swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

deploy 1.3.6 along with new p11 config

Browse source
This commit is contained in:
Leif Johansson 2018-09-10 12:37:51 +02:00
parent d5caccdf70
commit e80d1a5783
4 changed files with 41 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
eidas-connector-common/overlay/etc/eidas-connector/pkcs11.cfg → eidas-connector-common/overlay/etc/eidas-connector/credentials/pkcs11.cfg
View file

76
eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf
View file

@ -38,57 +38,59 @@ export IDP_CREDENTIALS=/etc/eidas-connector/credentials
export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/sealer.jks export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/sealer.jks
export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/sealer.kver export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/sealer.kver
export IDP_PKCS11_ENABLED=false export IDP_PKCS11_ENABLED=true
#export IDP_PKCS11_LIBRARY=/usr/safenet/lunaclient/lib/libCryptoki2_64.so export IDP_METADATA_SIGNING_PKCS11_ENABLED=true
#export IDP_PKCS11_SLOT=5 export SP_METADATA_SIGNING_PKCS11_ENABLED=true
#export IDP_METADATA_SIGNING_PKCS11_ENABLED=true
#export SP_METADATA_SIGNING_PKCS11_ENABLED=true
#export IDP_PKCS11_SLOT_LIST_INDEX=1
export IDP_SIGNING_KEY="/etc/eidas-connector/credentials/connector.key" #export IDP_SIGNING_KEY="/etc/eidas-connector/credentials/connector.key"
export IDP_SIGNING_CERT="/etc/eidas-connector/credentials/connector.crt" #export IDP_SIGNING_CERT="/etc/eidas-connector/credentials/connector.crt"
#export IDP_SIGNING_PKCS11_ALIAS=sc_eidas_sign export IDP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
#export IDP_SIGNING_PKCS11_PIN=$PKCS11_PIN export IDP_SIGNING_PKCS11_PIN=$PKCS11_PIN
#export IDP_SIGNING_CERT=$IDP_CREDENTIALS/sign.crt export IDP_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export IDP_SIGNING_CERT=$IDP_CREDENTIALS/sign.crt
export IDP_ENCRYPTION_KEY="/etc/eidas-connector/credentials/connector.key" #export IDP_ENCRYPTION_KEY="/etc/eidas-connector/credentials/connector.key"
export IDP_ENCRYPTION_CERT="/etc/eidas-connector/credentials/connector.crt" #export IDP_ENCRYPTION_CERT="/etc/eidas-connector/credentials/connector.crt"
#export IDP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt export IDP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
#export IDP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN export IDP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN
#export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/enc.crt export IDP_ENCRYPTION_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/enc.crt
export IDP_METADATA_SIGNING_KEY="/etc/eidas-connector/credentials/metadata.key" #export IDP_METADATA_SIGNING_KEY="/etc/eidas-connector/credentials/metadata.key"
export IDP_METADATA_SIGNING_CERT="/etc/eidas-connector/credentials/metadata.crt" #export IDP_METADATA_SIGNING_CERT="/etc/eidas-connector/credentials/metadata.crt"
#export IDP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect export IDP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
#export IDP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN export IDP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN
#export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/swedenconnect-signer.crt export IDP_METADATA_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/swedenconnect-signer.crt
export SP_CREDENTIALS=/etc/eidas-connector/credentials export SP_CREDENTIALS=/etc/eidas-connector/credentials
export SP_SIGNING_KEY="/etc/eidas-connector/credentials/connector.key" #export SP_SIGNING_KEY="/etc/eidas-connector/credentials/connector.key"
export SP_SIGNING_CERT="/etc/eidas-connector/credentials/connector.crt" #export SP_SIGNING_CERT="/etc/eidas-connector/credentials/connector.crt"
#export SP_SIGNING_PKCS11_ALIAS=sc_eidas_sign export SP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
#export SP_SIGNING_PKCS11_PIN=$PKCS11_PIN export SP_SIGNING_PKCS11_PIN=$PKCS11_PIN
#export SP_SIGNING_CERT=$SP_CREDENTIALS/sign.crt export SP_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export SP_SIGNING_CERT=$SP_CREDENTIALS/sign.crt
export SP_ENCRYPTION_KEY="/etc/eidas-connector/credentials/connector.key" #export SP_ENCRYPTION_KEY="/etc/eidas-connector/credentials/connector.key"
export SP_ENCRYPTION_CERT="/etc/eidas-connector/credentials/connector.crt" #export SP_ENCRYPTION_CERT="/etc/eidas-connector/credentials/connector.crt"
#export SP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt export SP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
#export SP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN export SP_ENCRYPTION_PKCS11_PIN=$PKCS11_PIN
#export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/enc.crt export SP_ENCRYPTION_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/enc.crt
export SP_METADATA_SIGNING_KEY="/etc/eidas-connector/credentials/metadata.key" #export SP_METADATA_SIGNING_KEY="/etc/eidas-connector/credentials/metadata.key"
export SP_METADATA_SIGNING_CERT="/etc/eidas-connector/credentials/metadata.crt" #export SP_METADATA_SIGNING_CERT="/etc/eidas-connector/credentials/metadata.crt"
#export SP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect export SP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
#export SP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN export SP_METADATA_SIGNING_PKCS11_PIN=$PKCS11_PIN
#export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/swedenconnect-signer.crt export SP_METADATA_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/swedenconnect-signer.crt
# Tomcat settings # Tomcat settings
export TOMCAT_CREDENTIALS=/etc/eidas-connector/credentials/tomcat export TOMCAT_CREDENTIALS=/etc/eidas-connector/credentials/tomcat
export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem
export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem
export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem
export TOMCAT_INTERNAL_PROXIES='"10\.\d{1,3}\.\d{1,3}\.\d{1,3}\|192\.168\.\d{1,3}\.\d{1,3}\|169\.254\.\d{1,3}\.\d{1,3}\|127\.\d{1,3}\.\d{1,3}\.\d{1,3}\|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}\|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}\|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}\|130\.242\.125\.\d{1,3}\|81\.236\.48\.\d{1,3}"'
FEDERATION_METADATA_URL=https://md.swedenconnect.se/entities FEDERATION_METADATA_URL=https://md.swedenconnect.se/entities
FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt

2
eidas-connector-common/overlay/etc/eidas-connector/loglevels.xml
View file

@ -11,7 +11,7 @@
<variable name="idp.loglevel.spring" value="ERROR" /> <variable name="idp.loglevel.spring" value="ERROR" />
<variable name="idp.loglevel.container" value="ERROR" /> <variable name="idp.loglevel.container" value="ERROR" />
<variable name="idp.loglevel.xmlsec" value="ERROR" /> <variable name="idp.loglevel.xmlsec" value="ERROR" />
<variable name="se.elegnamnden.eidas.pkcs11" value="INFO" /> <variable name="se.elegnamnden.eidas.pkcs11" value="DEBUG" />
<!-- <!--
It is also possible to add loggers and even appenders in this override file. It is also possible to add loggers and even appenders in this override file.

2
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -570,7 +570,7 @@ md-eu1.qa.komreg.net:
konsulter: konsulter:
autoupdate: autoupdate:
eidas_connector: eidas_connector:
version: 1.3.5 version: 1.3.6
hostname: connector.eidas.swedenconnect.se hostname: connector.eidas.swedenconnect.se
sunet::frontend::register_sites: sunet::frontend::register_sites:
sites: sites: