refactor key mgmt for md_signer
This commit is contained in:
parent
54160645cb
commit
8e58d3a2e5
2 changed files with 17 additions and 9 deletions
|
|
@ -295,6 +295,7 @@ md1.komreg.net:
|
||||||
openstack_dockerhost:
|
openstack_dockerhost:
|
||||||
metadatamgrs:
|
metadatamgrs:
|
||||||
konsulter:
|
konsulter:
|
||||||
|
eidas_metadata_key:
|
||||||
md_signer:
|
md_signer:
|
||||||
name: natmd-qa
|
name: natmd-qa
|
||||||
dest_host: p1.komreg.net
|
dest_host: p1.komreg.net
|
||||||
|
|
@ -305,6 +306,7 @@ md-eu1.qa.komreg.net:
|
||||||
openstack_dockerhost:
|
openstack_dockerhost:
|
||||||
metadatamgrs:
|
metadatamgrs:
|
||||||
konsulter:
|
konsulter:
|
||||||
|
eidas_metadata_key:
|
||||||
md_signer:
|
md_signer:
|
||||||
name: eidas-qa
|
name: eidas-qa
|
||||||
dest_host: p2.qa.komreg.net
|
dest_host: p2.qa.komreg.net
|
||||||
|
|
|
||||||
|
|
@ -137,19 +137,15 @@ class md_repo_client {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class md_signer($dest_host=undef,$dest_dir="",$luna_version="6.2") {
|
class eidas_metadata_key {
|
||||||
$pkcs11pin = hiera('pkcs11pin',"")
|
|
||||||
package { ['xsltproc','libxml2-utils']: ensure => latest } ->
|
|
||||||
sunet::snippets::secret_file {"/etc/credentials/metadata.key":
|
sunet::snippets::secret_file {"/etc/credentials/metadata.key":
|
||||||
hiera_key => 'eidas_metadata_key',
|
hiera_key => 'eidas_metadata_key',
|
||||||
base64 => true
|
base64 => true
|
||||||
} ->
|
|
||||||
sunet::pyff {$name:
|
|
||||||
version => "eidas",
|
|
||||||
pound_and_varnish => false,
|
|
||||||
pipeline => "${name}.fd",
|
|
||||||
volumes => ["/etc/credentials:/etc/credentials"]
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class eidas_hsm_client {
|
||||||
|
$pkcs11pin = hiera('pkcs11pin',"")
|
||||||
file {['/etc/luna','/etc/luna/cert']: ensure => directory } ->
|
file {['/etc/luna','/etc/luna/cert']: ensure => directory } ->
|
||||||
sunet::docker_run {"${name}_hsmproxy":
|
sunet::docker_run {"${name}_hsmproxy":
|
||||||
hostname => "${::fqdn}",
|
hostname => "${::fqdn}",
|
||||||
|
|
@ -158,6 +154,16 @@ class md_signer($dest_host=undef,$dest_dir="",$luna_version="6.2") {
|
||||||
volumes => ['/dev/log:/dev/log','/etc/luna/cert:/usr/safenet/lunaclient/cert'],
|
volumes => ['/dev/log:/dev/log','/etc/luna/cert:/usr/safenet/lunaclient/cert'],
|
||||||
env => ["PKCS11PIN=${pkcs11pin}"]
|
env => ["PKCS11PIN=${pkcs11pin}"]
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class md_signer($dest_host=undef,$dest_dir="",$luna_version="6.2") {
|
||||||
|
package { ['xsltproc','libxml2-utils']: ensure => latest } ->
|
||||||
|
sunet::pyff {$name:
|
||||||
|
version => "eidas",
|
||||||
|
pound_and_varnish => false,
|
||||||
|
pipeline => "${name}.fd",
|
||||||
|
volumes => ["/etc/credentials:/etc/credentials"]
|
||||||
|
}
|
||||||
sunet::scriptherder::cronjob { "${name}_restart_hsmproxy":
|
sunet::scriptherder::cronjob { "${name}_restart_hsmproxy":
|
||||||
cmd => "/usr/sbin/service docker-${name}-hsmproxy restart'",
|
cmd => "/usr/sbin/service docker-${name}-hsmproxy restart'",
|
||||||
minute => '9',
|
minute => '9',
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue