new demw version 3.2.0 related changes

demw-1.qa.sveidas.se/overlay/etc/logrotate.d/eidas-middleware

@@ -0,0 +1,7 @@
+/var/log/eidas-middleware/eidas-middleware.log {
+  rotate 13
+  daily
+  compress
+  missingok
+  notifempty
+}

demw-1.qa.sveidas.se/overlay/opt/eidas-middleware/configuration/application.properties.sh

@@ -1,16 +1,23 @@
 cat<<EOF
-logging.file=
-poseidas.admin.hashed.password=${POSEIDAS_ADMIN_HASHED_PASSWORD}
-poseidas.admin.username=${POSEIDAS_ADMIN_USERNAME:-demw}
+#server settings
 server.port=${SERVER_PORT:-8443}
 server.adminInterfacePort=${ADMIN_PORT:-10000}
+
+#TLS settings
+server.ssl.key-store:file\:///tmp/${CERTNAME}.p12
+server.ssl.key-store-password:dummy
 server.ssl.key-password=dummy
-server.ssl.key-store=file\:/tmp/${CERTNAME}.p12
-server.ssl.key-store-password=dummy
-server.ssl.keyAlias=tls
-server.ssl.keyStoreType=PKCS12
-spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
-spring.datasource.url=jdbc\:h2\:file\:/opt/eidas-middleware/database/eidasmw;DB_CLOSE_DELAY\=-1;DB_CLOSE_ON_EXIT\=FALSE
+server.ssl.keyStoreType:PKCS12
+server.ssl.keyAlias:tls
+
+#database connection
+spring.datasource.url=jdbc:h2:/opt/eidas-middleware/database/eidasmw;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
 spring.datasource.username=${SPRING_DATASOURCE_USERNAME:-demw}
+spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
+
+#logging
+logging.file.name=/var/log/eidas-middleware/eidas-middleware.log
+
+#HSM
 hsm.type=NO_HSM
 EOF

demw-1.test.sveidas.se/overlay/etc/logrotate.d/eidas-middleware

@@ -0,0 +1,7 @@
+/var/log/eidas-middleware/eidas-middleware.log {
+  rotate 13
+  daily
+  compress
+  missingok
+  notifempty
+}

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -853,11 +853,8 @@ test-1.test.sveidas.se:
    konsulter:
    autoupdate:
    eidas_de_middleware:
-      version: 228-sc-p11_hsm2
+      version: 320-sc-p11_hsm2
       hostname: qa.demw.eidas.swedenconnect.se
-   saml_metadata:
-      filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
-      url: https://qa.connector.eidas.swedenconnect.se/idp/metadata/sp
    webserver:
       enabled: true
    sunet::frontend::register_sites:
@@ -877,9 +874,6 @@ demw-1.test.sveidas.se:
    eidas_de_middleware_hsm_test:
       version: 320-sc_hsm2
       hostname: test.demw.eidas.swedenconnect.se
-   saml_metadata:
-      filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
-      url: https://test.connector.eidas.swedenconnect.se/idp/metadata/sp
    sunet::frontend::register_sites:
      sites:
        'test.demw.eidas.swedenconnect.se':

global/overlay/etc/puppet/manifests/cosmos-site.pp

@@ -397,6 +397,8 @@ class eidas_de_middleware_hsm_test($version="110-fixes-sc-p11",$hostname='localh
    $_hostname = safe_hiera('eidas_demw_hostname',$hostname)
    $spring_datasource_password = safe_hiera('spring_datasource_password')
    $pkcs11_pin = safe_hiera('pkcs11_pin')
+
+   #saved directly in admin inteface from version 3.0.0 onwards
    $demw_tls_client_key = safe_hiera('demw_tls_client_key')
    $demw_tls_client_cert = safe_hiera('demw_tls_client_cert')
    $demw_tls_server_cert = safe_hiera('demw_tls_server_cert')
@@ -420,7 +422,7 @@ class eidas_de_middleware_hsm_test($version="110-fixes-sc-p11",$hostname='localh
                    "PKCS11_CONFIG_LOCATION=/opt/eidas-middleware/configuration/hsm/pkcs11.properties",
                    'JAVA_OPTS="-DformatMsgNoLookups=true -Dlog4j2.formatMsgNoLookups=true"',
                    "SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"],
-      extra_parameters => ["--log-driver=syslog --cpuset-cpus=0-3"]
+      extra_parameters => ["--log-driver=syslog"]
    }
    sunet::nftables::docker_expose { 'https' :
       allow_clients => 'any',
@@ -439,6 +441,8 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
    $_hostname = safe_hiera('eidas_demw_hostname',$hostname)
    $poseidas_admin_hashed_password = safe_hiera('poseidas_admin_hashed_password')
    $spring_datasource_password = safe_hiera('spring_datasource_password')
+
+   #saved directly in admin inteface from version 3.0.0 onwards
    $middleware_crypt_pin = safe_hiera('middleware_crypt_pin')
    $middleware_sign_pin = safe_hiera('middleware_sign_pin')
    $demw_tls_client_key = safe_hiera('demw_tls_client_key')
@@ -446,19 +450,23 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
    $demw_tls_server_cert = safe_hiera('demw_tls_server_cert')
 
    file {['/opt/eidas-middleware','/opt/eidas-middleware/configuration','/opt/eidas-middleware/database']: ensure => directory } ->
+
+   #saved directly in admin interface from version 3.0.0 onwards
    sunet::snippets::secret_file {"/opt/eidas-middleware/configuration/eidasmw-signature-keystore.jks":
       hiera_key => 'eidasmw-signature-keystore',
       base64    => true
    } ->
+   #no longer needed in version 3.0.0 onwards
    file { '/opt/eidas-middleware/configuration/POSeIDAS.xml.sh':
       ensure  => present,
       content => template('eid/demw/POSeIDAS.xml.sh.erb'),
       mode    => '0744',
       }
+   #saved directly in admin interface from version 3.0.0 onwards
    sunet::snippets::secret_file {"/opt/eidas-middleware/configuration/eidasmw-crypto-keystore.jks":
       hiera_key => 'eidasmw-crypto-keystore',
       base64    => true
-   } ->
+   }
    sunet::docker_run {'eidas-demw':
       image    => 'docker.sunet.se/eidas-demw',
       imagetag => $_version,
@@ -471,11 +479,8 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
                    '/etc/ssl:/etc/ssl'],
       env      => ["CERTNAME=${::fqdn}_infra",
                    "PUBLIC_HOSTNAME=$_hostname",
-                   "POSEIDAS_ADMIN_HASHED_PASSWORD=$poseidas_admin_hashed_password",
                    "SPRING_DATASOURCE_PASSWORD=$spring_datasource_password",
-                   "MIDDLEWARE_CRYPT_PIN=$middleware_crypt_pin",
                    'JAVA_OPTS="-DformatMsgNoLookups=true -Dlog4j2.formatMsgNoLookups=true"',
-                   "MIDDLEWARE_SIGN_PIN=$middleware_sign_pin"],
       extra_parameters => ["--log-driver=syslog"]
    }
 }