INT-ODT - new host

diff --git a/customer/mbvd-odt/int-tmp-odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/int-tmp-odt-daimler-com.pixelpark.net.yaml
index 3b0442d3c925d4f4820fbb228ffd4a4ad755de38..6c66129472322855707042bf3b47dc99781b8e2f 100644 (file)
--- a/customer/mbvd-odt/int-tmp-odt-daimler-com.pixelpark.net.yaml
+++ b/customer/mbvd-odt/int-tmp-odt-daimler-com.pixelpark.net.yaml
@@ -1,2 +1,161 @@
 ---
 infra::role: base
+infra::additional_classes:
+  - infra::profile::apache
+  - apache::mod::proxy_ajp
+  - apache::mod::remoteip
+  - apache::mod::headers
+  - infra::profile::cron
+  - logstash
+
+accounts::users:
+  jenkins:
+    apply: true
+    sudo: true
+
+infra::profile::apache::pp_vhosts:
+  odt:
+    docroot: '/var/www'
+    servername: int-odt-daimler-com.pixelpark.net
+    serveraliases:
+      - int-emmt-daimler-com.pixelpark.net
+    ssl: true
+    cert_servername: 'wildcard.pixelpark.net'
+    cert_customer: 'pixelpark'
+    ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+    ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    ssl_verify_client: require
+    ssl_crl: '/etc/pki/tls/certs/odt-cacrl.pem'
+    ssl_ca: '/etc/pki/tls/certs/odt-root-ca.pem'
+    rewrites_non_ssl:
+      - https:
+        comment: 'almost all to https'
+        rewritecond:
+          - '%%{ich-trickse}{REQUEST_URI} !^/.\.html'
+        rewrite_rule:
+          - '^(.*)$ https://int-odt-daimler-com.pixelpark.net$1 [L,R=301]'
+    #rewrites_ssl:
+    #  - check_auth:
+    #    comment: 'show error if denied'
+    #    rewrite_cond:
+    #      - '%%{ich-trickse}{SSL:SSL_CLIENT_VERIFY} !=SUCCESS'
+    #    rewrite_rule:
+    #      - '.? - [F]'
+    proxy_preserve_host: true
+    proxy_pass:
+      - { path: /teilenews-service, url: 'http://localhost:8082/teilenews-service' }
+      - { path: /newsletterservice, url: 'http://localhost:8081/newsletterservice' }
+      - { path: /, url: 'ajp://localhost:8009/' }
+    directories_ssl:
+      - slash:
+        provider: location
+        path: '/'
+        custom_fragment: |
+          # enabled until merge of 71e4c530d286b8f11863d16ee94bc2f28f800cce
+          SSLRequire %%{ich-trickse}{SSL_CLIENT_I_DN_O} eq "ODT"
+          SSLVerifyClient require
+      - webservice:
+        provider: location
+        path: '/emm_webservice'
+        require:
+          - 'ip 93.188.107.192/26'
+          - 'ip 217.66.50.0/24'
+          - 'ip 217.66.51.0/24'
+      - newsletterservice:
+        provider: location
+        path: '/newsletterservice'
+        require:
+            - ip 217.66.51.0/24
+            - ip 217.66.50.0/24
+            - ip 217.66.56.0/24
+            - ip 213.61.96.226
+            - ip 176.28.25.242
+            - ip 37.120.57.39
+            - ip 46.30.59.148
+            - ip 82.165.141.125
+            - ip 37.120.103.75
+            - ip 83.125.19.254
+            - ip 192.168.170.49
+            - ip 192.168.170.53
+            - ip 192.168.170.52
+            - ip 54.205.87.231
+            - ip 86.56.52.27
+            - ip 37.202.1.232
+            - ip 46.30.60.116
+            - ip 192.168.170.102
+            - ip 192.168.170.103
+
+infra::profile::cron::cronjobs:
+  fetchcrl:
+    user: root
+    command: 'scp httpd@odt-tinyca:/www/htdocs/odt-tinyca.pixelpark.net/data/phpki-store/CA/crl/cacrl.pem /etc/pki/tls/certs/odt-cacrl.pem && systemctl reload httpd'
+    minute: 0
+    hour: 5
+    description: um 05:00 Uhr wird die Revocationlist vom User openemm geholt. somit muss der Webserver restarted werden
+
+
+logstash::filter:
+  - journald
+
+logstash::generic_resource:
+  mbvd-teilenews-service:
+    resource: pipe
+    order: 10
+    parameters:
+      command: '/bin/journalctl -o cat -fl -u mbvd-teilenews-service.service'
+      type: webapp
+      tags:
+        - 'int'
+        - "%{customer}"
+        - "mbvd-teilenews-service"
+      codec:
+        type: multiline
+        what: previous
+        pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}"
+        negate: true
+  odt-newsletter-service:
+    resource: pipe
+    order: 10
+    parameters:
+      command: '/bin/journalctl -o cat -fl -u odt-newsletter-service.service'
+      type: webapp
+      tags:
+        - 'int'
+        - "%{customer}"
+        - "odt-newsletter-service"
+      codec:
+        type: multiline
+        what: previous
+        pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}"
+        negate: true
+  openemm-core:
+    resource: file
+    order: 10
+    parameters:
+      path: '/home/openemm/logs/openemm/openemm_core.log'
+      type: 'EMM-Core'
+      tags:
+        - 'int'
+        - "%{customer}"
+        - 'odt-core'
+      codec:
+        type: multiline
+        what: previous
+        pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}"
+        negate: true
+  openemm-data:
+    resource: file
+    order: 10
+    parameters:
+      path: '/home/openemm/logs/openemm/openemm_data.log'
+      type: 'EMM-Webservice'
+      tags:
+        - 'int'
+        - "%{customer}"
+        - 'odt-data'
+      codec:
+        type: multiline
+        what: previous
+        pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}"
+        negate: true