diff options
Diffstat (limited to 'global/overlay/etc')
-rw-r--r-- | global/overlay/etc/puppet/cosmos-db.yaml | 105 | ||||
-rw-r--r-- | global/overlay/etc/puppet/cosmos-modules.conf | 1 | ||||
-rw-r--r-- | global/overlay/etc/puppet/cosmos-rules.yaml | 4 | ||||
-rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 30 |
4 files changed, 89 insertions, 51 deletions
diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 2d48506..9d8b951 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -1,38 +1,47 @@ classes: ca.sunet.se: mailclient: &id001 {domain: sunet.se} + nunoc: null sunetops: null cdr1.sunet.se: mailclient: *id001 + nunoc: null sunet-cdr: null sunetops: null cdr2.sunet.se: mailclient: *id001 + nunoc: null sunet-cdr: null sunetops: null dane.lab.sunet.se: mailclient: *id001 + nunoc: null sunetops: null datasets.sunet.se: - dockerhost: null mailclient: *id001 + nunoc: null + sunet::dockerhost: null sunetops: null webserver: null docker.sunet.se: dockerhost: null mailclient: *id001 + nunoc: null sunetops: null webserver: null lobo2.lab.sunet.se: mailclient: *id001 + nunoc: null sunetops: null loke.sunet.se: mailclient: *id001 + nunoc: null sunetops: null - md-master.reep.refeds.org: {swamidops: null} + md-master.reep.refeds.org: {nunoc: null, swamidops: null} mdx1.swamid.se: dockerhost: null mailclient: &id002 {domain: sunet.se} + nunoc: null signer: null sunetops: null swamidops: null @@ -40,130 +49,156 @@ classes: docker_signer: null dockerhost: null mailclient: *id002 + nunoc: null sunetops: null swamidops: null meta.swamid.se: mailclient: *id002 + nunoc: null sunetops: null swamidops: null random1.nordu.net: entropyserver: null mailclient: &id003 {domain: nordu.net} + nunoc: null quantis: null sunetops: null random2.nordu.net: entropyserver: null mailclient: *id003 + nunoc: null quantis: null sunetops: null - reep.tid.isoc.org: {dockerhost: null, swamidops: null} + reep.tid.isoc.org: {dockerhost: null, nunoc: null, swamidops: null} registry.swamid.se: dockerhost: null mailclient: *id002 + nunoc: null sunetops: null swamidops: null webserver: null samltest.swamid.se: mailclient: *id002 + nunoc: null sunetops: null swamidops: null sto-fre-kvm1.swamid.se: mailclient: *id002 + nunoc: null sunetops: null swamidops: null sto-tug-kvm-lab1.swamid.se: mailclient: *id002 + nunoc: null sunetops: null swamidops: null sto-tug-kvm-lab2.swamid.se: mailclient: *id002 + nunoc: null sunetops: null swamidops: null sto-tug-kvm1.swamid.se: mailclient: *id002 + nunoc: null sunetops: null swamidops: null sto-tug-kvm2.swamid.se: mailclient: *id002 + nunoc: null sunet::dockerhost: null sunetops: null swamidops: null webserver: null web-a1.sunet.se: mailclient: *id001 + nunoc: null sunet::dockerhost: null sunetops: null webappserver: null web-a2.sunet.se: mailclient: *id001 + nunoc: null sunet::dockerhost: null sunetops: null webappserver: null web-db1.sunet.se: mailclient: *id001 + nunoc: null sunet::dockerhost: null sunetops: null webbackend: null web-db2.sunet.se: mailclient: *id001 + nunoc: null sunet::dockerhost: null sunetops: null webbackend: null web-db3.sunet.se: mailclient: *id001 + nunoc: null sunet::dockerhost: null sunetops: null webbackend: null web-f1.sunet.se: mailclient: *id001 + nunoc: null sunet::dockerhost: null sunetops: null webfrontend: null webserver: null web-f2.sunet.se: mailclient: *id001 + nunoc: null sunet::dockerhost: null sunetops: null webfrontend: null webserver: null - www2.eduid.se: {dockerhost: null} + www2.eduid.se: {dockerhost: null, nunoc: null} members: - all: [ca.sunet.se, cdr1.sunet.se, cdr2.sunet.se, dane.lab.sunet.se, datasets.sunet.se, - docker.sunet.se, lobo2.lab.sunet.se, loke.sunet.se, md-master.reep.refeds.org, - mdx1.swamid.se, mdx2.swamid.se, meta.swamid.se, random1.nordu.net, random2.nordu.net, - reep.tid.isoc.org, registry.swamid.se, samltest.swamid.se, sto-fre-kvm1.swamid.se, - sto-tug-kvm-lab1.swamid.se, sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, - sto-tug-kvm2.swamid.se, web-a1.sunet.se, web-a2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, - web-db3.sunet.se, web-f1.sunet.se, web-f2.sunet.se, www2.eduid.se] + all: [cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, reep.tid.isoc.org, + random1.nordu.net, md-master.reep.refeds.org, random2.nordu.net, sto-tug-kvm-lab2.swamid.se, + sto-tug-kvm1.swamid.se, ca.sunet.se, web-a2.sunet.se, loke.sunet.se, www2.eduid.se, + cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se, + web-f2.sunet.se, meta.swamid.se, registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, + samltest.swamid.se, docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se, + sto-fre-kvm1.swamid.se, web-db3.sunet.se, web-a1.sunet.se] docker_signer: [mdx2.swamid.se] - dockerhost: [datasets.sunet.se, docker.sunet.se, mdx1.swamid.se, mdx2.swamid.se, - reep.tid.isoc.org, registry.swamid.se, www2.eduid.se] + dockerhost: [reep.tid.isoc.org, www2.eduid.se, mdx1.swamid.se, registry.swamid.se, + mdx2.swamid.se, docker.sunet.se] entropyserver: [random1.nordu.net, random2.nordu.net] - mailclient: [ca.sunet.se, cdr1.sunet.se, cdr2.sunet.se, dane.lab.sunet.se, datasets.sunet.se, - docker.sunet.se, lobo2.lab.sunet.se, loke.sunet.se, mdx1.swamid.se, mdx2.swamid.se, - meta.swamid.se, random1.nordu.net, random2.nordu.net, registry.swamid.se, samltest.swamid.se, - sto-fre-kvm1.swamid.se, sto-tug-kvm-lab1.swamid.se, sto-tug-kvm-lab2.swamid.se, - sto-tug-kvm1.swamid.se, sto-tug-kvm2.swamid.se, web-a1.sunet.se, web-a2.sunet.se, - web-db1.sunet.se, web-db2.sunet.se, web-db3.sunet.se, web-f1.sunet.se, web-f2.sunet.se] + mailclient: [cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, random1.nordu.net, + random2.nordu.net, sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, ca.sunet.se, + web-a2.sunet.se, loke.sunet.se, cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, + mdx1.swamid.se, web-f1.sunet.se, web-f2.sunet.se, meta.swamid.se, registry.swamid.se, + dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se, docker.sunet.se, lobo2.lab.sunet.se, + sto-tug-kvm-lab1.swamid.se, sto-fre-kvm1.swamid.se, web-db3.sunet.se, web-a1.sunet.se] + nunoc: [cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, reep.tid.isoc.org, + random1.nordu.net, md-master.reep.refeds.org, random2.nordu.net, sto-tug-kvm-lab2.swamid.se, + sto-tug-kvm1.swamid.se, ca.sunet.se, web-a2.sunet.se, loke.sunet.se, www2.eduid.se, + cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se, + web-f2.sunet.se, meta.swamid.se, registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, + samltest.swamid.se, docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se, + sto-fre-kvm1.swamid.se, web-db3.sunet.se, web-a1.sunet.se] quantis: [random1.nordu.net, random2.nordu.net] signer: [mdx1.swamid.se] sunet-cdr: [cdr1.sunet.se, cdr2.sunet.se] - sunet::dockerhost: [sto-tug-kvm2.swamid.se, web-a1.sunet.se, web-a2.sunet.se, web-db1.sunet.se, - web-db2.sunet.se, web-db3.sunet.se, web-f1.sunet.se, web-f2.sunet.se] - sunetops: [ca.sunet.se, cdr1.sunet.se, cdr1.sunet.se, cdr2.sunet.se, cdr2.sunet.se, - dane.lab.sunet.se, datasets.sunet.se, docker.sunet.se, lobo2.lab.sunet.se, loke.sunet.se, - mdx1.swamid.se, mdx2.swamid.se, meta.swamid.se, random1.nordu.net, random2.nordu.net, - registry.swamid.se, samltest.swamid.se, sto-fre-kvm1.swamid.se, sto-tug-kvm-lab1.swamid.se, - sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, sto-tug-kvm2.swamid.se, web-a1.sunet.se, - web-a2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, web-db3.sunet.se, web-f1.sunet.se, - web-f2.sunet.se] - swamidops: [md-master.reep.refeds.org, mdx1.swamid.se, mdx2.swamid.se, meta.swamid.se, - reep.tid.isoc.org, registry.swamid.se, samltest.swamid.se, sto-fre-kvm1.swamid.se, - sto-tug-kvm-lab1.swamid.se, sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, - sto-tug-kvm2.swamid.se] - webappserver: [web-a1.sunet.se, web-a2.sunet.se] + sunet::dockerhost: [sto-tug-kvm2.swamid.se, datasets.sunet.se, web-a2.sunet.se, + web-db1.sunet.se, web-db2.sunet.se, web-f1.sunet.se, web-f2.sunet.se, web-db3.sunet.se, + web-a1.sunet.se] + sunetops: [cdr1.sunet.se, cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, + random1.nordu.net, random2.nordu.net, sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, + ca.sunet.se, web-a2.sunet.se, loke.sunet.se, cdr2.sunet.se, cdr2.sunet.se, web-db1.sunet.se, + web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se, web-f2.sunet.se, meta.swamid.se, + registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se, docker.sunet.se, + lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se, sto-fre-kvm1.swamid.se, web-db3.sunet.se, + web-a1.sunet.se] + swamidops: [sto-tug-kvm2.swamid.se, reep.tid.isoc.org, md-master.reep.refeds.org, + sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, mdx1.swamid.se, meta.swamid.se, + registry.swamid.se, mdx2.swamid.se, samltest.swamid.se, sto-tug-kvm-lab1.swamid.se, + sto-fre-kvm1.swamid.se] + webappserver: [web-a2.sunet.se, web-a1.sunet.se] webbackend: [web-db1.sunet.se, web-db2.sunet.se, web-db3.sunet.se] webfrontend: [web-f1.sunet.se, web-f2.sunet.se] - webserver: [datasets.sunet.se, docker.sunet.se, registry.swamid.se, sto-tug-kvm2.swamid.se, - web-f1.sunet.se, web-f2.sunet.se] + webserver: [sto-tug-kvm2.swamid.se, datasets.sunet.se, web-f1.sunet.se, web-f2.sunet.se, + registry.swamid.se, docker.sunet.se] diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf index 0260724..eaed23d 100644 --- a/global/overlay/etc/puppet/cosmos-modules.conf +++ b/global/overlay/etc/puppet/cosmos-modules.conf @@ -18,3 +18,4 @@ varnish git://github.com/samlbits/puppet-varnish.git yes puppet-varnish-* docker git://github.com/SUNET/garethr-docker.git yes sunet-* network git://github.com/SUNET/attachmentgenie-network.git yes sunet-* sunet git://github.com/SUNET/puppet-sunet.git yes sunet-* +sysctl git://github.com/SUNET/puppet-sysctl.git yes sunet-* diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 5376303..1425dc4 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -1,3 +1,5 @@ +'.+': + nunoc: '^cdr\d+\.sunet\.se$': sunet-cdr: sunetops: @@ -14,7 +16,7 @@ registry.swamid.se: dockerhost: webserver: datasets.sunet.se: - dockerhost: + sunet::dockerhost: webserver: docker.sunet.se: dockerhost: diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index d4bd72c..375a36b 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -31,6 +31,9 @@ class mailclient ($domain) { # you need a default node, all nodes need ssh + ufw node default { +} + +class nunoc { include sshaccess if $::hostname !~ /random/ { include sunet::simple_entropy @@ -115,29 +118,26 @@ node 'reep.tid.isoc.org' { } node 'datasets.sunet.se' { - docker::image {'dockerfile/redis': } - docker::image {'docker.sunet.se/datasets': } + class {'sunet::dockerhost': } -> file {'/opt/lobo2-redis-data': ensure => 'directory', - } + } -> file {'/etc/ssl': ensure => 'directory', - } - docker::run {'redis': - image => 'dockerfile/redis', - use_name => true, + } -> + user { 'redis': ensure => exists, system => true } -> + sunet::docker_run {'datasets-redis': + image => 'redis', + imagetag => 'latest', volumes => ['/opt/lobo2-redis-data:/data','/var/log:/var/log'], - verify_checksum => false, - } - docker::run {'datasets': + } -> + sunet::docker_run {'datasets': image => 'docker.sunet.se/datasets', - use_name => true, - env => ['BASE_URL=https://datasets.sunet.se'], + imagetag => 'latest', volumes => ['/etc/ssl:/etc/ssl','/var/log:/var/log'], ports => ['80:80','443:443'], - links => ['redis:redis'], - start_on => 'docker-redis', - verify_checksum => false, + env => ["REDIS_PORT=tcp://datasets-redis.docker:6379",'BASE_URL=https://datasets.sunet.se'], + start_on => 'docker-datasets-redis' } } |