Configure test hosts

79648956 · Martin van Es · f887426f · f887426f · 79648956 · 79648956
Commit 79648956 authored 3 years ago by Martin van Es
--- a/files/srv.mdx.incubator.geant.org.json
+++ b/files/srv.mdx.incubator.geant.org.json
-{
-  "ttl": 60,
-  "max_hosts": 1,
-  "data": {
-    "": {
-      "a": [
-        [ "193.224.22.78", 10 ]
-      ]
-    },
-    "srv1": {
-      "a": [
-        [ "193.224.22.78", 10 ]
-      ]
-    },
-    "srv1-signer": {
-      "a": [
-        [ "193.224.22.78", 10 ]
-      ]
-    },
-    "srv1-proxy": {
-      "a": [
-        [ "193.224.22.78", 10 ]
-      ]
-    },
-    "srv2": {
-      "a": [
-        [ "145.100.180.185", 10 ]
-      ]
-    },
-    "srv2-signer": {
-      "a": [
-        [ "145.100.180.185", 10 ]
-      ]
-    },
-    "srv2-proxy": {
-      "a": [
-        [ "145.100.180.185", 10 ]
-      ]
-    },
-    "srv3": {
-      "a": [
-        [ "62.217.72.109", 10 ]
-      ]
-    },
-    "srv3-signer": {
-      "a": [
-        [ "62.217.72.109", 10 ]
-      ]
-    },
-    "srv3-proxy": {
-      "a": [
-        [ "62.217.72.109", 10 ]
-      ]
-    },
-    "signer": {
-      "a": [
-        [ "193.224.22.78", 10 ],
-        [ "145.100.180.185", 10 ],
-        [ "62.217.72.109", 10 ]
-      ]
-    },
-    "signer.nl": {
-      "a": [
-        [ "145.100.180.185", 10 ]
-      ]
-    },
-    "proxy": {
-      "a": [
-        [ "193.224.22.78", 10 ],
-        [ "145.100.180.185", 10 ],
-        [ "62.217.72.109", 10 ]
-      ]
-    },
-    "proxy-eg": {
-      "a": [
-        [ "193.224.22.78", 10 ],
-        [ "145.100.180.185", 10 ],
-        [ "62.217.72.109", 10 ]
-      ]
-    },
-    "proxy-tst": {
-      "a": [
-        [ "193.224.22.78", 10 ],
-        [ "145.100.180.185", 10 ],
-        [ "62.217.72.109", 10 ]
-      ]
-    },
-    "proxy.nl": {
-      "a": [
-        [ "62.217.72.109", 10 ]
-      ]
-    }
-  }
-}
--- a/files/srv.mdx.incubator.geant.org.yaml
+++ b/files/srv.mdx.incubator.geant.org.yaml
+---
+
+ttl: 60
+max_hosts: 1
+data:
+  "":
+    "a":
+      - [ "193.224.22.78" ]
+      - [ "145.100.180.185" ]
+      - [ "62.217.72.109" ]
+      - [ "145.100.181.134" ]
+  "srv1":
+    "a":
+      - [ "193.224.22.78" ]
+  "srv1-signer":
+    "a":
+      - [ "193.224.22.78" ]
+  "srv1-proxy":
+    "a":
+      - [ "193.224.22.78" ]
+  "srv2":
+    "a":
+      - [ "145.100.180.185" ]
+  "srv2-signer":
+    "a":
+      - [ "145.100.180.185" ]
+  "srv2-proxy":
+    "a":
+      - [ "145.100.180.185" ]
+  "srv3":
+    "a":
+      - [ "62.217.72.109" ]
+  "srv3-signer":
+    "a":
+      - [ "62.217.72.109" ]
+  "srv3-proxy":
+    "a":
+      - [ "62.217.72.109" ]
+  "srv4":
+    "a":
+      - [ "145.100.181.134" ]
+  "srv4-signer":
+    "a":
+      - [ "145.100.181.134" ]
+  "srv4-proxy":
+    "a":
+      - [ "145.100.181.134" ]
+  "signer":
+    "a":
+      - [ "193.224.22.78" ]
+      - [ "145.100.180.185" ]
+      - [ "62.217.72.109" ]
+  "signer.nl":
+    "a":
+      - [ "145.100.180.185" ]
+  "proxy":
+    "a":
+      - [ "193.224.22.78" ]
+      - [ "145.100.180.185" ]
+      - [ "62.217.72.109" ]
+  "proxy-eg":
+    "a":
+      - [ "193.224.22.78" ]
+      - [ "145.100.180.185" ]
+      - [ "62.217.72.109" ]
+  "proxy-tst":
+    "a":
+      - [ "193.224.22.78" ]
+      - [ "145.100.180.185" ]
+      - [ "62.217.72.109" ]
+  "proxy.nl":
+    "a":
+      - [ "62.217.72.109" ]
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
 ---
-
+tlds:
+  - srv.mdx.incubator.geant.org
 hosts:
+  et2.gndev.hexaa.eu:
+    hostname: srv1
+    tld: srv.mdx.incubator.geant.org
+    mdserver:
+      test:
+        signer: hsm_signer
+        metadir: metadata/test
+    mdproxy:
+      test:
+        signer: 'http://localhost:5001'
+      edugain:
+        signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+  mdxcdn.pt-38.utr.surfcloud.nl:
+    hostname: srv2
+    tld: srv.mdx.incubator.geant.org
+    mdserver:
+      edugain:
+        signer: hsm_signer
+        metadir: metadata/edugain
+    mdproxy:
+      test:
+        signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+      edugain:
+        signer: 'http://localhost:5001'
+  62.217.72.109:
+    hostname: srv3
+    tld: srv.mdx.incubator.geant.org
+    mdproxy:
+      test:
+        signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+      edugain:
+        signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
  alternative-mdx.pt-76.utr.surfcloud.nl:
    hostname: srv4
+    tld: srv.mdx.incubator.geant.org
    mdserver:
      test:
        signer: normal_signer
@@ -10,4 +44,3 @@ hosts:
    mdproxy:
      test:
        signer: 'http://localhost:5001'
-
--- a/inventory/inventory
+++ b/inventory/inventory
 [mdserver]
+et2.gndev.hexaa.eu
+mdxcdn.pt-38.utr.surfcloud.nl
 alternative-mdx.pt-76.utr.surfcloud.nl

