From eda42a22637dab0109094f6282a2f289d259f192 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 09:59:17 +0200 Subject: [PATCH 01/18] added mariahs ssh key to hiera --- global/overlay/etc/hiera/data/common.yaml | 15 +++++++++++++++ .../overlay/etc/puppet/manifests/cosmos-site.pp | 14 ++++++-------- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/global/overlay/etc/hiera/data/common.yaml b/global/overlay/etc/hiera/data/common.yaml index fb540f61..19b7ee58 100644 --- a/global/overlay/etc/hiera/data/common.yaml +++ b/global/overlay/etc/hiera/data/common.yaml @@ -10,3 +10,18 @@ nrpe_clients: - 109.105.111.111 - 2001:948:4:6::111 - 89.45.233.197 + +ssh_authorized_keys: + + 'mariah+CA747E57': + ensure: 'present' + name: 'mariah+CA747E57@nordu.net' + key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQfL3uYsqjzkKOxn9nhjDHeWdWQ5SRwcPz\ + q7gINcwJ7omA5c7wJ4RKDqBPihJ9tp2rgM6DKKGxtSyjO6LFhkGNa86uub2PLS0ar+aRobPZ\ + 6sOeASqHbO3S1mmvZZWTQ30AFjtY98jjlvfKEI5Xu1+UKyQJqK+/UBVKlPaW6GMSYLr9Z5Uu\ + 4XS/sBPdL/ZtR95zDO9OKY8OtTufQi8Zy3pl4Q3xcOsSLZrKiEKMYDCLPlxytHD8FDDYLsgi\ + uPlbF8/uVYYrt/LHHMkD552xC+EjA7Qde1jDU6iHTpttn7j/3FKoxvM8BXUG+QpbqGUESjAl\ + Az/PMNCUZ0kVYh9eeXr" + type: 'ssh-rsa' + user: 'root' + diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 69e1ea9e..7f4ae67e 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -327,6 +327,12 @@ class sunetops { sshd_config => $sshd_config, } + # SSH config, create SSH authorized keys from Hiera + $ssh_authorized_keys = hiera_hash('ssh_authorized_keys', undef) + if is_hash($ssh_authorized_keys) { + create_resources('ssh_authorized_key', $ssh_authorized_keys) + } + ssh_authorized_key {'leifj+neo': ensure => present, name => 'leifj+neo@mnt.se', @@ -479,14 +485,6 @@ class sunetops { user => 'root' } - ssh_authorized_key {'mariah+CA747E57': - ensure => present, - name => 'mariah+CA747E57@nordu.net', - key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQfL3uYsqjzkKOxn9nhjDHeWdWQ5SRwcPzq7gINcwJ7omA5c7wJ4RKDqBPihJ9tp2rgM6DKKGxtSyjO6LFhkGNa86uub2PLS0ar+aRobPZ6sOeASqHbO3S1mmvZZWTQ30AFjtY98jjlvfKEI5Xu1+UKyQJqK+/UBVKlPaW6GMSYLr9Z5Uu4XS/sBPdL/ZtR95zDO9OKY8OtTufQi8Zy3pl4Q3xcOsSLZrKiEKMYDCLPlxytHD8FDDYLsgiuPlbF8/uVYYrt/LHHMkD552xC+EjA7Qde1jDU6iHTpttn7j/3FKoxvM8BXUG+QpbqGUESjAlAz/PMNCUZ0kVYh9eeXr', - type => 'ssh-rsa', - user => 'root' - } - # OS hardening if $::hostname =~ /kvm/ { class {'bastion': From f8098d4d9a0c45830422873231bd7524d4bd940d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 10:12:18 +0200 Subject: [PATCH 02/18] added frontend vm --- global/overlay/etc/puppet/cosmos-rules.yaml | 8 +++ .../modules/eid/manifests/cloudimage.pp | 65 +++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 19410eea..dc0bde18 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -20,6 +20,14 @@ jmp.komreg.net: konsulter: autoupdate: +kvmfe-fre-3.komreg.net: + eid::cloudimage: + fe-fre-3.komreg.net: + mac: '52:54:20:01:00:01' + description: 'eid fre frontend' + cpus: '4' + memory: '4096' + nic.komreg.net: sunet_iaas_cloud: autoupdate: diff --git a/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp b/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp new file mode 100644 index 00000000..8c9f8db2 --- /dev/null +++ b/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp @@ -0,0 +1,65 @@ +# Wrapper with eid common settings for sunet::cloudimage +class eid::cloudimage( + String $mac, + String $cpus = '1', + String $memory = '1024', + String $description = undef, + Boolean $dhcp = true, + Optional[String] $ip = undef, + Optional[String] $netmask = undef, + Optional[String] $gateway = undef, + Optional[String] $ip6 = undef, + Optional[String] $netmask6 = '64', + Optional[String] $gateway6 = undef, + Optional[Array] $resolver = undef, + Array[String] $search = ['komreg.net'], + String $bridge = 'br0', + String $size = '40G', + String $local_size = '0', + String $image_url = 'https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img', +) { + # This is a hack, use SSH keys from KVM host? + $ft_ssh_key = hiera('ssh_authorized_keys')['mariah+CA747E57@nordu.net'] + $cloudimage_ssh_keys = [sprintf('%s %s %s', $ft_ssh_key['type'], $ft_ssh_key['key'], $ft_ssh_key['name'])] + + $_v6_resolver = $ip6 ? { + undef => undef, + default => ['2001:6b0:1e::14', + '2001:6b0:1e::99', + ], + } + + $_resolver1 = pick($resolver, $_v6_resolver, 'NOT_SET') + $_resolver = $_resolver1 ? { + 'NOT_SET' => undef, + default => $_resolver1, + } + + sunet::cloudimage { $name: + image_url => $image_url, + ssh_keys => $cloudimage_ssh_keys, + apt_dir => '/etc/cosmos/apt', + disable_ec2 => true, + # + bridge => $bridge, + dhcp => $dhcp, + mac => $mac, + ip => $ip, + netmask => $netmask, + gateway => $gateway, + ip6 => $ip6, + netmask6 => $netmask6, + gateway6 => $gateway6, + resolver => $_resolver, + search => $search, + # + repo => $::cosmos_repo_origin_url, + tagpattern => $::cosmos_tag_pattern, + # + cpus => $cpus, + memory => $memory, + description => $description, + size => $size, + local_size => $local_size, + } +} From 38da93a1ccfc62f1af2b8396c276b6e389e098b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 10:16:59 +0200 Subject: [PATCH 03/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 87e874c4..31cdb2d5 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -87,6 +87,9 @@ classes: sunetops: null kvmfe-fre-3.komreg.net: common: null + eid::cloudimage: + fe-fre-3.komreg.net: {cpus: '4', description: eid fre frontend, mac: '52:54:20:01:00:01', + memory: '4096'} eid::kvmhost: null entropyclient: null infra_ca_rp: null @@ -247,6 +250,7 @@ members: kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] + eid::cloudimage: [kvmfe-fre-3.komreg.net] eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net] From 9c187e1e3b1574793f6e2411128ada7dbf9db7c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 10:17:23 +0200 Subject: [PATCH 04/18] fix white space --- global/overlay/etc/puppet/cosmos-rules.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index dc0bde18..616f5372 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -23,10 +23,10 @@ jmp.komreg.net: kvmfe-fre-3.komreg.net: eid::cloudimage: fe-fre-3.komreg.net: - mac: '52:54:20:01:00:01' - description: 'eid fre frontend' - cpus: '4' - memory: '4096' + mac: '52:54:20:01:00:01' + description: 'eid fre frontend' + cpus: '4' + memory: '4096' nic.komreg.net: sunet_iaas_cloud: From 262b705f8d1c7dcd23421d3143d0dd6a40c5db22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 10:25:44 +0200 Subject: [PATCH 05/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 31cdb2d5..0e632533 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -87,9 +87,10 @@ classes: sunetops: null kvmfe-fre-3.komreg.net: common: null - eid::cloudimage: - fe-fre-3.komreg.net: {cpus: '4', description: eid fre frontend, mac: '52:54:20:01:00:01', - memory: '4096'} + eid::kvm_vms: + vms: + fe-fre-3.komreg.net: {cpus: '4', description: eid fre frontend, mac: '52:54:20:01:00:01', + memory: '4096'} eid::kvmhost: null entropyclient: null infra_ca_rp: null @@ -250,7 +251,7 @@ members: kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] - eid::cloudimage: [kvmfe-fre-3.komreg.net] + eid::kvm_vms: [kvmfe-fre-3.komreg.net] eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net] From 641ce2973384b96af9bfb41318e0b2703a91cd39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 10:26:33 +0200 Subject: [PATCH 06/18] frontend fre --- global/overlay/etc/puppet/cosmos-rules.yaml | 13 +++++++------ .../etc/puppet/modules/eid/manifests/cloudimage.pp | 2 +- .../etc/puppet/modules/eid/manifests/kvm_vms.pp | 5 +++++ 3 files changed, 13 insertions(+), 7 deletions(-) create mode 100644 global/overlay/etc/puppet/modules/eid/manifests/kvm_vms.pp diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 616f5372..9f25316e 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -21,12 +21,13 @@ jmp.komreg.net: autoupdate: kvmfe-fre-3.komreg.net: - eid::cloudimage: - fe-fre-3.komreg.net: - mac: '52:54:20:01:00:01' - description: 'eid fre frontend' - cpus: '4' - memory: '4096' + eid::kvm_vms: + vms: + fe-fre-3.komreg.net: + mac: '52:54:20:01:00:01' + description: 'eid fre frontend' + cpus: '4' + memory: '4096' nic.komreg.net: sunet_iaas_cloud: diff --git a/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp b/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp index 8c9f8db2..323c297f 100644 --- a/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp +++ b/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp @@ -1,5 +1,5 @@ # Wrapper with eid common settings for sunet::cloudimage -class eid::cloudimage( +define eid::cloudimage( String $mac, String $cpus = '1', String $memory = '1024', diff --git a/global/overlay/etc/puppet/modules/eid/manifests/kvm_vms.pp b/global/overlay/etc/puppet/modules/eid/manifests/kvm_vms.pp new file mode 100644 index 00000000..f5f4aa8b --- /dev/null +++ b/global/overlay/etc/puppet/modules/eid/manifests/kvm_vms.pp @@ -0,0 +1,5 @@ +class eid::kvm_vms( + Hash $vms +) { + create_resources('eid::cloudimage', $vms) +} From c7499d482e466637e40c7de7a2b5092f84cd4393 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 10:30:24 +0200 Subject: [PATCH 07/18] fixed mariahs ssh key --- global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp b/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp index 323c297f..88c19504 100644 --- a/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp +++ b/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp @@ -19,8 +19,8 @@ define eid::cloudimage( String $image_url = 'https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img', ) { # This is a hack, use SSH keys from KVM host? - $ft_ssh_key = hiera('ssh_authorized_keys')['mariah+CA747E57@nordu.net'] - $cloudimage_ssh_keys = [sprintf('%s %s %s', $ft_ssh_key['type'], $ft_ssh_key['key'], $ft_ssh_key['name'])] + $_ssh_key = hiera('ssh_authorized_keys')['mariah+CA747E57'] + $cloudimage_ssh_keys = [sprintf('%s %s %s', $_ssh_key['type'], $_ssh_key['key'], $_ssh_key['name'])] $_v6_resolver = $ip6 ? { undef => undef, From f13b7163f1d76b3aca905dd094b110fce8da3d4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 10:55:46 +0200 Subject: [PATCH 08/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 0e632533..06e75029 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -89,8 +89,8 @@ classes: common: null eid::kvm_vms: vms: - fe-fre-3.komreg.net: {cpus: '4', description: eid fre frontend, mac: '52:54:20:01:00:01', - memory: '4096'} + fe-fre-3.komreg.net: {bridge: br-fe, cpus: '4', description: eid fre frontend, + mac: '52:54:20:01:00:01', memory: '4096'} eid::kvmhost: null entropyclient: null infra_ca_rp: null From 4ab5aa43ee8573c15d12208175591d6afadd12bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 10:56:17 +0200 Subject: [PATCH 09/18] troubleshooting new kvm vm --- global/overlay/etc/puppet/cosmos-rules.yaml | 1 + global/overlay/etc/puppet/puppet.conf | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 9f25316e..586fb43e 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -25,6 +25,7 @@ kvmfe-fre-3.komreg.net: vms: fe-fre-3.komreg.net: mac: '52:54:20:01:00:01' + bridge: 'br-fe' description: 'eid fre frontend' cpus: '4' memory: '4096' diff --git a/global/overlay/etc/puppet/puppet.conf b/global/overlay/etc/puppet/puppet.conf index cc9e736e..705c56b5 100644 --- a/global/overlay/etc/puppet/puppet.conf +++ b/global/overlay/etc/puppet/puppet.conf @@ -12,6 +12,12 @@ basemodulepath = /etc/puppet/modules:/etc/puppet/cosmos-modules:/usr/share/puppe parser = future disable_warnings = deprecations +# Recommended New Features settings from +# https://docs.puppet.com/puppet/3.8/config_important_settings.html#recommended-and-safe +stringify_facts = false +trusted_node_data = true +ordering = manifest + [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. From 4b83914f1a2ceb16798446cece6583ca6a89df72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 11:07:41 +0200 Subject: [PATCH 10/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 06e75029..d054a3c6 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -90,7 +90,8 @@ classes: eid::kvm_vms: vms: fe-fre-3.komreg.net: {bridge: br-fe, cpus: '4', description: eid fre frontend, - mac: '52:54:20:01:00:01', memory: '4096'} + dhcp: false, gateway: 94.176.224.161, ip: 94.176.224.165, mac: '52:54:20:01:00:01', + memory: '4096', netmask: 255.255.255.240} eid::kvmhost: null entropyclient: null infra_ca_rp: null From de3c8c470f0c857059692031ddcb6bf5a811c8f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 11:08:06 +0200 Subject: [PATCH 11/18] added ip address to vm --- global/overlay/etc/puppet/cosmos-rules.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 586fb43e..96c5b8aa 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -25,6 +25,10 @@ kvmfe-fre-3.komreg.net: vms: fe-fre-3.komreg.net: mac: '52:54:20:01:00:01' + dhcp: false + ip: '94.176.224.165' + netmask: '255.255.255.240' + gateway: '94.176.224.161' bridge: 'br-fe' description: 'eid fre frontend' cpus: '4' From 856cca5fcfbbc808850518123deb776caf9db4c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 11:29:20 +0200 Subject: [PATCH 12/18] vm settings --- global/overlay/etc/puppet/cosmos-rules.yaml | 1 - .../modules/eid/manifests/cloudimage.pp | 22 +++---------------- 2 files changed, 3 insertions(+), 20 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 96c5b8aa..2360ab68 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -25,7 +25,6 @@ kvmfe-fre-3.komreg.net: vms: fe-fre-3.komreg.net: mac: '52:54:20:01:00:01' - dhcp: false ip: '94.176.224.165' netmask: '255.255.255.240' gateway: '94.176.224.161' diff --git a/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp b/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp index 88c19504..fb94c322 100644 --- a/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp +++ b/global/overlay/etc/puppet/modules/eid/manifests/cloudimage.pp @@ -4,15 +4,12 @@ define eid::cloudimage( String $cpus = '1', String $memory = '1024', String $description = undef, - Boolean $dhcp = true, Optional[String] $ip = undef, Optional[String] $netmask = undef, Optional[String] $gateway = undef, Optional[String] $ip6 = undef, Optional[String] $netmask6 = '64', Optional[String] $gateway6 = undef, - Optional[Array] $resolver = undef, - Array[String] $search = ['komreg.net'], String $bridge = 'br0', String $size = '40G', String $local_size = '0', @@ -22,19 +19,6 @@ define eid::cloudimage( $_ssh_key = hiera('ssh_authorized_keys')['mariah+CA747E57'] $cloudimage_ssh_keys = [sprintf('%s %s %s', $_ssh_key['type'], $_ssh_key['key'], $_ssh_key['name'])] - $_v6_resolver = $ip6 ? { - undef => undef, - default => ['2001:6b0:1e::14', - '2001:6b0:1e::99', - ], - } - - $_resolver1 = pick($resolver, $_v6_resolver, 'NOT_SET') - $_resolver = $_resolver1 ? { - 'NOT_SET' => undef, - default => $_resolver1, - } - sunet::cloudimage { $name: image_url => $image_url, ssh_keys => $cloudimage_ssh_keys, @@ -42,7 +26,7 @@ define eid::cloudimage( disable_ec2 => true, # bridge => $bridge, - dhcp => $dhcp, + dhcp => false, mac => $mac, ip => $ip, netmask => $netmask, @@ -50,8 +34,8 @@ define eid::cloudimage( ip6 => $ip6, netmask6 => $netmask6, gateway6 => $gateway6, - resolver => $_resolver, - search => $search, + resolver => ['130.242.80.14', '130.242.80.99'], + search => ['komreg.net'], # repo => $::cosmos_repo_origin_url, tagpattern => $::cosmos_tag_pattern, From 3e571b6e80be33f283cd6aa4d0c8f22dfba44ab5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 11:29:35 +0200 Subject: [PATCH 13/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index d054a3c6..783dd804 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -90,8 +90,8 @@ classes: eid::kvm_vms: vms: fe-fre-3.komreg.net: {bridge: br-fe, cpus: '4', description: eid fre frontend, - dhcp: false, gateway: 94.176.224.161, ip: 94.176.224.165, mac: '52:54:20:01:00:01', - memory: '4096', netmask: 255.255.255.240} + gateway: 94.176.224.161, ip: 94.176.224.165, mac: '52:54:20:01:00:01', memory: '4096', + netmask: 255.255.255.240} eid::kvmhost: null entropyclient: null infra_ca_rp: null From f4a19dfad3417228c0a0632bf71e91b1798f10c7 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Thu, 3 May 2018 12:33:31 +0200 Subject: [PATCH 14/18] ubuntu 18.04 doesn't seem to have /etc/rc.local anymore --- .../eid/templates/kvm/bootstrap-cosmos.sh.erb | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/global/overlay/etc/puppet/modules/eid/templates/kvm/bootstrap-cosmos.sh.erb b/global/overlay/etc/puppet/modules/eid/templates/kvm/bootstrap-cosmos.sh.erb index 30a5a1bc..449fe1b0 100755 --- a/global/overlay/etc/puppet/modules/eid/templates/kvm/bootstrap-cosmos.sh.erb +++ b/global/overlay/etc/puppet/modules/eid/templates/kvm/bootstrap-cosmos.sh.erb @@ -55,14 +55,16 @@ if ! test -d /var/cache/cosmos/repo; then cosmos clone "$cmd_repo" fi -# re-run cosmos at reboot until it succeeds - use bash -l to get working proxy settings -grep -v "^exit 0" /etc/rc.local > /etc/rc.local.new -(echo "" - echo "test -f /etc/run-cosmos-at-boot && (bash -l cosmos -v update; bash -l cosmos -v apply && rm /etc/run-cosmos-at-boot)" - echo "" - echo "exit 0" -) >> /etc/rc.local.new -mv -f /etc/rc.local.new /etc/rc.local +if [ -f /etc/rc.local ]; then + # re-run cosmos at reboot until it succeeds - use bash -l to get working proxy settings + grep -v "^exit 0" /etc/rc.local > /etc/rc.local.new + (echo "" + echo "test -f /etc/run-cosmos-at-boot && (bash -l cosmos -v update; bash -l cosmos -v apply && rm /etc/run-cosmos-at-boot)" + echo "" + echo "exit 0" + ) >> /etc/rc.local.new + mv -f /etc/rc.local.new /etc/rc.local +fi touch /etc/run-cosmos-at-boot