From eba3dde69215ca967e881ee43449c4216b6cfe66 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Thu, 21 Mar 2024 19:21:46 +0100 Subject: [PATCH] created a separate puppet class --- global/overlay/etc/puppet/cosmos-rules.yaml | 3 +- .../etc/puppet/manifests/cosmos-site.pp | 49 +++++++++++++++++++ 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index f3e2b9bc..4f63c515 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -848,13 +848,12 @@ demw-1.test.sveidas.se: storage_driver: 'overlay2' konsulter: autoupdate: - eidas_de_middleware_hsm: + eidas_de_middleware_hsm_test: version: 320-sc_hsm2 hostname: test.demw.eidas.swedenconnect.se saml_metadata: filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml url: https://test.connector.eidas.swedenconnect.se/idp/metadata/sp - webserver_new: sunet::frontend::register_sites: sites: 'test.demw.eidas.swedenconnect.se': diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index a7a874a1..ad9abc5d 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -397,6 +397,55 @@ class eidas_de_middleware_hsm($version="110-fixes-sc-p11",$hostname='localhost') } } +class eidas_de_middleware_hsm_test($version="110-fixes-sc-p11",$hostname='localhost') { + $_version = safe_hiera('eidas_demw_version',$version) + $_hostname = safe_hiera('eidas_demw_hostname',$hostname) + $poseidas_admin_hashed_password = safe_hiera('poseidas_admin_hashed_password') + $spring_datasource_password = safe_hiera('spring_datasource_password') + $pkcs11_pin = safe_hiera('pkcs11_pin') + $demw_tls_client_key = safe_hiera('demw_tls_client_key') + $demw_tls_client_cert = safe_hiera('demw_tls_client_cert') + $demw_tls_server_cert = safe_hiera('demw_tls_server_cert') + + file {['/opt/eidas-middleware','/opt/eidas-middleware/configuration','/opt/eidas-middleware/database']: ensure => directory } -> + file {['/etc/luna','/etc/luna/cert']: ensure => directory } -> + sunet::docker_run {'eidas-demw': + image => 'docker.sunet.se/eidas-demw', + imagetag => $_version, + hostname => "${::fqdn}", + ports => ['443:8443','127.0.0.1:10000:10000'], + volumes => ['/var/log/eidas-middleware:/var/log/eidas-middleware', + '/opt/eidas-middleware/configuration:/opt/eidas-middleware/configuration', + '/opt/eidas-middleware/database:/opt/eidas-middleware/database', + '/dev/log:/dev/log', + '/etc/luna/cert:/usr/safenet/lunaclient/cert', + '/etc/Chrystoki.conf.d:/etc/Chrystoki.conf.d', + '/etc/ssl:/etc/ssl'], + env => ["CERTNAME=${::fqdn}_infra", + "EIDAS_SIGNER_DEFAULT_HASH_ALGORITHM=SHA256", + "PUBLIC_HOSTNAME=$_hostname", + "PKCS11_PIN=$pkcs11_pin", + "PKCS11_CONFIG_LOCATION=/opt/eidas-middleware/configuration/hsm/pkcs11.properties", + "POSEIDAS_ADMIN_HASHED_PASSWORD=$poseidas_admin_hashed_password", + "DEMW_TLS_CLIENT_KEY=$demw_tls_client_key", + "DEMW_TLS_CLIENT_CERT=$demw_tls_client_cert", + "DEMW_TLS_SERVER_CERT=$demw_tls_server_cert", + 'JAVA_OPTS="-DformatMsgNoLookups=true -Dlog4j2.formatMsgNoLookups=true"', + "SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"], + extra_parameters => ["--log-driver=syslog --cpuset-cpus=0-1"] + } + sunet::nftables::docker_expose { 'https' : + allow_clients => 'any', + port => '443', + iif => "${interface_default}", + } + sunet::nftables::docker_expose { 'haproxy' : + allow_clients => 'any', + port => '10000', + iif => "${interface_default}", + } +} + class eidas_de_middleware($version="106-rs",$hostname='localhost') { $_version = safe_hiera('eidas_demw_version',$version) $_hostname = safe_hiera('eidas_demw_hostname',$hostname)