...
There are quite a bit of data which are not associated to a specific service, but are rather used by various modules, and should thus generally allways be present:
Dashboard
The general configuration of the dashboard are based on the following keys:
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::dashboard::django::secret | A secret key used for misc. security features in the django backend. Should be the same on all dashboard servers | 'pM[`SiZd'=+ycXOAKm`srXY?@8DRw=BVdQXg$blHD"RD\2iv97' | pwgen -s -y 50 -1 | String | role::bootstrap, role::dashboard |
| profile::dashboard::name | The DNS name used to access the dashboard. This name should have an A and AAAA record configured with the address of the dashboard server (or loadbalancer). | 'dashboard.example.com' | N/A | String | role::bootstrap, role::dashboard |
| profile::dashboard::name::v4only | A DNS name wich also points to the dashboard, but this name should only resolve to an IPv4 address. This is because of some processes currently only works over IPv4 (Authorization of the retrieval of PXE preseed files for example) | 'v4dashboard.example.com' | N/A | String | role::bootstrap, role::dashboard |
| profile::dashboard::ldap::url | The url for the LDAP server used for authentication. | 'ldaps://ldap.example.com:636' | N/A | String | role::bootstrap, role::dashboard |
| profile::dashboard::ldap::search_base | LDAP search base | 'OU=Users,DC=ldap,DC=example,DC=com' | N/A | String | role::bootstrap, role::dashboard |
| profile::dashboard::ldap::domain | LDAP domain nam | 'example-com' | N/A | String | role::bootstrap, role::dashboard |
There are also some keys which have a suggested value wich should work for all installations, but are still included in hiera for flexibility:
| Key | Description | Suggested value | Data-type | Used by: |
|---|---|---|---|---|
| profile::dashboard::api | A HTTP link used by external clients connecting to the dashboard. | 'http://%{hiera('profile::dashboard::name::v4only')}' | String | role::bootstrap, role::dashboard |
| profile::dashboard::datadir | A location where the dashboard can store files. | '/var/lib/machineadmin' | String | role::bootstrap, role::dashboard |
Database
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::dashboard::database::type | The database type. | 'mysql' or 'sqlite' | N/A | String | role::bootstrap, role::dashboard |
| profile::dashboard::database::name | The database name (for mysql) or location (for sqlite) | 'dashboard' or '/var/dashboard.sqlite' | N/A | String | role::bootstrap, role::dashboard |
| profile::dashboard::database::user | The database username | 'dashboard' | N/A | String | role::bootstrap, role::dashboard |
| profile::dashboard::database::pass | The database password | 'x&1/7LjWbz:i<:W&p+PG' | pwgen -s -y 20 -1 | String | role::bootstrap, role::dashboard |
| profile::dashboard::database::host | The database host. Could be a static string, or a hiera lookup. | 'mysql.example.com', '192.0.2.38' or "%{hiera('profile::haproxy::management::ip')}" | N/A | String | role::bootstrap, role::dashboard |
DHCP configuration:
The dashboard needs the keys listed at the section DHCP server in addition to the following keys to configure the DHCP servers:
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::dhcp::servers | A list of hashes describing the dhcp servers. Key=DHCP-Server-name and value=DHCP-IPv4 | 'dhcp1': '192.0.2.21' | N/A | List of hashes | role::bootstrap, role::dashboard |
DNS configuration:
The Dashboard requires some keys listed under the section DNS-Server, in addition to the following keys:
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::dns::<shortname>::key | The TSIG key used for updates sent to this server. It can be useful to let this be a hiera-lookup for the zones managed by our own DNS servers. | 'UvetjoX5zMiw/NbQr3biug==' "%{hiera('profile::dns::key::update')}" | dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname> | String | role::bootstrap, role::dashboard |
DHCP server
When running DHCP servers, the following keys are needed:
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::dhcp::omapi::key | The omapi key used to update the DHCP servers | 'omapi_key==' | dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST key_name | String | role::bootstrap, role::dashboard, role::dhcp |
| profile::dhcp::omapi::name | The omapi key name | 'key_name' | ↑ | String | role::bootstrap, role::dashboard, role::dhcp |
| profile::dhcp::searchdomain | The default search-domain handed to DHCP clients | 'cloud.domain.com' | N/A | String | role::bootstrap, role::dhcp |
| profile::dns::resolvers | The DNS resolvers for clients to use | - '<ip-addres-DNS1>' - '<ip-address-DNS2>' | N/A | List of strings | role::bootstrap, role::dhcp |
...
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::dns::<shortname>::ipv4 | The IPv4 address of a specific DNS server. | '192.0.2.129' | N/A | String | role::bootstrap, role::dashboard, role::dns::master, role::dns::slave |
| profile::dns::<shortname>::name | The fqdn of a specific DNS server | 'ns1.example.com' | N/A | String | role::bootstrap, role::dns::master, role::dns::slave |
Dashboard
The general configuration of the dashboard are based on the following keys:
DNS configuration:
The Dashboard requires some keys listed under the section DNS-Server, in addition to the following keys:
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::dns::<shortname>::key | The TSIG key used for updates sent to this server. It can be useful to let this be a hiera-lookup for the zones managed by our own DNS servers. | 'UvetjoX5zMiw/NbQr3biug==' "%{hiera('profile::dns::key::update')}" | dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname> | String | role::dashboard |
profile::dashboard::api: 'http://%{hiera('profile::dashboard::name::v4only')}'
profile::dashboard::datadir: '/var/lib/machineadmin'
profile::dashboard::database::type: 'mysql'
profile::dashboard::database::name: '<mysql-database-name>'
profile::dashboard::database::user: '<mysql-database-user>'
profile::dashboard::database::pass: '<mysql-database-password>'
profile::dashboard::database::host: "%{hiera('profile::haproxy::management::ip')}"
profile::dashboard::database::grant: "%"
profile::dashboard::django::secret: '<pwgen -1 -y -s 50>'
profile::dashboard::ldap::url: 'ldaps://<ldaps-server>:636'
profile::dashboard::ldap::search_base: '<LDAP Search base>'
profile::dashboard::ldap::domain: '<LDAP domain>'
profile::dashboard::name: '<Main dashboard hostname (A and AAAA can be defined for this name)>'
profile::dashboard::name::v4only: '<v4-only dashboard hostname (Should only have an A record defined>'
The dashboard requires some service-specific keys in addition to the keys listed with each of the services:
profile::dhcp::servers:
...
'<server1-name>': '<server1-IP>'
...
Redis
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::redis::master | Name or IP address of initial redis master | 'redis1.cloud.domain.com' | N/A | String | role::redis |
| profile::redis::nodetype | Defined on each redis-node. Only valid values are 'master' or 'slave' | 'master' | N/A | String | role::redis |
| profile::redis::ip | The IP redis clients should contact redis on. Typically the haproxy ip | '192.168.100.10' | N/A | String | All |