Ben Vincent
b976f2063a
- deploy redis/sentinel ha cluster for git - update redis to 7 (required for almalinux 9) - enable requirepass/masterauth Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/336
61 lines
2.1 KiB
YAML
61 lines
2.1 KiB
YAML
---
|
|
# additional altnames
|
|
profiles::pki::vault::alt_names:
|
|
- "gitea-redis-replica-%{facts.environment}.main.unkin.net"
|
|
- "gitea-redis-replica-%{facts.environment}.service.consul"
|
|
- "gitea-redis-replica-%{facts.environment}.query.consul"
|
|
- "gitea-redis-replica-%{facts.environment}.service.%{facts.country}-%{facts.region}.consul"
|
|
|
|
profiles::ssh::sign::principals:
|
|
- "gitea-redis-replica-%{facts.environment}.main.unkin.net"
|
|
- "gitea-redis-replica-%{facts.environment}.service.consul"
|
|
- "gitea-redis-replica-%{facts.environment}.query.consul"
|
|
|
|
hiera_include:
|
|
- redisha
|
|
|
|
redisha::manage_repo: false
|
|
redisha::redisha_members_lookup: true
|
|
redisha::redisha_members_role: roles::infra::git::redis
|
|
redisha::redis::requirepass: "%{hiera('redisha::masterauth')}"
|
|
redisha::redis::masterauth: "%{hiera('redisha::masterauth')}"
|
|
redisha::sentinel::master_name: "%{facts.country}-%{facts.region}"
|
|
redisha::sentinel::requirepass: "%{hiera('redisha::masterauth')}"
|
|
redisha::sentinel::auth_pass: "%{hiera('redisha::masterauth')}"
|
|
redisha::tools::requirepass: "%{hiera('redisha::masterauth')}"
|
|
|
|
sudo::configs:
|
|
consul:
|
|
priority: 20
|
|
content: |
|
|
consul ALL=(ALL) NOPASSWD: /usr/local/sbin/sentineladm info
|
|
consul::services:
|
|
gitea-redis-replica:
|
|
service_name: "gitea-redis-replica-%{facts.environment}"
|
|
address: "%{facts.networking.ip}"
|
|
port: 6379
|
|
checks:
|
|
- id: 'redis-replica_tcp_check'
|
|
name: 'Redis Replica TCP Check'
|
|
tcp: "%{facts.networking.ip}:6379"
|
|
interval: '10s'
|
|
timeout: '1s'
|
|
gitea-redis-master:
|
|
service_name: "gitea-redis-master-%{facts.environment}"
|
|
address: "%{facts.networking.ip}"
|
|
port: 6379
|
|
checks:
|
|
- id: 'redis-master_tcp_check'
|
|
name: "Redis Master Check"
|
|
args:
|
|
- '/usr/local/bin/check_redis_master'
|
|
interval: '10s'
|
|
timeout: '1s'
|
|
profiles::consul::client::node_rules:
|
|
- resource: service
|
|
segment: "gitea-redis-replica-%{facts.environment}"
|
|
disposition: write
|
|
- resource: service
|
|
segment: "gitea-redis-master-%{facts.environment}"
|
|
disposition: write
|