demw deploy - attempt 1
This commit is contained in:
parent
366354591b
commit
0bbd0b7faf
8 changed files with 121 additions and 19 deletions
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFLjCCAxagAwIBAgIEBEA5gTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJT
|
||||
RTEXMBUGA1UEChMOU3dlZGVuIENvbm5lY3QxDjAMBgNVBAsTBWVJREFTMRcwFQYD
|
||||
VQQDEw5TQU1MIEVuY3J5cHRlcjAeFw0xODA5MDEwMDAwMDBaFw0yODA5MDEwMDAw
|
||||
MDBaME8xCzAJBgNVBAYTAlNFMRcwFQYDVQQKEw5Td2VkZW4gQ29ubmVjdDEOMAwG
|
||||
A1UECxMFZUlEQVMxFzAVBgNVBAMTDlNBTUwgRW5jcnlwdGVyMIICIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAg8AMIICCgKCAgEAncnQs7F6x3l7WDWfzWQ1YI3nRPRAmou/6wfu
|
||||
t/Q/0Lrk2qC1t0cKXVcwgjYjond7mNgTl8rUBIheI4KLOzX48diUOs+aNz21EjPP
|
||||
qGpgq3HzS9AAs7yw8ZEG5Y/G2KTLrxG9DO/zhy+mXcRle+zGJh8jc5MBqz2xnSMj
|
||||
drRNWlIuAQ+hrlEiJw70+ezZIB3Y0KWwAKSN+CMNXzNoxuCd4hiSocga74guoLu7
|
||||
borpf6Z+i9Iry+L1+jTRPzPdeoEdVI45a2Oy3x9up5Oag9ehIeqJqEQZOtrJj45Q
|
||||
FiQgYEEVOB7YAFKSwf426eSOyDNfcYlZGC9+p/hAxsJAptOlfiW5OFhKvsdc4t6l
|
||||
t43U4GqKT+gDGvk8WOMCTkcJBfDkRMbSHA7ZnmF3xmkfROUjh5/OiypVUpjQDxTi
|
||||
wd2F7lc0w5qMiWbLTUIGYtbsVdLcsZ3npkxxYSV/b4GnR1QDQgktDol2ksQUFYaW
|
||||
a301l7zLoKHVXbXIZu569VFVtgB8SeJwaqIEsOqyLpLUzCL+27cpPhenW1hZ4ZAY
|
||||
R0kEWu8tUL8IEplG96NGSuKF0KM3hrRGC80wW8epHKHcjVlPnAALWSrXh86N+6kw
|
||||
cf9vKETYCZAWo8QUC0MWNB9yH+JR6whsrmBcywNTnyAtPc00gYY4DbzaWgbjCJNx
|
||||
cI9rHKUCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgUgMA0GCSqGSIb3DQEBCwUAA4IC
|
||||
AQBvu+YkEyb6JBIVaRfDGk04ggJEZcBMjfP8JH4bCDTkHJW8vTGIADLuONd/LR0z
|
||||
hmjWILQ/kZWtqmgm7RTduMQfLm1Pl/s2Zj4dRM4KfYGHSuqDOUhOqP8BcvXesx8e
|
||||
YoD3ui8V5Uo2mnbajJOTSTd5AXEMheujBaMzVQ1G8sT6FPVBPP2jXuQyOS+sSOr3
|
||||
vRRN+hEMkI2D6b6h20Nu2CFdDP+q9QSbbRf9Igx+h9lJ+VhWgsytHsRIIzq5Watg
|
||||
rx2cfXOvhgagMomgDmOFD0YrRRjqPH7wYDwcc4W7si3TilP54lfnl6pEG9HCK31t
|
||||
cVwdMc06lSh3LLpfiYQUBi7Q68p5F9T6oNL71Ii+v99ouDqiDsrcP3ouS5OK5RrY
|
||||
4w2nw9993xU0Dp3s307OY/5FAUc7PGagTbx464FTXNDXA9nNKW/Z6Fy+c3IwA0fb
|
||||
ZtqsCoet9DiJr9OG5awC33KeNB95a6WVym/My4WgNeZUHUoI4SnmtELUr4h1IO/2
|
||||
y6nm2r4haoS5OUw+cxBYYP/LXTDaF759AYJEcOYOqad2IBFChMcC3Sk45XPXwfE9
|
||||
+AyNq6gwRzqtqsCnDB65g7zSGYZUsTJSAMlEzcrTpksBAgirZmCMsJVLEAJgqCwn
|
||||
j00m1WNvgK2Fj71hjOONvhwP5gj0bwy+1b8GY0+A/RObSw==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFKDCCAxCgAwIBAgIEBEA5gTANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJT
|
||||
RTEXMBUGA1UEChMOU3dlZGVuIENvbm5lY3QxDjAMBgNVBAsTBWVJREFTMRQwEgYD
|
||||
VQQDEwtTQU1MIFNpZ25lcjAeFw0xODA5MDEwMDAwMDBaFw0yODA5MDEwMDAwMDBa
|
||||
MEwxCzAJBgNVBAYTAlNFMRcwFQYDVQQKEw5Td2VkZW4gQ29ubmVjdDEOMAwGA1UE
|
||||
CxMFZUlEQVMxFDASBgNVBAMTC1NBTUwgU2lnbmVyMIICIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAg8AMIICCgKCAgEAoDCg0aSB43LoPFwh0gB9ZyQ6c5MRHddSDfdyZW2Z20bo
|
||||
EML62j3spRnBXG83orL40w3CzbXVu3j4gaCSx+Qt8sGKW9mk2PY8S+h6Xieg18Rw
|
||||
SP0eZRoAfacxufejvKHUg4nSLdT8k8RjiVkLjPMyTwqHlhusFU/OiGdT82B9aYJa
|
||||
ekiKVqLorv6VBIFu2j3KJ7mKJN3xxjeSWyHlKVvVmJ7slarp69ndGV5AJNtnDK5Y
|
||||
KbEzgKslIUicP3rmnqgCSKBUlA3ppYxArUy6IJLGiKmv74/Sc2tRpsCXwVgFouC/
|
||||
sj2Mpksab0wTzXomZ7oXMb35M12duiltPXgnLhMuH4GjEYlPBaaQl1ilAAvk/e29
|
||||
xpT2jIR5tl0RF9rUqYlpJqyLq5/jRjyUXOTWwVQ5/oQ65iYXuoA9EYxkAE1bYCf9
|
||||
rKMPUcczqiThzHzaYUs/mkAoLgBMtLSf2K84ztWZrbUzDa4RBTfeXmZhHyjenTSC
|
||||
KgBqnN2s89VOgy/+hB8EmTeSHg4BOoJ56zjOr/EOifUQCey2PetA9rMUd7MkMv49
|
||||
hdVWKdk9fIrAmmEaVtU5uMajmCTiZItMbtEbmBtYfFOZmE0BoI1/g3wu393tY/oF
|
||||
vMrGrGf2gFUc/o63IrlSDpZLv/hmKfmpmreZpY6yi3pAVs9wiuDRZsaQcV8dpIMC
|
||||
AwEAAaMSMBAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQBt3yH5
|
||||
jXx63IFWA+jWdLdAn/MSJNT19vwuC5KVgDdlnv/bWj6u3uCmBvHUVsNMcTuOJXN2
|
||||
KOverRvdzStwW2yHmNn8PX4Yn4IVLSYdYNlrxp4DvL97WwnpxV2tASaRZ3eUMrh5
|
||||
sQaG/IqdJ1lCS78PyiE+kVzF0oNUbk1ba0N2Hvlc6LeA5Sy0lbaqT0PTU6xF5lec
|
||||
9azRPc3S2GiGl5BLRBcJvMjJzBBQ6yD4dXPY4nFQSWdgp7VW6FnvY6jnj2mmLVn8
|
||||
HYLB7hSxev3vCqt5vOEWXCi/zDM/YU5/SwbvZQ/vdkFGIEaJNSBGLq8As3uljmPd
|
||||
byLHu2wpW7/hVZpD6fYVG+0nghu23lwZ+l0KQKU4AleHulMJUaYkprP4LhC3mRAO
|
||||
jaJwlMn4hdGEV38zauukvwspxEmZ52UAEAhS1+NPLIm0gjR/s3S+U4HNpJjvqm+T
|
||||
BI3VAH8TV9bJ0FGf1jPZ5ZM0AsLearM5AO9peQ2xRvC9tLrpCnfk84HZF6KvZCzo
|
||||
egUxh55BXfCs5n/xhKU5ZLzbetkNLHXFsd3F2KAg3ny+vTxaTpY/rBCvsOKI98Fo
|
||||
ybRdsPn1zskNyGXdZi3yxVYa0lvEWf7VyG9svLSfF7xjN/pc7vj/nspCZK6B/q5+
|
||||
wAO+aJg4t0V8ZXu8gI23LFpiMNhjqkSQ6ZuIGA==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -19,7 +19,7 @@ ORGANIZATION_LANG=sv
|
|||
ORGANIZATION_NAME=Sweden Connect
|
||||
ORGANIZATION_URL=https\://swedenconnect.se
|
||||
SERVICE_PROVIDER_CONFIG_FOLDER=/opt/eidas-middleware/configuration/serviceprovider-metadata
|
||||
SERVICE_PROVIDER_METADATA_SIGNATURE_CERT=/opt/eidas-middleware/configuration/metadata-signature-certificate.crt
|
||||
SERVICE_PROVIDER_METADATA_SIGNATURE_CERT=/opt/eidas-middleware/configuration/credentials/metadata-signature-certificate.crt
|
||||
|
||||
#metadata validity
|
||||
#METADATA_VALIDITY=2063-04-30
|
||||
|
|
|
|||
|
|
@ -1,15 +0,0 @@
|
|||
hsmExternalCfgLocations=/opt/eidas-middleware/configuration/hsm/demw-sunpkcs11-config
|
||||
#hsmPin=
|
||||
#hsmLib=
|
||||
#hsmProviderName=
|
||||
#hsmSlot=0
|
||||
#hsmSlotListIndex=0
|
||||
#hsmSlotListIndexMaxRange=0
|
||||
#keySourcePass=
|
||||
#keySourceAlias=
|
||||
#keySourceKeyLocation=
|
||||
#keySourceCertLocation=
|
||||
#keySourcePassEnc=
|
||||
#keySourceAliasEnc=
|
||||
#keySourceKeyLocationEnc=
|
||||
#keySourceCertLocationEnc=ß
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
cat<<EOF
|
||||
hsmExternalCfgLocations=/opt/eidas-middleware/configuration/hsm/demw-sunpkcs11-config
|
||||
hsmPin=${PKCS11_PIN}
|
||||
hsmLib=/usr/safenet/lunaclient/lib/libCryptoki2_64.so
|
||||
hsmProviderName=Luna
|
||||
hsmSlot=5
|
||||
keySourceAlias=sc_eidas_sign
|
||||
keySourceCertLocation=/opt/eidas-middleware/configuration/credentials/sign.crt
|
||||
keySourceAliasEnc=sc_eidas_encrypt
|
||||
keySourceCertLocationEnc=/opt/eidas-middleware/configuration/credentials/enc.crt
|
||||
EOF
|
||||
|
|
@ -610,12 +610,12 @@ md-eu1.qa.komreg.net:
|
|||
- 'se-tug-lb-1.sunet.se'
|
||||
port: '443'
|
||||
|
||||
'^demw-[0-9]+\.sveidas\.se$':
|
||||
'^demw-1\.sveidas\.se$':
|
||||
eid::dockerhost:
|
||||
konsulter:
|
||||
autoupdate:
|
||||
eidas_de_middleware:
|
||||
version: 1.1.0-qa
|
||||
eidas_de_middleware_hsm:
|
||||
version: 110-fixes-sc-p11
|
||||
hostname: demw.eidas.swedenconnect.se
|
||||
saml_metadata:
|
||||
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
|
||||
|
|
@ -628,6 +628,17 @@ md-eu1.qa.komreg.net:
|
|||
- 'fe-tug-3.komreg.net'
|
||||
port: '443'
|
||||
|
||||
'^demw-2\.sveidas\.se$':
|
||||
eid::dockerhost:
|
||||
konsulter:
|
||||
autoupdate:
|
||||
eidas_de_middleware_hsm:
|
||||
version: 110-fixes-sc-p11
|
||||
hostname: demw.eidas.swedenconnect.se
|
||||
saml_metadata:
|
||||
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
|
||||
url: https://connector.eidas.swedenconnect.se/idp/metadata/sp
|
||||
|
||||
'^refidp-[0-9]+\.qa\.sveidas\.se$':
|
||||
sunet_iaas_cloud:
|
||||
eid::dockerhost:
|
||||
|
|
|
|||
|
|
@ -289,6 +289,40 @@ class md_repo_server($hostname) {
|
|||
ensure_resource('class','https_server',{})
|
||||
}
|
||||
|
||||
class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost') {
|
||||
$_version = safe_hiera('eidas_demw_version',$version)
|
||||
$_hostname = safe_hiera('eidas_demw_hostname',$hostname)
|
||||
$poseidas_admin_hashed_password = safe_hiera('poseidas_admin_hashed_password')
|
||||
$spring_datasource_password = safe_hiera('spring_datasource_password')
|
||||
$pkcs11_pin = safe_hiera('pkcs11_pin')
|
||||
$demw_tls_client_key = safe_hiera('demw_tls_client_key')
|
||||
$demw_tls_client_cert = safe_hiera('demw_tls_client_cert')
|
||||
$demw_tls_server_cert = safe_hiera('demw_tls_server_cert')
|
||||
|
||||
file {['/opt/eidas-middleware','/opt/eidas-middleware/configuration','/opt/eidas-middleware/database']: ensure => directory } ->
|
||||
sunet::docker_run {'eidas-demw':
|
||||
image => 'docker.sunet.se/eidas-demw',
|
||||
imagetag => $_version,
|
||||
hostname => "${::fqdn}",
|
||||
ports => ['443:8443'],
|
||||
volumes => ['/var/log/eidas-middleware:/var/log/eidas-middleware',
|
||||
'/opt/eidas-middleware/configuration:/opt/eidas-middleware/configuration',
|
||||
'/opt/eidas-middleware/database:/opt/eidas-middleware/database',
|
||||
'/dev/log:/dev/log',
|
||||
'/etc/ssl:/etc/ssl'],
|
||||
env => ["CERTNAME=${::fqdn}_infra",
|
||||
"EIDAS_SIGNER_DEFAULT_HASH_ALGORITHM=SHA256",
|
||||
"PUBLIC_HOSTNAME=$_hostname",
|
||||
"PKCS11_PIN=$pkcs11_pin",
|
||||
"POSEIDAS_ADMIN_HASHED_PASSWORD=$poseidas_admin_hashed_password",
|
||||
"DEMW_TLS_CLIENT_KEY=$demw_tls_client_key",
|
||||
"DEMW_TLS_CLIENT_CERT=$demw_tls_client_cert",
|
||||
"DEMW_TLS_SERVER_CERT=$demw_tls_server_cert",
|
||||
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"],
|
||||
extra_parameters => ["--log-driver=syslog"]
|
||||
}
|
||||
}
|
||||
|
||||
class eidas_de_middleware($version="106-rs",$hostname='localhost') {
|
||||
$_version = safe_hiera('eidas_demw_version',$version)
|
||||
$_hostname = safe_hiera('eidas_demw_hostname',$hostname)
|
||||
|
|
@ -299,6 +333,7 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
|
|||
$demw_tls_client_key = safe_hiera('demw_tls_client_key')
|
||||
$demw_tls_client_cert = safe_hiera('demw_tls_client_cert')
|
||||
$demw_tls_server_cert = safe_hiera('demw_tls_server_cert')
|
||||
|
||||
file {['/opt/eidas-middleware','/opt/eidas-middleware/configuration','/opt/eidas-middleware/database']: ensure => directory } ->
|
||||
sunet::snippets::secret_file {"/opt/eidas-middleware/configuration/eidasmw-signature-keystore.jks":
|
||||
hiera_key => 'eidasmw-signature-keystore',
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue