Ben Vincent
b9c327799f
- add nginx aliases for vault services - add additional vault certificates - change certmanager script to use vault.service.consul
76 lines
2.2 KiB
YAML
76 lines
2.2 KiB
YAML
---
|
|
profiles::puppet::autosign::subnet_ranges:
|
|
- '198.18.13.0/24'
|
|
- '198.18.14.0/24'
|
|
- '198.18.15.0/24'
|
|
- '198.18.16.0/24'
|
|
- '198.18.17.0/24'
|
|
|
|
profiles::puppet::autosign::domains:
|
|
- '*.main.unkin.net'
|
|
|
|
# profiles::puppet::autosign::nodes:
|
|
# - 'somenode.main.unkin.net'
|
|
|
|
profiles::puppet::cobbler_enc::cobbler_scheme: https
|
|
profiles::puppet::cobbler_enc::cobbler_hostname: cobbler.main.unkin.net
|
|
profiles::puppet::cobbler_enc::version: 'system'
|
|
profiles::puppet::cobbler_enc::packages:
|
|
- 'requests'
|
|
- 'PyYAML'
|
|
profiles::puppet::enc::repo: https://git.unkin.net/unkinben/puppet-enc.git
|
|
profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git
|
|
profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k'
|
|
profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml'
|
|
profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments'
|
|
profiles::puppet::g10k::default_environment: 'develop'
|
|
profiles::puppet::gems::puppet:
|
|
- 'deep_merge'
|
|
- 'ipaddr'
|
|
- 'hiera-eyaml'
|
|
|
|
profiles::helpers::certmanager::vault_config:
|
|
addr: 'https://vault.service.consul:8200'
|
|
mount_point: 'pki_int'
|
|
approle_path: 'approle'
|
|
role_name: 'servers_default'
|
|
output_path: '/tmp/certmanager'
|
|
role_id: "%{lookup('certmanager::role_id')}"
|
|
|
|
profiles::puppet::server::agent_server: 'puppet.query.consul'
|
|
profiles::puppet::server::report_server: 'puppet.query.consul'
|
|
profiles::puppet::server::ca_server: 'puppetca.query.consul'
|
|
profiles::puppet::server::dns_alt_names:
|
|
- "%{facts.networking.fqdn}"
|
|
- "%{facts.networking.hostname}"
|
|
- puppetmaster.main.unkin.net
|
|
- puppet.main.unkin.net
|
|
- puppet.service.consul
|
|
- puppet.query.consul
|
|
- puppetmaster
|
|
- puppet
|
|
|
|
consul::services:
|
|
puppet:
|
|
service_name: 'puppet'
|
|
tags:
|
|
- 'puppet'
|
|
- 'master'
|
|
address: "%{facts.networking.ip}"
|
|
port: 8140
|
|
checks:
|
|
- id: 'puppet_https_check'
|
|
name: 'Puppet HTTPS Check'
|
|
http: "https://%{facts.networking.fqdn}:8140/status/v1/simple"
|
|
method: 'GET'
|
|
tls_skip_verify: true
|
|
interval: '10s'
|
|
timeout: '1s'
|
|
profiles::consul::client::node_rules:
|
|
- resource: service
|
|
segment: puppet
|
|
disposition: write
|
|
- resource: service
|
|
segment: puppetca
|
|
disposition: write
|