changed related to SC-2266

2024-05-16 13:56:00 +02:00 · 2024-05-16 13:56:00 +02:00 · cb72857800
commit cb72857800
parent 8fd3ab799e
2 changed files with 20 additions and 2 deletions
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -540,6 +540,8 @@ natpub-test-1.komreg.net:

 eupub-1.komreg.net:
   autoupdate:
+   infra_ca_rp:
+     monitor_infra_cert: false
   md_publisher:
     keyname: eupub-1.komreg.net_infra
     signer_ip_adress: '94.176.224.198'
@ -554,6 +556,8 @@ eupub-1.komreg.net:

 eupub-test-1.komreg.net:
   autoupdate:
+   infra_ca_rp:
+     monitor_infra_cert: false
   md_publisher:
     keyname: eupub-test-1.komreg.net_infra
     signer_ip_adress: '89.45.237.138'
@ -676,6 +680,8 @@ natpub-test-2.komreg.net:

 eupub-2.komreg.net:
   autoupdate:
+   infra_ca_rp:
+     monitor_infra_cert: false
   md_publisher:
     keyname: eupub-2.komreg.net_infra
     signer_ip_adress: '94.176.224.70'
@ -690,6 +696,8 @@ eupub-2.komreg.net:

 eupub-test-2.komreg.net:
   autoupdate:
+   infra_ca_rp:
+     monitor_infra_cert: false
   md_publisher:
     keyname: eupub-test-2.komreg.net_infra
     signer_ip_adress: '89.45.236.73'
@ -735,9 +743,13 @@ p1.komreg.net:
      valid_until: 7
      xml_dir: role
      validate_cert: '/var/www/html/qa.swedenconnect.se.cert'
+      imagetag: v2024-04-08-01
+      infra_cert_from_this_class: false

 p2.qa.komreg.net:
   sunet_iaas_cloud:
+   infra_ca_rp:
+     monitor_infra_cert: false
   autoupdate:
   md_publisher:
     keyname: p2.qa.komreg.net_infra
@ -960,6 +972,8 @@ demw-2.sveidas.se:
   eid::dockerhost:
     version: '5:23.0.6-1~ubuntu.20.04~focal'
     docker_repo: stable
+   infra_ca_rp:
+     monitor_infra_cert: false
   konsulter:
   autoupdate:
   eidas_connector:
@ -1057,6 +1071,8 @@ log-1.sveidas.se:
 '^eidas-node-[0-9]+\.qa\.sveidas\.se$':
   konsulter:
   sunet_iaas_cloud:
+   infra_ca_rp:
+     monitor_infra_cert: false
   autoupdate:
   eid::dockerhost:
      version: '5:23.0.6-1~ubuntu.20.04~focal'
@ -1073,6 +1089,8 @@ log-1.sveidas.se:

 '^eidas-connector-[0-9]+\.test\.sveidas\.se$':
   sunet_iaas_cloud:
+   infra_ca_rp:
+     monitor_infra_cert: false
   eid::dockerhost:
      version: '5:23.0.6-1~ubuntu.20.04~focal'
   konsulter:
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@ -16,8 +16,8 @@ class autoupdate {

 class jumphosts {}

-class infra_ca_rp {
-   sunet::ici_ca::rp { 'infra': }
+class infra_ca_rp (Boolean $monitor_infra_cert = true,){
+   sunet::ici_ca::rp { 'infra': monitor_infra_cert => $monitor_infra_cert}
 }

 # you need a default node, all nodes need ssh + ufw