Ben Vincent
1a904af2ee
- the archive path is no longer valid - produced a g10k rpm with rpmbuilder Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/304
95 lines
2.7 KiB
YAML
95 lines
2.7 KiB
YAML
---
|
|
profiles::puppet::autosign::subnet_ranges:
|
|
- '198.18.13.0/24'
|
|
- '198.18.14.0/24'
|
|
- '198.18.15.0/24'
|
|
- '198.18.16.0/24'
|
|
- '198.18.17.0/24'
|
|
- '198.18.20.0/24'
|
|
- '198.18.24.0/24'
|
|
- '198.18.25.0/24'
|
|
- '198.18.26.0/24'
|
|
- '198.18.27.0/24'
|
|
- '198.18.28.0/24'
|
|
- '198.18.29.0/24'
|
|
|
|
profiles::puppet::autosign::domains:
|
|
- '*.main.unkin.net'
|
|
|
|
# profiles::puppet::autosign::nodes:
|
|
# - 'somenode.main.unkin.net'
|
|
|
|
profiles::puppet::cobbler_enc::cobbler_scheme: https
|
|
profiles::puppet::cobbler_enc::cobbler_hostname: cobbler.main.unkin.net
|
|
profiles::puppet::cobbler_enc::version: 'system'
|
|
profiles::puppet::cobbler_enc::packages:
|
|
- 'requests'
|
|
- 'PyYAML'
|
|
profiles::puppet::enc::repo: https://git.service.au-syd1.consul/unkinben/puppet-enc.git
|
|
profiles::puppet::r10k::r10k_repo: https://git.service.au-syd1.consul/unkin/puppet-r10k.git
|
|
profiles::puppet::g10k::bin_path: '/usr/bin/g10k'
|
|
profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml'
|
|
profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments'
|
|
profiles::puppet::g10k::default_environment: 'develop'
|
|
profiles::puppet::gems::puppet:
|
|
- 'deep_merge'
|
|
- 'ipaddr'
|
|
- 'hiera-eyaml'
|
|
|
|
profiles::helpers::certmanager::vault_config:
|
|
addr: 'https://vault.service.consul:8200'
|
|
mount_point: 'pki_int'
|
|
approle_path: 'approle'
|
|
role_name: 'servers_default'
|
|
output_path: '/tmp/certmanager'
|
|
role_id: "%{lookup('certmanager::role_id')}"
|
|
|
|
profiles::helpers::sshsignhost::vault_config:
|
|
addr: 'https://vault.service.consul:8200'
|
|
mount_point: 'ssh-host-signer'
|
|
approle_path: 'approle'
|
|
role_name: 'hostrole'
|
|
output_path: '/tmp/sshsignhost'
|
|
role_id: "%{lookup('sshsignhost::role_id')}"
|
|
|
|
profiles::puppet::server::agent_server: 'puppet.query.consul'
|
|
profiles::puppet::server::report_server: 'puppet.query.consul'
|
|
profiles::puppet::server::ca_server: 'puppetca.query.consul'
|
|
profiles::puppet::server::dns_alt_names:
|
|
- "%{facts.networking.fqdn}"
|
|
- "%{facts.networking.hostname}"
|
|
- puppetmaster.main.unkin.net
|
|
- puppet.main.unkin.net
|
|
- puppet.service.consul
|
|
- puppet.query.consul
|
|
- puppetmaster
|
|
- puppet
|
|
|
|
profiles::ssh::sign::principals:
|
|
- puppet.service.consul
|
|
- puppet.query.consul
|
|
|
|
consul::services:
|
|
puppet:
|
|
service_name: 'puppet'
|
|
tags:
|
|
- 'puppet'
|
|
- 'master'
|
|
address: "%{facts.networking.ip}"
|
|
port: 8140
|
|
checks:
|
|
- id: 'puppet_https_check'
|
|
name: 'Puppet HTTPS Check'
|
|
http: "https://%{facts.networking.fqdn}:8140/status/v1/simple"
|
|
method: 'GET'
|
|
tls_skip_verify: true
|
|
interval: '10s'
|
|
timeout: '1s'
|
|
profiles::consul::client::node_rules:
|
|
- resource: service
|
|
segment: puppet
|
|
disposition: write
|
|
- resource: service
|
|
segment: puppetca
|
|
disposition: write
|