unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

promote develop to master #6

Merged
unkinben merged 449 commits from develop into master 2024-06-01 14:48:48 +10:00
Conversation 0 Commits 449 Files Changed 291 +7 -11
2 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit ad268e8977 - Show all commits

4
hieradata/country/au/region/syd1/infra/storage/vault.yaml
View File

@ -16,11 +16,11 @@ consul::services:
- 'https' - 'https'
- 'secure' - 'secure'
address: "%{facts.networking.ip}" address: "%{facts.networking.ip}"
port: 443 port: 8200
checks: checks:
- id: 'vault_https_check' - id: 'vault_https_check'
name: 'Vault HTTPS Check' name: 'Vault HTTPS Check'
http: "https://%{facts.networking.fqdn}:443/v1/sys/health" http: "https://%{facts.networking.fqdn}:8200/v1/sys/health"
method: 'GET' method: 'GET'
tls_skip_verify: true tls_skip_verify: true
interval: '10s' interval: '10s'

14
site/profiles/manifests/vault/server.pp
View File

@ -18,9 +18,6 @@ class profiles::vault::server (
Stdlib::Absolutepath $bin_dir = '/usr/bin', Stdlib::Absolutepath $bin_dir = '/usr/bin',
){ ){
# use puppet certs as base
include profiles::pki::puppetcerts
# set a datacentre/cluster name # set a datacentre/cluster name
$vault_cluster = "${::facts['country']}-${::facts['region']}" $vault_cluster = "${::facts['country']}-${::facts['region']}"
@ -48,9 +45,9 @@ class profiles::vault::server (
$server_urls = $servers_array.map |$fqdn| { $server_urls = $servers_array.map |$fqdn| {
{ {
leader_api_addr => "${http_scheme}://${fqdn}:${client_port}", leader_api_addr => "${http_scheme}://${fqdn}:${client_port}",
leader_client_cert_file => "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.crt", leader_client_cert_file => '/etc/pki/tls/vault/certificate.crt',
leader_client_key_file => "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.key", leader_client_key_file => '/etc/pki/tls/vault/private.key',
leader_ca_cert_file => '/etc/pki/tls/puppet/ca.pem', leader_ca_cert_file => '/etc/pki/tls/certs/ca-bundle.crt',
} }
} }
@ -82,8 +79,8 @@ class profiles::vault::server (
address => "${::facts['networking']['ip']}:${client_port}", address => "${::facts['networking']['ip']}:${client_port}",
cluster_address => "${::facts['networking']['ip']}:${cluster_port}", cluster_address => "${::facts['networking']['ip']}:${cluster_port}",
tls_disable => $tls_disable, tls_disable => $tls_disable,
tls_cert_file => "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.crt", tls_cert_file => '/etc/pki/tls/vault/certificate.crt',
tls_key_file => "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.key", tls_key_file => '/etc/pki/tls/vault/private.key',
} }
} }
] ]
@ -91,6 +88,5 @@ class profiles::vault::server (
# include classes to manage vault # include classes to manage vault
include profiles::vault::unseal include profiles::vault::unseal
include profiles::nginx::simpleproxy
} }
} }