sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
431 commits 1 branch 203 tags 1.4 MiB
Commit graph

431 commits

This branch
This branch
All branches
Author SHA1 Message Date
Patrik Lundin aca8dd1b22
Add file to correct location 2024-10-08 13:12:54 +02:00
Patrik Lundin d9db9fee72
Add init script for setting provisioner file 
This is to deal with the problem that it makes sense to have a separate
passsword for encryption keys and the admin provisioner. It is currently
not possible to control this via the docker env flags so add this
workaround for now.
 2024-10-08 12:35:41 +02:00
Patrik Lundin d1c863c7cb
Expose the step-ca port 2024-10-08 10:09:20 +02:00
Patrik Lundin d46d54a6a6
Enable compose file 2024-10-08 10:04:32 +02:00
Patrik Lundin 1803d1c69a
Add initial compose file for step-ca 2024-10-08 10:02:48 +02:00
Patrik Lundin 828f9a899d
Fix templates for passwords 2024-10-08 09:51:08 +02:00
Patrik Lundin fa484c7d2f
Add ca secrets 2024-10-08 09:47:51 +02:00
Patrik Lundin f247388664
Trust maria 
Copied from cnaas-ops
 2024-10-08 09:41:09 +02:00
Patrik Lundin 9379ba58e2
Handle undef ca_secrets more gracefully 2024-10-08 09:39:09 +02:00
Patrik Lundin 61a4ec13e3
Start setting up step-ca files 2024-10-08 09:36:04 +02:00
Patrik Lundin e02160a311
Initial cdn::ca class 2024-10-07 08:35:00 +02:00
Patrik Lundin 9f05f40714
Install docker on ca machines 2024-10-06 15:37:33 +02:00
Patrik Lundin 49106049ff
Start using cdn.conf template 2024-10-06 14:51:55 +02:00
Patrik Lundin e5ce5dd1cd
Start managing cdn.conf 2024-10-06 14:50:07 +02:00
Patrik Lundin 40036c3c32
Fix variable usage 2024-10-06 14:44:32 +02:00
Patrik Lundin 52469c754d
Correct path 2024-10-06 14:32:17 +02:00
Patrik Lundin 4b90469531
Missing $ 2024-10-06 14:30:51 +02:00
Patrik Lundin 0c5e2604b6
Add missing clients parameter 2024-10-06 14:29:48 +02:00
Patrik Lundin 7352a20143
Start managing mqtt ACL 
Include sample comsos-rules entry for testing out template
 2024-10-06 14:26:10 +02:00
Patrik Lundin 6664c9c356
internal-sto3-test-ca-1.cdn.sunet.se added 2024-10-06 08:32:52 +02:00
Patrik Lundin 2099c4d691
Fix class name 2024-10-04 17:43:31 +02:00
Patrik Lundin c638772941
Apply mqtt class 2024-10-04 17:41:59 +02:00
Patrik Lundin 152179a5c1
Initial commit for mqtt management 2024-10-04 17:33:49 +02:00
Patrik Lundin 895264bc4f
Trust kano 
Copied from platform-ops
 2024-10-04 17:18:09 +02:00
Patrik Lundin febde032ee
Update to new key standard 2024-10-04 17:16:23 +02:00
Patrik Lundin ca3e6b211d
internal-sto3-test-mqtt-1.cdn.sunet.se added 2024-10-04 17:07:50 +02:00
Patrik Lundin 571af24060
Make seccomp file readable by runner 2024-10-04 09:22:05 +02:00
Patrik Lundin 05ee26e7c2
Make docker_certs available to runner 2024-10-03 21:04:17 +02:00
Patrik Lundin 48d3b890d0
Use owner/group matching runner compose file 2024-10-03 20:57:28 +02:00
Patrik Lundin 284bc65dbe
Update secret 2024-10-03 20:48:20 +02:00
Patrik Lundin d1d72ad80a
Try to access map correctly 2024-10-03 20:42:39 +02:00
Patrik Lundin 25a18fd58b
Remove extra dot 2024-10-03 20:15:39 +02:00
Patrik Lundin 32e4a99cef
Add initial forgejo runner config 2024-10-03 20:12:59 +02:00
Patrik Lundin 3883bb53b2
Trust jocar key 2024-10-03 15:56:30 +02:00
Patrik Lundin 5251d60506
internal-sto3-test-runner-1.cdn.sunet.se added 2024-10-03 15:22:27 +02:00
Patrik Holmqvist 028ba3d608
Merge pull request #56 from SUNET/pahol-fix-noble-eyaml 
patch for broken eyaml in ubuntu24.04.
 2024-09-10 13:16:19 +02:00
Patrik Holmqvist 7941e3f970
Merge the 2 patch functions to 1. 2024-09-09 17:29:31 +02:00
Patrik Holmqvist fac9a556ba
Patch for broken eyaml in ubuntu24.04. 2024-09-09 16:52:38 +02:00
Patrik Lundin dc180c10b0
Fix so systemd file is named sunet-cdn-l4lb 
Not sunet-sunet-cdn-l4lb
 2024-08-20 12:38:06 +02:00
Patrik Lundin dd0493f869
Fix volume declarations 
Did not expect to create anonymous volumes, see
https://stackoverflow.com/questions/46166304/docker-compose-volumes-without-colon
for more details. Now the host directories should be mounted. While here
try setting :ro to the paths we are not expecting to modify. The
/lib/modules :ro flag is based on
3cbd8258eb/cilium-lb.yaml (L143-L145)
 2024-08-20 12:31:42 +02:00
Patrik Lundin 79f2018d1b
Fix path to template 2024-08-20 12:10:29 +02:00
Patrik Lundin 4755886ea9
Move manifest to expected location 2024-08-20 12:06:35 +02:00
Patrik Lundin f4cd10a970
Add mifr key, imported from platform-ops 
Need to trust commits to puppet-sunet stable branch
 2024-08-20 12:00:57 +02:00
Patrik Lundin 9991bef58d
Assign new cdn::l4lb class to machine 2024-08-20 11:27:26 +02:00
Patrik Lundin 6057c62f47
Initial commit of running cilium l4lb via compose 2024-08-20 11:25:15 +02:00
Patrik Lundin b014b4fdcc
Add sunet::dockerhost2 to cdn-prod-l4lb 
While here fix indentation.
 2024-08-15 09:21:02 +02:00
Patrik Lundin ac83234433
Merge remote-tracking branch 'multiverse/main' 2024-07-05 10:59:29 +02:00
Patrik Lundin 94a65a31e0
Fix problems with outdated sunet puppet modules 
Problem seen:
```
Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Unknown variable: '::osfamily'. (file: /etc/puppet/cosmos-modules/augeas/manifests/params.pp, line: 7, column: 8) on node example-1.sunet.se
```

This way we run modules installed from upstream apt packages instead.
Solution to delete keys to use local pacakges from pahol.

While here fix pylint issue with not importing platform module at
beginning of file.
 2024-07-04 14:42:34 +02:00
Patrik Lundin 3d0413b450
Disable ntpd management for now 
The current ntp puppet manifest does not support 24.04, and we need to
figure out if the future means timesyncd or chrony.
 2024-07-04 13:32:23 +02:00
Patrik Lundin 770a5ca3cc
Merge pull request #55 from SUNET/patlu-fleetlock-lock-timeouts 
fleetlock: configurable lock/unlock timeout
 2024-07-04 13:07:34 +02:00