diff options
author | Leif Johansson <leifj@sunet.se> | 2015-03-19 14:46:53 +0100 |
---|---|---|
committer | Leif Johansson <leifj@sunet.se> | 2015-03-19 14:46:53 +0100 |
commit | f631f7d41e5a2f12ae311ed901228f41537bed52 (patch) | |
tree | 232ccadaa04b0f3a977b1600d7c01fa18bb701a8 | |
parent | ad8a21fb564176afc5b655a38ffce8c3933df3d0 (diff) |
ca setupsunet-ops-2015-03-19-v02
3 files changed, 70 insertions, 1 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 06f2337..cea6c2f 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -257,6 +257,14 @@ node 'sto-tug-kvm-lab1.swamid.se' { memory => '1024', } + cosmos::dhcp_kvm { 'ca.sunet.se': + mac => '52:54:00:4a:45:01', + repo => 'git://git.nordu.net/sunet-ops.git', + tagpattern => 'sunet-ops', + cpus => '1', + memory => '1024', + } + cosmos::dhcp_kvm { 'meta.swamid.se': mac => '52:54:00:1c:72:1a', repo => 'git://git.nordu.net/sunet-ops.git', @@ -518,6 +526,7 @@ class sunet-dhcp-hosts { dhcp::host { 'meta.swamid': mac => "52:54:00:1c:72:1a", ip => "130.242.125.82" } dhcp::host { 'md-master.reep': mac => "52:54:00:39:8d:ac", ip => "130.242.125.83" } dhcp::host { 'lobo2.lab': mac => "52:54:00:5e:72:91", ip => "130.242.125.86" } + dhcp::host { 'ca': mac => "52:54:00:4a:45:01", ip => "130.242.125.87" } # SUNET TUG eduID hosts (KVM host cdr1.sunet.se) dhcp::host { 'backup-tug-3': mac => "52:54:00:f2:7d:54", ip => "130.242.125.84" } @@ -527,6 +536,7 @@ class sunet-dhcp-hosts { dhcp::host { 'registry.swamid': mac => "52:54:00:52:53:0b", ip => "130.242.125.90" } dhcp::host { 'mdx1.swamid': mac => "52:54:00:fe:bc:09", ip => "130.242.125.91" } dhcp::host { 'mdx2.swamid': mac => "52:54:00:30:be:dd", ip => "130.242.125.92" } + } class sshaccess { @@ -764,13 +774,30 @@ class fail2ban { } } +define etcd_node(peers_file=undef,cluster_name="etcd") { + file { ["/data","/data/${cluster_name}","/data/${cluster_name}/${name}"]: ensure => 'directory' } + sunet::docker_run { 'etcd_${name}': + image => 'quay.io/coreos/etcd', + extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:8001", + "-listen-peer-urls http://${::ipaddress_eth1}:8001" + "-advertise-client-urls http://${::ipaddress_eth1}:5001", + "-listen-client-urls http://${::ipaddress_eth1}:5001", + "-name ${::hostname}", + "-data-dir /data/${cluster_name}/${name}", + "-initial-cluster-token ${cluster_name}", + "-peers-file ${peers_file}"], + ports => ["8001:8001","5001:5001"] + + + } +} + class quantis { apt::ppa {'ppa:ndn/quantispci': } package {'quantispci-dkms': } } class webcommon { - docker::image {'coreos/etcd': } } class webfrontend { diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp new file mode 100644 index 0000000..b4175a9 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp @@ -0,0 +1,34 @@ +define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so", + $pkcs11_pin=undef, + $pkcs11_key_slot="0", + $pkcs11_key_id="abcd", + $autosign_dir=undef, + $autosign_type="peer", + $public_repo_url=undef, + $public_repo_dir=undef) +{ + apt::ppa {'ppa:leifj/ici': } -> + package { 'ici': ensure => latest } -> + exec { '${name}_setup_ca': + command => "/usr/bin/ici ${name} init", + creates => "/var/lib/ici/${name}" + } -> + file { '${name}_ca_config': + path => "/var/lib/ici/${name}/ca.config", + content => template("sunet/ici_ca/ca.config.erb") + } -> + if ($autosign_dir) { + cron {'ici_autosign': + command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} -t ${autosign_type} issue ${autosign_dir}" + user => "root", + minut => "*/5" + } + } + if ($public_repo_dir && $public_repo_url) { + cron {'ici_publish': + command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} publish ${public_repo}" + user => "root", + minut => "*/5" + } + } +} diff --git a/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb new file mode 100644 index 0000000..86eb224 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb @@ -0,0 +1,8 @@ +ICI_CA_KEY_ID=<%= @pkcs11_key_id %> +ICI_CA_KEY_SLOT=<%= @pkcs11_key_slot %> +ICI_PKCS11=<%= @pkcs11_module %> +ICI_PKCS11_PIN=<%= @pkcs11_pin %> +ICI_MD=sha256 +ICI_PUBLIC_URL=<%= @public_repo_url %> +SOFTHSM_CONF=/var/lib/ici/<%= @name %>/softhsm.conf +export SOFTHSM_CONF |