From 0a21fb6c2c52ca5cc2dfdfc41ca0a51c0d81296c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 13 Mar 2018 13:23:17 +0100 Subject: Start to cleanup the files --- environments/global/common.yaml | 4 ++++ environments/global/roles/cryptoportfolio.yaml | 17 ++++++++++++++++- environments/global/types/s1-2.yaml | 2 +- environments/global/types/vps-ovhssd-1.yaml | 2 +- environments/integration/roles/cryptoportfolio.yaml | 6 ++---- environments/production/roles/cryptoportfolio.yaml | 8 ++++---- 6 files changed, 28 insertions(+), 11 deletions(-) (limited to 'environments') diff --git a/environments/global/common.yaml b/environments/global/common.yaml index 5b21dca..05d12ad 100644 --- a/environments/global/common.yaml +++ b/environments/global/common.yaml @@ -6,6 +6,8 @@ lookup_options: merge: deep base_installation::system_users: merge: unique + letsencrypt::hosts: + merge: unique classes: stdlib: ~ @@ -35,3 +37,5 @@ base_installation::system_users: key_type: "ssh-rsa" xmr_stak::mining_pool: "pool.minexmr.com:7777" xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo" +letsencrypt::email: "sites+letsencrypt@mail.immae.eu" +letsencrypt::try_for_real_hostname: true diff --git a/environments/global/roles/cryptoportfolio.yaml b/environments/global/roles/cryptoportfolio.yaml index 3d36e71..f875c1b 100644 --- a/environments/global/roles/cryptoportfolio.yaml +++ b/environments/global/roles/cryptoportfolio.yaml @@ -1,4 +1,19 @@ --- classes: role::cryptoportfolio: ~ -cryptoportfolio::slack_webhook: "%{ldapvar.self.vars.cf_slack_webhook.0}" +letsencrypt::hosts: "%{lookup('base_installation::system_hostname')}" +role::cryptoportfolio::user: "cryptoportfolio" +role::cryptoportfolio::group: "cryptoportfolio" +role::cryptoportfolio::home: "/home/cryptoportfolio" +role::cryptoportfolio::env: "prod" +role::cryptoportfolio::webhook_url: "%{ldapvar.self.vars.cf_slack_webhook.0}" +role::cryptoportfolio::pg_db: "cryptoportfolio" +role::cryptoportfolio::pg_user: "cryptoportfolio" +role::cryptoportfolio::pg_user_replication: "cryptoportfolio_replication" +role::cryptoportfolio::web_host: "%{lookup('base_installation::system_hostname')}" +role::cryptoportfolio::web_port: "" +role::cryptoportfolio::web_ssl: true +base_installation::system_users: + - username: "%{lookup('role::cryptoportfolio::user')}" + system: true + password: "!!" diff --git a/environments/global/types/s1-2.yaml b/environments/global/types/s1-2.yaml index 496b741..a7ba753 100644 --- a/environments/global/types/s1-2.yaml +++ b/environments/global/types/s1-2.yaml @@ -6,4 +6,4 @@ classes: base_installation::system_hostname: "%{ldapvar.self.vars.host.0}" base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.v.immae.eu" base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt" -ssl::try_letsencrypt_for_real_hostname: true +letsencrypt::try_for_real_hostname: true diff --git a/environments/global/types/vps-ovhssd-1.yaml b/environments/global/types/vps-ovhssd-1.yaml index 73f7a45..68534dc 100644 --- a/environments/global/types/vps-ovhssd-1.yaml +++ b/environments/global/types/vps-ovhssd-1.yaml @@ -7,4 +7,4 @@ base_installation::system_hostname: "%{ldapvar.self.vars.host.0}" base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net" base_installation::grub_device: "/dev/sdb" base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt" -ssl::try_letsencrypt_for_real_hostname: false +letsencrypt::try_for_real_hostname: false diff --git a/environments/integration/roles/cryptoportfolio.yaml b/environments/integration/roles/cryptoportfolio.yaml index 9825bce..6b8eb92 100644 --- a/environments/integration/roles/cryptoportfolio.yaml +++ b/environments/integration/roles/cryptoportfolio.yaml @@ -1,5 +1,3 @@ --- -cryptoportfolio::front_version: v0.0.2-3-g6200f9a -cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f -cryptoportfolio::bot_version: v0.5-8-g34eb08f -cryptoportfolio::bot_sha256: f5b99c4a1cc4db0228f757705a5a909aa301e42787bc5842f8ba442fec0d3fd1 +role::cryptoportfolio::front_version: v0.0.2-3-g6200f9a +role::cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f diff --git a/environments/production/roles/cryptoportfolio.yaml b/environments/production/roles/cryptoportfolio.yaml index c9328e1..566c7f2 100644 --- a/environments/production/roles/cryptoportfolio.yaml +++ b/environments/production/roles/cryptoportfolio.yaml @@ -1,5 +1,5 @@ --- -cryptoportfolio::front_version: v0.0.2-3-g6200f9a -cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f -cryptoportfolio::bot_version: v0.5.1 -cryptoportfolio::bot_sha256: 733789711365b2397bd996689af616a6789207d26c71a31ad1af68620b267d54 +role::cryptoportfolio::front_version: v0.0.2-3-g6200f9a +role::cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f +role::cryptoportfolio::bot_version: v0.5.1 +role::cryptoportfolio::bot_sha256: 733789711365b2397bd996689af616a6789207d26c71a31ad1af68620b267d54 -- cgit v1.2.3 From a045b9dc12f71c286d4afcb196705f430b6731f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 13 Mar 2018 14:31:07 +0100 Subject: Cleanup xmr_stak profile --- environments/global/common.