diff --git a/README.md b/README.md
index 3e7ace3bb46dad2b393a4da71b518f3d14eefa00..5014e40ff1494b64d7674fac02b475da110ada3b 100644
--- a/README.md
+++ b/README.md
@@ -5,11 +5,11 @@ Configuration repository for MDX as a service pilot
## Configuration
```inventory/inventory```
- * contains all the machines alt-mdx should be deployed to grouped by function
+ * contains all the machines alt-mdx should be deployed to, grouped by function
```inventory/group_vars/all.yml```
- * contains the tlds and dns/server/proxy configuration for those machines
+ * contains the tld and dns/server/proxy configuration for those machines
```files/[tld].yaml```
diff --git a/files/srv.mdx.incubator.geant.org.yaml b/files/srv.mdx.incubator.geant.org.yaml
index 625e43bf1f8f94d2fc80844cf62639f15f1f1603..3d0731e5af11996eeafdc9f8b77a93dc5ad4c325 100644
--- a/files/srv.mdx.incubator.geant.org.yaml
+++ b/files/srv.mdx.incubator.geant.org.yaml
@@ -58,12 +58,12 @@ data:
- [ "193.224.22.78" ]
- [ "145.100.180.185" ]
- [ "62.217.72.109" ]
- "proxy-eg":
+ "proxy-edugain":
"a":
- [ "193.224.22.78" ]
- [ "145.100.180.185" ]
- [ "62.217.72.109" ]
- "proxy-tst":
+ "proxy-test":
"a":
- [ "193.224.22.78" ]
- [ "145.100.180.185" ]
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 2e3c8fc69ba6c1dfdb4491cc809b8894a1309957..08c27f1bd5d4ccbcb4d59dd40f4e03bf8fdb3edf 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -1,29 +1,33 @@
---
-tlds:
- - srv.mdx.incubator.geant.org
+tld: srv.mdx.incubator.geant.org
hosts:
et2.gndev.hexaa.eu:
hostname: srv1
tld: srv.mdx.incubator.geant.org
mdserver:
+ altname: 'server-md2.et2.com'
test:
signer: hsm_signer
metadir: metadata/test
mdproxy:
test:
signer: 'http://localhost:5001'
+ altname: 'test-md.et2.com'
edugain:
signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+ altname: 'edugain-md.et2.com'
mdxcdn.pt-38.utr.surfcloud.nl:
hostname: srv2
tld: srv.mdx.incubator.geant.org
mdserver:
+ altname: 'server-md2.et2.com'
edugain:
signer: hsm_signer
metadir: metadata/edugain
mdproxy:
test:
signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+ altname: 'test-md.foobar.com'
edugain:
signer: 'http://localhost:5001'
62.217.72.109:
@@ -32,15 +36,21 @@ hosts:
mdproxy:
test:
signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+ altname: 'test-md.barfoo.com'
edugain:
signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
alternative-mdx.pt-76.utr.surfcloud.nl:
hostname: srv4
tld: srv.mdx.incubator.geant.org
mdserver:
+ altname: 'server-md.example.com'
test:
signer: normal_signer
metadir: metadata/test
mdproxy:
test:
signer: 'http://localhost:5001'
+ altname: 'test-md.blabla.com'
+ edugain:
+ signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+ altname: 'edugain-md.blabla.com'
diff --git a/roles/apache/templates/md.conf.j2 b/roles/apache/templates/md.conf.j2
index 9daf02d7111493d69d509f2bcada682aba451683..f4ad694c3bd429d8487a413af746bae482b02a87 100644
--- a/roles/apache/templates/md.conf.j2
+++ b/roles/apache/templates/md.conf.j2
@@ -1,16 +1,38 @@
+{% if hosts[inventory_hostname].get('mdserver') %}
<VirtualHost *:80>
ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ hosts[inventory_hostname]['tld'] }}
- ServerAlias signer.srv.mdx.incubator.geant.org
+{% if hosts[inventory_hostname]['mdserver'].get('altname') %}
+ ServerAlias {{ hosts[inventory_hostname]['mdserver']['altname'] }}
+{% endif %}
DocumentRoot /var/www/html
AllowEncodedSlashes NoDecode
ProxyPass "/" "http://127.0.0.1:5001/" nocanon
ProxyPassReverse "/" "http://127.0.0.1:5001/"
</VirtualHost>
+{% endif %}
+
+{% if hosts[inventory_hostname].get('mdproxy') %}
<VirtualHost *:80>
ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ hosts[inventory_hostname]['tld'] }}
- ServerAlias proxy.srv.mdx.incubator.geant.org
DocumentRoot /var/www/html
AllowEncodedSlashes NoDecode
ProxyPass "/" "http://127.0.0.1:5002/" nocanon
ProxyPassReverse "/" "http://127.0.0.1:5002/"
</VirtualHost>
+{% endif %}
+
+{% if hosts[inventory_hostname].get('mdproxy') %}
+{% set mdproxy = hosts[inventory_hostname]['mdproxy'] %}
+{% for realm, values in mdproxy.items() %}
+<VirtualHost *:80>
+ ServerName proxy-{{ realm }}.{{ hosts[inventory_hostname]['tld'] }}
+{% if values.get('altname') %}
+ ServerAlias {{ values['altname'] }}
+{% endif %}
+ DocumentRoot /var/www/html
+ AllowEncodedSlashes NoDecode
+ ProxyPass "/" "http://127.0.0.1:5002/{{ realm }}" nocanon
+ ProxyPassReverse "/" "http://127.0.0.1:5002/{{ realm }}"
+</VirtualHost>
+{% endfor %}
+{% endif %}
diff --git a/roles/geodns/tasks/main.yml b/roles/geodns/tasks/main.yml
index f9e0181a7b83b5c276abd9c8de51535f65a56bab..9833c636a0f876387e0cc53c9c4d17c028ad3d2e 100644
--- a/roles/geodns/tasks/main.yml
+++ b/roles/geodns/tasks/main.yml
@@ -43,12 +43,11 @@
- name: Copy geoDNS config
ansible.builtin.copy:
- content: "{{ lookup('file', item + '.yaml') | from_yaml | to_nice_json }}"
- dest: "{{ geo_dns_config }}/{{ item }}.json"
+ content: "{{ lookup('file', tld + '.yaml') | from_yaml | to_nice_json }}"
+ dest: "{{ geo_dns_config }}/{{ tld }}.json"
mode: '0644'
notify:
- "enable geodns job"
- with_list: "{{ tlds }}"
- name: Copy GeoLite2DB's
ansible.builtin.copy: