From 9444f9ad7a2739afc8f605b9e9f330e6231c1928 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Wed, 26 Feb 2025 12:06:49 +0100 Subject: [PATCH] add a new LB instance and remove old configs --- lb-common/overlay/etc/hiera/data/group.yaml | 39 +++++++++---------- .../opt/frontend/config/fidusdsmd1/haproxy.j2 | 1 + .../frontend/config/signservice/haproxy.j2 | 19 --------- 3 files changed, 20 insertions(+), 39 deletions(-) create mode 100644 lb-common/overlay/opt/frontend/config/fidusdsmd1/haproxy.j2 delete mode 100644 lb-common/overlay/opt/frontend/config/signservice/haproxy.j2 diff --git a/lb-common/overlay/etc/hiera/data/group.yaml b/lb-common/overlay/etc/hiera/data/group.yaml index c191e0b..5387dce 100644 --- a/lb-common/overlay/etc/hiera/data/group.yaml +++ b/lb-common/overlay/etc/hiera/data/group.yaml @@ -630,26 +630,6 @@ sunet_frontend: haproxy_imagetag: '20230228-stable' frontendtools_imagetag: '20230228' -## cannot be migrated due to "ssl handshake failure". Probably too old version of signservice. -# 'signservice': -# site_name: 'signservice.edusign.sunet.se' -# frontends: -# 'tug-lb-1.sunet.se': -# ips: ['37.156.192.58', '2001:6b0:60:c0::58'] -# 'sthb-lb-1.sunet.se': -# ips: ['37.156.192.59', '2001:6b0:60:c0::59'] -# backends: -# default: -# 'signservice-tug-1.edusign.sunet.se': -# ips: ['130.242.113.5'] -# server_args: 'ssl check verify none' -# allow_ports: -# - 443 -# - 80 -# letsencrypt_server: 'acme-c.sunet.se' -# haproxy_imagetag: '20230228-stable' -# frontendtools_imagetag: '20230228' - 'validator': site_name: 'validator.edusign.sunet.se' frontends: @@ -689,3 +669,22 @@ sunet_frontend: - 443 haproxy_imagetag: '20230228-stable' frontendtools_imagetag: '20230228' + + 'fidusdsmd1': + site_name: 'dsmd-kvm.fidus.sunet.se ' + frontends: + 'tug-lb-1.sunet.se': + ips: ['37.156.192.60', '2001:6b0:60:c0::60'] + 'sthb-lb-1.sunet.se': + ips: ['37.156.192.61', '2001:6b0:60:c0::61'] + backends: + default: + 'dsmd-3.fidus.sunet.se': + ips: ['130.242.132.148'] + 'dsmd-4.fidus.sunet.se': + ips: ['130.242.132.20'] + allow_ports: + - 80 + - 443 + haproxy_imagetag: '20230228-stable' + frontendtools_imagetag: '20230228' diff --git a/lb-common/overlay/opt/frontend/config/fidusdsmd1/haproxy.j2 b/lb-common/overlay/opt/frontend/config/fidusdsmd1/haproxy.j2 new file mode 100644 index 0000000..fff9be9 --- /dev/null +++ b/lb-common/overlay/opt/frontend/config/fidusdsmd1/haproxy.j2 @@ -0,0 +1 @@ +{% extends 'common/haproxy_idp.j2' %} diff --git a/lb-common/overlay/opt/frontend/config/signservice/haproxy.j2 b/lb-common/overlay/opt/frontend/config/signservice/haproxy.j2 deleted file mode 100644 index 750dfe8..0000000 --- a/lb-common/overlay/opt/frontend/config/signservice/haproxy.j2 +++ /dev/null @@ -1,19 +0,0 @@ -{% extends 'common/haproxy_base.j2' %} - -{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %} - -{% block frontend %} -frontend {{ site_name }} - {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }} - - timeout http-request 300s - timeout http-keep-alive 4s - option forwardfor - http-request set-header X-Forwarded-Proto https - - {{ web_security_options(['no_cache', 'block_xss', 'hsts', 'no_sniff']) }} - - {{ acme_challenge(letsencrypt_server) }} - - use_backend {{ site_name }}__default -{% endblock frontend %}