Page History

...

There are quite a bit of data which are not associated to a specific service, but are rather used by various modules, and should thus generally allways be present:

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::networking::rpfilter	Before we used multiple routing-tables on our hosts we had to turn off rpfilter to allow asymmetric routing. Now this should be turned on.	true	N/A	Boolean	networking.yaml	All
profile::networking::management::ipv4::prefixes	A list over IPv4 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc.	- '192.0.2.0/26'	N/A	List of strings	networking.yaml	All
profile::networking::management::ipv6::prefixes	A list over IPv6 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc.	- '2001:db8:beef:701::/64'	N/A	List of strings

All

Networks

The networks used in the deployment are all described in hiera to ensure that all configuration retrieves the same values when configuring anything network specific. There are one key in hiera which lists all networks:

networking.yaml	All
profile::ntp::servers	A list over ntp servers to use.	- 'ntp.ntnu.no'

KeyDescriptionExampleCreated byData-type

Used by:

profile::networksA list over networks in this deployment. The values in this list is used as keys to retrieve the rest of the parameters.- 'management'

N/A

List of

Stringsrole::bootstrap, role::dashboard, role::kvm, role::dhcp

For each of the neworks listed in "profile::networks" the following keys should exist:

strings	common.yaml	All
profile::keepalived::vrrp_password	A password used to secure the vrrp instances	'724EuvohTGOdlcFnLlDV'	pwgen -s -1 20	String	common.yaml
classes	A list over puppet classes which should be installed on a node. Used when we do not have an ENC, but it is always required. It is thus recommended to have an empty list here if an ENC is used.	[ ]	N/A	List of strings	common.yaml or node-specific file.	All
profile::productionlevel	Which production-level is this installation? "prod", "test" or "dev"?	'dev'	N/A	String	common.yaml	All
profile::baseconfig::smtp_relay	An SMTP relay which the server can use to send mail	'smtp.example.com

KeyDescriptionExampleCreated byData-type

Used by

profile::networks::<networkname>::domainThe network-specific domain-name.'management.example.com'N/AStringrole::bootstrap, role::dashboardprofile::networks::<networkname>::ipv4::dynamicrange(Optional) The range of ip-addresses for dynamic assignment to unregistered hosts.'192.0.2.230 192.0.2.240

'

N/A

String

role::bootstrap, role::dashboard, role::dhcp

common.yaml	All
profile::

networks

baseconfig::

<networkname>::ipv4::gateway

maildomain

The

IPv4 gateway on the network

domain the server sends mail from

'

192.0.2.1

example.com'

N/A

String

role::bootstrap, role::dashboard, role::dhcpprofile::networks::<networkname>::ipv4::idThe IPv4 network ID.'192.0.2.0'N/AStringrole::bootstrap, role::dashboard, role::dhcpprofile::networks::<networkname>::ipv4::maskThe IPv4 network mask'255.255.255.0'

common.yaml

All

Networks

The networks used in the deployment are all described in hiera to ensure that all configuration retrieves the same values when configuring anything network specific. There are one key in hiera which lists all networks:

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::networks	A list over networks in this deployment. The values in this list is used as keys to retrieve the rest of the parameters.	- 'management'	N/A	List of Strings	networking.yaml

N/AString

role::bootstrap, role::dashboard, role::kvm, role::dhcp

For each of the neworks listed in "profile::networks" the following keys should exist:

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::

networks::

ipv4

<networkname>::

prefix

domain

The

IPv4 CIDR prefix

network-specific domain-name.

'

192

management.

0.2.0/24'

example.com'

N/A

String

Most roles. Used as a source-net in firewall rules.

networking.yaml	role::bootstrap, role::dashboard
profile::networks::<networkname>::ipv4::

reserved

dynamicrange

(Optional)

list over address-ranges which the dashboard should not assign to

The range of ip-addresses for dynamic assignment to unregistered hosts.

-

'192.0.2.

245-

230 192.0.2.

248

240'	N/A	String	networking.yaml	role::bootstrap, role::dashboard, role::dhcp
profile::networks::<networkname>::

ipv6

ipv4::

prefix

gateway

The

IPv6 CIDR prefix

IPv4 gateway on the network

'192.0.2.1

'2001:db8:beef:707::/64

'

N/A

String

networking.yaml

role::bootstrap, role::

postgres::master

dashboard, role::

postgres::slave

dhcp

profile::networks::<networkname>::

vlanid

ipv4::id

The

VLAN

IPv4 network ID

of the network

.

504

'192.0.2.0'

N/A

Integer

String

networking.yaml

role::bootstrap, role::

kvm

Ceph

These keys will be subject to change, when they get to be a part of new roles

KeyDescriptionExampleCreated byData-typeUsed by:

dashboard, role::dhcp

profile::

ceph

networks::<networkname>::ipv4::

fsidUUID for cluster'23a2d131-99f7-4ad0-9fb4-1977f59ce530'uuidgen

mask

The IPv4 network mask

'255.255.255.0'

N/A

String

networking.yaml

String

role::

controller

bootstrap,

role::

compute

dashboard,

role::

storage

dhcp

profile::networks::<networkname>::

ceph

ipv4::

replicasAmount of replicas in cluster3

prefix

The IPv4 CIDR prefix.

'192.0.2.0/24'

N/A

Integer

role::controller,
role::compute,
role::storage

profile::ceph::journal::sizeSize of journal (not relevant in luminous(?)) in MB15800

String	networking.yaml	Most roles. Used as a source-net in firewall rules.
profile::networks::<networkname>::ipv4::reserved	(Optional) list over address-ranges which the dashboard should not assign to hosts.	- '192.0.2.245-192.0.2.248'	N/A

Integer

String

networking.yaml

role::controller,

role::

compute

bootstrap,

role::

storage

dashboard

profile::

ceph

networks::

admin_keyAdmin key

'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='

<networkname>::ipv6::prefix

The IPv6 CIDR prefix

'2001:db8:beef:707::/64'

N/A

String

networking.yaml

ceph-authtool --gen-print-keyString

role::

controller

bootstrap,

role::postgres::

compute

master,

role::

storage

postgres::slave

profile::

ceph

networks::<networkname>::

monitor_keyceph-mon key

'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='

ceph-authtool --gen-print-keyStringrole::controller,
role::computeprofile::ceph::mgr_keyceph-mgr key

'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='

ceph-authtool --gen-print-keyString

role::controller

profile::ceph::osd_bootstrap_keyceph-osd bootstrap key

'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='

ceph-authtool --gen-print-keyString

role::controller,
role::storage

profile::ceph::glance_keyglance key

'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='

ceph-authtool --gen-print-keyStringrole::controller
(glance hosts)profile::ceph::nova_keynova (and cinder) key

