...
| Key | Description | Example | Created by | Data-type | Datafile: | Used by: |
|---|---|---|---|---|---|---|
| profile::networking::rpfilter | Before we used multiple routing-tables on our hosts we had to turn off rpfilter to allow asymmetric routing. Now this should be turned on. | true | N/A | Boolean | networking.yaml | All |
| profile::networking::management::ipv4::prefixes | A list over IPv4 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc. | - '192.0.2.0/26' | N/A | List of strings | networking.yaml | All |
| profile::networking::management::ipv6::prefixes | A list over IPv6 prefixes for networks where management stations are found. Used to configure the firewall for SSH, stats-pages etc. | - '2001:db8:beef:701::/64' | N/A | List of strings | networking.yaml | All |
| profile::ntp::servers | A list over ntp servers to use. | - 'ntp.ntnu.no' | N/A | List of strings | common.yaml | All |
| profile::keepalived::vrrp_password | A password used to secure the vrrp instances | '724EuvohTGOdlcFnLlDV' | pwgen -s -1 20 | String | common.yaml | |
| classes | A list over puppet classes which should be installed on a node. Used when we do not have an ENC, but it is always required. It is thus recommended to have an empty list here if an ENC is used. | [ ] | N/A | List of strings | common.yaml or node-specific file. | All |
| profile::productionlevel | Which production-level is this installation? "prod", "test" or "dev"? | 'dev' | N/A | String | common.yaml | All |
| profile::baseconfig::smtp_relay | An SMTP relay which the server can use to send mail | 'smtp.example.com' | N/A | String | common.yaml | All |
| profile::baseconfig::maildomain | The domain the server sends mail from | 'example.com' | N/A | String | common.yaml | All |
Networks
The networks used in the deployment are all described in hiera to ensure that all configuration retrieves the same values when configuring anything network specific. There are one key in hiera which lists all networks:
...
| Key | Description | Example | Created by | Data-type | Datafile: | Used by: |
|---|---|---|---|---|---|---|
| profile::haproxy::web::profile | Which web profile should this haproxy node have | 'management' | N/A | String | node-specific | role::bootstrap, role::balancer::* |
| profile::haproxy::${profile}::ipv4 | The IPv4 address used in front og the loadbalancer used for managemnet services | '192.0.2.151' | N/A | String | networking.yaml | role::bootstrap, role::puppet::db, role::puppet::server, role::mysql, role::balancer::management |
| profile::haproxy::${profile}::ipv4::id | The VRRP id used by the IPv4 VRRP instance. | 11 | N/A | Integer | networking.yaml | role::bootstrap, role::balancer::management |
| profile::haproxy::${profile}::ipv4::priority | The VRRP priority used by the IPv4 VRRP instance. | 10 | N/A | Integer | networking.yaml | role::bootstrap, role::balancer::management |
| profile::haproxy::${profile}::ipv6 | The IPv4 address used in front og the loadbalancer used for managemnet services | '2001:db8:beef:707::7b1' | N/A | String | networking.yaml | role::bootstrap, role::puppet::db, role::puppet::server, role::mysql, role::balancer::management |
| profile::haproxy::${profile}::ipv6::id | The VRRP id used by the IPv6 VRRP instance. | 12 | N/A | Integer | networking.yaml | role::bootstrap, role::balancer::management |
| profile::haproxy::${profile}::ipv6::priority | The VRRP priority used by the IPv6 VRRP instance. | 10 | N/A | Integer | networking.yaml | role::bootstrap, role::balancer::management |
| profile::haproxy::${profile}::domains | Which domains haproxy should forward for in frontend "ft_web" for given profile | -'foo.com' -'bar.foo.com' | N/A | List of strings | common.yaml | role::balancer::* |
| profile::haproxy::management::apicert | A .pem certificate bundle with private key, CAcert and server cert | tl;dr | cat private_key.key server.crt ca.crt > haproxy_web.pem The order is important! TLS from CertManager: Choose the "as Certificate (w/ issuer after)" alternative | Multiline string | certs.yaml | role::bootstrap, role::balancer::management |
| profile::haproxy::services::apicert | A .pem certificate bundle with private key, CAcert and server cert | tl;dr | cat private_key.key server.crt ca.crt > haproxy_web.pem The order is important! TLS from CertManager: Choose the "as Certificate (w/ issuer after)" alternative | Multiline string | certs.yaml | role::bootstrap, role::balancer::services |
| profile::haproxy::${profile}::webcert | A .pem certificate bundle with private key, CAcert and server cert | tl;dr | cat private_key.key server.crt ca.crt > haproxy_web.pem The order is important! TLS from CertManager: Choose the "as Certificate (w/ issuer after)" alternative | Multiline string | certs.yaml | role::balancer::*
|
| profile::haproxy::management::apicert::certfile | Filepath and name for the apicert bundle | '/etc/ssl/private/haproxy_web.pem' | N/A | String | certs.yaml | role::balancer::web |
...