From c694eee5981c64d874f98f688e627c4eec7732af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 3 May 2018 12:39:23 +0200 Subject: [PATCH 15/18] fe-fre-3.komreg.net added --- fe-fre-3.komreg.net/README | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 fe-fre-3.komreg.net/README diff --git a/fe-fre-3.komreg.net/README b/fe-fre-3.komreg.net/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/fe-fre-3.komreg.net/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + From b72030ac92e356ab1cd6ad30210c66a48ceb14bf Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Thu, 3 May 2018 12:48:05 +0200 Subject: [PATCH 16/18] merge goodies from eduid-cosmos --- global/post-tasks.d/015cosmos-trust | 75 +++++++++++++++++++++-------- global/post-tasks.d/018packages | 53 ++++++++++---------- global/post-tasks.d/030puppet | 5 +- global/post-tasks.d/099autoremove | 8 +-- global/post-tasks.d/999reboot | 27 +++++++++-- global/pre-tasks.d/030puppet | 18 ++++--- global/pre-tasks.d/040hiera-gpg | 7 ++- 7 files changed, 131 insertions(+), 62 deletions(-) diff --git a/global/post-tasks.d/015cosmos-trust b/global/post-tasks.d/015cosmos-trust index 74835e06..cbb748f9 100755 --- a/global/post-tasks.d/015cosmos-trust +++ b/global/post-tasks.d/015cosmos-trust @@ -1,28 +1,63 @@ -#!/bin/sh +#!/bin/bash if [ -z "$COSMOS_KEYS" ]; then COSMOS_KEYS=/etc/cosmos/keys fi -# Install new keys discovered in the $COSMOS_KEYS directory -for k in $COSMOS_KEYS/*.pub; do - fp=`cosmos gpg --with-colons --with-fingerprint < $k | awk -F: '$1 == "pub" {print $5}'` - fp_in_db=`cosmos gpg --with-colons --fingerprint | grep ":$fp:"` - if [ "x`echo $fp_in_db | grep '^pub:e:'`" != "x" ]; then - echo "$0: Key expired, will re-import it from $k" - cosmos gpg --fingerprint $fp - fi - # The removal of any ^pub:e: entrys means to ignore expired keys - thereby importing them again. - echo $fp_in_db | grep -v "^pub:e:" | grep -q ":$fp:" || cosmos gpg --import < $k +bold='\e[1m' +reset='\e[0m' +red='\033[01;31m' + +# Associative array of fingerprints in the GPG keyring +declare -A KEYRING + +# Associative array with expired keys in the GPG keyring +declare -A EXPIRED + +# associative array with non-expired keys found in $COSMOS_KEYS directory +declare -A SEEN + +# Load information about all keys present in the GPG keyring +for line in $(cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" { print $2 ":" $5 }'); do + IFS=':' read -r expired fp <<< $line + KEYRING[$fp]='1' + if [[ $expired == 'e' ]]; then + EXPIRED[$fp]=1 + fi done -# Delete keys no longer present in $COSMOS_KEYS directory -for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do - seen="no" - for k in $COSMOS_KEYS/*.pub; do - cosmos gpg --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes" - done - if [ "x$seen" = "xno" ]; then - cosmos gpg --yes --batch --delete-key $fp || true - fi +# Install new keys discovered in the $COSMOS_KEYS directory +for k in $COSMOS_KEYS/*.pub; do + if [[ ! -s $k ]]; then + # Silently ignore empty files + continue + fi + pubkeys_in_file=$(cosmos gpg --with-colons --with-fingerprint < $k | grep "^pub:") + non_expired_pubkeys_in_file=$(echo ${pubkeys_in_file} | awk -F: '$2 != "e" { print $0 }') + if [[ ! $non_expired_pubkeys_in_file ]]; then + echo -e "$0: ${red}Ignoring file with expired pubkey: ${k}${reset}" + continue + fi + + fp=$(echo ${pubkeys_in_file} | awk -F: '{print $5}') + + # Remember that we saw fingerprint $fp in file $k + SEEN[$fp]=$k + + if [[ ! ${KEYRING[$fp]} ]]; then + echo -e "$0: ${bold}Importing new key ${fp}${reset} from ${k}" + cosmos gpg --import < $k + elif [[ ${EXPIRED[$fp]} ]]; then + echo -e "$0: ${bold}Re-importing expired key ${fp}${reset} from ${k}" + cosmos gpg --import < $k + fi +done + +# Delete keys no longer present (or expired) in $COSMOS_KEYS directory +for fp in ${!KEYRING[@]}; do + if [[ ! ${SEEN[$fp]} ]]; then + echo -e "$0: ${bold}Deleting key${reset} ${fp} not present (or expired) in ${COSMOS_KEYS}" + cosmos gpg --fingerprint $fp + cosmos gpg --yes --batch --delete-key $fp || true + fi done diff --git a/global/post-tasks.d/018packages b/global/post-tasks.d/018packages index 9370e102..79c33483 100755 --- a/global/post-tasks.d/018packages +++ b/global/post-tasks.d/018packages @@ -1,19 +1,23 @@ #!/bin/bash CONFIG=${CONFIG:=/etc/puppet/cosmos-modules.conf} +LOCALCONFIG=${LOCALCONFIG:=/etc/puppet/cosmos-modules_local.conf} CACHE_DIR=/var/cache/puppet-modules MODULES_DIR=${MODULES_DIR:=/etc/puppet/cosmos-modules} export GNUPGHOME=/etc/cosmos/gnupg python -c "import yaml" 2>/dev/null || apt-get -y install python-yaml +bold='\e[1m' +reset='\e[0m' +red='\033[01;31m' stage_module() { rm -rf $CACHE_DIR/staging/$1 git archive --format=tar --prefix=$1/ $2 | (cd $CACHE_DIR/staging/ && tar xf -) } -if [ -f $CONFIG ]; then +if [ -f $CONFIG -o $LOCALCONFIG ]; then if [ ! -d $MODULES_DIR ]; then mkdir -p $MODULES_DIR fi @@ -21,11 +25,14 @@ if [ -f $CONFIG ]; then mkdir -p $CACHE_DIR/{scm,staging} fi + test -f $CONFIG || CONFIG='' + test -f $LOCALCONFIG || LOCALCONFIG='' + # First pass to clone any new modules, and update those marked for updating. - grep -E -v "^#" $CONFIG | ( + grep -h -E -v "^#" $CONFIG $LOCALCONFIG | sort | ( while read module src update pattern; do - # We only support git:// urls and https:// urls atm - if [ "${src:0:6}" = "git://" -o "${src:0:8}" = "https://" ]; then + # We only support git://, file:/// and https:// urls at the moment + if [ "${src:0:6}" = "git://" -o "${src:0:8}" = "file:///" -o "${src:0:8}" = "https://" ]; then if [ ! -d $CACHE_DIR/scm/$module ]; then git clone -q $src $CACHE_DIR/scm/$module elif [ -d $CACHE_DIR/scm/$module/.git ]; then @@ -39,16 +46,14 @@ if [ -f $CONFIG ]; then continue fi else - echo "ERROR: Ignoring non-git repository" + echo -e "${red}ERROR: Ignoring non-git repository${reset}" continue fi elif [[ "$src" =~ .*:// ]]; then - echo "ERROR: Don't know how to install '$src'" + echo -e "${red}ERROR: Don't know how to install '${src}'${reset}" continue else - echo "WARNING" - echo "WARNING - attempting UNSAFE installation/upgrade of puppet-module $module from $src" - echo "WARNING" + echo -e "${bold}WARNING - attempting UNSAFE installation/upgrade of puppet-module ${module} from ${src}${reset}" if [ ! -d /etc/puppet/modules/$module ]; then puppet module install $src elif [ "$update" = "yes" ]; then @@ -60,34 +65,32 @@ if [ -f $CONFIG ]; then # Second pass to verify the signatures on all modules and stage those that # have good signatures. - grep -E -v "^#" $CONFIG | ( + grep -h -E -v "^#" $CONFIG $LOCALCONFIG | sort | ( while read module src update pattern; do - # We only support git:// urls atm - if [ "${src:0:6}" = "git://" -o "${src:0:8}" = "https://" ]; then + # We only support git://, file:/// and https:// urls at the moment + if [ "${src:0:6}" = "git://" -o "${src:0:8}" = "file:///" -o "${src:0:8}" = "https://" ]; then # Verify git tag cd $CACHE_DIR/scm/$module TAG=$(git tag -l "${pattern:-*}" | sort | tail -1) if [ "$COSMOS_VERBOSE" = "y" ]; then - echo "" - echo "Checking signature on tag ${TAG} for puppet-module $module" + echo -e "Checking signature on puppet-module:tag ${bold}${module}:${TAG}${reset}" fi if [ -z "$TAG" ]; then - echo "ERROR: No git tag found for pattern '${pattern:-*}' on puppet-module $module" + echo -e "${red}ERROR: No git tag found for pattern '${pattern:-*}' on puppet-module ${module}${reset}" continue fi git tag -v $TAG &> /dev/null if [ $? == 0 ]; then - if [ "$COSMOS_VERBOSE" = "y" ]; then - # short output on good signature - git tag -v $TAG 2>&1 | grep "gpg: Good signature" - fi + #if [ "$COSMOS_VERBOSE" = "y" ]; then + # # short output on good signature + # git tag -v $TAG 2>&1 | grep "gpg: Good signature" + #fi # Put archive in staging since tag verified OK stage_module $module $TAG else - echo "################################################################" - echo "FAILED signature check on puppet-module $module" - echo "################################################################" + echo -e "${red}FAILED signature check on puppet-module ${module}${reset}" git tag -v $TAG + echo '' fi fi done @@ -95,9 +98,9 @@ if [ -f $CONFIG ]; then # Cleanup removed puppet modules from CACHE_DIR for MODULE in $(ls -1 $CACHE_DIR/staging/); do - if ! grep -E -q "^$MODULE\s+" $CONFIG; then - rm -rf $CACHE_DIR/{scm,staging}/$MODULE - fi + if ! grep -h -E -q "^$MODULE\s+" $CONFIG $LOCALCONFIG; then + rm -rf $CACHE_DIR/{scm,staging}/$MODULE + fi done # Installing verified puppet modules diff --git a/global/post-tasks.d/030puppet b/global/post-tasks.d/030puppet index 67429497..af450057 100755 --- a/global/post-tasks.d/030puppet +++ b/global/post-tasks.d/030puppet @@ -1,13 +1,14 @@ #!/bin/sh if [ "x$COSMOS_VERBOSE" = "xy" ]; then - args="--verbose" + args="--verbose --show_diff" else args="--logdest=syslog" fi if [ -f /usr/bin/puppet -a -d /etc/puppet/manifests ]; then for m in `find /etc/puppet/manifests -name \*.pp`; do - puppet apply $args < $m + test "x$COSMOS_VERBOSE" = "xy" && echo "$0: Applying Puppet manifest $m" + puppet apply $args $m done fi diff --git a/global/post-tasks.d/099autoremove b/global/post-tasks.d/099autoremove index 2cc69968..9911ae2f 100755 --- a/global/post-tasks.d/099autoremove +++ b/global/post-tasks.d/099autoremove @@ -1,4 +1,6 @@ -#!/bin/sh +#!/bin/bash -apt-get -qq update -apt-get -qq -y autoremove +if (( $RANDOM % 20 == 0)); then + apt-get -qq update + apt-get -qq -y autoremove +fi diff --git a/global/post-tasks.d/999reboot b/global/post-tasks.d/999reboot index 2ed9fa7a..bc27e6ef 100755 --- a/global/post-tasks.d/999reboot +++ b/global/post-tasks.d/999reboot @@ -1,5 +1,26 @@ -#!/bin/sh +#!/bin/bash -if [ -f /var/run/reboot-required -a -f /etc/cosmos-automatic-reboot ]; then - reboot +if [[ -f /var/run/reboot-required && -f /etc/cosmos-automatic-reboot ]]; then + + if [[ $HOSTNAME =~ -tug- ]]; then + # Reboot hosts in site TUG with 15 seconds delay (enough to manually + # cancel the reboot if logged in and seeind the 'emerg' message broadcasted to console) + sleep=15 + elif [[ $HOSTNAME =~ -fre- ]]; then + # reboot hosts in site FRE with 15+180 to 15+180+180 seconds delay + sleep=$(( 180 + ($RANDOM % 180))) + elif [[ $HOSTNAME =~ -lla- ]]; then + # reboot hosts in site LLA with 15+180+180 to 15+180+180+180 seconds delay + sleep=$(( 375 + ($RANDOM % 180))) + else + # reboot hosts in any other site with 15 to 315 seconds delay + sleep=$(( 15 + ($RANDOM % 300))) + fi + + logger -p local0.emerg -i -t cosmos-automatic-reboot "Rebooting automatically in $sleep seconds (if /var/run/reboot-required still exists)" + sleep $sleep + if [ -f /var/run/reboot-required ]; then + logger -p local0.crit -i -t cosmos-automatic-reboot "Rebooting automatically" + reboot + fi fi diff --git a/global/pre-tasks.d/030puppet b/global/pre-tasks.d/030puppet index ef080161..4d8814ae 100755 --- a/global/pre-tasks.d/030puppet +++ b/global/pre-tasks.d/030puppet @@ -8,14 +8,16 @@ set -e stamp="$COSMOS_BASE/stamps/puppet-tools-v01.stamp" if ! test -f $stamp -a -f /usr/bin/puppet; then - codename=`lsb_release -c| awk '{print $2}'` - puppetdeb="$COSMOS_REPO/apt/puppetlabs-release-${codename}.deb" - if [ ! -f $puppetdeb ]; then - echo "$0: Puppet deb for release $codename not found in $COSMOS_REPO/apt/" - echo " Get it from https://apt.puppetlabs.com/ and put it in the Cosmos repo." - exit 1 - fi - dpkg -i $puppetdeb + #codename=`lsb_release -c| awk '{print $2}'` + #puppetdeb="$COSMOS_REPO/apt/puppetlabs-release-${codename}.deb" + #if [ ! -f $puppetdeb ]; then + # echo "$0: Puppet deb for release $codename not found in $COSMOS_REPO/apt/" + # echo " Get it from https://apt.puppetlabs.com/ and put it in the Cosmos repo." + # exit 1 + #fi + ## The key currently in use does not appear to actually be installed with $puppetdeb + #test -f apt-key add $COSMOS_REPO/apt/keys/puppetlabs-EF8D349F.pub && apt-key add $COSMOS_REPO/apt/keys/puppetlabs-EF8D349F.pub + #dpkg -i $puppetdeb apt-get update apt-get -y install puppet-common diff --git a/global/pre-tasks.d/040hiera-gpg b/global/pre-tasks.d/040hiera-gpg index 0ef2d86b..aed6dbe9 100755 --- a/global/pre-tasks.d/040hiera-gpg +++ b/global/pre-tasks.d/040hiera-gpg @@ -19,7 +19,12 @@ if [ -f /etc/hiera/data/secrets.yaml.asc -a ! -f /etc/hiera/data/secrets.yaml.gp (cd /etc/hiera/data && ln -s secrets.yaml.asc secrets.yaml.gpg) fi -if [ ! -s $GNUPGHOME/secring.gpg -a ! -s /etc/hiera/gpg/pubring.kbx ]; then +if [ ! -f /usr/bin/eyaml ]; then + apt-get update + apt-get -y install hiera-eyaml +fi + +if [ ! -s $GNUPGHOME/secring.gpg -a ! -s $GNUPGHOME/pubring.kbx ]; then if [ "x$1" != "x--force" ]; then echo "" From 19c838e4a238763f92822e7062a4cc963154a8a6 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Thu, 3 May 2018 12:55:17 +0200 Subject: [PATCH 17/18] create sunet-reinstall --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 7f4ae67e..4b0fa85e 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -30,6 +30,14 @@ class common { include apt include apparmor package {'jq': ensure => 'latest'} + + if $::is_virtual == true { + file { '/usr/local/bin/sunet-reinstall': + ensure => file, + mode => '0755', + content => template('sunet/cloudimage/sunet-reinstall.erb'), + } + } } class dhcp6_client { From 0aca2524c4025cd20a4d09f2c3b702aff3b74a3a Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Thu, 3 May 2018 12:57:22 +0200 Subject: [PATCH 18/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 96 ++++++++++++++---------- 1 file changed, 56 insertions(+), 40 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 783dd804..f12defaa 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -36,6 +36,14 @@ classes: sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null + fe-fre-3.komreg.net: + common: null + entropyclient: null + infra_ca_rp: null + mailclient: *id001 + nrpe: null + sunet::rsyslog: null + sunetops: null jmp.komreg.net: autoupdate: null common: null @@ -239,53 +247,59 @@ classes: sunet_iaas_cloud: null sunetops: null members: - all: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] + all: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, fe-fre-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, r1.komreg.net] autoupdate: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, md-eu1.qa.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] - common: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, - jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, - kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] + common: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, fe-fre-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, r1.komreg.net] eid::kvm_vms: [kvmfe-fre-3.komreg.net] eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net] eidas_connector: [eidas-node-1.qa.sveidas.se] eidas_proxy: [eidas-proxy-1.qa.sveidas.se] - entropyclient: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, - jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, - kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] - infra_ca_rp: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, - jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, - kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] + entropyclient: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, fe-fre-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, r1.komreg.net] + infra_ca_rp: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, fe-fre-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, r1.komreg.net] konsulter: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, md-eu1.qa.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se] - mailclient: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, - jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, - kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] + mailclient: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, fe-fre-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, r1.komreg.net] md_publisher: [p1.komreg.net, p2.qa.komreg.net] md_repo_client: [md-eu1.qa.komreg.net] md_repo_server: [r1.komreg.net] md_signer: [md-eu1.qa.komreg.net, md1.komreg.net] nagios_monitor: [nic.komreg.net] - nrpe: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, - jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, - kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] + nrpe: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, fe-fre-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, r1.komreg.net] openstack_dockerhost: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, md-eu1.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] prid: [prid-1.qa.sveidas.se] @@ -293,17 +307,19 @@ members: sunet::dehydrated: [r1.komreg.net] sunet::frontend::register_sites: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, p1.komreg.net, p2.qa.komreg.net] - sunet::rsyslog: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, - jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, - kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] + sunet::rsyslog: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, fe-fre-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, r1.komreg.net] sunet_iaas_cloud: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, md-eu1.qa.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] - sunetops: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, - jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, - kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net] + sunetops: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, fe-fre-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, r1.komreg.net]