summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/manifests
diff options
context:
space:
mode:
authorJohan Lundberg <lundberg@nordu.net>2015-09-24 15:31:23 +0200
committerJohan Lundberg <lundberg@nordu.net>2015-09-24 15:31:23 +0200
commit544b9dd5201f4c69dee06ebf0f567e8cd5aab983 (patch)
tree707b10cba6f4234e015e5ff14d772ffb4590fea4 /global/overlay/etc/puppet/manifests
parent8d5a27b848230b929064902b784119856fb7893b (diff)
parent07e25e929adbcc7a35914f241c2231bf826ea69f (diff)
Merge branch 'master' of git.nordu.net:nunoc-ops
Diffstat (limited to 'global/overlay/etc/puppet/manifests')
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp173
1 files changed, 105 insertions, 68 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index a205fd9..ccf1bd9 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -83,12 +83,27 @@ node 'sto-tug-kvm1.swamid.se' {
}
sunet::cloudimage { 'mdx1.swamid.se':
- mac => '52:54:00:fe:bc:09',
- dhcp => true,
+ dhcp => false,
+ repo => 'git://git.nordu.net/nunoc-ops.git',
+ tagpattern => 'sunet-ops',
+ cpus => '1',
+ memory => '2048',
+ ip => '130.242.125.91',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.65',
+ resolver => '130.242.80.14 130.242.80.99'
+ }
+
+ sunet::cloudimage { 'mds1.swamid.se':
+ dhcp => false,
repo => 'git://git.nordu.net/nunoc-ops.git',
tagpattern => 'sunet-ops',
cpus => '1',
memory => '2048',
+ ip => '130.242.125.92',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.65',
+ resolver => '130.242.80.14 130.242.80.99'
}
sunet::dhcp_kvm { 'md-master.reep.refeds.org':
@@ -103,14 +118,45 @@ node 'sto-tug-kvm1.swamid.se' {
node 'sto-fre-kvm1.swamid.se' {
sunet::cloudimage { 'mdx2.swamid.se':
- mac => '52:54:00:30:be:dd',
- dhcp => true,
+ dhcp => false,
repo => 'git://git.nordu.net/nunoc-ops.git',
tagpattern => 'sunet-ops',
cpus => '1',
memory => '2048',
+ ip => '130.242.125.151',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.129',
+ resolver => '130.242.80.14 130.242.80.99'
+ }
+
+ sunet::cloudimage { 'mds2.swamid.se':
+ dhcp => false,
+ repo => 'git://git.nordu.net/nunoc-ops.git',
+ tagpattern => 'sunet-ops',
+ cpus => '1',
+ memory => '2048',
+ ip => '130.242.125.152',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.129',
+ resolver => '130.242.80.14 130.242.80.99'
}
+ sunet::cloudimage { 'git.swamid.se':
+ dhcp => false,
+ repo => 'git://git.nordu.net/nunoc-ops.git',
+ tagpattern => 'sunet-ops',
+ cpus => '1',
+ memory => '2048',
+ ip => '130.242.125.153',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.129',
+ resolver => '130.242.80.14 130.242.80.99'
+ }
+
+}
+
+node 'git.swamid.se' {
+
}
node 'datasets.sunet.se' {
@@ -159,50 +205,68 @@ node 'docker.sunet.se' {
}
}
-class docker_signer {
- docker::image {'docker.samlbits.net/varnish': }
- docker::image {'docker.samlbits.net/pyff': }
- docker::run {'pyff':
- image => 'docker.samlbits.net/pyff',
- volumes => ['/opt/swamid-metadata:/opt/swamid-metadata'],
- env => ['DATADIR=/opt/swamid-metadata','LOGLEVEL=INFO']
- }
- docker::run {'varnish':
- image => 'docker.samlbits.net/varnish',
- links => ['pyff:backend'],
- ports => ['80:80']
+define pyff($dir) {
+ ensure_resource('class', 'sunet::dockerhost', {})
+ sunet::docker_run {"pyff_${name}":
+ image => 'docker.sunet.se/pyff',
+ imagetag => 'latest',
+ volumes => ["${dir}:${dir}"],
+ env => ['DATADIR=${dir}','LOGLEVEL=INFO']
}
- cron {'update-swamid-metadata':
- command => "cd /opt/swamid-metadata && git pull -q",
- user => root,
- minute => '*/5'
+ sunet::docker_run {"varnish_${name}":
+ image => 'docker.sunet.se/varnish',
+ imagetag => 'latest',
+ env => ["BACKEND_PORT=tcp://pyff_${name}.docker:8080"],
+ ports => ['80:80']
}
}
-class signer {
- include cosmos::httpsproxy
- class {'varnish':
- domain => 'swamid.se',
- backends => {
- mdx => 'http://localhost:8000/'
- },
- vhosts => {
- mdx => 'mdx.swamid.se'
- }
+class swamid_metadata {
+ vcsrepo { '/opt/swamid-metadata':
+ ensure => present,
+ provider => git,
+ source => 'git@md-master.swamid.se:swamid-metadata.git'
}
- class {'pyff':
- load => ["/opt/metadata"],
- port => 8000,
- address => '0.0.0.0',
- validUntil => 'P10D',
- cacheDuration => 'PT5H',
- replace => false
+}
+
+class swamid_static_signer {
+ ensure_resource('class', 'sunet::dockerhost', {})
+ class { 'swamid_metadata': } ->
+ user { 'www-data': system => true } ->
+ file { '/opt/published-metadata': ensure => directory, owner => 'www-data', group => 'www-data' } ->
+ package { ['make','libdate-calc-perl', 'libxml2-utils', 'xsltproc', 'opensaml2-tools', 'xmlsec1', 'autoconf']: ensure => installed } ->
+ vcsrepo { '/opt/saml-md-tools':
+ ensure => present,
+ provider => git,
+ source => 'git://git.nordu.net/saml-md-tools.git'
+ } ->
+ exec { 'install_saml_md_tools':
+ command => '/usr/bin/autoreconf -is && ./configure --prefix=/usr/local && make && make install',
+ cwd => '/opt/saml-md-tools',
+ path => '/bin:/usr/bin:/usr/sbin',
+ onlyif => '/usr/bin/test ! -f /usr/local/bin/saml-md-tool'
+ } ->
+ cron { 'publish-swamid-metadata':
+ command => "/opt/swamid-metadata/scripts/update.sh",
+ user => root,
+ minute => '*/5'
+ } ->
+ sunet::docker_run {'swamid_mds':
+ image => 'docker.sunet.se/swamid-mds',
+ imagetag => 'latest',
+ volumes => ['/etc/ssl:/etc/ssl','/opt/published-metadata:/opt/published-metadata','/opt/swamid-metadata/xslt:/opt/swamid-metadata/xslt'],
+ ports => ['80:80','443:443']
}
+}
+
+class swamid_pyff_signer {
+ class { 'swamid_metadata': } ->
cron {'update-swamid-metadata':
- command => "cd /opt/swamid-metadata && git pull -q",
- user => root,
- minute => '*/5'
- }
+ command => "cd /opt/swamid-metadata && git pull -q",
+ user => root,
+ minute => '*/5'
+ } ->
+ pyff {'swamid': dir => '/opt/swamid-metadata' }
}
node 'md-master.reep.refeds.org' {
@@ -215,31 +279,6 @@ node 'md-master.reep.refeds.org' {
}
node 'registry.swamid.se' {
- class {'pyff':
- load => ['/opt/peer/media/vf_repo'],
- validUntil => 'P30D',
- cacheDuration => 'PT24H',
- replace => false,
- port => 8000,
- address => '127.0.0.1'
- }
- $peerpkg = ['xmlsec1','libxmlsec1-openssl','libpq-dev','postgresql','postgresql-client']
- package { $peerpkg: ensure => installed }
- python::virtualenv { '/opt/peer':
- ensure => present
- }
- python::pip { 'peer==0.13.0':
- pkgname => 'peer==0.13.0',
- virtualenv => '/opt/peer'
- }
-
- #class { 'postgresql::server': }
-
- #postgresql::server::db { 'peer':
- # encoding => 'utf-8',
- # user => 'peer',
- # password => postgresql_password('peer', hiera('peer_db_password')),
- #}
}
node 'sto-tug-kvm-lab1.swamid.se' {
@@ -575,8 +614,6 @@ class sunet-dhcp-hosts {
# SWAMID production
dhcp::host { 'registry.swamid': mac => "52:54:00:52:53:0b", ip => "130.242.125.90" }
- dhcp::host { 'mdx1.swamid': mac => "52:54:00:fe:bc:09", ip => "130.242.125.91" }
- dhcp::host { 'mdx2.swamid': mac => "52:54:00:30:be:dd", ip => "130.242.125.92" }
}
class sunetops {