From 674f4c13ec835a2857e7a04b0d6c1d67d15e382f Mon Sep 17 00:00:00 2001 From: "Eric D. Helms" Date: Wed, 18 Sep 2024 16:19:16 -0400 Subject: [PATCH] Split common puppet data into common and internal --- puppet/data/common.yaml | 239 -------------------------------------- puppet/data/internal.yaml | 239 ++++++++++++++++++++++++++++++++++++++ puppet/hiera.yaml | 6 +- 3 files changed, 244 insertions(+), 240 deletions(-) create mode 100644 puppet/data/internal.yaml diff --git a/puppet/data/common.yaml b/puppet/data/common.yaml index 24049f46e..f6dc73d9f 100644 --- a/puppet/data/common.yaml +++ b/puppet/data/common.yaml @@ -4,245 +4,6 @@ profiles::web::stable: '%{alias("stable_release")}' profiles::repo::deb::stable: '%{alias("stable_release")}' profiles::repo::rpm::stable_foreman: '%{alias("stable_release")}' -backup_servicename: 'backups.theforeman.org' -backup_username: 'backup-%{facts.networking.hostname}' -foreman_servicename: 'foreman.theforeman.org' -foreman_url: 'https://%{lookup("foreman_servicename")}' -puppet_servicename: 'puppet.theforeman.org' - -foreman::repo::repo: '3.11' -foreman::serveraliases: - - '%{alias("foreman_servicename")}' - -foreman_proxy::trusted_hosts: - - "foreman01.conova.theforeman.org" -foreman_proxy::foreman_base_url: '%{alias("foreman_url")}' - -jenkins_job_builder::ensure: '6.3.0' - -profiles::backup::receiver::targets: - - redmine01 - - controller01 - - discourse01 - - puppet01 - - foreman01 - -profiles::backup::sender::host: '%{alias("backup_servicename")}' -profiles::backup::sender::ssh_key: 'AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcXYkJr+qZC6tF5TrdBcNdMOMPHMCOR2BdY0YN3yjiYlk68N7KiAUTG85U/zsdiZyzLEJ5QI/YTYahbPsYlgfE=' -profiles::backup::sender::ssh_key_type: 'ecdsa-sha2-nistp256' -profiles::backup::sender::username: '%{alias("backup_username")}' - -restic::backup_timer: 'daily' -restic::type: 'sftp' -restic::host: '%{alias("backup_servicename")}' -restic::id: '%{alias("backup_username")}' -restic::enable_forget: true -restic::forget: - keep-daily: 14 - keep-weekly: 4 -restic::forget_timer: 'weekly' -restic::prune: true -# There are no restic packages in EL7 and the ones in EPEL8/9 are too old -# The ones in Debian are also too old -restic::binary: '/usr/local/bin/restic' -restic::install_method: 'url' -restic::package_version: '0.16.1' - -# Jenkins.instance.pluginManager.plugins.toArray().sort{ plugin -> plugin.getShortName()}.each{ -# plugin -> println (" - '${plugin.getShortName()}'") -# } -profiles::jenkins::controller::plugins: - - 'Matrix-sorter-plugin' - - 'Parameterized-Remote-Trigger' - - 'ace-editor' - - 'analysis-model-api' - - 'ansible' - - 'ansicolor' - - 'antisamy-markup-formatter' - - 'apache-httpcomponents-client-4-api' - - 'asm-api' - - 'authentication-tokens' - - 'blueocean' - - 'blueocean-autofavorite' - - 'blueocean-bitbucket-pipeline' - - 'blueocean-commons' - - 'blueocean-config' - - 'blueocean-core-js' - - 'blueocean-dashboard' - - 'blueocean-display-url' - - 'blueocean-events' - - 'blueocean-git-pipeline' - - 'blueocean-github-pipeline' - - 'blueocean-i18n' - - 'blueocean-jwt' - - 'blueocean-personalization' - - 'blueocean-pipeline-api-impl' - - 'blueocean-pipeline-editor' - - 'blueocean-pipeline-scm-api' - - 'blueocean-rest' - - 'blueocean-rest-impl' - - 'blueocean-web' - - 'bootstrap4-api' - - 'bootstrap5-api' - - 'bouncycastle-api' - - 'branch-api' - - 'build-keeper-plugin' - - 'build-timeout' - - 'build-timestamp' - - 'caffeine-api' - - 'checks-api' - - 'cloudbees-bitbucket-branch-source' - - 'cloudbees-folder' - - 'code-coverage-api' - - 'command-launcher' - - 'commons-lang3-api' - - 'commons-text-api' - - 'conditional-buildstep' - - 'copyartifact' - - 'coverage' - - 'create-fingerprint' - - 'credentials' - - 'credentials-binding' - - 'dashboard-view' - - 'data-tables-api' - - 'display-url-api' - - 'dtkit-api' - - 'durable-task' - - 'echarts-api' - - 'email-ext' - - 'embeddable-build-status' - - 'extended-read-permission' - - 'external-monitor-job' - - 'favorite' - - 'font-awesome-api' - - 'forensics-api' - - 'ghprb' - - 'git' - - 'git-client' - - 'git-parameter' - - 'git-server' - - 'github' - - 'github-api' - - 'github-branch-source' - - 'github-oauth' - - 'google-oauth-plugin' - - 'greenballs' - - 'groovy' - - 'gson-api' - - 'handlebars' - - 'handy-uri-templates-2-api' - - 'htmlpublisher' - - 'instance-identity' - - 'ionicons-api' - - 'jackson2-api' - - 'jakarta-activation-api' - - 'jakarta-mail-api' - - 'javadoc' - - 'javax-activation-api' - - 'javax-mail-api' - - 'jaxb' - - 'jdk-tool' - - 'jenkins-design-language' - - 'jjwt-api' - - 'joda-time-api' - - 'jquery-detached' - - 'jquery3-api' - - 'jsch' - - 'json-api' - - 'json-path-api' - - 'junit' - - 'ldap' - - 'lockable-resources' - - 'mailer' - - 'mapdb-api' - - 'matrix-auth' - - 'matrix-project' - - 'maven-plugin' - - 'mercurial' - - 'metrics' - - 'mina-sshd-api-common' - - 'mina-sshd-api-core' - - 'momentjs' - - 'monitoring' - - 'notification' - - 'oauth-credentials' - - 'okhttp-api' - - 'opentelemetry' - - 'parameterized-trigger' - - 'pipeline-build-step' - - 'pipeline-github-lib' - - 'pipeline-githubnotify-step' - - 'pipeline-graph-analysis' - - 'pipeline-groovy-lib' - - 'pipeline-input-step' - - 'pipeline-milestone-step' - - 'pipeline-model-api' - - 'pipeline-model-definition' - - 'pipeline-model-extensions' - - 'pipeline-rest-api' - - 'pipeline-stage-step' - - 'pipeline-stage-tags-metadata' - - 'pipeline-stage-view' - - 'pipeline-utility-steps' - - 'plain-credentials' - - 'plugin-util-api' - - 'popper-api' - - 'popper2-api' - - 'postbuild-task' - - 'prism-api' - - 'project-stats-plugin' - - 'pubsub-light' - - 'rebuild' - - 'regression-report-plugin' - - 'run-condition' - - 'saferestart' - - 'scm-api' - - 'script-security' - - 'snakeyaml-api' - - 'sse-gateway' - - 'ssh-agent' - - 'ssh-credentials' - - 'ssh-slaves' - - 'sshd' - - 'structs' - - 'tap' - - 'throttle-concurrents' - - 'timestamper' - - 'token-macro' - - 'translation' - - 'trilead-api' - - 'variant' - - 'warnings-ng' - - 'workflow-aggregator' - - 'workflow-api' - - 'workflow-basic-steps' - - 'workflow-cps' - - 'workflow-durable-task-step' - - 'workflow-job' - - 'workflow-multibranch' - - 'workflow-scm-step' - - 'workflow-step-api' - - 'workflow-support' - - 'xunit' - - 'zentimestamp' - -puppet::runmode: systemd.timer -puppet::agent_server_hostname: '%{alias("puppet_servicename")}' -puppet::server_additional_settings: - dns_alt_names: - - '%{alias("puppet_servicename")}' -puppet::server_foreman_url: '%{alias("foreman_url")}' -puppet::server_environments_owner: 'deploypuppet' -puppet::server_environments_group: 'deploypuppet' -puppet::server_puppetserver_telemetry: false -puppet::show_diff: true - -sudo::wheel_config: password - -redmine::https: true - -apache::default_vhost: false - rsync_usernames: - 'ehelms' - 'ekohl' diff --git a/puppet/data/internal.yaml b/puppet/data/internal.yaml new file mode 100644 index 000000000..8b8e0509e --- /dev/null +++ b/puppet/data/internal.yaml @@ -0,0 +1,239 @@ +--- +backup_servicename: 'backups.theforeman.org' +backup_username: 'backup-%{facts.networking.hostname}' +foreman_servicename: 'foreman.theforeman.org' +foreman_url: 'https://%{lookup("foreman_servicename")}' +puppet_servicename: 'puppet.theforeman.org' + +foreman::repo::repo: '3.11' +foreman::serveraliases: + - '%{alias("foreman_servicename")}' + +foreman_proxy::trusted_hosts: + - "foreman01.conova.theforeman.org" +foreman_proxy::foreman_base_url: '%{alias("foreman_url")}' + +jenkins_job_builder::ensure: '6.3.0' + +profiles::backup::receiver::targets: + - redmine01 + - controller01 + - discourse01 + - puppet01 + - foreman01 + +profiles::backup::sender::host: '%{alias("backup_servicename")}' +profiles::backup::sender::ssh_key: 'AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcXYkJr+qZC6tF5TrdBcNdMOMPHMCOR2BdY0YN3yjiYlk68N7KiAUTG85U/zsdiZyzLEJ5QI/YTYahbPsYlgfE=' +profiles::backup::sender::ssh_key_type: 'ecdsa-sha2-nistp256' +profiles::backup::sender::username: '%{alias("backup_username")}' + +restic::backup_timer: 'daily' +restic::type: 'sftp' +restic::host: '%{alias("backup_servicename")}' +restic::id: '%{alias("backup_username")}' +restic::enable_forget: true +restic::forget: + keep-daily: 14 + keep-weekly: 4 +restic::forget_timer: 'weekly' +restic::prune: true +# There are no restic packages in EL7 and the ones in EPEL8/9 are too old +# The ones in Debian are also too old +restic::binary: '/usr/local/bin/restic' +restic::install_method: 'url' +restic::package_version: '0.16.1' + +# Jenkins.instance.pluginManager.plugins.toArray().sort{ plugin -> plugin.getShortName()}.each{ +# plugin -> println (" - '${plugin.getShortName()}'") +# } +profiles::jenkins::controller::plugins: + - 'Matrix-sorter-plugin' + - 'Parameterized-Remote-Trigger' + - 'ace-editor' + - 'analysis-model-api' + - 'ansible' + - 'ansicolor' + - 'antisamy-markup-formatter' + - 'apache-httpcomponents-client-4-api' + - 'asm-api' + - 'authentication-tokens' + - 'blueocean' + - 'blueocean-autofavorite' + - 'blueocean-bitbucket-pipeline' + - 'blueocean-commons' + - 'blueocean-config' + - 'blueocean-core-js' + - 'blueocean-dashboard' + - 'blueocean-display-url' + - 'blueocean-events' + - 'blueocean-git-pipeline' + - 'blueocean-github-pipeline' + - 'blueocean-i18n' + - 'blueocean-jwt' + - 'blueocean-personalization' + - 'blueocean-pipeline-api-impl' + - 'blueocean-pipeline-editor' + - 'blueocean-pipeline-scm-api' + - 'blueocean-rest' + - 'blueocean-rest-impl' + - 'blueocean-web' + - 'bootstrap4-api' + - 'bootstrap5-api' + - 'bouncycastle-api' + - 'branch-api' + - 'build-keeper-plugin' + - 'build-timeout' + - 'build-timestamp' + - 'caffeine-api' + - 'checks-api' + - 'cloudbees-bitbucket-branch-source' + - 'cloudbees-folder' + - 'code-coverage-api' + - 'command-launcher' + - 'commons-lang3-api' + - 'commons-text-api' + - 'conditional-buildstep' + - 'copyartifact' + - 'coverage' + - 'create-fingerprint' + - 'credentials' + - 'credentials-binding' + - 'dashboard-view' + - 'data-tables-api' + - 'display-url-api' + - 'dtkit-api' + - 'durable-task' + - 'echarts-api' + - 'email-ext' + - 'embeddable-build-status' + - 'extended-read-permission' + - 'external-monitor-job' + - 'favorite' + - 'font-awesome-api' + - 'forensics-api' + - 'ghprb' + - 'git' + - 'git-client' + - 'git-parameter' + - 'git-server' + - 'github' + - 'github-api' + - 'github-branch-source' + - 'github-oauth' + - 'google-oauth-plugin' + - 'greenballs' + - 'groovy' + - 'gson-api' + - 'handlebars' + - 'handy-uri-templates-2-api' + - 'htmlpublisher' + - 'instance-identity' + - 'ionicons-api' + - 'jackson2-api' + - 'jakarta-activation-api' + - 'jakarta-mail-api' + - 'javadoc' + - 'javax-activation-api' + - 'javax-mail-api' + - 'jaxb' + - 'jdk-tool' + - 'jenkins-design-language' + - 'jjwt-api' + - 'joda-time-api' + - 'jquery-detached' + - 'jquery3-api' + - 'jsch' + - 'json-api' + - 'json-path-api' + - 'junit' + - 'ldap' + - 'lockable-resources' + - 'mailer' + - 'mapdb-api' + - 'matrix-auth' + - 'matrix-project' + - 'maven-plugin' + - 'mercurial' + - 'metrics' + - 'mina-sshd-api-common' + - 'mina-sshd-api-core' + - 'momentjs' + - 'monitoring' + - 'notification' + - 'oauth-credentials' + - 'okhttp-api' + - 'opentelemetry' + - 'parameterized-trigger' + - 'pipeline-build-step' + - 'pipeline-github-lib' + - 'pipeline-githubnotify-step' + - 'pipeline-graph-analysis' + - 'pipeline-groovy-lib' + - 'pipeline-input-step' + - 'pipeline-milestone-step' + - 'pipeline-model-api' + - 'pipeline-model-definition' + - 'pipeline-model-extensions' + - 'pipeline-rest-api' + - 'pipeline-stage-step' + - 'pipeline-stage-tags-metadata' + - 'pipeline-stage-view' + - 'pipeline-utility-steps' + - 'plain-credentials' + - 'plugin-util-api' + - 'popper-api' + - 'popper2-api' + - 'postbuild-task' + - 'prism-api' + - 'project-stats-plugin' + - 'pubsub-light' + - 'rebuild' + - 'regression-report-plugin' + - 'run-condition' + - 'saferestart' + - 'scm-api' + - 'script-security' + - 'snakeyaml-api' + - 'sse-gateway' + - 'ssh-agent' + - 'ssh-credentials' + - 'ssh-slaves' + - 'sshd' + - 'structs' + - 'tap' + - 'throttle-concurrents' + - 'timestamper' + - 'token-macro' + - 'translation' + - 'trilead-api' + - 'variant' + - 'warnings-ng' + - 'workflow-aggregator' + - 'workflow-api' + - 'workflow-basic-steps' + - 'workflow-cps' + - 'workflow-durable-task-step' + - 'workflow-job' + - 'workflow-multibranch' + - 'workflow-scm-step' + - 'workflow-step-api' + - 'workflow-support' + - 'xunit' + - 'zentimestamp' + +puppet::runmode: systemd.timer +puppet::agent_server_hostname: '%{alias("puppet_servicename")}' +puppet::server_additional_settings: + dns_alt_names: + - '%{alias("puppet_servicename")}' +puppet::server_foreman_url: '%{alias("foreman_url")}' +puppet::server_environments_owner: 'deploypuppet' +puppet::server_environments_group: 'deploypuppet' +puppet::server_puppetserver_telemetry: false +puppet::show_diff: true + +sudo::wheel_config: password +redmine::https: true + +apache::default_vhost: false + diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml index f45ad1473..55b3c84d4 100644 --- a/puppet/hiera.yaml +++ b/puppet/hiera.yaml @@ -24,6 +24,10 @@ hierarchy: - name: "Per-OS family defaults" path: "osfamily/%{facts.os.family}.yaml" - - name: "Other YAML hierarchy levels" + - name: "Common data that changes often" paths: - "common.yaml" + + - name: "Internal data that should rarely change" + paths: + - "internal.yaml"