From 81903822782a1678ebbbca00798220e96a3b3447 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 4 Jun 2018 10:48:10 +0200 Subject: [PATCH 01/14] added fe config for connector.eidas.swedenconnect.se --- fe-common/overlay/etc/hiera/data/group.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fe-common/overlay/etc/hiera/data/group.yaml b/fe-common/overlay/etc/hiera/data/group.yaml index 9120a5b2..7e1c715f 100644 --- a/fe-common/overlay/etc/hiera/data/group.yaml +++ b/fe-common/overlay/etc/hiera/data/group.yaml @@ -26,17 +26,17 @@ sunet_frontend: websites2: - 'www': - site_name: 'www.komreg.net' + 'connector': + site_name: 'connector.eidas.swedenconnect.se' frontends: 'fe-fre-3.komreg.net': - ips: ['94.176.224.180'] + ips: ['94.176.226.10'] 'fe-tug-3.komreg.net': - ips: ['94.176.224.181'] + ips: ['94.176.226.11'] backends: default: - 'www-fre-1.komreg.net': - ips: ['94.176.224.132'] + 'eidas-connector-1.sveidas.se': + ips: ['94.176.224.133'] server_args: 'ssl check verify none' allow_ports: - 443 From 6b000627bcc81087d8f9d1d8059780ac7b77c905 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 4 Jun 2018 11:02:46 +0200 Subject: [PATCH 02/14] removed secret for fe-fre-3.komreg.net --- .../overlay/etc/hiera/data/secrets.yaml.asc | 22 ------------------- 1 file changed, 22 deletions(-) delete mode 100644 fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc diff --git a/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc b/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc deleted file mode 100644 index 6efcff77..00000000 --- a/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc +++ /dev/null @@ -1,22 +0,0 @@ -STATUS=UPDATED - ------BEGIN PGP MESSAGE----- -Version: GnuPG v2 - -hQEMA9/S9aKTc+kVAQf9Gg8QgRVfsUePPt9CdXHuuYu2yymILJRtHB/8vz/gZk+7 -d72QBJb2akaW6H4AtDXUqK/2ps6gee2ONQTPqkQwHKK7oWl861FVBwSdsLU/cXlC -fcqgbi6nyJQ6msn7wOhPkYjGW1Q5/hiGVS27it4Z5YljJn7ETMLMUDqVPR7oa6Mt -2xpcobXu+8zjdUIDJsdZe3e9/pKM8QgjrHsdKVrgS5ColusXocx5iHzZpO+pLKJ9 -/hBufWZx43XhkmwsVriirQHZBc3X415O0ooAtbpDUhmIvkRxg1JCN8On1xt1CPaF -8RPDAS9uVqm6c8Kyk7Z9t7qHlxTE9GkC3Us5EbC9xNLAzwHYLiiUZkOE3AI9y9cS -eV/SC+IFRJ2Li/+aGiojq6D9LR9f6u49lMcYSejrcbxT/6rvXQdIruQrwC86DNDV -TFjXrAuaSGQgXI5JSwb61ZMJNm3dHzS/SSBtDSDaSa/1vp3rjECs1HMwFPbZaxWK -mLDm/Gw97UlQBfy6OKEeas8vfX/NtD/kiRIdN1nCNp0goJPZZ/gOA8QmhUISis2r -y+JdxTaEdRVoVu5cUpZxm58AAbxvjAFCCz1LaWE1Nngn+w6/5FfFutV63I/oyQAI -Tqv++UuEkM7BnzoVUF4HYSpLq3+5zy/azXAUZvh3z3nassGaTVaYPVRodPzIvodd -6584RixxOE+2yOW/dDySyiML065aKhQ2V3rQC6sWv7fsruvN5SojoK54wKBFXIje -ktscoCPBMOSNPYlTK1e489pZIdkFJRxXe4AF5w67goEkScUtsNFgGMRosD/bTjYQ -Qt0qkIM2iLJX7a90APjaDpD2AZrdpu6hTl9pawgqwqnWKhxcep02SPEMNK322VzQ -gg== -=gVTa ------END PGP MESSAGE----- From 3886a2750368d209480e9fcea104625d425693d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 4 Jun 2018 11:14:53 +0200 Subject: [PATCH 03/14] added secret to fe-fre-3.komreg.net --- .../overlay/etc/hiera/data/secrets.yaml.asc | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc diff --git a/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc b/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc new file mode 100644 index 00000000..8e54dd3f --- /dev/null +++ b/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc @@ -0,0 +1,22 @@ +STATUS=UPDATED + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMA4Rt80zyLMP2AQf/S2NsMVxhxWm8wLkNyJwr3ZusfVf7sB53RGC6cSrXUP6V +Ywou3pRUlwqosY8RB1EDJ6PHEiye9NZdUM9qmSUj9TdJwwyDI1eA5jDPhai7wTol +1hdEEBFZBqHPswZJdA3+Ogn4vScbbnOzgVHflxN6xqOc5YqUksCwxXItWbEAsCWR +9G1PIHtZ8eNGLPTb10/0BEvGMqg+2TGz5MgwzqK59ZD1ODZVDTHnxBSbV7iCQRVF +2ISAZw+kzTkiVA1+H/1MT1/cxAql3CMzsizpl1hHpyFb/YnlkqpGnEQi7C7z6AEi +bPTAj6RlUBiN6PqovvcPfMGKektQDnIry5bZrAfl7NLA0AHufyahwoZizWsYnvwj +/1AGE9EEj2P7K+ItbwuHzy/IF86ksKM2M4Zo6gbUV2ePKre8xplg6OfNYtxsP9Jl +UK3jSCThZaemPEbwQpyFRcH0KB52x1FrGlAuU/1l1fZLCJ6oLTrfjUrcWFnjMn9D +GXbznxZlW8h9BAvox+lEX2YMqIeRPnyzwi06+3DqR6SjVcL9qLdAbuf2/7JOrd3P +6QwjawPpreezoEPH2UdktRV8wmdqqmmYlrYMI4+RX5pIA1ZIZRgosKF4gSbFzLIU +L2EMVxOC4zRPVW2SVG6pjd33uaf3eUTMR5Im5UIEt0Cd7F0t8Ub7boH8VzJV7aza ++CXJDZLo/6MVg0ubBTszCGeIFoLz12Gdtg0TugCjJNs8ChZD2eg2RphFjgjrrV8i +PI7joqoaEx6YvJlp97/DwCcDhqOVbDTXCWoO4BFyvHBbKPskTGqPjDVbjC+KAo+d +1b4iee6Vw+OAHCL4W3PMD6+Dp4kS1puLUj0+MZ1VC+6aW65+1/Whrzt9o1NTOJrt +MlE= +=CeNe +-----END PGP MESSAGE----- From 6a7276197155f1b19dafa2233ba1d22168a2ab40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 4 Jun 2018 13:29:50 +0200 Subject: [PATCH 04/14] added haproxy.j2 to fe-common --- .../opt/frontend/config/connector/haproxy.j2 | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 fe-common/overlay/opt/frontend/config/connector/haproxy.j2 diff --git a/fe-common/overlay/opt/frontend/config/connector/haproxy.j2 b/fe-common/overlay/opt/frontend/config/connector/haproxy.j2 new file mode 100644 index 00000000..35fb74bc --- /dev/null +++ b/fe-common/overlay/opt/frontend/config/connector/haproxy.j2 @@ -0,0 +1,26 @@ +{% extends 'common/haproxy_base.j2' %} + +{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %} + +{% block frontend %} +frontend {{ site_name }} + {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }} + + stats enable + timeout http-request 10s + timeout http-keep-alive 4s + option forwardfor + http-request set-header X-Forwarded-Proto https + + {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }} + +# {{ csp(["default-src " + [csp_ext_src]|join(' '), +# "style-src 'unsafe-inline' " + [csp_ext_src]|join(' '), +# ]) }} + + {{ acme_challenge(letsencrypt_server) }} + + use_backend {{ site_name }}__default + +{% endblock frontend %} + From d043842ab3b9313bb7759acb04dfe15c1e99f573 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 4 Jun 2018 13:34:13 +0200 Subject: [PATCH 05/14] removed comments in haproxy.j2 --- fe-common/overlay/opt/frontend/config/connector/haproxy.j2 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/fe-common/overlay/opt/frontend/config/connector/haproxy.j2 b/fe-common/overlay/opt/frontend/config/connector/haproxy.j2 index 35fb74bc..f3c3826a 100644 --- a/fe-common/overlay/opt/frontend/config/connector/haproxy.j2 +++ b/fe-common/overlay/opt/frontend/config/connector/haproxy.j2 @@ -14,10 +14,6 @@ frontend {{ site_name }} {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }} -# {{ csp(["default-src " + [csp_ext_src]|join(' '), -# "style-src 'unsafe-inline' " + [csp_ext_src]|join(' '), -# ]) }} - {{ acme_challenge(letsencrypt_server) }} use_backend {{ site_name }}__default From b987eb6852be39eee12cf95e525aee814465301e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 4 Jun 2018 16:07:48 +0200 Subject: [PATCH 06/14] added ssh-key for fe-fre-3.komreg.net/ for acme-c.sunet.se --- .../overlay/etc/hiera/data/secrets.yaml.asc | 38 +++++++++++-------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc b/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc index 8e54dd3f..97d7f65a 100644 --- a/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc +++ b/fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc @@ -3,20 +3,26 @@ STATUS=UPDATED -----BEGIN PGP MESSAGE----- Version: GnuPG v2 -hQEMA4Rt80zyLMP2AQf/S2NsMVxhxWm8wLkNyJwr3ZusfVf7sB53RGC6cSrXUP6V -Ywou3pRUlwqosY8RB1EDJ6PHEiye9NZdUM9qmSUj9TdJwwyDI1eA5jDPhai7wTol -1hdEEBFZBqHPswZJdA3+Ogn4vScbbnOzgVHflxN6xqOc5YqUksCwxXItWbEAsCWR -9G1PIHtZ8eNGLPTb10/0BEvGMqg+2TGz5MgwzqK59ZD1ODZVDTHnxBSbV7iCQRVF -2ISAZw+kzTkiVA1+H/1MT1/cxAql3CMzsizpl1hHpyFb/YnlkqpGnEQi7C7z6AEi -bPTAj6RlUBiN6PqovvcPfMGKektQDnIry5bZrAfl7NLA0AHufyahwoZizWsYnvwj -/1AGE9EEj2P7K+ItbwuHzy/IF86ksKM2M4Zo6gbUV2ePKre8xplg6OfNYtxsP9Jl -UK3jSCThZaemPEbwQpyFRcH0KB52x1FrGlAuU/1l1fZLCJ6oLTrfjUrcWFnjMn9D -GXbznxZlW8h9BAvox+lEX2YMqIeRPnyzwi06+3DqR6SjVcL9qLdAbuf2/7JOrd3P -6QwjawPpreezoEPH2UdktRV8wmdqqmmYlrYMI4+RX5pIA1ZIZRgosKF4gSbFzLIU -L2EMVxOC4zRPVW2SVG6pjd33uaf3eUTMR5Im5UIEt0Cd7F0t8Ub7boH8VzJV7aza -+CXJDZLo/6MVg0ubBTszCGeIFoLz12Gdtg0TugCjJNs8ChZD2eg2RphFjgjrrV8i -PI7joqoaEx6YvJlp97/DwCcDhqOVbDTXCWoO4BFyvHBbKPskTGqPjDVbjC+KAo+d -1b4iee6Vw+OAHCL4W3PMD6+Dp4kS1puLUj0+MZ1VC+6aW65+1/Whrzt9o1NTOJrt -MlE= -=CeNe +hQEMA4Rt80zyLMP2AQgAkwGshSXoznuzSHQEEKQnOYTijU6IqvZE+zHU8mEB1m0b +sIcwAqkgrRM7vdXiKdfLTyXHX7CN7EybgA3IQNQYgrfDfsCPwoyqwRa+IOrIp9kE +mXDxXrC/d0254RM4MAIntb5G9Kg3FxuLaiiXNlpaLaJdLrxLgv2Keh/idBgDsYg9 +M6zeW0FPEoO4Jp5d8BBYYInMxOlPnFgm5WJ6sKQBZPkTd9w98Oztarw3qFZV2/7R +Kf26TswYShph/osYleijViGmoeoI2ZeYIU+IiDTW3+Iusbf4s7Ez0LjoPROl5Dhh +QiJFh9h3AMw6jAJB/N7dlTBuHvrzNAxKrGKINNlkVtLpAbwmAnAAkuPcS7Sy0oXs +W+m12K78lZ7o3ORZQOiUSpIpxOd5mh0zINA+86ITuHnVJSbUb9rcMqowQHChVvU2 +0eF9yyefXl72P64U1OpR7Ee4Fm5FI+ZUaSCWnsurM7UsDtn9js6SmMk8RzWUB4zI +GtbtPPqKcSo+7rHGUH4ji13IfEgOPiYPnNsi4ulZ7nUFdDxRhGTWBA6LUZPaMLcP +Hf4kvGzcSVuoxqlS76OisQXSqcYlYwVRqQ41RI+63WHQ8wTV47Pr9tvEko5n4T6E +pa6udm7wg3iwOsp2aIo7ZoQfBKPCGIi7mV1FQGg7wvb/YYR/7sGLjXpfeucBoGvu +NzUUKxznBtsZB6JXKgQqO3CM+JEPEqsw9VUrvQ6vwBJhP2SaHPe2dXOLRQlMNqY+ ++DX5PJ9dbScbcctifxmbcbeQdp5xeC3VQF4yJ+VvzPErjDqyeU19rq7J6jDcagJV +uo3pV+nMT6G4lZi+1j/DNPhhN132kqtrS9JXIFI0w/enpoBEGmGqFOoBGeLXVRtZ +I0XnxPNtXA2UREMibg3EbCouGs1EDlp+xkMZp4X0A/YWpcCMItORxkkd63s0XuEK +cdFF6RMCIRtpIyzVInVg0FNzENY3eJXMU2DI3OU7LDk5Pw2ILKgPOhbRnO408KzN +0dxiBsiPiWNRnPjsN/ZPb8q/VxozjtGGKSgglgqtrxFJYMEa7HBts4zyZ8KAjtUq +ucSy7wEcV+RmUIUhs8Yu+W1iw9wqUAkueRaH3hpuqMyLPcNUMTaZheWfq8IeJ42O +ZFYBZnxbCQ1O+RVDm5cEC9cI7Q+Swp/eEWm6eWRcj5CJZVn4HlHoaX7eo6rq1oZ/ +3unlTJEz3IXlnhexm5TnSPoYRs1xJu71uoaplslS4W0wdgv7Q46FIk5mGa3jvrvj +zDRiAIRjFuAIGZ6uO9hpUqE= +=i99g -----END PGP MESSAGE----- From 4bf6e97eef778235508968cc9d19b0317d02110e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 4 Jun 2018 16:28:06 +0200 Subject: [PATCH 07/14] changed default port of acme-c.sunet.se --- fe-common/overlay/opt/frontend/config/common/haproxy_base.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fe-common/overlay/opt/frontend/config/common/haproxy_base.j2 b/fe-common/overlay/opt/frontend/config/common/haproxy_base.j2 index a1f8c58c..521ded45 100644 --- a/fe-common/overlay/opt/frontend/config/common/haproxy_base.j2 +++ b/fe-common/overlay/opt/frontend/config/common/haproxy_base.j2 @@ -61,7 +61,7 @@ backend LB {% block global_backends %} {% if letsencrypt_server is defined %} backend letsencrypt_{{ letsencrypt_server }} - server letsencrypt_{{ letsencrypt_server }} {{ letsencrypt_server }}:81 + server letsencrypt_{{ letsencrypt_server }} {{ letsencrypt_server }}:80 {% else %} # letsencrypt_server not defined {% endif %} From 1a28e701f37a4393d026d93227247c95664750d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Tue, 5 Jun 2018 09:54:39 +0200 Subject: [PATCH 08/14] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 286a4098..44bcd203 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -12,10 +12,9 @@ classes: sunet::frontend::register_sites: &id003 sites: connector.eidas.swedenconnect.se: - frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] + frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' sunet::rsyslog: null - sunet_iaas_cloud: null sunetops: null eidas-connector-2.sveidas.se: autoupdate: null @@ -29,7 +28,6 @@ classes: nrpe: null sunet::frontend::register_sites: *id003 sunet::rsyslog: null - sunet_iaas_cloud: null sunetops: null eidas-connector-3.sveidas.se: autoupdate: null @@ -43,7 +41,6 @@ classes: nrpe: null sunet::frontend::register_sites: *id003 sunet::rsyslog: null - sunet_iaas_cloud: null sunetops: null eidas-connector-4.sveidas.se: autoupdate: null @@ -57,7 +54,6 @@ classes: nrpe: null sunet::frontend::register_sites: *id003 sunet::rsyslog: null - sunet_iaas_cloud: null sunetops: null eidas-node-1.qa.sveidas.se: autoupdate: null @@ -524,11 +520,9 @@ members: kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] - sunet_iaas_cloud: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, - eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - jmp.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, - web-1.qa.sveidas.se] + sunet_iaas_cloud: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, + md-eu1.qa.komreg.net, md-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunetops: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, From d876245ffa525256cf0026666d939308c7d9285a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Tue, 5 Jun 2018 09:55:22 +0200 Subject: [PATCH 09/14] changed frontends for prod backends --- global/overlay/etc/puppet/cosmos-rules.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 489a0310..7bbdbd1e 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -179,7 +179,6 @@ md-eu1.qa.komreg.net: '^eidas-connector-[0-9]+\.sveidas\.se$': eid::dockerhost: konsulter: - sunet_iaas_cloud: autoupdate: eidas_connector: version: 1.3.2 @@ -188,8 +187,8 @@ md-eu1.qa.komreg.net: sites: 'connector.eidas.swedenconnect.se': frontends: - - 'se-fre-lb-1.sunet.se' - - 'se-tug-lb-1.sunet.se' + - 'fe-fre-3.komreg.net' + - 'fe-tug-3.komreg.net' port: '443' '^eidas-proxy-[0-9]+\.sveidas\.se$': @@ -204,8 +203,8 @@ md-eu1.qa.komreg.net: sites: 'proxy.eidas.swedenconnect.se': frontends: - - 'se-fre-lb-1.sunet.se' - - 'se-tug-lb-1.sunet.se' + - 'fe-fre-3.komreg.net' + - 'fe-tug-3.komreg.net' port: '443' '^eidas-node-[0-9]+\.qa\.sveidas\.se$': From 3172de263376cf0be2a085cb29c270291c5c6d11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Tue, 5 Jun 2018 10:12:39 +0200 Subject: [PATCH 10/14] fe-tug-3.komreg.net added --- fe-tug-3.komreg.net/README | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 fe-tug-3.komreg.net/README diff --git a/fe-tug-3.komreg.net/README b/fe-tug-3.komreg.net/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/fe-tug-3.komreg.net/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + From d87e4896fc9e50777c9a7c68349762da07eb6b0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Tue, 5 Jun 2018 10:13:00 +0200 Subject: [PATCH 11/14] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 69 ++++++++++++++---------- 1 file changed, 42 insertions(+), 27 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 44bcd203..5f1286f4 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -110,6 +110,16 @@ classes: sunet::frontend::load_balancer: null sunet::rsyslog: null sunetops: null + fe-tug-3.komreg.net: + common: null + eid::dockerhost: null + entropyclient: null + infra_ca_rp: null + mailclient: *id002 + nrpe: null + sunet::frontend::load_balancer: null + sunet::rsyslog: null + sunetops: null jmp.komreg.net: autoupdate: null common: null @@ -226,6 +236,11 @@ classes: sunetops: null kvmfe-tug-3.komreg.net: common: null + eid::kvmhost: + vms: + fe-tug-3.komreg.net: {bridge: br-fe, cpus: '4', description: eid fre frontend, + gateway: 94.176.224.33, ip: 94.176.224.37, mac: '52:54:20:02:01:01', memory: '4096', + netmask: 255.255.255.240} entropyclient: null infra_ca_rp: null mailclient: *id002 @@ -431,9 +446,9 @@ classes: members: all: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, + jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, + kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] @@ -445,33 +460,33 @@ members: web-1.qa.sveidas.se] common: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, + jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, + kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, - eidas-connector-4.sveidas.se, fe-fre-3.komreg.net] + eidas-connector-4.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net] eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvminfra-fre-3.komreg.net, kvmmeta-fre-3.komreg.net] + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvmmeta-fre-3.komreg.net] eidas_connector: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se] eidas_proxy: [eidas-proxy-1.qa.sveidas.se] entropyclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, + jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, + kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] github_client_credential: [web-1.qa.sveidas.se] infra_ca_rp: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, + jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, + kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] @@ -481,9 +496,9 @@ members: md-fre-3.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se, validator-1.qa.komreg.net] mailclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, + jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, + kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] @@ -494,9 +509,9 @@ members: nagios_monitor: [monitor-fre-3.komreg.net, nic.komreg.net] nrpe: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, + jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, + kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] @@ -507,16 +522,16 @@ members: prid: [prid-1.qa.sveidas.se] servicemonitor: [eidas-proxy-1.qa.sveidas.se, prid-1.qa.sveidas.se, validator-1.qa.komreg.net] sunet::dehydrated: [r1.komreg.net] - sunet::frontend::load_balancer: [fe-fre-3.komreg.net] + sunet::frontend::load_balancer: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] sunet::frontend::register_sites: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, p1.komreg.net, p2.qa.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunet::rsyslog: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, + jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, + kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] @@ -525,9 +540,9 @@ members: prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunetops: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, + jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, + kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] From e00d03729ac45fffabee5f02a23aa6a750be52fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Tue, 5 Jun 2018 10:13:28 +0200 Subject: [PATCH 12/14] added fe-tug-3.komreg.net to cosmos-rules.yaml --- global/overlay/etc/puppet/cosmos-rules.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 7bbdbd1e..c03c81ad 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -17,6 +17,22 @@ jmp.komreg.net: konsulter: autoupdate: +kvmfe-tug-3.komreg.net: + eid::kvmhost: + vms: + fe-tug-3.komreg.net: + mac: '52:54:20:02:01:01' + ip: '94.176.224.37' + netmask: '255.255.255.240' + gateway: '94.176.224.33' + bridge: 'br-fe' + description: 'eid fre frontend' + cpus: '4' + memory: '4096' + +# kvminfra-fre-3.komreg.net: + +# kvmmeta-fre-3.komreg.net: kvmeidas-tug-3.komreg.net: eid::kvmhost: From 0a43afac913f3ffcf07a3f9aeef03326300d7f10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Tue, 5 Jun 2018 10:29:01 +0200 Subject: [PATCH 13/14] added ipv6 for fe-tug-3.komreg.net --- .../overlay/etc/network/interfaces.d/eth0_ipv6.cfg | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 fe-tug-3.komreg.net/overlay/etc/network/interfaces.d/eth0_ipv6.cfg diff --git a/fe-tug-3.komreg.net/overlay/etc/network/interfaces.d/eth0_ipv6.cfg b/fe-tug-3.komreg.net/overlay/etc/network/interfaces.d/eth0_ipv6.cfg new file mode 100644 index 00000000..2c9eae15 --- /dev/null +++ b/fe-tug-3.komreg.net/overlay/etc/network/interfaces.d/eth0_ipv6.cfg @@ -0,0 +1,7 @@ +# maintained in cosmos +# +iface eth0 inet6 static + address 2001:6b0:63:2::37 + netmask 64 + gateway 2001:6b0:63:2::1 + \ No newline at end of file From ad12faa8ef1418ebe660552b20ee3c0208b441b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Tue, 5 Jun 2018 10:33:18 +0200 Subject: [PATCH 14/14] added secret to fe-tug-3.komreg.net --- .../overlay/etc/hiera/data/secrets.yaml.asc | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 fe-tug-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc diff --git a/fe-tug-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc b/fe-tug-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc new file mode 100644 index 00000000..e5acbd90 --- /dev/null +++ b/fe-tug-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc @@ -0,0 +1,28 @@ +STATUS=UPDATED + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMA8wt/jvwBdcmAQgAjPocYDJRnCv9rOhJTPICxedWNn3wV7xG7JORPQcZUZNS +VyJqToeAcMQzgBmmiH1cXbfzPnitiR9JnT0Ol7m8/Yl8Z8l0XBHp7Ygls67ppsF3 +1WknKomFJ7FhwsrRJD5ZUHIAhZ1b+elxGZ+zp5voaVbcHK0H+yrrK/TuzeD1P9jG +WGzq4oL2eRWAADGhIwAUCOvAPG3XjmtfsQ85ISvP1vU6JZZM3YIGnyUnlL7eTJAN +twJaYgzz8UPitfYpaqdYdsIjxoByAqbPwxMh65kItOz7U/b8roCzEcrALdfDTG9S +ZGEwK3ay+1uDoUNL7CBVZEnkbI32fxoKyz/1RD8j39LpARmLsVnzQo5jmABaMdy/ +eMkpbYTWeKL8nLFfVx/Vx5dLaZjwxq6OdTJ9yiYjK/4NKe5MalJp7p1tADVWl7Ro +2rSBkXCxPQGJ6qqsfDh0KqZlZ61lydeEffDggxZw3fAI+JPcPzfarE/tApkFSEkt +FESPCjES/+R4FE56m4ve5lfUJHI8hRNiYSsRx/MQ3bm/sZLuejiLul7r3zEapWRa +sbzlUXFDsz9ecjHKBC9557oBqzmdwaiwO+wIkyBy6nPdNjmT2abyjUIUuLyamrTy ++g2sldt2pzee1INXM3biOAG5j5LIsG9H1//jos9eARox0ufvLZa2qMQ3RrdEMWGN +nnYY+jQGIEJVNyzOS2SjPj+imp7M0ufR1ki5KTtMiPgebDbw2eJwJQMu1MMYcMXw +S50baJPTphKC3pBK9DgFq8l/vGrfVuSBWz2+7KaIG0PhlgjvQTttE2UgzNWSglTo +d9BXaMdatoK1b9CdugGFDHK7zljAwUIVosnvly1prPaIHm0f5sOpd7GT8nRv03zX +nHcQctTD36+TPHxZBO9jS9VmJzalTfG9tNVSlLE+3yufW+BW/hK/BTG4qx8Bbs5L +ss4E+htsS7mFINNqCoyCxZX4cZDE66KrUL31sm2cdN1oOYleNJX3hv34X6mE81jU +nRJT8GGMjeIBAhY33CehvDG7/5uuRTQ08rjOsgkNI08U9UQL6jH8fEX/Egg/n1Nf +gQSByUGoZEgm8mLkC9xM4Ui47+xlQXlmFhNgiT0vpjRr/Maxc3JJ1u20jsrQkCa5 +gBL6ZWYXT9BdyutKgC+LOANgQkp1xbhBNQKA8OQKeVjLSlkTxvLiD94AbOvDnvio +KuModCULq696jdG4W3j2EJu6gBSY5vPzBCdFCkpq2p5x64PPbun1cQoZgehC+rOm +EnjLKSioNpsycx1EHg== +=caob +-----END PGP MESSAGE-----