Merge branch 'master' of gitops.sunet.se:eid-ops

This commit is contained in:
Maria Haider 2019-11-11 12:55:24 +01:00
commit 989deee79e
Signed by: mariah
GPG key ID: 7414A760CA747E57
6 changed files with 61 additions and 28 deletions

View file

@ -156,7 +156,7 @@ sunet_frontend:
ips: ['94.176.224.252']
server_args: 'ssl check verify none'
'demw-2.sveidas.se':
ips: ['94.176.224.253']
ips: ['94.176.224.125']
server_args: 'ssl check verify none'
allow_ports:
- 443

View file

@ -20,6 +20,7 @@ classes:
sunet::server: &id002 {sshd_config: true}
sunet_iaas_cloud: null
sunetops: null
webserver: {enabled: true}
demw-1.sveidas.se:
autoupdate: null
common: null
@ -40,6 +41,7 @@ classes:
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
webserver: {enabled: true}
demw-2.sveidas.se:
autoupdate: null
common: null
@ -52,9 +54,15 @@ classes:
nrpe: null
saml_metadata: {filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml,
url: 'https://connector.eidas.swedenconnect.se/idp/metadata/sp'}
sunet::frontend::register_sites:
sites:
demw.eidas.swedenconnect.se:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
webserver: {enabled: false}
eidas-connector-1.sveidas.se:
autoupdate: null
common: null
@ -491,8 +499,8 @@ classes:
eid::kvmhost:
vms:
demw-2.sveidas.se: {bridge: br-demw, cpus: '16', description: eid deutsche
middleware, gateway: 94.176.224.249, image_url: 'https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img',
ip: 94.176.224.253, mac: '52:54:20:01:05:02', memory: '32768', netmask: 255.255.255.248}
middleware, gateway: 94.176.224.121, image_url: 'https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img',
ip: 94.176.224.125, mac: '52:54:20:01:05:02', memory: '32768', netmask: 255.255.255.248}
entropyclient: null
infra_ca_rp: null
mailclient: *id001
@ -869,7 +877,7 @@ classes:
konsulter: null
mailclient: *id001
md_repo_client: null
md_signer: {dest_host: p2.qa.komreg.net, name: eidas-qa, version: eidas-qa}
md_signer: {dest_host: p2.qa.komreg.net, name: eidas-qa, version: eidas-testing}
metadatamgrs: null
nrpe: null
openstack_dockerhost: null
@ -1344,13 +1352,14 @@ members:
site_alias: [web-1.qa.sveidas.se]
sunet::auditd: [jmp.komreg.net]
sunet::frontend::load_balancer: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
sunet::frontend::register_sites: [demw-1.qa.sveidas.se, demw-1.sveidas.se, eidas-connector-1.sveidas.se,
eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se,
eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-proxy-1.sveidas.se,
eidas-proxy-2.sveidas.se, eidas-proxy-3.sveidas.se, eidas-proxy-4.sveidas.se,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eidastest-1.qa.sveidas.se, eupub-1.komreg.net,
eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net,
refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
sunet::frontend::register_sites: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se,
eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-proxy-1.sveidas.se, eidas-proxy-2.sveidas.se, eidas-proxy-3.sveidas.se,
eidas-proxy-4.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eidastest-1.qa.sveidas.se,
eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
sunet::nagiosapi: [nic.komreg.net]
sunet::rsyslog: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se, eidas-connector-1.sveidas.se,
eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se,
@ -1413,4 +1422,5 @@ members:
swedenconnect_refidp: [refidp-1.qa.sveidas.se]
test_my_eid: [eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, test-1.qa.sveidas.se]
validator: [validator-1.qa.komreg.net]
webserver: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se]

View file

@ -388,9 +388,9 @@ kvmdemw-fre-3b.komreg.net:
vms:
demw-2.sveidas.se:
mac: '52:54:20:01:05:02'
ip: '94.176.224.253'
ip: '94.176.224.125'
netmask: '255.255.255.248'
gateway: '94.176.224.249'
gateway: '94.176.224.121'
bridge: 'br-demw'
description: 'eid deutsche middleware'
cpus: '16'
@ -572,7 +572,7 @@ md-eu1.qa.komreg.net:
md_signer:
name: eidas-qa
dest_host: p2.qa.komreg.net
version: eidas-qa
version: eidas-testing
'^test-[0-9]+\.qa\.sveidas\.se$':
sunet_iaas_cloud:
@ -602,6 +602,8 @@ md-eu1.qa.komreg.net:
saml_metadata:
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
url: https://qa.connector.eidas.swedenconnect.se/idp/metadata/sp
webserver:
enabled: true
sunet::frontend::register_sites:
sites:
'qa.demw.eidas.swedenconnect.se':
@ -620,6 +622,8 @@ md-eu1.qa.komreg.net:
saml_metadata:
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
url: https://connector.eidas.swedenconnect.se/idp/metadata/sp
webserver:
enabled: true
sunet::frontend::register_sites:
sites:
'demw.eidas.swedenconnect.se':
@ -638,6 +642,15 @@ md-eu1.qa.komreg.net:
saml_metadata:
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
url: https://connector.eidas.swedenconnect.se/idp/metadata/sp
webserver:
enabled: false
sunet::frontend::register_sites:
sites:
'demw.eidas.swedenconnect.se':
frontends:
- 'fe-fre-3.komreg.net'
- 'fe-tug-3.komreg.net'
port: '443'
'^refidp-[0-9]+\.qa\.sveidas\.se$':
sunet_iaas_cloud:

View file

@ -94,14 +94,25 @@ class sunet_iaas_cloud {
}
}
class webserver {
ufw::allow { "allow-http":
ip => 'any',
port => '80'
}
ufw::allow { "allow-https":
ip => 'any',
port => '443'
class webserver($enabled=true) {
if $enabled {
ufw::allow { "allow-http":
ip => 'any',
port => '80'
}
ufw::allow { "allow-https":
ip => 'any',
port => '443'
}
} else {
ufw::deny { "allow-http":
ip => 'any',
port => '80'
}
ufw::deny { "allow-https":
ip => 'any',
port => '443'
}
}
}
@ -329,8 +340,6 @@ class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost')
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"],
extra_parameters => ["--log-driver=syslog"]
}
ensure_resource('class','webserver',{})
ensure_resource('class','https_server',{})
}
class eidas_de_middleware($version="106-rs",$hostname='localhost') {
@ -375,8 +384,6 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
"MIDDLEWARE_SIGN_PIN=$middleware_sign_pin"],
extra_parameters => ["--log-driver=syslog"]
}
ensure_resource('class','webserver',{})
ensure_resource('class','https_server',{})
}
class eidas_sp($version="1.0.0",$hostname='localhost',$environment='qa') {

View file

@ -21,8 +21,8 @@ network:
br-demw:
interfaces: [eno1.105]
addresses:
- 94.176.224.251/29
- 94.176.224.123/29
nameservers:
addresses:
- 89.32.32.32
gateway4: 94.176.224.249
gateway4: 94.176.224.121

View file

@ -1,6 +1,9 @@
policy.SE.algorithm=default-eIDAS
policy.SE.persistenceClass=A
policy.UK.algorithm=colresist-eIDAS
policy.UK.persistenceClass=C
policy.DK.algorithm=default-eIDAS
policy.DK.persistenceClass=A