summaryrefslogtreecommitdiff
path: root/global/overlay/etc
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2014-10-22 12:28:28 +0200
committerLeif Johansson <leifj@sunet.se>2014-10-22 12:28:28 +0200
commit62c0dfc00abfcb813e89482ce063e44a7687cd00 (patch)
treeafcb3ee1629349acfba9da5696f3754b1eb3106f /global/overlay/etc
parentb0589cefefc4b2c22aa5ffd5977d4dbadcef7f42 (diff)
exception for random hosts
Diffstat (limited to 'global/overlay/etc')
-rw-r--r--global/overlay/etc/puppet/cosmos-rules.yaml2
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp25
2 files changed, 26 insertions, 1 deletions
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 1112bdf..4aab9c8 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -14,7 +14,7 @@ mdx1.swamid.se:
signer:
mdx2.swamid.se:
dockerhost:
- signer:
+ docker_signer:
md-master.reep.refeds.org:
sunet:
swamidops:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 5c5569d..64c84b0 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -96,6 +96,26 @@ node 'sto-fre-kvm1.swamid.se' {
}
+class docker_signer {
+ docker::image {'docker.samlbits.net/varnish': }
+ docker::image {'docker.samlbits.net/pyff': }
+ docker::run {'pyff':
+ image => 'docker.samlbits.net/pyff',
+ volumes => ['/opt/swamid-metadata:/opt/swamid-metadata'],
+ env => ['DATADIR=/opt/swamid-metadata','LOGLEVEL=INFO']
+ }
+ docker::run {'varnish':
+ image => 'docker.samlbits.net/varnish',
+ links => ['pyff:backend'],
+ ports => ['80:80']
+ }
+ cron {'update-swamid-metadata':
+ command => "cd /opt/swamid-metadata && git -q pull",
+ user => root,
+ minute => '*/5'
+ }
+}
+
class signer {
include cosmos::httpsproxy
class {'varnish':
@@ -515,6 +535,11 @@ class sunet {
fstab_fix_shm => false,
sysctl_net_hardening => false,
}
+ } elsif $::hostname =~ /random/ { # pollen requires exec on /tmp
+ class {'bastion':
+ fixperms_enable => false,
+ fixperms_paranoia => false,
+ }
} else {
class {'bastion':
fstab_fix_shm => false,