...
There are quite a bit of data which are not associated to a specific service, but are rather used by various modules, and should thus generally allways be present:
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::networking::rpfilter | Before we used multiple routing-tables on our hosts we had to turn off rpfilter to allow asymmetric routing. Now this should be turned on. | true | N/A | Boolean | All |
| profile::networking::management::ipv4::prefixes | A list over IPv4 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc. | - '192.0.2.0/26' | N/A | List of strings | All |
| profile::networking::management::ipv6::prefixes | A list over IPv6 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc. | - '2001:db8:beef:701::/64' | N/A | List of strings | All |
Dashboard
The general configuration of the dashboard are based on the following keys:
...
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::dns::<shortname>::ipv4 | The IPv4 address of a specific DNS server. | '192.0.2.129' | N/A | String | role::bootstrap, role::dashboard, role::dns::master, role::dns::slave |
| profile::dns::<shortname>::name | The fqdn of a specific DNS server | 'ns1.example.com' | N/A | String | role::bootstrap, role::dns::master, role::dns::slave |
Haproxy
We use haproxy to loadbalance multiple of our services. It needs the following keys present in hiera to work:
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::haproxy::management::ipv4 | The IPv4 address used in front og the loadbalancer used for managemnet services | '192.0.2.151' | N/A | String | role::puppet::db, role::puppet::server, role::mysql, role::balancer::management |
| profile::haproxy::management::ipv4::id | The VRRP id used by the IPv4 VRRP instance. | 11 | N/A | Integer | role::balancer::management |
| profile::haproxy::management::ipv4::priority | The VRRP priority used by the IPv4 VRRP instance. | 10 | N/A | Integer | role::balancer::management |
| profile::haproxy::management::ipv6 | The IPv4 address used in front og the loadbalancer used for managemnet services | '2001:db8:beef:707::7b1' | N/A | String | role::puppet::db, role::puppet::server, role::mysql, role::balancer::management |
| profile::haproxy::management::ipv6::id | The VRRP id used by the IPv6 VRRP instance. | 12 | N/A | Intege | role::balancer::management |
| profile::haproxy::management::ipv6::priority | The VRRP priority used by the IPv6 VRRP instance. | 10 | N/A | Integer | role::balancer::management |
MySQL
Our mysql cluster uses the following hiera-keys:
| Key | Description | Example | Created by | Data-type | Used by |
|---|---|---|---|---|---|
| profile::mysqlcluster::servers | This is a list over IPv4 addresses used by servers in the cluster. This list are used when a server starts up, to discover at least one of the machines already in the cluster. | - '192.0.2.201' | N/A | String | role::mysql |
| profile::mysqlcluster::master | The fqdn of one of the mysql-servers. This are in theory used by the puppet-galera module to start one server in case all servers are down. | 'mysql1.example.com' | N/A | String | role::mysql |
| profile::mysqlcluster::root_password | This is the password of the mysql root user | 'OwT$Etc$=|;h(=upip#3' | pwgen -s -y 20 -1 | String | role::mysql |
| profile::mysqlcluster::status_password | This is the password of the mysql status user | ';^8P"M,Oem6le\T"am!0' | pwgen -s -y 20 -1 | String | role::mysql |
| profile::mysqlcluster::haproxy_password | This is the password of the mysql haproxy user. This user is so that haproxy can create more robust checks than just see if port 3306 is open. | '4g36-&jHNFF?J-7yQZHa' | pwgen -s -y 20 -1 | String | role::mysql |
Redis
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::redis::master | Name or IP address of initial redis master | 'redis1.cloud.domain.com' | N/A | String | role::redis |
| profile::redis::nodetype | Defined on each redis-node. Only valid values are 'master' or 'slave' | 'master' | N/A | String | role::redis |
| profile::redis::ip | The IP redis clients should contact redis on. Typically the haproxy ip | '192.168.100.10' or "%{hiera('profile::haproxy::management::ip')}" or redis.cloud.domain.com | N/A | String | All |