SUNET/net-ops
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add a new LB instance and remove old configs

Browse source
This commit is contained in:
Maria Haider 2025-02-26 12:06:49 +01:00
parent ee56701556
commit 9444f9ad7a
Signed by: mariah
GPG key ID: 6EF520A1829E8B1D
3 changed files with 20 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
lb-common/overlay/etc/hiera/data/group.yaml
View file

@ -630,26 +630,6 @@ sunet_frontend:
haproxy_imagetag: '20230228-stable' haproxy_imagetag: '20230228-stable'
frontendtools_imagetag: '20230228' frontendtools_imagetag: '20230228'
## cannot be migrated due to "ssl handshake failure". Probably too old version of signservice.
# 'signservice':
# site_name: 'signservice.edusign.sunet.se'
# frontends:
# 'tug-lb-1.sunet.se':
# ips: ['37.156.192.58', '2001:6b0:60:c0::58']
# 'sthb-lb-1.sunet.se':
# ips: ['37.156.192.59', '2001:6b0:60:c0::59']
# backends:
# default:
# 'signservice-tug-1.edusign.sunet.se':
# ips: ['130.242.113.5']
# server_args: 'ssl check verify none'
# allow_ports:
# - 443
# - 80
# letsencrypt_server: 'acme-c.sunet.se'
# haproxy_imagetag: '20230228-stable'
# frontendtools_imagetag: '20230228'
'validator': 'validator':
site_name: 'validator.edusign.sunet.se' site_name: 'validator.edusign.sunet.se'
frontends: frontends:
@ -689,3 +669,22 @@ sunet_frontend:
- 443 - 443
haproxy_imagetag: '20230228-stable' haproxy_imagetag: '20230228-stable'
frontendtools_imagetag: '20230228' frontendtools_imagetag: '20230228'
'fidusdsmd1':
site_name: 'dsmd-kvm.fidus.sunet.se '
frontends:
'tug-lb-1.sunet.se':
ips: ['37.156.192.60', '2001:6b0:60:c0::60']
'sthb-lb-1.sunet.se':
ips: ['37.156.192.61', '2001:6b0:60:c0::61']
backends:
default:
'dsmd-3.fidus.sunet.se':
ips: ['130.242.132.148']
'dsmd-4.fidus.sunet.se':
ips: ['130.242.132.20']
allow_ports:
- 80
- 443
haproxy_imagetag: '20230228-stable'
frontendtools_imagetag: '20230228'

1
lb-common/overlay/opt/frontend/config/fidusdsmd1/haproxy.j2 Normal file
View file

@ -0,0 +1 @@
{% extends 'common/haproxy_idp.j2' %}

19
lb-common/overlay/opt/frontend/config/signservice/haproxy.j2
View file

@ -1,19 +0,0 @@
{% extends 'common/haproxy_base.j2' %}
{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
{% block frontend %}
frontend {{ site_name }}
{{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
timeout http-request 300s
timeout http-keep-alive 4s
option forwardfor
http-request set-header X-Forwarded-Proto https
{{ web_security_options(['no_cache', 'block_xss', 'hsts', 'no_sniff']) }}
{{ acme_challenge(letsencrypt_server) }}
use_backend {{ site_name }}__default
{% endblock frontend %}