From 79648956407f86b12226aefaebd05836b8c16146 Mon Sep 17 00:00:00 2001 From: Martin van Es <martin@mrvanes.com> Date: Thu, 10 Feb 2022 16:13:43 +0100 Subject: [PATCH] Configure test hosts --- files/srv.mdx.incubator.geant.org.json | 94 ------------------------ files/srv.mdx.incubator.geant.org.yaml | 73 ++++++++++++++++++ inventory/group_vars/all.yml | 37 +++++++++- inventory/inventory | 8 +- playbook.yml | 2 - roles/apache/templates/md.conf.j2 | 4 +- roles/geodns/tasks/main.yml | 5 +- roles/geodns/templates/geodns.service.j2 | 2 +- roles/mdproxy/tasks/main.yml | 4 + roles/mdserver/tasks/main.yml | 4 + 10 files changed, 129 insertions(+), 104 deletions(-) delete mode 100644 files/srv.mdx.incubator.geant.org.json create mode 100644 files/srv.mdx.incubator.geant.org.yaml diff --git a/files/srv.mdx.incubator.geant.org.json b/files/srv.mdx.incubator.geant.org.json deleted file mode 100644 index 7e67288..0000000 --- a/files/srv.mdx.incubator.geant.org.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "ttl": 60, - "max_hosts": 1, - "data": { - "": { - "a": [ - [ "193.224.22.78", 10 ] - ] - }, - "srv1": { - "a": [ - [ "193.224.22.78", 10 ] - ] - }, - "srv1-signer": { - "a": [ - [ "193.224.22.78", 10 ] - ] - }, - "srv1-proxy": { - "a": [ - [ "193.224.22.78", 10 ] - ] - }, - "srv2": { - "a": [ - [ "145.100.180.185", 10 ] - ] - }, - "srv2-signer": { - "a": [ - [ "145.100.180.185", 10 ] - ] - }, - "srv2-proxy": { - "a": [ - [ "145.100.180.185", 10 ] - ] - }, - "srv3": { - "a": [ - [ "62.217.72.109", 10 ] - ] - }, - "srv3-signer": { - "a": [ - [ "62.217.72.109", 10 ] - ] - }, - "srv3-proxy": { - "a": [ - [ "62.217.72.109", 10 ] - ] - }, - "signer": { - "a": [ - [ "193.224.22.78", 10 ], - [ "145.100.180.185", 10 ], - [ "62.217.72.109", 10 ] - ] - }, - "signer.nl": { - "a": [ - [ "145.100.180.185", 10 ] - ] - }, - "proxy": { - "a": [ - [ "193.224.22.78", 10 ], - [ "145.100.180.185", 10 ], - [ "62.217.72.109", 10 ] - ] - }, - "proxy-eg": { - "a": [ - [ "193.224.22.78", 10 ], - [ "145.100.180.185", 10 ], - [ "62.217.72.109", 10 ] - ] - }, - "proxy-tst": { - "a": [ - [ "193.224.22.78", 10 ], - [ "145.100.180.185", 10 ], - [ "62.217.72.109", 10 ] - ] - }, - "proxy.nl": { - "a": [ - [ "62.217.72.109", 10 ] - ] - } - } -} diff --git a/files/srv.mdx.incubator.geant.org.yaml b/files/srv.mdx.incubator.geant.org.yaml new file mode 100644 index 0000000..625e43b --- /dev/null +++ b/files/srv.mdx.incubator.geant.org.yaml @@ -0,0 +1,73 @@ +--- + +ttl: 60 +max_hosts: 1 +data: + "": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + - [ "145.100.181.134" ] + "srv1": + "a": + - [ "193.224.22.78" ] + "srv1-signer": + "a": + - [ "193.224.22.78" ] + "srv1-proxy": + "a": + - [ "193.224.22.78" ] + "srv2": + "a": + - [ "145.100.180.185" ] + "srv2-signer": + "a": + - [ "145.100.180.185" ] + "srv2-proxy": + "a": + - [ "145.100.180.185" ] + "srv3": + "a": + - [ "62.217.72.109" ] + "srv3-signer": + "a": + - [ "62.217.72.109" ] + "srv3-proxy": + "a": + - [ "62.217.72.109" ] + "srv4": + "a": + - [ "145.100.181.134" ] + "srv4-signer": + "a": + - [ "145.100.181.134" ] + "srv4-proxy": + "a": + - [ "145.100.181.134" ] + "signer": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + "signer.nl": + "a": + - [ "145.100.180.185" ] + "proxy": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + "proxy-eg": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + "proxy-tst": + "a": + - [ "193.224.22.78" ] + - [ "145.100.180.185" ] + - [ "62.217.72.109" ] + "proxy.nl": + "a": + - [ "62.217.72.109" ] diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 22c5b06..2e3c8fc 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -1,8 +1,42 @@ --- - +tlds: + - srv.mdx.incubator.geant.org hosts: + et2.gndev.hexaa.eu: + hostname: srv1 + tld: srv.mdx.incubator.geant.org + mdserver: + test: + signer: hsm_signer + metadir: metadata/test + mdproxy: + test: + signer: 'http://localhost:5001' + edugain: + signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' + mdxcdn.pt-38.utr.surfcloud.nl: + hostname: srv2 + tld: srv.mdx.incubator.geant.org + mdserver: + edugain: + signer: hsm_signer + metadir: metadata/edugain + mdproxy: + test: + signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' + edugain: + signer: 'http://localhost:5001' + 62.217.72.109: + hostname: srv3 + tld: srv.mdx.incubator.geant.org + mdproxy: + test: + signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' + edugain: + signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' alternative-mdx.pt-76.utr.surfcloud.nl: hostname: srv4 + tld: srv.mdx.incubator.geant.org mdserver: test: signer: normal_signer @@ -10,4 +44,3 @@ hosts: mdproxy: test: signer: 'http://localhost:5001' - diff --git a/inventory/inventory b/inventory/inventory index b91aa5a..90ffe36 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1,11 +1,17 @@ [mdserver] +et2.gndev.hexaa.eu +mdxcdn.pt-38.utr.surfcloud.nl alternative-mdx.pt-76.utr.surfcloud.nl [mdproxy] +et2.gndev.hexaa.eu +mdxcdn.pt-38.utr.surfcloud.nl alternative-mdx.pt-76.utr.surfcloud.nl +62.217.72.109 [geodns] -alternative-mdx.pt-76.utr.surfcloud.nl +et2.gndev.hexaa.eu +mdxcdn.pt-38.utr.surfcloud.nl [all:children] mdserver diff --git a/playbook.yml b/playbook.yml index 1b3801f..33fb74c 100644 --- a/playbook.yml +++ b/playbook.yml @@ -15,7 +15,6 @@ gather_facts: false roles: - {role: apache, tags: ['apache']} - - {role: alternate-mdx, tags: ['altmdx']} - {role: mdserver, tags: ['mdserver']} - name: MDProxy @@ -23,5 +22,4 @@ gather_facts: false roles: - {role: apache, tags: ['apache']} - - {role: alternate-mdx, tags: ['altmdx']} - {role: mdproxy, tags: ['mdproxy']} diff --git a/roles/apache/templates/md.conf.j2 b/roles/apache/templates/md.conf.j2 index 8e7b98a..9daf02d 100644 --- a/roles/apache/templates/md.conf.j2 +++ b/roles/apache/templates/md.conf.j2 @@ -1,5 +1,5 @@ <VirtualHost *:80> - ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.srv.mdx.incubator.geant.org + ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ hosts[inventory_hostname]['tld'] }} ServerAlias signer.srv.mdx.incubator.geant.org DocumentRoot /var/www/html AllowEncodedSlashes NoDecode @@ -7,7 +7,7 @@ ProxyPassReverse "/" "http://127.0.0.1:5001/" </VirtualHost> <VirtualHost *:80> - ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.srv.mdx.incubator.geant.org + ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ hosts[inventory_hostname]['tld'] }} ServerAlias proxy.srv.mdx.incubator.geant.org DocumentRoot /var/www/html AllowEncodedSlashes NoDecode diff --git a/roles/geodns/tasks/main.yml b/roles/geodns/tasks/main.yml index 1e9080a..f9e0181 100644 --- a/roles/geodns/tasks/main.yml +++ b/roles/geodns/tasks/main.yml @@ -43,11 +43,12 @@ - name: Copy geoDNS config ansible.builtin.copy: - src: "srv.mdx.incubator.geant.org.json" - dest: "{{ geo_dns_config }}" + content: "{{ lookup('file', item + '.yaml') | from_yaml | to_nice_json }}" + dest: "{{ geo_dns_config }}/{{ item }}.json" mode: '0644' notify: - "enable geodns job" + with_list: "{{ tlds }}" - name: Copy GeoLite2DB's ansible.builtin.copy: diff --git a/roles/geodns/templates/geodns.service.j2 b/roles/geodns/templates/geodns.service.j2 index ede7f8c..c900f56 100644 --- a/roles/geodns/templates/geodns.service.j2 +++ b/roles/geodns/templates/geodns.service.j2 @@ -5,7 +5,7 @@ After=syslog.target network.target [Service] Type=simple WorkingDirectory={{ geodns_dir }} -ExecStart=/opt/geodns/geodns -config={{ geo_dns_config }} -log -interface 0.0.0.0 -port 53 +ExecStart=/opt/geodns/geodns -config={{ geo_dns_config }} -log -interface {{ ansible_facts.default_ipv4.address }} -port 53 ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure RestartSec=10 diff --git a/roles/mdproxy/tasks/main.yml b/roles/mdproxy/tasks/main.yml index 8d6cadb..92fd204 100644 --- a/roles/mdproxy/tasks/main.yml +++ b/roles/mdproxy/tasks/main.yml @@ -1,5 +1,9 @@ --- +- name: Import alternate-mdx role + import_role: + name: alternate-mdx + - name: Create mdproxy config ansible.builtin.template: src: "mdproxy.yaml.j2" diff --git a/roles/mdserver/tasks/main.yml b/roles/mdserver/tasks/main.yml index 9bbf971..3e9970a 100644 --- a/roles/mdserver/tasks/main.yml +++ b/roles/mdserver/tasks/main.yml @@ -1,5 +1,9 @@ --- +- name: Import alternate-mdx role + import_role: + name: alternate-mdx + - name: Create mdserver config ansible.builtin.template: src: "mdserver.yaml.j2" -- GitLab