promote develop to master #6

Merged

unkinben merged 449 commits from develop into master 2024-06-01 14:48:48 +10:00

Conversation 0 Commits 449 Files Changed 291 +9121 -583

unkinben commented 2024-06-01 14:48:25 +10:00

Owner

Copy Link

No description provided.

unkinben added 449 commits 2024-06-01 14:48:26 +10:00

Merge pull request 'Changed to a simple autosign method' (#19) from feature/simple_autosign into develop ... 9dab46ba5f

Reviewed-on: unkinben/puppet-prod#19

Updated autosign ... c96676e143

- added way to manage individual nodes
  - added defaults for domains, subnets and nodes
  - updated comments and doc

Merge pull request 'Updated autosign' (#20) from feature/autosign_comments into develop ... c1ddb00cbb

Reviewed-on: unkinben/puppet-prod#20

Adding a default environment ... efc769191e

- set through puppet.conf
  - created symbolic link from develop -> production in code/environments
  - changed puppet-g10k script to be generated from a template
  - parameterised g10k into hieradata

Added class to manage a default set of scripts ... 116342bdaa

- included scripts into profiles::base
  - updated hiera with list of scripts to create and their template name
  - created template for a puppet wrapper

Updated dns_alt_names for puppetmaster afb30f9dce

Merge pull request 'Updated dns_alt_names for puppetmaster' (#21) from neoloc/dns_alt_names into develop ... b8380ca2f2

Reviewed-on: unkinben/puppet-prod#21

Merge branch 'develop' into feature/default_environment d2fb3cff27

Merge pull request 'Adding a default environment' (#22) from feature/default_environment into develop ... ea7561a093

Reviewed-on: unkinben/puppet-prod#22

Show commit version when applying puppet ... 81784f819f

- set the config_version in the environment.conf file

Merge pull request 'Show commit version when applying puppet' (#23) from neoloc/show_commit_version into develop ... f4b688b10e

Reviewed-on: unkinben/puppet-prod#23

Account/Sudo management ... 2b11a9417c

- imported account and sudo puppet modules
  - created account management wrapper
  - defined sysadmin account, set to be created on all nodes
  - removed sudo from base packages as its managed by sudo module now

Merge pull request 'Account/Sudo management' (#24) from neoloc/sudo_initial_setup into develop ... b2a4ef2386

Reviewed-on: unkinben/puppet-prod#24

Setup PuppetDB/Puppetboard ... 080cdd8884

- install modules required
    - puppetdb
    - postgresql
    - puppetboard
    - python
  - create new profiles to manage each item (puppetdb/puppetboard)
  - added puppetdb role
  - include the puppetdb::master::config in puppetmaster role
  - re-organised the puppetfile
  - moved python to be managed by the python module
  - added postgresql to list of managed repos

Merge branch 'develop' into neoloc/puppetdb ac27a9ce0b

Merge pull request 'Setup PuppetDB/Puppetboard' (#25) from neoloc/puppetdb into develop ... 789ae2a508

Reviewed-on: unkinben/puppet-prod#25

feat: add sudo secure_path ... 86a6c1bd96

- update the sudo class from an include to a definition
- set the secure_path variable to include /usr/local/{bin,sbin}

Merge pull request 'feat: add sudo secure_path' (#26) from neoloc/sudo_securepath into develop ... 6b7f531e11

Reviewed-on: unkinben/puppet-prod#26

Merge branch 'develop' into neoloc/puppet_wrapper e847954e03

Merge pull request 'Added class to manage a default set of scripts' (#27) from neoloc/puppet_wrapper into develop ... aaee62afad

Reviewed-on: unkinben/puppet-prod#27

feat: add management of /etc/hosts ... 95434214a9

- add class to manage the /etc/hosts file
- add static hosts to /etc/hosts file via hiera array/hash

Merge pull request 'feat: add management of /etc/hosts' (#28) from neoloc/hostsfile into develop ... 92b73019cd

Reviewed-on: unkinben/puppet-prod#28

fix: set the puppetdb_host correctly ... c6c36e8351

- change the puppetdb::master::config from include to class statement
- set the puppetdb_host value to match what is stored in hiera
- disable firewall management on the puppetdb host

Merge pull request 'fix: set the puppetdb_host correctly' (#29) from neoloc/puppetdb_server_loc into develop ... 2faed5de72

Reviewed-on: unkinben/puppet-prod#29

fix: found typo in r10k script f772215630

Merge pull request 'fix: found typo in r10k script' (#30) from neoloc/r10k_typo into develop ... cfe30823b4

Reviewed-on: unkinben/puppet-prod#30

feat: add firewalld management profile ... 6bb52f2a15

- basic profile to enable/disable, and install/remove
- defaulting to enabled and installed, but set to disabled and removed
  in hiera

Merge pull request 'feat: add firewalld management profile' (#31) from neoloc/firewalld into develop ... 58961d0399

Reviewed-on: unkinben/puppet-prod#31

feat: split puppetdb role into api and sql ... e682462917

- add puppetdb_api and puppetdb_sql role
- add puppetdb_api and puppetdb_sql profile
- add prodinf01n05 to /etc/hosts file
- set listen_address for all services to be hosts ip
- set storeconfigs and storeconfigs_backend to be managed by puppetmaster profile

Merge pull request 'feat: split puppetdb role into api and sql' (#32) from neoloc/puppetdb2 into develop ... ef0d865845

Reviewed-on: unkinben/puppet-prod#32

feat: add features to puppet.conf ... 0171a82d58

- reports, for sending reports to puppetdb
- usecacheonfailure, to show faulures in puppetboard (when set to false)

Merge pull request 'feat: add features to puppet.conf' (#33) from neoloc/puppetconf into develop ... f8faad3ed6

Reviewed-on: unkinben/puppet-prod#33

feat: add puppetboard role ... 46c3eb9597

- add nginx module to manage reverse proxy on host level
- add puppetboard venv
- add gunicorn instance
- add script to start the gunicorn instance
- add nginx vhost

Merge pull request 'feat: add puppetboard role' (#34) from neoloc/puppetboard into develop ... cf26d2d2e7

Reviewed-on: unkinben/puppet-prod#34

feat: manage puppet clients ... 130669a130

- manage the service
- manage the package, version lock it
- deploy the /etc/puppetlabs/puppet/puppet.conf from template for puppet
  clients only

Merge pull request 'feat: manage puppet clients' (#35) from neoloc/puppetclient into develop ... 89653912cb

Reviewed-on: unkinben/puppet-prod#35

feat: add ceph osd/mds/mon roles ... 5076d7383a

- basic roles currently
- will allow build of ceph to begin

Merge pull request 'feat: add ceph osd/mds/mon roles' (#36) from neoloc/ceph_roles into develop ... ca6f0abdc7

Reviewed-on: unkinben/puppet-prod#36

fix: digitalpacific epel repodata broken ... 75a66a3339

- change epel to read from aarnet

Merge pull request 'fix: digitalpacific epel repodata broken' (#37) from neoloc/epel_aarnet into develop ... 85a7dec11c

Reviewed-on: unkinben/puppet-prod#37

fix: debian puppet_version different to EL ... a89a68bc61

- change puppet_version to be set per-os in hieradata

Merge pull request 'fix: debian puppet_version different to EL' (#38) from neoloc/puppet_version_per_os into develop ... dc4a4942c2

Reviewed-on: unkinben/puppet-prod#38

feat: add motd and facts ... 0cc0bacad3

- use parameters created by the enc to create external facts
- use external facts to generate the motd
- use features from unkinben/puppet-enc#22

Merge pull request 'feat: add motd and facts' (#41) from neoloc/motd_profile into develop ... 3f1694d283

Reviewed-on: unkinben/puppet-prod#41

feat: change enc repo to be tagged ... 56518f1fcb

- enc repository will download a specific tag
- defaults to master
- hiera set to release tag '0.1'

Merge pull request 'feat: change enc repo to be tagged' (#42) from neoloc/enc_tagged_release into develop ... 30e3afc163

Reviewed-on: unkinben/puppet-prod#42

feat: add datavol class to manage /data ... def2561e6c

- included puppetlabs-lvm module
  - created profiles::base::datavol to:
    - create pv, vg, lv and format the filesystem and mount it

Merge branch 'develop' into neoloc/datavol 6bbc14136f

Merge pull request 'feat: add datavol class to manage /data' (#43) from neoloc/datavol into develop ... a81dec41d2

Reviewed-on: unkinben/puppet-prod#43

feat: adding base packagerepo role ... 1d1541419a

- create roles::infra::packagerepo
- bump enc version

Merge pull request 'feat: adding base packagerepo role' (#44) from neoloc/packagerepo_role into develop ... b7b371a020

Reviewed-on: unkinben/puppet-prod#44

fix: bump enc ... 36142a3565

unkinben/puppet-enc#24

Merge pull request 'fix: bump enc' (#45) from neoloc/bump_enc into develop ... 29bc5f39ac

Reviewed-on: unkinben/puppet-prod#45

fix: variant regex results in error ... cb9af5a2a8

- update the $size variant regex so it actually matches correctly
- default $size to undef, which results in 100%FREE

Merge pull request 'fix: variant regex results in error' (#47) from neoloc/datavol_size_pattern into develop ... f5ce438679

Reviewed-on: unkinben/puppet-prod#47

fix: datavol profile doesnt create the mountpoint ... d11dcc0b24

- add file resource to create the required mountpath
- add Array[Enum[]] for mount_options
- fix mount to ensure the mount_options are used
- remove pass and dump options, leave as defaults

feat: add bash completion ... 058cc25008

- quality of life addition to all hosts

Merge pull request 'feat: add bash completion' (#48) from neoloc/bashcompletion into develop ... 7758252060

Reviewed-on: unkinben/puppet-prod#48

feat: adding reposync wrapper and tooling ... 19836e2069

- add autosyncer/autopromoter scripts
- add timer and service to initial sync process
- add timer/service for daily/weekly/monthly autopromote
- add define to manage each repo
- add nginx webserver to share repos
- add favion.ico if enabled
- add selinux management, and packages for selinux
- cleanup package management, sorting package groups into package classes

Merge branch 'develop' into neoloc/packagerepo a913e44176

Merge pull request 'feat: adding reposync wrapper and tooling' (#49) from neoloc/packagerepo into develop ... 11508f2538

Reviewed-on: unkinben/puppet-prod#49

feat: add ntp server/client ... 9cb730d116

- add ntp client and server class
- add ntp server role
- update hiera.yaml to work with enc_role
- cleanup base profile

feat: add enc_role_path fact f73c16bca2

Merge pull request 'feat: add enc_role_path fact' (#50) from neoloc/enc_role_path into develop ... ffdac8a7d9

Reviewed-on: unkinben/puppet-prod#50

Merge branch 'develop' into neoloc/ntpserver 9bfae72d2e

Merge pull request 'neoloc/ntpserver' (#51) from neoloc/ntpserver into develop ... 881bdd6f86

Reviewed-on: unkinben/puppet-prod#51

chore: bump puppet-enc ... aef3311fce

- includes ntpservers in ntpserver role
- unkinben/puppet-enc#25

Merge pull request 'chore: bump puppet-enc' (#52) from neoloc/bump_enc_ntpservers into develop ... c3b8044e1c

Reviewed-on: unkinben/puppet-prod#52

feat: add resolver/authoritive dns roles ... 7da58059d2

- roles are currently empty, this just exists so I can branch off it
  and start building test servers with this role

Merge branch 'develop' into neoloc/bind_resolver ... 1ff4611318

- bring up to speed with rest of repo

refactor: move to ruby-script facts ... 1b9a4f7832

- change enc_role_path fact to be ruby
- add enc_role_tier1, enc_role_tier2 and enc_role_tier3
- add new paths to hiera.yaml

Merge pull request 'refactor: move to ruby-script facts' (#53) from neoloc/additional_enc_facts into develop ... 79e37d9dae

Reviewed-on: unkinben/puppet-prod#53

feat: add powertools repo to reposync ... 2efde81fff

- add http://mirror.aarnet.edu.au/pub/almalinux/8.8/PowerTools/x86_64/os/ to
  be synced and mirrored by reposync tools

Merge pull request 'feat: add powertools repo to reposync' (#54) from neoloc/powertools_repo into develop ... 02976779c3

Reviewed-on: unkinben/puppet-prod#54

chore: reorganise hieradata ... 0071f74e60

- move role specific hieradata into respective roles/* paths

Merge branch 'develop' into neoloc/reorganise_hiera ... 1999b96d24

- added the additional powertools repo

Merge pull request 'chore: reorganise hieradata' (#55) from neoloc/reorganise_hiera into develop ... 823594fa05

Reviewed-on: unkinben/puppet-prod#55

Merge pull request 'fix: datavol profile doesnt create the mountpoint' (#56) from neoloc/datavol_create_mountpath into develop ... 5276731d23

Reviewed-on: unkinben/puppet-prod#56

Merge pull request 'feat: add resolver/authoritive dns roles' (#57) from neoloc/bindserver into develop ... dd12726842

Reviewed-on: unkinben/puppet-prod#57

chore: bump enc version ... fa211925e4

- add new dns hosts, update dns roles

Merge pull request 'chore: bump enc version' (#58) from neoloc/bump_enc_dnsroles into develop ... 3227ea0eed

Reviewed-on: unkinben/puppet-prod#58

fix: resolved issue with repodata ... 48ea444e7c

- repodata was being created in the wrong location
- update script to create in the path where the new snap exists

Merge pull request 'fix: resolved issue with repodata' (#59) from neoloc/autosyncer_repodata into develop ... 6276e18f70

Reviewed-on: unkinben/puppet-prod#59

fix: typo in repo url namne ... 1b78904588

- change repo.main.unkin.net to repos.main.unkin.net

Merge pull request 'fix: typo in repo url namne' (#60) from neoloc/repourl into develop ... 75ce927af9

Reviewed-on: unkinben/puppet-prod#60

feat: change to use local mirror ... cc77cc7ded

- change almalinux and epel *.repo files on nodes to use local package mirror
- add option to purge yumrepo resources, default to true
- add versionlocking to yum, enable it for puppet-agent

Merge pull request 'feat: change to use local mirror' (#61) from neoloc/update_yum_repos into develop ... 133eeaa904

Reviewed-on: unkinben/puppet-prod#61

fix: updated path for gpg keys b2844c4b3a

Merge pull request 'fix: updated path for gpg keys' (#62) from neoloc/update_yum_repos_epel into develop ... d71d97e5bf

Reviewed-on: unkinben/puppet-prod#62

feat: add dns resolver/master classes ... 76b54fc59d

- define resolver and master dns server
- export A and PTR records from dns clients
- collect exported resources for master
- create hiera structure for acls, zones and views

Merge branch 'develop' into neoloc/bind_resolver 49f31edb03

chore: bump enc version ... d877fd00f3

unkinben/puppet-enc#27

Merge pull request 'neoloc/bind_resolver' (#63) from neoloc/bind_resolver into develop ... 4b0b2b1ed0

Reviewed-on: unkinben/puppet-prod#63

fix: enable dynamic/tsig updates ... c996c9b7e3

- add eyaml to hiera.yaml
- consolidate all paths into single tree
- change to new profiles::dns::client wrapper
- change to new profiles::dns::record wrapper
- change to use concat method to build zone file

Merge pull request 'fix: enable dynamic/tsig updates' (#64) from neoloc/bind_tsigupdate into develop ... da2e59a6ed

Reviewed-on: unkinben/puppet-prod#64

feat: find resolvers by role ... fdb13b7338

- use puppetdbquery module to query puppetdb for resolvers
- move dns client config to profiles::dns::base
- manage the /etc/resolv.conf file

feat: manage cloudinit ... 8d80fa3c51

- add/remove cloud-init, default to remove

feat: manage qemu-agent d6f3262836

feat: setup metrics agents ... a21b7ffc96

- set puppet::puppetdb_api class to export puppetdb
- set infra::dns::server class to export bind
- set all to export node and systemd metrics

Merge pull request 'feat: manage cloudinit' (#65) from neoloc/cloudinit into develop ... a3c99e8058

Reviewed-on: unkinben/puppet-prod#65

Merge pull request 'feat: manage qemu-agent' (#66) from neoloc/qemuagent into develop ... 7cc1a1ddc0

Reviewed-on: unkinben/puppet-prod#66

Merge branch 'develop' into neoloc/resolvconf 6b9d9e6aa7

Merge pull request 'feat: find resolvers by role' (#67) from neoloc/resolvconf into develop ... 38961848bb

Reviewed-on: unkinben/puppet-prod#67

Merge branch 'develop' into neoloc/node_exporter 92269ae94b

Merge pull request 'feat: setup metrics agents' (#68) from neoloc/node_exporter into develop ... bae3d446b6

Reviewed-on: unkinben/puppet-prod#68

chore: reorganise ntp server ... dffc97ad4c

- bump enc to match changes
- change ntp client to find servers through puppetdb query
- changed default ntp servers to publicly available nodes

Merge pull request 'chore: reorganise ntp server' (#69) from neoloc/ntp_cleanup into develop ... 59d29e3036

Reviewed-on: unkinben/puppet-prod#69

refactor: move puppet::* roles to infra::puppet ... 460f9bc7e8

- start creation on apps:: roles
- reorganise hieradata to match role changes
- remove tagging for enc repo

Merge branch 'develop' into neoloc/puppet_cleanup ab1b031275

Merge pull request 'refactor: move puppet::* roles to infra::puppet' (#70) from neoloc/puppet_cleanup into develop ... 8e5831fbef

Reviewed-on: unkinben/puppet-prod#70

chore: reorganise reposync role dd334da2b0

Merge pull request 'chore: reorganise reposync role' (#71) from neoloc/role_reorder_reposync into develop ... dd99e603c2

Reviewed-on: unkinben/puppet-prod#71

feat: add forwarding for 17.18.198.in-addr.arpa ... c34a2b2360

- add forward zone for 198.18.17.0/24 reverse dns zone

Merge pull request 'feat: add forwarding for 17.18.198.in-addr.arpa' (#72) from neoloc/reversedns_zone_forwarding into develop ... 530ffed55a

Reviewed-on: unkinben/puppet-prod#72

feat: add prometheus server ... a5207eb717

- bump enc, include prometheus server nodes
- add prometheus role and server class

Merge branch 'develop' into neoloc/prometheus 663b10e5a5

Merge pull request 'feat: add prometheus server' (#73) from neoloc/prometheus into develop ... c195ceae4f

Reviewed-on: unkinben/puppet-prod#73

fix: resolve prometheus issues ... 10a6085b84

- broken prometheus::server config, resolve conflicts
- move hieradata for role to match role, not profile

feat: add base grafana role ... 609f9135df

- include puppet-grafana module
- infra::metrics::grafana role is currently clone of base

Merge pull request 'feat: add base grafana role' (#74) from neoloc/grafana-base into develop ... f204e0f7e6

Reviewed-on: unkinben/puppet-prod#74

Merge pull request 'fix: resolve prometheus issues' (#75) from neoloc/prometheus_server into develop ... caffc7dff9

Reviewed-on: unkinben/puppet-prod#75

feat: add galera role ... a0d1623286

- add a base galera cluster member role
- include mysql and galera modules

Merge pull request 'feat: add galera role' (#76) from neoloc/mariadb into develop ... 7aae7e22a3

Reviewed-on: unkinben/puppet-prod#76

feat: add extra repositories ... e183ee2b44

- mariadb 11.2
- puppet el8

Merge pull request 'feat: add extra repositories' (#78) from neoloc/extra_repos into develop ... e18103bda9

Reviewed-on: unkinben/puppet-prod#78

feat: fix selinux permissions each sync ... 705c02c3a1

- restorecon on each sync, to update selinux for new files/directories

feat: update repositories to sync ... cfec05f3c7

- remove epel modular
- add postgresql 16 for rhel8
- add postgresql common for rhel8

Merge pull request 'feat: update repositories to sync' (#79) from neoloc/psql_repos into develop ... e6a7006cb8

Reviewed-on: unkinben/puppet-prod#79

Merge pull request 'feat: fix selinux permissions each sync' (#80) from neoloc/selinx_for_reposync into develop ... 1cf2a5a579

Reviewed-on: unkinben/puppet-prod#80

fix: wrong scheme for gpgkey ... ae05b870aa

- change gpg key for puppet7 from http:// to https://

Merge pull request 'fix: wrong scheme for gpgkey' (#81) from neoloc/puppet7_repo_gpgkey into develop ... 03d37db1e1

Reviewed-on: unkinben/puppet-prod#81

feat: add cname for repos 1ccd8141ab

Merge pull request 'feat: add cname for repos' (#82) from neoloc/repos_cname into develop ... 7d415fd85e

Reviewed-on: unkinben/puppet-prod#82

feat: add mirrorlist capability to reposyncer ... 8a6b3ef0fb

- add mirrorlist param to reposyncer repos
- update almalinux 8.8 repos to use mirrorlist
- add almalinux 8.9 repos

Merge pull request 'feat: add mirrorlist capability to reposyncer' (#83) from neoloc/reposyncer_mirrorlist into develop ... e0d1ec8926

Reviewed-on: unkinben/puppet-prod#83

feat: split agent service/package from config ... 08c14c2329

- split package/service from config so puppetservers agents can be
  managed in the same was as clients

Merge pull request 'feat: split agent service/package from config' (#84) from neoloc/split_puppet_agent into develop ... 6e185ee248

Reviewed-on: unkinben/puppet-prod#84

feat: add/remove capabilities for packages ... 8f04de2b52

- add deepmerge lookup_options
- add packages to remove and packages to add to profiles::packages::base class

feat: setup/manage dnf-autoupdate ... d8ff9ddb11

- create service to run dnf update
- create timer to call the service
- manage settings via params

Merge pull request 'feat: setup/manage dnf-autoupdate' (#85) from neoloc/dnf_autoupdate into develop ... 53c54f982a

Reviewed-on: unkinben/puppet-prod#85

Merge pull request 'feat: add/remove capabilities for packages' (#86) from neoloc/base_packages_refactor into develop ... d261e3348d

Reviewed-on: unkinben/puppet-prod#86

feat: mysql wsrep_ facts ... ebd20a5e5a

- add facts generated from mysql's wsrep status variables

Merge pull request 'feat: mysql wsrep_ facts' (#87) from neoloc/mysql_wsrep_fact into develop ... c91e3e632e

Reviewed-on: unkinben/puppet-prod#87

fix: failed to test previously ... a9aabfa161

- change next's outside of a loop to a single if statement

Merge pull request 'fix: failed to test previously' (#88) from neoloc/mysql_wsrep_fact_invalid_next into develop ... bfedbaca5f

Reviewed-on: unkinben/puppet-prod#88

feat: setup galera cluster member profile ... 11a98b16bb

- add eyaml support for role
- add /data volume for galera cluster members
- create profiles::selinux namespace for defining selinux configuration
  - create profiles::selinux::mysqld for managing specifics for mysqld
  - create profiles::selinux::setenforce to manage selinux mode
- parameterised options required in mysqld::server module
- add mariadb repo
- add additional facts for managing mysqld and galera

Merge branch 'develop' into neoloc/mariadbgalera d998fbd85a

Merge pull request 'feat: setup galera cluster member profile' (#89) from neoloc/mariadbgalera into develop ... 6f088b04cc

Reviewed-on: unkinben/puppet-prod#89

feat: add nodelookup ... 685d7db264

- add helper script to make quering puppetdb easier and more efficient

Merge pull request 'feat: add nodelookup' (#90) from neoloc/nodelookup into develop ... 7f270675b1

Reviewed-on: unkinben/puppet-prod#90

feat: manage ruby/puppet gems ... 5b75cf735a

- manage installation of puppet_gem packages for puppetmasters

Merge pull request 'feat: manage ruby/puppet gems' (#91) from neoloc/puppetmaster_gems into develop ... 2d10f9e861

Reviewed-on: unkinben/puppet-prod#91

feat: add selinux support to puppetboard ... bf729d9b11

- required to allow nginx to reach puppetdb

Merge pull request 'feat: add selinux support to puppetboard' (#92) from neoloc/nginx_selinux into develop ... b6c7e3fd2d

Reviewed-on: unkinben/puppet-prod#92

fix: check for python3_version ... f9562a9109

- check for python3 version before attempting to setup node_lookup

Merge pull request 'fix: check for python3_version' (#93) from neoloc/node_lookup into develop ... 2b1f20b4ca

Reviewed-on: unkinben/puppet-prod#93

feat: add minio base role dcf83aa466

Merge pull request 'feat: add minio base role' (#94) from neoloc/minio_role into develop ... a0786f3f67

Reviewed-on: unkinben/puppet-prod#94

feat: add new datavol ... 0c1548fbd8

- add datavol define to replace the datavol class, which has more
  flexibility through additional params, and the ability to call it
  multiple times for multiple datavolumes

feat: add region fact ... 7431ebf51c

- add fact that maps primary ip subnet to a region code
- defaults to 'lost' if there is no subnet to region mapping

Merge pull request 'feat: add region fact' (#95) from neoloc/region_fact into develop ... ff83769ffc

Reviewed-on: unkinben/puppet-prod#95

Merge pull request 'feat: add new datavol' (#96) from neoloc/datavol_define into develop ... 42211ddf7d

Reviewed-on: unkinben/puppet-prod#96

feat: add/update location facts ... dbec0222b3

- add country fact, change region to exclude country string

Merge pull request 'feat: add/update location facts' (#97) from neoloc/location_facts into develop ... 920f12b45e

Reviewed-on: unkinben/puppet-prod#97

feat: install bind-utils a144e4ec2d

Merge pull request 'feat: install bind-utils' (#98) from neoloc/add_bind_utils into develop ... a049338c9d

Reviewed-on: unkinben/puppet-prod#98

feat: remove boolean for bind::updater ... aabce289a4

- default to the default set by the module

Merge pull request 'feat: remove boolean for bind::updater' (#99) from neoloc/add_bind_utils_woops into develop ... 2b4e1e1d03

Reviewed-on: unkinben/puppet-prod#99

fix: fixed fact variables in hiera.yaml ... 8e0ab95872

- replaced ${..} with %{..}

Merge pull request 'fix: fixed fact variables in hiera.yaml' (#100) from neoloc/hiera_variables into develop ... f260b09d49

Reviewed-on: unkinben/puppet-prod#100

feat: add minio profile ... d8751ac6c8

- add additional modules in Puppetfile
- update puppetlabs-lvm to 2.1.0
- add facts.d base path to hieradata
- add infra/storage and infra/storage/minio role data to hieradata
- add new facts for minio setup status
- add a static yaml minio-facts file to assist dynamic ruby facts
- updated hiera with additional directories (country/{role,region})

Merge pull request 'feat: add minio profile' (#101) from neoloc/minio_profile into develop ... f2a9f40f7f

Reviewed-on: unkinben/puppet-prod#101

fix: fix minio certificate param ... db23e203c6

- change enum['string', undef] to an optional param so undef can be set

Merge pull request 'fix: fix minio certificate param' (#102) from neoloc/minio_undef into develop ... 86a231b3ee

Reviewed-on: unkinben/puppet-prod#102

feat: add haproxy role ... da53e28f0e

- add infra::halb section for highly available load balancers

Merge pull request 'feat: add haproxy role' (#103) from neoloc/haproxy_role into develop ... 2779de4b9d

Reviewed-on: unkinben/puppet-prod#103

feat: add consul role dc97d15ef9

Merge pull request 'feat: add consul role' (#105) from neoloc/consul_role into develop ... 27d6c15c80

Reviewed-on: unkinben/puppet-prod#105

feat: cleanup almalinux 8.8 reposync ... 5471294f1e

- syncing almalinux 8.8 no longer required

feat: add vault role ... d6eeed0b61

- add basic vault role to begin building servers

Merge pull request 'feat: add vault role' (#106) from neoloc/vault_role into develop ... 6b11ea09c7

Reviewed-on: unkinben/puppet-prod#106

fix: recursive restorecon for reposync ... 8332d4f374

- set reposync to restore selinux controls on all files in the new
  snap_path

Merge pull request 'fix: recursive restorecon for reposync' (#107) from neoloc/restorecon_repos into develop ... 974143c84e

Reviewed-on: unkinben/puppet-prod#107

feat: puppet wrapper replace dot ... a054a94d98

- set puppet wrapper to replace '.' with '_' in the branch name

Merge pull request 'feat: puppet wrapper replace dot' (#108) from neoloc/puppetwrapper_dot into develop ... 4bce524b49

Reviewed-on: unkinben/puppet-prod#108

Merge pull request 'feat: cleanup almalinux 8.8 reposync' (#109) from neoloc/cleanup_alma8.8_repos into develop ... d1c61dd13d

Reviewed-on: unkinben/puppet-prod#109

feat: cleanup reposync conf files ... 71c316e7ae

- add feature to /etc/reposync/conf.d to ensure the subfiles are cleaned
  up when they are not defined

Merge pull request 'feat: cleanup reposync conf files' (#110) from neoloc/cleanup_reposync_conf into develop ... a0434fc7b5

Reviewed-on: unkinben/puppet-prod#110

feat: add consul server profile ... 8cb6b68b53

- install/configure consul
- install/configure dnsmasq as dns proxy for consul
- add unkin yumrepo definition as source for consul
- update datavol to ensure the /data volume is mounted

Merge pull request 'feat: add consul server profile' (#111) from neoloc/consul_server into develop ... f8b30f335b

Reviewed-on: unkinben/puppet-prod#111

fix: use fact to determine if selinux in use 09291da89f

Merge pull request 'fix: use fact to determine if selinux in use' (#112) from neoloc/selinux_enhancements into develop ... c690fe5816

Reviewed-on: unkinben/puppet-prod#112

feat: add vault server profile ... fe05c86463

- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault

Merge pull request 'feat: add vault server profile' (#113) from neoloc/vault_server into develop ... 73a21059f8

Reviewed-on: unkinben/puppet-prod#113

fix: fact was misspelled ... d92c13525c

- fixed fact name

refacter: cleanup packages setup 12ff053c6d

refacter: tidy facts ... 1f7b347ef4

- create a facts module, move all facts to this module

Merge pull request 'refacter: tidy facts' (#114) from neoloc/move_facts into develop ... 1a33465c7a

Reviewed-on: unkinben/puppet-prod#114

Merge pull request 'fix: fact was misspelled' (#115) from neoloc/mariadb_fixes into develop ... 9be1e19900

Reviewed-on: unkinben/puppet-prod#115

Merge pull request 'refacter: cleanup packages setup' (#116) from neoloc/package_changes into develop ... e10bed689c

Reviewed-on: unkinben/puppet-prod#116

refacter: renamed facts to libs 1030ba460e

Merge pull request 'refacter: renamed facts to libs' (#117) from neoloc/lib_module into develop ... cd369d8fef

Reviewed-on: unkinben/puppet-prod#117

feat: add certmanager helper ... 7f03bc5c76

- add certmanager script and config.yaml file
- install into pyenv for certmanager
- deploy to puppet-masters only

Merge pull request 'feat: add certmanager helper' (#118) from neoloc/certmanager into develop ... 4cdba982fe

Reviewed-on: unkinben/puppet-prod#118

feat: certmanager output as json ... f6110f534c

- prepare certmanager for pki::vault class
- allow puppet to read certmanager config

Merge pull request 'feat: certmanager output as json' (#119) from neoloc/certmanager_json into develop ... bc3084a1e7

Reviewed-on: unkinben/puppet-prod#119

fix: vault role fails on new servers ... 48e0bd6796

- vault server fails on new servers
- move unseal class to be included after vault class

Merge pull request 'fix: vault role fails on new servers' (#120) from neoloc/vault_initial into develop ... b1083df6f1

Reviewed-on: unkinben/puppet-prod#120

fix: rebuild vault ... 8112c07ba8

- rebuilt vault, updated root token and unseak keys

Merge pull request 'fix: rebuild vault' (#121) from neoloc/vault_update_unseal into develop ... 495b785518

Reviewed-on: unkinben/puppet-prod#121

fix: restart vault-unseal ... d1f5d3c09e

- restart vault-unseal when the unseal keys change

Merge pull request 'fix: restart vault-unseal' (#122) from neoloc/vault_unseal_on_change into develop ... 974c8ce71d

Reviewed-on: unkinben/puppet-prod#122

chore: update vault policy ... 6bcdda1a93

- updated vault policy for certificates

Merge pull request 'chore: update vault policy' (#123) from neoloc/certmanager_defaults into develop ... 0db9d01a20

Reviewed-on: unkinben/puppet-prod#123

chore: updated vault_token 5b56767be7

Merge pull request 'chore: updated vault_token' (#124) from neoloc/pki_token_vault into develop ... 8ec75e55fa

Reviewed-on: unkinben/puppet-prod#124

fix: ssl warning breaks puppet run ... 36c2e6afaa

- remove ssl warning for certmanager temporarily

Merge pull request 'fix: ssl warning breaks puppet run' (#125) from neoloc/certmanager_ignore_ssl into develop ... 9ea49bc48d

Reviewed-on: unkinben/puppet-prod#125

feat: automatically generate vault certs ... 8009b59514

- certificate will be generated for:
  - fqdn
  - hostname
  - primary ip address
  - localhost
  - 127.0.0.1
- update base profile to generate vault certificate for all
- create facts for use with vault_certs

feat: change nginx to use vault ssl certs ... 3e98ced8da

- update packagerepo webserver class to allow using ssl

feat: ensure vaultca certificate is trusted ... 05d2599bc5

- install the vault rootca on all nodes
- update ca-trust store on changes to the rootca certificate deployed

feat: deep merge alt_names and ip_sans ... 88ba8406b8

- set hiera to deep-merge alt_names and ip_sans for generating vault
  certificates

Merge pull request 'neoloc/pki_generate' (#127) from neoloc/pki_generate into develop ... 5afa9e8960

Reviewed-on: unkinben/puppet-prod#127

Merge pull request 'feat: change nginx to use vault ssl certs' (#128) from neoloc/packagerepo_ssl into develop ... df97b75aca

Reviewed-on: unkinben/puppet-prod#128

feat: dynamically add subscribe to nginx resource ... 0782cd5679

- add subscribe option to nginx resource dependent on nginx_listen_mode
- ensure nginx reloads when the ssl_cert or ssl_key changes, only if
  these values are not undef
- ensure the file resources are defined for certificates

Merge pull request 'feat: dynamically add subscribe to nginx resource' (#129) from neoloc/subscribe_ssl_cert into develop ... e61ae597f6

Reviewed-on: unkinben/puppet-prod#129

feat: update yumrepos to use https:// ... 51d0ca16ec

- require vaultca on all repos on repos.main.unkin.net

Merge pull request 'feat: update yumrepos to use https://' (#130) from neoloc/yumrepo_use_https into develop ... 465bbbd9e1

Reviewed-on: unkinben/puppet-prod#130

feat: add base role for redis 816bec9f17

Merge pull request 'feat: add base role for redis' (#131) from neoloc/redis_base_role into develop ... 69f3ae7095

Reviewed-on: unkinben/puppet-prod#131

feat: merge subnet facts ... 5dff24d9b9

- add fact for environment
- define 198.18.18.0/24 subnet

Merge pull request 'feat: merge subnet facts' (#133) from neoloc/env_fact into develop ... df05be21f6

Reviewed-on: unkinben/puppet-prod#133

feat: add country/region/environment to motd 428dc910bb

Merge pull request 'feat: add country/region/environment to motd' (#134) from neoloc/motd_facts into develop ... fd5dbb7813

Reviewed-on: unkinben/puppet-prod#134

fix: updated gpg key for psql repos bca5d32793

Merge pull request 'fix: updated gpg key for psql repos' (#135) from neoloc/postgresql_gpg into develop ... 92db575d7d

Reviewed-on: unkinben/puppet-prod#135

feat: require vaultca for all yumrepos 15e4e11097

Merge pull request 'feat: require vaultca for all yumrepos' (#136) from neoloc/vaultca_cert_first into develop ... 05ea9c45ca

Reviewed-on: unkinben/puppet-prod#136

feat: add ovirt base roles 3587ea2295

Merge pull request 'feat: add ovirt base roles' (#137) from neoloc/ovirt_base_role into develop ... 4e25a1867e

Reviewed-on: unkinben/puppet-prod#137

feat: add ovirt roles ... 8f5e9e40a1

- add repositories for ovirt
- add role/profile for ovirt/engine and ovirt/node
- add deep-merge for managed_repos
- change repos to allow filesource (URL or file://)
- change reposync to use curl instead of wget

Merge pull request 'feat: add ovirt roles' (#138) from neoloc/ovirt into develop ... ac5e76e2ca

Reviewed-on: unkinben/puppet-prod#138

feat: cobbler setup ... fe4af852b6

- add cobbler profile
- add dhcp server profile

Merge pull request 'feat: cobbler setup' (#139) from neoloc/cobbler_roles into develop ... e3ec5fa594

Reviewed-on: unkinben/puppet-prod#139

feat: add sydney subnets f2cdcb8c8e

Merge pull request 'feat: add sydney subnets' (#140) from neoloc/dns_views into develop ... 741b32cb41

Reviewed-on: unkinben/puppet-prod#140

feat: enable sydney subnets 748a0e8632

Merge pull request 'feat: enable sydney subnets' (#141) from neoloc/sydprod into develop ... 905f047626

Reviewed-on: unkinben/puppet-prod#141

feat: set sysadmin password 0383db2b10

Merge pull request 'feat: set sysadmin password' (#142) from neoloc/sysadmin into develop ... 6b92910457

Reviewed-on: unkinben/puppet-prod#142

feat: deep merge yum repos to manage ... e02921be75

- fixed merging of yum repos
- changed puppet7 to use local copy of repo

Merge pull request 'feat: deep merge yum repos to manage' (#143) from neoloc/puppet7gpg into develop ... f21573daae

Reviewed-on: unkinben/puppet-prod#143

feat: add cobbler profile ... 80b7ad8639

- add datavol to cobbler nodes
- add cobbler profile
- add cobbler role hieradata
- manage selinux where required for cobbler
- manage service cname

Merge pull request 'feat: add cobbler profile' (#144) from neoloc/cobbler_profile into develop ... 159c57677a

Reviewed-on: unkinben/puppet-prod#144

feat: add dhcp servers ... d64860f47b

- include puppet-dhcp module
- manage dhcp pools
- manage dhcp classes (bios/uefi)

Merge pull request 'feat: add dhcp servers' (#145) from neoloc/dhcp-server into develop ... d64e185919

Reviewed-on: unkinben/puppet-prod#145

feat: add virtual/physical check ... 0ad31f6013

- add virtual tree to hiera
- add virtual/kvm and virtual/physical hiera sources
- add lm_sensors to be installed on hardware nodes

feat: deploy cobbler enc ... 64563902d4

- install python3.11 on all nodes
- create python3.11 venv for cobbler-enc
- install requirements in cobbler-enc venv
- symlink to /usr/local/bin/

Merge pull request 'feat: deploy cobbler enc' (#146) from neoloc/cobbler_enc into develop ... e69b3a9dc4

Reviewed-on: unkinben/puppet-prod#146

feat: change certmanage to approles ... 5bde96fb4d

- created approle 'certmanager' using 'certmanager' policy
- update certmanager script to generate token based on roleid

Merge pull request 'feat: change certmanage to approles' (#148) from neoloc/certmanager_approle into develop ... e15ebd4571

Reviewed-on: unkinben/puppet-prod#148

feat: add haproxy profile ... 2091f1ada3

- add haproxy server class
- add haproxy profile to role
- add hiera data for region specific haproxy
- add selinux configuration
- add certlist management
- add default http and https frontends
- add default stats listener

Merge pull request 'feat: add haproxy profile' (#149) from neoloc/haproxy into develop ... dc428543cf

Reviewed-on: unkinben/puppet-prod#149

feat: add puppetboard backend ... 105bf1b09d

- add balancemember to puppetboard nodes
- add be_puppetboard to haproxxy
- add puppetboard.main.unkin.net to haproxy altnames
- add puppetboard to backend mapping
- change way backends are registered in haproxy

Merge pull request 'feat: add virtual/physical check' (#147) from neoloc/sensors into develop ... 57b7a3036b

Reviewed-on: unkinben/puppet-prod#147

Merge pull request 'feat: add puppetboard backend' (#150) from neoloc/haproxy_puppetboard into develop ... f7881b19cf

Reviewed-on: unkinben/puppet-prod#150

feat: add puppetdbapi to haproxy ... e97d061f46

- add puppetdbapi backend to haproxy
- add puppetdbapi altname to the vault certificate
- add mapping for hostname to backend

feat: add cnames to haproxy ... c9a1d35af9

- manage A records for haproxy
- manage cnames for services using haproxy

feat: update node_lookup ... f79d9de495

- update node_lookup to use new puppetdb URL

Merge pull request 'neoloc/haproxy_puppetdbapi' (#151) from neoloc/haproxy_puppetdbapi into develop ... 258cedb566

Reviewed-on: unkinben/puppet-prod#151

feat: update jdk11 for puppetdb ... ed60e18062

- specify the java_bin
- specify the java_args

Merge pull request 'feat: update jdk11 for puppetdb' (#152) from neoloc/java_puppetdb into develop ... cdbb689c91

Reviewed-on: unkinben/puppet-prod#152

feat: add frontends, backends, listeners ... 82f2d75888

- add a way to define frontends, backends and listeners through hieradata

Merge pull request 'feat: add frontends, backends, listeners' (#153) from neoloc/haproxy_puppetdbmaster into develop ... eaddbe03d1

Reviewed-on: unkinben/puppet-prod#153

feat: nginx reverse proxy debian cache ... 114d3fe195

- add debian, debian/pool locations to reposyncer
- add selinux fcontext rules

Merge pull request 'feat: nginx reverse proxy debian cache' (#154) from neoloc/debian_cache into develop ... 5f8b0ba102

Reviewed-on: unkinben/puppet-prod#154

feat: prepare puppet for debian ... d0d67e316a

- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules

Merge pull request 'feat: prepare puppet for debian' (#155) from neoloc/debian_prep into develop ... cdd450067d

Reviewed-on: unkinben/puppet-prod#155

feat: split lm-sensors for debian/rhel 19c8749d9e

Merge pull request 'feat: split lm-sensors for debian/rhel' (#156) from neoloc/debian_sensors into develop ... 7ccbb7d0ee

Reviewed-on: unkinben/puppet-prod#156

feat: node_lookup compatability for Debian 49b4a65302

feat: debian vaultcert compatability ... 80a4cb0544

- remove comma from certificate file
- add comments identifying each certificate

Merge pull request 'feat: debian vaultcert compatability' (#157) from neoloc/vaultcacrt into develop ... 6dd46efe3f

Reviewed-on: unkinben/puppet-prod#157

Merge pull request 'feat: node_lookup compatability for Debian' (#158) from neoloc/node_lookup_debian into develop ... 085416fea9

Reviewed-on: unkinben/puppet-prod#158

feat: manage proxmox nodes ... f04c74bd4d

- change /etc/hosts to meet proxmox requirements
- add proxmox node role
- add init, params, repo, install, clusterjoin classes

Merge pull request 'feat: manage proxmox nodes' (#159) from neoloc/proxmox into develop ... ccf43f3bcb

Reviewed-on: unkinben/puppet-prod#159

feat: manage timezone per region ... 9c6dee7609

- add timezone module
- set per-region timezone setting
- setup hiera_classes, set to deep merge, and set to include all in base profile

Merge pull request 'feat: manage timezone per region' (#160) from neoloc/timezone into develop ... 85f17d8038

Reviewed-on: unkinben/puppet-prod#160

feat: add new syd1 prod networks bc4246dd05

Merge pull request 'feat: add new syd1 prod networks' (#161) from neoloc/sydney_subnets into develop ... e5b3112189

Reviewed-on: unkinben/puppet-prod#161

fix: enable repos before installing packages df56213b18

Merge pull request 'fix: enable repos before installing packages' (#162) from neoloc/repofirst into develop ... 7f3005f312

Reviewed-on: unkinben/puppet-prod#162

feat: sort nameserver/search_domains ... bb8bf202ac

- ensure the list doesnt change every puppet run

Merge pull request 'feat: sort nameserver/search_domains' (#165) from neoloc/dns_sorting into develop ... a7b40daee0

Reviewed-on: unkinben/puppet-prod#165

feat: enable selecting nameserver by fact ... dbe11323c5

- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region

Merge pull request 'feat: enable selecting nameserver by fact' (#166) from neoloc/dns_selection into develop ... 4b2690a678

Reviewed-on: unkinben/puppet-prod#166

feat: sort ntpservers, select ntp to use ... 7b316c6b0b

- sort the ntpservers array so it doesnt change each run of puppet
- allow the selection of all, region or country specific ntp servers

Merge pull request 'feat: sort ntpservers, select ntp to use' (#167) from neoloc/ntp_selection into develop ... 6fc0b240c1

Reviewed-on: unkinben/puppet-prod#167

feat: install ksm for proxmox 3810385fcd

Merge pull request 'feat: install ksm for proxmox' (#168) from neoloc/proxmox_ksm into develop ... 2bae42fa31

Reviewed-on: unkinben/puppet-prod#168

feat: enable selecting nameserver by fact ... f8fd6700da

- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region

feat: select nameserver in soa based on role ... b8d799e8e9

- find all dns servers in $ns_use (region/country/all),
- or use the current node as the only nameserver

Merge branch 'develop' into neoloc/dns_master_multiregion 99d3dcf4d8

Merge pull request 'neoloc/dns_master_multiregion' (#169) from neoloc/dns_master_multiregion into develop ... 4149d89dc0

Reviewed-on: unkinben/puppet-prod#169

feat: add syd1 consul cluster 89fcfe38ea

Merge pull request 'feat: add syd1 consul cluster' (#170) from neoloc/syd1_consul_cluster into develop ... 2671b51fc2

Reviewed-on: unkinben/puppet-prod#170

feat: moved enc_role and enc_env to ruby facts e0dbecbfa0

Merge pull request 'feat: moved enc_role and enc_env to ruby facts' (#171) from neoloc/enc_role_facts into develop ... 3ed433fb97

Reviewed-on: unkinben/puppet-prod#171

fix: absent to file, for custom_facts.yaml 5f6ba93393

Merge pull request 'fix: absent to file, for custom_facts.yaml' (#172) from neoloc/enc_role_facts2 into develop ... 6ad01abc6c

Reviewed-on: unkinben/puppet-prod#172

fix: enable new consul clusters to be started ... b6d3fc26de

- wait for the enc_role fact to be correct, as this is required to find
  all keys in hiera

Merge pull request 'fix: enable new consul clusters to be started' (#173) from neoloc/consul_bootstrap into develop ... 98deb58fde

Reviewed-on: unkinben/puppet-prod#173

fix: consul members role key ... 3ca92ee1f3

- moved members_role for consul to common yaml

Merge pull request 'fix: consul members role key' (#174) from neoloc/consul_members_class into develop ... f863d6f6bb

Reviewed-on: unkinben/puppet-prod#174

fix: move primary_datacenter to region/role ... a7e9f1590e

- set syd1 as primary consul datacentre
- add consul.service.consul zone
- add nginx reverse proxy for consul webui
- set dns zones/acls/views/keys to be deep merged from hiera
- update default token
- add consul/consul.service.consul/consul.main.unkin.net to vault cert

Merge pull request 'fix: move primary_datacenter to region/role' (#175) from neoloc/consul_syd1_default_dc into develop ... c0642bbcf1

Reviewed-on: unkinben/puppet-prod#175

feat: generate consul policy/tokens ... f536d19034

- generate policy/token to add nodes
- generate policy/token for all nodes
- add base::root profile to manage aspects of the root user

Merge pull request 'feat: generate consul policy/tokens' (#176) from neoloc/consul_node_policies into develop ... 26f26e6283

Reviewed-on: unkinben/puppet-prod#176

feat: add sydney vault cluster ... 3001bc32f2

- separate yaml between multiple regions
- add nginx frontend to vault

Merge pull request 'feat: add sydney vault cluster' (#184) from neoloc/vault_syd1 into develop ... 0c6ae1a69a

Reviewed-on: unkinben/puppet-prod#184

feat: simple nginx proxy ... 6fc5829fce

- merge consul/vault nginx proxy into single class
- replace nginx proxy classes for consul/vault with simpleproxy class

Merge pull request 'feat: simple nginx proxy' (#186) from neoloc/merge_nginx_consul_vault into develop ... f4a273e56c

Reviewed-on: unkinben/puppet-prod#186

fix: fix proxyurl for vault ... 4453c8604a

- change to http://
- change to localhost

feat: deploy consul agent ... bf44c8f7b7

- install the consul agent on all nodes, except consul servers

Merge pull request 'feat: deploy consul agent' (#187) from neoloc/consul_agent into develop ... f7141d7214

Reviewed-on: unkinben/puppet-prod#187

Merge pull request 'fix: fix proxyurl for vault' (#188) from neoloc/vault_proxy into develop ... dc39b7c7a4

Reviewed-on: unkinben/puppet-prod#188

feat: deploy consul agent ... 0f0d392fb4

- install the consul agent on all nodes, except consul servers

feat: deploy consul services ... 43afc23535

- add vault.service.consul

fix: fix proxyurl for vault ... 199e35840f

- change to http://
- change to localhost

feat: change forwarded domain for consul ... dff3f93297

- change forward lookup zone for consul from consul.service.consul -> service.consul

feat: add node_token to agent config ... 8df927de18

- move policy rules to hiera array[hash]
- add node_token to agent as the default token

Merge pull request 'feat: change forwarded domain for consul' (#189) from neoloc/consul_dns into develop ... 926ed24070

Reviewed-on: unkinben/puppet-prod#189

Merge branch 'develop' into neoloc/consul_services ... 587df5309f

Conflicts:
	hieradata/common.yaml
	site/profiles/manifests/consul/client.pp

Merge pull request 'neoloc/consul_services' (#190) from neoloc/consul_services into develop ... a141de8b74

Reviewed-on: unkinben/puppet-prod#190

feat: sydney haproxy cluster ... 220ac182f4

- add au-syd1 halb cluster
- add http-response to frontends
- manage haproxy after enc_role is correct

Merge pull request 'feat: sydney haproxy cluster' (#191) from neoloc/haproxy_syd1 into develop ... af8763b044

Reviewed-on: unkinben/puppet-prod#191

feat: haproxy refactor ... 8697492611

- configure deep merging in hiera
- move fe_http and fe_https to hiera
- configure pve backends for standard and api traffic

Merge pull request 'feat: haproxy refactor' (#192) from neoloc/haproxy_frontent_hiera into develop ... 38ee3ec218

Reviewed-on: unkinben/puppet-prod#192

fix: add use_backend for drw1 haproxy 95135fb58a

Merge pull request 'fix: add use_backend for drw1 haproxy' (#193) from neoloc/haproxy_drw1 into develop ... 7dc2daf48f

Reviewed-on: unkinben/puppet-prod#193

refactor: reoganise the puppetserver profile ... 56b23620b7

- manage puppetserver package
- set order for puppetserver classes
- for profiles::puppet::server class:
  - set param types using stdlib where possible
  - set default values for all params
- move configuration data to hieradata
- wait for enc_role fact to match role
- exclude puppet::client from puppermaster nodes

feat: puppet server agent ... a429255c63

- add [agent] settings for puppetservers

chore: remove excessive comments ... 052b07be83

- remove the excessive comments and notes at the top of the puppet classes

feat: manage puppetca ... df8a55c3dd

- manage the puppet ca.cfg
- distribute the crl.pem from the puppetca to masters

feat: consul multi-datacentre joining ... 6020143f76

- add method to join multiple consul datacentres
- set syd1 as the primary datacentre
- use default token from au-syd1 cluster in all locations
- add replication token

feat: add prepared_query capabilities to consul ... 8a241d6b96

- add prepared query for:
  - vault
  - puppet
  - puppetca

feat: manage puppet/puppetca consul services ... fe296d52d9

- add puppet service
- add puppetca service
- add ability to write to puppet/puppetca service in consul
- add puppet.(query,service).consul to dns_alt_names of all masters
- add puppetca.(query,service).consul to dns_alt_names of puppetca

feat: per-datacentre consul dns ... 51bd1796ad

- change forwarding for consul to be per-datacentre to local consul
- change domain from service.consul -> consul so query.consul can be resolved

Merge pull request 'feat: per-datacentre consul dns' (#194) from neoloc/consul_dns into develop ... ff83e28413

Reviewed-on: unkinben/puppet-prod#194

feat: distribute eyaml pub/priv key ... f1ff7cb736

- distribute the private/public pem for eyaml via eyaml

feat: change clients to use puppet.query.consul ... 6335167e3a

- change all clients/servers to use puppet from consul service mesh

Merge pull request 'neoloc/syd1_puppet' (#195) from neoloc/syd1_puppet into develop ... 31f670ad18

Reviewed-on: unkinben/puppet-prod#195

Merge branch 'develop' into neoloc/consul_wan ... 14a56a41a2

Conflicts:
	hieradata/common.yaml

feat: update puppetdb_api for multi-zone ... e9c7fbc2b5

- wait for the enc_role fact to be updated and match
- move puppetdb db/api host values to common.yaml
- add vault cert altnames for consul query/service addresses
- add consul services/rules/checks

Merge pull request 'neoloc/consul_wan' (#196) from neoloc/consul_wan into develop ... 7286dfe574

Reviewed-on: unkinben/puppet-prod#196

chore: move dhcp hieradata to hieradata/role c2e413c0fb

Merge pull request 'chore: move dhcp hieradata to hieradata/role' (#197) from neoloc/syd1_dhcp into develop ... 7ae9295ce6

Reviewed-on: unkinben/puppet-prod#197

feat: dhcp wait for enc_role fact 8de1ed9766

Merge pull request 'feat: dhcp wait for enc_role fact' (#198) from neoloc/dhcp_wait_for_encrole into develop ... f4de86e877

Reviewed-on: unkinben/puppet-prod#198

refactor: reconfigure cobbler to module style ... 72077d64a2

- split params into class
- split class into individual functions

feat: complete cobbler automation ... fee0bde604

- add facts to manage the /var/www/cobbler and /data/cobbler directories
- move /var/www/cobbler -> /data/cobbler
- create symlink from /var/www/cobbler -> /data/cobbler
- ensure that cobbler nodes are set to permissive selinux mode

Merge pull request 'neoloc/cobbler_refacter' (#199) from neoloc/cobbler_refacter into develop ... ce3e0f2320

Reviewed-on: unkinben/puppet-prod#199

fix: export cobbler DNS if is_cobbler_master ... a05f81799d

- set prodinf01n48 as primary cobbler node
- ensure the cobbler DNS record is created

Merge pull request 'fix: export cobbler DNS if is_cobbler_master' (#200) from neoloc/cobbler_dns into develop ... 911e284586

Reviewed-on: unkinben/puppet-prod#200

fix: move selinux profile to cobbler ... a618962d07

- only import the selinux enforce profile in cobbler

feat: install policycoreutils ... 6633f07d8b

- install policycoreutils on all almalinux releases

Merge branch 'develop' into neoloc/selinux_fix eeb21081d3

Merge pull request 'fix: move selinux profile to cobbler' (#201) from neoloc/selinux_fix into develop ... b66615a522

Reviewed-on: unkinben/puppet-prod#201

feat: deep merge /etc/hosts ... 9edd060367

- allow managing /etc/hosts on multiple levels of hiera

feat: add edgecache role ... 4171427e7b

- add edge-caching role
- add mirror for debian, almalinux and epel repositories
- export service as edgecache in consul

feat: add edgecache prepared_query ... cb54cd2dba

- add edgecache as a prepared_query in consul

Merge pull request 'neoloc/edgecache' (#202) from neoloc/edgecache into develop ... fdb02277ec

Reviewed-on: unkinben/puppet-prod#202

feat: change cobbler master ... 3e233ea688

- promote ausyd1nxvm1017

Merge pull request 'feat: change cobbler master' (#203) from neoloc/cobbler_master into develop ... ec6e49e37a

Reviewed-on: unkinben/puppet-prod#203

chore: move pxeboot to syd1 cobbler ... dca99d2716

- update nameservers for syd1 to use local dns resolvers
- update pxeserver to au-syd1 cobbler

Merge pull request 'chore: move pxeboot to syd1 cobbler' (#204) from neoloc/dhcp_syd1_cobbler into develop ... 5577e368e9

Reviewed-on: unkinben/puppet-prod#204

fix: cobbler host ... 4a1848db38

- fixed name of cobbler host in yaml

Merge pull request 'fix: cobbler host' (#205) from neoloc/cobbler_server into develop ... 9eacb9ec08

Reviewed-on: unkinben/puppet-prod#205

feat: improve first run on el8 ... bed0ef3c79

- change defaults for yumrepo resources

Merge pull request 'feat: improve first run on el8' (#206) from neoloc/firstrun_improvements into develop ... 89fcddf161

Reviewed-on: unkinben/puppet-prod#206

feat: prepare syd1 mariadb cluster ... 2aa5ead9d1

- update role to wait for enc_role
- move hiera data to country/region/role specific location

Merge pull request 'feat: prepare syd1 mariadb cluster' (#207) from neoloc/mariadb_syd1 into develop ... 48b9177e05

Reviewed-on: unkinben/puppet-prod#207

feat: manage pgsql settings for puppetdb ... 5774ebd614

- deep merge postgresql_config_entries in common.yaml
- add postgresql_config_entries into a new hieradata/roles/infra/puppetdb/sql.yaml
- set puppetdb role to import the options

Merge pull request 'feat: manage pgsql settings for puppetdb' (#208) from neoloc/puppetdb_connections into develop ... 6bddec6bd2

Reviewed-on: unkinben/puppet-prod#208

feat: mariadb improvements ... 81e4dffa36

- add bind-address to local_ip
- add consul service

Merge pull request 'feat: mariadb improvements' (#209) from neoloc/mariadb_consul into develop ... ec37f86726

Reviewed-on: unkinben/puppet-prod#209

feat: update consul service service ... 8f4799ce2a

- change edgecache service name from puppet -> edgecache

feat: mariadb improvements ... 9640779846

- add bind-address to local_ip
- add consul service

Merge branch 'develop' into neoloc/mariadb_consul 74f60d3101

Merge pull request 'neoloc/mariadb_consul' (#210) from neoloc/mariadb_consul into develop ... 2971018b7e

Reviewed-on: unkinben/puppet-prod#210

feat: configure edgecache for postgresql ... 6f9a606549

- add fact to record system resolvers
- add resolvers feature in /etc/nginx/conf.d/resolvers.conf
- add rewrite rules for postgres/yum/repodata

Merge pull request 'feat: configure edgecache for postgresql' (#211) from neoloc/psql_edgecache into develop ... d3e75e9aa2

