diff --git a/eidas-test-1.sveidas.se/README b/eidas-test-1.sveidas.se/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/eidas-test-1.sveidas.se/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + diff --git a/eidas-test-1.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc b/eidas-test-1.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc new file mode 100644 index 00000000..c475e735 --- /dev/null +++ b/eidas-test-1.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc @@ -0,0 +1,22 @@ +STATUS=UPDATED + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMA8Ba0bnQXbejAQf/aVZUBi1X5aG6FHomMqYmxsBB7KslRVyox0qmwtLhR1QM +YBek9MykeZ5NB+9HojbQAhdN7TUSHcFz9anqE5EMy7jUKPih6yfHxPiRs3j8jgT6 +9WYcMtq9uK9fFaugWJRMlDj4wiYELpqe2EMvWK6tpy3ycfTWNAex0mBT8jGTKMp3 +RyswQ0jtqwU819OP4xZbZfMYgNSHY02cBija+eG34Y+iQ+OaRjWF++lnAU5ZziCo +PL6lq+8xr8B4vwAgQUNi5YvcJvqwWXpgUfyvuj88dBTOYk3C0F16w2iarfOh78uu +hkEpGj2NDTN/LZ7SvdmwaMzrhl4KWEZLI2RGgbRzwdLA7wFy6hf3kxttd+UxtvsP +DfrrogWaLEEU4gTpkIl6FS+ZFUgtkImPkMv+IZ7lat8Ivdhwanf3LwAF0gY2KLjk +spR5QhZ5/ntwmUlphwNSb5ZAfNQruLPV3PKAixxjrJMv39uZT0EMGgdZEWq19qJ2 +u2fOE+gP4+Yg1yPKHvMKt4F0tpIK68cYQpYF+HHPKTXvvy23nPY9bEJA02Sr5F5d +GkIv/Fw/Jf5MngMJLMTQitbukj0PnwyEMmEh+X2XYtm53oRo48yvvLDZ4vYDIy8l +5mbHHezTDbTkmSqOm7ARzFAiT6vQURHKysXx4+mBgBjuPTUogvH0UNiaom8TKiP2 +JMOLciTPZ2M3ivzDvSnR1twvgoVPW9Q/g1kW3+EJVFxF/V9gH4J3+E2hD4mBr0BR +ylp5DVQW3keWZlFcd9EnrzGDA9cMdyO6vt668ZhfETYYXMmTEh256mELI5nb2A99 +XSEiah8ZTdAXL3QSUOSuuFC0i3f6/JeEDgmjZsaa5JbVtYXLKfzcpg1u5t+LGPRi +X3CT2SriF6Q5LS9V9P2GgPIWLAhk9gfQpym1haNPt31C +=Smyj +-----END PGP MESSAGE----- diff --git a/eidas-test-2.sveidas.se/README b/eidas-test-2.sveidas.se/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/eidas-test-2.sveidas.se/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + diff --git a/eidas-test-2.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc b/eidas-test-2.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc new file mode 100644 index 00000000..1b877826 --- /dev/null +++ b/eidas-test-2.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc @@ -0,0 +1,22 @@ +STATUS=UPDATED + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMA5PkQv9bXUBXAQgApqaBzznOPMBkTRv8VZIIq3rmBMRIUB+0EgcBz+jcprhg +RNnAS+Xtr6D0VHhAxOBNn3+bkMz3A1264wT/ZGrXAsVi1+JMhLUH/y5/K3I3Zheb +n+KiOXwP+Gb33s24n8TW+ob6faVTgKHn+QN8/J+gHQ4jGoi5euF4oUQxf3iMA4+b +WY0mY1X7EbpHh4qyxhW6p+WA9ype/dCvCzUhZCuICmin/pFFixIqaxtjFr9hWXVB +DjbASaCjHFPlfwpFKHFuZLOZ5fAyTxvmEFxzdTzGR7TbyxBGsdQjuzypHi3q44IH +lCgFYt+VGmir7XrT46l8U0XDbTO8aPpsNSzbQtW0+tLA7wHYyx90Svc6PbITyy97 +GL7k9RwaxZMZuVhMeydi+JXjNuU9tMERZAJlEynloFGJrZQf1ke7DxZdih2wNJRg +7ooeaDw4PHm6o/shz3tu2c8RkO/Oxg+STwBu+DB1xvUmqz79eWz6inViMc7UMC4f +z/aW2RCEuSAB/y+REXK2VzKB1uTd70OThaKUiGr2qmzlXYxgeWMSzmpL96furIGq +jtSGVdqZU7j3WtlNPM2ZC0USYQR/zDdSi8Z3YJOMuZ8QMq/hLwCmRaZIMhjAPO4v +3/nG9ohjGDwFsarO5w2uR6amilX/XCwJtrTV4nQadqYKZIePmB5/5HVg+rD8JBXZ +u+hjna/gsLqBvABoXvdYl0Z035Bq1FwWm8iuDVA2JB8i0v7ZIEs6yGFJOnDDVDmu +TjpbXbcLRhBu/i4MVDOqM7bHzNdwaO6MoZTaBCv7o8Qu7zZ2hVwh939GBK7HMmlv +ncz9WYmD6z40mUDrpq5AA2h26yeveEZukO3fZ9vxDsKHk/XN8n7J1NxOe6lSbb8k +1Vn5+UKGoZZi2xnQKr2vE+ep8DWU+Xy0iTQU1D3r5q2X +=tI/B +-----END PGP MESSAGE----- diff --git a/fe-common/overlay/etc/hiera/data/group.yaml b/fe-common/overlay/etc/hiera/data/group.yaml index 02b2a580..bf8726bf 100644 --- a/fe-common/overlay/etc/hiera/data/group.yaml +++ b/fe-common/overlay/etc/hiera/data/group.yaml @@ -30,9 +30,9 @@ sunet_frontend: site_name: 'connector.eidas.swedenconnect.se' frontends: 'fe-fre-3.komreg.net': - ips: ['94.176.226.10'] + ips: ['94.176.226.10', '2001:6b0:65:1::10'] 'fe-tug-3.komreg.net': - ips: ['94.176.226.11'] + ips: ['94.176.226.11', '2001:6b0:65:1::11'] backends: default: 'eidas-connector-1.sveidas.se': @@ -56,9 +56,9 @@ sunet_frontend: site_name: 'md.eidas.swedenconnect.se' frontends: 'fe-fre-3.komreg.net': - ips: ['94.176.226.12'] + ips: ['94.176.226.12', '2001:6b0:65:1::12'] 'fe-tug-3.komreg.net': - ips: ['94.176.226.13'] + ips: ['94.176.226.13', '2001:6b0:65:1::13'] backends: default: 'eupub-1.komreg.net': @@ -72,13 +72,33 @@ sunet_frontend: letsencrypt_server: 'acme-c.sunet.se' haproxy_imagetag: 'staging' + 'test': + site_name: 'test.swedenconnect.se' + frontends: + 'fe-fre-3.komreg.net': + ips: ['94.176.226.16', '2001:6b0:65:1::16'] + 'fe-tug-3.komreg.net': + ips: ['94.176.226.17', '2001:6b0:65:1::17'] + backends: + default: + 'eidas-test-1.sveidas.se': + ips: ['94.176.224.139'] + server_args: 'ssl check verify none' + 'eidas-test-2.sveidas.se': + ips: ['94.176.224.11'] + server_args: 'ssl check verify none' + allow_ports: + - 443 + letsencrypt_server: 'acme-c.sunet.se' + haproxy_imagetag: 'staging' + 'md': site_name: 'md.swedenconnect.se' frontends: 'fe-fre-3.komreg.net': - ips: ['94.176.226.14'] + ips: ['94.176.226.14', '2001:6b0:65:1::14'] 'fe-tug-3.komreg.net': - ips: ['94.176.226.15'] + ips: ['94.176.226.15', '2001:6b0:65:1::15'] backends: default: 'natpub-1.komreg.net': diff --git a/fe-common/overlay/opt/frontend/config/test/haproxy.j2 b/fe-common/overlay/opt/frontend/config/test/haproxy.j2 new file mode 100644 index 00000000..f3c3826a --- /dev/null +++ b/fe-common/overlay/opt/frontend/config/test/haproxy.j2 @@ -0,0 +1,22 @@ +{% extends 'common/haproxy_base.j2' %} + +{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %} + +{% block frontend %} +frontend {{ site_name }} + {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }} + + stats enable + timeout http-request 10s + timeout http-keep-alive 4s + option forwardfor + http-request set-header X-Forwarded-Proto https + + {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }} + + {{ acme_challenge(letsencrypt_server) }} + + use_backend {{ site_name }}__default + +{% endblock frontend %} + diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 4bf816c8..9dbb2518 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -158,6 +158,38 @@ classes: redis_frontend_node: *id004 sunet::rsyslog: null sunetops: null + eidas-test-1.sveidas.se: + autoupdate: null + common: null + eid::dockerhost: null + eidas_sp: &id005 {environment: prod, hostname: test.swedenconnect.se, version: 1.0.0} + entropyclient: null + infra_ca_rp: null + konsulter: null + mailclient: *id002 + nrpe: null + servicemonitor: null + sunet::frontend::register_sites: &id006 + sites: + test.swedenconnect.se: + frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] + port: '443' + sunet::rsyslog: null + sunetops: null + eidas-test-2.sveidas.se: + autoupdate: null + common: null + eid::dockerhost: null + eidas_sp: *id005 + entropyclient: null + infra_ca_rp: null + konsulter: null + mailclient: *id002 + nrpe: null + servicemonitor: null + sunet::frontend::register_sites: *id006 + sunet::rsyslog: null + sunetops: null eumd-1.komreg.net: autoupdate: null common: null @@ -330,6 +362,16 @@ classes: memory: '4096' netmask: 255.255.255.240 search: [sveidas.se] + eidas-test-1.sveidas.se: + bridge: br-eidas + cpus: '4' + description: eid fre test SP + gateway: 94.176.224.129 + ip: 94.176.224.139 + mac: '52:54:20:01:04:07' + memory: '4096' + netmask: 255.255.255.240 + search: [sveidas.se] prid-1.sveidas.se: bridge: br-eidas cpus: '4' @@ -400,6 +442,16 @@ classes: memory: '4096' netmask: 255.255.255.240 search: [sveidas.se] + eidas-test-2.sveidas.se: + bridge: br-eidas + cpus: '4' + description: eid tug test SP + gateway: 94.176.224.1 + ip: 94.176.224.11 + mac: '52:54:20:02:04:07' + memory: '4096' + netmask: 255.255.255.240 + search: [sveidas.se] prid-2.sveidas.se: bridge: br-eidas cpus: '4' @@ -536,7 +588,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::rsyslog: &id005 {udp_client: 94.176.224.0/24, udp_port: 514} + sunet::rsyslog: &id007 {udp_client: 94.176.224.0/24, udp_port: 514} sunetops: null log-2.sveidas.se: autoupdate: null @@ -545,7 +597,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::rsyslog: *id005 + sunet::rsyslog: *id007 sunetops: null log.qa.sveidas.se: autoupdate: null @@ -725,7 +777,7 @@ classes: konsulter: null mailclient: *id002 nrpe: null - prid: &id006 {clients: prid_prod_clients, version: 1.0.1} + prid: &id008 {clients: prid_prod_clients, version: 1.0.1} servicemonitor: null sunet::rsyslog: null sunetops: null @@ -738,7 +790,7 @@ classes: konsulter: null mailclient: *id002 nrpe: null - prid: *id006 + prid: *id008 servicemonitor: null sunet::rsyslog: null sunetops: null @@ -833,47 +885,49 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] autoupdate: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, log-1.sveidas.se, - log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, - md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, - natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, - prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, - test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] - common: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, - eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, - eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, + md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + common: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, + eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, + eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, + eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + validator-1.qa.komreg.net, web-1.qa.sveidas.se] eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, - eidas-redis-fe-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, prid-1.sveidas.se, - prid-2.sveidas.se, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se] + eidas-redis-fe-2.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, + eumd-1.komreg.net, eumd-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, prid-1.sveidas.se, prid-2.sveidas.se, + refidp-1.qa.sveidas.se, test-1.qa.sveidas.se] eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net] @@ -882,56 +936,57 @@ members: eidas_hsm_client: [eumd-1.komreg.net, eumd-2.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net] eidas_metadata_key: [md-eu1.qa.komreg.net, md1.komreg.net] eidas_proxy: [eidas-proxy-1.qa.sveidas.se] - eidas_sp: [test-1.qa.sveidas.se] + eidas_sp: [eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, test-1.qa.sveidas.se] entropyclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] github_client_credential: [web-1.qa.sveidas.se] infra_ca_rp: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] jumphosts: [jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net] konsulter: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net, - natmd-2.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net] + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, md-eu1.qa.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, + nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, refidp-1.qa.sveidas.se, + test-1.qa.sveidas.se, validator-1.qa.komreg.net] mailclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] md_publisher: [eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net] @@ -948,15 +1003,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] openstack_dockerhost: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, prid-1.qa.sveidas.se, @@ -966,30 +1021,32 @@ members: redis_cluster_node: [eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se] redis_frontend_node: [eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se] - servicemonitor: [eidas-proxy-1.qa.sveidas.se, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, test-1.qa.sveidas.se] + servicemonitor: [eidas-proxy-1.qa.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, + prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, test-1.qa.sveidas.se] sunet::auditd: [jmp.komreg.net] sunet::dehydrated: [r1.komreg.net] sunet::frontend::load_balancer: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] sunet::frontend::register_sites: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, - eidas-proxy-1.qa.sveidas.se, eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, - natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se, - test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eidas-proxy-1.qa.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, + eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunet::rsyslog: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-1.sveidas.se, - log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, - md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, - natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, - prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, - test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-1.sveidas.se, log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunet_iaas_cloud: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, @@ -998,15 +1055,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] swedenconnect_refidp: [refidp-1.qa.sveidas.se] validator: [validator-1.qa.komreg.net] diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 3147f2bb..46b9289c 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -152,6 +152,17 @@ kvmeidas-tug-3.komreg.net: description: 'eid tug redis cluster' cpus: '4' memory: '4096' + eidas-test-2.sveidas.se: + mac: '52:54:20:02:04:07' + ip: '94.176.224.11' + netmask: '255.255.255.240' + gateway: '94.176.224.1' + bridge: 'br-eidas' + search: ['sveidas.se'] + description: 'eid tug test SP' + cpus: '4' + memory: '4096' + kvmfe-fre-3.komreg.net: eid::kvmhost: @@ -292,6 +303,16 @@ kvmeidas-fre-3.komreg.net: description: 'eid fre redis frontend' cpus: '4' memory: '4096' + eidas-test-1.sveidas.se: + mac: '52:54:20:01:04:07' + ip: '94.176.224.139' + netmask: '255.255.255.240' + gateway: '94.176.224.129' + bridge: 'br-eidas' + search: ['sveidas.se'] + description: 'eid fre test SP' + cpus: '4' + memory: '4096' monitor-fre-3.komreg.net: autoupdate: @@ -492,7 +513,7 @@ md-eu1.qa.komreg.net: - 'se-tug-lb-1.sunet.se' port: '443' -'^test-[0-9]+\.sveidas\.se$': +'^eidas-test-[0-9]+\.sveidas\.se$': eid::dockerhost: konsulter: autoupdate: @@ -500,12 +521,13 @@ md-eu1.qa.komreg.net: eidas_sp: version: 1.0.0 hostname: test.swedenconnect.se + environment: prod sunet::frontend::register_sites: sites: 'test.swedenconnect.se': frontends: - - 'se-fre-lb-1.sunet.se' - - 'se-tug-lb-1.sunet.se' + - 'fe-fre-3.komreg.net' + - 'fe-tug-3.komreg.net' port: '443' '^eidas-connector-[0-9]+\.sveidas\.se$': diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 08f685b1..19a4e4f7 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -250,7 +250,7 @@ class md_repo_server($hostname) { ensure_resource('class','https_server',{}) } -class eidas_sp($version="1.0.0",$hostname='localhost') { +class eidas_sp($version="1.0.0",$hostname='localhost',$environment='qa') { $_version = safe_hiera('eidas_sp_version',$version) $_hostname = safe_hiera('eidas_sp_hostname',$hostname) file {['/etc/eidas-sp','/var/log/eidas-sp','/etc/ssl']: ensure => directory } -> @@ -266,7 +266,7 @@ class eidas_sp($version="1.0.0",$hostname='localhost') { env => ["SERVER_SERVLET_CONTEXT_PATH=/", "SP_USE_SC_LOGO=false", "SP_ENTITY_ID=https://$_hostname/sp", - "SPRING_PROFILES_ACTIVE=qa", + "SPRING_PROFILES_ACTIVE=$environment", "SP_BASE_URI=https://$_hostname"] } ensure_resource('class','webserver',{})