Mercurial > repos > other > Puppet
annotate manifests/nodes.pp @ 284:9431aec4d998
Switch to using IPv6 prefix and IP per site
This is because the proxy seems to break SNI, so we need an IP
per SSL cert. We're not short of IPv6 addresses, though!
Also corrected to "4to6" naming, because we're letting IPv4 access
an IPv6 site
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 16 Feb 2020 12:07:35 +0000 |
| parents | d29f477c51d4 |
| children | c0e989d32b5c |
| rev | line source |
|---|---|
|
29
41df236f3fb0
Add trial node config for new site (IPs for test VM)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
1 node 'clouduk.ibboard.co.uk' { |
|
41df236f3fb0
Add trial node config for new site (IPs for test VM)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
2 class { 'ibboardvpsnode': |
|
70
c91296a71160
Update IP address of clouduk - test VM should use a different name!
IBBoard <dev@ibboard.co.uk>
parents:
56
diff
changeset
|
3 primary_ip => '213.229.111.243', |
|
29
41df236f3fb0
Add trial node config for new site (IPs for test VM)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
4 mailserver => 'mail.ibboard.co.uk', |
|
41df236f3fb0
Add trial node config for new site (IPs for test VM)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
5 imapserver => 'imap.ibboard.co.uk', |
|
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
29
diff
changeset
|
6 firewall_cmd => 'iptables', |
|
29
41df236f3fb0
Add trial node config for new site (IPs for test VM)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
7 } |
|
41df236f3fb0
Add trial node config for new site (IPs for test VM)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
8 } |
|
109
019968cfda31
Add dev machine entry with correct IPs
IBBoard <dev@ibboard.co.uk>
parents:
70
diff
changeset
|
9 |
|
019968cfda31
Add dev machine entry with correct IPs
IBBoard <dev@ibboard.co.uk>
parents:
70
diff
changeset
|
10 node 'cloudtest.ibboard.co.uk' { |
|
019968cfda31
Add dev machine entry with correct IPs
IBBoard <dev@ibboard.co.uk>
parents:
70
diff
changeset
|
11 class { 'ibboardvpsnode': |
|
151
1ad747713519
Update test machine IPs to match new DHCP pool
IBBoard <dev@ibboard.co.uk>
parents:
114
diff
changeset
|
12 primary_ip => '192.168.1.78', |
|
109
019968cfda31
Add dev machine entry with correct IPs
IBBoard <dev@ibboard.co.uk>
parents:
70
diff
changeset
|
13 mailserver => 'mail.ibboard.co.uk', |
|
019968cfda31
Add dev machine entry with correct IPs
IBBoard <dev@ibboard.co.uk>
parents:
70
diff
changeset
|
14 imapserver => 'imap.ibboard.co.uk', |
|
019968cfda31
Add dev machine entry with correct IPs
IBBoard <dev@ibboard.co.uk>
parents:
70
diff
changeset
|
15 firewall_cmd => 'iptables', |
|
019968cfda31
Add dev machine entry with correct IPs
IBBoard <dev@ibboard.co.uk>
parents:
70
diff
changeset
|
16 } |
|
019968cfda31
Add dev machine entry with correct IPs
IBBoard <dev@ibboard.co.uk>
parents:
70
diff
changeset
|
17 } |
| 247 | 18 node 'ibbvps.vs.mythic-beasts.com' { |
| 19 class { 'ibboardvpsnode': | |
| 20 primary_ip => '2a00:1098:82:52::1', | |
|
284
9431aec4d998
Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents:
283
diff
changeset
|
21 proxy_4to6_ip_prefix => '2a00:1098:82:52::01d4', # ::old4 for IPv4! |
|
283
d29f477c51d4
Switch from IPs to hostnames for proxying
IBBoard <dev@ibboard.co.uk>
parents:
280
diff
changeset
|
22 proxy_upstream => ['proxy.mythic-beasts.com'], |
| 247 | 23 mailserver => 'mail.ibboard.co.uk', |
| 24 imapserver => 'imap.ibboard.co.uk', | |
| 25 firewall_cmd => 'iptables', | |
| 26 } | |
|
251
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
27 # If the console fails to start, you may need to run "restorecon /etc/systemd/system/getty.target.wants/*" |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
28 # to reset the SELinux context of the file |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
29 service { 'serial-getty@ttyS0': |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
30 ensure => 'running', |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
31 enable => 'true', |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
32 } |
| 279 | 33 firewall { '090 Allow SSH (IPv4-to-IPv6)': |
| 34 dport => 22, | |
|
283
d29f477c51d4
Switch from IPs to hostnames for proxying
IBBoard <dev@ibboard.co.uk>
parents:
280
diff
changeset
|
35 source => 'geryon.mythic-beasts.com', |
| 279 | 36 proto => 'tcp', |
| 37 action => 'accept', | |
| 38 } | |
| 247 | 39 } |