summaryrefslogtreecommitdiff
path: root/global/overlay
diff options
context:
space:
mode:
Diffstat (limited to 'global/overlay')
-rw-r--r--global/overlay/etc/puppet/cosmos-db.yaml106
-rw-r--r--global/overlay/etc/puppet/cosmos-rules.yaml10
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp173
3 files changed, 172 insertions, 117 deletions
diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml
index a4551f9..b574d46 100644
--- a/global/overlay/etc/puppet/cosmos-db.yaml
+++ b/global/overlay/etc/puppet/cosmos-db.yaml
@@ -28,6 +28,11 @@ classes:
nunoc: null
sunetops: null
webserver: null
+ git.swamid.se:
+ mailclient: &id002 {domain: sunet.se}
+ nunoc: null
+ sunetops: null
+ swamidops: null
lobo2.lab.sunet.se:
mailclient: *id001
nunoc: null
@@ -37,19 +42,29 @@ classes:
nunoc: null
sunetops: null
md-master.reep.refeds.org: {nunoc: null, swamidops: null}
+ mds1.swamid.se:
+ mailclient: *id002
+ nunoc: null
+ sunetops: null
+ swamid_static_signer: null
+ swamidops: null
+ mds2.swamid.se:
+ mailclient: *id002
+ nunoc: null
+ sunetops: null
+ swamid_static_signer: null
+ swamidops: null
mdx1.swamid.se:
- dockerhost: null
- mailclient: &id002 {domain: sunet.se}
+ mailclient: *id002
nunoc: null
- signer: null
sunetops: null
+ swamid_pyff_signer: null
swamidops: null
mdx2.swamid.se:
- docker_signer: null
- dockerhost: null
mailclient: *id002
nunoc: null
sunetops: null
+ swamid_pyff_signer: null
swamidops: null
meta.swamid.se:
mailclient: *id002
@@ -151,50 +166,51 @@ classes:
webcommon: null
webfrontend: null
webserver: null
- www2.eduid.se: {nunoc: null}
members:
- all: [ca.sunet.se, cdr1.sunet.se, web-f1.sunet.se, web-db3.sunet.se, random1.nordu.net,
- web-db2.sunet.se, sto-tug-kvm-lab2.swamid.se, random2.nordu.net, www2.eduid.se,
- md-master.reep.refeds.org, datasets.sunet.se, mdx1.swamid.se, sto-tug-kvm-lab1.swamid.se,
- web-a1.sunet.se, mdx2.swamid.se, samltest.swamid.se, web-db1.sunet.se, meta.swamid.se,
- sto-tug-kvm2.swamid.se, web-f2.sunet.se, dane.lab.sunet.se, cdr2.sunet.se, web-a2.sunet.se,
- loke.sunet.se, docker.sunet.se, sto-fre-kvm1.swamid.se, registry.swamid.se, sto-tug-kvm1.swamid.se,
- lobo2.lab.sunet.se]
- docker_signer: [mdx2.swamid.se]
- dockerhost: [mdx1.swamid.se, mdx2.swamid.se, docker.sunet.se, registry.swamid.se]
+ all: [cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, random1.nordu.net,
+ md-master.reep.refeds.org, random2.nordu.net, sto-tug-kvm-lab2.swamid.se, mds1.swamid.se,
+ sto-tug-kvm1.swamid.se, ca.sunet.se, web-a2.sunet.se, loke.sunet.se, cdr2.sunet.se,
+ web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se, web-f2.sunet.se,
+ meta.swamid.se, registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se,
+ git.swamid.se, docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se,
+ sto-fre-kvm1.swamid.se, web-db3.sunet.se, mds2.swamid.se, web-a1.sunet.se]
+ dockerhost: [registry.swamid.se, docker.sunet.se]
entropyserver: [random1.nordu.net, random2.nordu.net]
- mailclient: [ca.sunet.se, cdr1.sunet.se, web-f1.sunet.se, web-db3.sunet.se, random1.nordu.net,
- web-db2.sunet.se, sto-tug-kvm-lab2.swamid.se, random2.nordu.net, datasets.sunet.se,
- mdx1.swamid.se, sto-tug-kvm-lab1.swamid.se, web-a1.sunet.se, mdx2.swamid.se, samltest.swamid.se,
- web-db1.sunet.se, meta.swamid.se, sto-tug-kvm2.swamid.se, web-f2.sunet.se, dane.lab.sunet.se,
- cdr2.sunet.se, web-a2.sunet.se, loke.sunet.se, docker.sunet.se, sto-fre-kvm1.swamid.se,
- registry.swamid.se, sto-tug-kvm1.swamid.se, lobo2.lab.sunet.se]
- nunoc: [ca.sunet.se, cdr1.sunet.se, web-f1.sunet.se, web-db3.sunet.se, random1.nordu.net,
- web-db2.sunet.se, sto-tug-kvm-lab2.swamid.se, random2.nordu.net, www2.eduid.se,
- md-master.reep.refeds.org, datasets.sunet.se, mdx1.swamid.se, sto-tug-kvm-lab1.swamid.se,
- web-a1.sunet.se, mdx2.swamid.se, samltest.swamid.se, web-db1.sunet.se, meta.swamid.se,
- sto-tug-kvm2.swamid.se, web-f2.sunet.se, dane.lab.sunet.se, cdr2.sunet.se, web-a2.sunet.se,
- loke.sunet.se, docker.sunet.se, sto-fre-kvm1.swamid.se, registry.swamid.se, sto-tug-kvm1.swamid.se,
- lobo2.lab.sunet.se]
+ mailclient: [cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, random1.nordu.net,
+ random2.nordu.net, sto-tug-kvm-lab2.swamid.se, mds1.swamid.se, sto-tug-kvm1.swamid.se,
+ ca.sunet.se, web-a2.sunet.se, loke.sunet.se, cdr2.sunet.se, web-db1.sunet.se,
+ web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se, web-f2.sunet.se, meta.swamid.se,
+ registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se, git.swamid.se,
+ docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se, sto-fre-kvm1.swamid.se,
+ web-db3.sunet.se, mds2.swamid.se, web-a1.sunet.se]
+ nunoc: [cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se, random1.nordu.net,
+ md-master.reep.refeds.org, random2.nordu.net, sto-tug-kvm-lab2.swamid.se, mds1.swamid.se,
+ sto-tug-kvm1.swamid.se, ca.sunet.se, web-a2.sunet.se, loke.sunet.se, cdr2.sunet.se,
+ web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se, web-f2.sunet.se,
+ meta.swamid.se, registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se,
+ git.swamid.se, docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se,
+ sto-fre-kvm1.swamid.se, web-db3.sunet.se, mds2.swamid.se, web-a1.sunet.se]
quantis: [random1.nordu.net, random2.nordu.net]
- signer: [mdx1.swamid.se]
sunet-cdr: [cdr1.sunet.se, cdr2.sunet.se]
sunet::dockerhost: [sto-tug-kvm2.swamid.se]
- sunetops: [ca.sunet.se, cdr1.sunet.se, cdr1.sunet.se, web-f1.sunet.se, web-db3.sunet.se,
- random1.nordu.net, web-db2.sunet.se, sto-tug-kvm-lab2.swamid.se, random2.nordu.net,
- datasets.sunet.se, mdx1.swamid.se, sto-tug-kvm-lab1.swamid.se, web-a1.sunet.se,
- mdx2.swamid.se, samltest.swamid.se, web-db1.sunet.se, meta.swamid.se, sto-tug-kvm2.swamid.se,
- web-f2.sunet.se, dane.lab.sunet.se, cdr2.sunet.se, cdr2.sunet.se, web-a2.sunet.se,
- loke.sunet.se, docker.sunet.se, sto-fre-kvm1.swamid.se, registry.swamid.se, sto-tug-kvm1.swamid.se,
- lobo2.lab.sunet.se]
- swamidops: [sto-tug-kvm-lab2.swamid.se, md-master.reep.refeds.org, mdx1.swamid.se,
- sto-tug-kvm-lab1.swamid.se, mdx2.swamid.se, samltest.swamid.se, meta.swamid.se,
- sto-tug-kvm2.swamid.se, sto-fre-kvm1.swamid.se, registry.swamid.se, sto-tug-kvm1.swamid.se]
- webappserver: [web-a1.sunet.se, web-a2.sunet.se]
- webbackend: [web-db3.sunet.se, web-db2.sunet.se, web-db1.sunet.se]
- webcommon: [web-f1.sunet.se, web-db3.sunet.se, web-db2.sunet.se, web-a1.sunet.se,
- web-db1.sunet.se, web-f2.sunet.se, web-a2.sunet.se]
+ sunetops: [cdr1.sunet.se, cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se,
+ random1.nordu.net, random2.nordu.net, sto-tug-kvm-lab2.swamid.se, mds1.swamid.se,
+ sto-tug-kvm1.swamid.se, ca.sunet.se, web-a2.sunet.se, loke.sunet.se, cdr2.sunet.se,
+ cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se,
+ web-f2.sunet.se, meta.swamid.se, registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se,
+ samltest.swamid.se, git.swamid.se, docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se,
+ sto-fre-kvm1.swamid.se, web-db3.sunet.se, mds2.swamid.se, web-a1.sunet.se]
+ swamid_pyff_signer: [mdx1.swamid.se, mdx2.swamid.se]
+ swamid_static_signer: [mds1.swamid.se, mds2.swamid.se]
+ swamidops: [sto-tug-kvm2.swamid.se, md-master.reep.refeds.org, sto-tug-kvm-lab2.swamid.se,
+ mds1.swamid.se, sto-tug-kvm1.swamid.se, mdx1.swamid.se, meta.swamid.se, registry.swamid.se,
+ mdx2.swamid.se, samltest.swamid.se, git.swamid.se, sto-tug-kvm-lab1.swamid.se,
+ sto-fre-kvm1.swamid.se, mds2.swamid.se]
+ webappserver: [web-a2.sunet.se, web-a1.sunet.se]
+ webbackend: [web-db1.sunet.se, web-db2.sunet.se, web-db3.sunet.se]
+ webcommon: [web-a2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, web-f1.sunet.se,
+ web-f2.sunet.se, web-db3.sunet.se, web-a1.sunet.se]
webfrontend: [web-f1.sunet.se, web-f2.sunet.se]
- webserver: [web-f1.sunet.se, datasets.sunet.se, sto-tug-kvm2.swamid.se, web-f2.sunet.se,
- docker.sunet.se, registry.swamid.se]
+ webserver: [sto-tug-kvm2.swamid.se, datasets.sunet.se, web-f1.sunet.se, web-f2.sunet.se,
+ registry.swamid.se, docker.sunet.se]
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 718ce2a..bf75b07 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -21,11 +21,13 @@ docker.sunet.se:
dockerhost:
webserver:
mdx1.swamid.se:
- dockerhost:
- signer:
+ swamid_pyff_signer:
mdx2.swamid.se:
- dockerhost:
- docker_signer:
+ swamid_pyff_signer:
+mds1.swamid.se:
+ swamid_static_signer:
+mds2.swamid.se:
+ swamid_static_signer:
sto-tug-kvm2.swamid.se:
webserver:
sunet::dockerhost:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index a205fd9..ccf1bd9 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -83,12 +83,27 @@ node 'sto-tug-kvm1.swamid.se' {
}
sunet::cloudimage { 'mdx1.swamid.se':
- mac => '52:54:00:fe:bc:09',
- dhcp => true,
+ dhcp => false,
+ repo => 'git://git.nordu.net/nunoc-ops.git',
+ tagpattern => 'sunet-ops',
+ cpus => '1',
+ memory => '2048',
+ ip => '130.242.125.91',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.65',
+ resolver => '130.242.80.14 130.242.80.99'
+ }
+
+ sunet::cloudimage { 'mds1.swamid.se':
+ dhcp => false,
repo => 'git://git.nordu.net/nunoc-ops.git',
tagpattern => 'sunet-ops',
cpus => '1',
memory => '2048',
+ ip => '130.242.125.92',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.65',
+ resolver => '130.242.80.14 130.242.80.99'
}
sunet::dhcp_kvm { 'md-master.reep.refeds.org':
@@ -103,14 +118,45 @@ node 'sto-tug-kvm1.swamid.se' {
node 'sto-fre-kvm1.swamid.se' {
sunet::cloudimage { 'mdx2.swamid.se':
- mac => '52:54:00:30:be:dd',
- dhcp => true,
+ dhcp => false,
repo => 'git://git.nordu.net/nunoc-ops.git',
tagpattern => 'sunet-ops',
cpus => '1',
memory => '2048',
+ ip => '130.242.125.151',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.129',
+ resolver => '130.242.80.14 130.242.80.99'
+ }
+
+ sunet::cloudimage { 'mds2.swamid.se':
+ dhcp => false,
+ repo => 'git://git.nordu.net/nunoc-ops.git',
+ tagpattern => 'sunet-ops',
+ cpus => '1',
+ memory => '2048',
+ ip => '130.242.125.152',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.129',
+ resolver => '130.242.80.14 130.242.80.99'
}
+ sunet::cloudimage { 'git.swamid.se':
+ dhcp => false,
+ repo => 'git://git.nordu.net/nunoc-ops.git',
+ tagpattern => 'sunet-ops',
+ cpus => '1',
+ memory => '2048',
+ ip => '130.242.125.153',
+ netmask => '255.255.255.192',
+ gateway => '130.242.125.129',
+ resolver => '130.242.80.14 130.242.80.99'
+ }
+
+}
+
+node 'git.swamid.se' {
+
}
node 'datasets.sunet.se' {
@@ -159,50 +205,68 @@ node 'docker.sunet.se' {
}
}
-class docker_signer {
- docker::image {'docker.samlbits.net/varnish': }
- docker::image {'docker.samlbits.net/pyff': }
- docker::run {'pyff':
- image => 'docker.samlbits.net/pyff',
- volumes => ['/opt/swamid-metadata:/opt/swamid-metadata'],
- env => ['DATADIR=/opt/swamid-metadata','LOGLEVEL=INFO']
- }
- docker::run {'varnish':
- image => 'docker.samlbits.net/varnish',
- links => ['pyff:backend'],
- ports => ['80:80']
+define pyff($dir) {
+ ensure_resource('class', 'sunet::dockerhost', {})
+ sunet::docker_run {"pyff_${name}":
+ image => 'docker.sunet.se/pyff',
+ imagetag => 'latest',
+ volumes => ["${dir}:${dir}"],
+ env => ['DATADIR=${dir}','LOGLEVEL=INFO']
}
- cron {'update-swamid-metadata':
- command => "cd /opt/swamid-metadata && git pull -q",
- user => root,
- minute => '*/5'
+ sunet::docker_run {"varnish_${name}":
+ image => 'docker.sunet.se/varnish',
+ imagetag => 'latest',
+ env => ["BACKEND_PORT=tcp://pyff_${name}.docker:8080"],
+ ports => ['80:80']
}
}
-class signer {
- include cosmos::httpsproxy
- class {'varnish':
- domain => 'swamid.se',
- backends => {
- mdx => 'http://localhost:8000/'
- },
- vhosts => {
- mdx => 'mdx.swamid.se'
- }
+class swamid_metadata {
+ vcsrepo { '/opt/swamid-metadata':
+ ensure => present,
+ provider => git,
+ source => 'git@md-master.swamid.se:swamid-metadata.git'
}
- class {'pyff':
- load => ["/opt/metadata"],
- port => 8000,
- address => '0.0.0.0',
- validUntil => 'P10D',
- cacheDuration => 'PT5H',
- replace => false
+}
+
+class swamid_static_signer {
+ ensure_resource('class', 'sunet::dockerhost', {})
+ class { 'swamid_metadata': } ->
+ user { 'www-data': system => true } ->
+ file { '/opt/published-metadata': ensure => directory, owner => 'www-data', group => 'www-data' } ->
+ package { ['make','libdate-calc-perl', 'libxml2-utils', 'xsltproc', 'opensaml2-tools', 'xmlsec1', 'autoconf']: ensure => installed } ->
+ vcsrepo { '/opt/saml-md-tools':
+ ensure => present,
+ provider => git,
+ source => 'git://git.nordu.net/saml-md-tools.git'
+ } ->
+ exec { 'install_saml_md_tools':
+ command => '/usr/bin/autoreconf -is && ./configure --prefix=/usr/local && make && make install',
+ cwd => '/opt/saml-md-tools',
+ path => '/bin:/usr/bin:/usr/sbin',
+ onlyif => '/usr/bin/test ! -f /usr/local/bin/saml-md-tool'
+ } ->
+ cron { 'publish-swamid-metadata':
+ command => "/opt/swamid-metadata/scripts/update.sh",
+ user => root,
+ minute => '*/5'
+ } ->
+ sunet::docker_run {'swamid_mds':
+ image => 'docker.sunet.se/swamid-mds',
+ imagetag => 'latest',
+ volumes => ['/etc/ssl:/etc/ssl','/opt/published-metadata:/opt/published-metadata','/opt/swamid-metadata/xslt:/opt/swamid-metadata/xslt'],
+ ports => ['80:80','443:443']
}
+}
+
+class swamid_pyff_signer {
+ class { 'swamid_metadata': } ->
cron {'update-swamid-metadata':
- command => "cd /opt/swamid-metadata && git pull -q",
- user => root,
- minute => '*/5'
- }
+ command => "cd /opt/swamid-metadata && git pull -q",
+ user => root,
+ minute => '*/5'
+ } ->
+ pyff {'swamid': dir => '/opt/swamid-metadata' }
}
node 'md-master.reep.refeds.org' {
@@ -215,31 +279,6 @@ node 'md-master.reep.refeds.org' {
}
node 'registry.swamid.se' {
- class {'pyff':
- load => ['/opt/peer/media/vf_repo'],
- validUntil => 'P30D',
- cacheDuration => 'PT24H',
- replace => false,
- port => 8000,
- address => '127.0.0.1'
- }
- $peerpkg = ['xmlsec1','libxmlsec1-openssl','libpq-dev','postgresql','postgresql-client']
- package { $peerpkg: ensure => installed }
- python::virtualenv { '/opt/peer':
- ensure => present
- }
- python::pip { 'peer==0.13.0':
- pkgname => 'peer==0.13.0',
- virtualenv => '/opt/peer'
- }
-
- #class { 'postgresql::server': }
-
- #postgresql::server::db { 'peer':
- # encoding => 'utf-8',
- # user => 'peer',
- # password => postgresql_password('peer', hiera('peer_db_password')),
- #}
}
node 'sto-tug-kvm-lab1.swamid.se' {
@@ -575,8 +614,6 @@ class sunet-dhcp-hosts {
# SWAMID production
dhcp::host { 'registry.swamid': mac => "52:54:00:52:53:0b", ip => "130.242.125.90" }
- dhcp::host { 'mdx1.swamid': mac => "52:54:00:fe:bc:09", ip => "130.242.125.91" }
- dhcp::host { 'mdx2.swamid': mac => "52:54:00:30:be:dd", ip => "130.242.125.92" }
}
class sunetops {
generated by cgit v1.1 at 2024-12-26 20:23:12 +0000