
feat: restart nginx on ssl change
...
- manage nginx service from simpleproxy class
- ensure nginx restarts when ssl certificates are changed
2024-09-27 21:46:46 +10:00
unkinben
933427e861
Merge pull request 'neoloc/terraformsvc' ( #162 ) from neoloc/terraformsvc into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/162
2024-09-23 22:14:27 +10:00
unkinben
4a0760516f
feat: add vault service account
...
- used by vault to bind to ldap
2024-09-23 22:13:48 +10:00
unkinben
10b57abffc
feat: add terraform service account
...
- add terraform service account
2024-09-23 22:08:52 +10:00
unkinben
5b4bb95ffe
Merge pull request 'feat: add vault access group' ( #161 ) from neoloc/vaultaccess into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/161
2024-09-20 23:24:44 +10:00
unkinben
e09819284d
feat: add vault access group
...
- add vault_access group
2024-09-20 23:17:35 +10:00
unkinben
addfa02e08
Merge pull request 'feat: enable larger uploads to gitea' ( #160 ) from neoloc/gitea_client_send into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/160
2024-09-08 01:44:04 +10:00
unkinben
93b9629c5c
feat: enable larger uploads to gitea
...
- change client body max size to 1GB
2024-09-08 01:43:22 +10:00
unkinben
9dea399377
Merge pull request 'neoloc/gitearunner' ( #159 ) from neoloc/gitearunner into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/159
2024-09-07 21:38:29 +10:00
unkinben
0210d849c7
feat: add gitea runner role
...
- ensure docker is configured
- create runner user/group
- deploy config.yaml from hiera hash
- install runner from url
- register the runner with the gitea instance
- manage the act_runner service
2024-09-07 17:59:02 +10:00
unkinben
42d8047043
fix: comments in gitea role
...
- was copy of puppetboard, missed updating the comment
2024-09-03 22:34:48 +10:00
unkinben
c0b94c181f
Merge pull request 'feat: confine fact to patroni' ( #158 ) from neoloc/patroni_facts into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/158
2024-09-03 22:19:18 +10:00
unkinben
265400db91
feat: confine fact to patroni
2024-09-03 22:18:53 +10:00
unkinben
ccf4ef27f7
Merge pull request 'feat: psql changes on master only' ( #157 ) from neoloc/patroni_grant_on_master into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/157
2024-09-03 22:15:47 +10:00
unkinben
afda425fab
feat: psql changes on master only
...
- add fact to detect if a psql host is a slave
- only import users/db/grants on master
2024-09-03 22:13:50 +10:00
unkinben
69c298e162
Merge pull request 'feat: remove masterauth redis' ( #156 ) from neoloc/redis_masterauth into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/156
2024-09-03 21:29:58 +10:00
unkinben
1ad2b806b4
feat: remove masterauth redis
...
- removed requirepass previously, also need to remove masterauth
2024-09-03 21:29:18 +10:00
unkinben
dc58084cc9
Merge pull request 'Adding hieradata/node/ausyd1nxvm1059.main.unkin.net.yaml' ( #155 ) from autonode/ausyd1nxvm1059.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/155
2024-09-01 00:18:34 +10:00
unkinben
938db9880b
Adding hieradata/node/ausyd1nxvm1059.main.unkin.net.yaml
2024-09-01 00:17:59 +10:00
unkinben
ecbea24ba8
Merge pull request 'fix: updated client secret' ( #154 ) from neoloc/droneci_client_id into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/154
2024-08-31 23:01:39 +10:00
unkinben
bcb9beae5f
fix: updated client secret
2024-08-31 23:00:58 +10:00
unkinben
e1e604516d
Merge pull request 'feat: add droneci runner' ( #153 ) from neoloc/runner into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/153
2024-08-27 22:02:00 +10:00
unkinben
0bed8ba4f4
Merge branch 'develop' into neoloc/runner
2024-08-27 22:01:24 +10:00
unkinben
5471adae32
Merge pull request 'feat: add droneadmin' ( #152 ) from neoloc/droneadmin into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/152
2024-08-25 15:03:15 +10:00
unkinben
91d9a073d6
feat: add droneadmin
...
- add environment variable to assign primary admin
2024-08-25 14:58:56 +10:00
unkinben
ec7814e2a9
Merge pull request 'Adding hieradata/node/ausyd1nxvm1058.main.unkin.net.yaml' ( #151 ) from autonode/ausyd1nxvm1058.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/151
2024-08-25 14:28:20 +10:00
unkinben
71c134dc1a
Merge pull request 'Adding hieradata/node/ausyd1nxvm1057.main.unkin.net.yaml' ( #150 ) from autonode/ausyd1nxvm1057.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/150
2024-08-25 14:28:06 +10:00
unkinben
cb803d885e
Merge pull request 'feat: droneci for organisation' ( #149 ) from neoloc/droneci_org into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/149
2024-08-25 14:25:25 +10:00
unkinben
90eabac007
feat: droneci for organisation
...
- change from personal account to organisation
2024-08-25 14:24:45 +10:00
unkinben
d79a5de17b
feat: add droneci runner
...
- ensure /data and docker are available
- add droneci runner configuration
2024-08-25 02:14:35 +10:00
unkinben
0f755b231f
Merge pull request 'neoloc/droneci' ( #148 ) from neoloc/droneci into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/148
2024-08-25 00:01:27 +10:00
unkinben
2912cbb68b
feat: add droneci runner
...
- add runner role
2024-08-25 00:00:48 +10:00
unkinben
3d1ba79325
Adding hieradata/node/ausyd1nxvm1058.main.unkin.net.yaml
2024-08-24 23:36:52 +10:00
unkinben
c33b58ead6
Adding hieradata/node/ausyd1nxvm1057.main.unkin.net.yaml
2024-08-24 23:30:37 +10:00
unkinben
9f937b2869
Merge pull request 'Adding hieradata/node/ausyd1nxvm1056.main.unkin.net.yaml' ( #147 ) from autonode/ausyd1nxvm1056.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/147
2024-08-24 12:37:44 +10:00
unkinben
8660bec810
Merge pull request 'Adding hieradata/node/ausyd1nxvm1055.main.unkin.net.yaml' ( #146 ) from autonode/ausyd1nxvm1055.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/146
2024-08-24 12:37:34 +10:00
unkinben
f30325b3e9
Merge pull request 'Adding hieradata/node/ausyd1nxvm1054.main.unkin.net.yaml' ( #145 ) from autonode/ausyd1nxvm1054.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/145
2024-08-24 12:37:25 +10:00
unkinben
76c1c93c02
Merge pull request 'Adding hieradata/node/ausyd1nxvm1053.main.unkin.net.yaml' ( #144 ) from autonode/ausyd1nxvm1053.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/144
2024-08-24 12:37:16 +10:00
unkinben
4577997506
Merge pull request 'Adding hieradata/node/ausyd1nxvm1052.main.unkin.net.yaml' ( #143 ) from autonode/ausyd1nxvm1052.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/143
2024-08-24 12:36:50 +10:00
unkinben
6326e820a9
Merge pull request 'chore: add new user' ( #142 ) from neoloc/ryadun into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/142
2024-08-24 12:36:09 +10:00
unkinben
757f3042ed
chore: add new user
...
- add ryadun
2024-08-24 12:35:34 +10:00
unkinben
5d36a4053b
feat: add droneci module
...
- add droneci module for server
- add droneci/server role
- add consul query for droneci service
- manage certificates, ssh principals, consul services/checks
2024-08-24 00:34:15 +10:00
unkinben
8fad79f2bc
feat: manage database/user/grants for patroni
...
- add defines for exporting/collecting psql objects for patroni
- add generic profile for managing patroni psql databases for an app
2024-08-24 00:33:18 +10:00
unkinben
68c569b282
feat: add docker module
...
- update puppet file with docker module
2024-08-24 00:28:39 +10:00
unkinben
975adc31d7
Merge pull request 'feat: remove requirepass' ( #141 ) from neoloc/remove_requirepass into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/141
2024-08-23 23:28:30 +10:00
unkinben
8a8cc0ae1b
feat: remove requirepass
...
- required for droneci
2024-08-23 23:18:02 +10:00
unkinben
70a9edd118
Adding hieradata/node/ausyd1nxvm1056.main.unkin.net.yaml
2024-08-16 22:13:16 +10:00
unkinben
348d8889ed
Adding hieradata/node/ausyd1nxvm1055.main.unkin.net.yaml
2024-08-16 22:11:47 +10:00
unkinben
1a2023f4ff
Merge pull request 'feat: add patroni/psql cluster' ( #140 ) from neoloc/patroni into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/140
2024-08-10 23:40:29 +10:00
unkinben
35834f8f5a
feat: add patroni/psql cluster
...
- add patroni puppet module
- add patroni role and hieradata
- add sql/patroni class that utilised consul
2024-08-10 22:34:43 +10:00
unkinben
4347faf153
Merge pull request 'neoloc/redis' ( #139 ) from neoloc/redis into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/139
2024-08-10 18:47:17 +10:00
unkinben
5c731fef34
feat: deploy redisha cluster
...
- manage pki and ssh principals
- manage redis/sentinel with redisha module
- add consul checks to manage redis-replica/redis-master services
- manage sudo rules for consul checks
2024-08-10 17:39:30 +10:00
unkinben
b7fc6a1993
feat: create redisha module
...
- manage redis/sentinel clusters
- ensure ulimit_managed is false
- dynamically find servers in role to identify master
- add redisadm and sentineladm commands
- add script to check if the current host in the master
2024-08-10 17:39:24 +10:00
unkinben
afe2a2afb7
Adding hieradata/node/ausyd1nxvm1054.main.unkin.net.yaml
2024-08-10 14:13:59 +10:00
unkinben
c76ce3bf10
Adding hieradata/node/ausyd1nxvm1053.main.unkin.net.yaml
2024-08-10 14:13:51 +10:00
unkinben
af989a19c3
Adding hieradata/node/ausyd1nxvm1052.main.unkin.net.yaml
2024-08-10 14:11:47 +10:00
unkinben
4d08e30733
Merge pull request 'fix: also fix repodata' ( #138 ) from neoloc/cephreef into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/138
2024-08-10 13:36:30 +10:00
unkinben
e2873a492a
fix: also fix repodata
2024-08-10 13:36:04 +10:00
unkinben
90af895a34
Merge pull request 'fix: ceph-reef 18.2.4 not on el8' ( #137 ) from neoloc/cephreef into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/137
2024-08-10 13:30:54 +10:00
unkinben
52e3d5b20b
fix: ceph-reef 18.2.4 not on el8
...
- force repo to use 18.2.2
2024-08-10 13:30:16 +10:00
unkinben
aadd0275ac
feat: add puppet-redis module
2024-08-08 19:28:50 +10:00
unkinben
390a5a58c7
Merge pull request 'chore: add account' ( #136 ) from neoloc/kelly into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/136
2024-08-08 19:01:44 +10:00
unkinben
403e3eeb1b
chore: add account
2024-08-08 19:01:18 +10:00
unkinben
352878e27c
Merge pull request 'chore: prevent empty lines' ( #135 ) from neoloc/glauth_templates into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/135
2024-08-07 22:53:10 +10:00
unkinben
0cad88cdad
chore: prevent empty lines
...
- prevent empty lines when user features are not enabled
- change epp to erb template for user objects
2024-08-07 22:51:13 +10:00
unkinben
859fc0d909
Merge pull request 'chore: add two new users' ( #134 ) from neoloc/more_users into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/134
2024-08-07 22:19:41 +10:00
unkinben
a5baed8cd9
chore: add two new users
...
- add marbal and seablo
2024-08-07 22:19:08 +10:00
unkinben
44707910aa
Merge pull request 'fix: require vault-unseal.service' ( #133 ) from neoloc/vault_unseal_fix into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/133
2024-08-07 22:12:12 +10:00
unkinben
dafac3d5ab
fix: require vault-unseal.service
...
- wrong service name specified
2024-08-07 22:05:50 +10:00
unkinben
3ce2ec3754
Merge pull request 'feat: auto-unseal vault every hour' ( #132 ) from neoloc/vault_unseal_check into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/132
2024-08-06 22:51:54 +10:00
unkinben
7863d54275
feat: auto-unseal vault every hour
...
- add cron job to run vault unsealing service hourly
2024-08-06 22:51:16 +10:00
unkinben
988e7c2a32
Merge pull request 'feat: auto restart puppetdb' ( #131 ) from neoloc/puppetdb_restart into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/131
2024-08-06 22:47:02 +10:00
unkinben
0c44654a47
feat: auto restart puppetdb
...
- found several times the puppetdb service locks up after a week of active time
- restart the puppetdb nightly to prevent lock ups
2024-08-06 22:43:07 +10:00
unkinben
20ee6fa19e
Merge pull request 'feat: add rundeck runner user' ( #130 ) from neoloc/rundeck_user into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/130
2024-08-06 22:36:54 +10:00
unkinben
c846cc4e21
feat: add rundeck runner user
...
- add rundeck account on all hosts except rundeck
- add rundeck ssh private/public key to rundeck server
2024-08-06 22:33:32 +10:00
unkinben
8e0f26e726
Merge pull request 'Adding hieradata/node/ausyd1nxvm1050.main.unkin.net.yaml' ( #124 ) from autonode/ausyd1nxvm1050.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/124
2024-08-01 22:41:27 +10:00
unkinben
4579e268f0
Merge pull request 'feat: add gonic role' ( #125 ) from neoloc/gonic into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/125
2024-08-01 22:41:20 +10:00
unkinben
f1e1828a4a
Merge pull request 'Adding hieradata/node/ausyd1nxvm1051.main.unkin.net.yaml' ( #123 ) from autonode/ausyd1nxvm1051.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/123
2024-08-01 22:40:59 +10:00
unkinben
2ae8dbc0ac
feat: add gonic role
...
- basic role only
2024-08-01 22:38:32 +10:00
unkinben
4338dfe27f
Adding hieradata/node/ausyd1nxvm1051.main.unkin.net.yaml
2024-08-01 22:35:03 +10:00
unkinben
66cb1e356d
Adding hieradata/node/ausyd1nxvm1050.main.unkin.net.yaml
2024-08-01 22:33:26 +10:00
unkinben
2bda41712a
Merge pull request 'fix: change debian repos to http' ( #122 ) from neoloc/http_debian_apt into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/122
2024-07-31 21:51:44 +10:00
unkinben
d3daac3b71
fix: change debian repos to http
...
- until https issues are resolved with https
2024-07-31 21:51:04 +10:00
unkinben
eb32a216f5
Merge pull request 'neoloc/rundeck' ( #121 ) from neoloc/rundeck into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/121
2024-07-28 02:05:20 +10:00
unkinben
5354c99b1e
feat: add rundeck profile
...
- export mysql user for each rundeck server
- ensure the jdbc driver for mariadb is available
- exclude jq from default packages (managed by rundeck)
- add groups for admin/user for each project in rundeck
- add consul service
- add vault certificates
- add ssh principals
- add nginx simpleproxy
2024-07-28 01:51:41 +10:00
unkinben
6a3123e12e
Merge pull request 'feat: change packages to Hash' ( #120 ) from neoloc/packages_hash into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/120
2024-07-27 16:29:48 +10:00
unkinben
26ffe17ee1
feat: add database
...
- add database for rundeck
2024-07-27 13:06:14 +10:00
unkinben
cb5bb0798f
feat: add rundeck to ldap
...
- add service account for rundeck
- add rundeck_access group
2024-07-27 13:06:14 +10:00
unkinben
08241692ee
feat: add rundeck
...
- add puppet-rundeck module
- add rundeck role
2024-07-27 13:06:14 +10:00
unkinben
76989e45c4
feat: change packages to Hash
...
- change from multiple arrays for managing packages to a hash
- change to ensure_packages to prevent duplicate resource conflicts
2024-07-27 13:05:54 +10:00
unkinben
cc01259a64
feat: change packages to Hash
...
- change from multiple arrays for managing packages to a hash
- change to ensure_packages to prevent duplicate resource conflicts
2024-07-27 13:01:06 +10:00
unkinben
b5148fc2a0
Merge pull request 'fix: generate_types cahnges' ( #119 ) from neoloc/puppetserver_startup into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/119
2024-07-27 00:17:46 +10:00
unkinben
ab44bfc430
fix: generate_types cahnges
...
- this command will always fail, remove the systemd dropin
- create script that will run and exit with 0
- create systemd service/timer to run script daily
2024-07-27 00:13:25 +10:00
unkinben
4c38232ceb
Merge pull request 'Adding hieradata/node/ausyd1nxvm1049.main.unkin.net.yaml' ( #118 ) from autonode/ausyd1nxvm1049.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/118
2024-07-26 23:46:51 +10:00
unkinben
20686e04f4
Adding hieradata/node/ausyd1nxvm1049.main.unkin.net.yaml
2024-07-26 23:27:10 +10:00
unkinben
480eced404
Merge pull request 'feat: add vrrp to halb' ( #116 ) from neoloc/keepalived into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/116
2024-07-14 22:07:34 +10:00
unkinben
946922fdb9
feat: add vrrp to halb
...
- update keepalived module to 5.1.0
- add keepalived::vrrp::* to be deep merged in hiera
- add vrrp dns configuration
- add vrrp instance/script to halb in syd1
2024-07-13 20:15:13 +10:00
unkinben
1570bbd8f2
Merge pull request 'feat: ensure *arr can access prowlarr' ( #115 ) from neoloc/prowlarr_auth into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/115
2024-07-13 16:58:42 +10:00
unkinben
319c3b6d67
feat: ensure *arr can access prowlarr
2024-07-13 16:55:21 +10:00
unkinben
e2f571649e
Merge pull request 'feat: add param for ffmpeg' ( #114 ) from neoloc/ffpmeg_path into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/114
2024-07-12 18:17:16 +10:00
unkinben
0fb11b22cf
feat: add param for ffmpeg
...
- add param to jellyfin class to specify the path to ffmpeg
- update templates to use location
2024-07-11 22:41:08 +10:00
unkinben
01fc6aacd7
Merge pull request 'fix: remove unkin.net from internal dns' ( #113 ) from neoloc/bind_static_dns into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/113
2024-07-11 22:31:29 +10:00
unkinben
73c7dbd56c
fix: remove unkin.net from internal dns
...
- unkin.net is entirely hosted externally
2024-07-11 22:30:44 +10:00
unkinben
3ed692cc77
Merge pull request 'feat: manage the nzbget service' ( #112 ) from neoloc/nzbget_group_media into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/112
2024-07-11 22:27:44 +10:00
unkinben
ec92a6d3df
feat: manage the nzbget service
2024-07-11 21:39:34 +10:00
unkinben
bbd6cdb228
Merge pull request 'feat: add rpmfusion to nzbget' ( #110 ) from neoloc/rpmfusion_nzbget into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/110
2024-07-11 21:28:56 +10:00
unkinben
2cbba808c3
feat: add rpmfusion to nzbget
2024-07-11 21:24:35 +10:00
unkinben
df9f31e0f7
Merge pull request 'feat: add othergroups support for services' ( #109 ) from neoloc/nzbget_client into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/109
2024-07-11 20:00:10 +10:00
unkinben
95a0b543fd
feat: add othergroups support for services
...
- extend glauth::obj::service to allow othergroups
2024-07-11 19:59:26 +10:00
unkinben
90d123f4d0
Merge pull request 'chore: add service account to submit nzbs' ( #108 ) from neoloc/nzbget_client into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/108
2024-07-11 19:56:51 +10:00
unkinben
3dc8fb03fa
chore: add service account to submit nzbs
2024-07-11 19:56:17 +10:00
unkinben
c7e5356444
Merge pull request 'feat: rewrite for nzbget' ( #107 ) from neoloc/nzbget_rewrite into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/107
2024-07-10 21:29:44 +10:00
unkinben
93ab2bebc3
feat: rewrite for nzbget
...
- required for consul health check to work
2024-07-10 21:26:53 +10:00
unkinben
348f2dfca3
Merge pull request 'fix: update ldap filter' ( #106 ) from neoloc/ldap_filters into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/106
2024-07-10 20:54:38 +10:00
unkinben
5221c15a66
fix: update ldap filter
...
- update ldap filter for *arr's to match on user and group
2024-07-10 20:43:50 +10:00
unkinben
1d49480010
Merge pull request 'fix: create nginx cache dirs before nginx class' ( #105 ) from neoloc/nzbget into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/105
2024-07-09 23:30:33 +10:00
unkinben
f63cf2f654
fix: create nginx cache dirs before nginx class
2024-07-09 23:29:56 +10:00
unkinben
3d425bfcbd
Merge pull request 'fix: simpleproxy create cachedirs' ( #104 ) from neoloc/nzbget into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/104
2024-07-09 23:28:38 +10:00
unkinben
e8c8f5c1d6
fix: simpleproxy create cachedirs
...
- ensure the '/var/cache/nginx' directory exists
2024-07-09 23:27:51 +10:00
unkinben
ae85541f6b
Merge pull request 'fix: change nzbget::manage_group to boolean' ( #103 ) from neoloc/nzbget into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/103
2024-07-09 23:23:33 +10:00
unkinben
0c1fd63b7d
fix: change nzbget::manage_group to boolean
2024-07-09 23:22:49 +10:00
unkinben
797670b55d
Merge pull request 'feat: actually add nzbget profile' ( #102 ) from neoloc/nzbget into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/102
2024-07-09 23:20:58 +10:00
unkinben
1204ee3314
feat: actually add nzbget profile
2024-07-09 23:20:12 +10:00
unkinben
75ddacb6b1
Merge pull request 'neoloc/nzbget' ( #101 ) from neoloc/nzbget into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/101
2024-07-09 22:34:37 +10:00
unkinben
1532641640
feat: add nzbget to media platform
...
- add haproxy rules
- generate/distribute letsencrypt certificates
- manage access to cephfs
2024-07-09 22:32:54 +10:00
unkinben
abb4a47703
chore: add ens19 to nzbget host
...
- required to access cephfs
2024-07-09 22:26:46 +10:00
unkinben
857d51a934
chore: add matsol to nzbget
2024-07-09 22:26:03 +10:00
unkinben
fd5163d6e6
Merge branch 'develop' into neoloc/nzbget
2024-07-09 22:25:28 +10:00
unkinben
d67eba5860
feat: add nzbget module/role
...
- add nzbget module
- add nzbget ldap user/group
2024-07-09 22:23:58 +10:00
unkinben
dacd2c6994
Merge pull request 'chore: disable gpgcheck for unkin repo' ( #100 ) from neoloc/gpgcheck_unkin_repo into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/100
2024-07-09 22:01:01 +10:00
unkinben
930341c05c
Merge pull request 'Adding hieradata/node/ausyd1nxvm1048.main.unkin.net.yaml' ( #99 ) from autonode/ausyd1nxvm1048.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/99
2024-07-09 22:00:47 +10:00
unkinben
47333237ee
chore: disable gpgcheck for unkin repo
2024-07-09 21:18:02 +10:00
unkinben
924631d705
Adding hieradata/node/ausyd1nxvm1048.main.unkin.net.yaml
2024-07-09 20:54:51 +10:00
unkinben
384e301fd3
Merge pull request 'feat: add new users' ( #98 ) from neoloc/moreusers into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/98
2024-07-09 19:22:26 +10:00
unkinben
d52949fc4f
feat: add new users
...
- matsol
2024-07-09 19:21:59 +10:00
unkinben
fe20590ac6
Merge pull request 'neoloc/retrieve_certbot_certs' ( #97 ) from neoloc/retrieve_certbot_certs into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/97
2024-07-08 23:27:21 +10:00
unkinben
d9a2966ffd
fix: certbot selinux and rsync
...
- fix rsync to use 755 permissions
- add rsync selinux booleans
2024-07-08 23:17:38 +10:00
unkinben
899e2cbf49
feat: haproxy updates
...
- use letsencrypt certificates
- add fafflix and jellyfin backends
2024-07-08 22:56:24 +10:00
unkinben
bd5164fed3
feat: certbot reorg
...
- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
2024-07-08 22:33:11 +10:00
unkinben
30ec8c1bb1
feat: enable retrieval of certbot certs
...
- refactor certbot
- add nginx to certbot hosts
2024-07-07 22:30:40 +10:00
unkinben
c419620838
Merge pull request 'feat: manage certbot' ( #96 ) from neoloc/certbot into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/96
2024-07-07 21:45:18 +10:00
unkinben
9db714d02f
feat: manage certbot
...
- add haproxy backend for be_letsencrypt
- manage the certbot role/profile
- create define to export certificate requests
2024-07-07 21:21:50 +10:00
unkinben
4b8a9825c0
Merge pull request 'feat: haproxy updates' ( #95 ) from neoloc/haproxy_backend_httpchk into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/95
2024-07-07 16:56:25 +10:00
unkinben
991c8a3029
feat: haproxy updates
...
- add acls for all backends
- harden security of backends
- update http-check for all backends
2024-07-07 16:51:36 +10:00
unkinben
152ffaa1d3
Merge pull request 'feat: stop installing systemd exported by default' ( #94 ) from neoloc/systemd_exporter_removal into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/94
2024-07-07 15:02:48 +10:00
unkinben
65046329f4
feat: stop installing systemd exported by default
2024-07-07 15:01:49 +10:00
unkinben
d05cf628a8
Merge pull request 'fix: change service to socket' ( #93 ) from neoloc/cobbler_socket into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/93
2024-07-06 23:40:20 +10:00
unkinben
da1402691c
fix: change service to socket
...
- ensure the tftpd.socket is running, which starts the service
2024-07-06 23:37:55 +10:00
unkinben
b5c7b310ee
Merge pull request 'neoloc/mediaproxy' ( #92 ) from neoloc/mediaproxy into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/92
2024-07-06 23:24:49 +10:00
unkinben
2ab2cd1399
feat: deploy ldap-auth to all *arrs
...
- refactor sonarr locations to generalised locations
- set locations to be deep merged
- updated hiera_include statements for media and media subroles
- added eyaml entries for all ldap credentials
2024-07-06 22:50:10 +10:00
unkinben
8b01ddba9c
fix: cleanup simpleproxy
...
- remove commented sections
- remove $server from locations
2024-07-06 22:09:16 +10:00
unkinben
d1dd12a091
feat: add cache to simpleproxy
2024-07-06 22:05:55 +10:00
unkinben
354e561380
feat: add ldapauth for nginx
...
- add service, defaults and script
2024-07-06 22:02:00 +10:00
unkinben
cbded220bb
feat: add sonarr locations
...
- add authproxy
- add api and web
- add /consul/health for unauth access from consul
- update sonarr/consul check to use /consul/health
- change client body side to 20mb
2024-07-06 22:01:47 +10:00
unkinben
89697e85aa
Merge pull request 'chore: update svc_sonarr credential' ( #91 ) from neoloc/sonarr_auth into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/91
2024-07-06 18:32:43 +10:00
unkinben
158ebaf7a0
chore: update svc_sonarr credential
2024-07-06 18:32:25 +10:00
unkinben
02a2097955
feat: paramatise use_default_location
...
- allow the use of location blocks for simpleproxy
- add way to add locations in simpleproxy
2024-07-05 23:10:58 +10:00
unkinben
658af2b6b6
Merge pull request 'feat: manage jellyfin data migration_flag' ( #90 ) from neoloc/jellyfin into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/90
2024-07-04 00:09:22 +10:00
unkinben
f3046f8fbb
feat: manage jellyfin data migration_flag
2024-07-03 22:49:54 +10:00
unkinben
f9ff44afec
Merge pull request 'feat: add rpmfusion to jellyfin hosts' ( #89 ) from neoloc/rpmfusion into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/89
2024-07-03 21:28:11 +10:00
unkinben
21a45c1b03
feat: add rpmfusion to jellyfin hosts
...
- required for jellyfin packages
- additional dependencies also from rpmfusion
2024-07-03 21:27:05 +10:00
unkinben
33f66c8dbc
Merge pull request 'feat: restart networking on network changes' ( #88 ) from neoloc/network_restart into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/88
2024-07-03 20:37:05 +10:00
unkinben
b0934caf23
feat: restart networking on network changes
...
- restart network on RedHat
- restart networking on debian
2024-07-03 20:35:58 +10:00
unkinben
8e1622a158
Merge pull request 'neoloc/glauth' ( #87 ) from neoloc/glauth into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/87
2024-07-02 18:12:54 +10:00
unkinben
fe35baacfd
chore: cleanup glauth
...
- remove datavol, not required
- remove commented out systemd socket
2024-07-02 18:12:08 +10:00
unkinben
6e3802ad57
feat: add users/services/groups
2024-07-01 22:54:22 +10:00
unkinben
c8604baa4e
feat: add glauth role/profile classes
...
- role added to cobbler
- add role specific hieradata
2024-07-01 22:42:29 +10:00
unkinben
c69e8c487e
feat: create glauth module
...
- manage config directories, config file
- manage systemd service and socket
- manage users, service accounts and groups
- manage defaults for users, services and groups
- manage packages for role
2024-07-01 22:42:12 +10:00
unkinben
0a86986edf
Merge pull request 'neoloc/jellyfin' ( #86 ) from neoloc/jellyfin into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/86
2024-06-30 21:24:49 +10:00
unkinben
2199e4e3c0
feat: add jellyfin to haproxy
2024-06-30 00:02:44 +10:00
unkinben
f81b5753ff
feat: add jellyfin role/profile classes
2024-06-30 00:02:16 +10:00
unkinben
e437629e12
feat: add jellyfin module
2024-06-30 00:01:38 +10:00