SSH rules for allowing MD signers server to r1.komreg.net
This commit is contained in:
parent
0ec8571aac
commit
998f7ac8c1
GPG key ID:
7414A760CA747E57
2 changed files with 17 additions and 0 deletions
|
|
@ -34,6 +34,18 @@ mgmt_addresses:
|
||||||
- 2001:6b0:64:5::242 # jump-fre-3.komreg.net
|
- 2001:6b0:64:5::242 # jump-fre-3.komreg.net
|
||||||
- 89.45.233.82 # jmp.komreg.net
|
- 89.45.233.82 # jmp.komreg.net
|
||||||
|
|
||||||
|
md_signers:
|
||||||
|
- 94.176.224.197 #natmd-1.komreg.net
|
||||||
|
- 94.176.224.69 #natmd-2.komreg.net
|
||||||
|
- 94.176.224.198 #eumd-1.komreg.net
|
||||||
|
- 94.176.224.70 #eumd-2.komreg.net
|
||||||
|
- 89.45.233.92 #md1.komreg.net (QA)
|
||||||
|
- 89.45.233.208 #md-eu1.qa.komreg.net
|
||||||
|
- 89.45.236.215 #natmd-test-1.komreg.net
|
||||||
|
- 89.45.237.80 #natmd-test-2.komreg.net
|
||||||
|
- 89.45.237.138 #eumd-test-1.komreg.net
|
||||||
|
- 89.45.236.73 #eumd-test-2.komreg.net
|
||||||
|
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
|
|
||||||
'mariah+CA747E57':
|
'mariah+CA747E57':
|
||||||
|
|
|
||||||
|
|
@ -313,6 +313,11 @@ class md_repo_server($hostname) {
|
||||||
}
|
}
|
||||||
ensure_resource('class','webserver',{})
|
ensure_resource('class','webserver',{})
|
||||||
ensure_resource('class','https_server',{})
|
ensure_resource('class','https_server',{})
|
||||||
|
$md_signers_ip = hiera_array('md_signers',[])
|
||||||
|
sunet::misc::ufw_allow { 'allow_ssh_md_signers':
|
||||||
|
from => $md_signers_ip,
|
||||||
|
port => '22',
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost') {
|
class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost') {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue