Merge branch 'master' of git.nordu.net:eid-ops

fe-common/overlay/etc/hiera/data/group.yaml

@@ -26,17 +26,17 @@ sunet_frontend:
 
     websites2:
 
-      'www':
+      'connector':
-        site_name: 'www.komreg.net'
+        site_name: 'connector.eidas.swedenconnect.se'
         frontends:
           'fe-fre-3.komreg.net':
-            ips: ['94.176.224.180']
+            ips: ['94.176.226.10']
           'fe-tug-3.komreg.net':
-            ips: ['94.176.224.181']
+            ips: ['94.176.226.11']
         backends:
           default:
-            'www-fre-1.komreg.net':
+            'eidas-connector-1.sveidas.se':
-              ips: ['94.176.224.132']
+              ips: ['94.176.224.133']
               server_args: 'ssl check verify none'
         allow_ports:
           - 443

fe-common/overlay/opt/frontend/config/common/haproxy_base.j2

@@ -61,7 +61,7 @@ backend LB
 {% block global_backends %}
 {% if letsencrypt_server is defined %}
 backend letsencrypt_{{ letsencrypt_server }}
-  server letsencrypt_{{ letsencrypt_server }} {{ letsencrypt_server }}:81
+  server letsencrypt_{{ letsencrypt_server }} {{ letsencrypt_server }}:80
 {% else %}
 # letsencrypt_server not defined
 {% endif %}

fe-common/overlay/opt/frontend/config/connector/haproxy.j2

@@ -0,0 +1,22 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
+
+    stats enable
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+
+{% endblock frontend %}
+

fe-fre-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc

@@ -3,20 +3,26 @@ STATUS=UPDATED
 -----BEGIN PGP MESSAGE-----
 Version: GnuPG v2
 
-hQEMA9/S9aKTc+kVAQf9Gg8QgRVfsUePPt9CdXHuuYu2yymILJRtHB/8vz/gZk+7
+hQEMA4Rt80zyLMP2AQgAkwGshSXoznuzSHQEEKQnOYTijU6IqvZE+zHU8mEB1m0b
-d72QBJb2akaW6H4AtDXUqK/2ps6gee2ONQTPqkQwHKK7oWl861FVBwSdsLU/cXlC
+sIcwAqkgrRM7vdXiKdfLTyXHX7CN7EybgA3IQNQYgrfDfsCPwoyqwRa+IOrIp9kE
-fcqgbi6nyJQ6msn7wOhPkYjGW1Q5/hiGVS27it4Z5YljJn7ETMLMUDqVPR7oa6Mt
+mXDxXrC/d0254RM4MAIntb5G9Kg3FxuLaiiXNlpaLaJdLrxLgv2Keh/idBgDsYg9
-2xpcobXu+8zjdUIDJsdZe3e9/pKM8QgjrHsdKVrgS5ColusXocx5iHzZpO+pLKJ9
+M6zeW0FPEoO4Jp5d8BBYYInMxOlPnFgm5WJ6sKQBZPkTd9w98Oztarw3qFZV2/7R
-/hBufWZx43XhkmwsVriirQHZBc3X415O0ooAtbpDUhmIvkRxg1JCN8On1xt1CPaF
+Kf26TswYShph/osYleijViGmoeoI2ZeYIU+IiDTW3+Iusbf4s7Ez0LjoPROl5Dhh
-8RPDAS9uVqm6c8Kyk7Z9t7qHlxTE9GkC3Us5EbC9xNLAzwHYLiiUZkOE3AI9y9cS
+QiJFh9h3AMw6jAJB/N7dlTBuHvrzNAxKrGKINNlkVtLpAbwmAnAAkuPcS7Sy0oXs
-eV/SC+IFRJ2Li/+aGiojq6D9LR9f6u49lMcYSejrcbxT/6rvXQdIruQrwC86DNDV
+W+m12K78lZ7o3ORZQOiUSpIpxOd5mh0zINA+86ITuHnVJSbUb9rcMqowQHChVvU2
-TFjXrAuaSGQgXI5JSwb61ZMJNm3dHzS/SSBtDSDaSa/1vp3rjECs1HMwFPbZaxWK
+0eF9yyefXl72P64U1OpR7Ee4Fm5FI+ZUaSCWnsurM7UsDtn9js6SmMk8RzWUB4zI
-mLDm/Gw97UlQBfy6OKEeas8vfX/NtD/kiRIdN1nCNp0goJPZZ/gOA8QmhUISis2r
+GtbtPPqKcSo+7rHGUH4ji13IfEgOPiYPnNsi4ulZ7nUFdDxRhGTWBA6LUZPaMLcP
-y+JdxTaEdRVoVu5cUpZxm58AAbxvjAFCCz1LaWE1Nngn+w6/5FfFutV63I/oyQAI
+Hf4kvGzcSVuoxqlS76OisQXSqcYlYwVRqQ41RI+63WHQ8wTV47Pr9tvEko5n4T6E
-Tqv++UuEkM7BnzoVUF4HYSpLq3+5zy/azXAUZvh3z3nassGaTVaYPVRodPzIvodd
+pa6udm7wg3iwOsp2aIo7ZoQfBKPCGIi7mV1FQGg7wvb/YYR/7sGLjXpfeucBoGvu
-6584RixxOE+2yOW/dDySyiML065aKhQ2V3rQC6sWv7fsruvN5SojoK54wKBFXIje
+NzUUKxznBtsZB6JXKgQqO3CM+JEPEqsw9VUrvQ6vwBJhP2SaHPe2dXOLRQlMNqY+
-ktscoCPBMOSNPYlTK1e489pZIdkFJRxXe4AF5w67goEkScUtsNFgGMRosD/bTjYQ
++DX5PJ9dbScbcctifxmbcbeQdp5xeC3VQF4yJ+VvzPErjDqyeU19rq7J6jDcagJV
-Qt0qkIM2iLJX7a90APjaDpD2AZrdpu6hTl9pawgqwqnWKhxcep02SPEMNK322VzQ
+uo3pV+nMT6G4lZi+1j/DNPhhN132kqtrS9JXIFI0w/enpoBEGmGqFOoBGeLXVRtZ
-gg==
+I0XnxPNtXA2UREMibg3EbCouGs1EDlp+xkMZp4X0A/YWpcCMItORxkkd63s0XuEK
-=gVTa
+cdFF6RMCIRtpIyzVInVg0FNzENY3eJXMU2DI3OU7LDk5Pw2ILKgPOhbRnO408KzN
+0dxiBsiPiWNRnPjsN/ZPb8q/VxozjtGGKSgglgqtrxFJYMEa7HBts4zyZ8KAjtUq
+ucSy7wEcV+RmUIUhs8Yu+W1iw9wqUAkueRaH3hpuqMyLPcNUMTaZheWfq8IeJ42O
+ZFYBZnxbCQ1O+RVDm5cEC9cI7Q+Swp/eEWm6eWRcj5CJZVn4HlHoaX7eo6rq1oZ/
+3unlTJEz3IXlnhexm5TnSPoYRs1xJu71uoaplslS4W0wdgv7Q46FIk5mGa3jvrvj
+zDRiAIRjFuAIGZ6uO9hpUqE=
+=i99g
 -----END PGP MESSAGE-----

fe-tug-3.komreg.net/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

fe-tug-3.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc

@@ -0,0 +1,28 @@
+STATUS=UPDATED
+
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v2
+
+hQEMA8wt/jvwBdcmAQgAjPocYDJRnCv9rOhJTPICxedWNn3wV7xG7JORPQcZUZNS
+VyJqToeAcMQzgBmmiH1cXbfzPnitiR9JnT0Ol7m8/Yl8Z8l0XBHp7Ygls67ppsF3
+1WknKomFJ7FhwsrRJD5ZUHIAhZ1b+elxGZ+zp5voaVbcHK0H+yrrK/TuzeD1P9jG
+WGzq4oL2eRWAADGhIwAUCOvAPG3XjmtfsQ85ISvP1vU6JZZM3YIGnyUnlL7eTJAN
+twJaYgzz8UPitfYpaqdYdsIjxoByAqbPwxMh65kItOz7U/b8roCzEcrALdfDTG9S
+ZGEwK3ay+1uDoUNL7CBVZEnkbI32fxoKyz/1RD8j39LpARmLsVnzQo5jmABaMdy/
+eMkpbYTWeKL8nLFfVx/Vx5dLaZjwxq6OdTJ9yiYjK/4NKe5MalJp7p1tADVWl7Ro
+2rSBkXCxPQGJ6qqsfDh0KqZlZ61lydeEffDggxZw3fAI+JPcPzfarE/tApkFSEkt
+FESPCjES/+R4FE56m4ve5lfUJHI8hRNiYSsRx/MQ3bm/sZLuejiLul7r3zEapWRa
+sbzlUXFDsz9ecjHKBC9557oBqzmdwaiwO+wIkyBy6nPdNjmT2abyjUIUuLyamrTy
++g2sldt2pzee1INXM3biOAG5j5LIsG9H1//jos9eARox0ufvLZa2qMQ3RrdEMWGN
+nnYY+jQGIEJVNyzOS2SjPj+imp7M0ufR1ki5KTtMiPgebDbw2eJwJQMu1MMYcMXw
+S50baJPTphKC3pBK9DgFq8l/vGrfVuSBWz2+7KaIG0PhlgjvQTttE2UgzNWSglTo
+d9BXaMdatoK1b9CdugGFDHK7zljAwUIVosnvly1prPaIHm0f5sOpd7GT8nRv03zX
+nHcQctTD36+TPHxZBO9jS9VmJzalTfG9tNVSlLE+3yufW+BW/hK/BTG4qx8Bbs5L
+ss4E+htsS7mFINNqCoyCxZX4cZDE66KrUL31sm2cdN1oOYleNJX3hv34X6mE81jU
+nRJT8GGMjeIBAhY33CehvDG7/5uuRTQ08rjOsgkNI08U9UQL6jH8fEX/Egg/n1Nf
+gQSByUGoZEgm8mLkC9xM4Ui47+xlQXlmFhNgiT0vpjRr/Maxc3JJ1u20jsrQkCa5
+gBL6ZWYXT9BdyutKgC+LOANgQkp1xbhBNQKA8OQKeVjLSlkTxvLiD94AbOvDnvio
+KuModCULq696jdG4W3j2EJu6gBSY5vPzBCdFCkpq2p5x64PPbun1cQoZgehC+rOm
+EnjLKSioNpsycx1EHg==
+=caob
+-----END PGP MESSAGE-----

fe-tug-3.komreg.net/overlay/etc/network/interfaces.d/eth0_ipv6.cfg

@@ -0,0 +1,7 @@
+# maintained in cosmos
+#
+iface eth0 inet6 static
+      address 2001:6b0:63:2::37
+      netmask 64
+      gateway 2001:6b0:63:2::1
+      

global/overlay/etc/puppet/cosmos-db.yaml

@@ -12,10 +12,9 @@ classes:
     sunet::frontend::register_sites: &id003
       sites:
         connector.eidas.swedenconnect.se:
-          frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
+          frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
           port: '443'
     sunet::rsyslog: null
-    sunet_iaas_cloud: null
     sunetops: null
   eidas-connector-2.sveidas.se:
     autoupdate: null
@@ -29,7 +28,6 @@ classes:
     nrpe: null
     sunet::frontend::register_sites: *id003
     sunet::rsyslog: null
-    sunet_iaas_cloud: null
     sunetops: null
   eidas-connector-3.sveidas.se:
     autoupdate: null
@@ -43,7 +41,6 @@ classes:
     nrpe: null
     sunet::frontend::register_sites: *id003
     sunet::rsyslog: null
-    sunet_iaas_cloud: null
     sunetops: null
   eidas-connector-4.sveidas.se:
     autoupdate: null
@@ -57,7 +54,6 @@ classes:
     nrpe: null
     sunet::frontend::register_sites: *id003
     sunet::rsyslog: null
-    sunet_iaas_cloud: null
     sunetops: null
   eidas-node-1.qa.sveidas.se:
     autoupdate: null
@@ -114,6 +110,16 @@ classes:
     sunet::frontend::load_balancer: null
     sunet::rsyslog: null
     sunetops: null
+  fe-tug-3.komreg.net:
+    common: null
+    eid::dockerhost: null
+    entropyclient: null
+    infra_ca_rp: null
+    mailclient: *id002
+    nrpe: null
+    sunet::frontend::load_balancer: null
+    sunet::rsyslog: null
+    sunetops: null
   jmp.komreg.net:
     autoupdate: null
     common: null
@@ -230,6 +236,11 @@ classes:
     sunetops: null
   kvmfe-tug-3.komreg.net:
     common: null
+    eid::kvmhost:
+      vms:
+        fe-tug-3.komreg.net: {bridge: br-fe, cpus: '4', description: eid fre frontend,
+          gateway: 94.176.224.33, ip: 94.176.224.37, mac: '52:54:20:02:01:01', memory: '4096',
+          netmask: 255.255.255.240}
     entropyclient: null
     infra_ca_rp: null
     mailclient: *id002
@@ -435,9 +446,9 @@ classes:
 members:
   all: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
     eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
-    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
+    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net,
-    jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
+    jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net,
-    kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
+    kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
     kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net,
     md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
     prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
@@ -449,33 +460,33 @@ members:
     web-1.qa.sveidas.se]
   common: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
     eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
-    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
+    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net,
-    jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
+    jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net,
-    kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
+    kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
     kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net,
     md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
     prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
   eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
-    eidas-connector-4.sveidas.se, fe-fre-3.komreg.net]
+    eidas-connector-4.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net]
   eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
-    kvminfra-fre-3.komreg.net, kvmmeta-fre-3.komreg.net]
+    kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvmmeta-fre-3.komreg.net]
   eidas_connector: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
     eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se]
   eidas_proxy: [eidas-proxy-1.qa.sveidas.se]
   entropyclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
     eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
-    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
+    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net,
-    jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
+    jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net,
-    kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
+    kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
     kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net,
     md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
     prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
   github_client_credential: [web-1.qa.sveidas.se]
   infra_ca_rp: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
     eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
-    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
+    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net,
-    jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
+    jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net,
-    kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
+    kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
     kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net,
     md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
     prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
@@ -485,9 +496,9 @@ members:
     md-fre-3.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se, validator-1.qa.komreg.net]
   mailclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
     eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
-    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
+    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net,
-    jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
+    jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net,
-    kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
+    kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
     kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net,
     md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
     prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
@@ -498,9 +509,9 @@ members:
   nagios_monitor: [monitor-fre-3.komreg.net, nic.komreg.net]
   nrpe: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
     eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
-    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
+    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net,
-    jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
+    jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net,
-    kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
+    kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
     kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net,
     md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
     prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
@@ -511,29 +522,27 @@ members:
   prid: [prid-1.qa.sveidas.se]
   servicemonitor: [eidas-proxy-1.qa.sveidas.se, prid-1.qa.sveidas.se, validator-1.qa.komreg.net]
   sunet::dehydrated: [r1.komreg.net]
-  sunet::frontend::load_balancer: [fe-fre-3.komreg.net]
+  sunet::frontend::load_balancer: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
   sunet::frontend::register_sites: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se,
     eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se,
     eidas-proxy-1.qa.sveidas.se, p1.komreg.net, p2.qa.komreg.net, validator-1.qa.komreg.net,
     web-1.qa.sveidas.se]
   sunet::rsyslog: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
     eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
-    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
+    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net,
-    jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
+    jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net,
-    kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
+    kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
     kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net,
     md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
     prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
-  sunet_iaas_cloud: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
+  sunet_iaas_cloud: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net,
-    eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
+    md-eu1.qa.komreg.net, md-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
-    jmp.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net, nic.komreg.net, p1.komreg.net,
+    prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
-    p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net,
-    web-1.qa.sveidas.se]
   sunetops: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
     eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
-    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
+    eidas-redis-1.sveidas.se, fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net,
-    jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
+    jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net,
-    kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
+    kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
     kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, md-eu1.qa.komreg.net, md-fre-3.komreg.net,
     md1.komreg.net, monitor-fre-3.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
     prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se]

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -17,6 +17,22 @@ jmp.komreg.net:
    konsulter:
    autoupdate:
 
+kvmfe-tug-3.komreg.net:
+   eid::kvmhost:
+      vms:
+         fe-tug-3.komreg.net:
+            mac: '52:54:20:02:01:01'
+            ip: '94.176.224.37'
+            netmask: '255.255.255.240'
+            gateway: '94.176.224.33'
+            bridge: 'br-fe'
+            description: 'eid fre frontend'
+            cpus: '4'
+            memory: '4096'
+
+# kvminfra-fre-3.komreg.net:
+
+# kvmmeta-fre-3.komreg.net:
    
 kvmeidas-tug-3.komreg.net:
    eid::kvmhost:
@@ -179,7 +195,6 @@ md-eu1.qa.komreg.net:
 '^eidas-connector-[0-9]+\.sveidas\.se$':
    eid::dockerhost:
    konsulter:
-   sunet_iaas_cloud:
    autoupdate:
    eidas_connector:
      version: 1.3.2
@@ -188,8 +203,8 @@ md-eu1.qa.komreg.net:
      sites:
        'connector.eidas.swedenconnect.se':
          frontends:
-           - 'se-fre-lb-1.sunet.se'
+           - 'fe-fre-3.komreg.net'
-           - 'se-tug-lb-1.sunet.se'
+           - 'fe-tug-3.komreg.net'
          port: '443'
 
 '^eidas-proxy-[0-9]+\.sveidas\.se$':
@@ -204,8 +219,8 @@ md-eu1.qa.komreg.net:
      sites:
        'proxy.eidas.swedenconnect.se':
          frontends:
-           - 'se-fre-lb-1.sunet.se'
+           - 'fe-fre-3.komreg.net'
-           - 'se-tug-lb-1.sunet.se'
+           - 'fe-tug-3.komreg.net'
          port: '443'
 
 '^eidas-node-[0-9]+\.qa\.sveidas\.se$':