new demw version 3.2.0 related changes
This commit is contained in:
parent
a3fb9dca52
commit
f0692f6354
GPG key ID:
7414A760CA747E57
5 changed files with 41 additions and 21 deletions
|
|
@ -0,0 +1,7 @@
|
||||||
|
/var/log/eidas-middleware/eidas-middleware.log {
|
||||||
|
rotate 13
|
||||||
|
daily
|
||||||
|
compress
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
}
|
||||||
|
|
@ -1,16 +1,23 @@
|
||||||
cat<<EOF
|
cat<<EOF
|
||||||
logging.file=
|
#server settings
|
||||||
poseidas.admin.hashed.password=${POSEIDAS_ADMIN_HASHED_PASSWORD}
|
|
||||||
poseidas.admin.username=${POSEIDAS_ADMIN_USERNAME:-demw}
|
|
||||||
server.port=${SERVER_PORT:-8443}
|
server.port=${SERVER_PORT:-8443}
|
||||||
server.adminInterfacePort=${ADMIN_PORT:-10000}
|
server.adminInterfacePort=${ADMIN_PORT:-10000}
|
||||||
|
|
||||||
|
#TLS settings
|
||||||
|
server.ssl.key-store:file\:///tmp/${CERTNAME}.p12
|
||||||
|
server.ssl.key-store-password:dummy
|
||||||
server.ssl.key-password=dummy
|
server.ssl.key-password=dummy
|
||||||
server.ssl.key-store=file\:/tmp/${CERTNAME}.p12
|
server.ssl.keyStoreType:PKCS12
|
||||||
server.ssl.key-store-password=dummy
|
server.ssl.keyAlias:tls
|
||||||
server.ssl.keyAlias=tls
|
|
||||||
server.ssl.keyStoreType=PKCS12
|
#database connection
|
||||||
spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
|
spring.datasource.url=jdbc:h2:/opt/eidas-middleware/database/eidasmw;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
|
||||||
spring.datasource.url=jdbc\:h2\:file\:/opt/eidas-middleware/database/eidasmw;DB_CLOSE_DELAY\=-1;DB_CLOSE_ON_EXIT\=FALSE
|
|
||||||
spring.datasource.username=${SPRING_DATASOURCE_USERNAME:-demw}
|
spring.datasource.username=${SPRING_DATASOURCE_USERNAME:-demw}
|
||||||
|
spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
|
||||||
|
|
||||||
|
#logging
|
||||||
|
logging.file.name=/var/log/eidas-middleware/eidas-middleware.log
|
||||||
|
|
||||||
|
#HSM
|
||||||
hsm.type=NO_HSM
|
hsm.type=NO_HSM
|
||||||
EOF
|
EOF
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,7 @@
|
||||||
|
/var/log/eidas-middleware/eidas-middleware.log {
|
||||||
|
rotate 13
|
||||||
|
daily
|
||||||
|
compress
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
}
|
||||||
|
|
@ -853,11 +853,8 @@ test-1.test.sveidas.se:
|
||||||
konsulter:
|
konsulter:
|
||||||
autoupdate:
|
autoupdate:
|
||||||
eidas_de_middleware:
|
eidas_de_middleware:
|
||||||
version: 228-sc-p11_hsm2
|
version: 320-sc-p11_hsm2
|
||||||
hostname: qa.demw.eidas.swedenconnect.se
|
hostname: qa.demw.eidas.swedenconnect.se
|
||||||
saml_metadata:
|
|
||||||
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
|
|
||||||
url: https://qa.connector.eidas.swedenconnect.se/idp/metadata/sp
|
|
||||||
webserver:
|
webserver:
|
||||||
enabled: true
|
enabled: true
|
||||||
sunet::frontend::register_sites:
|
sunet::frontend::register_sites:
|
||||||
|
|
@ -877,9 +874,6 @@ demw-1.test.sveidas.se:
|
||||||
eidas_de_middleware_hsm_test:
|
eidas_de_middleware_hsm_test:
|
||||||
version: 320-sc_hsm2
|
version: 320-sc_hsm2
|
||||||
