summaryrefslogtreecommitdiff
path: root/global
diff options
context:
space:
mode:
Diffstat (limited to 'global')
-rw-r--r--global/overlay/etc/puppet/cosmos-rules.yaml2
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp25
2 files changed, 26 insertions, 1 deletions
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 1112bdf..4aab9c8 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -14,7 +14,7 @@ mdx1.swamid.se:
signer:
mdx2.swamid.se:
dockerhost:
- signer:
+ docker_signer:
md-master.reep.refeds.org:
sunet:
swamidops:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 5c5569d..64c84b0 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -96,6 +96,26 @@ node 'sto-fre-kvm1.swamid.se' {
}
+class docker_signer {
+ docker::image {'docker.samlbits.net/varnish': }
+ docker::image {'docker.samlbits.net/pyff': }
+ docker::run {'pyff':
+ image => 'docker.samlbits.net/pyff',
+ volumes => ['/opt/swamid-metadata:/opt/swamid-metadata'],
+ env => ['DATADIR=/opt/swamid-metadata','LOGLEVEL=INFO']
+ }
+ docker::run {'varnish':
+ image => 'docker.samlbits.net/varnish',
+ links => ['pyff:backend'],
+ ports => ['80:80']
+ }
+ cron {'update-swamid-metadata':
+ command => "cd /opt/swamid-metadata && git -q pull",
+ user => root,
+ minute => '*/5'
+ }
+}
+
class signer {
include cosmos::httpsproxy
class {'varnish':
@@ -515,6 +535,11 @@ class sunet {
fstab_fix_shm => false,
sysctl_net_hardening => false,
}
+ } elsif $::hostname =~ /random/ { # pollen requires exec on /tmp
+ class {'bastion':
+ fixperms_enable => false,
+ fixperms_paranoia => false,
+ }
} else {
class {'bastion':
fstab_fix_shm => false,