From f9d08535da583c3e75c87fdfcdeaf70b0b8e22ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Fri, 17 Aug 2018 13:45:57 +0200 Subject: [PATCH 01/20] eidas-test-1.sveidas.se added --- eidas-test-1.sveidas.se/README | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 eidas-test-1.sveidas.se/README diff --git a/eidas-test-1.sveidas.se/README b/eidas-test-1.sveidas.se/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/eidas-test-1.sveidas.se/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + From 9aa5a44473953ec2b44b9f32b91a7a8b2ee6b186 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Fri, 17 Aug 2018 13:46:30 +0200 Subject: [PATCH 02/20] eidas-test-2.sveidas.se added --- eidas-test-2.sveidas.se/README | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 eidas-test-2.sveidas.se/README diff --git a/eidas-test-2.sveidas.se/README b/eidas-test-2.sveidas.se/README new file mode 100644 index 00000000..a18dac1c --- /dev/null +++ b/eidas-test-2.sveidas.se/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + From 61286768c71e92542df58b0d2c221f217a6e4488 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Fri, 17 Aug 2018 13:51:54 +0200 Subject: [PATCH 03/20] added eidas-test to cosmos-rules --- global/overlay/etc/puppet/cosmos-rules.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 9579bde7..bf89288f 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -152,6 +152,17 @@ kvmeidas-tug-3.komreg.net: description: 'eid tug redis cluster' cpus: '4' memory: '4096' + eidas-test-2.sveidas.se: + mac: '52:54:20:02:04:07' + ip: '94.176.224.11' + netmask: '255.255.255.240' + gateway: '94.176.224.1' + bridge: 'br-eidas' + search: ['sveidas.se'] + description: 'eid tug test SP' + cpus: '4' + memory: '4096' + kvmfe-fre-3.komreg.net: eid::kvmhost: @@ -292,6 +303,16 @@ kvmeidas-fre-3.komreg.net: description: 'eid fre redis frontend' cpus: '4' memory: '4096' + eidas-test-1.sveidas.se: + mac: '52:54:20:01:04:07' + ip: '94.176.224.139' + netmask: '255.255.255.240' + gateway: '94.176.224.129' + bridge: 'br-eidas' + search: ['sveidas.se'] + description: 'eid fre test SP' + cpus: '4' + memory: '4096' monitor-fre-3.komreg.net: autoupdate: From fd66de8e917782cd51ba2f0542df15ad2181f212 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Fri, 17 Aug 2018 13:51:57 +0200 Subject: [PATCH 04/20] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 183 ++++++++++++++--------- 1 file changed, 110 insertions(+), 73 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 8f93cd6c..d7dfff09 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -158,6 +158,22 @@ classes: redis_frontend_node: *id004 sunet::rsyslog: null sunetops: null + eidas-test-1.sveidas.se: + common: null + entropyclient: null + infra_ca_rp: null + mailclient: *id002 + nrpe: null + sunet::rsyslog: null + sunetops: null + eidas-test-2.sveidas.se: + common: null + entropyclient: null + infra_ca_rp: null + mailclient: *id002 + nrpe: null + sunet::rsyslog: null + sunetops: null eumd-1.komreg.net: autoupdate: null common: null @@ -330,6 +346,16 @@ classes: memory: '4096' netmask: 255.255.255.240 search: [sveidas.se] + eidas-test-1.sveidas.se: + bridge: br-eidas + cpus: '4' + description: eid fre test SP + gateway: 94.176.224.129 + ip: 94.176.224.139 + mac: '52:54:20:01:04:07' + memory: '4096' + netmask: 255.255.255.240 + search: [sveidas.se] prid-1.sveidas.se: bridge: br-eidas cpus: '4' @@ -400,6 +426,16 @@ classes: memory: '4096' netmask: 255.255.255.240 search: [sveidas.se] + eidas-test-2.sveidas.se: + bridge: br-eidas + cpus: '4' + description: eid tug test SP + gateway: 94.176.224.1 + ip: 94.176.224.11 + mac: '52:54:20:02:04:07' + memory: '4096' + netmask: 255.255.255.240 + search: [sveidas.se] prid-2.sveidas.se: bridge: br-eidas cpus: '4' @@ -833,15 +869,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] autoupdate: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, @@ -858,15 +894,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, @@ -887,30 +923,30 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] github_client_credential: [web-1.qa.sveidas.se] infra_ca_rp: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] jumphosts: [jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net] konsulter: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, @@ -923,15 +959,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] md_publisher: [eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net] @@ -948,15 +984,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] openstack_dockerhost: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, prid-1.qa.sveidas.se, @@ -980,16 +1016,17 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-1.sveidas.se, - log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, - md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, - natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, - prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, - test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-1.sveidas.se, log-2.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, + log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunet_iaas_cloud: [eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, jmp.komreg.net, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, r1.komreg.net, @@ -998,15 +1035,15 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - fe-fre-3.komreg.net, fe-tug-3.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, - jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, - kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, - kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, - log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, - natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, - nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] swedenconnect_refidp: [refidp-1.qa.sveidas.se] validator: [validator-1.qa.komreg.net] From 0121374394999926d3b5413f142f8526da3678f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Fri, 17 Aug 2018 14:57:13 +0200 Subject: [PATCH 05/20] updated eidas-test.sveidas.se on cosmos-rules --- global/overlay/etc/puppet/cosmos-rules.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index bf89288f..61f0f174 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -513,7 +513,7 @@ md-eu1.qa.komreg.net: - 'se-tug-lb-1.sunet.se' port: '443' -'^test-[0-9]+\.sveidas\.se$': +'^eidas-test-[0-9]+\.sveidas\.se$': eid::dockerhost: konsulter: autoupdate: @@ -525,8 +525,8 @@ md-eu1.qa.komreg.net: sites: 'test.swedenconnect.se': frontends: - - 'se-fre-lb-1.sunet.se' - - 'se-tug-lb-1.sunet.se' + - 'fe-fre-3.komreg.net' + - 'fe-tug-3.komreg.net' port: '443' '^eidas-connector-[0-9]+\.sveidas\.se$': From 57b10622123aa837a3a5361ed3cd80883d7be0c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 20 Aug 2018 11:33:46 +0200 Subject: [PATCH 06/20] added site test.swedenconnect.se to fe-common --- fe-common/overlay/etc/hiera/data/group.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/fe-common/overlay/etc/hiera/data/group.yaml b/fe-common/overlay/etc/hiera/data/group.yaml index 02b2a580..b2c0844f 100644 --- a/fe-common/overlay/etc/hiera/data/group.yaml +++ b/fe-common/overlay/etc/hiera/data/group.yaml @@ -72,6 +72,26 @@ sunet_frontend: letsencrypt_server: 'acme-c.sunet.se' haproxy_imagetag: 'staging' + 'test': + site_name: 'test.swedenconnect.se' + frontends: + 'fe-fre-3.komreg.net': + ips: ['94.176.226.16'] + 'fe-tug-3.komreg.net': + ips: ['94.176.226.17'] + backends: + default: + 'eidas-test-1.sveidas.se': + ips: ['94.176.224.139'] + server_args: 'ssl check verify none' + 'eidas-test-2.sveidas.se': + ips: ['94.176.224.11'] + server_args: 'ssl check verify none' + allow_ports: + - 443 + letsencrypt_server: 'acme-c.sunet.se' + haproxy_imagetag: 'staging' + 'md': site_name: 'md.swedenconnect.se' frontends: From 8ab59d218dbd4a97c0ec7b9b43fca38cb5c39c12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 20 Aug 2018 11:42:14 +0200 Subject: [PATCH 07/20] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 68 +++++++++++++++--------- 1 file changed, 44 insertions(+), 24 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index d7dfff09..e83c90cc 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -159,19 +159,35 @@ classes: sunet::rsyslog: null sunetops: null eidas-test-1.sveidas.se: + autoupdate: null common: null + eid::dockerhost: null + eidas_sp: &id005 {hostname: test.swedenconnect.se, version: 1.0.0} entropyclient: null infra_ca_rp: null + konsulter: null mailclient: *id002 nrpe: null + servicemonitor: null + sunet::frontend::register_sites: &id006 + sites: + test.swedenconnect.se: + frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] + port: '443' sunet::rsyslog: null sunetops: null eidas-test-2.sveidas.se: + autoupdate: null common: null + eid::dockerhost: null + eidas_sp: *id005 entropyclient: null infra_ca_rp: null + konsulter: null mailclient: *id002 nrpe: null + servicemonitor: null + sunet::frontend::register_sites: *id006 sunet::rsyslog: null sunetops: null eumd-1.komreg.net: @@ -572,7 +588,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::rsyslog: &id005 {udp_client: 94.176.224.0/24, udp_port: 514} + sunet::rsyslog: &id007 {udp_client: 94.176.224.0/24, udp_port: 514} sunetops: null log-2.sveidas.se: autoupdate: null @@ -581,7 +597,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::rsyslog: *id005 + sunet::rsyslog: *id007 sunetops: null log.qa.sveidas.se: autoupdate: null @@ -761,7 +777,7 @@ classes: konsulter: null mailclient: *id002 nrpe: null - prid: &id006 {clients: prid_prod_clients, version: 1.0.1} + prid: &id008 {clients: prid_prod_clients, version: 1.0.1} servicemonitor: null sunet::rsyslog: null sunetops: null @@ -774,7 +790,7 @@ classes: konsulter: null mailclient: *id002 nrpe: null - prid: *id006 + prid: *id008 servicemonitor: null sunet::rsyslog: null sunetops: null @@ -883,13 +899,14 @@ members: eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, eupub-1.komreg.net, eupub-2.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, log-1.sveidas.se, - log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, - md1.komreg.net, monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, - natpub-1.komreg.net, natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, - prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, - test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, + jump-tug-3.komreg.net, log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, + md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, monitor-fre-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, + prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + validator-1.qa.komreg.net, web-1.qa.sveidas.se] common: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, @@ -907,9 +924,10 @@ members: eid::dockerhost: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, - eidas-redis-fe-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, fe-fre-3.komreg.net, - fe-tug-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, prid-1.sveidas.se, - prid-2.sveidas.se, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se] + eidas-redis-fe-2.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, + eumd-1.komreg.net, eumd-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + natmd-1.komreg.net, natmd-2.komreg.net, prid-1.sveidas.se, prid-2.sveidas.se, + refidp-1.qa.sveidas.se, test-1.qa.sveidas.se] eid::kvmhost: [kvmeidas-fre-3.komreg.net, kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net] @@ -918,7 +936,7 @@ members: eidas_hsm_client: [eumd-1.komreg.net, eumd-2.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net] eidas_metadata_key: [md-eu1.qa.komreg.net, md1.komreg.net] eidas_proxy: [eidas-proxy-1.qa.sveidas.se] - eidas_sp: [test-1.qa.sveidas.se] + eidas_sp: [eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, test-1.qa.sveidas.se] entropyclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, @@ -951,10 +969,11 @@ members: jumphosts: [jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net] konsulter: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eumd-1.komreg.net, eumd-2.komreg.net, jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, - md-eu1.qa.komreg.net, md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net, - natmd-2.komreg.net, nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, - refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net] + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, md-eu1.qa.komreg.net, + md-eu1.qa.komreg.net, md1.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, + nic.komreg.net, prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, refidp-1.qa.sveidas.se, + test-1.qa.sveidas.se, validator-1.qa.komreg.net] mailclient: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, @@ -1002,16 +1021,17 @@ members: redis_cluster_node: [eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se] redis_frontend_node: [eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se] - servicemonitor: [eidas-proxy-1.qa.sveidas.se, prid-1.qa.sveidas.se, prid-1.sveidas.se, - prid-2.sveidas.se, test-1.qa.sveidas.se] + servicemonitor: [eidas-proxy-1.qa.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, + prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se, test-1.qa.sveidas.se] sunet::auditd: [jmp.komreg.net] sunet::dehydrated: [r1.komreg.net] sunet::frontend::load_balancer: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] sunet::frontend::register_sites: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, - eidas-proxy-1.qa.sveidas.se, eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, - natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se, - test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + eidas-proxy-1.qa.sveidas.se, eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, + eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, + p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunet::rsyslog: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, From a4462dc50b34bf6ac9ea439bfe671ec9144e4aae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Mon, 20 Aug 2018 11:49:27 +0200 Subject: [PATCH 08/20] created haproxy.j2 for test.swedenconnect.se in fe-common --- .../opt/frontend/config/test/haproxy.j2 | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 fe-common/overlay/opt/frontend/config/test/haproxy.j2 diff --git a/fe-common/overlay/opt/frontend/config/test/haproxy.j2 b/fe-common/overlay/opt/frontend/config/test/haproxy.j2 new file mode 100644 index 00000000..f3c3826a --- /dev/null +++ b/fe-common/overlay/opt/frontend/config/test/haproxy.j2 @@ -0,0 +1,22 @@ +{% extends 'common/haproxy_base.j2' %} + +{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %} + +{% block frontend %} +frontend {{ site_name }} + {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }} + + stats enable + timeout http-request 10s + timeout http-keep-alive 4s + option forwardfor + http-request set-header X-Forwarded-Proto https + + {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }} + + {{ acme_challenge(letsencrypt_server) }} + + use_backend {{ site_name }}__default + +{% endblock frontend %} + From 5f514f321514878705b066a338b398ea579076c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Tue, 21 Aug 2018 10:34:21 +0200 Subject: [PATCH 09/20] added proxy_header_secret to eidas-test-1/2 --- .../overlay/etc/hiera/data/secrets.yaml.asc | 22 +++++++++++++++++++ .../overlay/etc/hiera/data/secrets.yaml.asc | 22 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 eidas-test-1.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc create mode 100644 eidas-test-2.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc diff --git a/eidas-test-1.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc b/eidas-test-1.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc new file mode 100644 index 00000000..c475e735 --- /dev/null +++ b/eidas-test-1.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc @@ -0,0 +1,22 @@ +STATUS=UPDATED + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMA8Ba0bnQXbejAQf/aVZUBi1X5aG6FHomMqYmxsBB7KslRVyox0qmwtLhR1QM +YBek9MykeZ5NB+9HojbQAhdN7TUSHcFz9anqE5EMy7jUKPih6yfHxPiRs3j8jgT6 +9WYcMtq9uK9fFaugWJRMlDj4wiYELpqe2EMvWK6tpy3ycfTWNAex0mBT8jGTKMp3 +RyswQ0jtqwU819OP4xZbZfMYgNSHY02cBija+eG34Y+iQ+OaRjWF++lnAU5ZziCo +PL6lq+8xr8B4vwAgQUNi5YvcJvqwWXpgUfyvuj88dBTOYk3C0F16w2iarfOh78uu +hkEpGj2NDTN/LZ7SvdmwaMzrhl4KWEZLI2RGgbRzwdLA7wFy6hf3kxttd+UxtvsP +DfrrogWaLEEU4gTpkIl6FS+ZFUgtkImPkMv+IZ7lat8Ivdhwanf3LwAF0gY2KLjk +spR5QhZ5/ntwmUlphwNSb5ZAfNQruLPV3PKAixxjrJMv39uZT0EMGgdZEWq19qJ2 +u2fOE+gP4+Yg1yPKHvMKt4F0tpIK68cYQpYF+HHPKTXvvy23nPY9bEJA02Sr5F5d +GkIv/Fw/Jf5MngMJLMTQitbukj0PnwyEMmEh+X2XYtm53oRo48yvvLDZ4vYDIy8l +5mbHHezTDbTkmSqOm7ARzFAiT6vQURHKysXx4+mBgBjuPTUogvH0UNiaom8TKiP2 +JMOLciTPZ2M3ivzDvSnR1twvgoVPW9Q/g1kW3+EJVFxF/V9gH4J3+E2hD4mBr0BR +ylp5DVQW3keWZlFcd9EnrzGDA9cMdyO6vt668ZhfETYYXMmTEh256mELI5nb2A99 +XSEiah8ZTdAXL3QSUOSuuFC0i3f6/JeEDgmjZsaa5JbVtYXLKfzcpg1u5t+LGPRi +X3CT2SriF6Q5LS9V9P2GgPIWLAhk9gfQpym1haNPt31C +=Smyj +-----END PGP MESSAGE----- diff --git a/eidas-test-2.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc b/eidas-test-2.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc new file mode 100644 index 00000000..1b877826 --- /dev/null +++ b/eidas-test-2.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc @@ -0,0 +1,22 @@ +STATUS=UPDATED + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMA5PkQv9bXUBXAQgApqaBzznOPMBkTRv8VZIIq3rmBMRIUB+0EgcBz+jcprhg +RNnAS+Xtr6D0VHhAxOBNn3+bkMz3A1264wT/ZGrXAsVi1+JMhLUH/y5/K3I3Zheb +n+KiOXwP+Gb33s24n8TW+ob6faVTgKHn+QN8/J+gHQ4jGoi5euF4oUQxf3iMA4+b +WY0mY1X7EbpHh4qyxhW6p+WA9ype/dCvCzUhZCuICmin/pFFixIqaxtjFr9hWXVB +DjbASaCjHFPlfwpFKHFuZLOZ5fAyTxvmEFxzdTzGR7TbyxBGsdQjuzypHi3q44IH +lCgFYt+VGmir7XrT46l8U0XDbTO8aPpsNSzbQtW0+tLA7wHYyx90Svc6PbITyy97 +GL7k9RwaxZMZuVhMeydi+JXjNuU9tMERZAJlEynloFGJrZQf1ke7DxZdih2wNJRg +7ooeaDw4PHm6o/shz3tu2c8RkO/Oxg+STwBu+DB1xvUmqz79eWz6inViMc7UMC4f +z/aW2RCEuSAB/y+REXK2VzKB1uTd70OThaKUiGr2qmzlXYxgeWMSzmpL96furIGq +jtSGVdqZU7j3WtlNPM2ZC0USYQR/zDdSi8Z3YJOMuZ8QMq/hLwCmRaZIMhjAPO4v +3/nG9ohjGDwFsarO5w2uR6amilX/XCwJtrTV4nQadqYKZIePmB5/5HVg+rD8JBXZ +u+hjna/gsLqBvABoXvdYl0Z035Bq1FwWm8iuDVA2JB8i0v7ZIEs6yGFJOnDDVDmu +TjpbXbcLRhBu/i4MVDOqM7bHzNdwaO6MoZTaBCv7o8Qu7zZ2hVwh939GBK7HMmlv +ncz9WYmD6z40mUDrpq5AA2h26yeveEZukO3fZ9vxDsKHk/XN8n7J1NxOe6lSbb8k +1Vn5+UKGoZZi2xnQKr2vE+ep8DWU+Xy0iTQU1D3r5q2X +=tI/B +-----END PGP MESSAGE----- From 8ac07376667e6c0bbef2b8374dc357758f7f0762 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 23 Aug 2018 10:22:46 +0200 Subject: [PATCH 10/20] added ipv6 to fe --- fe-common/overlay/etc/hiera/data/group.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/fe-common/overlay/etc/hiera/data/group.yaml b/fe-common/overlay/etc/hiera/data/group.yaml index b2c0844f..53b34cbd 100644 --- a/fe-common/overlay/etc/hiera/data/group.yaml +++ b/fe-common/overlay/etc/hiera/data/group.yaml @@ -30,9 +30,9 @@ sunet_frontend: site_name: 'connector.eidas.swedenconnect.se' frontends: 'fe-fre-3.komreg.net': - ips: ['94.176.226.10'] + ips: ['94.176.226.10', '2001:6b0:65:1::10'] 'fe-tug-3.komreg.net': - ips: ['94.176.226.11'] + ips: ['94.176.226.11', '2001:6b0:65:1::11'] backends: default: 'eidas-connector-1.sveidas.se': @@ -56,9 +56,9 @@ sunet_frontend: site_name: 'md.eidas.swedenconnect.se' frontends: 'fe-fre-3.komreg.net': - ips: ['94.176.226.12'] + ips: ['94.176.226.12', '2001:6b0:65:1::12'] 'fe-tug-3.komreg.net': - ips: ['94.176.226.13'] + ips: ['94.176.226.13'. '2001:6b0:65:1::13'] backends: default: 'eupub-1.komreg.net': @@ -76,9 +76,9 @@ sunet_frontend: site_name: 'test.swedenconnect.se' frontends: 'fe-fre-3.komreg.net': - ips: ['94.176.226.16'] + ips: ['94.176.226.16', '2001:6b0:65:1::16'] 'fe-tug-3.komreg.net': - ips: ['94.176.226.17'] + ips: ['94.176.226.17', '2001:6b0:65:1::17'] backends: default: 'eidas-test-1.sveidas.se': @@ -96,9 +96,9 @@ sunet_frontend: site_name: 'md.swedenconnect.se' frontends: 'fe-fre-3.komreg.net': - ips: ['94.176.226.14'] + ips: ['94.176.226.14', '2001:6b0:65:1::14'] 'fe-tug-3.komreg.net': - ips: ['94.176.226.15'] + ips: ['94.176.226.15', '2001:6b0:65:1::15'] backends: default: 'natpub-1.komreg.net': From eeeec4c6cd570ab0b3892bc6157c013d3e70900d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 23 Aug 2018 10:39:42 +0200 Subject: [PATCH 11/20] changed ntp settings --- global/overlay/etc/puppet/cosmos-rules.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 61f0f174..ac7e19d9 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -7,6 +7,12 @@ mailclient: domain: sunet.se sunet::rsyslog: + sunet::ntp: + disable_pool_ntp_org: true + set_servers: + - 'ntp.se' + - 'ntp1.nordu.net' + - 'ntp2.nordu.net' jmp.komreg.net: konsulter: From b1df4602226d6f4bfa39de2640275d71ca6f1f72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 23 Aug 2018 10:39:44 +0200 Subject: [PATCH 12/20] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 88 +++++++++++++++++++++--- 1 file changed, 78 insertions(+), 10 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index e83c90cc..e57b018e 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -14,6 +14,9 @@ classes: connector.eidas.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' + sunet::ntp: &id004 + disable_pool_ntp_org: true + set_servers: [ntp.se, ntp1.nordu.net, ntp2.nordu.net] sunet::rsyslog: null sunetops: null eidas-connector-2.sveidas.se: @@ -27,6 +30,7 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::register_sites: *id003 + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-connector-3.sveidas.se: @@ -40,6 +44,7 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::register_sites: *id003 + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-connector-4.sveidas.se: @@ -53,6 +58,7 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::register_sites: *id003 + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-node-1.qa.sveidas.se: @@ -70,6 +76,7 @@ classes: qa.connector.eidas.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -89,6 +96,7 @@ classes: qa.proxy.eidas.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -101,6 +109,7 @@ classes: mailclient: *id002 nrpe: null redis_cluster_node: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-redis-2.sveidas.se: @@ -112,6 +121,7 @@ classes: mailclient: *id002 nrpe: null redis_cluster_node: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-redis-3.sveidas.se: @@ -123,6 +133,7 @@ classes: mailclient: *id002 nrpe: null redis_cluster_node: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-redis-4.sveidas.se: @@ -134,6 +145,7 @@ classes: mailclient: *id002 nrpe: null redis_cluster_node: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-redis-fe-1.sveidas.se: @@ -144,7 +156,8 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - redis_frontend_node: &id004 {hostname: redis.sveidas.se} + redis_frontend_node: &id005 {hostname: redis.sveidas.se} + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-redis-fe-2.sveidas.se: @@ -155,39 +168,42 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - redis_frontend_node: *id004 + redis_frontend_node: *id005 + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-test-1.sveidas.se: autoupdate: null common: null eid::dockerhost: null - eidas_sp: &id005 {hostname: test.swedenconnect.se, version: 1.0.0} + eidas_sp: &id006 {hostname: test.swedenconnect.se, version: 1.0.0} entropyclient: null infra_ca_rp: null konsulter: null mailclient: *id002 nrpe: null servicemonitor: null - sunet::frontend::register_sites: &id006 + sunet::frontend::register_sites: &id007 sites: test.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-test-2.sveidas.se: autoupdate: null common: null eid::dockerhost: null - eidas_sp: *id005 + eidas_sp: *id006 entropyclient: null infra_ca_rp: null konsulter: null mailclient: *id002 nrpe: null servicemonitor: null - sunet::frontend::register_sites: *id006 + sunet::frontend::register_sites: *id007 + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eumd-1.komreg.net: @@ -203,6 +219,7 @@ classes: md_signer: {dest_host: eupub-1.komreg.net, name: eidas-prod} metadatamgrs: null nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eumd-2.komreg.net: @@ -218,6 +235,7 @@ classes: md_signer: {dest_host: eupub-2.komreg.net, name: eidas-prod} metadatamgrs: null nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eupub-1.komreg.net: @@ -233,6 +251,7 @@ classes: md.eidas.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eupub-2.komreg.net: @@ -248,6 +267,7 @@ classes: md.eidas.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null fe-fre-3.komreg.net: @@ -258,6 +278,7 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::load_balancer: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null fe-tug-3.komreg.net: @@ -268,6 +289,7 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::load_balancer: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null jmp.komreg.net: @@ -281,6 +303,7 @@ classes: metadatamgrs: null nrpe: null sunet::auditd: null + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -294,6 +317,7 @@ classes: mailclient: *id002 metadatamgrs: null nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null jump-tug-3.komreg.net: @@ -306,6 +330,7 @@ classes: mailclient: *id002 metadatamgrs: null nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmeidas-fre-3.komreg.net: @@ -386,6 +411,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmeidas-tug-3.komreg.net: @@ -466,6 +492,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmfe-fre-3.komreg.net: @@ -479,6 +506,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmfe-tug-3.komreg.net: @@ -492,6 +520,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvminfra-fre-3.komreg.net: @@ -515,6 +544,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvminfra-tug-3.komreg.net: @@ -535,6 +565,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmmeta-fre-3.komreg.net: @@ -557,6 +588,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmmeta-tug-3.komreg.net: @@ -579,6 +611,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null log-1.sveidas.se: @@ -588,7 +621,8 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::rsyslog: &id007 {udp_client: 94.176.224.0/24, udp_port: 514} + sunet::ntp: *id004 + sunet::rsyslog: &id008 {udp_client: 94.176.224.0/24, udp_port: 514} sunetops: null log-2.sveidas.se: autoupdate: null @@ -597,7 +631,8 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::rsyslog: *id007 + sunet::ntp: *id004 + sunet::rsyslog: *id008 sunetops: null log.qa.sveidas.se: autoupdate: null @@ -606,6 +641,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null + sunet::ntp: *id004 sunet::rsyslog: {udp_port: 514} sunet_iaas_cloud: null sunetops: null @@ -622,6 +658,7 @@ classes: metadatamgrs: null nrpe: null openstack_dockerhost: null + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -637,6 +674,7 @@ classes: metadatamgrs: null nrpe: null openstack_dockerhost: null + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -648,6 +686,7 @@ classes: mailclient: *id002 nagios_monitor: null nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null natmd-1.komreg.net: @@ -663,6 +702,7 @@ classes: md_signer: {dest_host: natpub-1.komreg.net, name: natmd-prod} metadatamgrs: null nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null natmd-2.komreg.net: @@ -678,6 +718,7 @@ classes: md_signer: {dest_host: natpub-2.komreg.net, name: natmd-prod} metadatamgrs: null nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null natpub-1.komreg.net: @@ -693,6 +734,7 @@ classes: md.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null natpub-2.komreg.net: @@ -708,6 +750,7 @@ classes: md.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null nic.komreg.net: @@ -719,6 +762,7 @@ classes: mailclient: *id002 nagios_monitor: null nrpe: null + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -735,6 +779,7 @@ classes: qa.md.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -751,6 +796,7 @@ classes: qa.md.eidas.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -765,6 +811,7 @@ classes: openstack_dockerhost: null prid: {clients: prid_qa_clients, version: 1.0.1} servicemonitor: null + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -777,8 +824,9 @@ classes: konsulter: null mailclient: *id002 nrpe: null - prid: &id008 {clients: prid_prod_clients, version: 1.0.1} + prid: &id009 {clients: prid_prod_clients, version: 1.0.1} servicemonitor: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null prid-2.sveidas.se: @@ -790,8 +838,9 @@ classes: konsulter: null mailclient: *id002 nrpe: null - prid: *id008 + prid: *id009 servicemonitor: null + sunet::ntp: *id004 sunet::rsyslog: null sunetops: null r1.komreg.net: @@ -804,6 +853,7 @@ classes: nrpe: null openstack_dockerhost: null sunet::dehydrated: null + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -821,6 +871,7 @@ classes: qa.test.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -841,6 +892,7 @@ classes: qa.test.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -858,6 +910,7 @@ classes: swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -877,6 +930,7 @@ classes: swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '80' + sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -1032,6 +1086,20 @@ members: eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] + sunet::ntp: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, + eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, + eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, + eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, + eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, + eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, + jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, + kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, + kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, + log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, + monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, + natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, + prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, + validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunet::rsyslog: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, From 3a7cafb003c1ca18e82843a506dbcac56b1809f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 23 Aug 2018 10:42:50 +0200 Subject: [PATCH 13/20] change ntp settings again --- global/overlay/etc/puppet/cosmos-rules.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index ac7e19d9..fb738103 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -8,11 +8,7 @@ domain: sunet.se sunet::rsyslog: sunet::ntp: - disable_pool_ntp_org: true - set_servers: - - 'ntp.se' - - 'ntp1.nordu.net' - - 'ntp2.nordu.net' + disable_pool_ntp_org: false jmp.komreg.net: konsulter: From 91dfc36eae421aba3a2713e81918003973392804 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 23 Aug 2018 10:42:54 +0200 Subject: [PATCH 14/20] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index e57b018e..215039de 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -14,9 +14,7 @@ classes: connector.eidas.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' - sunet::ntp: &id004 - disable_pool_ntp_org: true - set_servers: [ntp.se, ntp1.nordu.net, ntp2.nordu.net] + sunet::ntp: &id004 {disable_pool_ntp_org: false} sunet::rsyslog: null sunetops: null eidas-connector-2.sveidas.se: From 07745d41c87a4f1472a1a0d4d61b7f8e37a22a66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 23 Aug 2018 14:37:14 +0200 Subject: [PATCH 15/20] troubleshooting ntp --- global/overlay/etc/puppet/cosmos-rules.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index fb738103..34460c27 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -8,7 +8,6 @@ domain: sunet.se sunet::rsyslog: sunet::ntp: - disable_pool_ntp_org: false jmp.komreg.net: konsulter: From 5f02c371f62449f04b5553638e41bfb8f1c525cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 23 Aug 2018 14:40:30 +0200 Subject: [PATCH 16/20] ntp... --- global/overlay/etc/puppet/cosmos-rules.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 34460c27..61f0f174 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -7,7 +7,6 @@ mailclient: domain: sunet.se sunet::rsyslog: - sunet::ntp: jmp.komreg.net: konsulter: From 7fee495950f2d45598a6090ea263ff5f18905508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 23 Aug 2018 14:42:00 +0200 Subject: [PATCH 17/20] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 86 +++--------------------- 1 file changed, 10 insertions(+), 76 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 215039de..e83c90cc 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -14,7 +14,6 @@ classes: connector.eidas.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' - sunet::ntp: &id004 {disable_pool_ntp_org: false} sunet::rsyslog: null sunetops: null eidas-connector-2.sveidas.se: @@ -28,7 +27,6 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::register_sites: *id003 - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-connector-3.sveidas.se: @@ -42,7 +40,6 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::register_sites: *id003 - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-connector-4.sveidas.se: @@ -56,7 +53,6 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::register_sites: *id003 - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-node-1.qa.sveidas.se: @@ -74,7 +70,6 @@ classes: qa.connector.eidas.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -94,7 +89,6 @@ classes: qa.proxy.eidas.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -107,7 +101,6 @@ classes: mailclient: *id002 nrpe: null redis_cluster_node: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-redis-2.sveidas.se: @@ -119,7 +112,6 @@ classes: mailclient: *id002 nrpe: null redis_cluster_node: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-redis-3.sveidas.se: @@ -131,7 +123,6 @@ classes: mailclient: *id002 nrpe: null redis_cluster_node: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-redis-4.sveidas.se: @@ -143,7 +134,6 @@ classes: mailclient: *id002 nrpe: null redis_cluster_node: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-redis-fe-1.sveidas.se: @@ -154,8 +144,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - redis_frontend_node: &id005 {hostname: redis.sveidas.se} - sunet::ntp: *id004 + redis_frontend_node: &id004 {hostname: redis.sveidas.se} sunet::rsyslog: null sunetops: null eidas-redis-fe-2.sveidas.se: @@ -166,42 +155,39 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - redis_frontend_node: *id005 - sunet::ntp: *id004 + redis_frontend_node: *id004 sunet::rsyslog: null sunetops: null eidas-test-1.sveidas.se: autoupdate: null common: null eid::dockerhost: null - eidas_sp: &id006 {hostname: test.swedenconnect.se, version: 1.0.0} + eidas_sp: &id005 {hostname: test.swedenconnect.se, version: 1.0.0} entropyclient: null infra_ca_rp: null konsulter: null mailclient: *id002 nrpe: null servicemonitor: null - sunet::frontend::register_sites: &id007 + sunet::frontend::register_sites: &id006 sites: test.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eidas-test-2.sveidas.se: autoupdate: null common: null eid::dockerhost: null - eidas_sp: *id006 + eidas_sp: *id005 entropyclient: null infra_ca_rp: null konsulter: null mailclient: *id002 nrpe: null servicemonitor: null - sunet::frontend::register_sites: *id007 - sunet::ntp: *id004 + sunet::frontend::register_sites: *id006 sunet::rsyslog: null sunetops: null eumd-1.komreg.net: @@ -217,7 +203,6 @@ classes: md_signer: {dest_host: eupub-1.komreg.net, name: eidas-prod} metadatamgrs: null nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eumd-2.komreg.net: @@ -233,7 +218,6 @@ classes: md_signer: {dest_host: eupub-2.komreg.net, name: eidas-prod} metadatamgrs: null nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eupub-1.komreg.net: @@ -249,7 +233,6 @@ classes: md.eidas.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null eupub-2.komreg.net: @@ -265,7 +248,6 @@ classes: md.eidas.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null fe-fre-3.komreg.net: @@ -276,7 +258,6 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::load_balancer: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null fe-tug-3.komreg.net: @@ -287,7 +268,6 @@ classes: mailclient: *id002 nrpe: null sunet::frontend::load_balancer: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null jmp.komreg.net: @@ -301,7 +281,6 @@ classes: metadatamgrs: null nrpe: null sunet::auditd: null - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -315,7 +294,6 @@ classes: mailclient: *id002 metadatamgrs: null nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null jump-tug-3.komreg.net: @@ -328,7 +306,6 @@ classes: mailclient: *id002 metadatamgrs: null nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmeidas-fre-3.komreg.net: @@ -409,7 +386,6 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmeidas-tug-3.komreg.net: @@ -490,7 +466,6 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmfe-fre-3.komreg.net: @@ -504,7 +479,6 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmfe-tug-3.komreg.net: @@ -518,7 +492,6 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvminfra-fre-3.komreg.net: @@ -542,7 +515,6 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvminfra-tug-3.komreg.net: @@ -563,7 +535,6 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmmeta-fre-3.komreg.net: @@ -586,7 +557,6 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null kvmmeta-tug-3.komreg.net: @@ -609,7 +579,6 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null log-1.sveidas.se: @@ -619,8 +588,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 - sunet::rsyslog: &id008 {udp_client: 94.176.224.0/24, udp_port: 514} + sunet::rsyslog: &id007 {udp_client: 94.176.224.0/24, udp_port: 514} sunetops: null log-2.sveidas.se: autoupdate: null @@ -629,8 +597,7 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 - sunet::rsyslog: *id008 + sunet::rsyslog: *id007 sunetops: null log.qa.sveidas.se: autoupdate: null @@ -639,7 +606,6 @@ classes: infra_ca_rp: null mailclient: *id002 nrpe: null - sunet::ntp: *id004 sunet::rsyslog: {udp_port: 514} sunet_iaas_cloud: null sunetops: null @@ -656,7 +622,6 @@ classes: metadatamgrs: null nrpe: null openstack_dockerhost: null - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -672,7 +637,6 @@ classes: metadatamgrs: null nrpe: null openstack_dockerhost: null - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -684,7 +648,6 @@ classes: mailclient: *id002 nagios_monitor: null nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null natmd-1.komreg.net: @@ -700,7 +663,6 @@ classes: md_signer: {dest_host: natpub-1.komreg.net, name: natmd-prod} metadatamgrs: null nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null natmd-2.komreg.net: @@ -716,7 +678,6 @@ classes: md_signer: {dest_host: natpub-2.komreg.net, name: natmd-prod} metadatamgrs: null nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null natpub-1.komreg.net: @@ -732,7 +693,6 @@ classes: md.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null natpub-2.komreg.net: @@ -748,7 +708,6 @@ classes: md.swedenconnect.se: frontends: [fe-fre-3.komreg.net, fe-tug-3.komreg.net] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null nic.komreg.net: @@ -760,7 +719,6 @@ classes: mailclient: *id002 nagios_monitor: null nrpe: null - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -777,7 +735,6 @@ classes: qa.md.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -794,7 +751,6 @@ classes: qa.md.eidas.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -809,7 +765,6 @@ classes: openstack_dockerhost: null prid: {clients: prid_qa_clients, version: 1.0.1} servicemonitor: null - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -822,9 +777,8 @@ classes: konsulter: null mailclient: *id002 nrpe: null - prid: &id009 {clients: prid_prod_clients, version: 1.0.1} + prid: &id008 {clients: prid_prod_clients, version: 1.0.1} servicemonitor: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null prid-2.sveidas.se: @@ -836,9 +790,8 @@ classes: konsulter: null mailclient: *id002 nrpe: null - prid: *id009 + prid: *id008 servicemonitor: null - sunet::ntp: *id004 sunet::rsyslog: null sunetops: null r1.komreg.net: @@ -851,7 +804,6 @@ classes: nrpe: null openstack_dockerhost: null sunet::dehydrated: null - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -869,7 +821,6 @@ classes: qa.test.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -890,7 +841,6 @@ classes: qa.test.swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -908,7 +858,6 @@ classes: swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '443' - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -928,7 +877,6 @@ classes: swedenconnect.se: frontends: [se-fre-lb-1.sunet.se, se-tug-lb-1.sunet.se] port: '80' - sunet::ntp: *id004 sunet::rsyslog: null sunet_iaas_cloud: null sunetops: null @@ -1084,20 +1032,6 @@ members: eupub-1.komreg.net, eupub-2.komreg.net, natpub-1.komreg.net, natpub-2.komreg.net, p1.komreg.net, p2.qa.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, validator-1.qa.komreg.net, web-1.qa.sveidas.se] - sunet::ntp: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, - eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, - eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, - eidas-redis-4.sveidas.se, eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se, - eidas-test-1.sveidas.se, eidas-test-2.sveidas.se, eumd-1.komreg.net, eumd-2.komreg.net, - eupub-1.komreg.net, eupub-2.komreg.net, fe-fre-3.komreg.net, fe-tug-3.komreg.net, - jmp.komreg.net, jump-fre-3.komreg.net, jump-tug-3.komreg.net, kvmeidas-fre-3.komreg.net, - kvmeidas-tug-3.komreg.net, kvmfe-fre-3.komreg.net, kvmfe-tug-3.komreg.net, kvminfra-fre-3.komreg.net, - kvminfra-tug-3.komreg.net, kvmmeta-fre-3.komreg.net, kvmmeta-tug-3.komreg.net, - log-1.sveidas.se, log-2.sveidas.se, log.qa.sveidas.se, md-eu1.qa.komreg.net, md1.komreg.net, - monitor-fre-3.komreg.net, natmd-1.komreg.net, natmd-2.komreg.net, natpub-1.komreg.net, - natpub-2.komreg.net, nic.komreg.net, p1.komreg.net, p2.qa.komreg.net, prid-1.qa.sveidas.se, - prid-1.sveidas.se, prid-2.sveidas.se, r1.komreg.net, refidp-1.qa.sveidas.se, test-1.qa.sveidas.se, - validator-1.qa.komreg.net, web-1.qa.sveidas.se] sunet::rsyslog: [eidas-connector-1.sveidas.se, eidas-connector-2.sveidas.se, eidas-connector-3.sveidas.se, eidas-connector-4.sveidas.se, eidas-node-1.qa.sveidas.se, eidas-proxy-1.qa.sveidas.se, eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, From d76948bef93840f97d14f0384a7914e2c57782e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Thu, 23 Aug 2018 14:54:29 +0200 Subject: [PATCH 18/20] change typo --- fe-common/overlay/etc/hiera/data/group.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fe-common/overlay/etc/hiera/data/group.yaml b/fe-common/overlay/etc/hiera/data/group.yaml index 53b34cbd..bf8726bf 100644 --- a/fe-common/overlay/etc/hiera/data/group.yaml +++ b/fe-common/overlay/etc/hiera/data/group.yaml @@ -58,7 +58,7 @@ sunet_frontend: 'fe-fre-3.komreg.net': ips: ['94.176.226.12', '2001:6b0:65:1::12'] 'fe-tug-3.komreg.net': - ips: ['94.176.226.13'. '2001:6b0:65:1::13'] + ips: ['94.176.226.13', '2001:6b0:65:1::13'] backends: default: 'eupub-1.komreg.net': From 4a12d81e52313624b93f8832f42d5ccdd71087d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Fri, 24 Aug 2018 13:11:16 +0200 Subject: [PATCH 19/20] changed eidas-test to prod environment --- global/overlay/etc/puppet/cosmos-rules.yaml | 1 + global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 61f0f174..4f0bb28b 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -521,6 +521,7 @@ md-eu1.qa.komreg.net: eidas_sp: version: 1.0.0 hostname: test.swedenconnect.se + environment: prod sunet::frontend::register_sites: sites: 'test.swedenconnect.se': diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 08f685b1..19a4e4f7 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -250,7 +250,7 @@ class md_repo_server($hostname) { ensure_resource('class','https_server',{}) } -class eidas_sp($version="1.0.0",$hostname='localhost') { +class eidas_sp($version="1.0.0",$hostname='localhost',$environment='qa') { $_version = safe_hiera('eidas_sp_version',$version) $_hostname = safe_hiera('eidas_sp_hostname',$hostname) file {['/etc/eidas-sp','/var/log/eidas-sp','/etc/ssl']: ensure => directory } -> @@ -266,7 +266,7 @@ class eidas_sp($version="1.0.0",$hostname='localhost') { env => ["SERVER_SERVLET_CONTEXT_PATH=/", "SP_USE_SC_LOGO=false", "SP_ENTITY_ID=https://$_hostname/sp", - "SPRING_PROFILES_ACTIVE=qa", + "SPRING_PROFILES_ACTIVE=$environment", "SP_BASE_URI=https://$_hostname"] } ensure_resource('class','webserver',{}) From 1360b776495d29b9f36c42c568fe4d82b82e67c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstro=CC=88m?= Date: Fri, 24 Aug 2018 13:11:57 +0200 Subject: [PATCH 20/20] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index e83c90cc..575cb231 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -162,7 +162,7 @@ classes: autoupdate: null common: null eid::dockerhost: null - eidas_sp: &id005 {hostname: test.swedenconnect.se, version: 1.0.0} + eidas_sp: &id005 {environment: prod, hostname: test.swedenconnect.se, version: 1.0.0} entropyclient: null infra_ca_rp: null konsulter: null