Ben Vincent
a5a193d9eb
- change to packer created alma9 instance - change docker root to use /data volume Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/209
75 lines
2.1 KiB
YAML
75 lines
2.1 KiB
YAML
---
|
|
profiles::packages::include:
|
|
python3.12: {}
|
|
python3.12-pip: {}
|
|
|
|
hiera_include:
|
|
- docker
|
|
- profiles::nginx::simpleproxy
|
|
|
|
# manage docker
|
|
docker::version: latest
|
|
docker::curl_ensure: false
|
|
docker::root_dir: /data/docker
|
|
|
|
# manage a simple nginx reverse proxy
|
|
profiles::nginx::simpleproxy::nginx_vhost: 'jupyterhub.query.consul'
|
|
profiles::nginx::simpleproxy::nginx_aliases:
|
|
- jupyterhub.service.consul
|
|
- jupyterhub.query.consul
|
|
- "jupyterhub.service.%{facts.country}-%{facts.region}.consul"
|
|
|
|
profiles::nginx::simpleproxy::proxy_host: 127.0.0.1
|
|
profiles::nginx::simpleproxy::proxy_port: 8000
|
|
profiles::nginx::simpleproxy::proxy_path: '/'
|
|
profiles::nginx::simpleproxy::use_default_location: false
|
|
nginx::client_max_body_size: 20M
|
|
|
|
profiles::nginx::simpleproxy::locations:
|
|
# authorised access from external
|
|
default:
|
|
ensure: 'present'
|
|
server: "%{lookup('profiles::nginx::simpleproxy::nginx_vhost')}"
|
|
ssl_only: true
|
|
location: '/'
|
|
proxy: "http://%{lookup('profiles::nginx::simpleproxy::proxy_host')}:%{lookup('profiles::nginx::simpleproxy::proxy_port')}"
|
|
proxy_set_header:
|
|
- 'Host $host'
|
|
- 'X-Real-IP $remote_addr'
|
|
- 'X-Forwarded-For $proxy_add_x_forwarded_for'
|
|
- 'X-Forwarded-Host $host'
|
|
- 'X-Forwarded-Proto $scheme'
|
|
- 'Upgrade $http_upgrade'
|
|
- 'Connection $http_connection'
|
|
- 'X-Scheme $scheme'
|
|
proxy_redirect: 'off'
|
|
proxy_http_version: '1.1'
|
|
proxy_buffering: 'off'
|
|
|
|
# additional altnames
|
|
profiles::pki::vault::alt_names:
|
|
- jupyterhub.service.consul
|
|
- jupyterhub.query.consul
|
|
- "jupyterhub.service.%{facts.country}-%{facts.region}.consul"
|
|
|
|
# configure consul service
|
|
consul::services:
|
|
jupyterhub:
|
|
service_name: 'jupyterhub'
|
|
tags:
|
|
- 'jupyterhub'
|
|
address: "%{facts.networking.ip}"
|
|
port: 443
|
|
checks:
|
|
- id: 'jupyterhub_http_check'
|
|
name: 'jupyterhub HTTP Check'
|
|
http: "https://%{facts.networking.fqdn}"
|
|
method: 'GET'
|
|
tls_skip_verify: true
|
|
interval: '10s'
|
|
timeout: '1s'
|
|
profiles::consul::client::node_rules:
|
|
- resource: service
|
|
segment: jupyterhub
|
|
disposition: write
|