--- hiera_include: - frrouting - exporters::frr_exporter profiles::consul::server::members_lookup: true profiles::consul::server::data_dir: /data/consul profiles::consul::server::addresses: dns: "%{::networking.ip}" http: "%{::networking.ip}" https: "%{::networking.ip}" grpc: "%{::networking.ip}" grpc_tls: "%{::networking.ip}" profiles::consul::server::ports: grpc: 8502 dns: 8600 http: 8500 https: -1 profiles::consul::server::acl: enabled: true default_policy: 'deny' down_policy: 'extend-cache' tokens: initial_management: "%{alias('profiles::consul::server::acl_tokens_initial_management')}" default: "%{alias('profiles::consul::server::acl_tokens_default')}" replication: "%{alias('profiles::consul::server::acl_tokens_replication')}" # additional altnames profiles::pki::vault::alt_names: - consul.main.unkin.net - consul.service.consul - consul # manage a simple nginx reverse proxy profiles::nginx::simpleproxy::nginx_vhost: 'consul.service.consul' profiles::nginx::simpleproxy::nginx_aliases: - consul - consul.main.unkin.net profiles::nginx::simpleproxy::proxy_port: 8500 profiles::nginx::simpleproxy::proxy_path: '/' # consul profiles::consul::client::node_rules: - resource: service segment: frr_exporter disposition: write profiles::consul::prepared_query::rules: vault: ensure: 'present' service_name: 'vault' service_failover_n: 3 service_only_passing: true ttl: 10 puppet: ensure: 'present' service_name: 'puppet' service_failover_n: 3 service_only_passing: true ttl: 10 puppetca: ensure: 'present' service_name: 'puppetca' service_failover_n: 3 service_only_passing: true ttl: 10 edgecache: ensure: 'present' service_name: 'edgecache' service_failover_n: 3 service_only_passing: true ttl: 10 puppetdbapi: ensure: 'present' service_name: 'puppetdbapi' service_failover_n: 3 service_only_passing: true ttl: 10 puppetboard: ensure: 'present' service_name: 'puppetboard' service_failover_n: 3 service_only_passing: true ttl: 10 git: ensure: 'present' service_name: 'git' service_failover_n: 3 service_only_passing: true ttl: 10 ntp: ensure: 'present' service_name: 'ntp' service_failover_n: 3 service_only_passing: true ttl: 10 grafana: ensure: 'present' service_name: 'grafana' service_failover_n: 3 service_only_passing: true ttl: 10 droneci: ensure: 'present' service_name: 'droneci' service_failover_n: 3 service_only_passing: true ttl: 10 # networking profiles::consul::server::anycast_ip: 198.18.19.14 systemd::manage_networkd: true systemd::manage_all_network_files: true networking::interfaces: eth0: type: physical forwarding: true dhcp: true anycast0: type: dummy ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}" netmask: 255.255.255.255 mtu: 1500 # frrouting exporters::frr_exporter::enable: true frrouting::ospfd_router_id: "%{facts.networking.ip}" frrouting::ospfd_redistribute: - connected frrouting::ospfd_interfaces: eth0: area: 0.0.0.0 anycast0: area: 0.0.0.0 frrouting::daemons: ospfd: true # additional repos profiles::yum::global::repos: frr-extras: name: frr-extras descr: frr-extras repository target: /etc/yum.repos.d/frr-extras.repo baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR mirrorlist: absent frr-stable: name: frr-stable descr: frr-stable repository target: /etc/yum.repos.d/frr-stable.repo baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR mirrorlist: absent