diff --git a/files/srv.mdx.incubator.geant.org.json b/files/srv.mdx.incubator.geant.org.json deleted file mode 100644 index 7e67288e2371445c3649187202dfd1480a0d2d83..0000000000000000000000000000000000000000 --- a/files/srv.mdx.incubator.geant.org.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "ttl": 60, - "max_hosts": 1, - "data": { - "": { - "a": [ - [ "193.224.22.78", 10 ] - ] - }, - "srv1": { - "a": [ - [ "193.224.22.78", 10 ] - ] - }, - "srv1-signer": { - "a": [ - [ "193.224.22.78", 10 ] - ] - }, - "srv1-proxy": { - "a": [ - [ "193.224.22.78", 10 ] - ] - }, - "srv2": { - "a": [ - [ "145.100.180.185", 10 ] - ] - }, - "srv2-signer": { - "a": [ - [ "145.100.180.185", 10 ] - ] - }, - "srv2-proxy": { - "a": [ - [ "145.100.180.185", 10 ] - ] - }, - "srv3": { - "a": [ - [ "62.217.72.109", 10 ] - ] - }, - "srv3-signer": { - "a": [ - [ "62.217.72.109", 10 ] - ] - }, - "srv3-proxy": { - "a": [ - [ "62.217.72.109", 10 ] - ] - }, - "signer": { - "a": [ - [ "193.224.22.78", 10 ], - [ "145.100.180.185", 10 ], - [ "62.217.72.109", 10 ] - ] - }, - "signer.nl": { - "a": [ - [ "145.100.180.185", 10 ] - ] - }, - "proxy": { - "a": [ - [ "193.224.22.78", 10 ], - [ "145.100.180.185", 10 ], - [ "62.217.72.109", 10 ] - ] - }, - "proxy-eg": { - "a": [ - [ "193.224.22.78", 10 ], - [ "145.100.180.185", 10 ], - [ "62.217.72.109", 10 ] - ] - }, - "proxy-tst": { - "a": [ - [ "193.224.22.78", 10 ], - [ "145.100.180.185", 10 ], - [ "62.217.72.109", 10 ] - ] - }, - "proxy.nl": { - "a": [ - [ "62.217.72.109", 10 ] - ] - } - } -} diff --git a/files/srv.mdx.incubator.geant.org.yaml b/files/srv.mdx.incubator.geant.org.yaml new file mode 100644 index 0000000000000000000000000000000000000000..625e43bf1f8f94d2fc80844cf62639f15f1f1603 --- /dev/null +++ b/files/srv.mdx.incubator.geant.org.yaml @@ -0,0 +1,73 @@ +--- + +ttl: 60 +max_hosts: 1 +data: + "": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + - [ "145.100.181.134" ] + "srv1": + "a": + - [ "193.224.22.78" ] + "srv1-signer": + "a": + - [ "193.224.22.78" ] + "srv1-proxy": + "a": + - [ "193.224.22.78" ] + "srv2": + "a": + - [ "145.100.180.185" ] + "srv2-signer": + "a": + - [ "145.100.180.185" ] + "srv2-proxy": + "a": + - [ "145.100.180.185" ] + "srv3": + "a": + - [ "62.217.72.109" ] + "srv3-signer": + "a": + - [ "62.217.72.109" ] + "srv3-proxy": + "a": + - [ "62.217.72.109" ] + "srv4": + "a": + - [ "145.100.181.134" ] + "srv4-signer": + "a": + - [ "145.100.181.134" ] + "srv4-proxy": + "a": + - [ "145.100.181.134" ] + "signer": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + "signer.nl": + "a": + - [ "145.100.180.185" ] + "proxy": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + "proxy-eg": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + "proxy-tst": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + "proxy.nl": + "a": + - [ "62.217.72.109" ] diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 22c5b06507c0434c98b259b882212242bc58a1f6..2e3c8fc69ba6c1dfdb4491cc809b8894a1309957 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -1,8 +1,42 @@ --- - +tlds: + - srv.mdx.incubator.geant.org hosts: + et2.gndev.hexaa.eu: + hostname: srv1 + tld: srv.mdx.incubator.geant.org + mdserver: + test: + signer: hsm_signer + metadir: metadata/test + mdproxy: + test: + signer: 'http://localhost:5001' + edugain: + signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' + mdxcdn.pt-38.utr.surfcloud.nl: + hostname: srv2 + tld: srv.mdx.incubator.geant.org + mdserver: + edugain: + signer: hsm_signer + metadir: metadata/edugain + mdproxy: + test: + signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' + edugain: + signer: 'http://localhost:5001' + 62.217.72.109: + hostname: srv3 + tld: srv.mdx.incubator.geant.org + mdproxy: + test: + signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' + edugain: + signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' alternative-mdx.pt-76.utr.surfcloud.nl: hostname: srv4 + tld: srv.mdx.incubator.geant.org mdserver: test: signer: normal_signer @@ -10,4 +44,3 @@ hosts: mdproxy: test: signer: 'http://localhost:5001' - diff --git a/inventory/inventory