 [mdproxy]
+et2.gndev.hexaa.eu
+mdxcdn.pt-38.utr.surfcloud.nl
 alternative-mdx.pt-76.utr.surfcloud.nl
+62.217.72.109

 [geodns]
-alternative-mdx.pt-76.utr.surfcloud.nl
+et2.gndev.hexaa.eu
+mdxcdn.pt-38.utr.surfcloud.nl

 [all:children]
 mdserver

--- a/playbook.yml
+++ b/playbook.yml
@@ -15,7 +15,6 @@
  gather_facts: false
  roles:
    - {role: apache,        tags: ['apache']}
-    - {role: alternate-mdx, tags: ['altmdx']}
    - {role: mdserver,      tags: ['mdserver']}

 - name: MDProxy
@@ -23,5 +22,4 @@
  gather_facts: false
  roles:
    - {role: apache,        tags: ['apache']}
-    - {role: alternate-mdx, tags: ['altmdx']}
    - {role: mdproxy,       tags: ['mdproxy']}
--- a/roles/apache/templates/md.conf.j2
+++ b/roles/apache/templates/md.conf.j2
 <VirtualHost *:80>
-        ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.srv.mdx.incubator.geant.org
+        ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ hosts[inventory_hostname]['tld'] }}
        ServerAlias signer.srv.mdx.incubator.geant.org
        DocumentRoot /var/www/html
        AllowEncodedSlashes NoDecode
@@ -7,7 +7,7 @@
        ProxyPassReverse "/" "http://127.0.0.1:5001/"
 </VirtualHost>
 <VirtualHost *:80>
-        ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.srv.mdx.incubator.geant.org
+        ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ hosts[inventory_hostname]['tld'] }}
        ServerAlias proxy.srv.mdx.incubator.geant.org
        DocumentRoot /var/www/html
        AllowEncodedSlashes NoDecode

--- a/roles/geodns/tasks/main.yml
+++ b/roles/geodns/tasks/main.yml
@@ -43,11 +43,12 @@

 - name: Copy geoDNS config
  ansible.builtin.copy:
-    src: "srv.mdx.incubator.geant.org.json"
-    dest: "{{ geo_dns_config }}"
+    content: "{{ lookup('file', item + '.yaml') | from_yaml | to_nice_json }}"
+    dest: "{{ geo_dns_config }}/{{ item }}.json"
    mode: '0644'
  notify:
    - "enable geodns job"
+  with_list: "{{ tlds }}"

 - name: Copy GeoLite2DB's
  ansible.builtin.copy:

--- a/roles/geodns/templates/geodns.service.j2
+++ b/roles/geodns/templates/geodns.service.j2
@@ -5,7 +5,7 @@ After=syslog.target network.target
 [Service]
 Type=simple
 WorkingDirectory={{ geodns_dir }}
-ExecStart=/opt/geodns/geodns -config={{ geo_dns_config }} -log -interface 0.0.0.0 -port 53
+ExecStart=/opt/geodns/geodns -config={{ geo_dns_config }} -log -interface {{ ansible_facts.default_ipv4.address }} -port 53
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
 RestartSec=10

--- a/roles/mdproxy/tasks/main.yml
+++ b/roles/mdproxy/tasks/main.yml
 ---

+- name: Import alternate-mdx role
+  import_role:
+    name: alternate-mdx
+
 - name: Create mdproxy config
  ansible.builtin.template:
    src: "mdproxy.yaml.j2"

--- a/roles/mdserver/tasks/main.yml
+++ b/roles/mdserver/tasks/main.yml
 ---

+- name: Import alternate-mdx role
+  import_role:
+    name: alternate-mdx
+
 - name: Create mdserver config
  ansible.builtin.template:
    src: "mdserver.yaml.j2"