Add v1.0.2 of ncsa/puppet-profile_firewall
Update puppetlabs/firewall from 2.5.0 to 3.0.0
Add data/role/puppet-master.yaml to set profile_firewall::ignores heira data
so that docker firewall rules are not removed from puppet masters
Include profile_firewall in base.pp
Use fqdn for telegraf agent hostname
Add telegraf_sslcert_check & telegraf_website_check to profile puppet-master
Add lookup options for profile_monitoring::telegraf::inputs_extra parameters
Update profile_monitoring to tag v0.1.5
Add basic sssd data for NCSA
setup common NCSA settings for SSSD
Setup sssd debug_level
Add profile hiera data
enable and include profile_allow_ssh_from_bastion
enable ncsa/sshd
added groups for allow_ssh_from_bastion to control repo
Remove simple_allow_groups from default sssd and let ssh add them
Add default bastion_nodelist to control repo
Upgrade concat module
include ::pam_access
point to latest tag of profile_pam_access
point profile_pam_access to topic branch
Update to ncsa/sshd v0.3.0
Update profile_allow_ssh_from_bastion to v0.2.0
Update profile_pam_access to v0.0.4
This commit enables the control repo to use Hiera 5 environment-level
hiera hierarchy. This means adding a hiera.yaml to the repo, and moving
hieradata/ => data/.
We should do this to the control-repo template new customers base off of
because in a Hiera 5 world, the global hiera.yaml should be very minimal
(possibly even ONLY having the console level), and everything else
(nodes, common) belongs in the environment hiera.yaml.
This control-repo template is how people start using Puppet. It should
reflect using our most modern technologies.
