From 3b7daa7bf3b0420f9a019bd4e418d5a2e5dbbc5f Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 3 Jul 2018 10:55:08 +0200 Subject: [PATCH 01/18] keep luna client certs and metadata gpg home --- md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep | 3 +++ md1.komreg.net/overlay/etc/sunet-reinstall.keep | 3 +++ 2 files changed, 6 insertions(+) create mode 100644 md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep create mode 100644 md1.komreg.net/overlay/etc/sunet-reinstall.keep diff --git a/md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep b/md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep new file mode 100644 index 00000000..7b9f3a17 --- /dev/null +++ b/md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep @@ -0,0 +1,3 @@ +/etc/luna/cert +/etc/metadata + diff --git a/md1.komreg.net/overlay/etc/sunet-reinstall.keep b/md1.komreg.net/overlay/etc/sunet-reinstall.keep new file mode 100644 index 00000000..7b9f3a17 --- /dev/null +++ b/md1.komreg.net/overlay/etc/sunet-reinstall.keep @@ -0,0 +1,3 @@ +/etc/luna/cert +/etc/metadata + From 874076b44c2a300ec29a0c87d1eb18cbda860903 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 3 Jul 2018 11:06:28 +0200 Subject: [PATCH 02/18] make keep part of the install manifest --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 1543faf2..d967636b 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -120,6 +120,7 @@ class saml_metadata($filename=undef, $cert=undef, $url=undef) { } class md_repo_client { + sunet::reinstall::keep {'/etc/metadata': } -> sunet::ssh_git_repo {'/var/cache/metadata_r1': username => 'root', group => 'root', @@ -146,6 +147,7 @@ class eidas_metadata_key { class eidas_hsm_client($luna_version="6.2") { $pkcs11pin = hiera('pkcs11pin',"") + sunet::reinstall::keep {'/etc/luna': } -> file {['/etc/luna','/etc/luna/cert']: ensure => directory } -> sunet::docker_run {"${name}_hsmproxy": hostname => "${::fqdn}", From 4c93b00a471d7e392f8fae2313ea06e7c38f042c Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 3 Jul 2018 11:10:37 +0200 Subject: [PATCH 03/18] correct name for manifest --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index d967636b..d22cc510 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -120,7 +120,7 @@ class saml_metadata($filename=undef, $cert=undef, $url=undef) { } class md_repo_client { - sunet::reinstall::keep {'/etc/metadata': } -> + sunet::snippets::reinstall::keep {'/etc/metadata': } -> sunet::ssh_git_repo {'/var/cache/metadata_r1': username => 'root', group => 'root', @@ -147,7 +147,7 @@ class eidas_metadata_key { class eidas_hsm_client($luna_version="6.2") { $pkcs11pin = hiera('pkcs11pin',"") - sunet::reinstall::keep {'/etc/luna': } -> + sunet::snippets::reinstall::keep {'/etc/luna': } -> file {['/etc/luna','/etc/luna/cert']: ensure => directory } -> sunet::docker_run {"${name}_hsmproxy": hostname => "${::fqdn}", From fe6e262b0788099a4b9bc746034e5150dfb0f847 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 3 Jul 2018 11:15:55 +0200 Subject: [PATCH 04/18] sort out in manifest instead --- eumd-common/overlay/etc/sunet-reinstall.keep | 3 --- md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep | 3 --- md1.komreg.net/overlay/etc/sunet-reinstall.keep | 3 --- natmd-common/overlay/etc/sunet-reinstall.keep | 3 --- 4 files changed, 12 deletions(-) delete mode 100644 eumd-common/overlay/etc/sunet-reinstall.keep delete mode 100644 md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep delete mode 100644 md1.komreg.net/overlay/etc/sunet-reinstall.keep delete mode 100644 natmd-common/overlay/etc/sunet-reinstall.keep diff --git a/eumd-common/overlay/etc/sunet-reinstall.keep b/eumd-common/overlay/etc/sunet-reinstall.keep deleted file mode 100644 index 7b9f3a17..00000000 --- a/eumd-common/overlay/etc/sunet-reinstall.keep +++ /dev/null @@ -1,3 +0,0 @@ -/etc/luna/cert -/etc/metadata - diff --git a/md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep b/md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep deleted file mode 100644 index 7b9f3a17..00000000 --- a/md-eu1.qa.komreg.net/overlay/etc/sunet-reinstall.keep +++ /dev/null @@ -1,3 +0,0 @@ -/etc/luna/cert -/etc/metadata - diff --git a/md1.komreg.net/overlay/etc/sunet-reinstall.keep b/md1.komreg.net/overlay/etc/sunet-reinstall.keep deleted file mode 100644 index 7b9f3a17..00000000 --- a/md1.komreg.net/overlay/etc/sunet-reinstall.keep +++ /dev/null @@ -1,3 +0,0 @@ -/etc/luna/cert -/etc/metadata - diff --git a/natmd-common/overlay/etc/sunet-reinstall.keep b/natmd-common/overlay/etc/sunet-reinstall.keep deleted file mode 100644 index 7b9f3a17..00000000 --- a/natmd-common/overlay/etc/sunet-reinstall.keep +++ /dev/null @@ -1,3 +0,0 @@ -/etc/luna/cert -/etc/metadata - From 846098134de3a3c7490e5a721da223f8b172dece Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 11:56:11 +0200 Subject: [PATCH 05/18] Added configurations for three virtual hosts in kvmmeta-tug-3.komreg.net The hosts are eumd-2.komreg.net,natpub-2.komreg.net and eupub-2.komreg.net. --- global/overlay/etc/puppet/cosmos-rules.yaml | 29 ++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 75dab686..a5b5c779 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -59,6 +59,33 @@ kvmmeta-tug-3.komreg.net: description: 'eid tug swedish metadata signer' cpus: '4' memory: '8192' + eumd-2.komreg.net: + mac: '52:54:20:02:03:02’ + ip: '94.176.224.70’ + netmask: '255.255.255.240' + gateway: '94.176.224.65' + bridge: 'br-meta' + description: 'eid tug european metadata signer' + cpus: '4' + memory: '8192' + natpub-2.komreg.net: + mac: '52:54:20:02:03:03’ + ip: '94.176.224.71’ + netmask: '255.255.255.240' + gateway: '94.176.224.65' + bridge: 'br-meta' + description: 'eid tug swedish metadata publisher' + cpus: '4' + memory: '4096' + eupub-2.komreg.net: + mac: '52:54:20:02:03:04’ + ip: '94.176.224.72’ + netmask: '255.255.255.240' + gateway: '94.176.224.65 + bridge: 'br-meta' + description: 'eid tug european metadata publisher' + cpus: '4' + memory: '4096' kvmeidas-tug-3.komreg.net: eid::kvmhost: @@ -196,7 +223,7 @@ kvmmeta-fre-3.komreg.net: netmask: '255.255.255.240' gateway: '94.176.224.193' bridge: 'br-meta' - description: 'eid fre european metadata publisher' + description: 'eid fre european metadata publisher' cpus: '4' memory: '4096' From da2735b4ede8e5fea6730e22a14b09201d547b9c Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 12:00:21 +0200 Subject: [PATCH 06/18] Fixed syntax error --- global/overlay/etc/puppet/cosmos-rules.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index a5b5c779..8122b7dc 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -60,8 +60,8 @@ kvmmeta-tug-3.komreg.net: cpus: '4' memory: '8192' eumd-2.komreg.net: - mac: '52:54:20:02:03:02’ - ip: '94.176.224.70’ + mac: '52:54:20:02:03:02' + ip: '94.176.224.70' netmask: '255.255.255.240' gateway: '94.176.224.65' bridge: 'br-meta' @@ -69,8 +69,8 @@ kvmmeta-tug-3.komreg.net: cpus: '4' memory: '8192' natpub-2.komreg.net: - mac: '52:54:20:02:03:03’ - ip: '94.176.224.71’ + mac: '52:54:20:02:03:03' + ip: '94.176.224.71' netmask: '255.255.255.240' gateway: '94.176.224.65' bridge: 'br-meta' @@ -78,10 +78,10 @@ kvmmeta-tug-3.komreg.net: cpus: '4' memory: '4096' eupub-2.komreg.net: - mac: '52:54:20:02:03:04’ - ip: '94.176.224.72’ + mac: '52:54:20:02:03:04' + ip: '94.176.224.72' netmask: '255.255.255.240' - gateway: '94.176.224.65 + gateway: '94.176.224.65' bridge: 'br-meta' description: 'eid tug european metadata publisher' cpus: '4' From 463d91cafc02971bf06fb82d0f2f7754c9d9adde Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 12:00:26 +0200 Subject: [PATCH 07/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index a4bc3c82..38131800 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -459,8 +459,8 @@ classes: eumd-1.komreg.net: {bridge: br-meta, cpus: '4', description: eid fre european metadata signer, gateway: 94.176.224.193, ip: 94.176.224.198, mac: '52:54:20:01:01:02', memory: '8192', netmask: 255.255.255.240} - eupub-1.komreg.net: {bridge: br-meta, cpus: '4', description: eid fre european metadata - publisher, gateway: 94.176.224.193, ip: 94.176.224.200, mac: '52:54:20:01:01:04', + eupub-1.komreg.net: {bridge: br-meta, cpus: '4', description: eid fre european + metadata publisher, gateway: 94.176.224.193, ip: 94.176.224.200, mac: '52:54:20:01:01:04', memory: '4096', netmask: 255.255.255.240} natmd-1.komreg.net: {bridge: br-meta, cpus: '4', description: eid fre swedish metadata signer, gateway: 94.176.224.193, ip: 94.176.224.197, mac: '52:54:20:01:01:01', @@ -478,9 +478,18 @@ classes: common: null eid::kvmhost: vms: + eumd-2.komreg.net: {bridge: br-meta, cpus: '4', description: eid tug european + metadata signer, gateway: 94.176.224.65, ip: 94.176.224.70, mac: '52:54:20:02:03:02', + memory: '8192', netmask: 255.255.255.240} + eupub-2.komreg.net: {bridge: br-meta, cpus: '4', description: eid tug european + metadata publisher, gateway: 94.176.224.65, ip: 94.176.224.72, mac: '52:54:20:02:03:04', + memory: '4096', netmask: 255.255.255.240} natmd-2.komreg.net: {bridge: br-meta, cpus: '4', description: eid tug swedish metadata signer, gateway: 94.176.224.65, ip: 94.176.224.69, mac: '52:54:20:02:03:01', memory: '8192', netmask: 255.255.255.240} + natpub-2.komreg.net: {bridge: br-meta, cpus: '4', description: eid tug swedish + metadata publisher, gateway: 94.176.224.65, ip: 94.176.224.71, mac: '52:54:20:02:03:03', + memory: '4096', netmask: 255.255.255.240} entropyclient: null infra_ca_rp: null mailclient: *id002 From eae6e49ac440286c5c27089e8ff93474b85abca4 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 12:12:31 +0200 Subject: [PATCH 08/18] eumd-2.komreg.net added --- eumd-2.komreg.net/README | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 eumd-2.komreg.net/README diff --git a/eumd-2.komreg.net/README b/eumd-2.komreg.net/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/eumd-2.komreg.net/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + From 7dc4e87cc007ffd9c5a12bca03d9cf184936345e Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 12:14:17 +0200 Subject: [PATCH 09/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 146 +++++++++++++---------- 1 file changed, 81 insertions(+), 65 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 38131800..d0c51fc0 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -173,6 +173,14 @@ classes: nrpe: null sunet::rsyslog: null sunetops: null + eumd-2.komreg.net: + common: null + entropyclient: null + infra_ca_rp: null + mailclient: *id002 + nrpe: null + sunet::rsyslog: null + sunetops: null eupub-1.komreg.net: autoupdate: null common: null @@ -742,14 +750,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, + p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, + r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] autoupdate: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, @@ -764,14 +773,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, + p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, + r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, @@ -789,27 +799,29 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, + p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, + r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] github_client_credential: [web-1.qa.sveidas.se] infra_ca_rp: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, + p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, + r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] konsulter: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eumd-1.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, @@ -819,14 +831,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, + p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, + r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] md_publisher: [eupub-1.komreg.net, natpub-1.komreg.net, p1.komreg.net, p2.qa.komreg.net] md_repo_client: [eumd-1.komreg.net, md-eu1.qa.komreg.net, natmd-1.komreg.net] md_repo_server: [r1.komreg.net] @@ -838,14 +851,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, + p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, + r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] openstack_dockerhost: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] @@ -867,15 +881,16 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-1.sveidas.se, log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-1.sveidas.se, + log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, + md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, + natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, + web-1.qa.sveidas.se] sunet_iaas_cloud: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, @@ -884,13 +899,14 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, + kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, + p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, + r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] validator: [validator-1.qa.komreg.net] From d2eb0d425287357a3c9c888671121a9d6ad2637e Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 12:15:27 +0200 Subject: [PATCH 10/18] natpub-2.komreg.net added --- natpub-2.komreg.net/README | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 natpub-2.komreg.net/README diff --git a/natpub-2.komreg.net/README b/natpub-2.komreg.net/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/natpub-2.komreg.net/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + From 8216350d3b6b753a2f5a2d5c4dd53cb3d93ccaa3 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 12:17:15 +0200 Subject: [PATCH 11/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 54 ++++++++++++++---------- 1 file changed, 31 insertions(+), 23 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index d0c51fc0..2b7ba2c3 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -611,6 +611,14 @@ classes: port: '443' sunet::rsyslog: null sunetops: null + natpub-2.komreg.net: + common: null + entropyclient: null + infra_ca_rp: null + mailclient: *id002 + nrpe: null + sunet::rsyslog: null + sunetops: null nic.komreg.net: autoupdate: null common: null @@ -756,9 +764,9 @@ members: kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] autoupdate: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, @@ -779,9 +787,9 @@ members: kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, @@ -805,9 +813,9 @@ members: kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] github_client_credential: [web-1.qa.sveidas.se] infra_ca_rp: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, @@ -819,9 +827,9 @@ members: kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] konsulter: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eumd-1.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, @@ -837,9 +845,9 @@ members: kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] md_publisher: [eupub-1.komreg.net, natpub-1.komreg.net, p1.komreg.net, p2.qa.komreg.net] md_repo_client: [eumd-1.komreg.net, md-eu1.qa.komreg.net, natmd-1.komreg.net] md_repo_server: [r1.komreg.net] @@ -857,9 +865,9 @@ members: kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] openstack_dockerhost: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] @@ -888,8 +896,8 @@ members: kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-1.sveidas.se, log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, - natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, - prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, + natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunet_iaas_cloud: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, @@ -905,8 +913,8 @@ members: kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, - p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] validator: [validator-1.qa.komreg.net] From 99c8d2802ca977143ed3a4c4bd3faf53af98227d Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 12:18:04 +0200 Subject: [PATCH 12/18] eupub-2.komreg.net added --- eupub-2.komreg.net/README | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 eupub-2.komreg.net/README diff --git a/eupub-2.komreg.net/README b/eupub-2.komreg.net/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/eupub-2.komreg.net/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + From 3392c48c000c233f274340c745e89ce6b32f9874 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 12:19:42 +0200 Subject: [PATCH 13/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 56 ++++++++++++++---------- 1 file changed, 32 insertions(+), 24 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 2b7ba2c3..1c43d462 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -196,6 +196,14 @@ classes: port: '443' sunet::rsyslog: null sunetops: null + eupub-2.komreg.net: + common: null + entropyclient: null + infra_ca_rp: null + mailclient: *id002 + nrpe: null + sunet::rsyslog: null + sunetops: null fe-fre-3.komreg.net: common: null eid::dockerhost: null @@ -758,9 +766,9 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, @@ -781,9 +789,9 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, @@ -807,9 +815,9 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, @@ -821,9 +829,9 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, @@ -839,9 +847,9 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, @@ -859,9 +867,9 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, @@ -889,9 +897,9 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-1.sveidas.se, log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, @@ -907,9 +915,9 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, From a4f9b2c17def62465680b13f9016b582da3e872e Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 12:50:15 +0200 Subject: [PATCH 14/18] Added secrets for eumd-2.komreg.net --- .../overlay/etc/hiera/data/secrets.yaml.asc | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 eumd-2.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc diff --git a/eumd-2.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc b/eumd-2.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc new file mode 100644 index 00000000..db12feec --- /dev/null +++ b/eumd-2.komreg.net/overlay/etc/hiera/data/secrets.yaml.asc @@ -0,0 +1,28 @@ +STATUS=UPDATED + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMA/ni5nOCRnV1AQf8CmL02SoFvrAlqsks7MXhH5mX1ARXKj1MzufOu3hLH4Y9 +itfz/Kgc96CLh9ssDQ0F/L+Vfdx3lXbK9WFEsnJm5h3qjshr31HX50h3H8emCyAd +SC7t+A22SyA4BfLq9ZOX3+fcfj4nsTmsEvDTgH92Rfg8dc5M7iG0ytNYG4s6Huxz +wWK9LseHr9OPBA02aVqBYAEnWWDsQMBZudiHJf2HnvKcbnz2jz7bTBDAClBh1hIR +xJYdU4zQ0a6d7JYn9Tw6hctFHqq+WPSuSRkzxPxf7/Z3ztdVzvKL4HNQjllxu2c1 +SA4ANK/CWYUyvXInfercrou214WoXFqPbq5yf8KQLtLpAZsuOlPl6uqn+p30NVtp +wim+D04umHyDJbu7GZmSQUceQ+b4EDzUx1Tdy47rfaHQd/4zwSAQvGpCJ2v8cr3U +VQUfFAz8mnkAkdywHenJocn7bfihyvYZL+krgFAUCfikdeZLEAyNQneJhN1udHmh +8V4yyZXWfJKR0b2ln42EEqgmknNe/quYkUaEoih0L3otS+MraEeZQH9ix08zFLJQ +QX+TQYedrgA0jZ7vVa29oNYxt2cEjh4gXcqtgSlqL25T4+rzyhDTDsBTtCFHs52+ +bZFM21xHr8qN1juiwAzv4sHbtaqEsi/Ua8iADoG4zk9ygvPV3Rb2Y2jNfFkR+Dvm +ZE4Yc4nMgR9GygN17Er1jP+A43wRSUkRmrdVQo1g7dofOUrIiuyC2j2Fg8VhSH+s +jGhrRvV37fDNIO6EWfsfyQgUdL4Rlo0sBFAZ8ltXtkceR+ssNjrXK6DwqSsB3hHO +wEpC9FJLURcnjw/sQ6T3GfCWnp7tLQtr65rSuG1y8X2ti+arZE07Xaa1IwsdfKAz +ISrBPM9Rzl/xVx7JB7Y8GibQ6WeTmZEe5jvfFSJDZxxYgRIN5BhQKiQd2OW5mGDc +GQmja7PrLoPzneeUTLEdDT7TTQFiNZbNrC4glArZ9f97Cc+7dkSiwJLzvgGX7yQd +qy4AOj0oYuvc9cRxLyS429fAF01shmbb+6KonKfoXjwgxWKs+yp4M1pxSMnEJzIn +WcbxfOqBDIaibtqhgkplqT5W3NAPV1ltAJcwP5P5CG245bo0gCdfVmgP0TmjI77J +B89kdLZSk6V4iBd39hFizs76RNIc4w48N7KuYCYQMNN0J2fGwfZMcSobjv7hgK31 +gZiBGisM1US40p/TvhgSZBWjs84Y/wuG3IAd8tix4tad4jYAi/asKrMlrgTFGDgg +xoNGcEB1RiVdCjYJPISXCg+NhPzN+H7ZmoO2A3TmcedYAYlkns37rRwf +=BZxq +-----END PGP MESSAGE----- From a9d6828b03569622989fb401e24eac143afc789d Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 13:00:36 +0200 Subject: [PATCH 15/18] Added public ssh key infromation. In local.yaml file of eupub-2.komreg.net and natpub-2.komreg.net --- eupub-2.komreg.net/overlay/etc/hiera/data/local.yaml | 3 +++ natpub-2.komreg.net/overlay/etc/hiera/data/local.yaml | 3 +++ 2 files changed, 6 insertions(+) create mode 100644 eupub-2.komreg.net/overlay/etc/hiera/data/local.yaml create mode 100644 natpub-2.komreg.net/overlay/etc/hiera/data/local.yaml diff --git a/eupub-2.komreg.net/overlay/etc/hiera/data/local.yaml b/eupub-2.komreg.net/overlay/etc/hiera/data/local.yaml new file mode 100644 index 00000000..5308ba77 --- /dev/null +++ b/eupub-2.komreg.net/overlay/etc/hiera/data/local.yaml @@ -0,0 +1,3 @@ +--- +publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIH3sk7S/Wb3RIGETd6st93OFaLihyy8u/2ZJOIIhlKTQ +publisher_ssh_key_type: ssh-ed25519 diff --git a/natpub-2.komreg.net/overlay/etc/hiera/data/local.yaml b/natpub-2.komreg.net/overlay/etc/hiera/data/local.yaml new file mode 100644 index 00000000..5308ba77 --- /dev/null +++ b/natpub-2.komreg.net/overlay/etc/hiera/data/local.yaml @@ -0,0 +1,3 @@ +--- +publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIH3sk7S/Wb3RIGETd6st93OFaLihyy8u/2ZJOIIhlKTQ +publisher_ssh_key_type: ssh-ed25519 From b285bf3736aac2d54bb23cdfbc005ece0e0cf4cf Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 14:28:43 +0200 Subject: [PATCH 16/18] Added puppet configurations. On metadat publisher and signer hosts in TUG. --- global/overlay/etc/puppet/cosmos-rules.yaml | 50 +++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 8122b7dc..3cfef192 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -305,6 +305,7 @@ natmd-1.komreg.net: md_signer: name: natmd-prod dest_host: natpub-1.komreg.net + md_repo_client: eumd-1.komreg.net: autoupdate: @@ -316,6 +317,7 @@ eumd-1.komreg.net: md_signer: name: eidas-prod dest_host: eupub-1.komreg.net + md_repo_client: natpub-1.komreg.net: autoupdate: @@ -341,6 +343,54 @@ eupub-1.komreg.net: - 'fe-tug-3.komreg.net' port: '443' +natmd-2.komreg.net: + autoupdate: + eid::dockerhost: + metadatamgrs: + konsulter: + eidas_hsm_client: + md_repo_client: + md_signer: + name: natmd-prod + dest_host: natpub-2.komreg.net + md_repo_client: + +eumd-2.komreg.net: + autoupdate: + eid::dockerhost: + metadatamgrs: + konsulter: + eidas_hsm_client: + md_repo_client: + md_signer: + name: eidas-prod + dest_host: eupub-2.komreg.net + md_repo_client: + +natpub-2.komreg.net: + autoupdate: + md_publisher: + keyname: natpub-2.komreg.net_infra + sunet::frontend::register_sites: + sites: + 'md.swedenconnect.se': + frontends: + - 'fe-fre-3.komreg.net' + - 'fe-tug-3.komreg.net' + port: '443' + +eupub-2.komreg.net: + autoupdate: + md_publisher: + keyname: eupub-2.komreg.net_infra + sunet::frontend::register_sites: + sites: + 'md.eidas.swedenconnect.se': + frontends: + - 'fe-fre-3.komreg.net' + - 'fe-tug-3.komreg.net' + port: '443' + nic.komreg.net: sunet_iaas_cloud: autoupdate: From 5615bb7490fe052b230c3058e61f745c308a7002 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 3 Jul 2018 14:28:51 +0200 Subject: [PATCH 17/18] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 68 ++++++++++++++++++------ 1 file changed, 52 insertions(+), 16 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 1c43d462..0641b49e 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -174,10 +174,17 @@ classes: sunet::rsyslog: null sunetops: null eumd-2.komreg.net: + autoupdate: null common: null + eid::dockerhost: null + eidas_hsm_client: null entropyclient: null infra_ca_rp: null + konsulter: null mailclient: *id002 + md_repo_client: null + md_signer: {dest_host: eupub-2.komreg.net, name: eidas-prod} + metadatamgrs: null nrpe: null sunet::rsyslog: null sunetops: null @@ -197,11 +204,18 @@ classes: sunet::rsyslog: null sunetops: null eupub-2.komreg.net: + autoupdate: null common: null entropyclient: null infra_ca_rp: null mailclient: *id002 + md_publisher: {keyname: eupub-2.komreg.net_infra} nrpe: null + sunet::frontend::register_sites: + sites: + md.eidas.swedenconnect.se: + frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] + port: '443' sunet::rsyslog: null sunetops: null fe-fre-3.komreg.net: @@ -597,10 +611,17 @@ classes: sunet::rsyslog: null sunetops: null natmd-2.komreg.net: + autoupdate: null common: null + eid::dockerhost: null + eidas_hsm_client: null entropyclient: null infra_ca_rp: null + konsulter: null mailclient: *id002 + md_repo_client: null + md_signer: {dest_host: natpub-2.komreg.net, name: natmd-prod} + metadatamgrs: null nrpe: null sunet::rsyslog: null sunetops: null @@ -620,11 +641,18 @@ classes: sunet::rsyslog: null sunetops: null natpub-2.komreg.net: + autoupdate: null common: null entropyclient: null infra_ca_rp: null mailclient: *id002 + md_publisher: {keyname: natpub-2.komreg.net_infra} nrpe: null + sunet::frontend::register_sites: + sites: + md.swedenconnect.se: + frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] + port: '443' sunet::rsyslog: null sunetops: null nic.komreg.net: @@ -779,10 +807,11 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eupub-1.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, - md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natpub-1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, log-1.sveidas.se, + log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, + md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, + natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] common: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, @@ -801,14 +830,15 @@ members: eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, - eidas-redis-fe-2.sveidas.se, eumd-1.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - natmd-1.komreg.net, prid-1.sveidas.se, prid-2.sveidas.se] + eidas-redis-fe-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, fe-fre-3.komreg.net, + fe-tug-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, prid-1.sveidas.se, + prid-2.sveidas.se] eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net] eidas_connector: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se] - eidas_hsm_client: [eumd-1.komreg.net, natmd-1.komreg.net] + eidas_hsm_client: [eumd-1.komreg.net, eumd-2.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net] eidas_metadata_key: [md-eu1.qa.komreg.net, md1.komreg.net] eidas_proxy: [eidas-proxy-1.qa.sveidas.se] entropyclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, @@ -840,9 +870,10 @@ members: prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] konsulter: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eumd-1.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, + eumd-1.komreg.net, eumd-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net, - nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, validator-1.qa.komreg.net] + natmd-2.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, + validator-1.qa.komreg.net] mailclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, @@ -856,12 +887,16 @@ members: natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] - md_publisher: [eupub-1.komreg.net, natpub-1.komreg.net, p1.komreg.net, p2.qa.komreg.net] - md_repo_client: [eumd-1.komreg.net, md-eu1.qa.komreg.net, natmd-1.komreg.net] + md_publisher: [eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + p1.komreg.net, p2.qa.komreg.net] + md_repo_client: [eumd-1.komreg.net, eumd-2.komreg.net, md-eu1.qa.komreg.net, natmd-1.komreg.net, + natmd-2.komreg.net] md_repo_server: [r1.komreg.net] - md_signer: [eumd-1.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net] - metadatamgrs: [eumd-1.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net] + md_signer: [eumd-1.komreg.net, eumd-2.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net] + metadatamgrs: [eumd-1.komreg.net, eumd-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net] nagios_monitor: [monitor-fre-3.komreg.net, nic.komreg.net] nrpe: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, @@ -891,8 +926,9 @@ members: sunet::frontend::load_balancer: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] sunet::frontend::register_sites: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, - eidas-proxy-1.qa.sveidas.se, eupub-1.komreg.net, natpub-1.komreg.net, p1.komreg.net, - p2.qa.komreg.net, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eidas-proxy-1.qa.sveidas.se, eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net, validator-1.qa.komreg.net, + web-1.qa.sveidas.se] sunet::rsyslog: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, From 73a9aea348204623c328a78ceb329928466167ba Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 3 Jul 2018 14:31:52 +0200 Subject: [PATCH 18/18] persist ha slot and make it available to hsmproxy --- .../overlay/etc/Chrystoki.conf.d/50-ha-slot.conf | 8 ++++++++ eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf | 8 ++++++++ global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 ++-- natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf | 8 ++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf create mode 100644 eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf create mode 100644 natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf diff --git a/eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf new file mode 100644 index 00000000..2a3b0f05 --- /dev/null +++ b/eidas-connector-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf @@ -0,0 +1,8 @@ +VirtualToken = { + VirtualToken00Label = sc_ha; + VirtualToken00SN = 1462371088; + VirtualToken00Members = 462371088,462344047; +} +HASynchronize = { + sc_ha = 1; +} diff --git a/eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf new file mode 100644 index 00000000..2a3b0f05 --- /dev/null +++ b/eumd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf @@ -0,0 +1,8 @@ +VirtualToken = { + VirtualToken00Label = sc_ha; + VirtualToken00SN = 1462371088; + VirtualToken00Members = 462371088,462344047; +} +HASynchronize = { + sc_ha = 1; +} diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index d22cc510..9305d435 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -147,13 +147,13 @@ class eidas_metadata_key { class eidas_hsm_client($luna_version="6.2") { $pkcs11pin = hiera('pkcs11pin',"") - sunet::snippets::reinstall::keep {'/etc/luna': } -> + sunet::snippets::reinstall::keep {['/etc/luna','/etc/Chrystoki.conf.d']: } -> file {['/etc/luna','/etc/luna/cert']: ensure => directory } -> sunet::docker_run {"${name}_hsmproxy": hostname => "${::fqdn}", image => 'docker.sunet.se/luna-client', imagetag => $luna_version, - volumes => ['/dev/log:/dev/log','/etc/luna/cert:/usr/safenet/lunaclient/cert'], + volumes => ['/dev/log:/dev/log','/etc/Chrystoki.conf.d:/etc/Chrystoki.conf.d','/etc/luna/cert:/usr/safenet/lunaclient/cert'], env => ["PKCS11PIN=${pkcs11pin}"] } } diff --git a/natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf b/natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf new file mode 100644 index 00000000..2a3b0f05 --- /dev/null +++ b/natmd-common/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf @@ -0,0 +1,8 @@ +VirtualToken = { + VirtualToken00Label = sc_ha; + VirtualToken00SN = 1462371088; + VirtualToken00Members = 462371088,462344047; +} +HASynchronize = { + sc_ha = 1; +}