allowing new SUNET LB servers in IDM app servers

Move backend registration to new SUNET LB servers ref: SC-2460
2024-09-11 11:13:40 +02:00 · 2024-09-11 11:13:40 +02:00 · 7a899efb59
commit 7a899efb59
parent 75fcceacf9
2 changed files with 17 additions and 22 deletions
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -738,8 +738,8 @@ p1.komreg.net:
     sites:
       'qa.md.swedenconnect.se':
         frontends:
-            - 'se-fre-lb-1.sunet.se'
-            - 'se-tug-lb-1.sunet.se'
+            - 'sthb-lb-1.sunet.se'
+            - 'tug-lb-1.sunet.se'
         port: '443'
   autoupdate:
   eid::dockerhost:
@ -765,8 +765,8 @@ p2.qa.komreg.net:
     sites:
       'qa.md.eidas.swedenconnect.se':
         frontends:
-            - 'se-fre-lb-1.sunet.se'
-            - 'se-tug-lb-1.sunet.se'
+            - 'sthb-lb-1.sunet.se'
+            - 'tug-lb-1.sunet.se'
         port: '443'

 md1.komreg.net:
@ -824,8 +824,8 @@ md-eu1.qa.komreg.net:
     sites:
       'qa.test.swedenconnect.se':
         frontends:
-           - 'se-fre-lb-1.sunet.se'
-           - 'se-tug-lb-1.sunet.se'
+           - 'sthb-lb-1.sunet.se'
+           - 'tug-lb-1.sunet.se'
         port: '443'

 test-1.test.sveidas.se:
@ -932,8 +932,8 @@ demw-2.sveidas.se:
     sites:
       'qa.test.swedenconnect.se':
         frontends:
-           - 'se-fre-lb-1.sunet.se'
-           - 'se-tug-lb-1.sunet.se'
+           - 'sthb-lb-1.sunet.se'
+           - 'tug-lb-1.sunet.se'
         port: '443'

 '^refidp-[0-9]+\.test\.sveidas\.se$':
@ -1088,8 +1088,8 @@ log-1.sveidas.se:
     sites:
       'qa.connector.eidas.swedenconnect.se':
         frontends:
-           - 'se-fre-lb-1.sunet.se'
-           - 'se-tug-lb-1.sunet.se'
+           - 'sthb-lb-1.sunet.se'
+           - 'tug-lb-1.sunet.se'
         port: '443'

 '^eidas-connector-[0-9]+\.test\.sveidas\.se$':
@ -1134,8 +1134,8 @@ log-1.sveidas.se:
     sites:
       'qa.proxy.eidas.swedenconnect.se':
         frontends:
-           - 'se-fre-lb-1.sunet.se'
-           - 'se-tug-lb-1.sunet.se'
+           - 'sthb-lb-1.sunet.se'
+           - 'tug-lb-1.sunet.se'
         port: '443'

 '^eidas-proxy-[0-9]+\.test\.sveidas\.se$':
@ -1215,15 +1215,10 @@ eidastest-1.qa.sveidas.se:
   eidastest:
   sunet::frontend::register_sites:
     sites:
-       'swedenconnect.se':
-         frontends:
-           - 'se-fre-lb-1.sunet.se'
-           - 'se-tug-lb-1.sunet.se'
-         port: '443'
       'api.swedenconnect.se':
         frontends:
-           - 'se-fre-lb-1.sunet.se'
-           - 'se-tug-lb-1.sunet.se'
+           - 'sthb-lb-1.sunet.se'
+           - 'tug-lb-1.sunet.se'
         port: '443'

 '^relay-[0-9]+\.swedenconnect\.se$':
@ -1265,8 +1260,8 @@ idm-sto[13]-qa-app-[123]\.komreg\.net:
     sites:
       'qa.idm.eidas.swedenconnect.se':
         frontends:
-           - 'se-fre-lb-1.sunet.se'
-           - 'se-tug-lb-1.sunet.se'
+           - 'sthb-lb-1.sunet.se'
+           - 'tug-lb-1.sunet.se'
         port: '443'
   eid::idm_app:

--- a/global/overlay/etc/puppet/modules/eid/manifests/idm_app.pp
+++ b/global/overlay/etc/puppet/modules/eid/manifests/idm_app.pp
@ -16,7 +16,7 @@ class eid::idm_app (


  sunet::nftables::allow { 'expose-allow-https':
-    from => ['94.176.224.38', '94.176.224.166', '130.242.125.110','130.242.125.140'],
+    from => ['94.176.224.38', '94.176.224.166', '130.242.126.195','130.242.126.197'],
    port => 443,
  }