hostname: test.demw.eidas.swedenconnect.se
|
hostname: test.demw.eidas.swedenconnect.se
|
||||||
saml_metadata:
|
|
||||||
filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
|
|
||||||
url: https://test.connector.eidas.swedenconnect.se/idp/metadata/sp
|
|
||||||
sunet::frontend::register_sites:
|
sunet::frontend::register_sites:
|
||||||
sites:
|
sites:
|
||||||
'test.demw.eidas.swedenconnect.se':
|
'test.demw.eidas.swedenconnect.se':
|
||||||
|
|
|
||||||
|
|
@ -397,6 +397,8 @@ class eidas_de_middleware_hsm_test($version="110-fixes-sc-p11",$hostname='localh
|
||||||
$_hostname = safe_hiera('eidas_demw_hostname',$hostname)
|
$_hostname = safe_hiera('eidas_demw_hostname',$hostname)
|
||||||
$spring_datasource_password = safe_hiera('spring_datasource_password')
|
$spring_datasource_password = safe_hiera('spring_datasource_password')
|
||||||
$pkcs11_pin = safe_hiera('pkcs11_pin')
|
$pkcs11_pin = safe_hiera('pkcs11_pin')
|
||||||
|
|
||||||
|
#saved directly in admin inteface from version 3.0.0 onwards
|
||||||
$demw_tls_client_key = safe_hiera('demw_tls_client_key')
|
$demw_tls_client_key = safe_hiera('demw_tls_client_key')
|
||||||
$demw_tls_client_cert = safe_hiera('demw_tls_client_cert')
|
$demw_tls_client_cert = safe_hiera('demw_tls_client_cert')
|
||||||
$demw_tls_server_cert = safe_hiera('demw_tls_server_cert')
|
$demw_tls_server_cert = safe_hiera('demw_tls_server_cert')
|
||||||
|
|
@ -420,7 +422,7 @@ class eidas_de_middleware_hsm_test($version="110-fixes-sc-p11",$hostname='localh
|
||||||
"PKCS11_CONFIG_LOCATION=/opt/eidas-middleware/configuration/hsm/pkcs11.properties",
|
"PKCS11_CONFIG_LOCATION=/opt/eidas-middleware/configuration/hsm/pkcs11.properties",
|
||||||
'JAVA_OPTS="-DformatMsgNoLookups=true -Dlog4j2.formatMsgNoLookups=true"',
|
'JAVA_OPTS="-DformatMsgNoLookups=true -Dlog4j2.formatMsgNoLookups=true"',
|
||||||
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"],
|
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password"],
|
||||||
extra_parameters => ["--log-driver=syslog --cpuset-cpus=0-3"]
|
extra_parameters => ["--log-driver=syslog"]
|
||||||
}
|
}
|
||||||
sunet::nftables::docker_expose { 'https' :
|
sunet::nftables::docker_expose { 'https' :
|
||||||
allow_clients => 'any',
|
allow_clients => 'any',
|
||||||
|
|
@ -439,6 +441,8 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
|
||||||
$_hostname = safe_hiera('eidas_demw_hostname',$hostname)
|
$_hostname = safe_hiera('eidas_demw_hostname',$hostname)
|
||||||
$poseidas_admin_hashed_password = safe_hiera('poseidas_admin_hashed_password')
|
$poseidas_admin_hashed_password = safe_hiera('poseidas_admin_hashed_password')
|
||||||
$spring_datasource_password = safe_hiera('spring_datasource_password')
|
$spring_datasource_password = safe_hiera('spring_datasource_password')
|
||||||
|
|
||||||
|
#saved directly in admin inteface from version 3.0.0 onwards
|
||||||
$middleware_crypt_pin = safe_hiera('middleware_crypt_pin')
|
$middleware_crypt_pin = safe_hiera('middleware_crypt_pin')
|
||||||
$middleware_sign_pin = safe_hiera('middleware_sign_pin')
|
$middleware_sign_pin = safe_hiera('middleware_sign_pin')
|
||||||
$demw_tls_client_key = safe_hiera('demw_tls_client_key')
|
$demw_tls_client_key = safe_hiera('demw_tls_client_key')
|
||||||
|
|
@ -446,19 +450,23 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
|
||||||
$demw_tls_server_cert = safe_hiera('demw_tls_server_cert')
|
$demw_tls_server_cert = safe_hiera('demw_tls_server_cert')
|
||||||
|
|
||||||
file {['/opt/eidas-middleware','/opt/eidas-middleware/configuration','/opt/eidas-middleware/database']: ensure => directory } ->
|
file {['/opt/eidas-middleware','/opt/eidas-middleware/configuration','/opt/eidas-middleware/database']: ensure => directory } ->
|
||||||
|
|
||||||
|
#saved directly in admin interface from version 3.0.0 onwards
|
||||||
sunet::snippets::secret_file {"/opt/eidas-middleware/configuration/eidasmw-signature-keystore.jks":
|
sunet::snippets::secret_file {"/opt/eidas-middleware/configuration/eidasmw-signature-keystore.jks":
|
||||||
hiera_key => 'eidasmw-signature-keystore',
|
hiera_key => 'eidasmw-signature-keystore',
|
||||||
base64 => true
|
base64 => true
|
||||||
} ->
|
} ->
|
||||||
|
#no longer needed in version 3.0.0 onwards
|
||||||
file { '/opt/eidas-middleware/configuration/POSeIDAS.xml.sh':
|
file { '/opt/eidas-middleware/configuration/POSeIDAS.xml.sh':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
content => template('eid/demw/POSeIDAS.xml.sh.erb'),
|
content => template('eid/demw/POSeIDAS.xml.sh.erb'),
|
||||||
mode => '0744',
|
mode => '0744',
|
||||||
}
|
}
|
||||||
|
#saved directly in admin interface from version 3.0.0 onwards
|
||||||
sunet::snippets::secret_file {"/opt/eidas-middleware/configuration/eidasmw-crypto-keystore.jks":
|
sunet::snippets::secret_file {"/opt/eidas-middleware/configuration/eidasmw-crypto-keystore.jks":
|
||||||
hiera_key => 'eidasmw-crypto-keystore',
|
hiera_key => 'eidasmw-crypto-keystore',
|
||||||
base64 => true
|
base64 => true
|
||||||
} ->
|
}
|
||||||
sunet::docker_run {'eidas-demw':
|
sunet::docker_run {'eidas-demw':
|
||||||
image => 'docker.sunet.se/eidas-demw',
|
image => 'docker.sunet.se/eidas-demw',
|
||||||
imagetag => $_version,
|
imagetag => $_version,
|
||||||
|
|
@ -471,11 +479,8 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
|
||||||
'/etc/ssl:/etc/ssl'],
|
'/etc/ssl:/etc/ssl'],
|
||||||
env => ["CERTNAME=${::fqdn}_infra",
|
env => ["CERTNAME=${::fqdn}_infra",
|
||||||
"PUBLIC_HOSTNAME=$_hostname",
|
"PUBLIC_HOSTNAME=$_hostname",
|
||||||
"POSEIDAS_ADMIN_HASHED_PASSWORD=$poseidas_admin_hashed_password",
|
|
||||||
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password",
|
"SPRING_DATASOURCE_PASSWORD=$spring_datasource_password",
|
||||||
"MIDDLEWARE_CRYPT_PIN=$middleware_crypt_pin",
|
|
||||||
'JAVA_OPTS="-DformatMsgNoLookups=true -Dlog4j2.formatMsgNoLookups=true"',
|
'JAVA_OPTS="-DformatMsgNoLookups=true -Dlog4j2.formatMsgNoLookups=true"',
|
||||||
"MIDDLEWARE_SIGN_PIN=$middleware_sign_pin"],
|
|
||||||
extra_parameters => ["--log-driver=syslog"]
|
extra_parameters => ["--log-driver=syslog"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue