---
hiera_include:
  - profiles::selinux::setenforce
  - profiles::ceph::node
  - profiles::ceph::client
  - exporters::frr_exporter
  - frrouting
  - rke2

# manage rke2
rke2::bootstrap_node: prodnxsr0001.main.unkin.net
rke2::join_url: https://join-k8s.service.consul:9345
rke2::config_hash:
  bind-address: "%{hiera('networking_loopback0_ip')}"
  node-ip: "%{hiera('networking_loopback0_ip')}"
  node-external-ip: "%{hiera('networking_loopback0_ip')}"
  write-kubeconfig-mode: 644
  kubelet-arg:
    - '--node-status-update-frequency=4s'
    - '--max-pods=100'
  node-label:
    - "region=%{facts.region}"
    - "country=%{facts.country}"
    - "asset=%{facts.dmi.product.serial_number}"
    - "zone=%{zone}"

# FIXME: puppet-python wants to try manage python-dev, which is required by the ceph package
python::manage_dev_package: false

profiles::packages::include:
  bridge-utils: {}
  cephadm: {}

profiles::selinux::setenforce::mode: disabled

profiles::ceph::client::manage_ceph_conf: false
profiles::ceph::client::manage_ceph_package: false
profiles::ceph::client::manage_ceph_paths: false
profiles::ceph::client::fsid: 'de96a98f-3d23-465a-a899-86d3d67edab8'
profiles::ceph::client::mons:
  - 198.18.23.9
  - 198.18.23.10
  - 198.18.23.11
  - 198.18.23.12
  - 198.18.23.13

# additional repos
profiles::yum::global::repos:
  ceph:
    name: ceph
    descr: ceph repository
    target: /etc/yum.repos.d/ceph.repo
    baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture}
    gpgkey: https://download.ceph.com/keys/release.asc
    mirrorlist: absent
  ceph-noarch:
    name: ceph-noarch
    descr: ceph-noarch repository
    target: /etc/yum.repos.d/ceph-noarch.repo
    baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/noarch
    gpgkey: https://download.ceph.com/keys/release.asc
    mirrorlist: absent
  frr-extras:
    name: frr-extras
    descr: frr-extras repository
    target: /etc/yum.repos.d/frr-extras.repo
    baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
    gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
    mirrorlist: absent
  frr-stable:
    name: frr-stable
    descr: frr-stable repository
    target: /etc/yum.repos.d/frr-stable.repo
    baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
    gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
    mirrorlist: absent
  rancher-rke2-common-latest:
    name: rancher-rke2-common-latest
    descr: rancher-rke2-common-latest
    target: /etc/yum.repos.d/rke2-common.repo
    baseurl: https://packagerepo.service.consul/rke2/rhel%{facts.os.release.major}/common-daily/x86_64/os/
    gpgkey: https://packagerepo.service.consul/rke2/rhel%{facts.os.release.major}/common-daily/x86_64/os/public.key
    mirrorlist: absent
  rancher-rke2-1-33-latest:
    name: rancher-rke2-1-33-latest
    descr: rancher-rke2-1-33-latest
    target: /etc/yum.repos.d/rke2-1-33.repo
    baseurl: https://packagerepo.service.consul/rke2/rhel%{facts.os.release.major}/1.33-daily/x86_64/os/
    gpgkey: https://packagerepo.service.consul/rke2/rhel%{facts.os.release.major}/1.33-daily/x86_64/os/public.key
    mirrorlist: absent

# dns
profiles::dns::base::primary_interface: loopback0

# networking
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
  "%{hiera('networking_1000_iface')}":
    type: physical
    ipaddress: "%{hiera('networking_1000_ip')}"
    gateway: 198.18.15.254
    txqueuelen: 10000
    forwarding: true
  "%{hiera('networking_2500_iface')}":
    type: physical
    ipaddress: "%{hiera('networking_2500_ip')}"
    mtu: 1500
    txqueuelen: 10000
    forwarding: true
  loopback0:
    type: dummy
    ipaddress: "%{hiera('networking_loopback0_ip')}"
    netmask: 255.255.255.255
    mtu: 1500
  loopback1:
    type: dummy
    ipaddress: "%{hiera('networking_loopback1_ip')}"
    netmask: 255.255.255.255
    mtu: 1500
  loopback2:
    type: dummy
    ipaddress: "%{hiera('networking_loopback2_ip')}"
    netmask: 255.255.255.255
    mtu: 1500

# configure consul service
profiles::consul::client::host_addr: "%{hiera('networking_loopback0_ip')}"
profiles::consul::client::node_rules:
  - resource: service
    segment: frr_exporter
    disposition: write

# frrouting
exporters::frr_exporter::enable: true
frrouting::ospfd_router_id: "%{hiera('networking_loopback0_ip')}"
frrouting::ospf_preferred_source_enable: true
frrouting::ospf_preferred_source: "%{hiera('networking_loopback0_ip')}"
frrouting::ospfd_redistribute:
  - connected
frrouting::ospfd_interfaces:
  "%{hiera('networking_1000_iface')}":
    area: 0.0.0.0
  "%{hiera('networking_2500_iface')}":
    area: 0.0.0.0
  loopback0:
    area: 0.0.0.0
  loopback1:
    area: 0.0.0.0
  loopback2:
    area: 0.0.0.0
frrouting::daemons:
  ospfd: true
frrouting::ospf_exclude_k8s_enable: true
frrouting::k8s_cluster_cidr: '10.42.0.0/16'  # RKE2 cluster-cidr (pods)
frrouting::k8s_service_cidr: '10.43.0.0/16'  # RKE2 service-cidr

# add loopback interfaces to ssh list
ssh::server::options:
  ListenAddress:
    - "%{hiera('networking_loopback0_ip')}"
    - "%{hiera('networking_1000_ip')}"
    - "%{hiera('networking_2500_ip')}"

profiles::ssh::sign::principals:
  - "%{hiera('networking_loopback0_ip')}"
  - "%{hiera('networking_1000_ip')}"
  - "%{hiera('networking_2500_ip')}"