From 73a9aea348204623c328a78ceb329928466167ba Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 3 Jul 2018 14:31:52 +0200 Subject: [PATCH] persist ha slot and make it available to hsmproxy --- .../overlay/etc/Chrystoki.conf.d/50-ha-slot.conf | 8 ++++++++ eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf | 8 ++++++++ global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 ++-- natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf | 8 ++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf create mode 100644 eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf create mode 100644 natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf diff --git a/eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf new file mode 100644 index 00000000..2a3b0f05 --- /dev/null +++ b/eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf @@ -0,0 +1,8 @@ +VirtualToken = { + VirtualToken00Label = sc_ha; + VirtualToken00SN = 1462371088; + VirtualToken00Members = 462371088,462344047; +} +HASynchronize = { + sc_ha = 1; +} diff --git a/eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf new file mode 100644 index 00000000..2a3b0f05 --- /dev/null +++ b/eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf @@ -0,0 +1,8 @@ +VirtualToken = { + VirtualToken00Label = sc_ha; + VirtualToken00SN = 1462371088; + VirtualToken00Members = 462371088,462344047; +} +HASynchronize = { + sc_ha = 1; +} diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index d22cc510..9305d435 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -147,13 +147,13 @@ class eidas_metadata_key { class eidas_hsm_client($luna_version="6.2") { $pkcs11pin = hiera('pkcs11pin',"") - sunet::snippets::reinstall::keep {'/etc/luna': } -> + sunet::snippets::reinstall::keep {['/etc/luna','/etc/Chrystoki.conf.d']: } -> file {['/etc/luna','/etc/luna/cert']: ensure => directory } -> sunet::docker_run {"${name}_hsmproxy": hostname => "${::fqdn}", image => 'docker.sunet.se/luna-client', imagetag => $luna_version, - volumes => ['/dev/log:/dev/log','/etc/luna/cert:/usr/safenet/lunaclient/cert'], + volumes => ['/dev/log:/dev/log','/etc/Chrystoki.conf.d:/etc/Chrystoki.conf.d','/etc/luna/cert:/usr/safenet/lunaclient/cert'], env => ["PKCS11PIN=${pkcs11pin}"] } } diff --git a/natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf new file mode 100644 index 00000000..2a3b0f05 --- /dev/null +++ b/natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf @@ -0,0 +1,8 @@ +VirtualToken = { + VirtualToken00Label = sc_ha; + VirtualToken00SN = 1462371088; + VirtualToken00Members = 462371088,462344047; +} +HASynchronize = { + sc_ha = 1; +}