From be2cb9f7b661b4240f8562d7dd9f5b5074ee00a6 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Fri, 11 Mar 2022 21:10:42 +0100 Subject: [PATCH] test metdata sites config --- .../overlay/etc/hiera/data/group.yaml | 46 ++++++++++++++++++- .../frontend/config/mdeidastest/haproxy.j2 | 22 +++++++++ .../opt/frontend/config/mdtest/haproxy.j2 | 22 +++++++++ global/overlay/etc/puppet/cosmos-rules.yaml | 14 ++++++ 4 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 fe-test-common/overlay/opt/frontend/config/mdeidastest/haproxy.j2 create mode 100644 fe-test-common/overlay/opt/frontend/config/mdtest/haproxy.j2 diff --git a/fe-test-common/overlay/etc/hiera/data/group.yaml b/fe-test-common/overlay/etc/hiera/data/group.yaml index a3c5280f..b2fcb61a 100644 --- a/fe-test-common/overlay/etc/hiera/data/group.yaml +++ b/fe-test-common/overlay/etc/hiera/data/group.yaml @@ -70,7 +70,7 @@ sunet_frontend: site_name: 'test.proxy.eidas.swedenconnect.se' frontends: 'fe-fre-1.test.komreg.net': - ips: ['94.176.226.133', '2001:6b0:65:2::132'] + ips: ['94.176.226.132', '2001:6b0:65:2::132'] 'fe-tug-1.test.komreg.net': ips: ['94.176.226.133', '2001:6b0:65:2::133'] backends: @@ -87,3 +87,47 @@ sunet_frontend: haproxy_image: docker.sunet.se/eduid/haproxy haproxy_imagetag: 'stable-tug' frontendtools_imagetag: 'stable' + + 'mdeidastest': + site_name: 'test.md.eidas.swedenconnect.se' + frontends: + 'fe-fre-1.test.komreg.net': + ips: ['94.176.226.134', '2001:6b0:65:2::134'] + 'fe-tug-1.test.komreg.net': + ips: ['94.176.226.135', '2001:6b0:65:2::135'] + backends: + default: + 'eupub-test-1.komreg.net': + ips: ['89.45.236.252'] + server_args: 'ssl check verify none' + 'eupub-test-2.komreg.net': + ips: ['89.45.237.8'] + server_args: 'ssl check verify none' + allow_ports: + - 443 + letsencrypt_server: 'acme-c.sunet.se' + haproxy_image: docker.sunet.se/eduid/haproxy + haproxy_imagetag: 'stable-tug' + frontendtools_imagetag: 'stable' + + 'mdtest': + site_name: 'test.md.swedenconnect.se' + frontends: + 'fe-fre-1.test.komreg.net': + ips: ['94.176.226.136', '2001:6b0:65:2::136'] + 'fe-tug-1.test.komreg.net': + ips: ['94.176.226.137', '2001:6b0:65:2::137'] + backends: + default: + 'natpub-test-1.komreg.net': + ips: ['89.45.237.190'] + server_args: 'ssl check verify none' + 'natpub-test-2.komreg.net': + ips: ['89.45.237.23'] + server_args: 'ssl check verify none' + allow_ports: + - 443 + letsencrypt_server: 'acme-c.sunet.se' + haproxy_image: docker.sunet.se/eduid/haproxy + haproxy_imagetag: 'stable-tug' + frontendtools_imagetag: 'stable' diff --git a/fe-test-common/overlay/opt/frontend/config/mdeidastest/haproxy.j2 b/fe-test-common/overlay/opt/frontend/config/mdeidastest/haproxy.j2 new file mode 100644 index 00000000..f3c3826a --- /dev/null +++ b/fe-test-common/overlay/opt/frontend/config/mdeidastest/haproxy.j2 @@ -0,0 +1,22 @@ +{% extends 'common/haproxy_base.j2' %} + +{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %} + +{% block frontend %} +frontend {{ site_name }} + {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }} + + stats enable + timeout http-request 10s + timeout http-keep-alive 4s + option forwardfor + http-request set-header X-Forwarded-Proto https + + {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }} + + {{ acme_challenge(letsencrypt_server) }} + + use_backend {{ site_name }}__default + +{% endblock frontend %} + diff --git a/fe-test-common/overlay/opt/frontend/config/mdtest/haproxy.j2 b/fe-test-common/overlay/opt/frontend/config/mdtest/haproxy.j2 new file mode 100644 index 00000000..f3c3826a --- /dev/null +++ b/fe-test-common/overlay/opt/frontend/config/mdtest/haproxy.j2 @@ -0,0 +1,22 @@ +{% extends 'common/haproxy_base.j2' %} + +{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %} + +{% block frontend %} +frontend {{ site_name }} + {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }} + + stats enable + timeout http-request 10s + timeout http-keep-alive 4s + option forwardfor + http-request set-header X-Forwarded-Proto https + + {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }} + + {{ acme_challenge(letsencrypt_server) }} + + use_backend {{ site_name }}__default + +{% endblock frontend %} + diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index d4e59fbf..e8b46271 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -578,6 +578,13 @@ eupub-test-1.komreg.net: md_publisher: keyname: eupub-test-1.komreg.net_infra mdsl_publisher: + sunet::frontend::register_sites: + sites: + 'test.md.eidas.swedenconnect.se': + frontends: + - 'fe-fre-1.test.komreg.net' + - 'fe-tug-1.test.komreg.net' + port: '443' natmd-2.komreg.net: autoupdate: @@ -673,6 +680,13 @@ eupub-test-2.komreg.net: md_publisher: keyname: eupub-test-2.komreg.net_infra mdsl_publisher: + sunet::frontend::register_sites: + sites: + 'test.md.eidas.swedenconnect.se': + frontends: + - 'fe-fre-1.test.komreg.net' + - 'fe-tug-1.test.komreg.net' + port: '443' nic.komreg.net: sunet_iaas_cloud: