diff options
Diffstat (limited to 'global/overlay/etc')
-rw-r--r-- | global/overlay/etc/puppet/cosmos-rules.yaml | 2 | ||||
-rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 25 |
2 files changed, 26 insertions, 1 deletions
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 1112bdf..4aab9c8 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -14,7 +14,7 @@ mdx1.swamid.se: signer: mdx2.swamid.se: dockerhost: - signer: + docker_signer: md-master.reep.refeds.org: sunet: swamidops: diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 5c5569d..64c84b0 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -96,6 +96,26 @@ node 'sto-fre-kvm1.swamid.se' { } +class docker_signer { + docker::image {'docker.samlbits.net/varnish': } + docker::image {'docker.samlbits.net/pyff': } + docker::run {'pyff': + image => 'docker.samlbits.net/pyff', + volumes => ['/opt/swamid-metadata:/opt/swamid-metadata'], + env => ['DATADIR=/opt/swamid-metadata','LOGLEVEL=INFO'] + } + docker::run {'varnish': + image => 'docker.samlbits.net/varnish', + links => ['pyff:backend'], + ports => ['80:80'] + } + cron {'update-swamid-metadata': + command => "cd /opt/swamid-metadata && git -q pull", + user => root, + minute => '*/5' + } +} + class signer { include cosmos::httpsproxy class {'varnish': @@ -515,6 +535,11 @@ class sunet { fstab_fix_shm => false, sysctl_net_hardening => false, } + } elsif $::hostname =~ /random/ { # pollen requires exec on /tmp + class {'bastion': + fixperms_enable => false, + fixperms_paranoia => false, + } } else { class {'bastion': fstab_fix_shm => false, |