Patrik Lundin
4d7283e361
Allow haproxy to bind to ports 80/443
...
This way we can run haproxy as an unprivileged user and still use what
is normally considered privileged ports.
2024-10-11 13:49:04 +02:00
Patrik Lundin
1247c7f0be
Use hiera data for ip4/ip6
2024-10-11 12:03:24 +02:00
Patrik Lundin
498ee6d2f1
Add ip4 and ip6 addresses for service config
2024-10-11 12:00:36 +02:00
Patrik Lundin
7402f8cfc1
More tweaks
2024-10-11 11:51:36 +02:00
Patrik Lundin
5185b62431
Syntax fixes
2024-10-11 11:47:44 +02:00
Patrik Lundin
31d7a3c93a
puppet-lint fixes
2024-10-11 11:46:06 +02:00
Patrik Lundin
ca9f7fbe50
Replace "." with ","
...
While here fix some variable usage and puppet-lint complaints
2024-10-11 11:42:12 +02:00
Patrik Lundin
88e3771f6e
Install certificate files
2024-10-11 11:38:58 +02:00
Patrik Lundin
3df9990cdc
Fix option string
2024-10-11 10:52:59 +02:00
Patrik Lundin
50b0865434
Point out sync server
2024-10-11 10:37:13 +02:00
Patrik Lundin
b635ce3793
Move keys from eyaml to yaml
...
Also inclide ip list
2024-10-11 09:54:58 +02:00
Patrik Lundin
4fd59a194b
Add sync server config for cache-1
2024-10-11 09:48:25 +02:00
Patrik Lundin
4e276ed613
Add pubkey for cert sync
2024-10-11 09:45:31 +02:00
Patrik Lundin
d2c61200db
Add certbot_sync_client_ssh_key
2024-10-11 09:41:33 +02:00
Patrik Lundin
aa5788f34a
Make cache hosts a certbot sync client
2024-10-11 08:41:24 +02:00
Patrik Lundin
c860812f2a
Apply certbot class to cs hosts
2024-10-11 08:38:29 +02:00
Patrik Lundin
ad61c8e23c
Update host to match cert
2024-10-10 21:38:35 +02:00
Patrik Lundin
894c416b22
Apply acmed class to cs hosts
2024-10-10 21:33:30 +02:00
Patrik Lundin
8b487ecdab
Use cert name in cdn subdomain
2024-10-10 21:27:42 +02:00
Patrik Lundin
c9525d6200
Add cert entry
2024-10-10 21:26:18 +02:00
Patrik Lundin
43aa005c26
internal-sto3-test-cs-1.cdn.sunet.se added
2024-10-10 21:14:58 +02:00
Patrik Lundin
747059cd92
Missing "
2024-10-10 20:44:23 +02:00
Patrik Lundin
ff6376b68d
Add basic varnish VCL for testing
2024-10-10 20:39:35 +02:00
Patrik Lundin
efa9455fe9
Add key
2024-10-10 20:34:10 +02:00
Patrik Lundin
33bebd7627
Add host key
2024-10-10 20:32:10 +02:00
Patrik Lundin
802e9a1389
Fix erb iteration
2024-10-10 15:45:58 +02:00
Patrik Lundin
bacdb2c90a
Make sure customer conf dir is created
2024-10-10 15:31:54 +02:00
Patrik Lundin
170bdbc154
Missing $
2024-10-10 15:29:50 +02:00
Patrik Lundin
26f583c41a
Fix manifest name
2024-10-10 15:28:23 +02:00
Patrik Lundin
4b1f93c08a
Add missing $
2024-10-10 15:27:06 +02:00
Patrik Lundin
cf51469fae
Apply cdn::cache to cache nodes
2024-10-10 15:25:12 +02:00
Patrik Lundin
d0a19691aa
Initial cdn::cache manifest
2024-10-10 15:22:11 +02:00
Patrik Lundin
b2de8d246b
Start installing docker on cache machines
2024-10-10 11:01:28 +02:00
Patrik Lundin
feae7e8e26
internal-sto3-test-cache-1.cdn.sunet.se added
2024-10-10 10:53:52 +02:00
Patrik Lundin
254a3f107e
Quote some variables to make shellcheck happy
2024-10-10 10:38:45 +02:00
Patrik Lundin
7001a3fab6
Remove trailing "/" in dir path
2024-10-10 10:36:00 +02:00
Patrik Lundin
d38ef1b1ce
Remove bridges for now
2024-10-10 10:27:41 +02:00
Patrik Lundin
5d05e596c0
Cleanup ":"
2024-10-10 10:24:31 +02:00
Patrik Lundin
563886294b
Fix template
2024-10-10 10:23:55 +02:00
Patrik Lundin
d78d8c22b1
Make sure we trust internal cdn CA
2024-10-10 10:19:00 +02:00
Patrik Lundin
b44fb5ce43
Update key paths to reflect internal CA
2024-10-10 10:17:39 +02:00
Patrik Lundin
65fc0590b4
Add certbot deploy script for mosquitto
2024-10-10 10:13:04 +02:00
Patrik Lundin
b9266ec0e7
Start requesting ACME certs from internal CA
2024-10-09 12:13:30 +02:00
Patrik Lundin
8f8c360c69
Use environment instead of instance
2024-10-09 11:59:51 +02:00
Patrik Lundin
c09f81afbf
Fix type declaration
...
```
Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Cdn::Ca_trust]:
parameter 'ca_root_fp' entry 'test' entry 'url' expects a Hash value, got String
parameter 'ca_root_fp' entry 'test' entry 'fp' expects a Hash value, got String on node internal-sto3-test-mqtt-1.cdn.sunet.se
```
Also rename variable now that it contains more than fingerprint
2024-10-09 11:53:52 +02:00
Patrik Lundin
1ef179cad2
Fix broken file declaration
...
While here make puppet-lint happy
2024-10-09 11:50:34 +02:00
Patrik Lundin
1dcc58d991
Apply trust class to mqtt
2024-10-09 11:47:53 +02:00
Patrik Lundin
ab3c08c5e1
Add class for setting up trust of internal CA
2024-10-09 11:46:28 +02:00
Patrik Lundin
d1b0694e44
Also set --admin-provisioner=admin
...
Without this the commands will hang for input to select a provisioner.
This is needed now that we have enabled a second (the ACME) provisioner
on init.
2024-10-08 21:45:17 +02:00
Patrik Lundin
22a2029cf9
Enable ACME provisioner at init
2024-10-08 16:50:46 +02:00