b/inventory/inventory index b91aa5a1caa56dd16be5bb6dc7a839dd2e36a181..90ffe36a8c867720900dfbc0bbdcd90c51b4b61e 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1,11 +1,17 @@ [mdserver] +et2.gndev.hexaa.eu +mdxcdn.pt-38.utr.surfcloud.nl alternative-mdx.pt-76.utr.surfcloud.nl [mdproxy] +et2.gndev.hexaa.eu +mdxcdn.pt-38.utr.surfcloud.nl alternative-mdx.pt-76.utr.surfcloud.nl +62.217.72.109 [geodns] -alternative-mdx.pt-76.utr.surfcloud.nl +et2.gndev.hexaa.eu +mdxcdn.pt-38.utr.surfcloud.nl [all:children] mdserver diff --git a/playbook.yml b/playbook.yml index 1b3801f4d8e13ebb849613bef1b04319e8792597..33fb74c895abfc75bf046566c35b6e39e068cbda 100644 --- a/playbook.yml +++ b/playbook.yml @@ -15,7 +15,6 @@ gather_facts: false roles: - {role: apache, tags: ['apache']} - - {role: alternate-mdx, tags: ['altmdx']} - {role: mdserver, tags: ['mdserver']} - name: MDProxy @@ -23,5 +22,4 @@ gather_facts: false roles: - {role: apache, tags: ['apache']} - - {role: alternate-mdx, tags: ['altmdx']} - {role: mdproxy, tags: ['mdproxy']} diff --git a/roles/apache/templates/md.conf.j2 b/roles/apache/templates/md.conf.j2 index 8e7b98a1f7d84bd81612fcb7dd9c55a8f839dab7..9daf02d7111493d69d509f2bcada682aba451683 100644 --- a/roles/apache/templates/md.conf.j2 +++ b/roles/apache/templates/md.conf.j2 @@ -1,5 +1,5 @@ <VirtualHost *:80> - ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.srv.mdx.incubator.geant.org + ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ hosts[inventory_hostname]['tld'] }} ServerAlias signer.srv.mdx.incubator.geant.org DocumentRoot /var/www/html AllowEncodedSlashes NoDecode @@ -7,7 +7,7 @@ ProxyPassReverse "/" "http://127.0.0.1:5001/" </VirtualHost> <VirtualHost *:80> - ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.srv.mdx.incubator.geant.org + ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ hosts[inventory_hostname]['tld'] }} ServerAlias proxy.srv.mdx.incubator.geant.org DocumentRoot /var/www/html AllowEncodedSlashes NoDecode diff --git a/roles/geodns/tasks/main.yml b/roles/geodns/tasks/main.yml index 1e9080a9e859f43ddc4eb1d92056b68e560724fe..f9e0181a7b83b5c276abd9c8de51535f65a56bab 100644 --- a/roles/geodns/tasks/main.yml +++ b/roles/geodns/tasks/main.yml @@ -43,11 +43,12 @@ - name: Copy geoDNS config ansible.builtin.copy: - src: "srv.mdx.incubator.geant.org.json" - dest: "{{ geo_dns_config }}" + content: "{{ lookup('file', item + '.yaml') | from_yaml | to_nice_json }}" + dest: "{{ geo_dns_config }}/{{ item }}.json" mode: '0644' notify: - "enable geodns job" + with_list: "{{ tlds }}" - name: Copy GeoLite2DB's ansible.builtin.copy: diff --git a/roles/geodns/templates/geodns.service.j2 b/roles/geodns/templates/geodns.service.j2 index ede7f8c597f00e1e9c778a317d7dacd3fbc24852..c900f5674b33971f937533413930f6c2bdf22f27 100644 --- a/roles/geodns/templates/geodns.service.j2 +++ b/roles/geodns/templates/geodns.service.j2 @@ -5,7 +5,7 @@ After=syslog.target network.target [Service] Type=simple WorkingDirectory={{ geodns_dir }} -ExecStart=/opt/geodns/geodns -config={{ geo_dns_config }} -log -interface 0.0.0.0 -port 53 +ExecStart=/opt/geodns/geodns -config={{ geo_dns_config }} -log -interface {{ ansible_facts.default_ipv4.address }} -port 53 ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure RestartSec=10 diff --git a/roles/mdproxy/tasks/main.yml b/roles/mdproxy/tasks/main.yml index 8d6cadb252d1ff2b77d340245b570bc52db0b461..92fd204b78f68ca7da6facce440b8b826078d03a 100644 --- a/roles/mdproxy/tasks/main.yml +++ b/roles/mdproxy/tasks/main.yml @@ -1,5 +1,9 @@ --- +- name: Import alternate-mdx role + import_role: + name: alternate-mdx + - name: Create mdproxy config ansible.builtin.template: src: "mdproxy.yaml.j2" diff --git a/roles/mdserver/tasks/main.yml b/roles/mdserver/tasks/main.yml index 9bbf9711ab5a18c98ac772e63e9b95d5facfce94..3e9970ade1fd843669c653a47e0da643e445b80f 100644 --- a/roles/mdserver/tasks/main.yml +++ b/roles/mdserver/tasks/main.yml @@ -1,5 +1,9 @@ --- +- name: Import alternate-mdx role + import_role: + name: alternate-mdx + - name: Create mdserver config ansible.builtin.template: src: "mdserver.yaml.j2"