add a new LB instance and remove old configs

2025-02-26 12:06:49 +01:00 · 2025-02-26 12:06:49 +01:00 · 9444f9ad7a
commit 9444f9ad7a
parent ee56701556
3 changed files with 20 additions and 39 deletions
--- a/lb-common/overlay/etc/hiera/data/group.yaml
+++ b/lb-common/overlay/etc/hiera/data/group.yaml
@ -630,26 +630,6 @@ sunet_frontend:
        haproxy_imagetag: '20230228-stable'
        frontendtools_imagetag: '20230228'

-## cannot be migrated due to "ssl handshake failure". Probably too old version of signservice.
-#      'signservice':
-#        site_name: 'signservice.edusign.sunet.se'
-#        frontends:
-#          'tug-lb-1.sunet.se':
-#            ips: ['37.156.192.58', '2001:6b0:60:c0::58']
-#          'sthb-lb-1.sunet.se':
-#            ips: ['37.156.192.59', '2001:6b0:60:c0::59']
-#        backends:
-#          default:
-#            'signservice-tug-1.edusign.sunet.se':
-#              ips: ['130.242.113.5']
-#              server_args: 'ssl check verify none'
-#        allow_ports:
-#          - 443
-#          - 80
-#        letsencrypt_server: 'acme-c.sunet.se'
-#        haproxy_imagetag: '20230228-stable'
-#        frontendtools_imagetag: '20230228'
-
      'validator':
        site_name: 'validator.edusign.sunet.se'
        frontends:
@ -689,3 +669,22 @@ sunet_frontend:
          - 443
        haproxy_imagetag: '20230228-stable'
        frontendtools_imagetag: '20230228'
+
+      'fidusdsmd1':
+        site_name: 'dsmd-kvm.fidus.sunet.se '
+        frontends:
+          'tug-lb-1.sunet.se':
+            ips: ['37.156.192.60', '2001:6b0:60:c0::60']
+          'sthb-lb-1.sunet.se':
+            ips: ['37.156.192.61', '2001:6b0:60:c0::61']
+        backends:
+          default:
+            'dsmd-3.fidus.sunet.se':
+              ips: ['130.242.132.148']
+            'dsmd-4.fidus.sunet.se':
+              ips: ['130.242.132.20']
+        allow_ports:
+          - 80
+          - 443
+        haproxy_imagetag: '20230228-stable'
+        frontendtools_imagetag: '20230228'
--- a/lb-common/overlay/opt/frontend/config/fidusdsmd1/haproxy.j2
+++ b/lb-common/overlay/opt/frontend/config/fidusdsmd1/haproxy.j2
@ -0,0 +1 @@
+{% extends 'common/haproxy_idp.j2' %}
--- a/lb-common/overlay/opt/frontend/config/signservice/haproxy.j2
+++ b/lb-common/overlay/opt/frontend/config/signservice/haproxy.j2
@ -1,19 +0,0 @@
-{% extends 'common/haproxy_base.j2' %}
-
-{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
-
-{% block frontend %}
-frontend {{ site_name }}
-    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
-
-    timeout http-request 300s
-    timeout http-keep-alive 4s
-    option forwardfor
-    http-request set-header X-Forwarded-Proto https
-
-    {{ web_security_options(['no_cache', 'block_xss', 'hsts', 'no_sniff']) }}
-
-    {{ acme_challenge(letsencrypt_server) }}
-
-    use_backend {{ site_name }}__default
-{% endblock frontend %}