Merge branch 'master' of gitops.sunet.se:eid-ops
This commit is contained in:
commit
989deee79e
6 changed files with 61 additions and 28 deletions
|
@ -156,7 +156,7 @@ sunet_frontend:
|
|||
ips: ['94.176.224.252']
|
||||
server_args: 'ssl check verify none'
|
||||
'demw-2.sveidas.se':
|
||||
ips: ['94.176.224.253']
|
||||
ips: ['94.176.224.125']
|
||||
server_args: 'ssl check verify none'
|
||||
allow_ports:
|
||||
- 443
|
||||
|
|
|
@ -20,6 +20,7 @@ classes:
|
|||
sunet::server: &id002 {sshd_config: true}
|
||||
sunet_iaas_cloud: null
|
||||
sunetops: null
|
||||
webserver: {enabled: true}
|
||||
demw-1.sveidas.se:
|
||||
autoupdate: null
|
||||
common: null
|
||||
|
@ -40,6 +41,7 @@ classes:
|
|||
sunet::rsyslog: null
|
||||
sunet::server: *id002
|
||||
sunetops: null
|
||||
webserver: {enabled: true}
|
||||
demw-2.sveidas.se:
|
||||
autoupdate: null
|
||||
common: null
|
||||
|
@ -52,9 +54,15 @@ classes:
|
|||
nrpe: null
|
||||
saml_metadata: {filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml,
|
||||
url: 'https://connector.eidas.swedenconnect.se/idp/metadata/sp'}
|
||||
sunet::frontend::register_sites:
|
||||
sites:
|
||||
demw.eidas.swedenconnect.se:
|
||||
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
|
||||
port: '443'
|
||||
sunet::rsyslog: null
|
||||
sunet::server: *id002
|
||||
sunetops: null
|
||||
webserver: {enabled: false}
|
||||
eidas-connector-1.sveidas.se:
|
||||
autoupdate: null
|
||||
common: null
|
||||
|
@ -491,8 +499,8 @@ classes:
|
|||
eid::kvmhost:
|
||||
vms:
|
||||
demw-2.sveidas.se: {bridge: br-demw, cpus: '16', description: eid deutsche
|
||||
middleware, gateway: 94.176.224.249, image_url: 'https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img',
|
||||
ip: 94.176.224.253, mac: '52:54:20:01:05:02', memory: '32768', netmask: 255.255.255.248}
|
||||
middleware, gateway: 94.176.224.121, image_url: 'https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img',
|
||||
ip: 94.176.224.125, mac: '52:54:20:01:05:02', memory: '32768', netmask: 255.255.255.248}
|
||||
entropyclient: null
|
||||
infra_ca_rp: null
|
||||
mailclient: *id001
|
||||
|
@ -869,7 +877,7 @@ classes:
|
|||
konsulter: null
|
||||
mailclient: *id001
|
||||
md_repo_client: null
|
||||
md_signer: {dest_host: p2.qa.komreg.net, name: eidas-qa, version: eidas-qa}
|
||||
md_signer: {dest_host: p2.qa.komreg.net, name: eidas-qa, version: eidas-testing}
|
||||
metadatamgrs: null
|
||||
nrpe: null
|
||||
openstack_dockerhost: null
|
||||
|
@ -1344,13 +1352,14 @@ members:
|
|||
site_alias: [web-1.qa.sveidas.se]
|
||||
sunet::auditd: [jmp.komreg.net]
|
||||
sunet::frontend::load_balancer: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
|
||||
sunet::frontend::register_sites: [demw-1.qa.sveidas.se, demw-1.sveidas.se, eidas-connector-1.sveidas.se,
|
||||
eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se,
|
||||
eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-proxy-1.sveidas.se,
|
||||
eidas-proxy-2.sveidas.se, eidas-proxy-3.sveidas.se, eidas-proxy-4.sveidas.se,
|
||||
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eidastest-1.qa.sveidas.se, eupub-1.komreg.net,
|
||||
eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net,
|
||||
refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
|
||||
sunet::frontend::register_sites: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se,
|
||||
eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
|
||||
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
|
||||
eidas-proxy-1.sveidas.se, eidas-proxy-2.sveidas.se, eidas-proxy-3.sveidas.se,
|
||||
eidas-proxy-4.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eidastest-1.qa.sveidas.se,
|
||||
eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
|
||||
p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
|
||||
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
|
||||
sunet::nagiosapi: [nic.komreg.net]
|
||||
sunet::rsyslog: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se, eidas-connector-1.sveidas.se,
|
||||
eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se,
|
||||
|
@ -1413,4 +1422,5 @@ members:
|
|||
swedenconnect_refidp: [refidp-1.qa.sveidas.se]
|
||||
test_my_eid: [eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, test-1.qa.sveidas.se]
|
||||
validator: [validator-1.qa.komreg.net]
|
||||
webserver: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se]
|
||||
|
||||
|
|
|
@ -388,9 +388,9 @@ kvmdemw-fre-3b.komreg.net:
|
|||
vms:
|
||||
demw-2.sveidas.se:
|
||||
mac: '52:54:20:01:05:02'
|
||||
ip: '94.176.224.253'
|
||||
ip: '94.176.224.125'
|
||||
netmask: '255.255.255.248'
|
||||
gateway: '94.176.224.249'
|
||||
gateway: '94.176.224.121'
|
||||
bridge: 'br-demw'
|
||||
description: 'eid deutsche middleware'
|
||||
cpus: '16'
|
||||
|
@ -572,7 +572,7 @@ md-eu1.qa.komreg.net:
|
|||
md_signer:
|
||||
name: eidas-qa
|
||||
dest_host: p2.qa.komreg.net
|
||||
version: eidas-qa
|
||||
version: eidas-testing
|
||||
|
||||
'^test-[0-9]+\.qa\.sveidas\.se$':
|
||||
sunet_iaas_cloud:
|
||||
|
@ -602,6 +602,8 @@ md-eu1.qa.komreg.net:
|
|||
saml_metadata:
|
||||
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
|
||||
url: https://qa.connector.eidas.swedenconnect.se/idp/metadata/sp
|
||||
webserver:
|
||||
enabled: true
|
||||
sunet::frontend::register_sites:
|
||||
sites:
|
||||
'qa.demw.eidas.swedenconnect.se':
|
||||
|
@ -620,6 +622,8 @@ md-eu1.qa.komreg.net:
|
|||
saml_metadata:
|
||||
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
|
||||
url: https://connector.eidas.swedenconnect.se/idp/metadata/sp
|
||||
webserver:
|
||||
enabled: true
|
||||
sunet::frontend::register_sites:
|
||||
sites:
|
||||
'demw.eidas.swedenconnect.se':
|
||||
|
@ -638,6 +642,15 @@ md-eu1.qa.komreg.net:
|
|||
saml_metadata:
|
||||
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
|
||||
url: https://connector.eidas.swedenconnect.se/idp/metadata/sp
|
||||
webserver:
|
||||
enabled: false
|
||||
sunet::frontend::register_sites:
|
||||
sites:
|
||||
'demw.eidas.swedenconnect.se':
|
||||
frontends:
|
||||
- 'fe-fre-3.komreg.net'
|
||||
- 'fe-tug-3.komreg.net'
|
||||
port: '443'
|
||||
|
||||
'^refidp-[0-9]+\.qa\.sveidas\.se$':
|
||||
sunet_iaas_cloud:
|
||||
|
|
|
@ -94,14 +94,25 @@ class sunet_iaas_cloud {
|
|||
}
|
||||
}
|
||||
|
||||
class webserver {
|
||||
ufw::allow { "allow-http":
|
||||
ip => 'any',
|
||||
port => '80'
|
||||
}
|
||||
ufw::allow { "allow-https":
|
||||
ip => 'any',
|
||||
port => '443'
|
||||
class webserver($enabled=true) {
|
||||
if $enabled {
|
||||
ufw::allow { "allow-http":
|
||||
ip => 'any',
|
||||
port => '80'
|
||||
}
|
||||
ufw::allow { "allow-https":
|
||||
ip => 'any',
|
||||
port => '443'
|
||||
}
|
||||
} else {
|
||||
ufw::deny { "allow-http":
|
||||
ip => 'any',
|
||||
port => '80'
|
||||
}
|
||||
ufw::deny { "allow-https":
|
||||
ip => 'any',
|
||||
port => '443'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -329,8 +340,6 @@ class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost')
|
|||
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"],
|
||||
extra_parameters => ["--log-driver=syslog"]
|
||||
}
|
||||
ensure_resource('class','webserver',{})
|
||||
ensure_resource('class','https_server',{})
|
||||
}
|
||||
|
||||
class eidas_de_middleware($version="106-rs",$hostname='localhost') {
|
||||
|
@ -375,8 +384,6 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
|
|||
"MIDDLEWARE_SIGN_PIN=$middleware_sign_pin"],
|
||||
extra_parameters => ["--log-driver=syslog"]
|
||||
}
|
||||
ensure_resource('class','webserver',{})
|
||||
ensure_resource('class','https_server',{})
|
||||
}
|
||||
|
||||
class eidas_sp($version="1.0.0",$hostname='localhost',$environment='qa') {
|
||||
|
|
|
@ -21,8 +21,8 @@ network:
|
|||
br-demw:
|
||||
interfaces: [eno1.105]
|
||||
addresses:
|
||||
- 94.176.224.251/29
|
||||
- 94.176.224.123/29
|
||||
nameservers:
|
||||
addresses:
|
||||
- 89.32.32.32
|
||||
gateway4: 94.176.224.249
|
||||
gateway4: 94.176.224.121
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
policy.SE.algorithm=default-eIDAS
|
||||
policy.SE.persistenceClass=A
|
||||
|
||||
policy.UK.algorithm=colresist-eIDAS
|
||||
policy.UK.persistenceClass=C
|
||||
|
||||
policy.DK.algorithm=default-eIDAS
|
||||
policy.DK.persistenceClass=A
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue