From 260b22913d9a77d784e99da0807d345b4c7d246b Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Apr 10 2020 23:13:09 +0000 Subject: Merge branch 'hellcp/ipsilon-fixes' into 'production' Fix the issues with ipsilon setup See merge request infra/salt!366 --- diff --git a/pillar/role/ipsilon.sls b/pillar/role/ipsilon.sls index 4ae663e..2af7e2e 100644 --- a/pillar/role/ipsilon.sls +++ b/pillar/role/ipsilon.sls @@ -1,6 +1,18 @@ +profile: + identification: + database_user: identification + database_host: postgresql.infra.opensuse.org + sudoers: included_files: /etc/sudoers.d/group_ipsilon-admins: groups: ipsilon-admins: - 'ALL=(ALL) ALL' + +zypper: + repositories: + openSUSE:infrastructure:ipsilon: + baseurl: http://download.infra.opensuse.org/repositories/openSUSE:/infrastructure:/ipsilon/openSUSE_Leap_$releasever/ + priority: 100 + refresh: True diff --git a/pillar/secrets/role/identification.sls b/pillar/secrets/role/identification.sls new file mode 100644 index 0000000..f431987 --- /dev/null +++ b/pillar/secrets/role/identification.sls @@ -0,0 +1,95 @@ +#!yaml|gpg + +postgres: + users: + identification: + password: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+NIIVb2clzzJ8Yj5XqASRFQYCkQh9V8ppcgsGiA3d8pD3 + lGGzX6s7ZSw2HVKD+H32XhLizoA8oQVZkrgLW6jy7df/mqIoJhsXZCYA+Z3BNQJg + Rq11sbBhkL0LzHioYKx2X1RcgWXALHouDv1jd5S1sL1njeri8G7ncjiczyOBY2Tv + gMvFaXNnviyH9X2PHx35XsPYBqqvzVfpNHZgPSRoJ1qCeTpJHP6Lwqc5Ovw34dr8 + 6a4S59+ZoCnsLV71jAbyGq62uOkOowCEihc07yOAmeImW4+c7TSvOXWYUZx2gu0o + 6FAMvJPi49Ct5qlCsDjvWRQCWlzVEpRrLyaPFOQTPcGUWxJOl4jVFKLXfrI61zCZ + YQtfcVBjQ3xBD6rfFK/IANXGxXMVVwX5wyd0blq6Xk3Xv5wOnJ50rO6QJn5/gX5E + 7uo0a6kMhJNh+zsv+jtdDHyytpJuKJo8ErolsodDSY6Hupzlxz5TB9oFVKPpkgns + CBfru0k3gFJ4puD/9LPz1kLjw0RiWj4TOnHk7O95mcVJqQS5EbyJioW6gUnyP6kA + uqcujvthkDkpNihY26x25cU5DP+SisOwEL+8L5f6Qx/xnYS5Kfi1ooKrA4cMOXkM + 54HBw7Qdsm4xQjbi7qAmsM3B9mK7zBd/8PYcD9s0rliISC6QeVhxjasmVTUxO1gP + /iu+tKIRGBnWgD20TfUvK8LWl8/3hSkYOrEV2C8Difw8Cb7OTbiQPCsZh9Ngq5pr + 6sfzrIjZmqOfzjewiFKkpzvAf/FNytRyzwNSc5BECUPpJC52x7Us7whUtzS6VkQF + wpUwsS+WQixnh1siAsmLkHYoxLMhWirx4zzZ+K8Hw6qoiF9UWa3bzOcUpEYp9SEf + ZaqLhMk6UexmUFt3ptvuWj0WqWyhixUvFT72qfSHIh70h+hVYrtAD9wcS+pbazPO + l/lh5H3lyy7DQpxL5tCeTdvM3jI10xAJSxgqG4uPo3Eeg2nAqb8hU2Vo1OZG6QN5 + zMQdh59fn++VW6nnaFvW7gRpk0LKMtqTfPRvIgjIhlx89wFrV5AyrlsngpNKLii1 + DLyyZr4MWk2amB7IIJRRCoKCt/AHcPqfjz7nxP0ahAoVKHph0JDcdyBMRiHwRnSZ + fWG0k4QPGYWLA6RFXB16N/skqOEBlzG/4oRMM/SWVIaECmSDG4cC3yG5fXk3aP4R + J7nD1UcvM5B6OvHmP8UoQaZehINFJYs98TjtSVBS2/Zq1n8+Fvn8CTKANWz7Bmg0 + 6FCl+xcip/K4Zj6PLZ1NBQc1TTvu1mUFsEMOxts79SGrHXK7aMMG3yR7vqVJlCmP + cA8Mnhc02hPRq+s2hJpY9LYOc8b7wiWBdD/WTKxwaIcHhQIMA8amgupjyC8cAQ/+ + MnrbRTDOE19DW5W22YaS20Vihd1omA3aZdqLylEKzqlWWg2FianJ7iBpLgeL1BZ4 + GjHyjb7r9WDRp10P/vAbnyPx8sg+gPIJprPCp0eOV/UoebO3slHUL7TjB97VzsIw + vptMjO1GA9bzYnJEYO8Wrdd2eij8psorIRhq24ypRpqb2I4dO4eWiGoyzDmu1mU1 + WwYvAnPQdOWak1KCPStdaqef5CsTCePhU86sVDrZAwfnexz30SUYDvU8eSjCNsFa + bN5S+gUOlEOnrLJu/4d8mkNgMfb7sjGM2RA1v8XxF9qVRR3RHti/VG9hw/RGe39z + CGDyK2WzoQmHT9rglzaqTB4XnLIc20kKYeOt80n/PeBkulKJD6dIY+ebbria1okl + 8aqpoymKRPvADla09B60LdA0GDIlgsUxYPt0IM6vXRqbN4+8j2bjNBQTdXeC7fKp + ICQCCxQXvhDbLqL/qQIw2dy36IsrsRk9Ut6gzahoxQvFPP/1HgID0xta+IM+NYWe + lwcC9T5VUmrvPJW/u/lIgxklX+SXBZyKpmPRoccjgjgg+0H7/guP3VJqyBNUAiUk + 8BnJVb8XEkQnmd+h3nLV62nrHVWYmCxROyhmwFcIUal0ch8q8kLPIPJQulID7P76 + LYsl01K0oySNrDRPJFNmamx1PM37SSixmFauMXJft8mFAQ4DslgfDDfB4G8QA/wL + fRubyEAy60b0HnsZd4gSiaaw+QDwT0DnVmAWPcWFRnj3bMN4Ntq8ehGwobdoW1ir + 7oElz3AFUK8FPytKgiec4ODTqrJKA/CQuwxFF7hktaHP0zIAQ2rxZPOKKj3w210F + U5jMkmU8nHkJPWYp2dfEZpIwfVY8GEqzZSmQwdSooAP9Gw90/Sbwzq+lP77ATGGV + SD/Zov38ugaDoRcb0uBdwDh85cZk9CtP0+V6GRC9IKlKrOYgIJC/vNIkZmmZScMX + 05UIokAdSO9gIUG1CFMVftL6+L6RilwrgKKGXw5GxJLezBI0bCBR899A5t1SexqQ + RKPpsj4QCWNmfwpTp4tzMb2FAg4DiLcKbyvsTOYQB/wKkDQahSCTFJCVkk8tM+Sm + IMbZZaVpBH7BHd33O9JpV4Qq0n5AYXiLrHqh6nOwySm8xVlLmphW3i2Bjvo5qfDn + IocYgmYgo2qWU1DOUXNcVE6bQwi9pfz1kTH+ykqFEnaWIUkSwVTmGIaTRqO/sBij + qYWvblzGmbxgMA4lPMN2RdDTGrFB+5hEMo8oPimoJclBygRuJ95kGN1SOHMiAFJ+ + Xa88KBDjdZ0pQXEOxZcFMb01u65HmxPLvpGznt3o9DH6Z3skB6NGNbgh3KttpSir + OmI49Rjqb8t0OKlO5p/0gbCTT1NwYgEf2OeOlCZeggoTHJcIRqvIImQrZo0Vafhw + B/0dwQk5iIjLUMnD8HpmZ6ayDSnD5CJxO/Gm+qt3JykfKDZHbfhUC/yytRnTvKb6 + qcubbyzVrhFeeNUvaf+qhtIQhLGeSK1zJaf/WEMCalC7RKD/OFFBdGBX8VTYZPN/ + Oyv2epZNYf7fe6NAF7E5YgIM95rdhKPvfP5IOeAw98x00736r7IFlIMe17agK1kV + /3nnPGTesgP5szqCdcnKAflRSfE40e+QbIT0kmnjN9claUVr8MgnZi6VuMchRTtX + eAajxiyDcO5cQAoRPSZu0pXmAksue5ENzge6qI9DVDwETMfUYRz+OCcR/dMTQr/0 + ey50ZRbM0Tn2TgL0/MzK78LnhQIMA1tQWD9t5xGsARAAiyvshyFAVsgFhGEL+oR2 + EkVpk/XYICPCu31BHNPg+P3Yvivze2E0SnIHCe6u6uKXuzS9kVAPUvtbnFq1sCfn + 0zfHSN/MAaOljJNVNtTS9/wRW/rY6rEluKILgaZKthyeNsngH/4T1HnmDnYevGvN + Qm9kauthUwL0YtmrUjx2Rgz7d6fTOrt/uRad437wPEISOxmpH6/afW0kDL3lLbJg + OlIX9fXBPcPuUTmDTEM0DAGe77lga0TpeUsNj6iiwAvu+NJFtBjZNbbR6amwE1+f + ntV1yXMlhIMshKzsZWRSP0sZrOmMEhp8q29MtTOkTAsE9X8kZ3u1oAMM22DoiUe6 + 92g6Q7Y+AFRiEikGHzwsU2YupRfi2BuiMjoHLs9sP4vTvz71h2Iped5o1k7S4mnu + wlvkXf+jGlV5PYI7BHDenET3jp+GF8bks1ViSGiG0xeFfxLMvJ4z4WK4z8sJ5WzG + WzkmNPGP0Ef3COvyateGaH4NXtdQkVQNvmr41NcZ0NZoCSnFcvfC9tJtknyk+R7V + DgQm8AZmBuhXcS3kEo5AvYhC8B6bdkKQfjkrOa9a2N/ZgydGPsQp7Epbm3TKThFy + LRp70ml6gpK3bquZYz8oiFCsbTx34DDex5m01uJGou62G+V0yTrHMIzG6PDmQNe2 + JuL/BMdLdRnDuxrwEUwp1y6FAgwDcaIHBQt0xN0BD/9Ja8dXAa9Tcg2TfZF7BMWi + VlLuUTT9ioQ3Mtvehqhnt9/fanArBWwUOlXg/jTrwgvBeoOC2IW9uql0CtcUN8BC + ekObAgWrDI8PTs6LfJXbjOiD1nRgVRmhnZIccGAPRCDOF+w8iwKVLQSREZucgNaF + ZCYvPo6bUU80nhHUx0ROAoK9oSqNJ5DJqogU369xR+jBvi8nMjN2epWbSnl0ubxY + EEB3EYSH5zE9JOOlbgkm0Jkeg1zwsIT69KXq5kXd4NkpW1+XnoQewdPcF2+4pYxE + o3gzwy5NzkDfrXT7f9MGEfae9zIpPrIvkMXSZumEPEhQFxLYx0Q+2AT78GR6EaCN + vLeLad8xZ6TNPmOEyZoWRXLaiUo6czWCBYbMG8SiV2oCosA20+P4IBjTOeeTImyB + QtZV33ZZ4DFQu2r6h6IzWAGP3wPhWMi3UPVfjU5jvHXchpie1hK9l+keRPOyceW0 + CVc+CfiVzfC4C9gj+CkPqe6ZARbXZDyzKyIClODE0/AmRLSZP5sMgF9evfKbHFHU + SOrOL0CkRC+WkoLtiL05rYipj0jBCGoLQ49RI3vPXpiAdGsbK9Q5qjhO1dmVKuzz + Ue4RiG0d4PWPUACO4GNwHCm+GYjzOEN27SrtSRXf4iQZB1Oc44/VkhtrKkZ3U/qS + naN79AY57/mmyXIX3Ykh94UCDAOs8M4KG6xpkQEQAIAcxlMozlfMGont5TYlao++ + N7G/GvgLkh/D5NA77t35b8oPvdkJms6AczdazQ1OU9281RXwi/JhPSCBgbOpeA72 + C+OssUTO7YEGX2SYdQmcYchChuDHDbAQEYZgtTq8Zx5sZik0/kghAtLBjjB9g5tQ + T3kTgYz5wuzhOm91LFQfc0FdmAIJdgTRs6LWamgm0bkwPlzj2qM8FV/n4nYgUNqx + pM26FlTC+DkirXbuniGzbNJ3OETUHmy3WS3q7qUuT5UnM2uTw8kYUoMtTtoimeKw + j41toC7r/6U+xGogW5KSCFaG1/W9WluevcIR3cNmnavamgeG5iUD7WYblqZRspao + mbEvDNrlBEpHCbVKdqJR2LiJlmETlXeLbVRFTJomWW5Wz6EPDi4AXO65G9gnds/c + 9m4DmAm3YUJrIu+a1tVIcZgqRxCjLDITGVYnlb7YYbzg7QEfchdb66/yEtZwVkxJ + OOOVMeb4Qr7/tjuchvO8gViuhmuDMGrSpnYgORwxYRfDWn0p2kXQJxbKZbBNO8Fx + yDj10rxCFIr8SJREdbMyj+xTYckMEFXFKkp/CpmtQzhUw037ZEamJsXAGvkbW6El + qYItvTFvVpuH5+MVv2azxUXSCT7J/Xf7EUfafZ8t9hqoMeSJu5wpqaHbk3AVj7wf + DaCK2ZG86TObSxOq231Y0lsBVm53hQC5b0U8pdIS2U4QMDkroh7VTs4uCXMZdvXm + sMoBVHgoF9xnhsbpYCNSBHrxMMRq6EG1RYIxbcMf77bMbWK/oXze1ywrl2UuEXWZ + Ctejxit2ebRoPh/j + =TEOh + -----END PGP MESSAGE----- diff --git a/salt/profile/identification/config.sls b/salt/profile/identification/config.sls index 58d38c4..82746be 100644 --- a/salt/profile/identification/config.sls +++ b/salt/profile/identification/config.sls @@ -1,11 +1,11 @@ -ipsilon_saml2_dir: - file.directory: - - name: /etc/ipsilon/saml2 - - mode: 700 - - user: ipsilon - -# # This will be exported from the UI once we set everything up there +# # The commented stuff will be exported from the UI once we set everything up there # +# ipsilon_saml2_dir: +# file.directory: +# - name: /etc/ipsilon/saml2 +# - mode: 700 +# - user: ipsilon + # ipsilon_configuration_file: # file.managed: # - name: /etc/ipsilon/configuration.conf @@ -32,30 +32,30 @@ ipsilon_conf_file: file.symlink: - target: /etc/ipsilon/ipsilon.conf -ipsilon_oidc_conf_file: - file.managed: - - name: /etc/ipsilon/openidc.static.cfg - - source: salt://profile/identification/files/openidc.static.cfg - - mode: 600 - - require_in: - - service: id_apache_service - - watch_in: - - module: id_apache_restart +# ipsilon_oidc_conf_file: +# file.managed: +# - name: /etc/ipsilon/openidc.static.cfg +# - source: salt://profile/identification/files/openidc.static.cfg +# - mode: 600 +# - require_in: +# - service: id_apache_service +# - watch_in: +# - module: id_apache_restart -/etc/ipsilon/openidc.key: - file.managed: - - contents_pillar: profile:matrix:openidc_priv_key - - mode: 600 - - user: ipsilon +# /etc/ipsilon/openidc.key: +# file.managed: +# - contents_pillar: profile:identification:openidc_priv_key +# - mode: 600 +# - user: ipsilon -/etc/ipsilon/saml2/idp.key: - file.managed: - - contents_pillar: profile:matrix:saml2_priv_key - - mode: 600 - - user: ipsilon +# /etc/ipsilon/saml2/idp.key: +# file.managed: +# - contents_pillar: profile:identification:saml2_priv_key +# - mode: 600 +# - user: ipsilon -/etc/ipsilon/saml2/idp.crt: - file.managed: - - contents_pillar: profile:matrix:saml2_pub_key - - mode: 644 - - user: ipsilon +# /etc/ipsilon/saml2/idp.crt: +# file.managed: +# - contents_pillar: profile:identification:saml2_pub_key +# - mode: 644 +# - user: ipsilon diff --git a/salt/profile/identification/files/openidc.static.cfg b/salt/profile/identification/files/openidc.static.cfg deleted file mode 100644 index 792d600..0000000 --- a/salt/profile/identification/files/openidc.static.cfg +++ /dev/null @@ -1 +0,0 @@ -# diff --git a/salt/profile/identification/init.sls b/salt/profile/identification/init.sls index a9ea967..3f15909 100644 --- a/salt/profile/identification/init.sls +++ b/salt/profile/identification/init.sls @@ -7,5 +7,3 @@ id_apache_restart: module.wait: - name: service.restart - m_name: apache2 - - require: - - service: synapse_service