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'environments') diff --git a/environments/global/common.yaml b/environments/global/common.yaml index 05d12ad..4536b83 100644 --- a/environments/global/common.yaml +++ b/environments/global/common.yaml @@ -35,7 +35,7 @@ base_installation::system_users: - host: "immae.eu" key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v" key_type: "ssh-rsa" -xmr_stak::mining_pool: "pool.minexmr.com:7777" -xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo" +profile::xmr_stak::mining_pool: "pool.minexmr.com:7777" +profile::xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo" letsencrypt::email: "sites+letsencrypt@mail.immae.eu" letsencrypt::try_for_real_hostname: true -- cgit v1.2.3 From 62fe8998b5497864d51ed0fe909a0ff60cc1520b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 16 Mar 2018 20:37:40 +0100 Subject: Make cpu limit for xmr stak parameter --- environments/global/types/s1-2.yaml | 1 + environments/global/types/vps-ovhssd-1.yaml | 1 + 2 files changed, 2 insertions(+) (limited to 'environments') diff --git a/environments/global/types/s1-2.yaml b/environments/global/types/s1-2.yaml index a7ba753..5bfdf9a 100644 --- a/environments/global/types/s1-2.yaml +++ b/environments/global/types/s1-2.yaml @@ -7,3 +7,4 @@ base_installation::system_hostname: "%{ldapvar.self.vars.host.0}" base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.v.immae.eu" base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt" letsencrypt::try_for_real_hostname: true +profile::xmr_stak::cpulimit: "30" diff --git a/environments/global/types/vps-ovhssd-1.yaml b/environments/global/types/vps-ovhssd-1.yaml index 68534dc..8dd512c 100644 --- a/environments/global/types/vps-ovhssd-1.yaml +++ b/environments/global/types/vps-ovhssd-1.yaml @@ -8,3 +8,4 @@ base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net" base_installation::grub_device: "/dev/sdb" base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt" letsencrypt::try_for_real_hostname: false +profile::xmr_stak::cpulimit: "90" -- cgit v1.2.3 From e8493916ff6e957c752df1cfc1789844c426d987 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 19 Mar 2018 16:02:30 +0100 Subject: Add ldap backend for hiera lookup --- environments/hiera.yaml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'environments') diff --git a/environments/hiera.yaml b/environments/hiera.yaml index 5a9a6d6..eda5eb3 100644 --- a/environments/hiera.yaml +++ b/environments/hiera.yaml @@ -9,6 +9,9 @@ hierarchy: - name: "Initialization variables" path: "/root/puppet_variables.json" + - name: "Puppet ldap variables" + data_hash: ldap_data + - name: "Per-role environment data" mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"] -- cgit v1.2.3 From 284fd97e815e9dddf6640fcc4fc5e996687edc8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 19 Mar 2018 16:07:56 +0100 Subject: Migrate hiera information to ldap --- environments/global/common.yaml | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) (limited to 'environments') diff --git a/environments/global/common.yaml b/environments/global/common.yaml index 4536b83..5911194 100644 --- a/environments/global/common.yaml +++ b/environments/global/common.yaml @@ -27,15 +27,8 @@ base_installation::puppet_pass_seed: "/etc/puppetlabs/puppet/password_seed" base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl" base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"] base_installation::system_timezone: "Europe/Paris" -base_installation::system_users: - - userid: 1000 - username: "immae" - groups: ["wheel"] - keys: - - host: "immae.eu" - key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v" - key_type: "ssh-rsa" -profile::xmr_stak::mining_pool: "pool.minexmr.com:7777" -profile::xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo" -letsencrypt::email: "sites+letsencrypt@mail.immae.eu" +base_installation::system_users: [] # Fetched via ldap +profile::xmr_stak::mining_pool: "" # Fetched via ldap +profile::xmr_stak::wallet: "" # Fetched via ldap +letsencrypt::email: ~ # Fetched via ldap letsencrypt::try_for_real_hostname: true -- cgit v1.2.3 From 82caf31189f11a9bca4836260e8ee8ba954690f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 17 Mar 2018 11:00:48 +0100 Subject: Add mail profile --- environments/global/common.yaml | 1 + 1 file changed, 1 insertion(+) (limited to 'environments') diff --git a/environments/global/common.yaml b/environments/global/common.yaml index 5911194..e7c70d4 100644 --- a/environments/global/common.yaml +++ b/environments/global/common.yaml @@ -30,5 +30,6 @@ base_installation::system_timezone: "Europe/Paris" base_installation::system_users: [] # Fetched via ldap profile::xmr_stak::mining_pool: "" # Fetched via ldap profile::xmr_stak::wallet: "" # Fetched via ldap +profile::mail::mailhub: "" # Fetched via ldap letsencrypt::email: ~ # Fetched via ldap letsencrypt::try_for_real_hostname: true -- cgit v1.2.3 From d87a489f9585d10f0a185beb59ae16a10f27a7bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 16 Mar 2018 20:40:27 +0100 Subject: Add backup role --- environments/global/common.yaml | 7 +++++++ environments/global/roles/backup.yaml | 11 +++++++++++ environments/hiera.yaml | 1 + 3 files changed, 19 insertions(+) create mode 100644 environments/global/roles/backup.yaml (limited to 'environments') diff --git a/environments/global/common.yaml b/environments/global/common.yaml index e7c70d4..4836f6e 100644 --- a/environments/global/common.yaml +++ b/environments/global/common.yaml @@ -8,6 +8,10 @@ lookup_options: merge: unique letsencrypt::hosts: merge: unique + role::backup::backups: + merge: unique + profile::known_hosts::hosts: + merge: unique classes: stdlib: ~ @@ -31,5 +35,8 @@ base_installation::system_users: [] # Fetched via ldap profile::xmr_stak::mining_pool: "" # Fetched via ldap profile::xmr_stak::wallet: "" # Fetched via ldap profile::mail::mailhub: "" # Fetched via ldap +role::backup::mailto: "" # Fetched via ldap +role::backup::backups: [] # Fetched via ldap +profile::known_hosts::hosts: [] # Fetched via ldap letsencrypt::email: ~ # Fetched via ldap letsencrypt::try_for_real_hostname: true diff --git a/environments/global/roles/backup.yaml b/environments/global/roles/backup.yaml new file mode 100644 index 0000000..52befe2 --- /dev/null +++ b/environments/global/roles/backup.yaml @@ -0,0 +1,11 @@ +--- +classes: + role::backup: ~ +role::backup::user: "backup" +role::backup::group: "backup" +base_installation::system_users: + - username: "%{lookup('role::backup::user')}" + userid: 976 + system: true + password: "!!" + diff --git a/environments/hiera.yaml b/environments/hiera.yaml index eda5eb3..61d40d8 100644 --- a/environments/hiera.yaml +++ b/environments/hiera.yaml @@ -8,6 +8,7 @@ defaults: hierarchy: - name: "Initialization variables" path: "/root/puppet_variables.json" + data_hash: json_data - name: "Puppet ldap variables" data_hash: ldap_data -- cgit v1.2.3 From f25ad097f24e0d39d5dd9ac2cef39760e671e08f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 19 Mar 2018 17:13:37 +0100 Subject: =?UTF-8?q?Don=E2=80=99t=20mount=20unavailables=20mounts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- environments/global/common.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'environments') diff --git a/environments/global/common.yaml b/environments/global/common.yaml index 4836f6e..094e0ff 100644 --- a/environments/global/common.yaml +++ b/environments/global/common.yaml @@ -1,6 +1,6 @@ --- lookup_options: - base_installation::mounts: + profile::fstab::mounts: merge: unique classes: merge: deep @@ -22,9 +22,6 @@ base_installation::ldap_cn: "%{facts.ec2_metadata.hostname}" base_installation::ldap_server: "ldap.immae.eu" base_installation::ldap_uri: "ldaps://ldap.immae.eu" # FIXME: get all mounts without needing that hack? -base_installation::mounts: - - "%{facts.ldapvar.self.vars.mounts.0}" - - "%{facts.ldapvar.self.vars.mounts.1}" base_installation::puppet_conf_path: "/etc/puppetlabs/puppet" base_installation::puppet_code_path: "/etc/puppetlabs/code" base_installation::puppet_pass_seed: "/etc/puppetlabs/puppet/password_seed" @@ -32,6 +29,9 @@ base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl" base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"] base_installation::system_timezone: "Europe/Paris" base_installation::system_users: [] # Fetched via ldap +profile::fstab::mounts: + - "%{facts.ldapvar.self.vars.mounts.0}" + - "%{facts.ldapvar.self.vars.mounts.1}" profile::xmr_stak::mining_pool: "" # Fetched via ldap profile::xmr_stak::wallet: "" # Fetched via ldap profile::mail::mailhub: "" # Fetched via ldap -- cgit v1.2.3 From 5a1aab82ab45c14db40026bb7b1f19d0ee8a3cb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 19 Mar 2018 21:58:18 +0100 Subject: Change backup user id --- environments/global/roles/backup.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'environments') diff --git a/environments/global/roles/backup.yaml b/environments/global/roles/backup.yaml index 52befe2..cdd5f09 100644 --- a/environments/global/roles/backup.yaml +++ b/environments/global/roles/backup.yaml @@ -5,7 +5,7 @@ role::backup::user: "backup" role::backup::group: "backup" base_installation::system_users: - username: "%{lookup('role::backup::user')}" - userid: 976 + userid: 2000 system: true password: "!!" -- cgit v1.2.3