diff --git a/eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf new file mode 100644 index 00000000..2a3b0f05 --- /dev/null +++ b/eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf @@ -0,0 +1,8 @@ +VirtualToken = { + VirtualToken00Label = sc_ha; + VirtualToken00SN = 1462371088; + VirtualToken00Members = 462371088,462344047; +} +HASynchronize = { + sc_ha = 1; +} diff --git a/eumd-2.komreg.net/README b/eumd-2.komreg.net/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/eumd-2.komreg.net/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + diff --git a/eumd-2.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc b/eumd-2.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc new file mode 100644 index 00000000..db12feec --- /dev/null +++ b/eumd-2.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc @@ -0,0 +1,28 @@ +STATUS=UPDATED + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMA/ni5nOCRnV1AQf8CmL02SoFvrAlqsks7MXhH5mX1ARXKj1MzufOu3hLH4Y9 +itfz/Kgc96CLh9ssDQ0F/L+Vfdx3lXbK9WFEsnJm5h3qjshr31HX50h3H8emCyAd +SC7t+A22SyA4BfLq9ZOX3+fcfj4nsTmsEvDTgH92Rfg8dc5M7iG0ytNYG4s6Huxz +wWK9LseHr9OPBA02aVqBYAEnWWDsQMBZudiHJf2HnvKcbnz2jz7bTBDAClBh1hIR +xJYdU4zQ0a6d7JYn9Tw6hctFHqq+WPSuSRkzxPxf7/Z3ztdVzvKL4HNQjllxu2c1 +SA4ANK/CWYUyvXInfercrou214WoXFqPbq5yf8KQLtLpAZsuOlPl6uqn+p30NVtp +wim+D04umHyDJbu7GZmSQUceQ+b4EDzUx1Tdy47rfaHQd/4zwSAQvGpCJ2v8cr3U +VQUfFAz8mnkAkdywHenJocn7bfihyvYZL+krgFAUCfikdeZLEAyNQneJhN1udHmh +8V4yyZXWfJKR0b2ln42EEqgmknNe/quYkUaEoih0L3otS+MraEeZQH9ix08zFLJQ +QX+TQYedrgA0jZ7vVa29oNYxt2cEjh4gXcqtgSlqL25T4+rzyhDTDsBTtCFHs52+ +bZFM21xHr8qN1juiwAzv4sHbtaqEsi/Ua8iADoG4zk9ygvPV3Rb2Y2jNfFkR+Dvm +ZE4Yc4nMgR9GygN17Er1jP+A43wRSUkRmrdVQo1g7dofOUrIiuyC2j2Fg8VhSH+s +jGhrRvV37fDNIO6EWfsfyQgUdL4Rlo0sBFAZ8ltXtkceR+ssNjrXK6DwqSsB3hHO +wEpC9FJLURcnjw/sQ6T3GfCWnp7tLQtr65rSuG1y8X2ti+arZE07Xaa1IwsdfKAz +ISrBPM9Rzl/xVx7JB7Y8GibQ6WeTmZEe5jvfFSJDZxxYgRIN5BhQKiQd2OW5mGDc +GQmja7PrLoPzneeUTLEdDT7TTQFiNZbNrC4glArZ9f97Cc+7dkSiwJLzvgGX7yQd +qy4AOj0oYuvc9cRxLyS429fAF01shmbb+6KonKfoXjwgxWKs+yp4M1pxSMnEJzIn +WcbxfOqBDIaibtqhgkplqT5W3NAPV1ltAJcwP5P5CG245bo0gCdfVmgP0TmjI77J +B89kdLZSk6V4iBd39hFizs76RNIc4w48N7KuYCYQMNN0J2fGwfZMcSobjv7hgK31 +gZiBGisM1US40p/TvhgSZBWjs84Y/wuG3IAd8tix4tad4jYAi/asKrMlrgTFGDgg +xoNGcEB1RiVdCjYJPISXCg+NhPzN+H7ZmoO2A3TmcedYAYlkns37rRwf +=BZxq +-----END PGP MESSAGE----- diff --git a/eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf new file mode 100644 index 00000000..2a3b0f05 --- /dev/null +++ b/eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf @@ -0,0 +1,8 @@ +VirtualToken = { + VirtualToken00Label = sc_ha; + VirtualToken00SN = 1462371088; + VirtualToken00Members = 462371088,462344047; +} +HASynchronize = { + sc_ha = 1; +} diff --git a/eumd-common/overlay/etc/sunet-reinstall.keep b/eumd-common/overlay/etc/sunet-reinstall.keep deleted file mode 100644 index 7b9f3a17..00000000 --- a/eumd-common/overlay/etc/sunet-reinstall.keep +++ /dev/null @@ -1,3 +0,0 @@ -/etc/luna/cert -/etc/metadata - diff --git a/eupub-2.komreg.net/README b/eupub-2.komreg.net/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/eupub-2.komreg.net/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + diff --git a/eupub-2.komreg.net/overlay/etc/hiera/data/local.yaml b/eupub-2.komreg.net/overlay/etc/hiera/data/local.yaml new file mode 100644 index 00000000..5308ba77 --- /dev/null +++ b/eupub-2.komreg.net/overlay/etc/hiera/data/local.yaml @@ -0,0 +1,3 @@ +--- +publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIH3sk7S/Wb3RIGETd6st93OFaLihyy8u/2ZJOIIhlKTQ +publisher_ssh_key_type: ssh-ed25519 diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index a4bc3c82..0641b49e 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -173,6 +173,21 @@ classes: nrpe: null sunet::rsyslog: null sunetops: null + eumd-2.komreg.net: + autoupdate: null + common: null + eid::dockerhost: null + eidas_hsm_client: null + entropyclient: null + infra_ca_rp: null + konsulter: null + mailclient: *id002 + md_repo_client: null + md_signer: {dest_host: eupub-2.komreg.net, name: eidas-prod} + metadatamgrs: null + nrpe: null + sunet::rsyslog: null + sunetops: null eupub-1.komreg.net: autoupdate: null common: null @@ -188,6 +203,21 @@ classes: port: '443' sunet::rsyslog: null sunetops: null + eupub-2.komreg.net: + autoupdate: null + common: null + entropyclient: null + infra_ca_rp: null + mailclient: *id002 + md_publisher: {keyname: eupub-2.komreg.net_infra} + nrpe: null + sunet::frontend::register_sites: + sites: + md.eidas.swedenconnect.se: + frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] + port: '443' + sunet::rsyslog: null + sunetops: null fe-fre-3.komreg.net: common: null eid::dockerhost: null @@ -459,8 +489,8 @@ classes: eumd-1.komreg.net: {bridge: br-meta, cpus: '4', description: eid fre european metadata signer, gateway: 94.176.224.193, ip: 94.176.224.198, mac: '52:54:20:01:01:02', memory: '8192', netmask: 255.255.255.240} - eupub-1.komreg.net: {bridge: br-meta, cpus: '4', description: eid fre european metadata - publisher, gateway: 94.176.224.193, ip: 94.176.224.200, mac: '52:54:20:01:01:04', + eupub-1.komreg.net: {bridge: br-meta, cpus: '4', description: eid fre european + metadata publisher, gateway: 94.176.224.193, ip: 94.176.224.200, mac: '52:54:20:01:01:04', memory: '4096', netmask: 255.255.255.240} natmd-1.komreg.net: {bridge: br-meta, cpus: '4', description: eid fre swedish metadata signer, gateway: 94.176.224.193, ip: 94.176.224.197, mac: '52:54:20:01:01:01', @@ -478,9 +508,18 @@ classes: common: null eid::kvmhost: vms: + eumd-2.komreg.net: {bridge: br-meta, cpus: '4', description: eid tug european + metadata signer, gateway: 94.176.224.65, ip: 94.176.224.70, mac: '52:54:20:02:03:02', + memory: '8192', netmask: 255.255.255.240} + eupub-2.komreg.net: {bridge: br-meta, cpus: '4', description: eid tug european + metadata publisher, gateway: 94.176.224.65, ip: 94.176.224.72, mac: '52:54:20:02:03:04', + memory: '4096', netmask: 255.255.255.240} natmd-2.komreg.net: {bridge: br-meta, cpus: '4', description: eid tug swedish metadata signer, gateway: 94.176.224.65, ip: 94.176.224.69, mac: '52:54:20:02:03:01', memory: '8192', netmask: 255.255.255.240} + natpub-2.komreg.net: {bridge: br-meta, cpus: '4', description: eid tug swedish + metadata publisher, gateway: 94.176.224.65, ip: 94.176.224.71, mac: '52:54:20:02:03:03', + memory: '4096', netmask: 255.255.255.240} entropyclient: null infra_ca_rp: null mailclient: *id002 @@ -572,10 +611,17 @@ classes: sunet::rsyslog: null sunetops: null natmd-2.komreg.net: + autoupdate: null common: null + eid::dockerhost: null + eidas_hsm_client: null entropyclient: null infra_ca_rp: null + konsulter: null mailclient: *id002 + md_repo_client: null + md_signer: {dest_host: natpub-2.komreg.net, name: natmd-prod} + metadatamgrs: null nrpe: null sunet::rsyslog: null sunetops: null @@ -594,6 +640,21 @@ classes: port: '443' sunet::rsyslog: null sunetops: null + natpub-2.komreg.net: + autoupdate: null + common: null + entropyclient: null + infra_ca_rp: null + mailclient: *id002 + md_publisher: {keyname: natpub-2.komreg.net_infra} + nrpe: null + sunet::frontend::register_sites: + sites: + md.swedenconnect.se: + frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] + port: '443' + sunet::rsyslog: null + sunetops: null nic.komreg.net: autoupdate: null common: null @@ -733,59 +794,64 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] autoupdate: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, - md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, log-1.sveidas.se, + log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, + md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, + natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] common: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, - eidas-redis-fe-2.sveidas.se, eumd-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - natmd-1.komreg.net, prid-1.sveidas.se, prid-2.sveidas.se] + eidas-redis-fe-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, prid-1.sveidas.se, + prid-2.sveidas.se] eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net] eidas_connector: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se] - eidas_hsm_client: [eumd-1.komreg.net, natmd-1.komreg.net] + eidas_hsm_client: [eumd-1.komreg.net, eumd-2.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net] eidas_metadata_key: [md-eu1.qa.komreg.net, md1.komreg.net] eidas_proxy: [eidas-proxy-1.qa.sveidas.se] entropyclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] github_client_credential: [web-1.qa.sveidas.se] @@ -793,48 +859,56 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] konsulter: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eumd-1.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net, - nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, validator-1.qa.komreg.net] + natmd-2.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, + validator-1.qa.komreg.net] mailclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] - md_publisher: [eupub-1.komreg.net, natpub-1.komreg.net, p1.komreg.net, p2.qa.komreg.net] - md_repo_client: [eumd-1.komreg.net, md-eu1.qa.komreg.net, natmd-1.komreg.net] + md_publisher: [eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + p1.komreg.net, p2.qa.komreg.net] + md_repo_client: [eumd-1.komreg.net, eumd-2.komreg.net, md-eu1.qa.komreg.net, natmd-1.komreg.net, + natmd-2.komreg.net] md_repo_server: [r1.komreg.net] - md_signer: [eumd-1.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net] - metadatamgrs: [eumd-1.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net] + md_signer: [eumd-1.komreg.net, eumd-2.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net] + metadatamgrs: [eumd-1.komreg.net, eumd-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net] nagios_monitor: [monitor-fre-3.komreg.net, nic.komreg.net] nrpe: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] openstack_dockerhost: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, @@ -852,21 +926,23 @@ members: sunet::frontend::load_balancer: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] sunet::frontend::register_sites: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, - eidas-proxy-1.qa.sveidas.se, eupub-1.komreg.net, natpub-1.komreg.net, p1.komreg.net, - p2.qa.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eidas-proxy-1.qa.sveidas.se, eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net, validator-1.qa.komreg.net, + web-1.qa.sveidas.se] sunet::rsyslog: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-1.sveidas.se, log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-1.sveidas.se, + log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, + md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, + natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, + web-1.qa.sveidas.se] sunet_iaas_cloud: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, @@ -875,12 +951,13 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] validator: [validator-1.qa.komreg.net] diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 75dab686..3cfef192 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -59,6 +59,33 @@ kvmmeta-tug-3.komreg.net: description: 'eid tug swedish metadata signer' cpus: '4' memory: '8192' + eumd-2.komreg.net: + mac: '52:54:20:02:03:02' + ip: '94.176.224.70' + netmask: '255.255.255.240' + gateway: '94.176.224.65' + bridge: 'br-meta' + description: 'eid tug european metadata signer' + cpus: '4' + memory: '8192' + natpub-2.komreg.net: + mac: '52:54:20:02:03:03' + ip: '94.176.224.71' + netmask: '255.255.255.240' + gateway: '94.176.224.65' + bridge: 'br-meta' + description: 'eid tug swedish metadata publisher' + cpus: '4' + memory: '4096' + eupub-2.komreg.net: + mac: '52:54:20:02:03:04' + ip: '94.176.224.72' + netmask: '255.255.255.240' + gateway: '94.176.224.65' + bridge: 'br-meta' + description: 