From 050a1dc745371bf1f51ff20594cb03741983203d Mon Sep 17 00:00:00 2001 From: Martin van Es <martin@mrvanes.com> Date: Mon, 21 Feb 2022 09:18:51 +0100 Subject: [PATCH] Improved README and removed tld configuration duplication --- README.md | 13 ++++++++++++- inventory/group_vars/all.yml | 16 ++++++++++++---- roles/apache/templates/md.conf.j2 | 8 +++----- 3 files changed, 27 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 5014e40..4b67334 100644 --- a/README.md +++ b/README.md @@ -13,4 +13,15 @@ Configuration repository for MDX as a service pilot ```files/[tld].yaml``` - * contains the GeoDNS configuration for [tld] as a yaml file. + * contains the geoDNS configuration for [tld] as a yaml file. + +During deploy, (Apache) virtualhost ServerNames will be generated by the following guidelines, based on the configuration in inventory/group_vars/all.yaml. + +### Signing servers + * [hostname]-signer.[tld] + +### Proxies + * [hostname]-proxy.[tld] + * proxy-[realm]. + + Make sure you have DNS entries for those hostnames in geoDNS configuration. \ No newline at end of file diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 7d12ed8..0324e04 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -1,14 +1,17 @@ --- + tld: srv.mdx.incubator.geant.org + hosts: et2.gndev.hexaa.eu: hostname: srv1 - tld: srv.mdx.incubator.geant.org altname: 'server-md2.et2.com' + mdserver: test: signer: hsm_signer metadir: metadata/test + mdproxy: test: signer: 'http://localhost:5001' @@ -16,37 +19,42 @@ hosts: edugain: signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' altname: 'edugain-md.et2.com' + mdxcdn.pt-38.utr.surfcloud.nl: hostname: srv2 - tld: srv.mdx.incubator.geant.org altname: 'server-md2.et2.com' + mdserver: edugain: signer: hsm_signer metadir: metadata/edugain + mdproxy: test: signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' altname: 'test-md.foobar.com' edugain: signer: 'http://localhost:5001' + 62.217.72.109: hostname: srv3 - tld: srv.mdx.incubator.geant.org + mdproxy: test: signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' altname: 'test-md.barfoo.com' edugain: signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' + alternative-mdx.pt-76.utr.surfcloud.nl: hostname: srv4 - tld: srv.mdx.incubator.geant.org altname: 'server-md.example.com' + mdserver: foobar: signer: normal_signer metadir: metadata/test + mdproxy: edugain: signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' diff --git a/roles/apache/templates/md.conf.j2 b/roles/apache/templates/md.conf.j2 index 42b23c1..850b937 100644 --- a/roles/apache/templates/md.conf.j2 +++ b/roles/apache/templates/md.conf.j2 @@ -1,6 +1,6 @@ {% if hosts[inventory_hostname].get('mdserver') %} <VirtualHost *:80> - ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ hosts[inventory_hostname]['tld'] }} + ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ tld }} {% if hosts[inventory_hostname].get('altname') %} ServerAlias {{ hosts[inventory_hostname]['altname'] }} {% endif %} @@ -13,19 +13,17 @@ {% if hosts[inventory_hostname].get('mdproxy') %} <VirtualHost *:80> - ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ hosts[inventory_hostname]['tld'] }} + ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ tld }} DocumentRoot /var/www/html AllowEncodedSlashes NoDecode ProxyPass "/" "http://127.0.0.1:5002/" nocanon ProxyPassReverse "/" "http://127.0.0.1:5002/" </VirtualHost> -{% endif %} -{% if hosts[inventory_hostname].get('mdproxy') %} {% set mdproxy = hosts[inventory_hostname]['mdproxy'] %} {% for realm, values in mdproxy.items() %} <VirtualHost *:80> - ServerName proxy-{{ realm }}.{{ hosts[inventory_hostname]['tld'] }} + ServerName proxy-{{ realm }}.{{ tld }} {% if values.get('altname') %} ServerAlias {{ values['altname'] }} {% endif %} -- GitLab