'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='

ceph-authtool --gen-print-keyStringrole::controller,
role::compute
(nova hosts)
(cinder hosts)profile::ceph::nova_uuidUUID for nova/libvrt and cinder'23a2d131-99f7-4ad0-9fb4-1977f59ce530'uuidgenStringrole::controller,
role::compute
(nova and cinder hosts)profile::ceph::cluster_networkCeph frontend network'172.17.2.0/24'N/AStringrole::storageprofile::ceph::public_networkCeph backend (replication) network'172.17.3.0/24'N/AStringrole::storage

Dashboard

The general configuration of the dashboard are based on the following keys:

Key	Description	Example	Created by	Data-type	Used by:
profile::dashboard::django::secret	A secret key used for misc. security features in the django backend. Should be the same on all dashboard servers	'pM[`SiZd'=+ycXOAKm`srXY?@8DRw=BVdQXg$blHD"RD\2iv97'	pwgen -s -y 50 -1	String	role::bootstrap, role::dashboard
profile::dashboard::name	The DNS name used to access the dashboard. This name should have an A and AAAA record configured with the address of the dashboard server (or loadbalancer).	'dashboard.example.com'	N/A	String	role::bootstrap, role::dashboard
profile::dashboard::name::v4only	A DNS name wich also points to the dashboard, but this name should only resolve to an IPv4 address. This is because of some processes currently only works over IPv4 (Authorization of the retrieval of PXE preseed files for example)	'v4dashboard.example.com'	N/A	String	role::bootstrap, role::dashboard
profile::dashboard::ldap::url	The url for the LDAP server used for authentication.	'ldaps://ldap.example.com:636'	N/A	String	role::bootstrap, role::dashboard
profile::dashboard::ldap::search_base	LDAP search base	'OU=Users,DC=ldap,DC=example,DC=com'	N/A	String	role::bootstrap, role::dashboard
profile::dashboard::ldap::domain	LDAP domain nam	'example-com'	N/A	String	role::bootstrap, role::dashboard

There are also some keys which have a suggested value wich should work for all installations, but are still included in hiera for flexibility:

Key	Description	Suggested value	Data-type	Used by:
profile::dashboard::api	A HTTP link used by external clients connecting to the dashboard.	'http://%{hiera('profile::dashboard::name::v4only')}'	String	role::bootstrap, role::dashboard
profile::dashboard::datadir	A location where the dashboard can store files.	'/var/lib/machineadmin'	String	role::bootstrap, role::dashboard

Database

vlanid

The VLAN ID of the network.

504

N/A

Integer

networking.yaml

role::kvm

Legacy keys

As there still are a couple of puppet profiles expecting the management network to be named management, the following keys are needed:

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::networks::management::ipv4::prefix	IPv4 prefix for management network	"%{hiera('profile::networks::infrastructure::ipv4::prefix')}"	N/A	String	networking.yaml
profile::networks::management::ipv6::prefix	IPv6 prefix for management network	"%{hiera('profile::networks::infrastructure::ipv6::prefix')}"	N/A	String	networking.yaml

Users

To create users the following general keys are needed:

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::users	A list over usernames which puppet should configure users for	- 'eigil'	N/A	List of Strings	users.yaml	All machines

For each username the following keys should be created.

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::user::<username>::uid	The user-id	801	N/A	Integer	users.yaml	All machines
profile::user::<username>::groups	A list over groups the user should belong to.	- 'sudo'	N/A	List of strings	users.yaml	All machines
profile::user::<username>::hash	The password-hash to be injected into /etc/shadow			String	users.yaml	All machines
profile::user::<username>::keys	List over ssh-keys which should be added to the users authorized_keys		N/A	List of strings	users.yaml	All machines
profile::user::<username>::key::<keyname>	A specific ssh key. Needs one for each key listed in profile::user::<username>::keys		N/A	String	users.yaml	All machines

Ceph

These keys will be subject to change, when they get to be a part of new roles

Key	Description	Example	Created by	Data-type	Used by:
profile::ceph::fsid	UUID for cluster	'23a2d131-99f7-4ad0-9fb4-1977f59ce530'	uuidgen	String	role::controller, role::compute, role::storage
profile::ceph::replicas	Amount of replicas in cluster	3	N/A	Integer	role::controller, role::compute, role::storage
profile::ceph::journal::size	Size of journal (not relevant in luminous(?)) in MB	15800	N/A	Integer	role::controller, role::compute, role::storage
profile::ceph::admin_key	Admin key	'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='	ceph-authtool --gen-print-key	String	role::controller, role::compute, role::storage
profile::ceph::monitor_key	ceph-mon key	'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='	ceph-authtool --gen-print-key	String	role::controller, role::compute
profile::ceph::mgr_key	ceph-mgr key	'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='	ceph-authtool --gen-print-key	String	role::controller
profile::ceph::osd_bootstrap_key	ceph-osd bootstrap key	'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='	ceph-authtool --gen-print-key	String	role::controller, role::storage
profile::ceph::glance_key	glance key	'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='	ceph-authtool --gen-print-key	String	role::controller (glance hosts)
profile::ceph::nova_key	nova (and cinder) key	'AQCIhy9a9ozCKhAApX5UoAnjad+KZ4VzWxBYJQ=='	ceph-authtool --gen-print-key	String	role::controller, role::compute (nova hosts) (cinder hosts)
profile::ceph::nova_uuid	UUID for nova/libvrt and cinder	'23a2d131-99f7-4ad0-9fb4-1977f59ce530'	uuidgen	String	role::controller, role::compute (nova and cinder hosts)
profile::ceph::cluster_network	Ceph frontend network	'172.17.2.0/24'

KeyDescriptionExampleCreated byData-type

Used by:

profile::dashboard::database::typeThe database type.'mysql' or 'sqlite'N/AStringrole::bootstrap, role::dashboardprofile::dashboard::database::nameThe database name (for mysql) or location (for sqlite)'dashboard' or '/var/dashboard.sqlite'N/AStringrole::bootstrap, role::dashboardprofile::dashboard::database::userThe database username

'dashboard'

N/AStringrole::bootstrap, role::dashboardprofile::dashboard::database::passThe database password'x&1/7LjWbz:i<:W&p+PG'pwgen -s -y 20 -1Stringrole::bootstrap, role::dashboardprofile::dashboard::database::hostThe database host. Could be a static string, or a hiera lookup.'mysql.example.com', '192.0.2.38' or "%{hiera('profile::haproxy::management::ip')}"

N/A

String

role::

bootstrap, role::dashboard

DHCP configuration:

storage
profile::ceph::public_network	Ceph backend (replication) network	'172.17.3.0/24'	N/A	String	role::storage

