Add all_martin.yml all.yaml file

12436e7c · Martin van Es · 39cf89fa · 12436e7c · 12436e7c · 12436e7c
Commit 12436e7c authored May 06, 2022 by Martin van Es
--- a/files/geodns.yaml
+++ b/files/geodns.yaml
--- a/inventory/group_vars/all_martin.yml
+++ b/inventory/group_vars/all_martin.yml
+---
+
+tld: srv.mdx.incubator.geant.org
+all_yaml: https://gitlab.geant.org/TI_Incubator/mdx-saas-config/-/raw/main/inventory/group_vars/all_martin.yml
+
+proxies:
+  et2:
+    hostname: srv1
+    alias: 'server-md2.et2.com'
+
+    mdproxy:
+      test:
+        signer: 'http://localhost:5001'
+        realm_alias: 'test-md.et2.com'
+      edugain:
+        signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+        realm_alias: 'edugain-md.et2.com'
+
+  mdxcdn:
+    hostname: srv2
+    alias: 'server-md2.et2.com'
+
+    mdproxy:
+      test:
+        signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+        realm_alias: 'test-md.foobar.com'
+      edugain:
+        signer: 'http://localhost:5001'
+
+  okeanos:
+    hostname: srv3
+
+    mdproxy:
+      test:
+        signer: 'http://srv1-signer.srv.mdx.incubator.geant.org'
+        realm_alias: 'test-md.barfoo.com'
+      edugain:
+        signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+
+  alternative-mdx:
+    hostname: srv4
+    alias: 'server-md.example.com'
+
+    mdproxy:
+      edugain:
+        signer: 'http://srv2-signer.srv.mdx.incubator.geant.org'
+        realm_alias: 'edugain-md.blabla.com'
--- a/inventory/group_vars/mdsigner.yml.example
+++ b/inventory/group_vars/mdsigner.yml.example
@@ -26,5 +26,5 @@ signers:
        key_spec: "test.key"
        cert_spec: "test.crt"
      foobar:
-        name: hsm_signer
+        type: hsm_signer
        key_spec: pkcs11:///usr/lib/softhsm/libsofthsm2.so/test?pin=secret
--- a/roles/apache/templates/md.conf.j2
+++ b/roles/apache/templates/md.conf.j2
-{% if signers is defined and signers[inventory_hostname].get('mdsigner') %}
+{% if signers is defined and signers.get(inventory_hostname, {}).get('mdsigner') %}
 # Signer configuration
 <VirtualHost *:80>
        ServerName {{ signers[inventory_hostname]['hostname'] }}-signer.{{ tld }}
@@ -12,9 +12,7 @@
 </VirtualHost>

 {% endif %}
-{% if proxies is defined and proxies.get(inventory_hostname) %}
-
-{% if proxies is defined and proxies[inventory_hostname].get('mdproxy') %}
+{% if proxies is defined and proxies.get(inventory_hostname, {}).get('mdproxy') %}
 # Global proxy configuration
 <VirtualHost *:80>
        ServerName {{ proxies[inventory_hostname]['hostname'] }}-proxy.{{ tld }}
@@ -42,5 +40,3 @@
 </VirtualHost>
 {% endfor %}
 {% endif %}
-
-{% endif %}
--- a/roles/geodns/handlers/main.yml
+++ b/roles/geodns/handlers/main.yml
 ---
- name: enable geodns job
+- name: enable geodns jobs
  systemd:
    name: "{{ item }}"
    enabled: true

--- a/roles/geodns/tasks/main.yml
+++ b/roles/geodns/tasks/main.yml
@@ -36,7 +36,7 @@
    chdir: "{{ geodns_dir }}"
  when: geodns_git.changed or not geodns.stat.exists
  notify:
-    - "enable geodns job"
+    - "enable geodns jobs"

 - name: Create config dirs if it does not exist
  ansible.builtin.file:
@@ -49,11 +49,11 @@

 - name: Copy geoDNS config
  ansible.builtin.copy:
-    src: "geodns.yaml"
-    dest: "{{ geodns_config }}/geodns.yaml"
+    src: "{{ tld }}.yaml"
+    dest: "{{ geodns_config }}/{{ tld }}.yaml"
    mode: '0644'
  notify:
-    - "enable geodns job"
+    - "enable geodns jobs"

 - name: Copy geoDNS config parser
  ansible.builtin.copy:
@@ -61,7 +61,7 @@
    dest: "{{ geodns_config }}/geoconfig.py"
    mode: '0755'
  notify:
-    - "enable geodns job"
+    - "enable geodns jobs"

 - name: Download GeoLite2DB's
  ansible.builtin.unarchive:
@@ -75,7 +75,7 @@
    - GeoLite2-City
    - GeoLite2-Country
  notify:
-    - "enable geodns job"
+    - "enable geodns jobs"
  when: geodns_licence is defined

 - name: Create geoDNS config
@@ -83,7 +83,7 @@
    src: "geodns.conf.j2"
    dest: "{{ geodns_config }}/geodns.conf"
  notify:
-    - "enable geodns job"
+    - "enable geodns jobs"

 - name: Run GeoDns config job once
  command:
@@ -101,4 +101,4 @@
    - geodns-update.service
    - geodns-update.timer
  notify:
-    - "enable geodns job"
+    - "enable geodns jobs"
--- a/roles/local/tasks/main.yml
+++ b/roles/local/tasks/main.yml
@@ -12,6 +12,12 @@
    src: "local.j2"
    dest: "{{ mdxsaas_dir }}/inventory/local"

+- name: Copy mdproxy all.yaml
+  ansible.builtin.get_url:
+    url: "{{ all_yaml }}"
+    dest: "{{ mdxsaas_dir }}/inventory/group_vars/all.yaml"
+    mode: '0644'
+
 - name: Write MDX-SAAS repo version
  shell:
    cmd: "git rev-parse HEAD > /tmp/mdx-saas-revision"

--- a/roles/mdproxy/handlers/main.yml
+++ b/roles/mdproxy/handlers/main.yml
 ---
- name: enable mdproxy job
+- name: enable mdproxy jobs
  systemd:
    name: "{{ item }}"
    enabled: true

--- a/roles/mdproxy/tasks/main.yml
+++ b/roles/mdproxy/tasks/main.yml
@@ -9,7 +9,7 @@
    src: "mdproxy.yaml.j2"
    dest: "{{ altmdx_dir }}/mdproxy.yaml"
  notify:
-    - "enable mdproxy job"
+    - "enable mdproxy jobs"

 - name: Copy mdproxy service files
  ansible.builtin.template:
@@ -20,4 +20,4 @@
    - mdproxy-update.service
    - mdproxy-update.timer
  notify:
-    - "enable mdproxy job"
+    - "enable mdproxy jobs"
--- a/roles/mdsigner/templates/mdsigner.yaml.j2
+++ b/roles/mdsigner/templates/mdsigner.yaml.j2
@@ -3,7 +3,7 @@
 {% for realm, values in mdsigners.items() %}
 {{ realm }}:
  signer:
-    name: {{ values.type }}
+    type: {{ values.type }}
    key_spec: {{ values.key_spec }}
    cert_spec: {{ values.get('cert_spec') }}
  metadir: metadata/{{ realm }}