unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
82ed27cf56
puppet-prod/hieradata/common.yaml
Ben Vincent 5631f07e6e feat: add cephfs shared volume define 
- add ceph class to manage ceph client configuration/packages
- add cephfs define for mounting volumes
- add ceph keyring define to manage secrets used to mount cephfs
2024-06-23 15:33:33 +10:00

321 lines
8.2 KiB
YAML
Raw Blame History

---
lookup_options:
hiera_classes:
merge:
strategy: deep
profiles::packages::install:
merge:
strategy: deep
profiles::packages::install_exclude:
merge:
strategy: deep
profiles::packages::remove:
merge:
strategy: deep
profiles::packages::remove_exclude:
merge:
strategy: deep
profiles::pki::vault::alt_names:
merge:
strategy: deep
profiles::pki::vault::ip_sans:
merge:
strategy: deep
profiles::yum::global::managed_repos:
merge:
strategy: deep
profiles::haproxy::server::defaults:
merge:
strategy: deep
profiles::haproxy::server::globals:
merge:
strategy: deep
profiles::haproxy::server::frontends:
merge:
strategy: deep
profiles::haproxy::server::backends:
merge:
strategy: deep
profiles::haproxy::server::mappings:
merge:
strategy: deep
profiles::haproxy::server::listeners:
merge:
strategy: deep
haproxy::backend:
merge:
strategy: deep
sudo::configs:
merge:
strategy: deep
profiles::base::groups::local:
merge:
strategy: deep
profiles::dns::resolver::zones:
merge:
strategy: deep
profiles::dns::resolver::acls:
merge:
strategy: deep
profiles::dns::resolver::views:
merge:
strategy: deep
profiles::dns::resolver::keys:
merge:
strategy: deep
profiles::dns::master::zones:
merge:
strategy: deep
profiles::dns::master::acls:
merge:
strategy: deep
profiles::dns::master::views:
merge:
strategy: deep
profiles::dns::master::keys:
merge:
strategy: deep
consul::services:
merge:
strategy: deep
consul::watch:
merge:
strategy: deep
consul::check:
merge:
strategy: deep
profiles::consul::client::node_rules:
merge:
strategy: deep
profiles::consul::prepared_query::rules:
merge:
strategy: deep
profiles::puppet::server::dns_alt_names:
merge:
strategy: deep
profiles::puppet::client::dns_alt_names:
merge:
strategy: deep
profiles::base::hosts::additional_hosts:
merge:
strategy: deep
postgresql_config_entries:
merge:
strategy: deep
profiles::yum::global::repos:
merge:
strategy: deep
profiles::nginx::simpleproxy::nginx_aliases:
merge:
strategy: deep
networking::interfaces:
merge:
strategy: deep
networking::routes:
merge:
strategy: deep
ssh::server::options:
merge:
strategy: deep
mysql::db:
merge:
strategy: deep
profiles::ceph::client::keyrings:
merge:
strategy: deep
facts_path: '/opt/puppetlabs/facter/facts.d'
hiera_include:
- timezone
- networking
- ssh::server
profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
profiles::ntp::client::use_ntp: 'region'
profiles::ntp::client::peers:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
profiles::base::puppet_servers:
- 'prodinf01n01.main.unkin.net'
profiles::dns::master::basedir: '/var/named/sources'
profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
profiles::dns::base::use_ns: 'region'
profiles::consul::server::members_role: roles::infra::storage::consul
profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
profiles::consul::client::members_lookup: true
profiles::consul::client::members_role: roles::infra::storage::consul
profiles::consul::client::node_rules:
- resource: node
segment: "%{facts.networking.hostname}"
disposition: write
- resource: node
segment: "%{facts.networking.fqdn}"
disposition: write
- resource: node
segment: ''
disposition: read
profiles::packages::install:
- bash-completion
- bzip2
- ccze
- curl
- dstat
- expect
- gcc
- gzip
- git
- htop
- inotify-tools
- iotop
- jq
