unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
ae00acbbb1
puppet-prod/hieradata/roles/infra/puppet/master.yaml
Ben Vincent ae00acbbb1 feat: add toml puppet gem 
- required for ldap support in grafana
2025-06-30 19:02:07 +10:00

96 lines
2.7 KiB
YAML
Raw Blame History

---
profiles::puppet::autosign::subnet_ranges:
- '198.18.13.0/24'
- '198.18.14.0/24'
- '198.18.15.0/24'
- '198.18.16.0/24'
- '198.18.17.0/24'
- '198.18.20.0/24'
- '198.18.24.0/24'
- '198.18.25.0/24'
- '198.18.26.0/24'
- '198.18.27.0/24'
- '198.18.28.0/24'
- '198.18.29.0/24'
profiles::puppet::autosign::domains:
- '*.main.unkin.net'
# profiles::puppet::autosign::nodes:
# - 'somenode.main.unkin.net'
profiles::puppet::cobbler_enc::cobbler_scheme: https
profiles::puppet::cobbler_enc::cobbler_hostname: cobbler.main.unkin.net
profiles::puppet::cobbler_enc::version: 'system'
profiles::puppet::cobbler_enc::packages:
- 'requests'
- 'PyYAML'
profiles::puppet::enc::repo: https://git.service.au-syd1.consul/unkinben/puppet-enc.git
profiles::puppet::r10k::r10k_repo: https://git.service.au-syd1.consul/unkin/puppet-r10k.git
profiles::puppet::g10k::bin_path: '/usr/bin/g10k'
profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml'
profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments'
profiles::puppet::g10k::default_environment: 'develop'
profiles::puppet::gems::puppet:
- 'deep_merge'
- 'ipaddr'
- 'hiera-eyaml'
- 'toml'
profiles::helpers::certmanager::vault_config:
addr: 'https://vault.service.consul:8200'
mount_point: 'pki_int'
approle_path: 'approle'
role_name: 'servers_default'
output_path: '/tmp/certmanager'
role_id: "%{lookup('certmanager::role_id')}"
profiles::helpers::sshsignhost::vault_config:
addr: 'https://vault.service.consul:8200'
mount_point: 'ssh-host-signer'
approle_path: 'approle'
role_name: 'hostrole'
output_path: '/tmp/sshsignhost'
role_id: "%{lookup('sshsignhost::role_id')}"
profiles::puppet::server::agent_server: 'puppet.query.consul'
profiles::puppet::server::report_server: 'puppet.query.consul'
profiles::puppet::server::ca_server: 'puppetca.query.consul'
profiles::puppet::server::dns_alt_names:
- "%{facts.networking.fqdn}"
- "%{facts.networking.hostname}"
- puppetmaster.main.unkin.net
- puppet.main.unkin.net
- puppet.service.consul
- puppet.query.consul
- puppetmaster
- puppet
profiles::ssh::sign::principals:
- puppet.service.consul
- puppet.query.consul
consul::services:
puppet:
service_name: 'puppet'
tags:
- 'puppet'
- 'master'
address: "%{facts.networking.ip}"
port: 8140
checks:
- id: 'puppet_https_check'
name: 'Puppet HTTPS Check'
http: "https://%{facts.networking.fqdn}:8140/status/v1/simple"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: puppet
disposition: write
- resource: service
segment: puppetca
disposition: write
Reference in New Issue View Git Blame Copy Permalink