swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of git.nordu.net:eid-ops

Browse source
This commit is contained in:
Leif Johansson 2018-08-24 14:04:49 +02:00
commit e80b4d62f6
9 changed files with 280 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
eidas-test-1.sveidas.se/README Normal file
View file

@ -0,0 +1,3 @@
The system documentation is in the docs directory of the multiverse repository.

22
eidas-test-1.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc Normal file
View file

@ -0,0 +1,22 @@
STATUS=UPDATED
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
hQEMA8Ba0bnQXbejAQf/aVZUBi1X5aG6FHomMqYmxsBB7KslRVyox0qmwtLhR1QM
YBek9MykeZ5NB+9HojbQAhdN7TUSHcFz9anqE5EMy7jUKPih6yfHxPiRs3j8jgT6
9WYcMtq9uK9fFaugWJRMlDj4wiYELpqe2EMvWK6tpy3ycfTWNAex0mBT8jGTKMp3
RyswQ0jtqwU819OP4xZbZfMYgNSHY02cBija+eG34Y+iQ+OaRjWF++lnAU5ZziCo
PL6lq+8xr8B4vwAgQUNi5YvcJvqwWXpgUfyvuj88dBTOYk3C0F16w2iarfOh78uu
hkEpGj2NDTN/LZ7SvdmwaMzrhl4KWEZLI2RGgbRzwdLA7wFy6hf3kxttd+UxtvsP
DfrrogWaLEEU4gTpkIl6FS+ZFUgtkImPkMv+IZ7lat8Ivdhwanf3LwAF0gY2KLjk
spR5QhZ5/ntwmUlphwNSb5ZAfNQruLPV3PKAixxjrJMv39uZT0EMGgdZEWq19qJ2
u2fOE+gP4+Yg1yPKHvMKt4F0tpIK68cYQpYF+HHPKTXvvy23nPY9bEJA02Sr5F5d
GkIv/Fw/Jf5MngMJLMTQitbukj0PnwyEMmEh+X2XYtm53oRo48yvvLDZ4vYDIy8l
5mbHHezTDbTkmSqOm7ARzFAiT6vQURHKysXx4+mBgBjuPTUogvH0UNiaom8TKiP2
JMOLciTPZ2M3ivzDvSnR1twvgoVPW9Q/g1kW3+EJVFxF/V9gH4J3+E2hD4mBr0BR
ylp5DVQW3keWZlFcd9EnrzGDA9cMdyO6vt668ZhfETYYXMmTEh256mELI5nb2A99
XSEiah8ZTdAXL3QSUOSuuFC0i3f6/JeEDgmjZsaa5JbVtYXLKfzcpg1u5t+LGPRi
X3CT2SriF6Q5LS9V9P2GgPIWLAhk9gfQpym1haNPt31C
=Smyj
-----END PGP MESSAGE-----

3
eidas-test-2.sveidas.se/README Normal file
View file

@ -0,0 +1,3 @@
The system documentation is in the docs directory of the multiverse repository.

22
eidas-test-2.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc Normal file
View file

@ -0,0 +1,22 @@
STATUS=UPDATED
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
hQEMA5PkQv9bXUBXAQgApqaBzznOPMBkTRv8VZIIq3rmBMRIUB+0EgcBz+jcprhg
RNnAS+Xtr6D0VHhAxOBNn3+bkMz3A1264wT/ZGrXAsVi1+JMhLUH/y5/K3I3Zheb
n+KiOXwP+Gb33s24n8TW+ob6faVTgKHn+QN8/J+gHQ4jGoi5euF4oUQxf3iMA4+b
WY0mY1X7EbpHh4qyxhW6p+WA9ype/dCvCzUhZCuICmin/pFFixIqaxtjFr9hWXVB
DjbASaCjHFPlfwpFKHFuZLOZ5fAyTxvmEFxzdTzGR7TbyxBGsdQjuzypHi3q44IH
lCgFYt+VGmir7XrT46l8U0XDbTO8aPpsNSzbQtW0+tLA7wHYyx90Svc6PbITyy97
GL7k9RwaxZMZuVhMeydi+JXjNuU9tMERZAJlEynloFGJrZQf1ke7DxZdih2wNJRg
7ooeaDw4PHm6o/shz3tu2c8RkO/Oxg+STwBu+DB1xvUmqz79eWz6inViMc7UMC4f
z/aW2RCEuSAB/y+REXK2VzKB1uTd70OThaKUiGr2qmzlXYxgeWMSzmpL96furIGq
jtSGVdqZU7j3WtlNPM2ZC0USYQR/zDdSi8Z3YJOMuZ8QMq/hLwCmRaZIMhjAPO4v
3/nG9ohjGDwFsarO5w2uR6amilX/XCwJtrTV4nQadqYKZIePmB5/5HVg+rD8JBXZ
u+hjna/gsLqBvABoXvdYl0Z035Bq1FwWm8iuDVA2JB8i0v7ZIEs6yGFJOnDDVDmu
TjpbXbcLRhBu/i4MVDOqM7bHzNdwaO6MoZTaBCv7o8Qu7zZ2hVwh939GBK7HMmlv
ncz9WYmD6z40mUDrpq5AA2h26yeveEZukO3fZ9vxDsKHk/XN8n7J1NxOe6lSbb8k
1Vn5+UKGoZZi2xnQKr2vE+ep8DWU+Xy0iTQU1D3r5q2X
=tI/B
-----END PGP MESSAGE-----

32
fe-common/overlay/etc/hiera/data/group.yaml
View file

@ -30,9 +30,9 @@ sunet_frontend:
site_name: 'connector.eidas.swedenconnect.se'
frontends:
'fe-fre-3.komreg.net':
ips: ['94.176.226.10']
ips: ['94.176.226.10', '2001:6b0:65:1::10']
'fe-tug-3.komreg.net':
ips: ['94.176.226.11']
ips: ['94.176.226.11', '2001:6b0:65:1::11']
backends:
default:
'eidas-connector-1.sveidas.se':
@ -56,9 +56,9 @@ sunet_frontend:
site_name: 'md.eidas.swedenconnect.se'
frontends:
'fe-fre-3.komreg.net':
ips: ['94.176.226.12']
ips: ['94.176.226.12', '2001:6b0:65:1::12']
'fe-tug-3.komreg.net':
ips: ['94.176.226.13']
ips: ['94.176.226.13', '2001:6b0:65:1::13']
backends:
default:
'eupub-1.komreg.net':
@ -72,13 +72,33 @@ sunet_frontend:
letsencrypt_server: 'acme-c.sunet.se'
haproxy_imagetag: 'staging'
'test':
site_name: 'test.swedenconnect.se'
frontends:
'fe-fre-3.komreg.net':
ips: ['94.176.226.16', '2001:6b0:65:1::16']
'fe-tug-3.komreg.net':
ips: ['94.176.226.17', '2001:6b0:65:1::17']
backends:
default:
'eidas-test-1.sveidas.se':
ips: ['94.176.224.139']
server_args: 'ssl check verify none'
'eidas-test-2.sveidas.se':
ips: ['94.176.224.11']
server_args: 'ssl check verify none'
allow_ports:
- 443
letsencrypt_server: 'acme-c.sunet.se'
haproxy_imagetag: 'staging'
'md':
site_name: 'md.swedenconnect.se'
frontends:
'fe-fre-3.komreg.net':
ips: ['94.176.226.14']
ips: ['94.176.226.14', '2001:6b0:65:1::14']
'fe-tug-3.komreg.net':
ips: ['94.176.226.15']
ips: ['94.176.226.15', '2001:6b0:65:1::15']
backends:
default:
'natpub-1.komreg.net':

22
fe-common/overlay/opt/frontend/config/test/haproxy.j2 Normal file
View file

@ -0,0 +1,22 @@
{% extends 'common/haproxy_base.j2' %}
{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
{% block frontend %}
frontend {{ site_name }}
{{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
stats enable
timeout http-request 10s
timeout http-keep-alive 4s
option forwardfor
http-request set-header X-Forwarded-Proto https
{{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
{{ acme_challenge(letsencrypt_server) }}
use_backend {{ site_name }}__default
{% endblock frontend %}

253
global/overlay/etc/puppet/cosmos-db.yaml
View file

@ -158,6 +158,38 @@ classes:
redis_frontend_node: *id004
sunet::rsyslog: null
sunetops: null
eidas-test-1.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_sp: &id005 {environment: prod, hostname: test.swedenconnect.se, version: 1.0.0}
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id002
nrpe: null
servicemonitor: null
sunet::frontend::register_sites: &id006
sites:
test.swedenconnect.se:
frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
port: '443'
sunet::rsyslog: null
sunetops: null
eidas-test-2.sveidas.se:
autoupdate: null
common: null
eid::dockerhost: null
eidas_sp: *id005
entropyclient: null
infra_ca_rp: null
konsulter: null
mailclient: *id002
nrpe: null
servicemonitor: null
sunet::frontend::register_sites: *id006
sunet::rsyslog: null
sunetops: null
eumd-1.komreg.net:
autoupdate: null
common: null
@ -330,6 +362,16 @@ classes:
memory: '4096'
netmask: 255.255.255.240
search: [sveidas.se]
eidas-test-1.sveidas.se:
bridge: br-eidas
cpus: '4'
description: eid fre test SP
gateway: 94.176.224.129
ip: 94.176.224.139
mac: '52:54:20:01:04:07'
memory: '4096'
netmask: 255.255.255.240
search: [sveidas.se]
prid-1.sveidas.se:
bridge: br-eidas
cpus: '4'
@ -400,6 +442,16 @@ classes:
memory: '4096'
netmask: 255.255.255.240
search: [sveidas.se]
eidas-test-2.sveidas.se:
bridge: br-eidas
cpus: '4'
description: eid tug test SP
gateway: 94.176.224.1
ip: 94.176.224.11
mac: '52:54:20:02:04:07'
memory: '4096'
netmask: 255.255.255.240
search: [sveidas.se]
prid-2.sveidas.se:
bridge: br-eidas
cpus: '4'
@ -536,7 +588,7 @@ classes:
infra_ca_rp: null
mailclient: *id002
nrpe: null
sunet::rsyslog: &id005 {udp_client: 94.176.224.0/24, udp_port: 514}
sunet::rsyslog: &id007 {udp_client: 94.176.224.0/24, udp_port: 514}
sunetops: null
log-2.sveidas.se:
autoupdate: null
@ -545,7 +597,7 @@ classes:
infra_ca_rp: null
mailclient: *id002
nrpe: null
sunet::rsyslog: *id005
sunet::rsyslog: *id007
sunetops: null
log.qa.sveidas.se:
autoupdate: null
@ -725,7 +777,7 @@ classes:
konsulter: null
mailclient: *id002
nrpe: null
prid: &id006 {clients: prid_prod_clients, version: 1.0.1}
prid: &id008 {clients: prid_prod_clients, version: 1.0.1}
servicemonitor: null
sunet::rsyslog: null
sunetops: null
@ -738,7 +790,7 @@ classes:
konsulter: null
mailclient: *id002
nrpe: null
prid: *id006
prid: *id008
servicemonitor: null
sunet::rsyslog: null
sunetops: null
@ -833,47 +885,49 @@ members:
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net,
fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se,
prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net,
kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net,
kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net,
log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net,
monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net,
natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se,
prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
autoupdate: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, log-1.sveidas.se,
log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net,
md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net,
natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se,
test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
common: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net,
fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
eupub-1.komreg.net, eupub-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se,
md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se,
prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
common: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net,
kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net,
kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net,
log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net,
monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net,
natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se,
prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se,
eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se,
eidas-redis-fe-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, fe-fre-3.komreg.net,
fe-tug-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, prid-1.sveidas.se,
prid-2.sveidas.se, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se]
eidas-redis-fe-2.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net,
natmd-1.komreg.net, natmd-2.komreg.net, prid-1.sveidas.se, prid-2.sveidas.se,
refidp-1.qa.sveidas.se, test-1.qa.sveidas.se]
eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net]
@ -882,56 +936,57 @@ members:
eidas_hsm_client: [eumd-1.komreg.net, eumd-2.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net]
eidas_metadata_key: [md-eu1.qa.komreg.net, md1.komreg.net]
eidas_proxy: [eidas-proxy-1.qa.sveidas.se]
eidas_sp: [test-1.qa.sveidas.se]
eidas_sp: [eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, test-1.qa.sveidas.se]
entropyclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net,
fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se,
prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net,
kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net,
kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net,
log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net,
monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net,
natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se,
prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
github_client_credential: [web-1.qa.sveidas.se]
infra_ca_rp: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net,
fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se,
prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net,
kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net,
kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net,
log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net,
monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net,
natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se,
prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
jumphosts: [jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net]
konsulter: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net,
md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net,
natmd-2.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se,
refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net]
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, md-eu1.qa.komreg.net,
md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net,
nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, refidp-1.qa.sveidas.se,
test-1.qa.sveidas.se, validator-1.qa.komreg.net]
mailclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net,
fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se,
prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net,
kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net,
kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net,
log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net,
monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net,
natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se,
prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
md_publisher: [eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
p1.komreg.net, p2.qa.komreg.net]
@ -948,15 +1003,15 @@ members:
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net,
fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se,
prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net,
kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net,
kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net,
log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net,
monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net,
natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se,
prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
openstack_dockerhost: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, prid-1.qa.sveidas.se,
@ -966,30 +1021,32 @@ members:
redis_cluster_node: [eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se]
redis_frontend_node: [eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se]
servicemonitor: [eidas-proxy-1.qa.sveidas.se, prid-1.qa.sveidas.se, prid-1.sveidas.se,
prid-2.sveidas.se, test-1.qa.sveidas.se]
servicemonitor: [eidas-proxy-1.qa.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se,
prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, test-1.qa.sveidas.se]
sunet::auditd: [jmp.komreg.net]
sunet::dehydrated: [r1.komreg.net]
sunet::frontend::load_balancer: [fe-fre-3.komreg.net, fe-tug-3.komreg.net]
sunet::frontend::register_sites: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se,
eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se,
eidas-proxy-1.qa.sveidas.se, eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net,
natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se,
test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
eidas-proxy-1.qa.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se,
eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
sunet::rsyslog: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se,
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net,
fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-1.sveidas.se,
log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net,
md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net,
natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net,
prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se,
test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se]
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net,
kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net,
kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net,
log-1.sveidas.se, log-1.sveidas.se, log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se,
prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
sunet_iaas_cloud: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net,
nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net,
@ -998,15 +1055,15 @@ members:
eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se,
eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se,
eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se,
eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net,
fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net,
jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net,
kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net,
kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se,
log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net,
natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net,
nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se,
prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net,
eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net,
jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net,
kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net,
kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net,
log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net,
monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net,
natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se,
prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se,
validator-1.qa.komreg.net, web-1.qa.sveidas.se]
swedenconnect_refidp: [refidp-1.qa.sveidas.se]
validator: [validator-1.qa.komreg.net]

28
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -152,6 +152,17 @@ kvmeidas-tug-3.komreg.net:
description: 'eid tug redis cluster'
cpus: '4'
memory: '4096'
eidas-test-2.sveidas.se:
mac: '52:54:20:02:04:07'
ip: '94.176.224.11'
netmask: '255.255.255.240'
gateway: '94.176.224.1'
bridge: 'br-eidas'
search: ['sveidas.se']
description: 'eid tug test SP'
cpus: '4'
memory: '4096'
kvmfe-fre-3.komreg.net:
eid::kvmhost:
@ -292,6 +303,16 @@ kvmeidas-fre-3.komreg.net:
description: 'eid fre redis frontend'
cpus: '4'
memory: '4096'
eidas-test-1.sveidas.se:
mac: '52:54:20:01:04:07'
ip: '94.176.224.139'
netmask: '255.255.255.240'
gateway: '94.176.224.129'
bridge: 'br-eidas'
search: ['sveidas.se']
description: 'eid fre test SP'
cpus: '4'
memory: '4096'
monitor-fre-3.komreg.net:
autoupdate:
@ -492,7 +513,7 @@ md-eu1.qa.komreg.net:
- 'se-tug-lb-1.sunet.se'
port: '443'
'^test-[0-9]+\.sveidas\.se$':
'^eidas-test-[0-9]+\.sveidas\.se$':
eid::dockerhost:
konsulter:
autoupdate:
@ -500,12 +521,13 @@ md-eu1.qa.komreg.net:
eidas_sp:
version: 1.0.0
hostname: test.swedenconnect.se
environment: prod
sunet::frontend::register_sites:
sites:
'test.swedenconnect.se':
frontends:
- 'se-fre-lb-1.sunet.se'
- 'se-tug-lb-1.sunet.se'
- 'fe-fre-3.komreg.net'
- 'fe-tug-3.komreg.net'
port: '443'
'^eidas-connector-[0-9]+\.sveidas\.se$':

4
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -250,7 +250,7 @@ class md_repo_server($hostname) {
ensure_resource('class','https_server',{})
}
class eidas_sp($version="1.0.0",$hostname='localhost') {
class eidas_sp($version="1.0.0",$hostname='localhost',$environment='qa') {
$_version = safe_hiera('eidas_sp_version',$version)
$_hostname = safe_hiera('eidas_sp_hostname',$hostname)
file {['/etc/eidas-sp','/var/log/eidas-sp','/etc/ssl']: ensure => directory } ->
@ -266,7 +266,7 @@ class eidas_sp($version="1.0.0",$hostname='localhost') {
env => ["SERVER_SERVLET_CONTEXT_PATH=/",
"SP_USE_SC_LOGO=false",
"SP_ENTITY_ID=https://$_hostname/sp",
"SPRING_PROFILES_ACTIVE=qa",
"SPRING_PROFILES_ACTIVE=$environment",
"SP_BASE_URI=https://$_hostname"]
}
ensure_resource('class','webserver',{})