...
| Key | Description | Example | Created by | Data-type | Datafile: | Used by: |
|---|---|---|---|---|---|---|
| profile::networking::rpfilter | Before we used multiple routing-tables on our hosts we had to turn off rpfilter to allow asymmetric routing. Now this should be turned on. | true | N/A | Boolean | networking.yaml | All |
| profile::networking::management::ipv4::prefixes | A list over IPv4 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc. | - '192.0.2.0/26' | N/A | List of strings | networking.yaml | All |
| profile::networking::management::ipv6::prefixes | A list over IPv6 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc. | - '2001:db8:beef:701::/64' | N/A | List of strings | networking.yaml | All |
| profile::ntp::servers | A list over ntp servers to use. | - 'ntp.ntnu.no' | N/A | List of strings | common.yaml | All |
| profile::keepalived::vrrp_password | A password used to secure the vrrp instances | '724EuvohTGOdlcFnLlDV' | pwgen -s -1 20 | String | common.yaml | |
| classes | A list over puppet classes which should be installed on a node. Used when we do not have an ENC, but it is always required. It is thus recommended to have an empty list here if an ENC is used. | [ ] | N/A | List of strings | common.yaml or node-specific file. | All |
Networks
The networks used in the deployment are all described in hiera to ensure that all configuration retrieves the same values when configuring anything network specific. There are one key in hiera which lists all networks:
...
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::redis::master | Name or IP address of initial redis master | 'redis1.cloud.domain.com' or '192.168.100.12' WARNING: If you use DNS name, ensure that the name DOESN'T resolve to 127.0.0.1 at the given redis host, or else this node will not add itself to the redis-sentinel cluster | N/A | String | role::redis |
| profile::redis::masterauth | Password for master communitcation | 'teY.>&3@Ub$X-OGxOFQ7' | pwgen -s -y 20 -1 | String | role::redis role::balancer::management role::sensuserver role::bootstrap |
| profile::redis::nodetype | Defined on each redis-node. Only valid values are 'master' or 'slave' | 'master' | N/A | String | role::redis |
| profile::redis::ip | The IP redis clients should contact redis on. Typically the haproxy ip | '192.168.100.10' or "%{hiera('profile::haproxy::management::ip')}" or redis.cloud.domain.com | N/A | String | roles::sensuserver |
...
| Key | Description | Example | Created by | Data-type | Used by: |
|---|---|---|---|---|---|
| profile::sensu::install | Opt-out for installing sensu. If not set to false, sensu-clients will be installed everywhere | false | N/A | Boolean | All |
| profile::sensu::uchiwa::private_key | Private key for uchiwa JWT creation | Content of generated file | openssl genrsa -out uchiwa.rsa 2048 | String | role::sensuserver |
| profile::sensu::uchiwa::public_key | Public key for uchiwa JWT creation | Content of generated file | openssl rsa -in uchiwa.rsa -pubout > uchiwa.rsa.pub | String | role::sensuserver |
| profile::sensu::uchiwa::password | Password for default (and only) user 'sensu' in Uchiwa | 'g00dp@$$w0rd' | pwgen -s -y 20 1 | String | role::sensuserver |
| profile::sensu::uchiwa::fqdn | FQDN for uchiwa web frontend (not FQDN for the server running an instance of it) | 'sensu.cloud.domain.com' | N/A | String | role::sensuserver, role::bootstrap, role::balancer::mangement |
| profile::sensu::rabbit_password | Password for sensu user at the /sensu rabbitmq vhost. Needed for rabbitmq servers, sensu servers AND all sensu clients. | 'g00dp@$$w0rd' | pwgen -s -y 20 1 | String | All |
| profile::sensu::mailer::url | URL to Uchiwa web frontend, that will appear in e-mails from Sensu | "http://%{hiera('profile::sensu::uchiwa::fqdn')}" | N/A | String | role::sensuserver |
| profile::sensu::mailer::mail_from | The address sensu will send e-mail alerts from | 'sensu@sensu.domain.com' | N/A | String | role::sensuserver |
| profile::sensu::mailer::mail_to | List of addresses that sensu will send e-mail alerts to | - 'sysadmin1@cloud.domain.com' - 'sysadmin2@cloud.domain.com' | N/A | List of strings | role::sensuserver |
| profile::sensu::mailer::smtp_address | Outgoing SMTP server mail alerts | 'smtp.cloud.domain.com' | N/A | String | role::sensuserver |
| profile::sensu::mailer::smtp_port | TCP port used for connections to the given SMTP server | 25 | N/A | Integer | role::sensuserver |
| profile::sensu::mailer::smtp_domain | SMTP domain | 'cloud.domain.com' | N/A | String | role::sensuserver |
| profile::sensu::plugins | The plugins listed here will be installed on all clients. OBS: The example value is actually mandatory, because the checks tagged with 'all' in profile::sensu::checks rely on them. Puppet will not fail without defining this key, but none of the cheks will make any sense... | - 'sensu-plugins-disk-checks' | N/A | List of strings | All |
| sensu::redact | Values that match the patterns in this list will be redacted in all output from sensu | - 'password' | N/A | List of strings | All |
| sensu::subscriptions | Which checks a sensu-client should subscribe to. This is typically set per node. By default, a sensu-client will subscribe to checks tagged with 'all', and if the client is a physical server, it will also subscribe to 'physical-servers' | - 'mysql' - 'rabbitmq' - 'roundrobin:ceph' | N/A | List of strings | All |
| sensu::client_custom | If you want to override parameters for check command. I.e thresholds, specifying passowrd etc. This where you do that. Should only be set per node | 'load': warning: "8,4,2" critical: "16,8,4" 'mysql': password: "%{hiera('profile::mysqlcluster::status_password')}" 'disk': mountpoints: '/,/home,/var' | N/A | List of hashes | All (or, more precise, just the client you add this key to) |
...