'eid tug european metadata publisher' + cpus: '4' + memory: '4096' kvmeidas-tug-3.komreg.net: eid::kvmhost: @@ -196,7 +223,7 @@ kvmmeta-fre-3.komreg.net: netmask: '255.255.255.240' gateway: '94.176.224.193' bridge: 'br-meta' - description: 'eid fre european metadata publisher' + description: 'eid fre european metadata publisher' cpus: '4' memory: '4096' @@ -278,6 +305,7 @@ natmd-1.komreg.net: md_signer: name: natmd-prod dest_host: natpub-1.komreg.net + md_repo_client: eumd-1.komreg.net: autoupdate: @@ -289,6 +317,7 @@ eumd-1.komreg.net: md_signer: name: eidas-prod dest_host: eupub-1.komreg.net + md_repo_client: natpub-1.komreg.net: autoupdate: @@ -314,6 +343,54 @@ eupub-1.komreg.net: - 'fe-tug-3.komreg.net' port: '443' +natmd-2.komreg.net: + autoupdate: + eid::dockerhost: + metadatamgrs: + konsulter: + eidas_hsm_client: + md_repo_client: + md_signer: + name: natmd-prod + dest_host: natpub-2.komreg.net + md_repo_client: + +eumd-2.komreg.net: + autoupdate: + eid::dockerhost: + metadatamgrs: + konsulter: + eidas_hsm_client: + md_repo_client: + md_signer: + name: eidas-prod + dest_host: eupub-2.komreg.net + md_repo_client: + +natpub-2.komreg.net: + autoupdate: + md_publisher: + keyname: natpub-2.komreg.net_infra + sunet::frontend::register_sites: + sites: + 'md.swedenconnect.se': + frontends: + - 'fe-fre-3.komreg.net' + - 'fe-tug-3.komreg.net' + port: '443' + +eupub-2.komreg.net: + autoupdate: + md_publisher: + keyname: eupub-2.komreg.net_infra + sunet::frontend::register_sites: + sites: + 'md.eidas.swedenconnect.se': + frontends: + - 'fe-fre-3.komreg.net' + - 'fe-tug-3.komreg.net' + port: '443' + nic.komreg.net: sunet_iaas_cloud: autoupdate: diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 1543faf2..9305d435 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -120,6 +120,7 @@ class saml_metadata($filename=undef, $cert=undef, $url=undef) { } class md_repo_client { + sunet::snippets::reinstall::keep {'/etc/metadata': } -> sunet::ssh_git_repo {'/var/cache/metadata_r1': username => 'root', group => 'root', @@ -146,12 +147,13 @@ class eidas_metadata_key { class eidas_hsm_client($luna_version="6.2") { $pkcs11pin = hiera('pkcs11pin',"") + sunet::snippets::reinstall::keep {['/etc/luna','/etc/Chrystoki.conf.d']: } -> file {['/etc/luna','/etc/luna/cert']: ensure => directory } -> sunet::docker_run {"${name}_hsmproxy": hostname => "${::fqdn}", image => 'docker.sunet.se/luna-client', imagetag => $luna_version, - volumes => ['/dev/log:/dev/log','/etc/luna/cert:/usr/safenet/lunaclient/cert'], + volumes => ['/dev/log:/dev/log','/etc/Chrystoki.conf.d:/etc/Chrystoki.conf.d','/etc/luna/cert:/usr/safenet/lunaclient/cert'], env => ["PKCS11PIN=${pkcs11pin}"] } } diff --git a/natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf new file mode 100644 index 00000000..2a3b0f05 --- /dev/null +++ b/natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf @@ -0,0 +1,8 @@ +VirtualToken = { + VirtualToken00Label = sc_ha; + VirtualToken00SN = 1462371088; + VirtualToken00Members = 462371088,462344047; +} +HASynchronize = { + sc_ha = 1; +} diff --git a/natmd-common/overlay/etc/sunet-reinstall.keep b/natmd-common/overlay/etc/sunet-reinstall.keep deleted file mode 100644 index 7b9f3a17..00000000 --- a/natmd-common/overlay/etc/sunet-reinstall.keep +++ /dev/null @@ -1,3 +0,0 @@ -/etc/luna/cert -/etc/metadata - diff --git a/natpub-2.komreg.net/README b/natpub-2.komreg.net/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/natpub-2.komreg.net/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + diff --git a/natpub-2.komreg.net/overlay/etc/hiera/data/local.yaml b/natpub-2.komreg.net/overlay/etc/hiera/data/local.yaml new file mode 100644 index 00000000..5308ba77 --- /dev/null +++ b/natpub-2.komreg.net/overlay/etc/hiera/data/local.yaml @@ -0,0 +1,3 @@ +--- +publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIH3sk7S/Wb3RIGETd6st93OFaLihyy8u/2ZJOIIhlKTQ +publisher_ssh_key_type: ssh-ed25519