use ufw to turn on/off single instances on demand
This commit is contained in:
parent
578b1af9f5
commit
0b5a19ad85
2 changed files with 30 additions and 10 deletions
|
|
@ -615,6 +615,7 @@ md-eu1.qa.komreg.net:
|
|||
konsulter:
|
||||
autoupdate:
|
||||
eidas_de_middleware_hsm:
|
||||
enabled: true
|
||||
version: 110-fixes-sc-p11
|
||||
hostname: demw.eidas.swedenconnect.se
|
||||
saml_metadata:
|
||||
|
|
@ -633,11 +634,19 @@ md-eu1.qa.komreg.net:
|
|||
konsulter:
|
||||
autoupdate:
|
||||
eidas_de_middleware_hsm:
|
||||
enabled: false
|
||||
version: 110-fixes-sc-p11
|
||||
hostname: demw.eidas.swedenconnect.se
|
||||
saml_metadata:
|
||||
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
|
||||
url: https://connector.eidas.swedenconnect.se/idp/metadata/sp
|
||||
sunet::frontend::register_sites:
|
||||
sites:
|
||||
'demw.eidas.swedenconnect.se':
|
||||
frontends:
|
||||
- 'fe-fre-3.komreg.net'
|
||||
- 'fe-tug-3.komreg.net'
|
||||
port: '443'
|
||||
|
||||
'^refidp-[0-9]+\.qa\.sveidas\.se$':
|
||||
sunet_iaas_cloud:
|
||||
|
|
|
|||
|
|
@ -94,14 +94,25 @@ class sunet_iaas_cloud {
|
|||
}
|
||||
}
|
||||
|
||||
class webserver {
|
||||
ufw::allow { "allow-http":
|
||||
ip => 'any',
|
||||
port => '80'
|
||||
}
|
||||
ufw::allow { "allow-https":
|
||||
ip => 'any',
|
||||
port => '443'
|
||||
class webserver($enabled=true) {
|
||||
if $enabled {
|
||||
ufw::allow { "allow-http":
|
||||
ip => 'any',
|
||||
port => '80'
|
||||
}
|
||||
ufw::allow { "allow-https":
|
||||
ip => 'any',
|
||||
port => '443'
|
||||
}
|
||||
} else {
|
||||
ufw::deny { "allow-http":
|
||||
ip => 'any',
|
||||
port => '80'
|
||||
}
|
||||
ufw::deny { "allow-https":
|
||||
ip => 'any',
|
||||
port => '443'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -293,7 +304,7 @@ class md_repo_server($hostname) {
|
|||
ensure_resource('class','https_server',{})
|
||||
}
|
||||
|
||||
class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost') {
|
||||
class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost',$enabled=false) {
|
||||
$_version = safe_hiera('eidas_demw_version',$version)
|
||||
$_hostname = safe_hiera('eidas_demw_hostname',$hostname)
|
||||
$poseidas_admin_hashed_password = safe_hiera('poseidas_admin_hashed_password')
|
||||
|
|
@ -329,7 +340,7 @@ class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost')
|
|||
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"],
|
||||
extra_parameters => ["--log-driver=syslog"]
|
||||
}
|
||||
ensure_resource('class','webserver',{})
|
||||
ensure_resource('class','webserver',{enabled => $enabled})
|
||||
ensure_resource('class','https_server',{})
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue