Puppetfile

@@ -50,6 +50,7 @@ mod 'kogitoapp-minio', '1.1.4'
 mod 'broadinstitute-certs', '3.0.1'
 mod 'stm-file_capability', '6.0.0'
 mod 'h0tw1r3-gitea', '3.2.0'
+mod 'rehan-mkdir', '2.0.0'
 
 mod 'bind',
   :git => 'https://git.service.au-syd1.consul/unkinben/puppet-bind.git',

hieradata/common.yaml

@@ -120,6 +120,9 @@ lookup_options:
   mysql::db:
     merge:
       strategy: deep
+  profiles::ceph::client::keyrings:
+    merge:
+      strategy: deep
 
 facts_path: '/opt/puppetlabs/facter/facts.d'
 
@@ -294,7 +297,11 @@ networking::routes:
     netmask: 0.0.0.0
     network: default
 
-
+profiles::ceph::client::fsid: 7f7f00cb-95de-498c-8dcc-14b54e4e9ca8
+profiles::ceph::client::mons:
+  - 10.18.15.1
+  - 10.18.15.2
+  - 10.18.15.3
 #profiles::base::hosts::additional_hosts:
 #  - ip: 198.18.17.9
 #    hostname: prodinf01n09.main.unkin.net

hieradata/nodes/ausyd1nxvm1037.main.unkin.net.yaml

@@ -2,6 +2,13 @@
 networking::interfaces:
   eth0:
     ipaddress: 198.18.13.47
+  ens19:
+    ensure: present
+    family: inet
+    method: static
+    ipaddress: 10.18.15.47
+    netmask: 255.255.255.0
+    onboot: true
 networking::routes:
   default:
     gateway: 198.18.13.254

hieradata/roles/apps/media.eyaml

@@ -0,0 +1,2 @@
+---
+ceph::key::media: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEBANgP2ifU7NbuMs+kWpeg1tchR5IMD7Z7kMpRBejgCMHludTYGf/BzxTe36YjpwLsuUd658QK5vE4EYpM1MuzqfuNiWJa5ec1IR/AgWQUMZcpjEDEqpHTb2qygmpc+jb3vW1EMBleZL2Z4GrgJ00gWO/EvukBSPgyxBsFe4Bb/L3aK6xiucG3JA9A7qA6cS4Oz5pf8dfC0FBjsc+XN7++bJN5pWUgMcEDgiyCy3bkL2gWfPKOWfabTRwuC3qd6SihZMg/tY8uoDfYoI8jHkjU07/mhC6AD930wgcFG+xJwNAX7FxLvLyJ8iN/648LVoZFuszYiTwPib1CszksdYBjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBSGXrbrl4FisZN5FT1hfmrgDBnV2SVfCJIYYyZ9+Vo1ykNmzUypJdJ+4llyXA7FOuH90xVZvLZMjNMhVCxP48CiYI=]

hieradata/roles/apps/media.yaml

@@ -0,0 +1,13 @@
+---
+profiles::yum::global::repos:
+  ceph-reef:
+    name: ceph-reef
+    descr: ceph reef repository
+    target: /etc/yum.repos.d/ceph-reef.repo
+    baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture}
+    gpgcheck: 0,
+    mirrorlist: absent
+
+profiles::ceph::client::keyrings:
+  media:
+    key: "%{hiera('ceph::key::media')}"

site/profiles/manifests/ceph/client.pp

@@ -0,0 +1,43 @@
+# profiles::ceph::client
+class profiles::ceph::client (
+  String $fsid,
+  Array[Stdlib::Host] $mons,
+  Stdlib::Absolutepath $config_file = '/etc/ceph/ceph.conf',
+  String $owner = 'ceph',
+  String $group = 'ceph',
+  Stdlib::Filemode $mode = '0644',
+  Hash $keyrings = {},
+) {
+
+  # dont run this on proxmox nodes
+  if $facts['enc_role'] != 'roles::infra::proxmox::node' {
+
+    # install the ceph client package
+    package { 'ceph-common':
+      ensure => installed,
+    }
+
+    # manage the ceph directory
+    file { '/etc/ceph':
+      ensure  => directory,
+      owner   => $owner,
+      group   => $group,
+      mode    => $mode,
+      require => Package['ceph-common'],
+    }
+
+    # create a basic client config
+    file { $config_file:
+      ensure  => file,
+      owner   => $owner,
+      group   => $group,
+      mode    => $mode,
+      content => template('profiles/ceph/client.conf.erb'),
+      require => Package['ceph-common'],
+    }
+
+    # manage ceph keyrings
+    create_resources('profiles::ceph::keyring', $keyrings)
+  }
+
+}

site/profiles/manifests/ceph/keyring.pp

@@ -0,0 +1,21 @@
+# profiles::ceph::keyring
+define profiles::ceph::keyring (
+  String $key,
+  String $user = $name,
+  String $type = 'client',
+  Stdlib::Filemode $mode = '0600',
+  String $owner = 'ceph',
+  String $group = 'ceph',
+  Stdlib::Absolutepath $keyring_dir = '/etc/ceph',
+) {
+  $keyring_file = "${keyring_dir}/ceph.${type}.${user}.keyring"
+
+  file { $keyring_file:
+    ensure  => file,
+    owner   => $owner,
+    group   => $group,
+    mode    => $mode,
+    content => Sensitive(template('profiles/ceph/keyring.erb')),
+    require => File[$keyring_dir],
+  }
+}

site/profiles/manifests/media/sonarr.pp

@@ -0,0 +1,16 @@
+# profiles::media::sonarr
+class profiles::media::sonarr (
+  Stdlib::Absolutepath $media_root = '/shared/media',
+) {
+
+  include profiles::ceph::client
+
+  # manage the sharedvol
+  profiles::storage::cephfsvol {"${::facts['networking']['fqdn']}_media":
+    mount       => $media_root,
+    keyring     => '/etc/ceph/ceph.client.media.keyring',
+    cephfs_name => 'media',
+    cephfs_fs   => 'mediafs',
+    require     => Profiles::Ceph::Keyring['media'],
+  }
+}

site/profiles/manifests/storage/cephfsvol.pp

@@ -0,0 +1,69 @@
+# profiles::storage::cephfsvol
+define profiles::storage::cephfsvol (
+  Enum['present', 'absent', 'mounted'] $ensure = 'mounted',
+  String $owner = 'root',
+  String $group = 'root',
+  Stdlib::Filemode $mode = '0755',
+  Stdlib::Absolutepath $mount = '/shared',
+  Array[Enum[
+    'defaults', 'ro', 'rw', 'sync', 'async',
+    'noatime', 'nodiratime', 'noexec', 'nosuid',
+    'nodev', 'remount', 'auto', 'noauto'
+  ]] $mount_options = ['noatime', 'nodiratime'],
+  Variant[Stdlib::Host, Array[Stdlib::Host]] $cephfs_mon = 'ceph-mon.service.consul',
+  Stdlib::Absolutepath $cephfs_path = '/',
+  String $cephfs_name = 'admin',
+  String $cephfs_fs = 'cephfs',
+  Optional[Stdlib::Absolutepath] $keyring = undef,
+) {
+
+  # mkdir -p $mount_path
+  mkdir::p {$mount: }
+
+  # ensure the mount path exists
+  file { $mount:
+    ensure  => directory,
+    owner   => $owner,
+    group   => $group,
+    mode    => $mode,
+    require => [
+      Mkdir::P[$mount],
+      Package['ceph-common']
+    ],
+  }
+
+  # join options into a comma seperated list
+  $options = join($mount_options, ',')
+
+  # if a ceph keyring is required, it will be added here
+  if $keyring {
+    $mount_options_string = "${options},fs=${cephfs_fs},name=${cephfs_name},secretfile=${keyring}"
+  } else {
+    $mount_options_string = "${options},fs=${cephfs_fs},name=${cephfs_name}"
+  }
+
+  # convert cephfs_servers (monitors) into a list
+  $mon_addresses = $cephfs_mon ? {
+    Array   => join($cephfs_mon, ','),
+    default => $cephfs_mon,
+  }
+
+  # manage the mount
+  mount { $mount:
+    ensure  => $ensure,
+    atboot  => true,
+    device  => "${mon_addresses}:${cephfs_path}",
+    fstype  => 'ceph',
+    options => $mount_options_string,
+    require => File[$mount],
+  }
+
+  # unmount when the mount should be removed
+  if $ensure == 'absent' {
+    exec { "umount_${mount}":
+      command => "umount ${mount}",
+      onlyif  => "mount | grep ${mount}",
+      before  => Mount[$mount],
+    }
+  }
+}

site/profiles/templates/ceph/client.conf.erb

@@ -0,0 +1,3 @@
+[global]
+	fsid = <%= @fsid %>
+	mon_host = <%= @mons.join(' ') %>

site/profiles/templates/ceph/keyring.erb

@@ -0,0 +1 @@
+<%= @key %>

site/roles/manifests/apps/media/sonarr.pp

@@ -6,5 +6,6 @@ class roles::apps::media::sonarr {
   }else{
     include profiles::defaults
     include profiles::base
+    include profiles::media::sonarr
   }
 }