-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into data-pipeline-v5
- Loading branch information
Showing
16 changed files
with
487 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,3 +17,8 @@ override.tf.json | |
|
|
||
| # Ignore generated docs | ||
| /dist | ||
|
|
||
| /.vscode | ||
|
|
||
| # Macos | ||
| .DS_Store | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| ssh_users: | ||
| agrabeli: | ||
| login: agrabeli | ||
| comment: Maria Xynou | ||
| keys: ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD0JSwM+t3Uz9lS3Mjoz9oo4vOToWyzboZhYQbP8JY5HvFtAvWanWHnUBO91t6hkgKIMiUqhdCJn26fqkhSGe/bRBaFUocOmuyfcmZoRdi0qzAskmycJsj/w6vWR4x6MYkmJvSeI/MGxjEFt4s2MfOG1tP8CBLUYft9qUleeJa7Jln8c+xbnqB7YngaI190icQHE9NuIB2CXvzbmo3tLtHNMagEwI7VoBDj6mxzTxBd9JhuhF4w5uGxxm0Gp1hzk+15obNnaBS+Anr7jXz8FPwwxCH+XhBZxB1PPpcIayKrf9iLyGtwmhkdDoWCqYAr1mue3LxFso+TZF4bwE4Cjt1 agrabelh@agrabelh"] | ||
| art: | ||
| login: art | ||
| comment: Arturo Filasto | ||
| keys: ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsibU0nsQFFIdolD1POzXOws4VetV0ZNByINRzY8Hx0 [email protected]"] | ||
| majakomel: | ||
| login: majakomel | ||
| comment: Maja Komel | ||
| keys: | ||
| - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7gWQL4h/IyMbwDuMIXbTVmNEm8Yx19Ftt0P2e3OyWctSMH7WGaHc6b0dGoGh6Y4x0Kpw5h0iHWshP8Rg0pckNG9LeDjLY9nLR3Jv66ogFQtFi1DAlg4CXe369N70rBN9iurndgXjShW9OV+bY+MOlW8Fmmm67Vg0xFiYuYzjgUOpl4ofkbLGAQ7sJRBzpDV6TqHhGfOdYMDJyfFvurVz0oSyEZPFFRv4Css9iVk7BGsBukCCpUuax8akEeEjxWWCvjYXva7OA0jHKayfPAroZx/OJh01rhFe7wxlu5JwUKOcevvAZqeHh6200C82ijZOCN+Qq9yvxOH+OgzhnQwnoetIbGFgnb4CkDxo7dVLc/DFyObznC4f26f5D1OyPMUX8AEarEVdEPwsEfD2ePQr6qek0XWCWtYvGklb+GRLk9Yn0VL1qwvgrtstHdeXsKONTPKRxaCjWHu18dQaG2qOUnZ+St6SHeL49CN9aav2azNI/YKoQ9SGR4D23XeBRsW8=" | ||
| mehul: | ||
| login: mehul | ||
| comment: Mehul Gulati | ||
| keys: | ||
| - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEZSA9TKUaYWG8gfnMoyDZO2S6vsy87xma4R/EzNpveZiOZTYSNn+UDL8NpQRuH5YgdWuQV2E7sKw/PIYA0lC/QTiq8Btqf6sEK5YWXtQy+yn9q5kB/rmi8zjaz0FUNigRrjL+26ao+c7NKpgmR+TRqbRd5VeJ46PuFD5M3c+MBeUoF1PT0zfioQFJ1mQoXwVix0n260clEXQDp4t0GZuNpWGTS+YTuJZ2vl6TDZtt8jrnENd99QArr2KU+NMTq8T2KYcPeQOoYsm7v/1TBkbv9UStllhjdE7HZSivPT8oRkF2YZYgytDxtCZG8i5iCK+vbNn6QmZMjuXPoBUeW+Njm70tlsirrKpUX+QiogA2qljxPD9st2eUkA7cATyOBkK7WLh1HYv2xyKpPtkkaELG+EHjmaVjVdyVAgUYwqg+MbIw1OyDpNmMZcW3iOpGpflXPMmLjKNMhee0//G7NxcGfwmIMbIiBkeofOnWDrMo+0PRULFtn6C7aA7ddirck+k=" | ||
| norbel: | ||
| login: norbel | ||
| comment: Norbel Ambanumben | ||
| keys: | ||
| - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBXprrutdT6AhrV9hWBKjyzq6RqGmCBWpWxi3qwJyRcBJfkiEYKV9QWl3H0g/Sg9JzLd9lWG2yfAai7cyBAT4Ih0+OhwQ0V7wkhBn4YkNjs7d4BGPHjuLIywS9VtmiyH7VafikMjmqPLL/uPBIbRrx9RuSfLkAuN9XFZpVmqzWY8ePpcRCvnG6ucPxEY8o+4j5nfTrgxSaIT31kH16/PFJe07tn1SZjxZE4sZTz/p9xKt6s8HXmlP3RdnXSpXWmH8ZwYDrNhkcH8m6mC3giiqSKThFdwvQVflRRvn9pAlUOhy6KIBtAt1KobVJtOCPrrkcLhQ1C+2P9wKhfYspCGrScFGnrUqumLxPpwlqILxJvmgqGAtkm8Ela9f2D9sEv8CUv5x9XptZKlyRhtOLixvLYoJlwfXXnmXa8T1pg8+4063BhHUOu/bg0InpSp3hdscOfk0R8FtDlXnn6COwbPXynIt4PxzIxD/WQhP0ymgH3ky6ClB5wRBVhOqYvxQw32n2QFS9A5ocga+nATiOE7BTOufgmDCA/OIXfJ/GukXRaMCBsvlx7tObHS1LOMt0I+WdoOEjI0ARUrFzwoiTrs9QYmd922e7S35EnheT3JjnCTjebJrCNtwritUy8vjsN/M27wJs7MAXleT7drwXXnm+3xYrH+4KQ+ru0dxMe1zfBw== [email protected]" | ||
| ain: | ||
| login: ain | ||
| comment: Ain | ||
| keys: ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6Js4xtJq7AoYA8mFraQg8vYgKz/glil9AaPq4lDwtg ain@intertubes"] | ||
| admin_usernames: [ art, majakomel, mehul, norbel, ain ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,8 @@ | ||
| [all] | ||
| monitoring.ooni.org | ||
| openvpn-server1.ooni.io | ||
| # This requires manual setup of ~/.ssh/config | ||
| #codesign-box | ||
|
|
||
| [jupyterhub] | ||
| data.ooni.org | ||
| data.ooni.org |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| --- | ||
| cluster_id: cluster-qsvghm4oqok | ||
| hsm_token_name: OONI_2024-04-26_1 | ||
| codesign_usernames: [ art, majakomel, mehul ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| --- | ||
| - name: Create .ssh/authorized_keys in ubuntu home | ||
| ansible.builtin.template: | ||
| src: authorized_keys | ||
| dest: "/home/ubuntu/.ssh/authorized_keys" | ||
| owner: "ubuntu" | ||
| mode: "0400" | ||
|
|
||
| - name: Install cloudhsm-cli | ||
| ansible.builtin.apt: | ||
| deb: https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Jammy/cloudhsm-cli_latest_u22.04_amd64.deb | ||
| update_cache: true | ||
|
|
||
| - name: Install cloudhsm-pkcs11 | ||
| ansible.builtin.apt: | ||
| deb: https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Jammy/cloudhsm-pkcs11_latest_u22.04_amd64.deb | ||
|
|
||
| - name: Install cloudhsm-pkcs11 | ||
| ansible.builtin.apt: | ||
| name: | ||
| - libengine-pkcs11-openssl | ||
| - awscli | ||
|
|
||
| - name: Write customerCA.crt | ||
| ansible.builtin.template: | ||
| src: customerCA.crt | ||
| dest: /opt/cloudhsm/etc/customerCA.crt | ||
| owner: root | ||
| group: adm | ||
| mode: "u=rwx,g=rx" | ||
|
|
||
| - name: Write Cert_bundle.pem | ||
| ansible.builtin.template: | ||
| src: Cert_bundle.pem | ||
| dest: /opt/cloudhsm/etc/Cert_bundle.pem | ||
| owner: root | ||
| group: adm | ||
| mode: "u=rwx,g=rx" | ||
|
|
||
| - name: Write delete-hsms.sh command | ||
| ansible.builtin.template: | ||
| src: delete-hsms.sh | ||
| dest: /usr/bin/delete-hsms.sh | ||
| owner: root | ||
| group: adm | ||
| mode: "u=rwx,g=rx" | ||
|
|
||
| - name: Write create-hsms.sh command | ||
| ansible.builtin.template: | ||
| src: create-hsms.sh | ||
| dest: /usr/bin/create-hsms.sh | ||
| owner: root | ||
| group: adm | ||
| mode: "u=rwx,g=rx" | ||
|
|
||
| - name: Ensure .hsmcredentials file exists | ||
| ansible.builtin.copy: | ||
| dest: /home/ubuntu/.hsmcredentials | ||
| content: | | ||
| HSM_PASSWORD= | ||
| owner: ubuntu | ||
| group: adm | ||
| mode: "u=rw,g=,o=" | ||
| force: false | ||
|
|
||
| - name: Write sign-windows-exe.sh command | ||
| ansible.builtin.template: | ||
| src: sign-windows-exe.sh | ||
| dest: /usr/bin/sign-windows-exe.sh | ||
| owner: root | ||
| group: adm | ||
| mode: "u=rwx,g=rx" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| subject=jurisdictionCountryName=IT, businessCategory=Business Entity, CN=Open Observatory of Network Interference (OONI), SERIALNUMBER=96568220584, O=Open Observatory of Network Interference (OONI), L=Rome, C=IT | ||
| issuer=CN=HARICA EV Code Signing RSA SubCA R1, O=Hellenic Academic and Research Institutions CA, L=Athens, C=GR | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIHeDCCBWCgAwIBAgIQeP20SJFLrwNNrScDbdnSeDANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UE | ||
| BhMCR1IxDzANBgNVBAcMBkF0aGVuczE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl | ||
| c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEsMCoGA1UEAwwjSEFSSUNBIEVWIENvZGUgU2lnbmluZyBS | ||
| U0EgU3ViQ0EgUjEwHhcNMjQwNDI5MTEwNjU2WhcNMjYwNDI5MTEwNjU2WjCB1TELMAkGA1UEBhMC | ||
| SVQxDTALBgNVBAcMBFJvbWUxODA2BgNVBAoML09wZW4gT2JzZXJ2YXRvcnkgb2YgTmV0d29yayBJ | ||
| bnRlcmZlcmVuY2UgKE9PTkkpMRQwEgYDVQQFEws5NjU2ODIyMDU4NDE4MDYGA1UEAwwvT3BlbiBP | ||
| YnNlcnZhdG9yeSBvZiBOZXR3b3JrIEludGVyZmVyZW5jZSAoT09OSSkxGDAWBgNVBA8MD0J1c2lu | ||
| ZXNzIEVudGl0eTETMBEGCysGAQQBgjc8AgEDEwJJVDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC | ||
| AgoCggIBALs3gSrsYiuFwdffvSPMKI/yGYk6R2cX2nAsFB8fHFElGdsUbHNoBOdBsRUe2yCSHLwA | ||
| kMyuNsGvOxbykiNaCGnNjEg3bI7rE7YyKwSH6aR5B/TTpI9CESnFROxltWEfbBSr+SY/MlF+5bA2 | ||
| JWs9SMzl0BXMBoOVbLBczoAN38cX4Wwe7hsXpXwhbub8FIwSLMbMUcrqhLIsJQL7ywz/8cnxZqKD | ||
| Y9MsM+sIstCKrK2w6b8B9AAY0lmPpR+p4ZaBHzU1vsTX8wPoYA/QDz+TwlczuosNdyaWZcgAUZag | ||
| eMhjUOuT7Z92Yzu4PoWIPCOCu6LvYaC+M2mIRCZV476E+KlvSjqElDhYEBkkKueP+1/paiq4ibf3 | ||
| MUILTGg+/bhGF+5GVLGEhdimNYGVzzoqPh8ngPo37g+mKjMN8oguejN6/W5Ts/nedvNog4txeaYL | ||
| 2M8PG5Jv0pyXf82lOaHpXVQ8qfHqWJr4RvI02kcNHGFrNvOCBao4DdLrehOCwFsxlcb7FG2lzjua | ||
| Zxg5TfBTNHDby8RGPDo6iq9zlEK2ciSN1lI1viGFRmM9ZYo75jj7OgFsSq9TwLj30WXLqxZdm7CN | ||
| f8OPFRc2NWNMTXhjCU9nAYYo8e8ZCnJ5bNVUMHpgx8eW9zrHVdQBKet3irOhDTdcl8DCj2/51S2z | ||
| wt69AB3HAgMBAAGjggGQMIIBjDAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFJTvT2NZT7wQp8iHqRdp | ||
| AhJiR+F1MHIGCCsGAQUFBwEBBGYwZDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC5oYXJpY2EuZ3Iv | ||
| SGFyaWNhRVZDb2RlU2lnbmluZ1N1YkNBUjEuY2VyMCEGCCsGAQUFBzABhhVodHRwOi8vb2NzcC5o | ||
| YXJpY2EuZ3IwYAYDVR0gBFkwVzAHBgVngQwBAzAIBgYEAI96AQIwQgYMKwYBBAGBzxEBAQMDMDIw | ||
| MAYIKwYBBQUHAgEWJGh0dHBzOi8vcmVwby5oYXJpY2EuZ3IvZG9jdW1lbnRzL0NQUzATBgNVHSUE | ||
| DDAKBggrBgEFBQcDAzBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLmhhcmljYS5nci9IYXJp | ||
| Y2FFVkNvZGVTaWduaW5nU3ViQ0FSMS5jcmwwHQYDVR0OBBYEFMA9FXuU36eaZpHrxlphS5vn/I9v | ||
| MA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAlEj7BT3SRaAL0uZWs4VJ3zKxMQKL | ||
| JOMR5fl7DKO5N/ynRDH8ktjLJZyt4wfNXBR71l0hvTeE+ZqnWXn0Pz0tEVR4qdjzf/JuO2G0GXfb | ||
| ATnZrUsTgm8utogtzb3BwDQVRgh5X6/BN8Ip/5C80zAGg2pGdySho2D4kJVeoNu/Gr0xYodFZirV | ||
| fcT6zT82eh+MEM2I19gONJ9soJsM9qNxeV94nA8Rct9ZVtv6/CuEg2zPz+JYjmAttp1cEqUchUsg | ||
| yUuwLzA4Bk7xnO8giTVFs71z8GET9WeQnohYO2PE/+ytA8wyjELctVOBj1MHVcTcQb/pc+CKenTP | ||
| sbeq29RG2WYOsdvAQlhRLJDFB6UoHlqtvQCMfda9HEemI/wHRMD7zKYYc3F1ik6VgGQ8ekEyjuzJ | ||
| V6xnELvWpbpm/GvdeXTUqrQpfA4ZowQaQr3ZdNGmpuxaWXByfAzcN9tVYHlcPnh4lTd5j40Sy2OL | ||
| Az0MxeukIvBTZEQaYxjxqSHglrVs9c9Gc7DJdpNy48zAefRUK2CfpoY1396DmKmpmYFTWkBvSESm | ||
| oQt2IPMnskBgrrNKMvas+W6Grybp9Y0k7c0m4VlW7IkvNR3D3dh+cwdMVxXHmwktIzAE2QdoWlNM | ||
| PiaCEKcXPYdBJ9Q2LrxyH2QaqbppvZ/n36y4SCQ//ZvZOUM= | ||
| -----END CERTIFICATE----- | ||
| subject=CN=HARICA EV Code Signing RSA SubCA R1, O=Hellenic Academic and Research Institutions CA, L=Athens, C=GR | ||
| issuer=CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIG9jCCBN6gAwIBAgIQRBc8w77BDn0wQDhwYp8kwDANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UE | ||
| BhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl | ||
| c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFj | ||
| YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMjAwMjI3MTIw | ||
| NTIyWhcNMzUwMjIzMTIwNTIyWjCBhTELMAkGA1UEBhMCR1IxDzANBgNVBAcMBkF0aGVuczE3MDUG | ||
| A1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDQTEsMCoG | ||
| A1UEAwwjSEFSSUNBIEVWIENvZGUgU2lnbmluZyBSU0EgU3ViQ0EgUjEwggIiMA0GCSqGSIb3DQEB | ||
| AQUAA4ICDwAwggIKAoICAQCYS0S4Qp3qUC9OZ6t2FGCQBPTWXTEg081FblEgW/x41zwNJtFtQg3U | ||
| s+eKDgL0fB0lu64q2/A3uT8PzXr5YKgRcXswYztRFGbvd4zVKcOmNn1QXYB20RE7hHMSzFCc0LVz | ||
| CAnJE5+l+s60P+7HqIA/5aX/bKfI76xL2CiuTCZkgpXQFDdBIneIBMRXzpjQ2MM3qJg90yN6lt5S | ||
| ZH2+H+zV3OCLBYsAxsfuK4x1dH4EBD/6gF0DA8J38SU5g3nitEVlGMdl50Fvkuv0la5YUemSi+s/ | ||
| fE5QlRV39y3csRG5/L/irbZr39jTHDUK9mSli5KQvlzAvZ+Mw3byNKmlAeYrR+TYc0Tl8tVHWqoY | ||
| 4e+shW4FTJlzpRWT550TD1QG8NqL+M4P7ZQD+X7W2bDedLBLDV1Oh1qVLcfPi7uzhqKFRG9Qv48b | ||
| CNXmiPkRlsUB3417sHaupqhNV487vxLKJSeu885SyehgFVv7ajJAxUSeIaguuxJ70ooCrXQDprN3 | ||
| a3qNhq/tNBzBByw2OMFj06tazhI66hrBhSnGHqwheT41mU3kz2fgwEyxe+9ZHbTgoSSGdPNp7Sga | ||
| ZBl4HXpIg8ofFFbBFGfmwoj12Nt75wGbY3gGec95VLqVqmF/fNZOqhj0V5kizzbtx4aEmiTG4ozn | ||
| zXfFrIqw27e7TRKTYzkRGwIDAQABo4IBPTCCATkwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSME | ||
| GDAWgBRxFWfIyMm9dV1y0DgYap3zcSRUCzBvBggrBgEFBQcBAQRjMGEwPAYIKwYBBQUHMAKGMGh0 | ||
| dHA6Ly9yZXBvLmhhcmljYS5nci9jZXJ0cy9IYXJpY2FSb290Q0EyMDE1LmNydDAhBggrBgEFBQcw | ||
| AYYVaHR0cDovL29jc3AuaGFyaWNhLmdyMBEGA1UdIAQKMAgwBgYEVR0gADATBgNVHSUEDDAKBggr | ||
| BgEFBQcDAzA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmhhcmljYS5nci9IYXJpY2FSb290 | ||
| Q0EyMDE1LmNybDAdBgNVHQ4EFgQUlO9PY1lPvBCnyIepF2kCEmJH4XUwDgYDVR0PAQH/BAQDAgGG | ||
| MA0GCSqGSIb3DQEBCwUAA4ICAQByG18cPy5oLuAXImw5+BVlID7Y4Y3C3lNVVW15V12YV/OOLrPS | ||
| 8N1L+66RyzkBAxC15Fn2xfrwHNRZEIQy/DqAfxO2nUn9BN1cXDgv2aje4LP7dqSOojupvkkWfCvg | ||
| JMuV3/Jpc3TFb8LdWN6+qreMJEU7FU+Xz0Sshm63ujzf8ta43FF9l4cooklUXrIjFrKPKYq38h8n | ||
| STrbPFDeZqjc9WwQ7tGm8Vt38PzQTmzAs6uZ5tZUyWJWYdtWa7AwwOoCRfE3L4i3ZzqYh/OL4z0m | ||
| qsiswn8PHn4yzirFXYs/jBY9pHZfbB81CV3Ad/xMxDMtmqSTVz9fP7o5Mpf+Z3aQlSsG4wFxQANA | ||
| w6EOQjt77ZTnLiGO8kjV2uxRBzXWDUATipNW8W4fMvIe6Pcb7pEU27piFTwxtsyq4KKfoKcnr7DZ | ||
| qZSfDVX2HBzndJu55aYZprU+AkB12aH0QDBjU/jeWu4dylJ8Soqn53bgWT3aAIXGB/mfE6XsjV+h | ||
| kc9GVDVAFYhe6qh6QXiUyZSt3nX9JU/UieAGnIck0YUQnjKlhpwgg1GjWQxc0YscDa9p/PtnPHSL | ||
| 1/5DMkpv4sZnqeymAiGiOOofNrxpxtHCvEB4RTp4hGd3B3FxyVkkfVvwQQ6OyB2WvBVn7qht6/9Y | ||
| H64e3atPXIjYx+Lq6jGUQpci2w== | ||
| -----END CERTIFICATE----- | ||
| subject=CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR | ||
| issuer=CN=Hellenic Academic and Research Institutions RootCA 2011, O=Hellenic Academic and Research Institutions Cert. Authority, C=GR | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIGcTCCBVmgAwIBAgIIGn48dflJd1IwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkdSMUQw | ||
| QgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENlcnQu | ||
| IEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3Rp | ||
| dHV0aW9ucyBSb290Q0EgMjAxMTAeFw0xNjA3MTkxMDMwNDZaFw0yNDA3MTcxMDMwNDZaMIGmMQsw | ||
| CQYDVQQGEwJHUjEPMA0GA1UEBxMGQXRoZW5zMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBh | ||
| bmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVu | ||
| aWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxNTCCAiIwDQYJ | ||
| KoZIhvcNAQEBBQADggIPADCCAgoCggIBAML4qT8bifw8PARdPZA2sJE6eTxmWu9tOQFJGrS3z39N | ||
| I1O3kADjEyoopjHxkQDjKOyuIUHOH9r9fRJbAYMPubBfmeHyEoOATQY+36yv56GIazGv8IvQGDO4 | ||
| 20VqNPQCgCQoCgIVlV52Kg2ZOhRb9svLU7wTTQGIN5QlG0K8ItiOo5ZeOtky2z7o8BBl7XThL6d8 | ||
| ryc0uyl9m7bPCcjl0wr8iGVldArccxxczUCxHNS2hIxMUM9ojqhZrsInToKiNd0U9B//snfVhy+q | ||
| bn0kJ+fGyybm5f5nB2PYRQ3dOlllOVh6kplyPZyEXoghuNX0LPzZcFJPeLi9PCuLlZj1s9FozyAU | ||
| fkxcX+eL5fU1gRk31xEIt2a+00rOg1cAOsOB+BfLkjZd0aPYdRvhiyfqekhB/UUZBq0nmU7BcEfd | ||
| tZ+BUxLlsYxIXTFDF+OMxnpjlkspME6ETmIZXjzOl5ClfwHrneD4i4ndJZg9krZ+79nxUVF9LSbI | ||
| aVlh4KxquCo2EQR6UL0yhL4v3HLV1x0WR+RHZiA/9JbFr44BeqUPemT1DRiH2a6I1fqEwTrAaSgt | ||
| 8g1oUarjpXfGpJAOoTeLMSNHwQkI6273eJvXgvyEIJlJGbYSRrH7RVUWqaNlrJwHD+pr3B8uBnLs | ||
| hogS5C3bXwUv5PAD0yYz54DCzUKhFzQLAgMBAAGjggGwMIIBrDAPBgNVHRMBAf8EBTADAQH/MA4G | ||
| A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswRgYDVR0fBD8wPTA7 | ||
| oDmgN4Y1aHR0cDovL2NybHYxLmhhcmljYS5nci9IYXJpY2FSb290Q0EyMDExL2NybHYxLmRlci5j | ||
| cmwwHwYDVR0jBBgwFoAUppFC/RNhSiOeCKQp5dgTBCPuQSUwbgYIKwYBBQUHAQEEYjBgMCEGCCsG | ||
| AQUFBzABhhVodHRwOi8vb2NzcC5oYXJpY2EuZ3IwOwYIKwYBBQUHMAKGL2h0dHA6Ly93d3cuaGFy | ||
| aWNhLmdyL2NlcnRzL0hhcmljYVJvb3RDQTIwMTEuY3J0MIGQBgNVHSAEgYgwgYUwgYIGBFUdIAAw | ||
| ejAyBggrBgEFBQcCARYmaHR0cDovL3d3dy5oYXJpY2EuZ3IvZG9jdW1lbnRzL0NQUy5waHAwRAYI | ||
| KwYBBQUHAgIwOAw2VGhpcyBjZXJ0aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIEdyZWVrIGxhd3MgYW5k | ||
| IG91ciBDUFMuMA0GCSqGSIb3DQEBCwUAA4IBAQCI1QWSZXa9rZJOYCTxBoag7VU8vZfaaegtz2s+ | ||
| 24HjERi5837T/Fn4wf8oU+tyDCXpnU3hyxsAPGSim/qeRFW3MhyMXUspGC+vW6gaoY0fQ5zxVH/6 | ||
| 10dPl91uM3ItnnslMQZnHO79WFc+0qI3FWw6pRtE9qxVkr3Ed38ay2sQhEtnsgxlv83JPtPXVTBS | ||
| L7YtbvlQPf9eu85xaBtBCM2hc8SoH34vEpnaX70o1WvVsMRLyH2SEhQO1POBKf9+WMddJKi8/eVz | ||
| EBRMXOR/XzsofGT7hpZuK3nSJR6FOeEU+AaOUveNZEJY2kTA2vqjqUvPLeO9R45736xh/jWnHi51 | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # managed by ansible | ||
| # see roles/ssh_users/templates/authorized_keys | ||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6QK3Q5Hxtnf0o0wqMS47W/ewlHf5ZhQrn4vOR5HaUO oonidevops | ||
| {% for user in codesign_usernames %} | ||
| {% for k in ssh_users[user]['keys'] %} | ||
| {{ k }} | ||
| {% endfor %} | ||
| {% endfor %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,112 @@ | ||
| #!/bin/bash | ||
|
|
||
| CLUSTER_ID="{{ cluster_id }}" | ||
|
|
||
| create_hsm_token() { | ||
| if [ -z $1 ]; then | ||
| echo "AVAILABILITY ZONE PARAMETER UNSET!" | ||
| exit 1 | ||
| fi | ||
| AVAILABILITY_ZONE=$1 | ||
| aws cloudhsmv2 create-hsm --cluster-id $CLUSTER_ID --availability-zone $AVAILABILITY_ZONE | ||
| echo "Creating HSM Token in $AVAILABILITY_ZONE..." | ||
| sleep 5 | ||
|
|
||
| } | ||
|
|
||
|
|
||
| wait_for_hsm_tokens() { | ||
|
|
||
| while true; do | ||
| STATE=$(aws cloudhsmv2 describe-clusters --filters clusterIds=$CLUSTER_ID --query "Clusters[0].Hsms[?State=='ACTIVE'] | length(@)") | ||
| if [ "$STATE" -ge 2 ]; then | ||
| echo "HSM Tokens created and active." | ||
| break | ||
| fi | ||
| echo "Waiting for HSM Token $TOKEN_NAME to become active..." | ||
| sleep 10 | ||
| done | ||
|
|
||
| } | ||
|
|
||
| CURRENT_TOKEN_COUNT=$(aws cloudhsmv2 describe-clusters --filters clusterIds=$CLUSTER_ID --query "Clusters[0].Hsms[?State=='ACTIVE'] | length(@)") | ||
| if [ "$CURRENT_TOKEN_COUNT" -ge 2 ]; then | ||
| echo "Enough HSMs already exist, skipping creation" | ||
| else | ||
| create_hsm_token eu-central-1a | ||
| create_hsm_token eu-central-1b | ||
| wait_for_hsm_tokens | ||
| fi | ||
|
|
||
| echo "Extracting IP addresses of created HSM tokens..." | ||
| IP_ADDRESSES=$(aws cloudhsmv2 describe-clusters --filters clusterIds=$CLUSTER_ID --query "Clusters[0].Hsms[*].EniIp" --output text) | ||
| echo "IP Addresses of created HSM tokens: $IP_ADDRESSES" | ||
|
|
||
| IP_ADDRESS_1=$(echo $IP_ADDRESSES | cut -d ' ' -f1) | ||
| IP_ADDRESS_2=$(echo $IP_ADDRESSES | cut -d ' ' -f2) | ||
|
|
||
| echo "[+] writing cloudhsm-cli.cfg" | ||
| cat <<EOF > /tmp/cloudhsm-cli.cfg | ||
| { | ||
| "clusters" : [{ | ||
| "type": "hsm1", | ||
| "cluster":{ | ||
| "hsm_ca_file": "/opt/cloudhsm/etc/customerCA.crt", | ||
| "servers":[ | ||
| { | ||
| "hostname": "$IP_ADDRESS_1", | ||
| "port": 2223, | ||
| "enable": true | ||
| }, | ||
| { | ||
| "hostname": "$IP_ADDRESS_2", | ||
| "port": 2223, | ||
| "enable": true | ||
| } | ||
| ] | ||
| } | ||
| }], | ||
| "logging": { | ||
| "log_type": "file", | ||
| "log_file": "/opt/cloudhsm/run/cloudhsm-cli.log", | ||
| "log_level": "info", | ||
| "log_interval": "daily" | ||
| } | ||
| } | ||
| EOF | ||
|
|
||
| sudo mv /tmp/cloudhsm-cli.cfg /opt/cloudhsm/etc/cloudhsm-cli.cfg | ||
| sudo chown root:root /opt/cloudhsm/etc/cloudhsm-cli.cfg | ||
|
|
||
|
|
||
| echo "[+] writing cloudhsm-pkcs11.cfg" | ||
| cat <<EOF > /tmp/cloudhsm-pkcs11.cfg | ||
| { | ||
| "clusters" : [{ | ||
| "type": "hsm1", | ||
| "cluster":{ | ||
| "hsm_ca_file": "/opt/cloudhsm/etc/customerCA.crt", | ||
| "servers":[ | ||
| { | ||
| "hostname": "$IP_ADDRESS_1", | ||
| "port": 2223, | ||
| "enable": true | ||
| }, | ||
| { | ||
| "hostname": "$IP_ADDRESS_2", | ||
| "port": 2223, | ||
| "enable": true | ||
| } | ||
| ] | ||
| } | ||
| }], | ||
| "logging": { | ||
| "log_type": "file", | ||
| "log_file": "/opt/cloudhsm/run/cloudhsm-pkcs11.log", | ||
| "log_level": "info", | ||
| "log_interval": "daily" | ||
| } | ||
| } | ||
| EOF | ||
| sudo mv /tmp/cloudhsm-pkcs11.cfg /opt/cloudhsm/etc/cloudhsm-pkcs11.cfg | ||
| sudo chown root:root /opt/cloudhsm/etc/cloudhsm-pkcs11.cfg |
Oops, something went wrong.