- lz4
- mtr
- ncdu
- neovim
- p7zip
- pbzip2
- pigz
- pv
- python3.11
- rsync
- screen
- socat
- strace
- sysstat
- tar
- tmux
- traceroute
- unar
- unzip
- vim
- vnstat
- wget
- zsh
- zstd
profiles::packages::remove:
- iwl100-firmware
- iwl1000-firmware
- iwl105-firmware
- iwl135-firmware
- iwl2000-firmware
- iwl2030-firmware
- iwl3160-firmware
- iwl5000-firmware
- iwl5150-firmware
- iwl6000-firmware
- iwl6000g2a-firmware
- iwl6050-firmware
- iwl7260-firmware
- puppet7-release
profiles::base::scripts::scripts:
puppet: puppetwrapper.py
profiles::puppet::client::server: 'puppet.query.consul'
profiles::puppet::client::ca_server: 'puppetca.query.consul'
profiles::puppet::client::environment: 'develop'
profiles::puppet::client::runinterval: 1800
profiles::puppet::client::runtimeout: 3600
profiles::puppet::client::show_diff: true
profiles::puppet::client::usecacheonfailure: false
profiles::puppet::client::dns_alt_names:
- "%{trusted.certname}"
# puppetdb
puppetdbapi: puppetdbapi.query.consul
puppetdbsql: puppetdbsql.service.au-syd1.consul
prometheus::node_exporter::export_scrape_job: true
prometheus::systemd_exporter::export_scrape_job: true
ssh::server::storeconfigs_enabled: false
ssh::server::options:
Protocol: '2'
ListenAddress:
- '127.0.0.1'
- '%{facts.networking.ip}'
SyslogFacility: 'AUTHPRIV'
HostKey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
HostCertificate: /etc/ssh/ssh_host_rsa_key-cert.pem
AuthorizedKeysFile: .ssh/authorized_keys
PermitRootLogin: no
PasswordAuthentication: no
ChallengeResponseAuthentication: no
PubkeyAuthentication: yes
GSSAPIAuthentication: yes
GSSAPICleanupCredentials: yes
UsePAM: yes
X11Forwarding: no
PrintMotd: no
AcceptEnv:
- LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
- LC_IDENTIFICATION LC_ALL LANGUAGE
- XMODIFIERS
Subsystem: sftp /usr/libexec/openssh/sftp-server
profiles::ssh::knownhosts::lines:
- '@cert-authority * ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1HD97vYxLTniE4qNpGuftUlvmkEXIuX8+7nbENv/IzsGUghEDRtyThjQ7ojNKIsQ7f8wXr0gMcI+fAPfrbcOMHCAoYMomikwL0b3h95SZI40q3CyM+0DMnwiVVDX6C1QxkO2Rv9cszSkCa85NotJhXiUuTBI9BFcRPy+mAhbpAru+bfypYofI0wW97XNTl8Jgwmni5MgutBIQAokFIn5ux8iWxndCH3AqDtmkwC5DfQeQ+wZx7rkwqJEpJffQzrjb1gIM6P9hDCVBBVPh/3o80IJ69rFWrJAZUb+JpG4cXJH0NcSW+wqc3JCT/x3q8VlHwOTXSlNNKtOJCRx73mB8e1XTTy2a9FgpKDDg5XQXWHAViJDz1RTRL9gRefMylRgKz4bXoTuY9kJWM8hPTyUejtukbJThlBJc3OmDxBZBF7F0iqB11pHexok43OCEiANodVa36eWu9/5X032Vm48fZ1/akDPY/NSy3wAn7kwut+A0/JAHFHASrq+1mt9YurkJegI+YHXO6eEWpBIpmI7ORHJbGL4MhkHrxYzVamuP8CkU7tXzsv138+wpOcRHNp9yJY4PT40BZkRf/O3O+jt3pj9Dj8rvgywF2W6hFzywh3Y78upOprRkQlQtHfsI8EyrYI8/hUw2u3H+3yPXh3YjWfqvWVG1BRLRHBV7m90uaw=='
profiles::base::groups::local:
admins:
ensure: present
gid: 10000
allowdupe: false
forcelocal: true
sudo::configs:
admins:
priority: 10
content: |
%admins ALL=(ALL) NOPASSWD: ALL
profiles::accounts::sysadmin::sshkeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
networking::interfaces:
eth0:
ensure: present
family: inet
method: static
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
ensure: present
interface: eth0
netmask: 0.0.0.0
network: default
profiles::ceph::client::fsid: 7f7f00cb-95de-498c-8dcc-14b54e4e9ca8
profiles::ceph::client::mons:
- 10.18.15.1
- 10.18.15.2
- 10.18.15.3
#profiles::base::hosts::additional_hosts:
# - ip: 198.18.17.9
# hostname: prodinf01n09.main.unkin.net
# aliases:
# - prodinf01n09
# - ntp01.main.unkin.net
# - ip: 198.18.17.10
# hostname: prodinf01n10.main.unkin.net
# aliases:
# - prodinf01n10
# - ntp02.main.unkin.net
# - ip: 198.18.17.22
# hostname: prodinf01n22.main.unkin.net
# aliases:
# - prodinf01n22
# - repos.main.unkin.net
Reference in New Issue View Git Blame Copy Permalink