Reviewed-on: unkinben/puppet-prod#211

feat: cleanup excessive comments 150d5b97a9

feat: add centos mirror to edgecache ... da2e98ed4d

- add centos repo to edgecache

feat: direct yumrepo config ... 5f9480f186

- deep merge yumrepo resources
- convert repos to direct yumrepo in hieradata
- change from repos.main.unkin.net to edgecache.query.consul
- create all yumrepo resources from $profiles:😋:global::repos

feat: cleanup old repo management ... fd466fcccc

- change profiles::puppet::agent to require Yumrepo['puppet']
- remove managed repos hieradata
- remove profiles:😋:* classes that are not required
- remove missed rebase comment

Merge pull request 'neoloc/yumrepos' (#212) from neoloc/yumrepos into develop ... 0e7168026d

Reviewed-on: unkinben/puppet-prod#212

feat: firstrun improvements ... dde8d5978d

- add fact to detect firstrun
- run a limited subset of classes on firstrun
- firstrun: includes:
  - vault ca certificates
  - yum/apt repositories
  - fast-install packages with an exec

Merge pull request 'feat: firstrun improvements' (#213) from neoloc/firstrun into develop ... 29745d07f3

Reviewed-on: unkinben/puppet-prod#213

feat: update all roles for firstrun ... 2abbfe8feb

- ensure the firstrun is processed before role specific class profiles

Merge pull request 'feat: update all roles for firstrun' (#214) from neoloc/firstrun into develop ... ad38a276f3

Reviewed-on: unkinben/puppet-prod#214

fix: repo target changes ... 65bd2ae8d5

- use per-repo target files

Merge pull request 'fix: repo target changes' (#215) from neoloc/yumrepos into develop ... adf27a3090

Reviewed-on: unkinben/puppet-prod#215

feat: firstrun optimisations ... 598a8c0f52

- download gpg keys if gpgkey is defined
- ensure the profiles::defaults is called first

Merge pull request 'feat: firstrun optimisations' (#216) from neoloc/yumrepos into develop ... 4b0ff2deee

Reviewed-on: unkinben/puppet-prod#216

feat: increase puppetdb api Xmx ... 6035af37a1

- change java args to use 2048mb of memory

Merge pull request 'feat: increase puppetdb api Xmx' (#217) from neoloc/puppetdbmemory into develop ... 9d3a57dfc9

Reviewed-on: unkinben/puppet-prod#217

feat: puppetdb sql updates ... 39aa6e114e

- add consul support
- enable local script checks in consul agents
- add a test DB/User for consult to verify the psql instance is running
- manage the postgresql repo and gpg key

Merge branch 'develop' into neoloc/syd1_puppetdb f6bf504416

feat: add prepared query for puppetdbapi ... 9e3b680b0b

- merge to develop
- add prepared query for puppetdbapi

feat: update hiera key for puppetdb api/sql ... 770c8cc159

- changed to use puppetdbapi and puppetdbsql hiera keys
- updated all classes that referenced old values

feat: set syd1 puppetdb hosts ... 25cbff4656

- change syd1 puppetdb hosts to use consul serivce/query addresses

Merge pull request 'feat: set syd1 puppetdb hosts' (#218) from neoloc/puppetboard into develop ... d2235610af

Reviewed-on: unkinben/puppet-prod#218

Merge branch 'develop' into neoloc/syd1_puppetdb 8fb4c59f88

Merge pull request 'neoloc/syd1_puppetdb' (#219) from neoloc/syd1_puppetdb into develop ... 6bd66724dc

Reviewed-on: unkinben/puppet-prod#219

feat: puppetboard on consul ... 349547c4bc

- updated nginx param types
- add nginx aliases, merge with vhost, use as server_names
- add additional vault alt-names
- add prepared query for puppetboard

Merge pull request 'feat: puppetboard on consul' (#220) from neoloc/puppetboard_consul into develop ... e19c84b33e

Reviewed-on: unkinben/puppet-prod#220

feat: puppet::client multiple altnames ... 0901595de9

- puppet clients can not request multiple dns alt_names
- set puppetdbapi hosts to request multiple certificates

Merge pull request 'feat: puppet::client multiple altnames' (#221) from neoloc/puppetdbapi_certs into develop ... 22af602510

Reviewed-on: unkinben/puppet-prod#221

feat: change drw1 puppetdb -> syd1 cbf3f0e694

Merge pull request 'feat: change drw1 puppetdb -> syd1' (#222) from neoloc/puppetdb_to_consul into develop ... 880752c302

Reviewed-on: unkinben/puppet-prod#222

feat: added country-region altnames ... c883bc8c91

- add puppetboard.service.au-{syd1|drw1}.consul to:
  - vault pki cert
  - nginx server aliases

Merge pull request 'feat: added country-region altnames' (#223) from neoloc/puppetboard_altnames into develop ... 0b549325a1

Reviewed-on: unkinben/puppet-prod#223

chore: add syd1 vault ca/int certs ... 0a49092f52

- deploy syd1 vault ca certificates

feat: vault certmanager tokens ... 2c3aa2bbdc

- move vault certmanager tokens to drw1/syd1 specific eyaml
- add syd1 certmanger token for syd1 vault

feat: add vault service/query altnames ... b9c327799f

- add nginx aliases for vault services
- add additional vault certificates
- change certmanager script to use vault.service.consul

feat: vault use vault ... 7c0bf4a398

- change vault to use vault ephemeral certificates
- remove nginx frontend to vault

Merge pull request 'neoloc/syd1_certmanager_approle' (#224) from neoloc/syd1_certmanager_approle into develop ... ad4f9b81f4

Reviewed-on: unkinben/puppet-prod#224

Merge pull request 'feat: vault use vault' (#226) from neoloc/vault_use_vault into develop ... ad268e8977

Reviewed-on: unkinben/puppet-prod#226

feat: change vault url to vaul.query.consul ... b00781b604

- support access to vault from multiple datacentres for certmanager

Merge pull request 'feat: change vault url to vaul.query.consul' (#227) from neoloc/certmanager into develop ... 413bf78827

Reviewed-on: unkinben/puppet-prod#227

fix: change drw1 puppetmasters to use syd1 approle ... d2d08bc479

- changing vault url to vault.query.consul forced puppetmasters in drw1
  to connect to syd1 vault hosts
- set drw1 puppetmasters to use syd1 approle_id

Merge pull request 'fix: change drw1 puppetmasters to use syd1 approle' (#228) from neoloc/certmanager_syd1_approle into develop ... 3fce5ae5bf

Reviewed-on: unkinben/puppet-prod#228

feat: syd1 puppetca provisioning ... df371a6b09

- move puppetca to ausyd1nxvm1036

chore: remove prodinf01n01 as puppetca 263d41fe9e

Merge pull request 'neoloc/puppetca' (#229) from neoloc/puppetca into develop ... 7dacd4a403

Reviewed-on: unkinben/puppet-prod#229

feat: add gitea modules ... ffd574e8f0

- add gitea module
- add dependency extlib

feat: add gitea classes ... fab4ea5998

- add basic gitea class

Merge pull request 'neoloc/gitea' (#230) from neoloc/gitea into develop ... 99c4d8717c

Reviewed-on: unkinben/puppet-prod#230

feat: update git sources ... f029b04427

- update r10k source
- update enc source
- update source for puppet-bind module

Merge pull request 'feat: update git sources' (#1) from neoloc/update_git_source into develop ... f28ebd2dd8

Reviewed-on: https://git.service.au-syd1.consul/unkinben/puppet-prod/pulls/1

chore: change node_lookup to use consul ... 91e3f2d427

- remove https, use http backend as no authentication is required

feat: add sort and count to node_lookup ... 7cf2e78cea

- add -C option to count number of identical records
- sort responses from node_lookup

Merge pull request 'neoloc/nodelookup_consul' (#2) from neoloc/nodelookup_consul into develop ... 810ba9ddb7

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/2

feat: increase client_max_body_size for git ... e7ddbfa035

- update hieradata with client_max_body_size for git role

Merge pull request 'feat: increase client_max_body_size for git' (#3) from neoloc/nginx_clientsize into develop ... 7e0df436e2

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/3

feat: bump git client_max_body_size ... 6c2328e8ba

- change from 100m to 250m

Merge pull request 'feat: bump git client_max_body_size' (#4) from neoloc/nginx_clientsize into develop ... 6a9580b199

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/4

Merge pull request 'feat: puppetdb sql updates' (#5) from neoloc/puppetdb_sql into develop ... 3dfe9b9b73

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/5

unkinben merged commit 4487551f62 into master 2024-06-01 14:48:48 +10:00

unkinben referenced this issue from a commit 2024-06-01 14:48:49 +10:00

Merge pull request 'promote develop to master' (#6) from develop into master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: unkin/puppet-prod#6

No description provided.