...
| Key | Description | Example | Created by | Data-type | Datafile: | Used by: |
|---|---|---|---|---|---|---|
| profile::networking::rpfilter | Before we used multiple routing-tables on our hosts we had to turn off rpfilter to allow asymmetric routing. Now this should be turned on. | true | N/A | Boolean | networking.yaml | All |
| profile::networking::management::ipv4::prefixes | A list over IPv4 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc. | - '192.0.2.0/26' | N/A | List of strings | networking.yaml | All |
| profile::networking::management::ipv6::prefixes | A list over IPv6 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc. | - '2001:db8:beef:701::/64' | N/A | List of strings | networking.yaml | All |
| profile::ntp::servers | A list over ntp servers to use. | - '' |
|
Networks
The networks used in the deployment are all described in hiera to ensure that all configuration retrieves the same values when configuring anything network specific. There are one key in hiera which lists all networks:
...
| Key | Description | Example | Created by | Data-type | Datafile: | Used by |
|---|---|---|---|---|---|---|
| profile::networks::<networkname>::domain | The network-specific domain-name. | 'management.example.com' | N/A | String | networking.yaml | role::bootstrap, role::dashboard |
| profile::networks::<networkname>::ipv4::dynamicrange | (Optional) The range of ip-addresses for dynamic assignment to unregistered hosts. | '192.0.2.230 192.0.2.240' | N/A | String | networking.yaml | role::bootstrap, role::dashboard, role::dhcp |
| profile::networks::<networkname>::ipv4::gateway | The IPv4 gateway on the network | '192.0.2.1' | N/A | String | networking.yaml | role::bootstrap, role::dashboard, role::dhcp |
| profile::networks::<networkname>::ipv4::id | The IPv4 network ID. | '192.0.2.0' | N/A | String | networking.yaml | role::bootstrap, role::dashboard, role::dhcp |
| profile::networks::<networkname>::ipv4::mask | The IPv4 network mask | '255.255.255.0' | N/A | String | networking.yaml | role::bootstrap, role::dashboard, role::dhcp |
| profile::networks::<networkname>::ipv4::prefix | The IPv4 CIDR prefix. | '192.0.2.0/24' | N/A | String | networking.yaml | Most roles. Used as a source-net in firewall rules. |
| profile::networks::<networkname>::ipv4::reserved | (Optional) list over address-ranges which the dashboard should not assign to hosts. | - '192.0.2.245-192.0.2.248' | N/A | String | networking.yaml | role::bootstrap, role::dashboard |
| profile::networks::<networkname>::ipv6::prefix | The IPv6 CIDR prefix | '2001:db8:beef:707::/64' | N/A | String | networking.yaml | role::bootstrap, role::postgres::master, role::postgres::slave |
| profile::networks::<networkname>::vlanid | The VLAN ID of the network. | 504 | N/A | Integer | networking.yaml | role::kvm |
Legacy keys
As there still are a couple of puppet profiles expecting the management network to be named management, the following keys are needed:
| Key | Description | Example | Created by | Data-type | Datafile: | Used by |
|---|---|---|---|---|---|---|
| profile::networks::management::ipv4::prefix | IPv4 prefix for management network | "%{hiera('profile::networks::infrastructure::ipv4::prefix')}" | N/A | String | networking.yaml | |
| profile::networks::management::ipv6::prefix | IPv6 prefix for management network | "%{hiera('profile::networks::infrastructure::ipv6::prefix')}" | N/A | String | networking.yaml |
Users
To create users the following general keys are needed:
...