Patrik Lundin
ab3c08c5e1
Add class for setting up trust of internal CA
2024-10-09 11:46:28 +02:00
Patrik Lundin
d1b0694e44
Also set --admin-provisioner=admin
...
Without this the commands will hang for input to select a provisioner.
This is needed now that we have enabled a second (the ACME) provisioner
on init.
2024-10-08 21:45:17 +02:00
Patrik Lundin
22a2029cf9
Enable ACME provisioner at init
2024-10-08 16:50:46 +02:00
Patrik Lundin
6354f6faaa
Test opening port 80 for certbot operation
2024-10-08 16:38:11 +02:00
Patrik Lundin
fe04d862e3
Move script to correct location
2024-10-08 14:12:48 +02:00
Patrik Lundin
8d4d1841c4
Bootstrap step client
2024-10-08 14:09:44 +02:00
Patrik Lundin
44001514de
Missing ","
2024-10-08 13:42:14 +02:00
Patrik Lundin
a4a5a44647
Install step-cli from deb
2024-10-08 13:40:54 +02:00
Patrik Lundin
1cfbc3e908
Make puppet-lint happy with indent
2024-10-08 13:36:21 +02:00
Patrik Lundin
49ff235bc4
Download step client deb file
2024-10-08 13:33:32 +02:00
Patrik Lundin
aca8dd1b22
Add file to correct location
2024-10-08 13:12:54 +02:00
Patrik Lundin
d9db9fee72
Add init script for setting provisioner file
...
This is to deal with the problem that it makes sense to have a separate
passsword for encryption keys and the admin provisioner. It is currently
not possible to control this via the docker env flags so add this
workaround for now.
2024-10-08 12:35:41 +02:00
Patrik Lundin
d1c863c7cb
Expose the step-ca port
2024-10-08 10:09:20 +02:00
Patrik Lundin
d46d54a6a6
Enable compose file
2024-10-08 10:04:32 +02:00
Patrik Lundin
1803d1c69a
Add initial compose file for step-ca
2024-10-08 10:02:48 +02:00
Patrik Lundin
828f9a899d
Fix templates for passwords
2024-10-08 09:51:08 +02:00
Patrik Lundin
fa484c7d2f
Add ca secrets
2024-10-08 09:47:51 +02:00
Patrik Lundin
f247388664
Trust maria
...
Copied from cnaas-ops
2024-10-08 09:41:09 +02:00
Patrik Lundin
9379ba58e2
Handle undef ca_secrets more gracefully
2024-10-08 09:39:09 +02:00
Patrik Lundin
61a4ec13e3
Start setting up step-ca files
2024-10-08 09:36:04 +02:00
Patrik Lundin
e02160a311
Initial cdn::ca class
2024-10-07 08:35:00 +02:00
Patrik Lundin
9f05f40714
Install docker on ca machines
2024-10-06 15:37:33 +02:00
Patrik Lundin
49106049ff
Start using cdn.conf template
2024-10-06 14:51:55 +02:00
Patrik Lundin
e5ce5dd1cd
Start managing cdn.conf
2024-10-06 14:50:07 +02:00
Patrik Lundin
40036c3c32
Fix variable usage
2024-10-06 14:44:32 +02:00
Patrik Lundin
52469c754d
Correct path
2024-10-06 14:32:17 +02:00
Patrik Lundin
4b90469531
Missing $
2024-10-06 14:30:51 +02:00
Patrik Lundin
0c5e2604b6
Add missing clients parameter
2024-10-06 14:29:48 +02:00
Patrik Lundin
7352a20143
Start managing mqtt ACL
...
Include sample comsos-rules entry for testing out template
2024-10-06 14:26:10 +02:00
Patrik Lundin
6664c9c356
internal-sto3-test-ca-1.cdn.sunet.se added
2024-10-06 08:32:52 +02:00
Patrik Lundin
2099c4d691
Fix class name
2024-10-04 17:43:31 +02:00
Patrik Lundin
c638772941
Apply mqtt class
2024-10-04 17:41:59 +02:00
Patrik Lundin
152179a5c1
Initial commit for mqtt management
2024-10-04 17:33:49 +02:00
Patrik Lundin
895264bc4f
Trust kano
...
Copied from platform-ops
2024-10-04 17:18:09 +02:00
Patrik Lundin
febde032ee
Update to new key standard
2024-10-04 17:16:23 +02:00
Patrik Lundin
ca3e6b211d
internal-sto3-test-mqtt-1.cdn.sunet.se added
2024-10-04 17:07:50 +02:00
Patrik Lundin
571af24060
Make seccomp file readable by runner
2024-10-04 09:22:05 +02:00
Patrik Lundin
05ee26e7c2
Make docker_certs available to runner
2024-10-03 21:04:17 +02:00
Patrik Lundin
48d3b890d0
Use owner/group matching runner compose file
2024-10-03 20:57:28 +02:00
Patrik Lundin
284bc65dbe
Update secret
2024-10-03 20:48:20 +02:00
Patrik Lundin
d1d72ad80a
Try to access map correctly
2024-10-03 20:42:39 +02:00
Patrik Lundin
25a18fd58b
Remove extra dot
2024-10-03 20:15:39 +02:00
Patrik Lundin
32e4a99cef
Add initial forgejo runner config
2024-10-03 20:12:59 +02:00
Patrik Lundin
3883bb53b2
Trust jocar key
2024-10-03 15:56:30 +02:00
Patrik Lundin
5251d60506
internal-sto3-test-runner-1.cdn.sunet.se added
2024-10-03 15:22:27 +02:00
Patrik Lundin
dc180c10b0
Fix so systemd file is named sunet-cdn-l4lb
...
Not sunet-sunet-cdn-l4lb
2024-08-20 12:38:06 +02:00
Patrik Lundin
dd0493f869
Fix volume declarations
...
Did not expect to create anonymous volumes, see
https://stackoverflow.com/questions/46166304/docker-compose-volumes-without-colon
for more details. Now the host directories should be mounted. While here
try setting :ro to the paths we are not expecting to modify. The
/lib/modules :ro flag is based on
3cbd8258eb/cilium-lb.yaml (L143-L145)
2024-08-20 12:31:42 +02:00
Patrik Lundin
79f2018d1b
Fix path to template
2024-08-20 12:10:29 +02:00
Patrik Lundin
4755886ea9
Move manifest to expected location
2024-08-20 12:06:35 +02:00
Patrik Lundin
f4cd10a970
Add mifr key, imported from platform-ops
...
Need to trust commits to puppet-sunet stable branch
2024-08-20 12:00:57 +02:00