Split apache proxy configuration for realms and add dns CNAME as altname

66e8accf · Martin van Es · 87c47377 · 66e8accf · 66e8accf · 66e8accf
Commit 66e8accf authored 3 years ago by Martin van Es
--- a/README.md
+++ b/README.md
@@ -5,11 +5,11 @@ Configuration repository for MDX as a service pilot
 ## Configuration
 ```inventory/inventory```

-  * contains all the machines alt-mdx should be deployed to grouped by function
+  * contains all the machines alt-mdx should be deployed to, grouped by function

 ```inventory/group_vars/all.yml```

-  * contains the tlds and dns/server/proxy configuration for those machines
+  * contains the tld and dns/server/proxy configuration for those machines

 ```files/[tld].yaml```


--- a/files/srv.mdx.incubator.geant.org.yaml
+++ b/files/srv.mdx.incubator.geant.org.yaml
@@ -58,12 +58,12 @@ data:
      - [ "193.224.22.78" ]
      - [ "145.100.180.185" ]
      - [ "62.217.72.109" ]
-  "proxy-eg":
+  "proxy-edugain":
    "a":
      - [ "193.224.22.78" ]
      - [ "145.100.180.185" ]
      - [ "62.217.72.109" ]
-  "proxy-tst":
+  "proxy-test":
    "a":
      - [ "193.224.22.78" ]
      - [ "145.100.180.185" ]

--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
 ---
-tlds:
-  - srv.mdx.incubator.geant.org
+tld: srv.mdx.incubator.geant.org
 hosts:
  et2.gndev.hexaa.eu:
    hostname: srv1
    tld: srv.mdx.incubator.geant.org
    mdserver:
+      altname: 'server-md2.et2.com'
      test:
        signer: hsm_signer
        metadir: metadata/test
    mdproxy:
      test:
        signer: 'http://localhost:5001'
+        altname: 'test-md.et2.com'
      edugain:
        signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+        altname: 'edugain-md.et2.com'
  mdxcdn.pt-38.utr.surfcloud.nl:
    hostname: srv2
    tld: srv.mdx.incubator.geant.org
    mdserver:
+      altname: 'server-md2.et2.com'
      edugain:
        signer: hsm_signer
        metadir: metadata/edugain
    mdproxy:
      test:
        signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+        altname: 'test-md.foobar.com'
      edugain:
        signer: 'http://localhost:5001'
  62.217.72.109:
@@ -32,15 +36,21 @@ hosts:
    mdproxy:
      test:
        signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+        altname: 'test-md.barfoo.com'
      edugain:
        signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
  alternative-mdx.pt-76.utr.surfcloud.nl:
    hostname: srv4
    tld: srv.mdx.incubator.geant.org
    mdserver:
+      altname: 'server-md.example.com'
      test:
        signer: normal_signer
        metadir: metadata/test
    mdproxy:
      test:
        signer: 'http://localhost:5001'
+        altname: 'test-md.blabla.com'
+      edugain:
+        signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+        altname: 'edugain-md.blabla.com'
--- a/roles/apache/templates/md.conf.j2
+++ b/roles/apache/templates/md.conf.j2
+{% if hosts[inventory_hostname].get('mdserver') %}
 <VirtualHost *:80>
        ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ hosts[inventory_hostname]['tld'] }}
-        ServerAlias signer.srv.mdx.incubator.geant.org
+{% if hosts[inventory_hostname]['mdserver'].get('altname') %}
+        ServerAlias {{ hosts[inventory_hostname]['mdserver']['altname'] }}
+{% endif %}
        DocumentRoot /var/www/html
        AllowEncodedSlashes NoDecode
        ProxyPass "/" "http://127.0.0.1:5001/" nocanon
        ProxyPassReverse "/" "http://127.0.0.1:5001/"
 </VirtualHost>
+{% endif %}
+
+{% if hosts[inventory_hostname].get('mdproxy') %}
 <VirtualHost *:80>
        ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ hosts[inventory_hostname]['tld'] }}
-        ServerAlias proxy.srv.mdx.incubator.geant.org
        DocumentRoot /var/www/html
        AllowEncodedSlashes NoDecode
        ProxyPass "/" "http://127.0.0.1:5002/" nocanon
        ProxyPassReverse "/" "http://127.0.0.1:5002/"
 </VirtualHost>
+{% endif %}
+
+{% if hosts[inventory_hostname].get('mdproxy') %}
+{% set mdproxy = hosts[inventory_hostname]['mdproxy'] %}
+{% for realm, values in mdproxy.items() %}
+<VirtualHost *:80>
+        ServerName proxy-{{ realm }}.{{ hosts[inventory_hostname]['tld'] }}
+{% if values.get('altname') %}
+        ServerAlias {{ values['altname'] }}
+{% endif %}
+        DocumentRoot /var/www/html
+        AllowEncodedSlashes NoDecode
+        ProxyPass "/" "http://127.0.0.1:5002/{{ realm }}" nocanon
+        ProxyPassReverse "/" "http://127.0.0.1:5002/{{ realm }}"
+</VirtualHost>
+{% endfor %}
+{% endif %}
--- a/roles/geodns/tasks/main.yml
+++ b/roles/geodns/tasks/main.yml
@@ -43,12 +43,11 @@

 - name: Copy geoDNS config
  ansible.builtin.copy:
-    content: "{{ lookup('file', item + '.yaml') | from_yaml | to_nice_json }}"
-    dest: "{{ geo_dns_config }}/{{ item }}.json"
+    content: "{{ lookup('file', tld + '.yaml') | from_yaml | to_nice_json }}"
+    dest: "{{ geo_dns_config }}/{{ tld }}.json"
    mode: '0644'
  notify:
    - "enable geodns job"
-  with_list: "{{ tlds }}"

 - name: Copy GeoLite2DB's
  ansible.builtin.copy: