swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of git.nordu.net:eid-ops

Browse source
This commit is contained in:
Leif Johansson 2018-05-04 17:37:29 +02:00
commit 2569c7774b
9 changed files with 48 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
fe-common/overlay/etc/hiera/data/group.yaml
View file

@ -24,25 +24,22 @@ sunet_frontend:
remote_ip: '2001:6b0:8:4::111'
websites2_disabled:
websites2:
'www':
site_name: 'www.dev.eduid.se'
site_name: 'www.komreg.net'
frontends:
'fe-fre-1.eduid.se':
ips: ['130.242.131.61', '2001:6b0:54:fe::61']
'fe-tug-1.eduid.se':
ips: ['130.242.131.62', '2001:6b0:54:fe::62']
'fe-fre-3.komreg.net':
ips: ['94.176.224.180']
'fe-tug-3.komreg.net':
ips: ['94.176.224.181']
backends:
default:
'www-fre-1.eduid.se':
ips: ['130.242.130.200']
'www-fre-1.komreg.net':
ips: ['94.176.224.132']
server_args: 'ssl check verify none'
csp_ext_src: 'https://dev.eduid.se https://www.dev.eduid.se'
allow_ports:
- 443
letsencrypt_server: 'acme-c.dev.eduid.se'
varnish_enabled: true
varnish_imagetag: 'staging'
letsencrypt_server: 'acme-c.sunet.se'
haproxy_imagetag: 'staging'

9
fe-fre-3.komreg.net/overlay/etc/netplan/99-static-ipv6.yaml Normal file
View file

@ -0,0 +1,9 @@
network:
version: 2
ethernets:
eth0:
addresses:
- 2001:6b0:64:2::165/64
gateway6: 2001:6b0:64:2::1
match:
name: eth0

3
global/overlay/etc/hiera/data/common.yaml
View file

@ -1,6 +1,7 @@
---
eid_docker_version: '18.02.0~ce-0~ubuntu'
eid_docker_version: '18.05.0~ce~2.1.rc1-0~ubuntu'
eid_docker_compose_version: '1.15.0'
eid_docker_repo: 'test'
eid_proxy_server: ""
eid_no_proxy: true

15
global/overlay/etc/puppet/cosmos-db.yaml
View file

@ -79,7 +79,6 @@ classes:
sunetops: null
kvmeidas-fre-3.komreg.net:
common: null
eid::kvmhost: null
entropyclient: null
infra_ca_rp: null
mailclient: *id001
@ -88,7 +87,6 @@ classes:
sunetops: null
kvmeidas-tug-3.komreg.net:
common: null
eid::kvmhost: null
entropyclient: null
infra_ca_rp: null
mailclient: *id001
@ -97,12 +95,11 @@ classes:
sunetops: null
kvmfe-fre-3.komreg.net:
common: null
eid::kvm_vms:
eid::kvmhost:
vms:
fe-fre-3.komreg.net: {bridge: br-fe, cpus: '4', description: eid fre frontend,
gateway: 94.176.224.161, ip: 94.176.224.165, mac: '52:54:20:01:00:01', memory: '4096',
netmask: 255.255.255.240}
eid::kvmhost: null
entropyclient: null
infra_ca_rp: null
mailclient: *id001
@ -111,7 +108,6 @@ classes:
sunetops: null
kvmfe-tug-3.komreg.net:
common: null
eid::kvmhost: null
entropyclient: null
infra_ca_rp: null
mailclient: *id001
@ -120,7 +116,6 @@ classes:
sunetops: null
kvminfra-fre-3.komreg.net:
common: null
eid::kvmhost: null
entropyclient: null
infra_ca_rp: null
mailclient: *id001
@ -129,7 +124,6 @@ classes:
sunetops: null
kvminfra-tug-3.komreg.net:
common: null
eid::kvmhost: null
entropyclient: null
infra_ca_rp: null
mailclient: *id001
@ -138,7 +132,6 @@ classes:
sunetops: null
kvmmeta-fre-3.komreg.net:
common: null
eid::kvmhost: null
entropyclient: null
infra_ca_rp: null
mailclient: *id001
@ -147,7 +140,6 @@ classes:
sunetops: null
kvmmeta-tug-3.komreg.net:
common: null
eid::kvmhost: null
entropyclient: null
infra_ca_rp: null
mailclient: *id001
@ -277,10 +269,7 @@ members:
md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
prid-1.qa.sveidas.se, r1.komreg.net, web-1.qa.sveidas.se]
eid::dockerhost: [fe-fre-3.komreg.net]
eid::kvm_vms: [kvmfe-fre-3.komreg.net]
eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net]
eid::kvmhost: [kvmfe-fre-3.komreg.net]
eidas_connector: [eidas-node-1.qa.sveidas.se]
eidas_proxy: [eidas-proxy-1.qa.sveidas.se]
entropyclient: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, fe-fre-3.komreg.net,

38
global/overlay/etc/puppet/cosmos-modules.conf
View file

@ -1,23 +1,23 @@
# name source (puppetlabs fq name or git url) upgrade (yes/no)
#
concat git://github.com/SUNET/puppetlabs-concat.git yes sunet_dev-*
stdlib git://github.com/SUNET/puppetlabs-stdlib.git yes sunet-*
cosmos git://github.com/SUNET/puppet-cosmos.git yes sunet-*
ufw git://github.com/SUNET/puppet-module-ufw.git yes sunet-*
apt git://github.com/SUNET/puppetlabs-apt.git yes sunet-*
vcsrepo git://github.com/SUNET/puppetlabs-vcsrepo.git yes sunet-*
xinetd git://github.com/SUNET/puppetlabs-xinetd.git yes sunet-*
python git://github.com/SUNET/puppet-python.git yes sunet-*
hiera-gpg git://github.com/SUNET/hiera-gpg.git yes sunet-*
pound git://github.com/SUNET/puppet-pound.git yes sunet-*
augeas git://github.com/SUNET/puppet-augeas.git yes sunet-*
bastion git://github.com/SUNET/puppet-bastion.git yes sunet-*
concat git://github.com/SUNET/puppetlabs-concat.git yes sunet_dev-2*
stdlib git://github.com/SUNET/puppetlabs-stdlib.git yes sunet-2*
cosmos git://github.com/SUNET/puppet-cosmos.git yes sunet-2*
ufw git://github.com/SUNET/puppet-module-ufw.git yes sunet-2*
apt git://github.com/SUNET/puppetlabs-apt.git yes sunet-2*
vcsrepo git://github.com/SUNET/puppetlabs-vcsrepo.git yes sunet-2*
xinetd git://github.com/SUNET/puppetlabs-xinetd.git yes sunet-2*
python git://github.com/SUNET/puppet-python.git yes sunet-2*
hiera-gpg git://github.com/SUNET/hiera-gpg.git yes sunet-2*
pound git://github.com/SUNET/puppet-pound.git yes sunet-2*
augeas git://github.com/SUNET/puppet-augeas.git yes sunet-2*
bastion git://github.com/SUNET/puppet-bastion.git yes sunet-2*
pyff git://github.com/samlbits/puppet-pyff.git yes puppet-pyff-*
dhcp git://github.com/SUNET/puppetlabs-dhcp.git yes sunet_dev-*
dhcp git://github.com/SUNET/puppetlabs-dhcp.git yes sunet_dev-2*
varnish git://github.com/samlbits/puppet-varnish.git yes puppet-varnish-*
apparmor https://github.com/SUNET/puppet-apparmor.git yes sunet-*
docker git://github.com/SUNET/garethr-docker.git yes sunet-*
network git://github.com/SUNET/attachmentgenie-network.git yes sunet-*
sunet git://github.com/SUNET/puppet-sunet.git yes sunet-*
sysctl git://github.com/SUNET/puppet-sysctl.git yes sunet-*
nagioscfg git://github.com/SUNET/puppet-nagioscfg.git yes sunet-*
apparmor https://github.com/SUNET/puppet-apparmor.git yes sunet-2*
docker git://github.com/SUNET/garethr-docker.git yes sunet-2*
network git://github.com/SUNET/attachmentgenie-network.git yes sunet-2*
sunet git://github.com/SUNET/puppet-sunet.git yes sunet_dev-2*
sysctl git://github.com/SUNET/puppet-sysctl.git yes sunet-2*
nagioscfg git://github.com/SUNET/puppet-nagioscfg.git yes sunet-2*

5
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -8,9 +8,6 @@
domain: sunet.se
sunet::rsyslog:
'^kvm.+-.+-\d+\.komreg\.net$':
eid::kvmhost:
jmp.komreg.net:
konsulter:
sunet_iaas_cloud:
@ -21,7 +18,7 @@ jmp.komreg.net:
autoupdate:
kvmfe-fre-3.komreg.net:
eid::kvm_vms:
eid::kvmhost:
vms:
fe-fre-3.komreg.net:
mac: '52:54:20:01:00:01'

2
global/overlay/etc/puppet/modules/eid/manifests/dockerhost.pp
View file

@ -2,7 +2,7 @@
class eid::dockerhost(
String $version = safe_hiera('eid_docker_version'),
String $package_name = hiera('eid_docker_package_name', 'docker-ce'),
Enum['stable', 'edge'] $docker_repo = hiera('eid_docker_repo', 'stable'),
Enum['stable', 'edge', 'test'] $docker_repo = hiera('eid_docker_repo', 'stable'),
String $compose_version = safe_hiera('eid_docker_compose_version'),
String $docker_args = '',
Optional[String] $docker_dns = undef,

5
global/overlay/etc/puppet/modules/eid/manifests/kvm_vms.pp
View file

@ -1,5 +0,0 @@
class eid::kvm_vms(
Hash $vms
) {
create_resources('eid::cloudimage', $vms)
}

7
global/overlay/etc/puppet/modules/eid/manifests/kvmhost.pp
View file

@ -1,6 +1,7 @@
class eid::kvmhost(
$proxy_server = hiera('eid_proxy_server'),
$no_proxy = hiera('eid_no_proxy'),
String $proxy_server = hiera('eid_proxy_server'),
String $no_proxy = hiera('eid_no_proxy'),
Hash $vms = [],
) {
file {
'/etc/cosmos-manual-reboot':
@ -37,4 +38,6 @@ class eid::kvmhost(
line => '8021q',
;
}
create_resources('eduid::cloudimage', $vms)
}