Versions Compared

Old Version 36

changes.mady.by.user Eigil Obrestad

Saved on

compared with

New Version 37

changes.mady.by.user Eigil Obrestad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

KeyDescriptionExampleCreated byData-typeDatafile:

Used by:

profile::networking::rpfilterBefore we used multiple routing-tables on our hosts we had to turn off rpfilter to allow asymmetric routing. Now this should be turned on.trueN/ABooleannetworking.yamlAll
profile::networking::management::ipv4::prefixesA list over IPv4 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc.

- '192.0.2.0/26'

N/AList of stringsnetworking.yamlAll
profile::networking::management::ipv6::prefixesA list over IPv6 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc.- '2001:db8:beef:701::/64'N/AList of stringsnetworking.yamlAll

Networks

The networks used in the deployment are all described in hiera to ensure that all configuration retrieves the same values when configuring anything network specific. There are one key in hiera which lists all networks:

KeyDescriptionExampleCreated byData-typeDatafile:

Used by:

profile::networksA list over networks in this deployment. The values in this list is used as keys to retrieve the rest of the parameters.

- 'management'

N/AList of Stringsnetworking.yamlrole::bootstrap, role::dashboard, role::kvm, role::dhcp

...

KeyDescriptionExampleCreated byData-typeDatafile:

Used by

profile::networks::<networkname>::domainThe network-specific domain-name.'management.example.com'N/AStringnetworking.yamlrole::bootstrap, role::dashboard
profile::networks::<networkname>::ipv4::dynamicrange(Optional) The range of ip-addresses for dynamic assignment to unregistered hosts.'192.0.2.230 192.0.2.240'N/AStringnetworking.yamlrole::bootstrap, role::dashboard, role::dhcp
profile::networks::<networkname>::ipv4::gatewayThe IPv4 gateway on the network'192.0.2.1'N/AStringnetworking.yamlrole::bootstrap, role::dashboard, role::dhcp
profile::networks::<networkname>::ipv4::idThe IPv4 network ID.'192.0.2.0'N/AStringnetworking.yamlrole::bootstrap, role::dashboard, role::dhcp
profile::networks::<networkname>::ipv4::maskThe IPv4 network mask'255.255.255.0'N/AStringnetworking.yamlrole::bootstrap, role::dashboard, role::dhcp
profile::networks::<networkname>::ipv4::prefixThe IPv4 CIDR prefix.'192.0.2.0/24'N/AStringnetworking.yamlMost roles. Used as a source-net in firewall rules.
profile::networks::<networkname>::ipv4::reserved(Optional) list over address-ranges which the dashboard should not assign to hosts. - '192.0.2.245-192.0.2.248'N/AStringnetworking.yamlrole::bootstrap, role::dashboard
profile::networks::<networkname>::ipv6::prefixThe IPv6 CIDR prefix'2001:db8:beef:707::/64'N/AStringnetworking.yamlrole::bootstrap, role::postgres::master, role::postgres::slave
profile::networks::<networkname>::vlanidThe VLAN ID of the network.504N/AIntegernetworking.yamlrole::kvm

Users

To create users the following general keys are needed:

...

KeyDescriptionExampleCreated byData-typeDatafile:

Used by:

profile::dashboard::django::secretA secret key used for misc. security features in the django backend. Should be the same on all dashboard servers'pM[`SiZd'=+ycXOAKm`srXY?@8DRw=BVdQXg$blHD"RD\2iv97'pwgen -s -y 50 -1Stringcommon.yamlrole::bootstrap, role::dashboard
profile::dashboard::nameThe DNS name used to access the dashboard. This name should have an A and AAAA record configured with the address of the dashboard server (or loadbalancer). 'dashboard.example.com'N/A String common.yamlrole::bootstrap, role::dashboard
profile::dashboard::name::v4onlyA DNS name wich also points to the dashboard, but this name should only resolve to an IPv4 address. This is because of some processes currently only works over IPv4 (Authorization of the retrieval of PXE preseed files for example)  'v4dashboard.example.com'N/A String common.yamlrole::bootstrap, role::dashboard
profile::dashboard::ldap::urlThe url for the LDAP server used for authentication.'ldaps://ldap.example.com:636'N/AStringcommon.yamlrole::bootstrap, role::dashboard
profile::dashboard::ldap::search_baseLDAP search base'OU=Users,DC=ldap,DC=example,DC=com'N/AStringcommon.yamlrole::bootstrap, role::dashboard
profile::dashboard::ldap::domainLDAP domain nam'example-com'N/AStringcommon.yamlrole::bootstrap, role::dashboard

...

KeyDescriptionSuggested valueData-typeDatafile:

Used by:

profile::dashboard::apiA HTTP link used by external clients connecting to the dashboard.'http://%{hiera('profile::dashboard::name::v4only')}'Stringcommon.yamlrole::bootstrap, role::dashboard
profile::dashboard::datadirA location where the dashboard can store files.'/var/lib/machineadminshiftleader'Stringcommon.yamlrole::bootstrap, role::dashboard

...

KeyDescriptionExampleCreated byData-typeDatafile:

Used by:

profile::dashboard::database::typeThe database type.'mysql' or 'sqlite'N/AStringcommon.yamlrole::bootstrap, role::dashboard
profile::dashboard::database::nameThe database name (for mysql) or location (for sqlite)'dashboard' or '/var/dashboard.sqlite'N/AStringcommon.yamlrole::bootstrap, role::dashboard
profile::dashboard::database::userThe database username

'dashboard'

N/AStringcommon.yamlrole::bootstrap, role::dashboard
profile::dashboard::database::passThe database password'x&1/7LjWbz:i<:W&p+PG'pwgen -s -y 20 -1Stringcommon.yamlrole::bootstrap, role::dashboard
profile::dashboard::database::hostThe database host. Could be a static string, or a hiera lookup.'mysql.example.com', '192.0.2.38' or "%{hiera('profile::haproxy::management::ip')}"N/AStringcommon.yamlrole::bootstrap, role::dashboard

...

KeyDescriptionExampleCreated byData-typeDatafile

Used by:

profile::dhcp::serversA list of hashes describing the dhcp servers. Key=DHCP-Server-name and value=DHCP-IPv4'dhcp1': '192.0.2.21'N/AList of hashescommon.yamlrole::bootstrap, role::dashboard

...