swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use ufw to turn on/off single instances on demand

Browse source
This commit is contained in:
Leif Johansson 2019-11-07 10:11:44 +01:00
parent 578b1af9f5
commit 0b5a19ad85
2 changed files with 30 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -615,6 +615,7 @@ md-eu1.qa.komreg.net:
konsulter: konsulter:
autoupdate: autoupdate:
eidas_de_middleware_hsm: eidas_de_middleware_hsm:
enabled: true
version: 110-fixes-sc-p11 version: 110-fixes-sc-p11
hostname: demw.eidas.swedenconnect.se hostname: demw.eidas.swedenconnect.se
saml_metadata: saml_metadata:
@ -633,11 +634,19 @@ md-eu1.qa.komreg.net:
konsulter: konsulter:
autoupdate: autoupdate:
eidas_de_middleware_hsm: eidas_de_middleware_hsm:
enabled: false
version: 110-fixes-sc-p11 version: 110-fixes-sc-p11
hostname: demw.eidas.swedenconnect.se hostname: demw.eidas.swedenconnect.se
saml_metadata: saml_metadata:
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
url: https://connector.eidas.swedenconnect.se/idp/metadata/sp url: https://connector.eidas.swedenconnect.se/idp/metadata/sp
sunet::frontend::register_sites:
sites:
'demw.eidas.swedenconnect.se':
frontends:
- 'fe-fre-3.komreg.net'
- 'fe-tug-3.komreg.net'
port: '443'
'^refidp-[0-9]+\.qa\.sveidas\.se$': '^refidp-[0-9]+\.qa\.sveidas\.se$':
sunet_iaas_cloud: sunet_iaas_cloud:

31
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -94,14 +94,25 @@ class sunet_iaas_cloud {
} }
} }
class webserver { class webserver($enabled=true) {
ufw::allow { "allow-http": if $enabled {
ip => 'any', ufw::allow { "allow-http":
port => '80' ip => 'any',
} port => '80'
ufw::allow { "allow-https": }
ip => 'any', ufw::allow { "allow-https":
port => '443' ip => 'any',
port => '443'
}
} else {
ufw::deny { "allow-http":
ip => 'any',
port => '80'
}
ufw::deny { "allow-https":
ip => 'any',
port => '443'
}
} }
} }
@ -293,7 +304,7 @@ class md_repo_server($hostname) {
ensure_resource('class','https_server',{}) ensure_resource('class','https_server',{})
} }
class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost') { class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost',$enabled=false) {
$_version = safe_hiera('eidas_demw_version',$version) $_version = safe_hiera('eidas_demw_version',$version)
$_hostname = safe_hiera('eidas_demw_hostname',$hostname) $_hostname = safe_hiera('eidas_demw_hostname',$hostname)
$poseidas_admin_hashed_password = safe_hiera('poseidas_admin_hashed_password') $poseidas_admin_hashed_password = safe_hiera('poseidas_admin_hashed_password')
@ -329,7 +340,7 @@ class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost')
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"], "SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"],
extra_parameters => ["--log-driver=syslog"] extra_parameters => ["--log-driver=syslog"]
} }
ensure_resource('class','webserver',{}) ensure_resource('class','webserver',{enabled => $enabled})
ensure_resource('class','https_server',{}) ensure_resource('class','https_server',{})
} }