optiz0r

# Allow clients to auth using puppet certificates

resource "vault_auth_backend" "host_certs" {
  path = "host_certs"
  type = "cert"
}

resource "vault_cert_auth_backend_role" "puppet_certificate" {
  name             = "puppet_certificate"
  backend          = vault_auth_backend.host_certs.path

optiz0r

Upgrade Vault Cluster

This Choria Playbook will automate the steps to do a simple version upgrade of a Vault cluster

• Upgrades follower servers first
• Upgrades the leader last (to reduce risk of a failover from newer version to older one)
• Sleeps in between each upgrade to allow operator unseal to be run, and for vault to re-register itself in service discovery
• Bulk updates all clients

Warning!

optiz0r

    # class params
    $socket_group=undef
    $docker_users=[]
    
    # Override defaults which try to specify which repo to install from
    # we install from spacewalk with different reponames, and will just install
    # the latest version available
    $repo_opt = {}

            $dist_specific_opts = {

optiz0r

{{- range services -}}
  {{- if .Name | contains "sidecar" | not -}}
    {{- $groupedServices := (service .Name | byMeta "caddy_enable") -}}
    {{- $enabledServices := (index $groupedServices "true" ) -}}
    {{- range $enabledServices -}}
      {{- $vhost := index .ServiceMeta "caddy_vhost" -}}
      {{- scratch.MapSetX "vhosts" $vhost . -}}
    {{- end -}}
  {{- end -}}
{{- end -}}  

optiz0r

_choria_bash_autocomplete() {
    local cur prev opts base
    COMPREPLY=()
    cur="${COMP_WORDS[COMP_CWORD]}"

    if ( _array_contains COMP_WORDS "req" || _array_contains COMP_WORDS "rpc" ) && [[ ${COMP_WORDS[$COMP_CWORD]} != "-"* ]] ; then
        _choria_req_bash_autocomplete
    else
        opts=$( ${COMP_WORDS[0]} --completion-bash ${COMP_WORDS[@]:1:$COMP_CWORD} )
        COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )

optiz0r

Upgrade Nomad cluster

This Choria Playbook will automate the steps to do a simple version upgrade on a nomad cluster.

• Upgrades servers first
• Then upgrades clients
• Sleeps in between each upgrade to allow things to settle
• Aborts on any error

Dependencies

optiz0r

# == Class: sihnon::nomad
#
# Deploys nomad in docker
#
class sihnon::nomad (
    String $image_name = 'optiz0r/nomad',
    String $image_tag  = '0.11.0-beta2',
    String $root_dir   = '/srv/nomad',
    String $cert_name  = $::fqdn,
    Array[Stdlib::Host] $servers = [

optiz0r

metadata :name        => "puppet_env",
         :description => "Triggers updates of puppetserver environments using puppet-env-manager library",
         :author      => "Ben Roberts",
         :license     => "Apache-2.0",
         :version     => "0.1",
         :url         => "https://github.com/optiz0r/puppet-env-manager-agent",
         :provider    => "external",
         :timeout     => 900

optiz0r

#!/bin/sh

#
# A script which does everything bacula bpipe needs ie:
# - create a snapshot with the current date / time
# - do a zfs send out of that snapshot
# - clean up snapshot when complete
#

FILESYSTEM=$1

optiz0r

# == Class: site::letsencrypt
#
class site::letsencrypt (
    $tsig_name,
) {
    if hiera('letsencrypt::letsencrypt_host') == $::fqdn {
        class {
            '::letsencrypt':
                hook_content              => template('site/etc/dehydrated/dehydrated_nsupdate.sh.erb'),
                letsencrypt_contact_email => 'me@example.local',