eid-ops/global/overlay/etc/puppet/modules/eid/manifests/idm_app.pp

# idm_app
class eid::idm_app (
) {

  $redises = lookup('redis_cluster_nodes', undef, undef, [])
  $dbs = lookup('mariadb_cluster_nodes', undef, undef, [])
  $dbs_string = join($dbs,',')

  $sql_password = lookup('sql_password', undef, undef, undef)

  ensure_resource('sunet::misc::create_dir', '/opt/idm_app/config/', { owner => 'root', group => 'root', mode => '0750'})
  file { '/opt/idm_app/config/idm.yml':
    content => template('eid/idm/idm.yml.erb'),
    mode    => '0755',
  }


  sunet::nftables::allow { 'expose-allow-https':
    from => ['94.176.224.38', '94.176.224.166', '130.242.126.195','130.242.126.197'],
    port => 443,
  }


  package {'openjdk-17-jre-headless':
    ensure => latest
  }

  $pass = 'qwerty123'
  exec { 'infra.p12':
    command => "keytool -import -noprompt -deststorepass ${pass} -file /etc/ssl/certs/infra.crt -keystore /etc/ssl/certs/infra.p12",
    onlyif  => 'test ! -f /etc/ssl/certs/infra.p12'
  }
  # Unwanted password - but hey Java!
  exec { "${facts['networking']['fqdn']}_infra.p12":
    command => "openssl pkcs12 -export -in /etc/ssl/certs/${facts['networking']['fqdn']}_infra.crt -inkey /etc/ssl/private/${facts['networking']['fqdn']}_infra.pem -name 'infra' -out /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12 -passout pass:${pass}",
    onlyif  => "test ! -f /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12"
  }

  sunet::docker_compose { 'idm_app':
    content          => template('eid/idm/docker-compose.yml.erb'),
    service_name     => 'idm_app',
    compose_dir      => '/opt/',
    compose_filename => 'docker-compose.yml',
    description      => 'Identity matching'
  }
}
Initial commit of idm_app 2024-02-26 10:47:19 +01:00			`# idm_app`
			`class eid::idm_app (`
			`) {`
Configuration 2024-02-26 11:26:43 +01:00
Populate redis list 2024-02-26 11:38:55 +01:00			`$redises = lookup('redis_cluster_nodes', undef, undef, [])`
Access all cluster nodes 2024-02-27 13:36:51 +01:00			`$dbs = lookup('mariadb_cluster_nodes', undef, undef, [])`
			`$dbs_string = join($dbs,',')`

Configure SQL 2024-02-27 13:30:55 +01:00			`$sql_password = lookup('sql_password', undef, undef, undef)`

Configuration 2024-02-26 11:26:43 +01:00			`ensure_resource('sunet::misc::create_dir', '/opt/idm_app/config/', { owner => 'root', group => 'root', mode => '0750'})`
			`file { '/opt/idm_app/config/idm.yml':`
			`content => template('eid/idm/idm.yml.erb'),`
			`mode => '0755',`
Tyop 2024-02-26 11:28:06 +01:00			`}`

keytool is part of the jre - yay 2024-03-05 12:12:29 +01:00
Allow https 2024-03-12 16:28:48 +01:00			`sunet::nftables::allow { 'expose-allow-https':`
allowing new SUNET LB servers in IDM app servers Move backend registration to new SUNET LB servers ref: SC-2460 2024-09-11 11:13:40 +02:00			`from => ['94.176.224.38', '94.176.224.166', '130.242.126.195','130.242.126.197'],`
Allow https 2024-03-12 16:28:48 +01:00			`port => 443,`
			`}`


keytool is part of the jre - yay 2024-03-05 12:12:29 +01:00			`package {'openjdk-17-jre-headless':`
			`ensure => latest`
			`}`

Pass is required by multiple operations 2024-03-05 12:14:34 +01:00			`$pass = 'qwerty123'`
make sure that we have the infra ca 2024-03-05 12:09:39 +01:00			`exec { 'infra.p12':`
			`command => "keytool -import -noprompt -deststorepass ${pass} -file /etc/ssl/certs/infra.crt -keystore /etc/ssl/certs/infra.p12",`
			`onlyif => 'test ! -f /etc/ssl/certs/infra.p12'`
			`}`
Create p12 2024-02-26 14:04:31 +01:00			`# Unwanted password - but hey Java!`
			`exec { "${facts['networking']['fqdn']}_infra.p12":`
			`command => "openssl pkcs12 -export -in /etc/ssl/certs/${facts['networking']['fqdn']}_infra.crt -inkey /etc/ssl/private/${facts['networking']['fqdn']}_infra.pem -name 'infra' -out /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12 -passout pass:${pass}",`
			`onlyif => "test ! -f /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12"`
			`}`

Initial commit of idm_app 2024-02-26 10:47:19 +01:00			`sunet::docker_compose { 'idm_app':`
			`content => template('eid/idm/docker-compose.yml.erb'),`
			`service_name => 'idm_app',`
Required 2024-02-26 11:00:53 +01:00			`compose_dir => '/opt/',`
Initial commit of idm_app 2024-02-26 10:47:19 +01:00			`compose_filename => 'docker-compose.yml',`
			`description => 'Identity matching'`
			`}`
			`}`