Dashboard

The general configuration of the dashboard are based on the following keysThe dashboard needs the keys listed at the section DHCP server in addition to the following keys to configure the DHCP servers:

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::dashboard::

dhcp

django::

servers

secret

A

list of hashes describing the dhcp servers. Key=DHCP-Server-name and value=DHCP-IPv4'dhcp1': '192.0.2.21'N/A

secret key used for misc. security features in the django backend. Should be the same on all dashboard servers

NB: The pwgen command lacks -y because some special characters will cause errors

'9tAMGEAEO4ln3t3PEXvN7dJov5SlbKU5AxxkSO50WQH6yIMt8X'

pwgen -s 50 -1

String

common.yaml

List of hashes

role::bootstrap, role::dashboard

DNS configuration:

The Dashboard requires some keys listed under the section DNS-Server, in addition to the following keys:

profile::dashboard::name	The DNS name used to access the dashboard. This name should have an A and AAAA record configured with the address of the dashboard server (or loadbalancer).	'dashboard.example.com'	N/A	String	common.yaml	role::bootstrap, role::dashboard
profile::dashboard::name::v4only	A DNS name wich also points to the dashboard, but this name should only resolve to an IPv4 address. This is because of some processes currently only works over IPv4 (Authorization of the retrieval of PXE preseed files for example)	'v4dashboard.example.com'	N/A	String	common.yaml

KeyDescriptionExampleCreated byData-type

Used by:

profile::dns::<shortname>::keyThe TSIG key used for updates sent to this server. It can be useful to let this be a hiera-lookup for the zones managed by our own DNS servers.

'UvetjoX5zMiw/NbQr3biug=='

"%{hiera('profile::dns::key::update')}"

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname>String

role::bootstrap, role::dashboard

PXE-Booting

The dashboard and the DHCP servers are together providing a pxeboot environment where we boot and install operatingsystem images.

profile::dashboard::ldap::url	The url for the LDAP server used for authentication.	'ldaps://ldap.example.com:636'	N/A	String	common.yaml	role::bootstrap, role::dashboard
profile::dashboard::ldap::search_base	LDAP search base	'OU=Users,DC=ldap,DC=example,DC=com'	N/A	String	common.yaml

KeyDescriptionExampleCreated byData-type

Used by:

profile::pxe::imagesA list over image short-names (ID's used to identify images later).- '1604amd64'N/AList of strings

role::bootstrap, role::

dhcp

dashboard

profile::

pxe

dashboard::

ldap::

nameA descriptive name of the specific image'Ubuntu 16.04 Server amd64

domain

LDAP domain nam

'example-com'

N/A

String

common.yaml

role::bootstrap, role::

dhcp

dashboard

There are also some keys which have a suggested value wich should work for all installations, but are still included in hiera for flexibility:

Key	Description	Suggested value	Data-type	Datafile:	Used by:
profile::dashboard::api	A HTTP link used by external clients connecting to the dashboard.	'http://%{hiera('profile::dashboard::name::v4only')}'	String	common.yaml

profile::pxe::<shortname>::kernelA URL to the kernel of the specific OS'http://archive.ubuntu.com/ubuntu/dists/xenial-proposed/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/linux'N/AStringrole::bootstrap, role::dhcpprofile::pxe::<shortname>::initrdA URL to the initrd image of the specific OS'http://archive.ubuntu.com/ubuntu/dists/xenial-proposed/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/initrd.gz'N/AString

role::bootstrap, role::

dhcp

DHCP server

...

dashboard
profile::dashboard::datadir	A location where the dashboard can store files.	'/var/lib/shiftleader'	String	common.yaml	role::bootstrap, role::dashboard

Database

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::

dhcp

dashboard::

omapi

database::

key

type

The

omapi key used to update the DHCP servers'omapi_key=='

dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST key_name

String

database type.

'mysql' or 'sqlite'

N/A

String

common.yaml

role::bootstrap, role::dashboard

, role::dhcp

profile::

dhcp

dashboard::

omapi

database::name

The

omapi key name

'key_name'

↑String

database name (for mysql) or location (for sqlite)

'dashboard' or '/var/dashboard.sqlite'

N/A

String

common.yaml

role::bootstrap, role::dashboard

,

profile

role

::

dhcpprofile

dashboard::

dhcp

database::

searchdomain

user

The

default search-domain handed to DHCP clients

database username

'dashboard

'cloud.domain.com

'

N/A

String

common.yaml

role::bootstrap, role::

dhcp

dashboard

profile::dashboard::

dns

database::

resolvers

pass

The

DNS resolvers for clients to use

- '<ip-addres-DNS1>'

- '<ip-address-DNS2>'

N/AList of strings

database password

'x&1/7LjWbz:i<:W&p+PG'

pwgen -s -y 20 -1

String

common.yaml

role::bootstrap, role::

dhcp

DNS server

If you are hosting a DNS server the following keys are needed:

dashboard
profile::dashboard::database::host	The database host. Could be a static string, or a hiera lookup.	'mysql.example.com', '192.0.2.38' or "%{hiera('profile::haproxy::management::ip')}"	N/A	String	common.yaml	role::bootstrap, role::dashboard

DHCP configuration:

The dashboard needs the keys listed at the section DHCP server in addition to the following keys to configure the DHCP servers:

Key	Description	Example	Created by	Data-type	Datafile	Used by:
profile::dhcp::servers	A list of hashes describing the dhcp servers. Key=DHCP-Server-name and value=DHCP-IPv4	'dhcp1': '192.0.2.21

KeyDescriptionExampleCreated byData-typeUsed by:profile::dns::forwardersWhich DNS servers your DNS server should use to resolve domainnames where it is not an authorative DNS

- '<ip-addres-DNS1>'

- '<ip-address-DNS2>

'

N/A

List of

stringsrole

hashes

common.yaml

role::bootstrap, role::dashboard

DNS configuration:

The Dashboard requires some keys listed under the section DNS-Server, in addition to the following keys:

Key	Description	Example	Created by	Data-type	Datafile:	Used by:

:dns::master


profile::dns::

key

<shortname>::

transfer

key

The TSIG

keys

key used for

zone-transfers

updates sent to this server. It can be useful to let this be a hiera-lookup for the zones managed by our own DNS servers.

'UvetjoX5zMiw/NbQr3biug=='

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname>Stringrole::bootstrap, role::dns::master, role::dns::slave

"%{hiera('profile::dns::key::update

The TSIG keys used for DNS updates'UvetjoX5zMiw/NbQr3biug=='

')}"

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname>

String

common.yaml

role::bootstrap, role::

dns::master, role::dns::slaveprofile::dns::slavesA list over DNS slave-servers which replicates the zone-files from the main DNS server. The hash is structured as key=Servername and value=DNS-IPv4'ns2.example.com': '192.0.2.130'N/AList of Hashesrole::bootstrap, role::dns::master, role::dns::slaveprofile::dns::zonesA list over DNS zones managed by our DNS servers, or used by our dashboard. The hash is structured as key=DNS-zone and value=DNS-server-shortname.

dashboard

PXE-Booting

The dashboard and the DHCP servers are together providing a pxeboot environment where we boot and install operatingsystem images.

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::pxe::images	A list over image short-names (ID's used to identify images later).	- '1604amd64

'zone.example.com': 'ns1

'

N/A

List of

Hashes

strings

common.yaml

role::bootstrap, role::

dashboard, role

dhcp

profile::

dns

pxe::

master, role

<shortname>::

dns::slave

I addition there are a set of keys which are needed for each DNS server managing a DNS zone used by us. Shortname is here the name used in "profile::dns::zones".

name	A descriptive name of the specific image	'Ubuntu 16.04 Server amd64'	N/A	String	common.yaml	role::bootstrap, role::dhcp
profile::pxe

KeyDescriptionExampleCreated byData-typeUsed by:profile::dns

::<shortname>::

ipv4The IPv4 address of a specific DNS server.'192.0.2.129

kernel

A URL to the kernel of the specific OS

'http://archive.ubuntu.com/ubuntu/dists/xenial-proposed/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/linux'

N/A

String

common.yaml

role::bootstrap, role::

dashboard, role::dns::master, role::dns::slave

dhcp

profile::

dns

pxe::<shortname>::

nameThe fqdn of a specific DNS server'ns1.example.com

initrd

A URL to the initrd image of the specific OS

'http://archive.ubuntu.com/ubuntu/dists/xenial-proposed/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/initrd.gz'

N/A

String

common.yaml

role::bootstrap, role:

:dns::master, role::dns::slave

KVM / Libvirt

Networks

The class role::kvm makes use of the following general purpose keys to auto create OVS bridges, which the VMs can connect to:

profile::networks
profile::networks::${network}::vlanid

In addition every KVM host needs to specify which physical interface(s) that carries the networks specified in the profile::networks key

Key

Description

Example

Created by

Data-type

Used by:

profile::kvm::interfaces::<networkname>

Example:

profile::kvm::interfaces::management

Name of the physical interfaces that carries the given networkname.

Multiple networks can have the same physical interface, which will be the case if the NIC is connected to a VLAN trunk port.

'eno2'

N/A

String

role::kvm

Haproxy

We use haproxy to loadbalance multiple of our services. It needs the following keys present in hiera to work:

:dhcp

DHCP server

When running DHCP servers, the following keys are needed:

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::dhcp::omapi::key	The omapi key used to update the DHCP servers	'omapi_key=='	dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST key_name	String	common.yaml	role::bootstrap, role::dashboard, role::dhcp
profile::dhcp::omapi::name	The omapi key name	'key_name'	↑	String	common.yaml	role::bootstrap, role::dashboard, role::dhcp
profile::dhcp::searchdomain	The default search-domain handed to DHCP clients	'cloud.domain.com'	N/A	String	common.yaml	role::bootstrap, role::dhcp
profile::dns::resolvers	The DNS resolvers for clients to use	- '<ip-addres-DNS1>' - '<ip-address-DNS2>'	N/A	List of strings	common.yaml

KeyDescriptionExampleCreated byData-typeUsed by:profile::haproxy::management::ipv4The IPv4 address used in front og the loadbalancer used for managemnet services'192.0.2.151' N/AString

role::bootstrap, role::

puppet::db, role::puppet::server, role::mysql, role::balancer::managementprofile::haproxy::management::ipv4::idThe VRRP id used by the IPv4 VRRP instance.11N/AInteger

dhcp

DNS server

If you are hosting a DNS server the following keys are needed:

Key

Description

Example

Created by

Data-type

Datafile:

Used by:

profile::dns::forwarders

Which DNS servers your DNS server should use to resolve domainnames where it is not an authorative DNS

- '<ip-addres-DNS1>'

- '<ip-address-DNS2>'

N/A

List of strings

common.yaml

role::bootstrap, role::

balancer

dns::

management

master

profile::

haproxy

dns::

management

key::

ipv4::priorityThe VRRP priority used by the IPv4 VRRP instance.10 N/AInteger

transfer

The TSIG keys used for zone-transfers

'UvetjoX5zMiw/NbQr3biug=='

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname>

String

common.yaml

role::bootstrap, role::dns::master, role::

balancer

dns::

management

slave

profile::

haproxy

dns::

management

key::

ipv6

update

The

IPv4 address used in front og the loadbalancer

TSIG keys used for

managemnet services'2001:db8:beef:707::7b1'N/A

DNS updates

'UvetjoX5zMiw/NbQr3biug=='

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname>

String

common.yaml

String

role::bootstrap, role::

puppet

dns::

db

master, role::

puppet

dns::

server, role::mysql, role::balancer::management

slave

profile::

haproxy

dns::

management::ipv6::idThe VRRP id used by the IPv6 VRRP instance. 12N/A

slaves

A list over DNS slave-servers which replicates the zone-files from the main DNS server. The hash is structured as key=Servername and value=DNS-IPv4

'ns2.example.com': '192.0.2.130'

N/A

List of Hashes

common.yaml

Integer

role::bootstrap, role::

balancer

dns::

managementprofile

master, role::

haproxy

dns::

management

slave

profile::

ipv6

dns::

priorityThe VRRP priority used by the IPv6 VRRP instance.10N/A

zones

A list over DNS zones managed by our DNS servers, or used by our dashboard. The hash is structured as key=DNS-zone and value=DNS-server-shortname.

'zone.example.com': 'ns1'

N/A

List of Hashes

common.yaml

Integer

role::bootstrap, role::

balancer::management

MySQL

Our mysql cluster uses the following hiera-keys:

dashboard, role::dns::master, role::dns::slave

I addition there are a set of keys which are needed for each DNS server managing a DNS zone used by us. Shortname is here the name used in "profile::dns::zones".

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::dns::<shortname>::ipv4	The IPv4 address of a specific DNS server.	'192.0.2.129

KeyDescriptionExampleCreated byData-type

Used by

profile::mysqlcluster::serversThis is a list over IPv4 addresses used by servers in the cluster. This list are used when a server starts up, to discover at least one of the machines already in the cluster.

- '192.0.2.201'

N/AStringrole::bootstrap, role::mysqlprofile::mysqlcluster::masterThe fqdn of one of the mysql-servers. This are in theory used by the puppet-galera module to start one server in case all servers are down.'mysql1.example.com

'

N/A

String

common.yaml

role::bootstrap, role::dashboard, role::dns::

mysql

master, role::dns::slave

profile::dns::

mysqlcluster

<shortname>::

root_passwordThis is the password of the mysql root user'OwT$Etc$=|;h(=upip#3'pwgen -s -y 20 -1

name

The fqdn of a specific DNS server

'ns1.example.com'

N/A

String

common.yaml

String

role::bootstrap, role::

mysqlprofile::mysqlcluster::status_passwordThis is the password of the mysql status user

';^8P"M,Oem6le\T"am!0'

pwgen -s -y 20 -1Stringrole::bootstrap, role::mysqlprofile::mysqlcluster::haproxy_passwordThis is the password of the mysql haproxy user. This user is so that haproxy can create more robust checks than just see if port 3306 is open.'4g36-&jHNFF?J-7yQZHa'pwgen -s -y 20 -1Stringrole::bootstrap, role::mysql

Postgres

dns::master, role::dns::slave

KVM / Libvirt

Networks

The class role::kvm makes use of the following general purpose keys to auto create OVS bridges, which the VMs can connect to:

profile::networks
profile::networks::${network}::vlanid

In addition every KVM host needs to specify which physical interface(s) that carries the networks specified in the profile::networks keyOur postgres servers uses the following hiera keys:

Key	Description	Example	Created by	Data-type	Used by:
profile::

postgres::ipv4The IPv4 address to use in front of the postgres servers.'192.0.2.204'N/A Stringrole::bootstrap, role::postgres::master, role::postgres::slave, role::puppet::dbprofile::postgres::ipv4::idThe VRRP id to use for the VRRP instance negotiating for postgres's IPv4 address13N/AIntegerrole::bootstrap, role::postgres::master, role::postgres::slaveprofile::postgres::ipv4::priorityThe VRRP priority to use for the VRRP instance negotiating for postgres's IPv4 address10N/A

kvm::interfaces::<networkname>

Example:

profile::kvm::interfaces::management

Name of the physical interfaces that carries the given networkname.

Multiple networks can have the same physical interface, which will be the case if the NIC is connected to a VLAN trunk port.

'eno2'

N/A

String

role::kvm

Haproxy

We use haproxy to loadbalance multiple of our services. It needs the following keys present in hiera to work:

Key	Description	Example	Created by	Data-type	Datafile:	Used by:
profile::haproxy::web::profile	Which web profile should this haproxy node have	'management'	N/A	String	node-specific

Integer

role::bootstrap, role::

postgres

balancer::

master, role

*

profile::

postgres

haproxy::

slave

${profile}::

postgres::ipv6

ipv4

The

IPv6

IPv4 address

to use

used in front

of the postgres servers.'2001:db8:beef:707::9:6591'N/A

og the loadbalancer used for managemnet services

'192.0.2.151'

N/A

String

networking.yaml

String

role::bootstrap, role::

postgres

puppet::

master

db, role::

postgres

puppet::server, role::

slave

mysql, role::

puppet

balancer::

db

management

profile::haproxy::

postgres

${profile}::

ipv6

ipv4::id

The VRRP id

to use for

used by the IPv4 VRRP instance

negotiating for postgres's IPv6 address14

.

11

N/A

Integer

networking.yaml

role::bootstrap, role::

postgres

balancer::

master, role

management

profile::

postgres

haproxy::

slave

${profile}::

postgres::ipv6

ipv4::priority

The VRRP priority

to use for

used by the IPv4 VRRP instance

negotiating for postgres's IPv6 address

.

10

N/A

Integer

networking.yaml

role::bootstrap, role::

postgres

balancer::

master, role

management

profile::

postgres

haproxy::

slave

${profile}::

postgres::masterserverA fqdn identifying the postgres server which is supposed to be the master. This affects which servers are going to create databases and users.

ipv6

The IPv4 address used in front og the loadbalancer used for managemnet services

'2001:db8:beef:707::7b1

'pgsql1.example.com

'

N/A

String

networking.yaml

role::bootstrap, role::puppet::db, role::puppet::

postgres

server, role::

master

mysql, role::

postgres

balancer::

slave

management

profile::haproxy::${profile}::

postgres

ipv6::

password

id

The

password for the "postgres" postgresql user.'d4Cwfl)W}onosE~Y[]G,'pwgen -s -y 20 -1

VRRP id used by the IPv6 VRRP instance.

12

N/A

Integer

networking.yaml

String

role::bootstrap, role::

postgres

balancer::

master, role

management

profile::

postgres

haproxy::

slave

${profile}::

postgres

ipv6::

replicatorpassword

priority

The

password

VRRP priority used

for the "replicator" postgresql user.'Gz,j*>Qt'dF{-\Sr4N-_'pwgen -s -y 20 -1

by the IPv6 VRRP instance.

10

N/A

Integer

networking.yaml

String

role::bootstrap, role::

postgres

balancer::

master, role

management

profile::haproxy::

postgres

${profile}::

slave

Puppet

These are our puppet-related hiera keys:

Key	Description	Example	Created by	Data-type	Used by
profile::puppet::aptkey	The gpg key used to authenticate the puppetlabs apt repository	'6F6B15509CF8E59E6E469F327F438280EF8D349F'	puppetlabs	String	All
profile::puppet::caserver	The fqdn of the puppetca server	'puppetca.example.com'	N/A	String	All
profile::puppet::environment	The puppet environment a certain host should be configured to use. This needs to be a valid puppet environment, but it will also be owerridden by the ENC, so it is not important exactly which environment are listed her as long as it exists. If you do not use an ENC, this is the puppet environment a client will retrieve config from.	'production'	N/A	String	All
profile::puppet::hostname	This is the fqdn the clients use to contact the puppetmasters.	'puppet.example.com'	N/A	String	All
profile::puppet::r10k::repo	The path to the git-repository which r10k uses to retrieve environments and modules.	'https://github.com/myorg/r10k.git'	N/A	String	role::bootstrap, role::puppet::server, role::puppet::ca
profile::puppet::runinterval	How often the puppet client should run. Given as a string consisting of a number and a prefix (h, m).	'60m'	N/A	String	All
profile::puppetdb::database::name	The name of the postgres database used by puppetdb	'puppetdb'	N/A	String	role::bootstrap, role::puppet::db, role::postgres::master
profile::puppetdb::database::user	The username of the postgres database used by puppetdb	'puppetdb'	N/A	String	role::bootstrap, role::puppet::db, role::postgres::master
profile::puppetdb::database::pass	The password of the postgres database used by puppetdb	'teY.>&3@Ub$X-OGxOFQ7'	pwgen -s -y 20 -1	String	role::bootstrap, role::puppet::db, role::postgres::master
profile::puppetdb::hostname	The hostname which the puppetservers use to contact the puppetdb service	'puppetdb.example.com'	N/A	String	role::bootstrap, role::puppet::server role::puppet::ca

Redis

Key	Description	Example	Created by	Data-type	Used by:
profile::redis::master	Name or IP address of initial redis master	'redis1.cloud.domain.com' or '192.168.100.12' WARNING: If you use DNS name, ensure that the name DOESN'T resolve to 127.0.0.1 at the given redis host, or else this node will not add itself to the redis-sentinel cluster	N/A	String	role::redis
profile::redis::masterauth	Password for master communitcation	'teY.>&3@Ub$X-OGxOFQ7'	pwgen -s -y 20 -1	String	role::redis role::balancer::management role::sensuserver
profile::redis::nodetype	Defined on each redis-node. Only valid values are 'master' or 'slave'	'master'	N/A	String	role::redis
profile::redis::ip	The IP redis clients should contact redis on. Typically the haproxy ip	'192.168.100.10' or "%{hiera('profile::haproxy::management::ip')}" or redis.cloud.domain.com	N/A	String	roles::sensuserver

Sensu

domains	Which domains haproxy should forward for in frontend "ft_web" for given profile	-'foo.com' -'bar.foo.com'	N/A	List of strings	common.yaml	role::balancer::*
profile::haproxy::management::apicert	A .pem certificate bundle with private key, CAcert and server cert	tl;dr	cat private_key.key server.crt ca.crt > haproxy_web.pem The order is important! TLS from CertManager: Choose the "as Certificate (w/ issuer after)" alternative	Multiline string	certs.yaml	role::bootstrap, role::balancer::management
profile::haproxy::services::apicert	A .pem certificate bundle with private key, CAcert and server cert	tl;dr	cat private_key.key server.crt ca.crt > haproxy_web.pem The order is important! TLS from CertManager: Choose the "as Certificate (w/ issuer after)" alternative	Multiline string	certs.yaml	role::bootstrap, role::balancer::services
profile::haproxy::${profile}::webcert	A .pem certificate bundle with private key, CAcert and server cert	tl;dr	cat private_key.key server.crt ca.crt > haproxy_web.pem The order is important! TLS from CertManager: Choose the "as Certificate (w/ issuer after)" alternative	Multiline string	certs.yaml	role::balancer::*
profile::haproxy::management::apicert::certfile	Filepath and name for the apicert bundle	'/etc/ssl/private/haproxy_web.pem'	N/A	String	certs.yaml	role::balancer::web

Munin

Key

Description

Example

Created by

Data-type

Datafile

Used by

profile::munin::urls

List of FQDNs the munin server should create a vhost in apache for.

Typically - set the "world reachable" FQDN in common.yaml

Each node will get a vhost with their FQDN automaticly, through the apache class.

Only set a munin url in node specific file if it's different from the servers hostname.

- 'munin.exaxmple.com'

- 'munin1.example.com'

N/A

List of Strings

common.yaml

Node specific

role::munin

MySQL

Our mysql cluster uses the following hiera-keys:

Key	Description	Example	Created by	Data-type	Datafile	Used by
profile::mysqlcluster::servers	This is a list over IPv4 addresses used by servers in the cluster. This list are used when a server starts up, to discover at least one of the machines already in the cluster.	- '192.0.2.201'	N/A	String	common.yaml	role::bootstrap, role::mysql
profile::mysqlcluster::master	The fqdn of one of the mysql-servers. This are in theory used by the puppet-galera module to start one server in case all servers are down.	'mysql1.example.com'	N/A	String	common.yaml	role::bootstrap, role::mysql
profile::mysqlcluster::root_password	This is the password of the mysql root user	'OwT$Etc$=\|;h(=upip#3'	pwgen -s -y 20 -1	String	common.yaml	role::bootstrap, role::mysql
profile::mysqlcluster::status_password	This is the password of the mysql status user	';^8P"M,Oem6le\T"am!0'	pwgen -s -y 20 -1	String	common.yaml	role::bootstrap, role::mysql
profile::mysqlcluster::haproxy_password	This is the password of the mysql haproxy user. This user is so that haproxy can create more robust checks than just see if port 3306 is open.	'4g36-&jHNFF?J-7yQZHa'	pwgen -s -y 20 -1	String	common.yaml	role::bootstrap, role::mysql

Openstack

General keys, shared amongst various Openstack services

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::openstack::foo	foo	foo	N/A	String	openstack.yaml	role::foo

Cinder

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::cinder::foo	foo	foo	N/A	String	openstack.yaml	role::foo

Glance

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::glance::foo	foo	foo	N/A	String	openstack.yaml	role::foo

Heat

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::heat::foo	foo	foo	N/A	String	openstack.yaml	role::foo

Horizon

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::horizon::foo	foo	foo	N/A	String	openstack.yaml	role::foo

Keystone

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::keystone::foo	foo	foo	N/A	String	openstack.yaml	role::foo

Neutron

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::neutron::foo	foo	foo	N/A	String	openstack.yaml	role::foo

Nova

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::nova::foo	foo	foo	N/A	String	openstack.yaml	role::foo

Postgres

Our postgres servers uses the following hiera keys:

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::postgres::ipv4	The IPv4 address to use in front of the postgres servers.	'192.0.2.204'	N/A	String	common.yaml	role::bootstrap, role::postgres::master, role::postgres::slave, role::puppet::db
profile::postgres::ipv4::id	The VRRP id to use for the VRRP instance negotiating for postgres's IPv4 address	13	N/A	Integer	common.yaml	role::bootstrap, role::postgres::master, role::postgres::slave
profile::postgres::ipv4::priority	The VRRP priority to use for the VRRP instance negotiating for postgres's IPv4 address	10	N/A	Integer	common.yaml	role::bootstrap, role::postgres::master, role::postgres::slave
profile::postgres::ipv6	The IPv6 address to use in front of the postgres servers.	'2001:db8:beef:707::9:6591'	N/A	String	common.yaml	role::bootstrap, role::postgres::master, role::postgres::slave, role::puppet::db
profile::postgres::ipv6::id	The VRRP id to use for the VRRP instance negotiating for postgres's IPv6 address	14	N/A	Integer	common.yaml	role::bootstrap, role::postgres::master, role::postgres::slave
profile::postgres::ipv6::priority	The VRRP priority to use for the VRRP instance negotiating for postgres's IPv6 address	10	N/A	Integer	common.yaml	role::bootstrap, role::postgres::master, role::postgres::slave
profile::postgres::masterserver	A fqdn identifying the postgres server which is supposed to be the master. This affects which servers are going to create databases and users.	'pgsql1.example.com'	N/A	String	common.yaml	role::bootstrap, role::postgres::master, role::postgres::slave
profile::postgres::password	The password for the "postgres" postgresql user.	'd4Cwfl)W}onosE~Y[]G,'	pwgen -s -y 20 -1	String	common.yaml	role::bootstrap, role::postgres::master, role::postgres::slave
profile::postgres::replicatorpassword	The password used for the "replicator" postgresql user.	'Gz,j*>Qt'dF{-\Sr4N-_'	pwgen -s -y 20 -1	String	common.yaml	role::bootstrap, role::postgres::master, role::postgres::slave

Puppet

These are our puppet-related hiera keys:

Key	Description	Example	Created by	Data-type	Datafile:	Used by
profile::puppet::aptkey	The gpg key used to authenticate the puppetlabs apt repository	'6F6B15509CF8E59E6E469F327F438280EF8D349F'	puppetlabs	String	common.yaml	All
profile::puppet::caserver	The fqdn of the puppetca server	'puppetca.example.com'	N/A	String	common.yaml	All
profile::puppet::environment	The puppet environment a certain host should be configured to use. This needs to be a valid puppet environment, but it will also be owerridden by the ENC, so it is not important exactly which environment are listed her as long as it exists. If you do not use an ENC, this is the puppet environment a client will retrieve config from.	'production'	N/A	String	common.yaml	All
profile::puppet::hostname	This is the fqdn the clients use to contact the puppetmasters.	'puppet.example.com'	N/A	String	common.yaml	All
profile::puppet::r10k::repo	The path to the git-repository which r10k uses to retrieve environments and modules.	'https://github.com/myorg/r10k.git'	N/A	String	common.yaml	role::bootstrap, role::puppet::server, role::puppet::ca
profile::puppet::runinterval	How often the puppet client should run. Given as a string consisting of a number and a prefix (h, m).	'60m'	N/A	String	common.yaml	All
profile::puppetdb::database::name	The name of the postgres database used by puppetdb	'puppetdb'	N/A	String	common.yaml	role::bootstrap, role::puppet::db, role::postgres::master
profile::puppetdb::database::user	The username of the postgres database used by puppetdb	'puppetdb'	N/A	String	common.yaml	role::bootstrap, role::puppet::db, role::postgres::master
profile::puppetdb::database::pass	The password of the postgres database used by puppetdb NB: The pwgen command lacks -y because some special characters will cause errors	'ys0c85FlLhhfqeteFIfx'	pwgen -s 20 -1	String	common.yaml	role::bootstrap, role::puppet::db, role::postgres::master
profile::puppetdb::hostname	The hostname which the puppetservers use to contact the puppetdb service	'puppetdb.example.com'	N/A	String	common.yaml	role::bootstrap, role::puppet::server role::puppet::ca

Rabbitmq

Key	Description	Example	Created by	Data-type	Datafile	Used by:
profile::rabbitmq::ip	IP address for rabbitmq keepalived VIP	'10.212.132.11'	N/A	String	networking.yaml	role::rabbitmq, role::compute
profile::rabbitmq::vrrp::id	The VRRP id to use for the VRRP instance negotiating for rabbitmq's IPv4 address	12	N/A	Integer	networking.yaml	role::rabbitmq
profile::rabbitmq::vrrp::priority	The VRRP priority to use for the VRRP instance negotiating for rabbitmq's IPv4 address	100	N/A	Integer	networking.yaml or node-specific	role::rabbitmq
profile::rabbitmq::rabbituser	Default user to create in rabbitmq	'rabbit'	N/A	String	common.yaml	role::rabbitmq, role::compute
profile::rabbitmq::rabbitpass	Password for default vhost /		pwgen -s -y 20 -1	String		role::rabbitmq, role::compute
profile::rabbitmq::rabbitsecret	rabbitmq master secret		pwgen -s -y 20 -1	String		role::rabbitmq

Redis

Key	Description	Example	Created by	Data-type	Datafile	Used by:
profile::redis::master	Name or IP address of initial redis master	'redis1.cloud.domain.com' or '192.168.100.12' WARNING: If you use DNS name, ensure that the name DOESN'T resolve to 127.0.0.1 at the given redis host, or else this node will not add itself to the redis-sentinel cluster	N/A	String	common.yaml	role::redis
profile::redis::masterauth	Password for master communitcation	'teY.>&3@Ub$X-OGxOFQ7'	pwgen -s -y 20 -1	String	common.yaml	role::redis role::balancer::management role::sensuserver role::bootstrap
profile::redis::nodetype	Defined on each redis-node. Only valid values are 'master' or 'slave'	'master'	N/A	String	node specific file	role::redis
profile::redis::ip	The IP redis clients should contact redis on. Typically the haproxy ip	'192.168.100.10' or "%{hiera('profile::haproxy::management::ipv4')}" or redis.cloud.domain.com	N/A	String	common.yaml	roles::sensuserver

Sensu

Key	Description	Example	Created by	Data-type	Datafile	Used by:
profile::sensu::install	Opt-out for installing sensu. If not set to false, sensu-clients will be installed everywhere	false	N/A	Boolean	sensu.yaml or node-specific	All
profile::sensu::uchiwa::private_key	Private key for uchiwa JWT creation	Content of generated file	openssl genrsa -out uchiwa.rsa 2048	String	sensu.yaml	role::sensuserver
profile::sensu::uchiwa::public_key	Public key for uchiwa JWT creation	Content of generated file	openssl rsa -in uchiwa.rsa -pubout > uchiwa.rsa.pub	String	sensu.yaml	role::sensuserver
profile::sensu::uchiwa::password	Password for default (and only) user 'sensu' in Uchiwa	'g00dp@$$w0rd'	pwgen -s -y 20 1	String	sensu.yaml	role::sensuserver
profile::sensu::uchiwa::fqdn	FQDN for uchiwa web frontend (not FQDN for the server running an instance of it)	'sensu.cloud.domain.com'	N/A	String	sensu.yaml	role::sensuserver, role::bootstrap, role::balancer::mangement
profile::sensu::rabbit_password	Password for sensu user at the /sensu rabbitmq vhost. Needed for rabbitmq servers, sensu servers AND all sensu clients.	'g00dp@$$w0rd'	pwgen -s -y 20 1	String	sensu.yaml	All
profile::sensu::mailer::url	URL to Uchiwa web frontend, that will appear in e-mails from Sensu	"http://%{hiera('profile::sensu::uchiwa::fqdn')}"	N/A	String	sensu.yaml

KeyDescriptionExampleCreated byData-typeUsed by:profile::sensu::installOpt-out for installing sensu. If not set to false, sensu-clients will be installed everywherefalseN/ABooleanAllprofile::sensu::uchiwa::private_keyPrivate key for uchiwa JWT creationContent of generated file

openssl genrsa -out uchiwa.rsa 2048

String

role::sensuserver

profile::sensu::uchiwa::public_keyPublic key for uchiwa JWT creationContent of generated fileopenssl rsa -in uchiwa.rsa -pubout > uchiwa.rsa.pubString

	role::sensuserver
profile::sensu::

uchiwa

mailer::

passwordPassword for default (and only) user 'sensu' in Uchiwa'g00dp@$$w0rd'pwgen -s -y 20 1

mail_from

The address sensu will send e-mail alerts from

'sensu@sensu.domain.com'

N/A

String

sensu.yaml

String

	role::sensuserver
profile::sensu::

uchiwa::fqdnFQDN for uchiwa web frontend (not FQDN for the server running an instance of it)

mailer::mail_to

List of addresses that sensu will send e-mail alerts to

- 'sysadmin1@cloud.domain.com'

- 'sysadmin2@cloud

'sensu.cloud

.domain.com'

N/A

String

	List of strings	sensu.yaml	role::sensuserver
profile::sensu::mailer::

rabbit_passwordPassword for sensu user at the /sensu rabbitmq vhost. Needed for rabbitmq servers, sensu servers AND all sensu clients.'g00dp@$$w0rd'pwgen -s -y 20 1String

smtp_address

Outgoing SMTP server mail alerts

'smtp.cloud.domain.com'

N/A

String

sensu.yaml

role::sensuserver

All

profile::sensu::mailer::

urlURL to Uchiwa web frontend, that will appear in e-mails from Sensu"http://%{hiera('profile::sensu::uchiwa::fqdn')}"

smtp_port

TCP port used for connections to the given SMTP server

25

N/A

Integer

String

sensu.yaml	role::sensuserver
profile::sensu::mailer::

mail

smtp_

fromThe address sensu will send e-mail alerts from

domain

SMTP domain

'cloud

'sensu@sensu

.domain.com'	N/A	String	sensu.yaml	role::sensuserver
profile::sensu

::mailer::mail_toList of addresses that sensu will send e-mail alerts to

- 'sysadmin1@cloud.domain.com'

- 'sysadmin2@cloud.domain.com'

N/AList of stringsrole::sensuserverprofile::sensu::mailer::smtp_addressOutgoing SMTP server mail alerts'smtp.cloud.domain.com'N/AStringrole::sensuserverprofile::sensu::mailer::smtp_portTCP port used for connections to the given SMTP server25N/AIntegerrole::sensuserverprofile::sensu::mailer::smtp_domainSMTP domain'cloud.domain.com'N/AStringrole::sensuserverprofile::sensu::plugins

The plugins listed here will be installed on all clients.

OBS:

The example value is actually mandatory, because the checks tagged with 'all' in profile::sensu::checks rely on them. Puppet will not fail without defining this key, but none of the cheks will make any sense...

- 'sensu-plugins-disk-checks'
- 'sensu-plugins-load-checks'
- 'sensu-plugins-memory-checks'
- 'sensu-plugins-process-checks'
- 'sensu-plugins-hardware'
- 'sensu-plugins-puppet'
- 'sensu-plugins-dns'
- 'sensu-plugins-ntp'

N/AList of stringsAllsensu::redactValues that match the patterns in this list will be redacted in all output from sensu

- 'password'
- 'pass'
- 'pw'

N/AList of stringsAllsensu::subscriptionsWhich checks a sensu-client should subscribe to. This is typically set per node. By default, a sensu-client will subscribe to checks tagged with 'all', and if the client is a physical server, it will also subscribe to 'physical-servers'

- 'mysql'

- 'rabbitmq'

- 'roundrobin:ceph'

N/AList of stringsAllsensu::client_customIf you want to override parameters for check command. I.e thresholds, specifying passowrd etc. This where you do that. Should only be set per node

'load':

warning: "8,4,2"

critical: "16,8,4"

'mysql':

password: "%{hiera('profile::mysqlcluster::status_password')}"

'disk':

mountpoints: '/,/home,/var'

N/AList of hashesAll (or, more precise, just the client you add this key to)

::plugins	The plugins listed here will be installed on all clients. OBS: The example value is actually mandatory, because the checks tagged with 'all' in profile::sensu::checks rely on them. Puppet will not fail without defining this key, but none of the cheks will make any sense...	- 'sensu-plugins-disk-checks' - 'sensu-plugins-load-checks' - 'sensu-plugins-memory-checks' - 'sensu-plugins-process-checks' - 'sensu-plugins-hardware' - 'sensu-plugins-puppet' - 'sensu-plugins-dns' - 'sensu-plugins-ntp'	N/A	List of strings	sensu.yaml	All
sensu::redact	Values that match the patterns in this list will be redacted in all output from sensu	- 'password' - 'pass' - 'pw'	N/A	List of strings	sensu.yaml	All
sensu::subscriptions	Which checks a sensu-client should subscribe to. This is typically set per node. By default, a sensu-client will subscribe to checks tagged with 'all', and if the client is a physical server, it will also subscribe to 'physical-servers'	- 'mysql' - 'rabbitmq' - 'roundrobin:ceph'	N/A	List of strings	node-specific	All
sensu::client_custom	If you want to override parameters for check command. I.e thresholds, specifying passowrd etc. This where you do that. Should only be set per node	'load': warning: "8,4,2" critical: "16,8,4" 'mysql': password: "%{hiera('profile::mysqlcluster::status_password')}" 'disk': mountpoints: '/,/home,/var'	N/A	List of hashes	node-specific or really anywhere if you configure lookup_options to deep merge	All (or, more precise, just the client you add this key to)
profile::sensu::checks::tlsexpiry	A hash of 'fqdn[:port]' : 'shortname' which should be checked for TLS Expiry	'www.foo.com' : 'foo' 'api.foo.com:8080' : 'api' 'munin.foo.com' : 'munin'	N/A	Hash	sensu.yaml	role::sensuserver
lookup_options:	You might wanna set this in sensu.yaml to allow client_custom settings to be set in multple hiera files without overwriting them with the settings in the top of the hierarchy	sensu::client_custom: merge: strategy: 'deep' merge_hash_arrays: true	N/A	List of hashes	sensu.yaml	All

Page tree

Page History

Versions Compared

Old Version 35

New Version Current

Key

Networks

Networks

Ceph

Dashboard

Database

Legacy keys

Users

Ceph

DHCP configuration:

Dashboard

DNS configuration:

PXE-Booting

DHCP server

Database

DNS server

DHCP configuration:

DNS configuration:

PXE-Booting

KVM / Libvirt

Networks

Haproxy

DHCP server

DNS server

MySQL

Postgres

KVM / Libvirt

Networks

Haproxy

Puppet

Redis

Sensu

Munin

MySQL

Openstack

Cinder

Glance

Heat

Horizon

Keystone

Neutron

Nova

Postgres

Puppet

Rabbitmq

Redis

Sensu