swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of gitops.sunet.se:eid-ops

Browse source
This commit is contained in:
Leif Johansson 2019-07-05 14:43:43 +02:00
commit a2bcbd1bbb
4 changed files with 126 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
global/overlay/etc/hiera/data/common.yaml
View file

@ -27,6 +27,13 @@ nrpe_clients:
- 94.176.224.229
- 94.176.224.101
mgmt_addresses:
- 94.176.224.114 # jump-tug-3.komreg.net
- 2001:6b0:64:5::114 # jump-tug-3.komreg.net
- 94.176.224.242 # jump-fre-3.komreg.net
- 2001:6b0:64:5::242 # jump-fre-3.komreg.net
- 89.45.233.82 # jmp.komreg.net
ssh_authorized_keys:
'mariah+CA747E57':

145
global/overlay/etc/puppet/cosmos-db.yaml
View file

@ -17,96 +17,103 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '443'
sunet::rsyslog: null
sunet::server: &id002 {sshd_config: true}
sunet_iaas_cloud: null
sunetops: null
demw-1.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_de_middleware: &id002 {hostname: demw.eidas.swedenconnect.se, version: 1.1.0-qa}
eidas_de_middleware: &id003 {hostname: demw.eidas.swedenconnect.se, version: 1.1.0-qa}
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
saml_metadata: &id003 {filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml,
saml_metadata: &id004 {filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml,
url: 'https://connector.eidas.swedenconnect.se/idp/metadata/sp'}
sunet::frontend::register_sites: &id004
sunet::frontend::register_sites: &id005
sites:
demw.eidas.swedenconnect.se:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
demw-2.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_de_middleware: *id002
eidas_de_middleware: *id003
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
saml_metadata: *id003
sunet::frontend::register_sites: *id004
saml_metadata: *id004
sunet::frontend::register_sites: *id005
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-connector-1.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_connector: &id005 {hostname: connector.eidas.swedenconnect.se, version: 1.5.2}
eidas_connector: &id006 {hostname: connector.eidas.swedenconnect.se, version: 1.5.2}
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
sunet::frontend::register_sites: &id006
sunet::frontend::register_sites: &id007
sites:
connector.eidas.swedenconnect.se:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-connector-2.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_connector: *id005
eidas_connector: *id006
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
sunet::frontend::register_sites: *id006
sunet::frontend::register_sites: *id007
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-connector-3.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_connector: *id005
eidas_connector: *id006
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
sunet::frontend::register_sites: *id006
sunet::frontend::register_sites: *id007
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-connector-4.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_connector: *id005
eidas_connector: *id006
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
sunet::frontend::register_sites: *id006
sunet::frontend::register_sites: *id007
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-node-1.qa.sveidas.se:
autoupdate: null
@ -124,6 +131,7 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
eidas-proxy-1.qa.sveidas.se:
@ -144,67 +152,72 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
eidas-proxy-1.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_proxy: &id007 {hostname: proxy.eidas.swedenconnect.se, version: 1.1.15}
eidas_proxy: &id008 {hostname: proxy.eidas.swedenconnect.se, version: 1.1.15}
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
servicemonitor: null
sunet::frontend::register_sites: &id008
sunet::frontend::register_sites: &id009
sites:
proxy.eidas.swedenconnect.se:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-proxy-2.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_proxy: *id007
eidas_proxy: *id008
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
servicemonitor: null
sunet::frontend::register_sites: *id008
sunet::frontend::register_sites: *id009
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-proxy-3.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_proxy: *id007
eidas_proxy: *id008
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
servicemonitor: null
sunet::frontend::register_sites: *id008
sunet::frontend::register_sites: *id009
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-proxy-4.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_proxy: *id007
eidas_proxy: *id008
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id001
nrpe: null
servicemonitor: null
sunet::frontend::register_sites: *id008
sunet::frontend::register_sites: *id009
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-redis-1.sveidas.se:
autoupdate: null
@ -216,6 +229,7 @@ classes:
nrpe: null
redis_cluster_node: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-redis-2.sveidas.se:
autoupdate: null
@ -227,6 +241,7 @@ classes:
nrpe: null
redis_cluster_node: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-redis-3.sveidas.se:
autoupdate: null
@ -238,6 +253,7 @@ classes:
nrpe: null
redis_cluster_node: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-redis-4.sveidas.se:
autoupdate: null
@ -249,6 +265,7 @@ classes:
nrpe: null
redis_cluster_node: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-redis-fe-1.sveidas.se:
autoupdate: null
@ -258,8 +275,9 @@ classes:
infra_ca_rp: null
mailclient: *id001
nrpe: null
redis_frontend_node: &id009 {hostname: redis.sveidas.se}
redis_frontend_node: &id010 {hostname: redis.sveidas.se}
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-redis-fe-2.sveidas.se:
autoupdate: null
@ -269,8 +287,9 @@ classes:
infra_ca_rp: null
mailclient: *id001
nrpe: null
redis_frontend_node: *id009
redis_frontend_node: *id010
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eidas-test-1.sveidas.se:
autoupdate: null
@ -282,14 +301,15 @@ classes:
mailclient: *id001
nrpe: null
servicemonitor: null
sunet::frontend::register_sites: &id010
sunet::frontend::register_sites: &id011
sites:
test.swedenconnect.se:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
test_my_eid: &id011 {environment: prod, hostname: test.swedenconnect.se, version: 1.2.0}
test_my_eid: &id012 {environment: prod, hostname: test.swedenconnect.se, version: 1.2.0}
eidas-test-2.sveidas.se:
autoupdate: null
common: null
@ -300,10 +320,11 @@ classes:
mailclient: *id001
nrpe: null
servicemonitor: null
sunet::frontend::register_sites: *id010
sunet::frontend::register_sites: *id011
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
test_my_eid: *id011
test_my_eid: *id012
eidastest-1.qa.sveidas.se:
autoupdate: null
common: null
@ -319,6 +340,7 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
eumd-1.komreg.net:
@ -335,6 +357,7 @@ classes:
metadatamgrs: null
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eumd-2.komreg.net:
autoupdate: null
@ -350,6 +373,7 @@ classes:
metadatamgrs: null
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eupub-1.komreg.net:
autoupdate: null
@ -366,6 +390,7 @@ classes:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
eupub-2.komreg.net:
autoupdate: null
@ -382,6 +407,7 @@ classes:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
fe-fre-3.komreg.net:
common: null
@ -392,6 +418,7 @@ classes:
nrpe: null
sunet::frontend::load_balancer: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
fe-tug-3.komreg.net:
common: null
@ -402,6 +429,7 @@ classes:
nrpe: null
sunet::frontend::load_balancer: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
jmp.komreg.net:
autoupdate: null
@ -415,6 +443,7 @@ classes:
nrpe: null
sunet::auditd: null
sunet::rsyslog: null
sunet::server: {ssh_allow_from_anywhere: true}
sunet_iaas_cloud: null
sunetops: null
jump-fre-3.komreg.net:
@ -428,6 +457,7 @@ classes:
metadatamgrs: null
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
jump-tug-3.komreg.net:
autoupdate: null
@ -440,6 +470,7 @@ classes:
metadatamgrs: null
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvmdemw-fre-3a.komreg.net:
common: null
@ -453,6 +484,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvmdemw-fre-3b.komreg.net:
common: null
@ -466,6 +498,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvmeidas-fre-3.komreg.net:
common: null
@ -566,6 +599,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvmeidas-tug-3.komreg.net:
common: null
@ -666,6 +700,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvmfe-fre-3.komreg.net:
common: null
@ -679,6 +714,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvmfe-tug-3.komreg.net:
common: null
@ -692,6 +728,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvminfra-fre-3.komreg.net:
common: null
@ -715,6 +752,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvminfra-tug-3.komreg.net:
common: null
@ -738,6 +776,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvmmeta-fre-3.komreg.net:
common: null
@ -760,6 +799,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
kvmmeta-tug-3.komreg.net:
common: null
@ -782,6 +822,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
log-1.sveidas.se:
autoupdate: null
@ -792,7 +833,8 @@ classes:
konsulter: null
mailclient: *id001
nrpe: null
sunet::rsyslog: &id012 {udp_client: 94.176.224.0/24, udp_port: 514}
sunet::rsyslog: &id013 {udp_client: 94.176.224.0/24, udp_port: 514}
sunet::server: *id002
sunetops: null
log-2.sveidas.se:
autoupdate: null
@ -803,7 +845,8 @@ classes:
konsulter: null
mailclient: *id001
nrpe: null
sunet::rsyslog: *id012
sunet::rsyslog: *id013
sunet::server: *id002
sunetops: null
log.qa.sveidas.se:
autoupdate: null
@ -814,6 +857,7 @@ classes:
mailclient: *id001
nrpe: null
sunet::rsyslog: {udp_port: 514}
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
md-eu1.qa.komreg.net:
@ -830,6 +874,7 @@ classes:
nrpe: null
openstack_dockerhost: null
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
md1.komreg.net:
@ -845,6 +890,7 @@ classes:
nrpe: null
openstack_dockerhost: null
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
monitor-fre-3.komreg.net:
@ -856,6 +902,7 @@ classes:
nagios_monitor: null
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
monitor-tug-3.komreg.net:
autoupdate: null
@ -867,6 +914,7 @@ classes:
nagios_monitor: null
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
natmd-1.komreg.net:
autoupdate: null
@ -882,6 +930,7 @@ classes:
metadatamgrs: null
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
natmd-2.komreg.net:
autoupdate: null
@ -897,6 +946,7 @@ classes:
metadatamgrs: null
nrpe: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
natpub-1.komreg.net:
autoupdate: null
@ -912,6 +962,7 @@ classes:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
natpub-2.komreg.net:
autoupdate: null
@ -927,6 +978,7 @@ classes:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
nic.komreg.net:
autoupdate: null
@ -940,6 +992,7 @@ classes:
nrpe: null
sunet::nagiosapi: null
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
p1.komreg.net:
@ -956,6 +1009,7 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
p2.qa.komreg.net:
@ -973,6 +1027,7 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
prid-1.qa.sveidas.se:
@ -988,6 +1043,7 @@ classes:
version: 1.0.3}
servicemonitor: null
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
prid-1.sveidas.se:
@ -999,9 +1055,10 @@ classes:
konsulter: null
mailclient: *id001
nrpe: null
prid: &id013 {clients: prid_prod_clients, version: 1.0.1}
prid: &id014 {clients: prid_prod_clients, version: 1.0.1}
servicemonitor: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
prid-2.sveidas.se:
autoupdate: null
@ -1012,9 +1069,10 @@ classes:
konsulter: null
mailclient: *id001
nrpe: null
prid: *id013
prid: *id014
servicemonitor: null
sunet::rsyslog: null
sunet::server: *id002
sunetops: null
r1.komreg.net:
autoupdate: null
@ -1026,6 +1084,7 @@ classes:
nrpe: null
openstack_dockerhost: null
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
refidp-1.qa.sveidas.se:
@ -1043,6 +1102,7 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
swedenconnect_refidp: {hostname: qa.test.swedenconnect.se, version: 1.2.0}
@ -1062,6 +1122,7 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
test_my_eid: {hostname: qa.test.swedenconnect.se, version: 1.2.0}
@ -1080,6 +1141,7 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '443'
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
validator: {version: 3.0.9}
@ -1100,6 +1162,7 @@ classes:
frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se]
port: '80'
sunet::rsyslog: null
sunet::server: *id002
sunet_iaas_cloud: null
sunetops: null
members:
@ -1306,6 +1369,24 @@ members:
natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se,
prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
sunet::server: [demw-1.qa.sveidas.se, demw-1.sveidas.se, demw-2.sveidas.se, eidas-connector-1.sveidas.se,
eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se,
eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-proxy-1.sveidas.se,
eidas-proxy-2.sveidas.se, eidas-proxy-3.sveidas.se, eidas-proxy-4.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eidastest-1.qa.sveidas.se, eumd-1.komreg.net,
eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net,
fe-tug-3.komreg.net, jmp.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, jump-tug-3.komreg.net, kvmdemw-fre-3a.komreg.net, kvmdemw-fre-3b.komreg.net,
kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
monitor-tug-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net,
natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se,
prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
sunet_iaas_cloud: [demw-1.qa.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidastest-1.qa.sveidas.se, jmp.komreg.net, log.qa.sveidas.se, md-eu1.qa.komreg.net,
md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,

6
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -7,6 +7,8 @@
mailclient:
domain: sunet.se
sunet::rsyslog:
sunet::server:
sshd_config: true
jmp.komreg.net:
konsulter:
@ -15,12 +17,16 @@ jmp.komreg.net:
autoupdate:
sunet::auditd:
jumphosts:
sunet::server:
ssh_allow_from_anywhere: true
'^jump-.+\.komreg\.net$':
konsulter:
metadatamgrs:
autoupdate:
jumphosts:
sunet::server:
ssh_allow_from_anywhere: true
kvmfe-tug-3.komreg.net:
eid::kvmhost:

3
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -658,9 +658,6 @@ class sunetops {
'pypi' => false,
default => true,
}
class { 'sunet::server':
sshd_config => $sshd_config,
}
# SSH config, create SSH authorized keys from Hiera
$ssh_authorized_keys = hiera_hash('ssh_authorized_keys', undef)