From dd214d88f374fb61cbabe74f92f0bdb2997ac0ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 18 Jun 2018 11:59:07 +0200 Subject: [PATCH] added prid ufw rules --- global/overlay/etc/puppet/cosmos-rules.yaml | 2 ++ global/overlay/etc/puppet/manifests/cosmos-site.pp | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 224f5896..067f33c6 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -244,6 +244,7 @@ md-eu1.qa.komreg.net: servicemonitor: prid: version: 1.0.1 + clients: 'prid_prod_clients' '^eidas-proxy-[0-9]+\.sveidas\.se$': eid::dockerhost: @@ -313,6 +314,7 @@ md-eu1.qa.komreg.net: servicemonitor: prid: version: 1.0.1 + clients: 'prid_qa_clients' '^validator-[0-9]+\.qa\.komreg\.net$': openstack_dockerhost: diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 55d7a223..71c24e78 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -291,9 +291,10 @@ class eidas_proxy($version='1.0.0',$country='se',$hostname='localhost') { class {'https_server': } } -class prid($version="1.0.0") { +class prid($version="1.0.0",$clients) { $_version = safe_hiera('eidas_prid_version',$version) $hostname = $::fqdn + $_allow_clients = safe_hiera($clients) sunet::docker_run {'prid': image => 'docker.sunet.se/prid-service', imagetag => $_version, @@ -304,7 +305,10 @@ class prid($version="1.0.0") { env => ["PRID_SERVICE_POLICY_CONFIGURATION=file:///etc/prid-service/policy.properties", "CERTNAME=${hostname}_infra"] } -> - class {'webserver': } -> + sunet::misc::ufw_allow {'allow-prid': + from => $_allow_clients, + port => 443 + } -> class {'https_server': } }