From: Oliver Böttcher Date: Wed, 21 Feb 2018 16:02:52 +0000 (+0100) Subject: INT-ODT - new host X-Git-Tag: v0.1.0~1557^2~4 X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=e0b3d9e511b365d07d58ef701fdd7b7737cfb193;p=pixelpark%2Fhiera.git INT-ODT - new host --- diff --git a/customer/mbvd-odt/int-tmp-odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/int-tmp-odt-daimler-com.pixelpark.net.yaml index 3b0442d3..6c661294 100644 --- a/customer/mbvd-odt/int-tmp-odt-daimler-com.pixelpark.net.yaml +++ b/customer/mbvd-odt/int-tmp-odt-daimler-com.pixelpark.net.yaml @@ -1,2 +1,161 @@ --- infra::role: base +infra::additional_classes: + - infra::profile::apache + - apache::mod::proxy_ajp + - apache::mod::remoteip + - apache::mod::headers + - infra::profile::cron + - logstash + +accounts::users: + jenkins: + apply: true + sudo: true + +infra::profile::apache::pp_vhosts: + odt: + docroot: '/var/www' + servername: int-odt-daimler-com.pixelpark.net + serveraliases: + - int-emmt-daimler-com.pixelpark.net + ssl: true + cert_servername: 'wildcard.pixelpark.net' + cert_customer: 'pixelpark' + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_verify_client: require + ssl_crl: '/etc/pki/tls/certs/odt-cacrl.pem' + ssl_ca: '/etc/pki/tls/certs/odt-root-ca.pem' + rewrites_non_ssl: + - https: + comment: 'almost all to https' + rewritecond: + - '%%{ich-trickse}{REQUEST_URI} !^/.\.html' + rewrite_rule: + - '^(.*)$ https://int-odt-daimler-com.pixelpark.net$1 [L,R=301]' + #rewrites_ssl: + # - check_auth: + # comment: 'show error if denied' + # rewrite_cond: + # - '%%{ich-trickse}{SSL:SSL_CLIENT_VERIFY} !=SUCCESS' + # rewrite_rule: + # - '.? - [F]' + proxy_preserve_host: true + proxy_pass: + - { path: /teilenews-service, url: 'http://localhost:8082/teilenews-service' } + - { path: /newsletterservice, url: 'http://localhost:8081/newsletterservice' } + - { path: /, url: 'ajp://localhost:8009/' } + directories_ssl: + - slash: + provider: location + path: '/' + custom_fragment: | + # enabled until merge of 71e4c530d286b8f11863d16ee94bc2f28f800cce + SSLRequire %%{ich-trickse}{SSL_CLIENT_I_DN_O} eq "ODT" + SSLVerifyClient require + - webservice: + provider: location + path: '/emm_webservice' + require: + - 'ip 93.188.107.192/26' + - 'ip 217.66.50.0/24' + - 'ip 217.66.51.0/24' + - newsletterservice: + provider: location + path: '/newsletterservice' + require: + - ip 217.66.51.0/24 + - ip 217.66.50.0/24 + - ip 217.66.56.0/24 + - ip 213.61.96.226 + - ip 176.28.25.242 + - ip 37.120.57.39 + - ip 46.30.59.148 + - ip 82.165.141.125 + - ip 37.120.103.75 + - ip 83.125.19.254 + - ip 192.168.170.49 + - ip 192.168.170.53 + - ip 192.168.170.52 + - ip 54.205.87.231 + - ip 86.56.52.27 + - ip 37.202.1.232 + - ip 46.30.60.116 + - ip 192.168.170.102 + - ip 192.168.170.103 + +infra::profile::cron::cronjobs: + fetchcrl: + user: root + command: 'scp httpd@odt-tinyca:/www/htdocs/odt-tinyca.pixelpark.net/data/phpki-store/CA/crl/cacrl.pem /etc/pki/tls/certs/odt-cacrl.pem && systemctl reload httpd' + minute: 0 + hour: 5 + description: um 05:00 Uhr wird die Revocationlist vom User openemm geholt. somit muss der Webserver restarted werden + + +logstash::filter: + - journald + +logstash::generic_resource: + mbvd-teilenews-service: + resource: pipe + order: 10 + parameters: + command: '/bin/journalctl -o cat -fl -u mbvd-teilenews-service.service' + type: webapp + tags: + - 'int' + - "%{customer}" + - "mbvd-teilenews-service" + codec: + type: multiline + what: previous + pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}" + negate: true + odt-newsletter-service: + resource: pipe + order: 10 + parameters: + command: '/bin/journalctl -o cat -fl -u odt-newsletter-service.service' + type: webapp + tags: + - 'int' + - "%{customer}" + - "odt-newsletter-service" + codec: + type: multiline + what: previous + pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}" + negate: true + openemm-core: + resource: file + order: 10 + parameters: + path: '/home/openemm/logs/openemm/openemm_core.log' + type: 'EMM-Core' + tags: + - 'int' + - "%{customer}" + - 'odt-core' + codec: + type: multiline + what: previous + pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}" + negate: true + openemm-data: + resource: file + order: 10 + parameters: + path: '/home/openemm/logs/openemm/openemm_data.log' + type: 'EMM-Webservice' + tags: + - 'int' + - "%{customer}" + - 'odt-data' + codec: + type: multiline + what: previous + pattern: "^%%{ich-trickse}{TIMESTAMP_ISO8601}" + negate: true