unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
35935db963
puppet-prod/hieradata/roles/infra/storage/consul.yaml
Ben Vincent 75ca7a5685 feat: add frr_exporter class (#369) 
- add frr exporter to all nodes running frr

Reviewed-on: #369
2025-08-03 16:15:29 +10:00

153 lines
3.9 KiB
YAML
Raw Blame History

---
hiera_include:
- frrouting
- exporters::frr_exporter
profiles::consul::server::members_lookup: true
profiles::consul::server::data_dir: /data/consul
profiles::consul::server::addresses:
dns: "%{::networking.ip}"
http: "%{::networking.ip}"
https: "%{::networking.ip}"
grpc: "%{::networking.ip}"
grpc_tls: "%{::networking.ip}"
profiles::consul::server::ports:
grpc: 8502
dns: 8600
http: 8500
https: -1
profiles::consul::server::acl:
enabled: true
default_policy: 'deny'
down_policy: 'extend-cache'
tokens:
initial_management: "%{alias('profiles::consul::server::acl_tokens_initial_management')}"
default: "%{alias('profiles::consul::server::acl_tokens_default')}"
replication: "%{alias('profiles::consul::server::acl_tokens_replication')}"
# additional altnames
profiles::pki::vault::alt_names:
- consul.main.unkin.net
- consul.service.consul
- consul
# manage a simple nginx reverse proxy
profiles::nginx::simpleproxy::nginx_vhost: 'consul.service.consul'
profiles::nginx::simpleproxy::nginx_aliases:
- consul
- consul.main.unkin.net
profiles::nginx::simpleproxy::proxy_port: 8500
profiles::nginx::simpleproxy::proxy_path: '/'
# consul
profiles::consul::client::node_rules:
- resource: service
segment: frr_exporter
disposition: write
profiles::consul::prepared_query::rules:
vault:
ensure: 'present'
service_name: 'vault'
service_failover_n: 3
service_only_passing: true
ttl: 10
puppet:
ensure: 'present'
service_name: 'puppet'
service_failover_n: 3
service_only_passing: true
ttl: 10
puppetca:
ensure: 'present'
service_name: 'puppetca'
service_failover_n: 3
service_only_passing: true
ttl: 10
edgecache:
ensure: 'present'
service_name: 'edgecache'
service_failover_n: 3
service_only_passing: true
ttl: 10
puppetdbapi:
ensure: 'present'
service_name: 'puppetdbapi'
service_failover_n: 3
service_only_passing: true
ttl: 10
puppetboard:
ensure: 'present'
service_name: 'puppetboard'
service_failover_n: 3
service_only_passing: true
ttl: 10
git:
ensure: 'present'
service_name: 'git'
service_failover_n: 3
service_only_passing: true
ttl: 10
ntp:
ensure: 'present'
service_name: 'ntp'
service_failover_n: 3
service_only_passing: true
ttl: 10
grafana:
ensure: 'present'
service_name: 'grafana'
service_failover_n: 3
service_only_passing: true
ttl: 10
droneci:
ensure: 'present'
service_name: 'droneci'
service_failover_n: 3
service_only_passing: true
ttl: 10
# networking
profiles::consul::server::anycast_ip: 198.18.19.14
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
eth0:
type: physical
forwarding: true
dhcp: true
anycast0:
type: dummy
ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
netmask: 255.255.255.255
mtu: 1500
# frrouting
exporters::frr_exporter::enable: true
frrouting::ospfd_router_id: "%{facts.networking.ip}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
eth0:
area: 0.0.0.0
anycast0:
area: 0.0.0.0
frrouting::daemons:
ospfd: true
# additional repos
profiles::yum::global::repos:
frr-extras:
name: frr-extras
descr: frr-extras repository
target: /etc/yum.repos.d/frr-extras.repo
baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
frr-stable:
name: frr-stable
descr: frr-stable repository
target: /etc/yum.repos.d/frr-stable.repo
baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
mirrorlist: absent
Reference in New Issue View Git Blame Copy Permalink