diff --git a/README.md b/README.md index 5014e40ff1494b64d7674fac02b475da110ada3b..4b67334c226c4e9023ec9c3eeae2a3b1a13c0515 100644 --- a/README.md +++ b/README.md @@ -13,4 +13,15 @@ Configuration repository for MDX as a service pilot ```files/[tld].yaml``` - * contains the GeoDNS configuration for [tld] as a yaml file. + * contains the geoDNS configuration for [tld] as a yaml file. + +During deploy, (Apache) virtualhost ServerNames will be generated by the following guidelines, based on the configuration in inventory/group_vars/all.yaml. + +### Signing servers + * [hostname]-signer.[tld] + +### Proxies + * [hostname]-proxy.[tld] + * proxy-[realm]. + + Make sure you have DNS entries for those hostnames in geoDNS configuration. \ No newline at end of file diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 7d12ed8d2609700fa5b08528fea376f46feb18ee..0324e049ee0a2db1edabfeb70f10dd81ec9193a6 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -1,14 +1,17 @@ --- + tld: srv.mdx.incubator.geant.org + hosts: et2.gndev.hexaa.eu: hostname: srv1 - tld: srv.mdx.incubator.geant.org altname: 'server-md2.et2.com' + mdserver: test: signer: hsm_signer metadir: metadata/test + mdproxy: test: signer: 'http://localhost:5001' @@ -16,37 +19,42 @@ hosts: edugain: signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' altname: 'edugain-md.et2.com' + mdxcdn.pt-38.utr.surfcloud.nl: hostname: srv2 - tld: srv.mdx.incubator.geant.org altname: 'server-md2.et2.com' + mdserver: edugain: signer: hsm_signer metadir: metadata/edugain + mdproxy: test: signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' altname: 'test-md.foobar.com' edugain: signer: 'http://localhost:5001' + 62.217.72.109: hostname: srv3 - tld: srv.mdx.incubator.geant.org + mdproxy: test: signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' altname: 'test-md.barfoo.com' edugain: signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' + alternative-mdx.pt-76.utr.surfcloud.nl: hostname: srv4 - tld: srv.mdx.incubator.geant.org altname: 'server-md.example.com' + mdserver: foobar: signer: normal_signer metadir: metadata/test + mdproxy: edugain: signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' diff --git a/roles/apache/templates/md.conf.j2 b/roles/apache/templates/md.conf.j2 index 42b23c1b4048cad778f65f98f2af859899ab1a2f..850b937481d33320a48a3b05c878cb64cc30ba15 100644 --- a/roles/apache/templates/md.conf.j2 +++ b/roles/apache/templates/md.conf.j2 @@ -1,6 +1,6 @@ {% if hosts[inventory_hostname].get('mdserver') %} <VirtualHost *:80> - ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ hosts[inventory_hostname]['tld'] }} + ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ tld }} {% if hosts[inventory_hostname].get('altname') %} ServerAlias {{ hosts[inventory_hostname]['altname'] }} {% endif %} @@ -13,19 +13,17 @@ {% if hosts[inventory_hostname].get('mdproxy') %} <VirtualHost *:80> - ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ hosts[inventory_hostname]['tld'] }} + ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ tld }} DocumentRoot /var/www/html AllowEncodedSlashes NoDecode ProxyPass "/" "http://127.0.0.1:5002/" nocanon ProxyPassReverse "/" "http://127.0.0.1:5002/" </VirtualHost> -{% endif %} -{% if hosts[inventory_hostname].get('mdproxy') %} {% set mdproxy = hosts[inventory_hostname]['mdproxy'] %} {% for realm, values in mdproxy.items() %} <VirtualHost *:80> - ServerName proxy-{{ realm }}.{{ hosts[inventory_hostname]['tld'] }} + ServerName proxy-{{ realm }}.{{ tld }} {% if values.get('altname') %} ServerAlias {{ values['altname'] }} {% endif %}