From 945ac893f917a5b6f5c4b770b8e1f74ee7b90c18 Mon Sep 17 00:00:00 2001
From: Martin van Es <martin@mrvanes.com>
Date: Wed, 20 Apr 2022 12:51:18 +0200
Subject: [PATCH] Move signer conf from all.yml to mdsigner.yml

---
 .gitignore                                |  1 +
 inventory/group_vars/all.yml              | 15 -------------
 inventory/group_vars/mdsigner.yml.example | 27 +++++++++++++++++++++++
 3 files changed, 28 insertions(+), 15 deletions(-)
 create mode 100644 inventory/group_vars/mdsigner.yml.example

diff --git a/.gitignore b/.gitignore
index 9ceeccc..94aad02 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 inventory/group_vars/geodns.yml
+inventory/group_vars/mdsigner.yml
 .ssh/id_*
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index a82eac0..cae20cf 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -7,11 +7,6 @@ hosts:
     hostname: srv1
     altname: 'server-md2.et2.com'
 
-    mdsigner:
-      test:
-        signer: hsm_signer
-        metadir: metadata/test
-
     mdproxy:
       test:
         signer: 'http://localhost:5001'
@@ -24,11 +19,6 @@ hosts:
     hostname: srv2
     altname: 'server-md2.et2.com'
 
-    mdsigner:
-      edugain:
-        signer: hsm_signer
-        metadir: metadata/edugain
-
     mdproxy:
       test:
         signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
@@ -50,11 +40,6 @@ hosts:
     hostname: srv4
     altname: 'server-md.example.com'
 
-    mdsigner:
-      foobar:
-        signer: normal_signer
-        metadir: metadata/test
-
     mdproxy:
       edugain:
         signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
diff --git a/inventory/group_vars/mdsigner.yml.example b/inventory/group_vars/mdsigner.yml.example
new file mode 100644
index 0000000..5f9e0a8
--- /dev/null
+++ b/inventory/group_vars/mdsigner.yml.example
@@ -0,0 +1,27 @@
+---
+
+hosts:
+  et2:
+    mdsigner:
+      test:
+        signer:
+          name: hsm_signer
+          key_spec: pkcs11:///usr/lib/softhsm/libsofthsm2.so/test?pin=secret
+        metadir: metadata/test
+
+  mdxcdn:
+    mdsigner:
+      edugain:
+        signer:
+          name: hsm_signer
+          key_spec: pkcs11:///usr/lib/softhsm/libsofthsm2.so/test?pin=secret
+        metadir: metadata/edugain
+
+  alternative-mdx:
+    mdsigner:
+      foobar:
+        signer:
+          name: normal_signer
+          key_spec: "meta.key"
+          cert_spec: "meta.crt"
+        metadir: metadata/test
-- 
GitLab