Merge pull request #105 from lsst-it/main

Merge to prod
lsst-it · Jul 22, 2024 · a7a14a7 · a7a14a7
2 parents 20381cd + 19f7db0
commit a7a14a7
Show file tree

Hide file tree

Showing 14 changed files with 138 additions and 108 deletions.
diff --git a/Puppetfile b/Puppetfile
@@ -28,7 +28,7 @@ mod 'puppet-grafana', '11.0.0'
 mod 'puppet-prometheus', '12.4.0'
 mod 'saz/timezone', '6.1.0'
 mod 'puppet-rsyslog', '7.1.0'
-mod 'saz/ssh', '6.0.0'
+mod 'saz-ssh', '12.1.0'
 mod 'puppet/selinux', '3.0.0'
 mod 'puppet-firewalld', '4.4.0'
 mod 'puppetlabs/firewall', '2.0.0'
@@ -40,22 +40,24 @@ mod 'saz/sudo', '6.0.0'
 mod 'puppetlabs-puppet_agent', '4.9.0'
 mod 'saz/resolv_conf', '4.1.0'
 mod 'puppet-cron', '3.0.0'
-mod 'puppet/r10k', '10.3.0'
+mod 'puppet-r10k', '11.0.0'
 # mod 'camptocamp-systemd', '3.0.0'
-mod 'puppet-systemd', '3.2.0'
+mod 'puppet-systemd', '6.0.0'
 mod 'bodgit/scl', '1.0.1'
 mod 'theforeman/dhcp', '6.1.0'
 mod 'theforeman/dns', '8.0.0'
 mod 'puppet-archive', '6.0.2'
-mod 'puppetlabs/concat', '6.0.0'
+mod 'puppetlabs-concat', '9.0.2'
 mod 'puppetlabs-inifile', '5.2.0'
-mod 'puppetlabs-java', '7.3.0'
+mod 'puppetlabs-java', '10.1.2'
 mod 'puppetlabs-java_ks', '4.2.0'
-mod 'puppetlabs-stdlib', '8.4.0'
+mod 'puppetlabs-stdlib', '9.6.0'
 mod 'puppetlabs-vcsrepo', '5.0.0'
 mod 'puppet/ssh_keygen', '4.0.0'
 mod 'puppetlabs-hocon', '1.1.0'  # dependency
-mod 'example42-network', '3.6.0'
+mod 'puppet-network', '2.2.0'
+mod 'puppet-filemapper', '4.0.0' #puppet-network dependency
+mod 'puppet-kmod', '4.0.1' #puppet-network dependency
 # Encryption
 mod 'puppetlabs-puppet_authorization', '0.5.1'
 mod 'binford2k-node_encrypt', '0.4.1'
@@ -69,5 +71,5 @@ mod 'puppetlabs-mysql', '14.0.0'
 mod 'graylog-graylog', '2.0.0'
 mod 'puppet-elasticsearch', '8.1.0'
 mod 'puppet-elastic_stack', '8.0.2' #dependency for elastic
-mod 'puppet-mongodb', '4.2.0'
+mod 'puppet-mongodb', '6.0.1'
 mod 'puppet-zypprepo', '5.0.0' # dependency for PHP & MongoDB
diff --git a/data/node/grafana-1.lsst.org.yaml b/data/node/grafana-1.lsst.org.yaml
@@ -3,14 +3,16 @@ profile::grafana::pname1: 'mr-tuc-1'
 profile::grafana::url1: 'http://mr-tuc-1.lsst.org:9090/'
 profile::grafana::pname2: 'mr-tuc-2'
 profile::grafana::url2: 'http://mr-tuc-2.lsst.org:9090/'
-network::interfaces_hash:
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.32.110
     netmask: 255.255.254.0
-    gateway: 140.252.32.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.32.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
diff --git a/data/node/grafana-2.lsst.org.yaml b/data/node/grafana-2.lsst.org.yaml
@@ -3,14 +3,16 @@ profile::grafana::pname1: 'mr-tuc-2'
 profile::grafana::url1: 'http://mr-tuc-2.lsst.org:9090/'
 profile::grafana::pname2: 'mr-tuc-1'
 profile::grafana::url2: 'http://mr-tuc-1.lsst.org:9090/'
-network::interfaces_hash:
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.32.111
     netmask: 255.255.254.0
-    gateway: 140.252.32.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.32.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
diff --git a/data/node/graylog-tuc-1.lsst.org.yaml b/data/node/graylog-tuc-1.lsst.org.yaml
@@ -1,12 +1,15 @@
 ---
-network::interfaces_hash:
+profile::base_linux::network: true 
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.32.117
     netmask: 255.255.254.0
-    gateway: 140.252.32.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.32.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
diff --git a/data/node/graylog-tuc-2.lsst.org.yaml b/data/node/graylog-tuc-2.lsst.org.yaml
@@ -1,12 +1,15 @@
 ---
-network::interfaces_hash:
+profile::base_linux::network: true 
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.32.118
     netmask: 255.255.254.0
-    gateway: 140.252.32.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.32.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
diff --git a/data/node/mr-tuc-1.lsst.org.yaml b/data/node/mr-tuc-1.lsst.org.yaml
@@ -7,23 +7,22 @@ profile::prometheus::slackapi_hide: ENC[PKCS7,MIIBuQYJKoZIhvcNAQcDoIIBqjCCAaYCAQ
 profile::prometheus::cluster_hide: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAGzQnF2ZbDmEDg5xwlMxs4XW8s1YhqSRpFQ0I18SUQQ63umULQBNUb+BwVxYBiQ96fhw44At9oup9GgSZ3MnDShP2ALNHydWMpwsddMId54/J9rkXMGeEAaq9dd7A0Xb2q+pVXZYQWQ+map7pKL00TxiSiOo3KXrGYe1972dXjssYyS5JvCokvHodm1aBzcezZyi1oD6QUjeAWiQd139Ul5yQH22PNx+MfE3qp8uWw4ueLu005j2+k4zE1eOz87Gxf+0NTEJkeWvVmrwdIGJb4uzXOObEMDGrz2itRYCMYZwFsJfA9Rry4rirRbVjg3e5mPxMk7SYdvZWJVVMvVPGgjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBsrTaPdZGuo0p2ZKvDmDa1gCBWITTDyO8Gr/tFlkmrJcFIBIdjfVGui26qS0BYtC6PkA==]
 profile::prometheus::advertise_ip: 192.168.50.11:9093
 # Network config 
-network::interfaces_hash:
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.32.21
     netmask: 255.255.254.0
-    gateway: 140.252.32.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
-# Network config for cluster
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.32.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
+# Sync interface
   eth1:
-    ipaddress: '192.168.50.11'
-    netmask: '255.255.255.0'
-    dns1: "140.252.32.126"
-    dns2: "140.252.32.125"
-    peerdns: 'yes'
-    bootproto: 'none'
-    onboot: 'yes'
+    ipaddress: 192.168.50.11
+    netmask: 255.255.255.0
+    method: static
+    onboot: true
diff --git a/data/node/mr-tuc-2.lsst.org.yaml b/data/node/mr-tuc-2.lsst.org.yaml
@@ -6,24 +6,23 @@ profile::prometheus::slackuser_hide: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCA
 profile::prometheus::slackapi_hide: ENC[PKCS7,MIIBuQYJKoZIhvcNAQcDoIIBqjCCAaYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAVeRiDIioUKNOrDQuzoi3JPDTs0xLE3cvivudtlZd9Ksfh/hJFKOQ89a5a8aB9priDEXtHV36G9X/6FJ/FLvhM/xvtvyeBrVMJ7b3uTJRNvCnBTlexkKUX36yDFJBqiyQAebeaLNrTrURUDum0PK8vi5V3a6+vLkCHz4cxWisDFbkdxYDI4NTJ1HFg3eHED5RyFLTd2lf1y3jFSAhu1vn6Nmq85Pqy0SXzSHehDls+SLkimaUwfWn4oujVfm7TU29xIinAQ7bgmAk+UuuKtxGYsmNvdsNRy0LX+H9Mm23UgfpcyuRJZaqyWEuHdtZ035aOnYBqTvWUYgcmv1d1LNZpjB8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBoP2c/stbffP1wOOZV9mfNgFDEviEzDQoK35MZhA9NCYoZY7m9sZ73fzDnnk9PraNNnZaW5J0lfiyMAzDeFyZQEqkQ/R9da5Ow1zR7+oiDLaTm0Pgmxc4nEWVatOhHKZE0RQ==]
