summaryrefslogtreecommitdiff
path: root/global/overlay
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2015-03-19 14:46:53 +0100
committerLeif Johansson <leifj@sunet.se>2015-03-19 14:46:53 +0100
commitf631f7d41e5a2f12ae311ed901228f41537bed52 (patch)
tree232ccadaa04b0f3a977b1600d7c01fa18bb701a8 /global/overlay
parentad8a21fb564176afc5b655a38ffce8c3933df3d0 (diff)
Diffstat (limited to 'global/overlay')
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp29
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp34
-rw-r--r--global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb8
3 files changed, 70 insertions, 1 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 06f2337..cea6c2f 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -257,6 +257,14 @@ node 'sto-tug-kvm-lab1.swamid.se' {
memory => '1024',
}
+ cosmos::dhcp_kvm { 'ca.sunet.se':
+ mac => '52:54:00:4a:45:01',
+ repo => 'git://git.nordu.net/sunet-ops.git',
+ tagpattern => 'sunet-ops',
+ cpus => '1',
+ memory => '1024',
+ }
+
cosmos::dhcp_kvm { 'meta.swamid.se':
mac => '52:54:00:1c:72:1a',
repo => 'git://git.nordu.net/sunet-ops.git',
@@ -518,6 +526,7 @@ class sunet-dhcp-hosts {
dhcp::host { 'meta.swamid': mac => "52:54:00:1c:72:1a", ip => "130.242.125.82" }
dhcp::host { 'md-master.reep': mac => "52:54:00:39:8d:ac", ip => "130.242.125.83" }
dhcp::host { 'lobo2.lab': mac => "52:54:00:5e:72:91", ip => "130.242.125.86" }
+ dhcp::host { 'ca': mac => "52:54:00:4a:45:01", ip => "130.242.125.87" }
# SUNET TUG eduID hosts (KVM host cdr1.sunet.se)
dhcp::host { 'backup-tug-3': mac => "52:54:00:f2:7d:54", ip => "130.242.125.84" }
@@ -527,6 +536,7 @@ class sunet-dhcp-hosts {
dhcp::host { 'registry.swamid': mac => "52:54:00:52:53:0b", ip => "130.242.125.90" }
dhcp::host { 'mdx1.swamid': mac => "52:54:00:fe:bc:09", ip => "130.242.125.91" }
dhcp::host { 'mdx2.swamid': mac => "52:54:00:30:be:dd", ip => "130.242.125.92" }
+
}
class sshaccess {
@@ -764,13 +774,30 @@ class fail2ban {
}
}
+define etcd_node(peers_file=undef,cluster_name="etcd") {
+ file { ["/data","/data/${cluster_name}","/data/${cluster_name}/${name}"]: ensure => 'directory' }
+ sunet::docker_run { 'etcd_${name}':
+ image => 'quay.io/coreos/etcd',
+ extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:8001",
+ "-listen-peer-urls http://${::ipaddress_eth1}:8001"
+ "-advertise-client-urls http://${::ipaddress_eth1}:5001",
+ "-listen-client-urls http://${::ipaddress_eth1}:5001",
+ "-name ${::hostname}",
+ "-data-dir /data/${cluster_name}/${name}",
+ "-initial-cluster-token ${cluster_name}",
+ "-peers-file ${peers_file}"],
+ ports => ["8001:8001","5001:5001"]
+
+
+ }
+}
+
class quantis {
apt::ppa {'ppa:ndn/quantispci': }
package {'quantispci-dkms': }
}
class webcommon {
- docker::image {'coreos/etcd': }
}
class webfrontend {
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
new file mode 100644
index 0000000..b4175a9
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
@@ -0,0 +1,34 @@
+define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so",
+ $pkcs11_pin=undef,
+ $pkcs11_key_slot="0",
+ $pkcs11_key_id="abcd",
+ $autosign_dir=undef,
+ $autosign_type="peer",
+ $public_repo_url=undef,
+ $public_repo_dir=undef)
+{
+ apt::ppa {'ppa:leifj/ici': } ->
+ package { 'ici': ensure => latest } ->
+ exec { '${name}_setup_ca':
+ command => "/usr/bin/ici ${name} init",
+ creates => "/var/lib/ici/${name}"
+ } ->
+ file { '${name}_ca_config':
+ path => "/var/lib/ici/${name}/ca.config",
+ content => template("sunet/ici_ca/ca.config.erb")
+ } ->
+ if ($autosign_dir) {
+ cron {'ici_autosign':
+ command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} -t ${autosign_type} issue ${autosign_dir}"
+ user => "root",
+ minut => "*/5"
+ }
+ }
+ if ($public_repo_dir && $public_repo_url) {
+ cron {'ici_publish':
+ command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} publish ${public_repo}"
+ user => "root",
+ minut => "*/5"
+ }
+ }
+}
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb
new file mode 100644
index 0000000..86eb224
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb
@@ -0,0 +1,8 @@
+ICI_CA_KEY_ID=<%= @pkcs11_key_id %>
+ICI_CA_KEY_SLOT=<%= @pkcs11_key_slot %>
+ICI_PKCS11=<%= @pkcs11_module %>
+ICI_PKCS11_PIN=<%= @pkcs11_pin %>
+ICI_MD=sha256
+ICI_PUBLIC_URL=<%= @public_repo_url %>
+SOFTHSM_CONF=/var/lib/ici/<%= @name %>/softhsm.conf
+export SOFTHSM_CONF