Merge branch 'master' of git.nordu.net:nunoc-ops

1 files changed, 105 insertions, 68 deletions

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index a205fd9..ccf1bd9 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -83,12 +83,27 @@ node 'sto-tug-kvm1.swamid.se' {
    }
 
    sunet::cloudimage { 'mdx1.swamid.se':
-     mac        => '52:54:00:fe:bc:09',
-     dhcp       => true,
+     dhcp       => false,
+     repo       => 'git://git.nordu.net/nunoc-ops.git',
+     tagpattern => 'sunet-ops',
+     cpus       => '1',
+     memory     => '2048',
+     ip         => '130.242.125.91',
+     netmask    => '255.255.255.192',
+     gateway    => '130.242.125.65',
+     resolver   => '130.242.80.14 130.242.80.99' 
+   }
+
+   sunet::cloudimage { 'mds1.swamid.se':
+     dhcp       => false,
      repo       => 'git://git.nordu.net/nunoc-ops.git',
      tagpattern => 'sunet-ops',
      cpus       => '1',
      memory     => '2048',
+     ip         => '130.242.125.92',
+     netmask    => '255.255.255.192',
+     gateway    => '130.242.125.65',
+     resolver   => '130.242.80.14 130.242.80.99'
    }
  
    sunet::dhcp_kvm { 'md-master.reep.refeds.org':
@@ -103,14 +118,45 @@ node 'sto-tug-kvm1.swamid.se' {
 node 'sto-fre-kvm1.swamid.se' {
 
    sunet::cloudimage { 'mdx2.swamid.se':
-     mac        => '52:54:00:30:be:dd',
-     dhcp       => true,
+     dhcp       => false,
      repo       => 'git://git.nordu.net/nunoc-ops.git',
      tagpattern => 'sunet-ops',
      cpus       => '1',
      memory     => '2048',
+     ip         => '130.242.125.151',
+     netmask    => '255.255.255.192',
+     gateway    => '130.242.125.129',
+     resolver   => '130.242.80.14 130.242.80.99'
+   }
+
+   sunet::cloudimage { 'mds2.swamid.se':
+     dhcp       => false,
+     repo       => 'git://git.nordu.net/nunoc-ops.git',
+     tagpattern => 'sunet-ops',
+     cpus       => '1',
+     memory     => '2048',
+     ip         => '130.242.125.152',
+     netmask    => '255.255.255.192',
+     gateway    => '130.242.125.129',
+     resolver   => '130.242.80.14 130.242.80.99'
    }
 
+   sunet::cloudimage { 'git.swamid.se':
+     dhcp       => false,
+     repo       => 'git://git.nordu.net/nunoc-ops.git',
+     tagpattern => 'sunet-ops',
+     cpus       => '1',
+     memory     => '2048',
+     ip         => '130.242.125.153',
+     netmask    => '255.255.255.192',
+     gateway    => '130.242.125.129',
+     resolver   => '130.242.80.14 130.242.80.99'
+   }
+
+}
+
+node 'git.swamid.se' {
+
 }
 
 node 'datasets.sunet.se' {
@@ -159,50 +205,68 @@ node 'docker.sunet.se' {
    }
 }
 
-class docker_signer {
-   docker::image {'docker.samlbits.net/varnish': }
-   docker::image {'docker.samlbits.net/pyff': }
-   docker::run {'pyff':
-      image => 'docker.samlbits.net/pyff',
-      volumes  => ['/opt/swamid-metadata:/opt/swamid-metadata'],
-      env      => ['DATADIR=/opt/swamid-metadata','LOGLEVEL=INFO']
-   }
-   docker::run {'varnish':
-      image => 'docker.samlbits.net/varnish',
-      links => ['pyff:backend'],
-      ports => ['80:80']
+define pyff($dir) {
+   ensure_resource('class', 'sunet::dockerhost', {})
+   sunet::docker_run {"pyff_${name}":
+      image    => 'docker.sunet.se/pyff',
+      imagetag => 'latest',
+      volumes  => ["${dir}:${dir}"],
+      env      => ['DATADIR=${dir}','LOGLEVEL=INFO']
    }
-   cron {'update-swamid-metadata':
-      command => "cd /opt/swamid-metadata && git pull -q",
-      user    => root,
-      minute  => '*/5'
+   sunet::docker_run {"varnish_${name}":
+      image    => 'docker.sunet.se/varnish',
+      imagetag => 'latest',
+      env      => ["BACKEND_PORT=tcp://pyff_${name}.docker:8080"],
+      ports    => ['80:80']
    }
 }
 
-class signer {
-   include cosmos::httpsproxy
-   class {'varnish': 
-      domain => 'swamid.se',
-      backends => {
-         mdx => 'http://localhost:8000/'
-      },
-      vhosts => {
-         mdx => 'mdx.swamid.se'
-      }
+class swamid_metadata {
+   vcsrepo { '/opt/swamid-metadata':
+      ensure   => present,
+      provider => git,
+      source   => 'git@md-master.swamid.se:swamid-metadata.git'
    }
-   class {'pyff':
-      load => ["/opt/metadata"],
-      port => 8000,
-      address => '0.0.0.0',
-      validUntil => 'P10D',
-      cacheDuration => 'PT5H',
-      replace => false
+}
+
+class swamid_static_signer {
+   ensure_resource('class', 'sunet::dockerhost', {}) 
+   class { 'swamid_metadata': } ->
+   user { 'www-data': system => true } ->
+   file { '/opt/published-metadata': ensure => directory, owner => 'www-data', group => 'www-data' } ->
+   package { ['make','libdate-calc-perl', 'libxml2-utils', 'xsltproc', 'opensaml2-tools', 'xmlsec1', 'autoconf']: ensure => installed } ->
+   vcsrepo { '/opt/saml-md-tools': 
+      ensure   => present,
+      provider => git,
+      source   => 'git://git.nordu.net/saml-md-tools.git'
+   } ->
+   exec { 'install_saml_md_tools':
+      command => '/usr/bin/autoreconf -is && ./configure --prefix=/usr/local && make && make install',
+      cwd     => '/opt/saml-md-tools',
+      path    => '/bin:/usr/bin:/usr/sbin',
+      onlyif  => '/usr/bin/test ! -f /usr/local/bin/saml-md-tool'
+   } ->
+   cron { 'publish-swamid-metadata':
+      command  => "/opt/swamid-metadata/scripts/update.sh",
+      user     => root,
+      minute   => '*/5'
+   } ->
+   sunet::docker_run {'swamid_mds': 
+      image    => 'docker.sunet.se/swamid-mds',
+      imagetag => 'latest',
+      volumes  => ['/etc/ssl:/etc/ssl','/opt/published-metadata:/opt/published-metadata','/opt/swamid-metadata/xslt:/opt/swamid-metadata/xslt'],
+      ports    => ['80:80','443:443']
    }
+}
+
+class swamid_pyff_signer {
+   class { 'swamid_metadata': } ->
    cron {'update-swamid-metadata':
-      command => "cd /opt/swamid-metadata && git pull -q",
-      user    => root,
-      minute  => '*/5'
-   }
+      command  => "cd /opt/swamid-metadata && git pull -q",
+      user     => root,
+      minute   => '*/5'
+   } ->
+   pyff {'swamid': dir => '/opt/swamid-metadata' }
 }
 
 node 'md-master.reep.refeds.org' {
@@ -215,31 +279,6 @@ node 'md-master.reep.refeds.org' {
 }
 
 node 'registry.swamid.se' {
-   class {'pyff':
-      load => ['/opt/peer/media/vf_repo'],
-      validUntil => 'P30D',
-      cacheDuration => 'PT24H',
-      replace => false,
-      port => 8000,
-      address => '127.0.0.1'
-   }
-   $peerpkg = ['xmlsec1','libxmlsec1-openssl','libpq-dev','postgresql','postgresql-client']
-   package { $peerpkg: ensure => installed }
-   python::virtualenv { '/opt/peer':
-     ensure => present
-   } 
-   python::pip { 'peer==0.13.0':
-     pkgname => 'peer==0.13.0',
-     virtualenv => '/opt/peer'
-   }
-
-   #class { 'postgresql::server': }
-
-   #postgresql::server::db { 'peer':
-   #  encoding => 'utf-8',
-   #  user     => 'peer',
-   #  password => postgresql_password('peer', hiera('peer_db_password')),
-   #}
 }
 
 node 'sto-tug-kvm-lab1.swamid.se' {
@@ -575,8 +614,6 @@ class sunet-dhcp-hosts {
 
    # SWAMID production
    dhcp::host { 'registry.swamid':     mac => "52:54:00:52:53:0b", ip => "130.242.125.90" }
-   dhcp::host { 'mdx1.swamid':         mac => "52:54:00:fe:bc:09", ip => "130.242.125.91" }
-   dhcp::host { 'mdx2.swamid':         mac => "52:54:00:30:be:dd", ip => "130.242.125.92" }
 }
 
 class sunetops {