From 8eca497ea2a74a31bfd4dd33d3464f8fb24271a6 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 23 Jun 2024 14:59:48 +1000 Subject: [PATCH 1/4] feat: add mkdir module - add module to manage mkdir -p in puppet module --- Puppetfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Puppetfile b/Puppetfile index ddbc134..ded5d58 100644 --- a/Puppetfile +++ b/Puppetfile @@ -50,6 +50,7 @@ mod 'kogitoapp-minio', '1.1.4' mod 'broadinstitute-certs', '3.0.1' mod 'stm-file_capability', '6.0.0' mod 'h0tw1r3-gitea', '3.2.0' +mod 'rehan-mkdir', '2.0.0' mod 'bind', :git => 'https://git.service.au-syd1.consul/unkinben/puppet-bind.git', -- 2.47.3 From 5631f07e6e97e8b7ff83433bcee708547258316d Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 23 Jun 2024 15:15:14 +1000 Subject: [PATCH 2/4] feat: add cephfs shared volume define - add ceph class to manage ceph client configuration/packages - add cephfs define for mounting volumes - add ceph keyring define to manage secrets used to mount cephfs --- hieradata/common.yaml | 9 ++- site/profiles/manifests/ceph/client.pp | 43 ++++++++++++ site/profiles/manifests/ceph/keyring.pp | 21 ++++++ site/profiles/manifests/storage/cephfsvol.pp | 69 ++++++++++++++++++++ site/profiles/templates/ceph/client.conf.erb | 3 + site/profiles/templates/ceph/keyring.erb | 1 + 6 files changed, 145 insertions(+), 1 deletion(-) create mode 100644 site/profiles/manifests/ceph/client.pp create mode 100644 site/profiles/manifests/ceph/keyring.pp create mode 100644 site/profiles/manifests/storage/cephfsvol.pp create mode 100644 site/profiles/templates/ceph/client.conf.erb create mode 100644 site/profiles/templates/ceph/keyring.erb diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 045f83b..a72af4e 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -120,6 +120,9 @@ lookup_options: mysql::db: merge: strategy: deep + profiles::ceph::client::keyrings: + merge: + strategy: deep facts_path: '/opt/puppetlabs/facter/facts.d' @@ -294,7 +297,11 @@ networking::routes: netmask: 0.0.0.0 network: default - +profiles::ceph::client::fsid: 7f7f00cb-95de-498c-8dcc-14b54e4e9ca8 +profiles::ceph::client::mons: + - 10.18.15.1 + - 10.18.15.2 + - 10.18.15.3 #profiles::base::hosts::additional_hosts: # - ip: 198.18.17.9 # hostname: prodinf01n09.main.unkin.net diff --git a/site/profiles/manifests/ceph/client.pp b/site/profiles/manifests/ceph/client.pp new file mode 100644 index 0000000..1735a19 --- /dev/null +++ b/site/profiles/manifests/ceph/client.pp @@ -0,0 +1,43 @@ +# profiles::ceph::client +class profiles::ceph::client ( + String $fsid, + Array[Stdlib::Host] $mons, + Stdlib::Absolutepath $config_file = '/etc/ceph/ceph.conf', + String $owner = 'ceph', + String $group = 'ceph', + Stdlib::Filemode $mode = '0644', + Hash $keyrings = {}, +) { + + # dont run this on proxmox nodes + if $facts['enc_role'] != 'roles::infra::proxmox::node' { + + # install the ceph client package + package { 'ceph-common': + ensure => installed, + } + + # manage the ceph directory + file { '/etc/ceph': + ensure => directory, + owner => $owner, + group => $group, + mode => $mode, + require => Package['ceph-common'], + } + + # create a basic client config + file { $config_file: + ensure => file, + owner => $owner, + group => $group, + mode => $mode, + content => template('profiles/ceph/client.conf.erb'), + require => Package['ceph-common'], + } + + # manage ceph keyrings + create_resources('profiles::ceph::keyring', $keyrings) + } + +} diff --git a/site/profiles/manifests/ceph/keyring.pp b/site/profiles/manifests/ceph/keyring.pp new file mode 100644 index 0000000..3eca7dc --- /dev/null +++ b/site/profiles/manifests/ceph/keyring.pp @@ -0,0 +1,21 @@ +# profiles::ceph::keyring +define profiles::ceph::keyring ( + String $key, + String $user = $name, + String $type = 'client', + Stdlib::Filemode $mode = '0600', + String $owner = 'ceph', + String $group = 'ceph', + Stdlib::Absolutepath $keyring_dir = '/etc/ceph', +) { + $keyring_file = "${keyring_dir}/ceph.${type}.${user}.keyring" + + file { $keyring_file: + ensure => file, + owner => $owner, + group => $group, + mode => $mode, + content => Sensitive(template('profiles/ceph/keyring.erb')), + require => File[$keyring_dir], + } +} diff --git a/site/profiles/manifests/storage/cephfsvol.pp b/site/profiles/manifests/storage/cephfsvol.pp new file mode 100644 index 0000000..77270e5 --- /dev/null +++ b/site/profiles/manifests/storage/cephfsvol.pp @@ -0,0 +1,69 @@ +# profiles::storage::cephfsvol +define profiles::storage::cephfsvol ( + Enum['present', 'absent', 'mounted'] $ensure = 'mounted', + String $owner = 'root', + String $group = 'root', + Stdlib::Filemode $mode = '0755', + Stdlib::Absolutepath $mount = '/shared', + Array[Enum[ + 'defaults', 'ro', 'rw', 'sync', 'async', + 'noatime', 'nodiratime', 'noexec', 'nosuid', + 'nodev', 'remount', 'auto', 'noauto' + ]] $mount_options = ['noatime', 'nodiratime'], + Variant[Stdlib::Host, Array[Stdlib::Host]] $cephfs_mon = 'ceph-mon.service.consul', + Stdlib::Absolutepath $cephfs_path = '/', + String $cephfs_name = 'admin', + String $cephfs_fs = 'cephfs', + Optional[Stdlib::Absolutepath] $keyring = undef, +) { + + # mkdir -p $mount_path + mkdir::p {$mount: } + + # ensure the mount path exists + file { $mount: + ensure => directory, + owner => $owner, + group => $group, + mode => $mode, + require => [ + Mkdir::P[$mount], + Package['ceph-common'] + ], + } + + # join options into a comma seperated list + $options = join($mount_options, ',') + + # if a ceph keyring is required, it will be added here + if $keyring { + $mount_options_string = "${options},fs=${cephfs_fs},name=${cephfs_name},secretfile=${keyring}" + } else { + $mount_options_string = "${options},fs=${cephfs_fs},name=${cephfs_name}" + } + + # convert cephfs_servers (monitors) into a list + $mon_addresses = $cephfs_mon ? { + Array => join($cephfs_mon, ','), + default => $cephfs_mon, + } + + # manage the mount + mount { $mount: + ensure => $ensure, + atboot => true, + device => "${mon_addresses}:${cephfs_path}", + fstype => 'ceph', + options => $mount_options_string, + require => File[$mount], + } + + # unmount when the mount should be removed + if $ensure == 'absent' { + exec { "umount_${mount}": + command => "umount ${mount}", + onlyif => "mount | grep ${mount}", + before => Mount[$mount], + } + } +} diff --git a/site/profiles/templates/ceph/client.conf.erb b/site/profiles/templates/ceph/client.conf.erb new file mode 100644 index 0000000..af4c678 --- /dev/null +++ b/site/profiles/templates/ceph/client.conf.erb @@ -0,0 +1,3 @@ +[global] + fsid = <%= @fsid %> + mon_host = <%= @mons.join(' ') %> diff --git a/site/profiles/templates/ceph/keyring.erb b/site/profiles/templates/ceph/keyring.erb new file mode 100644 index 0000000..a8a4b27 --- /dev/null +++ b/site/profiles/templates/ceph/keyring.erb @@ -0,0 +1 @@ +<%= @key %> -- 2.47.3 From 82ed27cf56798f0abc85c86bbe646f43ca521988 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 23 Jun 2024 15:18:02 +1000 Subject: [PATCH 3/4] feat: add sonarr profile - add cephfs secret for mounting mediafs - add ceph-reef repo for apps::media roles - add the shared cephfs mediafs mount --- hieradata/roles/apps/media.eyaml | 2 ++ hieradata/roles/apps/media.yaml | 13 +++++++++++++ hieradata/roles/apps/media/sonarr.eyaml | 0 site/profiles/manifests/media/sonarr.pp | 16 ++++++++++++++++ site/roles/manifests/apps/media/sonarr.pp | 1 + 5 files changed, 32 insertions(+) create mode 100644 hieradata/roles/apps/media.eyaml create mode 100644 hieradata/roles/apps/media.yaml create mode 100644 hieradata/roles/apps/media/sonarr.eyaml create mode 100644 site/profiles/manifests/media/sonarr.pp diff --git a/hieradata/roles/apps/media.eyaml b/hieradata/roles/apps/media.eyaml new file mode 100644 index 0000000..21cd536 --- /dev/null +++ b/hieradata/roles/apps/media.eyaml @@ -0,0 +1,2 @@ +--- +ceph::key::media: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEBANgP2ifU7NbuMs+kWpeg1tchR5IMD7Z7kMpRBejgCMHludTYGf/BzxTe36YjpwLsuUd658QK5vE4EYpM1MuzqfuNiWJa5ec1IR/AgWQUMZcpjEDEqpHTb2qygmpc+jb3vW1EMBleZL2Z4GrgJ00gWO/EvukBSPgyxBsFe4Bb/L3aK6xiucG3JA9A7qA6cS4Oz5pf8dfC0FBjsc+XN7++bJN5pWUgMcEDgiyCy3bkL2gWfPKOWfabTRwuC3qd6SihZMg/tY8uoDfYoI8jHkjU07/mhC6AD930wgcFG+xJwNAX7FxLvLyJ8iN/648LVoZFuszYiTwPib1CszksdYBjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBSGXrbrl4FisZN5FT1hfmrgDBnV2SVfCJIYYyZ9+Vo1ykNmzUypJdJ+4llyXA7FOuH90xVZvLZMjNMhVCxP48CiYI=] diff --git a/hieradata/roles/apps/media.yaml b/hieradata/roles/apps/media.yaml new file mode 100644 index 0000000..5d9259f --- /dev/null +++ b/hieradata/roles/apps/media.yaml @@ -0,0 +1,13 @@ +--- +profiles::yum::global::repos: + ceph-reef: + name: ceph-reef + descr: ceph reef repository + target: /etc/yum.repos.d/ceph-reef.repo + baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture} + gpgcheck: 0, + mirrorlist: absent + +profiles::ceph::client::keyrings: + media: + key: "%{hiera('ceph::key::media')}" diff --git a/hieradata/roles/apps/media/sonarr.eyaml b/hieradata/roles/apps/media/sonarr.eyaml new file mode 100644 index 0000000..e69de29 diff --git a/site/profiles/manifests/media/sonarr.pp b/site/profiles/manifests/media/sonarr.pp new file mode 100644 index 0000000..1eaa82a --- /dev/null +++ b/site/profiles/manifests/media/sonarr.pp @@ -0,0 +1,16 @@ +# profiles::media::sonarr +class profiles::media::sonarr ( + Stdlib::Absolutepath $media_root = '/shared/media', +) { + + include profiles::ceph::client + + # manage the sharedvol + profiles::storage::cephfsvol {"${::facts['networking']['fqdn']}_media": + mount => $media_root, + keyring => '/etc/ceph/ceph.client.media.keyring', + cephfs_name => 'media', + cephfs_fs => 'mediafs', + require => Profiles::Ceph::Keyring['media'], + } +} diff --git a/site/roles/manifests/apps/media/sonarr.pp b/site/roles/manifests/apps/media/sonarr.pp index 0ceab35..07a919c 100644 --- a/site/roles/manifests/apps/media/sonarr.pp +++ b/site/roles/manifests/apps/media/sonarr.pp @@ -6,5 +6,6 @@ class roles::apps::media::sonarr { }else{ include profiles::defaults include profiles::base + include profiles::media::sonarr } } -- 2.47.3 From 736f04143fea1831637dbe6cebe0ecd1f7d0c63c Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 23 Jun 2024 15:22:32 +1000 Subject: [PATCH 4/4] chore: manage ens19 interface on ausyd1nxvm1037 - add storage interface --- hieradata/nodes/ausyd1nxvm1037.main.unkin.net.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hieradata/nodes/ausyd1nxvm1037.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1037.main.unkin.net.yaml index e12dfe1..c8099e0 100644 --- a/hieradata/nodes/ausyd1nxvm1037.main.unkin.net.yaml +++ b/hieradata/nodes/ausyd1nxvm1037.main.unkin.net.yaml @@ -2,6 +2,13 @@ networking::interfaces: eth0: ipaddress: 198.18.13.47 + ens19: + ensure: present + family: inet + method: static + ipaddress: 10.18.15.47 + netmask: 255.255.255.0 + onboot: true networking::routes: default: - gateway: 198.18.13.254 \ No newline at end of file + gateway: 198.18.13.254 -- 2.47.3