created a separate puppet class
This commit is contained in:
parent
7323c75cee
commit
eba3dde692
GPG key ID:
7414A760CA747E57
2 changed files with 50 additions and 2 deletions
|
|
@ -848,13 +848,12 @@ demw-1.test.sveidas.se:
|
|||
storage_driver: 'overlay2'
|
||||
konsulter:
|
||||
autoupdate:
|
||||
eidas_de_middleware_hsm:
|
||||
eidas_de_middleware_hsm_test:
|
||||
version: 320-sc_hsm2
|
||||
hostname: test.demw.eidas.swedenconnect.se
|
||||
saml_metadata:
|
||||
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
|
||||
url: https://test.connector.eidas.swedenconnect.se/idp/metadata/sp
|
||||
webserver_new:
|
||||
sunet::frontend::register_sites:
|
||||
sites:
|
||||
'test.demw.eidas.swedenconnect.se':
|
||||
|
|
|
|||
|
|
@ -397,6 +397,55 @@ class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost')
|
|||
}
|
||||
}
|
||||
|
||||
class eidas_de_middleware_hsm_test($version="110-fixes-sc-p11",$hostname='localhost') {
|
||||
$_version = safe_hiera('eidas_demw_version',$version)
|
||||
$_hostname = safe_hiera('eidas_demw_hostname',$hostname)
|
||||
$poseidas_admin_hashed_password = safe_hiera('poseidas_admin_hashed_password')
|
||||
$spring_datasource_password = safe_hiera('spring_datasource_password')
|
||||
$pkcs11_pin = safe_hiera('pkcs11_pin')
|
||||
$demw_tls_client_key = safe_hiera('demw_tls_client_key')
|
||||
$demw_tls_client_cert = safe_hiera('demw_tls_client_cert')
|
||||
$demw_tls_server_cert = safe_hiera('demw_tls_server_cert')
|
||||
|
||||
file {['/opt/eidas-middleware','/opt/eidas-middleware/configuration','/opt/eidas-middleware/database']: ensure => directory } ->
|
||||
file {['/etc/luna','/etc/luna/cert']: ensure => directory } ->
|
||||
sunet::docker_run {'eidas-demw':
|
||||
image => 'docker.sunet.se/eidas-demw',
|
||||
imagetag => $_version,
|
||||
hostname => "${::fqdn}",
|
||||
ports => ['443:8443','127.0.0.1:10000:10000'],
|
||||
volumes => ['/var/log/eidas-middleware:/var/log/eidas-middleware',
|
||||
'/opt/eidas-middleware/configuration:/opt/eidas-middleware/configuration',
|
||||
'/opt/eidas-middleware/database:/opt/eidas-middleware/database',
|
||||
'/dev/log:/dev/log',
|
||||
'/etc/luna/cert:/usr/safenet/lunaclient/cert',
|
||||
'/etc/Chrystoki.conf.d:/etc/Chrystoki.conf.d',
|
||||
'/etc/ssl:/etc/ssl'],
|
||||
env => ["CERTNAME=${::fqdn}_infra",
|
||||
"EIDAS_SIGNER_DEFAULT_HASH_ALGORITHM=SHA256",
|
||||
"PUBLIC_HOSTNAME=$_hostname",
|
||||
"PKCS11_PIN=$pkcs11_pin",
|
||||
"PKCS11_CONFIG_LOCATION=/opt/eidas-middleware/configuration/hsm/pkcs11.properties",
|
||||
"POSEIDAS_ADMIN_HASHED_PASSWORD=$poseidas_admin_hashed_password",
|
||||
"DEMW_TLS_CLIENT_KEY=$demw_tls_client_key",
|
||||
"DEMW_TLS_CLIENT_CERT=$demw_tls_client_cert",
|
||||
"DEMW_TLS_SERVER_CERT=$demw_tls_server_cert",
|
||||
'JAVA_OPTS="-DformatMsgNoLookups=true -Dlog4j2.formatMsgNoLookups=true"',
|
||||
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"],
|
||||
extra_parameters => ["--log-driver=syslog --cpuset-cpus=0-1"]
|
||||
}
|
||||
sunet::nftables::docker_expose { 'https' :
|
||||
allow_clients => 'any',
|
||||
port => '443',
|
||||
iif => "${interface_default}",
|
||||
}
|
||||
sunet::nftables::docker_expose { 'haproxy' :
|
||||
allow_clients => 'any',
|
||||
port => '10000',
|
||||
iif => "${interface_default}",
|
||||
}
|
||||
}
|
||||
|
||||
class eidas_de_middleware($version="106-rs",$hostname='localhost') {
|
||||
$_version = safe_hiera('eidas_demw_version',$version)
|
||||
$_hostname = safe_hiera('eidas_demw_hostname',$hostname)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue