Commit 050a1dc7 authored by Martin van Es's avatar Martin van Es
Browse files

Improved README and removed tld configuration duplication

parent 9d295727
......@@ -13,4 +13,15 @@ Configuration repository for MDX as a service pilot
```files/[tld].yaml```
* contains the GeoDNS configuration for [tld] as a yaml file.
* contains the geoDNS configuration for [tld] as a yaml file.
During deploy, (Apache) virtualhost ServerNames will be generated by the following guidelines, based on the configuration in inventory/group_vars/all.yaml.
### Signing servers
* [hostname]-signer.[tld]
### Proxies
* [hostname]-proxy.[tld]
* proxy-[realm].
Make sure you have DNS entries for those hostnames in geoDNS configuration.
\ No newline at end of file
---
tld: srv.mdx.incubator.geant.org
hosts:
et2.gndev.hexaa.eu:
hostname: srv1
tld: srv.mdx.incubator.geant.org
altname: 'server-md2.et2.com'
mdserver:
test:
signer: hsm_signer
metadir: metadata/test
mdproxy:
test:
signer: 'http://localhost:5001'
......@@ -16,37 +19,42 @@ hosts:
edugain:
signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
altname: 'edugain-md.et2.com'
mdxcdn.pt-38.utr.surfcloud.nl:
hostname: srv2
tld: srv.mdx.incubator.geant.org
altname: 'server-md2.et2.com'
mdserver:
edugain:
signer: hsm_signer
metadir: metadata/edugain
mdproxy:
test:
signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
altname: 'test-md.foobar.com'
edugain:
signer: 'http://localhost:5001'
62.217.72.109:
hostname: srv3
tld: srv.mdx.incubator.geant.org
mdproxy:
test:
signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
altname: 'test-md.barfoo.com'
edugain:
signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
alternative-mdx.pt-76.utr.surfcloud.nl:
hostname: srv4
tld: srv.mdx.incubator.geant.org
altname: 'server-md.example.com'
mdserver:
foobar:
signer: normal_signer
metadir: metadata/test
mdproxy:
edugain:
signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
......
{% if hosts[inventory_hostname].get('mdserver') %}
<VirtualHost *:80>
ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ hosts[inventory_hostname]['tld'] }}
ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.{{ tld }}
{% if hosts[inventory_hostname].get('altname') %}
ServerAlias {{ hosts[inventory_hostname]['altname'] }}
{% endif %}
......@@ -13,19 +13,17 @@
{% if hosts[inventory_hostname].get('mdproxy') %}
<VirtualHost *:80>
ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ hosts[inventory_hostname]['tld'] }}
ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.{{ tld }}
DocumentRoot /var/www/html
AllowEncodedSlashes NoDecode
ProxyPass "/" "http://127.0.0.1:5002/" nocanon
ProxyPassReverse "/" "http://127.0.0.1:5002/"
</VirtualHost>
{% endif %}
{% if hosts[inventory_hostname].get('mdproxy') %}
{% set mdproxy = hosts[inventory_hostname]['mdproxy'] %}
{% for realm, values in mdproxy.items() %}
<VirtualHost *:80>
ServerName proxy-{{ realm }}.{{ hosts[inventory_hostname]['tld'] }}
ServerName proxy-{{ realm }}.{{ tld }}
{% if values.get('altname') %}
ServerAlias {{ values['altname'] }}
{% endif %}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment