swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rsync relay certificates to relay-2

Browse source
This commit is contained in:
Erik Bergström 2024-01-25 13:51:43 +01:00
parent 4e4f69a9e9
commit bfbdc71640
No known key found for this signature in database
GPG key ID: 49A4251C96E0A9D4
3 changed files with 39 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -940,3 +940,13 @@ node 'eumd-test-2.komreg.net' {
line => 'COSMOS_REPO_MODELS="$COSMOS_REPO/eumd-test-common/:$COSMOS_REPO_MODELS"',
}
}
node 'relay-1.swedenconnect.se' {
sunet::scriptherder::cronjob { "rsync_certificate_to_relay_2":
cmd => "/usr/bin/rsync -av --copy-links --delete /etc/letsencrypt/live/relay.swedenconnect.se/ root@relay-2.swedenconnect.se:",
minute => '9',
hour => '0',
ok_criteria => ['exit_status=0','max_age=48h'],
warn_criteria => ['exit_status=1','max_age=50h'],
}
}

14
global/overlay/etc/puppet/modules/eid/manifests/relay.pp
View file

@ -17,4 +17,18 @@ class eid::relay() {
port => '546',
proto => 'udp',
}
$relay_ip = hiera_array('relay_ip',[]);
if $relay_ip != '' {
sunet::misc::ufw_allow { "allow-relay-rrsync":
from => $relay_ip,
port => '22',
}
sunet::ssh_keys { 'relay-keys':
config => safe_hiera('relay_ssh_keys_mapping', {}),
key_database_name => 'relay_ssh_keys_db'
}
}
}

15
relay-2.swedenconnect.se/overlay/etc/hiera/data/local.yaml
View file

@ -11,3 +11,18 @@ submission_ip:
- 2001:6b0:63:4::101 # monitor-tug-3
- 89.47.184.215 # nic
- 2001:6b0:5a:4020::330 # nic
relay_ip:
- 89.47.185.206
- 2001:6b0:5a:4020::225
relay_ssh_keys_db:
'relay-1':
key : 'AAAAB3NzaC1yc2EAAAADAQABAAABgQDXlifT6X24CYGIZNm34Np7BYyOGNhTlaJphIiSpzuKwCmQP8FcLK7P/L8hU4ooqsnTNPLDD8pmkfL2hmJc9G5wkt2gxyZkAHAMalVF2Jd9MPgbslMelu9IpNqvARi9gH7YBPCspQxMNkDJFLXyi2fNFpvoz9m1Z6J6NMZ0aFPOmYzpO4Az89xSLizJhKidoi6jjp6PhMKO/uxpapJuXvc07IS9O5m3ImAyL/rNgoWVeFNKgCiQb4JOKwKJ4kLFdTgVnn/MKB5mg8NpwHskGUBK5ZkJHzXgCRgJG4gRy/vsCiexOrTl8EPR5Ibc89bvVv7Zp3CvB7qHANd+kuXjVwdVJFFFA28HPOeDRva1PTZouk9TVgoe9/Z28vAb2Ir3ET7DLYniFrjA/ku8AlnD+8BNsJIlA7s+tZl5p+r8F82xFrtOSDb6B7A20BYhPxTVYQBo8Ei5Kgj9LUFY96IjyOoPgPKOeECk9nTpgwK5ooLWM0cgQu/XibKoewzFyx9XigU='
type : 'ssh-rsa'
name : 'relay-1'
options : 'command="/usr/bin/rrsync /etc/letsencrypt/live/relay.swedenconnect.se",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding'
relay_ssh_keys_mapping:
'root':
- 'relay-1'