summaryrefslogtreecommitdiff
path: root/global/overlay/etc
diff options
context:
space:
mode:
Diffstat (limited to 'global/overlay/etc')
-rw-r--r--global/overlay/etc/puppet/cosmos-db.yaml105
-rw-r--r--global/overlay/etc/puppet/cosmos-modules.conf1
-rw-r--r--global/overlay/etc/puppet/cosmos-rules.yaml4
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp30
4 files changed, 89 insertions, 51 deletions
diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml
index 2d48506..9d8b951 100644
--- a/global/overlay/etc/puppet/cosmos-db.yaml
+++ b/global/overlay/etc/puppet/cosmos-db.yaml
@@ -1,38 +1,47 @@
classes:
ca.sunet.se:
mailclient: &id001 {domain: sunet.se}
+ nunoc: null
sunetops: null
cdr1.sunet.se:
mailclient: *id001
+ nunoc: null
sunet-cdr: null
sunetops: null
cdr2.sunet.se:
mailclient: *id001
+ nunoc: null
sunet-cdr: null
sunetops: null
dane.lab.sunet.se:
mailclient: *id001
+ nunoc: null
sunetops: null
datasets.sunet.se:
- dockerhost: null
mailclient: *id001
+ nunoc: null
+ sunet::dockerhost: null
sunetops: null
webserver: null
docker.sunet.se:
dockerhost: null
mailclient: *id001
+ nunoc: null
sunetops: null
webserver: null
lobo2.lab.sunet.se:
mailclient: *id001
+ nunoc: null
sunetops: null
loke.sunet.se:
mailclient: *id001
+ nunoc: null
sunetops: null
- md-master.reep.refeds.org: {swamidops: null}
+ md-master.reep.refeds.org: {nunoc: null, swamidops: null}
mdx1.swamid.se:
dockerhost: null
mailclient: &id002 {domain: sunet.se}
+ nunoc: null
signer: null
sunetops: null
swamidops: null
@@ -40,130 +49,156 @@ classes:
docker_signer: null
dockerhost: null
mailclient: *id002
+ nunoc: null
sunetops: null
swamidops: null
meta.swamid.se:
mailclient: *id002
+ nunoc: null
sunetops: null
swamidops: null
random1.nordu.net:
entropyserver: null
mailclient: &id003 {domain: nordu.net}
+ nunoc: null
quantis: null
sunetops: null
random2.nordu.net:
entropyserver: null
mailclient: *id003
+ nunoc: null
quantis: null
sunetops: null
- reep.tid.isoc.org: {dockerhost: null, swamidops: null}
+ reep.tid.isoc.org: {dockerhost: null, nunoc: null, swamidops: null}
registry.swamid.se:
dockerhost: null
mailclient: *id002
+ nunoc: null
sunetops: null
swamidops: null
webserver: null
samltest.swamid.se:
mailclient: *id002
+ nunoc: null
sunetops: null
swamidops: null
sto-fre-kvm1.swamid.se:
mailclient: *id002
+ nunoc: null
sunetops: null
swamidops: null
sto-tug-kvm-lab1.swamid.se:
mailclient: *id002
+ nunoc: null
sunetops: null
swamidops: null
sto-tug-kvm-lab2.swamid.se:
mailclient: *id002
+ nunoc: null
sunetops: null
swamidops: null
sto-tug-kvm1.swamid.se:
mailclient: *id002
+ nunoc: null
sunetops: null
swamidops: null
sto-tug-kvm2.swamid.se:
mailclient: *id002
+ nunoc: null
sunet::dockerhost: null
sunetops: null
swamidops: null
webserver: null
web-a1.sunet.se:
mailclient: *id001
+ nunoc: null
sunet::dockerhost: null
sunetops: null
webappserver: null
web-a2.sunet.se:
mailclient: *id001
+ nunoc: null
sunet::dockerhost: null
sunetops: null
webappserver: null
web-db1.sunet.se:
mailclient: *id001
+ nunoc: null
sunet::dockerhost: null
sunetops: null
webbackend: null
web-db2.sunet.se:
mailclient: *id001
+ nunoc: null
sunet::dockerhost: null
sunetops: null
webbackend: null
web-db3.sunet.se:
mailclient: *id001
+ nunoc: null
sunet::dockerhost: null
sunetops: null
webbackend: null
web-f1.sunet.se:
mailclient: *id001
+ nunoc: null
sunet::dockerhost: null
sunetops: null
webfrontend: null
webserver: null
web-f2.sunet.se:
mailclient: *id001
+ nunoc: null
sunet::dockerhost: null
sunetops: null
webfrontend: null
webserver: null
- www2.eduid.se: {dockerhost: null}
+ www2.eduid.se: {dockerhost: null, nunoc: null}
members:
- all: [ca.sunet.se, cdr1.sunet.se, cdr2.sunet.se, dane.lab.sunet.se, datasets.sunet.se,
- docker.sunet.se, lobo2.lab.sunet.se, loke.sunet.se, md-master.reep.refeds.org,
- mdx1.swamid.se, mdx2.swamid.se, meta.swamid.se, random1.nordu.net, random2.nordu.net,
- reep.tid.isoc.org, registry.swamid.se, samltest.swamid.se, sto-fre-kvm1.swamid.se,
- sto-tug-kvm-lab1.swamid.se, sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se,
- sto-tug-kvm2.swamid.se, web-a1.sunet.se, web-a2.sunet.se, web-db1.sunet.se, web-db2.sunet.se,
- web-db3.sunet.se, web-f1.sunet.se, web-f2.sunet.se, www2.eduid.se]
+ all: [cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, reep.tid.isoc.org,
+ random1.nordu.net, md-master.reep.refeds.org, random2.nordu.net, sto-tug-kvm-lab2.swamid.se,
+ sto-tug-kvm1.swamid.se, ca.sunet.se, web-a2.sunet.se, loke.sunet.se, www2.eduid.se,
+ cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se,
+ web-f2.sunet.se, meta.swamid.se, registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se,
+ samltest.swamid.se, docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se,
+ sto-fre-kvm1.swamid.se, web-db3.sunet.se, web-a1.sunet.se]
docker_signer: [mdx2.swamid.se]
- dockerhost: [datasets.sunet.se, docker.sunet.se, mdx1.swamid.se, mdx2.swamid.se,
- reep.tid.isoc.org, registry.swamid.se, www2.eduid.se]
+ dockerhost: [reep.tid.isoc.org, www2.eduid.se, mdx1.swamid.se, registry.swamid.se,
+ mdx2.swamid.se, docker.sunet.se]
entropyserver: [random1.nordu.net, random2.nordu.net]
- mailclient: [ca.sunet.se, cdr1.sunet.se, cdr2.sunet.se, dane.lab.sunet.se, datasets.sunet.se,
- docker.sunet.se, lobo2.lab.sunet.se, loke.sunet.se, mdx1.swamid.se, mdx2.swamid.se,
- meta.swamid.se, random1.nordu.net, random2.nordu.net, registry.swamid.se, samltest.swamid.se,
- sto-fre-kvm1.swamid.se, sto-tug-kvm-lab1.swamid.se, sto-tug-kvm-lab2.swamid.se,
- sto-tug-kvm1.swamid.se, sto-tug-kvm2.swamid.se, web-a1.sunet.se, web-a2.sunet.se,
- web-db1.sunet.se, web-db2.sunet.se, web-db3.sunet.se, web-f1.sunet.se, web-f2.sunet.se]
+ mailclient: [cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, random1.nordu.net,
+ random2.nordu.net, sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, ca.sunet.se,
+ web-a2.sunet.se, loke.sunet.se, cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se,
+ mdx1.swamid.se, web-f1.sunet.se, web-f2.sunet.se, meta.swamid.se, registry.swamid.se,
+ dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se, docker.sunet.se, lobo2.lab.sunet.se,
+ sto-tug-kvm-lab1.swamid.se, sto-fre-kvm1.swamid.se, web-db3.sunet.se, web-a1.sunet.se]
+ nunoc: [cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, reep.tid.isoc.org,
+ random1.nordu.net, md-master.reep.refeds.org, random2.nordu.net, sto-tug-kvm-lab2.swamid.se,
+ sto-tug-kvm1.swamid.se, ca.sunet.se, web-a2.sunet.se, loke.sunet.se, www2.eduid.se,
+ cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se,
+ web-f2.sunet.se, meta.swamid.se, registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se,
+ samltest.swamid.se, docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se,
+ sto-fre-kvm1.swamid.se, web-db3.sunet.se, web-a1.sunet.se]
quantis: [random1.nordu.net, random2.nordu.net]
signer: [mdx1.swamid.se]
sunet-cdr: [cdr1.sunet.se, cdr2.sunet.se]
- sunet::dockerhost: [sto-tug-kvm2.swamid.se, web-a1.sunet.se, web-a2.sunet.se, web-db1.sunet.se,
- web-db2.sunet.se, web-db3.sunet.se, web-f1.sunet.se, web-f2.sunet.se]
- sunetops: [ca.sunet.se, cdr1.sunet.se, cdr1.sunet.se, cdr2.sunet.se, cdr2.sunet.se,
- dane.lab.sunet.se, datasets.sunet.se, docker.sunet.se, lobo2.lab.sunet.se, loke.sunet.se,
- mdx1.swamid.se, mdx2.swamid.se, meta.swamid.se, random1.nordu.net, random2.nordu.net,
- registry.swamid.se, samltest.swamid.se, sto-fre-kvm1.swamid.se, sto-tug-kvm-lab1.swamid.se,
- sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, sto-tug-kvm2.swamid.se, web-a1.sunet.se,
- web-a2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, web-db3.sunet.se, web-f1.sunet.se,
- web-f2.sunet.se]
- swamidops: [md-master.reep.refeds.org, mdx1.swamid.se, mdx2.swamid.se, meta.swamid.se,
- reep.tid.isoc.org, registry.swamid.se, samltest.swamid.se, sto-fre-kvm1.swamid.se,
- sto-tug-kvm-lab1.swamid.se, sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se,
- sto-tug-kvm2.swamid.se]
- webappserver: [web-a1.sunet.se, web-a2.sunet.se]
+ sunet::dockerhost: [sto-tug-kvm2.swamid.se, datasets.sunet.se, web-a2.sunet.se,
+ web-db1.sunet.se, web-db2.sunet.se, web-f1.sunet.se, web-f2.sunet.se, web-db3.sunet.se,
+ web-a1.sunet.se]
+ sunetops: [cdr1.sunet.se, cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se,
+ random1.nordu.net, random2.nordu.net, sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se,
+ ca.sunet.se, web-a2.sunet.se, loke.sunet.se, cdr2.sunet.se, cdr2.sunet.se, web-db1.sunet.se,
+ web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se, web-f2.sunet.se, meta.swamid.se,
+ registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se, docker.sunet.se,
+ lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se, sto-fre-kvm1.swamid.se, web-db3.sunet.se,
+ web-a1.sunet.se]
+ swamidops: [sto-tug-kvm2.swamid.se, reep.tid.isoc.org, md-master.reep.refeds.org,
+ sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, mdx1.swamid.se, meta.swamid.se,
+ registry.swamid.se, mdx2.swamid.se, samltest.swamid.se, sto-tug-kvm-lab1.swamid.se,
+ sto-fre-kvm1.swamid.se]
+ webappserver: [web-a2.sunet.se, web-a1.sunet.se]
webbackend: [web-db1.sunet.se, web-db2.sunet.se, web-db3.sunet.se]
webfrontend: [web-f1.sunet.se, web-f2.sunet.se]
- webserver: [datasets.sunet.se, docker.sunet.se, registry.swamid.se, sto-tug-kvm2.swamid.se,
- web-f1.sunet.se, web-f2.sunet.se]
+ webserver: [sto-tug-kvm2.swamid.se, datasets.sunet.se, web-f1.sunet.se, web-f2.sunet.se,
+ registry.swamid.se, docker.sunet.se]
diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf
index 0260724..eaed23d 100644
--- a/global/overlay/etc/puppet/cosmos-modules.conf
+++ b/global/overlay/etc/puppet/cosmos-modules.conf
@@ -18,3 +18,4 @@ varnish git://github.com/samlbits/puppet-varnish.git yes puppet-varnish-*
docker git://github.com/SUNET/garethr-docker.git yes sunet-*
network git://github.com/SUNET/attachmentgenie-network.git yes sunet-*
sunet git://github.com/SUNET/puppet-sunet.git yes sunet-*
+sysctl git://github.com/SUNET/puppet-sysctl.git yes sunet-*
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 5376303..1425dc4 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1,3 +1,5 @@
+'.+':
+ nunoc:
'^cdr\d+\.sunet\.se$':
sunet-cdr:
sunetops:
@@ -14,7 +16,7 @@ registry.swamid.se:
dockerhost:
webserver:
datasets.sunet.se:
- dockerhost:
+ sunet::dockerhost:
webserver:
docker.sunet.se:
dockerhost:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index d4bd72c..375a36b 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -31,6 +31,9 @@ class mailclient ($domain) {
# you need a default node, all nodes need ssh + ufw
node default {
+}
+
+class nunoc {
include sshaccess
if $::hostname !~ /random/ {
include sunet::simple_entropy
@@ -115,29 +118,26 @@ node 'reep.tid.isoc.org' {
}
node 'datasets.sunet.se' {
- docker::image {'dockerfile/redis': }
- docker::image {'docker.sunet.se/datasets': }
+ class {'sunet::dockerhost': } ->
file {'/opt/lobo2-redis-data':
ensure => 'directory',
- }
+ } ->
file {'/etc/ssl':
ensure => 'directory',
- }
- docker::run {'redis':
- image => 'dockerfile/redis',
- use_name => true,
+ } ->
+ user { 'redis': ensure => exists, system => true } ->
+ sunet::docker_run {'datasets-redis':
+ image => 'redis',
+ imagetag => 'latest',
volumes => ['/opt/lobo2-redis-data:/data','/var/log:/var/log'],
- verify_checksum => false,
- }
- docker::run {'datasets':
+ } ->
+ sunet::docker_run {'datasets':
image => 'docker.sunet.se/datasets',
- use_name => true,
- env => ['BASE_URL=https://datasets.sunet.se'],
+ imagetag => 'latest',
volumes => ['/etc/ssl:/etc/ssl','/var/log:/var/log'],
ports => ['80:80','443:443'],
- links => ['redis:redis'],
- start_on => 'docker-redis',
- verify_checksum => false,
+ env => ["REDIS_PORT=tcp://datasets-redis.docker:6379",'BASE_URL=https://datasets.sunet.se'],
+ start_on => 'docker-datasets-redis'
}
}