Skip to content
Snippets Groups Projects
Commit e824f271 authored by Fynn Becker's avatar Fynn Becker :crab:
Browse files

Initial commit

parents
Branches
No related tags found
No related merge requests found
Showing
with 524 additions and 0 deletions
.vagrant/
auto_accept: True
master: 10.0.0.5
../../pillar.example
\ No newline at end of file
-----BEGIN CERTIFICATE-----
MIIFuTCCA6GgAwIBAgIUcUudURLszmTKTnF9Q3W009BYOsQwDQYJKoZIhvcNAQEL
BQAwdjELMAkGA1UEBhMCREUxFjAUBgNVBAgMDU5pZWRlcnNhY2hzZW4xETAPBgNV
BAcMCEhhbm5vdmVyMRwwGgYDVQQKDBNIb2Noc2NodWxlIEhhbm5vdmVyMR4wHAYD
VQQDDBVhcGl2Mi5wb3N0Z3Jlc3QubG9jYWwwHhcNMTkwNDA4MDkzNDMzWhcNMjkw
NDA1MDkzNDMzWjB2MQswCQYDVQQGEwJERTEWMBQGA1UECAwNTmllZGVyc2FjaHNl
bjERMA8GA1UEBwwISGFubm92ZXIxHDAaBgNVBAoME0hvY2hzY2h1bGUgSGFubm92
ZXIxHjAcBgNVBAMMFWFwaXYyLnBvc3RncmVzdC5sb2NhbDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAObvehl12k5JFRDPZaHx8O4CiVXYfUbtg7m8Qq6+
Ng4hINs0kUfOZxzd7NWCEZZw3OToRaPPEazoWkh852jD/tJ3iublpcTiZp9Kyg0S
o1J040sPyTZ+beic8kUEWtpKAyu9q0rln9+YsFfleZE1kt3RTXB6+xorLVxcUajw
IAAqBIISKyRIi9dGTJakir1QtyxPRWiKfNZ+Wwm4C7UBnGOUn2SjavxZPRP0wk57
Eq7AwyyuDic9dMD5T/qaWiKUY0OzzP3OuM8evNyrAV8NarT9IiloG3TBh+qHKK5F
5p/DtgGOdW+Z+P4n1avdkfEdZETuLTcE8O6yUV+nGEGuWDPySpze4TWkf5DfFQCD
rtrtHXsDIDQhmCBhwK6Fxcby51rhtmd1FMOUx/T0GsngTCACJNJ8e8CKkNX387Jk
UcSHSUt/1wip4WCC1z7YuKMyMas12WRyN82NCeWT7lVbFGNVnGUjOulCJsMAYDZX
NLVs2SIBy6LDSOVeiCOvJWft5nkpnPtSEy7qaiufB2IMtv0TNzsmfJiGqzMCaQNt
sx0bgFQPA2dSF855/MIG01OszLdIs4W+sFxGQEWiJ28KiCgh0pr+0g7CWaac+0AE
U01iuaE7KaaV8NhzOtW9JQRo7SWhmiWF6VuN+YNgBlIePcg0fVxCIDg07tDT3l44
2eY3AgMBAAGjPzA9MDsGA1UdEQQ0MDKCFWFwaXYyLnBvc3RncmVzdC5sb2NhbIIZ
aWNtc2NhY2hlLnBvc3RncmVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEApOJ4
o0YwOvR534c9EvAKN4tiXgQKEmyjmdfS0741JH0t3gAhrEX6KVAX7Vf99x6CZcS1
x+czf1my3EIZpwQolBEpf73Xtjppn1Y5GlEVb3S15pIW8Pglj262p3XtpzSlfq8v
mcYiC9JOaruseSIKc8xKuTmwgU8n6rQTKfMvg3wetTlgGji/GeD40+paGDSqtikP
E+pve0cgcQqDA3cYwT9LNvN2BGhi4KU9O0poSJYMqXR4ErzI+ZAxj82vkcsxmDba
T1tjvrmUscZ2LX2dIrgs/jbRSugQiPUmuhE0s4TJfLtJCPOnvPzDmiCf47oiOz+G
R6FJo/yDZr0tdS5RNoFZsngS/N6rbPkooQrfPfHVnlRHR3foUR2bJQp2PKxqqtLQ
ENjbdeLDQCqMDo0BMXvZvgGek4vA+W21FteqskTnOKU+Yv3sUTJVKHmxtTXciz6a
nmKCOYtTB+kHbNyz+ovGUZ/oRK4t8xwgpKL6c09OX7k/pvnb8VnYeUDLE1wfW+n4
2o3fk+oiPkFU79g5u748ZGDE2U3Pl460hsAfV31QjERbSHr7DwVF7dpnE9jH+tu+
/FWMLpovASWCdh9tDoR9XzonmF72E+gKcYww2M1GSGQQm/4oJYmNIlAZd8lEB4Wh
Gz30Lx+MReUNuzvChwap0oSq0axECnEsVPvRYUs=
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA9b8X8Plp+vLeVpQf8Nz2u9+lt8eF6BYj517XzJX8MsgPI1XU7dA4
j75yitn1kd3R8q/PyTQgmbRdh54EfNEfiCnbY/2X+0c4L1rZqXx+GeUdAAXgjuye
LjA/zd0RprK6TOpIOYQ7MO4P35T8Ora8jDXvf/Q386vCRQ5fiuVR5+nH9R4KBi7H
iqM9N5dyhRNJIZZMeQ0T+zmeywazeicYszKunJqjQ0jZ1D+J1UUTHjH6/Lp1lVqA
kJHCWa7GkBOfROmYFjeJ3v5Hfjkry/uXtvVoVfFIUGA4dPoCBRLzfNAGMhPzx0Gr
kaW8ir0Mykld8mdgoCThKuHPhUnJ3wWamwIBAg==
-----END DH PARAMETERS-----
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDm73oZddpOSRUQ
z2Wh8fDuAolV2H1G7YO5vEKuvjYOISDbNJFHzmcc3ezVghGWcNzk6EWjzxGs6FpI
fOdow/7Sd4rm5aXE4mafSsoNEqNSdONLD8k2fm3onPJFBFraSgMrvatK5Z/fmLBX
5XmRNZLd0U1wevsaKy1cXFGo8CAAKgSCEiskSIvXRkyWpIq9ULcsT0VoinzWflsJ
uAu1AZxjlJ9ko2r8WT0T9MJOexKuwMMsrg4nPXTA+U/6mloilGNDs8z9zrjPHrzc
qwFfDWq0/SIpaBt0wYfqhyiuReafw7YBjnVvmfj+J9Wr3ZHxHWRE7i03BPDuslFf
pxhBrlgz8kqc3uE1pH+Q3xUAg67a7R17AyA0IZggYcCuhcXG8uda4bZndRTDlMf0
9BrJ4EwgAiTSfHvAipDV9/OyZFHEh0lLf9cIqeFggtc+2LijMjGrNdlkcjfNjQnl
k+5VWxRjVZxlIzrpQibDAGA2VzS1bNkiAcuiw0jlXogjryVn7eZ5KZz7UhMu6mor
nwdiDLb9Ezc7JnyYhqszAmkDbbMdG4BUDwNnUhfOefzCBtNTrMy3SLOFvrBcRkBF
oidvCogoIdKa/tIOwlmmnPtABFNNYrmhOymmlfDYczrVvSUEaO0loZolhelbjfmD
YAZSHj3INH1cQiA4NO7Q095eONnmNwIDAQABAoICAAJp7F/JwI9i6ipz0H8h1T/X
nPHdwml0YBUX56aF7HC3Xe2MnhwfByrhEvGkW2S0J0rpNpkgt/GTuCXb0Fti+Q3g
G/6P1ey55RKzKGt8j2J0QE/viU3dgm6U/V9FTWHMtj3FzL2KquIeaXFxv5SJ99AD
uQh88JT0cJPvjxbx85Os3MEzSWomq/eDD5fffme+KTv4VCRklitzxKXUW6L3slfE
HOpjXuHmWOIVg9ZoKOjUsPWNmC5G0SqXMIPRCzIjVOpHPdRFTd80VgsEao5AyKW9
o5bFNMxCnZYQ9ZbkuiVfWU6o24dgF58ocW5LcZQQl5S03JofnhkQmhMi3vkIxnk3
cNy5lOob4OcVH8Mlc/TmMaSOhQgp6BVee90CV+mQLvrvpNWFnv0hBsneKfQwHrWa
Z3crGYEOKcxwemdZKhQokjoLjwuklwnEO/BOH0rkSHgCZ6z+G/KILZSjUMI8Ke4z
T8Hlss600QfPsxjMLkj67qI+p7o9NQAsSfHydrdV2e9Lzk+3rTUSNvrMfhsZENp8
pfbeskreu+IGxpUi1WBTU7GlqYAUMSTkv/XcrfdhZOq+tKlmBaufSHMpGDnB1QGz
R/oSjO40rhdltmFSM+7T7U2KarOvnbW29ogaB/pgKzZsQoRHZIo3RQtglxq/mc6G
NRNYHG8Gv5NaYApzupGJAoIBAQD07Q0SGxaVYg09llbjKT6I3zrA/5ZYMHyL0iAj
G0ccTezl0KTDS+zVzzPQ7iqR+3L4Xj+cQJiqFYAhxMcuVtI1Y0Db6Zeua5r7ACns
2G2lw6E6ntk+LuqJ3ySlNU5lFdQzY5OeeVWNEjvWQ5eGZt5hTdDaLfO6L9ZBlHJR
eZ4CFvV0GnYPmvqGE/h48DnxkUDXHL/q52EaS2aD7BXLvrbSi1gLAvA5inWRgInv
Ci9RQT7A3wywl7Gi+HeLlMJgU35/IR9LaYrJGa/LDi3SGcw3gH0d/bPsAdjF9S3B
IFiPTwtn14OUiwsUQ6NC6mAu+U9MPT97XwBtkOGeuIQsYKPLAoIBAQDxYH1SU+C5
h0rQpE67ZDfNzdqLh+HTxtYTgl25ZiSdN3g3CBS+TNs5lWI6yRSgko36Db2kjs/N
ef0pNVZBx6A7VM6NGLfAh/NlkV4l9ALhgP1SbHlYTugylnRbs5bfgljae6MBsJuy
MFKSCn7yCNP5YEXVx/Qy3X6/eiURLwpc8pbdpRTGDEsIAhttgdIV7vcYbmAT6FhN
EubIQem9ay8Vv+zvBKxHjs9q+BD8kW9XUpzsNZoPkMOx1CizBLcbiC1zuZKsrh53
dQD73bxlVGav2Iu9aHPaXp5B6/BGu6SxyHxWjzsz9XHO0mkIX9YD/Qtmt98K2vQR
I5iFuYlpJjHFAoIBAAFCasvKCd6wx2KmsEGwx5qKk1HEvrArZ6iMZw/nJwF1QR+Z
aA99B3W+AAU2BFAF2/x895TFHEPbonIKAgAyABi4LvAyjk4eTYi24oBOSJoOnHih
snpIYXpeBGE5GfMZHqM5AtxQwWjdTCN464GMa95SOR22GMe/UTm7Gq9ikbZvCcoU
DMFdyaYA2kk86v9cANpaUn5RvEUXWCqbfy0yCNyiTMyZskSJertJzuvEwKOJU1pI
i1cpIIe3AV5dYHaAV2kt8WxA2a7ZC/deVkv7R/qNFZee41r2U3gJH7gbg3kRLfzV
td6ArIjpJCDG9cGoFIlO01G+FlF56j8Xsc5MnOsCggEAWBds5VTzWQKFTWwJx94l
d5i/P9kRk+anTmtvpTAgALizyPHMED+gan2YYffs7UVPR4koQxxTvpvcxuNOXadr
VPv4fgodVcjIDbNl9tf9DSu0SBaKmq4BlCTQxn7eeyfpIaOps/4udHOqTt5Bwjdy
lTqLgh/9gWrQzTTYvlK6p31pje6njDgEUiHivK56a8LQrzvpGJrdTxOs4j0b/yNV
Bc0LvZepAFygWlu6Z1L0nZvq5VISrceZhBb3243G/edPH0MEwryxJcuv1jvwe9K3
v0l6hl/OmE2b2FcxU787th6DMlwHsUjMhjzIVGQViVMajBxi7GVIWdDx4yv5eESW
OQKCAQEA5OYP+oCi5mmuLHqQJzYetbq9wIg01gpQpKkQK5n2B/6A13IVxoBppd8p
+xH3UekLrTw7TymqAYKWYORap2vD3vjcUqOJ3AxXsiXX49Ook6Q6qHlL5Ynhxuob
pf0vvP8eRR+SGdueVfbcMHb3NjaOAoJKDlpee6bxYmDVOWWyIoQ42IaniOn9ar37
hzxz0Xa2XsBcIc9quXtFcR/u7gGqXs+EjZPzdFirTUXywc0d3rPXDRlQvHDuedhn
gEo51PZ0A8srnCglRqm1oV2++meng89A5O48MEjgWlvhAcD2ck4ToChEmhWoZAxR
tJE4tKgPbG4Vctz6vNkdEkG5oAVYQQ==
-----END PRIVATE KEY-----
#!/bin/bash
openssl req -newkey rsa:4096 -x509 -keyout key.pem -new -out cert.pem -reqexts SAN -extensions SAN -days 3650 -nodes -subj "/C=DE/ST=Niedersachsen/L=Hannover/O=Hochschule Hannover/CN=apiv2.postgrest.local" -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:apiv2.postgrest.local,DNS:icmscache.postgrest.local"))
openssl dhparam -out dhparam.pem 2048
sslcert:
postgrest:
fqdns:
- apiv2.postgrest.local
- icmscache.postgrest.local
key: |
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDm73oZddpOSRUQ
z2Wh8fDuAolV2H1G7YO5vEKuvjYOISDbNJFHzmcc3ezVghGWcNzk6EWjzxGs6FpI
fOdow/7Sd4rm5aXE4mafSsoNEqNSdONLD8k2fm3onPJFBFraSgMrvatK5Z/fmLBX
5XmRNZLd0U1wevsaKy1cXFGo8CAAKgSCEiskSIvXRkyWpIq9ULcsT0VoinzWflsJ
uAu1AZxjlJ9ko2r8WT0T9MJOexKuwMMsrg4nPXTA+U/6mloilGNDs8z9zrjPHrzc
qwFfDWq0/SIpaBt0wYfqhyiuReafw7YBjnVvmfj+J9Wr3ZHxHWRE7i03BPDuslFf
pxhBrlgz8kqc3uE1pH+Q3xUAg67a7R17AyA0IZggYcCuhcXG8uda4bZndRTDlMf0
9BrJ4EwgAiTSfHvAipDV9/OyZFHEh0lLf9cIqeFggtc+2LijMjGrNdlkcjfNjQnl
k+5VWxRjVZxlIzrpQibDAGA2VzS1bNkiAcuiw0jlXogjryVn7eZ5KZz7UhMu6mor
nwdiDLb9Ezc7JnyYhqszAmkDbbMdG4BUDwNnUhfOefzCBtNTrMy3SLOFvrBcRkBF
oidvCogoIdKa/tIOwlmmnPtABFNNYrmhOymmlfDYczrVvSUEaO0loZolhelbjfmD
YAZSHj3INH1cQiA4NO7Q095eONnmNwIDAQABAoICAAJp7F/JwI9i6ipz0H8h1T/X
nPHdwml0YBUX56aF7HC3Xe2MnhwfByrhEvGkW2S0J0rpNpkgt/GTuCXb0Fti+Q3g
G/6P1ey55RKzKGt8j2J0QE/viU3dgm6U/V9FTWHMtj3FzL2KquIeaXFxv5SJ99AD
uQh88JT0cJPvjxbx85Os3MEzSWomq/eDD5fffme+KTv4VCRklitzxKXUW6L3slfE
HOpjXuHmWOIVg9ZoKOjUsPWNmC5G0SqXMIPRCzIjVOpHPdRFTd80VgsEao5AyKW9
o5bFNMxCnZYQ9ZbkuiVfWU6o24dgF58ocW5LcZQQl5S03JofnhkQmhMi3vkIxnk3
cNy5lOob4OcVH8Mlc/TmMaSOhQgp6BVee90CV+mQLvrvpNWFnv0hBsneKfQwHrWa
Z3crGYEOKcxwemdZKhQokjoLjwuklwnEO/BOH0rkSHgCZ6z+G/KILZSjUMI8Ke4z
T8Hlss600QfPsxjMLkj67qI+p7o9NQAsSfHydrdV2e9Lzk+3rTUSNvrMfhsZENp8
pfbeskreu+IGxpUi1WBTU7GlqYAUMSTkv/XcrfdhZOq+tKlmBaufSHMpGDnB1QGz
R/oSjO40rhdltmFSM+7T7U2KarOvnbW29ogaB/pgKzZsQoRHZIo3RQtglxq/mc6G
NRNYHG8Gv5NaYApzupGJAoIBAQD07Q0SGxaVYg09llbjKT6I3zrA/5ZYMHyL0iAj
G0ccTezl0KTDS+zVzzPQ7iqR+3L4Xj+cQJiqFYAhxMcuVtI1Y0Db6Zeua5r7ACns
2G2lw6E6ntk+LuqJ3ySlNU5lFdQzY5OeeVWNEjvWQ5eGZt5hTdDaLfO6L9ZBlHJR
eZ4CFvV0GnYPmvqGE/h48DnxkUDXHL/q52EaS2aD7BXLvrbSi1gLAvA5inWRgInv
Ci9RQT7A3wywl7Gi+HeLlMJgU35/IR9LaYrJGa/LDi3SGcw3gH0d/bPsAdjF9S3B
IFiPTwtn14OUiwsUQ6NC6mAu+U9MPT97XwBtkOGeuIQsYKPLAoIBAQDxYH1SU+C5
h0rQpE67ZDfNzdqLh+HTxtYTgl25ZiSdN3g3CBS+TNs5lWI6yRSgko36Db2kjs/N
ef0pNVZBx6A7VM6NGLfAh/NlkV4l9ALhgP1SbHlYTugylnRbs5bfgljae6MBsJuy
MFKSCn7yCNP5YEXVx/Qy3X6/eiURLwpc8pbdpRTGDEsIAhttgdIV7vcYbmAT6FhN
EubIQem9ay8Vv+zvBKxHjs9q+BD8kW9XUpzsNZoPkMOx1CizBLcbiC1zuZKsrh53
dQD73bxlVGav2Iu9aHPaXp5B6/BGu6SxyHxWjzsz9XHO0mkIX9YD/Qtmt98K2vQR
I5iFuYlpJjHFAoIBAAFCasvKCd6wx2KmsEGwx5qKk1HEvrArZ6iMZw/nJwF1QR+Z
aA99B3W+AAU2BFAF2/x895TFHEPbonIKAgAyABi4LvAyjk4eTYi24oBOSJoOnHih
snpIYXpeBGE5GfMZHqM5AtxQwWjdTCN464GMa95SOR22GMe/UTm7Gq9ikbZvCcoU
DMFdyaYA2kk86v9cANpaUn5RvEUXWCqbfy0yCNyiTMyZskSJertJzuvEwKOJU1pI
i1cpIIe3AV5dYHaAV2kt8WxA2a7ZC/deVkv7R/qNFZee41r2U3gJH7gbg3kRLfzV
td6ArIjpJCDG9cGoFIlO01G+FlF56j8Xsc5MnOsCggEAWBds5VTzWQKFTWwJx94l
d5i/P9kRk+anTmtvpTAgALizyPHMED+gan2YYffs7UVPR4koQxxTvpvcxuNOXadr
VPv4fgodVcjIDbNl9tf9DSu0SBaKmq4BlCTQxn7eeyfpIaOps/4udHOqTt5Bwjdy
lTqLgh/9gWrQzTTYvlK6p31pje6njDgEUiHivK56a8LQrzvpGJrdTxOs4j0b/yNV
Bc0LvZepAFygWlu6Z1L0nZvq5VISrceZhBb3243G/edPH0MEwryxJcuv1jvwe9K3
v0l6hl/OmE2b2FcxU787th6DMlwHsUjMhjzIVGQViVMajBxi7GVIWdDx4yv5eESW
OQKCAQEA5OYP+oCi5mmuLHqQJzYetbq9wIg01gpQpKkQK5n2B/6A13IVxoBppd8p
+xH3UekLrTw7TymqAYKWYORap2vD3vjcUqOJ3AxXsiXX49Ook6Q6qHlL5Ynhxuob
pf0vvP8eRR+SGdueVfbcMHb3NjaOAoJKDlpee6bxYmDVOWWyIoQ42IaniOn9ar37
hzxz0Xa2XsBcIc9quXtFcR/u7gGqXs+EjZPzdFirTUXywc0d3rPXDRlQvHDuedhn
gEo51PZ0A8srnCglRqm1oV2++meng89A5O48MEjgWlvhAcD2ck4ToChEmhWoZAxR
tJE4tKgPbG4Vctz6vNkdEkG5oAVYQQ==
-----END PRIVATE KEY-----
pem: |
-----BEGIN CERTIFICATE-----
MIIFuTCCA6GgAwIBAgIUcUudURLszmTKTnF9Q3W009BYOsQwDQYJKoZIhvcNAQEL
BQAwdjELMAkGA1UEBhMCREUxFjAUBgNVBAgMDU5pZWRlcnNhY2hzZW4xETAPBgNV
BAcMCEhhbm5vdmVyMRwwGgYDVQQKDBNIb2Noc2NodWxlIEhhbm5vdmVyMR4wHAYD
VQQDDBVhcGl2Mi5wb3N0Z3Jlc3QubG9jYWwwHhcNMTkwNDA4MDkzNDMzWhcNMjkw
NDA1MDkzNDMzWjB2MQswCQYDVQQGEwJERTEWMBQGA1UECAwNTmllZGVyc2FjaHNl
bjERMA8GA1UEBwwISGFubm92ZXIxHDAaBgNVBAoME0hvY2hzY2h1bGUgSGFubm92
ZXIxHjAcBgNVBAMMFWFwaXYyLnBvc3RncmVzdC5sb2NhbDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAObvehl12k5JFRDPZaHx8O4CiVXYfUbtg7m8Qq6+
Ng4hINs0kUfOZxzd7NWCEZZw3OToRaPPEazoWkh852jD/tJ3iublpcTiZp9Kyg0S
o1J040sPyTZ+beic8kUEWtpKAyu9q0rln9+YsFfleZE1kt3RTXB6+xorLVxcUajw
IAAqBIISKyRIi9dGTJakir1QtyxPRWiKfNZ+Wwm4C7UBnGOUn2SjavxZPRP0wk57
Eq7AwyyuDic9dMD5T/qaWiKUY0OzzP3OuM8evNyrAV8NarT9IiloG3TBh+qHKK5F
5p/DtgGOdW+Z+P4n1avdkfEdZETuLTcE8O6yUV+nGEGuWDPySpze4TWkf5DfFQCD
rtrtHXsDIDQhmCBhwK6Fxcby51rhtmd1FMOUx/T0GsngTCACJNJ8e8CKkNX387Jk
UcSHSUt/1wip4WCC1z7YuKMyMas12WRyN82NCeWT7lVbFGNVnGUjOulCJsMAYDZX
NLVs2SIBy6LDSOVeiCOvJWft5nkpnPtSEy7qaiufB2IMtv0TNzsmfJiGqzMCaQNt
sx0bgFQPA2dSF855/MIG01OszLdIs4W+sFxGQEWiJ28KiCgh0pr+0g7CWaac+0AE
U01iuaE7KaaV8NhzOtW9JQRo7SWhmiWF6VuN+YNgBlIePcg0fVxCIDg07tDT3l44
2eY3AgMBAAGjPzA9MDsGA1UdEQQ0MDKCFWFwaXYyLnBvc3RncmVzdC5sb2NhbIIZ
aWNtc2NhY2hlLnBvc3RncmVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEApOJ4
o0YwOvR534c9EvAKN4tiXgQKEmyjmdfS0741JH0t3gAhrEX6KVAX7Vf99x6CZcS1
x+czf1my3EIZpwQolBEpf73Xtjppn1Y5GlEVb3S15pIW8Pglj262p3XtpzSlfq8v
mcYiC9JOaruseSIKc8xKuTmwgU8n6rQTKfMvg3wetTlgGji/GeD40+paGDSqtikP
E+pve0cgcQqDA3cYwT9LNvN2BGhi4KU9O0poSJYMqXR4ErzI+ZAxj82vkcsxmDba
T1tjvrmUscZ2LX2dIrgs/jbRSugQiPUmuhE0s4TJfLtJCPOnvPzDmiCf47oiOz+G
R6FJo/yDZr0tdS5RNoFZsngS/N6rbPkooQrfPfHVnlRHR3foUR2bJQp2PKxqqtLQ
ENjbdeLDQCqMDo0BMXvZvgGek4vA+W21FteqskTnOKU+Yv3sUTJVKHmxtTXciz6a
nmKCOYtTB+kHbNyz+ovGUZ/oRK4t8xwgpKL6c09OX7k/pvnb8VnYeUDLE1wfW+n4
2o3fk+oiPkFU79g5u748ZGDE2U3Pl460hsAfV31QjERbSHr7DwVF7dpnE9jH+tu+
/FWMLpovASWCdh9tDoR9XzonmF72E+gKcYww2M1GSGQQm/4oJYmNIlAZd8lEB4Wh
Gz30Lx+MReUNuzvChwap0oSq0axECnEsVPvRYUs=
-----END CERTIFICATE-----
dhparam: |
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA9b8X8Plp+vLeVpQf8Nz2u9+lt8eF6BYj517XzJX8MsgPI1XU7dA4
j75yitn1kd3R8q/PyTQgmbRdh54EfNEfiCnbY/2X+0c4L1rZqXx+GeUdAAXgjuye
LjA/zd0RprK6TOpIOYQ7MO4P35T8Ora8jDXvf/Q386vCRQ5fiuVR5+nH9R4KBi7H
iqM9N5dyhRNJIZZMeQ0T+zmeywazeicYszKunJqjQ0jZ1D+J1UUTHjH6/Lp1lVqA
kJHCWa7GkBOfROmYFjeJ3v5Hfjkry/uXtvVoVfFIUGA4dPoCBRLzfNAGMhPzx0Gr
kaW8ir0Mykld8mdgoCThKuHPhUnJ3wWamwIBAg==
-----END DH PARAMETERS-----
base:
postgrest*:
- sslcert.postgrest
- postgrest
../../postgrest
\ No newline at end of file
{% if salt['pillar.get']('sslcert') %}
sslcert_create_dir:
file.directory:
- name: /root/certs/
- user: root
- group: root
{% for app_name, cert in salt['pillar.get']('sslcert').iteritems() %}
sslcert_{{ app_name }}_pem:
file.managed:
- name: /root/certs/{{ app_name }}.pem
- user: root
- group: root
- mode: 600
- show_diff: False
- contents_pillar: sslcert:{{ app_name }}:pem
- requires:
- file: sslcert_create_dir
sslcert_{{ app_name }}_key:
file.managed:
- name: /root/certs/{{ app_name }}.key
- user: root
- group: root
- mode: 600
- show_diff: False
- contents_pillar: sslcert:{{ app_name }}:key
- requires:
- file: sslcert_create_dir
{% if cert.dhparam is defined %}
sslcert_{{ app_name }}_dhparam:
file.managed:
- name: /root/certs/{{ app_name }}.dhparam.pem
- user: root
- group: root
- mode: 600
- show_diff: False
- contents_pillar: sslcert:{{ app_name }}:dhparam
- requires:
- file: sslcert_create_dir
{% endif %}
{% if cert.client_ca is defined %}
ssl_cert_{{ app_name }}_client_ca:
file.managed:
- name: /root/certs/{{ app_name }}.client_ca.pem
- user: root
- group: root
- mode: 600
- show_diff: False
- contents_pillar: sslcert:{{ app_name }}:client_ca
- requires:
- file: sslcert_create_dir
{% endif %}
{% endfor %}
{% endif %}
base:
'postgrest*':
- postgrest
- sslcert
The postgrest-formula is used to deploy postgREST instances.
## Configuration
Have a look at the pillar.example (which is used for testing as well) to get an idea of how it works.
**/srv/pillar/postgrest/your\_instance.sls:**
```yaml
postgrest:
your_instance:
tag: v5.2.0
hash: '5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38'
config:
db-uri: "postgres://api_v2_authenticator@127.0.0.1/api_db"
db-schema: "api_v2"
jwt-secret: "aimi6fiep2ohPahqu6Jithahphai1aJe"
db-anon-role: "api_v2_anonymous"
server-host: 0.0.0.0
```
**/srv/pillar/top.sls:**
```yaml
base:
'your_instance*':
- postgrest.your_instance
```
### But how do I know all these values?
`tag`: Pick a [release](https://github.com/PostgREST/postgrest/releases), that's your tag.
`hash`: Since as of now there are no hashes provided on github, you have to do it yourself:
```bash
sha256sum postgrest-v5.2.0-ubuntu.tar.xz
5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38 postgrest-v5.2.0-ubuntu.tar.xz
```
`config`: This is postgREST specific configuration as explained [here](http://postgrest.org/en/stable/install.html#configuration)
#### How do I know the `jwt-secret` though?
You don't. You generate it: `pwgen -sn 32`
## Development
### Dependencies
This formula relies on `vagrant` and `virtualbox` as its provider.
Since PostgREST connects to a schema of a PostgreSQL database you should have one running somewhere.
If it's running on `localhost` be aware that inside of your box `localhost` does not refer to your host's `localhost` but rather to the emulated one.
You can access your host's `localhost` through `10.0.2.2` instead (see `pillar.example`).
### Getting started
```bash
git clone ssh://git@lab.it.hs-hannover.de:2222/salt/postgrest-formula.git
cd postgrest-formula
vagrant up
```
Add these 2 lines to your `/etc/hosts`:
```bash
127.0.0.1 apiv2.postgrest.local
127.0.0.1 icmscache.postgrest.local
```
You can access your PostgREST instances at:
- `apiv2.postgrest.local:4431`
- `icmscache.postgrest.local:4431`
- `apiv2.postgrest.local:4432`
- `icmscache.postgrest.local:4432`
### SSL certificates
Don't worry about this for the next 10 years.
Should this still be around and the certificate did expire just generate a new one with the `new_cert.sh` script in `.saltstack/pillar/sslcert/`.
Make sure to adjust the pillar data (`postrest.sls` in the same directory) with the newly generated data.
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
# salt master
config.vm.define "saltmaster" do |saltmaster_cfg|
saltmaster_cfg.vm.box = "debian/jessie64"
saltmaster_cfg.vm.synced_folder ".saltstack/salt/", "/srv/salt", type: "rsync"
saltmaster_cfg.vm.synced_folder ".saltstack/pillar/", "/srv/pillar", type: "rsync"
saltmaster_cfg.vm.hostname = "saltmaster"
saltmaster_cfg.vm.network "private_network", ip: "10.0.0.5"
saltmaster_cfg.vm.provision :salt do |salt|
salt.install_master = true
salt.no_minion = true
salt.master_config = ".saltstack/master"
end
end
# postgrest test minion
(1..2).each do |i|
config.vm.define "postgrest-0#{i}" do |postgrest|
postgrest.vm.box = "debian/jessie64"
postgrest.vm.hostname = "postgrest-0#{i}"
postgrest.vm.network "forwarded_port", guest: 80, host: "800#{i}".to_i, host_ip:"127.0.0.1"
postgrest.vm.network "forwarded_port", guest: 443, host: "443#{i}".to_i, host_ip:"127.0.0.1"
postgrest.vm.network "private_network", type: "dhcp"
postgrest.vm.provision :salt do |salt|
salt.install_master = false
salt.minion_config = ".saltstack/minion"
salt.run_highstate = false
end
# Ensure these states are run in the correct order, highstating does not work here
postgrest.vm.provision "shell", inline: "salt-call state.sls sslcert,postgrest"
postgrest.vm.provision "shell", inline: "systemctl start api_v2-postgrest.service"
postgrest.vm.provision "shell", inline: "systemctl start icmscache-postgrest.service"
end
end
end
postgrest:
instances:
api_v2:
tag: v5.2.0
hash: '5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38'
config:
db-uri: "postgres://api_v2_authenticator@10.0.2.2/api_db"
db-schema: "api_v2"
jwt-secret: "aimi6fiep2ohPahqu6Jithahphai1aJe"
db-anon-role: "api_v2_anonymous"
nginx:
ssl_cert_name: postgrest
http: false
https: true
redirect_to_https: true
fqdn: apiv2.postgrest.local
icmscache:
tag: v5.2.0
hash: '5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38'
config:
db-uri: "postgres://icmscache_authenticator@10.0.2.2/api_db"
db-schema: "icmscache"
jwt-secret: "aimi6fiep2ohPahqu6Jithahphai1aJe"
db-anon-role: "icmscache_anonymous"
server-port: 3001
nginx:
ssl_cert_name: postgrest
http: false
https: true
redirect_to_https: true
fqdn: icmscache.postgrest.local
postgrest_packages:
pkg.installed:
- pkgs: [nginx, postgresql-client]
include:
- postgrest.common
- postgrest.nginx
- postgrest.postgrest
{% for instance_name, instance_conf in salt['pillar.get']("postgrest:instances").iteritems() %}
{% if instance_conf.nginx is defined %}
postgrest_{{ instance_name }}_nginx_conf:
file.managed:
- name: /etc/nginx/sites-available/{{ instance_name }}.conf
- source: salt://postgrest/tpl/nginx.conf
- template: jinja
- context:
nginx_conf: {{ instance_conf.nginx }}
postgrest_port: {{ instance_conf.config.get('server-port', '3000') }}
instance_name: {{ instance_name }}
- mode: 644
- user: root
- group: root
- require:
- pkg: postgrest_packages
postgrest_{{ instance_name }}_nginx_enable:
file.symlink:
- name: /etc/nginx/sites-enabled/{{ instance_name }}.conf
- target: /etc/nginx/sites-available/{{ instance_name }}.conf
postgrest_{{ instance_name }}_nginx_running:
service.running:
- name: nginx
- reload: True
- watch:
- file: /etc/nginx/sites-enabled/*
{% endif %}
{% endfor %}
{% for instance_name, instance_conf in salt['pillar.get']("postgrest:instances").iteritems() %}
{% set tag = instance_conf.tag %}
postgrest_{{ instance_name }}_fetch:
archive.extracted:
- name: /srv/postgrest/{{ tag }}/
- source: https://github.com/PostgREST/postgrest/releases/download/{{ tag }}/postgrest-{{ tag }}-ubuntu.tar.xz
- source_hash: {{ instance_conf.hash }}
- enforce_toplevel: false
- mode: 644
- user: root
- group: root
postgrest_{{ instance_name }}_conf_directory:
file.directory:
- name: /srv/postgrest/{{ tag }}/{{ instance_name }}
- user: root
- group: root
- mode: 755
postgrest_{{ instance_name }}_conf:
file.managed:
- name: /srv/postgrest/{{ tag }}/{{ instance_name }}/postgrest.conf
- source: salt://postgrest/tpl/postgrest.conf
- template: jinja
- context:
postgrest_conf: {{ instance_conf.config | json }}
- mode: 644
- user: root
- group: root
- require:
- file: postgrest_{{ instance_name }}_conf_directory
postgrest_{{ instance_name }}_systemctl_service:
file.managed:
- name: /etc/systemd/system/{{ instance_name }}-postgrest.service
- source: salt://postgrest/tpl/postgrest.service
- template: jinja
- context:
tag: {{ tag }}
instance_name: {{ instance_name }}
- mode: 644
- user: root
- group: root
postgrest_{{ instance_name }}_systemctl_reload:
cmd.run:
- name: systemctl daemon-reload
- require:
- file: postgrest_{{ instance_name }}_systemctl_service
postgrest_{{ instance_name }}_systemctl_enable:
service.enabled:
- name: {{ instance_name }}-postgrest.service
- require:
- file: postgrest_{{ instance_name }}_systemctl_service
- cmd: postgrest_{{ instance_name }}_systemctl_reload
{% endfor %}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment