Split apache proxy configuration for realms and add dns CNAME as altname

README.md

@@ -5,11 +5,11 @@ Configuration repository for MDX as a service pilot
 ## Configuration
 ```inventory/inventory```
 
-  * contains all the machines alt-mdx should be deployed to grouped by function
+  * contains all the machines alt-mdx should be deployed to, grouped by function
 
 ```inventory/group_vars/all.yml```
 
-  * contains the tlds and dns/server/proxy configuration for those machines
+  * contains the tld and dns/server/proxy configuration for those machines
 
 ```files/[tld].yaml```
 

files/srv.mdx.incubator.geant.org.yaml

@@ -58,12 +58,12 @@ data:
       - [ "193.224.22.78" ]
       - [ "145.100.180.185" ]
       - [ "62.217.72.109" ]
-  "proxy-eg":
+  "proxy-edugain":
     "a":
       - [ "193.224.22.78" ]
       - [ "145.100.180.185" ]
       - [ "62.217.72.109" ]
-  "proxy-tst":
+  "proxy-test":
     "a":
       - [ "193.224.22.78" ]
       - [ "145.100.180.185" ]

inventory/group_vars/all.yml

 ---
-tlds:
-  - srv.mdx.incubator.geant.org
+tld: srv.mdx.incubator.geant.org
 hosts:
   et2.gndev.hexaa.eu:
     hostname: srv1
     tld: srv.mdx.incubator.geant.org
     mdserver:
+      altname: 'server-md2.et2.com'
       test:
         signer: hsm_signer
         metadir: metadata/test
     mdproxy:
       test:
         signer: 'http://localhost:5001'
+        altname: 'test-md.et2.com'
       edugain:
         signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+        altname: 'edugain-md.et2.com'
   mdxcdn.pt-38.utr.surfcloud.nl:
     hostname: srv2
     tld: srv.mdx.incubator.geant.org
     mdserver:
+      altname: 'server-md2.et2.com'
       edugain:
         signer: hsm_signer
         metadir: metadata/edugain
     mdproxy:
       test:
         signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+        altname: 'test-md.foobar.com'
       edugain:
         signer: 'http://localhost:5001'
   62.217.72.109:
@@ -32,15 +36,21 @@ hosts:
     mdproxy:
       test:
         signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+        altname: 'test-md.barfoo.com'
       edugain:
         signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
   alternative-mdx.pt-76.utr.surfcloud.nl:
     hostname: srv4
     tld: srv.mdx.incubator.geant.org
     mdserver:
+      altname: 'server-md.example.com'
       test:
         signer: normal_signer
         metadir: metadata/test
     mdproxy:
       test:
         signer: 'http://localhost:5001'
+        altname: 'test-md.blabla.com'
+      edugain:
+        signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+        altname: 'edugain-md.blabla.com'

roles/apache/templates/md.conf.j2

+{% if hosts[inventory_hostname].get('mdserver') %}
 <VirtualHost *:80>
         ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ hosts[inventory_hostname]['tld'] }}
-        ServerAlias signer.srv.mdx.incubator.geant.org
+{% if hosts[inventory_hostname]['mdserver'].get('altname') %}
+        ServerAlias {{ hosts[inventory_hostname]['mdserver']['altname'] }}
+{% endif %}
         DocumentRoot /var/www/html
         AllowEncodedSlashes NoDecode
         ProxyPass "/" "http://127.0.0.1:5001/" nocanon
         ProxyPassReverse "/" "http://127.0.0.1:5001/"
 </VirtualHost>
+{% endif %}
+
+{% if hosts[inventory_hostname].get('mdproxy') %}
 <VirtualHost *:80>
         ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ hosts[inventory_hostname]['tld'] }}
-        ServerAlias proxy.srv.mdx.incubator.geant.org
         DocumentRoot /var/www/html
         AllowEncodedSlashes NoDecode
         ProxyPass "/" "http://127.0.0.1:5002/" nocanon
         ProxyPassReverse "/" "http://127.0.0.1:5002/"
 </VirtualHost>
+{% endif %}
+
+{% if hosts[inventory_hostname].get('mdproxy') %}
+{% set mdproxy = hosts[inventory_hostname]['mdproxy'] %}
+{% for realm, values in mdproxy.items() %}
+<VirtualHost *:80>
+        ServerName proxy-{{ realm }}.{{ hosts[inventory_hostname]['tld'] }}
+{% if values.get('altname') %}
+        ServerAlias {{ values['altname'] }}
+{% endif %}
+        DocumentRoot /var/www/html
+        AllowEncodedSlashes NoDecode
+        ProxyPass "/" "http://127.0.0.1:5002/{{ realm }}" nocanon
+        ProxyPassReverse "/" "http://127.0.0.1:5002/{{ realm }}"
+</VirtualHost>
+{% endfor %}
+{% endif %}

roles/geodns/tasks/main.yml

@@ -43,12 +43,11 @@
 
 - name: Copy geoDNS config
   ansible.builtin.copy:
-    content: "{{ lookup('file', item + '.yaml') | from_yaml | to_nice_json }}"
-    dest: "{{ geo_dns_config }}/{{ item }}.json"
+    content: "{{ lookup('file', tld + '.yaml') | from_yaml | to_nice_json }}"
+    dest: "{{ geo_dns_config }}/{{ tld }}.json"
     mode: '0644'
   notify:
     - "enable geodns job"
-  with_list: "{{ tlds }}"
 
 - name: Copy GeoLite2DB's
   ansible.builtin.copy: