From d03d9572f012479a6c91ec1fa60e3ee2aa8c635e Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@nordu.net>
Date: Mon, 11 Jun 2018 15:14:52 +0200
Subject: [PATCH] Added Redis cluster and fronentd configurations.

---
 global/overlay/etc/hiera/data/common.yaml     |  5 ++++
 global/overlay/etc/puppet/cosmos-rules.yaml   | 10 ++++++++
 .../etc/puppet/manifests/cosmos-site.pp       | 24 +++++++++++++++++++
 3 files changed, 39 insertions(+)

diff --git a/global/overlay/etc/hiera/data/common.yaml b/global/overlay/etc/hiera/data/common.yaml
index 950351d2..09e250af 100644
--- a/global/overlay/etc/hiera/data/common.yaml
+++ b/global/overlay/etc/hiera/data/common.yaml
@@ -45,3 +45,8 @@ ssh_authorized_keys:
       Q=="
     type:   'ssh-rsa'
     user:   'root'
+
+redis_client_ips:
+    - 94.176.224.137
+redis_sentinel_ips:
+    - 94.176.224.135
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 51707e74..f5e695ea 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -261,6 +261,16 @@ md-eu1.qa.komreg.net:
            - 'fe-tug-3.komreg.net'
          port: '443'
 
+'^eidas-redis-fe-[0-9]\.sveidas\.se$':
+   eid::dockerhost:
+   autoupdate:
+   redis_frontend_node:
+
+'^eidas-redis-[0-9]\.sveidas\.se$':
+   eid::dockerhost:
+   autoupdate:
+   redis_cluster_node:
+
 '^eidas-node-[0-9]+\.qa\.sveidas\.se$':
    openstack_dockerhost:
    konsulter:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 6565b97f..55d7a223 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -729,3 +729,27 @@ class nagios_monitor {
    #   contact_groups => ['alerts']
    #}
 }
+
+class redis_cluster_node {
+   file { '/opt/redis': ensure => directory }
+   sysctl { 'vm.overcommit_memory': value => '1' }
+   sunet::redis::server {'redis-master':
+      allow_clients => hiera_array('redis_client_ips', []),
+      cluster_nodes => hiera_array('redis_sentinel_ips', []),
+   }
+   sunet::redis::server {'redis-sentinel':
+      port            => '26379',
+      sentinel_config => 'yes',
+      allow_clients   => hiera_array('redis_client_ips', []),
+      cluster_nodes   => hiera_array('redis_sentinel_ips', []),
+   }
+}
+
+class redis_frontend_node ($hostname=undef,$ca="infra") {
+   file { '/opt/redis': ensure => directory }
+   sunet::redis::haproxy {'redis-haproxy':
+      cluster_nodes => hiera_array('redis_sentinel_ips', []),
+      client_ca     => "/etc/ssl/certs/${ca}.crt",
+      certificate   => "/etc/ssl/private/${::fqdn}_${ca}.pem"
+   }
+}