 profile::prometheus::cluster_hide: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAbio7LJxB92I8J1SRY2QT6JnIRya1Rwiu95tiRxORlkMcZKlK8UnWMxcSfc9fahsvWqEpb8oJOItnuoxM3Q5RyuRUy4diZUg6lIk65Ovjd4IMAYwPfBpFhyvEpBerzeZHOFP1neDepO8j2ELoGmrbuhtYJMIZ6xu5+5OI6JlBmM00lnScIZWstBcg4Y7jRD+DiRbD7E+QPn7bJTtQISmQH1sh/wgcohn7vvJDvKldao/of8mZc+Q8unXnziYGeqmnHckQFwQPj5SycnXEao/Ymi6yR3klzWwfDW4Fs4ZeWbHiqiKNrf2Edsfx8L8QTCdFe+oDhj0EGm+McoKdg387cDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBuBFkSWbLCr+zUu0/03hoQgCAi305bSze4b7B4pyx4jY74GPAXIWM/PCJnmzYbkltyig==]
 profile::prometheus::advertise_ip: 192.168.50.12:9093
-network::interfaces_hash:
 # Network config 
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.32.46
     netmask: 255.255.254.0
-    gateway: 140.252.32.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
-# Network config for cluster
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.32.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
+# Sync interface
   eth1:
-    ipaddress: '192.168.50.12'
-    netmask: '255.255.255.0'
-    dns1: "140.252.32.126"
-    dns2: "140.252.32.125"
-    peerdns: 'yes'
-    bootproto: 'none'
-    onboot: 'yes'
+    ipaddress: 192.168.50.12
+    netmask: 255.255.255.0
+    method: static
+    onboot: true
diff --git a/data/node/passwd2.lsst.org.yaml b/data/node/passwd2.lsst.org.yaml
@@ -1,14 +1,17 @@
 ---
 profile::pwm::pwm_version: '2_0_6'
 profile::pwm::war_version: '2.0.6'
-network::interfaces_hash:
+profile::base_linux::network: true 
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.201.21
     netmask: 255.255.255.0
-    gateway: 140.252.201.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.201.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
diff --git a/data/node/puppetm-tuc-2.lsst.org.yaml b/data/node/puppetm-tuc-2.lsst.org.yaml
@@ -4,14 +4,17 @@ classes:
   - profile::puppet_master
 profile::base_linux::graylog: true
 profile::base_linux::postfix: true
-network::interfaces_hash:
+profile::base_linux::network: true 
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.32.101
     netmask: 255.255.254.0
-    gateway: 140.252.32.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.32.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
diff --git a/data/node/sso.lsst.org.yaml b/data/node/sso.lsst.org.yaml
@@ -1,12 +1,15 @@
 ---
-network::interfaces_hash:
+profile::base_linux::network: true 
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.201.26
     netmask: 255.255.255.0
-    gateway: 140.252.201.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.201.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
diff --git a/data/node/urlshortener.ls.st.yaml b/data/node/urlshortener.ls.st.yaml
@@ -1,13 +1,16 @@
 ---
 # Network config 
-network::interfaces_hash:
+profile::base_linux::network: true 
+network_config:
   eth0:
-    type: Ethernet
+    name: eth0
+    ensure: present
     ipaddress: 140.252.201.14
     netmask: 255.255.255.0
-    gateway: 140.252.201.1
-    dns1: 140.252.32.125
-    dns2: 140.252.32.126
-    peerdns: yes
-    bootproto: none
-    onboot: yes
+    method: static
+    onboot: true
+    options:
+      GATEWAY: 140.252.201.1
+      DNS1: 140.252.32.125
+      DNS2: 140.252.32.126
+      DNS3: 140.252.32.127
diff --git a/data/site/po/role/grafana.yaml b/data/site/po/role/grafana.yaml
@@ -4,3 +4,4 @@ classes:
 profile::base_linux::postfix: true
 profile::base_linux::graylog: true
 profile::base_linux::awscli: true
+profile::base_linux::network: true 
diff --git a/data/site/po/role/prometheus.yaml b/data/site/po/role/prometheus.yaml
@@ -1,5 +1,6 @@
 ---
 profile::base_linux::graylog: true
+profile::base_linux::network: true 
 prometheus::alertmanager::template:
   - '/alertmanager/notifications.tmpl'
 prometheus::manage_prometheus_server: true
@@ -61,7 +62,7 @@ prometheus::alerts:
             description: "Disk usage is more than 85%\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
 # Windows memory usage
         - alert: WindowsHighMemoryUsage
-          expr: 100 * (1 - ((avg_over_time(windows_os_physical_memory_free_bytes[5m]) + avg_over_time(windows_os_paging_free_bytes[5m])) / (avg_over_time(windows_cs_physical_memory_bytes[5m]) + avg_over_time(windows_os_paging_limit_bytes[5m])))) > 80
+          expr: 100 * (1 - ((avg_over_time(windows_os_physical_memory_free_bytes[5m]) + avg_over_time(windows_os_paging_free_bytes[5m])) / (avg_over_time(windows_cs_physical_memory_bytes[5m]) + avg_over_time(windows_os_paging_limit_bytes[5m])))) > 90
           for: 5m
           labels:
             severity: warning
@@ -652,13 +653,13 @@ prometheus::alerts:
             description: "pingfederate.service service is down on {{ $labels.instance }}\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
 # Linux memory usage
         - alert: HighMemoryUsage
-          expr: 100 - (((node_memory_MemAvailable_bytes + node_memory_SwapFree_bytes) * 100) / (node_memory_MemTotal_bytes + node_memory_SwapTotal_bytes  )) > 80
+          expr: 100 - (((node_memory_MemAvailable_bytes + node_memory_SwapFree_bytes) * 100) / (node_memory_MemTotal_bytes + node_memory_SwapTotal_bytes  )) > 90
           for: 5m
           labels:
             severity: warning
           annotations:
             summary: "High memory usage Linux server"
-            description: "Memory usage is above 80%\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
+            description: "Memory usage is above 90%\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
 # Linux high cpu usage
         - alert: HostHighCpuLoad
           expr: 100 - (avg by(instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 90

diff --git a/site/profile/manifests/base_linux.pp b/site/profile/manifests/base_linux.pp
@@ -7,17 +7,23 @@
 #  If `true`, configure postfix
 # @param graylog
 #  If `true`, configure graylog
+# @param network
+#  If `true`, configure network
 class profile::base_linux (
   Boolean $awscli  = false,
   Boolean $backups = false,
   Boolean $postfix = false,
   Boolean $graylog = false,
+  Boolean $network = false,
 ) {
-  include network
   include ::firewalld
   include ssh
   include cron
   include accounts
+  if $network {
+    include ::network
+    create_resources('network_config', hiera('network_config'))
+  }
   if $postfix {
     include postfix
   }